CN108427880B - Program running method and device - Google Patents
Program running method and device Download PDFInfo
- Publication number
- CN108427880B CN108427880B CN201810211954.5A CN201810211954A CN108427880B CN 108427880 B CN108427880 B CN 108427880B CN 201810211954 A CN201810211954 A CN 201810211954A CN 108427880 B CN108427880 B CN 108427880B
- Authority
- CN
- China
- Prior art keywords
- program
- digital certificate
- signature
- signature information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Abstract
The embodiment of the invention provides a program running method, which is applied to the technical field of mobile internet and comprises the following steps: when the program is detected to start running, reading signature information corresponding to the program, then determining a digital certificate corresponding to the signature information based on the signature information corresponding to the program, then setting authority information corresponding to the digital certificate, and running the program based on the set authority information. The embodiment of the invention provides a method and a device for program operation, which are suitable for a system to operate a program based on set authority information.
Description
Technical Field
The invention relates to the technical field of mobile internet, in particular to a method and a device for program running.
Background
The binary signature mechanism is a method for verifying a program based on cryptography, the program is necessarily in a form of a binary file before being operated, when the system loads the binary file, in order to confirm a legal source of the program, a digital signature of the program file is verified, and when a result is calculated according to the principle of cryptography and the digital signature is determined to be correct, the program is operated, wherein the digital signature is also a part of the binary file of the program actually.
After the program passes the verification, the system determines user information for executing the program, determines operation authority information corresponding to the program based on a corresponding relationship between the user information and the operation authority information, for example, authority information for calling a certain interface, and operates the program based on the determined operation authority information.
However, after the program passes the verification, the authority information corresponding to the program is the authority information corresponding to the user executing the program, that is, the operation authority information corresponding to all the programs executed by the user is the same, and since the user information is not necessarily safe, the operation authority information for determining all the programs executed by the user through the user information is also low in safety, so that the safety of program operation is low.
Disclosure of Invention
In order to overcome the above technical problems or at least partially solve the above technical problems, the following technical solutions are proposed:
according to a first aspect, an embodiment of the present invention provides a method for running a program, including:
when detecting that the program starts to run, reading signature information corresponding to the program;
determining a digital certificate corresponding to the signature information based on the signature information corresponding to the program;
and setting authority information corresponding to the digital certificate, and running the program based on the set authority information.
Specifically, the step of determining the digital certificate corresponding to the signature information based on the signature information corresponding to the program includes:
determining a digital certificate corresponding to the signature information based on digital certificate identification information carried in the signature information corresponding to the program; and/or the presence of a gas in the gas,
and determining the digital certificate corresponding to the signature information through the signature information corresponding to each digital certificate sequential signature verification program stored in the system.
Specifically, the step of reading the signature information corresponding to the program includes:
and reading signature information corresponding to the program from the external memory.
Specifically, the step of running the program based on the authority information includes:
determining authority information corresponding to a program based on currently set authority information for a digital certificate and/or preset authority information for the digital certificate;
and running the program based on the determined authority information corresponding to the program.
Specifically, the signature information of the program further includes: a ciphertext portion of the signature information; the method for verifying the signature information corresponding to the signature program based on the digital certificate comprises the following steps:
performing a hash operation on the sequence of instructions of the program to obtain a hash operation result, and,
decrypting the ciphertext part of the signature information based on the public key information in the digital certificate to obtain a decryption result;
comparing the hash operation result with the decryption result;
and when the hash operation result and the decryption result are the same, determining that the program successfully verifies the signature.
According to a second aspect, an embodiment of the present invention further provides an apparatus for program execution, including:
the reading module is used for reading the signature information corresponding to the program when the starting operation of the program is detected;
the determining module is used for determining the digital certificate corresponding to the signature information based on the signature information corresponding to the program read by the reading module;
the setting module is used for setting authority information corresponding to the digital certificate;
and the running module is used for running the program based on the permission information set by the setting module.
Specifically, the determining module is specifically configured to determine, based on digital certificate identification information carried in signature information corresponding to the program, a digital certificate corresponding to the signature information;
the determining module is specifically further configured to determine, through signature information corresponding to each digital certificate sequential signature verification program stored in the system, a digital certificate corresponding to the signature information.
Specifically, the reading module is specifically configured to read signature information corresponding to the program from the external memory.
Specifically, the operation module specifically includes: a determining unit and an operating unit;
the determining unit is used for determining the authority information corresponding to the program based on the currently set authority information aiming at the digital certificate and/or the preset authority information aiming at the digital certificate;
and the running unit is used for running the program based on the determined authority information corresponding to the program.
Further, the signature information of the program further includes: a ciphertext portion of the signature information; the device also includes: a label checking module;
the signature verification module is used for carrying out Hash operation on the sequence instructions of the program to obtain a Hash operation result, and decrypting the ciphertext part of the signature information based on the public key information in the digital certificate to obtain a decryption result;
the signature checking module is also used for comparing the hash operation result with the decryption result;
and the signature verification module is also used for determining that the program signature verification is successful when the hash operation result and the decryption result are the same.
Embodiments of the present invention also provide, according to a third aspect, an apparatus including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements a method of executing a program shown in the first aspect when executing the program.
The invention provides a method and a device for program running, compared with the prior art, the method and the device for program running read the signature information corresponding to the program when detecting that the program starts running, then determine the digital certificate corresponding to the signature information based on the signature information corresponding to the program, then set the authority information corresponding to the digital certificate, and run the program based on the set authority information. In the invention, when the program runs each time, the program is required to be checked and signed through the digital certificate, and after the program passes the checking and signing, the program is run based on the permission of the digital certificate set in real time, so that the system sets the running permission for the program to be run when the program starts running, the running permissions corresponding to different programs executed by the same user are possibly different, and the running permission for the same program to run each time is also possibly different, thereby improving the running safety of the program.
Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a flowchart of a method for running a program according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an apparatus for program execution according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of another apparatus for program execution according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative only and should not be construed as limiting the invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It will be further understood that terms, such as those defined in commonly used dictionaries, should be interpreted as having a meaning that is consistent with their meaning in the context of the prior art and will not be interpreted in an idealized or overly formal sense unless expressly so defined herein.
As will be appreciated by those skilled in the art, a "terminal" as used herein includes both devices having a wireless signal receiver, which are devices having only a wireless signal receiver without transmit capability, and devices having receive and transmit hardware, which have devices having receive and transmit hardware capable of two-way communication over a two-way communication link. Such a device may include: a cellular or other communication device having a single line display or a multi-line display or a cellular or other communication device without a multi-line display; PCS (Personal Communications Service), which may combine voice, data processing, facsimile and/or data communication capabilities; a PDA (Personal Digital Assistant), which may include a radio frequency receiver, a pager, internet/intranet access, a web browser, a notepad, a calendar and/or a GPS (Global Positioning System) receiver; a conventional laptop and/or palmtop computer or other device having and/or including a radio frequency receiver. As used herein, a "terminal" or "terminal device" may be portable, transportable, installed in a vehicle (aeronautical, maritime, and/or land-based), or situated and/or configured to operate locally and/or in a distributed fashion at any other location(s) on earth and/or in space. As used herein, a "terminal Device" may also be a communication terminal, a web terminal, a music/video playing terminal, such as a PDA, an MID (Mobile Internet Device) and/or a Mobile phone with music/video playing function, or a smart tv, a set-top box, etc.
Example one
An embodiment of the present invention provides a method for running a program, as shown in fig. 1, including:
Specifically, the step of reading the signature information corresponding to the program includes: and reading signature information corresponding to the program from the external memory.
For the embodiment of the present invention, the external memory includes a floppy disk, a hard disk, an optical disk, a usb disk, a removable hard disk, a magnetic disk, and the like.
For the embodiment of the invention, when a certain program runs, the program sends a running request message to the system, and when the system detects the running request message, the sequence instruction information of the program and the signature information corresponding to the program are read from the external memory.
And 102, determining a digital certificate corresponding to the signature information based on the signature information corresponding to the program.
For the embodiments of the present invention, one signature corresponds to one digital certificate. In the embodiment of the invention, a plurality of digital certificates are stored in the system, and after the system reads the signature information corresponding to the program, the digital certificates corresponding to the signature information are determined by using the plurality of digital certificates to check the signature in sequence; and/or determining the digital certificate corresponding to the signature information based on the identification information of the digital certificate carried in the signature information.
And 103, setting authority information corresponding to the digital certificate.
For the embodiment of the invention, after the system determines the digital certificate corresponding to the signature information of the program, the digital certificate corresponding to the signature information of the program is marked, and the authority information corresponding to the digital certificate is set.
For example, there are two programs to be run currently, including a program 1 and a program 2, where a digital certificate corresponding to signature information of the marking program 1 is a, a digital certificate corresponding to signature information of the marking program 2 is B, authority information corresponding to the digital certificate a is set as authority information 1, and authority information corresponding to the digital certificate B is set as authority information 2.
For the embodiment of the invention, the system comprises a plurality of authority levels, and each authority level can correspond to different authority information. In the embodiment of the present invention, after determining the digital certificate corresponding to the signature information of a certain program, the system may assign an authority level to the digital certificate, so as to determine the operation authority information corresponding to the program according to the authority level.
For the embodiment of the invention, after the system determines the digital certificate corresponding to the signature information of the program, the digital certificate is marked, and the program is marked by the same mark as the digital certificate. In the embodiment of the invention, in the running process of a program, when the program needs to call a certain interface or call a certain function, based on the mark of the program and the authority information of the program, whether the program can call the certain interface or call the certain function is determined.
For the embodiment of the invention, by marking the digital certificate corresponding to the signature information of the program and the program, the authority information of the program can be quickly and accurately determined in the running process of the program, for example, when a certain interface is called, so as to determine whether to continue to run the program, thereby further improving the running safety of the program.
And step 104, running the program based on the set authority information.
For the embodiment of the invention, the program is operated based on the read sequence instruction information of the program and the set authority information.
Compared with the prior art, the method for operating the program provided by the embodiment of the invention has the advantages that when the program is detected to start to operate, the signature information corresponding to the program is read, then the digital certificate corresponding to the signature information is determined based on the signature information corresponding to the program, then the authority information corresponding to the digital certificate is set, and the program is operated based on the set authority information. In other words, in the embodiment of the present invention, each time a program runs, the program needs to be checked and signed by a digital certificate, and after the program passes the checking and signing, the program is run based on the authority of the digital certificate set in real time, so that the system sets the running authority for the program to be run when the program starts to run, the running authorities corresponding to different programs executed by the same user may be different, and the running authorities of the same program for each running may also be different, so that the running security of the program can be improved.
Example two
Another possible implementation manner of the embodiment of the present invention further includes, on the basis of the operation shown in the first embodiment, the operation shown in the second embodiment, wherein,
step 102 specifically includes step 1021 (not shown) and/or step 1022 (not shown), wherein,
and step 1021, determining the digital certificate corresponding to the signature information based on the digital certificate identification information carried in the signature information corresponding to the program.
For the embodiment of the present invention, a plurality of digital certificates are stored in the system, after the system reads the signature information corresponding to the program, the system acquires the identification information of the digital certificate corresponding to the signature information from the signature information, and determines the digital certificate corresponding to the signature information from the stored plurality of digital certificates based on the identification information. In the embodiment of the present invention, after the digital certificate corresponding to the signature information is determined, the signature information of the program is verified by the digital certificate, and the program can be run only after the verification passes.
For the embodiment of the invention, the identification information of the digital certificate is acquired from the signature information of the program, the digital certificate corresponding to the signature information of the program can be directly determined based on the identification information, and the program is operated after the signature of the digital certificate passes the verification, so that the operation time of the program can be reduced, and the user experience can be improved.
Specifically, the signature information of the program includes: the cipher text part of the digital certificate identification information and signature information; the method for verifying the signature information corresponding to the signature program based on the digital certificate comprises the following steps: carrying out Hash operation on the sequence instructions of the program to obtain a Hash operation result, and decrypting the ciphertext part of the signature information based on public key information in a digital certificate to obtain a decryption result; comparing the hash operation result with the decryption result; and when the hash operation result and the decryption result are the same, determining that the program successfully verifies the signature.
And step 1022, determining the digital certificate corresponding to the signature information through the signature information corresponding to each digital certificate sequential signature verification program stored in the system.
For the embodiment of the invention, a plurality of digital certificates are stored in the system, after the system reads the signature information corresponding to the program, one digital certificate is randomly and sequentially selected from the plurality of digital certificates, the signature information corresponding to the program is verified until the program passes the verification, and the digital certificate which passes the verification of the signature information corresponding to the program is determined. In the embodiment of the invention, the system can check and sign the signature information of the program from the kernel layer.
Specifically, the signature information of the program includes: the cipher text part of the digital certificate identification information and signature information; the method for verifying the signature information corresponding to the signature program based on the digital certificate comprises the following steps: carrying out Hash operation on the sequence instructions of the program to obtain a Hash operation result, and decrypting the ciphertext part of the signature information based on the public key information in the digital certificate to obtain a decryption result; comparing the hash operation result with the decryption result; and when the hash operation result and the decryption result are the same, determining that the program successfully verifies the signature.
EXAMPLE III
Another possible implementation manner of the embodiment of the present invention is, on the basis of the first embodiment or the second embodiment, further including the operation shown in the third embodiment, wherein,
step 104 includes steps 1041 (not shown) -1042 (not shown), wherein,
step 1041, determining the authority information corresponding to the program based on the authority information currently set for the digital certificate and/or the authority information preset for the digital certificate.
For the embodiment of the invention, the system can preset the authority information corresponding to each digital certificate. In the embodiment of the present invention, after the system determines the digital certificate corresponding to the signature information of the program, based on the authority information corresponding to each preset digital certificate, the authority information corresponding to the digital certificate is determined, and the authority information corresponding to the digital certificate is determined as the authority information corresponding to the program; the system may also set the authority information corresponding to the digital certificate after determining the digital certificate corresponding to the signature information of the program, and determine the authority information set for the digital certificate as the authority information corresponding to the program; the current set authority information for the digital certificate and the preset authority information for the digital certificate may be determined as the corresponding authority information of the program. The present invention is not limited to the embodiments.
And 1042, running the program based on the determined authority information corresponding to the program.
For the embodiment of the invention, after the system determines the authority information corresponding to the program, the program is operated based on the determined authority information.
An embodiment of the present invention provides a device for program execution, and as shown in fig. 2, the device includes: a reading module 21, a determining module 22, a setting module 23, an operating module 24, wherein,
the reading module 21 is configured to read signature information corresponding to the program when it is detected that the program starts to run.
And a determining module 22, configured to determine, based on the signature information corresponding to the program read by the reading module 21, a digital certificate corresponding to the signature information.
And the setting module 23 is configured to set authority information corresponding to the digital certificate.
And an operation module 24, configured to operate the program based on the authority information set by the setting module 23.
Specifically, the determining module 22 is specifically configured to determine the digital certificate corresponding to the signature information based on the digital certificate identification information carried in the signature information corresponding to the program.
The determining module 22 is further specifically configured to determine, through signature information corresponding to each digital certificate sequential signature verification program stored in the system, a digital certificate corresponding to the signature information.
Specifically, the reading module 21 is specifically configured to read signature information corresponding to a program from an external memory.
Specifically, the operation module 24 specifically includes: a determination unit 241, an operation unit 242;
the determining unit 241 is configured to determine, based on the currently set authority information for the digital certificate and/or the preset authority information for the digital certificate, authority information corresponding to the program.
An operation unit 242, configured to operate the program based on the determined authority information corresponding to the program.
Further, as shown in fig. 3, the apparatus further includes: and a signature verification module 31.
And the signature verification module 31 is configured to perform hash operation on the sequence instruction of the program to obtain a hash operation result, and decrypt the ciphertext part of the signature information based on the public key information in the digital certificate to obtain a decryption result.
Wherein the signature information of the program further includes: the ciphertext portion of the signature information.
The signature verification module 31 is further configured to compare the hash operation result with the decryption result.
And the signature verification module 31 is further configured to determine that the program signature verification is successful when the hash operation result and the decryption result are the same.
Compared with the prior art, the embodiment of the invention provides a program running device, and when the program is detected to start running, the embodiment of the invention reads the signature information corresponding to the program, then determines the digital certificate corresponding to the signature information based on the signature information corresponding to the program, then sets the authority information corresponding to the digital certificate, and runs the program based on the set authority information. In other words, in the embodiment of the present invention, each time a program runs, the program needs to be checked and signed by a digital certificate, and after the program passes the checking and signing, the program is run based on the authority of the digital certificate set in real time, so that the system sets the running authority for the program to be run when the program starts to run, the running authorities corresponding to different programs executed by the same user may be different, and the running authorities of the same program for each running may also be different, so that the running security of the program can be improved.
The embodiment of the invention provides a device for program operation, which is suitable for the method embodiment. And are not limited herein.
An embodiment of the present invention provides an apparatus, which includes a memory, a processor, and a computer program that is stored in the memory and is executable on the processor, and is characterized in that when the processor executes the program, the method for executing the program according to any one of the first to third embodiments is implemented.
Compared with the prior art, the embodiment of the invention provides equipment, and when the starting operation of a program is detected, the embodiment of the invention reads the signature information corresponding to the program, then determines the digital certificate corresponding to the signature information based on the signature information corresponding to the program, then sets the authority information corresponding to the digital certificate, and operates the program based on the set authority information. In other words, in the embodiment of the present invention, each time a program runs, the program needs to be checked and signed by a digital certificate, and after the program passes the checking and signing, the program is run based on the authority of the digital certificate set in real time, so that the system sets the running authority for the program to be run when the program starts to run, the running authorities corresponding to different programs executed by the same user may be different, and the running authorities of the same program for each running may also be different, so that the running security of the program can be improved.
The embodiment of the invention provides equipment which is suitable for the method embodiment. And are not limited herein.
Those skilled in the art will appreciate that the present invention includes apparatus related to performing one or more of the operations described in the present application. These devices may be specially designed and manufactured for the required purposes, or they may comprise known devices in general-purpose computers. These devices have stored therein computer programs that are selectively activated or reconfigured. Such a computer program may be stored in a device (e.g., computer) readable medium, including, but not limited to, any type of disk including floppy disks, hard disks, optical disks, CD-ROMs, and magnetic-optical disks, ROMs (Read-Only memories), RAMs (Random Access memories), EPROMs (Erasable Programmable Read-Only memories), EEPROMs (Electrically Erasable Programmable Read-Only memories), flash memories, magnetic cards, or optical cards, or any type of media suitable for storing electronic instructions, and each coupled to a bus. That is, readable media includes any medium that stores or transmits information in a form readable by a device (e.g., a computer).
It will be understood by those within the art that each block of the block diagrams and/or flowchart illustrations, and combinations of blocks in the block diagrams and/or flowchart illustrations, can be implemented by computer program instructions. Those skilled in the art will appreciate that the computer program instructions may be implemented by a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, implement the features specified in the block or blocks of the block diagrams and/or flowchart illustrations of the present disclosure.
Those of skill in the art will appreciate that various operations, methods, steps in the processes, acts, or solutions discussed in the present application may be alternated, modified, combined, or deleted. Further, various operations, methods, steps in the flows, which have been discussed in the present application, may be interchanged, modified, rearranged, decomposed, combined, or eliminated. Further, steps, measures, schemes in the various operations, methods, procedures disclosed in the prior art and the present invention can also be alternated, changed, rearranged, decomposed, combined, or deleted.
The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A method of program execution, comprising:
when detecting that a program starts to run, reading signature information corresponding to the program;
determining a digital certificate corresponding to the signature information based on the signature information corresponding to the program;
verifying the signature of the program through the digital certificate, setting authority information corresponding to the digital certificate which is started at this time after the signature passes verification, and operating the program based on the set authority information;
and running the program based on the set authority information, including:
and determining the corresponding operating authority information of the program after the digital certificate is started according to the corresponding authority information of the digital certificate, and operating the program according to the operating authority information.
2. The method of claim 1, wherein the step of determining the digital certificate corresponding to the signature information based on the signature information corresponding to the program comprises at least one of:
determining a digital certificate corresponding to the signature information based on digital certificate identification information carried in the signature information corresponding to the program;
and sequentially verifying and signing the signature information corresponding to the program through each digital certificate stored in the system, and determining the digital certificate corresponding to the signature information.
3. The method according to claim 1 or 2, wherein the step of reading the signature information corresponding to the program comprises:
and reading signature information corresponding to the program from an external memory.
4. The method according to any one of claims 1-2, wherein the step of running the program based on the rights information comprises:
determining authority information corresponding to the program based on currently set authority information for the digital certificate and/or preset authority information for the digital certificate;
and running the program based on the determined authority information corresponding to the program.
5. The method of claim 2, wherein the signature information of the program further comprises: a ciphertext portion of the signature information;
the method for verifying the signature information corresponding to the signature program based on the digital certificate comprises the following steps:
performing a hash operation on the sequence of instructions of the program to obtain a hash operation result, and,
decrypting the ciphertext part of the signature information based on the public key information in the digital certificate to obtain a decryption result;
comparing the hash operation result with the decryption result;
and when the hash operation result is the same as the decryption result, determining that the program verification is successful.
6. An apparatus for program execution, comprising:
the reading module is used for reading the signature information corresponding to the program when the starting operation of the program is detected;
the determining module is used for determining a digital certificate corresponding to the signature information based on the signature information corresponding to the program read by the reading module;
the setting module is used for verifying the signature of the program through the digital certificate and setting the authority information corresponding to the digital certificate which is started at this time after the verification is passed;
the running module is used for running the program based on the authority information set by the setting module;
the running module is specifically configured to determine, according to the permission information corresponding to the digital certificate which is started this time, permission information of the program in running corresponding to the digital certificate which is started this time, and run the program according to the permission information in running.
7. The apparatus of claim 6,
the determining module is specifically configured to determine, based on digital certificate identification information carried in signature information corresponding to the program, a digital certificate corresponding to the signature information;
the determining module is specifically further configured to sequentially check and sign the signature information corresponding to the program through each digital certificate stored in the system, and determine the digital certificate corresponding to the signature information.
8. The device according to any one of claims 6 to 7, wherein the operation module specifically comprises: a determining unit and an operating unit;
the determining unit is used for determining the authority information corresponding to the program based on the currently set authority information aiming at the digital certificate and/or the preset authority information aiming at the digital certificate;
the running unit is used for running the program based on the determined authority information corresponding to the program.
9. The apparatus of claim 7, wherein the signature information of the program further comprises: a ciphertext portion of the signature information;
the device further comprises: a label checking module;
the signature verification module is used for performing hash operation on the sequence instruction of the program to obtain a hash operation result, and decrypting the ciphertext part of the signature information based on the public key information in the digital certificate to obtain a decryption result;
the signature verification module is further configured to compare the hash operation result with the decryption result;
and the signature verification module is further used for determining that the program signature verification is successful when the hash operation result and the decryption result are the same.
10. Program execution device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of program execution according to any of claims 1-5 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810211954.5A CN108427880B (en) | 2018-03-07 | 2018-03-07 | Program running method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810211954.5A CN108427880B (en) | 2018-03-07 | 2018-03-07 | Program running method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108427880A CN108427880A (en) | 2018-08-21 |
| CN108427880B true CN108427880B (en) | 2022-09-16 |
Family
ID=63158607
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810211954.5A Active CN108427880B (en) | 2018-03-07 | 2018-03-07 | Program running method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108427880B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7213266B1 (en) * | 2000-06-09 | 2007-05-01 | Intertrust Technologies Corp. | Systems and methods for managing and protecting electronic content and applications |
| CN101073098A (en) * | 2004-12-07 | 2007-11-14 | 皇家飞利浦电子股份有限公司 | System and method for application management on multi-application smart cards |
| CN103034796A (en) * | 2012-12-19 | 2013-04-10 | 福建联迪商用设备有限公司 | Method for grading authority of application program of intelligent terminal |
| CN103226482A (en) * | 2013-03-22 | 2013-07-31 | 深圳市九洲电器有限公司 | Method and device for guiding and starting set top box |
| CN106022098A (en) * | 2016-05-10 | 2016-10-12 | 青岛海信传媒网络技术有限公司 | Signature verification method and device for application |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7139911B2 (en) * | 2001-02-28 | 2006-11-21 | International Business Machines Corporation | Password exposure elimination for digital signature coupling with a host identity |
| US7152048B1 (en) * | 2002-02-07 | 2006-12-19 | Oracle International Corporation | Memphis: multiple electronic money payment highlevel integrated security |
| CN101872399B (en) * | 2010-07-01 | 2012-08-22 | 武汉理工大学 | Dynamic digital copyright protection method based on dual identity authentication |
| CN102340398A (en) * | 2010-07-27 | 2012-02-01 | 中国移动通信有限公司 | Security policy setting and determining method, and method and device for executing operation by application program |
| CN102468961A (en) * | 2010-11-18 | 2012-05-23 | 卓望数码技术(深圳)有限公司 | Distributive enterprise identification authentication method, system and embedded terminal |
| US9537854B2 (en) * | 2014-04-18 | 2017-01-03 | Symantec Corporation | Transmitting encoded digital certificate data to certificate authority using mobile device |
| CN105335197B (en) * | 2015-11-12 | 2019-02-12 | 珠海豹趣科技有限公司 | The starting control method and device of application program in terminal |
| CN107360126B (en) * | 2016-08-22 | 2020-03-24 | 天地融科技股份有限公司 | Method, system and terminal for logging in client by using graphic identification code |
| CN106130740B (en) * | 2016-08-31 | 2019-05-24 | 北京信安世纪科技股份有限公司 | Digital certificate synchronous method, digital signature server and digital certificate synchronization system |
-
2018
- 2018-03-07 CN CN201810211954.5A patent/CN108427880B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7213266B1 (en) * | 2000-06-09 | 2007-05-01 | Intertrust Technologies Corp. | Systems and methods for managing and protecting electronic content and applications |
| CN101073098A (en) * | 2004-12-07 | 2007-11-14 | 皇家飞利浦电子股份有限公司 | System and method for application management on multi-application smart cards |
| CN103034796A (en) * | 2012-12-19 | 2013-04-10 | 福建联迪商用设备有限公司 | Method for grading authority of application program of intelligent terminal |
| CN103226482A (en) * | 2013-03-22 | 2013-07-31 | 深圳市九洲电器有限公司 | Method and device for guiding and starting set top box |
| CN106022098A (en) * | 2016-05-10 | 2016-10-12 | 青岛海信传媒网络技术有限公司 | Signature verification method and device for application |
Non-Patent Citations (3)
| Title |
|---|
| Generating Correlated Digital Certificates:Framework and Applications;Wen-Tao Zhu等;《网页在线公开:https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7378493》;20160112;第1-11页 * |
| 一种基于智能卡的Android权限管理方法研究;李欣;《第27次全国计算机安全学术交流会》;20131029;第57-60页 * |
| 应用程序用户权限机制研究;贺慧萍等;《微计算机信息》;20051229(第27期);第19-21页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108427880A (en) | 2018-08-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10708062B2 (en) | In-vehicle information communication system and authentication method | |
| CN106534148B (en) | Access control method and device for application | |
| US9450947B2 (en) | Apparatus and method for securing a debugging session | |
| CN102196433B (en) | Method for cloning prevention of mobile communication device and mobile communication device | |
| US20160378457A1 (en) | Program update system and program update method | |
| CN101437067B (en) | Mobile terminal and method for implementing network and card locking | |
| EP2172866A1 (en) | Information processor and tampering verification method | |
| CN111404696B (en) | Collaborative signature method, security service middleware, related platform and system | |
| EP2693789B1 (en) | Mobile terminal encryption method, hardware encryption device and mobile terminal | |
| CN111984962A (en) | Firmware security verification method and device | |
| CN107360165B (en) | Terminal device, cloud server and method and device for managing and controlling operating system | |
| AU2019204724C1 (en) | Cryptography chip with identity verification | |
| CN107944234B (en) | Machine refreshing control method for Android equipment | |
| US20130117572A1 (en) | Portable electronic device, system and method for authenticating a document associated with a geographical location | |
| JP6387908B2 (en) | Authentication system | |
| CN112199644A (en) | Mobile terminal application program safety detection method, system, terminal and storage medium | |
| CN110224974B (en) | Interface authentication method based on third party access and related equipment | |
| CN111814132A (en) | Security authentication method and device, security authentication chip and storage medium | |
| JP2009080772A (en) | Software starting system, software starting method and software starting program | |
| US7926050B2 (en) | Secure method to update software in a security module | |
| US20170364711A1 (en) | Secure element | |
| CN108427880B (en) | Program running method and device | |
| CN104346299A (en) | Updating control method and device of mobile terminal | |
| CN114143197B (en) | OTA (over the air) upgrading method, device and equipment for Internet of things equipment and readable storage medium | |
| KR100780362B1 (en) | Apparatus and method for downloading sofrware in portable terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230516 Address after: Room 401, Floor 4, No. 2, Haidian East Third Street, Haidian District, Beijing 100080 Patentee after: Yuanxin Information Technology Group Co.,Ltd. Address before: 100176 room 2222, building D, building 33, 99 Kechuang 14th Street, Beijing Economic and Technological Development Zone, Daxing District, Beijing Patentee before: YUANXIN TECHNOLOGY |