CN102347941B - A kind of safety applications control method based on open platform - Google Patents
A kind of safety applications control method based on open platform Download PDFInfo
- Publication number
- CN102347941B CN102347941B CN201110176594.8A CN201110176594A CN102347941B CN 102347941 B CN102347941 B CN 102347941B CN 201110176594 A CN201110176594 A CN 201110176594A CN 102347941 B CN102347941 B CN 102347941B
- Authority
- CN
- China
- Prior art keywords
- application
- open platform
- safety verification
- verification
- end side
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 76
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009472 formulation Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Abstract
The invention provides a kind of safety applications control method based on open platform, first, providing one for calling the application programming interfaces of secure verification module by described open platform; Then, first the application be linked in described open platform calls described secure verification module by described application programming interfaces upon actuation, carries out safety verification to this application; If described safety verification passes through, then continue to run this application, otherwise, this application out of service.Application the present invention, for the application accessing open platform provides safety verification API, described application is made namely self to carry out safety verification by calling this safe API to application upon actuation, be not only the application being linked into open platform and provide safety guarantee, also prevent rogue program and enter into end side by the application in open platform.
Description
Technical field
The present invention relates to Internet technical field, particularly relate to a kind of safety applications control method based on open platform.
Background technology
Along with the development of Internet technology, open platform has become the service mode become more and more popular.The developer of application can according to the rule of open platform formulation, the various application that oneself is developed are linked in open platform, for vast Internet user's choice and operation, enrich the service of platform greatly, also the flow that the developer being conducive to applying is brought by open platform, presents to user as early as possible as soon as possible by the application developed.
But, existing open platform, in Background control, how as much as possible more just considering attract application developer to be linked in platform by application, how for application developer provides more convenient abundanter instrument, and formulated a large amount of rules for this reason, provide a lot of services, but for numerous Internet users, not only need the application enriched, and more it is desirable that the application of safety, especially the various application products under open platform, major part is all designed and developed by different common application developers, whether it has enough adaptibilitys to response in fail safe, how could allow the relieved use of user, become open platform problem demanding prompt solution.
Summary of the invention
Technical problem to be solved by this invention is to provide a kind of safety applications control method based on open platform, thinks that the end side user of the application in the application and use open platform being linked into open platform provides safety guarantee.
For solving the problems of the technologies described above, the invention provides a kind of safety applications control method based on open platform, first, providing one for calling the application programming interfaces of secure verification module by described open platform; Then, first the application be linked in described open platform calls described secure verification module by described application programming interfaces upon actuation, carries out safety verification to this application; If described safety verification passes through, then continue to run this application, otherwise, this application out of service.
Application the present invention, for the application accessing open platform provides safety verification API, described application is made namely self to carry out safety verification by calling this safe API to application upon actuation, be not only the application being linked into open platform and provide safety guarantee, also prevent rogue program and enter into end side by the application in open platform.
Accompanying drawing explanation
Fig. 1 is a kind of safety applications control method flow chart based on open platform according to embodiments of the invention.
Fig. 2 is for being applicable to applied environment schematic diagram of the present invention.
Fig. 3 is the schematic diagram of the side extension showing interface verification tip information according to the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, embodiments of the invention are described in detail.
As shown in Figure 1, being a kind of safety applications control method flow chart based on open platform according to embodiments of the invention, first, providing one for calling the application programming interfaces API (step 101) of secure verification module by described open platform; First the application be linked in described open platform calls described secure verification module by described application programming interfaces upon actuation, carries out safety verification (step 102) to this application; If described safety verification passes through, then continue to run this application, otherwise, this application (step 103) out of service.
Wherein, described secure verification module can provide by described open platform, and also can be independently provided, the present invention does not limit this, importantly can provide safety verification by network side or end side to application itself.Described safety verification, had both comprised the static scanning to application, also included the real-time guard to application.
In conjunction with the specific rules of the present embodiment and current open platform, can using safety verification as the optional API of one, if application developer have selected this API in the application, then by open platform, security sweep or protection are carried out to this application, and certain mark can be given further in the application displaying of end side, this application of the unlatching making user relieved; And if application developer is sure about to self safety Design of application, or for the consideration of toggle speed, also can not select this API for safety verification.
After application start, the API of described safety verification can be called by above-described embodiment immediately, first self security sweep or protection are carried out to application, so just can continue again to start this application after guaranteeing safety.
Further, according to embodiments of the invention, before application access open platform, first legitimate verification can also be performed to this application, and after legitimate verification passes through, then this application is linked in described open platform.That is, after application is uploaded to open platform by application developer, in the checking process to application, namely carry out legitimate verification, like this, just can ensure that the application be linked in open platform is all legal.
After described legitimate verification passes through, can also obtain further and store this application uniqueness summary operation result, such as MD5 value, for described secure verification module, safety verification is carried out to this application.Thus, just this can be applied in the initial MD5 value before access open platform as checking basis, when later doing safety verification again, MD5 value that can be current to this computation at any time, and compare with the initial MD5 value of storage and just can obtain the result.
For better understanding above-described embodiment, please refer to shown in Fig. 2, for being applicable to applied environment schematic diagram of the present invention, described open platform can be arranged at network side central server 202, each end side 201a, 201b...201n by the client-side program of described open platform and network side central server mutual.In end side, the displaying interface of the many money application in described open platform can be provided, the application being only linked into open platform at network side just can be demonstrated in the displaying interface in end side, 2011 is and is showing the application icon be demonstrated in interface as shown in Figure 2.That is, only has the legitimate verification by backstage, and after saving initial MD5 value in the server, an application just can be access in open platform, and and then can be demonstrated out in the client-side program of end side, afterwards, user just can by client-side program and the communication of network side central server, and request starts certain a application.
And after this application is activated, if it have selected above-mentioned safety verification API, then can call this API to self carrying out security sweep or protection, prevent external program from injecting self or distorting.Such as, owing to saving the MD5 value of described application at server side, so, after application start, server is issued after can obtaining the MD5 value of current application by local client, by server, the initial MD5 value of the MD5 value of current this application received with this application prestored is compared, if consistent, illustrate that the file of this application is not tampered, be verified.And after being verified, protection can also be provided by the operation of described secure verification module to described application further, that is, after ensureing that the file of this application is not tampered, and then this is applied in internal memory and is not encroached on to continue protection.
In addition, safety verification also can be carry out at network side, controls described open platform after described security module is employed to call, the computing of uniqueness summary is carried out to this application, and the summary operation result of operation result with this application prestored is compared, if unanimously, then safety verification passes through.
And uniqueness summary operation result may not be and obtains before application is access in open platform, but after access, such as, obtain when being activated first.In specific implementation, such as after described security module is employed to call, namely the computing of uniqueness summary is carried out to this application, and the summary operation result of operation result with this application prestored is compared, if and do not find the summary operation result of this application prestored, then security sweep is carried out to this application, after scanning through, this summary operation result obtained is stored the summary operation result prestored as this application.
In addition, according to embodiments of the invention, after this application is by safety verification, this application can be sent by the notice of safety verification by the network side central server at described open platform place to asking the end side of this application.
After described end side receives described notice, just can increase the mark by safety verification in the displaying interface of this application.End side user after seeing certain mark applied exist this mark, this application of execution that just can be relieved.
But, sometimes can occupy comparatively large-screen after application start, therefore, for showing that the interface of various application identities may be covered, make user cannot see the mark by safety verification shown in application identities, in this case, after described end side receives described notice, safety verification can be passed through with this application of the form of pop-up window prompting user.
Pop-up window can be select the lower right corner of end side screen to eject, also can according to the displaying specification of current application, side along described current application extends a message interface to show this application by the information of safety verification, can also be in the displaying interface of current application, point out this application of user to pass through safety verification.
As described in above-described embodiment, for application developer, safety verification API is designed to an option, because if select this API, then may mean the toggle speed incuring loss through delay application.In order to give the better experience of user, when end side is when carrying out safety verification to the application of current startup, can show a prompting message in control terminal side in screen, prompting carries out safety verification at present.
Or, again such as, when carrying out safety verification by network controls secure verification module to application, can send to asking the end side of this application the prompting message that safety verification is being carried out in this application by described open platform.
And end side user is after seeing described prompting message, will know that current pause is because carry out caused by safety verification, user can be allowed so clearly to know, and what the action processed at present is.
Equally, for the exhibition method of this prompting message, can be in the displaying interface of end side application identities, icon for this application carries out certain graphical change, such as icon flicker, or the variation pattern such as a Red Cross is increased on former icon basis, point out that this application of user is current carries out safety verification.
Also can be the form with pop-up window, in window interface, show the word content that safety verification is being carried out in this application current.The position of pop-up window can be the screen lower right corner, or the side of current application extends to form.Also can be simply directly point out in the displaying interface of current application.
As shown in Figure 3, for the side according to the embodiment of the present invention extends the schematic diagram of showing interface verification tip information.In end side screen 301, the displaying specification at interface 302 can be shown in the displaying interface 302 of described application after receiving information according to this application, automatically a prompting interface 303 is extended to the right along right edge, can show that in this prompting interface 303 current application is carrying out safety verification or by the message content of safety verification, and displaying certain hour after, then this prompting interface 303 can again Automatic Hiding or hide.
The present invention provides the mode of safety verification API by the application for accessing open platform, the safety assurance ability making application developer can share open platform to bring, ensure the fail safe of application self on the one hand, on the other hand also for end side user provides security protection, prevent rogue program from being caused damage to end side user by the application of open platform.
Claims (8)
1., based on a safety applications control method for open platform, it is characterized in that, comprise the steps:
One is provided for calling the application programming interfaces of secure verification module by described open platform;
First the application be linked in described open platform calls described secure verification module by described application programming interfaces upon actuation, carries out safety verification by network side or end side to this application;
If described safety verification passes through, then continue to run this application, provide protection by the operation of described secure verification module to described application further, otherwise, this application out of service;
Described be applied in be linked into described open platform before, first legitimate verification is performed to this application, and after legitimate verification passes through, this application is linked into described open platform, and obtain and store this application uniqueness summary operation result, for described secure verification module, safety verification is carried out to this application;
After this application is by safety verification, this application is sent by the notice of safety verification to asking the end side of this application by the network side central server at described open platform place, after described end side receives described notice, in the displaying interface of this application, increase the mark by safety verification.
2. the method for claim 1, is characterized in that, after described secure verification module is employed to call, the computing of uniqueness summary is carried out to this application, and the summary operation result of operation result with this application prestored is compared, if unanimously, then safety verification passes through.
3. the method for claim 1, it is characterized in that, comprise further: if do not find the summary operation result of this application prestored, then security sweep is carried out to this application, after scanning through, this summary operation result obtained is stored the summary operation result prestored as this application.
4. the method for claim 1, is characterized in that, comprises further: after described end side receives described notice, increases the mark by safety verification in the displaying interface of this application.
5. the method for claim 1, is characterized in that, comprises further: after described end side receives described notice, passes through safety verification with this application of the form of pop-up window prompting user.
6. the method for claim 1, it is characterized in that, comprising further: when described secure verification module carries out safety verification to this application, sending to asking the end side of this application the prompting message that safety verification is being carried out in this application by described open platform.
7. method as claimed in claim 6, is characterized in that, comprise further: after described end side receives described prompting message, point out this application of user to carry out safety verification in the displaying interface of this application.
8. method as claimed in claim 6, is characterized in that, comprise further: after described end side receives described prompting message, carries out safety verification with this application of the form of pop-up window prompting user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110176594.8A CN102347941B (en) | 2011-06-28 | 2011-06-28 | A kind of safety applications control method based on open platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110176594.8A CN102347941B (en) | 2011-06-28 | 2011-06-28 | A kind of safety applications control method based on open platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102347941A CN102347941A (en) | 2012-02-08 |
| CN102347941B true CN102347941B (en) | 2015-10-14 |
Family
ID=45546232
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110176594.8A Active CN102347941B (en) | 2011-06-28 | 2011-06-28 | A kind of safety applications control method based on open platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102347941B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103379090B (en) * | 2012-04-12 | 2018-10-30 | 腾讯科技(北京)有限公司 | A kind of control method for frequency and system, frequency server of open platform access |
| CN103634280B (en) * | 2012-08-23 | 2018-11-09 | 百度在线网络技术(北京)有限公司 | A kind of web portal security scan method and device |
| CN103701761B (en) * | 2012-09-28 | 2017-07-18 | 中国电信股份有限公司 | Authentication method and system that open interface is called |
| CN103873439B (en) * | 2012-12-11 | 2018-07-06 | 联想(北京)有限公司 | The method and electronic equipment of a kind of networking |
| US20150213253A1 (en) * | 2014-01-28 | 2015-07-30 | Qualcomm Incorporated | Authorizing an application for use by a computing device |
| CN103873481B (en) * | 2014-03-31 | 2018-01-30 | 百度在线网络技术(北京)有限公司 | Verification method, open platform, service end and checking system |
| CN105988789B (en) * | 2015-02-09 | 2020-08-28 | 腾讯科技(深圳)有限公司 | Third-party application calling method, calling platform and terminal |
| CN106302344B (en) * | 2015-05-27 | 2019-09-27 | 腾讯科技(深圳)有限公司 | Security sweep method and system |
| CN105141586B (en) * | 2015-07-31 | 2018-07-10 | 广州华多网络科技有限公司 | A kind of method and system verified to user |
| KR102365532B1 (en) * | 2015-09-22 | 2022-02-21 | 삼성전자주식회사 | Security function performing method and electronic device supporting the same |
| CN106709333B (en) * | 2015-11-16 | 2019-11-22 | 华为技术有限公司 | A kind of safety detecting method and device of application programming |
| CN108829484B (en) * | 2018-06-21 | 2022-01-28 | 聚好看科技股份有限公司 | Method and device for generating navigation operation interface of local application program of control terminal |
| CN108846266A (en) * | 2018-07-11 | 2018-11-20 | 中国联合网络通信集团有限公司 | A kind of method, system and the communication terminal of application program operation authorization |
| WO2021092809A1 (en) * | 2019-11-13 | 2021-05-20 | 深圳市欢太科技有限公司 | Function calling method and device, electronic device, and computer-readable medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296243A (en) * | 2008-06-26 | 2008-10-29 | 阿里巴巴集团控股有限公司 | Service integration platform system and method for providing internet service |
| CN101437229A (en) * | 2008-12-23 | 2009-05-20 | 中国移动通信集团北京有限公司 | Method and system for adapting information based on WAP |
| CN101742509A (en) * | 2009-12-16 | 2010-06-16 | 中兴通讯股份有限公司 | Method and device for authenticating client software |
| CN102024121A (en) * | 2009-09-16 | 2011-04-20 | 株式会社泛泰 | Platform security apparatus and method thereof |
| CN102035762A (en) * | 2010-12-24 | 2011-04-27 | 中兴通讯股份有限公司 | Resource convergence gateway-based capacity calling method, and resource convergence gateway and system |
| US8341738B2 (en) * | 2009-09-29 | 2012-12-25 | Oracle America, Inc. | API signature verification for high-security platforms |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050251857A1 (en) * | 2004-05-03 | 2005-11-10 | International Business Machines Corporation | Method and device for verifying the security of a computing platform |
| CN101226569A (en) * | 2007-01-19 | 2008-07-23 | 国际商业机器公司 | Method and device for checking code module in virtual machine |
| GB2450869B (en) * | 2007-07-09 | 2012-04-25 | Hewlett Packard Development Co | Establishing a trust relationship between computing entities |
-
2011
- 2011-06-28 CN CN201110176594.8A patent/CN102347941B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101296243A (en) * | 2008-06-26 | 2008-10-29 | 阿里巴巴集团控股有限公司 | Service integration platform system and method for providing internet service |
| CN101437229A (en) * | 2008-12-23 | 2009-05-20 | 中国移动通信集团北京有限公司 | Method and system for adapting information based on WAP |
| CN102024121A (en) * | 2009-09-16 | 2011-04-20 | 株式会社泛泰 | Platform security apparatus and method thereof |
| US8341738B2 (en) * | 2009-09-29 | 2012-12-25 | Oracle America, Inc. | API signature verification for high-security platforms |
| CN101742509A (en) * | 2009-12-16 | 2010-06-16 | 中兴通讯股份有限公司 | Method and device for authenticating client software |
| CN102035762A (en) * | 2010-12-24 | 2011-04-27 | 中兴通讯股份有限公司 | Resource convergence gateway-based capacity calling method, and resource convergence gateway and system |
Non-Patent Citations (2)
| Title |
|---|
| 《NGN业务平台安全性研究》;黄明石;《中兴通讯技术》;20060228;第12卷(第1期);43-45 * |
| 《Web开放平台安全机制的研究与设计》;高嘉阳;《中国优秀硕士学位论文全文数据库 信息科技辑》;20091224(第5期);I139-188 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102347941A (en) | 2012-02-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102347941B (en) | A kind of safety applications control method based on open platform | |
| US9953161B2 (en) | Method, device and system for processing notification bar message | |
| CN105791324B (en) | Account login method and device | |
| US9306810B2 (en) | WiFi zapper smart phone application | |
| CN106326113B (en) | A kind of game data monitoring method and device | |
| CN102779255B (en) | Method and device for judging malicious program | |
| CN108681662B (en) | Method and device for installing program | |
| US20180264361A1 (en) | Web page running method and apparatus, terminal, and storage medium | |
| WO2017008581A1 (en) | Method, client, and system for testing application | |
| US10419444B2 (en) | Systems and methods for protecting messages utilizing a hidden restriction mechanism | |
| CN106471466A (en) | Brief application | |
| CN108469972B (en) | Method and device for supporting display of multiple windows in WEB page | |
| US20220129256A1 (en) | Android penetration method and device for implementing silent installation based on accessibility services | |
| WO2020143159A1 (en) | User interface processing method and device | |
| CN105094777B (en) | Realize the method and device for applying screenshotss | |
| CN110298162A (en) | Application client login method, device, computer equipment and storage medium | |
| CN106487793A (en) | application installation method and device | |
| CN110868693A (en) | Application program flow control method, terminal device and storage medium | |
| CN111435382B (en) | Login checking method of page and terminal | |
| US10761863B2 (en) | Mobile application management by run-time insertion of a replacement instrumentation object into a mobile application process | |
| CN108509228B (en) | Page loading method, terminal equipment and computer readable storage medium | |
| CN104158812B (en) | The method of controlling security and system of a kind of terminal applies | |
| CN106941509A (en) | The requesting method and device of user profile stream | |
| CN106844186B (en) | Offline test method of application and terminal equipment | |
| CN111601038B (en) | Camera control method and device, electronic terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING QIHU TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20150909 Owner name: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20150909 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20150909 Address after: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Applicant after: Qizhi software (Beijing) Co.,Ltd. Address before: The 4 layer 100016 unit of Beijing city Chaoyang District Jiuxianqiao Road No. 14 Building C Applicant before: Qizhi software (Beijing) Co.,Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220727 Address after: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, Binhai New Area, Tianjin Patentee after: 3600 Technology Group Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230705 Address after: 1765, floor 17, floor 15, building 3, No. 10 Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: Beijing Hongxiang Technical Service Co.,Ltd. Address before: 300450 No. 9-3-401, No. 39, Gaoxin 6th Road, Binhai Science Park, Binhai New Area, Tianjin Patentee before: 3600 Technology Group Co.,Ltd. |