CN110443039A - Detection method, device and the electronic equipment of plug-in security - Google Patents
Detection method, device and the electronic equipment of plug-in security Download PDFInfo
- Publication number
- CN110443039A CN110443039A CN201910738917.4A CN201910738917A CN110443039A CN 110443039 A CN110443039 A CN 110443039A CN 201910738917 A CN201910738917 A CN 201910738917A CN 110443039 A CN110443039 A CN 110443039A
- Authority
- CN
- China
- Prior art keywords
- plug
- cryptographic hash
- unit
- behavioural information
- hash
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
This application provides a kind of detection method of plug-in security, device and electronic equipments, are related to software package technical field, can solve the foundation that not can detecte to the safety of plug-in unit, make the insoluble technical problem of the safety issue of plug-in unit.The specific scheme is that obtaining the cryptographic Hash recorded in block chain, the cryptographic Hash is that the behavioural information that plug-in unit to be detected executes is generated by hash algorithm;Using the cryptographic Hash, the corresponding behavioural information of the cryptographic Hash is verified, judges whether the corresponding behavioural information of the cryptographic Hash changes;If it is not, then detecting the safety of the plug-in unit to be detected according to the corresponding behavioural information of the cryptographic Hash.
Description
Technical field
This application involves software package technical field, more particularly, to the detection method of plug-in security a kind of, device with
And electronic equipment.
Background technique
Plug-in unit (Plug-in) is a kind of program for following the application programming interfaces centainly standardized and writing out, needs to adjust
The function library or data provided with former pure system, therefore plug-in unit can only operate under the system platform of procedure stipulation, without
Specified platform can be detached from and isolated operation.
The effect of plug-in unit is the program that some functions are realized in exploitation, these functions are former pure system platform, application software
Not available for platform.For example, in a browser, after relevant plug-in unit is installed, global wide area network (World Wide Web,
WEB) browser can call directly plug-in card program, for handling certain types of file.Therefore, plug-in unit is widely used,
Plug-in unit is fitted on many browsers, application program.
But there is also certain safety risks for the use process of plug-in unit.For example, Flash player plug-in unit, java are inserted
Part etc. is usually utilized by hacker, obtains user data, furthermore, malicious plugins can also be used as the extension of browser or application program
It puts into browser or application program.Currently, asking the safety of plug-in unit the foundation that the safety of plug-in unit not can detecte
Topic is difficult to solve.
Summary of the invention
The detection method for being designed to provide a kind of plug-in security, device and the electronic equipment of the application, to solve
To the foundation that the safety of plug-in unit not can detecte, make the insoluble technical problem of the safety issue of plug-in unit.
A kind of detection method of plug-in security provided by the invention, comprising:
The cryptographic Hash recorded in block chain is obtained, the cryptographic Hash is that the behavioural information that plug-in unit to be detected executes passes through Hash
Algorithm is generated;
Using the cryptographic Hash, the corresponding behavioural information of the cryptographic Hash is verified, judges that the cryptographic Hash is corresponding
Behavioural information whether change;
If it is not, then detecting the safety of the plug-in unit to be detected according to the corresponding behavioural information of the cryptographic Hash.
Further, the behavioural information includes following any one or more:
The execution time of movement executes content, operation user, operation content, operation application programming interfaces API, the behaviour
Make the digital signature of user.
Further, the encryption key of the digital signature is the private key of the operation user.
Further, the record form of the behavioural information is the form of record sheet.
Further, further includes:
User is operated to plug-in unit operating parameter, plug-in unit operative relationship, the plug-in unit in the behavioural information by verifying system
At least one of digital signature is verified, and plug-in unit check results are obtained.
Further, the movement that the plug-in unit to be detected executes includes following any one or more:
Login movement, hunting action, update action, query actions, downloading movement.
Further, further includes:
It is identified the cryptographic Hash as the index of the behavioural information, to pass through cryptographic Hash inquiry and the Hash
It is worth corresponding behavioural information.
A kind of detection device of plug-in security provided by the invention, comprising:
Module is obtained, for obtaining the cryptographic Hash recorded in block chain, the cryptographic Hash is the row that plug-in unit to be detected executes
It is generated by information by hash algorithm;
Authentication module verifies the corresponding behavioural information of the cryptographic Hash for utilizing the cryptographic Hash;
Judgment module, for judging whether the corresponding behavioural information of the cryptographic Hash changes;
Detection module is used for when no change has taken place for the corresponding behavioural information of the cryptographic Hash, according to the cryptographic Hash
Corresponding behavioural information detects the safety of the plug-in unit to be detected.
A kind of electronic equipment provided by the invention, including memory, processor, being stored in the memory can be described
The step of computer program run on processor, the processor realizes above-mentioned method when executing the computer program.
A kind of computer-readable medium of non-volatile program code that can be performed with processor provided by the invention, institute
Stating program code makes the processor execute above-mentioned method.
In the present solution, since the cryptographic Hash got is recorded in block chain, not by the data of block chain network
Can tamper, change the cryptographic Hash on block chain can not arbitrarily, furthermore, the cryptographic Hash of acquisition is the row that plug-in unit to be detected executes
It is generated by hash algorithm for information, and cryptographic Hash and behavioural information be it is one-to-one, if behavioural information is modified,
Cryptographic Hash can also change, which just can represent the behavioural information not being tampered really, therefore just can utilize Hash
Value verifies the corresponding behavioural information of cryptographic Hash, thus judge whether the corresponding behavioural information of cryptographic Hash changes, if
No change has taken place then according to the corresponding behavioural information of cryptographic Hash, detects the safety of plug-in unit to be detected, this just ensure that conduct
The plug-in unit behavioural information of the detection foundation of safety is accurate true and without arbitrarily being distorted, and guarantees the true row of plug-in unit
For tractability solve the safety of plug-in unit in order to which the safety detection for plug-in unit provides true and reliable detection foundation
Problem.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the application specific embodiment or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the application, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 shows the flow chart of the detection method of plug-in security provided by the embodiment of the present application;
Fig. 2 shows the schematic diagrames of the detection method of plug-in security provided by the embodiment of the present application;
Fig. 3 shows another schematic diagram of the detection method of plug-in security provided by the embodiment of the present application;
Fig. 4 shows the structural schematic diagram of a kind of electronic equipment provided by the embodiment of the present application.
Specific embodiment
Technical solution of the present invention is clearly and completely described below in conjunction with embodiment, it is clear that described reality
Applying example is a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, the common skill in this field
Art personnel every other embodiment obtained without making creative work belongs to the model that the present invention protects
It encloses.
The feature and exemplary embodiment of various aspects of the invention is described more fully below.In following detailed description
In, many details are proposed, in order to provide complete understanding of the present invention.But to those skilled in the art
It will be apparent that the present invention can be implemented in the case where not needing some details in these details.Below to implementation
The description of example is used for the purpose of providing by showing example of the invention and better understanding of the invention.The present invention never limits
In any concrete configuration set forth below and algorithm, but cover under the premise of without departing from the spirit of the present invention element,
Any modification, replacement and the improvement of component and algorithm.In the the accompanying drawings and the following description, well known structure and skill is not shown
Art is unnecessary fuzzy to avoid causing the present invention.
It should be noted that in the absence of conflict, the features in the embodiments and the embodiments of the present application can phase
Mutually combination.The application is described in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
In addition, the term " includes " being previously mentioned in description of the invention and " having " and their any deformation, it is intended that
It is to cover and non-exclusive includes.Such as the process, method, system, product or equipment for containing a series of steps or units do not have
It is defined in listed step or unit, but optionally further comprising the step of other are not listed or unit, or optionally
It further include the other step or units intrinsic for these process, methods, product or equipment.
Currently, current major cell phone software (Application, APP) or browser both provide card i/f.For example,
Wechat small routine is embedded in wechat APP as a plug-in unit.Major browser also provides various card i/fs for user.It inserts
The safety of part unanimously receives significant attention.Such as 2 D animation software (such as Flash) player plug-in unit, computer programming language
(java) plug-in unit etc. is usually utilized by hacker, obtains user data.Flash plug-in unit, which has used, to be stored on user local terminal
Data (cookie) save user information, but are the absence of corresponding safety measure.In addition Malware can be used as browser or APP
Extension put browser or APP into.These security risks are always the hot issue of security fields.
Based on this, a kind of detection method of plug-in security, device and electronic equipment provided by the embodiments of the present application can
To solve the foundation that the safety existing in the prior art to plug-in unit not can detecte, it is difficult to the safety issue of plug-in unit
The technical issues of solution.
For the inspection convenient for understanding the present embodiment, first to a kind of plug-in security disclosed in the embodiment of the present application
It surveys method, apparatus and electronic equipment describes in detail.
A kind of detection method of plug-in security provided by the embodiments of the present application, as shown in Figure 1, comprising:
S11: obtaining the cryptographic Hash recorded in block chain, and cryptographic Hash is that the behavioural information that plug-in unit to be detected executes passes through Hash
Algorithm is generated.
It should be noted that block chain network is linked together account book block using password encryption signature technology, formed
Block chain network.Since block chain is based on distribution, the block based on block chain network is total by all distributed nodes
With confirmation, therefore any malicious user is wanted to distort block it is necessary to confirm or have by the agreement of all distribution nodes
More stronger than distributed node calculation power distorts block, both usual possibilities are all very low.Therefore the information tool on block chain
There is unalterable feature.
Specifically, the distribution that the list that block chain network is some column records is chained up by digital encryption signature technology
Formula account book.Each block has one previous piece of digital Hash, timestamp and transaction data.Due to the principle of its design, area
Data on block chain can hardly distort.In order to manage the data on block chain, block chain network is usually using distributed network
Node collective safeguards a block chain account book jointly.Each one account book copy of block chain network nodes records, and pass through association
View is mutually synchronized data and confirmation data.Block chain data are difficult to be tampered, because once a data are tampered, subsequent number
According to all to distort, this needs agreeing unanimously for the most of nodes of network that could complete.Therefore block chain network is considered as
It is safer and have Byzantine failure tolerance in design.
It should be noted that Hash (Hash) also commonly referred to as hashes, hash, it is that the input of random length (is called and is done
Preliminary mapping pre-image) output of regular length is transformed by hashing algorithm, which is exactly hashed value.This conversion is
A kind of compression mapping, it is, the space of hashed value is generally much less than the space inputted, different inputs may hash to phase
Same output, it is impossible to unique input value is determined from hashed value.It is briefly exactly a kind of disappearing random length
Breath is compressed to the function of the eap-message digest of a certain regular length.
Wherein, hash algorithm is also referred to as secure hash algorithm Secure Hash Algorithm, SHA), one can be calculated
It is arrived corresponding to a digital massage, the algorithm of the fixed character string (also known as eap-message digest) of length.And if the message of input is different,
The probability that they correspond to kinds of characters string is very high.One data can be converted to a mark by hash algorithm, this mark
There is very close relationship with each byte of source data.Hash algorithm also has the characteristics that one, is exactly difficult to find inverse
To rule.Hash algorithm is the algorithm of a broad sense, it is also assumed that being a kind of thought, storage can be improved using hash algorithm
The search efficiency of data can be improved in the utilization rate in space, can also do digital signature to ensure the safety of data transmitting.Institute
It is widely used in Internet application with hash algorithm.Hash algorithm is also referred to as hashing algorithm, although hash algorithm by
Referred to as algorithm, but actually it is more like a kind of thought.The formula of none fixation of hash algorithm, as long as meeting hash thought
Algorithm can be said to be hash algorithm.
It is that one kind follows for plug-in unit (Plug-in, also known as addin, add-in, addon or add-on, and translate plug-in)
The program that the application programming interfaces centainly standardized are write out.It (may be same under its system platform that can only operate in procedure stipulation
When support multiple platforms), and specified platform cannot be detached from and isolated operation.Because plug-in unit needs that former pure system is called to provide
Function library or data.Many softwares have plug-in unit, and plug-in unit has countless.Such as in IE, after relevant plug-in unit is installed,
Web browser can call directly plug-in card program, for handling certain types of file.The positioning of plug-in unit is that exploitation realizes former pure
The program for the function that net system platform, application software platform do not have, can only operate in (can under the system platform of procedure stipulation
Multiple platforms can be supported simultaneously), and specified platform cannot be detached from and isolated operation.Because plug-in unit needs to call former pure system
The function library or data of offer.
S12: cryptographic Hash is utilized, the corresponding behavioural information of cryptographic Hash is verified.
It is the cryptographic Hash of this information since a behavioural information is corresponding, it is corresponding if an information is modified
Cryptographic Hash can also change.Meanwhile the cryptographic Hash on block chain can not be changed, and be arbitrarily to increase this guarantees behavioural information
It revises, increased information needs user's signature, and the information of deletion has record on block chain, and the information of change can not be in block
Cryptographic Hash is found on chain.
S13: judge whether the corresponding behavioural information of cryptographic Hash changes.If it is not, then carrying out step S14.
If no change has taken place for the corresponding behavioural information of cryptographic Hash, step S14 is carried out.
S14: according to the corresponding behavioural information of cryptographic Hash, the safety of plug-in unit to be detected is detected.
In the present embodiment, since the cryptographic Hash got is recorded in block chain, pass through the data of block chain network
Can not tamper, change the cryptographic Hash on block chain can not arbitrarily, furthermore, the cryptographic Hash of acquisition is that plug-in unit to be detected executes
Behavioural information is generated by hash algorithm, and cryptographic Hash and behavioural information are correspondingly, if behavioural information is by more
Change, cryptographic Hash can also change, which just can represent the behavioural information not being tampered really, therefore just can utilize Kazakhstan
Uncommon value verifies the corresponding behavioural information of cryptographic Hash, thus judge whether the corresponding behavioural information of cryptographic Hash changes,
According to the corresponding behavioural information of cryptographic Hash if no change has taken place, the safety of plug-in unit to be detected is detected.
Thus it is guaranteed that the plug-in unit behavioural information of the detection foundation as safety is accurate true and is not appointed
What meaning was distorted, guarantee the tractability of plug-in unit real behavior, in order to which the safety detection for plug-in unit provides true and reliable inspection
Foundation is surveyed, the safety issue of plug-in unit is solved.
The detection method of plug-in security provided by the embodiments of the present application can be used as a kind of plug-in unit row based on block chain
For method for tracing, based on block chain network can not tamper the safety of plug-in unit can be improved.Plug-in unit once binds block chain
Network, the APP or browser of intervention are being that will guarantee plug-in unit row by behavior record on block chain using card i/f
To trace to the source.Therefore, the safety issue of plug-in unit is solved using the data immutableness of block chain network based on block platform chain,
Improve the safety of user data.
In order to more effectively record behavioural information, as shown in Fig. 2, the record form of behavioural information is the form of record sheet.
In practical applications, after each App installs plug-in unit, the backstage App can be to the operation sheet for disposing corresponding plug-in unit, this
The plug-in unit operational history that all users are had recorded in table, the user including plug-in unit operation, time of origin, concrete operations, behaviour
Make relevant information, the signature of user, these information can be included in operation table together.
Therefore, the behavioural information that plug-in unit to be detected executes is recorded by way of record sheet, it can be definitely to be checked
The various aspects information for surveying plug-in unit process performing such as is also convenient for the inquiry to behavioural information, management and uses at the processes.
Illustratively, behavioural information includes following any one or more: the execution time of movement executes content, operation
User, operation content, operation application programming interfaces API, the digital signature for operating user.
Therefore, the behavioural information that plug-in unit to be detected executes can be recorded more in all directions, make each side in behavioural information
Face content can be recorded, in order to which the foundation of subsequent safety detection process is more comprehensive.
Wherein, the encryption key of digital signature is the private key for operating user.It should be noted that being used for ciphering signature
Family uses private key signature, carries out sign test using corresponding public key;User is encrypted using public key, is carried out using corresponding private key
Decryption.
For example, as shown in Fig. 2, user A has the public key and private key of oneself in App, when user A is mounted with plug-in unit, plug-in unit
All operation informations backstage can all be recorded, this operation can be recorded.Certainly, user's relevant parameter of operation can not on
It passes, to protect privacy of user.
Therefore, any content of user's operation can prove that the operation content is grasped by the user by the private key of user
Make, so as to guarantee that the user's operation content of the backstage App record is operated by the user really.
Illustratively, the movement that plug-in unit to be detected executes includes following any one or more: login movement, search are dynamic
Work, update action, query actions, downloading movement.Therefore, many-sided movement that plug-in unit executes is able to record, with more comprehensive
Any movement that plug-in unit to be detected executes is recorded, to provide more comprehensive foundation for subsequent safety monitoring.
In order to carry out more comprehensive detection to plug-in unit operation, this method can be the following steps are included: pass through verifying system
Unite in behavioural information plug-in unit operating parameter, plug-in unit operative relationship, plug-in unit operation number signature at least one of into
Row verification, obtains plug-in unit check results.
For example, in functional check part, when safety problem has occurred in user App or when there is security risk in App, after
Platform can operate suspicious plug-in unit or recent all plug-in unit operation histories are sent to check system and verify.The content of verification
Include the verification of plug-in unit operating parameter and the verification of plug-in unit operative relationship, while verifying the user's signature of plug-in unit operation.
Therefore, verifying system can also further verify behavioural information, to verify out more plug-in securities
Hidden danger.
In order to more easily inquire behavioural information corresponding with cryptographic Hash, plug-in security provided in this embodiment
Detection method can with the following steps are included:
It identifies cryptographic Hash as the index of behavioural information, is believed with inquiring behavior corresponding with cryptographic Hash by cryptographic Hash
Breath.
In practical applications, plug-in unit backstage can generate an index using hash function automatically according to behavioural information and identify
To mark current record.As shown in Fig. 2, the plug-in unit for block chain operates index, the account book information of block chain network can be remembered
The index of plug-in unit behavior is recorded, index has been directed toward the details of plug-in unit behavior, and plug-in unit index is open to be changed.The network user is logical
The block chain address of plug-in unit behavior is crossed to retrieve the details of plug-in unit behavior.Therefore the block chain address of plug-in unit behavior is exactly to insert
The block chain index of part behavior, so as to be believed using the more convenient behavior corresponding with cryptographic Hash that inquires of the index
Breath.
In addition, block chain node interface can be disposed in block chain interface, Interworking Data assets platform, once a plug-in unit
Operation history records successfully in table, and the table index of this operation can be registered into block chain, can not be more with ensure to index
Change.
It is illustrated by taking the register of user A and search operation as an example below.
As shown in figure 3, user A is when using App, the front end App can generate the public private key pair of user, and public key publication is in block
Chain, private key user oneself save.After some plug-in unit of user installation this App, the application program of all operations of plug-in unit
Programming interface (Api) can all be recorded in the backstage App.
When user A carries out login behavior using plug-in unit, plug-in unit has invoked login interface API, and login interface API can will work as
The information of preceding operation and the signature of user A are sent to the backstage App together.The user A that the backstage App operates this, operation information,
Operating time, all record enters plug-in unit operation sheet to the signature of operation interface API, A, and is generated and indexed with this information
Hash1.Finally Hash1 is recorded in the distributed account book of block chain network.
Similarly, when user A scans for behavior using plug-in unit, plug-in unit calls searching interface API, this API that can will work as
The information of preceding operation and the signature of user A are sent to the backstage App.The backstage App records this and operates and generate Hash2, and by Hash2
Record enters block chain network.
When plug-in unit safety problem occurs or carries out safety detection, the relevant operation log history of plug-in unit is sent out on plug-in unit backstage
Send plug-in unit functional check system.Check system verifies operating parameter and operative relationship.
A kind of detection device of plug-in security provided by the embodiments of the present application, comprising:
Module is obtained, for obtaining the cryptographic Hash recorded in block chain, cryptographic Hash is the behavior letter that plug-in unit to be detected executes
Breath is generated by hash algorithm;
Authentication module verifies the corresponding behavioural information of cryptographic Hash for utilizing cryptographic Hash;
Judgment module, for judging whether the corresponding behavioural information of cryptographic Hash changes;
Detection module is used for when no change has taken place for the corresponding behavioural information of cryptographic Hash, according to the corresponding row of cryptographic Hash
For information, the safety of plug-in unit to be detected is detected.
The detection device of plug-in security provided by the embodiments of the present application, with plug-in security provided by the above embodiment
Detection method technical characteristic having the same reaches identical technical effect so also can solve identical technical problem.
A kind of electronic equipment provided by the embodiments of the present application, as shown in figure 4, electronic equipment 4 includes memory 41, processor
42, the computer program that can be run on the processor is stored in the memory, the processor executes the calculating
The step of realizing method provided by the above embodiment when machine program.
Referring to fig. 4, electronic equipment further include: bus 43 and communication interface 44, processor 42, communication interface 44 and memory
41 are connected by bus 43;Processor 42 is for executing the executable module stored in memory 41, such as computer program.
Wherein, memory 41 may include high-speed random access memory (RAM, Random Access Memory),
It may further include nonvolatile memory (non-volatile memory), for example, at least a magnetic disk storage.By at least
One communication interface 44 (can be wired or wireless) realizes the communication between the system network element and at least one other network element
Connection, can be used internet, wide area network, local network, Metropolitan Area Network (MAN) etc..
Bus 43 can be isa bus, pci bus or eisa bus etc..The bus can be divided into address bus, data
Bus, control bus etc..Only to be indicated with a four-headed arrow convenient for indicating, in Fig. 4, it is not intended that an only bus or
A type of bus.
Wherein, memory 41 is for storing program, and the processor 42 executes the journey after receiving and executing instruction
Sequence, method performed by the device that the process that aforementioned the application any embodiment discloses defines can be applied in processor 42,
Or it is realized by processor 42.
Processor 42 may be a kind of IC chip, the processing capacity with signal.During realization, above-mentioned side
Each step of method can be completed by the integrated logic circuit of the hardware in processor 42 or the instruction of software form.Above-mentioned
Processor 42 can be general processor, including central processing unit (Central Processing Unit, abbreviation CPU), network
Processor (Network Processor, abbreviation NP) etc.;It can also be digital signal processor (Digital Signal
Processing, abbreviation DSP), specific integrated circuit (Application Specific Integrated Circuit, referred to as
ASIC), ready-made programmable gate array (Field-Programmable Gate Array, abbreviation FPGA) or other are programmable
Logical device, discrete gate or transistor logic, discrete hardware components.It may be implemented or execute in the embodiment of the present application
Disclosed each method, step and logic diagram.General processor can be microprocessor or the processor is also possible to appoint
What conventional processor etc..The step of method in conjunction with disclosed in the embodiment of the present application, can be embodied directly in hardware decoding processing
Device executes completion, or in decoding processor hardware and software module combination execute completion.Software module can be located at
Machine memory, flash memory, read-only memory, programmable read only memory or electrically erasable programmable memory, register etc. are originally
In the storage medium of field maturation.The storage medium is located at memory 41, and processor 42 reads the information in memory 41, in conjunction with
Its hardware completes the step of above method.
It is provided by the embodiments of the present application it is a kind of with processor can be performed non-volatile program code it is computer-readable
Medium, said program code make the processor execute method provided by the above embodiment.
The computer-readable medium of the non-volatile program code provided by the embodiments of the present application that can be performed with processor,
With detection method, device and the electronic equipment technical characteristic having the same of plug-in security provided by the above embodiment, institute
Also can solve identical technical problem, reach identical technical effect.
Finally, it should be noted that the above embodiments are only used to illustrate the technical solution of the present invention., rather than its limitations;To the greatest extent
Pipe present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: its according to
So be possible to modify the technical solutions described in the foregoing embodiments, or to some or all of the technical features into
Row equivalent replacement;And these are modified or replaceed, various embodiments of the present invention technology that it does not separate the essence of the corresponding technical solution
The range of scheme.
Claims (10)
1. a kind of detection method of plug-in security characterized by comprising
The cryptographic Hash recorded in block chain is obtained, the cryptographic Hash is that the behavioural information that plug-in unit to be detected executes passes through hash algorithm
It is generated;
Using the cryptographic Hash, the corresponding behavioural information of the cryptographic Hash is verified, judges the corresponding row of the cryptographic Hash
Whether change for information;
If it is not, then detecting the safety of the plug-in unit to be detected according to the corresponding behavioural information of the cryptographic Hash.
2. the method according to claim 1, wherein the behavioural information includes following any one or more:
The execution time of movement executes content, operation user, operation content, operation application programming interfaces API, operation use
The digital signature at family.
3. according to the method described in claim 2, it is characterized in that, the encryption key of the digital signature is the operation user
Private key.
4. method according to claim 1 or 2, which is characterized in that the record form of the behavioural information is record sheet
Form.
5. the method according to claim 1, wherein further include:
Number is operated to plug-in unit operating parameter, plug-in unit operative relationship, the plug-in unit in the behavioural information by verifying system
At least one of signature is verified, and plug-in unit check results are obtained.
6. the method according to claim 1, wherein the movement that the plug-in unit to be detected executes includes following any
It is one or more:
Login movement, hunting action, update action, query actions, downloading movement.
7. the method according to claim 1, wherein further include:
It is identified the cryptographic Hash as the index of the behavioural information, to pass through cryptographic Hash inquiry and the cryptographic Hash pair
The behavioural information answered.
8. a kind of detection device of plug-in security characterized by comprising
Module is obtained, for obtaining the cryptographic Hash recorded in block chain, the cryptographic Hash is the behavior letter that plug-in unit to be detected executes
Breath is generated by hash algorithm;
Authentication module verifies the corresponding behavioural information of the cryptographic Hash for utilizing the cryptographic Hash;
Judgment module, for judging whether the corresponding behavioural information of the cryptographic Hash changes;
Detection module, for being corresponded to according to the cryptographic Hash when no change has taken place for the corresponding behavioural information of the cryptographic Hash
Behavioural information, detect the safety of the plug-in unit to be detected.
9. a kind of electronic equipment, including memory, processor, be stored in the memory to run on the processor
Computer program, which is characterized in that the processor realizes that the claims 1 to 7 are any when executing the computer program
The step of method described in item.
10. a kind of computer-readable medium for the non-volatile program code that can be performed with processor, which is characterized in that described
Program code makes the processor execute described any the method for claim 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910738917.4A CN110443039A (en) | 2019-08-09 | 2019-08-09 | Detection method, device and the electronic equipment of plug-in security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910738917.4A CN110443039A (en) | 2019-08-09 | 2019-08-09 | Detection method, device and the electronic equipment of plug-in security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110443039A true CN110443039A (en) | 2019-11-12 |
Family
ID=68434606
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910738917.4A Pending CN110443039A (en) | 2019-08-09 | 2019-08-09 | Detection method, device and the electronic equipment of plug-in security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110443039A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111259298A (en) * | 2020-01-16 | 2020-06-09 | 深圳市华海同创科技有限公司 | Topic generation method based on block chain, node server and storage medium |
| CN112115517A (en) * | 2020-09-24 | 2020-12-22 | 北京人大金仓信息技术股份有限公司 | Database plug-in inspection method, device, equipment and medium |
| CN113656762A (en) * | 2021-08-12 | 2021-11-16 | 支付宝(杭州)信息技术有限公司 | Method and device for managing third-party software |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105119888A (en) * | 2015-07-10 | 2015-12-02 | 小米科技有限责任公司 | Plug-in installation package uploading method, plug-in installation package installing method and plug-in installation package uploading device |
| CN106230831A (en) * | 2016-05-31 | 2016-12-14 | 众安在线财产保险股份有限公司 | A kind of method and system identifying browser uniqueness and feature of risk |
| CN107967424A (en) * | 2017-11-02 | 2018-04-27 | 北京奇虎科技有限公司 | A kind of verification method of plug-in unit, device, terminal device and storage medium |
| CN109344568A (en) * | 2018-09-25 | 2019-02-15 | 众安信息技术服务有限公司 | Document handling method and device based on block chain |
| CN109558724A (en) * | 2018-11-28 | 2019-04-02 | 西安电子科技大学 | A kind of software action integrity verification method |
| US10250381B1 (en) * | 2018-02-22 | 2019-04-02 | Capital One Services, Llc | Content validation using blockchain |
| CN109635558A (en) * | 2018-11-28 | 2019-04-16 | 天津字节跳动科技有限公司 | Access control method, device and system |
-
2019
- 2019-08-09 CN CN201910738917.4A patent/CN110443039A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105119888A (en) * | 2015-07-10 | 2015-12-02 | 小米科技有限责任公司 | Plug-in installation package uploading method, plug-in installation package installing method and plug-in installation package uploading device |
| CN106230831A (en) * | 2016-05-31 | 2016-12-14 | 众安在线财产保险股份有限公司 | A kind of method and system identifying browser uniqueness and feature of risk |
| CN107967424A (en) * | 2017-11-02 | 2018-04-27 | 北京奇虎科技有限公司 | A kind of verification method of plug-in unit, device, terminal device and storage medium |
| US10250381B1 (en) * | 2018-02-22 | 2019-04-02 | Capital One Services, Llc | Content validation using blockchain |
| CN109344568A (en) * | 2018-09-25 | 2019-02-15 | 众安信息技术服务有限公司 | Document handling method and device based on block chain |
| CN109558724A (en) * | 2018-11-28 | 2019-04-02 | 西安电子科技大学 | A kind of software action integrity verification method |
| CN109635558A (en) * | 2018-11-28 | 2019-04-16 | 天津字节跳动科技有限公司 | Access control method, device and system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111259298A (en) * | 2020-01-16 | 2020-06-09 | 深圳市华海同创科技有限公司 | Topic generation method based on block chain, node server and storage medium |
| CN112115517A (en) * | 2020-09-24 | 2020-12-22 | 北京人大金仓信息技术股份有限公司 | Database plug-in inspection method, device, equipment and medium |
| CN113656762A (en) * | 2021-08-12 | 2021-11-16 | 支付宝(杭州)信息技术有限公司 | Method and device for managing third-party software |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN103607385A (en) | Method and apparatus for security detection based on browser | |
| WO2015101561A1 (en) | Method and system for providing transparent trusted computing | |
| CN110443039A (en) | Detection method, device and the electronic equipment of plug-in security | |
| CN108769070A (en) | One kind is gone beyond one's commission leak detection method and device | |
| CN110138731B (en) | Network anti-attack method based on big data | |
| CN111756724A (en) | Detection method, device and equipment for phishing website and computer readable storage medium | |
| CN110708335A (en) | Access authentication method and device and terminal equipment | |
| EP1430680B1 (en) | Server with file verification | |
| CN111597543A (en) | Wide-area process access authority authentication method and system based on block chain intelligent contract | |
| CN112328486A (en) | Interface automation test method and device, computer equipment and storage medium | |
| CN107231364A (en) | A kind of website vulnerability detection method and device, computer installation and storage medium | |
| CN107103243A (en) | The detection method and device of leak | |
| CN113709181A (en) | Website login method, device, equipment and storage medium based on browser plug-in | |
| CN110602051B (en) | Information processing method based on consensus protocol and related device | |
| CN112817935A (en) | Data processing method, device and equipment based on field type and storage medium | |
| US11232190B2 (en) | Device attestation techniques | |
| CN111224826B (en) | Configuration updating method, device, system and medium based on distributed system | |
| CN111800390A (en) | Abnormal access detection method, device, gateway equipment and storage medium | |
| CN111817859A (en) | Data sharing method, device, equipment and storage medium based on zero knowledge proof | |
| CN115170355A (en) | Evidence obtaining data credibility verification method and device, computer equipment and storage medium | |
| CN114968822A (en) | Interface testing method and device, computer equipment and storage medium | |
| CN112416875A (en) | Log management method and device, computer equipment and storage medium | |
| CN112015494A (en) | Third-party API tool calling method, system and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191112 |