CN1875607A - Api system, method and computer program product for accessing content/security analysis functionality in a mobile communication framework - Google Patents
Api system, method and computer program product for accessing content/security analysis functionality in a mobile communication framework Download PDFInfo
- Publication number
- CN1875607A CN1875607A CN 200480016986 CN200480016986A CN1875607A CN 1875607 A CN1875607 A CN 1875607A CN 200480016986 CN200480016986 CN 200480016986 CN 200480016986 A CN200480016986 A CN 200480016986A CN 1875607 A CN1875607 A CN 1875607A
- Authority
- CN
- China
- Prior art keywords
- mobile communication
- application program
- function
- communication equipment
- content analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
A system, method and computer program product are provided for accessing security or content analysis functionality utilizing a mobile communication device. Included is an operating system installed on a mobile communication device capable of communicating via a wireless network. Further provided is an application program installed on the mobile communication device and executed utilizing the operating system for performing tasks. A scanning subsystem remains in communication with the application program via an application program interface. Such scanning subsystem is adapted for accessing security or content analysis functionality in conjunction with the tasks performed by the application program.
Description
Technical field
The present invention relates to the security fields of mobile communication equipment, specifically, is with the detecting Malware about the scanning mobile communication equipment.
Background technology
In the past ten years, the number of mobile honeycomb phone and use rapid development. The a recent period of time, introduced wireless device, it can combine the function of mobile phone with personal digital assistant (PDA). Can estimate that within following a period of time, so that the high speed data transfer of striding on the radio interface becomes possibility, this field will experience staggering growth along with New honeycomb formula telecommunication standard (for example: GPRS, UMTS and WAP).
Can estimate that radio communication platform might be subjected to so-called Malware (malware), such as virus, Trojan Horse, computer worm (hereinafter being referred to as ' virus '), and the invasion and attack of other interference/harmful content; Its infringement mode is with personal computer and the suffered infringement mode of work station are roughly the same now. In fact there has been multiple mobile phone virus to be identified.
For resisting the attack of virus, must arrange at mobile platform anti-virus software is installed that the arrangement of its mode and desktop PC environment is roughly the same. Multiple different desktop anti-virus application software is now come out. The major part of these application software relies on a kind of basic scanning engine, and it can seek whether there is predetermined virus signature in the suspicious archives. These signatures are stored in the database, must often upgrade it, to reflect the Virus Info of up-to-date identification.
In general, users can be at set intervals download to replace by the Internet, from the Email that receives or from a CD and floppy disk and use database. Users also need often update software engine, so that utilize up-to-date viral detection techniques when finding newtype viral.
The mobile wireless platform has brought a series of problem to software developers' (comprising the anti-virus software developer). Particularly, traditional content/security sweep system works mutually discretely with the application software that will scan. Be depicted as a framework 10 such as known technology Figure 1A, wherein application software 12 and scanner 14 be take operating system 16 as interface, and link in discrete mode. Unfortunately, this mode of framework 10 needs extra cost and redundant program code.
Summary of the invention
The invention provides a kind of API system, method and computer product that in mobile communication equipment, is used for accessed content/security function. Comprise that one is installed on the operating system in the communication equipment, this communication equipment can carry out communication by wireless network. One application program that is installed on communication equipment also is provided, and this application program can be used for executive operating system to carry out duties. The one scan subsystem keeps communicating by letter by application programming interfaces and application program. This scanning subsystem can be reequiped, the safety or the content analysis function that are associated with task that application program is fulfiled with access.
In one embodiment, safety or content analysis can comprise safety analysis. In another embodiment, safety or content analysis can comprise content analysis. In addition, safety or content analysis can comprise as required virus scan and/or by the access virus scan.
In another embodiment, application program can comprise a mail applications. Application program also can further comprise a browser application, and its task comprises browse network. In addition, application program can comprise a telephone book applications program, and its task comprises a plurality of telephone numbers of management. As a kind of selection, this application program can comprise a message application, and its task comprises message transfer. It should be noted that the program that can comprise any type. But the program of java application or other types for example.
During use, safety or content analysis function can be applicable to execute the task in the application data that is associated with application program.
Selectively, scanning subsystem can comprise a repeated load function library. Among this embodiment, scanning subsystem can be connected in running time application program. Alternatively, scanning subsystem can comprise the one scan program, and this scanning imaging system communicates by application programming interfaces and application program.
Application programming interfaces can be supported several functions, reset, upgrade scanning subsystem, scanning, configuration scanning subsystem etc. such as system environments initialization, release status information.
Application programming interfaces provide multiple call comprise open call, data call and close closed call. In the use, application programming interfaces can be installed in the middle of a plurality of application programs.
Description of drawings
Known technology accompanying drawing 1A is that the scanning interface of an application program and a tape operation system is with the framework schematic diagram of discrete mode cooperating;
Fig. 1 is embodiment schematic diagram of mobile communication framework;
Fig. 2 is another embodiment schematic diagram of mobile communication framework;
Fig. 3 is the embodiment schematic diagram of a framework being associated with a mobile communication equipment;
Fig. 4 is an embodiment schematic diagram that passes through the system of mobile communication equipment access security of use or content analysis function;
Fig. 5 is the embodiment according to an application server of system shown in Figure 4, by using the schematic diagram of a mobile communication equipment access security or content analysis functional framework;
Fig. 6 is the embodiment according to a repeated load function library of system shown in Figure 4, by using the schematic diagram of a mobile communication equipment access security or content analysis functional framework;
Fig. 7 is the schematic diagram of an on-demand scanning system carrying out under system shown in Figure 4;
Fig. 8 is the embodiment schematic diagram of a stepped relation of the various different assemblies of application programming interfaces (API), and it can be used for providing interface between mobile applications and a scanning subsystem;
Fig. 9 is a schematic diagram that demonstration type function bank interface starts;
Figure 10 is the embodiment schematic diagram of an exemplary format of the code function of makeing mistakes;
Figure 11 is the embodiment schematic diagram of the call sequence of a scanning subsystem API;
Figure 12 is the embodiment schematic diagram of the call sequence of an exemplary configuration API;
Figure 13 is the schematic diagram of various exemplary scan-data type, and these data types can be delivered to scanning subsystem by an API by application program;
Figure 14 is an example embodiment schematic diagram that comprises the position-domain variable of Malware seriousness sign and application program performance level;
Figure 15 is a chart schematic diagram, and this figure has set forth and used time that scanning subsystem scans as a mode that function changes of the data type of identifying by the variable among Figure 13;
Figure 16 is the embodiment schematic diagram of an exemplary flow, and this flow process has been described the mode that this refresh routine is started by a user interface.
Figure 17 is the embodiment schematic diagram of the method effectively upgraded of a scanning subsystem to a mobile communication equipment.
The specific embodiment
Fig. 1 is the embodiment schematic diagram of a mobile communication framework 100. As shown in the figure, this framework comprises mobile communication equipment 102 and the back-end server 104 that can communicate by wireless network. Under the environment of current description, mobile communication equipment 102 can include (but are not limited to) cellular phone, wireless personal digital assistant (PDA), wireless Palm Pilots, wireless hand-held computer or any mobile device that other can communicate by wireless network.
In one embodiment, mobile communication equipment 102 can be equipped with one scan subsystem 105. This scanning subsystem 105 can comprise any can be stored in mobile communication equipment 102 or deposit in the subsystem of the scan-data among communicating. Certainly, this scanning can be the scanning of the scanning of access formula, demand scanning or other any types. In addition, scanning may involve the content (being text, picture etc.) of above-mentioned data representative, and the scanning of the universal safety type that Malware is carried out etc.
Still get back to Fig. 1, mobile communication equipment 102 can further be equipped with the display 106 that can describe a plurality of graphic user interfaces 108, and this display comprises the various functions of the above scan function to be used for management through repacking.
During use, the display of mobile communication equipment 102 106 is used in a network (such as the internet etc.) demonstration data. See also operation 1. In current use procedure, the user can use display 106 to browse data on the disparate networks, specifically selects link or anchor point to obtain data from network by back-end server 104. See also operation 2. Then, in operation 3, scanning subsystem 105 is called to scan the data of obtaining.
In current embodiment, scanning subsystem 105 demonstrates and finds the Malware relevant with operating fetched data in 4. At this moment, provide an option by display 106 to a user, namely interrupted this time obtaining and/or use/access these data and ignore the Malware that identifies, as operated shown in the of 5. Based on the decision of operation in 5, user's meeting or can not become once the object of ' attack ', as operate shown in the of 6.
Fig. 2 is based on the schematic diagram of the mobile communication framework 200 of another embodiment. This mobile communication framework 200 is similar to mobile communication framework shown in Figure 1 100, and just mobile communication equipment mode that the identification of Malware in the fetched data is reacted is different.
Particularly, only offer option of user in the operation 5. That is, the user can only close any dialogue relevant with the data that are found to comprise Malware.
Fig. 3 has shown the framework that is associated with mobile communication equipment 300 based on an embodiment. Current framework 300 can be contained in the mobile communication equipment of Fig. 1 and Fig. 2. Certainly, framework 300 can be carried out in any required occasion.
As shown in the figure, current framework 300 can comprise a plurality of mobile applications 302. In the situation of current description, mobile applications 302 can comprise any application program in the mobile communication equipment or software etc. of being installed on, and is beneficial to carry out different tasks. Should also be noted that this application program 302 also can be installed among firmware, the hardware etc. by user's needs.
In another embodiment, application program 302 can be including but not limited to mail applications, and its task comprises managing email. In addition, this application program can comprise browser application, and its task comprises browse network. In addition, this application program can also comprise phone book application, and its task comprises a plurality of telephone numbers of management. As a kind of selection, this application program can comprise message application, and its task comprises message communicating. Should be noted that this application program can be any class row. For example, can be java application or other similar programs.
Continue to get back to Fig. 3, with the relevant function library 308 of scanning subsystem 304, scanning subsystem 304 communicates with application program 302 by first application programming interfaces (API) 306 and first. More exemplary information selected about first application programming interfaces 306 and first function library 308 will be further elaborated when will Fig. 4-12 be discussed hereinafter.
As a kind of selection, application program 302 can be carried out information communication with scanning subsystem 304, to make things convenient for the scanning work of scanning subsystem 304. This information can be with the data type that will scan, and relevant with the relevant arrangement of time of this type of scanning. More exemplary information of carrying out in this way interaction with application program 302 about scanning subsystem 304 will be further elaborated when Figure 13-15 is discussed.
As shown in Figure 3, first function library 308 can comprise renewal manager 310, configuration manager 312 and a signature database 314. In use, this renewal manager 310 can be managed the process that signature database 314 upgrades the up-to-date signature of scanning usefulness. In one embodiment, the process of renewal can simplify to adapt to the intrinsic band-limited problem of mobile communication framework. More will set forth in Figure 16-17 o'clock in discussion about the exemplary information of this renewal process.
A part as framework among Fig. 3 300 further provides again operating system 316, and this operating system installation is on mobile communication equipment and through reequiping to make things convenient for executive utility 302. In one embodiment, scanning subsystem 304 can be independent of platform, therefore can be carried out in any operating system/mobile communication equipment combination.
For adapting to this characteristic, second application programming interfaces 318 and second function library 320 have been arranged, it can support several functions, for example system/function library initializes 322, the function 336 of makeing mistakes, Memory Allocation 334, I/O (I/O) 328, data grant 332, synchronous 330, advanced text transportation protocol 326, facility information 324, debugging 338 and other functions (be shared drive, system time, etc.). In one embodiment, second application programming interfaces 318 can be independent of platform, is similar to scanning subsystem 304. More exemplary details selected about second application programming interfaces 318 and second function library 320 will be further elaborated when annex A is discussed.
Fig. 4 has shown the system 400 based on an embodiment, and it is by using a mobile communication equipment with access security or content analysis function. In an example, current system 400 can carry out under application program, scanning subsystem and the operating system environment in the framework 300 of Fig. 3. But should be noted that current system 400 can be carried out under any required environment.
As shown in the figure, comprised the operating system that is installed on a mobile communication equipment 402 that can communicate by wireless network here. The application program 404 that is installed on mobile communication equipment also is provided in addition, and it is by using operating system 402 to be carried out and finish various tasks.
In use, safety or content analysis function can be applicable to the application data that is associated with 404 operation tasks of application program. Under the environment of current description, application data can comprise data or other the associated data that any being carried out by application program 404 of task is inputted, processes, exported.
By application programming interfaces scanning subsystem 406 and application program 404 are closely united, can reduce administrative expenses and code repetitive rate. More exemplary information about these application programming interfaces and correlation function storehouse will be further elaborated when the chart of discussing after this.
Fig. 5 has shown by using the framework 500 of mobile communication equipment access security or content analysis function based on the application server of system among Fig. 4 400. Should be noted that current framework 500 can be carried out in any required environment.
As shown in the figure, scanning subsystem can comprise scanning imaging system 502, and this scanning imaging system communicates with application program 504 by the agreement (for example uItron message contacted system) of application programming interfaces 506 and an association. Application programming interfaces 506 can involve first assembly 508 that is associated with scanning imaging system 502, and second assembly 510 that is associated with application program 504, and this can be further elaborated hereinafter.
To application programming interfaces 506 provide multiple different call 512 can comprise open call, data call and enclosed calling. In use, scanning imaging system 502 can scan the application data 516 that the task of moving with application program 504 is associated.
Figure 6 shows that one by using mobile communication equipment in order to the framework 600 of access security or content analysis function, this framework is consistent with the repeated load storehouse example of system 400 among Fig. 4. Should be noted that current framework 600 can be carried out under any required environment.
As shown in the figure, scanning subsystem can comprise a repeated load function library 602. In use, scanning subsystem repeated load function library 602 can be connected in application program 604 when operation. Thus, among each in can implanted a plurality of application programs 604 of application programming interfaces 606.
Be similar to the framework 500 among previous Fig. 5, application programming interfaces 606 may relate to and multiplely different call 612, comprise open call, data call and enclosed calling. In use, repeated load function library 602 can be used for scanning the relevant application data 616 of task of moving with application program 604.
Figure 7 shows that an on-demand scanning system 700 of in Fig. 4, carrying out under system's 400 environment. Should be noted that current system 700 can be carried out under any required environment.
On-demand scanning scans stored application data 702, to detect hostile content or code and to be removed after discovery. The user can start on-demand scanning by a user interface 703. In addition, each application program 704 can be called scanning subsystem 706 to move for being stored in the scanning that object carries out in the correspondence memory.
On the other hand, on-demand scanning provided the identification to malicious code or content before application program 704 processing or transformation applications data 702. Before scanning subsystem 706 detected malicious application data 702, on-demand scanning was transparent for the user.
Fig. 8 has shown the hierarchical system of the various different assemblies of application programming interfaces 800 based on an embodiment, is used between mobile applications and a scanning subsystem interface is provided. As a kind of selection, current application programming interfaces 800 can be in Fig. 4 be carried out under the environment of system 400. But should be noted that current application programming interfaces 800 can be carried out under any required environment.
As shown in Figure 8, the function of application programming interfaces comprises MdoScanOpen () 802, MDoScanClose () 804, MDoScanVersion () 806, reaches MDoScanData () 808. MoDoScanOpen () 802 and MDoScanClose () the 804th are be used to creating/open and close a scanning subsystem object instance. MDoScanVersion () 806 provides scanning subsystem and signature scheme versions of data information. MDoScanData () 808 operation content/data scanning and reports. Being included in simultaneously scanning has a MDoScanUpdate () 810 in the application programming interfaces, and it can provide malware signature database and detecting logical renewal. When MDoScanUpdate () 810 by once upgrade using institute when calling, function library will connect a long-range back-end server (referring to for example Fig. 1) and download up-to-date file (for example mdo.sdb and mdo.pd).
The scanning subsystem configuration is by using MDoConfigOpen () 812, MDoConfigClose () 814, MDoConfigGet () 816 and MDoConfigSet () 818 to reach. In case a configuration handle obtains by calling current application programming interfaces 800, the application program of calling is used get and set provisioning API with inquiry and is set the various variablees that scanning subsystem disposes.
What be contained in simultaneously current application program interface 800 is one and is called makeing mistakes of MDoGetLastError () 820 and obtains function. This function is used for obtaining the information of makeing mistakes at last about having occured.
Before making any API Calls, preferably in start-up time, MDoSystemInit () 825 is called to initialize the setting of function library environment. This function library has been preserved configuration setting, malicious software code detecting logic (such as mdo.pd) and signature database (such as mdo.sdb), has been reached various built-in variables (such as synchronous object, Deng), and it is deposited in fixing continuation storage location.
MDoLibraryOpen () 830 and MDoLibraryClose () 840 are used for initializing function library. An application program can occur to call MDoLibraryOpen () 830 by what its API Calls in office before, and application program can be called MDoLibraryClose () 840 before stopping.
Thereby application programming interfaces 800 can be supported various function by using different application programming interfaces assemblies, for example system environments initialization, release status acquisition of information, renewal scanning subsystem, scanning, configuration scanning subsystem, etc. More information about above-mentioned functions under application programming interfaces 800 environment will be set forth hereinafter.
System initialization
MDoSystemInit () 825 verifies and context initialization work for the data that are stored in particular permanent storage territory. The database of a malicious code/content signature pattern (being mdo.sdb), detecting logic (being mdo.pd), configuration setting and synchronization object can be stored in these storage territories. MDoSystemInit () 825 be called once before can the arbitrary function in api function being performed (namely when starting).
Table #1 has illustrated the exemplary information about MDoSystemlnit () 825.
Table #1
MDoSystemInit
Describe
Examine and the initialization system environmental information
Prototype
int MDoSystemInit(void);
Parameter
Nothing
Return of value
Such as success then 0, otherwise be the non-zero code of makeing mistakes.
Function library interface API
Table #2 has illustrated the exemplary information about MDoLibraryOpen () 830.
Table #2
MDoLibraryOpen
Describe
Initialize and return interface, api function storehouse handle
Prototype
MDOLIB_HANDLE MDoLibraryOpen(void);
Parameter
Nothing
Return of value
Such as success, interface, return function storehouse handle then,
Otherwise be INVALID_MDOLIB_HANDLE.
Also can referring to
MDoLibraryClose()
Table #3 has illustrated the exemplary information about MDoLibraryClose () 840.
Table #3
MDoLibraryClose
Describe
Release is returned by MDoLibraryClose () function with an api function storehouse handle is associated is
The system resource
Prototype
void MDoLibraryClose(MDOLIB_HANDLE hLib);
Parameter
hLib
The function library handle that [in] returned by MDoLibraryOpen
Return of value
Nothing
Also can referring to
MDoLibraryOpen()
Make mistakes and obtain
In case function library is successfully initialized and instantiation by MDoLibraryOpen () 830, MDoGetLastError () 820 provides the information of makeing mistakes about the last time to application program.
Table #4 has illustrated the exemplary information about MDoGetLastError () 820.
Table #4
MDoGetLastError
Describe
Return the value of makeing mistakes for the last time of the function library example of appointment
Prototype
MDoErrorCode MDoGetLastError(MDOLIB_HANDLE hLib);
Parameter
hLib
The function library handle that [in] returned by MDoLibraryOpen
Return of value
The MDoErrorCode data type can be defined as one 32 signless integer, and it not only comprises assembly but also comprise the code of makeing mistakes. Usually, the error message of obtaining may be set at the platform abstraction api layer. In view of this, MDoErrorCode form given herein is similar to by the defined A1ErrorCode form of level of abstraction API (referring to annex A). Figure 10 has illustrated the exemplary format 1000 of a MDoErrorCode based on an embodiment.
MDoErrorCode is defined as:
typedef unsigned long MDoErrorCode;
Also can referring to
MDoLibraryOpen(),MDoScanOpenO,MDoScanData(),
MDoScanUpdate()
Exemplary computer code #1 has illustrated the call sequence in a sample function storehouse by calling a MDoGetLastError () 820.
Computer code #1
| . . MDOLIB_HANDLE hLib; MDOSCAN_HMFDLE hScanner; MDoErrorCode errCode; . . |
| hMDoLib=MDoLibraryOpen(); if(hMDoLib==INVALID_MDOLIB_HANDLE) { return(-1); |
| } . . hScanner=MDoScanOpen(hLib); if(hScanner==INVALID_MDOSCAN_HANDLE) { errCode=MDoGetLastError(hLib); ReportError(errCode); MDoLibraryClose(hMDoLib); return(-1); } . . MDoScanClose(hScanner); MDoLibraryClose(hMDoLib); . . |
The code of makeing mistakes
The code of makeing mistakes by MDoGetLastError 820 reports comprises two parts: component code and the code of makeing mistakes. See also annex A to obtain more information. Table #6 has listed exemplary code and the corresponding component code of makeing mistakes. MDoGetLastError 820 also returns the code of makeing mistakes that is set in abstract function storehouse layer. Should be noted that following tabulation only for purposes of illustration, should not be understood as have on the where formula in office restricted.
Table #6
| Component code | The code of makeing mistakes | Describe |
| MDO_ERROR_MODULE | MDOE_CFG_UNKNOWN_VARIABLE | The unknown/invalid configuration variable name |
| ML_ERROR_MODULE | MLE_XFILE_ SEEK_MODE | Invalid meta file searching modes value |
| MLE_XFILE_SEEK_OOB | Invalid meta file is sought the place | |
| MLE_XFILE_SIZE_OOB | Invalid meta file size |
| MLE_PKG_INVALID FILE | Invalid update package file | |
| MLE_PKG_INVALID_FORMAT | Invalid update package file format | |
| MLE_SDB_INVALID_POSITION | Invalid SDB record position | |
| MLE_SDB_INVALID_STRUCTURE | Invalid/damage SDB interrecord structure | |
| MLE_SDB_RECORD_NOT_FOUND | The SDB record is missing. Can't find record | |
| MLE_SDB_NO_INODES | SDB INode space is inadequate | |
| ML_ERROR_MODULE | MLE_SDB_NO_BLOCKS | The SDB block space is inadequate |
| MLE_SDB_INVALID_OFFSET_SIZE | Invalid SDB skew | |
| MLE_SDB_BAD_INITIALIZE PARAMS | Invalid SDB initiation parameter | |
| MLE_ME_INVALID_SUBTYPE | Invalid secondary record ID value | |
| MLE_ME_INVALID_TYPE | Invalid secondary record ID value | |
| MLE_ME_TYPE_NOT_FOUND | Unknown secondary record ID value | |
| MLE_ME_VIRUS_NOT_FOUND | Missing/invalid viral code | |
| MLE_DBU_INVALID_COMMAND | Invalid SDB update command | |
| MLE_ME_SMALL_VREC_ARRAY | Virus record array size is not good | |
| MLE_ME_TOO_MANY_WVSELECT_BUCK ET S | Fail to add new SDB record | |
| MLE_ME_BACKPTR_OVERFLOW | Fail to upgrade the SDB record |
Scanning subsystem API
MdoScanOpen
Table #7 has illustrated the exemplary information about MDoScanOpen () 802.
Table #7
Describe
Return a scanning subsystem instance handle
Prototype
MDOSCAN_HANDLE MDoScanOpen(MDOLIB_HANDLE hLib)
Parameter
hLib
[in] function library handle by using MDoLibraryOpen () function to obtain
Return of value
Such as success, then return the scanning subsystem instance handle.
As make mistakes, then be INVALID_MDOSCAN_HANDLE.
Also can referring to
MDoScanClose(),MDoScanData(),MDoScanUpdate(),
MDoLibraryOpen()
MdoScanClose
Describe
The system resource that discharges the scanning subsystem example and be associated
Prototype
void MDoScanClose(MDOSCAN_HANDLE hScan);
Parameter
hScan
[in] scanning subsystem handle by using MDoScanOpen () function to obtain
Return of value
Nothing
Also can referring to
MDoScanOpen(),MDoScanData(),MDoScanUpdate()
MdoScanVersion
Table #9 has illustrated the exemplary information about MdoScarnVersion () 806.
Table #9
Describe
Obtain scanning subsystem and signature version from a scanner handle that is returned by MDoScanOpen () function
This information
Prototype
int MDoScanVersion(MDOSCAN_HANDLE hScan,
SVerlnfo* pVersion);
Parameter
hScan
[in] scanning subsystem handle by using MDoScanOpen () function to obtain.
pVersion
[out] points to a pointer that comprises the version information structure
Return of value
Then return 0 such as success, otherwise be-1.
Also can referring to
MDoScanOpen(),MDoScanClose(),MDoScanData(),
MDoScanUpdate()
Exemplary computer code #2 illustrates a sample version information structure.
Computer code #2
| / * version information is by following composition the<device id 〉+<MDo 〉+<PD 〉+<SDB〉for example: device id:: " Win32TestPlatformRev05 " MDo:1 mdo.pd:2 mdo.sdb:32 */ |
| #define MDO_DEVID_MAX 32 typedef struct char szDevID[MDO DEVID MAX]; / * device id */unsigned int uMDoVer; / * version */unsigned int uEngVer; / * detecting logic (mdo.pd) version */unsigned int uSDbVer; / * signature database (mdo.sdb) version*/} SVerlnfo; |
The mobile communication equipment identification string of being reported by MdoScanVersion () 806 is (referring to the annex A) that sets by the use recognition of devices character string of being returned by AlDevGetInfo.
MdoScanData
Table #10 has illustrated the exemplary information about MDoScanData () 808.
Table #10
Describe
MDoScanData will be called to scan a specific data type from an application program. Call
Application program has been specified action, scanning target type, an I/O letter that overlaps in order to visit data of scanning
Number and a washability call back function. The number that the result of data scanning provides with a call function
Be returned according to structure. MDoScanData is repeated load.
Prototype
int MDoScanData(MDOSCAN_HANDLE hScan,
SScanParam* pParam,
SScanResult* pResult);
Parameter
hScan
The scanning subsystem handle that [in] obtains from once calling MDoScanOpen () function
pParam
[in] points to a pointer that comprises the structure of data scanning parameter
pResult
[out] points to a pointer that comprises data scanning result's structure
Return of value
As the success then return 0, otherwise for-1 and also the code of makeing mistakes be set
Also can reference
MDoScanOpen(),MDoScanClose(),MDoScanVersion(),
MDoScanUpdate()
MdoScanUpdate
Table #11 has illustrated the exemplary information about MDoScanUpdate () 810.
Table #11
Describe
Operation malicious code/content signature pattern database (mdo.sdb) and detecting logic (mdo.pd) are more
Newly.
Prototype
int MDoScanUpdate(MDOSCAN_HANDLE hScan,
SUpdateParam*p Param);
Parameter
hScan
[in] scanning handle by using MDoScanOpen () function to obtain
pParam
[in] points to the pointer of a undated parameter structure, and this structure comprises one and is used for upgrading and cancels/abandon
And the call back function pointer of process status renewal
Exemplary computer code #3 has illustrated the mode that the undated parameter structure is defined
Computer code #3
| typedef struct SStatus struct { int iCurrent; int iTotal; } SStatus; typedef struct SUpdateParam_struct { void*pPrivate; int(*pfCallBack)(void*pPrivate,int iReason,void *pParam); }SUpdateParam; |
Invokes application can be set function pointer and will pass to the data of function in call function. Please note table #12.
Table #12
| Readjustment reason (iReason) | Describe |
| MDO_UCB_STATUS | Carry out the state that readjustment upgrades with report. PParam points to the SStatus structure. SStatus.iCurrent comprises the amount of the data of receiving, and iTotal reports the size of update all data take byte as unit. |
| MDO_UCB_CANCEL | Carry out readjustment to distinguish that whether upgrading cancellation is set. PParam points to NULL. |
Provisioning API
Figure 12 has illustrated an exemplary configuration API Calls order 1200 based on an embodiment. As shown in the figure, MDoConfigOpen () 830 returns a handle, and this handle will be passed to configuration and obtain and the function of appointment. MDoConfigClose () 814 is used to discharge and close the configuration handle that is returned by MDoConfigOpen () 812. Particular value of MDoConfigSet () 818 usefulness has been set a specific configuration variables, and MDoConfigGet () 816 is that the variable of an appointment returns a Configuration Values. Before MDoConfigClose () 814 was called, the configuration variables setting that is limited by MDoConfSet () 818 might not be stored in the permanent storage body.
When access and/or when specifying a variate-value, application program can be called configuration and open, obtains or set, and exists side by side to be engraved in to add thereafter to close function.
The configuration variables that uses application programming interfaces 800 configuration components and specify/obtain and value can in order to idle character (' 0 ') character string of 8 characters ending up represents. Table #13 has listed existing various configuration variables.
Table #13
| Configuration variables | Value/example | Describe |
| ″ScanEnable″ | “0” | Close scanning |
| “1” | Enable scanning | |
| ″UpdateURL″ | ″http:∥update.mcafeeacsa.com/504i″ | Upgrade the Base-URL (referring to 0 part) of signature |
MdoConfigOpen
Table #14 has illustrated the exemplary information about MDoConfigOpen () 812.
Table #14
Describe
Return a handle to configuration and set, what then it is passed to the back calls MDoConfigGet ()
And MDoConfigSet ().
Prototype
MDOCONFIG_HANDLE MDoConfigOpen(MDOLIB_HANDLE hLib);
Parameter
hLib
[in] function library handle by using MDoLibraryOpen () function to obtain
Return of value
Then return the configuration handle such as success.
As make mistakes and then return INVALID_MDOCONPIG_HANDLE.
Also can referring to
MDoConfigClose(),MDoConfigSet(),MDoConfigGet()
MdoConfigClose
Table #15 has illustrated the exemplary information about MDoConfigClose () 814.
Table #15
Describe
Free system resources is also closed the configuration handle
Prototype
void MDoConfigClose(MDOCONFIG_HANDLE hConfig);
Parameter
hConfig
The configuration handle that [in] returned by MDoConfigOpen () function
Return of value
Nothing
Also can referring to
MDoConfigOpen(),MDoConfigSet(),MDoConfigGet()
MdoConfigGet
Describe
Configuration Values of configuration variables acquisition for appointment
Prototype
int MDoConfigGet(MDOCONFIG_HANDLE hConfig
char const* pszName,
char* pBuffer,
unsigned int uSize);
Parameter
hConfig
The configuration handle that [in] returned by MDoConfigOpen () function
pszName
The configuration variables title that [in] stops with NULL-
pBuffer
[out] cooperates the configuration with the NULL-termination of specified variable to set/value
uSize
The pBuffer length that [in] calculates with byte
Return of value
Successful then return 0, otherwise be-1.
Also can referring to
MDoConfigOpen(),MDoConf igClose(),MDoConf igSet()
MdoConfigSet
Table #17 has illustrated the exemplary information about MDoConfigSet () 818.
Table #17
Describe
For the configuration variables of appointment is set a value
Prototype
int MDoConfigGet(MDOCONFIG_HANDLE hConfig
char const* pszName,
char const* pszValue);
Parameter
hConfig
The configuration handle that [in] returned by MDoConf igOpen () function
pszName
[in] is with the configuration variables title of NULL-termination
pszValue
[int] cooperates the new configuration with the NULL-termination of specified variable to set/value
Return of value
Then return 0 such as success, otherwise be-1
Also can referring to
MDoConfigOpen(),MDoConfigClose(),MDoConfigGet()
Application program/scanning subsystem communication for ease of scanning
As previously mentioned, application program can be carried out information communication to make things convenient for scanning subsystem to scan with scanning subsystem. This communication can obtain facility by API described above. Above-mentioned information can be relevant with the data type that is scanned and the arrangement of time that is associated with this type of scanning. More descriptions of reaching this result mode about above-mentioned API will be set forth hereinafter.
Sweep parameter (SscanParam)
Invokes application can provide a sweep parameter to scanning subsystem by using the SScanParam structure. The information that is contained in sweep parameter provides to scanning subsystem:
1) type of action of scanning subsystem (for example iAction),
2) the scan-data type (for example need the type of the application data that scans-iDataType),
3) point to the data pointer (for example pPrivate) that scans target,
4) obtain the function (for example pfGetSize) of size of data (take byte as unit),
5) function of replacement scan-data size (for example pfSetSize),
6) scanning subsystem is used for obtaining the function (for example pfRead) of a scan-data piece,
6) for the function (for example pfWrite) that writes to scan-data, and
7) call back function (for example pfCallBack) of scanning subsystem state/process report.
Exemplary computer code #4 has illustrated the structure of a data sweep parameter.
Computer code #4
| typedef struct SScanParam struct { int iAction; int iDataType; void* pPrivate; unsigned int (* pfGetSize)(void* pPrivate); int (* pfSetSize)(void* pPrivate, unsigned int uSize); |
| unsigned int (* pfRead)(void* pPrivate, unsigned int uOffset, void* pBuffer, unsigned int uCount); unsigned int (* pfWrite)(void* pPrivate, unsigned int uOffset, void const* pBuffer, unsigned int uCount); int (* pfCallBack)(void* pPrivate, int iReason, SCBArg const* pCBArg); }SSCanParam; |
Scanning motion (iAction)
Scanning motion has been specified the type of the scanning that will move on the application data that is provided. Table #18 has illustrated various exemplary scanning motion.
Table #18
| Scanning motion ID | Describe |
| MDO_SA_SCAN_ONLY | The malicious code that scanning subsystem operation scanning and report are found. Do not carry out any reparation. |
| MDO_SA_SCAN_REPAIR | After operation scanning, the object that comprises malicious code will be repaired. |
Scan-data type (iDataType)
Invokes application can be by using this variable to scanning subsystem notice application data type and form.
Figure 13 has illustrated various example use data type 1300, and application program can transmit by API it to scanning subsystem. The form of Url-character string can meet uniform resource locator (RFC 1738) specification. The form of Email-character string can meet internet email address format (RFC 822) specification. Default territory can be set to any required territory. In addition, the telephone number character string can comprise numerical character ' 0 ' to ' 9 ', and ' # ' with ' * ' character.
Scan-data pointer/handle (pPrivate)
A pointer (or handle) that points to an application scanning object can be provided in addition. Scanning subsystem might not use this data pointer/handle to move direct internal memory I/O. Data pointer/handle is passed adjusts back with function to carry out read/write by the specified I/O function of use call function.
Scan-data size (pfGetSize)
Current function is used for obtaining from invokes application the size (take byte as unit) of scanning target data by scanning subsystem.
Scan-data is adjusted size (pfSetSize)
This function is used for application data to the given size (take byte as unit) that the adjustment of request call application program is repaired/cleans by scanning subsystem. This function can with scanning and be repaired/delete option and use simultaneously.
Scan-data function reading (pfRead)
This instant function can be used by scanning subsystem, is used for reading from invokes application the application data of a specified amount.
Scan-data writes function (pfWrite)
This is an optional parameter, can be used by scanning subsystem, is used for writing the application data of a specified amount with the part as repair process to sweep object. Be set to reparation or deletion such as scanning motion, then this function pointer can be set.
Call back function (pfCallBack)
As designated, scanning subsystem calls this specified function by described information in the following form. If what return is a negative return of value, then call back function is abandoned scanning process. Table #19 has set forth an exemplary callback code tabulation.
Table #19
| Readjustment reason ID | Describe |
| MDO_CB_DETECTED | In sweep object, detected a malicious code to the invokes application notice. The callback data parameter ' arg ' is set to and points to the SCBArg structure. |
| MDO_CB_CLEAN_READY | The Malware that is identified to the invokes application notice can be eliminated/repair. The callback data parameter ' varg ' is set to and points to the SCBArg structure. |
Exemplary computer code # 5 has illustrated the readjustment structure of a scanning subsystem.
| Typedef struct SCBArg_struct { text_t const*pszName; / * is detected the title * of Malware/text_t const*pszVariant; / * is detected the variable name * of Malware/unsigned int uType; / * Malware type */} SCBArg; |
Scanning result (SScanResulf)
The result of object scan, the Malware information that namely is detected the SScanResult structure that is provided by invokes application is provided is returned to invokes application. This SScanResult structure comprises one and points to a pointer that comprises the scanning result message structure, and one is pointed to a pointer that is used to remove the scanning result resource function. Distributed by scanning subsystem for the internal memory of depositing scanning result, and discharged by calling pfDeleteResult pointer function pointed.
Exemplary computer code #6 has illustrated a sample call sequence.
Computer code #6
| int ScanAppData(...) { SScanResult scanResult; . . if(MDoScanData (hScanner,&scanParam, &scanResult)==0) { . . scanResult.pfFreeResult(&scanResult); } . . } |
Exemplary computer code #7 has illustrated the malicious code that an is detected/content information structure.
Computer code #7
| Typedef struct SDetected struct { struct SDetected_struct*pNext; / * points to next found Malware * // * as then being NULL*/text_t const*pszName at end of list; The Malware title * that/* is detected/text_t const*pszVariant; The variable name * of the Malware that/* is detected/ |
| Unsigned int uType; The Malware type * that/* is detected/unsigned int uBehavior; The position of/* appointment seriousness-territory * // * grade and behavior rank */} SDetected; |
Exemplary computer code # 8 has illustrated a scanning result structure.
| Typedef struct SScanResult_struct { int iNumDectected; Malware number */SDetected*pList that/* finds; Malware list * // * that/* is detected is used for discharging by the function ptr*/void of reporting scanning result (* pfFreeResult) (struct SScanResult_struct* pResult); SScanResult; |
Severity level and behavior rank (uBehavior)
Figure 14 is based on an example embodiment, and it has shown to be included in contains Malware severity sign and other position-domain variable 1400 of application behavior level in the SDetect structure.
Table #20 has set forth the seriousness rank tabulation of an exemplary Malware.
Table #20
| The severity sign | Describe |
| MDO_SC_USER | The Malware that detects is harmful to the user. |
| MDO_SC_TERMINAL | The Malware that detects is harmful to equipment. |
As the application data that was scanned comprises the Malware harmful to mobile communication device user, and then scanning subsystem is set the MDO_SC_USER sign. If harmful to mobile communication equipment itself, the MDO_SC_TERMINAL sign is set. If it all is harmful to user and mobile communication equipment, then MDO_SC_USER and MDO_SC_TERMINAL sign all is set.
The application behavior rank has specified to take which type of measure to detecting the application data that comprises Malware. Table #21 has listed the corresponding action that other various values of behavioral scaling and application program are taked.
Table #21
| The behavior rank | Describe |
| MDO_BC_LEVELO | Processed with warning. This seriousness rank can be assigned to the data that before had been considered to malice. |
| MDO_BC_LEVEL1 | Prompting user before processing. He/her wishes that application program processes this data to the inquiry user. |
| MDO_BC_LEVEL2 | Do not process these data. |
| MDO_BC_LEVEL3 | Do not process these data not prompting user remove. If content is stored in the equipment, prompting user is permitted before removing. |
| MDO_BC_LEVEL4 | Do not process these data, if be stored its automatic moving is removed. |
Find a plurality of malicious codes in the data that are being scanned, the invokes application expection will be made a response with the behavior rank of highest level. For example, if MDO_BC_LEVELO and MDO_BC_LEVEL3 are reported that application program can be taked the action of MDO_BC_LEVEL3.
Figure 15 has illustrated a chart 1500, and the scanning of having illustrated scanning subsystem arranges conduct by a mode that function changes of the identified data type of each variable of Figure 13 opportunity.
Signature database upgrades
As previously mentioned, renewal process can be simplified, to adapt to the intrinsic finite bandwidth of mobile communication framework. Manyly will set forth hereinafter about the various different modes that can reach effect like this.
The assembly that is updated
The MDoScanUpdate function is along with update service provides two assemblies [for example malicious code detecting logic (mdo.pd) and signature database (mdo.sdb)]. An assembly (for example mdo.pd) can comprise the detecting logic and be upgraded fully when the version of a renewal occurs. Another assembly (for example mdo.sdb) can progressively upgrade until n previous version. To second assembly once upgrade fully can have than n more the mobile communication equipment of older version move. For example, if n is set to 5, and latest edition is 20, so can a ratio 15 more the mobile communication equipment of older version carry out once complete renewal.
Activate by user interface
Figure 16 has illustrated an exemplary flow process 1600 based on an embodiment, and it has described the update mode that is started by a user interface. As shown in the figure, the renewal of virus code can select a menu input to start by a user interface 1602 by mobile communication device user. In case user selection should upgrade menu, one is upgraded application program 1604 and is activated, and is connected to a back-end server by suitable renewal interface function 1606.
Communication protocol
The renewal function storehouse can communicate by http protocol and back-end server.
Renewal process
Figure 17 is based on an embodiment, and it has illustrated a method 1700 that is used for effectively upgrading a scanning subsystem of a mobile communication equipment. In one embodiment, carry out in application program, scanning subsystem and the operating system that current method 1700 can be in the framework 300 of Fig. 3 and the system among Fig. 1 and 2. But should be noted that current method 1700 can be carried out in any required environment.
Initialize this process, can send a update request to a back-end server from least one mobile communication equipment. Certainly, in other example, renewal can send without request.
In one embodiment, renewal can be by mobile communication equipment by using a request data structure to ask. This data structure can also optionally comprise the variablees such as uniform resource locator (URL) variable, mobile communication identification variable, application programming interfaces version variable, detecting logical variable, signature version variable and/or part number variable.
Table #22 has illustrated an exemplary URL that can be used for this purpose.
Table #22
<BASE-URL>?dev=<DEV-ID>&mdo=<MDO-VER>&eng=<ENG-
VER>&sdb=<SDB-VER>&chk=<CHUNK>
Below be a form of describing above-mentioned URL variable:
| Variable | Describe |
| <BASE-URL> | The server URL (referring to 0 part) of renewal by using the MDoConfigGet function to obtain |
| <DEV-ID> | The mobile communication equipment identification code; Returned by the A1DevGetlnfo function |
| <MDO-VER> | MDo API version |
| <ENG-VER> | The detecting logic, mdo.pd, version |
| <SDB-VER> | Signature database, mdo.sdb, version |
| <CHUNK> | The update software enclosed mass, or the part, number; Be initially 1 (=1) |
Table #23 has illustrated a particular example that meets the URL of foregoing description.
Table #23
http://update.mcafeeacsa.com/504i?dev=X504i05&mdo=2&eng=3&sdb=56&chk=1
More than the URL of table #23 has specified substantially-URL " http://update.mcafeeacsa.com/504i ", and " X504i05 " is EIC equipment identification code, API version 2, malicious code detecting logical versions 3, and signature database version 56. Should be noted that when mobile communication equipment is got in touch with back-end server at first its " data block " or part, number can be set as 1. In addition, basic-URL can be by allowing MDoConfigGet API use " UpdateURL " configuration variables to obtain.
After the request of receiving, malicious code detecting logic and signature database version coexist the version information that in URL coding deposit of back-end server by will having stored compared, thereby determines which update package need to be downloaded.
If do not need to upgrade, the rear end can be returned one without the response of content. In operation 1701, mobile communication equipment has been received the response as first. If determining that first comprises above-mentioned responds (referring to determining 1702) without content, method 1700 is ended, and this is not need to download because upgrade. Intrinsic finite bandwidth is useful to this feature in the mobile communication framework to adapting to.
On the other hand, if first part of a update package is returned, method 1700 will (perhaps possible is with it simultaneously) continue to receive the other parts of upgrading after receiving the first of renewal. Please note operation 1704-1708. Should notice that first can be accompanied by the count information of size and the part of whole bag.
When downloading remaining more new portion, can the part number of institute's download URL be construed as limiting. Table # 24 has illustrated the particular example of the URL of a specified portions number " 3 ".
http://update.mcafeeacsa.com/504i?dev=X504i05&mdo=2&eng=3&sdb=56&chk=3
In one embodiment, can determine the integrality upgraded. Correspondingly, be verified whether on the basis of the integrality of upgrading, can be conditionally with update contruction in scanning subsystem.
As a kind of selection, the integrality of renewal can be by determining with a signature. This signature can receive (i.e. decline) together with a part of upgrading. Afterwards, this signature can be compared with another signature that uses each part generation of upgrading. Please note operation 1710.
In one embodiment, signature can generate and authenticate at corresponding PKI that is contained in upgrading of mobile communication equipment use by a RSA private key. Signature verification and generation can be done further to move by using a specific verification function storehouse.
Assumption of complete is verified, and any scanning meeting by the scanning subsystem operation is paused or ends. Please note operation 1712. Should notice that this pause is selectable.
Next, can be with update contruction in scanning subsystem. Please note operation 1714. The place that any scanning is paused in example is installed in scanning subsystem in case upgrade, and can continue afterwards to use scanning subsystem to scan. Referring to operation 1716.
For adapting to intrinsic finite bandwidth in the mobile communication framework, the size of some part of renewal can minimize. In addition, can compress the part of upgrading.
In another embodiment, can with each more the format design of new portion for can adapt to finite bandwidth intrinsic in the mobile communication framework. More information about this type of form will be set forth hereinafter.
Table #25 has illustrated the exemplary format of a down loading updating each several part.
Table #25
| MPKG <part 1> <part 2> . . . <part n> [signature:sig-len] [sig-len:4] |
Each part of the above-mentioned part of listing in table #25 is defined as follows in table #26.
Table #26
| X-ContentLength:<part-length>rn X-ContentName:<part-name>rn X-Name:<component-name>rn X-Version:<component-version>rn rn [part-data:part-length bytes] |
Each part is comprised of a file header and data. File header can indicate the segment length etc. of relevant portion of an identification code, the renewal of the relevant portion of renewal. In addition, file header can be specified data name and the length that comprises, and with an extra CR+LF to itself and real data are separated mutually. Table #27 has listed the title of the exemplary data/content that is associated with file header.
Table #27
| Component Name | Describe |
| ″pd″ | The detecting logic |
| ″sdb″ | Signature database upgrades |
Table #28 has illustrated an exemplary update package.
Table #28
| MPKG X-ContentLength:6423rn X-ContentName:update30_32\rn X-Name:sdbrn X-Version:32rn rn <SDB update binary:6423> <signature:sig-len> <sig-len:4> |
Abstract function storehouse API
As previously mentioned, provide system's and related methods that is independent of platform to be used for a mobile communication equipment. It comprises that one is independent of the scanning subsystem of platform, can communicate with the operating system of the mobile communication equipment that is used for scanning. Application programming interfaces that are independent of platform also are provided in addition, have helped for the interface is provided between operating system and the scanning subsystem. The application programming interfaces that are independent of platform have comprised an abstract function storehouse, are used for being independent of the operating system that the scanning subsystem of platform is docked with mobile communication equipment and is associated.
By this design, scanning subsystem can be independent of platform, and can be carried out in the combination of the operating system/mobile communication equipment of any type thus.
In one embodiment, the abstract function storehouse can the back-up system initialization, function library initialization, the function of makeing mistakes, Memory Allocation, I/O (I/O), data authentication, synchronously, HTTP, shared drive, system time, facility information and debugging. More about above-mentioned application programming interfaces one can select the exemplary information of example to set forth in annex A.
Although above described different embodiment, to understand easily, they only are suggested by the form of example, and do not have restricted. Therefore, the application range of certain particular instance and scope should not limited by any exemplary embodiment described above, determine and should only have with the statement of texts according to claim and with it.
Annex A
Current application programming interfaces (API) comprise following subsystem:
System initialization
Function library initializes
The function of makeing mistakes
Heap memory distributes
Indissolubility internal memory/storage body I/O
Data authentication
Synchronization object (beacon)
·HTTP API
Shared drive
System time
Facility information
Debugging
Also described one in this annex and overlapped the C-language definition that is defined in abstract function storehouse (AL) layer, in the api function storehouse.
System initialization
The startup that depends on platform/system initializes by AlLibrarySysInit () function operation. The design of this function can be called from previous the MDoSystemlnit () function of describing.
AlLibrarySysInit
Describe
Operation depends on the initialization of system
Prototype
int AiLibrarySysInit(void);
Parameter
Nothing
Return of value
Successful then return 0, otherwise be-1.
Function library initializes
Platform abstraction api function storehouse is by using Al InitLibrary () function to be initialised. Before an abstract API function was called, the abstract function storehouse just was initialised once. When AlCleanupLibrary () function was called, obtaining also by Al InitLibrary (), initialized system resource was released.
AlInitLibrary
Describe
The operation function library initializes. This function will be by MDoLibraryOpen () function call.
Prototype
int AlInitLibrary(void);
Parameter
Nothing
Return of value
Successful then return 0, otherwise be-1.
AlCleanupLibrary
Describe
The system resource that release is obtained by Al InitLibrary () function. This function will be by previous appointment
MDoLibraryClose () function call.
Prototype
void AlCleanupLibrary(void);
Parameter
Nothing
Return of value
Nothing
The function of makeing mistakes
The AL function library has comprised one and has overlapped the function of makeing mistakes, and this cover function is used for setting and obtaining the code of makeing mistakes of relevant particular task/thread. The level of abstraction implementor should be responsible for setting suitable make mistakes code and component code.
AlGetLastError
Describe
Return the code value of makeing mistakes at last of calling task/thread. Function is by using AlSetLastError () function to set the value of returning.
The AlErrorCode data type is to use a 32-position to carry out the data type of internal representations without value of symbol.
Prototype
AlErrorCode AlGetLastError(void);
Parameter
Nothing
Return of value
The value of makeing mistakes at last of invokes thread/task is set by using AlSetLastError () function to finish
AlSetLastError
Describe
Be invokes thread/task setting code of makeing mistakes at last
Prototype
voi dAlSetLastError(AlErrorCode errorCode);
Parameter
errorCode
[in] 32-code value of makeing mistakes the position
Return of value
Nothing
Make mistakes/state code
| Assembly | Make mistakes | |||
| Code | Value | Code | Value | Describe |
| N/A | 00h | ALE_SUCCESS | 0000 h | Success; Non-makeing mistakes |
| N/A | 00h | ALE_CANCELLED | 0001h | The operation cancellation; Non-makeing mistakes |
| AL_SYS_MOD ULE | 01h | ALE_BAD_FILE_MODE | 2711 h | Invalid file mode |
| ALE_FILE_OPEN | 2712h | Open failure | ||
| ALE_FILE_WRITE | 2713 h | Write failure to file | ||
| ALE_BAD_SEEK_MODE | 2714 h | Invalid searching modes | ||
| ALE_SEEK_OOB | 2715h | Invalid searching address | ||
| ALE_FILE_SEEK | 2716 h | Seek unsuccessfully to a specific file address | ||
| ALE_FILE_READ | 2717 h | Read failure | ||
| ALE_FILE_WRITE_MODE | 2718 h | Invalid write mode access | ||
| ALE_SIZE_OOB | 2719 h | Invalid file size; The failure of change file size | ||
| ALE_SEM_CREATE | 271Ah | The beacon creation failure | ||
| ALE_SEM_OPEN | 271Bh | Beacon is opened failure | ||
| ALE_SEM_WAIT | 271Ch | Beacon is waited for unsuccessfully | ||
| AL_HTTP_MO DULE (1000h-1FF Fh) | 11h | ALE_HTTP_OK | 11C8h | " 200ok "; Non-makeing mistakes |
| ALE_HTTP_NO_CONTENT | 11CCh | " 204 without content "; Non-makeing mistakes | ||
| ALE_HTTP_FORBIDDEN | 193h | " 403 forbid "; The URL that forbids | ||
| ALEJ3TTP_NOT__FOUND | 1194h | " 404 do not find "; Invalid URL | ||
| ALE_HTTP_REQ_TIMEOUT | 1198h | " 408 request overtime "; GET/PUT asks overtime | ||
| ALE_HTTP_GW_TTMEOUT | 11F8h | " 504 gateway overtime "; Receive the information failure from gateway | ||
| AL_COM_MOD ULE (2000h-20F Fh) | 20h | ALE_COM_TEMP_ERROR | 2000 h | Provisional communication makes mistakes |
| ALE_COM_PERM_ERROR | 2001 h | Permanent communication makes mistakes | ||
| AL_DA_MODU LE (2100h-20F | 21h | ALE_DA_CERT_EXPIRED | 2100 h | Certificate expired |
| ALE_DA_CERT_BAD | 2101h | Certificate is invalid |
| Fh) | ALE_DA_CERT_UNSUPPORTED | 2102h | Certificate is not supported | |
| ALE_DA_CERT_REVOKE | 2103h | Certificate is cancelled | ||
| ALE_DA_CERT_EXPIRED | 2104h | Certificate expired | ||
| ALE_DA_S CA_CERT_EXPIRED | 2105h | Inferior CA certificate is expired | ||
| ALE DA RCA CERT EXPIRED | 2106h | Root ca certificate is expired | ||
| ALE_DA_RCA_CERT_DISABLED | 2107h | Root ca certificate lost efficacy | ||
| ALE_DAJ2ERT_UNKNOWN | 2108h | Unknown certificate | ||
| ALE_DA_DATA_ALTERED | 2109h | Data are modified |
Above-mentioned form has been listed cover AL assembly and the code of makeing mistakes. One is used makeing mistakes of AlSetLastError function report is the value of a 32-position that is formed with makeing mistakes code combination by component code. Be set in makeing mistakes by using the MDoGetLastError function to obtain, conveniently when makeing mistakes generation, to take suitable action of AL level.
Heap memory distributes
Level of abstraction provides a heap memory to distribute API, dynamically distributes required internal memory with a convenient invokes application (for example " call function "). The internal memory that is assigned with is assumed to be and can shares in global scope, namely can be by a plurality of application/task institute access. AlMemAlloc () provides the distribution of heap memory and cancellation to distribute with AlMemFree () api function.
| Function | Describe |
| void*AlMemAlloc( unsigned int uSize) | Distribute a Dram |
| void AlMemFree( void*ptr) | Use AlMemAlloc to discharge the internal memory that is assigned with |
AlMemAlloc
Describe
Distribute the Dram of a specified amount and return a pointer to this internal memory. The memory block that is assigned with can be directly by the access of call function (being invokes application) institute, and does not need a special operation (being EMS memory locked).
Prototype
void*AlMemAlloc(unsigned int uSize);
Parameter
uSize
[in] is with the amount of the need storage allocation of byte calculating
Return of value
A sensing is assigned with the pointer of internal memory. As ask failure or request size to be zero and return NULL.
Also can referring to
AlMemFree()
AlMemFree
Describe
The Dram piece that release is returned by AlMemAlloc () function
Prototype
void AlMemFree(void*pData);
Parameter
pData
[in] points to the pointer of a need releasing memory piece
Return of value
Nothing
Also can referring to
AlMemAlloc()
Continuous part stores body I/O forever
(for example: flash memory) access is by using a file I/O API to carry out for persistent storage. Vide infra:
| Title | Describe |
| AL_FILE_HANDLE AlFileOpen( char const* pszFilename,int iMode) | Open, then create if necessary, specific file also returns its handle |
| void AlFileClose( AL_FILE_HANDLE_hFile) | Close the file handle that is returned by AlFileOpen () |
| unsigned int AlFileSeek( AL_FILE_HANDLE_hFile) | Reorientate the document misregistration amount |
| Unsigned int AlFileRead( AL_FILE_HANDLE hFile, void*pBuffer, unsigned int uSize) | Read from a file handle |
| unsigned int AlFileWrite( AL_FILE_HANDLE hFile, void const * pBuffer, unsigned int uSize) | Write to a file handle |
| int AlFileSetSize( AL_FILE_HANDLE hFile, unsigned int uSize) | Adjust file size |
| int AlFileStat( char const* pszFilename, ALStatBuf*pStat) | Obtain fileinfo |
File handle type AL_FILE_HANDLE is defined as:
typedef struct AL_FILE_HANDLE_struct
{
} *AL_FILE_HANDLE;
And one be used for specifying the constant of an invalid persistent storage ten days handle INVALID_AL_FILE_HANDLE to be defined as:
#define INVALID_AL_FILE_HANDLE((AL_FILE_HANDLE)0)
File status buffering area type AlStatBuf is defined as
typedef struct AlStatBuf_struct
{
unsigned long ulsize;
unsigned long ulTime;
}AlStatBuf;
AlFileOpen
Describe
Open the file of appointment and return its handle.
Prototype
AL_FILE_HANDLE AlFileOpen(const char*pszFilename,
int iMode);
Parameter
pszFilename
[in] filename/path string
iMode
[in] file access pattern
AL_OPEN_READ opens file for reading
AL_OPEN_WRITE opens file for reading and writing
Return of value
Such as successful then backspace file handle, otherwise be INVALID_AL_FILE_HANDLE.
Also can referring to
AlFileClose(),AlFileRead(),AlFileWrite()
AlFileClose
Describe
Close and system resource that release is associated with specific file handle
Prototype
void AlFileClose(AL_FILE_HANDLE hFile);
Parameter
hFile
The file handle that [in] returned by AlFileOpen ()
Return of value
Nothing
Also can referring to
AlFileOpen(),AlFileRead(),AlFileWrite()
AlFileSeek
Describe
Reorientate read/write document misregistration amount
Prototype
long AlFileSeek(AL_FILE_HANDLE hFile,
long lOffset,
int iWhence);
Parameter
hFile
[in] handle that opens file
lOffset
The document misregistration amount that [in] is relevant with the iWhence designator
iWhence
[in] initial position. Possible values has:
The AL_SEEK_SET offset parameter is specified the absolute file side-play amount. In other words, the skew that begins to locate from file
Amount.
MJ_SEEK_CUR specifies relative displacement-offset parameter inclined to one side from current file side-play amount specified file
The amount of moving.
AL_SEEK_END is from end of file specified file side-play amount.
Return of value
Such as successful then backspace file side-play amount, otherwise be-iL
Also can referring to
AlFileOpen(),AlFileClose(),AlFileRead(),AlFileWrite()
AlFileRead
Describe
Read a blocks of data from a file
Prototype
unsigned int AlFileRead(AL_FILE_HANDLE hFile,
void* pBuffer,
unsigned int uSize);
Parameter
hFile
[in] handle that opens file
pBuffer
[out] data buffer zone
uSize
[out] needs the amount of reading out data
Return of value
Then return the byte number that reads such as success, otherwise be-1
Also can referring to
AlFileOpen(),AlFileClose(),AlFileSeek(),AlFileWrite()
AlFileWrite
Describe
Write a blocks of data to a file
Prototype
unsigned int AlFileWrite(AL_FILE_HANDLE hFile,
void const* pBuffer,
unsigned int uSize);
Parameter
hFile
[in] one handle that opens file
pBuffer
[int] has the buffering area that needs data writing
uSize
[out] needs the amount of data writing
Return of value
Then return the amount of data writing such as success, otherwise be-1
Also can referring to
AlFileOpen(),AlFileClose(),AlFileSeek(),AlFileRead()
AlFileSetSize
Describe
The adjustment size that opens file.
For not supporting local file to adjust the platform of size, the abstract function storehouse is stored in the size information that each file begins to locate by restriction and carries out this function when AlFileClose () function is called.
Prototype
unsigned int AlFileSetSize(AL_FILE_HANDLE hFile,
unsigned int uSize);
Parameter
hFile
[in] quotes one with the handle that opens file of write mode
uSize
[out] is with the length of the new file of byte calculating
Return of value
Then return 0 such as success, otherwise be-1
Also can referring to
AlFileStat()
AlFileStat
Describe
Obtain file size and creation-time stamp.
For the platform that local file size and/or timestamp information acquisition methods are not provided, the abstract function storehouse is passed through at each
The beginning of file located storing information and carries out this function.
Prototype
int AlFileStat(char const*pszFilename,
AlStatBuf*pStat);
Parameter
pszFilename
The file name of [in] obtaining information
pStat
[out] points to a pointer that is used for returning size and timestamp information structure. This structure comprises following territory:
typedef struct AlStatBuf struct
{
Unsigned long ulSize; The big or small * that/* calculates with byte/
Unsigned long ulTime; / * creation-time */
}AlStatBuf;
Return of value
Then return 0 such as success, otherwise be-1
Data authentication
Platform abstraction API comprises that a cover is used for the function of verify data. Data authentication API is used for authenticating the signature database of the Malware of downloading.
In case call function can be made once AlDaVerify and calling, the data that provided to examine by using the AlDaOpen function to obtain an authentication object.
AlDaGetSignerlnfo () is used for obtaining a signer information. AlDaClose () is for the system resource of closing and discharging the data authentication handle and being correlated with. Below be an exemplary data authentication API
| Function | Describe |
| AL_DA_HANDLE AlDaOpen( const void *pSig, unsigned int uSigSize) | From a signature/certificate that provides, obtain the data authentication handle |
| void AlDaClose( AL_DA_HANDLE hHandle) | Close the data authentication handle by using AlDaOpen () to obtain |
| AlDaVerify( AL_DA_HANDLE hDA, int (*pfRead)(void*,void *,int),void*pPrivate) | The data authentication function. Call function provides a data acquisition methods by call back function |
| int AlDaGetSignerlnfo( AL_DA_HANDLE hDA, DaSignerlnfo *pDSI) | Obtain signer information |
The data authentication handle that is returned by AlDaOpen () function is defined as
ALHANDLE(AL_DA_HANDLE);
#define INVALID_AL_DA_HANDLE((AL_DA HANDLE)0)
The signer message structure is defined as
#define MAX_DA_SIGNER_NAME 128
typedef struct DaSignerlnfo_struct
{
char szSignerName[MAX_DA_SIGNER_NAME];
}DaSignerlnfo;
AlDaOpen
Describe
Create and return a data authentication handle.
Prototype
AL_DA_HANDLE AlDaOpen(const void*pSig,
unsigned int uSigSize);
Parameter
pSig
[in] points to the pointer of a signed data
uSigSize
The signature size that [in] calculates with byte
Return of value
Such as successful then return data authentication handle, otherwise be INVALID_AL_DA_HAWDLE
Also can referring to
AlDaClose(),AlDaUpdate(),AlDaVerify(),
AlDaGetSignerlnfo()
AlDaClose
Describe
Discharge the system resource that is used for a data authentication handle.
Prototype
void AlDaClose(AL_DA_HANDLE hDa);
Parameter
hDa
The data authentication handle that [in] returned by AlDaOpen.
Return of value
Nothing
Also can referring to
AlDaOpen(),AlDaUpdate(),AlDaVerify(),
AlDaGetSignerlnfo()
AlDaVerify
Describe
The service data authentication
Prototype
intAlDaVerify(AL_DA_HANDLE hDa,
int(*pfRead)(void*,void*,int),
int iTotalSize,
void*pPrivate);
Parameter
hDa
[in] data authentication handle
pfRead
The call back function of [in] call function, in order to reading out data (referring to). Makeing mistakes if any one, it can return-1, then returns 0 as countless again according to readable, otherwise returns the amount of data streams read, and turn back to the AlDaVerify function. Estimate that this function will repeatedly be called.
iTotalSize
The total data size that [in] need examine.
pPrivate
[in] is by the private data of the call function of pfRead call back function transmission.
Return of value
Obtaining authentication such as application data then is 0, otherwise is-1.
Also can referring to
AlDaOpen(),AlDaClose(),AlDaGetSignerlnfo()
It below is a call back function that sample data reads.
| int ReadCallback(void*pPrivate,void*pData,int iSize) { . . return iDataRead; } |
AlDaGetSienerlnfo
Describe
Obtain data authentication signer information
Prototype
int AlDaGetSignerMo(ALJDAJHANDLE hDA,
DaSignerlnfo*pDSI);
Parameter
hDa
[in] data authentication handle
pDSI
[out] points to a pointer that contains the structure of signer information
Return of value
Then return 0 as successfully obtaining signer information, otherwise be-1
Also can referring to
AlDaOpen(),AlDaClose(),AlDaVerify()
Synchronization object
Source synchronous and control are by reaching with a beacon. Comprise in the abstract function storehouse that a cover is in order to create, to open, to close and to limit the function of a beacon object. Below be an exemplary beacon API.
| Function | Describe |
| AL_SEM_HANDLE AlSemCreate( char const* pszName) | Create the beacon that a quilt names and return its handle |
| AL_SEM_HANDLE AlSemOpen( char const* pszName) | Return ten days handle to an existing beacon |
| void AlSemClose( | The beacon off handle; Reference count reduces one, and if |
| AL_SEM_HANDLE hHandle) | Counting reaches zero beacon of quoting and can be released. |
| int AlSemGet( AL_SEM_HANDLE hHandle) | Obtain a beacon |
| int AlSemRelease( AL_SEM_HANDLE hHandle) | Discharge a beacon |
AlSemCreate
Describe
Create the beacon that quilt is named, setting inner counting is zero, and returns its handle.
Prototype
AL_SEM_HANDLE AlSemCreate(char const*pszName);
Parameter
pszName
[in] beacon name character string
Return of value
Then return beacon ten days handle such as success, otherwise be INVALro_AL_SEM_HANDLE
Also can referring to
AlSemOpen(),AlSemClose(),AlSeraGet(),AlSemRelease()
AlSemOpen
Describe
Return a handle to an existing beacon.
Prototype
AL_SEM_HANDLE AlSemOpeh(char const*pszName);
Parameter
pszName
[in] beacon title
Return of value
Then return the beacon handle such as success, otherwise be INVALID_AL_SEM_HANDLE
Also can referring to
AlSemCreate(),AlSemClose(),AlSemGet(),AlSemRelease()
AlSemClose
Describe
Close and system resource that release is associated with the specified beacon handle. Beacon use/reference count also reduces, and reaches zero such as counting, and the beacon object that is cited can be destroyed.
Prototype
void AlSemClose(AL_SEM_HANDLE hSem);
Parameter
hSem
[in] uses AlSemCreate () or AlSemOpen () and the beacon handle of acquisition
Return of value
Nothing
Also can referring to
AlSemCreate(),AlSemOpen(),AlSemGet(),AlSemRelease()
AlSemGet
Describe
Obtain the beacon of appointment. As inner counting is greater than zero when entering, and its numerical value can reduce one and be returned immediately. As inner counting is zero when entering, and calls to be prevented from, and makes it until other tasks/threads is called AlSemRelease () greater than zero.
Prototype
int AlSemGet(AL_SEM_HANDLE hSem);
Parameter
hSem
[in] beacon handle
Return of value
Successful then return 0, otherwise be-1
Also can referring to
AlSemCreate(),AlSemOpen(),AlSemClose(),AlSemRelease()
AiSemRelease
Describe
Discharge beacon, inner counting increases by 1
Prototype
int AlSemRelease(AL_SEM_HANDLE hSem);
Parameter
hSem
[in] beacon handle
Return of value
Successful then return 0, otherwise be-1
Also can referring to
AlSemCreate(),AlSemOpen(),AlSeraClose(),AlSemGet()
HTTPAPI
Comprise a cover function in the abstract function storehouse, HTTP network I/O can be provided by the readjustment structure of using a call function to provide this cover function. Below be an exemplary HTTP API.
| Function | Describe |
| AL_TTP_HANDLE AlHttpOpen(void) | Create and return a HTTP I/O handle |
| void AlHttpClose( AL_HTTP_HANDLE hHandle) | Close HTTP I/O handle |
| int AlHttpExec( AL_HTTP_HANDLE hHandle, char const*pszMethod, char const*pszURL, AlHttpCallbacks*pHttpCb, void*pPrivate) | Operation GET or PUT operation |
The HTTP handle that is returned by AlHttpOpen () function is defined as:
typedef struct AL_HTTP HANDLE_struct
{
}*AL_HTTP_HANDLE;
#define INVALID_AL_HTTP_HANDLE((ALJ3TTP_HANDLE)0)
HTTP readjustment structure AlHttpCallbacks is defined as;
typedef struct AlHttpCallbacks_struct
{
unsigned int(*pWrite)(void* pPrivate,
void const* pData,
unsigned int uSize);
unsigned int(*pRead) (void* pPrivate.
void* pData,
unsigned int uSize);
unsigned int(*pGetSize)(void*pPrivate);
unsigned int(*pSetSize)(void* pPrivate,
unsigned int uSize);
}AlHttpCallbacks;
Various functions below given call back function provides in above HTTP readjustment structure:
PWrite is called by system's HTTP function library, the HTTP request data of receiving with storage.
PRead is used for obtaining request for data, in order to be sent out as the part of a HTTP request.
PGet Size provides the HTTP function library with applicant's content-data size, " Content-Length ".
PSet Size is called by the HTTP function library, so that the content of receiving to the application notification that calls when data put in place
The size of data.
AlHttpOpen
Describe
Create and return a handle to the HTTP function library.
Prototype
AL_HTTP_HANDLE AlHttpOpen(void);
Parameter
Nothing
Return of value
As create a HTTP example failure, then return INVALID_AL_HTTP_HMTDLE
Also can referring to
AlHttpClose()
AlHttpClose
Describe
Close and discharge the system resource that is associated with a HTTP handle.
Prototype
void AlHttpClose(AL_HTTP_HANDLE hHTTP);
Parameter
hHTTP
The HTTP function library handle that [in] returned by AlHttpOpen () function.
Return of value
Nothing
Also can referring to
AlHttpClose()
AlHttpExec
Describe
URL in appointment carries out a HTTP method (" GET " or " POST "), and with selectable file header information.
Prototype
intAlHttpExec(AL_HTTP_HANDLE hHTTP,
char const* pszMethod,
char const* pszURL,
AlHttpCallbacks* pHttpCb,
void* pPrivate);
Parameter
hHTTP
The HTTP function library handle that [in] returned by AlHttpOpen () function
pszMethod
[in] HTTP method specification. HTTP " GET " or " POST "
pszURL
[in] makes the URL of HTTP request address
pHttpCb
[in] points to the pointer of the HTTP I/O function of a cover call function appointment. The HTTP function library is used
The function of appointment in the AlHttpCallbacks structure is to carry out data I/O
pPrivate
[in/out] points to the pointer of call function data, and these call function data need be passed the call back function of appointment in the AlHttpCallbacks structure back
Return of value
Successful then return 0, otherwise be-1
Also can referring to
AiHttpOpen(),AlHttpClose()
Shared drive
The system memory address of depositing the shared object of function library obtains by use AlShmAddress () function. Should share information area and be assigned with/prepare in the device start time, and be quoted by the different instances of function library.
AlShmAddress
Describe
Return the shared drive address.
Prototype
void*AlShmAddress(void);
Parameter
Nothing
Return of value
Then return the address of shared drive such as success, otherwise be NULL
Time
AlTmGetCurrent () provides the time of the current system take second as unit to call function.
AlTmGetCurrent
Describe
Obtain current system time.
Prototype
unsigned long AlTmGetCurrent(void);
Parameter
Nothing
Return of value
Such as success, then returned the time take second as unit since epoch (Coordinated Universal Time(UTC) 00:00:00, on January 1st, 1970). As make mistakes, then return ((unsigned long)-1L).
Facility information
AlDevGetInfo
Describe
Obtain the customizing messages of equipment. The recognition of devices character string returned of function is used by API thus.
Prototype
int AlDevGetInfo(AlDeviceInfo*pDeviceInfo);
Parameter
pDevicelnfo
The pointer of [out] sensing equipment information
The AlDevicelnfo structure is defined as
#define AL_MAX_DEVICE_ID 32
typedef struct AlDevicelnfo struct
{
char szDeviceID[AL_MAX_DEVICE_ID];
}AlDevicelnfo;
Identification string szDevicelD is that a unique terminal/device identification code-it is used for other equipment of a specific mobile communication equipment and all is identified separately. This information is used to mobile communication equipment to make up a malware signature download URL. It can not comprise any character (being the space) of occurring of not allowing in a URL.
Return of value
Successful then return 0, failed then be-1
Debugging
AlDbgQutput
Describe
To a debugging control platform output debugging character string. This function is a null function that is used for released version.
Prototype
int AlDbgOutput(char const*pszOutput);
Parameter
pszOutput
[in] is to the character string of debugging control platform output
Return of value
Successful then return 0, failed then be-1
Claims (29)
1, system that utilizes mobile communication equipment access security or content analysis function is characterized in that comprising:
One operating system is installed on the mobile communication equipment that can communicate by wireless network;
One application program is installed on described mobile communication equipment, and by described operating system to execute the task; And
The one scan subsystem, by application programming interfaces and described interapplication communications, and this scanning subsystem can be carried out the access security or the content analysis function that are associated with the performed task of described application program by repacking.
2, the system as claimed in claim 1 is characterized in that, described safety or content analysis comprise safety analysis.
3, the system as claimed in claim 1 is characterized in that, described safety or content analysis comprise content analysis.
4, the system as claimed in claim 1 is characterized in that, described safety or content analysis comprise as required virus scan.
5, the system as claimed in claim 1 is characterized in that, described safety or content analysis comprise by the access virus scan.
6, the system as claimed in claim 1 is characterized in that, described application program comprises mail applications, and its task comprises managing email.
7, the system as claimed in claim 1 is characterized in that, described application program comprises viewer applications, and its task comprises browse network.
8, the system as claimed in claim 1 is characterized in that, described application program comprises the telephone book applications program, and its task comprises a plurality of telephone numbers of management.
9, the system as claimed in claim 1 is characterized in that, described application program comprises the information application program, and its task comprises information communication.
10, the system as claimed in claim 1 is characterized in that, described application program comprises java application.
11, the system as claimed in claim 1 is characterized in that, described mobile communication equipment comprises cellular phone.
12, the system as claimed in claim 1 is characterized in that, described safety or content analysis function are applied to the application data that is associated with the performed task of described application program.
13, system as claimed in claim 12 is characterized in that, described safety or content analysis function comprise scanning.
14, the system as claimed in claim 1 is characterized in that, described scanning subsystem comprises the repeated load function library.
15, the system as claimed in claim 1 is characterized in that, described scanning subsystem is connected to described application program in running time.
16, the system as claimed in claim 1 is characterized in that, described scanning subsystem comprises the one scan program, and this scanning imaging system is by application programming interfaces and described interapplication communications.
17, the system as claimed in claim 1 is characterized in that, described application programming interfaces can carry out system environments and initialize.
18, the system as claimed in claim 1 is characterized in that, described application programming interfaces can carry out release status information and reset.
19, the system as claimed in claim 1 is characterized in that, the renewable described scanning subsystem of described application programming interfaces.
20, the system as claimed in claim 1 is characterized in that, described application programming interfaces can scan.
21, the system as claimed in claim 1 is characterized in that, the configurable described scanning subsystem of described application programming interfaces.
22, the system as claimed in claim 1 is characterized in that, described application programming interfaces comprise opening and call.
23, the system as claimed in claim 1 is characterized in that, described application programming interfaces comprise data call.
24, the system as claimed in claim 1 is characterized in that, described application programming interfaces comprise the pass closed call.
25, the system as claimed in claim 1 is characterized in that, described application programming interfaces are arranged in the middle of each of a plurality of application programs.
26, a kind of system that utilizes mobile communication equipment access security or content analysis function is characterized in that, comprising:
One operating system device is installed on the mobile communication equipment that can communicate by wireless network;
One application programmer is installed on the described mobile communication equipment, and by described operating system to execute the task; And
The one scan subsystem assembly, communicate by letter with described application programmer by an application programming interfaces device, and this scanning subsystem device can be reequiped, with access security or the content analysis function of carrying out being associated with the performed task of described application programmer.
27, a kind of method of utilizing mobile communication equipment access security or content analysis function is characterized in that comprising:
Utilize one to dispose the mobile communication equipment of operating system and communicate by wireless network;
Operation one application program that is installed on the described mobile communication equipment utilizes described operating system to execute the task;
Access security or content analysis function, described safety or content analysis function utilize the performed task of one scan subsystem to match with described application program;
Wherein, described scanning subsystem communicates by application programming interfaces and described application program.
28, a kind of computer program that utilizes mobile communication equipment access security or content analysis function is characterized in that comprising:
The computer code that is used for communication, this communication utilization is disposed the mobile communication equipment of operating system, and is undertaken by wireless network;
Be used for the computer code of executive utility, this application program is installed on described mobile communication equipment, and described mobile communication equipment utilizes described operating system to execute the task;
The computer code that is used for access security or content analysis function, described safety or content analysis function match with the task that described application program utilizes the one scan subsystem to carry out;
Wherein, described scanning subsystem communicates by application programming interfaces and described application program.
29, a kind of application programming interfaces data structure of utilizing mobile communication equipment access security or content analysis function is characterized in that comprising:
One interface object, it allows one scan subsystem and the application program that is installed on a mobile communication equipment to communicate;
Wherein said scanning subsystem is suitable for accessing safety or the content analysis function that matches with the task of described application program execution.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US46388603P | 2003-04-17 | 2003-04-17 | |
| US60/463,886 | 2003-04-17 | ||
| US10/639,088 | 2003-08-11 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1875607A true CN1875607A (en) | 2006-12-06 |
Family
ID=37484972
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200480016986 Pending CN1875607A (en) | 2003-04-17 | 2004-04-05 | Api system, method and computer program product for accessing content/security analysis functionality in a mobile communication framework |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1875607A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102034050A (en) * | 2011-01-25 | 2011-04-27 | 四川大学 | Dynamic malicious software detection method based on virtual machine and sensitive Native application programming interface (API) calling perception |
| CN102067146A (en) * | 2008-05-16 | 2011-05-18 | 赛门铁克公司 | Secure application streaming |
| CN102420709A (en) * | 2011-12-23 | 2012-04-18 | 大唐移动通信设备有限公司 | Method and equipment for managing scheduling task based on task frame |
-
2004
- 2004-04-05 CN CN 200480016986 patent/CN1875607A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102067146A (en) * | 2008-05-16 | 2011-05-18 | 赛门铁克公司 | Secure application streaming |
| CN102034050A (en) * | 2011-01-25 | 2011-04-27 | 四川大学 | Dynamic malicious software detection method based on virtual machine and sensitive Native application programming interface (API) calling perception |
| CN102420709A (en) * | 2011-12-23 | 2012-04-18 | 大唐移动通信设备有限公司 | Method and equipment for managing scheduling task based on task frame |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1269337C (en) | Content adaptive service control system | |
| CN1591397A (en) | Secure data management apparatus | |
| CN1427588A (en) | Content releasing system, descripting data releasing apparatus and content releasing method | |
| CN1832457A (en) | Packet communication apparatus with function enhancement module | |
| CN1577316A (en) | Security management system in parallel processing system by os for single processors | |
| CN1577324A (en) | Document management method, document management program, recording medium, and document management apparatus | |
| CN1650571A (en) | Content processing device, content accumulation medium, content processing method, and content processing program | |
| CN1716225A (en) | Generic USB drivers | |
| CN1826593A (en) | Method and system for transacted file operations over a network | |
| CN1655145A (en) | Systems and methods that optimize row level database security | |
| CN1950798A (en) | Installation of software on removable media | |
| CN100342691C (en) | A method for handling a multi-modal dialog | |
| CN1977229A (en) | Program execution device and program execution method | |
| CN1624657A (en) | Security-related programming interface | |
| CN1573656A (en) | Power supply management system in parallel processing system and power supply management program therefor | |
| CN1701568A (en) | Multi-modal web interaction over wireless network | |
| CN1609802A (en) | Programming interface for licensing | |
| CN1834889A (en) | Software authentication system, software authentication program, and software authentication method | |
| CN1282071C (en) | Data processor, data processing method and program thereof | |
| CN1313917C (en) | Data processor, data processing method and program thereof | |
| CN1534504A (en) | Paralled processing system using single processor operating system and parallel processing program | |
| CN1444356A (en) | Data communication method | |
| CN1763712A (en) | Method for dynamical determination of actions to perform on a selected item in a web portal GUI environment | |
| CN1656452A (en) | Data usage managemnet electronic apparatus, method, program, and storage medium | |
| CN1745556A (en) | Control and status protocol between a data device and a wireless communication unit |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20061206 |