CN106203081A - A kind of safety protecting method and device - Google Patents
A kind of safety protecting method and device Download PDFInfo
- Publication number
- CN106203081A CN106203081A CN201510213764.3A CN201510213764A CN106203081A CN 106203081 A CN106203081 A CN 106203081A CN 201510213764 A CN201510213764 A CN 201510213764A CN 106203081 A CN106203081 A CN 106203081A
- Authority
- CN
- China
- Prior art keywords
- safety container
- checking information
- information
- preset
- container
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of safety protecting method, including: when the instruction entering safety container that user triggers being detected, enter this safety container;Hang up the process outside this safety container.To prevent the process outside this safety container from obtaining the information of the process in this safety container.Present invention also offers a kind of safety device simultaneously.Said method and device, can effectively prevent the process record outside safety container or the information of the process in interception container, thus play the effect of the interior application of protection safety container.
Description
Technical field
The present invention relates to field of computer technology, particularly to a kind of safety protecting method and device.
Background technology
In prior art, it will usually system is placed into one with safety-related sensitive applications
In the sandbox (i.e. safety container) of isolation, outside data in this sandbox and application program are all with sandbox
System isolate, thus reach secret protection and two kinds of functions of security protection.But, this every
Isolation on only position, the application program outside sandbox still can pass through information record or information
The mode intercepted, obtains the various information in sandbox.Therefore, the most effectively take precautions against and outside sandbox, apply journey
The malice pry of sequence, is one of current urgent problem.
Summary of the invention
In view of this, the present invention provides a kind of safety protecting method and device, is applied in mobile terminal,
Can effectively prevent the process record outside safety container or the information of the process in interception container, thus play
The effect of application in protection safety container.
The embodiment of the present invention provides a kind of safety protecting method, including: when detecting that what user triggered enters
When entering the instruction of safety container, enter described safety container;Hang up the process outside described safety container,
To prevent the process outside described safety container from obtaining the information of the process in described safety container.
Further, the process outside the described safety container of described hang-up includes:
All processes in Ergodic Theory, obtain the description information of each process, and described description information includes
The User Identity of described process or Process identifier;
According to described description information, it is judged that whether described process is the process outside described safety container;
If described process is the process outside described safety container, then hang up described process.
Further, described when the instruction entering safety container that user triggers being detected, enter institute
State safety container, including:
When the instruction entering safety container that user triggers being detected, show verification tip information, with
Point out described user's input validation information;
Obtaining the checking information of described user input, the checking information described user inputted is tested with preset
Card information is mated, if the checking information of described user input and described preset checking information match,
Then enter described safety container.
Further, described preset checking information includes the first preset checking information and the second preset checking
Information, if the checking information of then described user input and described preset checking information match, then
Enter described safety container, including:
If the checking information of described user input and described first preset checking information match, then enter
Described safety container, and show the All Files information in described safety container;
If the checking information of described user input and described second preset checking information match, then enter
Described safety container, and show the specified file information in described safety container;
If checking information and the described first preset checking information of described user input and described second preset
Checking information is not mated, and does not the most enter described safety container.
Further, after the described safety container of described entrance, including:
When the instruction of set up applications that described user triggers being detected, obtain and described application is installed
The digital signature of destination application that the instruction of program is pointed to also is verified;
If described destination application has the first digital signature and the second digital signature, and described first
Digital signature and described second digital signature all by checking, then install described destination application, its
Described in the first digital signature be the primary signature of described destination application, described second digital signature
Signature for third party's definition;
Otherwise, described destination application is not installed.
Further, also include after the described safety container of described entrance:
In described safety container, the systemic-function that disabling is preset.
The embodiment of the present invention provides a kind of safety device, including: detection module, it is used for detecting use
The instruction entering safety container that family is triggered;Enter module, for institute being detected when described detection module
When stating the instruction entering safety container that user triggers, enter described safety container;Suspension module, uses
In the process hung up outside described safety container, to prevent the process outside described safety container from obtaining described peace
The information of the process in full container.
Further, described suspension module includes:
Describe data obtaining module, all processes in Ergodic Theory, obtain the description of each process
Information, described description information includes User Identity or the Process identifier of described process;
Process judge module, for according to described description information, it is judged that whether described process is described peace
Process outside full container;
Hanging up submodule, if being the process outside described safety container for described process, then hanging up described
Process.
Further, described entrance module includes:
Display module, for when the instruction entering safety container that user triggers being detected, display is tested
Card information, to point out described user's input validation information;
Checking data obtaining module, for obtaining the checking information of described user input;
Checking information matches module, for the checking information and the preset checking information that described user are inputted
Mate;
Enter submodule, if the checking information inputted for described user and described preset checking information phase
Coupling, then enter described safety container.
Further, described preset checking information includes the first preset checking information and the second preset checking
Information,
The most described entrance submodule, if the checking information being additionally operable to described user input is first pre-with described
Put checking information match, then enter described safety container, and show in described safety container all
Fileinfo;
Described entrance submodule, if the checking information being additionally operable to described user input is second preset with described
Checking information match, then enter described safety container, and show the appointment literary composition in described safety container
Part information;
Described entrance submodule, if the checking information being additionally operable to described user input is first preset with described
Checking information and described second preset checking information are not mated, and the most do not enter described safety container.
Further, described detection module, it is additionally operable to detect the set up applications that described user triggers
Instruction;
Described device also includes:
Digital signature obtains and authentication module, for detecting that described user triggers when described detection module
The instruction of set up applications time, obtain the intended application that the instruction of described set up applications is pointed to
The digital signature of program is also verified;
Module being installed, signing with the second numeral if there is the first digital signature for described destination application
Name, and described first digital signature and described second digital signature are all by checking, then install described mesh
Mark application program, otherwise, does not install described destination application, and wherein said first digital signature is
The primary signature of described destination application, described second digital signature is the signature that third party defines.
Further, disabled module, in described safety container, disable the systemic-function preset.
Safety protecting method according to above-described embodiment and device, by after entering safety container, hang
Play the process outside this safety container, can effectively prevent the application process record outside safety container or interception
The information of the process in container, thus the effect of application and data etc. in playing protection safety container, make
Mobile phone users can be relievedly such as sensitive applications such as bank clients, or such as picture
It is positioned in safety container with private datas such as contact persons.
For the above and other objects, features and advantages of the present invention can be become apparent, cited below particularly
Preferred embodiment, and coordinate institute's accompanying drawings, it is described in detail below.
Accompanying drawing explanation
The flow chart of a kind of safety protecting method that Fig. 1 provides for first embodiment of the invention;
The flow chart of a kind of safety protecting method that Fig. 2 provides for second embodiment of the invention;
The flow process of part steps in a kind of safety protecting method that Fig. 3 provides for second embodiment of the invention
Figure;
The structural representation of a kind of safety device that Fig. 4 provides for third embodiment of the invention;
The structural representation of a kind of safety device that Fig. 5 provides for fourth embodiment of the invention.
Detailed description of the invention
By further illustrating the technological means and merit that the present invention taked by realizing predetermined goal of the invention
Effect, below in conjunction with accompanying drawing and preferred embodiment, to according to the detailed description of the invention of the present invention, structure,
Feature and effect thereof, after describing in detail such as.
Safety protecting method in the present invention can be applicable to be preinstalled with Android (Android) or other are similar to
In the mobile terminal of operating system, such as: be preinstalled with the smart mobile phone of android system, panel computer etc.
Deng.
First embodiment
Referring to Fig. 1, first embodiment of the invention provides a kind of safety protecting method, and the method includes:
Step 101, when the instruction entering safety container that user triggers being detected, enter this and hold safely
Device;
Safety container refers to isolate in the application layer of operating system, i.e. shares a kernel and operation
The intermediate layer of system, and interface and application program can divide into two set processes, the effect that such user sees
Fruit similarly is two systems.Because the data base that this two sets application program each uses is different, institute
To show as data isolation, the data such as picture that i.e. user sees outside safety container and contact person is followed
It is seen that different in safety container.It is to be appreciated that safety container may also mean that in intermediate layer
Isolate, i.e. share a kernel, on kernel, be further added by one layer of intermediate layer, original centre
Layer a set of interface the most corresponding with the intermediate layer newly increased and application program, be defined as peace by one of them
Within full container, another is then outside safety container.
User can trigger entrance peace by clicking on the safety container icon in the system desktop outside safety container
The instruction of full container.When the operation that user clicks on this safety container icon being detected, confirm trigger into
Enter the instruction of safety container, enter safety container.Further, user is also by mobile terminal
Carry out other preset operations and trigger the instruction entering safety container, such as: double-click the volume of mobile terminal
Key, length press power key, whipping mobile terminal, the appointment position of continuous several times percussion mobile terminal screen
Etc..Wherein, the particular content of this preset operation can be by User Defined.
Step 102, the process hung up outside this safety container;To prevent the process outside this safety container from obtaining
The information of the process in this safety container.
After detecting in entrance safety container, by all processes (bag in system service Ergodic Theory
All processes in including safety container and outside safety container), obtain the description information of each process.According to
This describes the process that information judges that each process is belonging to outside safety container, still falls within safety container
Process.It is to be appreciated that only allow to run in safety container to be judged as belonging to entering in safety container
The process of journey, when exiting safety container, system is automatically logged out the process in safety container.Accordingly,
The most only allow to run the process of the process belonged to outside safety container outside safety container.
Initiating pending signal by system service to operating system, this pending signal is non-maskable,
Operating system, after receiving this pending signal, sends to process manager (or process manager module)
Management of process instructs, and process manager controls hang-up according to this instruction and is judged as belonging to outside safety container
The process of process.The process being now suspended is in frozen state, is not assigned to any calculating
Machine resource.
Safety protecting method in above-described embodiment, by, after entering safety container, hanging up this safety
Process outside container, can effectively prevent the application process record outside safety container or intercept in container
The information of process, thus the effect of application and data etc. in playing protection safety container so that mobile whole
End subscriber can be relievedly such as sensitive applications such as bank clients, or such as picture and contact person
It is positioned in safety container Deng private data.
Second embodiment
Referring to Fig. 2, second embodiment of the invention provides a kind of safety protecting method, and the method includes:
Step 21, when the instruction entering safety container that user triggers being detected, show verification tip
Information, to point out this user's input validation information;
Safety container refers to isolate in the application layer of operating system, i.e. shares a kernel and operation
The intermediate layer of system, and interface and application program can divide into two set processes, the effect that such user sees
Fruit similarly is two systems.Because the data base that this two sets application program each uses is different, institute
To show as data isolation, the data such as picture that i.e. user sees outside safety container and contact person is followed
It is seen that different in safety container.It is to be appreciated that safety container may also mean that in intermediate layer
Isolate, i.e. share a kernel, on kernel, be further added by one layer of intermediate layer, original centre
Layer a set of interface the most corresponding with the intermediate layer newly increased and application program, be defined as peace by one of them
Within full container, another is then outside safety container.
User can trigger entrance peace by clicking on the safety container icon in the system desktop outside safety container
The instruction of full container.When the operation that user clicks on this safety container icon being detected, confirm trigger into
Enter the instruction of safety container, show verification tip information, to point out this user to input entrance safety container
Pass authentication information.Wherein the display mode of information specifically comprises the steps that ejection checking information is defeated
Enter frame.
Further, user can trigger entrance safety appearance by mobile terminal carries out other preset operations
The instruction of device, such as: double-click the volume key of mobile terminal, long press power key, whipping mobile terminal,
Continuous several times taps appointment position of mobile terminal screen etc..Wherein, this preset operation is concrete interior
Appearance can be by User Defined.
Step 22, obtaining the checking information of this user input, the checking information this user inputted is with pre-
Put checking information to mate, if the checking information of this user input and this preset checking information match,
Then enter this safety container;
Obtain user's checking information in the checking information input frame input ejected, and by this checking information
The checking information preset with user is mated.If the checking information of this user input and preset checking letter
Manner of breathing mates, then enter safety container;If checking information and the preset checking information of user's input are not
Join, then show the information of checking information input error, do not enter the operation interface of safety container.
Wherein, checking information type can be, but not limited to include: character string password, graphical passwords, fingerprint,
Iris etc.。
Further, the predeterminable two groups of different preset checking information of user: the first preset checking information
(really verifying information) and the second preset checking information (pseudo-checking information), such as: arrange one group by 7
The character string password that bit digital is constituted with letter is the first preset checking information, arranges one group by 5 figure places
The checking information that word is constituted is the second preset checking information.Different preset checking information, corresponding entrance
Fileinfo included in the operation interface of display after safety container also differs.
For improving the fascination of checking information, it is preferable that the first preset checking information is preset with second to be tested
Card information can be to have the character string password of identical figure place.
It is to be appreciated that the quantity of preset checking information is not limited to two groups, in actual applications, according to
Different rights object, the most predeterminable 3rd preset checking information of user, the 4th preset checking information, very
To the preset checking information being more groups.
Concrete, as it is shown on figure 3, step 22 may particularly include further:
Step 221, the checking information this user inputted are mated with preset checking information;
By user checking information input frame input checking information respectively with the first preset checking information and
Second preset checking information is mated.
If the checking information of this user of step 222 input and the first preset checking information match, then enter
Enter this safety container, and show the All Files information in this safety container;
If the checking information of user's input and the first preset checking information match, then enter safety container,
And in operation interface, show that all files information in this safety container is checked, such as user: safety
The icon information of all application programs of installation, the picture of storage, associated person information etc. in container.
If the checking information of this user of step 223 input and the second preset checking information match, then enter
Enter this safety container, and show the specified file information in this safety container;Hide other fileinfo.
If the checking information of user's input and the second preset checking information match, then enter safety container,
And in operation interface only the partial document information in display user's this safety container preassigned for
Family is checked, and unspecified for user alternative document information is hidden, such as: hiding user does not refers to
The icon of fixed bank client, address list, chat record etc..
If checking information and this first preset checking information of this user of step 224 input and this is second pre-
Put checking information not mate, the most do not enter this safety container.
If user input checking information neither with the first preset checking information match, the most not with second
Preset checking information match, then show the information of checking information input error, do not enter peace
The operation interface of full container.
So, by arranging two groups or much more even to organize different checking information, and the behaviour of safety container
Make interface correspondence and show different fileinfos, fileinfo in safety container can be improved further
Safety, prevents the sensitive applications such as bank client program in container, or individual's picture etc.
Privacy information, when mobile terminal is used by other people, is usurped by other people.
All processes in step 23, Ergodic Theory, obtain the description information of each process, and this description is believed
Breath includes User Identity or the Process identifier of this process;
After detecting in entrance safety container, by all processes (bag in system service Ergodic Theory
Include the process in safety container and the process outside safety container), obtain the description information of each process.Should
Description information can be, but not limited to include: the User Identity (User Identification, UID) of process
Or Process identifier (Process Identification, PID).
Step 24, according to this, information is described, it is judged that whether this process is the process outside this safety container;
Can this process of labelling is belonging to outside safety container in UID or PID of process process, or
Belong to the process in safety container.It is to be appreciated that only allow operation to be labeled as safety in safety container
The process of the process in container, when exiting safety container, what system was automatically logged out in safety container enters
Journey.Accordingly, the most only allow to run the process of the process belonged to outside safety container outside safety container.
Specifically, by whether UID or PID of detection procedure comprises specific markers can determine
This process is belonging to the process outside safety container, still falls within the process in safety container.Such as, when
When the head mark of the UID of one process has " s ", determine that this process is the process in safety container,
And when the head of the UID of this process is not marked with " s " or has other self-defined labellings, determine this
Process is the process outside safety container.Or, in the description information of process, by the PID of the scope of appointment
The process being labeled as in safety container, when the PID of process belongs to above-mentioned appointment scope, determines that this enters
Journey is the process in safety container.
If this process of step 25 is the process outside this safety container, then hang up this process;
If this process is the process outside safety container, then initiate to hang up to operating system by system service
Signal, this pending signal is non-maskable, operating system after receiving this pending signal, Xiang Jin
Thread management device (or process manager module) sends management of process instruction, and process manager is according to this instruction
Control to hang up this process.The process being now suspended is not assigned to any computer resource, is in
Frozen state.
Further, if this process is the process in safety container, then allow it properly functioning.
Process is the example of the program being currently running, because all processes outside safety container are all in freezing
Knot state, even if so in system implanted rogue program or virus wooden horse, but due to these malice
The associated process of program or virus wooden horse is suspended, thus is in frozen state, thus cannot record or
Person intercepts the information of the process in container, thus can play the effect of protection security of system.
Step 26, when the instruction of set up applications that this user triggers being detected, obtain this installation
The digital signature of destination application that the instruction of application program is pointed to also is verified;
User by double-clicking the installation file of destination application to be installed, or can click in screen
Button is installed, triggers the instruction of set up applications.When detecting that user double-clicks target to be installed and answers
With the installation file of program, or when clicking on the installation button in screen, obtain the installation literary composition that user double-clicks
Part or its digital signature installing the destination application that button points to clicked on, and to the numeral obtained
Signature is verified.
If this destination application of step 27 has the first digital signature and the second digital signature, and should
First digital signature and this second digital signature all by checking, then install this destination application, its
In this first digital signature be the primary signature of this destination application, this second digital signature is the 3rd
The signature of Fang Dingyi;
The digital signature of the destination application obtained is verified, it is judged that this destination application is
No have the first digital signature and the second digital signature, and this first digital signature is signed with this second numeral
Name is the most all by checking.Wherein, this first digital signature is the primary signature of this destination application.
Android system requires that each Android application program can have to be installed through digital signature
In system, say, that if an Android application program is not through digital signature, be not have
Way is installed in system.Android carrys out the author of identification application by digital signature and is answering
Setting up trusting relationship between program, this digital signature is completed by the author of application program, and is not required to
Wanting the digital certificate signature agency qualification of authority, it is used only to allow application package self identity.
The above-mentioned signature completed according to the requirement of android system is primary signature.
This second digital signature is the signature that third party defines, and is i.e. being answered target by specific third party
After auditing by program, sign to the digital signature of this destination application.
Step 28, otherwise, does not install this destination application.
If destination application only has the first digital signature, or only has the second digital signature, or
Although person has the first digital signature and the second digital signature, but only one of which is by checking, then
Judge that this destination application is possible to endanger the hazardous applications program of security of system, not to this target
Application program is installed.
Like this, by using the review mechanism of doubled sign, limiting the application program in safety container must
Must have two signatures, and the two signature all passes through checking and just can install, and can hold in safety
The existence of any trojan horse software is thoroughly stopped, even if because user is cheated or general idea in device
Download the application program carrying wooden horse secretly, as there is no two signatures and cannot install.
Further, after entering safety container, in this safety container, the systemic-function that disabling is preset.
This systemic-function preset can be, but not limited to include: (Universal Serial Bus leads to call USB
With universal serial bus), WIFI (WIreless-FIdelity, Wireless Fidelity), mobile network, bluetooth,
System screenshotss, recording, sharing files that the hardware interface such as photographic head, mike is carried out and forbid
New application program is installed, only allows to run in safety container the functions such as existing application program, such as:
System, after detecting in entrance safety container, sends the instruction forbidding system screenshotss interface generation effect,
Make related application cannot realize screenshotss function by calling system screenshotss interface, screenshotss can be prevented,
And then prevent the information in safety container from being transferred out by communication interfaces such as wireless networks by after screenshotss,
Improve the safety in safety container further.
Safety protecting method in above-described embodiment, by, after entering safety container, hanging up this safety
Process outside container, can effectively prevent the application process record outside safety container or intercept in container
The information of process, thus the effect of application and data etc. in playing protection safety container so that mobile whole
End subscriber can be relievedly such as sensitive applications such as bank clients, or such as picture and contact person
It is positioned in safety container Deng private data.Additionally, by the review mechanism of doubled sign, can be in safety
Thoroughly stop the existence of any trojan horse software in container, even and if the outer virus that exists of safety container,
Owing to freezing mechanism, also the application in container cannot be caused any threat, thus can further improve
Safety in safety container.
3rd embodiment
Referring to Fig. 4, third embodiment of the invention provides a kind of safety device, and this device includes:
Detection module 31, for detecting the instruction entering safety container that user triggers;
Enter module 32, for detecting, when detection module 31, the entrance safety container that this user triggers
During instruction, enter this safety container;
Suspension module 33, for hanging up the process outside this safety container;To prevent outside this safety container
Process obtains the information of the process in this safety container.
Realize other details of technical scheme about module each in above-mentioned safety device, refer to
Description in one embodiment and the second embodiment, here is omitted.
Safety device in above-described embodiment, by, after entering safety container, hanging up this safety
Process outside container, can effectively prevent the application process record outside safety container or intercept in container
The information of process, thus the effect of application and data etc. in playing protection safety container so that mobile whole
End subscriber can be relievedly such as sensitive applications such as bank clients, or such as picture and contact person
It is positioned in safety container Deng private data.Additionally, by the review mechanism of doubled sign, can be in safety
Thoroughly stop the existence of any trojan horse software in container, even and if the outer virus that exists of safety container,
Owing to freezing mechanism, also the application in container cannot be caused any threat, thus can further improve
Safety in safety container.
4th embodiment
Referring to Fig. 5, fourth embodiment of the invention provides a kind of safety device, and this device includes:
Detection module 41, for detecting the instruction entering safety container that user triggers;
Enter module 42, for detecting, when detection module 41, the entrance safety container that this user triggers
During instruction, enter this safety container;
Suspension module 43, for hanging up the process outside this safety container;To prevent outside this safety container
Process obtains the information of the process in this safety container.
Further, suspension module 43 includes:
Describe data obtaining module 431, all processes in Ergodic Theory, obtain retouching of each process
Stating information, this describes information and includes User Identity or the Process identifier of this process;
Process judge module 432, for describing information according to this, it is judged that whether this process is that this holds safely
Process outside device;
Hanging up submodule 433, if being the process outside this safety container for this process, then hanging up this process.
Further, enter module 42 to include:
Display module 421, for when the instruction entering safety container that user triggers being detected, showing
Verification tip information, to point out this user's input validation information;
Checking data obtaining module 422, for obtaining the checking information of this user input;
Checking information matches module 423, for the checking information and the preset checking information that this user are inputted
Mate;
Enter submodule 424, if the checking information inputted for this user and this preset checking information phase
Join, then enter this safety container.
Further, this preset checking information includes the first preset checking information checking preset with second letter
Breath,
Then enter submodule 424, if being additionally operable to checking information and this first preset checking of this user input
Information match, then enter this safety container, and show the All Files information in this safety container;
Enter submodule 424, if being additionally operable to checking information and this second preset checking letter of this user input
Manner of breathing mates, then enter this safety container, and show the specified file information in this safety container;
Enter submodule 424, if being additionally operable to checking information and this first preset checking letter of this user input
Breath and this second preset checking information are not mated, and the most do not enter this safety container.
Further, detection module 41, it is additionally operable to detect the finger of the set up applications that this user triggers
Order;
This device also includes:
Digital signature obtains and authentication module 44, for detecting what this user triggered when detection module 41
During the instruction of set up applications, obtain the destination application that the instruction of this set up applications is pointed to
Digital signature and verify;
Module 45 being installed, signing with the second numeral if there is the first digital signature for this destination application
Name, and this first digital signature and this second digital signature are all by checking, then install this intended application
Program, otherwise, does not install this destination application, and wherein this first digital signature is this intended application
The primary signature of program, this second digital signature is the signature that third party defines;
Further, this device also includes:
Disabled module 46, in this safety container, disables the systemic-function preset.
Realize other details of technical scheme about module each in above-mentioned safety device, refer to
Description in one embodiment and the second embodiment, here is omitted.
Safety device in above-described embodiment, by, after entering safety container, hanging up this safety
Process outside container, can effectively prevent the application process record outside safety container or intercept in container
The information of process, thus the effect of application and data etc. in playing protection safety container so that mobile whole
End subscriber can be relievedly such as sensitive applications such as bank clients, or such as picture and contact person
It is positioned in safety container Deng private data.Additionally, by the review mechanism of doubled sign, can be in safety
Thoroughly stop the existence of any trojan horse software in container, even and if the outer virus that exists of safety container,
Owing to freezing mechanism, also the application in container cannot be caused any threat, thus can further improve
Safety in safety container.
It should be noted that each embodiment in this specification all uses the mode gone forward one by one to describe, often
What individual embodiment stressed is all the difference with other embodiments, identical between each embodiment
Similar part sees mutually.For device class embodiment, due to itself and embodiment of the method
Basic simlarity, so describe is fairly simple, relevant part sees the part explanation of embodiment of the method i.e.
Can.
It should be noted that in this article, the relational terms of such as first and second or the like is only used
By an entity or operation separate with another entity or operating space, and not necessarily require or
Imply relation or the order that there is any this reality between these entities or operation.And, term
" include ", " comprising " or its any other variant are intended to comprising of nonexcludability, so that bag
Include the process of a series of key element, method, article or device and not only include those key elements, but also wrap
Include other key elements being not expressly set out, or also include for this process, method, article or
The key element that device is intrinsic.In the case of there is no more restriction, statement " including ... " limit
Key element, it is not excluded that there is also additionally in including the process of key element, method, article or device
Identical element.
It will be appreciated by those skilled in the art that all or part of step realizing above-described embodiment can be passed through
Hardware completes, it is also possible to instructing relevant hardware by program and complete, this program can be stored in
In a kind of computer-readable recording medium, storage medium mentioned above can be read only memory, magnetic
Dish or CD etc..
Above, it is only presently preferred embodiments of the present invention, not the present invention is made any pro forma
Limit, although the present invention is disclosed above with preferred embodiment, but is not limited to the present invention,
Any those skilled in the art, in the range of without departing from technical solution of the present invention, when available
The technology contents of the disclosure above is made a little change or is modified to the Equivalent embodiments of equivalent variations, as long as
It is without departing from technical solution of the present invention content, according to the technical spirit of the present invention, above example is made
Any simple modification, equivalent variations and modification, all still fall within the range of technical solution of the present invention.
Claims (12)
1. a safety protecting method, it is characterised in that including:
When the instruction entering safety container that user triggers being detected, enter described safety container;
Hang up the process outside described safety container.
Method the most according to claim 1, it is characterised in that the described safety container of described hang-up
Outer process includes:
All processes in Ergodic Theory, obtain the description information of each process, and described description information includes
The User Identity of described process or Process identifier;
According to described description information, it is judged that whether described process is the process outside described safety container;
If described process is the process outside described safety container, then hang up described process.
Method the most according to claim 1, it is characterised in that described when detecting that user triggers
Enter safety container instruction time, enter described safety container, including:
When the instruction entering safety container that user triggers being detected, show verification tip information, with
Point out described user's input validation information;
Obtaining the checking information of described user input, the checking information described user inputted is tested with preset
Card information is mated, if the checking information of described user input and described preset checking information match,
Then enter described safety container.
Method the most according to claim 3, it is characterised in that described preset checking information includes
First preset checking information and the second preset checking information, if the checking letter of then described user input
Breath and described preset checking information match, then enter described safety container, including:
If the checking information of described user input and described first preset checking information match, then enter
Described safety container, and show the All Files information in described safety container;
If the checking information of described user input and described second preset checking information match, then enter
Described safety container, and show the specified file information in described safety container;
If checking information and the described first preset checking information of described user input and described second preset
Checking information is not mated, and does not the most enter described safety container.
5. according to the method described in any one of Claims 1-4, it is characterised in that described entrance
After described safety container, including:
When the instruction of set up applications that described user triggers being detected, obtain and described application is installed
The digital signature of destination application that the instruction of program is pointed to also is verified;
If described destination application has the first digital signature and the second digital signature, and described first
Digital signature and described second digital signature all by checking, then install described destination application, its
Described in the first digital signature be the primary signature of described destination application, described second digital signature
Signature for third party's definition;
Otherwise, described destination application is not installed.
Method the most according to claim 5, it is characterised in that the described safety container of described entrance
The most also include:
In described safety container, the systemic-function that disabling is preset.
7. a safety device, it is characterised in that including:
Detection module, for detecting the instruction entering safety container that user triggers;
Enter module, for detecting, when described detection module, the entrance safety container that described user triggers
Instruction time, enter described safety container;
Suspension module, for hanging up the process outside described safety container.
Device the most according to claim 7, it is characterised in that described suspension module includes:
Describe data obtaining module, all processes in Ergodic Theory, obtain the description of each process
Information, described description information includes User Identity or the Process identifier of described process;
Process judge module, for according to described description information, it is judged that whether described process is described peace
Process outside full container;
Hanging up submodule, if being the process outside described safety container for described process, then hanging up described
Process.
Device the most according to claim 7, it is characterised in that described entrance module includes:
Display module, for when the instruction entering safety container that user triggers being detected, display is tested
Card information, to point out described user's input validation information;
Checking data obtaining module, for obtaining the checking information of described user input;
Checking information matches module, for the checking information and the preset checking information that described user are inputted
Mate;
Enter submodule, if the checking information inputted for described user and described preset checking information phase
Coupling, then enter described safety container.
Device the most according to claim 9, it is characterised in that described preset checking information bag
Include the first preset checking information and the second preset checking information,
The most described entrance submodule, if the checking information being additionally operable to described user input is first pre-with described
Put checking information match, then enter described safety container, and show in described safety container all
Fileinfo;
Described entrance submodule, if the checking information being additionally operable to described user input is second preset with described
Checking information match, then enter described safety container, and show the appointment literary composition in described safety container
Part information;
Described entrance submodule, if the checking information being additionally operable to described user input is first preset with described
Checking information and described second preset checking information are not mated, and the most do not enter described safety container.
11. according to the device described in any one of claim 6 to 9, it is characterised in that
Described detection module, is additionally operable to detect the instruction of the set up applications that described user triggers;
Described device also includes:
Digital signature obtains and authentication module, for detecting that described user triggers when described detection module
The instruction of set up applications time, obtain the intended application that the instruction of described set up applications is pointed to
The digital signature of program is also verified;
Module being installed, signing with the second numeral if there is the first digital signature for described destination application
Name, and described first digital signature and described second digital signature are all by checking, then install described mesh
Mark application program, otherwise, does not install described destination application, and wherein said first digital signature is
The primary signature of described destination application, described second digital signature is the signature that third party defines.
12. devices according to claim 11, it is characterised in that described device also includes:
Disabled module, in described safety container, disables the systemic-function preset.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510213764.3A CN106203081A (en) | 2015-04-29 | 2015-04-29 | A kind of safety protecting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510213764.3A CN106203081A (en) | 2015-04-29 | 2015-04-29 | A kind of safety protecting method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106203081A true CN106203081A (en) | 2016-12-07 |
Family
ID=57458076
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510213764.3A Pending CN106203081A (en) | 2015-04-29 | 2015-04-29 | A kind of safety protecting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106203081A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107315947A (en) * | 2017-06-20 | 2017-11-03 | 广东欧珀移动通信有限公司 | Pay class application management method, device and mobile terminal |
| CN109298958A (en) * | 2018-10-26 | 2019-02-01 | 恒生电子股份有限公司 | The call method and related system of service |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478407A (en) * | 2008-01-03 | 2009-07-08 | 联想(北京)有限公司 | Method and apparatus for on-line safe login |
| CN103268442A (en) * | 2013-05-14 | 2013-08-28 | 北京奇虎科技有限公司 | Method and device for achieving safe access of video websites |
| CN104008329A (en) * | 2014-05-22 | 2014-08-27 | 中国科学院信息工程研究所 | Software privacy leak behavior detection method and system based on virtualization technology |
| US8850574B1 (en) * | 2011-02-28 | 2014-09-30 | Google Inc. | Safe self-modifying code |
| CN104077517A (en) * | 2014-06-30 | 2014-10-01 | 惠州Tcl移动通信有限公司 | Mobile terminal user mode start method and system based on iris identification |
| CN104092544A (en) * | 2014-06-26 | 2014-10-08 | 工业和信息化部计算机与微电子发展研究中心(中国软件评测中心) | Service signature method and device compatible with Android application |
-
2015
- 2015-04-29 CN CN201510213764.3A patent/CN106203081A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101478407A (en) * | 2008-01-03 | 2009-07-08 | 联想(北京)有限公司 | Method and apparatus for on-line safe login |
| US8850574B1 (en) * | 2011-02-28 | 2014-09-30 | Google Inc. | Safe self-modifying code |
| CN103268442A (en) * | 2013-05-14 | 2013-08-28 | 北京奇虎科技有限公司 | Method and device for achieving safe access of video websites |
| CN104008329A (en) * | 2014-05-22 | 2014-08-27 | 中国科学院信息工程研究所 | Software privacy leak behavior detection method and system based on virtualization technology |
| CN104092544A (en) * | 2014-06-26 | 2014-10-08 | 工业和信息化部计算机与微电子发展研究中心(中国软件评测中心) | Service signature method and device compatible with Android application |
| CN104077517A (en) * | 2014-06-30 | 2014-10-01 | 惠州Tcl移动通信有限公司 | Mobile terminal user mode start method and system based on iris identification |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107315947A (en) * | 2017-06-20 | 2017-11-03 | 广东欧珀移动通信有限公司 | Pay class application management method, device and mobile terminal |
| WO2018233549A1 (en) * | 2017-06-20 | 2018-12-27 | Oppo广东移动通信有限公司 | Payment-type application program management method and apparatus, and mobile terminal |
| CN109298958A (en) * | 2018-10-26 | 2019-02-01 | 恒生电子股份有限公司 | The call method and related system of service |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9712565B2 (en) | System and method to provide server control for access to mobile client data | |
| CN100568212C (en) | Shielding system and partition method | |
| US8370899B2 (en) | Disposable browser for commercial banking | |
| CN113841145A (en) | Lexus software in inhibit integration, isolation applications | |
| Marforio et al. | Evaluation of personalized security indicators as an anti-phishing mechanism for smartphone applications | |
| CN106169052B (en) | Processing method, device and the mobile terminal of application program | |
| US10673888B1 (en) | Systems and methods for managing illegitimate authentication attempts | |
| US20210182440A1 (en) | System for preventing access to sensitive information and related techniques | |
| US20170169213A1 (en) | Electronic device and method for running applications in different security environments | |
| CN107466031A (en) | A kind of method and terminal for protecting data | |
| CN108335105A (en) | Data processing method and relevant device | |
| CN104992082A (en) | Software authorization method and device and electronic equipment | |
| CN113221095A (en) | Application program protection method and device, electronic equipment and storage medium | |
| CN103036852A (en) | Method and device for achieving network login | |
| CN104955043B (en) | A kind of intelligent terminal security protection system | |
| US11379568B2 (en) | Method and system for preventing unauthorized computer processing | |
| US20150172310A1 (en) | Method and system to identify key logging activities | |
| CN106203081A (en) | A kind of safety protecting method and device | |
| CN106161481A (en) | A kind of mobile terminal physical button isolation safe module takes precautions against the device of security risk | |
| WO2016026333A1 (en) | Data protection method, device and storage medium in connection between terminal and pc | |
| CN117473542A (en) | Service data access method, device, equipment and storage medium | |
| CN104866761B (en) | A kind of high security Android intelligent terminal | |
| US10552626B2 (en) | System and method for selecting a data entry mechanism for an application based on security requirements | |
| Sajeev et al. | A Collaborative Approach for Android Hacking by Integrating Evil-Droid, Ngrok, Armitage and its Countermeasures | |
| Song et al. | Android Data-Clone Attack via Operating System Customization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161207 |