TWI605358B - Communication hub and method for verifying message among applications thereof - Google Patents

Communication hub and method for verifying message among applications thereof Download PDF

Info

Publication number
TWI605358B
TWI605358B TW105128006A TW105128006A TWI605358B TW I605358 B TWI605358 B TW I605358B TW 105128006 A TW105128006 A TW 105128006A TW 105128006 A TW105128006 A TW 105128006A TW I605358 B TWI605358 B TW I605358B
Authority
TW
Taiwan
Prior art keywords
key
message
application
processor
destination
Prior art date
Application number
TW105128006A
Other languages
Chinese (zh)
Other versions
TW201807613A (en
Inventor
陳建宇
李文進
鐘啟豪
Original Assignee
啟碁科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 啟碁科技股份有限公司 filed Critical 啟碁科技股份有限公司
Priority to TW105128006A priority Critical patent/TWI605358B/en
Priority to CN201710457275.1A priority patent/CN107783846B/en
Application granted granted Critical
Publication of TWI605358B publication Critical patent/TWI605358B/en
Publication of TW201807613A publication Critical patent/TW201807613A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/541Interprogram communication via adapters, e.g. between incompatible applications
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/546Message passing systems or structures, e.g. queues

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Description

通訊集線器及其應用程式間的訊息驗證方法Message verification method between communication hub and its application

本發明是有關於一種訊息驗證機制,且特別是有關於一種通訊集線器及其應用程式間的訊息驗證方法。The present invention relates to a message verification mechanism, and more particularly to a method for verifying a message between a communication hub and its application.

一般而言,在作業系統中的各應用程式中的資料不允許其他應用程式來存取。這是為了防止私人資料或機密資料被其他應用程式存取,因此其他應用程式無法直接經由共享的記憶體來取得資料。為了能使不同的應用程式能夠互相存取資源並進行協調工作,則利用行程間通訊(Inter-Process Communication,IPC)技術來傳送資料或訊號。然而,任何的惡意程式能夠偽裝成有效的應用程式並利用IPC來傳送訊息以取得使用者的隱私。In general, the data in each application in the operating system is not allowed to be accessed by other applications. This is to prevent private or confidential data from being accessed by other applications, so other applications cannot directly access the data via shared memory. In order to enable different applications to access resources and coordinate work with each other, Inter-Process Communication (IPC) technology is used to transmit data or signals. However, any malware can masquerade as a valid application and use IPC to transmit messages to gain user privacy.

本發明提供一通訊集線器及其應用程式間的訊息驗證方法,利用每一個應用程式的金鑰來對在每個應用程式間的訊息傳送進行驗證,以防止惡意程式的不法存取。The invention provides a communication verification method between a communication hub and an application thereof, and uses each application's key to verify the message transmission between each application to prevent illegal access by malicious programs.

本發明的應用程式間的訊息驗證方法,用於通訊集線器,其中在通訊集線器中安裝有第一應用程式及第二應用程式,訊息驗證方法包括:在開機過程中,透過執行開機程式第一應用程式及第二應用程式分別產生第一金鑰及第二金鑰,並傳送第一金鑰及第二金鑰至第一應用程式以及傳送第一金鑰及第二金鑰至第二應用程式,使得第一應用程式與第二應用程式在進行訊息傳送時夾帶對應的金鑰;在作業系統正常運作的情況下,當第一應用程式接收到來自第二應用程式的訊息時,依據訊息中所夾帶的金鑰來驗證訊息是否有效;在判定訊息為有效時,第一應用程式根據訊息來回傳回應訊息;以及在判定訊息為無效時,忽略或丟棄訊息。The method for verifying the information between the applications of the present invention is used for a communication hub, wherein the first application and the second application are installed in the communication hub, and the message verification method includes: executing the first application through the boot process during the boot process The program and the second application respectively generate the first key and the second key, and transmit the first key and the second key to the first application and transmit the first key and the second key to the second application So that the first application and the second application carry the corresponding key when transmitting the message; when the operating system is in normal operation, when the first application receives the message from the second application, according to the message The entrained key verifies that the message is valid; when the decision message is valid, the first application sends a response message according to the message; and when the message is invalid, the message is ignored or discarded.

本發明所提及的通訊集線器,包括:儲存單元,儲存第一應用程式與第二應用程式,其中這些應用程式分別對應至多個設備,其中第一應用程式及第二應用程式分別對應至第一設備與第二設備;以及處理器,耦接至該儲存單元;其中,在開機過程中,處理器執行開機程式對第一應用程式及第二應用程式分別產生第一金鑰及第二金鑰,並傳送第一金鑰及第二金鑰至第一應用程式以及傳送第一金鑰及第二金鑰至第二應用程式,使得第一應用程式與第二應用程式在進行訊息傳送時夾帶對應的金鑰;在處理器執行作業系統的情況下,當第一應用程式接收到來自第二應用程式的訊息時,第一應用程式依據訊息中所夾帶的金鑰來驗證訊息是否有效;在判定訊息為有效時,第一應用程式根據訊息回傳回應訊息至第二應用程式;以及在判定訊息為無效時,第一應用程式忽略或丟棄訊息。 The communication hub of the present invention includes: a storage unit that stores a first application and a second application, wherein the applications respectively correspond to a plurality of devices, wherein the first application and the second application respectively correspond to the first The device and the second device; and the processor are coupled to the storage unit; wherein, during the booting process, the processor executes the booting program to generate the first key and the second key respectively for the first application and the second application And transmitting the first key and the second key to the first application and transmitting the first key and the second key to the second application, so that the first application and the second application are carried in the message transmission Corresponding key; when the processor executes the operating system, when the first application receives the message from the second application, the first application verifies whether the message is valid according to the key entrained in the message; When the determination message is valid, the first application returns a response message to the second application according to the message; and when the determination message is invalid, the first application Type ignore or discard the message.

在本發明的一實施例中,上述通訊集線器更包括:本地通訊單元,耦接至處理器,並與第一設備及第二設備進行連線,其中第一應用程式與第二應用程式透過本地通訊單元來獲得第一設備及第二設備各自的資料。 In an embodiment of the present invention, the communication hub further includes: a local communication unit coupled to the processor and connected to the first device and the second device, wherein the first application and the second application are locally The communication unit obtains the respective materials of the first device and the second device.

在本發明的一實施例中,上述通訊集線器更包括:遠端通訊單元,耦接至處理器,並與伺服器進行連線,其中第一應用程式與第二應用程式透過遠端通訊單元,將所獲得的第一設備及第二設備各自的資料傳送至伺服器。 In an embodiment of the present invention, the communication hub further includes: a remote communication unit coupled to the processor and connected to the server, wherein the first application and the second application pass through the remote communication unit, The obtained data of the first device and the second device are transmitted to the server.

在本發明的一實施例中,在開機過程中,處理器傳送第一金鑰及第二金鑰至第一應用程式以及傳送第一金鑰及第二金鑰至第二應用程式之後,儲存第一金鑰及第二金鑰至第一應用程式及第二應用程式所對應的儲存空間,使得第一應用程式及第二應用程分別皆具有第一金鑰及第二金鑰。 In an embodiment of the present invention, during the booting process, the processor transfers the first key and the second key to the first application and transmits the first key and the second key to the second application, and then stores The first key and the second key are respectively connected to the storage space corresponding to the first application and the second application, so that the first application and the second application respectively have the first key and the second key.

在本發明的一實施例中,上述訊息的標頭包括記錄來源端金鑰的欄位。在執行作業系統的情況下,當第一應用程式接收到來自第二應用程式的訊息時,第一應用程式判斷訊息中所夾帶的來源端金鑰是否為第二金鑰;若訊息中所夾帶的來源端金鑰與第二金鑰不同,則第一應用程式判定訊息為無效;若訊息中所夾帶的來源端金鑰與第二金鑰相同,則第一應用程式判定該訊息為有效。 In an embodiment of the invention, the header of the message includes a field for recording the source key. In the case of executing the operating system, when the first application receives the message from the second application, the first application determines whether the source key contained in the message is the second key; if the message is entrained The source key is different from the second key, and the first application determines that the message is invalid; if the source key contained in the message is the same as the second key, the first application determines that the message is valid.

在本發明的一實施例中,上述訊息的標頭包括記錄目的端金鑰的欄位。在執行作業系統的情況下,當第一應用程式接收到來自第二應用程式的訊息時,第一應用程式判斷訊息中所夾帶的目的端金鑰是否為該第一金鑰;若訊息中所夾帶的目的端金鑰與第一金鑰相同,則第一應用程式判定訊息為有效;若訊息中所夾帶的目的端金鑰與第一金鑰不同,則第一應用程式判定訊息為無效。 In an embodiment of the invention, the header of the message includes a field for recording the destination key. In the case of executing the operating system, when the first application receives the message from the second application, the first application determines whether the destination key contained in the message is the first key; If the entitlement key is the same as the first key, the first application determines that the message is valid; if the destination key entrained in the message is different from the first key, the first application determines that the message is invalid.

在本發明的一實施例中,上述訊息的標頭包括記錄來源端金鑰的欄位以及記錄目的端金鑰的欄位。在執行作業系統的情況下,當第一應用程式接收到來自第二應用程式的訊息時,第一應用程式判斷訊息中所夾帶的目的端金鑰與來源端金鑰是否分別為第一金鑰與第二金鑰;若訊息中所夾帶的目的端金鑰與來源端金鑰分別為第一金鑰與第二金鑰,則判定訊息為有效;以及若訊息中所夾帶的目的端金鑰與第一金鑰不同,或者來源端金鑰與第二金鑰不相同,則判定訊息為無效。 In an embodiment of the invention, the header of the message includes a field for recording the source key and a field for recording the destination key. In the case of executing the operating system, when the first application receives the message from the second application, the first application determines whether the destination key and the source key contained in the message are the first key respectively. And the second key; if the destination key and the source key carried in the message are the first key and the second key respectively, the determination message is valid; and if the destination key is included in the message Different from the first key, or the source key is different from the second key, the message is determined to be invalid.

在本發明的一實施例中,上述第一金鑰及第二金鑰分別為一第一亂數及一第二亂數。 In an embodiment of the invention, the first key and the second key are respectively a first random number and a second random number.

在本發明的一實施例中,所述訊息的格式為行程間通訊(Inter-Process Communication,IPC)格式。 In an embodiment of the invention, the format of the message is an Inter-Process Communication (IPC) format.

基於上述,本發明在開機過程中給予每一個應用程式對應的一個金鑰,利用這些金鑰來對在每個應用程式間的訊息傳送進行驗證,以防止惡意程式的不法存取。Based on the above, the present invention gives a key corresponding to each application during the boot process, and uses these keys to verify the message transfer between each application to prevent illegal access by malicious programs.

為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。The above described features and advantages of the invention will be apparent from the following description.

圖1是依照本發明一實施例的通訊集線器的方塊圖。請參照圖1,通訊集線器100包括處理器110、儲存單元120、記憶體130、遠端通訊單元140以及本地通訊單元150。處理器110耦接至儲存單元120、記憶體130、遠端通訊單元140以及本地通訊單元150。1 is a block diagram of a communication hub in accordance with an embodiment of the present invention. Referring to FIG. 1 , the communication hub 100 includes a processor 110 , a storage unit 120 , a memory 130 , a remote communication unit 140 , and a local communication unit 150 . The processor 110 is coupled to the storage unit 120, the memory 130, the remote communication unit 140, and the local communication unit 150.

處理器110例如為中央處理單元(Central Processing Unit,CPU)、圖像處理單元(Graphic Processing Unit,GPU)、物理處理單元(Physics Processing Unit,PPU)、可程式化之微處理器(Microprocessor)、嵌入式控制晶片、數位訊號處理器(Digital Signal Processor,DSP)、特殊應用積體電路(Application Specific Integrated Circuits,ASIC)或其他類似裝置。處理器110用來執行通訊集線器100中的硬體、韌體以及處理軟體內的資料。The processor 110 is, for example, a central processing unit (CPU), an image processing unit (GPU), a physical processing unit (PPU), a programmable microprocessor (Microprocessor), Embedded control chip, Digital Signal Processor (DSP), Application Specific Integrated Circuits (ASIC) or other similar devices. The processor 110 is configured to execute hardware, firmware, and processing software in the communication hub 100.

