CN105120460A - Mobile application data processing method - Google Patents
Mobile application data processing method Download PDFInfo
- Publication number
- CN105120460A CN105120460A CN201510423836.7A CN201510423836A CN105120460A CN 105120460 A CN105120460 A CN 105120460A CN 201510423836 A CN201510423836 A CN 201510423836A CN 105120460 A CN105120460 A CN 105120460A
- Authority
- CN
- China
- Prior art keywords
- installation kit
- detection
- application
- layer
- key certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
Abstract
The invention provides a mobile application data processing method. The method comprises the steps that a Web application based audit center carries out various kinds of detection on an installation package released to an application website, and then a mobile terminal carries out secondary signature on the installation package by using public key and private key certificates so as to judge whether the installation package is legal or not. According to the mobile application data processing method provided by the invention, the security of installation package files can be guaranteed from the application website to the mobile terminal through implementing a security detection technology and a terminal security authentication mechanism.
Description
Technical field
The present invention relates to mobile terminal, particularly a kind of application data processing method.
Background technology
While mobile terminal operating system application is fast-developing, the application of malice installation kit, malicious code, swindle software etc. emerge in large numbers thereupon.Due to the opening of operation center, part malice developer cracks when customizing ROM the installation kit distorting issue wantonly, after installation kit compiling, user profile is stolen by implanting a large amount of wooden horse malicious codes, bring serious personal secrets and economic loss to operating system user, therefore need to carry out application examination & verification to mobile terminal.
But some operating system application auditing system existing carries out examination & verification only according to third party's safety detection software to relevant installation kit and estimates just to issue application website, and when user downloads and installs installation kit, terminal does not have authentication mechanism to ensure its fail safe.This mode is distorted it after malicious user cannot be stoped first to download and install bag, and then is not forwarded to operating system user by the application website of auditing by some.
Summary of the invention
For solving the problem existing for above-mentioned prior art, the present invention proposes a kind of Mobile solution data processing method, comprising:
Multiple detection is carried out to the installation kit be published in application website in the audit center of sing on web application, and then mobile terminal utilizes PKI and private key certificate to carry out dual signature to installation kit, judges that whether installation kit is legal.
Preferably, the client layer at described security audit center comprises use object and the user of object platform; Application layer receives various tasks, scheduling also Matching Platform resource, recovery safety detection and the dual signature correlated results information of client layer distribution, and information passes to accumulation layer the most at last; Accumulation layer completes each layer to the storage of corresponding service data and access with the form of data-base cluster and disk array; Network connection is provided centered by network layer, data traffic controls, network operation state controls service;
And wherein, in application layer, web portal completes the interworking with client layer, is monitored, Querying Distributed database completes the inquiry of testing result and analysis, Data Update and integration, files passe and download, installation kit application state are inquired about, system management by port; Scheduler subsystem realizes batch tasks reception, scheduling, result recovery, result data storage; The Software deployment in the server on Linux virtual machine that function engine will have a particular safety strategy, comprise static state, dynamically, trojan horse detection engine and the service of installation kit dual signature.
Preferably, described mobile terminal installation kit comprises security authentication module, is made up of the checking interface embedded in the erector of installation kit, TSM Security Agent and public key certificate memory block, and wherein TSM Security Agent realizes the background application of checking core work;
After erector in installation kit receives the installation kit of the signature application of installation to be activated, call in checking storehouse and externally verify that interface and application path start TSM Security Agent; Secondly, TSM Security Agent obtains public key certificate in public key certificate memory block, calls internal verification interface and verifies installation kit of signing in conjunction with public key certificate; Finally, the result is returned erector by internal verification interface, external certificate interface by TSM Security Agent successively, embed the checking interface of lightweight in the erector of this authentication module only in installation kit, and the extraction flow process of calculating in proof procedure, public key certificate completes by TSM Security Agent.
Preferably, wherein said multiple detection comprises Static Detection, detection of dynamic and trojan horse detection; Described Static Detection finds known malicious code fragment; Described detection of dynamic finds unknown malicious act; And whether described trojan horse detection checking file is infected by virus, worm, wooden horse and other Malwares, described trojan horse detection also utilizes Aulomatizeted Detect script, uploads installation kit and completes safety detection to the detection server be made up of multiple third party's antivirus engine.
The present invention compared to existing technology, has the following advantages:
By implementing safety detection technology and terminal security authentication mechanism, from application website to mobile terminal, the safety of installation kit file can be ensured.
Accompanying drawing explanation
Fig. 1 is the flow chart of the Mobile solution data processing method according to the embodiment of the present invention.
Embodiment
Detailed description to one or more embodiment of the present invention is hereafter provided together with the accompanying drawing of the diagram principle of the invention.Describe the present invention in conjunction with such embodiment, but the invention is not restricted to any embodiment.Scope of the present invention is only defined by the claims, and the present invention contain many substitute, amendment and equivalent.Set forth many details in the following description to provide thorough understanding of the present invention.These details are provided for exemplary purposes, and also can realize the present invention according to claims without some in these details or all details.
The present invention successively strengthens installation kit fail safe except utilizing Static and dynamic and trojan horse detection, also can utilize legal private key, introduces dual signature technology in the terminal, by installation kit dual signature, to ensure its safety and confirmability.Simultaneously, installation kit security authentication module is embedded at mobile terminal, authentication module is verified installation kit in application installation process, judge that whether it is by legitimate secure certification, thus judge it whether as the packing being cracked, being tampered " piracy software ", effectively to guarantee that operating system user security uses installation kit.This system, by maltilevel security detection technique and terminal signature verification security authentication mechanism, can ensure the safety of installation kit file from " source " (application website) to " end " (mobile terminal).In addition, the present invention also completes dependent tasks schedule function by the scheduler subsystem of a task based access control queue, possess the features such as high reliability, high fault tolerance, efficient, high scalability, concurrent processing and the scheduling of mass data can be tackled, the requirement of load balancing can be met simultaneously, achieve efficient process and the recovery of platform task.
The security audit center that this operating system application examination & verification Verification System apply primarily of sing on web and mobile terminal installation kit security authentication module formation.Based on safety detection technology, the installation kit safety be published in official's application website can be detected in audit center, and mobile terminal installation kit security authentication module can utilize legal PKI and private key certificate to treat to be installed to the installation kit file of terminal to carry out signature verification.
The security audit center of sing on web application is formed primarily of client layer, application layer, accumulation layer and network layer.Client layer comprises the use object of object platform, mainly comprises keeper, mobile phone users; Application layer major responsibility is the various tasks, scheduling also Matching Platform resource, recovery safety detection and the dual signature correlated results information that receive client layer distribution, and information passes to accumulation layer the most at last; Accumulation layer completes each layer to the quick storage of corresponding service data and secure access with the form such as data-base cluster and disk array; The most basic network data delivery service such as network connection, data traffic control, the control of network operation state centered by network layer.Obviously, application layer is the core of audit center, hereafter introduces the architecture of platform core application layer around three aspects such as web portal, scheduler subsystem and function engine.
Web portal: the major function of web portal has been the interworking with client layer, completes the function such as the inquiry of testing result and analysis, Data Update and integration, files passe and download, installation kit application state are inquired about, system management by port monitoring, Querying Distributed database.
Scheduler subsystem: the major function of scheduler subsystem realizes the functions such as batch tasks reception, scheduling, result recovery, result data storage.Task based access control queue and heartbeat reflex mechanism, scheduler subsystem according to assessment of system performance, scheduling matching system resource and then according to matching result distributed tasks, balanced to ensure the relative load of system resource pool server cluster.It mainly comprises 3 parts:
1) external node, the external interface of scheduler subsystem.There is reception upper strata and issue the basic database operations function such as task and testing result, renewal application state, synchronous safety detected rule storehouse.
2) Centroid, task queue module forms task queue to be allocated according to submitting to of task and submits to task scheduling modules; Secondly, utilize the dispatching algorithm of specifying, task scheduling modules, according to child node heartbeat message coupling resource and allocating task, forms task queue to be issued and issues task to the resource node of specifying; Finally, after task completes, result recycling module reclaims result and stored data base.
3) child node, the task of scheduler subsystem issues execution and System Performance Analysis part.Issue instruction, execution pattern detection and checking business according to the task of Centroid, return testing result to upper layer node, continue to send heartbeat to Centroid according to the system related software collected or hardware performance (as CPU usage, memory usage etc.) information.
Function engine: function engine is concrete function Executive Module, by the Software deployment in the server on Linux virtual machine with particular safety strategy, comprise static state, dynamically, trojan horse detection engine and the service of installation kit dual signature.
The security authentication module of mobile terminal installation kit is primarily of the checking interface embedded in the erector of installation kit, TSM Security Agent (realizing the background application of checking core work) and public key certificate memory block composition.
Idiographic flow is as follows:
First, after the erector in installation kit receives the installation kit of the signature application of installation to be activated, call in checking storehouse and externally verify that interface Verify (application path) starts TSM Security Agent.Secondly, TSM Security Agent obtains public key certificate in public key certificate memory block, calls internal verification interface Verify and verifies installation kit of signing in conjunction with public key certificate.Finally, the result is returned erector by internal verification interface, external certificate interface by TSM Security Agent successively.Owing to embedded in the checking interface of lightweight in the erector of this authentication module only in installation kit, and the flow process such as extraction of various complicated calculations in proof procedure, public key certificate completes by TSM Security Agent, therefore, while can being separated effectively realizing module, ensure that the erector in installation kit runs with security and stability.
Static Detection finds known malicious code fragment; Secondly, detection of dynamic finds unknown malicious act; Finally, whether trojan horse detection checking file is infected by virus, worm, wooden horse and all kinds of Malware.Trojan horse detection utilizes Aulomatizeted Detect script, uploads installation kit and completes safety detection to the detection server be made up of multiple third party's antivirus engine.Mainly introduce Static and dynamic below to detect.
Static Detection: based on the design of security rule base, Static Detection with the source code static analytical technology of installation kit decompiling and object oriented language for core finds known malicious code fragment.Wherein, security rule base is summarized and risk rating from the crucial API Calls of source code angle to malicious acts such as commonly operating system application expending, privacy is stolen, sets corresponding detected rule.
First, decompiler is utilized to carry out decompiling to the virtual machine execution file of application program for mobile terminal, system description document.Secondly, carry out morphology, syntax parsing to Java source code after decompiling, convert analysis result to abstract syntax tree, in matched static security rule base, API carries out control flow check, data-flow analysis to syntax tree.Then inquiry causes the crucial API Calls of malicious act, and data flow follows the trail of the API being introduced into sensitive data, accurately navigates to the critical code section that may occur malicious act in program.Finally, Static Detection result is exported.
Static Detection cannot detect unknown malicious code, and it is difficult to the situations such as reply Code obfuscation, reflection, encryption simultaneously.For the deficiency of Static Detection, need to implement detection of dynamic further.Detection of dynamic analysis is included in controlled environment and runs an application program and detect its behavior, can identify at program run duration to the novel program being not yet added into malicious code storehouse.Dynamic detection technology, comprises the Auto-mounting to application software, startup, testing results, unloading application program on the one hand, and carries out sectional drawing preservation to the interface of whole test process; On the other hand from Linux inner core security monitoring, utilize system call interception mechanism.Inner nuclear layer security monitoring module utilizes LKM Technique dynamic to be loaded in system kernel, and in the process of dynamic test, the operating malicious act of monitoring application program, such as sends note, steals privacy of user file, backstage networks automatically.When behavior is called in installation kit application, inner nuclear layer monitoring module can record the behavior of calling, and by communication socket, information is passed to the program of User space, and preserves corresponding examining report.
Mobile terminal installation kit security authentication module is by novel installation kit dual signature technique guarantee, and it utilizes legal PKI and private key, carries out dual signature checking to installation kit to be installed.The present invention on installation kit system signature, based on a kind of novel installation kit dual signature algorithm of transitive trust Mechanism Design, to ensure the highly effective and safe of authentication module.With the primary signature of operating system for root of trust, trust is constantly upwards delivered to installation kit dual signature flow process.During dual signature, only to MANIFEST.MF, CERT.SF, CERT.RSA dual signature, any process is not done to alternative document, and under dual signature file Sign.sig and PKI key card message file Info.txt is independently stored in META-INF.During checking, utilize Sign.sig to verify MANIFEST.MF, CERT.SF, CERT.RSA by legal public key certificate, the result carries out indicating risk to user, and whether user selects to continue to install voluntarily.This process not only can ensure the integrality of developer self signature file, and when installation kit continues to install, can verify the integrality of All Files in installation kit further, and installation kit file is once will be caused checking to pass through smoothly by change.
In sum, the present invention proposes a kind of Mobile solution data processing method, by implementing safety detection technology and terminal security authentication mechanism, from application website to mobile terminal, the safety of installation kit file can be ensured.
Obviously, it should be appreciated by those skilled in the art, above-mentioned of the present invention each module or each step can realize with general computing system, they can concentrate on single computing system, or be distributed on network that multiple computing system forms, alternatively, they can realize with the executable program code of computing system, thus, they can be stored and be performed by computing system within the storage system.Like this, the present invention is not restricted to any specific hardware and software combination.
Should be understood that, above-mentioned embodiment of the present invention only for exemplary illustration or explain principle of the present invention, and is not construed as limiting the invention.Therefore, any amendment made when without departing from the spirit and scope of the present invention, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.In addition, claims of the present invention be intended to contain fall into claims scope and border or this scope and border equivalents in whole change and modification.
Claims (4)
1. a Mobile solution data processing method, is characterized in that, comprising:
Multiple detection is carried out to the installation kit be published in application website in the audit center of sing on web application, and then mobile terminal utilizes PKI and private key certificate to carry out dual signature to installation kit, judges that whether installation kit is legal.
2. method according to claim 1, is characterized in that, the client layer at described security audit center comprises use object and the user of object platform; Application layer receives various tasks, scheduling also Matching Platform resource, recovery safety detection and the dual signature correlated results information of client layer distribution, and information passes to accumulation layer the most at last; Accumulation layer completes each layer to the storage of corresponding service data and access with the form of data-base cluster and disk array; Network connection is provided centered by network layer, data traffic controls, network operation state controls service;
And wherein, in application layer, web portal completes the interworking with client layer, is monitored, Querying Distributed database completes the inquiry of testing result and analysis, Data Update and integration, files passe and download, installation kit application state are inquired about, system management by port; Scheduler subsystem realizes batch tasks reception, scheduling, result recovery, result data storage; The Software deployment in the server on Linux virtual machine that function engine will have a particular safety strategy, comprise static state, dynamically, trojan horse detection engine and the service of installation kit dual signature.
3. method according to claim 2, it is characterized in that, described mobile terminal installation kit comprises security authentication module, is made up of the checking interface embedded in the erector of installation kit, TSM Security Agent and public key certificate memory block, and wherein TSM Security Agent realizes the background application of checking core work;
After erector in installation kit receives the installation kit of the signature application of installation to be activated, call in checking storehouse and externally verify that interface and application path start TSM Security Agent; Secondly, TSM Security Agent obtains public key certificate in public key certificate memory block, calls internal verification interface and verifies installation kit of signing in conjunction with public key certificate; Finally, the result is returned erector by internal verification interface, external certificate interface by TSM Security Agent successively, embed the checking interface of lightweight in the erector of this authentication module only in installation kit, and the extraction flow process of calculating in proof procedure, public key certificate completes by TSM Security Agent.
4. method according to claim 3, is characterized in that, wherein said multiple detection comprises Static Detection, detection of dynamic and trojan horse detection; Described Static Detection finds known malicious code fragment; Described detection of dynamic finds unknown malicious act; And whether described trojan horse detection checking file is infected by virus, worm, wooden horse and other Malwares, described trojan horse detection also utilizes Aulomatizeted Detect script, uploads installation kit and completes safety detection to the detection server be made up of multiple third party's antivirus engine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510423836.7A CN105120460A (en) | 2015-07-17 | 2015-07-17 | Mobile application data processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510423836.7A CN105120460A (en) | 2015-07-17 | 2015-07-17 | Mobile application data processing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105120460A true CN105120460A (en) | 2015-12-02 |
Family
ID=54668294
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510423836.7A Pending CN105120460A (en) | 2015-07-17 | 2015-07-17 | Mobile application data processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105120460A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108932429A (en) * | 2017-05-27 | 2018-12-04 | 腾讯科技(深圳)有限公司 | Analysis method, terminal and the storage medium of application program |
| CN109214146A (en) * | 2018-08-10 | 2019-01-15 | 北京邮电大学 | The endorsement method of application software, sign test method and apparatus |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100458515B1 (en) * | 2001-12-21 | 2004-12-03 | 한국전자통신연구원 | System and method that can facilitate secure installation of JAVA application for mobile client through wireless internet |
| CN104021321A (en) * | 2014-06-17 | 2014-09-03 | 北京奇虎科技有限公司 | Reinforcing protection method and device for software installation package |
| CN104392177A (en) * | 2014-12-16 | 2015-03-04 | 武汉虹旭信息技术有限责任公司 | Android platform based virus forensics system and method |
-
2015
- 2015-07-17 CN CN201510423836.7A patent/CN105120460A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100458515B1 (en) * | 2001-12-21 | 2004-12-03 | 한국전자통신연구원 | System and method that can facilitate secure installation of JAVA application for mobile client through wireless internet |
| CN104021321A (en) * | 2014-06-17 | 2014-09-03 | 北京奇虎科技有限公司 | Reinforcing protection method and device for software installation package |
| CN104392177A (en) * | 2014-12-16 | 2015-03-04 | 武汉虹旭信息技术有限责任公司 | Android platform based virus forensics system and method |
Non-Patent Citations (2)
| Title |
|---|
| 于成丽等: "一种Android应用安全审核认证系统的设计方案", 《电视技术》 * |
| 于成丽等: "基于信任链传递的APK重签名算法设计", 《电视技术》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108932429A (en) * | 2017-05-27 | 2018-12-04 | 腾讯科技(深圳)有限公司 | Analysis method, terminal and the storage medium of application program |
| CN109214146A (en) * | 2018-08-10 | 2019-01-15 | 北京邮电大学 | The endorsement method of application software, sign test method and apparatus |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104933366A (en) | Mobile terminal application program processing method | |
| CN102855274B (en) | The method and apparatus that a kind of suspicious process detects | |
| US9678774B2 (en) | Secure migration of virtual machines | |
| US8601583B1 (en) | Certification of virtual machine images in cloud computing environments | |
| US20190394221A1 (en) | Detecting repackaged applications based on file format fingerprints | |
| KR101503785B1 (en) | Method And Apparatus For Protecting Dynamic Library | |
| US20060026418A1 (en) | Method, apparatus, and product for providing a multi-tiered trust architecture | |
| US20130055335A1 (en) | Security enhancement methods and systems | |
| US10771477B2 (en) | Mitigating communications and control attempts | |
| CN106295350B (en) | identity verification method and device of trusted execution environment and terminal | |
| Lal et al. | Assuring virtual network function image integrity and host sealing in telco cloue | |
| Wong et al. | Threat modeling and security analysis of containers: A survey | |
| Wong et al. | On the security of containers: Threat modeling, attack analysis, and mitigation strategies | |
| US20100037065A1 (en) | Method and Apparatus for Transitive Program Verification | |
| US20190377874A1 (en) | Grouping application components for classification and malware detection | |
| KR20100054940A (en) | Apparatus and method for preventing malware using signature verification for embedded linux | |
| CN105120460A (en) | Mobile application data processing method | |
| CN111797400B (en) | Dynamic detection method and device for malicious application of Internet of vehicles | |
| Schiffman et al. | Justifying integrity using a virtual machine verifier | |
| US20210216636A1 (en) | Determining Authenticity of Binary Images | |
| Barrera et al. | Meteor: Seeding a security-enhancing infrastructure for multi-market application ecosystems | |
| US11392700B1 (en) | System and method for supporting cross-platform data verification | |
| Morbitzer | Scanclave: verifying application runtime integrity in untrusted environments | |
| Qin et al. | RIPTE: runtime integrity protection based on trusted execution for IoT device | |
| Park et al. | TGVisor: A tiny hypervisor-based trusted geolocation framework for mobile cloud clients |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20151202 |