CN102195987A - Distributed credibility authentication method and system thereof based on software product library - Google Patents
Distributed credibility authentication method and system thereof based on software product library Download PDFInfo
- Publication number
- CN102195987A CN102195987A CN2011101437888A CN201110143788A CN102195987A CN 102195987 A CN102195987 A CN 102195987A CN 2011101437888 A CN2011101437888 A CN 2011101437888A CN 201110143788 A CN201110143788 A CN 201110143788A CN 102195987 A CN102195987 A CN 102195987A
- Authority
- CN
- China
- Prior art keywords
- authentication
- user
- product
- storehouse
- software product
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 58
- 230000007246 mechanism Effects 0.000 claims abstract description 6
- 238000009434 installation Methods 0.000 claims description 49
- 238000005516 engineering process Methods 0.000 claims description 34
- 230000008569 process Effects 0.000 claims description 33
- 238000004458 analytical method Methods 0.000 claims description 19
- 238000005192 partition Methods 0.000 claims description 14
- 230000008439 repair process Effects 0.000 claims description 13
- 239000000284 extract Substances 0.000 claims description 10
- 230000002155 anti-virotic effect Effects 0.000 claims description 9
- 230000000295 complement effect Effects 0.000 claims description 9
- 230000009467 reduction Effects 0.000 claims description 8
- 230000006399 behavior Effects 0.000 claims description 6
- 230000003068 static effect Effects 0.000 claims description 6
- 230000006870 function Effects 0.000 claims description 4
- 238000012545 processing Methods 0.000 claims description 4
- 230000006835 compression Effects 0.000 claims description 2
- 238000007906 compression Methods 0.000 claims description 2
- 230000006837 decompression Effects 0.000 claims description 2
- 238000000605 extraction Methods 0.000 claims description 2
- 230000008676 import Effects 0.000 claims description 2
- 230000006855 networking Effects 0.000 claims description 2
- 230000002123 temporal effect Effects 0.000 claims description 2
- 241000700605 Viruses Species 0.000 abstract description 15
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006378 damage Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 208000015181 infectious disease Diseases 0.000 description 3
- 230000003612 virological effect Effects 0.000 description 3
- 230000004888 barrier function Effects 0.000 description 2
- 230000007123 defense Effects 0.000 description 2
- 230000002950 deficient Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000008520 organization Effects 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 201000010099 disease Diseases 0.000 description 1
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000007257 malfunction Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000004451 qualitative analysis Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 238000001228 spectrum Methods 0.000 description 1
- 238000005728 strengthening Methods 0.000 description 1
- 208000024891 symptom Diseases 0.000 description 1
- PICXIOQBANWBIZ-UHFFFAOYSA-N zinc;1-oxidopyridine-2-thione Chemical class [Zn+2].[O-]N1C=CC=CC1=S.[O-]N1C=CC=CC1=S PICXIOQBANWBIZ-UHFFFAOYSA-N 0.000 description 1
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention relates to the technical field of security authentication, particularly to a distributed credibility authentication method and a system thereof based on a software product library. An on-line user initiates an authentication request to an authentication server through an authentication terminal, and the authentication server provides credibility for performing software product authentication as required or authenticating the user software product in distributed form to the on-line user according to the authentication request, and finally returns back the authentication result; an off-line user directly authenticates the credibility of the software product through the authentication terminal, and protects data security and information security of the user by switching among different security levels according to the authentication result or the user choices. In the method and the system provided by the invention, a software credibility authentication mechanism created by two ways of on-line and off-line can implement the credibility authentication of a plurality of security levels for the user so as to ensure the application security and the information security of user computers, and the user is allowed to run any software product at different security levels without any trouble, even the product contains real virus codes, the data security and the system stability of the user computer cannot be destroyed.
Description
Technical field
The present invention relates to the safety certifying method of computer operating system, application software and running environment, particularly a kind of distributed authentic authentication method and system based on product library.
Background technology
Since being widely used from computer, the safety problem of computer system is just troubling whole computer industry and user always, the high chi in road, the high one zhang ground of evil spirit are developing with always defending in attack in system, because technology does not have revolutionary breakthrough, the terminal user can only get used to downloading, installing and the huge antivirus software of upgrading, expending a large amount of time scans oneself computer, with the safety of the stable and operational environment that guarantees system.Even but security firm follows the tracks of and upgrades virus base with all strength, research and develop various active defense techniques, still can't guarantee the comprehensive and accuracy that covers, the virus producer also in the constantly various distortion of research and development, walk around, penetrate and destroy the technology of fail-safe software, along with the high speed development of information technology and deeply popularizing of Internet application, the load that fail-safe software bore also increasing (virus base is increasing, leak is more and more), in case virus outbreak, the economic loss of being brought are also quite huge.And existing safety product is still also in the most original virus characteristic recognition technology of a large amount of employings, expend lot of manpower and material resources, just catch up with the development of virus as far as possible, this technology mode itself just has been doomed to adopt the fail-safe software of this pattern also dangerous in fact, because its employing is the safe practice of curing the symptoms, not the disease.
Mainly there is following defective in secure authentication technology for generally adopting now:
One, the blacklist technology is widely used in (for example 360 antivirus softwares etc.) in the safety product, but the blacklist technology is a kind of hysteresis technology, can only realize relative safety, virus can adopt various distortion, walks around, technology stealthy or that seize system priority is resisted, and along with the accumulation of time, it is increasing that blacklist will become, efficient is more and more lower, the more important thing is, if viral rapid growth, and fail-safe software can not be caught up with immediately, and computer security will be subjected to serious threat.
Is there the problem of three most criticals in the white list technology: 1. how to build the storehouse though two white list technology do not have above these disadvantages? 2. how to win the confidence? 3. how to use? these three problems solve bad, and the white list technology then is difficult to practicability.Reason is as follows: 1. the summation of trusted software product is far longer than the scale of bogusware on scale in the world, therefore the database that relied on of the white list technology scale of blacklist in theory head and shoulders above, the difficulty that realizes an available white list safety product is much larger than blacklist; 2. how to guarantee that the software in the white list storehouse is truly safe and reliable? even also there is the possibility of cheating in the software product of some well-known manufacturer; 3. how use at user side in like this huge white list storehouse, particularly the user can't connect network or subscriber computer can't the situation of operate as normal under.
Simple white list technology is identical with the blacklist technology in itself, all is to realize by following steps: promptly set up database (trust or mistrustful), local authentication or network authentication, carry out subsequent operation (allow or forbid) by authentication result; The present invention is not this simple white list technology, and its key is: 1. based on the software product manufacturer installation kit of online or off-line, create distributed product library, solve the source and build the storehouse problem; 2. this product library is not simple black, white list, but the product image degree and the product total data information that obtain by technological means, with the level of security of match user end, user's different software product of can independently winning the confidence on different level of securitys solves the problem of winning the confidence; 3. have online simultaneously and product library offline feature based on this, allow the user to carry out distributed offline authentication, even the user can't connect network, even there is not a software installation kit trusty, also can use the basic product storehouse that the computer system of oneself is authenticated, system is switched to high level security context, be engaged in some safety operations, perhaps system is cut low-level operational environment, continue to use the software product of some security attribute the unknowns.
That is to say, existing safety product mainly depends on blacklist technology (virus base), even also depend on the white list technology, because being difficult to carry out of the hysteresis quality of blacklist technology and white list technology is difficult to realize a safety product that has extensive adaptability (being adapted to all known and unknown viruses) and have high degree of flexibility (can move all unknown softwares and guarantee subscriber computer and data security).At the above-mentioned defective of prior art, then need the Prevention-Security that a kind of brand-new distributed authentication method realizes improving computer system so.
Summary of the invention
The present invention proposes a kind of distributed authentic authentication method and system based on product library, be different from the black and white lists technology, this method has casted off the blacklist technology once and for all, and thoroughly solved the difficult problem of software trust authentication on practicality, can be widely used in fields such as the harmless reduction of Computer Data Security, network security and system, for computer application safety provides reference information, infrastructure service and basic function; This method is set up a cover feasible software trust authentication mechanism comprehensively by online and two kinds of approach of off-line, realize the authentic authentication of multiple level of security for the user, ensure the application safety and the network security of subscriber computer, and permission user any software product of smoothly operation on different level of securitys, even comprise dangerous code in this product, the data security and the system that also can't destroy subscriber computer are firm.
Realize that concrete technical scheme of the present invention is as follows:
A kind of distributed authentic authentication system based on product library is characterized in that comprising:
Certificate server is used to create authentication required basic product storehouse and basic sample storehouse, and according to client online user's the authentication request local authentication or the distributed remote authentication of executive software product as required, last return authentication result;
The authentication terminal; the online user who is used for client initiates authentication request; the offline user authentication software product confidence level that perhaps is used for client; and, protect user's data safety, information security and ensure that user machine system is firm by the switching of different level of securitys according to authentication result or user's selection.
A kind of distributed authentic authentication method based on product library is characterized in that comprising:
Be used to create authentication required basic product storehouse and basic sample storehouse, and offer online user's confidence level of executive software product certification or distributed authentication user software product as required, last return authentication result's step according to authentication request;
The online user who is used for client initiates authentication request; the confidence level of authentication software product; perhaps be used for offline user authentication software product confidence level, and select, protect the step of user's data safety and information security by the switching of different level of securitys according to authentication result or user.
Described online being meant: the authentication terminal that operates on client user's computer is connected to certificate server by the Internet.
Described off-line is meant: operate in authentication terminal on client user's computer and fail the situation that is connected to or can't be connected with certificate server.
The basic product storehouse that described establishment authentication is required and the process in basic sample storehouse are: by the distributed certificate server that is present in all over the world, country according to this region, the software product registration inventory national and application is complementary, automatically download and collect all kinds of software vendor's issue and the software product installation kit of version, extract the product information of this software product installation kit on the backstage and join the basic product storehouse and basic sample storehouse, when extracting, intellectual analysis software product credit worthiness, and cooperate certificate server latest edition antivirus engine local or networking that executable file and the script file that extracts in the software product installation kit scanned, with file credible degree and the comprehensive credit worthiness index that obtains this software product.
Described software product is meant: by the set of software vendor or various profit, nonprofit organization and personal development's the executable file that can be applicable to specific area, run time version and data.
Described software product installation kit is meant: the set of all documents, data and the code of this software product original release, and as installation procedure, the All Files under installation kit, compressed package or the directory tree.
Described basic sample storehouse comprises: all compressions of software product installation kit or incompressible file data, mount message and index information; Be used under, replacement destroyed or the deleted situation, send original file data to client and be used for recovering destroyed, replacement or deleted client file at client file.
Described basic product storehouse comprises: from static nature information, behavior characteristic information, core data and the authentication information of the extraction of software product installation kit, resulting all documents of intellectual analysis and code, the basic product storehouse is distributed on all over the world the certificate server, and the relevant software product of local domain is only included in the basic product storehouse of every certificate server.Software product in the basic product storehouse comprises product trusty, also comprises incredible product.Use the data in basic product storehouse that the authentication request that the user submits to is authenticated coupling during authentication, and return authentication result, authentication result comprises the confidence level and the comprehensive credit worthiness of each file of software product of user's request authentication, if user file is infected, also comprise the restoration information (static nature information and core data) of this document, be used to repair the file of infection.
Described product library, comprise the basic product storehouse of creating for distributed on-line authentication on all certificate servers and basic sample storehouse, with the basic product storehouse of authentication terminal issue, and interim product library of setting up on all subscriber computers and consumer products storehouse.
Described basic product storehouse be meant be included in the authentication terminal, with authentication terminal compact version and the complete believable software product authentication database issuing and install, extract from the basic product storehouse in the basic product storehouse, include the product information and the authentication information of authentication the most normal use in terminal distribution district and complete believable software product, be used to authenticate the terminal offline authentication.
Described consumer products storehouse be meant generate by the authentication terminal, comprise operating system and the product information of all other software products and the subscriber's local authentication database of authentication information installed on the subscriber computer; The product information of the operating system product of installing on the described subscriber computer specifically comprises: magnetic disc main boot record, partition boot record, partition table, file system core data, registration table, registration table backup, all system files, above information are used for repairing or the reduction user machine system.
The authentication information and the data message (comprising believable and incredible) of all registered software products included in basic product storehouse and basic sample storehouse; The basic product storehouse is a trusted subclass in basic product storehouse, is used to offline user that authentic authentication is provided; Interim product library is used for offline user to be expanded the basic product storehouse temporarily, and its effect is identical with the basic product storehouse, but comprises the software product that the user wins the confidence voluntarily, if the user is online, product library is with certified and move to the consumer products storehouse temporarily; The consumer products storehouse comprise on the subscriber computer all authenticate the software product (comprising believable and incredible) of (on-line authentication or offline authentication), the consumer products storehouse can comprise the unregistered software product in basic product storehouse, unexposed distribution of this software product or source are unknown, its authentication information is then generated automatically by the analysis of authentication terminal intelligent, and the user can adjust the credit worthiness of all software products in the consumer products storehouse voluntarily.
Described intellectual analysis base region comprises: source credit worthiness, code information standard degree, code structure standard degree, code behavior risk factor, wherein, source credit worthiness, code behavior risk factor may cooperate certain manual analysis.
Described backstage is extracted to adopt and is directly resolved the installation kit file structure, decompression installation kit file data or resource data in internal memory, extract the effective information of each file then, described effective information comprises: manufacturer's information, version information, temporal information, digital signature, the file data check value, code structure information, the module dependence, function call information, code adds shell, enciphered message, core data, these information are used for the credit worthiness of intellectual analysis executable file, the code static nature information that the formation base product library is relevant, behavior characteristic information, core data, and authentication information, also be used to repair infected file on the subscriber computer;
Perhaps, under the situation that can't resolve the installation kit file structure, the backstage is extracted and can also or be started redirect services operation installation procedure by virtual machine, restores all installation files, extracts again; Under redirection mechanism, All Files operation that installation procedure is performed and registry operations all will be mapped to and be redirected disk or redirected catalogue, therefore can not produce any influence to current operation system.
The described online user who offers client according to the authentication request process of executive software product certification as required is as follows: if the software product that the client online user installs or operation is unknown, (this authentication terminal is passed through network download to the authentication terminal, or by the program release medium, be installed on the subscriber computer) will send the authentication request of described unknown software products to certificate server, if unknown software products to be certified does not add authentication service network (set in all certificate server basic product storehouses), then (product information comprises certificate server: the software product title according to the product information of unknown software products to be certified, manufacturer, version, digital signature, listed files, and the size of each file, timestamp, version, code static nature and file data check value), automatically or by artificial mode (described software product registration inventory comprises the list information of registered all software products with this product adding certificate server software product registration inventory, and at the index information in certificate server basic product storehouse and basic sample storehouse, software product registration inventory comprises two types: local registration inventory and remote login inventory; Software product in the software product registration inventory comprises four kinds of states: put in storage, put in storage, wait for warehouse-in, fail to put in storage), this software product registration inventory is safeguarded by automatic and artificial mode, for example, if the product information of unknown software products and manufacturer's information and certain software product of having put in storage are complementary, the source of the software product that then automatic use has been put in storage and source credit worthiness are as the source-information of unknown software products, if fail to find the software product of coupling, then search for its official website and Download Server by manual type, and definite its source credit worthiness, certificate server is downloaded software product installation kit to be certified from the optimum source then, obtain the product information and the reputation information of software by intellectual analysis, and cooperate third party's antivirus engine finally to determine the file credible degree and the comprehensive credit worthiness of software product to be certified, thereby finish authentication; Can't find the unknown software products to be certified in source for certificate server, adopt authentication terminal offline authentication, the mode that the user wins the confidence is voluntarily finished authentication.Client online user decides subsequent operation in its sole discretion according to the authentication result of returning, for example, if the prestige of this product is very poor, and the user determines to install or move this software, then authenticate terminal and will automatically switch to this software of operation on the lower level of security, to ensure the safety of user data and information.Authentication has higher priority as required, makes certificate server can respond user's real-time request fast.
Described certificate server is carried out the two kinds of situations that comprise when authenticating as required: (one) carries out inclusive authentication to the software product of authentication terminal request, inclusive authentication result comprises the confidence level of each file in the software product to be certified, and the comprehensive credit worthiness of this software product, authentication result returns to the authentication terminal, and comprehensive credit worthiness is corresponding with certain level of security on the subscriber computer; (2) single file or the run time version to the authentication terminal request authenticates, and authentication result is only returned the confidence level of institute's authentication document; The authentication result that these two kinds of situations are returned to the authentication terminal all may comprise following additional information: the file restoration information that comprises when client file is distorted (infection), the file initial data that comprises when client file is replaced.(basic product storehouse, basic product storehouse, interim product library and consumer products storehouse include the file restoration information of software product, and the software installation kit of user's appointment when basic sample storehouse and offline authentication then comprises the original file data of software product.)
The process of described distributed authentication software product confidence level is as follows: at first certificate server adopts distributed mode to be deployed on all over the world the network node, authentication server stores has up-to-date and the most perfect basic product storehouse of local domain and basic sample storehouse, in case there is renewal in the basic product storehouse of certain certificate server, this certificate server is promptly issued up-to-date remote software equipment registration inventory to the certificate server of other network node; After the certificate server of certain network node receives user authentication request, at first search certificate server local software equipment registration inventory and local basis product library, if there is software product to be certified, then mate the credit worthiness of software product to be certified and authentication result is returned to the authentication terminal, the online user of client carries out subsequent operation according to the authentication result of returning; If the local authentication server does not write down software product to be certified, then search remote software equipment registration inventory, if find, then initiate the remote authentication request to the network node remote authentication server of correspondence, at this moment, the certificate server of initiating the remote authentication request is equivalent to Relay Server, after remote authentication is finished, directly returns the remote authentication result to subscriber computer authentication terminal; If also do not find software product to be certified in remote software equipment registration inventory, then certificate server is carried out the constructive process in basic product storehouse, and software product to be certified is registered in basic product storehouse and the basic sample storehouse.
The authentication information that the authentication terminal utilizes certificate server to return, not only can be to the comprehensive credit worthiness of user report software and the reliability information of each file, can also be directly repair or reduce the apocrypha of user side, thus the user need not to download again once more software product installation kit, reinstall operating system or application software.
The process of the offline user authentication software product confidence level of described client is as follows:
When the client user is off-line state, the authentication terminal carries one with corresponding to basic product storehouse, user region (always issue with the authentication terminal in the basic product storehouse), if operating system and application software that the user installed are all covered by the basic product storehouse, the user need not the online running environment that can authenticate oneself so; If there is the software product of basic product storehouse the unknown in the subscriber computer of off-line, and possesses this software product installation kit, the user can start the authentication terminal and authenticate temporarily, interim authentication is with the confidence level and the comprehensive credit worthiness of this software product installation kit All Files of intellectual analysis, if installation kit is insincere, to point out the user, the user can abandon also can manually accepting and believing this software product, if installation kit is credible or manually accepted and believed by the user, the authentication terminal will be extracted this software product installation kit product information automatically, join interim product library, interim product library has the credit worthiness identical with the basic product storehouse (credible fully under off-line state); The authentication terminal uses basic product storehouse, interim product library and consumer products storehouse that subscriber computer is scanned, and the interim product library that off-line state produces and all softwares that add the consumer products storehouse to will keep interim authentication state; Become presence up to offline user, the authentication terminal authenticates the software product that interim product library and consumer products storehouse state are interim authentication state (identical with the process of executive software product certification as required) again with the request authentication server, interim product library through authentication is automatically converted to the consumer products storehouse, the user can manually specify the credit worthiness of consumer products library software, or specifies the prestige state to turn back to standard prestige state from the user.That is to say, it is complete trusted that the user can specify a software product voluntarily, even this product comprises real viral code, it also can move on higher level of security, but, if the user turns back to standard prestige state, these codes all will clear up away from internal memory, and unloaded, and all disk files of this product all will be isolated.If the user can not be online, the installation kit of software product also can't be provided, so, the authentication terminal can only use the basic product storehouse that user machine system is authenticated, and corresponding level of security has only two kinds, the one, safety, the one, unknown, the user can be switched between these two kinds of ranks, certainly, if the user switches on the level of security, all application software of prestige the unknown all can't be moved.
Described consumer products library software product comprises three kinds of states: 1. standard prestige state, and 2. interim prestige state, 3. the user specifies the prestige state.
Described standard prestige state is meant: the software product credit worthiness that authentication is returned through certificate server, for the user specified the prestige state, this state was accurately with reliably.
Described interim prestige state is meant: the software product credit worthiness that the authentication terminal intelligent analysis of process off-line obtains, for standard prestige state, may there be certain risk in this state, can not be trusted for a long time, in case the user is online, this state will be automatically upgraded to standard prestige state.
Described user specifies the prestige state to be meant: the user ignores the prestige state that certificate server returns, the prestige state that intellectual analysis obtains when perhaps ignoring authentication terminal off-line, artificial credit worthiness of specifying consumer products library software product makes that some software can be in higher security level not or can only move on than the lower security rank.The user specifies the prestige state can fast return standard prestige state or interim prestige state.
Described virus is meant executable file, script file, module, process, thread and the kernel run time version that comprises full spectrum of threats computer security such as wooden horse.
The described switch protecting user's data safety and the process of information security by different level of securitys is as follows: the user selects the level of security that will switch to, start the switching of level of security then, the authentication terminal thoroughly scans the running environment and the disk file of subscriber computer automatically, and according to the level of security that the user selects scanning result is authenticated, stop, unload and isolate all not process, thread, module, run time version (comprising the kernel driving), executable file and registry key by authentication; If switch to lower level of security from higher level of security; then encrypt other user profile of all higher security level and critical data (as the security catalog of user account information, cookie information, user's appointment); and startup user data real-time guard; otherwise then decrypted user information and critical data; if have the code that to remove, may require the user to restart.
Described authentication terminal is to the scanning of subscriber computer, comprise: all operate in process, thread, module, run time version (comprising that kernel drives) in the calculator memory, all disk files, leader record, registry key and registry data, user profile and critical data.
The authentication terminal from than the lower security rank when higher security level is not switched, the processing of user machine system is comprised: (1) stops all processes of crossing authentication; (2) stop the thread that all do not cross authentication; (3) unload the module that all do not cross authentication; (4) unload all run time versions of not crossing authentication (comprising that kernel drives); (5) isolate the executable file (comprising script file) that all do not cross authentication; (6) derive and delete all and drive registry key and the registry data that is associated with above-mentioned executable file, process image, module file, the kernel of not crossing authentication; (7) executable files that all are infected, replace are repaired and reduced to scanning disk system and file system, comprises system core file, as MBR (MBR), partition table, partition boot record; (8) encrypted user profile and the critical data of all level of securitys under the deciphering targeted security rank; (9) if there is the executable code that thoroughly to remove and to unload, may require the user to restart; (10) preserve above-mentioned switching daily record.
The authentication terminal from higher security level not when switching than the lower security rank, processing to user machine system comprises: (1) is according to rudimentary high-level switching daily record, the executable file that reduction all (segregate) and targeted security rank are complementary, process image file, module file and the kernel driving file of being clipped to of correspondence; (2) import registry key and the registry data that all (derived and delete) and targeted security rank are complementary; (3) loading all unloaded kernels that are complementary with the targeted security rank drives; (4) user profile and the critical data of all level of securitys on the encryption targeted security rank.
Even described authentication terminal is not carried out the switching between the level of security, also possesses the mechanism that current safety rank operational environment is authenticated again, with the suspect code of checking dynamic intrusion computer system and the apocrypha of invading computer file system, the firm and safety of safeguards system.Exist leak or Active Defending System Against to have the subscriber computer of leak for operating system, this authentication mechanism is the safety of safeguards system thoroughly, and the leak of pointing out the user to repair operating system or initiatively defend to exist.
Described authentication terminal works may be because certain Malware of operation or dangerous program cause operating system destroyed, or running environment be destroyed when lower level of security; But the authentication terminal possesses the ability of repairing operating system and running environment, and implementation is as follows: 1) by small-scale operating system vectoring computers such as DOS, LINUX on CD, the movable storage medium or WINDOWS PE; (2) after guiding successfully, operation authentication terminal program in above-mentioned small-scale operating system, select higher level of security, user machine system and disk file are scanned, subscriber computer is switched to other operational environment of higher security level fast, isolate simultaneously all fail by the authentication executable file and script file, delete its shortcut; (3) repair and reduce that all are infected, replace or ruined executable file (comprise infected, replace or system file deleted, that destroy); (4), then reduce MBR, partition table, partition boot record, the file system and registry of subscriber computer operating system if there is other consumer products storehouse of targeted security level; (5) if there is no other consumer products storehouse of targeted security level, then repair MBR, partition boot record and the file system of subscriber computer operating system, derive and delete all and relevant registry key and the registry data of executable file, script file that does not pass through authentication.
The running environment of the safety classification that the present invention realizes can allow the user at utmost move all software without barrier, it is concerned about no longer in itself whether software or run time version are virus, or which kind of virus, therefore also need not carry out qualitative analysis to suspect code, because user's real concern is not the title of virus, but the result of safety.
Described certificate server also can cooperate third party's antivirus engine to carry out confidence level authentication, is under the known situation of software product installation kit source credit worthiness, for the software product released version of guaranteeing to obtain is perfectly safe reliably, and a kind of authentication strengthening measure of taking.
Based on technology of the present invention, can provide the product of the fail-safe software with following feature for the user:
One, scan in main foundation of client or complete foundation authentic authentication technology of the present invention, adopt this technology to analyze user machine system, can: 1) unauthenticated or the authentication that thoroughly detects all online (being loaded in the internal memory) and the off-line (being kept on the storage mediums such as disk) that exist in the subscriber computer do not meet other executable file of current safety level and executable code, 2) stop, unloading and isolate all 1) in the detected suspicious process of crossing authentication, thread, module, run time version and kernel drive, 3) directly repair the file that all are distorted (infection), 3) reduce that all are replaced, destroy or deleted file 4) repair or the reduction magnetic disc main boot record, partition boot record, partition table, file system, registration table.
Two, be supported in and carry out above-mentioned scanning on the small-scale operating system of exterior guiding and repair operation, exterior guiding comprises: floppy disk guiding, CD guiding, USB (FDD, HDD, CDROM) guiding, netboot, small-scale operating system comprises: DOS, LINUX, WINDOWS PE etc.
Three, no matter the user is off-line state or presence in described scanning, can guarantee user machine system is switched on authentic, the intrinsically safe state, and the applied environment of a safety is provided for the user; Off-line scan based on small-scale operating system, the system of being mainly used in can't start or the situation of cisco unity malfunction under, allowing the user need not the refitting system just can be with system's fast restore, the system reducing of realizing based on the present invention is a kind of real harmless reduction, can not cover the Any user file or cause loss of user data.
Four, the operational environment of different level of securitys is provided for the user.The operational environment of this different level of securitys has following feature: 1) real safety, can not can't slip in the subscriber computer by the code of authentication and move, 2) the real isolation, program and code than low level security can't enter the operational environment of higher security level, simultaneously than seeing other privacy of user of higher security level and sensitive data under the operational environment of low level security, 3) user account of the switching of level of security and operating system switches and is inequality, same computer, the user can only be operated on a kind of clear and definite level of security at synchronization, can not create the operational environment of multiple level of security simultaneously.
When five, providing intrinsically safe system environments and applied environment, also allow the user to use without barrier and experience any software product, even this product comprises malicious code or dangerous program for the user.For example, the user installs on a level of security or moves still unverified software product, can be prompted to authenticate, if the credit worthiness of authentication is lower, this product will be under an embargo, but the user can select to switch to normal this software that uses on the lower level of security; Perhaps, the user can ignore the standard prestige state of certificate server on the current safety rank, uses it for the software designated user prestige of wanting to move, and when the user returned standard prestige state, the user of this software product specified prestige promptly to cancel.
Six, possesses user data real-time guard ability.Even on lower level of security, move incredible software or do not go up the software that run user is specified prestige in higher security level; also can protect user data not to be destroyed; it is characterized in that: 1) if above-mentioned software does not pass through user's manual operation; automatically open, revise, delete any data file in the computer on the backstage; all will be blocked and report to the user; 2) if above-mentioned software carries out the physical disk operation, also will be blocked and report to the user.
Seven, under the situation of off-line, allow the user installation kit of software product to be considered as benchmark temporarily and authenticate not exclusively that (user can ignore the result of credit worthiness intellectual analysis, manually accept and believe this software product), the authentication terminal will be extracted product information and the result will be kept at interim product library from the software installation kit of user's appointment, have the highest credit worthiness.Therefore, as long as the user has believable priginal soft installation kit or installation procedure, can obtain the authentication effect identical equally with on-line authentication.
Eight, under the online situation, interim product library will the submitted authentication on the backstage, if authentication is passed through, is automatically converted to the consumer products storehouse, if can not be by authentication, and return authentication result and point out the user then.
In sum, the safety product of realizing based on the present invention has following essential characteristic:
One, mainly based on or based on the distributed authentic authentication technology based on product library of the present invention user machine system is authenticated fully.
Two, possess the offline authentication technology that breaks the whole up into parts, make the user under the state of off-line, also can guarantee the safety of own computer system.
In case three users are online, offline authentication can be automatically upgraded to on-line authentication, and interim product library is converted to the consumer products storehouse, and interim authentication software product is converted to the standard authentication software product.
Four,, can farthest protect the firm of user machine system by the authentic authentication technology based on product library of the present invention.Even system is destroyed, also can on other small-scale operating system, move based on the authentication terminal of this technology and be repaired and reduce computer system, system is turned back to the state of safety and stability.
Five, allow the user to enter the operational environment of different level of securitys, these level of securitys are isolated on using fully.The operational environment of high level of security has authentication, feature protected and trusty fully, and the user can finish some important work in this rank, as network trading.At lower level of security, the user can attempt experiencing any software product, and does not worry that safety is on the hazard.
Description of drawings
Fig. 1 is an Organization Chart of the present invention
Fig. 2 creates the flow chart in basic product storehouse for certificate server of the present invention
Fig. 3 is whole server executive software product certification flow chart as required for the present invention authenticates
Fig. 4 authenticates terminal offline authentication flow chart for the present invention
Fig. 5 authenticates other switching flow of terminal security level figure for the present invention
Embodiment
Below in conjunction with accompanying drawing 1-5 embodiments of the present invention are made and to further specify.
The invention provides a kind of distributed authentic authentication method and system based on product library; can be to any computer user's file system; application software and running environment scan fast; level of security according to customer requirements; stop and unload all not meeting other executable code of current safety level; isolate all and do not meet other executable file of current safety level; protection other user profile of higher security level and critical data; forbid moving all and do not meet other executable code of current safety level; cooperate initiatively defence and network firewall technology; just can eliminate all potential safety hazards on the subscriber computer, for the user realizes isolating mutually between the different level of securitys; real safe and reliable; but the operating system environment of any software product of smoothly operation.
This system comprises:
Certificate server is used to create authentication required basic product storehouse and basic sample storehouse, and according to client online user's the authentication request local authentication or the distributed remote authentication of executive software product as required, last return authentication result;
The authentication terminal; the online user who is used for client initiates authentication request; the offline user authentication software product confidence level that perhaps is used for client; and, protect user's data safety, information security and ensure that user machine system is firm by the switching of different level of securitys according to authentication result or user's selection.
This method comprises:
Be used to create authentication required basic product storehouse and basic sample storehouse, and offer online user's confidence level of executive software product certification or distributed authentication user software product as required, last return authentication result's step according to authentication request;
Be used for the online user and initiate authentication request; the confidence level of authentication software product; perhaps be used for offline user authentication software product confidence level, and select, protect the step of user's data safety and information security by the switching of different level of securitys according to authentication result or user.
As shown in Figure 2, certificate server is created the process in basic product storehouse: this process is used to create authentication required basic product storehouse and basic sample storehouse, the basic product storehouse is used for user's request of client is authenticated, sample storehouse, basis is used for therefrom extracting original document, and the reduction client is replaced, destruction or deleted file.The basic product storehouse has comprised all information that are used to authenticate, repair client file, and the confidence level of this each file of software product and comprehensive credit worthiness.
As shown in Figure 3, certificate server is the process of the local authentication of executive software product and distributed authentication as required: the software product of user's request authentication may comprise following several situation: software product 1. to be certified has added local authentication server basis product library, certificate server only needs the authentication request that the user submits to is accurately mated authentication, and generate the online user that authentication result returns to client and authenticate terminal, if the software product infected (distorting) that the user is to be certified, replace, destruction or deleted, authentication result then comprise and are used for repairing, reduce the restoration information or the original document packed data of this software product files; 2. software product to be certified does not add local authentication server basis product library, but added remote authentication server basic product storehouse, at this moment, the local authentication server is equivalent to Relay Server, simply user's request is forwarded to the remote authentication server of coupling, and etc. to be certified finishing, the online user who at last authentication result is returned to client authenticates terminal; 3. software product to be certified does not add authentication service network (local with set all long-range certificate server basic product storehouses), then start the visioning procedure of local authentication server basis product library, this process may cooperate certain manual search to determine the optimum source of this software product installation kit, if fail to find this software product source, then return failure, at this moment, the online user authenticates starting terminal software product credit worthiness intellectual analysis, as interim authentication result, and the prompting user decides how to accept and believe software product to be certified in its sole discretion according to this interim result with the result of intellectual analysis; In case this software product adds the authentication service network, certificate server will initiatively require this client online user step-up authentication result.
As shown in Figure 4, the process of authentication terminal offline authentication: the offline authentication of authentication terminal can start from current operation system, also can start from other small-scale operating system.Purpose is to remove and isolate run time version, image file and the registry key that all level of securitys are lower than customer requirements, guarantees the current certain satisfactory level of security of operational environment of user.Offline authentication has the ability of repairing and reducing user machine system.
As shown in Figure 5, other handoff procedure of authentication terminal security level: the authentication terminal is identical with the offline authentication process from the process that lower level of security does not switch to higher security level, after switching is finished, all can not all will be terminated by the executable code that higher security level does not authenticate, and from internal memory, clear up away, all can not all will be isolated by the executable file of authentication, all registry key that are associated with these executable files all will be derived and be deleted, after switching is finished, cooperate third party initiatively defense module and FWSM, other source (as network download or that start by web browser or by the leak invasion) any executable code or file also will be examined, if can not pass through other authentication of current safety level, also can not move, therefore, on higher level of security, user's data safety and application safety will be protected.
The present invention is by interconnecting with the software product manufacturer server, trusted Download Server and the antivirus scan server that are distributed in all over the world, set up the authentication service network, realize full-automatic and distributed software trust authentication, particularly, by safety certification of the present invention, but on subscriber computer, realize to divide the operational environment of any software product of smoothly operation of level of security.
Have online and product library offline feature based on this of the present invention's proposition; subscriber computer is carried out distributed authentic authentication; set up the operational environment of different level of securitys for the user; allow user's any software product of independently winning the confidence; just need not software strictly is divided into safety with dangerous; but move different software with different level of securitys; even this software comprises viral code; also may operate in than in other operational environment of low level security; because the level of security that the present invention creates has mutually and isolates fully; the characteristic of user data real-time guard.
Why the present invention can set up this online and product library offline feature of having, and be applied on the subscriber computer of the online also possibility of possibility off-line, be because specific to any terminal in the world, Yun Hang operating system and application software all are very limited thereon, the method of this distributed authentication based on product library therefore proposed by the invention, can solve safety identification of computer at Jian Ku, win the confidence and all problems of application facet.
The operational environment of different level of securitys proposed by the invention, the user can move any software product in these environment and there is fundamental difference in the not fail safe of destruction of computer systems with virtual machine technique.The virtual machine technique that is applied in security fields comprises: 1. in current operation system; make up a virtual hardware environment by software virtual machine; in this environment, load a complete or small-sized operating system; the software of run user in this operating system then; no matter this software has been carried out any operation; all can't influence real operating system; 2. take over the current operation system bottom; the all operations of system all is directed to an interim zone; therefore every operation all will cancel after system restarts, to protect real operating system.Technology proposed by the invention all is that on-line operation is in the current operation system environment, user's all operations and operating result all can be saved, if switched level of security, low-level operation result can thoroughly disappear, but when switching back, low-level operating result will be returned again.For example: software A is credible fully, and software B is the Virus under a kind of conventional meaning, the user is operating software A in the operational environment of the highest level of security, software A is because can normally move by other authentic authentication of this level, under this level of security, if user's operating software B (perhaps software B successfully requires operation because invade), the authentication terminal will be carried out real-time online or offline authentication to software B, because software B can't pass through other authentic authentication of this level, the authentication terminal will point out the user to abandon operating software B, if the user selects to continue operating software B, then authenticate terminal will automatically switch to the corresponding level of security of software B on, at this moment, all level of security user information corresponding on the software B level of security and critical data are all with encrypted, user data real-time guard function is opened, and All Files operation and registry operations in the software B running all will be recorded; When the user is switched back the highest level of security again, the authentication terminal will rescan system and disk file, all processes, thread, module, driving that software B is relevant all will be terminated and unload, all executable files that software B creates are isolated, the All Files that software B is distorted is repaired or reduces, the registry key that the registry key that software B is revised is reduced, adds is derived and is deleted, and at this moment, software B is equivalent to thoroughly thoroughly disappear from system; In addition, all level of security user information corresponding and critical data on the software B level of security are decrypted, and system is returned to the operational environment of the highest level of security correspondence again.
Claims (14)
1. distributed authentic authentication method based on product library is characterized in that comprising:
Be used to create authentication required basic product storehouse and basic sample storehouse, and offer online user's confidence level of executive software product certification or distributed authentication user software product as required, last return authentication result's step according to authentication request;
Be used for the online user and initiate authentication request; the confidence level of authentication software product; perhaps be used for offline user authentication software product confidence level, and select, protect the step of user's data safety and information security by the switching of different level of securitys according to authentication result or user.
2. method according to claim 1, it is characterized in that: comprise that described establishment authenticates required basic product storehouse and the process in basic sample storehouse is: by the distributed certificate server that is present in all over the world, according to this region country, the software product registration inventory national and application is complementary, automatically download and collect all kinds of software vendor's issue and the software product installation kit of version, extract the product information of this software product installation kit on the backstage and join the basic product storehouse and basic sample storehouse, when extracting, intellectual analysis software product credit worthiness, and cooperate antivirus engine certificate server this locality or networking that executable file and the script file that extracts in the software product installation kit scanned, with file credible degree and the comprehensive credit worthiness index that obtains this software product;
The base region of described software product credit worthiness intellectual analysis comprises: source credit worthiness, code information standard degree, code structure standard degree, code behavior risk factor.
3. method according to claim 1 and 2 is characterized in that: described basic sample storehouse comprises all compressions or incompressible file data, mount message and the index information of software product installation kit; Be used under, replacement destroyed or the deleted situation, send original file data to client and be used for recovering by destroyed, replacement or deleted client file at client file;
Described basic product storehouse comprises from static nature information, behavior characteristic information, core data and the authentication information of the extraction of software product installation kit, resulting all documents of intellectual analysis and code, the basic product storehouse is distributed on all over the world the certificate server, and the relevant software product of local domain is only included in the basic product storehouse of every certificate server;
Described product library, comprise the basic product storehouse of creating for distributed on-line authentication on all certificate servers and basic sample storehouse, with the basic product storehouse of authentication terminal issue, and interim product library of setting up on all subscriber computers and consumer products storehouse;
Described basic product storehouse be meant be included in the authentication terminal, with authentication terminal compact version and the complete believable software product authentication database issuing and install, extract from the basic product storehouse in the basic product storehouse, include the product information and the authentication information of authentication the most normal use in terminal distribution district and complete believable software product, be used to authenticate the terminal offline authentication;
Described consumer products storehouse be meant generate by the authentication terminal, comprise operating system and the product information of all other software products and the subscriber's local authentication database of authentication information installed on the subscriber computer; The product information of the operating system product of installing on the described subscriber computer specifically comprises: magnetic disc main boot record, partition boot record, partition table, file system core data, registration table, registration table backup, all system files, above information are used for repairing or the reduction user machine system;
The authentication information and the data message of all registered software products included in basic product storehouse and basic sample storehouse; The basic product storehouse is a trusted subclass in basic product storehouse, is used to offline user that authentic authentication is provided; Interim product library is used for offline user to be expanded the basic product storehouse temporarily, also is used to offline user that authentic authentication is provided, and comprises the software product that the user wins the confidence voluntarily, if the user is online, interim product library is with certified and move to the consumer products storehouse; The consumer products storehouse comprises all software products that authenticated on the subscriber computer; If have the unregistered software product in basic product storehouse in the consumer products storehouse, when unexposed distribution of this software product or source are unknown, authentication information is then generated automatically by the analysis of authentication terminal intelligent, and the user can adjust the credit worthiness of all software products in the consumer products storehouse voluntarily.
4. method according to claim 1, it is characterized in that: software product installation kit product information is extracted on described backstage, adopt and directly resolve the installation kit file structure, decompression installation kit file data or resource data in internal memory, extract the effective information of each file then, comprise: manufacturer's information, version information, temporal information, digital signature, the file data check value, code structure information, the module dependence, function call information, code adds shell, enciphered message, core data, these information are used for analyzing automatically the credit worthiness of executable file, also are used to repair infected file on the subscriber computer;
Under the situation that can't resolve the installation kit file structure, described software product installation kit product information by virtual machine or redirect services operation installation procedure, restores all installation files, extracts again; Under redirection mechanism, All Files operation that installation procedure is performed and registry operations all will be mapped to and be redirected disk or redirected catalogue, therefore can not produce any influence to current operation system.
5. method according to claim 1, it is characterized in that: describedly offer the client online user according to authentication request the process of executive software product certification is as follows as required: if the client online user installs or the operation unknown software products, the authentication terminal will send the authentication request of a unknown software products to certificate server, if unknown software products to be certified does not add all certificate server basic product storehouse set, certificate server is then according to the product information of unknown software to be certified, the software product registration inventory of having set up from the certificate server is searched the optimum source of this software product, certificate server is downloaded this software product installation kit from the optimum source, by the credit worthiness Intellectual Analysis Technology, and cooperate third party's antivirus engine finally to determine the file credible degree and the comprehensive credit worthiness of this software product, can't find the software product in source for certificate server, adopt authentication terminal offline authentication, the mode that the user wins the confidence is voluntarily finished authentication;
Described product information comprises: software product title, manufacturer, version, digital signature, listed files, and the size of each file, timestamp, version, code static nature and file data check value.
6. method according to claim 5, it is characterized in that: described certificate server is carried out the two kinds of situations that comprise when authenticating as required: first kind, software product installation kit to be certified to the authentication terminal request carries out inclusive authentication, inclusive authentication authenticates the All Files of the software product installation kit of request authentication, authentication result comprises the confidence level and the comprehensive credit worthiness of each file, and comprehensive credit worthiness is corresponding with certain level of security on the subscriber computer; Second kind, single file or the run time version that authenticates terminal request authenticated, authentication result only comprises the confidence level of institute's authentication document; When client file is distorted or is replaced, destroyed and deleted, no matter be on-line authentication or authentication terminal offline authentication, the authentication result of generation all comprises: the restoration information of file, the packed data of original document.
7. distributed authentic authentication system based on product library is characterized in that comprising:
Certificate server is used to create authentication required basic product storehouse and basic sample storehouse, and according to client online user's the authentication request authentication or the distributed remote authentication of executive software product as required, last return authentication result;
The authentication terminal; the online user who is used for client initiates authentication request; the offline user authentication software product confidence level that perhaps is used for client; and, protect user's data safety, information security and ensure that user machine system is firm by the switching of different level of securitys according to authentication result or user's selection.
8. system according to claim 7, it is characterized in that: at first certificate server adopts distributed mode to be deployed on all over the world the network node, authentication server stores has up-to-date and the most perfect basic product storehouse of local domain and basic sample storehouse, in case there is renewal in the basic product storehouse of certain certificate server, this certificate server is promptly issued up-to-date remote software equipment registration inventory to the certificate server of other network node; After the certificate server of certain network node receives user authentication request, at first search certificate server native product registration inventory and local basis product library, if there is software product to be certified, then mate the product information of this software product and credit worthiness and authentication result is returned to the authentication terminal, the online user of client carries out subsequent operation according to the authentication result of returning; If the local authentication server does not write down software product to be certified, then search remote software equipment registration inventory, if find, then initiate the remote authentication request to the network node remote authentication server of correspondence, after remote authentication is finished, directly return the remote authentication result to subscriber computer authentication terminal; If also do not find software product to be certified at long-range equipment registration inventory, then certificate server is carried out the constructive process in basic product storehouse, and software product to be certified is registered in basic product storehouse and the basic sample storehouse.
9. system according to claim 7, it is characterized in that: when the client user is off-line state, the authentication terminal carries one and corresponding to basic product storehouse, user region, if operating system and application software that the user installed are all covered by the basic product storehouse, the user need not the online running environment that can authenticate oneself so; If there is the software product of basic product storehouse the unknown in the subscriber computer of off-line, and possesses this software product installation kit, the user starts the authentication terminal and authenticates temporarily, interim authentication is with the confidence level and the comprehensive credit worthiness of this software product installation kit All Files of intellectual analysis, if installation kit is insincere, to point out the user, the user selects to abandon or manually accept and believe this software product voluntarily, if installation kit is credible or manually accepted and believed by the user, the authentication terminal will be extracted the product information of this software product installation kit automatically, join interim product library, interim product library has the credit worthiness identical with the basic product storehouse; The authentication terminal uses basic product storehouse, interim product library and consumer products storehouse that subscriber computer is scanned, and the interim product library that off-line state produces and all softwares that add the consumer products storehouse to will keep interim authentication state; Become presence up to offline user, the request authentication server is authenticated interim product library to the authentication terminal again and consumer products storehouse state is the software product of interim authentication state, interim product library through authentication is automatically converted to the consumer products storehouse, the user is the credit worthiness of designated user product library software product voluntarily, or specifies the prestige state to turn back to standard prestige state from the user its prestige state.
10. system according to claim 9 is characterized in that: the prestige state of described consumer products library software product comprises three kinds of states: standard prestige state, and interim prestige state and user specify the prestige state;
Described standard prestige state is meant: the software product credit worthiness that authentication is returned through certificate server, and for the user specified the prestige state, this state was accurately with reliably;
Described interim prestige state is meant: the software product credit worthiness that the authentication terminal intelligent analysis of process off-line obtains, for standard prestige state, there is certain risk in this state, can not be trusted for a long time, in case the user is online, this state will be automatically upgraded to standard prestige state;
Described user specifies the prestige state to be meant: the user ignores the prestige state that certificate server returns, the prestige state that intellectual analysis obtains when perhaps ignoring authentication terminal off-line, artificial credit worthiness of specifying consumer products library software product makes some software in higher security level not or can only move on than the lower security rank.
11. system according to claim 7, it is characterized in that: the level of security that user's selection will switch to, when starting the switching of level of security, the authentication terminal thoroughly scans the running environment and the disk file of subscriber computer automatically, and according to the level of security that the user selects scanning result is authenticated, stop, unload and isolate all process, thread, module, run time version, executable file and registry key by authentication; If switch to lower level of security, then encrypt other user profile of all higher security level and critical data, and start the user data real-time guard from higher level of security; If switch to higher level of security, then decipher the user profile and the critical data of all level of securitys under the targeted security rank from lower level of security; When having the code that can't remove, the prompting user restarts;
Described authentication terminal is to the scanning of subscriber computer, comprise following content: all operate in process, thread, module, run time version in the calculator memory, all disk files, leader record, registry key and registry data, user profile and critical data.
12. system according to claim 11 is characterized in that: the authentication terminal from than the lower security rank when higher security level is not switched, the processing of user machine system is comprised: stop processes that all cross authentication; Stop the thread that all do not cross authentication; Unload the module that all do not cross authentication; Unload the run time version that all do not cross authentication; Isolate the executable file that all do not cross authentication; Derive and delete all and drive registry key and the registry data that is associated with above-mentioned executable file, process image, module file, the kernel of not crossing authentication; All infected, as to be replaced executable files are repaired and reduced to scanning disk system and file system, comprises system core file; Encrypted user profile and the critical data of all level of securitys under the deciphering targeted security rank; If have the executable code that thoroughly to remove and to unload, require the user to restart; Preserve above-mentioned switching daily record;
The authentication terminal from higher security level not when switching than the lower security rank processing to user machine system comprise: be clipped to high-level switching daily record according to correspondence rudimentary, reduce executable file, process image file, module file and the kernel driving file that all and targeted security rank be complementary; Import registry key and registry data that all and targeted security rank are complementary; Loading all unloaded kernels that are complementary with the targeted security rank drives; Encrypt the user profile and the critical data of all level of securitys on the targeted security rank.
13. system according to claim 7, it is characterized in that: described authentication terminal operating is under other small-scale operating system, repair ruined user machine system, its process is as follows: A, by DOS, LINUX or WINDOWS PE small-scale operating system vectoring computer on the CD, movable storage medium; B, guide successfully after, operation authentication terminal program in the small-scale operating system described in the steps A, select higher level of security, user machine system and disk file are scanned, subscriber computer is switched to other operational environment of higher security level fast, isolate simultaneously all fail by the authentication executable file and script file, delete its shortcut; All are infected for C, reparation and reduction, replace or ruined executable file; If there is other consumer products storehouse of targeted security level in D, then reduce MBR, partition table, partition boot record, the file system and registry of subscriber computer operating system; E, if there is no other consumer products storehouse of targeted security level, then repair MBR, partition boot record and the file system of subscriber computer operating system, derive and delete all and relevant registry key and the registry data of executable file, script file that does not pass through authentication.
14. system according to claim 7 is characterized in that: described certificate server also cooperates third party's antivirus engine to carry out the confidence level authentication.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110143788.8A CN102195987B (en) | 2011-05-31 | 2011-05-31 | Distributed credibility authentication method and system thereof based on software product library |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110143788.8A CN102195987B (en) | 2011-05-31 | 2011-05-31 | Distributed credibility authentication method and system thereof based on software product library |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102195987A true CN102195987A (en) | 2011-09-21 |
| CN102195987B CN102195987B (en) | 2014-04-30 |
Family
ID=44603374
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110143788.8A Expired - Fee Related CN102195987B (en) | 2011-05-31 | 2011-05-31 | Distributed credibility authentication method and system thereof based on software product library |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102195987B (en) |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102750491A (en) * | 2012-06-05 | 2012-10-24 | 宇龙计算机通信科技(深圳)有限公司 | Method and system for restricting terminals from mounting or upgrading third-party application programs |
| CN102779257A (en) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | Security detection method and system of Android application program |
| CN102831010A (en) * | 2012-08-30 | 2012-12-19 | 腾讯科技(深圳)有限公司 | Method and device for opening unknown file |
| CN102982276A (en) * | 2012-11-14 | 2013-03-20 | 北京奇虎科技有限公司 | Method and device for application control |
| CN102982275A (en) * | 2012-11-14 | 2013-03-20 | 北京奇虎科技有限公司 | Security control method and device for running applications |
| CN103546436A (en) * | 2012-07-13 | 2014-01-29 | 中兴通讯股份有限公司 | Security control method, terminal, and cloud server |
| WO2014015790A1 (en) * | 2012-07-25 | 2014-01-30 | Tencent Technology (Shenzhen) Company Limited | Method and system for file scanning |
| CN103617388A (en) * | 2013-12-11 | 2014-03-05 | 长城信息产业股份有限公司 | Implementation method for secure operating system with process credibility authentication |
| CN104426861A (en) * | 2013-08-27 | 2015-03-18 | 中国银联股份有限公司 | Webpage detection method and system |
| CN105279019A (en) * | 2014-06-10 | 2016-01-27 | 中国移动通信集团公司 | Application scheduling method, application scheduling device and terminal equipment |
| CN105825440A (en) * | 2016-06-07 | 2016-08-03 | 国网辽宁省电力有限公司电力科学研究院 | Network source coordination management system and method based on J2EE platform |
| CN106815518A (en) * | 2015-11-30 | 2017-06-09 | 华为技术有限公司 | One kind application installation method and electronic equipment |
| CN107851171A (en) * | 2015-07-21 | 2018-03-27 | 金泽震 | Terminating machine with security function |
| CN108255644A (en) * | 2017-12-29 | 2018-07-06 | 北京元心科技有限公司 | File system recovery method and device |
| CN108573145A (en) * | 2017-03-08 | 2018-09-25 | 广达电脑股份有限公司 | Software risk assessment system and method thereof |
| CN108881198A (en) * | 2018-06-07 | 2018-11-23 | 深圳市亿联智能有限公司 | A kind of intelligent terminal method of controlling security |
| CN108880788A (en) * | 2017-05-08 | 2018-11-23 | 西门子股份公司 | Authentication method and control system in the control system for technical equipment |
| CN109445804A (en) * | 2018-10-25 | 2019-03-08 | 麒麟合盛网络技术股份有限公司 | A kind of starting method and apparatus of application program |
| CN109918173A (en) * | 2019-03-06 | 2019-06-21 | 苏州浪潮智能科技有限公司 | Virtual machine health examination method and system based on openstack |
| CN110362406A (en) * | 2017-01-20 | 2019-10-22 | 腾讯科技(深圳)有限公司 | Event-handling method and device |
| CN110520861A (en) * | 2017-04-19 | 2019-11-29 | 大陆汽车系统公司 | Method and apparatus for carrying out rapid authentication program by using safety element |
| CN111611014A (en) * | 2020-05-12 | 2020-09-01 | 中电科航空电子有限公司 | Multi-security-level software simultaneous operation method meeting DO178C standard |
| CN112580017A (en) * | 2020-12-25 | 2021-03-30 | 深信服科技股份有限公司 | Authentication method and device, electronic equipment and storage medium |
| CN112632490A (en) * | 2015-02-12 | 2021-04-09 | 联合服务汽车协会 | Method, system and computer storage medium for switching biometric authentication |
| CN112654987A (en) * | 2018-09-12 | 2021-04-13 | 华为技术有限公司 | Method and apparatus for certifying distributed services |
| CN113138806A (en) * | 2021-03-25 | 2021-07-20 | 车智互联(北京)科技有限公司 | Method and device for processing mobile application running environment |
| CN113282921A (en) * | 2021-06-11 | 2021-08-20 | 深信服科技股份有限公司 | File detection method, device, equipment and storage medium |
| CN113961292A (en) * | 2021-10-21 | 2022-01-21 | 安天科技集团股份有限公司 | Security product generation method and device, electronic equipment and storage medium |
| CN116599777A (en) * | 2023-07-18 | 2023-08-15 | 北京睿芯高通量科技有限公司 | Multi-terminal multi-stage authentication method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1900941A (en) * | 2006-04-28 | 2007-01-24 | 傅玉生 | Computer safety protective method based on software identity identifying technology |
| CN1940805A (en) * | 2005-09-30 | 2007-04-04 | 联想(北京)有限公司 | Computer system and its safety encryption |
| CN101276387A (en) * | 2008-05-15 | 2008-10-01 | 金魁 | Network computer anti-virus system based on predefined health operating environment |
| CN101436234A (en) * | 2008-04-30 | 2009-05-20 | 北京飞天诚信科技有限公司 | System and method for ensuring operation environment safety |
-
2011
- 2011-05-31 CN CN201110143788.8A patent/CN102195987B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1940805A (en) * | 2005-09-30 | 2007-04-04 | 联想(北京)有限公司 | Computer system and its safety encryption |
| CN1900941A (en) * | 2006-04-28 | 2007-01-24 | 傅玉生 | Computer safety protective method based on software identity identifying technology |
| CN101436234A (en) * | 2008-04-30 | 2009-05-20 | 北京飞天诚信科技有限公司 | System and method for ensuring operation environment safety |
| CN101276387A (en) * | 2008-05-15 | 2008-10-01 | 金魁 | Network computer anti-virus system based on predefined health operating environment |
Cited By (45)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102750491A (en) * | 2012-06-05 | 2012-10-24 | 宇龙计算机通信科技(深圳)有限公司 | Method and system for restricting terminals from mounting or upgrading third-party application programs |
| CN102779257A (en) * | 2012-06-28 | 2012-11-14 | 奇智软件(北京)有限公司 | Security detection method and system of Android application program |
| CN103546436A (en) * | 2012-07-13 | 2014-01-29 | 中兴通讯股份有限公司 | Security control method, terminal, and cloud server |
| TWI499930B (en) * | 2012-07-25 | 2015-09-11 | Tencent Tech Shenzhen Co Ltd | Device and method for files scan |
| WO2014015790A1 (en) * | 2012-07-25 | 2014-01-30 | Tencent Technology (Shenzhen) Company Limited | Method and system for file scanning |
| US20140041035A1 (en) * | 2012-07-25 | 2014-02-06 | Tencent Technology (Shenzhen) Company Limited | Method and system for file scanning |
| CN102831010A (en) * | 2012-08-30 | 2012-12-19 | 腾讯科技(深圳)有限公司 | Method and device for opening unknown file |
| CN102982275A (en) * | 2012-11-14 | 2013-03-20 | 北京奇虎科技有限公司 | Security control method and device for running applications |
| CN102982276A (en) * | 2012-11-14 | 2013-03-20 | 北京奇虎科技有限公司 | Method and device for application control |
| CN104426861A (en) * | 2013-08-27 | 2015-03-18 | 中国银联股份有限公司 | Webpage detection method and system |
| CN104426861B (en) * | 2013-08-27 | 2017-12-26 | 中国银联股份有限公司 | Page detection method and system |
| CN103617388B (en) * | 2013-12-11 | 2016-04-06 | 长城信息产业股份有限公司 | A kind of implementation method with the secure operating system of process authentic authentication |
| CN103617388A (en) * | 2013-12-11 | 2014-03-05 | 长城信息产业股份有限公司 | Implementation method for secure operating system with process credibility authentication |
| CN105279019A (en) * | 2014-06-10 | 2016-01-27 | 中国移动通信集团公司 | Application scheduling method, application scheduling device and terminal equipment |
| CN112632490A (en) * | 2015-02-12 | 2021-04-09 | 联合服务汽车协会 | Method, system and computer storage medium for switching biometric authentication |
| CN107851171A (en) * | 2015-07-21 | 2018-03-27 | 金泽震 | Terminating machine with security function |
| CN107851171B (en) * | 2015-07-21 | 2018-10-30 | 金泽震 | Terminating machine with security function |
| CN106815518A (en) * | 2015-11-30 | 2017-06-09 | 华为技术有限公司 | One kind application installation method and electronic equipment |
| CN105825440A (en) * | 2016-06-07 | 2016-08-03 | 国网辽宁省电力有限公司电力科学研究院 | Network source coordination management system and method based on J2EE platform |
| CN110362406A (en) * | 2017-01-20 | 2019-10-22 | 腾讯科技(深圳)有限公司 | Event-handling method and device |
| CN108573145A (en) * | 2017-03-08 | 2018-09-25 | 广达电脑股份有限公司 | Software risk assessment system and method thereof |
| CN110520861A (en) * | 2017-04-19 | 2019-11-29 | 大陆汽车系统公司 | Method and apparatus for carrying out rapid authentication program by using safety element |
| US11163870B2 (en) | 2017-05-08 | 2021-11-02 | Siemens Aktiengesellschaft | Plant-specific, automated certificate management |
| CN108880788A (en) * | 2017-05-08 | 2018-11-23 | 西门子股份公司 | Authentication method and control system in the control system for technical equipment |
| CN108880788B (en) * | 2017-05-08 | 2021-12-03 | 西门子股份公司 | Authentication method in a control system for a technical installation and control system |
| CN108255644B (en) * | 2017-12-29 | 2021-12-31 | 北京元心科技有限公司 | File system recovery method and device |
| CN108255644A (en) * | 2017-12-29 | 2018-07-06 | 北京元心科技有限公司 | File system recovery method and device |
| CN108881198B (en) * | 2018-06-07 | 2021-03-30 | 深圳市亿联智能有限公司 | Intelligent terminal safety control method |
| CN108881198A (en) * | 2018-06-07 | 2018-11-23 | 深圳市亿联智能有限公司 | A kind of intelligent terminal method of controlling security |
| US11929999B2 (en) | 2018-09-12 | 2024-03-12 | Huawei Cloud Computing Technologies Co., Ltd. | Device and method for attesting distributed services |
| CN112654987A (en) * | 2018-09-12 | 2021-04-13 | 华为技术有限公司 | Method and apparatus for certifying distributed services |
| CN109445804A (en) * | 2018-10-25 | 2019-03-08 | 麒麟合盛网络技术股份有限公司 | A kind of starting method and apparatus of application program |
| CN109918173B (en) * | 2019-03-06 | 2021-11-19 | 苏州浪潮智能科技有限公司 | Openstack-based virtual machine health check method and system |
| CN109918173A (en) * | 2019-03-06 | 2019-06-21 | 苏州浪潮智能科技有限公司 | Virtual machine health examination method and system based on openstack |
| CN111611014B (en) * | 2020-05-12 | 2023-03-24 | 中电科航空电子有限公司 | Multi-security-level software simultaneous operation method meeting DO178C standard |
| CN111611014A (en) * | 2020-05-12 | 2020-09-01 | 中电科航空电子有限公司 | Multi-security-level software simultaneous operation method meeting DO178C standard |
| CN112580017A (en) * | 2020-12-25 | 2021-03-30 | 深信服科技股份有限公司 | Authentication method and device, electronic equipment and storage medium |
| CN112580017B (en) * | 2020-12-25 | 2023-12-29 | 深信服科技股份有限公司 | Authentication method and device, electronic equipment and storage medium |
| CN113138806A (en) * | 2021-03-25 | 2021-07-20 | 车智互联(北京)科技有限公司 | Method and device for processing mobile application running environment |
| CN113138806B (en) * | 2021-03-25 | 2023-11-07 | 车智互联(北京)科技有限公司 | Processing method and device for mobile application running environment |
| CN113282921A (en) * | 2021-06-11 | 2021-08-20 | 深信服科技股份有限公司 | File detection method, device, equipment and storage medium |
| CN113961292A (en) * | 2021-10-21 | 2022-01-21 | 安天科技集团股份有限公司 | Security product generation method and device, electronic equipment and storage medium |
| CN113961292B (en) * | 2021-10-21 | 2024-03-26 | 安天科技集团股份有限公司 | Security product generation method and device, electronic equipment and storage medium |
| CN116599777A (en) * | 2023-07-18 | 2023-08-15 | 北京睿芯高通量科技有限公司 | Multi-terminal multi-stage authentication method |
| CN116599777B (en) * | 2023-07-18 | 2023-09-26 | 北京睿芯高通量科技有限公司 | Multi-terminal multi-stage authentication method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102195987B (en) | 2014-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102195987B (en) | Distributed credibility authentication method and system thereof based on software product library | |
| Seo et al. | Detecting mobile malware threats to homeland security through static analysis | |
| CN109583193B (en) | System and method for cloud detection, investigation and elimination of target attacks | |
| US7743260B2 (en) | Firewall+storage apparatus, method and system | |
| AU2019246773B2 (en) | Systems and methods of risk based rules for application control | |
| US9092823B2 (en) | Internet fraud prevention | |
| US8474032B2 (en) | Firewall+ storage apparatus, method and system | |
| US8286219B2 (en) | Safe and secure program execution framework | |
| RU2723665C1 (en) | Dynamic reputation indicator for optimization of computer security operations | |
| US20070143629A1 (en) | Method to verify the integrity of components on a trusted platform using integrity database services | |
| CN103827881A (en) | Method and system for dynamic platform security in a device operating system | |
| WO2014113501A1 (en) | Systems and methods for identifying and reporting application and file vulnerabilities | |
| WO2008024135A2 (en) | Method to verify the integrity of components on a trusted platform using integrity database services | |
| Eriksson et al. | Hardening the security analysis of browser extensions | |
| Song et al. | Impeding Automated Malware Analysis with Environment-sensitive Malware. | |
| Min et al. | A novel malware for subversion of self‐protection in anti‐virus | |
| US9633207B2 (en) | Method for downloading at least one software component onto a computing device, and associated computer program product, computing device and computer system | |
| AT&T | ||
| Rizvi et al. | Analysis of mobile threats and security vulnerabilities for mobile platforms and devices | |
| US10972469B2 (en) | Protecting critical data and application execution from brute force attacks | |
| Srinivasan | Protecting anti-virus software under viral attacks | |
| Guo et al. | Research on risk analysis and security testing technology of mobile application in power system | |
| CN117668822B (en) | Application program starting control method and device and electronic equipment | |
| Tseng et al. | Hunting Malicious Windows Commands with Multi Machine Learning Technologies | |
| US20230418933A1 (en) | Systems and methods for folder and file sequestration |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhang Ningjun Inventor after: He Peilin Inventor after: Long Xiangling Inventor before: Zhang Ningjun Inventor before: Long Xiangling |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: ZHANG NINGJUN LONG XIANGLING TO: ZHANG NINGJUN HE PEILIN LONG XIANGLING |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20140430 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |