CN102968588A - Intelligent terminal system - Google Patents
Intelligent terminal system Download PDFInfo
- Publication number
- CN102968588A CN102968588A CN2012105583943A CN201210558394A CN102968588A CN 102968588 A CN102968588 A CN 102968588A CN 2012105583943 A CN2012105583943 A CN 2012105583943A CN 201210558394 A CN201210558394 A CN 201210558394A CN 102968588 A CN102968588 A CN 102968588A
- Authority
- CN
- China
- Prior art keywords
- intelligent terminal
- rom
- file
- software
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to the intelligent terminal technology, provides an intelligent terminal system, and solves the problem of poor safety of the existing intelligent terminal operating system. The technical scheme can be summarized as follows: the intelligent terminal system comprises an intelligent terminal body, and is characterized by further comprising an integrity protection module, an enhanced access control module, an encryption protection module and a software security module. The intelligent terminal system has the benefits that the safety of the system can be enhanced efficiently and the system is suitable for an intelligent terminal.
Description
Technical field
The present invention relates to the intelligent terminal technology, particularly the technology of intelligent terminal operating system security.
Background technology
Along with Large scale construction and the rapid of intelligent terminal of 3G network are popularized development of Mobile Internet technology, professional fast development.In service layer, the application scales such as social network sites, search engine go from strength to strength, and the Novel movable Internet services such as microblogging, cell phone map emerge in an endless stream; A hundred flowers blossom especially based on the intelligent terminal of different operating system, and mobile intelligent terminal uses open operating system, can the same mounting box unloading third party application software with computing machine.Mobile Internet has the characteristics such as the network integration, Intelligent Terminal, application variation, platform Opening, this to safeguard national security, the stable society order, the protection citizen's right bring new potential safety hazard.
Mobile intelligent terminal operating system is " computerize " progressively, and extendability strengthens, and protection brings potential safety hazard to partial function to user profile.Mobile intelligent terminal adopts encryption technology, brings very big challenge for the national information security control.Compare conventional internet, mobile Internet has increased wireless access, and a large amount of mobile telecommunication apparatus such as WAP gateway, IMS equipment etc. introduced the IP bearer network, to having brought new security threat in the internet, wherein network attack, stolen steal the problem such as close will be more outstanding.
Meanwhile, embedded OS has been widely applied in the intelligent terminals such as intelligent television, mobile phone, pad, and at present popular intelligent terminal operating system is by Android, ios, symbian, wince, Linux etc.But, at present a lot of hackers also progressively pay close attention to intelligent terminal, wooden horse on the intelligent terminal and virus are also more and more, and all kinds of safety problems constantly occur, such as mobile phone malice fee suction, fallacious message transmission, individual privacy leakage, mobile terminal function inefficacy, autoboot etc.In the recent period, Google just finds that its application program store permeated wooden horse, has removed the application above 50 from its Android store.According to expert's saying, this wooden horse can extract sensitive information from user's smart mobile phone, and worse, the security expert finds that it has been downloaded and has surpassed 200,000 times, might cause serious problems to the equipment of Android platform.But this only is tip of the iceberg, at other intelligent terminals, as facing equally this safety problem in intelligent television, the panel computer, must attract great attention.
Summary of the invention
The objective of the invention is to overcome the not high shortcoming of present intelligent terminal operating system security, a kind of intelligent terminal system is provided.
The present invention solves its technical matters, and the technical scheme of employing is, intelligent terminal system comprises the intelligent terminal body, it is characterized in that, and also comprise integrity protection module, enhancement mode access control module, encrypt protection module and software security module,
Before described integrity protection module is used for system's startup, whether complete by critical file among the ROM of boot section code detection intelligent terminal body, if complete then system starts, if imperfect then halt system starts or the executive system reduction, adopt the ROM in the legal backup ROM replacement intelligent terminal body during system reducing, if system needs to upgrade, then before system update, whether the new ROM that detection receives is the legal ROM of official, if then upgrade, if not then delete this ROM, after the integrity protection module also is used for system's startup, whether the kernel code that detects appointment ROM module and Installed System Memory zone with certain strategy is complete, if then do not process, if not then prompting user or termination system operation;
When described enhancement mode access modules is used for system's operation, according to default strategy operation is controlled, judged whether and to carry out, then continue current operation if can carry out, then tackle this operation or according to tactful prompting user if can not carry out;
Described encryption protection module is used for that system-critical data is encrypted protection and reaches specified file and/or file and interior file real-time encryption and decryption thereof;
Described software security module is used in software upload before the appointment platform, the software signature instrument or plug-in unit and the developer's signing certificate that use this platform to provide, to the software encapsulation of signing, upload to again the appointment platform, when the intelligent terminal body is downloaded software, it is verified, could install after checking is passed through.
Concrete, described enhancement mode access modules also is used for the read-write of file is arranged protection level.
Further, described protection level comprises the protection of at least three kinds of different stages, comprises unprotect, prompting protection and authentication protection,
Prompting user was confirmed when described prompting protection referred to the operation generation, if the user confirms just can operate, otherwise refusal is carried out this operation;
Prompting user carried out authentication when described authentication protection referred to the operation generation, if then executable operations is passed through in checking, otherwise refusal is carried out.
Concrete, described authentication is password authentication and/or fingerprint authentication and/or password authentification.
Further, described enhancement mode access modules comprises that access monitors module and access control policy module;
Described access monitors that module is used for all security-related operations are tackled, and the associative operation of intercepting is sent to the access control policy module;
Described access control policy module is used for according to default strategy the associative operation that receives being judged, judge whether it can carry out, then notify the intelligent terminal body to carry out associative operation if can carry out, then do not process or according to tactful prompting user if can not carry out.
Concrete, when described software security module is downloaded software at the intelligent terminal body, to its method of verifying be: at first the intelligent terminal ontology acquisition is to software, when intelligent terminal body mounting software begins, call the signature verification interface to the software decapsulation, verify this software integrity, if imperfect then the termination installed, if the complete signature legitimacy of then verifying this software is if legal this software and finish installation of then reducing stops installing if conform to rule.
Further, described integrity protection module is before system starts, and whether complete method is by critical file among the ROM of boot section code detection intelligent terminal body:
A, obtain the signature contents of critical file among the ROM of intelligent terminal body, its computing method are:
M=S
Official's private key(H(critical file)),
Wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm;
B, calculating H '=S
Official's PKI(M), judge H ' and H(critical file) whether identical, if identically represent that then critical file is complete, otherwise the expression complete file is imperfect.
Concrete, described integrity protection module is before system update, and the method that detects the new ROM that receives and whether be the legal ROM of official is:
C, obtain the signature contents of new ROM, its computing method are: M=S
Official's private key(H(ROM file)),
Wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm;
D, calculating H '=S
Official's PKI(M), judge H ' and H(ROM file) whether identical, if identically represent that then critical file is complete, otherwise the expression complete file is imperfect.
The invention has the beneficial effects as follows, by above-mentioned intelligent terminal system, can effectively strengthen Security of the system, for operating system provides safeguard protection, reliability guarantee.
Description of drawings
Fig. 1 is the system chart of the embodiment of the invention.
Embodiment
Below in conjunction with drawings and Examples, describe technical scheme of the present invention in detail.
Intelligent terminal system of the present invention, comprise the intelligent terminal body, the integrity protection module, the enhancement mode access control module, encrypt protection module and software security module, wherein, before the integrity protection module is used for system's startup, whether complete by critical file among the ROM of boot section code detection intelligent terminal body, if complete then system starts, if imperfect then halt system starts or the executive system reduction, adopt the ROM in the legal backup ROM replacement intelligent terminal body during system reducing, if system needs to upgrade, then before system update, whether the new ROM that detection receives is the legal ROM of official, if then upgrade, if not then delete this ROM, after the integrity protection module also was used for system's startup, whether the kernel code that detects appointment ROM module and Installed System Memory zone with certain strategy was complete, if then do not process, if not then prompting user or termination system operation; When the enhancement mode access modules is used for system's operation, according to default strategy operation is controlled, judged whether and to carry out, then continue current operation if can carry out, then tackle this operation or according to tactful prompting user if can not carry out; Encrypting protection module reaches specified file and/or file and interior file real-time encryption and decryption thereof for system-critical data being encrypted protection; The software security module is used in software upload before the appointment platform, the software signature instrument or plug-in unit and the developer's signing certificate that use this platform to provide, to the software encapsulation of signing, upload to again the appointment platform, when the intelligent terminal body is downloaded software, it is verified, could install after checking is passed through.
Embodiment
This routine enhancement mode access modules also is used for the read-write of file is arranged protection level, its system chart such as Fig. 1.
The intelligent terminal system that this is routine comprises intelligent terminal body, integrity protection module, enhancement mode access control module, encrypts protection module and software security module.
Wherein, before the integrity protection module is used for system's startup; whether complete by critical file among the ROM of boot section code detection intelligent terminal body, concrete grammar is: a, obtain the signature contents of critical file among the ROM of intelligent terminal body, its computing method are: M=S
Official's private key(H(critical file)), wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm; B, calculating H '=S
Official's PKI(M), judge H ' and H(critical file) whether identical, if identically represent that then critical file is complete, otherwise the expression complete file is imperfect, if complete then system starts, if imperfect then halt system starts or the executive system reduction, adopt the ROM in the legal backup ROM replacement intelligent terminal body during system reducing, if system needs to upgrade, then before system update, whether the new ROM that detection receives is the legal ROM of official, and its concrete grammar is: c, obtain the signature contents of new ROM, its computing method are: M=S
Official's private key(H(ROM file)), wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm; D, calculating H '=S
Official's PKI(M); judge H ' and H(ROM file) whether identical; if identically represent that then critical file is complete; otherwise the expression complete file is imperfect, if completely then upgrade, if imperfect this ROM that then deletes; after the integrity protection module also is used for system's startup; whether the kernel code that detects appointment ROM module and Installed System Memory zone with certain strategy is complete, if then do not process, if not then prompting user or termination system operation.
When the enhancement mode access modules is used for system's operation, according to default strategy operation is controlled, judge whether and to carry out, if can carry out and then continue current operation, then tackle this operation or according to tactful prompting user if can not carry out, the enhancement mode access modules also is used for the read-write of file is arranged protection level, this protection level comprises the protection of at least three kinds of different stages, comprise unprotect, prompting protection and authentication protection, prompting user was confirmed when the prompting protection referred to the operation generation, if the user confirms just can operate, otherwise this operation of refusal execution, prompting user carried out authentication when the authentication protection referred to the operation generation, if then executable operations is passed through in checking, otherwise refusal is carried out, and authentication can be password authentication and/or fingerprint authentication and/or password authentification etc.; The enhancement mode access modules can comprise that specifically access monitors module and access control policy module, access monitors that module is used for all security-related operations are tackled, the associative operation of intercepting is sent to the access control policy module, the access control policy module is used for according to default strategy the associative operation that receives being judged, judge whether it can carry out, then notify the intelligent terminal body to carry out associative operation if can carry out, then do not process or according to tactful prompting user if can not carry out.Default strategy can be arranged according to actual conditions by the user.
Encrypting protection module reaches specified file and/or file and interior file real-time encryption and decryption thereof for system-critical data being encrypted protection.
The software security module is used in software upload before the appointment platform, the software signature instrument or plug-in unit and the developer's signing certificate that use this platform to provide, to the software encapsulation of signing, upload to again the appointment platform, when the intelligent terminal body is downloaded software, it is verified, could install after checking is passed through, concrete grammar is: at first the intelligent terminal ontology acquisition is to software, when intelligent terminal body mounting software begins, call the signature verification interface to the software decapsulation, verify this software integrity, if imperfect then termination installation, if the complete signature legitimacy of then verifying this software, if legal this software and finish installation of then reducing stops installing if conform to rule.
Claims (9)
1. intelligent terminal system comprises the intelligent terminal body, it is characterized in that, also comprise integrity protection module, enhancement mode access control module, encrypt protection module and software security module,
Before described integrity protection module is used for system's startup, whether complete by critical file among the ROM of boot section code detection intelligent terminal body, if complete then system starts, if imperfect then halt system starts or the executive system reduction, adopt the ROM in the legal backup ROM replacement intelligent terminal body during system reducing, if system needs to upgrade, then before system update, whether the new ROM that detection receives is the legal ROM of official, if then upgrade, if not then delete this ROM, after the integrity protection module also is used for system's startup, whether the kernel code that detects appointment ROM module and Installed System Memory zone with certain strategy is complete, if then do not process, if not then prompting user or termination system operation;
When described enhancement mode access modules is used for system's operation, according to default strategy operation is controlled, judged whether and to carry out, then continue current operation if can carry out, then tackle this operation or according to tactful prompting user if can not carry out;
Described encryption protection module is used for that system-critical data is encrypted protection and reaches specified file and/or file and interior file real-time encryption and decryption thereof;
Described software security module is used in software upload before the appointment platform, the software signature instrument or plug-in unit and the developer's signing certificate that use this platform to provide, to the software encapsulation of signing, upload to again the appointment platform, when the intelligent terminal body is downloaded software, it is verified, could install after checking is passed through.
2. described intelligent terminal system according to claim 1 is characterized in that, described enhancement mode access modules also is used for the read-write of file is arranged protection level.
3. described intelligent terminal system according to claim 2 is characterized in that described protection level comprises the protection of at least three kinds of different stages, comprises unprotect, prompting protection and authentication protection,
Prompting user was confirmed when described prompting protection referred to the operation generation, if the user confirms just can operate, otherwise refusal is carried out this operation;
Prompting user carried out authentication when described authentication protection referred to the operation generation, if then executable operations is passed through in checking, otherwise refusal is carried out.
4. described intelligent terminal system according to claim 3 is characterized in that described authentication is password authentication and/or fingerprint authentication and/or password authentification.
5. described remote signal method of reseptance according to claim 1 is characterized in that, described enhancement mode access modules comprises that access monitors module and access control policy module;
Described access monitors that module is used for all security-related operations are tackled, and the associative operation of intercepting is sent to the access control policy module;
Described access control policy module is used for according to default strategy the associative operation that receives being judged, judge whether it can carry out, then notify the intelligent terminal body to carry out associative operation if can carry out, then do not process or according to tactful prompting user if can not carry out.
6. described intelligent terminal system according to claim 1, it is characterized in that, when described software security module is downloaded software at the intelligent terminal body, to its method of verifying be: at first the intelligent terminal ontology acquisition is to software, when intelligent terminal body mounting software begins, call the signature verification interface to the software decapsulation, verify this software integrity, if imperfect then the termination installed, if the complete signature legitimacy of then verifying this software, if legal this software and finish installation of then reducing stops installing if conform to rule.
7. according to claim 1 and 2 or 3 or 4 or 5 or 6 described intelligent terminal systems, it is characterized in that described integrity protection module is before system starts, whether complete method is by critical file among the ROM of boot section code detection intelligent terminal body:
A, obtain the signature contents of critical file among the ROM of intelligent terminal body, its computing method are:
M=S
Official's private key(H(critical file)),
Wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm;
B, calculating H '=S
Official's PKI(M), judge H ' and H(critical file) whether identical, if identically represent that then critical file is complete, otherwise the expression complete file is imperfect.
8. described intelligent terminal system according to claim 7 is characterized in that, described integrity protection module is before system update, and the method that detects the new ROM that receives and whether be the legal ROM of official is:
C, obtain the signature contents of new ROM, its computing method are: M=S
Official's private key(H(ROM file)),
Wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm;
D, calculating H '=S
Official's PKI(M), judge H ' and H(ROM file) whether identical, if identically represent that then critical file is complete, otherwise the expression complete file is imperfect.
9. according to claim 1 and 2 or 3 or 4 or 5 or 6 described intelligent terminal systems, it is characterized in that described integrity protection module is before system update, the method that detects the new ROM that receives and whether be the legal ROM of official is:
C, obtain the signature contents of new ROM, its computing method are: M=S
Official's private key(H(ROM file)),
Wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm;
D, calculating H '=S
Official's PKI(M), judge H ' and H(ROM file) whether identical, if identically represent that then critical file is complete, otherwise the expression complete file is imperfect.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210558394.3A CN102968588B (en) | 2012-12-20 | 2012-12-20 | Intelligent terminal system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210558394.3A CN102968588B (en) | 2012-12-20 | 2012-12-20 | Intelligent terminal system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102968588A true CN102968588A (en) | 2013-03-13 |
| CN102968588B CN102968588B (en) | 2015-07-29 |
Family
ID=47798725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210558394.3A Active CN102968588B (en) | 2012-12-20 | 2012-12-20 | Intelligent terminal system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102968588B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105302708A (en) * | 2014-06-30 | 2016-02-03 | 联发科技(新加坡)私人有限公司 | Mobile terminal and detection method thereof |
| CN106330812A (en) * | 2015-06-15 | 2017-01-11 | 腾讯科技(深圳)有限公司 | File security identification method and device |
| CN106506163A (en) * | 2016-10-21 | 2017-03-15 | 北京小米移动软件有限公司 | ROM packet processing methods and device |
| CN109814934A (en) * | 2019-01-31 | 2019-05-28 | 安谋科技(中国)有限公司 | Data processing method, device, readable medium and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101330383A (en) * | 2007-06-19 | 2008-12-24 | 瑞达信息安全产业股份有限公司 | Credible system for monitoring network resource based on user identification and action |
| US20100287363A1 (en) * | 2006-02-24 | 2010-11-11 | Oniteo Ab | Method and system for secure software provisioning |
| CN102355350A (en) * | 2011-06-30 | 2012-02-15 | 北京邮电大学 | File encryption method applied for mobile intelligent terminal and system thereof |
| CN102542698A (en) * | 2011-12-27 | 2012-07-04 | 浙江省电力公司 | Safety protective method of electric power mobile payment terminal |
-
2012
- 2012-12-20 CN CN201210558394.3A patent/CN102968588B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100287363A1 (en) * | 2006-02-24 | 2010-11-11 | Oniteo Ab | Method and system for secure software provisioning |
| CN101330383A (en) * | 2007-06-19 | 2008-12-24 | 瑞达信息安全产业股份有限公司 | Credible system for monitoring network resource based on user identification and action |
| CN102355350A (en) * | 2011-06-30 | 2012-02-15 | 北京邮电大学 | File encryption method applied for mobile intelligent terminal and system thereof |
| CN102542698A (en) * | 2011-12-27 | 2012-07-04 | 浙江省电力公司 | Safety protective method of electric power mobile payment terminal |
Non-Patent Citations (2)
| Title |
|---|
| 彭国军等: "移动智能终端安全威胁分析与防护研究", 《信息网络安全》 * |
| 潘娟等: "移动互联网形势下智能终端安全研究", 《移动通信》 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105302708A (en) * | 2014-06-30 | 2016-02-03 | 联发科技(新加坡)私人有限公司 | Mobile terminal and detection method thereof |
| CN106330812A (en) * | 2015-06-15 | 2017-01-11 | 腾讯科技(深圳)有限公司 | File security identification method and device |
| CN106330812B (en) * | 2015-06-15 | 2019-07-05 | 腾讯科技(深圳)有限公司 | File security recognition methods and device |
| CN106506163A (en) * | 2016-10-21 | 2017-03-15 | 北京小米移动软件有限公司 | ROM packet processing methods and device |
| CN106506163B (en) * | 2016-10-21 | 2019-11-15 | 北京小米移动软件有限公司 | ROM packet processing method and device |
| CN109814934A (en) * | 2019-01-31 | 2019-05-28 | 安谋科技(中国)有限公司 | Data processing method, device, readable medium and system |
| CN109814934B (en) * | 2019-01-31 | 2022-05-06 | 安谋科技(中国)有限公司 | Data processing method, device, readable medium and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102968588B (en) | 2015-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11882442B2 (en) | Handset identifier verification | |
| CN105446713B (en) | Method for secure storing and equipment | |
| US20170208049A1 (en) | Key agreement method and device for verification information | |
| CN102404706B (en) | Method for managing tariff safety and mobile terminal | |
| US20140066015A1 (en) | Secure device service enrollment | |
| CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
| CN102413221B (en) | Method for protecting privacy information and mobile terminal | |
| CN111209558B (en) | Internet of things equipment identity authentication method and system based on block chain | |
| WO2013075419A1 (en) | Method for managing right to use of function, and mobile terminal | |
| CN101511083B (en) | Authentication method and terminal for telecom smart card | |
| CN107733636B (en) | Authentication method and authentication system | |
| CN101841525A (en) | Secure access method, system and client | |
| US11182469B2 (en) | Application security authentication method, terminal and storage medium | |
| CN104063788A (en) | Mobile platform credibility payment system and method | |
| CN102413220B (en) | Method for controlling right of using connection function and mobile terminal | |
| CN104519479A (en) | Methods for terminal to lock net and unlock net | |
| CN106161028A (en) | Safety chip, communication terminal and the method improving communication security | |
| CN102523095A (en) | User digital certificate remote update method with intelligent card protection function | |
| WO2015117523A1 (en) | Access control method and device | |
| CN102610045B (en) | Trustable mobile payment system and mobile payment method | |
| CN103514392A (en) | Login authentication device and method of computer operation system | |
| CN105530637A (en) | Method for protecting subscriber privacy of intelligent terminal and intelligent terminal | |
| CN102968588B (en) | Intelligent terminal system | |
| CN104717649A (en) | Method for remote control over wiping of software data of mobile terminal | |
| CN104270754A (en) | SIM authentication method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |