CN107491690A - It is a kind of comprising executable code need to be by file security stowage that respective application software loading is handled - Google Patents
It is a kind of comprising executable code need to be by file security stowage that respective application software loading is handled Download PDFInfo
- Publication number
- CN107491690A CN107491690A CN201710653280.XA CN201710653280A CN107491690A CN 107491690 A CN107491690 A CN 107491690A CN 201710653280 A CN201710653280 A CN 201710653280A CN 107491690 A CN107491690 A CN 107491690A
- Authority
- CN
- China
- Prior art keywords
- document
- mentioned
- loading
- checking
- publisher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Abstract
It is provided by the invention comprising executable code need to be by file security stowage that respective application software loading is handled, file must be verified in loading before processing to it, by that could be loaded after checking, it is independent to load processor, load processor and publisher is common or loading processor is supported down to the completely or only a part of of the file of wherein required checking by third party, verified according to this document or verified according to the agreement for loading processor and publisher in itself, verify its publisher, this document is in itself and its publisher and the fitting relation of this document in itself etc., preferably resolve the safety problem in this kind of load of file processing, it can prevent not authenticated, illegal, the file being tampered is loaded;Verification process can include encryption and decryption, verification, retrieval, requesting query and request third-party authentication process etc..The invention also provides the application software for realizing the above method, also extracts a kind of this kind of file verification method.
Description
Technical field
The invention mainly relates to a kind of file security that need to be handled by respective application software loading for including executable code
Stowage, also relate to a kind of realize the above-mentioned text that need to be handled by respective application software loading for including executable code
The application software of part secure loading method and a kind of file that need to be handled by respective application software loading for including executable code
Verification method.
Background technology
Document needs to be handled by documents editing software loading, and picture file needs to be handled by image editing software loading, etc.
Deng the situation that this file corresponds to certain application software is very common.With the development of software engineering, this be required is loaded place
The document of reason may include executable code, for example WORD documents can includes grand, and this just gives malicious code opportunity,
There is so-called macrovirus.
The content of the invention
It is provided by the invention comprising executable code need to be by file security loading side that respective application software loading is handled
Method, seek to solve need to may be sent out by the file that respective application software loading is handled when loading comprising executable code at present
The safety problem of raw risk, prevent it is not authenticated, illegal, be tampered comprising executable code need to be soft by respective application
The file that part loads processing is loaded, and its technical scheme is as follows:
It need to must be tested in loading before processing by the file that respective application software loading is handled comprising executable code
Card, by that could be loaded after checking, if be directly loaded up, for some are not authenticated, illegally, be tampered include and can hold
The file that need to be handled by respective application software loading of line code, be just likely to infect during loading, thus to add checking this
Process, need to being filled by the file that respective application software loading is handled for executable code is included to realize by can just be browsed after checking
The safety of load.This checking can verify the publisher of this document(Publisher is determined, is which issue, prevents from falsely using)、
Can verify this document in itself(Whether all or part of content is correct, reasonable, effective-to be judged by certain rule, if
Hide illegal link, induction to illegal link, induction performs malicious code, etc.), can also verify above-mentioned publisher and this document
Whether the fitting relation of itself, such as the publisher have the authority of issue this document(Executable generation is included without modification operation
Code need to be general harmless by file that respective application software loading is handled or infringement can control, and have that modification operates comprising can
Need to may being inherently harmful to by the file that respective application software loading is handled for code is performed, authority can be assigned respectively)
And whether this document meets issue rules of publisher determination, etc..Certainly checking includes but is not limited to the above, also
Can be the checking of other side, for example whether checking this document content is accused of pornographic, violence or other taboo content such as laws
Forbid content of propagation etc..Checking can be by loading processor's complete independently(Can by used operating system and/or
Other aids are completed, and can also be aided with while by used operating system and/or other aids artificial
Intervene, can also only there was only manual intervention, it is rear same)Or load processor and completed jointly with publisher, it can also be
Load processor to support to complete by third party, publisher can participate in being not involved in.This document can be whole or it
A middle part needs to verify, this part or all that to be verified can be indicated using special symbol or using specific
Form is marked, and also can voluntarily judge that this mode is the most flexible by above-mentioned loading processor, and it is with suspicion just to load processor
Can actively it be verified.Also allow for loading this article under given conditions sometimes in the case where this document is not over checking
Part(Continue to load), this specified conditions can be access rights when limitation loads(As some sensitive informations are forbidden accessing)、
Operating result(Such as forbid information occur to be altered), operating right(Such as forbid the operation of some possible modification informations)And or dress
Carry processing environment(As the internal memory, CPU and operating-system resources of loading are given in limitation).The mode of above-mentioned checking can be that foundation should
File is verified in itself, such as whether can not understand, understand, can not understand, understand may be considered can not by checking,
If it is not the file that need to be handled by respective application software loading for including executable code of a correct format, then obviously
Checking can not be passed through;Also can be verified according to the agreement of above-mentioned loading processor and the publisher of this document, including with
Under several situations:Agreement is to provide the agreement for only treating that above-mentioned loading processor receives by above-mentioned publisher in advance, and above-mentioned both sides are
When consult the agreement reached, the agreement that above-mentioned both sides' offered is reached, third party provides the agreement that above-mentioned both sides receive jointly,
The process of above-mentioned checking can include ciphering process, decrypting process, checking procedure, conversion process, retrieving, requesting query mistake
Journey and request third-party authentication process, the process of above-mentioned checking, which can not include interaction, can also include interaction,
Can also further above-mentioned loading processor only explicitly indicates that and approves the result of the checking just clearly in the interaction
At last by including the subjective judgement of above-mentioned application side in checking or the interaction;The above situation can combine into
Row explanation, it is assumed that the content that this needs is verified is by encryption, and to load must be after the decryption, then this decryption is close
Key can turn into one of both sides agreement, can be provided in advance by above-mentioned publisher only treat above-mentioned loading processor receive with
Obtain, for example announced in a manner of public key and voluntarily obtained by application side(Without interaction in this application);Also can be by above-mentioned double
Side consults to reach the agreement using some decruption key and this key is consigned into application side by real-time interaction, now needs to hand over
Mutually agreement is reached immediately by interaction simultaneously;It may also be the agreement that above-mentioned both sides' offered is reached, and the area of the first
It is not that both sides want offered, and the first only treats that above-mentioned loading processor receives, it is other also similar, without interaction;Also
But third party(Neither above-mentioned publisher is nor above-mentioned loading processor)The agreement that above-mentioned both sides receive jointly is provided, i.e.,
Encryption and decryption key is provided by third party, and content is encrypted with encryption key by publisher and above-mentioned loading processor passes through decryption
Key is decrypted, specifically how to reach an agreement can also with reference to above only treat both sides receive can also offered can also be instant
Consult.In the case where verifying this document in itself, it can be verified with checking procedure, verification rule can be that a MD5 is plucked
Check, etc., verification rule will be grasped by above-mentioned loading processor in advance, can be provided by publisher and also be carried by third party
For similar with the offer of above key.Conversion process can be regarded as fairly simple encryption process, no longer be described in detail.Retrieved
Journey, in verification process checked either with or without when putting on record, directly can go retrieval just to database of putting on record
Can be so that it is exactly what is put on record that retrieved, can be by checking, without going to access the fake site do not put on record;
If database is put on record not in the system, then just need a requesting query process, examined into corresponding system
Rope is inquired about.Can also ask third party to be verified, specifically how to verify no matter, this checking all hand over third parties it is complete
Into, here it is request third-party authentication process, can be third party(Neither above-mentioned publisher is nor above-mentioned loading is handled
Person)As an authenticating party, publisher is authenticated at third party, and above-mentioned loading processor then using third-party certification as
It is accurate(By asking third-party authentication).
Can be realized in specific application software it is above-mentioned comprising executable code need to be by respective application software loading
The file security stowage of reason, such application software can strengthen the safety in loading processing, avoid current include can
Perform code need to be by some safety problems in load of file that respective application software loading is handled, its technical scheme:
The application software must be right before the file that need to be handled by respective application software loading comprising executable code is loaded
It is verified, by that could be loaded after checking, or further clearly described checking is to verify publisher, this article of this document
Whether part in itself and/or the fitting relation of above-mentioned publisher and this document or further clearly has issue for above-mentioned publisher
Whether the authority and/or this document of this document meet the issue rules that above-mentioned publisher determines, simultaneously/or further clear and definite institute
It is jointly complete by the publisher for loading processor's complete independently, the loading processor of this document and this document of this document to state checking
Into or the loading processor of this document support to complete by third party, simultaneously/or what is further clearly verified is this document
Whole or a portion or further only verify a portion when the part indicated or adopted using special symbol
It is marked with specific format or is voluntarily judged by above-mentioned loading processor, simultaneously/or in the case of not over checking
Allow to load under given conditions or further clearly the specified conditions for limitation load when access rights, operating result,
Operating right and/or load processing environment, simultaneously/or the checking mode be verified in itself according to this document or
Verified or also further clearly described according to the loading processor of above-mentioned this document and the agreement of publisher of this document
Agreement is to be provided only to treat that the agreement for loading processor's receiving of above-mentioned this document or above-mentioned both sides are instant in advance by above-mentioned publisher
The agreement or third party that the agreement or above-mentioned both sides' offered that negotiation is reached are reached provide the agreement that above-mentioned both sides receive jointly,
Simultaneously/or the checking process include ciphering process, decrypting process, checking procedure, conversion process, retrieving, request
Query process and/or request third-party authentication process, simultaneously/or the process of the checking do not include interaction or include friendship
Mutual process or further clearly in the interaction loading processor of above-mentioned this document only explicitly indicates that accreditation institute
State the result of the checking just subjective judgement by including above-mentioned application side in checking or the interaction at last.Such scheme
Illustrate referring to above being repeated no more here to the explanation of specific markers application process.Above-mentioned authentication function can close or
Open, i.e., for above-mentioned application software, the content that can need to verify to this document when needing is verified, really
The application safety of above-mentioned specific markers is protected, also authentication function can be closed when thinking to be not necessarily to, to improve processing speed
Spend and ignore safety, be usually in the case of sure guarantee safety certainly;Can also a step clearly above-mentioned turn off or on be
Controlled by the loading processor of above-mentioned this document, the application software there can be a setting options, be set on, to open
Open authentication function, be set off, for close authentication function or it is per treatment when all give this document loading processing
Person selects, and selection unlatching then carries out verifying selecting to close then to close and verifies or be applicable automatically according to rule by said system,
Such as can specify as one it is regular, only without modification code comprising executable code need to be by respective application software
Load the situation such as file of processing, without opening Auto-matching to close, if having modification code comprising executable code
The file that need to be handled by respective application software loading, then be switched on checking increase safety.Above-mentioned application software can be further bright
It is really documents editing software, or image editing software, this is the most frequently used Liang Lei softwares for editing.
Can from it is above-mentioned comprising executable code need to be by file security stowage that respective application software loading is handled
In extract it is a kind of comprising executable code need to be by the file verification method that respective application software loading is handled, its technical scheme
For above-mentioned need to be tested in file security stowage technical scheme that respective application software loading is handled comprising executable code
Relevant portion is demonstrate,proved, is specifically:
Comprising executable code need to by the loading processor of the file for the file that respective application software loading is handled independent, this article
The loading processor of part and the publisher of this document are common or the loading processor of this document is supported down to wherein by third party
Comprising indicated or be marked using specific format or loading processor by above-mentioned this document using special symbol
Voluntarily judge the whole or a portion of this document that needs are verified, verified in itself or according to above-mentioned according to this document
The agreement of the loading processor of this document and the publisher of this document are verified or also further clearly described agreement is thing
The agreement for the loading processor receiving for only treating above-mentioned this document is first provided by above-mentioned publisher or above-mentioned both sides consult to reach immediately
Agreement or the agreement reached of above-mentioned both sides' offered or third party the agreement that above-mentioned both sides receive jointly is provided, simultaneously/or
The process verified described in person includes ciphering process, decrypting process, checking procedure, conversion process, retrieving, requesting query process
And/or request third-party authentication process, simultaneously/or the checking process do not include interaction or comprising interaction or
Further the loading processor of above-mentioned this document only explicitly indicates that the accreditation checking to person clearly in the interaction
As a result just at last by including the subjective judgement of above-mentioned application side in checking or the interaction.Such scheme is specifically
It is bright referring to above to comprising executable code need to be by the explanation for the file security stowage that respective application software loading is handled
Here repeat no more.
It is provided by the invention comprising executable code need to be by file security loading side that respective application software loading is handled
Method, it can realize that more preferable program fills by verifying the file that need to be handled by respective application software loading comprising executable code
Carry safety, for example solve the problems, such as to falsely use by verifying publisher, for example, by verify comprising executable code need to be by phase
Answer application software load the file of processing put on record situation prevent it is unauthenticated comprising executable code need to be by phase
Application software is answered to load the loading of the file of processing, such as by verifying the correctness of wherein MD5 digest(According to verification rule)
Prevent that program is tampered.The present invention also provides the application software for realizing the above method, to meet that said procedure loads peace
Full needs.The present invention by the file security that respective application software loading is handled also from above-mentioned need to be loaded comprising executable code
Extracted in method it is a kind of comprising executable code need to by the file verification method that respective application software loading is handled, for comprising
The file verification that need to be handled by respective application software loading of executable code proposes the solution of complete set.
Embodiment
Embodiment 1
It is a kind of by file security stowage that respective application software loading is handled and this to be realized comprising executable code
The WORD softwares for editing of method
User by originally realize the WORD softwares for editing of this method load comprising executable code need to be soft by respective application
Part verifies before loading the word file of processing to file, first check for wherein whether having it is grand, if not by, if
Comprising grand, then whether inspection is grand includes malicious code, is entirely verified if without if.At this moment this WORD softwares for editing
This word file that need to be handled by respective application software loading for including executable code can be loaded.
Claims (3)
- A kind of 1. need to be existed by the file security stowage that respective application software loading is handled, its feature comprising executable code In:It need to must be entered in loading before processing by the file that respective application software loading is handled comprising executable code Row checking, by that could be loaded after checking,Or further clearly described checking is the publisher of checking this document, this document in itself and/or above-mentioned publisher is with being somebody's turn to do Whether the fitting relation of file further clearly for above-mentioned publisher there is the authority of issue this document and/or this document to be The no issue rules for meeting above-mentioned publisher and determining, simultaneously/or further clearly described checking be the loading by this document Reason person's complete independently, the loading processor for loading processor's completion common with publisher or this document of this document are by third party Support to complete, simultaneously/either further clearly verify be the whole of this document or a portion or further only testing The part is indicated using special symbol or is marked using specific format or by above-mentioned loading when demonstrate,proving a portion Reason person voluntarily judges, simultaneously/either allow to load under given conditions in the case of not over checking or further bright Access rights, operating result, operating right and/or loading processing environment when the true specified conditions load for limitation, simultaneously/or The mode verified described in person is verified in itself or according to the loading processor of above-mentioned this document and this article according to this document The agreement of the publisher of part is verified or also further clearly described agreement is to be provided only to treat in advance by above-mentioned publisher State agreement that the loading processor of this document receives or above-mentioned both sides consult the agreement reached or above-mentioned both sides' offered immediately The agreement reached or third party provide the agreement that above-mentioned both sides receive jointly, simultaneously/or the process of the checking include encryption Process, decrypting process, checking procedure, conversion process, retrieving, requesting query process and/or request third-party authentication process, The process of simultaneously/either checking does not include interaction or comprising interaction or further clearly this described was interacted The loading processor of above-mentioned this document only explicitly indicates that the result for approving the checking just at last by checking or the institute in journey State the subjective judgement that above-mentioned loading processor is included in interaction.
- A kind of 2. file that need to be handled by respective application software loading for including executable code realized described in claim 1 The application software of secure loading method, it is characterised in that:The application software must be to it before the file that processing can be loaded by the application software comprising executable code is loaded Verified, by that could be loaded after checking,Or further clearly described checking is the publisher of checking this document, this document in itself and/or above-mentioned publisher is with being somebody's turn to do Whether the fitting relation of file further clearly for above-mentioned publisher there is the authority of issue this document and/or this document to be The no issue rules for meeting above-mentioned publisher and determining, simultaneously/or further clearly described checking be the loading by this document The publisher of reason person's complete independently, the loading processor of this document and this document completes jointly or the loading processor of this document borrows Help third party to support to complete, simultaneously/either further clearly verify be the whole of this document or a portion or enter one Step part when only verifying a portion is indicated using special symbol or is marked using specific format or by upper State load processor voluntarily judge, simultaneously/either allow to load under given conditions in the case of not over checking or Access rights, operating result, operating right and/or loading processing ring when further clearly the specified conditions load for limitation Border, simultaneously/or the checking mode be according to this document verified in itself or the loading according to above-mentioned this document at The agreement of reason person and the publisher of this document are verified or also further clearly described agreement is in advance by above-mentioned publisher There is provided and only treat that agreement that the loadings processor of above-mentioned this document receives or above-mentioned both sides consult the agreement reached or above-mentioned pair immediately Agreement that square offered is reached or third party provide the agreement that above-mentioned both sides receive jointly, simultaneously/or the checking mistake Journey includes ciphering process, decrypting process, checking procedure, conversion process, retrieving, requesting query process and/or request the 3rd Square verification process, the process of simultaneously/either checking do not include interaction or comprising interaction or further clear and definite The loading processor of above-mentioned this document only explicitly indicates that the result for approving the checking is just led at last in the interaction The subjective judgement for including above-mentioned application side in checking or the interaction is crossed, simultaneously/or the application software is above-mentioned Authentication function can be closed and/or opened or further clearly above-mentioned closing and/or unlatching are the loading processing by this document Person controls and/or is applicable automatically according to regular by the application software, simultaneously/or further clearly described application software is Documents editing software or image editing software.
- 3. it is a kind of comprising executable code need to be by file verification method that respective application software loading is handled, it is characterised in that:It is described comprising executable code need to by the loading processor for the file that respective application software loading is handled independent, this document Loading processor and this document publisher it is common or the loading processor of this document is supported down to wherein institute by third party Comprising indicated using special symbol be marked using specific format or by above-mentioned this document loading processor from Row judges the whole or a portion of this document that needs are verified, is verified according to this document or is somebody's turn to do according to above-mentioned in itself The agreement of the loading processor of file and the publisher of this document are verified or also further clearly described agreement is prior The agreement or above-mentioned both sides that the loading processor receiving for only treating above-mentioned this document is provided by above-mentioned publisher consult what is reached immediately The agreement or third party that agreement or above-mentioned both sides' offered are reached provide the agreement that above-mentioned both sides receive jointly, simultaneously/or The process of the checking includes ciphering process, decrypting process, checking procedure, conversion process, retrieving, requesting query process And/or request third-party authentication process, simultaneously/or the checking process do not include interaction or comprising interaction or Further the loading processor of above-mentioned this document only explicitly indicates that the accreditation checking to person clearly in the interaction As a result just at last by including the subjective judgement of above-mentioned application side in checking or the interaction.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710653280.XA CN107491690A (en) | 2017-07-28 | 2017-07-28 | It is a kind of comprising executable code need to be by file security stowage that respective application software loading is handled |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710653280.XA CN107491690A (en) | 2017-07-28 | 2017-07-28 | It is a kind of comprising executable code need to be by file security stowage that respective application software loading is handled |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107491690A true CN107491690A (en) | 2017-12-19 |
Family
ID=60645204
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710653280.XA Pending CN107491690A (en) | 2017-07-28 | 2017-07-28 | It is a kind of comprising executable code need to be by file security stowage that respective application software loading is handled |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107491690A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110162974A (en) * | 2019-05-28 | 2019-08-23 | 郑州昂视信息科技有限公司 | Database attack defence method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1894749A (en) * | 2003-12-19 | 2007-01-10 | 皇家飞利浦电子股份有限公司 | Method of accessing data content in storage devices |
CN101149773A (en) * | 2007-08-27 | 2008-03-26 | 中国人民解放军空军电子技术研究所 | Software real name authentication system and its safe checking method |
CN105320883A (en) * | 2015-11-11 | 2016-02-10 | 北京奇虎科技有限公司 | File secure loading implementation method and apparatus |
-
2017
- 2017-07-28 CN CN201710653280.XA patent/CN107491690A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1894749A (en) * | 2003-12-19 | 2007-01-10 | 皇家飞利浦电子股份有限公司 | Method of accessing data content in storage devices |
CN101149773A (en) * | 2007-08-27 | 2008-03-26 | 中国人民解放军空军电子技术研究所 | Software real name authentication system and its safe checking method |
CN105320883A (en) * | 2015-11-11 | 2016-02-10 | 北京奇虎科技有限公司 | File secure loading implementation method and apparatus |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110162974A (en) * | 2019-05-28 | 2019-08-23 | 郑州昂视信息科技有限公司 | Database attack defence method and system |
CN110162974B (en) * | 2019-05-28 | 2021-03-30 | 郑州昂视信息科技有限公司 | Database attack defense method and system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1168141B1 (en) | A secure and open computer platform | |
CN104734854B (en) | The safety of key provides | |
TWI684890B (en) | System and method for computing device with improved firmware service security using credential-derived encryption key | |
KR101804996B1 (en) | Centralized operation management | |
CN107430658B (en) | Security software certification and verifying | |
JP4463887B2 (en) | Protected storage of core data secrets | |
DE60002893T2 (en) | COMPUTER PLATFORMS AND THEIR OPERATING METHOD | |
CN101026455A (en) | Secure processor | |
CN109525400A (en) | Security processing, system and electronic equipment | |
CN105408912A (en) | Process authentication and resource permissions | |
JP6640836B2 (en) | Genome Information Science Services | |
CN106991298A (en) | Access method, the authorization requests method and device of application program docking port | |
KR102286794B1 (en) | SECURE BOOT METHOD OF IoT DEVICE USING AN INTEGRATED SECURITY SoC | |
WO2014150753A2 (en) | Method and system for restricting the operation of applications to authorized domains | |
US20130173923A1 (en) | Method and system for digital content security cooperation | |
CN107491690A (en) | It is a kind of comprising executable code need to be by file security stowage that respective application software loading is handled | |
CN107688730A (en) | A kind of executable file method for safe operation | |
CN109359450B (en) | Security access method, device, equipment and storage medium of Linux system | |
KR20140103004A (en) | User authenticating method and apparatus | |
KR102430882B1 (en) | Method, apparatus and computer-readable medium for container work load executive control of event stream in cloud | |
CN107994998A (en) | A kind of authentication information encryption method and system | |
CN113326489A (en) | User information authentication system and method | |
CN107230264A (en) | A kind of Door-access control method and device | |
WO2018045918A1 (en) | Authorization method and system | |
CN107545180A (en) | A kind of secure browser browsing method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20171219 |