CN109558739B - Program running method and device, terminal and readable medium - Google Patents

Program running method and device, terminal and readable medium Download PDF

Info

Publication number
CN109558739B
CN109558739B CN201710884605.5A CN201710884605A CN109558739B CN 109558739 B CN109558739 B CN 109558739B CN 201710884605 A CN201710884605 A CN 201710884605A CN 109558739 B CN109558739 B CN 109558739B
Authority
CN
China
Prior art keywords
sdk
program
key
host program
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710884605.5A
Other languages
Chinese (zh)
Other versions
CN109558739A (en
Inventor
冯广图
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201710884605.5A priority Critical patent/CN109558739B/en
Publication of CN109558739A publication Critical patent/CN109558739A/en
Application granted granted Critical
Publication of CN109558739B publication Critical patent/CN109558739B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/48Program initiating; Program switching, e.g. by interrupt
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The application discloses a program running method, a program running device, a terminal and a readable medium, and belongs to the field of information security. The method comprises the following steps: when a program starting signal is received, starting a first process by a host program; the host program starts a second process corresponding to the SDK through the first process, wherein the second process is a process independent of the first process; when receiving the function use signal, the host program calls an API (application programming interface) provided by the SDK through a first process; the second process acquires target data from the server according to the call; the second process provides program functionality to the first process based on the target data. According to the method and the device, the second process corresponding to the SDK is independent of the first process corresponding to the host, the technical problem that in the related technology, the host program can crack the SDK easily due to the fact that the SDK runs in the host process is solved, and the host program can only use the program function of the SDK through calling the API provided by the SDK and cannot directly access the second process corresponding to the SDK, so that the safety of the SDK is improved.

Description

Program running method and device, terminal and readable medium
Technical Field
The present application relates to the field of information security, and in particular, to a program running method, an apparatus, a terminal, and a readable medium.
Background
SDK (Software Development Kit) is a collection of Development tools used in building application Software. Typically, software vendors encapsulate some basic program functions and provide API interfaces out through the SDK.
For example, the software vendor a provides the SDK to the software vendor B, and the software vendor B may perform secondary development based on the SDK to develop a host program based on the SDK. After the host program is started, the terminal runs the process related to the SDK in the host process, and the SDK is invisible to the ordinary user. The ordinary user can only observe the operation of the host process and use various functions of the host process based on the host process.
Because the SDK runs in the host process, if the host program is developed by malicious personnel, the SDK is easy to crack through the host program. For example, the SDK interacts with the server for important data that the host program can easily listen to.
Disclosure of Invention
The embodiment of the invention provides a program running method, a program running device, a terminal and a readable medium, and solves the problems in the prior art. The technical scheme is as follows:
in a first aspect, a program running method is provided, which is applied to a terminal installed with a host program, where the host program is a program that is developed secondarily based on an SDK, and the method includes:
when a program starting signal is received, the host program starts a first process;
the host program starts a second process corresponding to the SDK through the first process, wherein the second process is a process independent of the first process;
when a function use signal is received, the host program calls an API (application programming interface) provided by the SDK through the first process;
the second process acquires target data from the server according to the call;
the second process provides program functionality to the first process based on the target data.
In a second aspect, a program running apparatus is provided, which is applied to a terminal including a host program module, the apparatus includes the host program module and an SDK module, the host program module is a program module that performs secondary development based on the SDK module, a first process runs in the host program module, a second process runs in the SDK module, and the second process is independent of the first process;
the host program module is used for starting the first process when receiving a program starting signal; starting the second process by the first process; when a function use signal is received, calling an API (application programming interface) provided by the SDK through the first process;
the SDK module is used for acquiring target data from a server through the second process according to the call; providing a program function to the first process according to the target data.
In a third aspect, a terminal is provided, which includes a processor and a memory, where at least one instruction, at least one program, a set of codes, or a set of instructions is stored in the memory, and the at least one instruction, the at least one program, the set of codes, or the set of instructions is loaded and executed by the processor to implement the program execution method according to the first aspect.
In a fourth aspect, a computer-readable storage medium is provided, wherein at least one instruction is stored in the storage medium, and the instruction is loaded and executed by a processor to implement the program execution method according to the first aspect.
The technical scheme provided by the embodiment of the invention has the following beneficial effects:
the second process corresponding to the SDK is independent of the first process corresponding to the host, so that the technical problem that a host program can crack the SDK easily because the SDK runs in the host process in the related technology is solved, and the host program can only use the program function of the SDK by calling an API (application programming interface) provided by the SDK and cannot directly access the second process corresponding to the SDK, so that the host program cannot monitor the running condition of the SDK and a data packet communicated between the SDK and the server, and the safety of the SDK is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of an implementation environment related to a program execution method according to an embodiment of the present application;
FIG. 2 is a flowchart of a method for executing a program according to an embodiment of the present application;
FIG. 3 is a block diagram of a host program provided by one embodiment of the present application;
FIG. 4 is an interaction diagram of a host program and an SDK provided by an embodiment of the present application;
FIG. 5 is a flowchart of a method for executing a program according to another embodiment of the present application;
FIG. 6 is a flowchart of a method for executing a program according to another embodiment of the present application;
FIG. 7 is a flowchart of a method for executing a program according to another embodiment of the present application;
fig. 8 is a block diagram of a program running apparatus according to an embodiment of the present application;
fig. 9 is a block diagram of a terminal according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
Reference will first be made to a number of terms to which this application refers:
SDK (Software Development Kit, Software tool Development Kit): is a collection of development tools used in building application software. Typically, software vendors encapsulate some basic program functions and provide API function interfaces out through the SDK.
Host program: the SDK is integrated after being secondarily developed by a program developer, and the program is vividly called a host program because the SDK is built in the program.
API Interface (Application Programming Interface): is a function preset by the SDK and is used for providing a function interface for accessing the program function of the SDK for the host program based on the SDK.
Symmetric key: also known as private key encryption, i.e., both the sending and receiving parties use the same key to encrypt and decrypt the plaintext. The symmetric key encryption algorithm mainly comprises the following steps: DES (Data Encryption Standard), 3DES (Triple DES, Triple Data Encryption Algorithm), IDEA (International Data Encryption Algorithm), FEAL (Fast Data Encryption Algorithm), Blowfish (symmetric key packet Encryption Algorithm), and the like.
Asymmetric encryption key: the Key management system comprises a group of Public keys (Public keys) and Private keys (Private keys), wherein the Public keys refer to Public keys, and are not required to be kept secret, and a decrypter can obtain the Public keys through various channels; the private key is a key held only by the encryption party itself and needs to be kept secret.
Socket interface: is an API interface and encapsulates the TCP/IP protocol.
Jce (java cryptographic extension): a data packet for providing encryption, key generation and negotiation functions may provide encryption support for symmetric, asymmetric, block and stream ciphers.
GUID (global Unique Identifier): is an algorithmically generated numeric identifier of 128 bits (and possibly other numbers of bits) in binary length. GUID is used mainly to uniquely identify a device in a network or system having multiple nodes and multiple computers. Ideally, no computer or cluster of computers will generate two identical GUIDs.
Root (highest operating authority): the Root user is a super administrator with the highest privilege in the operating system, and has the privilege equivalent to that of the operating system.
Simulator (Simulator): the software simulation system is also called as an emulator, and is mainly used for simulating functions of a hardware processor and programs of an instruction system through software so that an electronic computer or other terminals (tablet computers and mobile terminals) can run software on other terminals.
Referring to fig. 1, a schematic diagram of an implementation environment related to a program execution method according to an embodiment of the present application is shown, and as shown in fig. 1, the implementation environment includes: SDK provider 110, host program developer 120, host program distribution platform 130, and terminal 140. The SDK provider 110 and the host program developer 120 may be connected to each other through a wired or wireless network, and the host program developer 120 and the host program distribution platform 130 may be connected to each other through a wired or wireless network. The SDK provider 110 is configured to generate an SDK and send the SDK to the host developer 120, and the SDK provider may be a server of the SDK provider. The host program developer 120 may be a terminal such as a mobile phone, a tablet computer, or a computer, or may be a workstation or a server. The host program publishing platform 130 is used for publishing the host program, for example, the host program publishing platform 130 may be an application platform Apple Store of Apple, an application platform Google Play of Google, an application platform application treasure of Tencent, and the like. The terminal 140 is used for downloading the host program from the host program distribution platform 130 and running the host program, and the terminal 140 may be a mobile phone, a tablet computer, a personal digital assistant, and the like.
Referring to fig. 2, a flowchart of a method for executing a program according to an embodiment of the present application is shown. In this embodiment, for example, the program running method is applied to the terminal 140 shown in fig. 1, and the method includes:
in step 201, when a program start signal is received, the host program starts a first process.
When a user needs to use the host program, the user clicks the icon of the host program, the host program receives a starting signal generated by clicking the icon by the user, and the first process is started. Wherein the first process is a process running in the host program and associated with a program function provided by the SDK.
In step 202, the host program starts a second process corresponding to the SDK through the first process, where the second process is a process independent from the first process.
And when the first process is started, the first process starts a second process corresponding to the SDK, wherein the second process is operated in the SDK and is independent of the processes except the first process.
In step 203, when the function use signal is received, the host program calls an API interface provided by the SDK through the first process.
When a user needs to use the program function provided by the SDK, the program function icon related to the host program is clicked, the host program receives a function use signal generated by clicking the program function icon by the user, and the API interface provided by the SDK is called through the first process. The program function icon is a certain program function icon in the host program, and the program function provided by the program function icon is based on the program function provided by the SDK and does not generally refer to all program functions in the host program.
As shown in fig. 3, in this embodiment, the SDK is packaged to open an API interface to the host program, the second process corresponding to the SDK communicates with the server independently, and the host program can call the API interface provided by the SDK through the corresponding first process to obtain the program function related to the SDK.
For example, as shown in FIG. 4, the host program is an application program with an automatic connection Wi-Fi function. The host program can be written by adopting a Jave language, the first process corresponding to the host program can be a Java process, the SDK can provide the function of automatically connecting Wi-Fi by running a Native process, and the API interface between the Java process of the host program and the Native process of the SDK can be a Socket interface. Optionally, the API interface further comprises a set of JCE packets for providing encryption, key generation, and negotiation functions.
In step 204, the second process obtains the target data from the server according to the call.
And the second process corresponding to the SDK acquires the target data from the server according to the call of the first process, and the host program cannot monitor the data exchange between the second process and the server because the second process is a process independent of the first process.
For example, as shown in FIG. 4, the target data may be a Wi-Fi password corresponding to the wireless router. The method comprises the steps that a Java process corresponding to a host program starts Wi-Fi list scanning, a specified Wi-Fi function of a Native process is called through a Socket interface, the Native process corresponding to an SDK obtains a Wi-Fi password from a server through connection and communication with the server, the Wi-Fi password is cached through Map, and a corresponding wireless router is connected through the Wi-Fi password. The password is only appeared and stored in the Native process, and the Java process cannot access and monitor the Native process.
In step 205, the second process provides program functionality to the first process based on the target data.
And the second process corresponding to the SDK executes the program function through the target data acquired from the server, and the first process corresponding to the host program executes the first process corresponding to the host program through the program function provided by the second process acquired from the API.
For example, as shown in fig. 4, after the Native process is connected to the Wi-Fi, information of the wireless router available for connection is sent to the Java process, and the Java process is automatically connected to the wireless router corresponding to the Wi-Fi password through the Socket interface by using the Native process, so that the function of automatically connecting to the Wi-Fi is realized. After the function of automatically connecting the wireless router is realized, a Native process generates a Wificonfig file and adds the Wificonfig file into an operating system through a Binder (interprocess communication), and a Java process monitors the Wi-Fi connection state through the Wificonfig file.
To sum up, in the embodiment of the present application, the second process corresponding to the SDK is independent of the first process corresponding to the host, so that a technical problem that the host program can easily crack the SDK due to the fact that the SDK runs in the host process in the related art is solved, and the host program cannot monitor the running condition of the SDK and a data packet communicated between the SDK and the server because the host program can only use the program function of the SDK by calling the API provided by the SDK, but cannot directly access the second process corresponding to the SDK, thereby improving the security of the SDK.
Referring to fig. 5, a flowchart of a method for executing a program according to another embodiment of the present application is shown. In this embodiment, for example, the program running method is applied to the terminal 140 shown in fig. 1, and the method includes:
in step 501, when a program start signal is received, a host program starts a first process
When a user needs to use the host program, the user clicks the icon of the host program, the host program receives a starting signal generated by clicking the icon by the user, and the first process is started. Wherein the first process is a process running in the host program and related to the SDK providing program function.
In step 502, the host program initializes the API interface of the SDK.
Before the host program calls the API interface of the SDK, the host program firstly needs to initialize the API interface of the SDK, and in the initialization process, a section of code in the SDK runs in a first process corresponding to the host program and is used for detecting whether potential safety hazards exist in the running environment of the host program.
Optionally, the SDK detects whether a potential safety hazard exists in the runtime environment through a first process, and includes at least one of steps 503 to 505. The present embodiment is illustrated as including all three steps.
In step 503, the SDK detects whether the current account in the terminal has acquired the highest operation permission.
The SDK detects whether the current account corresponding to the terminal acquires the highest operation permission, namely whether the system account currently logged in is a Root account is judged, and the Root account has the highest permission of the system, so that the host system can bypass the API interface to directly access and monitor the second process of the SDK, and potential safety hazards are caused.
Therefore, when the host program initializes the API of the SDK, the SDK needs to detect whether the current account acquires the highest operation permission, and if the detection result is that the current account acquires the highest operation permission, step 506b is performed. If the detection result is that the current account does not obtain the highest operation permission, step 503 is entered, or step 506a is entered.
In an optional embodiment, since the terminal that obtains the highest operation permission generates an SU binary executable file, the SDK determines whether the current account obtains the highest operation permission by detecting whether the terminal has the SU binary executable file.
In step 504, the SDK detects whether the terminal is a terminal virtualized by the emulator.
The SDK detects whether the terminal is a terminal virtualized by the simulator. Because the terminal virtualized by the simulator can bypass the network security standard that relies on hardware to function, for example, the host program can bypass the API to directly access and listen to the second process of the SDK, thereby posing a security risk.
Therefore, when initializing the API interface, the SDK needs to detect whether the current account is the terminal virtualized by the emulator, and if the detection result is that the current terminal is the terminal virtualized by the emulator, step 506b is performed; if the detection result is that the current terminal is not the terminal virtualized by the simulator, step 505 is entered, or step 506a is entered.
In an optional embodiment, the SDK determines whether the terminal is a terminal virtualized by the simulator by calling a hardware component of the terminal, such as a hardware component of the terminal calling a sensor, a camera, a gyroscope, bluetooth, or the like, and if the calling fails, determines that the terminal is the terminal virtualized by the simulator; and if the calling is successful, determining that the terminal is the entity hardware.
In step 505, the SDK detects whether a first process corresponding to the host program is traced.
The SDK detects whether a first process corresponding to the host program and/or a process related to the SDK is tracked, if the first process corresponding to the host program is tracked, information leakage may be caused when the first process calls the API, and potential safety hazards are caused. If the SDK detects that the first process corresponding to the host program is tracked, step 505b is entered; if the SDK detects that the first process corresponding to the host program is not traced, step 506a is entered.
The tracer strand is often used to track system calls and received signals while the process is executing. In the Linux system or the Android system, a process cannot directly access a hardware device, when the process needs to access the hardware device (for example, network data is received, and the like), the process must be switched from a user mode to a kernel mode, the hardware device is accessed through a system call, and a Strace program can track a system call generated by one process, including parameters, return values, execution time and the like, so that when the first process is tracked, the Strace program can bypass an API interface to obtain information stored in the SDK.
In an optional embodiment, the SDK determines whether the first process corresponding to the host program is tracked by detecting whether the terminal has the tracking information, and if so, determines that the first process corresponding to the host program is tracked; if the first process does not have the tracking information, the first process corresponding to the host program is determined not to be tracked.
In step 506a, the SDK initiates a second process through the first process.
After determining that the currently running environment has no potential safety hazard, the SDK starts a second process through the first process.
In step 506b, the API interface initialization fails.
After the host program initializes the API interface of the SDK, the host program determines that the initialization of the API interface fails if any one of the following conditions is met: the current account number obtains the highest operation authority, and the terminal is a terminal virtualized by the simulator, or a first process corresponding to the host program is tracked.
If the API interface fails to be initialized, the SDK returns initialization failure information to the host program, and the first process corresponding to the host program cannot call the API interface of the SDK.
In step 507, when the function use signal is received, the host program calls an API interface provided by the SDK through the first process.
When a user needs to use the program function provided by the SDK, the program function icon related to the host program is clicked, the host program receives a function use signal generated by clicking the program function icon by the user, and the API interface provided by the SDK is called through the first process. The program function icon is a certain program function icon in the host program, and the program function provided by the program function icon is based on the program function provided by the SDK and does not generally refer to all program functions in the host program.
In step 508, a second process obtains the target data from the server according to the call, the second process being a process independent from the first process.
And the second process corresponding to the SDK acquires the target data from the server according to the call of the first process. Optionally, the target data is related to a program function provided by the SDK, the target data being confidential data. Wherein the second process is an external process independent of the first process.
In step 509, the second process provides program functionality to the first process based on the target data.
And the second process corresponding to the SDK executes the program function through the target data acquired from the server, and the first process corresponding to the host program executes the first process corresponding to the host program through the program function provided by the second process acquired from the API.
Illustratively, the operating system of the terminal is an Android system, the second process corresponding to the SDK is a Native process, the Native process receives Native isolation protection and reinforcement protection of the operating system, and the first process corresponding to the host process cannot access or monitor the running condition of the second process.
To sum up, in the embodiment of the present application, the second process corresponding to the SDK is independent of the first process corresponding to the host, so that a technical problem that the host program can easily crack the SDK due to the fact that the SDK runs in the host process in the related art is solved, and the host program cannot monitor the running condition of the SDK and a data packet communicated between the SDK and the server because the host program can only use the program function of the SDK by calling the API provided by the SDK, but cannot directly access the second process corresponding to the SDK, thereby improving the security of the SDK.
Furthermore, in the embodiment of the application, the API interface is initialized before the API interface is called by the first process corresponding to the host program, and the SDK detects whether the operating environment of the API interface has a potential safety hazard through the first process corresponding to the host program, so that the problem of the potential safety hazard caused by calling the API interface of the SDK by the host program in the operating environment with the potential safety hazard is solved, and the security of the SDK is further improved.
In an alternative embodiment, when the second process corresponding to the SDK communicates with the server, the second process may communicate with the server by using a combination of "asymmetric encryption and symmetric encryption". The asymmetric encryption is used for negotiating an encryption key between the second process corresponding to the SDK and the server, and the symmetric encryption is used for encrypting the session data packet between the second process corresponding to the SDK and the server.
Referring to fig. 6, a flowchart of a method for executing a program according to another embodiment of the present application is shown. In this embodiment, for example, the program running method is applied to the terminal 140 shown in fig. 1, and the method includes:
in step 601, when a program start signal is received, the host program starts a first process
When a user needs to use the host program, the user clicks the icon of the host program, the host program receives a starting signal generated by clicking the icon by the user, and the first process is started. Wherein the first process is a process running in the host program and related to the SDK providing program function.
In step 602, the host program starts a second process corresponding to the SDK through the first process
And when the first process is started, the first process starts a second process corresponding to the SDK, wherein the second process is operated in the SDK and is independent of the processes except the first process.
In step 603, when the function use signal is received, the host program calls an API interface provided by the SDK through the first process.
When a user needs to use the program function provided by the SDK, the program function icon related to the host program is clicked, the host program receives a function use signal generated by clicking the program function icon by the user, and the API interface provided by the SDK is called through the first process. The program function icon is a certain program function icon in the host program, and the program function provided by the program function icon is based on the program function provided by the SDK and does not generally refer to all program functions in the host program.
In step 604, the second process detects whether a symmetric encryption key exists.
Before a second process corresponding to the SDK acquires target data from the server according to the call, the second process needs to detect a symmetric encryption key between the SDK and the server.
Firstly, the second process detects whether a symmetric encryption key exists in the SDK, and if so, the step 605 or the step 612 is carried out; if not, go to step 606.
In step 605, the second process detects whether the existence duration of the symmetric encryption key reaches the preset effective duration.
Generally, symmetric encryption keys are used for too long a time, which increases the chance of hacking for an attacker. In order to ensure safety, the symmetric encryption key has certain time efficiency, if the time efficiency is exceeded, the symmetric encryption key can be invalid, and the symmetric encryption key needs to be regenerated.
Therefore, the second process detects whether the time length of the symmetric encryption key in the SDK reaches the preset effective time length or not; if yes, go to step 606; if not, go to step 612.
In step 606, the second process generates a random number.
If the second process does not detect the symmetric encryption key in the SDK, and/or the second process detects that the symmetric encryption key in the SDK reaches the preset effective duration, a random number is generated, and the random number is used as the symmetric encryption key in the session.
In step 607, the second process encrypts the random number with the private key in the asymmetric encryption to obtain the first encryption result.
The second process encrypts the random number through a private key in the asymmetric encryption in the SDK to obtain a first encryption result. In the embodiment of the application, the information sent by the SDK to the server is encrypted by a private key in the asymmetric encryption in the SDK and decrypted by a public key in the asymmetric encryption stored at the server. When the host program developer obtains the SDK from the SDK provider, the private key in the asymmetric encryption is already contained in the SDK, and the public key in the asymmetric encryption is stored in the server.
The asymmetric key comprises a set of public and private keys. The public key is a public key, and a decryptor can obtain the public key through various channels without secrecy; the private key is a key held only by the encryption party itself and needs to be kept secret. One public key corresponds to one private key; the public key and the private key jointly form an asymmetric encryption mode. The asymmetric encryption mode means that information encrypted by a public key can only be decrypted by a corresponding private key, and information encrypted by the private key can only be decrypted by the corresponding public key. That is, the keys used for encryption and decryption are not the same.
Such as: assuming that A needs to send encrypted information to B, A needs to acquire a public key corresponding to B first, then encrypts the information to be sent by using the public key corresponding to B and sends the encrypted information to B, and after B receives the encrypted information sent by A, B needs to use a private key corresponding to B to decrypt the encrypted information and acquire the content in the encrypted information. Since the private key corresponding to B is owned only by B itself, the encrypted information sent by a is secure.
In step 608, the second process sends the first encryption result to the server.
And the second process encrypts the random number by a private key in the asymmetric encryption in the SDK to obtain a first encryption result, and then sends the first encryption result to the server through a wired or wireless network.
And after the server obtains the first encryption result, decrypting the first encryption result through the public key in the asymmetric encryption stored in the server to obtain a decryption result. And according to the random number in the decryption result, the random number is used as a key to be verified, and the key to be verified and the session identification of the session are encrypted through a public key in asymmetric encryption to obtain a second encryption result.
Wherein, each session of the second process and the server corresponds to a session identifier and a symmetric key.
In step 609, the second process receives the second encryption result sent by the server.
And the server encrypts the key to be verified and the session identifier through a public key in the asymmetric encryption to obtain a second encryption result, and then sends the second encryption result to a second process corresponding to the SDK through a wired or wireless network.
In step 610, the second process decrypts the second encrypted result through the asymmetric private encryption key to obtain the session identifier and the key to be verified.
And the second process corresponding to the SDK decrypts the second encryption result through the private key in the asymmetric encryption to obtain the session identifier and the key to be verified.
In step 611, the second process determines the key to be verified as the symmetric encryption key of the session when determining that the random number and the key to be verified match.
And after obtaining the key to be verified, the second process corresponding to the SDK determines whether the key to be verified is matched with the random number (namely whether the key to be verified is the same as the random number), and if the key to be verified is matched with the random number, the key to be verified is used as a symmetric encryption key of the session.
In step 612, the second process detects whether a GUID exists in the terminal.
And the second process detects whether the GUID corresponding to the terminal exists in the server. The GUID is a unique identifier corresponding to the terminal generated by the server through an algorithm, and the server identifies the terminal and establishes a session with the SDK through the GUID. If the second process does not detect the GUID corresponding to the terminal, step 613 is entered; if the second process detects the GUID corresponding to the terminal, step 614 is entered.
In step 613, the second process transmits the device information of the terminal to the server.
If the GUID does not exist in the terminal, the second process sends the equipment information to the server, and the server registers the GUID of the terminal according to the equipment information, wherein the equipment information comprises but is not limited to: at least one of the equipment identification, the operating system type, the operating system version number, the type of the current internet environment and the current geographic position.
In step 614, the second process obtains the target data from the server through the session connection encrypted by the symmetric encryption key.
And after receiving the request of the second process, the server encrypts the target data through the symmetric encryption key and then sends the encrypted target data to the second process corresponding to the SDK.
In step 615, the second process provides program functionality to the first process based on the target data.
And after the second process obtains the target data encrypted by the symmetric encryption key, decrypting the encrypted target data by the symmetric encryption key to obtain the target data, and providing a program function for the first process by the target data.
For example, the target data may be a Wi-Fi password corresponding to the wireless router. The second process sends a request to the server, the request is to request the server to send a Wi-Fi password corresponding to the wireless router, the server receives the request of the second process, the Wi-Fi password is encrypted through a symmetric encryption key and then sent to the second process, the second process decrypts the encrypted Wi-Fi password through the symmetric encryption key after obtaining the encrypted Wi-Fi password to obtain the Wi-Fi password corresponding to the wireless router, the Wi-Fi password is connected with the corresponding wireless router through the Wi-Fi password, and the first process is automatically connected with the wireless router through the second process corresponding to the SDK through the API interface.
To sum up, in the embodiment of the present application, the second process corresponding to the SDK is independent of the first process corresponding to the host, so that a technical problem that the host program can easily crack the SDK due to the fact that the SDK runs in the host process in the related art is solved, and the host program cannot monitor the running condition of the SDK and a data packet communicated between the SDK and the server because the host program can only use the program function of the SDK by calling the API provided by the SDK, but cannot directly access the second process corresponding to the SDK, thereby improving the security of the SDK.
Furthermore, in the embodiment of the application, by combining the asymmetric encryption algorithm with the symmetric encryption algorithm, the asymmetric encryption is used for negotiating the encryption key between the second process corresponding to the SDK and the server at intervals, and the symmetric encryption is used for encrypting the session data packet between the second process corresponding to the SDK and the server, so that the problem of large calculation amount caused by only asymmetric encryption of each session or the problem of low security performance caused by only symmetric encryption of each session is solved, and the security of the session between the second process corresponding to the SDK and the server is improved by asymmetrically encrypting the private key on the basis of small calculation amount.
Referring to fig. 7, a flowchart of a method for executing a program according to another embodiment of the present application is shown. In this embodiment, for example, the program running method is applied to the terminal 140 shown in fig. 1, and the method includes:
in step 701, when a program start signal is received, the host program starts a first process
When a user needs to use the host program, the user clicks the icon of the host program, the host program receives a starting signal generated by clicking the icon by the user, and the first process is started. Wherein the first process is a process running in the host program and related to the SDK providing program function.
In step 702, the host program initializes the API interface of the SDK. Before the host program calls the API interface of the SDK, the host program firstly needs to initialize the API interface of the SDK, and in the initialization process, a section of code in the SDK runs in a first process corresponding to the host program and is used for detecting whether potential safety hazards exist in the running environment of the host program.
Optionally, the SDK detects whether a potential safety hazard exists in the operating environment through a first process, and includes at least one of steps 703 to 705. The present embodiment is illustrated as including all three steps.
In step 703, the SDK detects whether the current account in the terminal has acquired the highest operation permission.
The SDK detects whether the current account corresponding to the terminal acquires the highest operation permission, namely whether the system account currently logged in is a Root account is judged, and the Root account has the highest permission of the system, so that the host system can bypass the API interface to directly access and monitor the second process of the SDK, and potential safety hazards are caused.
Therefore, when the host program initializes the API of the SDK, the SDK needs to detect whether the current account acquires the highest operation permission, and if the detection result is that the current account acquires the highest operation permission, step 706b is performed; if the detection result is that the current account does not obtain the highest operation permission, step 704 is entered, or step 706a is entered.
In an optional embodiment, since the terminal that obtains the highest operation permission generates an SU binary executable file, the SDK determines whether the current account obtains the highest operation permission by detecting whether the terminal has the SU binary executable file.
In step 704, the SDK detects whether the terminal is a terminal virtualized by the emulator.
The SDK detects whether the terminal is a terminal virtualized by the simulator. Because the terminal virtualized by the simulator can bypass the network security standard that relies on hardware to function, for example, the host program can bypass the API to directly access and listen to the second process of the SDK, thereby posing a security risk.
Therefore, when initializing the API interface, the SDK needs to detect whether the current terminal is the terminal virtualized by the simulator, and if the detection result is that the current terminal is the terminal virtualized by the simulator, step 706b is performed; if the detection result is that the current terminal is not the terminal virtualized by the simulator, step 705 is entered, or step 706a is entered.
In an optional embodiment, the SDK determines whether the terminal is a terminal virtualized by the simulator by calling a hardware component of the terminal, such as a hardware component of the terminal calling a sensor, a camera, a gyroscope, bluetooth, or the like, and if the calling fails, determines that the terminal is the terminal virtualized by the simulator; and if the calling is successful, determining that the terminal is the entity hardware.
In step 705, the SDK checks whether the first process corresponding to the host program is traced.
The SDK detects whether a first process corresponding to the host program and/or a process related to the SDK is tracked, if the first process corresponding to the host program is tracked, information leakage may be caused when the first process calls the API, and potential safety hazards are caused. If the SDK detects that the first process corresponding to the host program is tracked, step 706b is entered; if the SDK detects that the first process corresponding to the host program is not traced, step 706a is entered.
The tracer strand is often used to track system calls and received signals while the process is executing. In the Linux system or the Android system, a process cannot directly access a hardware device, when the process needs to access the hardware device (for example, network data is received, and the like), the process must be switched from a user mode to a kernel mode, the hardware device is accessed through a system call, and a Strace program can track a system call generated by one process, including parameters, return values, execution time and the like, so that when the first process is tracked, the Strace program can bypass an API interface to obtain information stored in the SDK.
In an optional embodiment, the SDK determines whether the first process corresponding to the host program is traced by detecting whether the terminal has the trace information, and if so, determines that the first process corresponding to the host program is traced, and if not, determines that the first process corresponding to the host program is not traced.
In step 706a, the SDK initiates a second process through the first process.
After determining that the currently running environment has no potential safety hazard, the SDK starts a second process through the first process.
In step 706b, the API interface initialization fails.
After the host program initializes the API interface of the SDK, the host program determines that the initialization of the API interface fails if any one of the following conditions is met: the current account number obtains the highest operation authority, and the terminal is a terminal virtualized by the simulator, or a first process corresponding to the host program is tracked.
If the API interface fails to be initialized, the SDK returns initialization failure information to the host program, and the first process corresponding to the host program cannot call the API interface of the SDK.
In step 707, the first process corresponding to the host program calls an API interface provided by the SDK.
When a user needs to use the program function provided by the SDK, the program function icon related to the host program is clicked, the host program receives a function use signal generated by clicking the program function icon by the user, and the API interface provided by the SDK is called through the first process. The program function icon is a certain program function icon in the host program, and the program function provided by the program function icon is based on the program function provided by the SDK and does not generally refer to all program functions in the host program.
In step 708, the second process detects whether a symmetric encryption key is present.
Before a second process corresponding to the SDK acquires target data from the server according to the call, a symmetric encryption key between the SDK and the server needs to be detected. Firstly, the second process detects whether a symmetric encryption key exists in the SDK, and if so, the step 709 or the step 711 is carried out; if not, go to step 710.
In step 709, the second process detects whether the existence duration of the symmetric encryption key reaches the preset effective duration.
Generally, symmetric encryption keys are used for too long a time, which increases the chance of hacking for an attacker. In order to ensure security, the symmetric encryption key usually has a certain time limit, and if the time limit is exceeded, the symmetric key is invalid, and the symmetric key needs to be regenerated.
Therefore, the second process detects whether the time length of the symmetric encryption key in the SDK reaches the preset effective time length or not; if yes, go to step 710; if not, step 711 is entered.
In step 710, the second process negotiates a symmetric encryption key for the session with the server via the asymmetric encryption private key.
If the second process does not detect the symmetric encryption key in the SDK, and/or the second process detects that the symmetric encryption key in the SDK reaches the preset effective duration, a random number is generated, and the random number is used as the symmetric encryption key in the session.
The second process encrypts the random number through a private key in the asymmetric encryption in the SDK to obtain a first encryption result.
And the second process encrypts the random number through a private key in the asymmetric encryption in the SDK to obtain a first encryption result. In the embodiment of the application, the communication between the SDK and the server is encrypted by a private key in the asymmetric encryption in the SDK and decrypted by a public key in the asymmetric encryption stored in the server. When the host program developer obtains the SDK from the SDK provider, the private key in the asymmetric encryption is already contained in the SDK, and the public key in the asymmetric encryption is stored in the server.
And the second process encrypts the random number by a private key in the asymmetric encryption in the SDK to obtain a first encryption result, and then sends the first encryption result to the server through a wired or wireless network.
And after the server obtains the first encryption result, decrypting the first encryption result through the public key stored in the asymmetric encryption in the server to obtain a decryption result. And according to the random number in the decryption result, the random number is used as a key to be verified, and the key to be verified and the session identifier are encrypted through a public key in asymmetric encryption to obtain a second encryption result.
And the server encrypts the key to be verified and the session identifier through a public key in the asymmetric encryption to obtain a second encryption result, and then sends the second encryption result to a second process corresponding to the SDK through a wired or wireless network.
And the second process corresponding to the SDK decrypts the second encryption result through the private key in the asymmetric encryption to obtain the session identifier and the key to be verified.
And after obtaining the key to be verified, the second process corresponding to the SDK determines whether the key to be verified is matched with the random number (namely whether the key to be verified is the same as the random number), and if the key to be verified is matched with the random number, the key to be verified is used as a symmetric encryption key of the session.
In an optional embodiment, the second process detects whether a GUID exists in the terminal, and if the second process does not detect the GUID corresponding to the terminal, the second process sends the device information to the server, and the server registers the GUID of the terminal according to the device information, where the device information includes, but is not limited to: at least one of equipment identification, operating system type, operating system version number, type of current internet environment and current geographic position; if the second process detects the GUID corresponding to the terminal, step 711 is entered.
In step 711, the second process obtains the target data from the server through the session connection encrypted by the symmetric encryption key.
And after receiving the request of the second process, the server encrypts the target data through the symmetric encryption key and then sends the encrypted target data to the second process corresponding to the SDK.
In step 712, the second process provides program functionality to the first process based on the target data.
And after the second process obtains the target data encrypted by the symmetric encryption key, decrypting the encrypted target data by the symmetric encryption key to obtain the target data, and providing a program function for the first process by the target data.
To sum up, in the embodiment of the present application, the second process corresponding to the SDK is independent of the first process corresponding to the host, so that a technical problem that the host program can easily crack the SDK due to the fact that the SDK runs in the host process in the related art is solved, and the host program can only use the program function of the SDK by calling the API provided by the SDK, but cannot directly access the second process corresponding to the SDK, so that the host program cannot monitor the running condition of the SDK and the data packet communicated between the SDK and the server, thereby improving the security of the SDK
Furthermore, in the embodiment of the application, the API interface is initialized before the API interface is called by the first process corresponding to the host program, and the SDK detects whether the operating environment of the API interface has a potential safety hazard through the first process corresponding to the host program, so that the problem of the potential safety hazard caused by calling the API interface of the SDK by the host program in the operating environment with the potential safety hazard is solved, and the security of the SDK is further improved.
Furthermore, in the embodiment of the present application, by combining the asymmetric encryption algorithm with the symmetric encryption algorithm, the asymmetric encryption is used to negotiate an encryption key between the second process corresponding to the SDK and the server at intervals, and the symmetric encryption is used to encrypt the session data packet between the second process corresponding to the SDK and the server, so that the problem of large calculation amount caused by only asymmetric encryption in each session or the problem of low security performance caused by only symmetric encryption in each session is solved, and the security of the session between the second process corresponding to the SDK and the server is improved on the basis of small calculation amount.
Referring to fig. 8, a block diagram of a program running apparatus according to another embodiment of the present application is shown. In this embodiment, the program running apparatus is applied to the terminal 140 shown in fig. 1 as an example, the apparatus includes a host program module 801 and an SDK module 802, a first process runs in the host program module 801, and a second process runs in the SDK module, where the host program module 801 is a program module that is secondarily developed based on the SDK module 802.
A host program module 801, configured to start a first process when receiving a program start signal; starting a second process through the first process; when a function using signal is received, calling an API (application programming interface) provided by the SDK module through a first process;
the SDK module 802 is configured to obtain target data from a server through a second process according to the call; program functionality is provided to the first process based on the target data.
In an alternative embodiment, the host program module 801 is further configured to:
initializing an API (application programming interface) of the SDK module 802 after starting;
the SDK module 802 is further configured to detect whether a potential safety hazard exists in a running environment in the terminal through the first process when the host program module 801 initializes an API interface of the SDK module 802; and when the operating environment has no potential safety hazard, starting the second process.
In an optional embodiment, the SDK module 802 is further configured to detect, through the first process, whether the current account in the terminal obtains the highest operation permission;
and/or;
the SDK module 802 is further configured to detect whether the terminal is a terminal virtualized by the simulator through a first process;
and/or;
the SDK module 802 is further configured to detect, by the first process, whether the first process corresponding to the host program is tracked.
In an alternative embodiment, the SDK module 802 is further configured to:
negotiating a symmetric encryption key of the session with the server through the asymmetric encryption private key through a second process;
and acquiring target data from the server through session connection encrypted by the symmetric encryption key through the second process.
In an alternative embodiment, the SDK module 802 is further configured to:
generating a random number through a second process;
encrypting the random number through an asymmetric encryption private key through a second process to obtain a first encryption result;
sending the first encryption result to the server through the second process;
receiving a second encryption result sent by the server through a second process;
decrypting the second encryption process through the asymmetric encryption private key through the second process to obtain a session identifier and a key to be verified;
and determining the key to be verified as the symmetric encryption key of the session when the random number is determined to be matched with the key to be verified through the second process.
In an alternative embodiment, the SDK module 802 is further configured to:
and negotiating the next symmetric encryption key with the server again through the asymmetric encryption private key when the existence duration of the symmetric encryption key reaches the preset effective duration through the second process.
Referring to fig. 9, a block diagram of a terminal according to an embodiment of the present invention is shown. The terminal includes: a processor 901, memory 902, and a network interface 903.
The network interface 903 is connected to the processor 901 through a bus or other means, and is configured to receive the target data or the second encryption result sent by the server, or send the first encryption result to the server.
The processor 901 may be a Central Processing Unit (CPU), a Network Processor (NP), or a combination of a CPU and an NP. The processor 801 may further include a hardware chip. The hardware chip may be an application-specific integrated circuit (ASIC), a Programmable Logic Device (PLD), or a combination thereof. The PLD may be a Complex Programmable Logic Device (CPLD), a field-programmable gate array (FPGA), a General Array Logic (GAL), or any combination thereof.
The memory 902 is connected to the processor 901 through a bus or other means, and at least one instruction, at least one program, code set, or instruction set is stored in the memory 902, and the at least one instruction, at least one program, code set, or instruction set is loaded and executed by the processor 901 to implement the program execution method of fig. 2, 5, 6, or 7. The memory 902 may be a volatile memory (or a volatile memory), a non-volatile memory (or a non-volatile memory), or a combination thereof. The volatile memory may be a random-access memory (RAM), such as a static random-access memory (SRAM) or a dynamic random-access memory (DRAM). The nonvolatile memory may be a Read Only Memory (ROM), such as a Programmable Read Only Memory (PROM), an Erasable Programmable Read Only Memory (EPROM), and an Electrically Erasable Programmable Read Only Memory (EEPROM). The non-volatile memory may also be a flash memory, a magnetic memory, such as a magnetic tape, a floppy disk, or a hard disk. The non-volatile memory may also be an optical disc.
Embodiments of the present application also provide a computer-readable storage medium, in which a computer-readable storage medium is stored, and at least one instruction, at least one program, a code set, or a set of instructions is loaded and executed by a processor to implement the program execution method shown in fig. 2, fig. 5, fig. 6, or fig. 7, and optionally, the computer-readable storage medium includes a high-speed access memory and a non-volatile memory.
It should be understood that reference to "a plurality" herein means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program instructing relevant hardware, where the program may be stored in a computer-readable storage medium, and the above-mentioned storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
The above description is only exemplary of the present application and should not be taken as limiting the present application, as any modification, equivalent replacement, or improvement made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (14)

1. A program running method, applied to a terminal installed with a host program, the host program being a program for secondary development based on SDK, the method comprising:
when a program starting signal is received, the host program starts a first process;
the host program starts a second process corresponding to the SDK through the first process, wherein the second process is a process independent of the first process;
when a function use signal is received, the host program calls an API (application programming interface) provided by the SDK through the first process;
the second process acquires target data from the server according to the call;
the second process provides program functionality to the first process based on the target data.
2. The method of claim 1, wherein the host program starts a second process corresponding to the SDK through the first process, and wherein the starting includes:
when the host program initializes the API of the SDK after being started, the SDK detects whether potential safety hazards exist in the running environment of the terminal through the first process;
and when the operating environment has no potential safety hazard, the SDK starts the second process through the first process.
3. The method of claim 2, wherein the SDK detects whether a security risk exists in a running environment in the terminal through the first process, and comprises:
the SDK detects whether the current account in the terminal acquires the highest operation permission or not through the first process;
and/or;
the SDK detects whether the terminal is a terminal virtualized by a simulator or not through the first process;
and/or;
and the SDK detects whether a first process corresponding to the host program is tracked or not through the first process.
4. The method of any of claims 1 to 3, wherein the second process obtaining target data from the server according to the call comprises:
the second process negotiates a symmetric encryption key of the session with the server through an asymmetric encryption private key;
and the second process acquires the target data from the server through session connection encrypted by the symmetric encryption key.
5. The method of claim 4, wherein the second process negotiates a symmetric encryption key for the session with the server through an asymmetric encryption private key, including:
the second process generates a random number;
the second process encrypts the random number through the asymmetric encryption private key to obtain a first encryption result;
the second process sends the first encryption result to the server;
the second process receives a second encryption result sent by the server;
the second process decrypts the second encryption result through the asymmetric encryption private key to obtain a session identifier and a key to be verified;
and the second process determines the key to be verified as the symmetric encryption key of the session when determining that the random number is matched with the key to be verified.
6. The method of claim 5, wherein after the second process negotiates a symmetric encryption key for the current session with the server through an asymmetric encryption private key, the method further comprises:
and the second process negotiates the next symmetric encryption key with the server again through the asymmetric encryption private key when the existence duration of the symmetric encryption key reaches the preset effective duration.
7. A program running device is applied to a terminal comprising a host program module, and is characterized in that the device comprises the host program module and an SDK module, the host program module is a program module which is developed for the second time based on the SDK module, a first process runs in the host program module, a second process runs in the SDK module, and the second process is independent of the first process;
the host program module is used for starting the first process when receiving a program starting signal; starting the second process by the first process; when a function use signal is received, calling an API (application programming interface) provided by the SDK through the first process;
the SDK module is used for acquiring target data from a server through the second process according to the call; providing a program function to the first process according to the target data.
8. The apparatus of claim 7,
the host program module is also used for initializing the API interface of the SDK module after being started;
the SDK module is further configured to detect whether a potential safety hazard exists in a running environment in the terminal through the first process when the host program module initializes the API of the SDK module; and when the operating environment has no potential safety hazard, starting the second process.
9. The apparatus of claim 8,
the SDK module is further configured to detect whether a current account in the terminal acquires a highest operation permission through the first process;
and/or;
the SDK module is further configured to detect whether the terminal is a terminal virtualized by a simulator through the first process;
and/or;
the SDK module is further configured to detect, by the first process, whether the first process corresponding to the host program is tracked.
10. The apparatus according to any one of claims 7 to 9,
the SDK module is further configured to negotiate a symmetric encryption key of the session with the server through an asymmetric encryption private key through the second process;
the SDK module is further configured to obtain the target data from the server through the session connection encrypted by the symmetric encryption key in the second process.
11. The apparatus of claim 10,
the SDK module is further configured to generate a random number through the second process; encrypting the random number through the asymmetric encryption private key through the second process to obtain a first encryption result; sending the first encryption result to the server through the second process; receiving a second encryption result sent by the server through the second process; decrypting the second encryption result through the asymmetric encryption private key through the second process to obtain a session identifier and a key to be verified; and determining the key to be verified as the symmetric encryption key of the session when the second process determines that the random number is matched with the key to be verified.
12. The apparatus of claim 11,
and the SDK module is further used for negotiating the next symmetric encryption key with the server again through the asymmetric encryption private key when the existence duration of the symmetric encryption key reaches the preset effective duration through the second process.
13. A terminal, characterized in that it comprises a processor and a memory, in which at least one instruction, at least one program, set of codes or set of instructions is stored, which is loaded and executed by the processor to implement a program execution method according to any one of claims 1 to 6.
14. A computer-readable storage medium, having stored thereon at least one instruction, which is loaded and executed by a processor to implement a program execution method according to any one of claims 1 to 6.
CN201710884605.5A 2017-09-26 2017-09-26 Program running method and device, terminal and readable medium Active CN109558739B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710884605.5A CN109558739B (en) 2017-09-26 2017-09-26 Program running method and device, terminal and readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710884605.5A CN109558739B (en) 2017-09-26 2017-09-26 Program running method and device, terminal and readable medium

Publications (2)

Publication Number Publication Date
CN109558739A CN109558739A (en) 2019-04-02
CN109558739B true CN109558739B (en) 2022-04-15

Family

ID=65863066

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710884605.5A Active CN109558739B (en) 2017-09-26 2017-09-26 Program running method and device, terminal and readable medium

Country Status (1)

Country Link
CN (1) CN109558739B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110619210A (en) * 2019-08-27 2019-12-27 苏宁云计算有限公司 Simulator detection method and system
CN113282906B (en) * 2020-02-20 2024-05-03 Oppo广东移动通信有限公司 Authority detection method, device, terminal and storage medium
CN111475423A (en) * 2020-06-29 2020-07-31 深圳市珍爱云信息技术有限公司 Data entry method and device, electronic equipment and readable storage medium
CN112948824B (en) * 2021-03-31 2022-04-26 支付宝(杭州)信息技术有限公司 Program communication method, device and equipment based on privacy protection
CN114071628B (en) * 2022-01-06 2022-04-26 深圳佑驾创新科技有限公司 Terminal communication method and device based on android system and storage medium
CN114827252A (en) * 2022-04-22 2022-07-29 深圳市六度人和科技有限公司 Third-party call general method, device, system, terminal equipment and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1609792A (en) * 2003-10-24 2005-04-27 微软公司 Programming interface for a computer program
CN102109986A (en) * 2009-12-23 2011-06-29 阿里巴巴集团控股有限公司 Method, system and device for providing connection serial numbers and connecting plugins
CN103002445A (en) * 2012-11-08 2013-03-27 张维加 Safe mobile electronic equipment for providing application services
CN103631664A (en) * 2013-12-09 2014-03-12 北京奇虎科技有限公司 Inter-process communication method and device
CN104468592A (en) * 2014-12-12 2015-03-25 北京百度网讯科技有限公司 Login method and system
CN104536776A (en) * 2014-11-28 2015-04-22 百度在线网络技术(北京)有限公司 Method and device for running plug-in application in plug-in running environment at host end
CN105159786A (en) * 2015-07-03 2015-12-16 北京奇虎科技有限公司 Method and device for inter-process communication
CN105912930A (en) * 2016-04-11 2016-08-31 北京奇虎科技有限公司 Mobile terminal and system resource safety control method thereof
CN106162538A (en) * 2015-03-19 2016-11-23 孙夫雄 Long distance control system and method for mobile terminal
CN106293821A (en) * 2016-08-03 2017-01-04 北京奇虎科技有限公司 Obtain and transmission application data, the method and device of operation application program

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7290266B2 (en) * 2001-06-14 2007-10-30 Cisco Technology, Inc. Access control by a real-time stateful reference monitor with a state collection training mode and a lockdown mode for detecting predetermined patterns of events indicative of requests for operating system resources resulting in a decision to allow or block activity identified in a sequence of events based on a rule set defining a processing policy

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1609792A (en) * 2003-10-24 2005-04-27 微软公司 Programming interface for a computer program
CN102109986A (en) * 2009-12-23 2011-06-29 阿里巴巴集团控股有限公司 Method, system and device for providing connection serial numbers and connecting plugins
CN103002445A (en) * 2012-11-08 2013-03-27 张维加 Safe mobile electronic equipment for providing application services
CN103631664A (en) * 2013-12-09 2014-03-12 北京奇虎科技有限公司 Inter-process communication method and device
CN104536776A (en) * 2014-11-28 2015-04-22 百度在线网络技术(北京)有限公司 Method and device for running plug-in application in plug-in running environment at host end
CN104468592A (en) * 2014-12-12 2015-03-25 北京百度网讯科技有限公司 Login method and system
CN106162538A (en) * 2015-03-19 2016-11-23 孙夫雄 Long distance control system and method for mobile terminal
CN105159786A (en) * 2015-07-03 2015-12-16 北京奇虎科技有限公司 Method and device for inter-process communication
CN105912930A (en) * 2016-04-11 2016-08-31 北京奇虎科技有限公司 Mobile terminal and system resource safety control method thereof
CN106293821A (en) * 2016-08-03 2017-01-04 北京奇虎科技有限公司 Obtain and transmission application data, the method and device of operation application program

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
微内核操作系统MINIX3消息机制的研究与改进;王慧敏;《中国优秀硕士学位论文全文数据库 信息科技辑》;20130715;全文 *

Also Published As

Publication number Publication date
CN109558739A (en) 2019-04-02

Similar Documents

Publication Publication Date Title
CN109558739B (en) Program running method and device, terminal and readable medium
JP6857193B2 (en) Systems and methods for decoding network traffic in virtualized environments
JP7009393B2 (en) Use hardware-based secure isolated areas to prevent piracy and fraud on electronic devices
US8850216B1 (en) Client device and media client authentication mechanism
CN108429719B (en) Key protection method and device
US8261091B2 (en) Solid-state memory-based generation and handling of security authentication tokens
JP6723263B2 (en) System and method for delegation of cloud computing processes
US9674153B2 (en) Secure data processing
US11470060B2 (en) Private exchange of encrypted data over a computer network
CN108200078B (en) Downloading and installing method of signature authentication tool and terminal equipment
US10045212B2 (en) Method and apparatus for providing provably secure user input/output
CN103905557A (en) Data storage method and device used for cloud environment and downloading method and device
EP3720042B1 (en) Method and device for determining trust state of tpm, and storage medium
Pourali et al. Hidden in plain sight: exploring encrypted channels in android apps
US11689551B2 (en) Automatic identification of applications that circumvent permissions and/or obfuscate data flows
CN113742740B (en) Equipment behavior supervision method, device and storage medium
CN111431887B (en) Reverse Shell monitoring method and device, terminal equipment and medium
CN111181831B (en) Communication data processing method and device, storage medium and electronic device
CN108154037A (en) Data transmission method and device between process
CN112631735B (en) Virtual machine authorization management method and device, electronic equipment and storage medium
CN112631735A (en) Virtual machine authorization management method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant