(3) summary of the invention
When computer networking, the mode that network worm is easy to divide into groups with normal IP enters computer through fire compartment wall, and starts to distort to computer, delete, steals the attacks such as data, and IPsec agreement is also helpless to this; Trojan Horse attracts user download and perform by camouflage self, and then harm subscriber computer.This just needs a kind of mechanism---and when an executable file, script file or dynamic link library file (below, three is referred to as program) are activated, its identity should first be verified.If identity is illegal, it should be prohibited to run, and is eliminated.
The present invention proposes a kind of preventing rogue program start-up and functionning and notifying that user deletes the technical method of rogue program, for network security and information security provide new technical guarantee newly.
In this article, symbol "=" represents that the value on variable or the expression both sides value on the right being assigned to the left side is equal, and " ≠ " represents that the value on both sides is unequal, and " # " is file or character string connector.
3.1 several basic conceptions
Be mainly concerned with asymmetric identity, program identity, program message, digital signature code etc.
3.1.1 asymmetric identity and program identity
Asymmetric identity is used for the authentication of article in cyberspace or real world.In cyberspace, article can be a computer, program file, a data file etc.Produce the unit of article main body, article itself are called out-customer body.
Definition 1: in cyberspace, asymmetric identity refers to and implies object characteristic information (especially unique number) and the privately owned key of main body (abbreviation private key), and by digital signature code that the open key (abbreviation PKI) of main body is verified.
It has four character:
1. uniqueness (not repeating in application);
2. antifalsification (identity of associated article can not be counterfeiting);
3. implicity (characteristic information is hidden and do not reveal);
4. asymmetry (using public and private two keys).
Definition 2: the asymmetric identity implying contents of program, program number, main body (i.e. software setup enterprise) numbering and main body private key is called as program identity.
3.1.2 program message, program digest and digital signature code
Definition 3: number by contents of program, program number and main body a file forming or character string is called as program message.
Definition 4: be called as program digest using program message as the output of the uni-directional hash module of input.
Definition 5: the output of digital signature scheme is called as digital signature code.
3.2 technical schemes of the present invention
Key of the present invention is to employ private key and PKI two keys, and program identity is stored in the primary name of program.
The present invention is a kind of rogue program preventing control method based on asymmetric identity, be made up of key management, identity modulation, dynamic surveillance and authentication four parts, it is the anti-control products mandatory general principle of institute of a kind of exploitation rogue program and technical scheme just, instead of physical product itself.
According to the present invention, key management chip, identity modulation chip, dynamic surveillance chip and authentication chip can be produced, or develop key management software, identity modulation software, dynamic surveillance software and authentication software.
3.2.1 key management part
For software setup enterprise, correlation module runs in the computer of business manager office, does not network, and is used for generating and depositing a private key and a PKI.
Suppose that Signsys is a good digital signature scheme of performance, Keygen is its key generation module, and Cnum is enterprise's numbering (10-12 16 system characters), then the implementation method of key management part is:
(1) select security parameter, wherein, modulus length is 224 bits to the maximum;
(2) call Keygen (security parameter), obtain private key SK and PKI PK;
(3) SK is stored in flash disk, by business manager keeping, must not reveals;
(4) Cnum and PK is uploaded in the database of public keys of verification platform;
(5) by information such as private key numbering, PKI, rise time, life cycle, custodians
Stored in key management database.
Note, verification platform is made up of one or several computers, can be used for multiple software setup enterprise jointly to use, and is connected with network.
3.2.2 identity modulating part
This part for software setup enterprise, and is carried out at program packaging before sales, and correlation module runs in the computer of enterprise office, does not network, and is used for the asymmetric identity of generation program (and different backup).
Suppose that Signing is the Digital Signature module of Signsys, Hash is a uni-directional hash module of mating with Signsys, and SK is the private key of enterprise, Pnum is program number (10-12 16 system characters, and the backup of same program must have different numbering), Pcon is contents of program, and PM is program message, PD is program digest, PID is program identity, and Nori is the original primary name of program, and Date is the date of manufacture, Func is that program function illustrates, then the implementation method of identity modulating part is:
(1) PM=Cnum#Pnum#Pcon is put;
(2) PD=Hash (PM) is made;
(3) PID=Signing (PD, SK) is calculated;
(4) PID, PD are converted into 16 system characters;
(5) PID, PD, Cnum, Pnum are inserted into the rightmost of program primary name;
(6) by Cnum, Hash (PID), Pnum, Nori, Date, Func etc.
Be deposited in the program profile data storehouse of verification platform.
Note, a program name comprises two parts, and the part before ". " is called as primary name, and the part after ". " is called as extension name.At present, in mainstream operation system, the maximum length of name is about 256 characters.
3.2.3 dynamic surveillance part
This part is for purchase and installed the user of program, and correlation module runs in the computer of user, and this computer is in networking state.
Suppose that Hash is the uni-directional hash module that mates with Signsys, the implementation method of dynamic surveillance part is:
(1) often when the program is started, intercept and capture the startup of program, and obtain the primary name of program;
It is (2) if the length of primary name is less than specific length, then illegal to user report program,
And stop the startup of program;
(3) from primary name, PID, PD, Cnum and Pnum is extracted;
(4) PD=Hash (Cnum#Pnum#Pcon) is made;
It is (5) if the PD of new PD ≠ old, then illegal to user report program,
And stop the startup of program;
(6) PID, PD, Cnum, Pnum are sent to verification platform in the form of packets;
(7) result returned from platform is received;
(8) if result is "false", then illegal to user report program, and stop the startup of program,
Otherwise, allow program to continue to start.
Note, the grouping in the 6th step can be IP grouping, also can be the grouping of other agreement.
3.2.4 authentication part
This part is for the verification platform in network, and correlation module runs in authentication server, is used for carrying out identification computing to program identity.
Suppose that Verifying is the authentication module of Signsys, PK is the PKI of enterprise, and Res is the result, and its value is "true" or "false", then the implementation method of authentication part is:
(1) grouping from subscriber computer is received,
Obtain the parameters such as PID, PD, Cnum, Pnum;
(2) in database of public keys, PK is found by Cnum;
(3) in program profile data storehouse, Pnum is found by Cnum and Hash (PID);
(4) if current Pnum ≠ deposit Pnum, then Res="false" is made,
Otherwise, calculate Res=Verifying (PID, PD, PK);
(5) if the source address in program profile data storehouse is empty, then current source address is write,
Otherwise, if deposited source address ≠ current source address, then made Res="false";
(6) Res is returned.
As can be seen from above-mentioned 5th step, we have also been used as pirate program as rogue program, and namely the program of same identity can not be run in two subscriber computers that source address is different, and in addition, Verifying module exports the value of "true" or "false".
3.3 advantages and good effect
3.3.1 unforgeable
In the present invention, program identity private key is modulated, and by public key verifications, is asymmetric certification.Due to private key underground and can not obtain from PKI (by key convert a difficult problem one-way determine), therefore, program identity can not be forged before a relevant difficult problem is cracked.
3.3.2 verifying speed is fast
Because Signsys is a good digital signature scheme of performance, or even light weight digital signature scheme, therefore, signature speed and verifying speed all will be very fast.
3.3.3 not only anti-rogue program but also anti-piracy program
The present invention not only can prevent the operation of rogue program, and can prevent the operation of pirate program, and notifies that user deletes them.
3.3.4 program identity and program consubstantiality
Program identity does not need independent file to preserve, but leaves in the primary name of program, for checking provides conveniently.
3.3.5 unified verification platform can be built
Be not that each software setup enterprise needs to set up a program identity verification platform, but a unified verification platform can be shared by all software setup enterprises, to improve authoritative and to reduce costs.