CN106778228A - Control the method and device of application call - Google Patents
Control the method and device of application call Download PDFInfo
- Publication number
- CN106778228A CN106778228A CN201611048383.5A CN201611048383A CN106778228A CN 106778228 A CN106778228 A CN 106778228A CN 201611048383 A CN201611048383 A CN 201611048383A CN 106778228 A CN106778228 A CN 106778228A
- Authority
- CN
- China
- Prior art keywords
- application program
- call operation
- application
- call
- default
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
- Telephone Function (AREA)
Abstract
The invention provides a kind of method and device of control application call, the method includes:During call operation between monitor at least two application programs, judge that called application program whether there is in default isolation applications white list, the isolation applications white list is used to prestore the application program that need to isolate;If judging, the called application program is present in the isolation applications white list, is authenticated by the application program that call operation is initiated in call operation described in default checking name single pair of;If initiating the application program of call operation in the call operation not by authentication, forbid the call operation between at least two application program.Technical scheme prevents malicious application from intercepting the call operation, and the malicious user interface of its designed, designed is covered by display above the interactive interface of application program based on the call operation, with user cheating so as to reach the purpose of the property data and private data that steal user.
Description
Technical field
The present invention relates to communication technical field, specifically, the present invention relates to a kind of method for controlling application call,
A kind of device and a kind of mobile terminal of control application call.
Background technology
With the development of internet, mobile terminal has also developed into intelligent mobile terminal from traditional digital mobile terminal.
The institute that traditional digital mobile terminal is not only realized by intelligent mobile terminal is functional, also by installing various application programs
To meet the various demands of user, such as entertainment requirements, learning demand, shopping need, office demand.
In order to meet the various demands of above-mentioned user, accordingly, installed in intelligent mobile terminal number of applications and
Species is also more and more;So as to the user's private data stored in intelligent mobile terminal application program is also more and more.Due to
Always there is security procedure leak in the operating system of intelligent mobile terminal, so all application programs all have user's private unavoidably
The danger that ciphertext data is stolen by malicious application.Particularly, on the application program of property class;Due to the application journey of property class
The property data of the in store user of sequence;Once being stolen by malicious application, then huge property loss can be caused to user.And
Malicious application can be designed and property class application program before the property data of the user in stealing property class application program
Interactive interface identical malicious user interface, user by mistake using malicious user interface as property class application program true interaction
Interface carries out the input of the accounts informations such as user name, password, and malicious application can easily get the accounts information of user, from
And the property data of user is stolen;Therefore it is current with property class application program how to prevent malicious application from designing
Status information identical malicious user interface, is the property number for preventing property class application program from user is stolen by malicious application
According to key.
The content of the invention
To overcome above-mentioned technical problem or solving above-mentioned technical problem at least in part, spy proposes following technical scheme:
One embodiment of the present of invention proposes a kind of method for controlling application call, including:
During call operation between monitor at least two application programs, judge that called application program whether there is
In default isolation applications white list, the application program that isolation applications white list need to isolate for prestoring;
If judging, called application program is present in isolation applications white list, by default checking list to calling
The application program that call operation is initiated in operation is authenticated;
If initiating the application program of call operation in call operation not by authentication, forbid between at least two application programs
Call operation.
Preferably, the method also includes:
During call operation between monitor at least two application programs, judge at least two application programs whether simultaneously
It is present in default isolation applications white list;
If so, then allowing the call operation between at least two application programs.
Preferably, the method also includes:
During call operation between monitor at least two application programs, judge to initiate call operation in call operation
Application program whether there is in default isolation applications white list;
If so, then allowing the call operation between at least two application programs.
Preferably, the method also includes:
Initiate between monitor at least two application programs to have adjusted when operating, judge at least two application programs times
It is default in exempting from isolation applications list whether one application program is stored in;
If so, initiating to have adjusted operation between then allowing at least two application programs.
Preferably, if initiating the application program of call operation in call operation by authentication, the method also includes:
Obtain the digital signature of the application program of initiation call operation in call operation;
Whether the digital signature for judging the application program for initiating call operation is legitimate signature, and according to judged result come really
The fixed call operation whether allowed between at least two application programs.
Preferably, whether the digital signature for judging the application program for initiating call operation is legitimate signature, including:
Judge that the digital signature of the application program for initiating call operation is present in default legitimate signature list;
Wherein, the call operation between at least two application programs is determined whether according to judged result, including:
If judging, the digital signature of the application program for initiating call operation is present in default legitimate signature list, permits
Perhaps the call operation between at least two application programs;
Otherwise, then the call operation between at least two application programs is forbidden.
Preferably, the application program that call operation is initiated in call operation is authenticated by default checking list,
Including:
Behaviour is called obtaining initiation by the system component for initiating application program pull-up in call operation of call operation
The application program identification information of work;
Judge that application program identification information whether there is in default checking list, wherein, the checking list includes
At least one in blacklist, gray list and white list.
Preferably, in judging that application program identification information is present in default blacklist, it is determined that initiating call operation
Application program is not by authentication.
Preferably, in judging that application program identification information is present in default gray list, the method also includes:
Application program to initiating call operation in call operation carries out security control and accesses checking;
When the result is authentication failed, determine to initiate the application program of call operation not by mirror in call operation
Power;Or
When the result is to be proved to be successful, determine to initiate the application program of call operation by authentication in call operation.
Preferably, security control is carried out to the application program that call operation is initiated in call operation and accesses the step of verifying,
Including:
Checking instruction is sent to the application program that call operation is initiated in call operation so that initiate to call in call operation
The application program of operation sends checking request to security server;
Receive the result that security server is verified to the application program that call operation is initiated in call operation.
Preferably, in judging that application program identification information is present in default white list, it is determined that initiating call operation
Application program is by authentication.
Wherein, based on following at least any system component, the call operation between at least two application programs is realized:
Activity components, Service components, Content Provider components, Broadcast Receiver components.
Preferably, when the call operation between at least two application programs of permission, the method also includes:
Terminate process or mobile terminal by screen locking when at least one of call operation application program is detected, then prohibit
The only call operation between at least two application program, to terminate the call operation.
Another embodiment of the present invention proposes a kind of device of control application call, including:
First judge module, during for call operation between monitor at least two application programs, judges called
Application program whether there is in default isolation applications white list, isolation applications white list is used for the application that need to isolate of prestoring
Program;
Authentication module, if for judging that called application program is present in isolation applications white list, by default
Checking list is authenticated to the application program that call operation is initiated in call operation;
Disabled module, if for initiating the application program of call operation in call operation not by authentication, forbidding at least two
Call operation between individual application program.
Preferably, the device also includes:
First allows module, during for call operation between monitor at least two application programs, judges at least two
Whether individual application program is present in default isolation applications white list simultaneously;
If so, then allowing the call operation between at least two application programs.
Preferably, the device also includes:
Second allows module, and during for call operation between monitor at least two application programs, behaviour is called in judgement
The application program that call operation is initiated in work whether there is in default isolation applications white list;
If so, then allowing the call operation between at least two application programs.
Preferably, the device also includes:
3rd allows module, and when being operated for initiating between monitor at least two application programs to have adjusted, judgement is at least
It is default in exempting from isolation applications list whether any application program in two application programs is stored in;
If so, initiating to have adjusted operation between then allowing at least two application programs.
Preferably, if initiating the application program of call operation in call operation by authentication, the device also includes:
Digital signature acquisition module, the digital signature of the application program for obtaining initiation call operation in call operation;
Second judge module, whether the digital signature of the application program for judging to initiate call operation is legitimate signature,
And the call operation between at least two application programs is determined whether according to judged result.
Preferably, the second judge module includes:
Judging unit, the digital signature of the application program for judging to initiate call operation is present in default legitimate signature
In list;
First condition judging unit, if for judge initiate call operation application program digital signature be present in it is default
Legitimate signature list in, then allow the call operation between at least two application programs;
Second condition judging unit, for otherwise, then forbidding the call operation between at least two application programs.
Preferably, authentication module, for the system of the application program pull-up in call operation by initiating call operation
Component initiates the application program identification information of call operation to obtain;
Judge that application program identification information whether there is in default checking list, wherein, the checking list includes
At least one in blacklist, gray list and white list.
Preferably, in judging that application program identification information is present in default blacklist, it is determined that initiating call operation
Application program is not by authentication.
Preferably, in judging that application program identification information is present in default gray list, the device also includes:
Security control accesses authentication module, for carrying out safe control to the application program that call operation is initiated in call operation
System accesses checking;
First the result judge module, for when the result is authentication failed, determining to initiate to adjust in call operation
With the application program of operation not by authentication;Or
Second the result judge module, for when the result is to be proved to be successful, determining to initiate to adjust in call operation
With the application program of operation by authentication.
Preferably, security control accesses authentication module and includes:
Transmitting element, for sending checking instruction to the application program that call operation is initiated in call operation so that call
The application program that call operation is initiated in operation sends checking request to security server;
Receiving unit, verifies for receiving security server to the application program that call operation is initiated in call operation
The result.
Preferably, in judging that application program identification information is present in default white list, it is determined that initiating call operation
Application program is by authentication.
Wherein, based on following at least any system component, the call operation between at least two application programs is realized:
Activity components, Service components, Content Provider components, Broadcast Receiver components.
Preferably, when the call operation between at least two application programs of permission, the device also includes:
Call operation terminate module, for when detect at least one of call operation application program terminate process or
Person's mobile terminal then forbids the call operation between at least two application program by screen locking, to terminate the call operation.
Another embodiment of the invention proposes a kind of mobile terminal, including the device of control application call is implemented
Any technical scheme in example.
In technical scheme, the call operation between monitor at least two application programs, first determine whether by
The application program called whether there is in default isolation applications white list, if judging called application program to need isolation
Application program when, the application program for initiating call operation by default checking name single pair of is authenticated;Allow to presence
Malicious application in the application program for initiating call operation cannot cannot then call isolation applications journey by authentication
Sequence, such as property class application program;So as to prevent malicious application from intercepting the call operation, and based on the call operation by its from
The malicious user interface of row design covers display above the interactive interface of application program, stolen so as to reach with user cheating
To the property data and the purpose of private data of user;Preferably protect safety, the data of user of isolation applications program
Safety and property safety, and improve the operating system of intelligent mobile terminal and the security reliability of isolation applications program.
The additional aspect of the present invention and advantage will be set forth in part in the description, and these will become from the following description
Obtain substantially, or recognized by practice of the invention.
Brief description of the drawings
The above-mentioned and/or additional aspect of the present invention and advantage will become from the following description of the accompanying drawings of embodiments
Substantially and be readily appreciated that, wherein:
Fig. 1 is the schematic flow sheet of the method for the control application call of one embodiment in the present invention;
Fig. 2 is a schematic flow sheet authenticated by default checking list of preferred embodiment in the present invention;
Fig. 3 is the schematic flow sheet authenticated based on default gray list of another preferred embodiment in the present invention;
Fig. 4 is that the security control of further embodiment in the present invention accesses the schematic flow sheet verified;
Fig. 5 is the schematic flow sheet of the judgement digital signature polymerization process of another preferred embodiment in the present invention;
Fig. 6 is the structural framing schematic diagram of the device of the control application call of another embodiment in the present invention;
Fig. 7 be in the present invention another embodiment with the control application journey that authentication functions are carried out based on default gray list
The structural framing schematic diagram of the device that sequence is called;
Fig. 8 is the structural framing schematic diagram of the security control access authentication module of another embodiment in the present invention;
Fig. 9 be in the present invention another embodiment with the control application call for judging the legal function of digital signature
The structural framing schematic diagram of device;
Figure 10 is the structural framing schematic diagram of the second judge module of another embodiment in the present invention.
Specific embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from start to finish
Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached
It is exemplary to scheme the embodiment of description, is only used for explaining the present invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singulative " " used herein, " one
It is individual ", " described " and " being somebody's turn to do " may also comprise plural form.It is to be further understood that what is used in specification of the invention arranges
Diction " including " refer to the presence of the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition
One or more other features, integer, step, operation, element, component and/or their group.It should be understood that when we claim unit
Part is " connected " or during " coupled " to another element, and it can be directly connected or coupled to other elements, or can also exist
Intermediary element.Additionally, " connection " used herein or " coupling " can include wireless connection or wireless coupling.It is used herein to arrange
Diction "and/or" includes one or more associated wholes or any cell of listing item and all combines.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific terminology), with art of the present invention in those of ordinary skill general understanding identical meaning.Should also
Understand, those terms defined in such as general dictionary, it should be understood that with the context with prior art
The consistent meaning of meaning, and unless by specific definitions as here, will not otherwise use idealization or excessively formal implication
To explain.
Those skilled in the art of the present technique are appreciated that " terminal " used herein above, " terminal device " both include wireless communication
The equipment of number receiver, the equipment of its wireless signal receiver for only possessing non-emissive ability, and including receiving and transmitting hardware
Equipment, its equipment with reception that two-way communication on bidirectional communication link, can be carried out and transmitting hardware.This equipment
Can include:Honeycomb or other communication equipments, it has single line display or multi-line display or is shown without multi-line
The honeycomb of device or other communication equipments;PCS (Personal Communications Service, PCS Personal Communications System), it can
With combine voice, data processing, fax and/or its communication ability;PDA (Personal Digital Assistant, it is personal
Digital assistants), it can include radio frequency receiver, pager, the Internet/intranet access, web browser, notepad, day
Go through and/or GPS (Global Positioning System, global positioning system) receiver;Conventional laptop and/or palm
Type computer or other equipment, its have and/or conventional laptop and/or palmtop computer including radio frequency receiver or its
His equipment." terminal " used herein above, " terminal device " they can be portable, can transport, installed in the vehicles (aviation,
Sea-freight and/or land) in, or be suitable for and/or be configured in local runtime, and/or with distribution form, operate in the earth
And/or any other position operation in space." terminal " used herein above, " terminal device " can also be communication terminal, on
Network termination, music/video playback terminal, for example, can be PDA, MID (Mobile Internet Device, mobile Internet
Equipment) and/or the equipment such as mobile phone, or intelligent television, Set Top Box with music/video playing function.
It should be noted that the embodiment of the present invention is realized based on mobile terminal operating system, mobile terminal operation system
System is the operating system based on (SuSE) Linux OS freedom and open source code, for example, Android Android operation systems.
Fig. 1 is the schematic flow sheet of the method for the control application call of one embodiment in the present invention.
Step S101:During call operation between monitor at least two application programs, called application journey is judged
Sequence whether there is in default isolation applications white list, the application program that isolation applications white list need to isolate for prestoring;Step
Rapid S102:If judging, called application program is present in isolation applications white list, by default checking list to calling
The application program that call operation is initiated in operation is authenticated;Step S103:If initiating the application of call operation in call operation
Program by authentication, does not forbid the call operation between at least two application programs.
In technical scheme, the call operation between monitor at least two application programs, first determine whether by
The application program called whether there is in default isolation applications white list, if judging called application program to need isolation
Application program when, the application program for initiating call operation by default checking name single pair of is authenticated;Allow to presence
Malicious application in the application program for initiating call operation cannot cannot then call isolation applications journey by authentication
Sequence, such as property class application program;So as to prevent malicious application from intercepting the call operation, and based on the call operation by its from
The malicious user interface of row design covers display above the interactive interface of application program, is stolen so as to reach with user cheating
The property data of user and the purpose of private data;The safety of isolation applications program, the data of user is preferably protected to pacify
Complete and property safety, and improve the operating system of intelligent mobile terminal and the security reliability of isolation applications program.
It is described further below for implementing for each step:
Step S101:During call operation between monitor at least two application programs, called application journey is judged
Sequence whether there is in default isolation applications white list, the application program that isolation applications white list need to isolate for prestoring.
It is that application program sets operation higher, the peace such as calls based on sandbox technology it should be noted that in the present embodiment
Full powers are limited, so as to be application program formation Virtual Space, i.e. isolated area in Android operation system, additionally, in isolated area shape
Cheng Qian, can detect with the presence or absence of established original isolated area in Android operation system, if in the presence of, detect this it is original every
Whether there is application program, such as property class application program in area, if in the presence of such application program, in corresponding original isolation
In area, the mode of existing application program is installed based on covering, reinstalls such application program, meanwhile, delete such application
Application data of the program in original isolated area or by application data store to the Virtual Space being subsequently formed.By virtualization
Redirecting technique, is directed to the application program reinstalled or the application program do not reinstalled the Virtual Space being subsequently formed
In, such as property class application program is directed in isolated area by virtualizing redirecting technique, when user is being subsequently formed
The application program reinstalled is logged in Virtual Space, even if the application data of the application program has been deleted before, it is also possible to
Obtained again by the register of the user.After property class application program is directed in isolated area, isolated area meeting
Generate the application icon and Apply Names of the property class application program, such as application icon " palm life icon ", the Apply Names " palm
Upper life ", and delete the user interface in non-isolated area, such as desktop, user interface is set, on the property class application program
Application icon and Apply Names;To avoid malice of the property class application program in non-isolated area from pacifying loading, unloading and renewal;It is based on
The process that sandbox technology sets isolated area is state of the art means, is just repeated no more again.
Wherein, be stored with property class application program in default isolation applications white list;Such as, " palm life " apply journey
Sequence, " sequence " application program, " wealth is paid logical " application program etc..
Specifically, when the call operation between at least two application programs, the application program that initiation is called can pass through
Android operation system send intent request, by Hook Function monitor the intent ask, and intercept the intent please
Ask, and judge that the called application program in the request whether there is in default isolation applications white list, to determine to be somebody's turn to do
Whether called application program is the application program isolated.
It should be noted that because by the request mechanism of intelligent mobile terminal Android operation system, transmission is called
Request can just get up any application call, thus when malicious application detects the call operation of user, e.g., detection
When carrying out transactional operation in bank application to user, malicious application can intercept the call operation, and based on the tune
The malicious user interface of its designed, designed is covered into display above the interactive interface of bank application with operation, to cheat use
Family, so as to reach the purpose of the accounts information for stealing user input.
Step S102:If judging, called application program is present in isolation applications white list, by default checking
List is authenticated to the application program that call operation is initiated in call operation.
Specifically, the application program that call operation is initiated in call operation is authenticated by default checking list
Step, as shown in Fig. 2 including:Step S201:System by initiating application program pull-up in call operation of call operation
Component initiates the application program identification information of call operation to obtain;Step S202:Judge whether application program identification information deposits
Be it is default checking list in.
Wherein, checking list includes:White list, gray list and blacklist.
Specifically, the operation system of application program intelligent mobile terminal of meeting pull-up in call operation of call operation is initiated
System component, the Activity components such as in Android operation system carry out complete call operation, if judging called application journey
Sequence is present in isolation applications white list, i.e., when called application program is the application program of isolation, by pull-up
The information of Activity components initiates the application program identification information of call operation to obtain, so that it is determined that initiating call operation
Application program whether be malicious application or determine the Activity components whether be isolation application program
Activity components.
It should be noted that system component can also include:Service components, Content Provider components and
Broadcast Receiver components etc., this preferred embodiment can obtain initiation call operation by system above component
Application program identification information or determine said system component whether be isolation application program system component.
If judging, called application program is not present in isolation applications white list, i.e., the called application program is
The application program of non-isolated, because the application program of non-isolated does not exist needs secure data to be protected, so do not exist being disliked
The problem of the leakage of user security data caused by meaning application program utilization;Then allow between at least two application program
Call operation.
More specifically, when judging that application program identification information is present in default blacklist, i.e., the application program is evil
Meaning application program, it is determined that initiating the application program of call operation not by authentication.
In judging that application program identification information is present in default gray list, i.e., the application program is to need to be verified
, as shown in figure 3, the method also includes:Step S301:Application program to initiating call operation in call operation carries out safety
Control accesses checking;Step S302:When the result is authentication failed, the application of initiation call operation in call operation is determined
Program is not by authentication;Step S303:When the result is to be proved to be successful, determine to initiate answering for call operation in call operation
With program by authentication.
Application program to initiating call operation in call operation carries out security control and accesses the step of verifying, such as Fig. 4 institutes
Show, including:Step S401:Checking instruction is sent to the application program that call operation is initiated in call operation so that call operation
The middle application program for initiating call operation sends checking request to security server;Step S402:Security server is received to exchange
The result verified with the application program that call operation is initiated in operation.
Specifically, security server is received and initiates the checking request that the application program of call operation sends, and is obtained this and tested
Checking information in card request, such as checking information include the installation package informatin of the application program for initiating call operation;Security service
Device is scanned to the checking information, such as vulnerability scanning and static scanning, and determines whether the checking information is abnormal, if be as good as
Often, it is determined that the application program of the initiation call operation is security application, and the result that is proved to be successful is returned.
It should be noted that when application program is present in gray list, it is also possible to directly by local safety detection
Instrument carries out safety detection to the application program, and the local safety detection instrument needs regularly to update.
It is to determine suspicious application program, and the application program suspicious to this to set up gray list in list is verified
Verified so that the judgement to malicious application is more accurate, while will not prevent to belong to the safety applications in gray list
The call operation of the application program of program normal call isolation.
In judging that application program identification information is present in default white list, i.e., the application program is safety applications journey
Sequence, or the application program that the application program is isolation, it is determined that initiating the application program of call operation by authentication.
It should be noted that can accurately determine security application in the default white list and allow safety applications
The application program of routine call isolation, protects the safety of the application program of isolation, prevents the leakage of the private data of user.
If it is preferred that in call operation initiate call operation application program by authentication, as shown in figure 5, the method is also
Including:Step S501:Obtain the digital signature of the application program of initiation call operation in call operation;Step S502:Judge hair
Whether the digital signature of application program for playing call operation be legitimate signature, and is determined whether at least according to judged result
Call operation between two application programs.
Specifically, the step of whether digital signature for judging the application program for initiating call operation is legitimate signature, including:
Judge that the digital signature of the application program for initiating call operation is present in default legitimate signature list.
The step of call operation between at least two application programs is determined whether according to judged result, including:
If judging, the digital signature of the application program for initiating call operation is present in default legitimate signature list, allows at least two
Call operation between individual application program;Otherwise, then the call operation between at least two application programs is forbidden.
It should be noted that initiating the application program of call operation in call operation by after authentication and digital to it
The legitimacy of signature verified, be to the application program whether be malicious application further judgement, more add
The safety measure of the application program of kind protective separation so that the private data of user is safer.
Step S103:If initiating the application program of call operation in call operation not by authentication, at least two are forbidden to answer
With the call operation between program.
Specifically, if the application program that call operation is initiated in call operation is not evil by authentication, the i.e. application program
Meaning application program, then forbid the call operation between at least two application programs.
Specifically, the method also includes:During call operation between monitor at least two application programs, judge at least
Whether two application programs are present in default isolation applications white list simultaneously;If so, then illustrating at least two application programs
It is the application program of isolation.Because the application program isolated is the application program that has passed through safety detection, so having exhausted
To security, then allow the call operation between at least two application programs.If it is not, then according to described in the present embodiment
Other situations go to judge.
The method also includes:During call operation between monitor at least two application programs, in judging call operation
The application program for initiating call operation whether there is in default isolation applications white list;If so, then allowing at least two to answer
With the call operation between program.Because the application program isolated is the application program that has passed through safety detection, so having
Absolute security, then allow the application program of isolation to initiate to call the operation of other application programs, that is, allow at least two to answer
With the call operation between program.If it is not, then going to judge according to other situations described in the present embodiment.
The method also includes:Initiate between monitor at least two application programs to have adjusted when operating, judge at least two
It is default in exempting from isolation applications list whether any application program in application program is stored in;If so, then allowing at least two
Initiate to have adjusted operation between application program.
During call operation between monitor at least two application programs, any at least two application programs is judged
It is default in exempting from isolation applications list whether application program is stored in, wherein, it is default exempt to be stored with isolation applications list from
Body has the identification information of the application program of authentication function;If so, then illustrating that any application program belongs to itself and has checking
The application program of function, such as Alipay application program, all security applications that can call Alipay application program are necessary
It is the security application registered on Alipay server, Alipay server can give each registered safety applications journey
One KEY key of sequence;Registered application program, such as U.S. group's application program, when Alipay application program is called, can be close by this
Key is sent to Alipay application program, and Alipay application program can send to Alipay server the key to verify the note
Whether the true identity of the application program that volume is crossed is legal U.S. group's application program, so as to the safety of application program of guaranteeing payment.
So, when any application program at least two application programs is stored in default exempting from isolation applications list;Then allow
Initiate to have adjusted operation between at least two application programs.If not, going to judge according to other situations described in the present embodiment.
It should be noted that in the above-described embodiments, it is allowed to when initiating call operation between at least two application programs, should
Having adjusted operation has certain life cycle, and at least one application program terminates process or shifting in the call operation is detected
Dynamic terminal then forbids the call operation between at least two application program by screen locking, is to terminate with the call operation.
Fig. 6 is the structural framing schematic diagram of the device of the control application call of another embodiment in the present invention.First
When judge module 601, call operation between monitor at least two application programs, whether called application program is judged
It is present in default isolation applications white list, the application program that isolation applications white list need to isolate for prestoring;Authentication module
602, if judging, called application program is present in isolation applications white list, by default checking list to call operation
The middle application program for initiating call operation is authenticated;Disabled module 603, if initiating the application journey of call operation in call operation
Sequence by authentication, does not forbid the call operation between at least two application programs.
It is described further below for implementing for modules:
When the first judge module 601, call operation between monitor at least two application programs, judge called
Application program whether there is in default isolation applications white list, the application journey that isolation applications white list need to isolate for prestoring
Sequence.
It is that application program sets operation higher, the peace such as calls based on sandbox technology it should be noted that in the present embodiment
Full powers are limited, so as to be application program formation Virtual Space, i.e. isolated area in Android operation system, additionally, in isolated area shape
Cheng Qian, can detect with the presence or absence of established original isolated area in Android operation system, if in the presence of, detect this it is original every
Whether there is application program, such as property class application program in area, if in the presence of such application program, in corresponding original isolation
In area, the mode of existing application program is installed based on covering, reinstalls such application program, meanwhile, delete such application
Application data of the program in original isolated area or by application data store to the Virtual Space being subsequently formed.By virtualization
Redirecting technique, is directed to the application program reinstalled or the application program do not reinstalled the Virtual Space being subsequently formed
In, such as property class application program is directed in isolated area by virtualizing redirecting technique, when user is being subsequently formed
The application program reinstalled is logged in Virtual Space, even if the application data of the application program has been deleted before, it is also possible to
Obtained again by the register of the user.After property class application program is directed in isolated area, isolated area meeting
Generate the application icon and Apply Names of the property class application program, such as application icon " palm life icon ", the Apply Names " palm
Upper life ", and delete the user interface in non-isolated area, such as desktop, user interface is set, on the property class application program
Application icon and Apply Names;To avoid malice of the property class application program in non-isolated area from pacifying loading, unloading and renewal;It is based on
The process that sandbox technology sets isolated area is state of the art means, is just repeated no more again.
Wherein, the identification information of the property class application program that is stored with default isolation applications white list;Such as, " palm is given birth to
The identification information of work " application program, the identification information of " sequence " application program, the identification information of " wealth is paid logical " application program
Deng.
Specifically, when the call operation between at least two application programs, the application program that initiation is called can pass through
Android operation system send intent request, by Hook Function monitor the intent ask, and intercept the intent please
Ask, and judge that the called application program in the request whether there is in default isolation applications by the first judge module 601
In white list, with determine the called application program whether be isolation application program.
It should be noted that because by the request mechanism of intelligent mobile terminal Android operation system, transmission is called
Request can just get up any application call, thus when malicious application detects the call operation of user, e.g., detection
When carrying out transactional operation in bank application to user, malicious application can intercept the call operation, and based on the tune
The malicious user interface of its designed, designed is covered into display above the interactive interface of bank application with operation, to cheat use
Family, so as to reach the purpose of the accounts information for stealing user input.
Authentication module 602, if judging, called application program is present in isolation applications white list, is tested by default
Card list is authenticated to the application program that call operation is initiated in call operation.
Specifically, authentication module 602, the system group of the application program pull-up in call operation by initiating call operation
Part initiates the application program identification information of call operation to obtain;Judge that application program identification information whether there is to be tested in default
In card list.
Wherein, checking list includes:White list, gray list and blacklist.
Specifically, the operation system of application program intelligent mobile terminal of meeting pull-up in call operation of call operation is initiated
System component, the Activity components such as in Android operation system carry out complete call operation, if judging called application journey
Sequence is present in isolation applications white list, i.e., when called application program is the application program of isolation, by pull-up
The information of Activity components initiates the application program identification information of call operation to obtain, so that it is determined that initiating call operation
Application program whether be malicious application or determine the Activity components whether be isolation application program
Activity components.
It should be noted that system component can also include:Service components, Content Provider components and
Broadcast Receiver components, this preferred embodiment can be obtained by system above component initiates call operation
Application program identification information or determine said system component whether be isolation application program system component.
If judging, called application program is not present in isolation applications white list, i.e., the called application program is
The application program of non-isolated, because the application program of non-isolated does not exist needs secure data to be protected, so do not exist being disliked
The problem of the leakage of user security data caused by meaning application program utilization;Then allow between at least two application program
Call operation.
More specifically, when judging that application program identification information is present in default blacklist, i.e., the application program is evil
Meaning application program, it is determined that initiating the application program of call operation not by authentication.
In judging that application program identification information is present in default gray list, i.e., the application program is to need to be verified
, as shown in fig. 7, the device also includes:Security control accesses authentication module 701, to initiating call operation in call operation
Application program carries out security control and accesses checking;First the result judge module 702, when the result is authentication failed,
Determine to initiate the application program of call operation not by authentication in call operation;Second the result judge module 703, works as checking
Result passes through authentication when being proved to be successful, to determine the application program of initiation call operation in call operation.
As shown in figure 8, security control accesses authentication module including:Transmitting element 801, behaviour is called to initiation in call operation
The application program of work sends checking instruction so that the application program that call operation is initiated in call operation sends to security server
Checking request;Receiving unit 802, receives security server and the application program that call operation is initiated in call operation is verified
The result.
Specifically, security server is received and initiates the checking request that the application program of call operation sends, and is obtained this and tested
Checking information in card request, such as checking information include the installation package informatin of the application program for initiating call operation;Security service
Device is scanned to the checking information, such as vulnerability scanning and static scanning, and determines whether the checking information is abnormal, if be as good as
Often, it is determined that the application program of the initiation call operation is security application, and the result that is proved to be successful is returned.
It should be noted that when application program is present in gray list, it is also possible to directly by local safety detection
Instrument carries out safety detection to the application program, and the local safety detection instrument needs regularly to update.
It is to determine suspicious application program, and the application program suspicious to this to set up gray list in list is verified
Verified so that the judgement to malicious application is more accurate, while will not prevent to belong to the safety applications in gray list
The call operation of the application program of program normal call isolation.
In judging that application program identification information is present in default white list, i.e., the application program is safety applications journey
Sequence, or the application program that the application program is isolation, it is determined that initiating the application program of call operation by authentication.
It should be noted that can accurately determine security application in the default white list and allow safety applications
The application program of routine call isolation, protects the safety of the application program of isolation, prevents the leakage of the private data of user.
If it is preferred that in call operation initiate call operation application program by authentication, as shown in figure 9, the device is also
Including:Digital signature acquisition module 901, obtains the digital signature of the application program of initiation call operation in call operation;Second
Judge module 902, whether the digital signature for judging the application program for initiating call operation is legitimate signature, and according to judged result
To determine whether the call operation between at least two application programs.
Specifically, as shown in Figure 10, the second judge module 902 includes:Judging unit 1001, judges to initiate call operation
The digital signature of application program is present in default legitimate signature list;First condition judging unit 1002, if judging to initiate
The digital signature of the application program of call operation is present in default legitimate signature list, then allow at least two application programs
Between call operation;Second condition judging unit 1003, otherwise, then forbids calling behaviour between at least two application programs
Make.
It should be noted that initiating the application program of call operation in call operation by after authentication and digital to it
The legitimacy of signature verified, be to the application program whether be malicious application further judgement, more add
The safety measure of the application program of kind protective separation so that the private data of user is safer.
Disabled module 603, if initiating the application program of call operation in call operation not by authentication, forbids at least two
Call operation between application program.
Specifically, if the application program that call operation is initiated in call operation is not evil by authentication, the i.e. application program
Meaning application program, then forbid the call operation between at least two application programs.
Specifically, the device also includes:First allows module, calls behaviour between monitor at least two application programs
When making, judge at least two application programs whether while being present in default isolation applications white list;If so, then illustrating at least
Two application programs are the application program of isolation, then allow the call operation between at least two application programs.Due to isolation
Application program be the application program for having passed through safety detection, so with absolute security, then allowing at least two should
With the call operation between program.If it is not, then going to judge according to other situations described in the present embodiment.
Specifically, the device also includes:Second allows module, calls behaviour between monitor at least two application programs
When making, judge to initiate the application program of call operation with the presence or absence of in default isolation applications white list in call operation;If
It is then to allow the call operation between at least two application programs.Because the application program isolated is to have passed through safety detection
Application program, so with absolute security, then allowing the application program of isolation to initiate to call the behaviour of other application programs
Make, that is, allow the call operation between at least two application programs.If it is not, then according to other situations described in the present embodiment
Go to judge.
Specifically, the device also includes:3rd allows module, initiates to adjust between monitor at least two application programs
During operation, judge whether any application program at least two application programs is stored in and default exempt from isolation applications list;
If so, initiating to have adjusted operation between then allowing at least two application programs.
During call operation between monitor at least two application programs, any at least two application programs is judged
It is default in exempting from isolation applications list whether application program is stored in, wherein, it is default exempt to be stored with isolation applications list from
Body has the identification information of the application program of authentication function;If so, then illustrating that any application program belongs to itself and has checking
The application program of function, such as Alipay application program, all security applications that can call Alipay application program are necessary
It is the security application registered on Alipay server, Alipay server can give each registered safety applications journey
One KEY key of sequence;Registered application program, such as U.S. group's application program, when Alipay application program is called, can be close by this
Key is sent to Alipay application program, and Alipay application program can send to Alipay server the key to verify the note
Whether the true identity of the application program that volume is crossed is legal U.S. group's application program, so as to the safety of application program of guaranteeing payment.
So, when any application program at least two application programs is stored in default exempting from isolation applications list;Then allow
Initiate to have adjusted operation between at least two application programs.If not, going to judge according to other situations described in the present embodiment.
It should be noted that when initiating call operation between allowing at least two application programs, the operation has certain
Life cycle, then the device also include:Call operation terminate module, at least one application program in the call operation is detected
End process or mobile terminal then forbid the call operation between at least two application program by screen locking, are called with this
Operation terminates.
During those skilled in the art of the present technique are appreciated that the present invention includes being related to for performing operation described herein
One or more of equipment.These equipment can be for needed for purpose and specially design and manufacture, or can also include general
Known device in computer.These equipment have computer program of the storage in it, and these computer programs are optionally
Activation is reconstructed.Such computer program can be stored in equipment (for example, computer) computer-readable recording medium or store
It is suitable to storage e-command and to be coupled to respectively in any kind of medium of bus, the computer-readable medium is included but not
Be limited to any kind of disk (including floppy disk, hard disk, CD, CD-ROM and magneto-optic disk), ROM (Read-Only Memory, only
Read memory), RAM (Random Access Memory, immediately memory), EPROM (Erasable Programmable
Read-Only Memory, Erarable Programmable Read only Memory), EEPROM (Electrically Erasable
Programmable Read-Only Memory, EEPROM), flash memory, magnetic card or light line card
Piece.It is, computer-readable recording medium include being stored in the form of it can read by equipment (for example, computer) or transmission information any Jie
Matter.
Those skilled in the art of the present technique be appreciated that can be realized with computer program instructions these structure charts and/or
The combination of the frame in each frame and these structure charts and/or block diagram and/or flow graph in block diagram and/or flow graph.This technology is led
Field technique personnel be appreciated that can by these computer program instructions be supplied to all-purpose computer, special purpose computer or other
The processor of programmable data processing method is realized, so that by the treatment of computer or other programmable data processing methods
Device is come the scheme specified in the frame or multiple frame that perform structure chart disclosed by the invention and/or block diagram and/or flow graph.
Those skilled in the art of the present technique are appreciated that in various operations, method, the flow discussed in the present invention
Step, measure, scheme can be replaced, changed, combined or deleted.Further, it is each with what is discussed in the present invention
Other steps, measure in kind operation, method, flow, scheme can also be replaced, changed, reset, decomposed, combined or deleted.
Further, it is of the prior art with various operations, method, the flow disclosed in the present invention in step, measure, scheme
Can also be replaced, changed, reset, decomposed, combined or deleted.
The above is only some embodiments of the invention, it is noted that for the ordinary skill people of the art
For member, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.
Claims (10)
1. it is a kind of control application call method, it is characterised in that including:
During call operation between monitor at least two application programs, judge that called application program whether there is in pre-
If isolation applications white list in, the isolation applications white list is used for the application program that need to isolate of prestoring;
If judging, the called application program is present in the isolation applications white list, by default checking name single pair of
The application program that call operation is initiated in the call operation is authenticated;
If initiating the application program of call operation in the call operation not by authentication, forbid at least two application program
Between call operation.
2. method according to claim 1 and 2, it is characterised in that also include:
During call operation between monitor at least two application programs, whether simultaneously at least two application program is judged
It is present in default isolation applications white list;
If so, then allowing the call operation between at least two application program.
3. method according to claim 1 and 2, it is characterised in that also include:
During call operation between monitor at least two application programs, judge to initiate call operation in the call operation
Application program whether there is in default isolation applications white list;
If so, then allowing the call operation between at least two application program.
4. method according to claim 1 and 2, it is characterised in that also include:
Initiate between monitor at least two application program to have adjusted when operating, in judging at least two application program
Any application program whether be stored in and default exempt from isolation applications list;
If so, initiating to have adjusted operation between then allowing at least two application program.
5. method according to claim 1, it is characterised in that if initiating the application journey of call operation in the call operation
Sequence is also included by authentication, methods described:
Obtain the digital signature of the application program of initiation call operation in the call operation;
Whether the digital signature for judging the application program of the initiation call operation is legitimate signature, and according to judged result come really
The fixed call operation whether allowed between at least two application program.
6. method according to claim 5, it is characterised in that judge the numeral of the application program of the initiation call operation
Whether signature is legitimate signature, including:
Judge that the digital signature of the application program of the initiation call operation is present in default legitimate signature list;
Wherein, the call operation between at least two application program is determined whether according to judged result, including:
If judging, the digital signature of the application program of the initiation call operation is present in default legitimate signature list, permits
Perhaps the call operation between described at least two application program;
Otherwise, then the call operation between at least two application program is forbidden.
7. method according to claim 1, it is characterised in that by being sent out in call operation described in default checking name single pair of
The application program for playing call operation is authenticated, including:
By initiate call operation application program pull-up in call operation system component come obtain it is described initiation call behaviour
The application program identification information of work;
Judge that the application program identification information whether there is in default checking list, wherein, the checking list includes
At least one in blacklist, gray list and white list.
8. method according to claim 7, it is characterised in that when judging that it is default that the application program identification information is present in
Gray list in, the method also includes:
Application program to initiating call operation in the call operation carries out security control and accesses checking;
When the result is authentication failed, determine to initiate the application program of call operation not by mirror in the call operation
Power;Or
When the result is to be proved to be successful, determine to initiate the application program of call operation by authentication in the call operation.
9. it is a kind of control application call device, it is characterised in that including:
First judge module, during for call operation between monitor at least two application programs, judge it is called should
Whether there is in default isolation applications white list with program, the application that the isolation applications white list need to isolate for prestoring
Program;
Authentication module, if for judging that the called application program is present in the isolation applications white list, by pre-
If checking name single pair of described in the application program of call operation initiated in call operation authenticated;
Disabled module, if for initiating the application program of call operation in the call operation not by authentication, forbid it is described extremely
Call operation between few two application programs.
10. a kind of mobile terminal, it is characterised in that the device including control application call as claimed in claim 9.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611048383.5A CN106778228A (en) | 2016-11-22 | 2016-11-22 | Control the method and device of application call |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611048383.5A CN106778228A (en) | 2016-11-22 | 2016-11-22 | Control the method and device of application call |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106778228A true CN106778228A (en) | 2017-05-31 |
Family
ID=58974520
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611048383.5A Pending CN106778228A (en) | 2016-11-22 | 2016-11-22 | Control the method and device of application call |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106778228A (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107358089A (en) * | 2017-06-30 | 2017-11-17 | 北京小米移动软件有限公司 | Call the method and device of termination function |
CN107577938A (en) * | 2017-08-16 | 2018-01-12 | 北京小米移动软件有限公司 | Information return method, device, equipment and storage medium |
CN107919960A (en) * | 2017-12-04 | 2018-04-17 | 北京深思数盾科技股份有限公司 | The authentication method and system of a kind of application program |
CN109190366A (en) * | 2018-09-14 | 2019-01-11 | 郑州云海信息技术有限公司 | A kind of program processing method and relevant apparatus |
CN110324486A (en) * | 2019-04-25 | 2019-10-11 | 维沃移动通信有限公司 | A kind of application control method and terminal |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103218564A (en) * | 2013-04-01 | 2013-07-24 | 广东欧珀移动通信有限公司 | Mobile terminal protection method and mobile terminal protection device |
CN104361281A (en) * | 2014-11-17 | 2015-02-18 | 西安电子科技大学 | Method for solving phishing attack of Android platform |
CN104573435A (en) * | 2013-10-15 | 2015-04-29 | 北京网秦天下科技有限公司 | Method for terminal authority management and terminal |
CN105701399A (en) * | 2015-12-30 | 2016-06-22 | 广东欧珀移动通信有限公司 | Method and device for security detection of application program |
-
2016
- 2016-11-22 CN CN201611048383.5A patent/CN106778228A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103218564A (en) * | 2013-04-01 | 2013-07-24 | 广东欧珀移动通信有限公司 | Mobile terminal protection method and mobile terminal protection device |
CN104573435A (en) * | 2013-10-15 | 2015-04-29 | 北京网秦天下科技有限公司 | Method for terminal authority management and terminal |
CN104361281A (en) * | 2014-11-17 | 2015-02-18 | 西安电子科技大学 | Method for solving phishing attack of Android platform |
CN105701399A (en) * | 2015-12-30 | 2016-06-22 | 广东欧珀移动通信有限公司 | Method and device for security detection of application program |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107358089A (en) * | 2017-06-30 | 2017-11-17 | 北京小米移动软件有限公司 | Call the method and device of termination function |
CN107577938A (en) * | 2017-08-16 | 2018-01-12 | 北京小米移动软件有限公司 | Information return method, device, equipment and storage medium |
CN107577938B (en) * | 2017-08-16 | 2020-12-04 | 北京小米移动软件有限公司 | Information return method, device, equipment and storage medium |
CN107919960A (en) * | 2017-12-04 | 2018-04-17 | 北京深思数盾科技股份有限公司 | The authentication method and system of a kind of application program |
CN109190366A (en) * | 2018-09-14 | 2019-01-11 | 郑州云海信息技术有限公司 | A kind of program processing method and relevant apparatus |
CN109190366B (en) * | 2018-09-14 | 2021-11-19 | 郑州云海信息技术有限公司 | Program processing method and related device |
CN110324486A (en) * | 2019-04-25 | 2019-10-11 | 维沃移动通信有限公司 | A kind of application control method and terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106778291B (en) | The partition method and isolating device of application program | |
CN113396569B (en) | System and method for second factor authentication of customer support calls | |
CN106778228A (en) | Control the method and device of application call | |
KR100607423B1 (en) | Using permissions to allocate device resources to an application | |
KR101012872B1 (en) | Security apparatus and method for open platform | |
CN103827881B (en) | Method and system for the dynamic platform safety in device operating system | |
CN101004776B (en) | Method and apparatus for protection domain based security | |
EP1680719B1 (en) | Method and device for controlling installation of applications using operator root certificates | |
US8656455B1 (en) | Managing data loss prevention policies | |
CN106534148A (en) | Access control method and device for application | |
CN106355048A (en) | Smart card with domain-trust evaluation and domain policy management functions | |
EP3336734B1 (en) | Fingerprint information secure call method, apparatus, and mobile terminal | |
CN112765637A (en) | Data processing method, password service device and electronic equipment | |
US20120331522A1 (en) | System and method for logical separation of a server by using client virtualization | |
CN106529297B (en) | Obtain the method and device of application state information | |
CN106549934B (en) | Network equipment safety system | |
US20150106871A1 (en) | System and method for controlling access to security engine of mobile terminal | |
US20200245134A1 (en) | Mobile communication device and method of determining security status thereof | |
WO2011043557A2 (en) | User authentication apparatus and ubiquitous authentication management system | |
US11336667B2 (en) | Single point secured mechanism to disable and enable the access to all user associated entities | |
CN115801450B (en) | Multi-dimensional joint authentication method and system for time and terminal | |
WO2016026333A1 (en) | Data protection method, device and storage medium in connection between terminal and pc | |
KR102201218B1 (en) | Access control system and method to security engine of mobile terminal | |
CN111209561B (en) | Application calling method and device of terminal equipment and terminal equipment | |
CN113807856B (en) | Resource transfer method, device and equipment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20170719 Address after: 100102, 18 floor, building 2, Wangjing street, Beijing, Chaoyang District, 1801 Applicant after: BEIJING ANYUN SHIJI SCIENCE AND TECHNOLOGY CO., LTD. Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park) Applicant before: Beijing Qihu Technology Co., Ltd. |
|
TA01 | Transfer of patent application right | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170531 |
|
RJ01 | Rejection of invention patent application after publication |