The content of the invention
The purpose of the present invention is intended at least solve one of above-mentioned technological deficiency, particularly can be to the operation of executable file
It is controlled, prevents executable file by Hacking Run.
The present invention provides a kind of executable file progress control method, comprises the following steps:Pass through telecommunication port school
Test and confirm the machine legal authorization;Executable file is pushed in case holding to target terminal by the communication link that the machine maintains
OK;Executable file is called to be verified in the first functional module to run its first functional module and confirm to adjust by communication link
With it is legal when, executable file the second functional module operation.
Wherein, the step of verifying and confirming the machine legal authorization, it is specially:Send asking comprising local features information
Ask, the local features information obtained in response to the request is located at the machine legitimate messages in white list.
Wherein, local features information is the encryption information of unique mark local features.
Wherein, push executable file and be revised as can perform, in case performing.
Wherein, the step of executable file is to run its first functional module is called by communication link, specifically included:Adjust
With executable file to run its first functional module, obtain the return of the first functional module includes allocating time and target terminal
Mark close string, to it is close serially add it is close, again call executable file with run its first functional module and send encryption after it is close
Go here and there to executable file.
Wherein, the first functional module is used to produce close string, and it verifies the close string after encryption and close string caused by calling again
In allocating time be spaced in preset time, when target terminal mark is consistent, the second functional module operation of executable file.
Wherein, the second functional module is used for the Root authority for obtaining target terminal.
Wherein, the machine has the connectivity port that communication link is established with target terminal.
Wherein, connectivity port is bluetooth, WiFi and/or USB interface.
Wherein, confirm the step of the machine legal authorization or confirm to call legal step, when that can not confirm, terminate
Perform each follow-up step.
The present invention also provides a kind of executable file progress control method, comprises the following steps:It is logical by what is locally maintained
Believe that link receives the order for calling executable file;According to call instruction, verify and confirm whether calling is legal;Verification and it is true
Recognize when calling legal, perform the function of executable file.
Wherein, according to call instruction, verify and confirm to call whether legal step, specifically include:Obtained according to calling
The close string including allocating time and locally identified, close string is sent by communication link, after the encryption for receiving communication link return
Close string and obtain the close string that includes allocating time and locally identify according to calling again, the close string after decryption encryption, verification solves
Close string after close and call again allocating time interval in the close string of acquisition whether in preset time, local identify whether one
Cause.
Wherein, when invoked between be spaced not in preset time, terminate the verification that locally identifies.
Wherein, after the step of performing the function of executable file, show the information whether to run succeeded or pass through communication chain
The information whether road feedback runs succeeded.
The present invention provides a kind of executable file operating control device, including:Correction verification module, for passing through telecommunication end
Mouth verifies and confirms the machine legal authorization;Pushing module, when confirming the machine legal authorization for correction verification module, pass through
The communication link that the machine maintains pushes executable file in case performing to target terminal;Calling module, for passing through communication link
Executable file is called to run its first functional module, when the first functional module verifies and confirms to call legal, can perform
The second functional module operation of file.
Wherein, correction verification module is specifically used for:The request for including local features information is sent, obtains the sheet in response to the request
Machine characteristic information is located at the machine legitimate messages in white list.
Wherein, local features information is the encryption information of unique mark local features.
Wherein, pushing module is further used for:Push executable file simultaneously is revised as can perform, in case performing.
Wherein, calling module is specifically used for:Executable file is called to run its first functional module, obtains the first function
The close string for including allocating time and target terminal and identifying that module returns, serially add close to close, call executable file to transport again
Its first functional module of row simultaneously sends the close string after encryption to executable file.
Wherein, the first functional module is used to produce close string, and it verifies the close string after encryption and close string caused by calling again
In allocating time be spaced in preset time, when target terminal mark is consistent, the second functional module operation of executable file.
Wherein, the second functional module is used for the Root authority for obtaining target terminal.
Wherein, the machine has the connectivity port that communication link is established with target terminal.
Wherein, connectivity port is bluetooth, WiFi and/or USB interface.
The present invention also provides a kind of executable file operating control device, including:Receiving module, for by locally maintaining
Communication link receive call executable file order;First functional module, for according to call instruction, verifying and confirming to adjust
With whether legal;Second functional module, for when verifying and confirming to call legal, performing the function of executable file.
Wherein, the first functional module is specifically used for:The close string for obtaining according to calling and including allocating time and locally identifying, lead to
Cross communication link and send close string, receive the close string after the encryption of communication link return and include calling according to calling to obtain again
Time and the close string locally identified, the close string after decryption encryption, verify in close string of the close string after decryption with calling acquisition again
Allocating time interval whether in preset time, it is local identify whether it is consistent.
Wherein, when invoked between be spaced the verification that not in preset time, locally identifies and terminate.
Wherein, device includes:Feedback module, for the second functional module perform executable file function after, display is held
The information of row success or not or the information whether to be run succeeded by communication link feedback.
Compared to prior art, the present invention has advantages below:
1. the legitimacy of client verifies where pair application program, i.e., school is carried out to the running environment of application program
Test, it can be ensured that application program is operated in the client of mandate, avoids application program from arbitrarily being installed and used.
2. application program sends executable file to target terminal, before executable file execution, whether its operation is verified
For the calling of application call, only application program, executable file could be run, this verification can prevent executable file quilt
Arbitrarily pluck out, any abuse.
In checking procedure, executable file is called twice, and application program calls what executable file returned to it first
Close string is encrypted, and the close string of encryption is decrypted again for executable file, and comparing the close string after decryption can hold with calling again
The uniformity of target terminal mark in close string caused by style of writing part.Enhancing verification is judged by above-mentioned encrypting and decrypting, uniformity
Accuracy.
3. multiple check is set, first, whether the running environment of verification Application program is legal, second, verification Application program is
It is no legal, third, whether the order that verification performs executable file is legal, by triple verifications, increase the number of plies and difficulty of verification
Degree, the interests of defence program developer.
4. application program can send executable file to multiple target terminals, i.e., multiple target terminals are carried out at batch
Reason, to improve the service efficiency of application program.
In brief, the method for present invention control executable file operation can be to application program and its executable text of push
Part is efficiently protected, and is avoided cracking and is abused.
The additional aspect of the present invention and advantage will be set forth in part in the description, and these will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative " one " used herein, " one
It is individual ", " described " and "the" may also comprise plural form.It is to be further understood that what is used in the specification of the present invention arranges
Diction " comprising " refer to the feature, integer, step, operation, element and/or component be present, but it is not excluded that in the presence of or addition
One or more other features, integer, step, operation, element, component and/or their groups.It should be understood that when we claim member
Part is " connected " or during " coupled " to another element, and it can be directly connected or coupled to other elements, or there may also be
Intermediary element.In addition, " connection " used herein or " coupling " can include wireless connection or wireless coupling.It is used herein to arrange
Taking leave "and/or" includes whole or any cell and all combinations of one or more associated list items.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific terminology), there is the general understanding identical meaning with the those of ordinary skill in art of the present invention.Should also
Understand, those terms defined in such as general dictionary, it should be understood that have with the context of prior art
The consistent meaning of meaning, and unless by specific definitions as here, idealization or the implication of overly formal otherwise will not be used
To explain.
Those skilled in the art of the present technique are appreciated that " terminal " used herein above, " terminal device " both include wireless communication
The equipment of number receiver, it only possesses the equipment of the wireless signal receiver of non-emissive ability, includes receiving again and transmitting hardware
Equipment, its have on bidirectional communication link, can perform two-way communication reception and launch hardware equipment.This equipment
It can include:Honeycomb or other communication equipments, it has single line display or multi-line display or shown without multi-line
The honeycomb of device or other communication equipments;PCS (Personal Communications Service, PCS Personal Communications System), it can
With combine voice, data processing, fax and/or its communication ability;PDA (Personal Digital Assistant, it is personal
Digital assistants), it can include radio frequency receiver, pager, the Internet/intranet access, web browser, notepad, day
Go through and/or GPS (Global Positioning System, global positioning system) receiver;Conventional laptop and/or palm
Type computer or other equipment, its have and/or the conventional laptop including radio frequency receiver and/or palmtop computer or its
His equipment." terminal " used herein above, " terminal device " they can be portable, can transport, installed in the vehicles (aviation,
Sea-freight and/or land) in, or be suitable for and/or be configured in local runtime, and/or with distribution form, operate in the earth
And/or any other position operation in space." terminal " used herein above, " terminal device " can also be communication terminal, on
Network termination, music/video playback terminal, such as can be PDA, MID (Mobile Internet Device, mobile Internet
Equipment) and/or mobile phone or the equipment such as intelligent television, set top box with music/video playing function.
Those skilled in the art of the present technique are appreciated that remote network devices used herein above, and it includes but is not limited to count
The cloud that calculation machine, network host, single network server, multiple webserver collection or multiple servers are formed.Here, Yun Youji
Formed in a large amount of computers or the webserver of cloud computing (Cloud Computing), wherein, cloud computing is Distributed Calculation
One kind, a super virtual computer being made up of the computer collection of a group loose couplings.In embodiments of the invention, distal end
It can be realized and communicated by any communication mode between the network equipment, terminal device and WNS servers, included but is not limited to, be based on
3GPP, LTE, WIMAX mobile communication, based on TCP/IP, the computer network communication of udp protocol and based on bluetooth, infrared
The low coverage wireless transmission method of transmission standard.
It will be appreciated by those skilled in the art that " application ", " application program ", " application software " and class alleged by the present invention
It is the same concept well known to those skilled in the art like the concept of statement, refers to be instructed by series of computation machine and related data
The computer software for being suitable to electronics operation of the organic construction of resource.Unless specified, this name is not in itself by programming language
Species, rank, the operating system of operation of also not rely by it or platform are limited.In the nature of things, this genus also not by appoint
The terminal of what form is limited.
Referring to Fig. 1, Fig. 1 is present system structure principle chart, as shown in figure 1, including server end 11, client 12
And target terminal 13.
System shown in Figure 1 is the system constructed by Network Environment, and server end 11 realizes the verification to client 12,
Client 12 is to be provided with the computer of application program of the present invention, and target terminal 13 is the mobile terminal for performing function of application
(such as:Mobile phone).Wherein, server end 11 can be high in the clouds, and to run the computer of linux system, target terminal 13 is client 12
Run the terminal of android system.
The present embodiment is related to linux system, android system, but is not limited to the system, and those skilled in the art can be with
The operating system such as reasonable prediction, Windows, apple, the contemplated scheme of applicable the present embodiment.And client 12 is also
It can be ARM machines, be connected with multiple mobile phones.
Client 12 is connected by telecommunication port with server end 11, and passes through communication link and at least one target
Terminal 13 connects.Client 12 is configured with corresponding target terminal 13 in client 12 and driven to be communicated with target terminal 13
The relative program such as program and adb (Android Debug Bridge, Android debugging bridge), and client 12 has and target terminal
13 establish the connectivity port of communication link, such as bluetooth, WiFi and/or USB interface.
Referring to Fig. 2, Fig. 2 is the schematic flow sheet of the embodiment of executable file progress control method one of the present invention, such as Fig. 2
It is shown, comprise the following steps:
S21, by telecommunication port check bit and confirm the machine legal authorization.
The machine of the present embodiment is to be provided with the computer of application program of the present invention, and the machine passes through its telecommunication port and clothes
Business device interaction, verifies whether it is legal client, the client only authorized could run the application by server
Program.
S22, executable file is pushed in case performing to target terminal by the communication link that the machine maintains.
When the machine be confirmed to be it is legal, its can to target terminal push executable file, its work(is completed by executable file
Energy.
S23, executable file is called to be verified to run its first functional module in the first functional module by communication link
And when confirming to call legal, the second functional module operation of executable file.
Before executable file performs its second functional module, that is, before the function of performing application program, need to verify pair can hold
Whether the calling of style of writing part is sent by application program, when it to the calling of executable file is sent by application program to confirm, the
Two functional modules are just run.Specifically, using judgement of the machine to the calling and the first functional module of the first functional module, realize
Call whether legal verification.
Referring to Fig. 3, Fig. 3 is the schematic flow sheet of another embodiment of executable file progress control method of the present invention, such as
Shown in Fig. 3, comprise the following steps:
S31, the order for calling executable file is received by the communication link locally maintained.
S32, according to call instruction, verify and confirm whether calling is legal.
S33, when verifying and confirming to call legal, perform the function of executable file.
Combined with the embodiment shown in Fig. 2, in the executable file and embodiment illustrated in fig. 2 of the present embodiment target terminal
The machine coordinates, the whether legal verification of complete call, when the application program of call instruction embodiment as shown in Figure 2 is sent, holds
The function that row executable file need to be realized to target terminal.
Referring to Fig. 4, Fig. 4 is the schematic flow sheet of executable file progress control method another embodiment of the present invention, such as
Shown in Fig. 4, comprise the following steps:
S41, by telecommunication port check bit and confirm the machine legal authorization.
The method of the present embodiment based on the system shown in Fig. 1, client 12 respectively with server end 11 and target terminal 13
Interaction.The machine described in the present embodiment is client 12, need to be to server end 11 during application program launching in client 12
Whether legal request, verify its running environment.
Wherein, the work of client 12 is specific as follows:
A. the verification comprising the characteristic information of client 12 is sent to ask.
Characteristic information is the information of unique mark client 12, including mac addresses, mainboard ID number and/or hard disk serial number.
Client 12 has all multicharacteristic informations, it is not limited to several listed by above-mentioned.The present embodiment selectes the standard of characteristic information
More flexibly, so that client 12, preferably mac addresses can be identified using these information.But can be by multiple characteristic informations
It is combined, to improve the accuracy of identification.
The acquisition of this feature information is realized by application program, when application is run, obtains characteristic information and transmission extremely services
Device end 11 is to judge whether its running environment is legal.
B. obtain in response to the legal message of the client 12 of the request.
Wherein, the checking procedure of server end 11 is specific as follows:
A. the request for including the characteristic information of client 12 is obtained by telecommunication port.
B. whether judging characteristic information is in default white list.
White list is preset with server end 11, there is the client-side information for authorizing operation application program, each visitor in white list
Family client information includes the information of unique mark client features.After server end 11 receives the request of the transmission of client 12,
Search whether to deposit characteristic information in the request in white list.
C. when characteristic information is in default white list, the legal authorization of client 12 is confirmed, and pass through telecommunication end
Mouth returns to the legal message of client 12.
When there is no characteristic information in white list, return to that client 12 is illegal disappears again by telecommunication port
Breath.
By above-mentioned elaboration, client 12 interacts with server end 11, can complete the whether legal verification of client 12.When
After application program in client 12 receives the message of the return of server end 11, if client 12 is illegal, stop fortune
OK.This verification makes the application program operate in specific client, the client outside white list, then does not allow its use to answer
Use program.
In this checking procedure, the characteristic information sent to application program is encrypted, i.e., the request that application program is sent
For CIPHERING REQUEST, after server end 11 receives the request, be decrypted, then again judging characteristic information whether in default white name
Dan Zhong.And during the return message of server end 11, message can be also encrypted.Wherein, different application programs has different
Key。
In other embodiments, can also ask not encrypt, the message for only returning to server end 11 is encrypted, client
12 are decrypted.
Above-mentioned encryption is encrypted using AES (Advanced Encryption Standard, Advanced Encryption Standard), is
Symmetric cryptography, encrypt identical with the key of decryption both sides.AES on software and hardware can rapidly encryption and decryption, be easy to implementation
And need seldom memory.
Using above-mentioned encryption, it may be verified that the legitimacy of application program, while interactive data can also be protected.
S42, executable file is pushed in case performing to target terminal by the communication link that the machine maintains.
When application program receives the legal message of client 12 of the return of server end 11, confirm that the machine is legal
Authorize, continue to run with.Detect whether that target terminal 13 is connected with client 12, deposited when between target terminal 13 and client 12
In communication link, application program sends executable file to target terminal 13, is stored in/bin catalogues.Wherein, application program
Executable file can be sent to multiple target terminals simultaneously.Wherein, executable file is encryption file, can be prevented in transmitting procedure
In or be cracked in target terminal 13.
Need to be executable by its attribute modification, so as to the operation of executable file after pushing executable file.For
The executable file of microsoft operating system, it is to judge whether file is executable by identifying file suffixes, therefore not
Need to change attribute.
In the present embodiment, the method for the present embodiment is used for the Root authority for obtaining target terminal 13, therefore, application program
For Root softwares, it includes Root schemes, and Root schemes are executable file.It is well known that the function of executable file can be with
To be a variety of, therefore application program is not limited to Root softwares.
There are a variety of Root authorities for putting forward power scheme and being used to obtain android system, the life acted on according to authority after the power that proposes at present
From the point of view of ordering the cycle, including permanent Root authority and temporary Root authority.In the case of permanent Root authority, application program is once Root
Authorize, need not can again carry out Root later and put forward power;And in the case of temporary Root authority, the life cycle of authority effect simply operates
System once still needs to carry out Root from start to the process of shutdown, start next time.
No matter which kind of Root mode is used, and the general principle for putting forward power is by being implanted into system for receiving authority request
Su, realize man-machine interaction in conjunction with SuperUser.apk application programs.Root puies forward the process that power operates:Su texts
Part is put into/system/bin/ in, Superuser.apk is put into below system/app, the former is used for the authority of monitoring users
Ask and communicated with the latter, the latter mainly realizes man-machine interaction on the basis of being communicated with the former, so as to allow user to make
Correlation instruction.In theory, if su can realize that acquiescence is asked by all permissions, SuperUser.apk can give up.This
Also needing to setting/system/bin/su outside can allow any user to run, and make it have set uid and set gid power
Limit, it can specifically be ordered by being run on android machines:Adb shell chmod 4755/system/bin/su are realized.
For Root schemes, it is thus understood that including:The code file related to cracking and its configuration parameter, with " su ",
The file that " SuperUser.apk " is named or realized.
S43, executable file is called by communication link.
S44, target terminal receive the order for calling executable file by the communication link locally maintained.
S45, according to call instruction, verify and confirm whether calling is legal.
Executable file is binary file, and whether to prevent from abusing after it is obtained, it is in client 12 that need to verify
Its perform function of application call.Specific checking procedure includes step S43, S44, S45, the verification is carried out below detailed
Illustrate:
The executable file of the present embodiment includes the first functional module and the second functional module, and the first functional module is used to produce
The raw string for including allocating time and target terminal 13 and identifying, and the string is encrypted;Second functional module is used to perform acquisition
The work of Root authority.
First, for application call executable file to run its first functional module, the first functional module produces close string,
And application program is back to, application program carries out secondary encryption to the close string;Then, application program calls executable file again
To run its first functional module, and close string to executable file, the first functional module sent after encryption produces close string again;
Furthermore the close string after the encryption of acquisition is decrypted the first functional module, and by the close string after decryption with it is caused close again
String is compared, to verify whether call instruction is sent by application program.
Specifically comparison procedure is:Due to calling existence time poor twice, compare the time interval in two close strings first
Whether within the default time, if time interval exceedes preset time, the operation of executable file is terminated;If time interval exists
In preset time, then continue to compare the target terminal 13 in two close strings and identify whether unanimously, if unanimously, illustrating to send and extremely should
Sent really by target terminal 13 with the close string of program, final to confirm that call instruction is sent by application program, that is, it is legal to call
's.
Above-mentioned verification process cardinal principle is:The close string called first is encrypted application program, executable file pair
The close string of encryption is decrypted, and the close string after decrypting is with the mark in the close string called again consistent, determines to call with this
Order is sent by application program.By the checking executable file can be avoided to be acquired to carry out Root to arbitrary mobile phone,
Realize the protection to executable file.
S46, when verifying and confirming to call legal, perform the function of executable file.
When verifying and confirming to call legal, the second functional module of executable file is run, target terminal 13 is carried out
Root, Root mode are interim Root or permanent Root.
After the completion of Root flows, the information whether to run succeeded can be shown on target terminal 13 or passes through communication link
The information that whether runs succeeded is fed back to client 12.
It is pointed out that in the method flow of the present embodiment, when any checking procedure can not confirm, after automatic termination
Continuous step.
It is described above, to protect application program, the operation of executable file is controlled, multiple check is set, first, verification should
It is whether legal with the running environment of program, second, whether verification Application program is legal, third, verification makes what executable file performed
Whether order is legal, by triple verifications, increases the number of plies and difficulty of verification, prevents application program to be cracked and abuse, and protects
The interests of program developer.
Referring to Fig. 5, Fig. 5 is the structural representation of the embodiment of executable file operating control device one of the present invention, such as Fig. 5
It is shown, including:Correction verification module 51, pushing module 52, calling module 53, receiving module 54, the first functional module 55, the second function
Module 56 and feedback module 57.
The function of above-mentioned each module is as follows:
Correction verification module 51 is used for by telecommunication port check bit and confirms the machine legal authorization.Pushing module 52 is used
When correction verification module 51 confirms the machine legal authorization, pushed and can perform to target terminal by the communication link that the machine maintains
File is in case perform.Calling module 53 is used to call executable file by communication link to run its first functional module 55,
When the first functional module 55 verifies and confirms to call legal, the second functional module 56 of executable file is run.
Receiving module 54 is used to receive the order for calling executable file by the communication link locally maintained.First function
Module 55 is used for according to call instruction, verifies and confirms whether calling is legal.Second functional module 56 is used to verify and confirm
When calling legal, the function of executable file is performed.Feedback module 57 is used for the second functional module 56 and performs executable file
After function, the information whether to run succeeded or the information whether to be run succeeded by communication link feedback are shown.
In the present embodiment, it is located at client 12 with reference to Fig. 1, correction verification module 51, pushing module 52 and calling module 53, connects
Receive module 54, the first functional module 55, the second functional module 56 and feedback module 57 and be located at target terminal 13.Client 12 and mesh
Mark terminal 13 interacts, and is set forth in detail below in interaction, the course of work of each module.
During application program launching in client 12, its correction verification module 51 sends the request for including the characteristic information of client 12
To server end 11, when server end 11 judges characteristic information in the request in its white list, return to client 12 and close
The message of method, correction verification module 51 obtains the message returned, to confirm the legal authorization of client 12., should when client 12 is legal
Its executable file is pushed to target terminal 13 with the pushing module 52 of program, to protect the executable file not to be abused,
Before executable file performs the function that it need to be realized on target terminal 13, whether the operation that need to verify executable file is application
Routine call.Specially:The calling module 53 of application program calls executable file to run its first functional module 55;It can hold
After the receiving module 54 of style of writing part receives the call instruction, the first functional module 55, which obtains, includes allocating time and target terminal
The close string of 13 marks is simultaneously back to calling module 53;After calling module 53 obtains close string, secondary encryption is carried out to close string, and again
Executable file is called to run its first functional module 55 and send the close string after encryption to executable file;First function mould
Block 55 receive return encryption after close string and according to again call obtain include allocating time and target terminal 13 mark it is close
Go here and there, the close string after decryption encryption, whether the allocating time interval in close string of the close string with calling acquisition again after verification decryption
In preset time, target terminal 13 identifies whether unanimously;When the first functional module 55 verification allocating time is spaced in default
When interior, target terminal 13 identifies consistent, confirm that the operation of executable file is legal by application call, the calling.When true
Recognize call it is legal when, the second functional module 56 perform its function.Second functional module 56 operation after the completion of, display run succeeded with
No information or by the feedback of the information to client 12.
Wherein, the characteristic information of client 12 is the information of unique mark local features, and also this feature information can be carried out
Encryption, by the decryption of server end 11 to further confirm that the legitimacy of the application program in client 12.
Wherein, need to be executable by the attribute modification of executable file when target terminal 13 is android system.
Wherein, the second functional module 56 can be used for the Root authority for obtaining target terminal 13.
Wherein, the first functional module 55 verification allocating time interval whether in preset time, target terminal 13 identifies
Whether it is consistent during, when invoked between when being spaced not in preset time, the verification of mark terminates.
Described above, the present embodiment device can verify to the running environment of application program of the present invention, to avoid applying
Program is arbitrarily installed and used;Operation to executable file, which is called, to be verified, to avoid executable file from arbitrarily being plucked out,
Any abuse;By multiple check, to protect application program, it is prevented to be cracked.
Described above is only some embodiments of the present invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.