CN110443050A - A kind of processing method and system of forgery process in file transparent encrypting and deciphering system - Google Patents

A kind of processing method and system of forgery process in file transparent encrypting and deciphering system Download PDF

Info

Publication number
CN110443050A
CN110443050A CN201910681391.0A CN201910681391A CN110443050A CN 110443050 A CN110443050 A CN 110443050A CN 201910681391 A CN201910681391 A CN 201910681391A CN 110443050 A CN110443050 A CN 110443050A
Authority
CN
China
Prior art keywords
client
server
module
attribute information
credit database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910681391.0A
Other languages
Chinese (zh)
Other versions
CN110443050B (en
Inventor
陈永府
方兴
郭振冬
刘俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
TIANYU SOFTWARE CO Ltd
Original Assignee
TIANYU SOFTWARE CO Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by TIANYU SOFTWARE CO Ltd filed Critical TIANYU SOFTWARE CO Ltd
Priority to CN201910681391.0A priority Critical patent/CN110443050B/en
Publication of CN110443050A publication Critical patent/CN110443050A/en
Application granted granted Critical
Publication of CN110443050B publication Critical patent/CN110443050B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The invention discloses a kind of processing methods of the forgery process in file transparent encrypting and deciphering system, comprising: client obtains the process of starting, and obtains the process title of the process;Client is inquired in its credit database with the presence or absence of the process title obtained, and if so, client extracts the finger print information of process, and inquiry whether there is the finger print information in its credit database, server-side is sent by the attribute information and finger print information of its attribute information and process if there is no then client, and the operation of the process is blocked, server-side judges whether that the finger print information for the process that client is sent can be inquired in its credit database.It is poor that the present invention is able to solve ease for use present in the widely used identification method based on process fingerprint of the transparent encrypting and deciphering system of existing file, and maintenance workload is big, it is passive to solve the problems, such as, can not detect threat, can not divulge a secret the technical issues of collecting evidence.

Description

A kind of processing method and system of forgery process in file transparent encrypting and deciphering system
Technical field
The invention belongs to field of information security technology, more particularly, to the puppet in a kind of file transparent encrypting and deciphering system Make the processing method and system of process.
Background technique
Extensive commercialization has been obtained in file transparent encrypting and deciphering system at present, realizes when electronic document is opened, Memory is arrived in automatic decryption, correctly identifies for application program;When file saves, it is encrypted into disk automatically, prevents electronic document from letting out It is close;Even if electronic document is copied away, but it is still in encrypted state, to solve enterprise to Commercial Secret Protection Demand;In addition, file transparent encrypting and deciphering system does not change original file operation process, unaware for users.
A key technology in file transparent encrypting and deciphering system is how precisely to identify process, prevents from forging Process;At present in the transparent encrypting and deciphering system that generally uses on the market, to the identification of process be normally based on process fingerprint (i.e. into The MD5 value of journey) identification method, have the ability of stronger pre- anti-counterfeiting process.
However, the identification method based on process fingerprint still has and some can not neglect in the transparent encrypting and deciphering system of existing file Slightly the technical issues of:
1, ease for use is poor: if some credit software (such as WORD of Microsoft) has updated a small patch, causing File content (such as winword.exe) changes, this, which will lead to the corresponding process of credit software, can not be identified as awarding Letter process, or even forgery process can be mistaken for, at this time transparent encrypting and deciphering system can not in time, the progress of active intervene automatically, To affect the user experience of the transparent encrypting and deciphering system.
2, maintenance workload is big: when new version occurs in credit software, then needing to resurvey process fingerprint, then to institute Some clients are updated, not only heavy workload, but also almost without operability.
3, it is passive to solve the problems, such as: file transparent encrypting and deciphering system can not predict the version updating of credit software automatically, every time All it is client active proposition problem, then passively solves the problems, such as again, seriously affect user experience.
4, can not detect threat: after having used file transparent encrypting and deciphering system, enterprise can think that always its own is in Among the protection of file encryption-decryption system, it can not but know that how many daily illegal user is attempting to crack, therefore to similar Potential threat can not be predicted.
5, can not divulge a secret evidence obtaining: after electronic document is divulged a secret, file transparent encrypting and deciphering system can not find strong evidence, Has no fright power to the user of the process of forgery.
Summary of the invention
Aiming at the above defects or improvement requirements of the prior art, the present invention provides in a kind of file transparent encrypting and deciphering system Forgery process processing method and system, it is intended that solve the widely used base of the transparent encrypting and deciphering system of existing file The ease for use present in the identification method of process fingerprint is poor, maintenance workload is big, it is passive to solve the problems, such as, can not detect threat, Can not divulge a secret the technical issues of collecting evidence.
To achieve the above object, according to one aspect of the present invention, it provides in a kind of file transparent encrypting and deciphering system The processing method of forgery process, comprising the following steps:
(1) client obtains the process of starting, and obtains the process title of the process;
(2) client is inquired in its credit database with the presence or absence of the process title obtained in step (1), if do not deposited The process is then directly being run, process terminates, and otherwise enters step (3);
(3) client extracts the finger print information of process, and inquiry whether there is the finger print information in its credit database, And if so, directly running the process, process terminates, and otherwise enters step (4);
(4) attribute information and finger print information of its attribute information and process are sent server-side by client, and blocks The operation of the process;
(5) server-side judges whether that the finger print information for the process that client is sent can be inquired in its credit database, If it is, entering step (6), (8) are otherwise entered step;
(6) whether the number for the attribute information that server-side judgement receives the process is greater than a preset threshold N, if it is Step (7) are transferred to, (8) are otherwise entered step;
(7) process is added in its credit database server-side, and the attribute information of the process is handed down to and is connected with it The all clients connect, process terminate;
(8) attribute information of the attribute information of client and process is stored in its credit database by server, will State of the client in credit database is set as non-credit state;
(9) server-side judges whether the process is forgery process according to the attribute information of the process, if yes then enter step Suddenly (10) otherwise enter step (11);
(10) server-side sets blacklist for the corresponding field of the process in its credit database, is puppet by the process The information for making process is sent to all clients connected to it in a broadcast manner, and process terminates;
(11) server-side in credit database by the corresponding field of the process be set as white list (also need when necessary from It is dynamic to insert the time for pulling in white list, i.e. credit time), and the attribute information of the process is handed down to all visitors connected to it Family end.
Preferably, step (1) specifically, use first global injection technique based on SetWindowsHookEx or The process of starting, the application program then provided by Windows system are provided in real time based on the call back function of kernel-driven Interface function (such as GetModuleFileName api function) obtains the process title of the process.
Preferably, the attribute information of client includes client id, client ip address, client mac address, client Hardware number, client operating system version, the computer name in client operating system, the user in client operating system Name etc..
Preferably, the attribute information of process includes but is not limited to place path and the process respective file of process Filename, file size, digital signature information, file explanation, FileVersion, name of product, product version, copyright information, original Beginning filename etc..
Preferably, while process addition is stored in the credit database of server-side, which is added credit database Time is also synchronized to be changed to the current time of server-side.
Preferably, judge that the process whether be forgery process is by sentencing according to the attribute information of the process in step (9) Whether whether content under specified directory, in the attribute information that judges the process is enough in path where the process of breaking, sentences It whether only include the initial information of software development phase or the attribute letter for judging the process in the attribute information for the process of breaking It differs between the corresponding file size of process file size corresponding with the process of credit in breath and to realize whether greatly.
Preferably, the method further includes after step (11), client according to the credit database of server-side more The newly credit database of its own.
It is another aspect of this invention to provide that providing a kind of processing system of the forgery process in file transparent encrypting and deciphering system System, comprising:
First module, is set in client, for obtaining the process of starting, and obtains the process title of the process;
Second module, is set in client, obtains for inquiring in its credit database with the presence or absence of the first module The process title taken, if there is no the process is then directly run, process terminates, and otherwise enters third module;
Third module, is set in client, looks into for extracting the finger print information of process, and in its credit database It askes and whether there is the finger print information, and if so, directly running the process, process terminates, and otherwise enters the 4th module;
4th module, is set in client, for believing the attribute information of its attribute information and process and fingerprint Breath is sent to server-side, and blocks the operation of the process;
5th module, is set in server-side, can inquire client in its credit database for judging whether The finger print information for the process sent, if it is, otherwise entering the 8th module into the 6th module;
6th module, is set in server-side, judges whether the number for the attribute information for receiving the process is greater than one Preset threshold N is if it is transferred to the 7th module, otherwise enters the 8th module;
7th module, is set in server-side, for the process to be added in its credit database, and by the process Attribute information is handed down to all clients connected to it, and process terminates;
8th module, is set in server, for all depositing the attribute information of the attribute information of client and process In Chu Qi credit database, non-credit state is set by state of the client in credit database;
9th module, is set in server-side, judges whether the process is pseudo- for the attribute information according to the process Process is made, if yes then enter the tenth module, otherwise enters the 11st module;
Tenth module, is set in server-side, for the corresponding field of the process to be arranged in its credit database For blacklist, it sends all clients connected to it, process in a broadcast manner by the information that the process is forgery process Terminate;
11st module, is set in server-side, for the corresponding field of the process to be arranged in credit database For white list (also needing to be automatically filled in the time for pulling in white list, i.e. credit time when necessary), and the attribute of the process is believed Breath is handed down to all clients connected to it.
In general, through the invention it is contemplated above technical scheme is compared with the prior art, can obtain down and show Beneficial effect:
(1) due to can use all clients of enterprise present invention employs step (1), step (3) and step (4) Collection process finger print information, i.e. crowdsourcing mechanism, in a large enterprise, as long as a client in thousands of clients End has used new edition process, and server-side can detect, and be distributed to all clients in time, participates in without implementation consultant, It is easily used.
(2) due to that present invention employs step (6) and step (7), can distinguish, store the process that all clients report Finger print information, and (have the client more than or equal to the threshold value that the process fingerprint has all been reported to believe according to threshold value preset in advance After breath), the finger print information of the process is included in credit database automatically, and be distributed to all clients, whole process enterprise pipe Reason person, implementation consultant are without participating in, to significantly reduce because of the huge maintenance of software upgrading bring.
It (3) is new process when server-side recognizes the progress information since present invention employs steps (9) and step (11) Afterwards, credit database can be added in the process automatically, and be handed down to all clients, thus solve the problems, such as it is timely, and based on It is dynamic to solve the problems, such as, and overcome the defect that the existing identification method based on process fingerprint can only be solved the problems, such as passively.
(4) since present invention employs steps (9) and step (10), after server-side confirmation process is forgery process then certainly It is dynamic that blacklist is added in the process, and it is handed down to all clients, it is possible to real-time detection is solved to potential threat, and in time Certainly.
(5) progress information submitted due to present invention employs step (6) and step (8), collecting and storing client, Path where computer name comprising client user, computer user's name, IP address, MAC Address, hardware number, process file Etc. information, when client run market it is popular crack or cracked anti-counterfeiting algorithm, cured evidence is to blabber Huge deterrent force is formed, so that blabber dare not divulge a secret, even be not desired to divulge a secret.
(6) since present invention employs step (12), it is incremental update mechanism that client, which updates credit database, to network The degree of dependence of condition is low.
Detailed description of the invention
Fig. 1 is the flow chart of the processing method of the forgery process in file transparent encrypting and deciphering system of the present invention.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.As long as in addition, technical characteristic involved in the various embodiments of the present invention described below Not constituting a conflict with each other can be combined with each other.
As shown in Figure 1, the present invention provides a kind of processing method of the forgery process in file transparent encrypting and deciphering system, The following steps are included:
(1) client obtains the process of starting, and obtains the process title of the process;
Specifically, this step uses global injection technique based on SetWindowsHookEx or first based on interior The call back function (Callback) of core driving to capture the process of starting, the application then provided by Windows system in real time Routine interface (Application Programming Interface, abbreviation API) function (such as GetModuleFileName Api function) obtain the process title of the process.
(2) client is inquired in its credit database with the presence or absence of the process title obtained in step (1), if do not deposited The process is then directly being run, process terminates, and otherwise enters step (3);
It, will be into the form of database specifically, credit database was established in the client initialization stage Journey, process title, the finger print information of process, credit time are stored in local.
Client is that directly by SQL statement, query procedure title whether there is in credit database in this step.
The later period updating maintenance of credit database mainly uses four kinds of mechanism:
Crowdsourcing mechanism: all clients can report process, and after new edition process occurs, server-side can be examined at the first time It surveys.
Quickly intervene: when the process of certain side door software changes, i.e., only very small amount of client uses the process, Administrator can WEB manage console on a key set it is white.
No matter automatic distributing: manually setting white or server-side backstage and set automatically white, can all carry out automatic distributing, allows all clients End obtains in real time updates credit database.
Increment downloading: server-side credit database uses increment downloading mode, new data portion is only downloaded, to network item Part relies on few.
(3) client extracts the finger print information of process, and inquiry whether there is the finger print information in its credit database, And if so, directly running the process, process terminates, and otherwise enters step (4);
(4) attribute information and finger print information of its attribute information and process are sent server-side by client, and blocks The operation of the process;
Specifically, the attribute information of client includes but is not limited to client id, client ip address, client MAC Address, client hardware number, client operating system version, the computer name in client operating system, client behaviour Make the user name etc. in system;
The attribute information of process includes but is not limited to the place path of process and the file of the corresponding file of process Name, file size, digital signature information, file explanation, FileVersion, name of product, product version, copyright information, original text Part name etc..
(5) server-side judges whether that the finger print information for the process that client is sent can be inquired in its credit database, If it is, entering step (6), (8) are otherwise entered step;
(6) whether the number for the attribute information that server-side judgement receives the process is greater than a preset threshold N, if it is Step (7) are transferred to, (8) are otherwise entered step;
Specifically, the value range of preset threshold N is greater than 2 and less than 1000, preferably equal to 30.
(7) process is added in its credit database server-side, and by the attribute information of the process (process title, into Cheng Zhiwen, credit time) all clients connected to it are handed down to, process terminates;
Specifically, while process addition is stored in the credit database of server-side, the process corresponding credit time (time of credit database is added) can also be synchronized to be changed to the current time of server-side.
(8) attribute information of the attribute information of client and process is stored in its credit database by server, will State of the client in credit database is set as non-credit state;
The purpose of the attribute information of server-side storage client is to solidify evidence, in case can precisely find forgery when audit The people of process.
(9) server-side judges whether the process is forgery process according to the attribute information of the process, if yes then enter step Suddenly (10) otherwise enter step (11);
Specifically, the attribute information in this step according to the process judges whether the process is that forgery process specifically can be with It is realized by following three kinds of modes:
One, general business software such as MS OFFICE be all mounted in C: Program Files Microsoft Office Office15 catalogue, if the place path of the process not in specified directory, as E: code tools Winword.exe, D: decrypt acad.exe etc., then may determine that the process is forgery process;
Two, general business software all has more perfect attribute information, such as digital signature information, file explanation, file version Sheet, name of product, product version, copyright information, raw filename etc., if the content in the attribute information of the process is less, or Only include the initial information of software development phase, such as to do in the attribute information of person's process, then can be determined that the process To forge process;
Three, the corresponding file size of process file corresponding with the process of credit in the attribute information of the process is big Small to be compared, if the two differs greatly, if the process file size of credit is 132M, and the corresponding file size of the process is 50K then can be determined that the process is forgery process.
(10) server-side sets blacklist for the corresponding field of the process in its credit database and (also needs when necessary It is automatically filled in the time for pulling in blacklist), it sends the information that the process is forgery process in a broadcast manner and is connected thereto All clients, process terminates.
(11) server-side in credit database by the corresponding field of the process be set as white list (also need when necessary from It is dynamic to insert the time for pulling in white list, i.e. credit time), and (process title, is awarded process fingerprint by the attribute information of the process The letter time) it is handed down to all clients connected to it automatically;
(12) client is according to its own credit database of the credit database update of server-side.
Specifically, client first obtains renewal time last time, such as 2019-07-2511:14:56 according to local credit library, Server-side inquiry is directly arrived according to the time, such as select*from K_PROCESSINFO where SetTime >=' 2019- 07-25 11:14:56 ' realizes increment downloading and updates if returning has data.
As it will be easily appreciated by one skilled in the art that the foregoing is merely illustrative of the preferred embodiments of the present invention, not to The limitation present invention, any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should all include Within protection scope of the present invention.

Claims (8)

1. a kind of processing method of the forgery process in file transparent encrypting and deciphering system, which comprises the following steps:
(1) client obtains the process of starting, and obtains the process title of the process;
(2) client is inquired in its credit database with the presence or absence of the process title obtained in step (1), if there is no then The process is directly run, process terminates, and otherwise enters step (3);
(3) client extracts the finger print information of process, and inquiry whether there is the finger print information in its credit database, if In the presence of the process is then directly run, process terminates, and otherwise enters step (4);
(4) attribute information and finger print information of its attribute information and process are sent server-side by client, and blocking should be into The operation of journey;
(5) server-side judges whether that the finger print information for the process that client is sent can be inquired in its credit database, if It is then to enter step (6), otherwise enters step (8);
(6) whether the number for the attribute information that server-side judgement receives the process is greater than a preset threshold N, is if it is transferred to Step (7), otherwise enters step (8);
(7) process is added in its credit database server-side, and the attribute information of the process is handed down to connected to it All clients, process terminate;
(8) attribute information of the attribute information of client and process is stored in its credit database by server, by the visitor State of the family end in credit database is set as non-credit state;
(9) server-side judges whether the process is forgery process according to the attribute information of the process, if yes then enter step (10), (11) are otherwise entered step;
(10) server-side sets blacklist for the corresponding field of the process in its credit database, by the process be forge into The information of journey is sent to all clients connected to it in a broadcast manner, and process terminates;
(11) server-side sets white list for the corresponding field of the process in credit database, and the attribute of the process is believed Breath is handed down to all clients connected to it.
2. processing method according to claim 1, which is characterized in that step (1) is specifically, first using being based on The global injection technique of SetWindowsHookEx or based on the call back function of kernel-driven come in real time capture starting into Journey, the application program interface function then provided by Windows system (such as GetModuleFileName api function) obtain Take the process title of the process.
3. processing method according to claim 1, which is characterized in that the attribute information of client includes client id, visitor Family end IP address, client mac address, client hardware number, client operating system version, the meter in client operating system User name etc. in calculation machine title, client operating system.
4. processing method according to claim 1, which is characterized in that the attribute information of process includes but is not limited to process Place path and the filename of process respective file, file size, digital signature information, file explanation, FileVersion, Name of product, product version, copyright information, raw filename etc..
5. processing method according to claim 1, which is characterized in that the credit database for being stored in server-side is added in process While, the time which is added credit database is also synchronized to be changed to the current time of server-side.
6. processing method according to claim 1, which is characterized in that step is sentenced in (9) according to the attribute information of the process The process of breaking whether be forgery process be by judge path where the process whether under specified directory, judge the category of the process Property information in content it is whether enough, judge in the attribute information of the process whether only including software development phase just Beginning information or judge the corresponding file size of process file corresponding with the process of credit in the attribute information of the process It differs between size and to realize whether greatly.
7. processing method according to claim 1, which is characterized in that further comprise client root after step (11) According to its own credit database of the credit database update of server-side.
8. a kind of processing system of the forgery process in file transparent encrypting and deciphering system characterized by comprising
First module, is set in client, for obtaining the process of starting, and obtains the process title of the process;
Second module, is set in client, for being inquired in its credit database with the presence or absence of the acquisition of the first module Process title, if there is no the process is then directly run, process terminates, and otherwise enters third module;
Third module, is set in client, and for extracting the finger print information of process, and in its credit database, inquiry is No there are the finger print informations, and if so, directly running the process, process terminates, and otherwise enter the 4th module;
4th module, is set in client, for sending out the attribute information of its attribute information and process and finger print information It is sent to server-side, and blocks the operation of the process;
5th module, is set in server-side, for judging whether that can inquire client in its credit database sends The finger print information of process otherwise enter the 8th module if it is, into the 6th module;
6th module, is set in server-side, and it is default to judge whether the number for the attribute information for receiving the process is greater than one Threshold value N is if it is transferred to the 7th module, otherwise enters the 8th module;
7th module, is set in server-side, for the process to be added in its credit database, and by the attribute of the process Information is handed down to all clients connected to it, and process terminates;
8th module, is set in server, for the attribute information of the attribute information of client and process to be stored in In its credit database, non-credit state is set by state of the client in credit database;
9th module, is set in server-side, for the attribute information according to the process judge the process whether be forge into Otherwise journey enters the 11st module if yes then enter the tenth module;
Tenth module, is set in server-side, for setting black for the corresponding field of the process in its credit database The information that the process is forgery process is sent all clients connected to it in a broadcast manner by list, and process terminates;
11st module, is set in server-side, for setting white for the corresponding field of the process in credit database List, and the attribute information of the process is handed down to all clients connected to it.
CN201910681391.0A 2019-07-26 2019-07-26 Method and system for processing counterfeit process in file transparent encryption and decryption system Active CN110443050B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910681391.0A CN110443050B (en) 2019-07-26 2019-07-26 Method and system for processing counterfeit process in file transparent encryption and decryption system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910681391.0A CN110443050B (en) 2019-07-26 2019-07-26 Method and system for processing counterfeit process in file transparent encryption and decryption system

Publications (2)

Publication Number Publication Date
CN110443050A true CN110443050A (en) 2019-11-12
CN110443050B CN110443050B (en) 2021-02-09

Family

ID=68431628

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910681391.0A Active CN110443050B (en) 2019-07-26 2019-07-26 Method and system for processing counterfeit process in file transparent encryption and decryption system

Country Status (1)

Country Link
CN (1) CN110443050B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111092886A (en) * 2019-12-17 2020-05-01 深信服科技股份有限公司 Terminal defense method, system, equipment and computer readable storage medium
CN111310180A (en) * 2020-02-18 2020-06-19 上海迅软信息科技有限公司 Computer process anti-counterfeiting method for enterprise information security
CN112131565A (en) * 2020-09-27 2020-12-25 浙江华途信息安全技术股份有限公司 Transparent encryption and decryption anti-cracking method and management equipment thereof

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101650768A (en) * 2009-07-10 2010-02-17 深圳市永达电子股份有限公司 Security guarantee method and system for Windows terminals based on auto white list
CN103425926A (en) * 2012-05-14 2013-12-04 腾讯科技(深圳)有限公司 Application program starting method, list configuring method, terminal and server
CN103559438A (en) * 2013-10-31 2014-02-05 上海上讯信息技术有限公司 Progress identification method and progress identification system
CN103856524A (en) * 2012-12-04 2014-06-11 中山大学深圳研究院 Method and system for identifying legal content on basis of white list of user agent
CN104580203A (en) * 2014-12-31 2015-04-29 北京奇虎科技有限公司 Website malicious program detection method and device
CN105446741A (en) * 2015-12-10 2016-03-30 北京邮电大学 API (Application Program Interface) comparison based mobile application identification method
US20160226908A1 (en) * 2008-03-05 2016-08-04 Facebook, Inc. Identification of and countermeasures against forged websites
CN106548048A (en) * 2016-10-28 2017-03-29 北京优炫软件股份有限公司 A kind of method for Process flowchart, device and system
CN106778261A (en) * 2015-11-20 2017-05-31 中兴通讯股份有限公司 The treating method and apparatus of camouflage applications
CN107077561A (en) * 2017-01-10 2017-08-18 深圳怡化电脑股份有限公司 Verify method, self-aided terminal and the application server of upper layer application identity
CN107451469A (en) * 2017-09-14 2017-12-08 郑州云海信息技术有限公司 A kind of process management system and method
CN107944232A (en) * 2017-12-08 2018-04-20 郑州云海信息技术有限公司 A kind of design method and system of the Active Defending System Against based on white list technology
CN109446753A (en) * 2018-09-10 2019-03-08 平安科技(深圳)有限公司 Detect method, apparatus, computer equipment and the storage medium of pirate application program

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160226908A1 (en) * 2008-03-05 2016-08-04 Facebook, Inc. Identification of and countermeasures against forged websites
CN101650768A (en) * 2009-07-10 2010-02-17 深圳市永达电子股份有限公司 Security guarantee method and system for Windows terminals based on auto white list
CN103425926A (en) * 2012-05-14 2013-12-04 腾讯科技(深圳)有限公司 Application program starting method, list configuring method, terminal and server
CN103856524A (en) * 2012-12-04 2014-06-11 中山大学深圳研究院 Method and system for identifying legal content on basis of white list of user agent
CN103559438A (en) * 2013-10-31 2014-02-05 上海上讯信息技术有限公司 Progress identification method and progress identification system
CN104580203A (en) * 2014-12-31 2015-04-29 北京奇虎科技有限公司 Website malicious program detection method and device
CN106778261A (en) * 2015-11-20 2017-05-31 中兴通讯股份有限公司 The treating method and apparatus of camouflage applications
CN105446741A (en) * 2015-12-10 2016-03-30 北京邮电大学 API (Application Program Interface) comparison based mobile application identification method
CN106548048A (en) * 2016-10-28 2017-03-29 北京优炫软件股份有限公司 A kind of method for Process flowchart, device and system
CN107077561A (en) * 2017-01-10 2017-08-18 深圳怡化电脑股份有限公司 Verify method, self-aided terminal and the application server of upper layer application identity
CN107451469A (en) * 2017-09-14 2017-12-08 郑州云海信息技术有限公司 A kind of process management system and method
CN107944232A (en) * 2017-12-08 2018-04-20 郑州云海信息技术有限公司 A kind of design method and system of the Active Defending System Against based on white list technology
CN109446753A (en) * 2018-09-10 2019-03-08 平安科技(深圳)有限公司 Detect method, apparatus, computer equipment and the storage medium of pirate application program

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111092886A (en) * 2019-12-17 2020-05-01 深信服科技股份有限公司 Terminal defense method, system, equipment and computer readable storage medium
CN111092886B (en) * 2019-12-17 2023-05-12 深信服科技股份有限公司 Terminal defense method, system, equipment and computer readable storage medium
CN111310180A (en) * 2020-02-18 2020-06-19 上海迅软信息科技有限公司 Computer process anti-counterfeiting method for enterprise information security
CN112131565A (en) * 2020-09-27 2020-12-25 浙江华途信息安全技术股份有限公司 Transparent encryption and decryption anti-cracking method and management equipment thereof

Also Published As

Publication number Publication date
CN110443050B (en) 2021-02-09

Similar Documents

Publication Publication Date Title
US11934497B2 (en) Content anti-piracy management system and method
CN111209346B (en) Block chain data archiving method and device and computer readable storage medium
EP1680727B1 (en) Distributed document version control
US10536459B2 (en) Document management systems and methods
CN103595730B (en) A kind of ciphertext cloud storage method and system
CN101410800B (en) System and method for a software distribution service
CN110443050A (en) A kind of processing method and system of forgery process in file transparent encrypting and deciphering system
CN112765245A (en) Electronic government affair big data processing platform
CN114365133A (en) System or method for implementing forgotten rights on metadata driven blockchains with secret sharing and consensus on reads
US7793335B2 (en) Computer-implemented method, system, and program product for managing log-in strikes
CN109766673A (en) A kind of alliance's formula audio-video copyright block catenary system and audio-video copyright cochain method
US20070294338A1 (en) Database access method and system capable of concealing the contents of query
US20060288056A1 (en) File version management device, method, and program
US8204949B1 (en) Email enabled project management applications
US8745155B2 (en) Network storage device collector
US20070112784A1 (en) Systems and Methods for Simplified Information Archival
JPH09509772A (en) Method and apparatus for protecting object changes in a distributed digital directory
CN103618652A (en) Audit and depth analysis system and audit and depth analysis method of business data
KR101977178B1 (en) Method for file forgery check based on block chain and computer readable recording medium applying the same
CN102571380A (en) Multi-instance GIS platform unified user management method and system
KR20090024336A (en) Document chaser
CN111797426B (en) Method and system for distrust notification service
US20040260699A1 (en) Access management and execution
CN115222375B (en) Government affair data monitoring, analyzing and processing method and system based on big data
CN108965317A (en) A kind of network data guard system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant