CN105989306A - File signature method and device of operating system and file verification method and device of operating system - Google Patents
File signature method and device of operating system and file verification method and device of operating system Download PDFInfo
- Publication number
- CN105989306A CN105989306A CN201510079120.XA CN201510079120A CN105989306A CN 105989306 A CN105989306 A CN 105989306A CN 201510079120 A CN201510079120 A CN 201510079120A CN 105989306 A CN105989306 A CN 105989306A
- Authority
- CN
- China
- Prior art keywords
- file
- cryptographic hash
- image file
- operating system
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a file signature method and device of an operating system and a file verification method and device of the operating system. The file verification method comprises the following steps: obtaining the mirror image file of the operating system; obtaining a signature strategy file and a private key file; according to the signature strategy file and the private key file, carrying out digital signature and encryption on a file which conforms to a condition in the mirror image file to obtain a safe mirror image file; obtaining a checking signature strategy file and a public key file; and according to the checking signature strategy file and the public key file, checking the safe mirror image file, and considering that the file of the operating system is safe if the safe mirror image file conforms to a checking condition. The file verification method only check the file recorded by the checking signature strategy file so as to improve checking efficiency. Meanwhile, the digital signature of the file can be directly stored in the file attribute entries of the checked file, and signature information is read while the file is accessed after the system is started, which is very convenient. The system file can be prevented from being falsified, and meanwhile, single or multiple files can be upgraded.
Description
Technical field
The present invention relates to smart machine security technology area, particularly relate to the file signature side of a kind of operating system
Method, file verification method and device.
Background technology
Current intelligent set operating system, such as Android system, security incident emerges in an endless stream, mainly
A reason be exactly the content of critical file of system or attribute there occurs and is tampered.The means distorted have
Two kinds, one is distorted when being and run, and i.e. performs crack tool in the operating system run, by force in amendment
Deposit or specified file on disk.Another kind is that the operating system of equipment is brushed in the case of inoperative
Machine is distorted, and directly revises disk file, now the most properly functioning due to the operating system of equipment, safety
Protective capacities is the weakest, gives cracker opportunity.
The anti-tamper patent documentation of existing disk mirroring includes: " a kind of data tamper-proof method and device "
Refer to by operating system nucleus according to the security strategy pre-saved, it is judged that the first application program is to determining
Protected data amendment operation whether be valid operation.But the deficiency of the method is, it is impossible to verification
In the case of equipment inoperative, the mode that the file mirrors on disk or FLASH is write with a brush dipped in Chinese ink is distorted." it is
System starts method of calibration, system start-up calibration equipment and terminal ", " OPTIMIZED STARTUP
VERIFICATION OF FILE SYSTEM INTEGRITY " and " realize system in System guides district
The system of file integrality checking " the principle that realizes determine in their method of calibration, verification behavior can only
Occur to start guiding period at equipment." the anti-tamper verification method of software and device " refer to file school
Test the method for calibration that value compares with service end check value.But, the deficiency of the method is, to network speed
There is dependence in degree, in the case of network condition is bad, or when verified number of files is huge, and school
Testing frequently under scene, the verification efficiency of the method will be the lowest.
《INTELLIGENT MOBILE TERMINAL AND DATA PROCESSING
METHOD THEREFOR " introduce signature storehouse and filtering module, the file that all processors are accessed,
All carrying out signature verification with signature storehouse, signature stock be placed in hidden partition, is once accessed file signature not
Exist or sign incorrect, all passing through filtering module and first do the CPU access to this document.This invention
Being disadvantageous in that the problem that there is obvious performance, the file system files quantity of general operation system is very
Huge, if left in signature storehouse each with a signature, will additionally consume bigger space, and,
Each file of system is carried out signature check, can seriously drag the speed that slow booting operating system starts, fall
Low Consumer's Experience." method of image file checking in operation " refer to file mirrors is passed through digital signature
One new file mirrors of rear formation, such that it is able to regularly go to verify file when equipment starts or after starting
The digital signature of mirror image, thus reach anti-tamper effect.This invention is disadvantageous in that, can only be to literary composition
Part mirror image entirety verifies, it is impossible to selectively verify the content of image file, and current file mirror
As general the biggest, the most hundreds of million, so verification efficiency is a problem the most very much.
Summary of the invention
The technical problem to be solved is, it is provided that a kind of file signature method of operating system,
File verification method and device, signs strategy file by Sign Policies file and school, completes critical file school
Test, it is to avoid the verification to all files, improve verification efficiency.
In order to solve above-mentioned technical problem, the present invention adopts the following technical scheme that
An aspect according to the embodiment of the present invention, it is provided that a kind of file signature method of operating system includes:
Obtain the image file of operating system;Obtain Sign Policies file and private key file;According to described Sign Policies
File and private key file, be digitally signed file qualified in described image file and encrypt,
To security image file.
Optionally, the image file of described acquisition operating system includes: obtain operating system source file;To behaviour
Make system source file to be compiled, generate described image file.
Optionally, described private key file is asymmetric cryptography private key file.
Optionally, described according to described Sign Policies file and private key file, meet in described image file
The file of condition is digitally signed and encrypts, and obtains security image file and includes: obtains described Sign Policies
Catalogue in file;Determine mirror image corresponding with the catalogue in described Sign Policies file in described image file
File;Described image file is signed and encryption, obtains described security image file.
Optionally, described image file is signed and encryption, obtain described security image file
Step includes: the file content obtaining the image file corresponding with the catalogue in described Sign Policies file is corresponding
The first cryptographic Hash;According to described private key file, described first cryptographic Hash is encrypted, and by after encryption
First cryptographic Hash preserve to described image file file attribute the first attributes entries in;Obtain with described
The second cryptographic Hash that the file attribute of the image file that catalogue in Sign Policies file is corresponding is corresponding;According to institute
State private key file, described second cryptographic Hash is encrypted, and described second cryptographic Hash after encryption is preserved
To the second attributes entries of the file attribute of described image file, obtain described security image file.
Optionally, described file signature method also includes: obtain and need in operating system the file pair of upgrading
The renewal file answered;Described renewal file is digitally signed, obtains an AKU.
Optionally, described described renewal file is digitally signed, obtains an AKU and include: obtain with
The first cryptographic Hash that the file content of described renewal file is corresponding is corresponding with the file attribute of described renewal file
The second cryptographic Hash;By needs corresponding with described renewal file to described first cryptographic Hash, the second cryptographic Hash
The file name of the file of upgrading and file path preserve to upgrade information file;Obtain described upgrade information
The cryptographic Hash that the file content of file is corresponding, and according to described private key file, this cryptographic Hash is encrypted, will encryption
Result preserves to described upgrade information file;Described renewal file and upgrade information file are packed, obtains
Described AKU.
Another aspect according to the embodiment of the present invention, it is provided that a kind of file verification method of operating system,
Including: obtain the image file of operating system;Obtain Sign Policies file and private key file;According to described label
Name strategy file and private key file, be digitally signed file qualified in described image file and add
Close, obtain security image file;Obtain school and sign strategy file and PKI file;Strategy literary composition is signed according to described school
Part and PKI file, verify described security image file, if meeting verification condition, then it is assumed that described
The file security of operating system.
Optionally, described according to described Sign Policies file and private key file, meet in described image file
The file of condition is digitally signed and encrypts, and obtains security image file and includes: obtains described Sign Policies
Catalogue in file;Determine mirror image corresponding with the catalogue in described Sign Policies file in described image file
File;Described image file is signed and encryption, obtains described security image file.
Optionally, described image file is signed and encryption, obtain described security image file
Step includes: the file content obtaining the image file corresponding with the catalogue in described Sign Policies file is corresponding
The first cryptographic Hash;According to described private key file, described first cryptographic Hash is encrypted, and by after encryption
First cryptographic Hash preserve to described image file file attribute the first attributes entries in;Obtain with described
The second cryptographic Hash that the file attribute of the image file that catalogue in Sign Policies file is corresponding is corresponding;According to institute
State private key file, described second cryptographic Hash is encrypted, and the second cryptographic Hash after encryption is preserved to institute
In second attributes entries of the file attribute stating image file, obtain described security image file.
Optionally, described according to described school label strategy file and PKI file, described security image file is entered
Row verification, if meeting verification condition, then it is assumed that the step of the file security of described operating system includes: obtain
The catalogue in strategy file is signed in described school;Determine in described security image file and sign in strategy file with described school
Security image file corresponding to catalogue;Obtain and sign, with described school, the safety glasses that the catalogue in strategy file is corresponding
As the second cryptographic Hash that the file attribute of file is corresponding;According to described PKI file, described school is signed strategy literary composition
The second cryptographic Hash in second attributes entries of the security image file that catalogue in part is corresponding is decrypted;Ratio
Relatively the second cryptographic Hash after described PKI file decryption is corresponding with the catalogue that described school is signed in strategy file
The second cryptographic Hash that the file attribute of security image file is corresponding, if identical, then according to described PKI file,
Described school is signed first in the first attributes entries of security image file corresponding to the catalogue in strategy file
Cryptographic Hash is decrypted;Obtain the literary composition signing security image file corresponding to the catalogue in strategy file with described school
The first cryptographic Hash that part content is corresponding;Relatively the first cryptographic Hash after described PKI file decryption and described school
Sign the first cryptographic Hash that the file content of security image file corresponding to the catalogue in strategy file is corresponding, if phase
With, then it is assumed that the file security of described operating system.
Optionally, described file verification method also includes: obtain and need in operating system the file pair of upgrading
The renewal file answered;Described renewal file is digitally signed, obtains an AKU;To described AKU
Verifying, if meeting verification condition, then the file needing upgrading being replaced with the file in described AKU.
Optionally, described described renewal file is digitally signed, obtains an AKU and include: obtain with
The first cryptographic Hash that the file content of described renewal file is corresponding is corresponding with the file attribute of described renewal file
The second cryptographic Hash;By needs corresponding with described renewal file to described first cryptographic Hash, the second cryptographic Hash
The file name of the file of upgrading and file path preserve to upgrade information file;Obtain described upgrade information
The cryptographic Hash that the file content of file is corresponding, and according to described private key file, this cryptographic Hash is encrypted, will encryption
Result preserves to described upgrade information file;Described renewal file and upgrade information file are packed, obtains
Described AKU.
Optionally, described described AKU being verified, if meeting verification condition, then will need upgrading
The file that file replaces with in described AKU includes: obtain and the upgrade information file in described AKU
The cryptographic Hash that file content is corresponding;According to described PKI file, to the upgrade information file in described AKU
Cryptographic Hash corresponding to file content be decrypted;Compare the cryptographic Hash after described PKI file decryption and obtain
The cryptographic Hash that the file content of the described upgrade information file taken is corresponding, if identical, according to described AKU,
Utilize the file corresponding with described renewal file in file replacement operation system that updates in described AKU, and
First cryptographic Hash of this renewal file in described upgrade information file and the second cryptographic Hash are preserved respectively to
In first attributes entries of this renewal file and the second attributes entries.
Optionally, the image file of described acquisition operating system includes: obtain operating system source file;To behaviour
Make system source file to be compiled, generate described image file.
Another aspect according to the embodiment of the present invention, it is provided that the file signature device of a kind of operating system,
Including: the first acquisition module, for obtaining the image file of operating system;Second acquisition module, is used for obtaining
Take Sign Policies file and private key file;First signature blocks, for according to described Sign Policies file and private
Key file, is digitally signed file qualified in described image file and encrypts, obtain safety glasses
As file.
Another aspect according to the embodiment of the present invention, it is provided that the file verification device of a kind of operating system,
It is characterized in that, including: the 3rd acquisition module, for obtaining the image file of operating system;4th obtains
Module, is used for obtaining Sign Policies file and private key file;Second signature blocks, for according to described signature
Strategy file and private key file, be digitally signed file qualified in described image file and encrypt,
Obtain security image file;5th acquisition module, is used for obtaining school and signs strategy file and PKI file;School is signed
Module, for signing strategy file and PKI file according to described school, verifies described security image file,
If meeting verification condition, then it is assumed that the file security of described operating system.
The beneficial effect of the embodiment of the present invention at least includes: the embodiment of the present invention passes through Sign Policies file to mirror
As the critical file in file is signed, it is to avoid the verification to all files, improve verification efficiency;Enter
One step, is directly deposited in file digital signature in the file attribute entry of verified file, after system start-up
Go to read signing messages while accessing file very convenient, save and go when signing in school in conventional method to read
The CPU spending of additional signatures file, verification efficiency is greatly promoted;The embodiment of the present invention can anti-locking system
File is tampered, and can also upgrade single or multiple files simultaneously, and this upgrading mode also passes through
Verification, it is ensured that the safety problem of system upgrade, and improve the body of user under the premise that security is guaranteed
Test, reduce the maintenance cost of system upgrade.
Accompanying drawing explanation
Fig. 1 represents the file signature method schematic diagram of the operating system that the embodiment of the present invention provides;
Fig. 2 represents that method schematic diagram is signed in the file school of the operating system that the embodiment of the present invention provides;
Fig. 3 represents the actual application flow of the file signature method of the operating system that the embodiment of the present invention provides
Figure;
Fig. 4 represents that the actual applicating flow chart of method is signed in the file school of the operating system that the embodiment of the present invention provides;
Fig. 5 represents that method is signed when system upgrade in the file school of the operating system that the embodiment of the present invention provides
Actual applicating flow chart;
Fig. 6 represents the file signature device schematic diagram of the operating system that the embodiment of the present invention provides;
Fig. 7 represents that device schematic diagram is signed in the file school of the operating system that the embodiment of the present invention provides.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing and specifically real
Execute example to describe the present invention.
As it is shown in figure 1, the file signature method schematic diagram of the operating system provided for the embodiment of the present invention, bag
Include following steps:
Step S100, the image file of acquisition operating system.
Here, the image file of operating system is generated by compiler server compiling source file.
Step S200, acquisition Sign Policies file and private key file.
Here, Sign Policies file is write according to appointment grammer by user, wherein, including needing the one of verification
The title of paper series or feature, to the file name met in Sign Policies file or the file of feature
Signing, private key file is asymmetric cryptography private key file, is obtained by prior art, such as, utilize
RSA 1024 algorithm in the cryptographic algorithms such as openSSL produces, wherein, and the catalogue of Sign Policies file
In include self filename.
Step S300, according to Sign Policies file and private key file, to literary composition qualified in image file
Part is digitally signed and encrypts, and obtains security image file.
Here, the catalogue in Sign Policies file there is a need to the file being digitally signed, by this catalogue pair
Image file is digitally signed, and the mode of signature is corresponding by calculating the file content of this image file
Cryptographic Hash, and this cryptographic Hash is encrypted by private key file, the cryptographic Hash after encryption is preserved to this mirror image
In the file attribute of file, wherein, file attribute also includes extended attribute, concrete, in file attribute
Create the first attributes entries, preserve the cryptographic Hash after encryption;Calculate the All Files attribute of this image file
Corresponding cryptographic Hash, and this cryptographic Hash is encrypted by private key file, the cryptographic Hash after encryption is preserved to being somebody's turn to do
In second attributes entries of image file, it is also preferred that the left the Hash in the first attributes entries and the second attributes entries
Value uses different private key files to be encrypted.
During operating system update, make a mistake during for avoiding file verification, first determine the literary composition of change before and after upgrading
Part, is digitally signed the renewal file corresponding with the file needing upgrading in operating system, wherein, and number
The method of word signature is identical with the method that the file in the catalogue of Sign Policies file is digitally signed, at this
Repeat no more.
As in figure 2 it is shown, the schematic diagram of file verification method of the operating system provided for the embodiment of the present invention,
Comprise the following steps:
Step S400, the image file of acquisition operating system.
Here, the image file of operating system is generated by compiler server compiling source file.
Step S500, acquisition Sign Policies file and private key file.
Here, Sign Policies file is write according to appointment grammer by user, wherein, including needing the one of verification
The title of paper series or feature, to the file name met in Sign Policies file or the file of feature
Signing, private key file is asymmetric cryptography private key file, is obtained by prior art, such as, utilize
RSA 1024 algorithm in the cryptographic algorithms such as openSSL produces, wherein, and the catalogue of Sign Policies file
In include self filename.
Step S600, according to Sign Policies file and private key file, to literary composition qualified in image file
Part is digitally signed and encrypts, and obtains security image file.
Here, the catalogue in Sign Policies file there is a need to the file being digitally signed, by this catalogue pair
Image file is digitally signed, and the mode of signature is corresponding by calculating the file content of this image file
Cryptographic Hash, and this cryptographic Hash is encrypted by private key file, the cryptographic Hash after encryption is preserved to this mirror image
In the file attribute of file, wherein, file attribute also includes extended attribute, concrete, in file attribute
Create the first attributes entries, preserve the cryptographic Hash after encryption;Calculate the All Files attribute of this image file
Corresponding cryptographic Hash, and this cryptographic Hash is encrypted by private key file, the cryptographic Hash after encryption is preserved to being somebody's turn to do
In second attributes entries of image file, it is also preferred that the left the Hash in the first attributes entries and the second attributes entries
Value uses different private key files to be encrypted.
Strategy file and PKI file are signed in step S700, acquisition school.
Here, the catalogue that school is signed in strategy file is identical with the catalogue in Sign Policies file, this PKI file
Corresponding with above-mentioned private key file, the cryptographic Hash that above-mentioned private key file is encrypted can be decrypted.
Step S800, sign strategy file and PKI file according to school, security image file verified,
If meeting verification condition, then it is assumed that the file security of operating system.
Here, the file that there is a need to carry out verifying in the catalogue in strategy file is signed in school, by this catalogue to mirror image
File is digitally signed, and wherein, includes the filename of self, pass through in the catalogue of school label strategy file
Following steps verify:
Step S810, the catalogue obtained in the label strategy file of school.
Step S820, determine safety glasses corresponding with the catalogue that school is signed in strategy file in security image file
As file.
Step S830, acquisition are signed the file of security image file corresponding to the catalogue in strategy file and are belonged to school
The second cryptographic Hash that property is corresponding.
Step S840, according to PKI file, school is signed the security image literary composition that the catalogue in strategy file is corresponding
The second cryptographic Hash in second attributes entries of part is decrypted.
Step S850, compare the second cryptographic Hash after PKI file decryption and school and sign the mesh in strategy file
Record the second cryptographic Hash that the file attribute of corresponding security image file is corresponding, if identical, then according to PKI literary composition
Part, signs the first Kazakhstan in the first attributes entries of security image file corresponding to the catalogue in strategy file to school
Uncommon value is decrypted.
Step S860, acquisition are signed with school in the file of security image file corresponding to the catalogue in strategy file
Hold the first corresponding cryptographic Hash.
Step S870, compare the first cryptographic Hash after PKI file decryption and school and sign the mesh in strategy file
Record the first cryptographic Hash that the file content of corresponding security image file is corresponding, if identical, then it is assumed that safety glasses
As file security.
Here, during operating system update, make a mistake during for avoiding file verification, become before and after first determining upgrading
The file changed, is digitally signed the renewal file corresponding with the file needing upgrading in operating system, and
The title by signing messages, updating file and path preserve to upgrade information file, then calculate upgrading letter
Cease the cryptographic Hash that the file content of file is corresponding, by the encryption of this cryptographic Hash and encrypted result is preserved equally to liter
In level message file, during verification, only need to verify whether upgrade information file exists and whether be tampered, if
By verification, after document upgrading, according to file name and this renewal file of path query of updating file
Signing messages, the signing messages that inquiry is obtained preserve to update file file attribute in.The present invention is real
Executing example can prevent system file to be tampered, and can also upgrade single or multiple files simultaneously, should
Upgrading mode also passes through verification, it is ensured that the safety problem of system upgrade.And ensureing the premise of safety
Under improve the experience of user, reduce the maintenance cost of system upgrade.
Critical file in image file is signed by the embodiment of the present invention by Sign Policies file, it is to avoid
Verification to all files, improves verification efficiency;Further, file digital signature is directly deposited in by
In the file attribute entry of verification file, go while accessing file after system start-up to read signing messages very
Convenient, save the CPU spending going when signing in conventional method to read additional signatures file, verification effect in school
Rate is greatly promoted.
As it is shown on figure 3, the actual application of file signature method of the operating system provided for the embodiment of the present invention
Flow chart, comprises the following steps:
Step 301, the operating system image file compiled give file signature and implantation tool.Specifically
, compiler server completes source code compiling, and system file subregion generates the system.img of ext4 form
Image file, file signature and implantation tool are executable programs, are responsible for scan operation system image literary composition
All Files name in part and attribute, the simultaneously signature condition in contrast Sign Policies file, by eligible
File be digitally signed.
Step 302, file signature and this image file of implantation tool carry, user according to the requirement of self,
Create Sign Policies file and the private key file of asymmetric cryptography, and give file signature and implantation tool.Tool
Body, Sign Policies file includes the All Files of the entitled root of user, the private key file of asymmetric cryptography
It is to run the openssl public method on compiler server to generate the public private key pair of one group of asymmetric cryptography, adds
Close algorithm uses RSA 1024.
Step 303, file signature and implantation tool scanning analysis successively hangs the file in posterior image file
Content.
Whether step 304, filename or attribute meet the condition that Sign Policies file describes.
Step 305, ignore not process and continue to scan on next file.
Step 306, the cryptographic Hash of calculation document content are also encrypted with private key, and encrypted result write file is corresponding
In first attributes entries of attribute node.
Step 307, the cryptographic Hash of all properties calculated including the first attributes entries, encrypt with private key,
In second attributes entries of encrypted result write file correspondence attribute node.
After step 308, file scan, Sign Policies file is also carried out digital signature and is saved in literary composition
In part attributes entries.
Step 309, cancelling the carry of image file, the most signed injection of image file of origin operation system turns
It is changed to security image file.
As shown in Figure 4, method actual application stream is signed in the file school of the operating system provided for the embodiment of the present invention
Cheng Tu, comprises the following steps:
Step 401, system electrification, the firmware of equipment and be booted up device and first start, start to guide operation
System kernel starts.
First step 402, kernel run school and sign execution instrument after starting, school sign execution instrument from kernel only
Read to obtain in root partition PKI or digital certificate files and Sign Policies file, carry out the label of Sign Policies file
Name checks.Concrete, it is an executable program that execution instrument is signed in school, can be stored in independent operating be
The safe Reading Sections of system, by revising the init.rc file of system, allowing school sign execution instrument can open in system
Time dynamic, first is performed.
Whether the signature of step 403, Sign Policies file self passes through.
Step 404, verifying unsuccessfully, kernel stops guiding, and performs the safeguard protection behavior of predefined, example
As ejected safety warning in user interface.
Step 405, operating system nucleus normal boot are run, system image file that carry was signed and use
Family image file, produces the system file subregion of the operating system through signing and passes through the operating system of signature
User data subregion.
Step 406, school sign owning in the system file after performing tool scans carry and user data subregion
Filename and file attribute.
Whether step 407, filename or file attribute meet school is signed the condition in strategy file.
Step 408, file are not belonging to verification scope, ignore, and continue to scan on next file.
Whether its fileinfo of digital signature verification that step 409, the second attributes entries used preserve occurs
Distort;Concrete school is signed execution tool queries and is treated relatively to sign the file attribute entry of file, including that may be present
Extended attribute entry, if the second attributes entries existed, then calculate in addition to the second attributes entries other
In total cryptographic Hash of file attribute, with the second attributes entries, digital signature is through PKI or digital certificate files solution
Cryptographic Hash after close contrasts, if inconsistent, thinks that failure relatively signed by file;If consistent, continue step
Rapid 410.
Whether its fileinfo of digital signature verification that step 410, the first attributes entries used preserve occurs
Distort;Concrete school is signed execution tool queries and is treated relatively to sign the file attribute entry of file, including that may be present
Extended attribute entry, the first attributes entries whether inquiry exists, if it is present calculate the literary composition of this document
In total cryptographic Hash of part content, with the first attributes entries, digital signature is deciphered through PKI or digital certificate files
After cryptographic Hash contrast, if inconsistent, think that failure relatively signed by file;If unanimously, thinking file
Attribute information is not tampered with.
File verification failure when step 411, startup, refusal continues to start the safeguard protection of execution predefined
Behavior, such as, eject safety warning in user interface.
Step 412, file verification are passed through, and system continues to guide to be run, kernel-driven is follow-up open every time or
Before person's operating file, all need to verify in real time.
Whether step 413, file verify in real time and pass through.
Step 414, perform predefined safeguard protection behavior, kernel can refuse this document be opened or
Person performs, it is also possible to select to verify failure record in daily record.
Step 415, file are normally opened or are performed.
As it is shown in figure 5, method is signed at system upgrade in the file school for the operating system of embodiment of the present invention offer
Time actual applicating flow chart, comprise the following steps:
The listed files that there are differences before and after step 501, contrast upgrading gives file signature and implantation tool,
All Files in scanning AKU successively.
Step 502, whether belong to the file need to upgraded and sign.
Step 503, ignore this document, continue to scan on next file.Concrete, if the on-demand amendment of user
The source code of system recompilates, and in the mirror image after recompility, file A and file B there occurs amendment,
File A and file B is can detect that by step 501-503.
Step 504, file signature and implantation tool are with reference to step 306 and step 307 in Fig. 3, to this article
Part is digitally signed.Concrete, the file A in AKU and file B is digitally signed, and
File A in non-original system and file B.
Step 505, file signature and implantation tool calculate digital digest and with asymmetric to upgrade information file
The private key file encryption of password generates digital signature information, and signing messages is saved in the end of upgrade information file
Tail, repacks upgrade information Piece file mergence in system upgrade bag afterwards.
Step 506, device power to be upgraded, the firmware of equipment and be booted up device and first start, guiding is taken
The kernel of tape operation system upgrade function starts.
Step 507, kernel read system upgrade bag, verify AKU integrity, the most therefrom search extraction
Upgrade information file, verifies the digital signature of this document with PKI.The concrete kernel with upgrade function is read
Take system upgrade bag, the integrity of checking system upgrade bag, the most therefrom search and extract upgrade information file,
And from upgrade information file content, obtain digital signature information, use PKI or digital certificate files to upgrading
The digital signature at message file end is relatively signed.If upgrade information file does not exists, or relatively sign obstructed
Crossing, kernel all should terminate that escalation process, points out user with alarm picture or uses other self-defining peaces
Full guard behavior.
If whether step 508, upgrade information file exist and exist whether verification is passed through.
Step 509, kernel terminate escalation process, perform predefined safeguard protection behavior, such as with
Safety warning is ejected at interface, family.
Step 510, there is the kernel development system AKU of upgrade function, implement upgrading package-in file and treating
Source file replaced by copy on updating apparatus, completes updating operation.
The embodiment of the present invention can prevent system file to be tampered, simultaneously can also be to single or multiple files
Upgrading, this upgrading mode also passes through verification, it is ensured that the safety problem of system upgrade, and is protecting
Improve the experience of user on the premise of card safety, reduce the maintenance cost of system upgrade.
As shown in Figure 6, the embodiment of the present invention additionally provides the file signature device schematic diagram of a kind of operating system,
Including: the first acquisition module 61, for obtaining the image file of operating system;Second acquisition module 62,
For obtaining Sign Policies file and private key file;First signature blocks 63, for according to Sign Policies literary composition
Part and private key file, be digitally signed file qualified in image file and encrypt, obtain safety
Image file.
It should be noted that this device is the device corresponding with the file signature method of aforesaid operations system, on
State all implementations in embodiment of the method and, all be applicable to the embodiment of this device, also can reach identical skill
Art effect.
As it is shown in fig. 7, device schematic diagram is signed in the file school that the embodiment of the present invention additionally provides a kind of operating system,
Including: the 3rd acquisition module 71, for obtaining the image file of operating system;4th acquisition module 72,
For obtaining Sign Policies file and private key file;Second signature blocks 73, for according to Sign Policies literary composition
Part and private key file, be digitally signed file qualified in image file and encrypt, obtain safety
Image file;5th acquisition module 74, is used for obtaining school and signs strategy file and PKI file;Module is signed in school
75, for signing strategy file and PKI file according to school, security image file is verified, if meeting school
Test condition, then it is assumed that the file security of operating system.
It should be noted that this device is the device corresponding with the file signature method of aforesaid operations system, on
State all implementations in embodiment of the method and, all be applicable to the embodiment of this device, also can reach identical skill
Art effect.
Above is the preferred embodiment of the present invention, it should be pointed out that the ordinary person for the art comes
Saying, can also make some improvements and modifications under without departing from the principle premise of the present invention, these improve and profit
Adorn the most within the scope of the present invention.
Claims (17)
1. the file signature method of an operating system, it is characterised in that including:
Obtain the image file of operating system;
Obtain Sign Policies file and private key file;
According to described Sign Policies file and private key file, file qualified in described image file is entered
Row number signature and encryption, obtain security image file.
2. file signature method as claimed in claim 1, it is characterised in that described acquisition operating system
Image file include:
Obtain operating system source file;
Operating system source file is compiled, generates described image file.
3. file signature method as claimed in claim 1, it is characterised in that described private key file is non-
Symmetric cryptography private key file.
4. file signature method as claimed in claim 1, it is characterised in that described according to described signature
Strategy file and private key file, be digitally signed file qualified in described image file and encrypt,
Obtain security image file to include:
Obtain the catalogue in described Sign Policies file;
Determine image file corresponding with the catalogue in described Sign Policies file in described image file;
Described image file is signed and encryption, obtains described security image file.
5. file signature method as claimed in claim 4, it is characterised in that described image file is entered
Row signature and encryption, the step obtaining described security image file includes:
Obtain that the file content of the image file corresponding with the catalogue in described Sign Policies file is corresponding
One cryptographic Hash;
According to described private key file, described first cryptographic Hash is encrypted, and by the first Hash after encryption
Value preserves to the first attributes entries of the file attribute of described image file;
Obtain that the file attribute of the image file corresponding with the catalogue in described Sign Policies file is corresponding
Two cryptographic Hash;
According to described private key file, described second cryptographic Hash is encrypted, and by described second after encryption
Cryptographic Hash preserves to the second attributes entries of the file attribute of described image file, obtains described security image
File.
6. file signature method as claimed in claim 1, it is characterised in that described file signature method
Also include:
Obtain and operating system needs renewal file corresponding to file upgraded;
Described renewal file is digitally signed, obtains an AKU.
7. file signature method as claimed in claim 6, it is characterised in that described to described renewal literary composition
Part is digitally signed, and obtains an AKU and includes:
Obtain first cryptographic Hash corresponding with the file content of described renewal file and the literary composition of described renewal file
The second cryptographic Hash that part attribute is corresponding;
By the file needing upgrading corresponding with described renewal file to described first cryptographic Hash, the second cryptographic Hash
File name and file path preserve in upgrade information file;
Obtain the cryptographic Hash that the file content of described upgrade information file is corresponding, and will according to described private key file
This cryptographic Hash is encrypted, and encrypted result is preserved to described upgrade information file;
Described renewal file and upgrade information file are packed, obtains described AKU.
8. the file verification method of an operating system, it is characterised in that including:
Obtain the image file of operating system;
Obtain Sign Policies file and private key file;
According to described Sign Policies file and private key file, file qualified in described image file is entered
Row number signature and encryption, obtain security image file;
Obtain school and sign strategy file and PKI file;
Sign strategy file and PKI file according to described school, described security image file is verified, if symbol
Close verification condition, then it is assumed that the file security of described operating system.
9. file verification method as claimed in claim 8, it is characterised in that described according to described signature
Strategy file and private key file, be digitally signed file qualified in described image file and encrypt,
Obtain security image file to include:
Obtain the catalogue in described Sign Policies file;
Determine image file corresponding with the catalogue in described Sign Policies file in described image file;
Described image file is signed and encryption, obtains described security image file.
10. file verification method as claimed in claim 9, it is characterised in that described image file is entered
Row signature and encryption, the step obtaining described security image file includes:
Obtain that the file content of the image file corresponding with the catalogue in described Sign Policies file is corresponding
One cryptographic Hash;
According to described private key file, described first cryptographic Hash is encrypted, and by the first Hash after encryption
Value preserves to the first attributes entries of the file attribute of described image file;
Obtain that the file attribute of the image file corresponding with the catalogue in described Sign Policies file is corresponding
Two cryptographic Hash;
According to described private key file, described second cryptographic Hash is encrypted, and by the second Hash after encryption
Value preserves to the second attributes entries of the file attribute of described image file, obtains described security image file.
11. file verification methods as claimed in claim 10, it is characterised in that described according to described school
Signing strategy file and PKI file, described security image file being verified, if meeting verification condition, then
Think that the step of file security of described operating system includes:
Obtain described school and sign the catalogue in strategy file;
Determine in described security image file and sign, with described school, the security image that the catalogue in strategy file is corresponding
File;
The file attribute obtaining the security image file corresponding with the catalogue in the label strategy file of described school is corresponding
The second cryptographic Hash;
According to described PKI file, described school is signed security image file corresponding to the catalogue in strategy file
The second cryptographic Hash in second attributes entries is decrypted;
Relatively the second cryptographic Hash after described PKI file decryption signs the catalogue in strategy file with described school
The second cryptographic Hash that the file attribute of corresponding security image file is corresponding, if identical, then according to described PKI
File, signs described school in the first attributes entries of security image file corresponding to the catalogue in strategy file
First cryptographic Hash is decrypted;
The file content obtaining the security image file corresponding with the catalogue in the label strategy file of described school is corresponding
The first cryptographic Hash;
Relatively the first cryptographic Hash after described PKI file decryption signs the catalogue in strategy file with described school
The first cryptographic Hash that the file content of corresponding security image file is corresponding, if identical, then it is assumed that described operation
The file security of system.
12. file verification methods as claimed in claim 8, it is characterised in that described file verification method
Also include:
Obtain and operating system needs renewal file corresponding to file upgraded;
Described renewal file is digitally signed, obtains an AKU;
Described AKU being verified, if meeting verification condition, then the file needing upgrading being replaced with institute
State the file in AKU.
13. file verification methods as claimed in claim 12, it is characterised in that described to described renewal
File is digitally signed, and obtains an AKU and includes:
Obtain first cryptographic Hash corresponding with the file content of described renewal file and the literary composition of described renewal file
The second cryptographic Hash that part attribute is corresponding;
By the file needing upgrading corresponding with described renewal file to described first cryptographic Hash, the second cryptographic Hash
File name and file path preserve in upgrade information file;
Obtain the cryptographic Hash that the file content of described upgrade information file is corresponding, and will according to described private key file
This cryptographic Hash is encrypted, and encrypted result is preserved to described upgrade information file;
Described renewal file and upgrade information file are packed, obtains described AKU.
14. file verification methods as claimed in claim 13, it is characterised in that described to described upgrading
Bag verifies, if meeting verification condition, then the file needing upgrading is replaced with the literary composition in described AKU
Part includes:
Obtain the cryptographic Hash corresponding with the file content of the upgrade information file in described AKU;
According to described PKI file, the Kazakhstan corresponding to the file content of the upgrade information file in described AKU
Uncommon value is decrypted;
Compare the file of the cryptographic Hash after described PKI file decryption and the described upgrade information file of acquisition
The cryptographic Hash that content is corresponding, if identical, according to described AKU, utilizes the renewal file in described AKU
File corresponding with described renewal file in replacement operation system, and by this in described upgrade information file more
First cryptographic Hash of new file and the second cryptographic Hash preserve respectively to this renewal file the first attributes entries and
In second attributes entries.
15. file verification methods as claimed in claim 8, it is characterised in that described acquisition operating system
Image file include:
Obtain operating system source file;
Operating system source file is compiled, generates described image file.
The file signature device of 16. 1 kinds of operating systems, it is characterised in that including:
First acquisition module, for obtaining the image file of operating system;
Second acquisition module, is used for obtaining Sign Policies file and private key file;
First signature blocks, for according to described Sign Policies file and private key file, to described image file
In qualified file be digitally signed and encrypt, obtain security image file.
The file verification device of 17. 1 kinds of operating systems, it is characterised in that including:
3rd acquisition module, for obtaining the image file of operating system;
4th acquisition module, is used for obtaining Sign Policies file and private key file;
Second signature blocks, for according to described Sign Policies file and private key file, to described image file
In qualified file be digitally signed and encrypt, obtain security image file;
5th acquisition module, is used for obtaining school and signs strategy file and PKI file;
Module is signed in school, for signing strategy file and PKI file according to described school, to described security image file
Verify, if meeting verification condition, then it is assumed that the file security of described operating system.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510079120.XA CN105989306B (en) | 2015-02-13 | 2015-02-13 | File signature method and device and file verification method and device for operating system |
PCT/CN2015/078902 WO2016127516A1 (en) | 2015-02-13 | 2015-05-13 | File signature method for operating system, file check method, and apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510079120.XA CN105989306B (en) | 2015-02-13 | 2015-02-13 | File signature method and device and file verification method and device for operating system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105989306A true CN105989306A (en) | 2016-10-05 |
CN105989306B CN105989306B (en) | 2020-04-28 |
Family
ID=56615403
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510079120.XA Active CN105989306B (en) | 2015-02-13 | 2015-02-13 | File signature method and device and file verification method and device for operating system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105989306B (en) |
WO (1) | WO2016127516A1 (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106569865A (en) * | 2016-11-14 | 2017-04-19 | 青岛海信移动通信技术股份有限公司 | Producing method and producing device for system upgrade file of terminal |
CN108427888A (en) * | 2017-02-15 | 2018-08-21 | 阿里巴巴集团控股有限公司 | File signature method, file verification method and corresponding intrument and equipment |
CN108762788A (en) * | 2018-05-31 | 2018-11-06 | 四川斐讯信息技术有限公司 | A kind of embedded device firmware encrypting method and system based on server |
CN109766134A (en) * | 2019-01-08 | 2019-05-17 | 四川虹微技术有限公司 | System start method, device, electronic equipment and storage medium |
CN110704852A (en) * | 2019-09-26 | 2020-01-17 | 江苏方天电力技术有限公司 | Encryption system for RTOS system program image file |
CN111158728A (en) * | 2019-12-31 | 2020-05-15 | 深圳市潮流网络技术有限公司 | Firmware upgrading method, firmware starting method, firmware generating method and device |
CN111201553A (en) * | 2017-10-16 | 2020-05-26 | 华为技术有限公司 | Safety element and related equipment |
CN111241536A (en) * | 2020-01-10 | 2020-06-05 | 杭州涂鸦信息技术有限公司 | Method and system for loading production test image and preventing illegal swiping |
CN111680298A (en) * | 2020-04-29 | 2020-09-18 | 杭州涂鸦信息技术有限公司 | Embedded system safe starting method and device with storage function |
CN113157286A (en) * | 2021-04-20 | 2021-07-23 | 深圳市优必选科技股份有限公司 | System upgrading method and device |
CN114594912A (en) * | 2022-03-14 | 2022-06-07 | 中国第一汽车股份有限公司 | Information protection method, device, equipment and medium for vehicle instrument system |
WO2022156507A1 (en) * | 2021-01-20 | 2022-07-28 | 浪潮电子信息产业股份有限公司 | Virtual optical disc drive generating method and apparatus, and computer readable storage medium |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106548092B (en) * | 2016-10-31 | 2019-07-16 | 杭州嘉楠耘智信息科技有限公司 | File processing method and device |
CN111045704B (en) * | 2019-11-22 | 2024-05-24 | 林洋能源科技(上海)有限公司 | Method and equipment for safety upgrading of intelligent power network high-end AMI acquisition and analysis equipment |
CN111245616B (en) * | 2020-03-10 | 2023-03-24 | 阿波罗智联(北京)科技有限公司 | Authentication method, device, equipment and storage medium for network communication |
CN113296873A (en) * | 2020-05-15 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Mirror image construction method and device, terminal equipment and computer storage medium |
CN112257058A (en) * | 2020-10-12 | 2021-01-22 | 麒麟软件有限公司 | Trusted computing verification method and system for operating system |
CN112328279B (en) * | 2020-11-02 | 2023-04-14 | 宁波和利时信息安全研究院有限公司 | System firmware file upgrading method, device and system |
CN112817621A (en) * | 2021-01-22 | 2021-05-18 | 浪潮电子信息产业股份有限公司 | BIOS firmware refreshing method and device and related components |
CN113037494B (en) * | 2021-03-02 | 2023-05-23 | 福州汇思博信息技术有限公司 | Burning piece mirror image file signature method and terminal |
CN113391880B (en) * | 2021-06-21 | 2023-04-07 | 超越科技股份有限公司 | Trusted mirror image transmission method for layered double hash verification |
CN115941208B (en) * | 2022-12-28 | 2024-04-02 | 广州文远知行科技有限公司 | Method, system, equipment and medium for transmitting vehicle-end file |
CN117390702B (en) * | 2023-12-11 | 2024-03-15 | 厦门天锐科技股份有限公司 | Split type driving and shell adding method and device, electronic equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1740941A (en) * | 2004-08-25 | 2006-03-01 | 微软公司 | System and method for secure execution of program code |
CN101149773A (en) * | 2007-08-27 | 2008-03-26 | 中国人民解放军空军电子技术研究所 | Software real name authentication system and its safe checking method |
CN101578609A (en) * | 2007-01-07 | 2009-11-11 | 苹果公司 | Secure booting a computing device |
CN102572595A (en) * | 2012-02-03 | 2012-07-11 | 深圳市同洲电子股份有限公司 | IPTV upgrade package structure, upgrading method and startup calibration method |
CN104156659A (en) * | 2014-08-14 | 2014-11-19 | 电子科技大学 | Embedded system secure start method |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6189100B1 (en) * | 1998-06-30 | 2001-02-13 | Microsoft Corporation | Ensuring the integrity of remote boot client data |
GB2499963B (en) * | 2010-12-09 | 2014-03-26 | Ibm | Computer-readable storage mediums for encrypting and decrypting a virtual disc |
CN102025744A (en) * | 2010-12-20 | 2011-04-20 | 北京世纪互联工程技术服务有限公司 | Import and export system of virtual machine image in cloud computing |
CN103761329B (en) * | 2014-02-08 | 2017-06-16 | 广东欧珀移动通信有限公司 | A kind of method and its device that brush machine is carried out to mobile device |
-
2015
- 2015-02-13 CN CN201510079120.XA patent/CN105989306B/en active Active
- 2015-05-13 WO PCT/CN2015/078902 patent/WO2016127516A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1740941A (en) * | 2004-08-25 | 2006-03-01 | 微软公司 | System and method for secure execution of program code |
CN101578609A (en) * | 2007-01-07 | 2009-11-11 | 苹果公司 | Secure booting a computing device |
CN101149773A (en) * | 2007-08-27 | 2008-03-26 | 中国人民解放军空军电子技术研究所 | Software real name authentication system and its safe checking method |
CN102572595A (en) * | 2012-02-03 | 2012-07-11 | 深圳市同洲电子股份有限公司 | IPTV upgrade package structure, upgrading method and startup calibration method |
CN104156659A (en) * | 2014-08-14 | 2014-11-19 | 电子科技大学 | Embedded system secure start method |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106569865B (en) * | 2016-11-14 | 2020-04-10 | 青岛海信移动通信技术股份有限公司 | Method and device for manufacturing system upgrade file of terminal |
CN106569865A (en) * | 2016-11-14 | 2017-04-19 | 青岛海信移动通信技术股份有限公司 | Producing method and producing device for system upgrade file of terminal |
CN108427888A (en) * | 2017-02-15 | 2018-08-21 | 阿里巴巴集团控股有限公司 | File signature method, file verification method and corresponding intrument and equipment |
US11455430B2 (en) | 2017-10-16 | 2022-09-27 | Huawei Technologies Co., Ltd | Secure element and related device |
CN111201553A (en) * | 2017-10-16 | 2020-05-26 | 华为技术有限公司 | Safety element and related equipment |
CN111201553B (en) * | 2017-10-16 | 2022-04-22 | 华为技术有限公司 | Safety element and related equipment |
CN108762788A (en) * | 2018-05-31 | 2018-11-06 | 四川斐讯信息技术有限公司 | A kind of embedded device firmware encrypting method and system based on server |
CN108762788B (en) * | 2018-05-31 | 2023-07-28 | 杭州吉吉知识产权运营有限公司 | Method and system for encrypting firmware of embedded equipment based on server |
CN109766134A (en) * | 2019-01-08 | 2019-05-17 | 四川虹微技术有限公司 | System start method, device, electronic equipment and storage medium |
CN110704852A (en) * | 2019-09-26 | 2020-01-17 | 江苏方天电力技术有限公司 | Encryption system for RTOS system program image file |
CN111158728A (en) * | 2019-12-31 | 2020-05-15 | 深圳市潮流网络技术有限公司 | Firmware upgrading method, firmware starting method, firmware generating method and device |
CN111158728B (en) * | 2019-12-31 | 2024-02-02 | 深圳市潮流网络技术有限公司 | Firmware upgrading method, firmware starting method and device |
CN111241536A (en) * | 2020-01-10 | 2020-06-05 | 杭州涂鸦信息技术有限公司 | Method and system for loading production test image and preventing illegal swiping |
CN111680298B (en) * | 2020-04-29 | 2023-10-27 | 杭州涂鸦信息技术有限公司 | Safe starting method of embedded system and device with storage function |
CN111680298A (en) * | 2020-04-29 | 2020-09-18 | 杭州涂鸦信息技术有限公司 | Embedded system safe starting method and device with storage function |
WO2022156507A1 (en) * | 2021-01-20 | 2022-07-28 | 浪潮电子信息产业股份有限公司 | Virtual optical disc drive generating method and apparatus, and computer readable storage medium |
CN113157286A (en) * | 2021-04-20 | 2021-07-23 | 深圳市优必选科技股份有限公司 | System upgrading method and device |
CN114594912A (en) * | 2022-03-14 | 2022-06-07 | 中国第一汽车股份有限公司 | Information protection method, device, equipment and medium for vehicle instrument system |
Also Published As
Publication number | Publication date |
---|---|
CN105989306B (en) | 2020-04-28 |
WO2016127516A1 (en) | 2016-08-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105989306A (en) | File signature method and device of operating system and file verification method and device of operating system | |
RU2728524C1 (en) | Method and device for consensus verification | |
US11523153B2 (en) | System and techniques for digital data lineage verification | |
CN104408370B (en) | Android system security verification method and its checking device | |
US20090193211A1 (en) | Software authentication for computer systems | |
CN110225063A (en) | Upgrade method, upgrade-system, server and the car-mounted terminal of automobile mounted system | |
US9442833B1 (en) | Managing device identity | |
CN106778283A (en) | A kind of guard method of system partitioning critical data and system | |
CN102346831A (en) | Handheld device privacy encryption protection method of Android operating system | |
US20220337392A1 (en) | Automatic digital media authenticator | |
WO2018184353A1 (en) | Method for application security authentication, terminal, and storage medium | |
CN108540447B (en) | Block chain-based certificate verification method and system | |
CN103745166A (en) | Method and device for inspecting file attribute value | |
CN109117643A (en) | The method and relevant device of system processing | |
Sahin et al. | Don't forget the stuffing! revisiting the security impact of typo-tolerant password authentication | |
Shahriar et al. | Content provider leakage vulnerability detection in Android applications | |
CN108256351B (en) | File processing method and device, storage medium and terminal | |
US8499357B1 (en) | Signing a library file to verify a callback function | |
EP2786519B1 (en) | User access control based on a graphical signature | |
US9860230B1 (en) | Systems and methods for digitally signing executables with reputation information | |
CN1988437A (en) | System and method for managing credible calculating platform key authorization data | |
CN104751042A (en) | Credibility detection method based on password hash and biometric feature recognition | |
US8844024B1 (en) | Systems and methods for using tiered signing certificates to manage the behavior of executables | |
CN106294017A (en) | A kind of information security back-up method | |
CN110555682A (en) | multi-channel implementation method based on alliance chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |