[go: up one dir, main page]

CN108549809A - A kind of program process control method and system based on digital certificate - Google Patents

A kind of program process control method and system based on digital certificate Download PDF

Info

Publication number
CN108549809A
CN108549809A CN201810280318.8A CN201810280318A CN108549809A CN 108549809 A CN108549809 A CN 108549809A CN 201810280318 A CN201810280318 A CN 201810280318A CN 108549809 A CN108549809 A CN 108549809A
Authority
CN
China
Prior art keywords
digital certificate
application
application program
database
program
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810280318.8A
Other languages
Chinese (zh)
Inventor
路廷文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhengzhou Yunhai Information Technology Co Ltd
Original Assignee
Zhengzhou Yunhai Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhengzhou Yunhai Information Technology Co Ltd filed Critical Zhengzhou Yunhai Information Technology Co Ltd
Priority to CN201810280318.8A priority Critical patent/CN108549809A/en
Publication of CN108549809A publication Critical patent/CN108549809A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明提供一种基于数字证书的应用程序进程控制方法与系统,所述方法包括以下步骤:S101、将操作系统的关键项和经过确认的未签名或者签名解析不出的应用程序特征值放入数据库中;S102、进行数字证书解析,如果解析成功则判定为正规程序,否则进入下一步;S103、将解析不出签名的应用程序特征值与数据库中的特征值进行匹配,匹配成功则允许加载,否则需要通过用户进行确认。本发明解决了现有技术中对于应用程序启动需要依靠计算哈希值造成的识别缓慢的问题,实现快速高效的对应用程序进行识别预警,极大程度上提高了操作系统的安全性和可靠性。

The present invention provides a digital certificate-based application program process control method and system. The method includes the following steps: S101. Put key items of the operating system and confirmed unsigned or unsigned application feature values that cannot be parsed into In the database; S102, analyze the digital certificate, if the analysis is successful, it is determined to be a regular program, otherwise go to the next step; S103, match the characteristic value of the application program that cannot be resolved with the characteristic value in the database, and if the matching is successful, it is allowed to load , otherwise requires confirmation from the user. The present invention solves the problem of slow recognition caused by calculating the hash value for application startup in the prior art, realizes fast and efficient identification and early warning of application programs, and greatly improves the security and reliability of the operating system .

Description

一种基于数字证书的应用程序进程控制方法与系统Application process control method and system based on digital certificate

技术领域technical field

本发明涉及互联网通信技术领域,特别是一种基于数字证书的应用程序进程控制方法与系统。The invention relates to the technical field of Internet communication, in particular to a digital certificate-based application program process control method and system.

背景技术Background technique

操作系统启动过程中会启动许多系统本身的进程和服务,同时还会启动很多应用程序,包括系统自带程序以及后期客户所安装的程序。为保证操作系统的安全性,操作系统在运行过程中应该提前识别哪些程序具有恶意,哪些程序需要阻止。目前,大部分是通过提取程序特征进行存储,无法快速高效的起到识别的作用,程序控制不严密的情况时有发生,如果这些程序或者应用程序中有恶意的程序,并且顺利启动,容易感染病毒或者遭受攻击,将会对操作系统造成破坏,这是十分危险的,特别是在很多涉密行业。During the startup process of the operating system, many processes and services of the system itself will be started, and many application programs will also be started at the same time, including the system's own programs and the programs installed by customers later. In order to ensure the security of the operating system, the operating system should identify in advance which programs are malicious and which programs need to be blocked during operation. At present, most of them are stored by extracting program features, which cannot quickly and efficiently play the role of identification, and the situation of program control is not strict. If there are malicious programs in these programs or applications, and they start smoothly, they are easy to be infected. Viruses or attacks will cause damage to the operating system, which is very dangerous, especially in many confidential industries.

数字证书是一个经证书授权中心数字签名的包含公开密钥拥有者信息以及公开密钥的文件,最简单的证书包含一个公开密钥、名称以及证书授权中心的数字签名,数字证书还有一个重要的特征就是只在特定的时间段内有效。当使用数字证书进行身份认证时,将随机生成128位的身份码,每份数字证书都能生成相应但每次都不可能相同的数码,从而保证数据传输的保密性,即相当于生成一个复杂的密码。A digital certificate is a file that contains public key owner information and a public key digitally signed by a certificate authority. The simplest certificate contains a public key, name, and digital signature of a certificate authority. A digital certificate also has an important Its characteristic is that it is only valid for a certain period of time. When a digital certificate is used for identity authentication, a 128-bit identity code will be randomly generated, and each digital certificate can generate a corresponding but different number every time, so as to ensure the confidentiality of data transmission, which is equivalent to generating a complex password.

如何将数字证书技术应用于系统启动,利用数字证书强大的安全特性保证操作系统开机启动时不会加载带有病毒或者不安全的应用程序,是本领域技术人员应该考虑的问题。How to apply digital certificate technology to system startup and use the powerful security features of digital certificates to ensure that no virus or unsafe application programs are loaded when the operating system starts is a problem that those skilled in the art should consider.

发明内容Contents of the invention

本发明的目的是提供一种基于数字证书的应用程序进程控制方法与系统,旨在解决当前对于应用程序启动需要依靠计算哈希值造成的识别缓慢的问题,实现快速高效的对应用程序进行识别预警,提高操作系统的安全性和可靠性。The purpose of the present invention is to provide a digital certificate-based application process control method and system, aiming to solve the current problem of slow identification caused by the need to calculate hash values for application startup, and to realize fast and efficient identification of application programs Early warning to improve the security and reliability of the operating system.

为达到上述技术目的,本发明提供了一种基于数字证书的应用程序进程控制方法,包括以下步骤:In order to achieve the above technical purpose, the present invention provides a digital certificate-based application process control method, comprising the following steps:

S101、将操作系统的关键项和经过确认的未签名或者签名解析不出的应用程序特征值放入数据库中;S101. Put key items of the operating system and confirmed unsigned or unsigned application feature values into the database;

S102、进行数字证书解析,如果解析成功则判定为正规程序,否则进入下一步;S102. Analyze the digital certificate. If the analysis is successful, it is determined to be a formal procedure, otherwise enter the next step;

S103、将解析不出签名的应用程序特征值与数据库中的特征值进行匹配,匹配成功则允许加载,否则需要通过用户进行确认。S103. Match the characteristic value of the application program whose signature cannot be parsed with the characteristic value in the database. If the matching is successful, the loading is allowed; otherwise, it needs to be confirmed by the user.

优选地,所述操作系统的关键项为操作系统安全程序的进程信息。Preferably, the key item of the operating system is the process information of the security program of the operating system.

优选地,所述应用程序特征值为应用程序进程信息。Preferably, the application feature value is application process information.

优选地,所述步骤S102具体为:Preferably, the step S102 is specifically:

S201、利用数字证书的公钥计算数字证书的签名值,验证其是否与该数字证书的签名值相同,如果相同,则验证成功;否则验证失败并进入步骤S203;S201. Use the public key of the digital certificate to calculate the signature value of the digital certificate, and verify whether it is the same as the signature value of the digital certificate. If they are the same, the verification is successful; otherwise, the verification fails and enter step S203;

S202、验证接收到的数字证书是否标记为已吊销,是则验证通过,否则验证失败;S202. Verify whether the received digital certificate is marked as revoked, if yes, the verification is passed, otherwise the verification fails;

S203、如果验证成功后则判定为正规程序,否则标记为待处理应用程序。S203. If the verification is successful, it is determined as a regular program, otherwise it is marked as an application program to be processed.

优选地,所述步骤S103具体操作为:Preferably, the specific operation of step S103 is:

S301、加载应用程序进程;S301. Load an application program process;

S302、将加载的应用程序进程信息与数据库中存放的可执行应用程序进程记录进行比对;S302. Compare the loaded application process information with the executable application process records stored in the database;

S303、如果数据库中存在相同的应用程序进程信息,则对应用程序进行放行;否则对应用程序进行冻结,交由用户确认。S303. If the same application program process information exists in the database, release the application program; otherwise, freeze the application program and submit it to the user for confirmation.

本发明还提供了一种基于数字证书的应用程序进程控制系统,包括:The present invention also provides a digital certificate-based application program process control system, including:

特征值数据库搭建模块,用于将操作系统的关键项和经过确认的未签名或者签名解析不出的应用程序特征值放入数据库中;The feature value database building module is used to put the key items of the operating system and the confirmed unsigned or unsigned application feature values into the database;

数字证书解析模块,用于进行数字证书解析;Digital certificate parsing module, used for digital certificate parsing;

特征值匹配模块,用于将解析不出签名的应用程序特征值与数据库中的特征值进行匹配,匹配成功则允许加载,否则需要通过用户进行确认。The characteristic value matching module is used to match the characteristic value of the application that cannot resolve the signature with the characteristic value in the database. If the matching is successful, it is allowed to load, otherwise it needs to be confirmed by the user.

优选地,所述操作系统的关键项为操作系统安全程序的进程信息。Preferably, the key item of the operating system is the process information of the security program of the operating system.

优选地,所述应用程序特征值为应用程序进程信息。Preferably, the application feature value is application process information.

优选地,所述数字证书解析模块具体包括:Preferably, the digital certificate parsing module specifically includes:

签名值验证单元,用于利用数字证书的公钥计算数字证书的签名值,验证其是否与该数字证书的签名值相同;The signature value verification unit is used to calculate the signature value of the digital certificate by using the public key of the digital certificate, and verify whether it is the same as the signature value of the digital certificate;

吊销状态验证单元,用于验证接收到的数字证书是否标记为已吊销;The revocation status verification unit is used to verify whether the received digital certificate is marked as revoked;

数字证书判定单元,用于如果验证成功后则判定为正规程序,否则标记为待处理应用程序。The digital certificate judging unit is configured to judge that the program is a regular program if the verification is successful, otherwise it is marked as an application program to be processed.

优选地,所述特征值匹配模块具体包括:Preferably, the feature value matching module specifically includes:

进程加载单元,用于加载应用程序进程;The process loading unit is used to load the application program process;

进程比对单元,用于将加载的应用程序进程信息与数据库中存放的可执行应用程序进程记录进行比对;A process comparison unit, configured to compare the loaded application process information with the executable application process records stored in the database;

进程判定单元,用于如果数据库中存在相同的应用程序进程信息,则对应用程序进行放行;否则对应用程序进行冻结,交由用户确认。The process judging unit is used to release the application program if the same application program process information exists in the database; otherwise, freeze the application program and submit it to the user for confirmation.

发明内容中提供的效果仅仅是实施例的效果,而不是发明所有的全部效果,上述技术方案中的一个技术方案具有如下优点或有益效果:The effects provided in the summary of the invention are only the effects of the embodiments, rather than all the effects of the invention. One of the above technical solutions has the following advantages or beneficial effects:

与现有技术相比,本发明通过设置应用程序特征值数据库,在数据库中存放操作系统的关键项和经过确认的未签名或者签名解析不出的应用程序特征值,在系统启动应用程序时,可根据当前启动应用程序的特征值与数据库记录进行比对,以此完成数据库对应用程序的自动筛查鉴别,对于数据库中未能鉴别的应用程序交由用户确认是否放行,从而保证了系统启动时加载应用程序的安全性,解决了现有技术中对于应用程序启动需要依靠计算哈希值造成的识别缓慢的问题,实现快速高效的对应用程序进行识别预警,极大程度上提高了操作系统的安全性和可靠性。Compared with the prior art, the present invention stores key items of the operating system and confirmed unsigned or unsigned application feature values in the database by setting the application feature value database. When the system starts the application program, The feature value of the currently started application can be compared with the database records to complete the automatic screening and identification of the application by the database. For the unidentified application in the database, the user will confirm whether to release it, thus ensuring the system startup. The security of loading applications at any time solves the problem of slow recognition caused by the need to calculate hash values for application startup in the prior art, realizes fast and efficient identification and early warning of applications, and greatly improves the operating system safety and reliability.

附图说明Description of drawings

图1为本发明实施例中所提供的一种基于数字证书的应用程序进程控制方法流程图;FIG. 1 is a flowchart of a digital certificate-based application process control method provided in an embodiment of the present invention;

图2为本发明实施例中所提供的一种数字证书解析方法流程图;Fig. 2 is a flow chart of a digital certificate parsing method provided in an embodiment of the present invention;

图3为本发明实施例中所提供的一种应用程序特征值比对方法流程图;FIG. 3 is a flow chart of a method for comparing feature values of application programs provided in an embodiment of the present invention;

图4为本发明实施例中所提供的一种基于数字证书的应用程序进程控制系统框架图。Fig. 4 is a frame diagram of a digital certificate-based application program process control system provided in an embodiment of the present invention.

具体实施方式Detailed ways

为了能清楚说明本方案的技术特点,下面通过具体实施方式,并结合其附图,对本发明进行详细阐述。下文的公开提供了许多不同的实施例或例子用来实现本发明的不同结构。为了简化本发明的公开,下文中对特定例子的部件和设置进行描述。此外,本发明可以在不同例子中重复参考数字和/或字母。这种重复是为了简化和清楚的目的,其本身不指示所讨论各种实施例和/或设置之间的关系。应当注意,在附图中所图示的部件不一定按比例绘制。本发明省略了对公知组件和处理技术及工艺的描述以避免不必要地限制本发明。In order to clearly illustrate the technical features of the present solution, the present invention will be described in detail below through specific implementation methods and in conjunction with the accompanying drawings. The following disclosure provides many different embodiments or examples for implementing different structures of the present invention. To simplify the disclosure of the present invention, components and arrangements of specific examples are described below. Furthermore, the present invention may repeat reference numerals and/or letters in different instances. This repetition is for the purpose of simplicity and clarity and does not in itself indicate a relationship between the various embodiments and/or arrangements discussed. It should be noted that components illustrated in the figures are not necessarily drawn to scale. Descriptions of well-known components and processing techniques and processes are omitted herein to avoid unnecessarily limiting the present invention.

下面结合附图对本发明实施例所提供的一种基于数字证书的应用程序进程控制方法与系统进行详细说明。A digital certificate-based application process control method and system provided by the embodiments of the present invention will be described in detail below with reference to the accompanying drawings.

如图1所示,本发明实施例公开了一种基于数字证书的应用程序进程控制方法,包括以下步骤:As shown in Figure 1, the embodiment of the present invention discloses a digital certificate-based application process control method, including the following steps:

S101、将操作系统的关键项和经过确认的未签名或者签名解析不出的应用程序特征值放入数据库中;S101. Put key items of the operating system and confirmed unsigned or unsigned application feature values into the database;

S102、进行数字证书解析,如果解析成功则判定为正规程序,否则进入下一步;S102. Analyze the digital certificate. If the analysis is successful, it is determined to be a formal procedure, otherwise enter the next step;

S103、将解析不出签名的应用程序特征值与数据库中的特征值进行匹配,匹配成功则允许加载,否则需要通过用户进行确认。S103. Match the characteristic value of the application program whose signature cannot be parsed with the characteristic value in the database. If the matching is successful, the loading is allowed; otherwise, it needs to be confirmed by the user.

Windows操作系统启动的时候首先启动自身需要的应用程序,要求识别过程高效,不影响程序的启动效率。因此将操作系统的关键项和常见的经过用户确认过的未签名或者签名解析不出的应用程序特征值,即应用程序进程信息放入数据库中,以供启动操作系统时对应用程序进行匹配以及判断,即当用户不清楚启动的应用程序是做何操作,以及会不会对操作系统造成损害,通过设置数据库并在数据库中进行匹配鉴别,根据分析结果,配置成通过或拒绝该访问程序。When the Windows operating system is started, the application programs required by itself are first started, and the identification process is required to be efficient without affecting the efficiency of program start-up. Therefore, the key items of the operating system and the common unsigned or unsigned application feature values that have been confirmed by the user, that is, the application process information, are put into the database for matching the application when the operating system is started and Judgment, that is, when the user does not know what the application program does and whether it will cause damage to the operating system, set up the database and perform matching identification in the database, and configure it to pass or deny the access program according to the analysis results.

在操作系统底层对应用程序进行数据采集与存储,采集的程序是未进行数字签名或者签名解析失败的程序。优选地,采集所有的操作系统中未进行数字签名或者签名解析失败的程序,从而可以更好的兼容所有操作系统。通过该操作,可以对操作系统安全性进行加固。Data collection and storage are performed on the application program at the bottom layer of the operating system. The collected program is a program that has not been digitally signed or failed to resolve the signature. Preferably, programs in all operating systems that have not been digitally signed or that fail to resolve signatures are collected, so as to be better compatible with all operating systems. This operation can strengthen the security of the operating system.

在数据库建立后,其中存放的是所有可执行的应用程序进程信息,即应用程序白名单,对于数据库的完善,需要每隔一段时间进行循环重新扫描,并根据数据库实时诊断操作,加入新的应用程序进程信息,从而数据库趋于更高的全面性。After the database is established, all executable application process information is stored in it, that is, the application whitelist. For the improvement of the database, it is necessary to perform cyclic rescanning at regular intervals, and add new applications according to the real-time diagnosis operation of the database. Program process information, so the database tends to be more comprehensive.

当操作系统启动时,对应用程序进行数字证书解析,如果解析成功则判定正规程序,并对该应用程序进行放行,运行该应用程序;否则,需要进一步处理,其具体操作如图2所示:When the operating system is started, the digital certificate is analyzed for the application program. If the analysis is successful, it is determined that it is a regular program, and the application program is released to run the application program; otherwise, further processing is required. The specific operation is shown in Figure 2:

S201、利用数字证书的公钥计算数字证书的签名值,验证其是否与该数字证书的签名值相同,如果相同,则验证成功;否则验证失败并进入步骤S203;S201. Use the public key of the digital certificate to calculate the signature value of the digital certificate, and verify whether it is the same as the signature value of the digital certificate. If they are the same, the verification is successful; otherwise, the verification fails and enter step S203;

S202、验证接收到的数字证书是否标记为已吊销,是则验证通过,否则验证失败;S202. Verify whether the received digital certificate is marked as revoked, if yes, the verification is passed, otherwise the verification fails;

S203、如果验证成功后则判定为正规程序,否则标记为待处理应用程序。S203. If the verification is successful, it is determined as a regular program, otherwise it is marked as an application program to be processed.

对于待进一步处理的应用程序,将解析不出签名的应用程序特征值与数据库中的特征值进行匹配,具体操作如图3所示:For the application program to be further processed, match the characteristic value of the application program whose signature cannot be resolved with the characteristic value in the database. The specific operation is shown in Figure 3:

S301、加载应用程序进程;S301. Load an application program process;

S302、将加载的应用程序进程信息与数据库中存放的可执行应用程序进程记录进行比对;S302. Compare the loaded application process information with the executable application process records stored in the database;

S303、如果数据库中存在相同的应用程序进程信息,则对应用程序进行放行;否则对应用程序进行冻结,交由用户确认。S303. If the same application program process information exists in the database, release the application program; otherwise, freeze the application program and submit it to the user for confirmation.

通过设置双重验证程序,按照级别依次进行数据库和用户鉴别后再对应用程序进行放行,将所有恶意启动的读写和执行权限进行过滤,最大限度保证了系统启动的安全性。By setting up a double verification program, the database and user are authenticated in sequence according to the level, and then the application program is released, and all read, write and execution permissions of malicious startup are filtered to ensure the security of system startup to the greatest extent.

本发明实施例通过设置应用程序特征值数据库,在数据库中存放操作系统的关键项和经过确认的未签名或者签名解析不出的应用程序特征值,在系统启动应用程序时,可根据当前启动应用程序的特征值与数据库记录进行比对,以此完成数据库对应用程序的自动筛查鉴别,对于数据库中未能鉴别的应用程序交由用户确认是否放行,从而保证了系统启动时加载应用程序的安全性,解决了现有技术中对于应用程序启动需要依靠计算哈希值造成的识别缓慢的问题,实现快速高效的对应用程序进行识别预警,极大程度上提高了操作系统的安全性和可靠性。In the embodiment of the present invention, by setting the application program feature value database, the key items of the operating system and the confirmed unsigned or signature-unresolved application program feature values are stored in the database. When the system starts the application program, it can The characteristic value of the program is compared with the database records, so as to complete the automatic screening and identification of the application program by the database. For the unidentified application program in the database, the user will confirm whether to release it, thus ensuring the safety of loading the application program when the system starts. Security, which solves the problem of slow identification caused by calculating the hash value for application startup in the prior art, realizes fast and efficient identification and early warning of application programs, and greatly improves the security and reliability of the operating system sex.

如图4所示,本发明实施例还公开了一种基于数字证书的应用程序进程控制系统,包括:As shown in Figure 4, the embodiment of the present invention also discloses a digital certificate-based application process control system, including:

特征值数据库搭建模块,用于将操作系统的关键项和经过确认的未签名或者签名解析不出的应用程序特征值放入数据库中;The feature value database building module is used to put the key items of the operating system and the confirmed unsigned or unsigned application feature values into the database;

数字证书解析模块,用于进行数字证书解析;Digital certificate parsing module, used for digital certificate parsing;

特征值匹配模块,用于将解析不出签名的应用程序特征值与数据库中的特征值进行匹配,匹配成功则允许加载,否则需要通过用户进行确认。The characteristic value matching module is used to match the characteristic value of the application that cannot resolve the signature with the characteristic value in the database. If the matching is successful, it is allowed to load, otherwise it needs to be confirmed by the user.

所述操作系统的关键项为操作系统安全程序的进程信息。The key item of the operating system is the process information of the safety program of the operating system.

所述应用程序特征值为应用程序进程信息。The application feature value is application process information.

所述数字证书解析模块具体包括:The digital certificate parsing module specifically includes:

签名值验证单元,用于利用数字证书的公钥计算数字证书的签名值,验证其是否与该数字证书的签名值相同;The signature value verification unit is used to calculate the signature value of the digital certificate by using the public key of the digital certificate, and verify whether it is the same as the signature value of the digital certificate;

吊销状态验证单元,用于验证接收到的数字证书是否标记为已吊销;The revocation status verification unit is used to verify whether the received digital certificate is marked as revoked;

数字证书判定单元,用于如果验证成功后则判定为正规程序,否则标记为待处理应用程序。The digital certificate judging unit is configured to judge that the program is a regular program if the verification is successful, otherwise it is marked as an application program to be processed.

所述特征值匹配模块具体包括:The feature value matching module specifically includes:

进程加载单元,用于加载应用程序进程;The process loading unit is used to load the application program process;

进程比对单元,用于将加载的应用程序进程信息与数据库中存放的可执行应用程序进程记录进行比对;A process comparison unit, configured to compare the loaded application process information with the executable application process records stored in the database;

进程判定单元,用于如果数据库中存在相同的应用程序进程信息,则对应用程序进行放行;否则对应用程序进行冻结,交由用户确认。The process judging unit is used to release the application program if the same application program process information exists in the database; otherwise, freeze the application program and submit it to the user for confirmation.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. within range.

Claims (10)

1.一种基于数字证书的应用程序进程控制方法,其特征在于,包括以下步骤:1. A digital certificate-based application process control method, characterized in that, comprising the following steps: S101、将操作系统的关键项和经过确认的未签名或者签名解析不出的应用程序特征值放入数据库中;S101. Put key items of the operating system and confirmed unsigned or unsigned application feature values into the database; S102、进行数字证书解析,如果解析成功则判定为正规程序,否则进入下一步;S102. Analyze the digital certificate. If the analysis is successful, it is determined to be a formal procedure, otherwise enter the next step; S103、将解析不出签名的应用程序特征值与数据库中的特征值进行匹配,匹配成功则允许加载,否则需要通过用户进行确认。S103. Match the characteristic value of the application program whose signature cannot be parsed with the characteristic value in the database. If the matching is successful, the loading is allowed; otherwise, it needs to be confirmed by the user. 2.根据权利要求1所述的一种基于数字证书的应用程序进程控制方法,其特征在于,所述操作系统的关键项为操作系统安全程序的进程信息。2. A digital certificate-based application program process control method according to claim 1, wherein the key item of the operating system is process information of the operating system security program. 3.根据权利要求1所述的一种基于数字证书的应用程序进程控制方法,其特征在于,所述应用程序特征值为应用程序进程信息。3. A digital certificate-based application process control method according to claim 1, wherein the application feature value is application process information. 4.根据权利要求1-3任意一项所述的一种基于数字证书的应用程序进程控制方法,其特征在于,所述步骤S102具体为:4. A digital certificate-based application process control method according to any one of claims 1-3, wherein the step S102 is specifically: S201、利用数字证书的公钥计算数字证书的签名值,验证其是否与该数字证书的签名值相同,如果相同,则验证成功;否则验证失败并进入步骤S203;S201. Use the public key of the digital certificate to calculate the signature value of the digital certificate, and verify whether it is the same as the signature value of the digital certificate. If they are the same, the verification is successful; otherwise, the verification fails and enter step S203; S202、验证接收到的数字证书是否标记为已吊销,是则验证通过,否则验证失败;S202. Verify whether the received digital certificate is marked as revoked, if yes, the verification is passed, otherwise the verification fails; S203、如果验证成功后则判定为正规程序,否则标记为待处理应用程序。S203. If the verification succeeds, it is determined as a regular program, otherwise it is marked as an application program to be processed. 5.根据权利要求3所述的一种基于数字证书的应用程序进程控制方法,其特征在于,所述步骤S103具体操作为:5. A digital certificate-based application process control method according to claim 3, characterized in that the specific operation of the step S103 is: S301、加载应用程序进程;S301. Load an application program process; S302、将加载的应用程序进程信息与数据库中存放的可执行应用程序进程记录进行比对;S302. Compare the loaded application process information with the executable application process records stored in the database; S303、如果数据库中存在相同的应用程序进程信息,则对应用程序进行放行;否则对应用程序进行冻结,交由用户确认。S303. If the same application program process information exists in the database, release the application program; otherwise, freeze the application program and submit it to the user for confirmation. 6.一种基于数字证书的应用程序进程控制系统,其特征在于,包括:6. A digital certificate-based application program process control system, characterized in that, comprising: 特征值数据库搭建模块,用于将操作系统的关键项和经过确认的未签名或者签名解析不出的应用程序特征值放入数据库中;The feature value database building module is used to put the key items of the operating system and the confirmed unsigned or unsigned application feature values into the database; 数字证书解析模块,用于进行数字证书解析;Digital certificate parsing module, used for digital certificate parsing; 特征值匹配模块,用于将解析不出签名的应用程序特征值与数据库中的特征值进行匹配,匹配成功则允许加载,否则需要通过用户进行确认。The characteristic value matching module is used to match the characteristic value of the application that cannot resolve the signature with the characteristic value in the database. If the matching is successful, it is allowed to load, otherwise it needs to be confirmed by the user. 7.根据权利要求6所述的一种基于数字证书的应用程序进程控制系统,其特征在于,所述操作系统的关键项为操作系统安全程序的进程信息。7. A digital certificate-based application process control system according to claim 6, wherein the key item of the operating system is process information of the operating system security program. 8.根据权利要求6所述的一种基于数字证书的应用程序进程控制系统,其特征在于,所述应用程序特征值为应用程序进程信息。8. The digital certificate-based application process control system according to claim 6, wherein the application feature value is application process information. 9.根据权利要求6-8任意一项所述的一种基于数字证书的应用程序进程控制系统,其特征在于,所述数字证书解析模块具体包括:9. A digital certificate-based application process control system according to any one of claims 6-8, wherein the digital certificate parsing module specifically includes: 签名值验证单元,用于利用数字证书的公钥计算数字证书的签名值,验证其是否与该数字证书的签名值相同;The signature value verification unit is used to calculate the signature value of the digital certificate by using the public key of the digital certificate, and verify whether it is the same as the signature value of the digital certificate; 吊销状态验证单元,用于验证接收到的数字证书是否标记为已吊销;The revocation status verification unit is used to verify whether the received digital certificate is marked as revoked; 数字证书判定单元,用于如果验证成功后则判定为正规程序,否则标记为待处理应用程序。The digital certificate judging unit is configured to judge that the program is a regular program if the verification is successful, otherwise it is marked as an application program to be processed. 10.根据权利要求8所述的一种基于数字证书的应用程序进程控制系统,其特征在于,所述特征值匹配模块具体包括:10. A kind of application program process control system based on digital certificate according to claim 8, is characterized in that, described characteristic value matching module specifically comprises: 进程加载单元,用于加载应用程序进程;The process loading unit is used to load the application program process; 进程比对单元,用于将加载的应用程序进程信息与数据库中存放的可执行应用程序进程记录进行比对;A process comparison unit, configured to compare the loaded application process information with the executable application process records stored in the database; 进程判定单元,用于如果数据库中存在相同的应用程序进程信息,则对应用程序进行放行;否则对应用程序进行冻结,交由用户确认。The process judging unit is used to release the application program if the same application program process information exists in the database; otherwise, freeze the application program and submit it to the user for confirmation.
CN201810280318.8A 2018-04-02 2018-04-02 A kind of program process control method and system based on digital certificate Pending CN108549809A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810280318.8A CN108549809A (en) 2018-04-02 2018-04-02 A kind of program process control method and system based on digital certificate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810280318.8A CN108549809A (en) 2018-04-02 2018-04-02 A kind of program process control method and system based on digital certificate

Publications (1)

Publication Number Publication Date
CN108549809A true CN108549809A (en) 2018-09-18

Family

ID=63517589

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810280318.8A Pending CN108549809A (en) 2018-04-02 2018-04-02 A kind of program process control method and system based on digital certificate

Country Status (1)

Country Link
CN (1) CN108549809A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102855274A (en) * 2012-07-17 2013-01-02 北京奇虎科技有限公司 Method and device for detecting suspicious progresses
CN103065092A (en) * 2012-12-24 2013-04-24 公安部第一研究所 Method for intercepting operating of suspicious programs
CN104536981A (en) * 2014-12-05 2015-04-22 北京奇虎科技有限公司 Browser safety achieving method, browser client-side and device
CN105138901A (en) * 2015-08-03 2015-12-09 浪潮电子信息产业股份有限公司 White list-based cloud host active defense implementation method
CN105490998A (en) * 2014-12-12 2016-04-13 哈尔滨安天科技股份有限公司 Security credit assessment method and system based on digital certificate authentication
CN106330449A (en) * 2015-07-02 2017-01-11 西安西电捷通无线网络通信股份有限公司 A method for verifying the validity of a digital certificate and its authentication server
US20170357814A1 (en) * 2008-10-21 2017-12-14 Lookout, Inc. Methods and systems for blocking the installation of an application to improve the functioning of a mobile communications device

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170357814A1 (en) * 2008-10-21 2017-12-14 Lookout, Inc. Methods and systems for blocking the installation of an application to improve the functioning of a mobile communications device
CN102855274A (en) * 2012-07-17 2013-01-02 北京奇虎科技有限公司 Method and device for detecting suspicious progresses
CN103065092A (en) * 2012-12-24 2013-04-24 公安部第一研究所 Method for intercepting operating of suspicious programs
CN104536981A (en) * 2014-12-05 2015-04-22 北京奇虎科技有限公司 Browser safety achieving method, browser client-side and device
CN105490998A (en) * 2014-12-12 2016-04-13 哈尔滨安天科技股份有限公司 Security credit assessment method and system based on digital certificate authentication
CN106330449A (en) * 2015-07-02 2017-01-11 西安西电捷通无线网络通信股份有限公司 A method for verifying the validity of a digital certificate and its authentication server
CN105138901A (en) * 2015-08-03 2015-12-09 浪潮电子信息产业股份有限公司 White list-based cloud host active defense implementation method

Similar Documents

Publication Publication Date Title
CN108463982B (en) System and method for authenticating online users using a secure authorization server
CN101950336B (en) A kind of method and apparatus removing rogue program
US9058504B1 (en) Anti-malware digital-signature verification
US20170317999A1 (en) Security credential protection with cloud services
CN106936768B (en) White list network control system and method based on trusted chip
US9497188B2 (en) Offline authentication with embedded authorization attributes
CN113360868A (en) Application program login method and device, computer equipment and storage medium
WO2021036322A1 (en) Method and apparatus for preventing dynamic link library file hijacking, and computer device
US9843451B2 (en) Apparatus and method for multi-state code signing
CN104580136A (en) UEFI-based long-distance identity authentication system and method
WO2013000439A1 (en) Method, device and security policy system for executing security policy script
US12267426B2 (en) Systems and methods for implementing indirect certificate pinning
US20170201528A1 (en) Method for providing trusted service based on secure area and apparatus using the same
CN110661779A (en) Block chain network-based electronic certificate management method, system, device and medium
Kim et al. Security analysis and bypass user authentication bound to device of windows hello in the wild
CN105282166A (en) Identity authentication method and system for linux operating system
CN115643061A (en) Micro service gateway authentication method, device, equipment and medium
CN102694776A (en) Authentication system and method based on dependable computing
JP7695813B2 (en) System and method for securing input software to closed internal network
RU2571381C1 (en) System and method to replenish data base of trusted certificates used during antivirus check
CN102799824B (en) Defense method and system for virus file with digital signature information
KR101436404B1 (en) User authenticating method and apparatus
CN107392032A (en) A kind of method and system credible checking BIOS
CN112398787B (en) Mailbox login verification method and device, computer equipment and storage medium
CN108549809A (en) A kind of program process control method and system based on digital certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180918