儲存單元120例如為唯讀記憶體(Read Only Memory,ROM)或快閃記憶體(flash memory)。儲存單元120中儲存了開機韌體、多個應用程式、亂數產生模組、作業系統等。開機韌體例如為基本輸入輸出系統(Basic Input Output System,BIOS)。The storage unit 120 is, for example, a read only memory (ROM) or a flash memory. The storage unit 120 stores a boot firmware, a plurality of applications, a random number generation module, an operating system, and the like. The boot firmware is, for example, a Basic Input Output System (BIOS).

記憶體130例如為隨機存取記憶體(random access memory,RAM)。在此,通訊集線器100中所有構件的驅動程式以及作業系統等等,都會先載入(load)到記憶體130,以供處理器110讀取。例如,透過記憶體映射(Shadow RAM)的方式將開機韌體載入至記憶體130中,以供處理器110來存取。The memory 130 is, for example, a random access memory (RAM). Here, the drivers and operating systems of all components in the communication hub 100 are first loaded into the memory 130 for reading by the processor 110. For example, the boot firmware is loaded into the memory 130 by means of a memory RAM for access by the processor 110.

遠端通訊單元140以及本地通訊單元150為支援有線傳輸協定或無線傳輸協定的硬體,使得通訊集線器100能夠與遠端裝置或外部裝置進行連線。遠端通訊單元140,例如為3G/4G(third generation / fourth generation)通訊單元,本地通訊單元150例如為乙太網路、藍芽、ZigBee或Wi-Fi通訊單元等。在一實施例中,本地通訊單元150與外部的至少一個設備連接。而儲存單元120中的應用程式或部份應用程式透過本地通訊單元150來獲得設備的資料。在另一實施例中,每一個設備皆有對應的一個應用程式,通訊集線器100利用各應用程式來與各設備進行溝通。所述設備例如為電子電表、電子水表、電子瓦斯表以及其他電子家用設備等;特別說明的是,上述設備與通訊集線器100溝通的資料可能是機密資料,因此利用本發明之應用程式間的訊息驗證方法可達到保護機密資料的目的。The remote communication unit 140 and the local communication unit 150 are hardware supporting a wired transmission protocol or a wireless transmission protocol, so that the communication hub 100 can be connected to a remote device or an external device. The remote communication unit 140 is, for example, a 3G/4G (third generation / fourth generation) communication unit, and the local communication unit 150 is, for example, an Ethernet, Bluetooth, ZigBee, or Wi-Fi communication unit. In an embodiment, the local communication unit 150 is coupled to at least one device externally. The application or part of the application in the storage unit 120 obtains the data of the device through the local communication unit 150. In another embodiment, each device has a corresponding application, and the communication hub 100 utilizes each application to communicate with each device. The device is, for example, an electronic electricity meter, an electronic water meter, an electronic gas meter, and other electronic household equipment; in particular, the information communicated by the device with the communication hub 100 may be confidential information, and thus the information between the applications of the present invention is utilized. The verification method can achieve the purpose of protecting confidential information.

遠端通訊單元140與伺服器進行連線。儲存單元120中的各應用程式透過遠端通訊單元140,將所獲得的各設備的資料傳送至伺服器。The remote communication unit 140 is connected to the server. Each application in the storage unit 120 transmits the obtained data of each device to the server through the remote communication unit 140.

在其他實施例中,亂數產生模組亦可以由硬體實現,耦接於處理器110。在此並不限制亂數產生器為軟體或硬體。In other embodiments, the random number generation module may also be implemented by hardware and coupled to the processor 110. The random number generator is not limited to software or hardware.

圖2是依照本發明一實施例的應用程式間的訊息驗證方法的流程圖。在此,不一定要將通訊集線器100中全部的應用程式都使用下述訊息驗證方法,可視情況來決定哪些應用程式需要使用下述訊息驗證方法。例如,可以針對用來處理較機密或私人的訊息的應用程式即可。2 is a flow chart of a method for verifying messages between applications in accordance with an embodiment of the present invention. Here, it is not necessary to use all of the following applications in the communication hub 100 to determine which applications need to use the following message verification method. For example, you can target an application that handles confidential or private messages.

請同時參照圖1及圖2,在步驟S205中,在開機過程中,處理器110執行開機程式並對第一應用程式及第二應用程式分別產生第一金鑰及第二金鑰,並傳送第一金鑰及第二金鑰至第一應用程式以及傳送第一金鑰及第二金鑰至第二應用程式,使得第一應用程式與第二應用程式在進行訊息傳送時夾帶對應的金鑰。在開機過程中,開機程式先初始化第一應用程式與第二應用程式,接著透過亂數產生模組產生第一亂數作為第一應用程式的第一金鑰,並且產生第二亂數作為第二應用程式的第二金鑰。Referring to FIG. 1 and FIG. 2 simultaneously, in step S205, during the booting process, the processor 110 executes a booting program and generates a first key and a second key respectively for the first application and the second application, and transmits the first key and the second key respectively. Transmitting the first key and the second key to the first application and transmitting the first key and the second key to the second application, so that the first application and the second application carry the corresponding gold when transmitting the message key. During the booting process, the booting program first initializes the first application and the second application, and then generates the first random number as the first key of the first application through the random number generating module, and generates the second random number as the first The second key of the second application.

在本實施例中,以兩個應用程式(第一應用程式與第二應用程式)為例來進行說明,第一應用程式對應至第一設備,第二應用程式對應至第二設備。然,在其他實施例中並不限定應用程式的數量。In this embodiment, two applications (a first application and a second application) are taken as an example. The first application corresponds to the first device, and the second application corresponds to the second device. However, the number of applications is not limited in other embodiments.

例如,在其他實施例中,在開機過程中,開機程式先初始化所有的應用程式,接著透過亂數產生模組來產生多個亂數來作為金鑰。接著,開機程式將這些金鑰傳送給每一個應用程式。當應用程式接收到這些金鑰時,會將這些金鑰儲存至應用程式各自所分配到的儲存空間中。而各應用程式所分配到的金鑰可以不同,或者有可能兩個應用程式分配到的金鑰為相同。For example, in other embodiments, during the boot process, the boot program initializes all applications first, and then generates a random number as a key through the random number generation module. The bootloader then passes the keys to each application. When the application receives these keys, they are stored in the storage space to which the application is assigned. The keys assigned to each application can be different, or it is possible that the keys assigned by the two applications are the same.

例如,如表格1所示,假設儲存單元120中包括應用程式A~C,則開機程式在初始化應用程式A~C之後,由亂數產生器產生亂數RNA給應用程式A,產生亂數RNB給應用程式B,產生亂數RNC給應用程式C。之後,將亂數RNA~RNC以及各個亂數與應用程式之間的對應關係傳送給應用程式A~C,使得每一個應用程式都知道全部應用程式所對應的亂數。For example, as shown in Table 1, if the storage unit 120 includes the applications A to C, the boot program generates the random number RNA to the application A by the random number generator after initializing the applications A to C, and generates a random number RNB. For application B, a random RNC is generated for application C. Then, the random RNA to RNC and the correspondence between the random numbers and the application are transmitted to the applications A to C, so that each application knows the random number corresponding to all the applications.

表格1 <TABLE border="1" borderColor="#000000" width="85%"><TBODY><tr><td> 應用程式 </td><td> 亂數 </td></tr><tr><td> A </td><td> RNA </td></tr><tr><td> B </td><td> RNB </td></tr><tr><td> C </td><td> RNC </td></tr></TBODY></TABLE>Table 1         <TABLE border="1" borderColor="#000000" width="85%"><TBODY><tr><td> application</td><td> random number</td></tr><tr ><td> A </td><td> RNA </td></tr><tr><td> B </td><td> RNB </td></tr><tr><td> C </td><td> RNC </td></tr></TBODY></TABLE>

在執行完開機程序後,處理器110將作業系統載入至記憶體130以執行作業系統,並且在執行作業系統的情況下,啟動各應用程式。After executing the boot process, the processor 110 loads the operating system into the memory 130 to execute the operating system, and in the case of executing the operating system, launches each application.

在處理器110執行作業系統的情況下,在步驟S210中,第一應用程式接收到來自第二應用程式的訊息。在此,第一應用程式與第二應用程式之間傳遞的訊息會夾帶來源端金鑰、傳送端金鑰至少其中一者或者所述兩者。例如,在訊息的標頭新增記錄來源端金鑰的欄位,或者新增記錄目的端金鑰的欄位,或者新增兩個欄位來記錄來源端金鑰與目的端金鑰。所述訊息的格式例如為行程間通訊(Inter-Process Communication,IPC)格式。In the case where the processor 110 executes the operating system, in step S210, the first application receives the message from the second application. Here, the message transmitted between the first application and the second application may carry at least one of the source key and the transmitter key or both. For example, in the header of the message, a field for recording the source key is added, or a field for recording the destination key is added, or two fields are added to record the source key and the destination key. The format of the message is, for example, an Inter-Process Communication (IPC) format.

接著,在步驟S215中,依據訊息中所夾帶的金鑰來驗證訊息是否有效。例如,第一應用程式會根據訊息中的來源端金鑰與目的端金鑰至少其中一個來判斷訊息是否有效。Next, in step S215, it is verified whether the message is valid according to the key entrained in the message. For example, the first application determines whether the message is valid according to at least one of the source key and the destination key in the message.

例如,判斷訊息中所夾帶的來源端金鑰是否為第二金鑰。若訊息中所夾帶的來源端金鑰與第二金鑰不相同,則判定訊息為無效。若訊息中所夾帶的來源端金鑰與第二金鑰相同,則判定訊息為有效。For example, determine if the source key entrained in the message is the second key. If the source key contained in the message is different from the second key, the message is invalid. If the source key contained in the message is the same as the second key, the message is determined to be valid.

或者,判斷訊息中所夾帶的目的端金鑰是否為第一金鑰。若訊息中所夾帶的目的端金鑰與第一金鑰相同,則判定訊息為有效。若訊息中所夾帶的目的端金鑰與第一金鑰不同,則判定訊息為無效。Or, determine whether the destination key carried in the message is the first key. If the destination key carried in the message is the same as the first key, the message is determined to be valid. If the destination key carried in the message is different from the first key, the decision message is invalid.

或者,判斷訊息中所夾帶的目的端金鑰與來源端金鑰是否分別為第一金鑰與第二金鑰。若訊息中所夾帶的目的端金鑰與來源端金鑰分別為第一金鑰與第二金鑰,則判定訊息為有效。若訊息中所夾帶的目的端金鑰與第一金鑰不同,或者來源端金鑰與第二金鑰不相同,則判定訊息為無效。Alternatively, it is determined whether the destination key and the source key carried in the message are the first key and the second key, respectively. If the destination key and the source key carried in the message are the first key and the second key, respectively, the message is determined to be valid. If the destination key contained in the message is different from the first key, or the source key is different from the second key, the message is invalid.

在判定訊息有效時,在步驟S220中,第一應用程式依據訊息回傳回應訊息至第二應用程式。在判定訊息為無效時,第一應用程式會忽略(ingore)或丟棄(drop)此一訊息。When the determination message is valid, in step S220, the first application returns a response message to the second application according to the message. When the decision message is invalid, the first application will ignore or drop the message.

底下再舉另一例來詳細說明驗證訊息是否有效的步驟。Let's take another example to explain in detail how the verification message is valid.

圖3是依照本發明一實施例的判斷應用程式間的訊息是否有效的方法流程圖。本實施例為上述步驟S215的其中一種實施方式。3 is a flow chart of a method for determining whether a message between applications is valid, in accordance with an embodiment of the present invention. This embodiment is one of the above-described steps S215.

在處理器110執行作業系統的情況下,當第一應用程式接收到來自第二應用程式的訊息時,在步驟S305中,在處理器110判斷第一應用程式中接收訊息的通訊埠是否被指派給第二應用程式。若第一應用程式中接收訊息的通訊埠已被指派給第二應用程式,則執行步驟S310。若第一應用程式中接收訊息的通訊埠並未被指派給第二應用程式,則如步驟S325所示,判定訊息為無效。In the case that the processor 110 executes the operating system, when the first application receives the message from the second application, in step S305, the processor 110 determines whether the communication port receiving the message in the first application is assigned. Give the second app. If the communication port receiving the message in the first application has been assigned to the second application, step S310 is performed. If the communication port receiving the message in the first application is not assigned to the second application, the determination message is invalid as shown in step S325.

在應用程式被初始化時,處理器110會對每一個應用程式指派用來接收特定應用程式的訊息的通訊埠。在此,所述通訊埠為行程間通訊(Inter-Process Communication,IPC)埠。例如,假設在第一應用程式中指派給第二應用程式的通訊埠為IPC 1,通訊埠IPC 1只會接收來自第二應用程式的訊息。若第一應用程式中接收訊息的通訊埠為IPC 1,則前往步驟S310。若第一應用程式中接收訊息的通訊埠不是IPC 1,則判定訊息無效。即,被指派給第二應用程式的通訊埠只能接收到來自第二應用程式所傳送的訊息,非指派的通訊埠不應該接收到表示來自第二應用程式所傳送的訊息。When the application is initialized, the processor 110 assigns each application a communication port for receiving messages for a particular application. Here, the communication port is Inter-Process Communication (IPC). For example, assume that the communication assigned to the second application in the first application is IPC 1, and the communication IPC 1 will only receive the message from the second application. If the communication port receiving the message in the first application is IPC 1, then go to step S310. If the communication receiving the message in the first application is not IPC 1, the message is invalid. That is, the communication port assigned to the second application can only receive the message transmitted from the second application, and the unassigned communication message should not receive the message indicating the transmission from the second application.

若判定第一應用程式中接收訊息的通訊埠已被指派給第二應用程式,在步驟S310中,判斷訊息中所夾帶的來源端金鑰是否為第二金鑰。若訊息中所夾帶的來源端金鑰與第二應用程式所分配到的第二金鑰不同,則如步驟S325所示,判定訊息為無效;若訊息中所夾帶的來源端金鑰與第二應用程式所分配到的金鑰相同,則執行步驟S315。If it is determined that the communication port for receiving the message in the first application has been assigned to the second application, in step S310, it is determined whether the source key entrained in the message is the second key. If the source key carried in the message is different from the second key assigned by the second application, the determination message is invalid as shown in step S325; if the source key and the second key are included in the message If the key assigned by the application is the same, step S315 is performed.

在步驟S315中,判斷訊息中所夾帶的目的端金鑰是否為第一金鑰。若訊息中所夾帶的目的端金鑰與第一應用程式所分配到的第一金鑰相同,則如步驟S320所示,判定訊息為有效。若訊息中所夾帶的目的端金鑰與第一應用程式所分配到的金鑰不同,則如步驟S325所示,判定該訊息為無效。特別說明的是,本發明的應用程式間的訊息驗證方法,可以執行步驟S310及S315中至少其一即可,且S310及S315之間的順序並無限制。In step S315, it is determined whether the destination key entrained in the message is the first key. If the destination key carried in the message is the same as the first key assigned by the first application, the determination message is valid as shown in step S320. If the destination key carried in the message is different from the key assigned by the first application, then as shown in step S325, the message is determined to be invalid. Specifically, the message verification method between the applications of the present invention may perform at least one of steps S310 and S315, and the order between S310 and S315 is not limited.

綜上所述,在每一次的開機重新產生金鑰來指派給各個應用程式,使得這些應用程式在進入作業系統階段時,利用這些金鑰對每個應用程式間的訊息傳送進行驗證,以防止惡意程式的不法存取。並且,還可進一步搭配各應用程式的通訊埠來進行驗證,進一步加強安全性。In summary, each time the boot re-generates the key to be assigned to each application, these applications use these keys to verify the message transfer between each application when entering the operating system phase to prevent Unlawful access by malicious programs. In addition, you can further verify the communication with each application's communication port to further enhance security.

雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed in the above embodiments, it is not intended to limit the present invention, and any one of ordinary skill in the art can make some changes and refinements without departing from the spirit and scope of the present invention. The scope of the invention is defined by the scope of the appended claims.

100‧‧‧通訊集線器100‧‧‧Communication hub

110‧‧‧處理器110‧‧‧ processor

120‧‧‧儲存單元120‧‧‧ storage unit

130‧‧‧記憶體130‧‧‧ memory

140‧‧‧遠端通訊單元140‧‧‧Remote communication unit

150‧‧‧本地通訊單元150‧‧‧Local communication unit

S205~S225‧‧‧應用程式間的訊息驗證方法各步驟S205~S225‧‧‧Steps of message verification between applications

S305~S325‧‧‧判斷訊息是否有效的方法各步驟S305~S325‧‧‧Methods for judging whether the message is valid or not

圖1是依照本發明一實施例的通訊集線器的方塊圖。 圖2是依照本發明一實施例的應用程式間的訊息驗證方法的流程圖。 圖3是依照本發明一實施例的判斷訊息是否有效的方法流程圖。1 is a block diagram of a communication hub in accordance with an embodiment of the present invention. 2 is a flow chart of a method for verifying messages between applications in accordance with an embodiment of the present invention. 3 is a flow chart of a method for determining whether a message is valid, in accordance with an embodiment of the present invention.

S205~S225‧‧‧應用程式間的訊息驗證方法各步驟 S205~S225‧‧‧Steps of message verification between applications

Claims (14)

一種應用程式間的訊息驗證方法,用於一通訊集線器,其中該通訊集線器包括一處理器,並且在該通訊集線器中安裝有一第一應用程式及一第二應用程式,透過該處理器來執行該第一應用程式與該第二應用程式,該訊息驗證方法包括:在一開機過程中,透過該處理器執行一開機程式對該第一應用程式及該第二應用程式分別產生一第一金鑰及一第二金鑰,並傳送該第一金鑰及該第二金鑰至該第一應用程式以及傳送該第一金鑰及該第二金鑰至該第二應用程式,使得該第一應用程式與該第二應用程式在進行訊息傳送時夾帶對應的金鑰;在該處理器執行一作業系統的情況下,當該第一應用程式接收到來自該第二應用程式的一訊息時,透過該處理器依據該訊息中所夾帶的金鑰來驗證該訊息是否有效;在判定該訊息為有效時,該第一應用程式根據該訊息回傳一回應訊息至該第二應用程式;以及在判定該訊息為無效時,該第一應用程式忽略或丟棄該訊息。 An inter-application message verification method for a communication hub, wherein the communication hub includes a processor, and a first application and a second application are installed in the communication hub, and the processor is used to execute the The first application and the second application, the message verification method includes: generating a first key for the first application and the second application by executing a booting program through the processor during a boot process And a second key, and transmitting the first key and the second key to the first application and transmitting the first key and the second key to the second application, so that the first The application and the second application carry a corresponding key when transmitting the message; when the processor executes an operating system, when the first application receives a message from the second application, Verifying, by the processor, whether the message is valid according to the key carried in the message; when determining that the message is valid, the first application returns a message according to the message Should message to the second application; and when it is determined that the message is invalid, the first application to ignore or discard the message. 如申請專利範圍第1項所述的訊息驗證方法,其中在該開機過程中,傳送該第一金鑰及該第二金鑰至該第一應用程式以及傳送該第一金鑰及該第二金鑰至該第二應用程式的步驟之後,包括:透過該處理器儲存該第一金鑰及該第二金鑰至該第一應用程式及該第二應用程式所對應的儲存空間,使得該第一應用程式及 該第二應用程分別皆具有該第一金鑰及該第二金鑰。 The method for verifying a message according to claim 1, wherein in the booting process, transmitting the first key and the second key to the first application and transmitting the first key and the second After the step of the key to the second application, the storing, by the processor, the first key and the second key to the first application and the storage space corresponding to the second application, so that the First application and The second application has the first key and the second key respectively. 如申請專利範圍第1項所述的訊息驗證方法,其中該訊息的標頭包括記錄一來源端金鑰的欄位,而在該處理器執行該作業系統的情況下,當該第一應用程式接收到來自該第二應用程式的該訊息時,透過該處理器依據該訊息中所夾帶的金鑰來驗證該訊息是否有效的步驟包括:透過該處理器判斷該訊息中所夾帶的該來源端金鑰是否為該第二金鑰;若該訊息中所夾帶的該來源端金鑰與該第二金鑰不相同,則透過該處理器判定該訊息為無效;以及若該訊息中所夾帶的該來源端金鑰與該第二金鑰相同,則透過該處理器判定該訊息為有效。 The method for verifying a message according to claim 1, wherein the header of the message includes a field for recording a source key, and when the processor executes the operating system, when the first application When receiving the message from the second application, the step of verifying, by the processor, whether the message is valid according to the key entrapped in the message includes: determining, by the processor, the source end entrained in the message Whether the key is the second key; if the source key carried in the message is different from the second key, the processor determines that the message is invalid; and if the message is entrained The source key is the same as the second key, and the processor determines that the message is valid. 如申請專利範圍第1項所述的訊息驗證方法,其中該訊息的標頭包括記錄一目的端金鑰的欄位,而在該處理器執行該作業系統的情況下,當該第一應用程式接收到來自該第二應用程式的該訊息時,透過該處理器依據該訊息中所夾帶的金鑰來驗證該訊息是否有效的步驟包括:透過該處理器判斷該訊息中所夾帶的該目的端金鑰是否為該第一金鑰;若該訊息中所夾帶的該目的端金鑰與該第一金鑰相同,則透過該處理器判定該訊息為有效;以及若該訊息中所夾帶的該目的端金鑰與該第一金鑰不同,則透 過該處理器判定該訊息為無效。 The method for verifying a message according to claim 1, wherein the header of the message includes a field for recording a destination key, and in the case that the processor executes the operating system, when the first application When receiving the message from the second application, the step of verifying, by the processor, whether the message is valid according to the key entrapped in the message includes: determining, by the processor, the destination end entrained in the message Whether the key is the first key; if the destination key carried in the message is the same as the first key, the processor determines that the message is valid; and if the message is entrained The destination key is different from the first key. The processor determines that the message is invalid. 如申請專利範圍第1項所述的訊息驗證方法,其中該訊息的標頭包括記錄一來源端金鑰的欄位以及記錄一目的端金鑰的欄位,而在該處理器執行該作業系統的情況下,當該第一應用程式接收到來自該第二應用程式的該訊息時,透過該處理器依據該訊息中所夾帶的金鑰來驗證該訊息是否有效的步驟包括:透過該處理器判斷該訊息中所夾帶的該目的端金鑰與該來源端金鑰是否分別為該第一金鑰與該第二金鑰;若該訊息中所夾帶的該目的端金鑰與該來源端金鑰分別為該第一金鑰與該第二金鑰,則透過該處理器判定該訊息為有效;以及若該訊息中所夾帶的該目的端金鑰與該第一金鑰不同,或者該來源端金鑰與該第二金鑰不相同,則透過該處理器判定該訊息為無效。 The method for verifying a message according to claim 1, wherein the header of the message includes a field for recording a source key and a field for recording a destination key, and the operating system is executed at the processor. In the case that the first application receives the message from the second application, the step of verifying, by the processor, whether the message is valid according to the key entrapped in the message includes: transmitting the processor Determining whether the destination key and the source key carried in the message are the first key and the second key respectively; if the destination key and the source end gold carried in the message The key is the first key and the second key respectively, and the processor determines that the message is valid; and if the destination key carried in the message is different from the first key, or the source If the terminal key is different from the second key, the processor determines that the message is invalid. 如申請專利範圍第1項所述的訊息驗證方法,其中該第一金鑰及該第二金鑰分別為一第一亂數及一第二亂數。 The method for verifying a message according to claim 1, wherein the first key and the second key are respectively a first random number and a second random number. 如申請專利範圍第1項所述的訊息驗證方法,其中該訊息利用一行程間通訊技術進行傳遞。 The method for verifying a message as described in claim 1, wherein the message is transmitted using an inter-trip communication technique. 一種通訊集線器,包括:一儲存單元,儲存一第一應用程式與一第二應用程式,其中該第一應用程式及該第二應用程式分別對應至一第一設備與一第二設備;以及 一處理器,耦接至該儲存單元;其中,在開機過程中,該處理器執行一開機程式對該第一應用程式及該第二應用程式分別產生一第一金鑰及一第二金鑰,並傳送該第一金鑰及該第二金鑰至該第一應用程式以及傳送該第一金鑰及該第二金鑰至該第二應用程式,使得該第一應用程式與該第二應用程式在進行訊息傳送時夾帶對應的金鑰;在該處理器執行一作業系統的情況下,當該第一應用程式接收到來自該第二應用程式的一訊息時,該第一應用程式依據該訊息中所夾帶的金鑰來驗證該訊息是否有效;在判定該訊息為有效時,該第一應用程式根據該訊息來回傳一回應訊息至該第二應用程式;以及在判定該訊息為無效時,該第一應用程式忽略或丟棄該訊息。 A communication hub includes: a storage unit for storing a first application and a second application, wherein the first application and the second application respectively correspond to a first device and a second device; a processor coupled to the storage unit; wherein, during the booting process, the processor executes a booting program to generate a first key and a second key for the first application and the second application respectively And transmitting the first key and the second key to the first application and transmitting the first key and the second key to the second application, so that the first application and the second application The application carries a corresponding key when transmitting the message; when the processor executes an operating system, when the first application receives a message from the second application, the first application is based on The key contained in the message verifies whether the message is valid; when it is determined that the message is valid, the first application sends a response message to the second application according to the message; and determines that the message is When invalid, the first application ignores or discards the message. 如申請專利範圍第8項所述的通訊集線器,更包括:一本地通訊單元,耦接至該處理器,並與該第一設備及該第二設備進行連線,其中該第一應用程式與該第二應用程式透過該本地通訊單元來獲得該第一設備及該第二設備各自的資料;以及一遠端通訊單元,耦接至該處理器,並與一伺服器進行連線,其中該第一應用程式與該第二應用程式透過該遠端通訊單元,將所獲得的該第一設備及該第二設備各自的資料傳送至該伺服器。 The communication hub of claim 8 further comprising: a local communication unit coupled to the processor and connected to the first device and the second device, wherein the first application is The second application obtains the data of the first device and the second device through the local communication unit; and a remote communication unit coupled to the processor and connected to a server, wherein the The first application and the second application transmit the obtained data of the first device and the second device to the server through the remote communication unit. 如申請專利範圍第8項所述的通訊集線器,其中在該開機過程中,該處理器傳送該第一金鑰及該第二金鑰至該第一應用程式以及傳送該第一金鑰及該第二金鑰至該第二應用程式之 後,儲存該第一金鑰及該第二金鑰至該第一應用程式及該第二應用程式所對應的儲存空間,使得該第一應用程式及該第二應用程分別皆具有該第一金鑰及該第二金鑰。 The communication hub of claim 8, wherein the processor transmits the first key and the second key to the first application and transmits the first key and the The second key to the second application And storing the first key and the second key to the storage space corresponding to the first application and the second application, so that the first application and the second application respectively have the first The key and the second key. 如申請專利範圍第8項所述的通訊集線器,其中該訊息的標頭包括記錄一來源端金鑰的欄位,在執行該作業系統的情況下,當該第一應用程式接收到來自該第二應用程式的該訊息時,該第一應用程式判斷該訊息中所夾帶的該來源端金鑰是否為該第二金鑰;若該訊息中所夾帶的該來源端金鑰與該第二金鑰不同,則該第一應用程式判定該訊息為無效;若該訊息中所夾帶的該來源端金鑰與該第二金鑰相同,則判定該訊息為有效。 The communication hub of claim 8, wherein the header of the message includes a field for recording a source key, and in the case of executing the operating system, when the first application receives the In the second application, the first application determines whether the source key carried in the message is the second key; if the source key and the second gold carried in the message If the key is different, the first application determines that the message is invalid; if the source key entrained in the message is the same as the second key, then the message is determined to be valid. 如申請專利範圍第8項所述的通訊集線器,其中該訊息的標頭包括記錄一目的端金鑰的欄位,在執行該作業系統的情況下,當該第一應用程式接收到來自該第二應用程式的該訊息時,該第一應用程式判斷該訊息中所夾帶的該目的端金鑰是否為該第一金鑰;若該訊息中所夾帶的該目的端金鑰與該第一金鑰相同,則該第一應用程式判定該訊息為有效;若該訊息中所夾帶的該目的端金鑰與該第一金鑰不同,則該第一應用程式判定該訊息為無效。 The communication hub of claim 8, wherein the header of the message includes a field for recording a destination key, and in the case of executing the operating system, when the first application receives the In the second application, the first application determines whether the destination key carried in the message is the first key; if the destination key and the first gold carried in the message If the key is the same, the first application determines that the message is valid; if the destination key carried in the message is different from the first key, the first application determines that the message is invalid. 如申請專利範圍第8項所述的通訊集線器,其中該訊息的標頭包括記錄一來源端金鑰的欄位以及記錄一目的端金鑰的欄位,在執行該作業系統的情況下,當該第一應用程式接收到來自該第二應用程式的該訊息時,該第一應用程式判斷該訊息中所 夾帶的該目的端金鑰與該來源端金鑰是否分別為該第一金鑰與該第二金鑰;若該訊息中所夾帶的該目的端金鑰與該來源端金鑰分別為該第一金鑰與該第二金鑰,則判定該訊息為有效;以及若該訊息中所夾帶的該目的端金鑰與該第一金鑰不同,或者該來源端金鑰與該第二金鑰不相同,則判定該訊息為無效。 The communication hub of claim 8, wherein the header of the message includes a field for recording a source key and a field for recording a destination key, in the case of executing the operating system, when When the first application receives the message from the second application, the first application determines the message Whether the target end key and the source end key are the first key and the second key respectively; if the destination end key and the source end key entrained in the message are respectively the first a key and the second key, determining that the message is valid; and if the destination key carried in the message is different from the first key, or the source key and the second key If it is not the same, it is determined that the message is invalid. 如申請專利範圍第8項所述的通訊集線器,其中該第一金鑰及該第二金鑰分別為一第一亂數及一第二亂數。 The communication hub of claim 8, wherein the first key and the second key are a first random number and a second random number, respectively.
TW105128006A 2016-08-31 2016-08-31 Communication hub and method for verifying message among applications thereof TWI605358B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
TW105128006A TWI605358B (en) 2016-08-31 2016-08-31 Communication hub and method for verifying message among applications thereof
CN201710457275.1A CN107783846B (en) 2016-08-31 2017-06-16 Communication concentrator and information verification method between application programs thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW105128006A TWI605358B (en) 2016-08-31 2016-08-31 Communication hub and method for verifying message among applications thereof

Publications (2)

Publication Number Publication Date
TWI605358B true TWI605358B (en) 2017-11-11
TW201807613A TW201807613A (en) 2018-03-01

Family

ID=61023092

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105128006A TWI605358B (en) 2016-08-31 2016-08-31 Communication hub and method for verifying message among applications thereof

Country Status (2)

Country Link
CN (1) CN107783846B (en)
TW (1) TWI605358B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200839567A (en) * 2007-03-23 2008-10-01 Via Tech Inc Application protection systems and methods
TW201504842A (en) * 2013-07-17 2015-02-01 Ind Tech Res Inst Method for application management, corresponding system, and user device
CN104520805A (en) * 2012-08-29 2015-04-15 赛门铁克公司 Secure app ecosystem with key and data exchange according to enterprise information control policy
CN105243330A (en) * 2015-10-13 2016-01-13 武汉大学 Protection method and system facing internal data transfer process of Android system
US20160085602A1 (en) * 2014-09-19 2016-03-24 Microsoft Corporation Content Sharing Between Sandboxed Apps

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101789866B (en) * 2010-02-03 2012-06-13 国家保密科学技术研究所 High-reliability safety isolation and information exchange method
CN102497267A (en) * 2011-12-07 2012-06-13 绚视软件科技(上海)有限公司 Safety communication system among software progresses
TW201530344A (en) * 2014-01-21 2015-08-01 hong-jian Zhou Application program access protection method and application program access protection device
TWI564745B (en) * 2015-03-27 2017-01-01 物聯智慧科技(深圳)有限公司 Peer-to-peer (p2p) connecting and establishing method and communication system using the same

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200839567A (en) * 2007-03-23 2008-10-01 Via Tech Inc Application protection systems and methods
CN104520805A (en) * 2012-08-29 2015-04-15 赛门铁克公司 Secure app ecosystem with key and data exchange according to enterprise information control policy
TW201504842A (en) * 2013-07-17 2015-02-01 Ind Tech Res Inst Method for application management, corresponding system, and user device
US20160085602A1 (en) * 2014-09-19 2016-03-24 Microsoft Corporation Content Sharing Between Sandboxed Apps
CN105243330A (en) * 2015-10-13 2016-01-13 武汉大学 Protection method and system facing internal data transfer process of Android system

Also Published As

Publication number Publication date
CN107783846A (en) 2018-03-09
CN107783846B (en) 2020-10-30
TW201807613A (en) 2018-03-01

Similar Documents

Publication Publication Date Title
US9558358B2 (en) Random number generator in a virtualized environment
US10742624B2 (en) Sentinel appliance in an internet of things realm
JP6720211B2 (en) Secure bootstrap technology for virtual network functions
JP6276426B2 (en) Semi-deterministic digital signature generation
JP6463269B2 (en) Method, system, and computer program product for determining the geographical location of a virtual disk image running on a data center server in a data center
US9521125B2 (en) Pseudonymous remote attestation utilizing a chain-of-trust
TWI623853B (en) Device to act as verifier, method for remote attestation and non-transitory machine-readable storage medium
EP2609722B1 (en) Securely accessing an advertised service
KR102182894B1 (en) USER DEVICE PERFORMING PASSWROD BASED AUTHENTICATION AND PASSWORD Registration AND AUTHENTICATION METHOD THEREOF
NL1034453C2 (en) METHOD FOR PROVIDING CREDENTIALS AND SOFTWARE IMAGES IN SECURE NETWORK ENVIRONMENTS.
CN112765684B (en) Block chain node terminal management method, device, equipment and storage medium
TW201340665A (en) Bluetooth low energy privacy
JP2018520437A (en) Malware detection using digital certificates
WO2021051941A1 (en) Information processing method and apparatus
US10699031B2 (en) Secure transactions in a memory fabric
GB2540961B (en) Controlling configuration data storage
JP6023858B1 (en) COMPUTER SYSTEM, COMPUTER DEVICE, METHOD THEREOF, AND PROGRAM
CN109768977A (en) Streaming medium data processing method, device and relevant device and medium
GB2574613A (en) Device, system, and method of generating and handling cryptographic parameters
Fu et al. TPM-based remote attestation for Wireless Sensor Networks
Zhang et al. Presence attestation: The missing link in dynamic trust bootstrapping
Ammar et al. Delegated attestation: scalable remote attestation of commodity cps by blending proofs of execution with software attestation
US20230379146A1 (en) Securing network communications using dynamically and locally generated secret keys
TWI605358B (en) Communication hub and method for verifying message among applications thereof
CN114172923B (en) Data transmission method, communication system and communication device