CN102968588B - Intelligent terminal system - Google Patents
Intelligent terminal system Download PDFInfo
- Publication number
- CN102968588B CN102968588B CN201210558394.3A CN201210558394A CN102968588B CN 102968588 B CN102968588 B CN 102968588B CN 201210558394 A CN201210558394 A CN 201210558394A CN 102968588 B CN102968588 B CN 102968588B
- Authority
- CN
- China
- Prior art keywords
- intelligent terminal
- rom
- file
- software
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to intelligent terminal technology.The invention solves the problem that existing intelligent terminal operation system security is not high; provide a kind of intelligent terminal system; its technical scheme can be summarized as: intelligent terminal system; comprise intelligent terminal body; it is characterized in that, also comprise integrity protection module, enhancement mode access control module, encryption protection module and software security module.The invention has the beneficial effects as follows, effectively can strengthen the security of system, be applicable to intelligent terminal.
Description
Technical field
The present invention relates to intelligent terminal technology, particularly the technology of intelligent terminal operation system safety.
Background technology
Along with the Large scale construction of 3G network and the universal rapidly of intelligent terminal, development of Mobile Internet technology, business fast development.In service layer, the application such as social network sites, search engine scale goes from strength to strength, and the Novel movable such as microblogging, cell phone map Internet service emerges in an endless stream; Based on the intelligent terminal of different operating system, a hundred flowers blossom especially, and mobile intelligent terminal uses open operating system, can unload third-party application software by mounting box the same as computing machine.Mobile Internet has the features such as the network integration, Intelligent Terminal, application variation, platform Opening, this to safeguarding national security, stable society order, protection citizen's right bring new potential safety hazard.
Mobile intelligent terminal operating system is " computerize " progressively, and extendability strengthens, and partial function brings potential safety hazard to user profile protection.Mobile intelligent terminal adopts encryption technology, brings great challenge to national information security control.Compare conventional internet, mobile Internet adds wireless access, and by a large amount of mobile telecommunication apparatus as WAP gateway, IMS equipment etc. introduce IP bearer network, bringing new security threat to internet, the problems such as wherein network attack, stolen robber be close will be more outstanding.
Meanwhile, embedded OS has been widely applied in the intelligent terminals such as intelligent television, mobile phone, pad, and intelligent terminal operation system popular is at present by Android, ios, symbian, wince, Linux etc.But, a lot of hacker also progressively pays close attention to intelligent terminal at present, wooden horse on intelligent terminal and virus also get more and more, and all kinds of safety problem constantly occurs, as mobile phone malice fee suction, fallacious message transmission, individual privacy leakage, mobile terminal function inefficacy, autoboot etc.In the recent period, Google just finds that wooden horse has been permeated in its application program store, removes the application more than 50 from its Android store.According to the saying of expert, this wooden horse can extract sensitive information from the smart mobile phone of user, and worse, security expert finds, it has been downloaded more than 200,000 times, likely causes serious problems to the equipment of Android platform.But this is only tip of the iceberg, at other intelligent terminals, as faced this safety problem equally in intelligent television, panel computer, must attract great attention.
Summary of the invention
The object of the invention is to overcome the not high shortcoming of current intelligent terminal operation system security, a kind of intelligent terminal system is provided.
The present invention solves its technical matters, and the technical scheme of employing is, intelligent terminal system comprises intelligent terminal body, it is characterized in that, also comprises integrity protection module, enhancement mode access control module, encryption protection module and software security module,
Before described integrity protection module is used for system startup, whether complete by critical file in the ROM of boot section code detection intelligent terminal body, if complete, system starts, if imperfect, halt system starts or executive system reduction, the ROM in legal backup ROM replacement intelligent terminal body is adopted during system reducing, if system needs to upgrade, then before system update, whether detect the new ROM that receives is the legal ROM of official, if then upgrade, if not then delete this ROM, after integrity protection module also starts for system, whether detect with certain strategy specifies the kernel code of ROM module and Installed System Memory region complete, if then do not process, if not then point out user or termination system to run,
When described enhancement mode access modules is used for system cloud gray model, the strategy according to presetting controls operation, judges whether to perform, if can perform, continues current operation, if can not perform, tackles this operation or points out user according to strategy;
Described encryption protection module is used for being encrypted protection to system-critical data and to specified file and/or file and interior file real-time encryption and decryption thereof;
Described software security module is used for before software upload to appointment platform, the software signature instrument using this platform to provide or plug-in unit and developer's signing certificate, signature encapsulation is carried out to software, upload to appointment platform again, when intelligent terminal body downloads software, it is verified, could install after being verified.
Concrete, described enhancement mode access modules is also for arranging protection level to the read-write of file.
Further, described protection level comprises the protection of at least three kinds of different stages, comprises unprotect, prompting protection and authentication protection,
When described prompting protection refers to that operation occurs, prompting user confirms, if user confirms just can operate, otherwise refusal performs this operation;
When described authentication protection refers to that operation occurs, prompting user carries out authentication, if be verified, and executable operations, otherwise refusal performs.
Concrete, described authentication is password authentication and/or fingerprint authentication and/or password authentification.
Further, described enhancement mode access modules comprises access monitoring module and access control policy module;
Described access monitoring module is used for tackling all security-related operations, and the associative operation intercepted is sent to access control policy module;
The strategy that described access control policy module is used for according to presetting judges the associative operation received, judge whether it can perform, if can perform, notice intelligent terminal body performs associative operation, if can not perform, does not carry out processing or pointing out user according to strategy.
Concrete, described software security module is when intelligent terminal body downloads software, to its method verified be: first intelligent terminal ontology acquisition is to software, when intelligent terminal body mounting software starts, call signature verification interface to software decapsulation, verify this software integrity, if imperfect, stop installing, if complete, verify the signature legitimacy of this software, if legal, reduce this software complete installation, stop installing if do not conform to rule.
Further, described integrity protection module is before system starts, and the method whether complete by critical file in the ROM of boot section code detection intelligent terminal body is:
The signature contents of critical file in the ROM of a, acquisition intelligent terminal body, its computing method are:
M=S
official's private key(H(critical file)),
Wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm;
B, calculating H '=S
official's PKI(M), H ' and H(critical file is judged) whether identical, if identical, represent that critical file is complete, otherwise represent that complete file is imperfect.
Concrete, described integrity protection module is before system update, and whether detect the new ROM that receives be the method for the legal ROM of official is:
C, obtain the signature contents of new ROM, its computing method are: M=S
official's private key(H(ROM file)),
Wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm;
D, calculating H '=S
official's PKI(M), H ' and H(ROM file is judged) whether identical, if identical, represent that critical file is complete, otherwise represent that complete file is imperfect.
The invention has the beneficial effects as follows, by above-mentioned intelligent terminal system, effectively can strengthen the security of system, for operating system provides safeguard protection, guaranteed reliability.
Accompanying drawing explanation
Fig. 1 is the system chart of the embodiment of the present invention.
Embodiment
Below in conjunction with drawings and Examples, describe technical scheme of the present invention in detail.
Intelligent terminal system of the present invention, comprise intelligent terminal body, integrity protection module, enhancement mode access control module, encryption protection module and software security module, wherein, before integrity protection module is used for system startup, whether complete by critical file in the ROM of boot section code detection intelligent terminal body, if complete, system starts, if imperfect, halt system starts or executive system reduction, the ROM in legal backup ROM replacement intelligent terminal body is adopted during system reducing, if system needs to upgrade, then before system update, whether detect the new ROM that receives is the legal ROM of official, if then upgrade, if not then delete this ROM, after integrity protection module also starts for system, whether detect with certain strategy specifies the kernel code of ROM module and Installed System Memory region complete, if then do not process, if not then point out user or termination system to run, when enhancement mode access modules is used for system cloud gray model, the strategy according to presetting controls operation, judges whether to perform, if can perform, continues current operation, if can not perform, tackles this operation or points out user according to strategy, encryption protection module is used for being encrypted protection to system-critical data and to specified file and/or file and interior file real-time encryption and decryption thereof, software security module is used for before software upload to appointment platform, the software signature instrument using this platform to provide or plug-in unit and developer's signing certificate, signature encapsulation is carried out to software, upload to appointment platform again, when intelligent terminal body downloads software, it is verified, could install after being verified.
Embodiment
The enhancement mode access modules of this example is also for arranging protection level to the read-write of file, and its system chart is as Fig. 1.
The intelligent terminal system of this example, comprises intelligent terminal body, integrity protection module, enhancement mode access control module, encryption protection module and software security module.
Wherein, before integrity protection module is used for system startup; whether complete by critical file in the ROM of boot section code detection intelligent terminal body, concrete grammar is: the signature contents of critical file in the ROM of a, acquisition intelligent terminal body, its computing method are: M=S
official's private key(H(critical file)), wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm; B, calculating H '=S
official's PKI(M), judge H ' and H(critical file) whether identical, if identical, represent that critical file is complete, otherwise represent that complete file is imperfect, if complete, system starts, if imperfect, halt system starts or executive system reduction, the ROM in legal backup ROM replacement intelligent terminal body is adopted during system reducing, if system needs to upgrade, then before system update, whether be official legal ROM, its concrete grammar is if detecting the new ROM that receives: c, obtain the signature contents of new ROM, and its computing method are: M=S
official's private key(H(ROM file)), wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm; D, calculating H '=S
official's PKI(M); judge H ' and H(ROM file) whether identical; if identical, represent that critical file is complete; otherwise represent that complete file is imperfect, if complete, upgrade, if imperfect, delete this ROM; after integrity protection module also starts for system; whether specify the kernel code of ROM module and Installed System Memory region complete, if then do not process, if not then point out user or termination system to run if detecting with certain strategy.
When enhancement mode access modules is used for system cloud gray model, strategy according to presetting controls operation, judge whether to perform, if can perform, continue current operation, if can not perform, tackle this operation or point out user according to strategy, enhancement mode access modules is also for arranging protection level to the read-write of file, this protection level comprises the protection of at least three kinds of different stages, comprise unprotect, prompting protection and authentication protection, when prompting protection refers to that operation occurs, prompting user confirms, if user confirms just can operate, otherwise refusal performs this operation, when authentication protection refers to that operation occurs, prompting user carries out authentication, if be verified, executable operations, otherwise refusal performs, authentication can be password authentication and/or fingerprint authentication and/or password authentification etc., enhancement mode access modules specifically can comprise access monitoring module and access control policy module, access monitoring module is used for tackling all security-related operations, the associative operation intercepted is sent to access control policy module, the strategy that access control policy module is used for according to presetting judges the associative operation received, judge whether it can perform, if can perform, notice intelligent terminal body performs associative operation, if can not perform, does not carry out processing or pointing out user according to strategy.The strategy preset can be arranged according to actual conditions by user.
Encryption protection module is used for being encrypted protection to system-critical data and to specified file and/or file and interior file real-time encryption and decryption thereof.
Software security module is used for before software upload to appointment platform, the software signature instrument using this platform to provide or plug-in unit and developer's signing certificate, signature encapsulation is carried out to software, upload to appointment platform again, when intelligent terminal body downloads software, it is verified, could install after being verified, concrete grammar is: first intelligent terminal ontology acquisition is to software, when intelligent terminal body mounting software starts, call signature verification interface to software decapsulation, verify this software integrity, if imperfect, stop installing, if complete, verify the signature legitimacy of this software, if legal, reduce this software complete installation, if do not conform to rule to stop installing.
Claims (9)
1. intelligent terminal system, comprises intelligent terminal body, it is characterized in that, also comprises integrity protection module, enhancement mode access control module, encryption protection module and software security module,
Before described integrity protection module is used for system startup, whether complete by critical file in the ROM of boot section code detection intelligent terminal body, if complete, system starts, if imperfect, halt system starts or executive system reduction, the ROM in legal backup ROM replacement intelligent terminal body is adopted during system reducing, if system needs to upgrade, then before system update, whether detect the new ROM that receives is the legal ROM of official, if then upgrade, if not then delete this new ROM received, after integrity protection module also starts for system, whether detect with certain strategy specifies the kernel code of ROM module and Installed System Memory region complete, if then do not process, if not then point out user or termination system to run,
When described enhancement mode access modules is used for system cloud gray model, the strategy according to presetting controls operation, judges whether to perform, if can perform, continues current operation, if can not perform, tackles this operation or points out user according to strategy;
Described encryption protection module is used for being encrypted protection to system-critical data and to specified file and/or file and interior file real-time encryption and decryption thereof;
Described software security module is used for before software upload to appointment platform, the software signature instrument using this platform to provide or plug-in unit and developer's signing certificate, signature encapsulation is carried out to software, upload to appointment platform again, when intelligent terminal body downloads software, it is verified, could install after being verified.
2. intelligent terminal system according to claim 1, it is characterized in that, described enhancement mode access modules is also for arranging protection level to the read-write of file.
3. intelligent terminal system according to claim 2, it is characterized in that, described protection level comprises the protection of at least three kinds of different stages, comprises unprotect, prompting protection and authentication protection,
When described prompting protection refers to that operation occurs, prompting user confirms, if user confirms just can operate, otherwise refusal performs this operation;
When described authentication protection refers to that operation occurs, prompting user carries out authentication, if be verified, and executable operations, otherwise refusal performs.
4. intelligent terminal system according to claim 3, is characterized in that, described authentication is password authentication and/or fingerprint authentication and/or password authentification.
5. intelligent terminal system according to claim 1, is characterized in that, described enhancement mode access modules comprises access monitoring module and access control policy module;
Described access monitoring module is used for tackling all security-related operations, and the associative operation intercepted is sent to access control policy module;
The strategy that described access control policy module is used for according to presetting judges the associative operation received, judge whether it can perform, if can perform, notice intelligent terminal body performs associative operation, if can not perform, does not carry out processing or pointing out user according to strategy.
6. intelligent terminal system according to claim 1, it is characterized in that, described software security module is when intelligent terminal body downloads software, to its method verified be: first intelligent terminal ontology acquisition is to software, when intelligent terminal body mounting software starts, call signature verification interface to software decapsulation, verify this software integrity, if imperfect, stop installing, if complete, verify the signature legitimacy of this software, if legal, reduce this software complete installation, stop installing if do not conform to rule.
7. intelligent terminal system according to claim 1 or 2 or 3 or 4 or 5 or 6, is characterized in that, described integrity protection module is before system starts, and the method whether complete by critical file in the ROM of boot section code detection intelligent terminal body is:
The signature contents of critical file in the ROM of a, acquisition intelligent terminal body, its computing method are:
M=S
official's private key(H (critical file)),
Wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm;
B, calculating H '=S
official's PKI(M), judge that whether H ' is identical with H (critical file), if identical, represent that critical file is complete, otherwise represent that complete file is imperfect.
8. intelligent terminal system according to claim 7, is characterized in that, described integrity protection module is before system update, and whether detect the new ROM that receives be the method for the legal ROM of official is:
C, obtain the signature contents of new ROM, its computing method are: M=S
official's private key(H (ROM file)),
Wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm;
D, calculating H '=S
official's PKI(M), judge whether H ' is identical with H (ROM file), if identical, represent that critical file is complete, otherwise represent that complete file is imperfect.
9. intelligent terminal system according to claim 1 or 2 or 3 or 4 or 5 or 6, is characterized in that, described integrity protection module is before system update, and whether detect the new ROM that receives be the method for the legal ROM of official is:
C, obtain the signature contents of new ROM, its computing method are: M=S
official's private key(H (ROM file)),
Wherein, S refers to signature algorithm, and M refers to signature contents, and H represents hashing algorithm;
D, calculating H '=S
official's PKI(M), judge whether H ' is identical with H (ROM file), if identical, represent that critical file is complete, otherwise represent that complete file is imperfect.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210558394.3A CN102968588B (en) | 2012-12-20 | 2012-12-20 | Intelligent terminal system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210558394.3A CN102968588B (en) | 2012-12-20 | 2012-12-20 | Intelligent terminal system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102968588A CN102968588A (en) | 2013-03-13 |
| CN102968588B true CN102968588B (en) | 2015-07-29 |
Family
ID=47798725
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210558394.3A Active CN102968588B (en) | 2012-12-20 | 2012-12-20 | Intelligent terminal system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102968588B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105302708A (en) * | 2014-06-30 | 2016-02-03 | 联发科技(新加坡)私人有限公司 | Mobile terminal and detection method thereof |
| CN106330812B (en) * | 2015-06-15 | 2019-07-05 | 腾讯科技(深圳)有限公司 | File security recognition methods and device |
| CN106506163B (en) * | 2016-10-21 | 2019-11-15 | 北京小米移动软件有限公司 | ROM packet processing method and device |
| CN109814934B (en) * | 2019-01-31 | 2022-05-06 | 安谋科技(中国)有限公司 | Data processing method, device, readable medium and system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101330383A (en) * | 2007-06-19 | 2008-12-24 | 瑞达信息安全产业股份有限公司 | Credible system for monitoring network resource based on user identification and action |
| CN102355350A (en) * | 2011-06-30 | 2012-02-15 | 北京邮电大学 | File encryption method applied for mobile intelligent terminal and system thereof |
| CN102542698A (en) * | 2011-12-27 | 2012-07-04 | 浙江省电力公司 | Safety protective method of electric power mobile payment terminal |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| SE531992C2 (en) * | 2006-02-24 | 2009-09-22 | Oniteo Ab | Method and system for secure software commissioning |
-
2012
- 2012-12-20 CN CN201210558394.3A patent/CN102968588B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101330383A (en) * | 2007-06-19 | 2008-12-24 | 瑞达信息安全产业股份有限公司 | Credible system for monitoring network resource based on user identification and action |
| CN102355350A (en) * | 2011-06-30 | 2012-02-15 | 北京邮电大学 | File encryption method applied for mobile intelligent terminal and system thereof |
| CN102542698A (en) * | 2011-12-27 | 2012-07-04 | 浙江省电力公司 | Safety protective method of electric power mobile payment terminal |
Non-Patent Citations (2)
| Title |
|---|
| 移动互联网形势下智能终端安全研究;潘娟等;《移动通信》;20120531;第48-51页 * |
| 移动智能终端安全威胁分析与防护研究;彭国军等;《信息网络安全》;20120131(第1期);第58-63页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102968588A (en) | 2013-03-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11797674B2 (en) | Method and apparatus for defending against attacks, device and storage medium | |
| CN102521548B (en) | Method for managing using rights of function and mobile terminal | |
| Suo et al. | Security and privacy in mobile cloud computing | |
| CN106156619B (en) | Application security protection method and device | |
| CN102420902B (en) | A kind of method of classification management over right of using functions and mobile terminal | |
| CN102404706B (en) | Method for managing tariff safety and mobile terminal | |
| US10136324B2 (en) | Method and apparatus for reading verification information | |
| CN102413221B (en) | Method for protecting privacy information and mobile terminal | |
| CN104573435A (en) | Method for terminal authority management and terminal | |
| CN111209558B (en) | Internet of things equipment identity authentication method and system based on block chain | |
| CN102413220B (en) | Method for controlling right of using connection function and mobile terminal | |
| CN102355467B (en) | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission | |
| CN102968588B (en) | Intelligent terminal system | |
| CN104765629A (en) | System application installation method and device | |
| CN104881667A (en) | Characteristic information extraction method and apparatus | |
| CN106161028A (en) | Safety chip, communication terminal and the method improving communication security | |
| Tabrizi et al. | A model for security analysis of smart meters | |
| CN103166952A (en) | Embedded type vehicle-mounted data collection terminal | |
| CN103034810B (en) | A kind of detection method, device and electronic equipment | |
| CN104348616A (en) | Method for visiting terminal security component, device thereof and system thereof | |
| CN104125223A (en) | Security defending system for private data of mobile device | |
| CN103246846A (en) | Method and device for detecting safety of customized ROM (read only memory) | |
| CN106713234A (en) | Smart power grid mobile terminal dynamic state authorization system | |
| CN104270754A (en) | SIM authentication method and device | |
| CN106919812B (en) | Application process authority management method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |