CN103368987B - Cloud server, application program verification, certification and management system and application program verification, certification and management method - Google Patents
Cloud server, application program verification, certification and management system and application program verification, certification and management method Download PDFInfo
- Publication number
- CN103368987B CN103368987B CN201210084896.7A CN201210084896A CN103368987B CN 103368987 B CN103368987 B CN 103368987B CN 201210084896 A CN201210084896 A CN 201210084896A CN 103368987 B CN103368987 B CN 103368987B
- Authority
- CN
- China
- Prior art keywords
- application program
- examination
- verification
- information
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides an application program verification, certification and management system comprising a cloud server and a mobile terminal; the cloud server is used for verifying an application program, acquiring suspicious behavior data of the application program in the verification process, recording the suspicious behavior data to obtain a verification result of the application program and generating a verification description file according to the verification result, wherein the verification description file includes certification data and the verification result of the application program; and the mobile terminal is used for downloading the verification description file of a specified application program from the cloud server and using a corresponding management strategy to carry out safety control on the specified application program according to the verification description file. The system has a reasonable multi-strategy management mechanism, can bring a better real-time safety protection effect and has good compatibility. The invention further provides a cloud server and an application program verification, certification and management method.
Description
Technical field
The present invention relates to mobile communication technology field, particularly to a kind of Cloud Server, and the examining of a kind of application program
Core certification and management system and method.
Background technology
With the development of software and mobile communication technology, the system of mobile communication equipment (such as mobile phone) is also constantly more
Newly.At present, the system of most of mobile communication equipment is required for strict signature authentication for the installation of application program and use.
Specifically, some of them system (for example, Symbian system) introduces strict signature authentication system, using to limited accass
System capability application program, need through developer signature and publisher signature could unrestricted other any
Install in the system of indicated release.Through the application installation package of developer's signature, then after publisher's signature, application installation package
Change, only just can installation and operation in system through the application program of publisher's signature.The exploitation of this system application
It was demonstrated that developer's identity of application program, publisher's Signature Proof issues publisher's identity of this application to person's signature, simultaneously
Also indicate that publisher the legitimacy of application program, safety, effectiveness are approved that is to say, that the signature of this system only
Can be shown that the identity oneself approving this application using oneself to issue, not signing is exactly not approve.Other systematic difference journeys
Sequence (such as android system) only need to carry out signing and can install and use the signature it is believed that this system application
Can be shown that the identity of developer, or even developer's identity not can be shown that sometimes, such as using SDK (Software
Development Kit, software development kit) the debug certificate that carries or other not can be shown that developer's identity certificate when.
Prior art has the drawback that:(1) authentication result is single, only approves, does not approve two kinds of results, and is right
The accreditation of the blanket information of all application programs, is not directed to the accreditation of application properties.(2) mobile phone terminal is to application journey
The process strategy of sequence is single, no many policy management mechanisms, is not more directed to current application program examination & verification state targetedly real
Apply the scheme of many tactical managements.(3) poor compatibility, the result of certification is not independent, and the result of certification and signed data need to be saved in
The file at certification object place in application program installation kit before certification, can be changed after authentication application program, generate new peace
Dress APMB package.The form of the application program before certification and after certification substantially has occurred that change, and having defined two kinds should
With Program Type, it is also easy to produce compatibility issue.
Content of the invention
The purpose of the present invention is intended at least solve one of above-mentioned technological deficiency.
For this reason, the first of the present invention purpose proposes a kind of examination & verification certification and the management system of application program, this system
There are reasonably many policy management mechanisms, more preferable actual time safety protection effect can not only be brought, and compatibility is good.This
The second bright purpose proposes a kind of Cloud Server, has good collection and decision-making ability.Third object of the present invention is also
Propose examination & verification certification and the management method of a kind of application program, the method adopts many policy management mechanisms, is conducive to bringing more
Good customer experience.
For reaching above-mentioned purpose, the embodiment of first aspect present invention proposes examination & verification certification and the pipe of a kind of application program
Reason system, including:Cloud Server, for auditing application program and gathering the questionable conduct of described application program in review process
Data, is recorded to described questionable conduct data to obtain the corresponding auditing result of described application program, and according to described
Auditing result generates examination & verification description file, and wherein, described examination & verification description file includes the authentication data of described application program and examines
Core result;And mobile terminal, the described examination & verification for downloading specified application from described Cloud Server describes file, and root
According to described examination & verification description file, using corresponding management strategy, security control is carried out to described specified application.
The examination & verification certification of application program according to embodiments of the present invention and management system are so that mobile terminal can be to having not
Application program with behavior characteristicss and different credibility adopts different targetedly process strategies, can not only bring more
Good actual time safety protection effect is additionally it is possible to bring more preferable Consumer's Experience.Meanwhile, the also compatible existing application peace of party's system
Dress bag form, can be on the basis of not changing present application program or its installation kit form, and seamless examines application program
Core authentication application, in existing application specification, does not affect the life cycle management mechanism of application program.
The embodiment of second aspect present invention proposes a kind of Cloud Server, including:Acquisition module, for acquisition applications journey
The questionable conduct data of sequence;Auditing module, for verifying the signature of described application program to confirm the legal of described application program
Property, and verify the essential information of the described application program software compatibility to confirm described application program, generate described application journey
The legal and compatibility specification information of sequence, and described questionable conduct data is analyzed to carry out to described application program point
Class is simultaneously evaluated, and generates classification information and the evaluation information of described application program, by described legal and compatibility specification information, institute
State classification information and described evaluation information merges to obtain described auditing result, and examination & verification is generated according to described auditing result
Description file;Authentication module, is digitally signed certification to generate certification number for certificate of utility to described examination & verification description file
According to wherein, described authentication data is used for identifying described examination & verification description file and application program describes the source of file, wherein, institute
State application program and describe file for identifying described application program or the installation kit of described application program;Pushing module, for root
Generate described examination & verification description file according to described auditing result and described authentication data, and receive the request of data of mobile terminal
When, by described examination & verification description file push to described mobile terminal.
Cloud Server according to embodiments of the present invention, can not only preferably gather corresponding data, also have very strong
Decision-making ability, can carry out auditing to the data of collection, certification, and is processed in time according to practical situation.
The embodiment of third aspect present invention proposes a kind of examination & verification certification and the management method of application program, including as follows
Step:
Cloud Server is audited application program and is gathered the questionable conduct data of described application program in review process, and right
Described questionable conduct data is recorded the auditing result to generate, and generates examination & verification description literary composition according to described auditing result
Part, wherein, described examination & verification description file includes authentication data and the auditing result of described application program;
Mobile terminal sends the data request signal of specified application to described Cloud Server, and from described cloud service
The examination & verification that described specified application downloaded by device describes file, and according to described examination & verification description file to described specified application
Security control is carried out using corresponding management strategy.
The examination & verification certification of application program proposing according to embodiments of the present invention and management method, the more than application journey of certification
The source legitimacy of sequence, but also have authenticated the legitimacy of the security audit result of application program.Meanwhile, using reasonably many plans
Slightly administrative mechanism, can bring more preferable actual time safety protection, and compatibility is good.Additionally, the security audit knot of application program
Fruit contains the behavior characteristicss of application program so that a lot of application program has had some applications when reaching mobile terminal
The safety-related information such as program behavior, is easy to mobile terminal and makes more effectively security control.
The aspect that the present invention adds and advantage will be set forth in part in the description, and partly will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Brief description
The above-mentioned and/or additional aspect of the present invention and advantage will become from the following description of the accompanying drawings of embodiments
Substantially and easy to understand, wherein:
Fig. 1 is the examination & verification certification of the application program according to the embodiment of the present invention and the schematic diagram of management system;
Fig. 2 is the schematic diagram of the Cloud Server according to the embodiment of the present invention;
Fig. 3 is the examination & verification certification of the application program according to one embodiment of the invention and the flow chart of management method;
Fig. 4 is the examination & verification certification of the application program according to another embodiment of the present invention and the idiographic flow of management method
Figure;With
Fig. 5 is application program before and after the examination & verification certification of the application program according to the embodiment of the present invention and the examination & verification of management method
The schematic diagram of change is sorted out in behavior.
Specific embodiment
Embodiments of the invention are described below in detail, the example of described embodiment is shown in the drawings, wherein from start to finish
The element that same or similar label represents same or similar element or has same or like function.Below with reference to attached
The embodiment of figure description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
In describing the invention, it should be noted that unless otherwise prescribed and limit, term " installation ", " being connected ",
" connection " should be interpreted broadly, for example, it may be the connection of mechanical connection or electrical connection or two element internals, can
To be to be joined directly together it is also possible to be indirectly connected to by intermediary, for the ordinary skill in the art, can basis
Concrete condition understands the concrete meaning of above-mentioned term.
With reference to explained below and accompanying drawing it will be clear that these and other aspects of embodiments of the invention.In these descriptions
In accompanying drawing, specifically disclose some particular implementation in embodiments of the invention, to represent the enforcement implementing the present invention
Some modes of the principle of example are but it is to be understood that the scope of embodiments of the invention is not limited.On the contrary, the present invention
Embodiment includes falling into all changes in the range of the spirit of attached claims and intension, modification and equivalent.
The examination & verification certification of a kind of application program proposing with reference to Fig. 1, first aspect present invention embodiment and management system, bag
Include Cloud Server 101 and mobile terminal 1 02.Cloud Server 101 is used for auditing application program and gathering described in review process
The questionable conduct data of application program, is recorded to described questionable conduct data to obtain the corresponding examination & verification of described application program
As a result, and according to described auditing result generate examination & verification description file, wherein, described examination & verification description file includes described application journey
The authentication data of sequence and auditing result, wherein, examination & verification description file includes authentication data and the auditing result of application program.Mobile
The examination & verification that terminal 102 is used for downloading specified application from Cloud Server 101 describes file, and according to examination & verification description file to finger
Determine application program and security control is carried out using corresponding management strategy.Wherein it is intended that application program can be downloaded first for user
Application program or mobile terminal the built-in application program of operating system.Due to before user not using this specify application journey
Sequence, does not understand to its safety it is therefore desirable to obtain the relevant information of this specified application from Cloud Server.
In one embodiment of the invention, Cloud Server 101 in the following manner at least one gather suspicious row
For data:
(1) utilize pseudo-terminal equipment run application program, in Cloud Server 101 acquisition applications program operation process can
Doubtful behavioral data.In an example of the present invention, pseudo-terminal equipment can be simulator or true terminal (such as mobile phone).
Pseudo-terminal equipment can be with the terminal system platform of integrated questionable conduct monitoring scheme, such that it is able to automatically carry out to application program
Collection, and carry out statistical analysiss.Also further manual analyses can be carried out to special case, it is more accurate to finally give
Questionable conduct data.Above-mentioned questionable conduct information can provide for the potential threat information of application program newly coming into the market to be sentenced
Disconnected foundation.
(2) Cloud Server 101 gathers user terminal (such as mobile phone) and uses the questionable conduct data in application program.Specifically
Ground, user terminal is acquired to the questionable conduct data in application program, statistics and analysis, and is in time synchronized to cloud service
Device 101.For the terminal system of integrated questionable conduct monitoring scheme, can also be during user uses mobile phone, constantly
Collection and analysis questionable conduct data.
Meanwhile, Cloud Server 101 is additionally operable to gather the initial classification information to questionable conduct data for the user.Wherein, initially
Classification information can include the result of determination to questionable conduct for the user, and whether such as questionable conduct are malicious act or credible row
For.The judged result that user uploads has very important effect for the data statisticss of Cloud Server 101.With customer group
Increase, user terminal, to the collection of each class behavior of application program and decision-making ability, will exceed the acquisition capacity of Cloud Server 101.
In one embodiment of the invention, Cloud Server 101 is verified to the signature of application program and essential information
To generate the legal and compatibility specification information of application program, and according to questionable conduct data, application program is classified and commented
Valency generating classification information and the evaluation information of application program, and according to by legal and compatibility specification information, classification information
Merge with evaluation information to obtain auditing result.
Below Cloud Server 101 is specifically described to the review process of application program.
First, Cloud Server 101 verifies the signature of application program AppName.apk, and the signature of application program is tested
Card is to confirm the legitimacy of application program.Then, inquire about whether this application program has record of bad behavior, checking AppName.apk's
Essential information, checks the software compatibility.That is, being verified the essential information of application program to confirm application program
The software compatibility, generates the legal and compatibility specification information of application program.After having checked compatibility, Cloud Server 101 enters
Row file type virus scan, particularly to lib storehouse.Decompiling java code, carries out API (Application Programming
Interface, application programming interface) call inspection, for example call hiding API.Subsequently, the safety of test application program
With startup optimization whether success and the software function automatic test to application program.Manually carry out software function examination & verification, and
Content legitimacy is examined.Then, to application behavior detection, analysis and judgement.In this step, automatization can be adopted
The mode that detection and manual examination and verification combine.That is, being analyzed to questionable conduct data to carry out to application program point
Class is simultaneously evaluated, and generates classification information and the evaluation information of application program.Thereafter, Cloud Server 101 records statistical analysiss and sentences
Determine result, such as do not find malicious act, generate the examination & verification scanning file of AppName.apk.That is, by legal and compatible rule
Plasticity information, classification information and evaluation information merge to obtain auditing result, and auditing result is stored in examination & verification description
In file;Certificate of utility is digitally signed certification to generate authentication data to examination & verification description file, and authentication data is used for marking
Know the source of examination & verification description file.
After completing above-mentioned review process, Cloud Server 101 generates classification information and the evaluation information of application program.
Specifically, application program can be divided into following a few class:
Questionable conduct:What the questionable conduct of application program referred to that application program carried out be possible to but not necessarily can be to user
The hurtful behavior of interests.Because each user vital interests of concern are different, whether an application behavior is true
User benefit can be damaged in fact, also need user voluntarily to be judged according to the demand of oneself or helped by system in the case of user's license
User is helped to judge, after judging, the behavior can be changed into malicious act or credible behavior.
Malicious act:The malicious act of application program refers to the behavior of the infringement user benefit that application program is carried out.Should
Whether it is malicious act with program behavior, need actively to judge through user or judged and got by system help user.
Credible behavior:The credible behavior of application program refers to will not be to user benefit in application program questionable conduct capability set
Hurtful behavior.Whether application behavior is credible behavior, needs actively to judge or by system help through user
User judges and gets.
Potential questionable conduct:Though the potential questionable conduct of application program refer to not occur but application program has the ability to hold
The questionable conduct of row.One potential questionable conduct of application program are once proved to be performed, and the behavior will become suspicious row
For;Conversely, application program potential questionable conduct is once proved never to be performed, the behavior will be also no longer latent
In questionable conduct.The all of potential questionable conduct of one application program are not one and determine constant set, with application journey
The real ability of sequence constantly clear and definite, this collection credit union becomes more and more accurate.
Questionable conduct capability set:The questionable conduct capability set of application program refer to according to application program have to system
The access ability of resource, is inferred to the set of all questionable conduct that application program has the ability to execute.Questionable conduct capability set
It is questionable conduct and the union of potential questionable conduct.The questionable conduct capability set of application program is not one and determines constant collection
Close, with application program real ability constantly clear and definite, this set also can become more and more accurate.
Above-mentioned various types of application behavior has accurate model or rule definition.
Cloud Server 101 is classified with the classification information obtaining to application program according to questionable conduct data.Wherein, divide
Category information is used for classification and the corresponding behavioural information of every class of records application program.From the foregoing, it will be observed that the classification letter of application program
Breath can be following kind of one or more:Credible behavior, potential questionable conduct, questionable conduct and malicious act.
Cloud Server 101 is evaluated to application program according to above-mentioned classification information, the evaluation information of the program that is applied.
Wherein, evaluation information includes trust, audits, do not audit and distrust.
In one embodiment of the invention, Cloud Server 101 certificate of utility is digitally signed to examination & verification description file
To generate authentication data, wherein, authentication data is used for mark examination & verification description file and application program describes the source of file for certification.
By examination & verification description file and application program are described file and be digitally signed, may certify that the source of application program is legal
Property, and also with the legitimacy of the security audit result of authentication application program, and then can prove that the behavior that application program has is special
Property and content legality, safety, standardization etc..
Wherein, authentication data includes the signature value of summary info, the certificate information of authentication signature and authentication signature.
Examination & verification description file includes following two forms:
(1) embedded:Examination & verification description file and authentication data are embedded in application program or the installation kit of application program,
Similar to application issued person's signature of Symbian system, signature is carried out to the application program only signed through developer and recognizes
After card, generate the application program installation kit with new signature.In an example of the present invention, for Yi platform, this is again
The installation kit generating can be the file of " * .bpk " type.
(2) stand alone type:Examination & verification description file and authentication data independently store, and do not change the application journey being reviewed certification
Sequence or its installation kit.Wherein, freestanding examination & verification description file is stored in certification and describes in file, and certification describes file is
Examination & verification description file is carried out with the product of signature authentication.
In one embodiment of the invention, certification describes file can be a compressed package.Certification describes the pressure of file
Contract and include examination & verification description file and signature authentication data, and comprise application program and describe file (app_des.txt).Its
In, in application program, the data storing to identify the application program being reviewed certification in file is described.
In an example of the present invention, it is as follows that certification describes file (* .ver) form:
Certification describes file App_verified.Ver, and in compressed package, document directory structure is:
| -- app_des.txt application program describes file
| -- app_verified_info.sec examination & verification description file
`--META-INF
| -- CERT.RSA signature file (comprises certificate information, signature value)
`--CERT.SF summary info storage file (digest value preserving All Files in compressed package is it is ensured that integrity).
Further, certification describes file and includes three below part:
Part I:Application program describes file (app_des.txt).Application program describes file and is reviewed certification
The identification information of application program.Wherein, application program describes file and comprises application package form, bag name, application version
Number, original signing messages.Wherein, original signing messages includes:Summary info, certificate information, signature value.These data can be only
One installation kit indicating an application program or application program, user is in the installation kit judging certain application program or application program
Whether it is audited object it was demonstrated that the content in examination & verification description file is exactly the examination & verification knot to that specified application program
Really.
Part II:Examination & verification description file (app_verified_info.sec).Examination & verification description file comprises application program
The information of each class behavior and content legality, software compatibility, standardization information, and the overall evaluation to this application program
Information.
Wherein, the information of each class behavior of application program includes:Questionable conduct, malicious act, credible behavior, potential suspicious row
For information, information content can be No. ID of behavior model or rule.
Evaluation information includes trust, audits, do not audit, distrusting.
Part III:Signature file.Signature file is to be signed with the qualification result of program using certificate correspondence.For
Differentiate that certification describes the integrity of file and the legitimacy in source it is ensured that the content that certification describes file cannot be tampered, certification
Person cannot be counterfeiting.
It is preferably compatible good that the authentication mode of separate storage authentication data has, will not change existing application program and
Its installation kit, does not destroy the form of existing application and installation kit, the compatibility of application program before keeping certification and after certification.
No matter being that application program itself changes, or the result of Cloud Server changing, examination & verification describes file and authentication data
Change be all separate, simultaneously can be with seamless smooth blend.
The examination & verification that mobile terminal 1 02 downloads specified application from Cloud Server 101 describes file.Due to examination & verification description literary composition
Part includes the security audit result of application program, contains the behavior characteristicss of application program so that much should in examination result
When reaching mobile terminal 1 02 with program, there is the safety-related information such as application behavior, be easy to mobile terminal
102 make effective security control.
In one embodiment of the invention, user utilizes mobile terminal 1 02 can take from cloud by following two modes
Business device 101 obtains auditing result.
(1) user when applying store (app store) to download to install authentication application program, system may be selected using embedded
Formula or freestanding examination & verification describe file.If embedded examination & verification description file, by " * .bpk " literary composition after download signed
Part;If freestanding examination & verification description file, then contain examination & verification description file when downloading application with apk file download package
Certification file is described.
(2) user passes through the system platform embedded software of mobile terminal, and active request knows the potential of specified application
Threaten or malicious act information, and then trigger download and the process that the certification of specified application describes file.
In one embodiment of the invention, mobile terminal 1 02 can obtain according to examination & verification description file and specify application journey
The corresponding one or more classification of sequence, and the management strategy to specified application according to one or more classification setting.
Based on examination & verification authentication result, mobile terminal 1 02 can implement many policy management mechanisms, for current application program
Examination & verification state targetedly implements the scheme of many tactical managements, that is, adopt reasonably many policy management mechanisms to reduce terminal system
Operation when burden, and bring more preferable experience beneficial to user.
In one embodiment of the invention, management strategy include right access control strategy, real-time behavior monitoring strategy,
Behavior acquisition strategies, isolation control strategy and information feedback strategy.
Specifically, application program Classification Management and targetedly management strategy as shown in table 1 below.
Table 1
The application program of user installation typically can belong to one of above-mentioned four types, but application program not necessarily can be fixed
Belonged to which type, with persistently carrying out of examination & verification, be for example installed to type belonging to application on Yi platform it may happen that
Change, this change is also to develop to more accurately direction.Additionally, user operation also can affect Application Type, such as
User voluntarily installs other and does not approve the application programs in source, just starts to belong to " unverified does not audit application program ", when with
Householder moves after initiating to ask to describe file to Cloud Server 101 acquisition application authentication, and this application program may become
Other any one types.
In one embodiment of the invention, Cloud Server 101 can detect the questionable conduct data of application program
After renewal, generate the examination & verification after corresponding renewal and describe file, and obtain the user list using application program, and actively to
User list corresponding mobile terminal active push examination & verification description file.
The examination & verification certification of application program according to embodiments of the present invention and management system are so that mobile terminal can be to having not
Application program with behavior characteristicss and different credibility adopts different targetedly process strategies, can not only bring more
Good actual time safety protection effect is additionally it is possible to bring more preferable Consumer's Experience.Meanwhile, the also compatible existing application peace of party's system
Dress bag form, can be on the basis of not changing present application program or its installation kit form, and seamless examines application program
Core authentication application, in existing application specification, does not affect the life cycle management mechanism of application program.
With reference to Fig. 2 description Cloud Server 101 that embodiment proposes according to a second aspect of the present invention.
As shown in Fig. 2 Cloud Server 101 includes acquisition module 201, auditing module 202, authentication module 203 and pushes mould
Block 204.Wherein, acquisition module 201 is used for the questionable conduct data of acquisition applications program.Auditing module 202 is used for checking application
The legitimacy to confirm application program for the signature of program, and verify the essential information of the application program software to confirm application program
Compatibility, generates the legal and compatibility specification information of application program, and by being analyzed questionable conduct data with right
Application program is classified and is evaluated, and generates classification information and the evaluation information of application program, then by legal and compatibility specification
Property information, classification information and evaluation information merge, thus obtaining auditing result.Authentication module 203 certificate of utility is to examination & verification
Description file and application program describe file and are digitally signed certification and be used for identifying to generate authentication data, wherein authentication data
The source of examination & verification description file.Pushing module 204 generates examination & verification description file according to auditing result and authentication data, and is receiving
To mobile terminal 1 02 request of data when, will examination & verification description file push to mobile terminal 1 02.Application program describes file and uses
Installation kit in identification application or application program.
In one embodiment of the invention, acquisition module 201 passes through at least one in the following manner collection questionable conduct number
According to:
(1) pseudo-terminal equipment is utilized to run application program, the acquisition module 201 acquisition applications program of Cloud Server 101
Questionable conduct data in running.
In an example of the present invention, pseudo-terminal equipment can be simulator or true terminal (such as mobile phone).Mould
Intending terminal unit can be with the terminal system platform of integrated questionable conduct monitoring scheme, such that it is able to automatically adopt to application program
Collection, and carry out statistical analysiss.Also further manual analyses can be carried out to special case, finally give accurately
Questionable conduct data.Above-mentioned questionable conduct information can provide for the potential threat information of application program newly coming into the market and judge
Foundation.
(2) acquisition module 201 of Cloud Server 101 gathers user terminal (such as mobile phone) using suspicious in application program
Behavioral data.
Specifically, user terminal the questionable conduct data in application program is acquired, statistics and analysis, and in time
It is synchronized to Cloud Server 101.For the terminal system of integrated questionable conduct monitoring scheme, the mistake of mobile phone can also be used in user
Cheng Zhong, constantly gathers and analysis questionable conduct data.The judged result that user uploads is for the data statisticss of Cloud Server 101
There is very important effect.With the increase of customer group, user terminal to the collection of each class behavior of application program and judges energy
Power, will exceed the acquisition capacity of Cloud Server 101.
In one embodiment of the invention, acquisition module 201 be additionally operable to gather user initial to questionable conduct data
Classification information.And classification information is used for classification and the corresponding behavioural information of every class of records application program, wherein, application program
Can be credible behavior, the potential questionable conduct of application program, the questionable conduct of application program and the application program of application program
One or more of the type such as malicious act.
In one embodiment of the invention, Cloud Server 101 also includes detection module 205, for detecting application program
Questionable conduct data whether update, and generate after questionable conduct application program is detected update corresponding more
Examination & verification after new describes file, and detects the user list using the application program occurring to update, and pushing module 204 is to user
Examination & verification after list corresponding mobile terminal active push updates describes file.
Cloud Server 101 according to embodiments of the present invention, can not only preferably be gathered by acquisition module 201 accordingly
Data, also has very strong decision-making ability, can the data of collection be carried out auditing, certification, and is located in time according to practical situation
Reason.
As shown in figure 3, the embodiment of third aspect present invention proposes a kind of examination & verification certification and the manager of application program
Method, comprises the steps:
S301, Cloud Server core application program and in review process acquisition applications program questionable conduct data, and right
Described questionable conduct data is recorded to generate the corresponding auditing result of described application program, and is generated according to auditing result
Examination & verification description file, wherein, described examination & verification description file includes authentication data and the auditing result of described application program.
In one embodiment of the invention, Cloud Server passes through at least one in the following manner collection questionable conduct data:
(1) pseudo-terminal equipment is utilized to run application program, suspicious in Cloud Server acquisition applications program operation process
Behavioral data.In an example of the present invention, pseudo-terminal equipment can be simulator or true terminal (such as mobile phone).Mould
Intending terminal unit can be with the terminal system platform of integrated questionable conduct monitoring scheme, such that it is able to automatically adopt to application program
Collection, and carry out statistical analysiss.Also further manual analyses can be carried out to special case, finally give accurately
Questionable conduct data.Above-mentioned questionable conduct information can provide for the potential threat information of application program newly coming into the market and judge
Foundation.
(2) Cloud Server gathers user terminal and uses the questionable conduct data in application program.That is, user terminal
Be acquired, statistics and analysis, and in time data syn-chronization to Cloud Server.Use mobile terminal such as mobile phone in user
During, constantly gather and analysis questionable conduct information, user is judged to malicious act or credible questionable conduct simultaneously
Behavior, the information that these users oneself judge, for Cloud Server, is also the resource being of great value.Especially customer group is strengthened
After becoming heavy, user terminal, to the collection of each class behavior of application program and decision-making ability, will be that Cloud Server is incomparable.
S302, mobile terminal sends the data request signal of specified application to Cloud Server, and from Cloud Server
The examination & verification downloading specified application describes file.
Specifically, in an example of the present invention, as shown in figure 4, following step is included to the checking method of application program
Suddenly:
S401, the signature of checking AppName.apk, the signature of application program is verified to confirm the conjunction of application program
Method.
S402, inquires about whether this application program has record of bad behavior.
S403, the essential information of checking AppName.apk, check the software compatibility that is to say, that base to application program
This information is verified to confirm the software compatibility of application program, generates the legal and compatibility specification information of application program.
S404, File Infector Virus scan, particularly to lib storehouse.
S405, decompiling java code, (Application Programming Interface applies journey to carry out API
Sequence DLL) call inspection, for example call hiding API.
Whether S406, test safety and startup optimization are successful.
S407, software function automatic test.
S408, manually carries out software function examination & verification.
S409, content legality examines.
S410, application behavior detection, analysis and judgement, combined using Aulomatizeted Detect and manual examination and verification;Also
It is to say, questionable conduct data is analyzed to be classified to application program and to evaluate, and generate the classification letter of application program
Breath and evaluation information.
S411, record statistical analysiss and result of determination.
S412, does not such as find malicious act, generates the examination & verification scanning file of AppName.apk.That is, by legal and
Compatibility specification information, classification information and evaluation information merge to obtain auditing result, and auditing result are stored in careful
Core describes in file;Certificate of utility is digitally signed certification to generate authentication data to examination & verification description file, and authentication data
Source for mark examination & verification description file.
In one embodiment of the invention, classification information is used for classification and the corresponding row of every class of records application program
For information, wherein, application program can be following kind of one or more:Credible behavior, potential questionable conduct, questionable conduct
And malicious act.
Specifically, application program can be divided into following a few class:
Questionable conduct:What the questionable conduct of application program referred to that application program carried out be possible to but not necessarily can be to user
The hurtful behavior of interests.Because each user vital interests of concern are different, whether an application behavior is true
User benefit can be damaged in fact, also need user voluntarily to be judged according to the demand of oneself or helped by system in the case of user's license
User is helped to judge, after judging, the behavior can be changed into malicious act or credible behavior.
Malicious act:The malicious act of application program refers to the behavior of the infringement user benefit that application program is carried out.Should
Whether it is malicious act with program behavior, need actively to judge through user or judged and got by system help user.
Credible behavior:The credible behavior of application program refers to will not be to user benefit in application program questionable conduct capability set
Hurtful behavior.Whether application behavior is credible behavior, needs actively to judge or by system help through user
User judges and gets.
Potential questionable conduct:Though the potential questionable conduct of application program refer to not occur but application program has the ability to hold
The questionable conduct of row.One potential questionable conduct of application program are once proved to be performed, and the behavior will become suspicious row
For;Conversely, application program potential questionable conduct is once proved never to be performed, the behavior will be also no longer latent
In questionable conduct.The all of potential questionable conduct of one application program are not one and determine constant set, with application journey
The real ability of sequence constantly clear and definite, this collection credit union becomes more and more accurate.
Questionable conduct capability set:The questionable conduct capability set of application program refer to according to application program have to system
The access ability of resource, is inferred to the set of all questionable conduct that application program has the ability to execute.Questionable conduct capability set
It is questionable conduct and the union of potential questionable conduct.The questionable conduct capability set of application program is not one and determines constant collection
Close, with application program real ability constantly clear and definite, this set also can become more and more accurate.
Above-mentioned various types of application behavior has accurate model or rule definition.
Further, as shown in figure 5, application program examination & verification is a clear and definite application behavior feature, distinguish each row
Process for generic.Before examination & verification, there is no application behavior information.Application program is gradually have accumulated in review process
Questionable conduct and potential questionable conduct information, and through monitoring with deepening continuously, analyzing, make and reasonably judging, final
To more accurate application behavior information, as auditing result.After examination & verification, you can certification is made to application program.Can carry out
The application program of certification, its questionable conduct, potential questionable conduct, malicious act set may be all empty set, but credible behavior collection
It is not generally empty for closing.
Further, after application program audit being completed, an examination & verification description file can be generated, for storage examination & verification
As a result, and with digital signature prove the source of this auditing result.Examination & verification description file (app_verified_info.sec) bag
Information containing each class behavior of application program (includes questionable conduct, malicious act, credible behavior, potential questionable conduct information, information
Content can be No. ID of behavior model or rule) and content legality, software compatibility standardization information, and to this
The overall evaluation information (trust, audit, do not audit, distrusting) of application.Examination & verification description file content can be through
Encryption, prevent auditing result from being stolen by others.Wherein, authentication data include summary info, authentication signature certificate information with
And the signature value of authentication signature.
Examination & verification description file includes following two forms:
(1) embedded:Examination & verification description file and authentication data are embedded in application program or the installation kit of application program,
Similar to application issued person's signature of Symbian system, signature is carried out to the application program only signed through developer and recognizes
After card, generate the application program installation kit with new signature.In an example of the present invention, for Yi platform, this is again
The installation kit generating can be the file of " * .bpk " type.
(2) stand alone type:Examination & verification description file and authentication data independently store, and do not change the application journey being reviewed certification
Sequence or its installation kit.Wherein, freestanding examination & verification description file is stored in certification and describes in file, and certification describes file is
Examination & verification description file is carried out with the product of signature authentication.
In one embodiment of the invention, certification describes file can be a compressed package.Certification describes the pressure of file
Contract and include examination & verification description file and signature authentication data, and comprise application program and describe file (app_des.txt).Its
In, in application program, the data storing to identify the application program being reviewed certification in file is described.
In an example of the present invention, it is as follows that certification describes file (* .ver) form:
Certification describes file App_verified.Ver, and in compressed package, document directory structure is:
| -- .app_des.txt application program describes file
| -- app_verified_info.sec examination & verification description file
`--META-INF
| -- CERT.RSA signature file (comprises certificate information, signature value)
`--CERT.SF summary info storage file (digest value preserving All Files in compressed package is it is ensured that integrity).
Further, certification describes file and includes three below part:
Part I:Application program describes file (app_des.txt).Application program describes file and is reviewed certification
The identification information of application program.Wherein, application program describes file and comprises application package form, bag name, application version
Number, original signing messages.Wherein, original signing messages includes:Summary info, certificate information, signature value.These data can be only
One installation kit indicating an application program or application program, user is in the installation kit judging certain application program or application program
Whether it is audited object it was demonstrated that the content in examination & verification description file is exactly the examination & verification knot to that specified application program
Really.
Part II:Examination & verification description file (app_verified_info.sec).Examination & verification description file comprises application program
The information of each class behavior and content legality, software compatibility, standardization information, and the overall evaluation to this application program
Information.
Wherein, the information of each class behavior of application program includes:Questionable conduct, malicious act, credible behavior, potential suspicious row
For information, information content can be No. ID of behavior model or rule.
Evaluation information includes trust, audits, do not audit, distrusting.
Part III:Signature file.Signature file is to be signed with the qualification result of program using certificate correspondence.For
Differentiate that certification describes the integrity of file and the legitimacy in source it is ensured that the content that certification describes file cannot be tampered, certification
Person cannot be counterfeiting.
It is preferably compatible good that the authentication mode of separate storage authentication data has, will not change existing application program and
Its installation kit, does not destroy the form of existing application and installation kit, the compatibility of application program before keeping certification and after certification.
No matter being that application program itself changes, or the result of Cloud Server changing, examination & verification describes file and authentication data
Change be all separate, simultaneously can be with seamless smooth blend.
S303, carries out security control to specified application using corresponding management strategy according to examination & verification description file.
In an example of the present invention, examination & verification description file is to be generated by Baidu Yi platform Cloud Server, reaches Yi and puts down
The mode of platform user terminal has following three kinds:
(1) user when Baidu app store downloads and installs Baidu's authentication application program, system may be selected using embedding
Enter formula or freestanding examination & verification describes file.If embedded examination & verification description file, will download after Baidu's signature " *
.bpk " file;If freestanding examination & verification description file, examination & verification can be contained when downloading application with apk file download package
The certification of description file describes file.
(2) user passes through Yi platform embedded software (such as:User terminal security centre), active request knows specified application
The potential threat of program or malicious act information, the certification then triggering specified application describes download and the place of file
Reason.
(3) the questionable conduct information of Baidu's Cloud Server active push latest find and malicious act information, these information
It is pushed in Yi platform terminal system by the form that certification describes file and processed.Baidu's Cloud Server only can be directed to user
In terminal, mounted application carries out selectivity push.That is, Cloud Server detects the questionable conduct data of application program
Whether update, and after questionable conduct application program is detected update, generate the examination & verification after corresponding renewal and retouch
State file, and detect the user list using the application program occurring to update, Cloud Server is corresponding mobile whole to user list
Examination & verification after end active push updates describes file.
In one embodiment of the invention, corresponding management plan is adopted to specified application according to examination & verification description file
Slightly carry out security control, the corresponding one or more classification of specified application, Ran Hougen are obtained according to examination & verification description file
According to one or more classification, corresponding management strategy is arranged to specified application.Wherein, as shown in table 1, management strategy includes
Right access control strategy, real-time behavior monitoring strategy, behavior acquisition strategies, isolation control strategy and information feedback strategy.
The examination & verification certification of application program according to embodiments of the present invention and management method, the more than application program of certification
Source legitimacy, but also have authenticated the legitimacy of the security audit result of application program, and provable application program has
Behavioral trait and content legality, safety, standardization etc..Meanwhile, reasonably many policy management mechanisms are also adopted.Based on examination & verification
Authentication result, can implement many policy management mechanisms in terminal system, targetedly real for current application program examination & verification state
The method applying many tactical managements, with reduce terminal system operation when burden, and bring more preferable experience beneficial to user.This
Outward, compatibility is not bad, and the authentication mode (examination & verification as above-mentioned " free-standing " describes file) of separate storage authentication data does not change
Become existing application program and its installation kit, do not destroy the form of existing application and installation kit, before keeping certification and certification
The compatibility of application program afterwards.No matter being that application program itself changes, or what result of Cloud Server changes, it
Change be all separate, simultaneously can be with seamless smooth blend.Finally, the security audit result of application program contains and answers
With the behavior characteristicss of program so that having had some application program row when a lot of application program reaches client terminal system
For etc. safety-related information, be easy to terminal system and make security control effectively.And in user follow-up to application program
Use during can constantly supplement these data, both can improve the local safety control strategy of user terminal, might be used again
By these synchronizing information to Cloud Server, to improve the application information of Cloud Server, and new security audit knot can be generated
Fruit and certification describe file, and formation is a set of can be from perfect application security system.
In flow chart or here any process described otherwise above or method description are construed as, represent and include
The module of the code of executable instruction of one or more steps for realizing specific logical function or process, fragment or portion
Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable
Sequence, including according to involved function by substantially simultaneously in the way of or in the opposite order, carry out perform function, this should be by the present invention
Embodiment person of ordinary skill in the field understood.
Represent in flow charts or here logic described otherwise above and/or step, for example, it is possible to be considered as to use
In the order list of the executable instruction realizing logic function, may be embodied in any computer-readable medium, for
Instruction execution system, device or equipment (system as computer based system, including processor or other can hold from instruction
Row system, device or equipment instruction fetch the system of execute instruction) use, or with reference to these instruction execution systems, device or set
Standby and use.For the purpose of this specification, " computer-readable medium " can any can be comprised, store, communicate, propagate or pass
Defeated program is for instruction execution system, device or equipment or the dress using with reference to these instruction execution systems, device or equipment
Put.The more specifically example (non-exhaustive list) of computer-readable medium includes following:There is the electricity of one or more wirings
Connecting portion (electronic installation), portable computer diskette box (magnetic device), random access memory (RAM), read only memory
(ROM), erasable edit read-only storage (EPROM or flash memory), fiber device, and portable optic disk is read-only deposits
Reservoir (CDROM).In addition, computer-readable medium can even is that the paper that can print described program thereon or other are suitable
Medium, because edlin, interpretation or if necessary with it can then be entered for example by carrying out optical scanning to paper or other media
His suitable method is processed to electronically obtain described program, is then stored in computer storage.
It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned
In embodiment, the software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage
Or firmware is realizing.For example, if realized with hardware, and the same in another embodiment, can use well known in the art under
Any one of row technology or their combination are realizing:There is the logic gates for data signal is realized with logic function
Discrete logic, there is the special IC of suitable combinational logic gate circuit, programmable gate array (PGA), scene
Programmable gate array (FPGA) etc..
Those skilled in the art are appreciated that to realize all or part step that above-described embodiment method carries
Suddenly the program that can be by completes come the hardware to instruct correlation, and described program can be stored in a kind of computer-readable storage medium
In matter, this program upon execution, including one or a combination set of the step of embodiment of the method.
Additionally, can be integrated in a processing module in each functional unit in each embodiment of the present invention it is also possible to
It is that unit is individually physically present it is also possible to two or more units are integrated in a module.Above-mentioned integrated mould
Block both can be to be realized in the form of hardware, it would however also be possible to employ the form of software function module is realized.Described integrated module is such as
Fruit using in the form of software function module realize and as independent production marketing or use when it is also possible to be stored in a computer
In read/write memory medium.
Storage medium mentioned above can be read only memory, disk or CD etc..
In the description of this specification, reference term " embodiment ", " some embodiments ", " example ", " specifically show
The description of example " or " some examples " etc. means specific features, structure, material or the spy describing with reference to this embodiment or example
Point is contained at least one embodiment or the example of the present invention.In this manual, to the schematic representation of above-mentioned term not
Necessarily refer to identical embodiment or example.And, the specific features of description, structure, material or feature can be any
One or more embodiments or example in combine in an appropriate manner.
Although an embodiment of the present invention has been shown and described, for the ordinary skill in the art, permissible
Understand and can carry out multiple changes, modification, replacement to these embodiments without departing from the principles and spirit of the present invention
And modification, the scope of the present invention by claims and its equivalent limits.
Claims (23)
1. a kind of examination & verification certification of application program and management system are it is characterised in that include:
Cloud Server, for auditing application program and gathering the questionable conduct data of described application program in review process, right
Described questionable conduct data is recorded to obtain the corresponding auditing result of described application program, and according to described auditing result
Generate examination & verification description file, wherein, described examination & verification description file includes authentication data and the auditing result of described application program, institute
State Cloud Server the signature of described application program and essential information are verified with generate the legal of described application program and and
Content regulation plasticity information, and according to described questionable conduct data, described application program is classified and evaluated to generate described application
The classification information of program and evaluation information, and according to by described legal and compatibility specification information, described classification information and institute
State evaluation information to merge to obtain described auditing result;And
Mobile terminal, the described examination & verification for downloading specified application from described Cloud Server describes file, and according to described
Examination & verification description file carries out security control to described specified application using corresponding management strategy.
2. examination & verification certification as claimed in claim 1 and management system are it is characterised in that described Cloud Server passes through at least one
In the following manner gathers described questionable conduct data:
(1) pseudo-terminal equipment is utilized to run described application program, described Cloud Server gathers described application program running
In questionable conduct data;
(2) described Cloud Server gathers user terminal and uses the questionable conduct data in described application program.
3. examination & verification certification as claimed in claim 2 and management system are it is characterised in that described Cloud Server is additionally operable to described in collection
The initial classification information to described questionable conduct data for the user.
4. examination & verification certification as claimed in claim 1 and management system it is characterised in that described classification information be used for recording described
The classification of application program and the corresponding behavioural information of every class, wherein, described application program is following kind of one or more:
Credible behavior, potential questionable conduct, questionable conduct and malicious act.
5. examination & verification certification as claimed in claim 1 and management system are it is characterised in that described evaluation information includes:Trust,
Audit, do not audit and distrust.
6. examination & verification certification as claimed in claim 1 and management system are it is characterised in that described Cloud Server certificate of utility is to institute
State examination & verification description file and be digitally signed certification to generate authentication data, wherein, described authentication data is used for identifying described examining
Core describes file and application program describes the source of file, described application program describe file be used for identifying described application program or
The installation kit of described application program.
7. examination & verification certification as claimed in claim 6 and management system are it is characterised in that described authentication data includes summary letter
The signature value of breath, the certificate information of authentication signature and authentication signature.
8. as claimed in claim 7 examination & verification certification and management system it is characterised in that described examination & verification describe file include following
Two kinds of forms:
(1) described examination & verification description file and described authentication data are embedded in the program bag of described application program or described application journey
In the installation kit of sequence;
(2) described examination & verification description file and described authentication data independently store, and wherein, described examination & verification description file is stored in
Certification describes in file.
9. examination & verification certification as claimed in claim 1 and management system are it is characterised in that described mobile terminal is according to described examination & verification
Description file obtains the corresponding one or more classification of described specified application, and according to one or more of classification setting
Management strategy to described specified application.
10. examination & verification certification as claimed in claim 9 and management system are it is characterised in that described management strategy includes:Authority is visited
Ask control strategy, real-time behavior monitoring strategy, behavior acquisition strategies, isolation control strategy and information feedback strategy.
11. examination & verification certifications as any one of claim 1-10 and management system are it is characterised in that described Cloud Server
After the questionable conduct data described application program is detected updates, generate the examination & verification after corresponding renewal and describe file, and
Obtain the user list using described application program, and audit to described in described user list corresponding mobile terminal active push
Description file.
A kind of 12. Cloud Servers are it is characterised in that include:
Acquisition module, for the questionable conduct data of acquisition applications program;
Auditing module, for verifying the legitimacy signed to confirm described application program of described application program, and verifies described
The essential information of application program, to confirm the software compatibility of described application program, generates the legal and compatible of described application program
Standardization information, and described questionable conduct data is analyzed to be classified to described application program and to evaluate, and raw
Become classification information and the evaluation information of described application program, by described legal and compatibility specification information, described classification information and
Described evaluation information merges to obtain described auditing result, and generates examination & verification description file according to described auditing result;
Authentication module, is digitally signed certification to generate authentication data for certificate of utility to described examination & verification description file, its
In, described authentication data is used for identifying described examination & verification description file and application program describes the source of file, described application program
Description file is used for identifying described application program or the installation kit of described application program;
Pushing module, for generating described examination & verification description file according to described auditing result and described authentication data, and is receiving
To mobile terminal request of data when, by described examination & verification description file push to described mobile terminal.
13. Cloud Servers as claimed in claim 12 are it is characterised in that described acquisition module passes through at least one in the following manner
Gather described questionable conduct data:
(1) pseudo-terminal equipment is utilized to run described application program, described Cloud Server gathers described application program running
In questionable conduct data;
(2) described Cloud Server gathers user terminal and uses the questionable conduct data in described application program.
14. Cloud Servers as claimed in claim 13 are it is characterised in that described acquisition module is additionally operable to gather described user couple
The initial classification information of described questionable conduct data.
15. Cloud Servers as claimed in claim 12 are it is characterised in that described classification information is used for recording described application program
Classification and the corresponding behavioural information of every class, wherein, described application program be following kind of one or more:Credible row
For, potential questionable conduct, questionable conduct and malicious act.
16. Cloud Servers as claimed in claim 12 it is characterised in that also including detection module, for detecting described application
Whether the questionable conduct data of program updates, and generates after the questionable conduct described application program is detected update
Examination & verification after corresponding renewal describes file, and detects the user list using the application program occurring to update, described push mould
The examination & verification to after update described in described user list corresponding mobile terminal active push for the block describes file.
A kind of examination & verification certification of 17. application programs and management method are it is characterised in that comprise the steps:
Cloud Server is audited application program and is gathered the questionable conduct data of described application program in review process, and to described
Questionable conduct data is recorded to generate the corresponding auditing result of described application program, and is generated according to described auditing result
Examination & verification description file, wherein, described examination & verification description file includes authentication data and the auditing result of described application program, wherein,
Described questionable conduct data is audited, comprises the steps:
The signature of described application program is verified to confirm the legitimacy of described application program, and to described application program
Essential information verified to confirm the software compatibility of described application program, generate the legal and compatible of described application program
Standardization information;
Described questionable conduct data is analyzed to be classified to described application program and to evaluate, and generates described application journey
The classification information of sequence and evaluation information;
Described legal and compatibility specification information, described classification information and described evaluation information are merged to obtain described examining
Core result, and described auditing result is stored in described examination & verification description file;
Certificate of utility is digitally signed certification to generate authentication data to described examination & verification description file, wherein, described certification number
According to the source for identifying described examination & verification description file;
Mobile terminal sends the data request signal of specified application to described Cloud Server, and from described Cloud Server
The examination & verification carrying described specified application describes file, and according to described examination & verification description file, described specified application is adopted
Corresponding management strategy carries out security control.
18. examination & verification certifications as claimed in claim 17 and management method are it is characterised in that described Cloud Server passes through at least one
Plant in the following manner and gather described questionable conduct data:
(1) pseudo-terminal equipment is utilized to run described application program, described Cloud Server gathers described application program running
In questionable conduct data;
(2) described Cloud Server gathers user terminal and uses the questionable conduct data in described application program.
19. examination & verification certifications as claimed in claim 17 and management method are it is characterised in that described classification information is used for recording institute
State classification and the corresponding behavioural information of every class of application program, wherein, described application program is following kind of a kind of or many
Kind:Credible behavior, potential questionable conduct, questionable conduct and malicious act.
20. examination & verification certifications as claimed in claim 17 and management method are it is characterised in that described authentication data includes summary letter
The signature value of breath, the certificate information of authentication signature and authentication signature.
21. examination & verification certifications as claimed in claim 17 and management method are it is characterised in that described describe file pair according to examination & verification
Described specified application carries out security control using corresponding management strategy, comprises the steps:
The corresponding one or more classification of described specified application are obtained according to described examination & verification description file;
According to one or more of classification, corresponding management strategy is arranged to described specified application.
22. examination & verification certifications as claimed in claim 21 and management method are it is characterised in that described management strategy includes:Authority
Access control policy, real-time behavior monitoring strategy, behavior acquisition strategies, isolation control strategy and information feedback strategy.
23. examination & verification certifications as any one of claim 17-22 and management method are it is characterised in that also include as follows
Step:
Described Cloud Server detects whether the questionable conduct data of described application program updates;
After the questionable conduct described application program is detected update, generate the examination & verification after corresponding renewal and describe file,
And detect the user list using the application program occurring to update;
The examination & verification to after update described in described user list corresponding mobile terminal active push for the described Cloud Server describes file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210084896.7A CN103368987B (en) | 2012-03-27 | 2012-03-27 | Cloud server, application program verification, certification and management system and application program verification, certification and management method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210084896.7A CN103368987B (en) | 2012-03-27 | 2012-03-27 | Cloud server, application program verification, certification and management system and application program verification, certification and management method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103368987A CN103368987A (en) | 2013-10-23 |
CN103368987B true CN103368987B (en) | 2017-02-08 |
Family
ID=49369523
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210084896.7A Active CN103368987B (en) | 2012-03-27 | 2012-03-27 | Cloud server, application program verification, certification and management system and application program verification, certification and management method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103368987B (en) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104753893A (en) * | 2013-12-31 | 2015-07-01 | 北龙中网(北京)科技有限责任公司 | Reliable verifying method and device for mobile application |
CN105447377B (en) * | 2014-08-22 | 2018-07-27 | 中国移动通信集团公司 | A kind of method and device of dynamic adjustment terminal enterprise domain application program |
CN104462295A (en) * | 2014-11-28 | 2015-03-25 | 步步高教育电子有限公司 | Method and device for adding labels to education applications |
CN104955043B (en) * | 2015-06-01 | 2018-02-16 | 成都中科创达软件有限公司 | A kind of intelligent terminal security protection system |
CN105049447A (en) * | 2015-08-21 | 2015-11-11 | 北京洋浦伟业科技发展有限公司 | Security policy configuration system based on big data analysis |
CN106815518B (en) * | 2015-11-30 | 2020-08-25 | 华为技术有限公司 | Application installation method and electronic equipment |
CN105912926A (en) | 2016-04-28 | 2016-08-31 | 北京小米移动软件有限公司 | Legal installation package acquisition method, device and system |
CN106775886A (en) * | 2016-12-26 | 2017-05-31 | 努比亚技术有限公司 | A kind of application management method and electronic equipment |
CN108280346B (en) * | 2017-01-05 | 2022-05-31 | 腾讯科技(深圳)有限公司 | Application protection monitoring method, device and system |
CN107147646B (en) * | 2017-05-11 | 2019-09-13 | 郑州信大捷安信息技术股份有限公司 | A kind of automobile function interface security authorization access system and security certificate access method |
CN107566177A (en) * | 2017-09-06 | 2018-01-09 | 合肥庆响网络科技有限公司 | Network acceleration system |
CN111046376B (en) * | 2018-10-11 | 2022-05-17 | 中国人民解放军战略支援部队航天工程大学 | Distribution auditing method and device based on installation package |
CN109918055B (en) * | 2019-01-28 | 2023-10-31 | 平安科技(深圳)有限公司 | Application program generation method and device |
CN110046494B (en) * | 2019-04-24 | 2019-11-19 | 天聚地合(苏州)数据股份有限公司 | Big data processing method and system based on terminal |
CN110084064B (en) * | 2019-04-24 | 2020-05-19 | 德萱(天津)科技发展有限公司 | Big data analysis processing method and system based on terminal |
CN110071924B (en) * | 2019-04-24 | 2020-07-31 | 武汉武房网信息服务有限公司 | Big data analysis method and system based on terminal |
CN110727945B (en) * | 2019-09-20 | 2021-10-22 | 上海连尚网络科技有限公司 | Virus scanning method, device and computer readable medium |
CN111597947A (en) * | 2020-05-11 | 2020-08-28 | 浙江大学 | Application program inference method for correcting noise based on power supply power factor |
CN113920615B (en) | 2020-06-24 | 2023-02-03 | 广州汽车集团股份有限公司 | Method for connecting Bluetooth key with vehicle, vehicle Bluetooth system and Bluetooth key |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1618198A (en) * | 2003-05-17 | 2005-05-18 | 微软公司 | Mechanism for evaluating safety and risk |
CN102160048A (en) * | 2008-09-22 | 2011-08-17 | 微软公司 | Collecting and analyzing malware data |
US8056136B1 (en) * | 2010-11-01 | 2011-11-08 | Kaspersky Lab Zao | System and method for detection of malware and management of malware-related information |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9137664B2 (en) * | 2007-05-01 | 2015-09-15 | Qualcomm Incorporated | Application logging interface for a mobile device |
-
2012
- 2012-03-27 CN CN201210084896.7A patent/CN103368987B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1618198A (en) * | 2003-05-17 | 2005-05-18 | 微软公司 | Mechanism for evaluating safety and risk |
CN102160048A (en) * | 2008-09-22 | 2011-08-17 | 微软公司 | Collecting and analyzing malware data |
US8056136B1 (en) * | 2010-11-01 | 2011-11-08 | Kaspersky Lab Zao | System and method for detection of malware and management of malware-related information |
CN102332072A (en) * | 2010-11-01 | 2012-01-25 | 卡巴斯基实验室封闭式股份公司 | The system and method that is used for detection of malicious software and management Malware relevant information |
Also Published As
Publication number | Publication date |
---|---|
CN103368987A (en) | 2013-10-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103368987B (en) | Cloud server, application program verification, certification and management system and application program verification, certification and management method | |
US7788730B2 (en) | Secure bytecode instrumentation facility | |
CN104077531B (en) | System vulnerability appraisal procedure, device and system based on open vulnerability assessment language | |
Jiang et al. | Pdiff: Semantic-based patch presence testing for downstream kernels | |
CN105354493B (en) | Trusted end-user Enhancement Method and system based on virtualization technology | |
KR101558715B1 (en) | System and Method for Server-Coupled Malware Prevention | |
CN103581187B (en) | Method and system for controlling access rights | |
CN106055341A (en) | Application installation package checking method and device | |
CN106355081A (en) | Android program start verification method and device | |
US20080072328A1 (en) | Security vulnerability determination in a computer system | |
CN104137114A (en) | Centralized operation management | |
CN102340398A (en) | Security policy setting and determining method, and method and device for executing operation by application program | |
CN105099705B (en) | A kind of safety communicating method and its system based on usb protocol | |
CN104104650B (en) | data file access method and terminal device | |
CN108809990A (en) | A kind of crowdsourcing data safety encryption method, server and storage medium | |
CN104683299A (en) | Control method for software registration, authentication server and terminal | |
CN116881979A (en) | Method, device and equipment for detecting data safety compliance | |
CN110807187B (en) | Block chain-based network market illegal information evidence storing method and platform terminal | |
CN113542191A (en) | Block chain based data access and verification method and device | |
CN106407836B (en) | A kind of method and device that the behavior of data illegal modifications detects automatically | |
KR101480040B1 (en) | Method, system and computer readable recording medium for web-page monitoring | |
CN108810002A (en) | The more CA application systems and method of safety chip | |
CN107992743A (en) | A kind of identity authentication method based on sandbox, device, equipment and storage medium | |
CN110472423A (en) | A kind of nuclear power station file permission management method, device and equipment | |
CN109710692A (en) | User information processing method and device in block chain network and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |