200912696 九、發明說明: 【發明所屬之技術領域】 本發明係關於安裝於使用者之電腦中之應用程式之控 制,且更特定言之係關於一種控制應用程式之執行的系統 及方法,其決定在使用者之電腦中執行哪種應用程式且控 制一設定類別中所包括之應用程式的執行。 【先前技術】 不僅可以存在依據使用者之需要所下載及安裝之檔案, 而且存在其中使用者不知道一使用者之電腦中所安裝之各 種應用程式中之程式之準確物質的情況下錯誤安裝的應用 程序檔案或病毒程式。此外,可能發生其中次要使用者在 許多使用者所存取及使用之電腦(例如家中所使用之電腦) 中安裝不為主要使用者所知之程式執行檔案的情況。尤其 可月b執行與P2P或訊息程式相關具有為兒童提供用於獲得 有害資訊之路線之高可能性的程式執行檔案、或管理者 (例如父母)不允許之遊戲檔案。因此,對一種搜尋欲防止 免於任意執行之程式且提供防止程式之執行之能力的系統 或方法之要求已逐漸增加。 檢視提供此能力之習知技術中,已提出若干技術,其中 週期性搜尋儲存於使用者之電腦之碟片中的應用程式之執 行檔案名(xxx.exe)或分析全部程式或程式之一特定部分以 搜哥-特定字元串’且若所搜尋之程式對應於經受以用於 控制之程式,則可以刪除該等程式,或即時搜尋該等應用 私式之執行檔案名(xxx.exe)或分析全部程式或程式之一特 133472.doc 200912696 定部分以搜尋-特定字元串,且若所搜尋之程式對應於經 受以用於控制之程式,則攔截該程式之執行。 不過,應用程式之執行權案名(xxx.exe)可以任意變化因 而搜尋執行檔案名(孤叫之習知技術之效應不利受限 制。此外,分析全部程式或程式之一特定部分以搜尋一特 定字元串之習知技術具有以下一問題:執行該程序之步驟 中用於運行每—程式之處理器上有很大負擔。此外,習知 技術無法提供各類別之分類控制,該分類控制針對每一類 別將各種應用程式分類且決定該等應用程式之執行或搁 戴。 【發明内容】 因此,已進行本發明以解決先前技術中出現的上面提及 之問題,且本發明提供-種控制應用程式檔案之執行的構 件^其分析透過網際網路或類似者所獲得之各種應用程式 執灯檔案;收集該等應用程式 料;針對每-類別將該收隼資料建:二存在之驗證資 叹果貝科建立成一資料庫;將一應 ^式分類驗證資料庫下載至一使用者之電腦(例如Pc)';、、 二亥使I:之電腦中執行該應用程式之前使該應用程式之 :執仃推遲一會兒;從該應用程式操取該驗證資料·及決 疋該已擷取驗證資料是 、 ^ ^ ^ ^ 7應於°亥使用者之電腦中所儲存 之忒等應用程式驗證資料資 用程式之該執行。4貝抖庫之各項目,以便控制該應 =,已進行本發明以解決先前技術中出現 之問續’且本發明提供-種判別該使用者之電腦中所執行 133472.doc 200912696 之該應用程式之—類別且依據 ^ 町耵母—類別所設定之一控 制方法允許或攔截該應用程式之該執行的構件。 依據本發明之—祥雖,妈^ , 7 供—種驗證及控制應用程式執 订的方法,其包含以下步驟:建立一應用程式驗證資料 加’其中-應❹式驗證祠服器分析相對於透過網際網 路或類似者所㈣之各㈣程式料,執行該等應用程式 之一程序所需要的胤,若能_㈣應用程式之DLL存 在於載入之DLL中’則擷取一唯一DLL,若能夠判別該應 用程式之DLL不存在於載人耻中,則操取該應用程式之 元資訊做唯—識別項,及針對每-程式類別產生該應用程 式驗證貢料DB;發送該應用程式驗證資料Μ,其中將建 立該應m驗證資料DB之師財所產生之該應用程 式驗證資料DB發送至一使用者之電冑;擷取該使用者之 電腦之應用程式驗證資料,*中,在初始化該使用者之電 腦中之該制程式之執行時,推遲該制程式之該執行, 然後作為該程式驗證資_取該應用程式之該DLL及該元 資訊;以及驗證及控制該使用者之電腦之該應用程式該執 行’其中採用需要用於該使用者之電腦中之該應用程式之 該驗證資料,搜尋該應用程式驗證資料DB,若無相對應 項目’則允許該已推遲應用程式之該執行,且將該已擷取 驗證資料發送至該應用程式驗證伺服器,及若該應用程式 驗證 > 料DB中存在一相對應項目,則依據針對每一類別 之一環境设疋政策,控制該應用程式之該執行之攔截或允 許。 133472.doc 200912696 【實施方式】 下文將參考附圖說明依據本發明之一範例性具體實施例 的—種驗證應用程式及控制其執行的結構及步驟。 參考圖1至6,依據本發明之一範例性具體實施例的一種 驗證及控制應用程式執行的方法包括:建立—應用程式驗 邊資料DB的步驟S100,其中一應用程式驗證伺服器1〇〇分 析相對於透過網際網路或類似者所收集之各應用程式槽案 執行該等應用程式之-程序所f要的肌,若能夠判別該 應用程式之DLL存在於載入DLL中則擷取一唯一 dll,若 能夠判別該應用程式之DLL不存在於載入DLL中則擷取該 應用程狀元資則故唯一識別項,及針對每一程式類別產 生該應用程式驗證資料DB ;發送該應用程式驗證資料db 的步驟S200,其中將建立該應用程式驗證資料db之步驟 S100中所產生之該應用程式驗證資料DB發送至一使用者 之電腦200 ;擷取該使用者之電腦之應用程式驗證資料的 步驟S300,其中,初始化該使用者之電腦2〇〇中之該應用 程式之執行時,推遲該應用程式之該執行’然後作為該程 式驗證資料擷取該應用程式之該DLL及該元資訊;以及驗 證及控制該使用者之電腦之該應用程式該執行的步驟 S400 ’其中採用需要用於該使用者之電腦中的該應用程式 之該驗證資料搜尋該應用程式驗證資料DB,若無相對應 項目,則允許該已推遲應用程式之該執行且將該已擷取驗 證資料發送至該應用程式驗證伺服器1〇〇,及若該應用程 式驗證資料DB中存在一相對應項目,則依據針對每一類 133472.doc -10· 200912696 別之一環境設定政策控制該應用程式之該執行之攔截或允 許。 如解說另外包括記錄一應用程式執行/攔截歷史之—步 驟的一範例性具體實施例之圖2所示,宜在控制驗證及執 行之步驟S400之後進一步包括記錄該應用程式執行/攔截 歷史的步驟S500,其中在使用者之電腦的應用程式驗證資 料DB中§己錄該應用程式執行允許或攔截之歷史。 更明確言之,在建立應用程式驗證資料DB之步驟Μ 中’分析執行該應用程式所需要之組,其中判別該應用 程式之驗證資料DB係由該等載入DLL之資訊構成。例如, 分析一普通訊息程式(例如MSN(程式C1)、Nate〇n(程式Ο) 或類似程式)之執行程序時,載入特定唯一DLL以用於執行 該程式。此外,即使修補該等普通程式該唯一 dll具有 小的變化可能性’因而包括唯一DLL之應用程式驗證資料 DB有利地不需要頻繁更新。 此外,在其中該應用程式係—未載入其存在於Windows 輔助程式中之唯一 DLL之程式㈣口,撲克牌遊戲、Freecell (程式B3)或類似程式)的情況下,該程式載入其他程式共同 使用之DLL ’因而難以擷取相制程式之唯―脱資訊。 不k在本心日月中’掏取該等應用程式之元資訊(Wind〇ws 標題名、執行檔案之影像名或類似者)作為能夠判別該應 用程式之驗證資料。 已擷取驗證資料(唯-DLL或元資訊)係針對程式之每一 類別加以分類,且建立應用程式驗證資料〇β U0,加中 133472.doc 200912696 所包括之資訊接收藉由處理程式檔案之DLL及元資訊所獲 得之一特定雜湊值的輸入,且驗證伺服器1 〇〇中所產生之 應用程式驗證資料DB 110係透過將應用程式驗證資料DB 發送至使用者之電腦2〇〇的步驟S200而儲存於使用者之電 月® 2 0 0的應用程式驗證資料db 210中,以便可以基於使用 者之電腦200的應用程式驗證資料db 2 10來控制使用者之 電腦中所執行之各種應用程式的執行。 同時,如明確解說依據本發明之另一範例性具體實施例 的一更新應用程式驗證資料DB之步驟之圖3所示,更佳地 驗證及控制應用程式執行的方法進一步包括更新應用程式 驗證資料DB之步驟S600,其中啟動使用者之電腦2〇〇時執 行代理程式’且將使用者之電腦的應用程式驗證資料DB 210與應用程式驗證伺服器100之應用程式驗證資料DB 11〇 作比較’識別使用者之電腦的應用程式驗證資料DB 21 〇是 否最新,且若應用程式驗證資料DB 21〇不為最新的,則更 新應用程式驗證資料DB 2 1 0。 上述建立應用程式驗證資料DB之步驟si〇〇係藉由儲存 於應用程式驗證伺服器100中之代理程式來實施且,如解 說依據本發明之s亥範例性具體實施例的建立應用程式驗證 資料DB之特定步驟之圖4所示,其宜包括:執行代理程式 之步驟SU0,在該步驟S110中執行代理程式;執行應用程 式之步驟S120,在該步驟8120中執行應用程式;擷取載入 dll之步驟S130,在步驟S130中擷取執行應用程式所需要 之基本載入DLL;決定唯一DLL之步驟Sl4〇,在步驟sl4〇 133472.doc •12· 200912696 中決定能夠判別應用程式之唯一 DLL是否存在於已擷取基 本載入DLL中;擷取元資訊之步驟S150,在步驟S150中, 若依據步驟S140之結果決定唯一 DLL不存在,則擷取應用 程式之元資訊;及添加一驗證資料DB搜尋項目之步驟 S160,在步驟S160中將擷取載入DLL之步驟S130中所擷取 的唯一 DLL或擷取元資訊之步驟S150中所擷取的應用程式 元資訊作為搜尋項目添加至驗證資料DB。200912696 IX. Description of the Invention: [Technical Field of the Invention] The present invention relates to the control of an application installed in a user's computer, and more particularly to a system and method for controlling the execution of an application, the decision Which application is executed on the user's computer and controls the execution of the application included in a set category. [Prior Art] There are not only files that are downloaded and installed according to the needs of the user, but also erroneously installed in the case where the user does not know the accurate substance of the programs in various applications installed in a user's computer. Application file or virus program. In addition, it may happen that a secondary user installs a program executable file that is not known to the primary user in a computer that is accessed and used by many users, such as a computer used in a home. In particular, the program execution file associated with the P2P or the message program having a high probability of providing the child with a route for obtaining harmful information, or a game file not permitted by the manager (e.g., parent) may be executed. Therefore, there has been an increasing demand for a system or method for searching for a program that is intended to prevent arbitrary execution and to provide the ability to prevent execution of the program. In the prior art of providing this capability, several techniques have been proposed in which the execution file name (xxx.exe) of an application stored on a user's computer disc is periodically searched or one of the programs or programs is analyzed. Some of them are search-specific character strings' and if the programs searched for correspond to programs that are subject to control, they can be deleted or search for the executable file name (xxx.exe) of the applications. Or analyze one of the programs or programs to search for a specific string of characters, and if the program being searched for corresponds to a program that is subject to control, intercept the execution of the program. However, the application's execution rights name (xxx.exe) can be arbitrarily changed to search for the executable file name (the effect of the known technology of lone calls is unfavorable. In addition, analyzing a specific part of a program or program to search for a specific The conventional technique of character strings has the following problem: there is a great burden on the processor for running each program in the step of executing the program. Moreover, the prior art cannot provide classification control for each category, and the classification control is directed to Each category classifies various applications and determines the execution or shelving of such applications. SUMMARY OF THE INVENTION Accordingly, the present invention has been made to solve the above-mentioned problems occurring in the prior art, and the present invention provides The component of the execution of the application file, which analyzes various application license files obtained through the Internet or the like; collects the application materials; and builds the received data for each category: Singer Beco establishes a database; downloads a categorized verification database to a user's computer (eg Pc)'; : The application is executed in the computer before the application is executed: the execution is postponed for a while; the verification data is obtained from the application, and the verification data is determined, ^ ^ ^ ^ 7 should be in ° Hai The execution of the application verification data application program stored in the user's computer, etc., in order to control the response, the present invention has been implemented to solve the problem in the prior art. The present invention provides a component that determines the type of the application of the application 133472.doc 200912696 executed in the user's computer and controls or blocks the execution of the application according to one of the control methods set by the ^machi-mother-category. According to the present invention, the method of verifying and controlling the application of the application, the method includes the following steps: establishing an application verification data plus 'where----------------------- For each of the four (4) programs of the Internet or similar (4), execute the program required by one of the applications. If the DLL of the application exists in the loaded DLL, then select The unique DLL, if it can be determined that the DLL of the application does not exist in the smug, the operator's meta information is used as the only identification item, and the application verification treasury DB is generated for each program category; The application verification data, wherein the application verification data DB generated by the teacher's financial office of the verification data DB is sent to a user's computer; and the application verification data of the user's computer is retrieved. In the execution of the program in the user's computer, the execution of the program is postponed, and then the program is used to verify the DLL and the meta information of the application; and the verification and control The application of the user's computer should execute the verification data of the application in the user's computer, and search for the application verification data DB. If there is no corresponding item, the application is allowed to be postponed. The execution of the application, and the captured verification data is sent to the application verification server, and if the application verification > material DB exists in a phase Should the project, one for each category based on the environmental policy set piece goods, control of intercepting the execution of the application or allow. 133472.doc 200912696 [Embodiment] Hereinafter, a structure and a procedure for verifying an application and controlling execution thereof according to an exemplary embodiment of the present invention will be described with reference to the accompanying drawings. Referring to FIGS. 1 through 6, a method for verifying and controlling application execution according to an exemplary embodiment of the present invention includes the step of establishing an application edge check data DB S100, wherein an application verification server 1〇〇 Analyze the muscles of the application that are executed by the application through the Internet or similar applications. If it can be determined that the DLL of the application exists in the loading DLL, then take one. The only dll, if it can be determined that the DLL of the application does not exist in the loading DLL, then the application identifier is uniquely identified, and the application verification data DB is generated for each program category; the application is sent Step S200 of verifying the data db, wherein the application verification data DB generated in step S100 of establishing the application verification data db is sent to a user's computer 200; and the application verification data of the user's computer is retrieved. Step S300, wherein, when the execution of the application in the user's computer is initialized, the execution of the application is postponed' then The DLL and the meta-information of the application for the program verification data; and the step S400 of the application for verifying and controlling the user's computer, wherein the application is required for the user's computer Searching the application verification data DB by the verification data of the application, if there is no corresponding item, allowing the execution of the deferred application and sending the captured verification data to the application verification server 1 , and If there is a corresponding item in the application verification data DB, the interception or permission of the execution of the application is controlled according to one of the 133472.doc -10·200912696 environment setting policies. As shown in FIG. 2, which is an exemplary embodiment of the steps of recording an application execution/intercept history, it is preferred to further include the step of recording the execution/intercept history of the application after the step S400 of controlling verification and execution. S500, wherein the application execution data DB of the user's computer has recorded the history of permission or interception of the application. More specifically, in the step of establishing an application verification data DB, 'analyze the group required to execute the application, wherein the verification data DB identifying the application is composed of the information of the load DLL. For example, when analyzing an executable program of a normal message program (such as MSN (Program C1), Nate〇n (Program) or the like), a specific unique DLL is loaded for execution of the program. Moreover, even if the ordinary dll is patched, the unique dll has a small possibility of change' so that the application verification material DB including the unique DLL advantageously does not require frequent updates. In addition, in the case where the application is a program that does not load its unique DLL that exists in the Windows helper program (4), poker game, Freecell (program B3) or the like, the program loads other programs. The DLL that is used together is thus difficult to capture the unique information of the phase program. Not in the heart of the month, the source information of these applications (Wind〇ws title name, image name of the execution file or the like) is taken as a verification data capable of discriminating the application. The verification data (only - DLL or meta information) is classified for each category of the program, and the application verification data is established 〇β U0, and the information included in the 133472.doc 200912696 is received by the processing program file. The DLL and the meta-information obtain a specific hash value input, and the application verification data DB 110 generated in the verification server 1 is sent to the user's computer through the application verification data DB 2 The S200 is stored in the application verification data db 210 of the user's e-month® 200, so that the application executed on the user's computer can be controlled based on the application verification data db 2 10 of the user's computer 200. Execution of the program. Meanwhile, as shown in FIG. 3 of the step of updating the application verification data DB according to another exemplary embodiment of the present invention, the method for more successfully verifying and controlling the execution of the application further includes updating the application verification data. Step S600 of the DB, in which the user's computer is started to execute the agent' and the application verification data DB 210 of the user's computer is compared with the application verification data DB 11 of the application verification server 100. The application verification data DB 21 of the user's computer is updated, and if the application verification data DB 21 is not up to date, the application verification data DB 2 1 0 is updated. The step of establishing the application verification data DB is implemented by the agent stored in the application verification server 100, and the application verification data is set up according to the exemplary embodiment of the present invention. As shown in FIG. 4 of the specific steps of the DB, it preferably includes: executing the agent step SU0, executing the agent in the step S110; executing the application step S120, executing the application in the step 8120; Step S130 of dll, in step S130, the basic load DLL required to execute the application is retrieved; step S14 of determining the unique DLL, and determining the unique DLL of the application in step sl4〇133472.doc •12·200912696 Whether it exists in the captured basic loading DLL; in step S150, in step S150, if it is determined according to the result of step S140 that the unique DLL does not exist, the meta information of the application is retrieved; and a verification is added. Step S160 of the data DB search item, in step S160, the unique DLL retrieved in step S130 of the loading DLL or the step S150 of capturing the meta information is taken in step S160. App yuan to take the information added as a search for items to verify information DB.
步驟S150中所擷取之應用程式元資訊可以包括應用程式 之Windows標題名、執行影像之檔案名、或類似者。 此外,擷取使用者之電腦之應用程式驗證資料的步驟 S300與驗證及控制使用者之電腦之應用程式執行的步驟 S400可以藉由儲存於使用者之電腦中的代理程式來實行。 欲參考圖5詳細說明步驟S300與S400,擷取使用者之電 腦之應用程式驗證資料的步驟S300包括:偵測使用者之電 腦中之應用程式之執行之一開始點的步驟S31〇 ;推遲應用 程式之執行步驟S320;從應用程式擷取執行應用程式所需 要之dll的步驟S33G;及從應用程式操取w訊的步驟 S340 〇 欲明確說明步驟S3 10與S320 休用代理程式之形式所 實施的控制裝置係在啟動使用者之電腦的同時加以操作, 載入驗證資料dB,開始债測應用程式之執行的操作,、及: 使用者之電腦貞測到應用程式之執行之開始點 : 遲程式執行。 自尤推 此外,步驟测中鮮載人DLL之程序採用—使用 133472.doc 13 200912696The application meta-information captured in step S150 may include the Windows title name of the application, the file name of the execution image, or the like. In addition, the step S300 of extracting the application verification data of the user's computer and the step S400 of executing the application of the computer for verifying and controlling the user can be performed by an agent stored in the user's computer. Steps S300 and S400 are described in detail with reference to FIG. 5. Step S300 of extracting application verification data of the user's computer includes: step S31 of detecting a start point of execution of the application in the user's computer; delaying application Step S320 of executing the program; step S33G of extracting the dll required for executing the application from the application; and step S340 of fetching the information from the application program to explicitly explain the form of the step S3 10 and the S320 idle agent The control device is operated while the user's computer is activated, the verification data is loaded, the execution of the debt measurement application is started, and: the user's computer detects the start of execution of the application: late Program execution. In addition, the procedure for measuring the fresh-loaded DLL in the step-by-step test is to use 133472.doc 13 200912696
Windows中所提供之程序相關API函數擷取載入DLL的方法 且步驟S34〇中所擷取之應用程式元資訊可以包括應用程式 之Windows標題名、執行影像之檔案名、或類似者。 此外,如圖5所示,驗證及控制使用者之電腦之應用程 式執行的步驟S400包括:搜尋從使用者之電腦之應用程式 所擷取的用作驗證資料之DLL或元資訊是否對應於使用者 之電知之應用程式驗證資訊DB 210之項目的步驟步 驟S410中對應之條件下針對驗證資料db中之每一類別分 類應用程式的步驟S420 ;依據步驟842〇中所分類之每—類 別之控制政策決定是否攔截應用程式之執行的步驟§43〇 ; 允許或攔截應用程式之執行的步驟844〇與S45〇 ;及步驟 S410中不對應之條件下將驗證資料發送至應用程式驗證伺 服器100,且允許使用者之電腦中應用程式之執行的步驟 S460與 S470 ° 對於各類別,應用程式驗證資料DB 11〇與21〇中所包名 U 之檀案可以詳細分類成P2P程式類別PR10、遊戲程式❹ 、訊息程式類別PR30、其他程式類別PR40、或❹ 者,如圖6至8所示。此外,依據步驟S420中所分類之每一 類別之控制政策決定是否攔截應用程式之執行的步驟⑽ 以及允許或織應、_式之執行的步驟⑷績_中,可 二^是否透過使用者所設定之環境僅攔截遊戲程式類別 中所包括之應用程式之執行或隨同咖訊息程式類別 PR10、訊息程式類別p 、 式-起攔截遊戲程式類別。R2=:括中所包括之應用程 汉宁所包括之應用程式之執 I33472.doc -14- 200912696 行’以便可以滿足使用者之各種要求。此外,即使在其中 不僅攔截而且允許執行的情況下,也透過記錄應用程式之 執行/攔截之歷史的步驟S500來記錄及儲存各應用程式類 別之應用程式之執行與攔截之歷史以便其可以用作統計材 料。 參考圖6,依據本發明的一種驗證及控制應用程式執行 的系統包括:該應用程式驗證伺服器丨〇〇,其係用於分析 相對於透過網際網路或類似者所收集之應用程式執行應用 耘式檔案之程序所需要之DLL,若能夠判別應用程式之 DLL存在於載入DLL中則擷取該唯一DLL,若應用程式不 包括DLL則擷取載入DLL中能夠判別應用程式之元資訊, 以及針對各程式類別產生及更新應用程式驗證資料DR 11 〇,及該使用者之電腦2〇〇,其包括從應用程式驗證伺服 器發送至使用者之電腦的應用程式驗證資料DB 21〇及一驗 '^與執行控制單元220,該驗證與執行控制單元22〇係在使 1, 帛权電腦中初始化應用程式之執行時推遲應用程式之執 行且作為驗證資料擷取已執行應用程式之DLL及元資訊, 料DB,若無相The program-related API function provided in Windows retrieves the method of loading the DLL and the application element information retrieved in step S34 can include the Windows title name of the application, the file name of the execution image, or the like. In addition, as shown in FIG. 5, the step S400 of verifying and controlling the application execution of the user's computer includes: searching whether the DLL or meta information used as the verification data retrieved from the application of the user's computer corresponds to the use. Step S420 of classifying the application for each category in the verification data db under the condition of the step S410 of the application verification information DB 210; the control of each category classified according to step 842 The policy determines whether to intercept the execution of the application, §43〇; allow or intercept the execution of the application, steps 844〇 and S45〇; and the verification data is sent to the application verification server 100 under the condition that the step S410 does not correspond, Steps S460 and S470 are allowed to execute the application in the user's computer. For each category, the application verification data DB 11〇 and 21〇 can be classified into the P2P program category PR10 and the game program. ❹ , message program category PR30, other program category PR40, or ,, as shown in Figures 6-8. In addition, according to the control policy of each category classified in step S420, it is determined whether to intercept the execution of the application (10) and the step (4) of allowing or compliant, and the execution of the _ type can be The setting environment only intercepts the execution of the application included in the game program category or the accompanying coffee program category PR10, the message program category p, and the type of the game program. R2=: The application included in the package The application of the application included in Hanning I33472.doc -14- 200912696 line 'to meet the various requirements of the user. Further, even in the case where not only interception but also execution is permitted, the history of execution and interception of the application of each application category is recorded and stored by the step S500 of recording the history of execution/interception of the application so that it can be used as Statistical material. Referring to FIG. 6, a system for verifying and controlling application execution according to the present invention includes: the application verification server, which is used to analyze an application executed relative to an application collected through the Internet or the like. The DLL required by the program of the file type, if it can discriminate that the DLL of the application exists in the loading DLL, the unique DLL is retrieved, and if the application does not include the DLL, the source information of the application can be discriminated in the loading DLL. And the generation and update of the application verification data DR 11 and the user's computer 2, which includes the application verification data DB 21 from the application verification server to the user's computer. Detecting and executing the control unit 220, the verification and execution control unit 22 delays the execution of the application when the execution of the application is initialized in the computer, and retrieves the executed application DLL as the verification data. And yuan information, material DB, if there is no phase
程式之執行。 採用已擷取驗證資料搜尋應用程式驗證資料 對應項目則釋放應用程式之執行之推遲且將亡Execution of the program. Search for application verification data using captured verification data. The corresponding project releases the execution delay of the application and will die.
133472.doc 15 200912696 控制應用程式執行的代理程式來實施。如圖7所示,較佳 地用於驗證及控制應用程式執行的代理程式進_步包I 每一類別之允許/攔截之控制設定單元221,其係藉由使用 者預先設定各類別之應用程式之執行的允許或搁截;—程 式執行即時偵測單元2 2 2,其係用於制使用者之電腦中 應用程式之執仃之初始化;一執行允許或搁載歷史記錄單 心3 ’其係用於將應用程式之執行之允許或攔截的歷史 此錄至應用程式驗證資料DB 22〇; 一驗證資料Μ更新單 儿224,其係用於將使用者之電腦的應用程式驗證資料DB 210與應用程式驗證伺服11100之應用程式驗證資料DB 110 作比較以更新;及一執行與攔截通知單元225,其係用於 通知使用者該執行與攔截。 、 由於可能執行錯誤安裝之應用程序檔案、病毒程式、主 要使用者不需要之程式執行楷案、與p2p或訊息程式相關 具有為兒童提供用以獲得有害資訊之路線之高可能性的執 2檔案、管理者(例如父母)不允許之遊戲檔案、或類似 者,所以本發明具有以下效應:若於使用者之電腦中债測 -_程式之執彳了則使該執行推遲—會兒,從應用程式掏 =證資料以搜尋已掏取驗證資料是否對應於使用者之電 ==存之應用程式分類驗證資料庫之各項目,及依據 :否I::搜術防止免於任意執行之程式,藉此控制 =攔截或允許應用程式之執行。此外,本發明具有以下 針對每一類別分類應用程式以便依據針對每一類別 斤狄疋之環境設定政策控制應❹式之執行之攔截或允 133472.doc •16- 200912696 許。 儘管已參考附圖說明本發明之技術精神,但該說明不限 制本發明而僅僅解釋本發明之較佳具體實施例。此外,熟 %此項技術者應明白,可以於此進行各種變更與修改而不 背離本發明之技術精神與範脅。 此外,申凊專利範圍之範疇而非詳細說明定義本發明之 範疇’且應瞭解,由申請專利範圍之意義與範疇以及等效 概念所導出之每一變更與修改屬於本發明之範疇。 【圖式簡單說明】 本發明的以上及其它目標、特徵及優點可從上面連同附 圖的詳細說明而更明白,其中: 圖1係解說本發明之一範例性具體實施例的一流程圖; 圖2係解說依據本發明之一範例性具體實施例的一流程 圖’該具體實施例另外包括一記錄應用程式執行/攔截歷 史之步驟; 圖3係明確解說依據本發明之另一範例性具體實施例之 更新應用程式驗證資料DB之步驟的流程圖; 圖係月確解說依據本發明之一範例性具體實施例之一 建立應用程式驗證資料DB之步驟的流程圖; 圖5係明確解說依據本發明之一範例性具體實施例之— = = 在該程序中’搁取使用者之電腦之應用程 工貝;斗的步驟S300與驗證及控制使用者之電腦 程式執行的步㈣彻係、藉由儲存於使用者之電 : 理程式來實行; 巧—代 133472.doc -17- 200912696 圖6係解說一經構造用於實施依據本發明之一範例性具 體實施例之方法的系統之圖式; 圖7係解說依據本發明之一範例性具體實施例之一驗證 及控制應用程式執行的代理程式之圖式;及 圖8係解說依據本發明之一驗證資料DB之檔案的圖式。 【主要元件符號說明】 100 應用程式驗證伺服器 110 V' 應用程式驗證資料DB 200 使用者之電腦 210 應用程式驗證資料DB 220 驗證與執行控制單元 221 每一類別之允許/攔截之控制設定單元 222 程式執行即時偵測單元 223 執行允許或攔截歷史記錄單元 224 驗證資料DB更新單元 / 225 執行與攔截通知單元 PR10 P2P程式類別 PR20 遊戲程式類別 PR30 訊息程式類別 PR40 其他程式類別 133472.doc -18-133472.doc 15 200912696 Controls the execution of the application by the application. As shown in FIG. 7, the permission/interception control setting unit 221 of each category of the agent program for verifying and controlling the application execution is configured by the user to preset the application of each category. The execution or execution of the program is executed; the program executes the instant detection unit 2 2 2, which is used to initialize the execution of the application in the user's computer; an execution allows or posts the history single 3 ' It is used to record the history of permission or interception of application execution to the application verification data DB 22〇; a verification data update unit 224, which is used to verify the application DB of the user's computer. 210 is compared with the application verification data DB 110 of the application verification server 11100 for updating; and an execution and interception notification unit 225 is used to notify the user of the execution and interception. Due to possible execution of incorrectly installed application files, virus programs, programs that are not required by major users, and files that are associated with p2p or message programs and have a high probability of providing children with a route to obtain harmful information. The game file or the like is not allowed by the manager (for example, the parent), so the present invention has the following effect: if the debt test of the user's computer is blocked, the execution is postponed - at the time, from Application 掏=Certificate data to search for the items that have been retrieved for verification data corresponding to the user's electricity == stored application classification verification database, and based on: No I:: Search to prevent free execution of the program To control = intercept or allow the execution of the application. In addition, the present invention has the following classification application for each category to control the interception or permission of the execution of the policy according to the environment setting policy for each category. 133472.doc •16- 200912696. While the technical spirit of the present invention has been described with reference to the drawings, the description is not intended to limit the invention, but merely to explain the preferred embodiments of the invention. In addition, it should be understood by those skilled in the art that various changes and modifications may be made therein without departing from the spirit and scope of the invention. In addition, the scope of the invention is to be construed as being limited to the scope of the invention and the scope of the invention is intended to be BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features and advantages of the present invention will become more apparent from 2 is a flow chart illustrating an exemplary embodiment of the present invention. The specific embodiment further includes a step of recording an application execution/intercept history. FIG. 3 is a diagram illustrating another exemplary embodiment in accordance with the present invention. Flowchart of the steps of updating the application verification data DB of the embodiment; FIG. 5 is a flow chart illustrating the steps of establishing an application verification data DB according to one exemplary embodiment of the present invention; FIG. 5 is a clear explanation basis. An exemplary embodiment of the present invention - = = in the program 'takes the user's computer application work; the step S300 of the bucket and the step of verifying and controlling the user's computer program execution (four) Executed by the user's electricity: program; 巧-代133472.doc -17- 200912696 Figure 6 is a diagram for constructing one of the embodiments according to the present invention FIG. 7 is a diagram illustrating an agent that verifies and controls execution of an application in accordance with an exemplary embodiment of the present invention; and FIG. 8 illustrates a method in accordance with the present invention. One of the schemas for verifying the file DB. [Description of Main Component Symbols] 100 Application Verification Server 110 V' Application Verification Data DB 200 User's Computer 210 Application Verification Data DB 220 Verification and Execution Control Unit 221 Permission/Intercept Control Setting Unit 222 for each category Program execution immediate detection unit 223 Execution permission or interception history unit 224 Verification data DB update unit / 225 Execution and interception notification unit PR10 P2P program category PR20 Game program category PR30 Message program category PR40 Other program category 133472.doc -18-