CN110443050B - Method and system for processing counterfeit process in file transparent encryption and decryption system - Google Patents
Method and system for processing counterfeit process in file transparent encryption and decryption system Download PDFInfo
- Publication number
- CN110443050B CN110443050B CN201910681391.0A CN201910681391A CN110443050B CN 110443050 B CN110443050 B CN 110443050B CN 201910681391 A CN201910681391 A CN 201910681391A CN 110443050 B CN110443050 B CN 110443050B
- Authority
- CN
- China
- Prior art keywords
- client
- server
- attribute information
- module
- credit granting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method for processing a counterfeit process in a file transparent encryption and decryption system, which comprises the following steps: the client acquires a started process and acquires a process name of the process; the client side inquires whether the acquired process name exists in the credit granting database, if so, the client side extracts the fingerprint information of the process and inquires whether the fingerprint information exists in the credit granting database, if not, the client side sends the attribute information, the attribute information of the process and the fingerprint information to the server side and blocks the process from running, and the server side judges whether the fingerprint information of the process sent by the client side can be inquired in the credit granting database. The invention can solve the technical problems of poor usability, large maintenance workload, passive solution, incapability of detecting threats and incapability of divulging secrets and obtaining evidence in a process fingerprint-based identification mode widely used by the existing file transparent encryption and decryption system.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a method and a system for processing a counterfeit process in a file transparent encryption and decryption system.
Background
The file transparent encryption and decryption system is widely used commercially at present, and realizes that when an electronic file is opened, the electronic file is automatically decrypted to a memory and is correctly identified by an application program; when the file is stored, the file is automatically encrypted to a magnetic disk, so that the electronic file is prevented from being divulged; even if the electronic file is copied out, the electronic file is still in an encrypted state, so that the requirement of enterprises on the protection of business secrets is solved; in addition, the file transparent encryption and decryption system does not change the original file operation process and is not aware of the user.
A key technology in the file transparent encryption and decryption system is how to accurately identify processes and prevent counterfeit processes; in the transparent encryption and decryption system commonly used in the market at present, the process is generally identified by a process fingerprint (i.e. MD5 value of the process), which has strong capability of preventing counterfeit processes.
However, the identification method based on process fingerprints in the existing file transparent encryption and decryption system still has some non-negligible technical problems:
1. poor usability: if a small patch is updated by a certain trust software (for example, Microsoft WORD), the content of a file (for example, winword. exe) changes, which may cause that a process corresponding to the trust software cannot be identified as a trust process, or even misjudged as a counterfeit process, and at this time, the transparent encryption and decryption system cannot automatically intervene in time and actively, thereby affecting the user experience of the transparent encryption and decryption system.
2. The maintenance workload is large: when a new version of the credit software appears, the process fingerprints need to be collected again, and then all clients are updated, so that the workload is large, and operability is almost unavailable.
3. The problem is solved passively: the file transparent encryption and decryption system cannot automatically predict the version update of the credit software, the client actively raises the problem each time, and then passively solves the problem, so that the use experience of a user is seriously influenced.
4. Failure to detect threats: after the transparent file encryption and decryption system is used, an enterprise always considers that the enterprise is under the protection of the transparent file encryption and decryption system, but cannot know how many illegal users try to crack every day, so that the enterprise cannot predict similar potential threats.
5. And (3) secret leakage and evidence obtaining: after the electronic file is leaked, the file transparent encryption and decryption system cannot find strong evidence, and has no deterrent force on a user in a counterfeiting process.
Disclosure of Invention
Aiming at the defects or the improvement requirements in the prior art, the invention provides a method and a system for processing a forged process in a file transparent encryption and decryption system, and aims to solve the technical problems of poor usability, large maintenance workload, passive problems, incapability of detecting threats and incapability of divulging secrets and obtaining evidence in a process fingerprint-based identification mode widely used by the existing file transparent encryption and decryption system.
To achieve the above object, according to one aspect of the present invention, there is provided a method for processing a counterfeit process in a transparent file encryption and decryption system, comprising the steps of:
(1) the client acquires a started process and acquires a process name of the process;
(2) the client side inquires whether the process name acquired in the step (1) exists in a credit granting database, if so, the process is directly operated, the process is finished, otherwise, the step (3) is carried out;
(3) the client extracts the fingerprint information of the process, and inquires whether the fingerprint information exists in the credit granting database, if so, the process is directly operated, the process is finished, otherwise, the step (4) is carried out;
(4) the client sends the attribute information, the attribute information of the process and the fingerprint information to the server, and blocks the operation of the process;
(5) the server side judges whether the fingerprint information of the process sent by the client side can be inquired in the credit granting database, if so, the step (6) is carried out, otherwise, the step (8) is carried out;
(6) the server judges whether the number of times of receiving the attribute information of the process is greater than a preset threshold value N, if so, the step (7) is carried out, otherwise, the step (8) is carried out;
(7) the server adds the process into the credit granting database, and sends the attribute information of the process to all clients connected with the server, and the process is finished;
(8) the server side stores the attribute information of the client side and the attribute information of the process in a credit granting database of the server side, and sets the state of the client side in the credit granting database as a non-credit granting state;
(9) the server judges whether the process is a fake process according to the attribute information of the process, if so, the step (10) is carried out, and if not, the step (11) is carried out;
(10) the server sets the field corresponding to the process in the credit granting database as a blacklist, sends the information that the process is a fake process to all clients connected with the server in a broadcasting mode, and the process is finished;
(11) the server sets the field corresponding to the process as a white list in the trust database (if necessary, the time for pulling in the white list, namely the trust time, needs to be automatically filled), and sends the attribute information of the process to all clients connected with the process.
Preferably, the step (1) is specifically that a global injection technology based on setwindows hookex or a callback function based on kernel drive is used to capture the started process in real time, and then the process name of the process is acquired through an application program interface function (for example, a GetModuleFileName API function) provided by the Windows system.
Preferably, the attribute information of the client includes a client ID, a client IP address, a client MAC address, a client hardware number, a client operating system version, a computer name in the client operating system, a user name in the client operating system, and the like.
Preferably, the attribute information of the process includes, but is not limited to, a path where the process is located, and a file name, a file size, digital signature information, a file description, a file version, a product name, a product version, copyright information, an original file name, etc. of a file corresponding to the process.
Preferably, when the process joins the trust database stored in the server, the time when the process joins the trust database is also synchronously changed to the current time of the server.
Preferably, the step (9) of determining whether the process is a fake process according to the attribute information of the process is implemented by determining whether a path where the process is located is in a specified directory, determining whether content in the attribute information of the process is sufficient, determining whether the attribute information of the process only includes initial information of a software development stage, or determining whether a difference between a file size corresponding to the process in the attribute information of the process and a file size corresponding to a trusted process is large.
Preferably, after the step (11), the client updates its own trust database according to the trust database of the server.
According to another aspect of the present invention, there is provided a system for processing a forgery process in a file transparent encryption and decryption system, including:
the first module is arranged in the client and used for acquiring a started process and acquiring a process name of the process;
the second module is arranged in the client and used for inquiring whether the process name acquired by the first module exists in the credit granting database of the client, if so, the process is directly operated, the process is finished, and if not, the third module is entered;
the third module is arranged in the client and used for extracting the fingerprint information of the process and inquiring whether the fingerprint information exists in the credit granting database, if so, the process is directly operated, the process is finished, otherwise, the fourth module is entered;
the fourth module is arranged in the client and used for sending the attribute information of the client, the attribute information of the process and the fingerprint information to the server and blocking the operation of the process;
the fifth module is arranged in the server and used for judging whether the fingerprint information of the process sent by the client can be inquired in the credit granting database of the server, if so, the sixth module is entered, and if not, the eighth module is entered;
the sixth module is arranged in the server and used for judging whether the number of times of receiving the attribute information of the process is greater than a preset threshold value N or not, if so, the seventh module is switched to, and if not, the eighth module is switched to;
a seventh module, configured to be disposed in the server, configured to add the process into the trust database, and send attribute information of the process to all clients connected to the process, where the process is completed;
the eighth module is arranged in the server and used for storing the attribute information of the client and the attribute information of the process in the credit granting database and setting the state of the client in the credit granting database as a non-credit granting state;
a ninth module, which is arranged in the server and is used for judging whether the process is a fake process according to the attribute information of the process, if so, entering the tenth module, otherwise, entering the eleventh module;
a tenth module, which is arranged in the server and is used for setting the field corresponding to the process in the credit granting database as a blacklist, sending the information that the process is a fake process to all clients connected with the process in a broadcast manner, and ending the process;
and an eleventh module, configured to set, in the server, a field corresponding to the process as a white list (if necessary, time for pulling the white list needs to be automatically filled, that is, credit granting time) in the credit granting database, and send attribute information of the process to all clients connected to the server.
In general, compared with the prior art, the above technical solution contemplated by the present invention can achieve the following beneficial effects:
(1) because the invention adopts the step (1), the step (3) and the step (4), all client sides of an enterprise can be used for collecting process fingerprint information, namely a crowdsourcing mechanism, in a large enterprise, as long as one client side of thousands of client sides uses a new version process, a server side can detect the process and distribute the process to all client sides in time, and the invention does not need to implement the participation of consultants and has strong usability.
(2) Because the invention adopts the step (6) and the step (7), the process fingerprint information reported by all the clients can be distinguished and stored, and the fingerprint information of the process is automatically brought into the credit granting database and distributed to all the clients according to the preset threshold (namely, after the clients more than or equal to the threshold report the process fingerprint information), enterprise managers and implementation consultants do not need to participate in the whole process, thereby greatly reducing the huge maintenance amount caused by software updating.
(3) Because the invention adopts the step (9) and the step (11), when the server identifies that the process information is a new process, the process can be automatically added into the credit granting database and issued to all the clients, so that the problem is solved in time and actively, and the defect that the problem can only be solved passively by the existing identification mode based on the process fingerprint is overcome.
(4) Because the invention adopts the step (9) and the step (10), when the server side confirms that the process is a fake process, the process is automatically added into the blacklist and is issued to all the client sides, so that the potential threat can be detected in real time and solved in time.
(5) Because the invention adopts the step (6) and the step (8), the process information submitted by the client is collected and stored, and the process information comprises the information of the computer name of the client user, the computer user name, the IP address, the MAC address, the hardware number, the path of the process file and the like, when the client runs popular cracking software in the market or cracks an anti-counterfeiting algorithm, the solidified evidence forms huge deterrence to the divulger, so that the divulger is not dared to divulge the secret or even does not want to divulge the secret.
(6) Because the invention adopts the step (12), the client updates the credit database as an incremental updating mechanism, and the dependence degree on the network condition is low.
Drawings
Fig. 1 is a flow chart of a processing method of a forgery process in the file transparent encryption and decryption system of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
As shown in fig. 1, the present invention provides a method for processing a counterfeit process in a transparent file encryption and decryption system, which includes the following steps:
(1) the client acquires a started process and acquires a process name of the process;
specifically, in this step, a global injection technology based on setwindows hookex or a Callback function (Callback) based on kernel drive is used to capture a started process in real time, and then a process name of the process is obtained through an Application Programming Interface (API) function (for example, a GetModuleFileName API function) provided by a Windows system.
(2) The client side inquires whether the process name acquired in the step (1) exists in a credit granting database, if so, the process is directly operated, the process is finished, otherwise, the step (3) is carried out;
specifically, the trust database is established in the client initialization stage, and stores the process, the process name, the fingerprint information of the process and the trust time in the form of a database.
In the step, the client directly queries whether the process name exists in the trust database through the SQL statement.
The later updating and maintaining of the credit database mainly adopts four mechanisms:
a crowdsourcing mechanism: all clients can report the process, and when a new process appears, the server can detect the new process in the first time.
And (3) rapid intervention: when the process of a certain gate software is changed, namely only a very small number of clients use the process, an administrator can set white on a WEB management console by one key.
Automatic distribution: whether the white setting is carried out manually or the white setting is carried out automatically by the background of the server, the automatic distribution is carried out, and all the client sides can acquire and update the credit granting database in real time.
Incremental downloading: the server trust database adopts an incremental downloading mode, only downloads a new data part, and has little dependence on network conditions.
(3) The client extracts the fingerprint information of the process, and inquires whether the fingerprint information exists in the credit granting database, if so, the process is directly operated, the process is finished, otherwise, the step (4) is carried out;
(4) the client sends the attribute information, the attribute information of the process and the fingerprint information to the server, and blocks the operation of the process;
specifically, the attribute information of the client includes, but is not limited to, a client ID, a client IP address, a client MAC address, a client hardware number, a client operating system version, a computer name in the client operating system, a user name in the client operating system, and the like;
the attribute information of the process includes, but is not limited to, a path where the process is located, and a file name, a file size, digital signature information, a file description, a file version, a product name, a product version, copyright information, an original file name, and the like of a file corresponding to the process.
(5) The server side judges whether the fingerprint information of the process sent by the client side can be inquired in the credit granting database, if so, the step (6) is carried out, otherwise, the step (8) is carried out;
(6) the server judges whether the number of times of receiving the attribute information of the process is greater than a preset threshold value N, if so, the step (7) is carried out, otherwise, the step (8) is carried out;
specifically, the value range of the preset threshold N is greater than 2 and less than 1000, and preferably equal to 30.
(7) The server adds the process into the credit granting database, and sends the attribute information (process name, process fingerprint and credit granting time) of the process to all clients connected with the server, and the process is finished;
specifically, when a process joins the trust database stored in the server, the trust time corresponding to the process (i.e., the time of joining the trust database) is also synchronously changed to the current time of the server.
(8) The server side stores the attribute information of the client side and the attribute information of the process in a credit granting database of the server side, and sets the state of the client side in the credit granting database as a non-credit granting state;
the purpose of the server side for storing the attribute information of the client side is to solidify the evidence so that a person who forges the process can be accurately found in the process of checking.
(9) The server judges whether the process is a fake process according to the attribute information of the process, if so, the step (10) is carried out, and if not, the step (11) is carried out;
specifically, the step of determining whether the process is a fake process according to the attribute information of the process may specifically be implemented in the following three ways:
firstly, common business software such as MS OFFICE is installed in a C: \ Program Files \ Microsoft OFFICE \ OFFICE15 directory, if the path of the process is not in the specified directory, such as E: \ code \ tools \ winword. exe, D: \ decryption \ access. exe, etc., the process can be judged as a counterfeit process;
secondly, general commercial software has more perfect attribute information, such as digital signature information, file description, file version, product name, product version, copyright information, original file name and the like, if the content in the attribute information of the process is less, or the attribute information of the process only comprises initial information of a software development stage, such as to do and the like, the process can be judged to be a counterfeit process;
and thirdly, comparing the file size corresponding to the process in the attribute information of the process with the file size corresponding to the process which has been granted, and if the file sizes are different greatly, if the file size of the process which is granted is 132M and the file size corresponding to the process is 50K, judging that the process is a fake process.
(10) The server sets the field corresponding to the process as a blacklist in the trust database (if necessary, the time for pulling in the blacklist needs to be automatically filled), sends the information of the process as a fake process to all the clients connected with the process in a broadcast mode, and the process is finished.
(11) The server sets the field corresponding to the process as a white list in a credit granting database (if necessary, the time for pulling in the white list, namely credit granting time, needs to be automatically filled), and automatically issues the attribute information (the process name, the process fingerprint and the credit granting time) of the process to all the clients connected with the server;
(12) and the client updates the credit granting database of the client according to the credit granting database of the server.
Specifically, the client obtains the last update time, such as 2019-07-2511:14:56, according to the local authorization library, and directly queries the server according to the time, such as select from K _ process sinfour where set time > 2019-07-2511:14: 56', and if data is returned, incremental downloading and updating are realized.
It will be understood by those skilled in the art that the foregoing is only a preferred embodiment of the present invention, and is not intended to limit the invention, and that any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (8)
1. A method for processing a counterfeit process in a file transparent encryption and decryption system is characterized by comprising the following steps:
(1) the client acquires a started process and acquires a process name of the process;
(2) the client side inquires whether the process name acquired in the step (1) exists in a credit granting database, if so, the process is directly operated, the process is finished, otherwise, the step (3) is carried out;
(3) the client extracts the fingerprint information of the process, and inquires whether the fingerprint information exists in the credit granting database, if so, the process is directly operated, the process is finished, otherwise, the step (4) is carried out;
(4) the client sends the attribute information, the attribute information of the process and the fingerprint information to the server, and blocks the operation of the process;
(5) the server side judges whether the fingerprint information of the process sent by the client side can be inquired in the credit granting database, if so, the step (6) is carried out, otherwise, the step (8) is carried out;
(6) the server judges whether the number of times of receiving the attribute information of the process is greater than a preset threshold value N, if so, the step (7) is carried out, otherwise, the step (8) is carried out;
(7) the server adds the process into the credit granting database, and sends the attribute information of the process to all clients connected with the server, and the process is finished;
(8) the server side stores the attribute information of the client side and the attribute information of the process in a credit granting database of the server side, and sets the state of the client side in the credit granting database as a non-credit granting state;
(9) the server judges whether the process is a fake process according to the attribute information of the process, if so, the step (10) is carried out, and if not, the step (11) is carried out;
(10) the server sets the field corresponding to the process in the credit granting database as a blacklist, sends the information that the process is a fake process to all clients connected with the server in a broadcasting mode, and the process is finished;
(11) the server sets the field corresponding to the process as a white list in the credit granting database, and issues the attribute information of the process to all clients connected with the server.
2. The processing method according to claim 1, wherein the step (1) is specifically configured to capture the started process in real time by using a setwindows hookex-based global injection technique or a kernel-driven callback function, and then obtain the process name of the process through an application program interface function provided by a Windows system.
3. The process of claim 1, wherein the attribute information of the client comprises a client ID, a client IP address, a client MAC address, a client hardware number, a client operating system version, a computer name in the client operating system, and a user name in the client operating system.
4. The processing method according to claim 1, wherein the attribute information of the process includes a path where the process is located, and a file name, a file size, digital signature information, a file description, a file version, a product name, a product version, copyright information, and an original file name of a file corresponding to the process.
5. The processing method according to claim 1, wherein the time when the process joins the trust database stored in the server is synchronously changed to the current time of the server.
6. The processing method according to claim 1, wherein the step (9) of determining whether the process is a fake process according to the attribute information of the process is performed by determining whether a path where the process is located is in a specified directory, determining whether content in the attribute information of the process is sufficient, determining whether the attribute information of the process only includes initial information of a software development stage, or determining whether a difference between a file size corresponding to the process and a file size corresponding to a trusted process in the attribute information of the process is large.
7. The process of claim 1, further comprising after step (11), the client updating its own trust database according to the trust database of the server.
8. A system for processing counterfeit processes in a file transparent encryption and decryption system, comprising:
the first module is arranged in the client and used for acquiring a started process and acquiring a process name of the process;
the second module is arranged in the client and used for inquiring whether the process name acquired by the first module exists in the credit granting database of the client, if so, the process is directly operated, the process is finished, and if not, the third module is entered;
the third module is arranged in the client and used for extracting the fingerprint information of the process and inquiring whether the fingerprint information exists in the credit granting database, if so, the process is directly operated, the process is finished, otherwise, the fourth module is entered;
the fourth module is arranged in the client and used for sending the attribute information of the client, the attribute information of the process and the fingerprint information to the server and blocking the operation of the process;
the fifth module is arranged in the server and used for judging whether the fingerprint information of the process sent by the client can be inquired in the credit granting database of the server, if so, the sixth module is entered, and if not, the eighth module is entered;
the sixth module is arranged in the server and used for judging whether the number of times of receiving the attribute information of the process is greater than a preset threshold value N or not, if so, the seventh module is switched to, and if not, the eighth module is switched to;
a seventh module, configured to be disposed in the server, configured to add the process into the trust database, and send attribute information of the process to all clients connected to the process, where the process is completed;
the eighth module is arranged in the server and used for storing the attribute information of the client and the attribute information of the process in the credit granting database and setting the state of the client in the credit granting database as a non-credit granting state;
a ninth module, which is arranged in the server and is used for judging whether the process is a fake process according to the attribute information of the process, if so, entering the tenth module, otherwise, entering the eleventh module;
a tenth module, which is arranged in the server and is used for setting the field corresponding to the process in the credit granting database as a blacklist, sending the information that the process is a fake process to all clients connected with the process in a broadcast manner, and ending the process;
and the eleventh module is arranged in the server and used for setting the field corresponding to the process in the credit granting database as a white list and sending the attribute information of the process to all clients connected with the server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910681391.0A CN110443050B (en) | 2019-07-26 | 2019-07-26 | Method and system for processing counterfeit process in file transparent encryption and decryption system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910681391.0A CN110443050B (en) | 2019-07-26 | 2019-07-26 | Method and system for processing counterfeit process in file transparent encryption and decryption system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110443050A CN110443050A (en) | 2019-11-12 |
| CN110443050B true CN110443050B (en) | 2021-02-09 |
Family
ID=68431628
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910681391.0A Active CN110443050B (en) | 2019-07-26 | 2019-07-26 | Method and system for processing counterfeit process in file transparent encryption and decryption system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110443050B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111092886B (en) * | 2019-12-17 | 2023-05-12 | 深信服科技股份有限公司 | Terminal defense method, system, equipment and computer readable storage medium |
| CN111310180A (en) * | 2020-02-18 | 2020-06-19 | 上海迅软信息科技有限公司 | Computer process anti-counterfeiting method for enterprise information security |
| CN112131565B (en) * | 2020-09-27 | 2024-12-03 | 浙江华途信息安全技术股份有限公司 | A transparent encryption and decryption anti-cracking method and management device thereof |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101650768A (en) * | 2009-07-10 | 2010-02-17 | 深圳市永达电子股份有限公司 | Security guarantee method and system for Windows terminals based on auto white list |
| CN103425926A (en) * | 2012-05-14 | 2013-12-04 | 腾讯科技(深圳)有限公司 | Application program starting method, list configuring method, terminal and server |
| CN103559438A (en) * | 2013-10-31 | 2014-02-05 | 上海上讯信息技术有限公司 | Progress identification method and progress identification system |
| CN103856524A (en) * | 2012-12-04 | 2014-06-11 | 中山大学深圳研究院 | Method and system for identifying legal content on basis of white list of user agent |
| CN104580203A (en) * | 2014-12-31 | 2015-04-29 | 北京奇虎科技有限公司 | Website malicious program detection method and device |
| CN105446741A (en) * | 2015-12-10 | 2016-03-30 | 北京邮电大学 | API (Application Program Interface) comparison based mobile application identification method |
| CN106548048A (en) * | 2016-10-28 | 2017-03-29 | 北京优炫软件股份有限公司 | A kind of method for Process flowchart, device and system |
| CN106778261A (en) * | 2015-11-20 | 2017-05-31 | 中兴通讯股份有限公司 | The treating method and apparatus of camouflage applications |
| CN107077561A (en) * | 2017-01-10 | 2017-08-18 | 深圳怡化电脑股份有限公司 | Verify method, self-aided terminal and the application server of upper layer application identity |
| CN107451469A (en) * | 2017-09-14 | 2017-12-08 | 郑州云海信息技术有限公司 | A kind of process management system and method |
| CN109446753A (en) * | 2018-09-10 | 2019-03-08 | 平安科技(深圳)有限公司 | Detect method, apparatus, computer equipment and the storage medium of pirate application program |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9325731B2 (en) * | 2008-03-05 | 2016-04-26 | Facebook, Inc. | Identification of and countermeasures against forged websites |
| CN107944232A (en) * | 2017-12-08 | 2018-04-20 | 郑州云海信息技术有限公司 | A kind of design method and system of the Active Defending System Against based on white list technology |
-
2019
- 2019-07-26 CN CN201910681391.0A patent/CN110443050B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101650768A (en) * | 2009-07-10 | 2010-02-17 | 深圳市永达电子股份有限公司 | Security guarantee method and system for Windows terminals based on auto white list |
| CN103425926A (en) * | 2012-05-14 | 2013-12-04 | 腾讯科技(深圳)有限公司 | Application program starting method, list configuring method, terminal and server |
| CN103856524A (en) * | 2012-12-04 | 2014-06-11 | 中山大学深圳研究院 | Method and system for identifying legal content on basis of white list of user agent |
| CN103559438A (en) * | 2013-10-31 | 2014-02-05 | 上海上讯信息技术有限公司 | Progress identification method and progress identification system |
| CN104580203A (en) * | 2014-12-31 | 2015-04-29 | 北京奇虎科技有限公司 | Website malicious program detection method and device |
| CN106778261A (en) * | 2015-11-20 | 2017-05-31 | 中兴通讯股份有限公司 | The treating method and apparatus of camouflage applications |
| CN105446741A (en) * | 2015-12-10 | 2016-03-30 | 北京邮电大学 | API (Application Program Interface) comparison based mobile application identification method |
| CN106548048A (en) * | 2016-10-28 | 2017-03-29 | 北京优炫软件股份有限公司 | A kind of method for Process flowchart, device and system |
| CN107077561A (en) * | 2017-01-10 | 2017-08-18 | 深圳怡化电脑股份有限公司 | Verify method, self-aided terminal and the application server of upper layer application identity |
| CN107451469A (en) * | 2017-09-14 | 2017-12-08 | 郑州云海信息技术有限公司 | A kind of process management system and method |
| CN109446753A (en) * | 2018-09-10 | 2019-03-08 | 平安科技(深圳)有限公司 | Detect method, apparatus, computer equipment and the storage medium of pirate application program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110443050A (en) | 2019-11-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11349855B1 (en) | System and method for detecting encrypted ransom-type attacks | |
| US11934497B2 (en) | Content anti-piracy management system and method | |
| US8769296B2 (en) | Software signature tracking | |
| US9602515B2 (en) | Enforcing alignment of approved changes and deployed changes in the software change life-cycle | |
| US20200226233A1 (en) | Distributed ledger-based digital content piracy deterrence | |
| CN110443050B (en) | Method and system for processing counterfeit process in file transparent encryption and decryption system | |
| US9311485B2 (en) | Device reputation management | |
| KR101977178B1 (en) | Method for file forgery check based on block chain and computer readable recording medium applying the same | |
| US9489529B2 (en) | Data security system | |
| CN104219232B (en) | Method for controlling file security of block distributed file system | |
| CN112651039A (en) | Electric power data differentiation desensitization method and device fusing service scenes | |
| CN117951682A (en) | Application process detection processing method, system, device and computer equipment | |
| US7987513B2 (en) | Data-use restricting method and computer product | |
| US20240111877A1 (en) | Delivering augmented threat assessment values to a security threat management facility | |
| US20240427939A1 (en) | Methods and associated computer systems for ensuring the integrity of data | |
| CN110958236A (en) | Dynamic authorization method of operation and maintenance auditing system based on risk factor insight | |
| KR101029333B1 (en) | Watermark Automatic Processing System and Method | |
| CN110602092B (en) | Method for only allowing designated IP to update website based on process forwarding | |
| Pol et al. | Data leakage detection | |
| US20240143805A1 (en) | Document protection mechanism | |
| KR101976802B1 (en) | A Contents Monitering System For Protection Of Copyright | |
| CN116155565B (en) | Data access control method and device | |
| CN120337290A (en) | Linux kernel file access control method and device based on black and white lists | |
| CN118965405A (en) | Access processing method, device, electronic device and storage medium | |
| CN120296779A (en) | A method and system for preventing leakage of engineering supervision documents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |