技术领域technical field
本发明涉及互联网技术领域,尤其涉及一种终端应用的安全控制方法及系统。The present invention relates to the technical field of the Internet, in particular to a security control method and system for terminal applications.
背景技术Background technique
随着网联网技术的飞速发展,人们对各种网络应用(Application)的需求也越来越广泛,但人们也发现,很多网络应用也变得越来越不安全。With the rapid development of networking technology, people have more and more demands on various network applications (Application), but people also find that many network applications are becoming more and more insecure.
例如,有些恶意程序会将一些恶意网页的访问快捷方式伪装成在用户原有桌面上的正常快捷方式图标,当用户点击打开时,发现这个网页根本不是自己想要访问的网站。还有一些恶意程序会在用户执行应用时篡改访问地址,等等,这些篡改行为都会对用户终端的安全造成很大威胁。For example, some malicious programs will disguise the access shortcuts of some malicious webpages as normal shortcut icons on the user's original desktop. When the user clicks to open it, he finds that this webpage is not the website he wants to visit at all. There are also some malicious programs that tamper with the access address when the user executes the application, etc., and these tampering behaviors will cause a great threat to the security of the user terminal.
一般来说,各种终端应用都会具有相应的入口标识,例如各种可执行文件的标识、桌面快捷方式图标,或待下载应用的展示标识等,通过这些入口标识来启动对应的应用,这些应用可以包括web访问、各种文档,或者游戏等。但在现有技术下,这些入口标识的来源及安全性是缺乏控制的,相应的,与入口标识对应的终端应用也无法得到有效的安全控制,因此,就会给那些恶意程序留下篡改图标或恶意添加图标的可乘之机,给用户终端造成安全威胁。Generally speaking, various terminal applications will have corresponding entry identifiers, such as identifiers of various executable files, desktop shortcut icons, or display identifiers of applications to be downloaded, etc., through which the corresponding applications are started. Can include web access, various documents, or games. However, under the existing technology, the source and security of these entrance signs are lack of control. Correspondingly, the terminal applications corresponding to the entrance signs cannot be effectively controlled. Therefore, tampering icons will be left for those malicious programs. Or maliciously add icons, causing security threats to user terminals.
发明内容Contents of the invention
本发明所要解决的技术问题在于提供一种终端应用的安全控制方法及系统,以克服现有技术中无法对用于启动终端应用的入口标识的来源及安全性进行有效控制和管理的问题。The technical problem to be solved by the present invention is to provide a terminal application security control method and system to overcome the problem in the prior art that the source and security of the entry identifier used to start the terminal application cannot be effectively controlled and managed.
为解决上述技术问题,本发明提供一种终端应用的安全控制方法,包括:In order to solve the above technical problems, the present invention provides a security control method for terminal applications, including:
在终端屏幕的用户界面中设置有至少一个来自指定的安全网络路径并用于启动终端应用的入口标识;In the user interface of the terminal screen, at least one entry identifier from a specified secure network path and used to start the terminal application is set;
利用该安全网络路径对所述入口标识和/或由入口标识启动的终端应用进行安全验证。The secure network path is used to perform security verification on the entry identifier and/or the terminal application started by the entry identifier.
本发明进而还提供一种终端应用的安全控制系统,包括:The present invention further provides a security control system for terminal applications, including:
设置模块,用于在终端屏幕的用户界面中设置有至少一个来自指定的安全网络路径并用于启动终端应用的入口标识;A setting module, configured to set at least one entry identifier from a specified secure network path and used to start a terminal application in the user interface of the terminal screen;
验证模块,用于利用该安全网络路径对所述入口标识和/或由入口标识启动的终端应用进行安全验证。The verification module is configured to use the secure network path to perform security verification on the entry identifier and/or the terminal application started by the entry identifier.
应用本发明,通过控制终端屏幕上展示的入口标识和/或对应的终端应用程序的来源,保证了终端应用在源头上的安全性;而通过控制终端应用的执行参数或数据的获取模式,保证了终端应用执行的安全性。同时,本发明的安全控制模式也为各种安全验证提供了应用基础。By applying the present invention, by controlling the source of the entry logo displayed on the terminal screen and/or the corresponding terminal application program, the security of the terminal application at the source is guaranteed; and by controlling the execution parameters or data acquisition mode of the terminal application, it is guaranteed The security of terminal application execution is ensured. At the same time, the security control mode of the present invention also provides an application basis for various security verifications.
附图说明Description of drawings
图1为根据本发明的实施例所述的一种终端应用的安全控制方法示意图。Fig. 1 is a schematic diagram of a security control method for a terminal application according to an embodiment of the present invention.
图2为本发明实施例所述的应用环境示意图。Fig. 2 is a schematic diagram of the application environment described in the embodiment of the present invention.
图3为根据本发明另一实施例所述的终端应用的安全控制方法示意图。Fig. 3 is a schematic diagram of a security control method for a terminal application according to another embodiment of the present invention.
图4为根据本发明实施例所述的终端应用的安全控制系统示意图。Fig. 4 is a schematic diagram of a security control system for terminal applications according to an embodiment of the present invention.
具体实施方式detailed description
下面结合附图,对本发明的实施例进行详细说明。Embodiments of the present invention will be described in detail below in conjunction with the accompanying drawings.
如图1所示,为根据本发明的实施例所述的一种终端应用的安全控制方法示意图,首先,在终端屏幕的用户界面中设置有至少一个来自指定的安全网络路径并用于启动终端应用的入口标识(步骤101);此外,利用该安全网络路径对所述入口标识和/或由入口标识启动的终端应用进行安全验证(步骤102)。As shown in FIG. 1 , it is a schematic diagram of a security control method for a terminal application according to an embodiment of the present invention. First, at least one path from a specified secure network is set in the user interface of the terminal screen and is used to start the terminal application. In addition, use the secure network path to perform security verification on the entry identifier and/or the terminal application started by the entry identifier (step 102).
在本发明实施例中,所述的安全网络路径,一方面是指通信的安全性,另一方面也包括网络地址存放的数据的安全性。通信安全性的保障可以利用鉴权或认证等方式;数据安全性的保障可以通过病毒扫描以及云查杀等多种方式。In the embodiment of the present invention, the secure network path refers to the security of communication on the one hand, and also includes the security of data stored in the network address on the other hand. Communication security can be guaranteed by means of authentication or authentication; data security can be guaranteed by virus scanning, cloud scanning and other methods.
其中,本发明实施例所述入口标识是与终端应用相对应的启动入口,其表现形式可以是可执行文件的标识、桌面快捷方式,或待下载应用的展示标识等,包括按钮,或文字等其他可识别的形式。下面以图标为例,对本发明进行说明。Wherein, the entry identifier described in the embodiment of the present invention is a startup entry corresponding to the terminal application, and its expression form may be an identifier of an executable file, a desktop shortcut, or a display identifier of an application to be downloaded, etc., including buttons or text, etc. other identifiable forms. The present invention will be described below by taking icons as examples.
终端应用的入口标识,可以是以图标的形式展示于桌面上,或以文字形式设置于开始菜单中,可通过现有的终端桌面作为用户界面展示,或利用在终端桌面上生成新的用户界面(例如程序窗口)进行集中展示,本发明对此不做限制,但优选的是独立生成一个新的专用界面,并在该专用界面中做集中统一展示,这样对于用户来说非常直观,而且便于使用和管理,使用户可以更加方便的检查是否有被恶意添加或篡改的图标出现。The entry mark of the terminal application can be displayed on the desktop in the form of an icon, or set in the start menu in the form of text, and can be displayed as a user interface through the existing terminal desktop, or a new user interface can be generated on the terminal desktop (such as program windows) for centralized display, the present invention does not limit this, but it is preferable to independently generate a new dedicated interface, and perform centralized and unified display in this dedicated interface, which is very intuitive for users and convenient Use and management, so that users can more conveniently check whether there are icons that have been maliciously added or tampered with.
如图2所示,根据本发明的实施例,终端侧201的用户界面202上的这些入口标识203,是来自于指定的安全网络路径上的标识,利用该安全网络路径对所述入口标识和/或由入口标识启动的终端应用进行安全验证,从而防止了恶意程序对图标的篡改和添加。As shown in FIG. 2 , according to the embodiment of the present invention, these entry identifiers 203 on the user interface 202 of the terminal side 201 are identifiers from a specified secure network path, and the entry identifier and /or the terminal application started by the entry ID performs security verification, thereby preventing tampering and adding of icons by malicious programs.
例如,对于一些网页类的图标,由于用户界面中展示的上述图标都对应有固定的访问地址,而且是由中心服务器经过验证并统一发送统一管理的,因此,安全性是有保证的,而且,还可以由网络侧中心服务器通过该安全网络路径做定期验证,进一步提供了安全性。For example, for some webpage icons, since the above-mentioned icons displayed in the user interface correspond to fixed access addresses, and are verified and sent by the central server for unified management, security is guaranteed, and, The central server on the network side can also conduct periodic verification through the secure network path, which further provides security.
该安全网络路径可以是指向一台指定的网络侧中心服务器204中的存储空间,而该空间中存储的各种入口标识都是经过安全验证的,这就在源头上保证了各种终端应用的安全启动。为进一步保障与图标相对应的应用程序的安全性,可以控制所述与终端侧入口标识相对应的终端应用也是来自于指定的安全网络路径,而这些终端应用也是经过安全验证的。The secure network path may point to a designated storage space in the central server 204 on the network side, and the various entry identifiers stored in this space are all verified through security, which guarantees the security of various terminal applications at the source. secure boot. In order to further ensure the security of the application program corresponding to the icon, it can be controlled that the terminal application corresponding to the terminal-side entry identifier also comes from a designated secure network path, and these terminal applications are also security-verified.
此外,还可以通过该安全网络路径,由网络侧对终端侧已经展示的入口标识和/或由入口标识启动的终端应用进行安全验证。例如,对存在于安全网络路径的入口标识进行MD5运算,得出唯一值,并对终端侧已经展示的对应的入口标识也进行MD5运算,比较两个运算结果是否相同,如果相同,则表示通过验证。而对与入口标识对应的终端应用,同样可以使用MD5运算,得出存在于网络侧的应用程序的MD5值和终端侧的相应应用程序的MD5值,并加以比较,得出是否一致的判断。In addition, through the secure network path, the network side can perform security verification on the portal identifier displayed on the terminal side and/or the terminal application started by the portal identifier. For example, perform MD5 calculation on the entry ID existing in the secure network path to obtain a unique value, and perform MD5 calculation on the corresponding entry ID already displayed on the terminal side, and compare whether the two operation results are the same, if they are the same, it means passing verify. For the terminal application corresponding to the entry ID, the MD5 calculation can also be used to obtain the MD5 value of the application program on the network side and the MD5 value of the corresponding application program on the terminal side, and compare them to determine whether they are consistent.
存储于网络侧中心服务器中的图标等入口标识,可以先发送至终端侧存储,然后在终端侧选择性的展示于用户界面中,这时,虽然用户界面中展示的图标是选自终端侧的图标集合,但其最终仍然是来自于指定的网络路径,因此,在本发明中,这种方式也被认为是来自于指定的网络路径的范畴。The icons and other entry identifiers stored in the central server on the network side can be sent to the terminal side for storage first, and then selectively displayed on the user interface on the terminal side. At this time, although the icons displayed on the user interface are selected from the terminal side Icon collection, but ultimately still come from the specified network path, therefore, in the present invention, this method is also considered to be from the category of the specified network path.
用户界面中的图标可以由网络侧中心服务器集中部署或推送,这就防止了恶意程序在界面中随意添加恶意图标,很好的提高了安全性。The icons in the user interface can be centrally deployed or pushed by the central server on the network side, which prevents malicious programs from adding malicious icons in the interface at will, which greatly improves security.
根据本发明的另一实施例,本发明也可以允许用户在界面中自行添加入口标识,对于这些来自于所述安全网络路径之外的入口标识,在被添加至所述用户界面时,可以利用指定的安全网络路径对该入口标识或连带其对应的终端应用进行安全验证;也可以是由终端在添加来自于所述指定的安全网络路径之外的入口标识后,通知所述的安全网络路径提供经过安全验证的入口标识,并利用经过安全验证的入口标识替换指定的安全网络路径之外的入口标识设置在用户界面中;也可以是在终端收到来自于所述安全网络路径之外的入口标识的用户界面添加请求后,向网络侧中心服务器请求对应的经过安全验证的入口标识经由指定的安全网络路径推送至所述终端侧进行展示。According to another embodiment of the present invention, the present invention may also allow users to add entry identifiers in the interface by themselves. For these entry identifiers from outside the secure network path, when added to the user interface, you can use The specified secure network path performs security verification on the entry identifier or its corresponding terminal application; or the terminal notifies the secure network path after adding an entry identifier from outside the specified secure network path Provide a security-verified entry identifier, and use the security-verified entry identifier to replace the specified entry identifier outside the secure network path and set it in the user interface; it can also be when the terminal receives the After adding a request to the user interface of the entry identifier, the central server on the network side requests the corresponding security-verified entry identifier to be pushed to the terminal side for display via a designated secure network path.
同样,对来自于安全网络路径之外的入口标识或终端应用的验证,也可以采用多种验证方式,例如采用证书签名验证、执行参数验证、MD5验证等。Similarly, multiple verification methods can also be used for the verification of the entrance identifier or terminal application from outside the secure network path, such as certificate signature verification, execution parameter verification, MD5 verification, and so on.
与图标相对应的应用程序,可以是在本地终端已经安装好的,这时,图标作为入口,启动的是该本地终端已经安装好的应用程序;也可以是本地终端未安装的,这时,需要首先通过指定的安全网络路径从中心服务器下载并安装该应用程序,而在网络侧的应用程序也是经过安全验证的,因此,同样具有提高安全性的功效。而是否在本地已经安装的判断,可以通过根据图标属性或名称对本地终端进行已安装程序的关联性扫描等手段而获知,如果已经安装,则与找到的程序建立关联,并启动该程序;如果未安装,则向中心服务器发出下载请求。此外,对于与入口标识相对应的终端应用,还可以由终端侧请求网络侧中心服务器通过所述指定的安全网络路径将所述终端应用推送至所述终端侧。The application program corresponding to the icon can be installed on the local terminal. At this time, the icon is used as an entry to start the application program installed on the local terminal; it can also be not installed on the local terminal. At this time, The application program needs to be downloaded and installed from the central server through the designated safe network path first, and the application program on the network side is also verified for safety, so it also has the effect of improving security. The judgment of whether it has been installed locally can be learned by means of scanning the association of the installed program on the local terminal according to the icon attribute or name. If it has been installed, establish an association with the found program and start the program; if If not installed, a download request is sent to the central server. In addition, for the terminal application corresponding to the entry identifier, the terminal side may also request the network side central server to push the terminal application to the terminal side through the designated secure network path.
对于某些终端应用,例如web应用,现有的执行方式是在本地终端中将其完整的应用程序存储下来,包括网络访问地址等关键的执行参数或数据,当获得执行时,根据对应的应用程序对指定网址进行访问等。但如果有恶意程序对该应用中的执行参数或数据进行了篡改,则其获得执行后所获得的执行结果就不是用户所需要的。For some terminal applications, such as web applications, the existing execution method is to store the complete application program in the local terminal, including key execution parameters or data such as network access address. The program visits the specified URL, etc. However, if a malicious program tampers with the execution parameters or data in the application, the execution result obtained after the execution is not what the user needs.
本发明对现有方式进行了改进,如图3所示,为根据本发明另一实施例所述的终端应用的安全控制方法示意图,首先由所述终端向指定的安全网络路径请求与所述入口标识相对应的终端应用的执行参数和/或数据(步骤301);然后,所述终端根据经由所述安全网络路径获得的执行参数和/或数据,执行所述与该入口标识相对应的应用(步骤302)。The present invention improves the existing method. As shown in FIG. 3 , it is a schematic diagram of a security control method for terminal applications according to another embodiment of the present invention. The execution parameters and/or data of the terminal application corresponding to the entry identifier (step 301); then, the terminal executes the application corresponding to the entry identifier according to the execution parameters and/or data obtained via the secure network path Apply (step 302).
其中,所述执行参数可以包括所述应用的访问地址、展示规格,或打开方式等信息;执行数据可以包括执行应用过程中表现应用具体内容的数据,例如下载的可执行文件等。Wherein, the execution parameters may include information such as the access address, display specification, or opening mode of the application; the execution data may include data representing specific content of the application during the execution of the application, such as downloaded executable files.
通过这种方式,可以将重要的执行参数和/或数据通过安全网络路径放在网络侧中心服务器,根据终端侧的请求而发送至终端侧,而这些执行参数和/或数据,也是在网络侧被安全验证过的,这样也保证了终端侧的执行安全性。In this way, important execution parameters and/or data can be placed on the central server on the network side through a secure network path, and sent to the terminal side according to the request of the terminal side, and these execution parameters and/or data are also on the network side It has been verified for safety, which also ensures the execution security of the terminal side.
而且,网络侧中心服务器可以通过与第三方内容服务器的交互获得更新的执行参数和/或数据,例如,如果某个应用的访问地址发生变化,中心服务器会通过与内容服务器的交互获得更新后的地址信息,并通过执行参数的传递而发送过来,杜绝了因访问地址变更给恶意程序留下的可乘之机;而如果是某个应用中的某个具体的配置文件发生了修改,则中心服务器也可以通过内容服务器的交互获得更新后的配置文件,并通过执行数据的传递而发送至终端侧,防止了恶意程序在对终端应用的某些配置文件的修改。Moreover, the central server on the network side can obtain updated execution parameters and/or data through interaction with the third-party content server. For example, if the access address of an application changes, the central server will obtain the updated The address information is sent through the transmission of execution parameters, which eliminates the opportunity left by malicious programs due to changes in access addresses; and if a specific configuration file in an application is modified, the central The server can also obtain the updated configuration file through the interaction of the content server, and send the updated configuration file to the terminal side by performing data transmission, which prevents malicious programs from modifying certain configuration files of the terminal application.
此外,执行参数还可以携带对应应用的呈现规格或打开方式等信息,终端收到后,执行对应的终端应用时可自动按照适配的规格或方式打开对应应用,这样就减少了终端侧需要用户介入的时间和环节,减少了恶意程序在呈现以及打开等环节上的不安全因素。In addition, the execution parameter can also carry information such as the presentation specification or opening method of the corresponding application. After the terminal receives it, it can automatically open the corresponding application according to the adapted specification or method when executing the corresponding terminal application, which reduces the need for users on the terminal side. The time and link of intervention reduce the unsafe factors in the presentation and opening of malicious programs.
为进一步提高安全性,所述终端还可以根据所述执行参数和/或数据,对所述应用内容进行验证。例如,执行参数中提供了访问地址、打开方式、展现规则等内容,而在该终端应用执行时,终端可以对该正在打开的应用是否与收到的参数的一致性进行验证,如果访问地址、打开方式、展现规则等执行参数中有一个不一样则不允许打开,如此,则进一步防止了恶意程序对应用进行拦截,而从更换访问地址的情况。同理,终端也可以根据指定的安全网络路径验证执行数据,比如利用该安全网络路径提供的所述应用的验证码验证执行数据是否被篡改。To further improve security, the terminal may also verify the application content according to the execution parameters and/or data. For example, the execution parameters provide access address, opening method, display rules, etc., and when the terminal application is executed, the terminal can verify whether the application being opened is consistent with the received parameters. If the access address, If one of the execution parameters such as the opening method and the display rule is different, it is not allowed to open. In this way, it further prevents malicious programs from intercepting the application and changing the access address. Similarly, the terminal may also verify the execution data according to the specified secure network path, for example, verify whether the execution data has been tampered with using the verification code of the application provided by the secure network path.
还可以进一步根据网络侧中心服务器中的对应应用的执行参数和/或数据,对终端侧的所述对应的执行参数和/或数据进行验证。例如,可以由服务器将网络侧存储的执行参数或数据与终端侧下载保存的执行参数或数据的MD5值或其他验证码进行比对,来进行验证;或者反过来,由终端侧主动与服务器侧进行比对,都可以执行安全验证。The corresponding execution parameters and/or data at the terminal side may also be verified further according to the execution parameters and/or data of the corresponding application in the central server at the network side. For example, the server can compare the execution parameters or data stored on the network side with the MD5 value or other verification codes of the execution parameters or data downloaded and saved by the terminal side to perform verification; or conversely, the terminal side actively communicates with the server side For comparison, security verification can be performed.
还可以根据所述来自于安全网络路径的入口标识对所述在终端侧展示的入口标识进行安全验证,具体可以包括以下几种方式:The security verification of the entrance identification displayed on the terminal side may also be performed according to the entrance identification from the secure network path, which may specifically include the following methods:
由网络侧中心服务器获取所述终端侧的所述入口标识,并利用所述安全网络路径的入口标识对所述终端侧的对应入口标识进行安全验证。例如,为保证终端侧的图标或对应的执行参数和/或数据与网络侧的一致性,中心服务器可以定期对终端侧的图标进行验证,以防止恶意程序的修改。The central server on the network side acquires the entry identifier on the terminal side, and uses the entry identifier of the secure network path to perform security verification on the corresponding entry identifier on the terminal side. For example, in order to ensure the consistency of the icons on the terminal side or the corresponding execution parameters and/or data with those on the network side, the central server may periodically verify the icons on the terminal side to prevent modification of malicious programs.
或者,由所述终端获取所述安全网络路径的入口标识的验证信息(例如数字证书、MD5验证码等),对所述用户界面展示的对应入口标识进行安全验证。Alternatively, the terminal obtains the verification information (for example, digital certificate, MD5 verification code, etc.) of the entry identifier of the secure network path, and performs security verification on the corresponding entry identifier displayed on the user interface.
或者,由所述终端利用从所述安全网络路径获取的入口标识生成验证信息,并对用户界面展示的对应入口标识进行安全验证。Alternatively, the terminal generates verification information using the entry identifier obtained from the secure network path, and performs security verification on the corresponding entry identifier displayed on the user interface.
上述对入口标识的验证模式,同样适用于对终端应用或应用的执行参数及数据的安全验证。The above-mentioned verification mode for the entry ID is also applicable to the security verification of the terminal application or the execution parameters and data of the application.
这种验证,可以是通过图标的身份ID与图标本身或其对应的应用的唯一性运算(如MD5算法)之间的一致性来确认,如果被恶意程序修改过,则这种一致性就会被打破。This kind of verification can be confirmed by the consistency between the identity ID of the icon and the unique operation (such as MD5 algorithm) of the icon itself or its corresponding application. If it is modified by a malicious program, this consistency will be be broken.
此外,所述终端在获得与所述图标相对应的应用的执行参数和/或数据后,还可以更新该图标的展示状态,以进一步提示用户。例如,未获得执行参数前,图标可以是黑白色,或暗色,而在获得后,可以变为彩色或亮色。In addition, after the terminal obtains the execution parameters and/or data of the application corresponding to the icon, it may also update the display state of the icon to further prompt the user. For example, before the execution parameter is obtained, the icon may be black and white or dark, and after the execution parameter is obtained, it may be colored or bright.
执行参数和/或数据在下载到终端后,可以保存在终端侧用于下次执行;也可以在终端侧不保存,而每次在执行对应的终端应用时都通过网络侧中心服务器下载,这样可以减少在本地被篡改的几率,进一步提高安全性。After the execution parameters and/or data are downloaded to the terminal, they can be saved on the terminal side for next execution; they can also not be saved on the terminal side, but downloaded through the central server on the network side every time the corresponding terminal application is executed, so that It can reduce the chance of local tampering and further improve security.
所述终端根据网络侧中心服务器发送的命令,还可以对终端侧展示图标和/或对应的执行参数和/或数据进行更新。According to the command sent by the central server on the network side, the terminal may also update the icon displayed on the terminal side and/or the corresponding execution parameters and/or data.
如图4所示,为根据本发明实施例所述的终端应用的安全控制系统示意图,首先包括设置模块401,验证模块402,其中:As shown in FIG. 4 , it is a schematic diagram of a security control system for terminal applications according to an embodiment of the present invention. It first includes a setting module 401 and a verification module 402, wherein:
所述设置模块401,用于在终端屏幕的用户界面中设置有至少一个来自指定的安全网络路径并用于启动终端应用的入口标识;The setting module 401 is configured to set in the user interface of the terminal screen at least one entry identifier from a designated secure network path and used to start the terminal application;
所述验证模块402,用于利用该安全网络路径对所述入口标识和/或由入口标识启动的终端应用进行安全验证。The verification module 402 is configured to use the secure network path to perform security verification on the entry identifier and/or the terminal application started by the entry identifier.
同样,所述入口标识启动的终端应用也是来自于指定的安全网络路径;所述验证模块根据该安全网络路径保存的所述终端应用对所述终端应用进行安全验证。Similarly, the terminal application started by the entry identifier also comes from a designated secure network path; the verification module performs security verification on the terminal application according to the terminal application stored in the secure network path.
所述验证模块402,可以根据该安全网络路径保存的入口标识和/或入口标识的执行参数对所述用户界面中设置的入口标识和/或由入口标识启动的终端应用进行安全验证。The verification module 402 may perform security verification on the entry identifier set in the user interface and/or the terminal application started by the entry identifier according to the entry identifier and/or the execution parameters of the entry identifier saved in the secure network path.
所述验证模块402,还可以在终端侧对来自于所述安全网络路径之外的入口标识,在被添加至所述用户界面时,利用指定的安全网络路径对该入口标识进行安全验证。The verification module 402 may also use a designated secure network path to perform security verification on the entry identifier from outside the secure network path when added to the user interface at the terminal side.
所述验证模块402,进一步利用指定的安全网络路径对与所述入口标识相对应的终端应用进行安全验证。The verification module 402 further uses the specified secure network path to perform security verification on the terminal application corresponding to the entry identifier.
所述验证模块402,可以在终端侧添加来自于所述指定的安全网络路径之外的入口标识后,通知所述的安全网络路径提供经过安全验证的入口标识,并利用经过安全验证的入口标识替换指定的安全网络路径之外的入口标识设置在用户界面中。The verification module 402 can notify the secure network path to provide a security-verified entry identifier after adding an entry identifier from outside the specified secure network path on the terminal side, and use the security-verified entry identifier Replaces the ingress id setting in the user interface with the specified secure network path.
所述验证模块402,还可以在终端侧收到来自于所述安全网络路径之外的入口标识的用户界面添加请求后,向网络侧中心服务器405请求对应的经过安全验证的入口标识经由指定的安全网络路径推送至所述终端侧进行展示。The verification module 402 may also request the network-side central server 405 for a corresponding security-verified entry ID via a specified The secure network path is pushed to the terminal side for display.
所述验证模块402,还可以进一步用于请求网络侧中心服务器405通过所述指定的安全网络路径将与所述入口标识相对应的终端应用推送至所述终端侧。The verification module 402 may be further configured to request the central server 405 on the network side to push the terminal application corresponding to the entry identifier to the terminal side through the specified secure network path.
请继续参考图4,所述安全控制系统还可以进一步包括:参数请求模块403,参数执行模块404,其中:Please continue to refer to FIG. 4, the safety control system may further include: a parameter request module 403, a parameter execution module 404, wherein:
所述参数请求模块403,用于控制所述终端向指定的安全网络路径请求与所述入口标识相对应的终端应用的执行参数和/或数据;The parameter request module 403 is configured to control the terminal to request execution parameters and/or data of the terminal application corresponding to the entry identifier from a specified secure network path;
所述参数执行模块404,用于控制所述终端根据经由所述安全网络路径获得的执行参数和/或数据,执行所述与该入口标识相对应的应用。The parameter execution module 404 is configured to control the terminal to execute the application corresponding to the entry identifier according to the execution parameters and/or data obtained via the secure network path.
所述验证模块402,可进一步用于根据来自于所述安全网络路径的执行参数和/或数据,对终端侧的所述对应的执行参数和/或数据进行验证。The verification module 402 may be further configured to verify the corresponding execution parameters and/or data on the terminal side according to the execution parameters and/or data from the secure network path.
图4中所示验证模块402位于终端侧,实际上,所述验证模块也可以位于网络侧中心服务器,由中心服务器发起对终端侧的各种安全验证。The verification module 402 shown in FIG. 4 is located at the terminal side. In fact, the verification module may also be located at the central server on the network side, and the central server initiates various security verifications on the terminal side.
本发明所述终端,不仅包括PC桌面终端,也可以包括手机等移动终端或其他便携式终端。利用本发明,可为用户的各种终端应用提供直观、简便以及高效、统一的安全管理机制。The terminals in the present invention include not only PC desktop terminals, but also mobile terminals such as mobile phones or other portable terminals. The invention can provide intuitive, simple, efficient and unified safety management mechanism for various terminal applications of users.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410415019.2ACN104158812B (en) | 2011-04-01 | 2011-04-01 | A security control method and system for terminal applications |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110082781.XACN102148831B (en) | 2011-04-01 | 2011-04-01 | A security control method and system for terminal applications |
| CN201410415019.2ACN104158812B (en) | 2011-04-01 | 2011-04-01 | A security control method and system for terminal applications |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110082781.XADivisionCN102148831B (en) | 2011-04-01 | 2011-04-01 | A security control method and system for terminal applications |
| Publication Number | Publication Date |
|---|---|
| CN104158812A CN104158812A (en) | 2014-11-19 |
| CN104158812Btrue CN104158812B (en) | 2018-01-26 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410415019.2AActiveCN104158812B (en) | 2011-04-01 | 2011-04-01 | A security control method and system for terminal applications |
| Country | Link |
|---|---|
| CN (1) | CN104158812B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105701403B (en)* | 2014-11-25 | 2018-07-13 | 卓望数码技术(深圳)有限公司 | The password processing path recognition methods of Android application and the device using this method |
| FR3045304B1 (en) | 2015-12-16 | 2018-10-12 | Seb Sa | METHOD FOR CONTROLLING A CULINARY PREPARATION APPARATUS |
| CN107301334B (en)* | 2017-06-28 | 2020-03-17 | Oppo广东移动通信有限公司 | Payment application program downloading protection method and device and mobile terminal |
| CN109271173B (en)* | 2018-09-18 | 2022-05-31 | 广州视源电子科技股份有限公司 | Platform application management method, device, storage medium and terminal device |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101079092A (en)* | 2001-11-26 | 2007-11-28 | 松下电器产业株式会社 | Terminal for application program authentication system and starting method for application program of the same |
| CN101175267A (en)* | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | Communication terminal and software detection method and device |
| CN101924820A (en)* | 2010-02-09 | 2010-12-22 | 宇龙计算机通信科技(深圳)有限公司 | A kind of method for downloading software, system and portable terminal |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101079092A (en)* | 2001-11-26 | 2007-11-28 | 松下电器产业株式会社 | Terminal for application program authentication system and starting method for application program of the same |
| CN101175267A (en)* | 2006-10-31 | 2008-05-07 | 华为技术有限公司 | Communication terminal and software detection method and device |
| CN101924820A (en)* | 2010-02-09 | 2010-12-22 | 宇龙计算机通信科技(深圳)有限公司 | A kind of method for downloading software, system and portable terminal |
| Publication number | Publication date |
|---|---|
| CN104158812A (en) | 2014-11-19 |
| Publication | Publication Date | Title |
|---|---|---|
| CN102136049B (en) | A security management method and system for terminal applications | |
| US8321949B1 (en) | Managing software run in a computing system | |
| US9235586B2 (en) | Reputation checking obtained files | |
| US9135433B2 (en) | Identifying reputation and trust information for software | |
| US10055231B1 (en) | Network-access partitioning using virtual machines | |
| KR101822322B1 (en) | Network connection method and user equipment | |
| US11042384B2 (en) | Managing the customizing of appliances | |
| CN103744686B (en) | Control method and the system of installation is applied in intelligent terminal | |
| US9680873B1 (en) | Trusted network detection | |
| CN107077565B (en) | A kind of configuration method and equipment of safety instruction information | |
| CN104239786B (en) | ROOT-free active defense configuration method and device | |
| US20200153711A1 (en) | Systems and methods for tracking overlay for saas applications | |
| CN110071924B (en) | Terminal-based big data analysis method and system | |
| CN104158812B (en) | A security control method and system for terminal applications | |
| JP2013065114A (en) | Control method of information processing system, control program of relay device and control program of client device | |
| CN102148831B (en) | A security control method and system for terminal applications | |
| Bastys et al. | Tracking Information Flow via Delayed Output: Addressing Privacy in IoT and Emailing Apps | |
| CN102164179A (en) | A network-based terminal application deployment method and system | |
| KR20150053080A (en) | System and method for blocking harmful information based on multi platforms | |
| US9251362B2 (en) | Medium for storing control program, client apparatus, and control method for client apparatus | |
| CN111666567A (en) | Detection method, device, computer program and medium for malicious modification of application program | |
| US20220121333A1 (en) | Systems and methods for live tiles for saas | |
| CN110795663A (en) | Webpage loading method and equipment | |
| CN106209746B (en) | Security service providing method and server | |
| CN112256308A (en) | Target application updating method and device |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right | Effective date of registration:20220726 Address after:Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after:BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before:100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before:BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before:Qizhi software (Beijing) Co.,Ltd. |