CN109101813A - A kind of application program hold-up interception method and relevant apparatus - Google Patents
A kind of application program hold-up interception method and relevant apparatus Download PDFInfo
- Publication number
- CN109101813A CN109101813A CN201811019798.9A CN201811019798A CN109101813A CN 109101813 A CN109101813 A CN 109101813A CN 201811019798 A CN201811019798 A CN 201811019798A CN 109101813 A CN109101813 A CN 109101813A
- Authority
- CN
- China
- Prior art keywords
- application program
- certificate
- program
- certification authority
- organization
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
This application discloses a kind of application program hold-up interception methods, comprising: whether the certification authority for obtaining application program judges certification authority in issuing organization white list;When certification authority is not in issuing organization white list, certificate dissection process is carried out to the certificate of application program and obtains certificate field, judges whether certificate field contains spurious information;When certificate field contains spurious information, judge whether application program is rogue program according to the instruction of application program institute's operation to be performed;When application program is rogue program, the operational order of application program is intercepted.By the certificate of application program as the judgement voucher intercepted, no matter application program data volume it is much, the waiting time for intercepting judgement can be reduced, improve the efficiency of application program interception.Disclosed herein as well is a kind of application program intercepting system, server and computer readable storage mediums, have the above beneficial effect.
Description
Technical field
This application involves field of computer technology, in particular to a kind of application program hold-up interception method, application program intercept system
System, server and computer readable storage medium.
Background technique
With the continuous development of information technology, the malice of malicious persons dispensing can be continuously emerged in the program run in computer
Program, need rogue program run before just the application program is checked, so as to exclude be rogue program risk.It is existing
In technology, the cryptographic Hash of application program is usually calculated, is searched in cryptographic Hash white list according to the cryptographic Hash, if looked into
Matched cryptographic Hash is had found, then then illustrating that the application program is not rogue program, can be executed, and intercept the white list
Except application program.
But the calculating time of cryptographic Hash can increasing and increase with computing object data volume, therefore, when being intercepted
Application program data volume it is excessive when, intercept by cryptographic Hash and will increase waiting time of application program launching, influence
The starting of normal application program, equally can also reduce the efficiency of application program interception.
Therefore, the Important Problems that the intercepting efficiency of application program is skilled person's concern how to be improved.
Summary of the invention
The purpose of the application is to provide a kind of application program hold-up interception method, application program intercepting system, server and meter
Calculation machine readable storage medium storing program for executing, by the certificate of application program as the judgement voucher intercepted, the verifying for carrying out application program will not
Data volume by application program itself is influenced, that is, no matter application program data volume it is much, the duration intercepted is all
It is the same, and can be directly verified according to certificate without processes such as calculating, reduces the waiting time for intercepting judgement, improve
The efficiency that application program intercepts.
In order to solve the above technical problems, the application provides a kind of application program hold-up interception method, comprising:
Whether the certification authority for obtaining application program, judge the certification authority in issuing organization white list
In;
When the certification authority is not in the issuing organization white list, the certificate of the application program is carried out
Certificate dissection process obtains certificate field, judges whether the certificate field contains spurious information;
When the certificate field contains the spurious information, sentenced according to application program institute's operation to be performed instruction
Whether the application program of breaking is rogue program;
When the application program is rogue program, the operational order of the application program is intercepted.
Optionally, when the certification authority is not in the issuing organization white list, to the application program
Certificate carries out certificate dissection process and obtains certificate field, judges whether the certificate field contains spurious information, comprising:
When the certification authority is not in the issuing organization white list, the certificate of the application program is carried out
Certificate dissection process obtains the certificate field;
Obtain multiple organization informations in the certificate field;
Judge whether all organization informations contain spurious information according to the organization information prestored.
Optionally, when the certification authority is not in the issuing organization white list, to the application program
Certificate carries out certificate dissection process, obtains the certificate field, comprising:
When the certification authority is not in the issuing organization white list, format is signed to institute according to international standard
The certificate for stating application program carries out certificate dissection process, obtains the certificate field.
Optionally, when the certificate field contains the spurious information, according to the application program behaviour to be executed
Make instruction and judge whether the application program is rogue program, further includes:
When the certificate field contains the spurious information, judge whether the operational order is recorded in malicious operation number
According in library;
If so, ruling information is sent to user, to receive the ruling instruction of user's input;
Judge whether the application program is rogue program according to ruling instruction.
The application also provides a kind of application program intercepting system, comprising:
Certificate agency judgment module judges the certification authority for obtaining the certification authority of application program
Whether in issuing organization white list;
Spurious information judgment module is used for when the certification authority is not in the issuing organization white list, right
The certificate of the application program carries out certificate dissection process and obtains certificate field, judges whether the certificate field contains forgery letter
Breath;
Operational order judgment module, for applying journey according to described when the certificate field contains the spurious information
The instruction of sequence institute's operation to be performed judges whether the application program is rogue program;
Application program blocking module, for intercepting the behaviour of the application program when the application program is rogue program
It instructs.
Optionally, the spurious information judgment module, comprising:
Certificate field acquiring unit is used for when the certification authority is not in the issuing organization white list, right
The certificate of the application program carries out certificate dissection process, obtains the certificate field;
Organization information acquiring unit, for obtaining multiple organization informations in the certificate field;
Organization information judging unit, for judging whether all organization informations contain puppet according to the organization information prestored
Make information.
Optionally, the certificate field acquiring unit, specifically for not issuing machine described when the certification authority
When in structure white list, format is signed to the certificate progress certificate dissection process of the application program according to international standard, is obtained
To the certificate field.
Optionally, the operational order judgment module, comprising:
Operational order judging unit, for when the certificate field contains the spurious information, judging that the operation refers to
It enables and whether being recorded in malicious operation database;
Ruling instruction acquisition unit, for when the operational order is recorded in the malicious operation database, Xiang Yong
Family sends ruling information, to receive the ruling instruction of user's input;
Rogue program judging unit, for judging whether the application program is rogue program according to ruling instruction.
The application also provides a kind of server, comprising:
Memory, for storing computer program;
Processor, the step of application program hold-up interception method as described above is realized when for executing the computer program.
The application also provides a kind of computer readable storage medium, and calculating is stored on the computer readable storage medium
The step of machine program, the computer program realizes application program hold-up interception method as described above when being executed by processor.
A kind of application program hold-up interception method provided herein, comprising: the certification authority for obtaining application program is sentenced
Whether the certification authority that breaks is in issuing organization white list;When the certification authority is white not in the issuing organization
When in list, certificate dissection process is carried out to the certificate of the application program and obtains certificate field, judges that the certificate field is
It is no to contain spurious information;When the certificate field contains the spurious information, according to the application program behaviour to be executed
Make instruction and judges whether the application program is rogue program;When the application program is rogue program, the application is intercepted
The operational order of program.
By the certificate of application program as the judgement voucher intercepted, the verifying for carrying out application program not will receive using journey
The data volume of sequence itself influences, that is, no matter application program data volume it is much, the duration intercepted is the same, and
And can directly be verified according to certificate without processes such as calculating, the waiting time for intercepting judgement is reduced, application program is improved and blocks
The efficiency cut.
The application also provides a kind of application program intercepting system, server and computer readable storage medium, have with
Upper beneficial effect, therefore not to repeat here.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
The embodiment of application for those of ordinary skill in the art without creative efforts, can also basis
The attached drawing of offer obtains other attached drawings.
Fig. 1 is a kind of flow chart of application program hold-up interception method provided by the embodiment of the present application;
Fig. 2 is the flow chart of the certificate field judgment method of application program hold-up interception method provided by the embodiment of the present application;
Fig. 3 is the flow chart of the rogue program method of application program hold-up interception method provided by the embodiment of the present application;
Fig. 4 is a kind of structural schematic diagram of application program intercepting system provided by the embodiment of the present application.
Specific embodiment
The core of the application is to provide a kind of application program hold-up interception method, application program intercepting system, server and meter
Calculation machine readable storage medium storing program for executing, by the certificate of application program as the judgement voucher intercepted, the verifying for carrying out application program will not
Data volume by application program itself is influenced, that is, no matter application program data volume it is much, the duration intercepted is all
It is the same, and can be directly verified according to certificate without processes such as calculating, reduces the waiting time for intercepting judgement, improve
The efficiency that application program intercepts.
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
In attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is
Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall in the protection scope of this application.
In the prior art, usually calculate application program cryptographic Hash, according to the cryptographic Hash in cryptographic Hash white list into
Row is searched, if having found matched cryptographic Hash, is then illustrated that the application program is not rogue program, can be executed, and
And intercept the application program except the white list.But the calculating time of cryptographic Hash can increasing with computing object data volume
And increase, therefore, when the data volume of the application program intercepted is excessive, intercept by cryptographic Hash be will increase using journey
The waiting time of sequence starting, the starting of normal application program is influenced, equally can also reduce the efficiency of application program interception.
Therefore, the present embodiment provides a kind of application program hold-up interception methods, are sentenced by the certificate of application program as what is intercepted
Disconnected voucher, the verifying for carrying out application program not will receive the data volume influence of application program itself, that is, no matter application program
Data volume it is much, the duration intercepted is the same, and according to certificate can directly verify without calculate etc. processes,
The waiting time for intercepting judgement is reduced, the efficiency of application program interception is improved.
Specifically, referring to FIG. 1, Fig. 1 is a kind of process of application program hold-up interception method provided by the embodiment of the present application
Figure.
It should be noted that Fig. 1 is a kind of flow chart that the present embodiment method is presented, the process figure of the embodiment
Formula is not unique, is not specifically limited herein.
This method may include:
Whether S101 obtains the certification authority of application program, judge certification authority in issuing organization white list
In;If so, executing S105;If it is not, then executing S102;
Due in an operating system, such as the driver and application program that run in Windows operation generally all pass through
Certificate signature, therefore in each application program there are certificates.This step is intended to through the certification authority to the certificate
Tentatively judged, wherein particularly judge the certification authority whether in issuing organization white list, if it is,
It can directly execute, continue to perform the next step if not.Preliminary intercept is carried out by certification authority in this step to verify
A kind of simpler verification mode, no matter to the application program of which kind of data volume only with getting its certification authority
It is verified, verification efficiency is higher, will not influence the normal use of application program.
S102 carries out certificate solution to the certificate of application program when certification authority is not in issuing organization white list
Analysis handles to obtain certificate field, judges whether certificate field contains spurious information;If so, executing S103;If it is not, then executing
S105;
On the basis of step S101, this step is intended to verify the legitimacy of the certificate of application program itself, tool
Body is to carry out certificate dissection process to certificate to obtain certificate field, judges certificate field according to the certificate field information locally prestored
Whether spurious information is contained.Namely judge whether the certificate is to forge certificate, if it is determined that being to forge certificate so to continue to
Carry out next step verifying.
Wherein, the method parsed to certificate can use different analysis modes according to the difference of certificate, and
Any one analytic method that can also be provided using the prior art, as long as last available certificate field, so,
It is not specifically limited herein.
Further, certificate field is to be prestored containing information relevant to certificate by these certificate informations and local
Correct information compare, that is, can determine whether contain spurious information in certificate field.
S103 instructs judgement application according to application program institute's operation to be performed when certificate field contains spurious information
Whether program is rogue program;If so, executing S104;If it is not, then executing S105;
On the basis of step S102, the operational order after this step is intended to be executed according to application program judges this using journey
Whether sequence is rogue program, and due to two above step, the application program can not still determine whether the application journey for that can run
Sequence, it is therefore desirable to execute the application program, the operational order executed by the application program judges the application program.By
High-risk, unsafe or malice operational order can be generally executed in rogue program, therefore this step can be by sentencing
Whether the disconnected operational order being performed belongs to aforesaid operations instruction, and then judges whether the application program is rogue program.
Therefore, operational order can be one section of code, is also possible to obtain one section of instruction of system information, can also be
With the data for executing function, the operational order is the application program object to be executed in a word, and the form of the operational order is simultaneously
It is not unique, it is not specifically limited herein.
Further, it can be according to the mode that the operational order is judged by the operational order and preset blacklist
Or the operational order in white list compares, and then judges whether should be normal operational order or abnormal operation from operational order
Instruction, finally judges whether the application program is rogue program according to the judging result of operational order.It can also be to operational order
It is analyzed, whether the object for judging that the operational order executes is exception object, judges this using journey further according to the judging result
Whether sequence is rogue program;The operational order can also be placed in sandbox environment and be executed, which is judged according to implementing result
Whether instruction is abnormal operation instruction, judges whether application program is rogue program further according to the judging result.This step as a result,
The middle mode judged according to operational order application program is not unique, is not specifically limited herein.
S104 intercepts the operational order of application program when application program is rogue program;
On the basis of step S103, when judging application program for rogue program, the operational order of application program is intercepted,
Exactly intercept application program executes movement, to prevent the execution of application program.
S105 executes the application program.
In the step of above S101 to S103, corresponding time-out judgement can also be set, when any one step executes
Duration be more than threshold value duration when, be immediately performed in next step.
To sum up, the present embodiment carries out the verifying of application program by the certificate of application program as the judgement voucher intercepted
Not will receive application program itself data volume influence, that is, no matter application program data volume it is much, intercepted when
Length is the same, and can directly be verified according to certificate without processes such as calculating, is reduced the waiting time for intercepting judgement, is mentioned
The efficiency that high application program intercepts.
On the basis of a upper embodiment, how the present embodiment in a upper embodiment mainly for judging in certificate field
Do one of spurious information illustrates, and other parts are substantially the same with a upper embodiment, and same section can be real with reference to upper one
Example is applied, this will not be repeated here.
Referring to FIG. 2, Fig. 2 is the certificate field judgment method of application program hold-up interception method provided by the embodiment of the present application
Flow chart.
It should be noted that Fig. 2 is a kind of flow chart that the present embodiment method is presented, the process figure of the embodiment
Formula is not unique, is not specifically limited herein.
This method may include:
S201 carries out certificate solution to the certificate of application program when certification authority is not in issuing organization white list
Analysis processing, obtains certificate field;
S202 obtains multiple organization informations in certificate field;
S203 judges whether all organization informations contain spurious information according to the organization information prestored;If so, executing
S103;If it is not, then executing S105.
The present embodiment mainly judges whether the organization information of much information in certificate field contains spurious information, due to machine
The closure of structure information, leakiness is smaller, and it is higher to forge difficulty.And there are multiple organization informations in certificate field, it is different
Organization information between can be mutually authenticated whether contain spurious information, further improve the reliability for certification authentication.
Optionally, S201 may include:
When certification authority is not in issuing organization white list, format is signed to application program according to international standard
Certificate carries out certificate dissection process, obtains certificate field.
This optinal plan mainly carries out the dissection process of certificate according to unified certificate signature format, that is, according to state
Border Standard signatures format carries out certificate dissection process to certificate, improves the success rate of certificate parsing.
On the basis of a upper embodiment, how the present embodiment is mainly for judging what rogue program was done in a upper embodiment
One illustrates, and other parts are substantially the same with a upper embodiment, and same section can refer to a upper embodiment, does not do herein
It repeats.
Referring to FIG. 3, Fig. 3 is the stream of the rogue program method of application program hold-up interception method provided by the embodiment of the present application
Cheng Tu.
It should be noted that Fig. 3 is a kind of flow chart that the present embodiment method is presented, the process figure of the embodiment
Formula is not unique, is not specifically limited herein.
This method may include:
S301 judges whether operational order is recorded in malicious operation database when certificate field contains spurious information;
If so, executing S302;If it is not, then executing S105;
S302 sends ruling information to user, to receive the ruling instruction of user's input;
S303 judges whether application program is rogue program according to ruling instruction, if so, executing S104;If it is not, then holding
Row S105.
Judge whether the operational order is recorded in the database by malicious operation database first in the present embodiment, such as
Fruit is to illustrate the operational order for malicious operation instruction.But some malicious operations are that user needs to hold in ordinary circumstance
It is capable, it is therefore desirable to send the ruling information about the operational order to user, so as to user between agreeing to and disagreeing into
Row selection obtains ruling instruction after selection.Finally whether the application program is judged further according to the particular content of ruling instruction
For rogue program.If ruling instruction determines that application program is rogue program, if ruling instruction is same to disagree
Meaning, then determine that the application program is not rogue program.
In the present embodiment, it is added to the step of user judges, that is, is executed to special application program is open
Channel, allows user's executing application according to their own needs.
A kind of application program intercepting system provided by the embodiments of the present application is introduced below, one kind described below is answered
Reference can be corresponded to each other with a kind of above-described application program hold-up interception method with program intercepts system.
Specifically, referring to FIG. 4, Fig. 4 is a kind of structure of application program intercepting system provided by the embodiment of the present application
Schematic diagram.
The system may include:
Certificate agency judgment module 100 judges that certification authority is for obtaining the certification authority of application program
It is no in issuing organization white list;
Spurious information judgment module 200 is used for when certification authority is not in issuing organization white list, to using journey
The certificate of sequence carries out certificate dissection process and obtains certificate field, judges whether certificate field contains spurious information;
Operational order judgment module 300, for executed according to application program when certificate field contains spurious information
Operational order judge whether application program is rogue program;
Application program blocking module 400, for when application program is rogue program, the operation for intercepting application program to refer to
It enables.
Optionally, the spurious information judgment module 200 may include:
Certificate field acquiring unit is used for when certification authority is not in issuing organization white list, to application program
Certificate carry out certificate dissection process, obtain certificate field;
Organization information acquiring unit, for obtaining multiple organization informations in certificate field;
Organization information judging unit, for judging whether all organization informations contain forgery letter according to the organization information prestored
Breath.
Optionally, the certificate field acquiring unit is specifically used for when certification authority is not in issuing organization white list
When, format is signed to the certificate progress certificate dissection process of application program according to international standard, obtains certificate field.
Optionally, the operational order judgment module 300 may include:
Operational order judging unit, for judging whether operational order is recorded in when certificate field contains spurious information
In malicious operation database;
Ruling instruction acquisition unit, for sending and cutting out to user when operational order is recorded in malicious operation database
Certainly information, to receive the ruling instruction of user's input;
Rogue program judging unit, for judging whether application program is rogue program according to ruling instruction.
The embodiment of the present application also provides a kind of server, comprising:
Memory, for storing computer program;
Processor realizes application program hold-up interception method as described above in Example when for executing the computer program
The step of.
The embodiment of the present application also provides a kind of computer readable storage medium, stores on the computer readable storage medium
There is computer program, the computer program realizes application program interception side as described above in Example when being executed by processor
The step of method.
The computer readable storage medium may include: USB flash disk, mobile hard disk, read-only memory (Read-Only
Memory, ROM), random access memory (Random Access Memory, RAM), magnetic or disk etc. is various to deposit
Store up the medium of program code.
Each embodiment is described in a progressive manner in specification, the highlights of each of the examples are with other realities
The difference of example is applied, the same or similar parts in each embodiment may refer to each other.For device disclosed in embodiment
Speech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration
?.
Professional further appreciates that, unit described in conjunction with the examples disclosed in the embodiments of the present disclosure
And algorithm steps, can be realized with electronic hardware, computer software, or a combination of the two, in order to clearly demonstrate hardware and
The interchangeability of software generally describes each exemplary composition and step according to function in the above description.These
Function is implemented in hardware or software actually, the specific application and design constraint depending on technical solution.Profession
Technical staff can use different methods to achieve the described function each specific application, but this realization is not answered
Think beyond scope of the present application.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor
The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit
Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology
In any other form of storage medium well known in field.
Above to a kind of application program hold-up interception method provided herein, application program intercepting system, server and
Computer readable storage medium is described in detail.Principle and embodiment of the specific case to the application used herein
It is expounded, the description of the example is only used to help understand the method for the present application and its core ideas.It should be pointed out that
For those skilled in the art, under the premise of not departing from the application principle, can also to the application into
Row some improvements and modifications, these improvement and modification are also fallen into the protection scope of the claim of this application.
Claims (10)
1. a kind of application program hold-up interception method characterized by comprising
Whether the certification authority for obtaining application program, judge the certification authority in issuing organization white list;
When the certification authority is not in the issuing organization white list, certificate is carried out to the certificate of the application program
Dissection process obtains certificate field, judges whether the certificate field contains spurious information;
When the certificate field contains the spurious information, institute is judged according to application program institute's operation to be performed instruction
State whether application program is rogue program;
When the application program is rogue program, the operational order of the application program is intercepted.
2. application program hold-up interception method according to claim 1, which is characterized in that when the certification authority is not in institute
When stating in issuing organization white list, certificate dissection process is carried out to the certificate of the application program and obtains certificate field, judges institute
State whether certificate field contains spurious information, comprising:
When the certification authority is not in the issuing organization white list, certificate is carried out to the certificate of the application program
Dissection process obtains the certificate field;
Obtain multiple organization informations in the certificate field;
Judge whether all organization informations contain spurious information according to the organization information prestored.
3. application program hold-up interception method according to claim 2, which is characterized in that when the certification authority is not in institute
When stating in issuing organization white list, certificate dissection process is carried out to the certificate of the application program, the certificate field is obtained, wraps
It includes:
When the certification authority is not in the issuing organization white list, answered according to international standard signature format described
Certificate dissection process is carried out with the certificate of program, obtains the certificate field.
4. application program hold-up interception method according to claim 1, which is characterized in that when the certificate field contains the puppet
When making information, judge whether the application program is rogue program according to application program institute's operation to be performed instruction, also
Include:
When the certificate field contains the spurious information, judge whether the operational order is recorded in malicious operation database
In;
If so, ruling information is sent to user, to receive the ruling instruction of user's input;
Judge whether the application program is rogue program according to ruling instruction.
5. a kind of application program intercepting system characterized by comprising
Whether certificate agency judgment module judges the certification authority for obtaining the certification authority of application program
In issuing organization white list;
Spurious information judgment module is used for when the certification authority is not in the issuing organization white list, to described
The certificate of application program carries out certificate dissection process and obtains certificate field, judges whether the certificate field contains spurious information;
Operational order judgment module, for when the certificate field contains the spurious information, according to the application program institute
Operation to be performed instruction judges whether the application program is rogue program;
Application program blocking module, for when the application program is rogue program, the operation for intercepting the application program to refer to
It enables.
6. application program intercepting system according to claim 1, which is characterized in that the spurious information judgment module, packet
It includes:
Certificate field acquiring unit is used for when the certification authority is not in the issuing organization white list, to described
The certificate of application program carries out certificate dissection process, obtains the certificate field;
Organization information acquiring unit, for obtaining multiple organization informations in the certificate field;
Organization information judging unit, for judging whether all organization informations contain forgery letter according to the organization information prestored
Breath.
7. application program intercepting system according to claim 6, which is characterized in that the certificate field acquiring unit, tool
Body is used for when the certification authority is not in the issuing organization white list, signs format to described according to international standard
The certificate of application program carries out certificate dissection process, obtains the certificate field.
8. application program intercepting system according to claim 1, which is characterized in that the operational order judgment module, packet
It includes:
Operational order judging unit, for when the certificate field contains the spurious information, judging that the operational order is
It is no to be recorded in malicious operation database;
Ruling instruction acquisition unit, for being sent out to user when the operational order is recorded in the malicious operation database
Ruling information is sent, to receive the ruling instruction of user's input;
Rogue program judging unit, for judging whether the application program is rogue program according to ruling instruction.
9. a kind of server characterized by comprising
Memory, for storing computer program;
Processor realizes that the described in any item application programs of Claims 1-4 such as intercept when for executing the computer program
The step of method.
10. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program realizes such as Claims 1-4 described in any item application program interception sides when the computer program is executed by processor
The step of method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811019798.9A CN109101813A (en) | 2018-09-03 | 2018-09-03 | A kind of application program hold-up interception method and relevant apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811019798.9A CN109101813A (en) | 2018-09-03 | 2018-09-03 | A kind of application program hold-up interception method and relevant apparatus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109101813A true CN109101813A (en) | 2018-12-28 |
Family
ID=64864875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811019798.9A Pending CN109101813A (en) | 2018-09-03 | 2018-09-03 | A kind of application program hold-up interception method and relevant apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109101813A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110532775A (en) * | 2019-07-26 | 2019-12-03 | 苏州浪潮智能科技有限公司 | A kind of Method and kit for of computer processes control |
| CN111143843A (en) * | 2019-12-12 | 2020-05-12 | 北京神州绿盟信息安全科技股份有限公司 | Malicious application detection method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
| CN104123488A (en) * | 2014-08-14 | 2014-10-29 | 北京网秦天下科技有限公司 | Method and device for verifying application program |
| CN104580172A (en) * | 2014-12-24 | 2015-04-29 | 北京奇虎科技有限公司 | Data communication method and device based on https (hypertext transfer protocol over secure socket layer) |
| CN106789897A (en) * | 2016-11-15 | 2017-05-31 | 沃通电子认证服务有限公司 | For the digital certificate authentication method and system of application program for mobile terminal |
| CN107508682A (en) * | 2017-08-16 | 2017-12-22 | 努比亚技术有限公司 | Browser certificate authentication method and mobile terminal |
-
2018
- 2018-09-03 CN CN201811019798.9A patent/CN109101813A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
| CN104123488A (en) * | 2014-08-14 | 2014-10-29 | 北京网秦天下科技有限公司 | Method and device for verifying application program |
| CN104580172A (en) * | 2014-12-24 | 2015-04-29 | 北京奇虎科技有限公司 | Data communication method and device based on https (hypertext transfer protocol over secure socket layer) |
| CN106789897A (en) * | 2016-11-15 | 2017-05-31 | 沃通电子认证服务有限公司 | For the digital certificate authentication method and system of application program for mobile terminal |
| CN107508682A (en) * | 2017-08-16 | 2017-12-22 | 努比亚技术有限公司 | Browser certificate authentication method and mobile terminal |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110532775A (en) * | 2019-07-26 | 2019-12-03 | 苏州浪潮智能科技有限公司 | A kind of Method and kit for of computer processes control |
| CN111143843A (en) * | 2019-12-12 | 2020-05-12 | 北京神州绿盟信息安全科技股份有限公司 | Malicious application detection method and device |
| CN111143843B (en) * | 2019-12-12 | 2022-04-12 | 绿盟科技集团股份有限公司 | Malicious application detection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108304722A (en) | A kind of software installation packet and its generation method, upgrade method and system | |
| CN110225063A (en) | Upgrade method, upgrade-system, server and the car-mounted terminal of automobile mounted system | |
| US20170316170A1 (en) | Usage control method and system for medical detection device, and medical detection device | |
| CN109992288A (en) | A kind of firmware update, device and computer readable storage medium | |
| CN110457908A (en) | A kind of firmware upgrade method of smart machine, device, equipment and storage medium | |
| CN105893837B (en) | Application program installation method, security encryption chip and terminal | |
| CN109472686A (en) | Contract signing method, apparatus and terminal device | |
| CN111541665A (en) | Data access method, device, storage medium and cluster type security management platform | |
| CN111143808B (en) | System security authentication method and device, computing equipment and storage medium | |
| US20150227733A1 (en) | Automatic login system and automatic login method | |
| CN105308610A (en) | Method and system for platform and user application security on a device | |
| CN111953634B (en) | Access control method and device for terminal equipment, computer equipment and storage medium | |
| CN109101813A (en) | A kind of application program hold-up interception method and relevant apparatus | |
| CN101777101B (en) | Method for improving usability of intelligent secret key device and intelligent secret key device | |
| CN108804913A (en) | The operation method and device of application program | |
| CN109271189A (en) | A kind of processing method and relevant apparatus of embedded system firmware | |
| CN114726630B (en) | License-based information security authorization method and device, electronic equipment and medium | |
| CN107506207A (en) | The safe verification method and terminal of a kind of POS | |
| CN106599626A (en) | Application program authorization authentication method and system | |
| CN104504308B (en) | A kind of license validation method for forbidding virtual machine to use software | |
| CN110266653A (en) | A kind of method for authenticating, system and terminal device | |
| CN113592625A (en) | Credit report generation method and device and electronic equipment | |
| CN108460269A (en) | Verification method and device, verification terminal device | |
| CN109840402B (en) | Privatization service authorization management method and device, computer equipment and storage medium | |
| CN114780932B (en) | Cross-block chain data interaction verification method, system and equipment for management three-mode platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181228 |