CN105955829A - Order processing method, device and terminal - Google Patents
Order processing method, device and terminal Download PDFInfo
- Publication number
- CN105955829A CN105955829A CN201610247837.5A CN201610247837A CN105955829A CN 105955829 A CN105955829 A CN 105955829A CN 201610247837 A CN201610247837 A CN 201610247837A CN 105955829 A CN105955829 A CN 105955829A
- Authority
- CN
- China
- Prior art keywords
- instruction
- application program
- bsp driver
- identity legitimacy
- described application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/545—Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/543—Local
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to an embodiment comprising an order processing method, device and terminal, and refers to the computer field; the method and device can realize interaction communication between upper layer applications and hardware bottom layer without invoking JNI; the method comprises the following steps: intercepting an order and a secret order sent by an application of the terminal and used for starting a bottom layer drive program execution, wherein the secret order is formed by pre-using a preset public key to encrypt the order; using a preset private key to decrypt the intercept secret order according to a preset decryption algorithm, comparing the intercepted order with the decrypted order, and carrying out ID validity authentication for the application according to the comparison result; converting the order into a format recognizable by the bottom layer drive program when the application passes the ID validity authentication, and transferring the converted order to the corresponding bottom layer drive program for execution, thus realizing said functions.
Description
Technical field
The present invention relates to computer realm, particularly relate to the processing method of a kind of instruction, device and terminal.
Background technology
Java language is very popular with its cross-platform characteristic, Android be exactly one based on Java language institute
Exploitation system, in Android platform, perform file be packaged as APK (Android Package,
I.e. Android installation kit) form.But, just due to the cross-platform characteristic of Java language, make Java language
Say departing from the contacting of hardware bottom layer, constrain it to apply.In order to solve drawbacks described above, prior art can
To realize (using machine with hardware bottom layer by JNI (Java Native Interface, Java local interface)
Language or other Languages, write such as C/C++ etc.) or other application program (use other Languages, such as C/C++
Etc. writing) mutual.In practice, APK calls nation method by JNI, and nation method is with storehouse
What the form of file was deposited (is dll file form, on unix machine on WINDOWS platform
It is SO document form).By calling the internalist methodology of library file of this locality, APK is made to realize and firmly
Being closely connected of part bottom, each interface method of calling system level.
For example, Application and ApplicationFramework on Android upper strata is to use
Written in Java, and hardware bottom layer includes that system and the numerous Libraries of use are that C/C++ writes, institute
Must be realized by the JNI of Java with the C/C++ function library of upper strata Java bottom to be called.
In the prior art, it is achieved the step of JNI generally comprises following steps:
The first step, writes Java source file.
Second step, compiles Java file.
3rd step, obtains header file with Javah-JNI order compiling.
4th step, the realization of nation method, with non-Java language coding source file.
5th step, creates a shared library, compiles with cl compiler.
6th step, performs java applet.
Visible, implement more complicated by this mode calling JNI, also can produce a large amount of intermediate code,
Not only can affect the operational efficiency of machine, it is also possible to increase and compile unsuccessfully or run failed probability.
Summary of the invention
The present invention provides the processing method of a kind of instruction, device and terminal, in order to never call the premise of JNI
Under, it is achieved upper layer application and the interactive communication of hardware bottom layer.
The invention provides the processing method of a kind of instruction, the method includes:
Intercept and capture and started, by what the application program in terminal sent, instruction and secret order, the institute that bsp driver performs
State secret order to advance with after default PKI is encrypted operation to described instruction and generated;
According to default enciphering and deciphering algorithm, utilize and preset private key, the secret order intercepted is decrypted operation, and
The instruction obtained after the instruction intercepted and decryption oprerations is compared, according to comparison result, to described should
Identity legitimacy certification is carried out by program;
After described application program is by identity legitimacy certification, described instruction being converted to can be by bottom layer driving
The form of procedure identification, and the instruction after conversion is forwarded to the execution of corresponding bsp driver.
Present invention also offers the processing means of a kind of instruction, this device includes:
Message Agent unit, holds for intercepting and capturing the startup bsp driver sent by the application program in terminal
The instruction of row and secret order, described secret order is to advance with default PKI described instruction is encrypted institute after operation
Generate;The instruction intercepted is carried out with by the instruction obtained after the execution decryption oprerations of cipher token manager
Comparison, according to comparison result, carries out identity legitimacy certification to described application program;
Described cipher token manager, for according to presetting enciphering and deciphering algorithm, utilizing and preset private key, to intercepting and capturing
To secret order be decrypted operation;
Message manager, after at described application program by identity legitimacy certification, turns described instruction
Being changed to can be by the form of bsp driver identification;
Message processing unit, performs for the instruction after conversion is forwarded to corresponding bsp driver.
From technique scheme it can be seen that the invention provides a kind of execution method of instruction, can be not
On the premise of calling JNI, it is achieved upper level applications is in the interactive communication of hardware bottom layer driver.At this
In the scheme that invention provides, first, agent side intercept and capture upper level applications and be sent to bsp driver
Instruction, and the application program sending this instruction is carried out identity legitimacy certification;Then, by agent side by
The instruction sent by the application program of identity legitimacy certification is converted to can be by bsp driver identification
Form after, be transmitted to corresponding bsp driver and perform, so, compiling without calling JNI
On the premise of translating, it is achieved that upper level applications and the striding course communication of hardware bottom layer driver, thus subtract
Lack and be compiled produced substantial amounts of intermediate code owing to calling JNI, and then improve instruction and perform into
Power and efficiency, further, owing to the embodiment of the present invention needs first application program to be carried out identity legitimacy
Certification, and then ensure that security of system and stability.
Accompanying drawing explanation
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, institute in embodiment being described below
The accompanying drawing used is needed to briefly introduce, it should be apparent that, the accompanying drawing in describing below is only the present invention's
Some embodiments, from the point of view of those of ordinary skill in the art, in the premise not paying creative work
Under, it is also possible to other accompanying drawing is obtained according to these accompanying drawings.
Fig. 1 performs the schematic flow sheet of method for a kind of instruction agent that the embodiment of the present invention provides;
Fig. 2 (a) is the time diagram of a kind of instruction agent treatment mechanism in the embodiment of the present invention;
Fig. 2 (b) is the schematic flow sheet of a kind of instruction agent processing method in the embodiment of the present invention;
Fig. 3 is the structural representation of the processing means of a kind of instruction in the present invention;
Fig. 4 is the structural representation of a kind of terminal in the present invention.
Detailed description of the invention
In order to make the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to this
Bright it is described in further detail, it is clear that described embodiment is only a part of embodiment of the present invention,
Rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art are not doing
Go out all other embodiments obtained under creative work premise, broadly fall into the scope of protection of the invention.
The embodiment of the present invention can apply to various types of terminal (such as smart mobile phone, intelligent television, machine top
The equipment such as box) in, especially, the embodiment of the present invention goes for using Android (Android) system
Terminal in.In android system, the application program presenting to user is APK (Android
Package, Android installation kit), in general, APK is compiled by Java, based on Java language
The cross-platform characteristic of speech, the embodiment of the present invention is for using the application program (i.e. APK) of Java language compiling
There is widely Practical significance.Therefore, the embodiment of the present invention is mainly to use the application of Java language compiling
It is described as a example by program (i.e. APK).Certainly, based on identical inventive concept and know-why, this
The instruction agent that bright embodiment provides performs method and can also be applied in other system, and the most no longer one at one stroke
Example describes.
Fig. 1 shows that a kind of instruction agent that the embodiment of the present invention provides performs the schematic flow sheet of method, as
Shown in Fig. 1, this flow process may include that
Step 11: intercept and capture by terminal application program send start bsp driver perform instruction and
Secret order, secret order advances with after default PKI is encrypted operation to instruction and is generated.
Step 12: according to default enciphering and deciphering algorithm, utilizes and presets private key, be decrypted the secret order intercepted
Operation, and the instruction obtained after the instruction intercepted and decryption oprerations is compared, according to comparison result,
Application program is carried out identity legitimacy certification.
Step 13: after application program is by identity legitimacy certification, instruction being converted to can be by bottom layer driving
The form of procedure identification, and the instruction after conversion is forwarded to the execution of corresponding bsp driver.
Optionally, before above-mentioned steps 11, generate secret order as follows: receive by application program
Send carries the encrypted instruction of needs and for being encrypted the request of the default PKI of operation;According to
Preset enciphering and deciphering algorithm, utilize the PKI sent by application program to needing encrypted instruction to be encrypted behaviour
Make, and the secret order generated after cryptographic operation is returned to application program, to indicate application program to open at needs
Instruction and secret order is sent during dynamic corresponding bsp driver.
Optionally, in above-mentioned steps 12, when the instruction one obtained after the instruction intercepted with decryption oprerations
During cause, resolve the form of this instruction further, it is judged that whether the form of this instruction parsed meets is advised in advance
Fixed stereotyped command form, if met, then application program passes through identity legitimacy certification, otherwise, application
Program is not by identity legitimacy certification.
Optionally, in above-mentioned steps 13, instruction is analyzed, identifies the instruction type of instruction and refer to
Make content;According to the instruction type of instruction, determine the bsp driver performing to call needed for instruction;Will
The command content of instruction is converted to by the form of this bsp driver identification, and the instruction after conversion to be deposited
Store up in the internal storage location shared with this bsp driver, to indicate this bsp driver to read finger
Corresponding operating is performed after order.
Optionally, after above-mentioned steps 13, the application passing through identity legitimacy certification that will intercept
The instruction that program is sent, is saved in the record authenticating instruction;Intercepting by answering in terminal every time
After the instruction starting bsp driver execution sent by program and secret order, inquire about this finger intercepted
Whether order is included in the historical record having authenticated instruction, if it is, no longer application program is carried out identity
Legitimacy certification, directly instruction being converted to can be by the form of bsp driver identification and be forwarded to corresponding
Bsp driver performs;Otherwise, the step performing that application program is carried out identity legitimacy certification is started.
Optionally, in above-mentioned steps 13 at application program by after identity legitimacy certification, will instruction
Be converted to be determined whether to perform the required System Privileges of instruction by before the form of bsp driver identification
Rank;If the bsp driver that the System Privileges needed for performing this instruction is superior to pre-set allows
The Permission Levels performed, then abandon this instruction;If performing the System Privileges rank needed for this instruction not higher than
The bsp driver that pre-sets allows the Permission Levels performed, then start that perform to be converted to instruction can quilt
The step of the form of bsp driver identification.
Below the embodiment of the present invention is described in detail.
First, the know-why of the embodiment of the present invention and inventive concept are carried out overview:
First, in order to realize Java code and use other language (including machine language and non-machine language)
Mutual between the code write, simultaneously not in use by the JNI function in android system, the present invention
Embodiment provides a kind of instruction agent treatment mechanism, instruction agent the treatment mechanism tune asked by APK
Phase is consigned to instruction (call hardware bottom layer driver or call the relevant api interface of other APK)
Close driver or other APK perform, it is not necessary to re-use JNI function, thus avoid a large amount of centre
The generation of code.
Second, in order to ensure instruction agent perform during safety, then need the identity to APK to close
Method is verified, APK can be verified by the embodiment of the present invention to utilize various authentication mode,
After only the identity authority at APK is verified, then by agent side, pending instruction is consigned to bottom
Driver performs, thus on the decrease between while code a large amount of produce, it is ensured that the safety of system
And stability.In embodiments of the present invention, preferably provide a kind of employing private/public key association scheme to carry out
Identity legitimacy carries out the mechanism verified.First, agent side uses private key to be decrypted the secret order intercepted,
The most legal with the private key that checking application program is used, then, this instruction that agent side judgement parses
Whether form meets prespecified stereotyped command form, to verify that the data form that application program is used is
No legal, and then by double verification mode, it is ensured that the safety and stability of whole system.
Visible, the embodiment of the present invention provides a kind of instruction agent treatment mechanism, in embodiments of the present invention,
The agent side being pre-set at terminal inner can be utilized to perform above-mentioned instruction agent and to process operation, and by acting on behalf of
Pending instruction is consigned to bsp driver and performs by end.
First, the system architecture to the agent side in the embodiment of the present invention carries out citing description.
In embodiments of the present invention, agent side can include several unit modules, specifically includes: message generation
Reason unit (sever proxy), cipher token manager (key manager), message manager (message
Manager), message processing unit (server) and anonymous shared drive unit (Share Memory).
Message Agent unit, can be responsible for providing Java api interface, call for APK.
Cipher token manager, can be responsible for utilizing various encryption/decryption algorithm, the secret order carrying out APK transmission
It is decrypted operation.In order to ensure the execution efficiency of program, cipher token manager has special section
Mechanism (conversation mechanism), after Unified Process successful decryption, again during application deciphering, can get around deciphering, carry
The execution efficiency of high program.
Message manager, can be responsible for the Message Processing after resolving deciphering and become that message server is accessible to disappear
Breath.
Message processing unit, can be responsible for pending instruction being paid in related driver programs execution.
Anonymous shared drive unit, (Inter-Process Communication, between process can be responsible for IPC
Communication) communication, transmit information at agent side and service end.
System structure based on above-mentioned agent side, below to the embodiment of the present invention provide instruction agent process and
Execution mechanism is described in detail.
Fig. 2 (a) shows the time diagram of a kind of instruction agent treatment mechanism in the embodiment of the present invention,
In embodiments of the present invention, agent side that APK is sent, for starting bsp driver execution
Instruction and secret order carry out intercepting, process and forwarding, it is not necessary to call JNI and can realize cross-platform, striding course
Communication.
Step S21: application program (application) sends and carries the encrypted instruction of needs and for entering
The request of the default PKI of row cryptographic operation, i.e. encryptMsg (msg, rsaPubKey).
When implementing, when requiring that application program (i.e. application) obtains service broker due to agent side,
Any original signaling of 5 bytes is provided, and (RSA algorithm, rsa encryption is calculated with using RSA
Method) PKI together passes to agent side, the key manager of agent side be responsible for according to encryption/decryption algorithm,
Utilize the RSA PKI uploaded by application program that original signaling is encrypted.
Step S22: the secret order (enMsg) generated after encryption is returned to by the key manager of agent side
Application program (application).
Step S23: application program, when needs start bsp driver, sends and is used for starting bottom layer driving
The instruction of program execution and secret order (enMsg).
Step S24: what the sever proxy intercepting and capturing application program of agent side sent is used for starting bottom layer driving journey
The instruction of sequence execution and secret order (enMsg).
Step S25: the secret order (enMsg) intercepted and instruction are passed to by the sever proxy of agent side
Key manager is decrypted (decrypt) operation.
Concrete, after the key manager of agent side receives presumptive instruction and the secret order encrypted, from Gao An
Chip or read-only zones obtain RSA private key, secret order is decrypted operation, the finger after being deciphered
Make (decryptedMsg (type, command).If the instruction decrypted is consistent with presumptive instruction, and
Meet prespecified stereotyped command form, such as Msg (type, command), then application program is described
(application) identity is legal and passes through identity legitimacy certification, otherwise refuses to use.
Step S26: after identity legitimacy certification, instruction is passed to by the key manager of agent side
Message manager carries out conversion process.
After identity legitimacy certification, can use agent side process instruction (decryptedMsg (type,
Command)): general instruction format is divided into two sections, and leading portion is the type of instruction, and back segment is concrete instruction
Content.Agent side continues to be analyzed instruction and resolve, such as according to the instruction type after analyzing and resolving
(type), the volume that the bsp driver started required for performing this instruction (command) is used is determined
Cheng Yuyan, in order to this instruction being converted to further can be by the programming language of bsp driver identification and lattice
Formula.In embodiments of the present invention, instruction type can represent command type, as level commands, system
Level commands, root level commands, explosion command etc..For example, agent side can utilize and to table look-up
Mode determines the bottom layer driving journey performing to start required for this instruction according to instruction type and/or command content
The programming language that the mark of sequence and this bsp driver are used, and then by agent side, this instruction is changed
For can be by the form (including language, data form etc.) of bsp driver identification.
Step S27: the instruction after conversion is stored anonymity and shares interior by the message manager of agent side
In memory cell (Share Memory).
Concrete, owing to anonymous shared drive unit is for realizing the striding course communication of agent side and service end,
Therefore, it practice, the message manager of agent side will resolve after instruction by anonymous shared drive
Unit (alternatively referred to as Ashmem, Anonymous Shared Memory) consigns to service end and performs
(handleMsg)。
Step S28: the Share Memory of agent side receives the execution result (result) that service end returns.
Further, if this instruction is the message synchronizing to perform, then wait that service end returns result,
If this instruction is the message that synchronous asynchronous performs, then program directly returns.
Step S29: the Share Memory of agent side will perform result (result) and return to sever proxy.
The sever proxy of step S210~S212: agent side will perform result (result) and feed back to application
Program (application).
Further, in above-mentioned steps S25, in order to ensure agent side execution efficiency, the embodiment of the present invention
Section mechanism (conversation mechanism) can also be used.For example, if an application program (application)
The most legal instruction agent execution mechanism using this agent side to be provided, agent side can record this application
The title of program (application), such as, can be saved in the record having authenticated instruction, and next time makes again
Used time (if having inquired identical historical record) is just not required to repeat encryption and decryption step, can be direct
Transmission order), after Unified Process successful decryption, again during application deciphering, deciphering can be got around, improve agency
The execution efficiency of end.
In order to improve the safety and stability of instruction agent execution mechanism further, the embodiment of the present invention also may be used
After at application program by identity legitimacy certification, instruction being converted to can be by bsp driver identification
Before form, it is judged that perform System Privileges rank needed for this instruction, as level commands, system level order
Order, root level commands, explosion command etc., if the System Privileges needed for performing this instruction is superior to
The bsp driver pre-set allows the Permission Levels performed, then abandon this instruction;If performing this to refer to
The bsp driver that System Privileges rank needed for order not higher than pre-sets allows the Permission Levels performed,
Then start and perform that instruction be converted to can be by the step of the form of bsp driver identification.
Certainly, in actual applications, it is possible to use the instruction processor system that the embodiment of the present invention is provided is carried out
Instruction agent performs and processes.As the preferred implementation of one, Fig. 2 (b) shows that the present invention implements
The schematic flow sheet of a kind of instruction agent processing method in example, as shown in Fig. 2 (b), this flow process can be wrapped
Include:
Step 201: obtain command service.
Step 202:APK call instruction function.
Step 203: decision instruction is the most legal, if it is, continue executing with step 204;Otherwise, return
Return mistake.
Step 204: agent side carries out instruction and resolves.
Step 205: whether agent side decision instruction can recognize that, if it is, continue executing with step 206,
Otherwise, mistake is returned.
Step 206: instruction is passed to service end by shared drive.
Step 207: service end processes instruction.
Step 208: decision instruction performs the most successful, if it is, continue executing with step 209, otherwise,
Return mistake.
Step 209: execution result is saved in shared drive.
Step 210: agent side obtains instruction execution result.
Step 211: instruction execution result is fed back to caller APK by agent side, and terminates flow process.
From technique scheme it can be seen that the invention provides a kind of execution method of instruction, can be not
On the premise of calling JNI, it is achieved upper level applications is in the interactive communication of hardware bottom layer driver.At this
In the scheme that invention provides, first, agent side intercept and capture upper level applications and be sent to bsp driver
Instruction, and the application program sending this instruction is carried out identity legitimacy certification;Then, by agent side by
The instruction sent by the application program of identity legitimacy certification is converted to can be by bsp driver identification
Form after, be transmitted to corresponding bsp driver and perform, so, compiling without calling JNI
On the premise of translating, it is achieved that upper level applications and the striding course communication of hardware bottom layer driver, thus subtract
Lack and be compiled produced substantial amounts of intermediate code owing to calling JNI, and then improve instruction and perform into
Power and efficiency, further, owing to the embodiment of the present invention needs first application program to be carried out identity legitimacy
Certification, and then ensure that security of system and stability.
Based on identical technology design, present invention also offers the processing means of a kind of instruction, Fig. 3 shows
The structural representation of the processing means of a kind of instruction in the present invention, as it is shown on figure 3, this device includes:
Message Agent unit 31, for intercepting and capturing the startup bsp driver sent by the application program in terminal
The instruction performed and secret order, described secret order is to advance with after default PKI is encrypted operation to described instruction
Generated;The instruction intercepted is entered with by the instruction obtained after the execution decryption oprerations of cipher token manager
Row comparison, according to comparison result, carries out identity legitimacy certification to described application program;
Described cipher token manager 32, for according to presetting enciphering and deciphering algorithm, utilizing and preset private key, to cutting
The secret order received is decrypted operation;
Message manager 33, after at described application program by identity legitimacy certification, by described instruction
Being converted to can be by the form of bsp driver identification;
Message processing unit 34, performs for the instruction after conversion is forwarded to corresponding bsp driver.
Optionally, described cipher token manager 32 specifically for:
Receive and carried the encrypted instruction of needs and for being encrypted behaviour by what described application program sent
The request of the default PKI made;According to described default enciphering and deciphering algorithm, utilization is sent by described application program
PKI is to needing encrypted instruction to be encrypted operation, and is returned to by the secret order generated after cryptographic operation
Described application program, to indicate described application program to send institute when needs start corresponding bsp driver
State instruction and secret order.
Optionally, described Message Agent unit 31 specifically for:
When the instruction intercepted is consistent with the instruction obtained after decryption oprerations, resolve the lattice of this instruction further
Formula, it is judged that whether the form of this instruction parsed meets prespecified stereotyped command form, if met,
The most described application program passes through identity legitimacy certification, and otherwise, described application program does not passes through identity legitimacy
Certification.
Optionally, described message manager 33 specifically for:
Described instruction is analyzed, identifies instruction type and the command content of described instruction;According to described finger
The instruction type of order, determines the bsp driver performing to call needed for described instruction;By described instruction
Command content is converted to can be by the form of this bsp driver identification;
Described message processing unit specifically for: will conversion after instruction store and this bsp driver institute
In the internal storage location shared, to indicate this bsp driver to perform corresponding operating after reading described instruction.
Optionally, described Message Agent unit 31 is additionally operable to: pass through identity legitimacy at described application program
After certification, the instruction sent by the application program of identity legitimacy certification that will intercept, preserve
In the record authenticating instruction;Drive intercepting the startup bottom sent by the application program in terminal every time
After instruction that dynamic program performs and secret order, inquire about this instruction intercepted and whether be included in and authenticated instruction
Historical record in, if it is, no longer described application program to be carried out identity legitimacy certification, directly will
Described instruction is converted to can be by the form of bsp driver identification and be forwarded to corresponding bsp driver
Perform;Otherwise, the step performing that described application program is carried out identity legitimacy certification is started.
Optionally, described Message Agent unit 31 is additionally operable to:
Determine whether to perform System Privileges rank needed for described instruction;If performing the system needed for this instruction
Permission Levels allow the Permission Levels performed higher than the bsp driver pre-set, then abandon this instruction;
If the bsp driver that the System Privileges rank needed for performing this instruction not higher than pre-sets allows to hold
The Permission Levels of row, then start and perform that described instruction be converted to can be by the form of bsp driver identification
Step.
Based on identical technology design, present invention also offers a kind of terminal, Fig. 4 shows in the present invention
The structural representation of a kind of terminal, as shown in Figure 4, this terminal includes: instruction processing unit 41 and each
Application program 42.
The present invention is with reference to method, equipment (system) and computer program product according to embodiments of the present invention
The flow chart of product and/or block diagram describe.It should be understood that can by computer program instructions flowchart and
/ or block diagram in each flow process and/or flow process in square frame and flow chart and/or block diagram and/
Or the combination of square frame.These computer program instructions can be provided to general purpose computer, special-purpose computer, embedding
Formula datatron or the processor of other programmable data processing device so that by this computer or other can compile
The instruction that the processor of journey data handling equipment performs can a flow process in flowchart or multiple flow process
And/or the function specified in one square frame of block diagram or multiple square frame.
These computer program instructions may be alternatively stored in and computer or the process of other programmable datas can be guided to set
In the standby computer-readable memory worked in a specific way so that be stored in this computer-readable memory
Instruction produce and include the manufacture of command device, this command device realizes in one flow process or multiple of flow chart
The function specified in flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, makes
Sequence of operations step must be performed to produce computer implemented place on computer or other programmable devices
Reason, thus the instruction performed on computer or other programmable devices provides for realizing at the one of flow chart
The step of the function specified in individual flow process or multiple flow process and/or a square frame of block diagram or multiple square frame.
Although preferred embodiments of the present invention have been described, but those skilled in the art once know base
This creativeness concept, then can make other change and amendment to these embodiments.So, appended right is wanted
Ask and be intended to be construed to include preferred embodiment and fall into all changes and the amendment of the scope of the invention.
Obviously, those skilled in the art can carry out various change and modification without deviating from this to the present invention
Bright spirit and scope.So, if the present invention these amendment and modification belong to the claims in the present invention and
Within the scope of its equivalent technologies, then the present invention is also intended to comprise these change and modification.
Claims (13)
1. the processing method of an instruction, it is characterised in that the method includes:
Intercept and capture and started, by what the application program in terminal sent, instruction and secret order, the institute that bsp driver performs
State secret order to advance with after default PKI is encrypted operation to described instruction and generated;
According to default enciphering and deciphering algorithm, utilize and preset private key, the secret order intercepted is decrypted operation, and
The instruction obtained after the instruction intercepted and decryption oprerations is compared, according to comparison result, to described should
Identity legitimacy certification is carried out by program;
After described application program is by identity legitimacy certification, described instruction being converted to can be by bottom layer driving
The form of procedure identification, and the instruction after conversion is forwarded to the execution of corresponding bsp driver.
2. the method for claim 1, it is characterised in that generate secret order as follows:
Receive and carried the encrypted instruction of needs and for being encrypted behaviour by what described application program sent
The request of the default PKI made;
According to described default enciphering and deciphering algorithm, utilize the PKI sent by described application program encrypted to needs
Instruction be encrypted operation, and the secret order generated after cryptographic operation is returned to described application program, with
Described application program is indicated to send described instruction and secret order when needs start corresponding bsp driver.
3. the method for claim 1, it is characterised in that described application program is carried out identity conjunction
Method certification, including:
When the instruction intercepted is consistent with the instruction obtained after decryption oprerations, resolve the lattice of this instruction further
Formula, it is judged that whether the form of this instruction parsed meets prespecified stereotyped command form, if met,
The most described application program passes through identity legitimacy certification, and otherwise, described application program does not passes through identity legitimacy
Certification.
4. the method for claim 1, it is characterised in that described described instruction being converted to can quilt
The form of bsp driver identification is also forwarded to corresponding bsp driver and performs, including:
Described instruction is analyzed, determines the bsp driver performing to call needed for described instruction;
Be converted to described instruction by the form of this bsp driver identification, and the instruction after conversion to be deposited
Store up in the internal storage location shared with this bsp driver, to indicate this bsp driver in described
Corresponding operating is performed after memory cell reads described instruction.
5. the method for claim 1, it is characterised in that closed by identity at described application program
After method certification, the method also includes: the application program passing through identity legitimacy certification that will intercept
The instruction sent, is saved in the record authenticating instruction;
Started, by what the application program in terminal sent, the instruction that bsp driver performs intercepting every time
And after secret order, the method farther includes:
Inquire about whether this instruction intercepted is included in the historical record having authenticated instruction, if it is,
No longer described application program is carried out identity legitimacy certification, directly is converted to be driven by bottom by described instruction
The form of dynamic program identification is also forwarded to corresponding bsp driver and performs;Otherwise, execution is started to described
Application program carries out the step of identity legitimacy certification.
6. the method as according to any one of claim 1-5, it is characterised in that at described application program
After identity legitimacy certification, described described instruction being converted to can be by the form of bsp driver identification
Before, the method also includes:
Determine whether to perform System Privileges rank needed for described instruction;
If the bsp driver that the System Privileges needed for performing this instruction is superior to pre-set allows
The Permission Levels performed, then abandon this instruction;
If the bsp driver that the System Privileges rank needed for performing this instruction not higher than pre-sets is permitted
Permitted the Permission Levels performed, then start and perform that described instruction be converted to can be by the lattice of bsp driver identification
The step of formula.
7. the processing means of an instruction, it is characterised in that this device includes:
Message Agent unit, holds for intercepting and capturing the startup bsp driver sent by the application program in terminal
The instruction of row and secret order, described secret order is to advance with default PKI described instruction is encrypted institute after operation
Generate;The instruction intercepted is carried out with by the instruction obtained after the execution decryption oprerations of cipher token manager
Comparison, according to comparison result, carries out identity legitimacy certification to described application program;
Described cipher token manager, for according to presetting enciphering and deciphering algorithm, utilizing and preset private key, to intercepting and capturing
To secret order be decrypted operation;
Message manager, after at described application program by identity legitimacy certification, turns described instruction
Being changed to can be by the form of bsp driver identification;
Message processing unit, performs for the instruction after conversion is forwarded to corresponding bsp driver.
8. device as claimed in claim 7, it is characterised in that described cipher token manager is specifically used
In:
Receive and carried the encrypted instruction of needs and for being encrypted behaviour by what described application program sent
The request of the default PKI made;According to described default enciphering and deciphering algorithm, utilization is sent by described application program
PKI is to needing encrypted instruction to be encrypted operation, and is returned to by the secret order generated after cryptographic operation
Described application program, to indicate described application program to send institute when needs start corresponding bsp driver
State instruction and secret order.
9. device as claimed in claim 7, it is characterised in that described Message Agent unit specifically for:
When the instruction intercepted is consistent with the instruction obtained after decryption oprerations, resolve the lattice of this instruction further
Formula, it is judged that whether the form of this instruction parsed meets prespecified stereotyped command form, if met,
The most described application program passes through identity legitimacy certification, and otherwise, described application program does not passes through identity legitimacy
Certification.
10. device as claimed in claim 7, it is characterised in that described message manager specifically for:
Described instruction is analyzed, determines the bsp driver performing to call needed for described instruction;Will
Described instruction is converted to can be by the form of this bsp driver identification;
Described message processing unit specifically for: will conversion after instruction store and this bsp driver institute
In the internal storage location shared, to indicate this bsp driver to read described instruction from described internal storage location
Rear execution corresponding operating.
11. devices as claimed in claim 7, it is characterised in that described Message Agent unit is additionally operable to:
After described application program is by identity legitimacy certification, pass through identity legitimacy by intercept
The instruction that the application program of certification is sent, is saved in the record authenticating instruction;Intercept every time by
After the instruction of the startup bsp driver execution that the application program in terminal sends and secret order, inquire about this
Whether the instruction intercepted is included in the historical record having authenticated instruction, if it is, no longer answer described
Carrying out identity legitimacy certification by program, directly described instruction being converted to can be by bsp driver identification
Form is also forwarded to the execution of corresponding bsp driver;Otherwise, start execution described application program is carried out
The step of identity legitimacy certification.
12. devices as according to any one of claim 7-11, it is characterised in that described Message Agent list
Unit is additionally operable to:
Determine whether to perform System Privileges rank needed for described instruction;If performing the system needed for this instruction
Permission Levels allow the Permission Levels performed higher than the bsp driver pre-set, then abandon this instruction;
If the bsp driver that the System Privileges rank needed for performing this instruction not higher than pre-sets allows to hold
The Permission Levels of row, then start and perform that described instruction be converted to can be by the form of bsp driver identification
Step.
13. 1 kinds of terminals, it is characterised in that this terminal includes as according to any one of claim 7-12
Instruction processing unit and each application program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610247837.5A CN105955829A (en) | 2016-04-20 | 2016-04-20 | Order processing method, device and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610247837.5A CN105955829A (en) | 2016-04-20 | 2016-04-20 | Order processing method, device and terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105955829A true CN105955829A (en) | 2016-09-21 |
Family
ID=56917845
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610247837.5A Pending CN105955829A (en) | 2016-04-20 | 2016-04-20 | Order processing method, device and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105955829A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107220133A (en) * | 2017-05-27 | 2017-09-29 | 郑州云海信息技术有限公司 | A kind of data interactive method, apparatus and system |
| CN107589999A (en) * | 2017-09-04 | 2018-01-16 | 哈尔滨工程大学 | Process communication safe channel establishing method in a kind of Incorporate chemical industry journey |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103347017A (en) * | 2013-06-27 | 2013-10-09 | 华为技术有限公司 | Data processing method and system on chip |
| CN103488478A (en) * | 2013-09-03 | 2014-01-01 | 厦门雅迅网络股份有限公司 | Device management framework based on android platform |
| CN103746959A (en) * | 2013-11-27 | 2014-04-23 | 上海斐讯数据通信技术有限公司 | Java and C communication mechanism implementation method in OSGi environment |
| CN104318135A (en) * | 2014-10-27 | 2015-01-28 | 中国科学院信息工程研究所 | Java code safety dynamic loading method on basis of trusted execution environment |
| CN104517060A (en) * | 2015-01-08 | 2015-04-15 | 南京创和信息技术有限公司 | System and method for intercepting file access instruction based on Android platform |
-
2016
- 2016-04-20 CN CN201610247837.5A patent/CN105955829A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103347017A (en) * | 2013-06-27 | 2013-10-09 | 华为技术有限公司 | Data processing method and system on chip |
| CN103488478A (en) * | 2013-09-03 | 2014-01-01 | 厦门雅迅网络股份有限公司 | Device management framework based on android platform |
| CN103746959A (en) * | 2013-11-27 | 2014-04-23 | 上海斐讯数据通信技术有限公司 | Java and C communication mechanism implementation method in OSGi environment |
| CN104318135A (en) * | 2014-10-27 | 2015-01-28 | 中国科学院信息工程研究所 | Java code safety dynamic loading method on basis of trusted execution environment |
| CN104517060A (en) * | 2015-01-08 | 2015-04-15 | 南京创和信息技术有限公司 | System and method for intercepting file access instruction based on Android platform |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107220133A (en) * | 2017-05-27 | 2017-09-29 | 郑州云海信息技术有限公司 | A kind of data interactive method, apparatus and system |
| CN107589999A (en) * | 2017-09-04 | 2018-01-16 | 哈尔滨工程大学 | Process communication safe channel establishing method in a kind of Incorporate chemical industry journey |
| CN107589999B (en) * | 2017-09-04 | 2020-07-24 | 哈尔滨工程大学 | Process communication safety channel establishing method in heaven-earth integrated engineering |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10601801B2 (en) | Identity authentication method and apparatus | |
| CN111177749B (en) | Encrypted source code file processing method and device, computer equipment and storage medium | |
| CN103546289B (en) | USB (universal serial bus) Key based secure data transmission method and system | |
| US20100275025A1 (en) | Method and apparatus for secure communication | |
| CN101567893A (en) | Method and system for uploading files in WEB application | |
| CN108111622B (en) | Method, device and system for downloading white box library file | |
| CN112468305B (en) | Internet of things security authentication method and equipment | |
| CN108183796A (en) | The method and device of encryption and decryption is carried out using whitepack library file and whitepack key file | |
| CN111416816A (en) | Access method and device of joint debugging interface, computer equipment and storage medium | |
| CN117081736A (en) | Key distribution method, key distribution device, communication method, and communication device | |
| CN111249740A (en) | Resource data access method and system | |
| CN105825142A (en) | Method and device for encrypting and decrypting documents in mobile terminal | |
| CN113766503B (en) | Binding method and system of intelligent device and related device | |
| CN105955829A (en) | Order processing method, device and terminal | |
| CN109088733B (en) | Method and device for realizing application expansion of smart card | |
| CN116599719A (en) | User login authentication method, device, equipment and storage medium | |
| JP2010217604A (en) | Image forming apparatus, information management method, and program | |
| CN114329574B (en) | Encrypted partition access control method and system based on domain management platform and computing equipment | |
| CN113946801B (en) | Python source code protection method and device based on SGX | |
| CN111460464B (en) | Data encryption and decryption method and device, electronic equipment and computer storage medium | |
| CN111212044B (en) | Data transmission method, device and storage medium | |
| CN210745178U (en) | Identity authentication system | |
| CN113420313A (en) | Program safe operation and encryption method and device, equipment and medium thereof | |
| KR102050797B1 (en) | Middle Box Apparatus and processing Encrypted Traffic Method Thereof | |
| US11271738B1 (en) | Secure, reliable, and decentralized communication in cloud platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160921 |