CN107169343A - A kind of method and terminal of control application program - Google Patents
A kind of method and terminal of control application program Download PDFInfo
- Publication number
- CN107169343A CN107169343A CN201710281466.7A CN201710281466A CN107169343A CN 107169343 A CN107169343 A CN 107169343A CN 201710281466 A CN201710281466 A CN 201710281466A CN 107169343 A CN107169343 A CN 107169343A
- Authority
- CN
- China
- Prior art keywords
- identity
- default application
- default
- proof
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000001629 sign test Methods 0.000 claims description 23
- 238000012795 verification Methods 0.000 description 25
- 230000003993 interaction Effects 0.000 description 12
- 238000003860 storage Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 6
- 230000004044 response Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000000151 deposition Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the invention discloses a kind of method and terminal of control application program, wherein, methods described includes:If detecting the predetermined registration operation that triggering starts the first default application, the mark of the described first default application is obtained;The information security grade of the described first default application is determined according to the mark of the described first default application;Proof of identity is carried out to the described first default application by the corresponding target operating environment of described information safe class;Wherein, the target operating environment is one of them at least two mutually isolated running environment, and the running environment is corresponded with safe root of trust;If proof of identity passes through, the described first default application is run by the target operating environment.The embodiment of the present invention can improve the safety and reliability of data in terminal.
Description
Technical field
The present invention relates to electronic technology field, more particularly to a kind of method and terminal of control application program.
Background technology
With various web application (Application, APP) popularization, user can be in the application city of terminal
The application program of oneself needs is carried and installed off field, so that the function of terminal extension.
As the application program installed in terminal is more and more, user is when using various application programs, and each application can be produced
Raw a large amount of interaction datas, the first application program may call the interaction data of the second application program.Wherein, interaction data may be wrapped
Include user and be not intended to the privacy information that others sees, for example, personal information, important information or sensitive information etc..
If the interaction data protection to each application program is improper, it is easy to cause the leakage of private information of user.
The content of the invention
The embodiment of the present invention provides a kind of method and terminal of control application program, it is possible to increase the safety of data in terminal
Property and reliability.
In a first aspect, the embodiments of the invention provide a kind of method for controlling application program, this method includes:
If detecting the predetermined registration operation that triggering starts the first default application, the mark of the described first default application is obtained;
The information security grade of the described first default application is determined according to the mark of the described first default application;
Proof of identity is carried out to the described first default application by the corresponding target operating environment of described information safe class;
Wherein, the target operating environment be at least two mutually isolated running environment in one of them, the running environment with
Safe root of trust is corresponded;
If proof of identity passes through, the described first default application is run by the target operating environment.
On the other hand, the embodiments of the invention provide a kind of terminal, the terminal includes:
Acquiring unit, if starting the predetermined registration operation of the first default application for detecting triggering, obtains described first pre-
If the mark of application;
Determining unit, the information security for determining the described first default application according to the mark of the described first default application
Grade;
Proof of identity unit, for default to described first by the corresponding target operating environment of described information safe class
Using progress proof of identity;Wherein, the target operating environment is wherein one at least two mutually isolated running environment
Individual, the running environment is corresponded with safe root of trust;
Control unit, if passing through for proof of identity, is answered by the way that target operating environment operation described first is default
With.
If the embodiment of the present invention starts the predetermined registration operation of the first default application by detecting triggering, described first is obtained
The mark of default application;The information security grade of the described first default application is determined according to the mark of the described first default application;
Proof of identity is carried out to the described first default application by the corresponding target operating environment of described information safe class;Wherein, institute
It is one of them at least two mutually isolated running environment to state target operating environment;If proof of identity passes through, pass through
The default application of the target operating environment operation described first.Due to detecting the default behaviour of the default application of triggering startup first
When making, when the default application of verification first allows the default application of operation for its corresponding target operating environment, transported by target
The default application of row environment operation first;When recognizing the first default application message and being maliciously tampered, it is pre- that terminal does not run first
If using, with prevent because operation be maliciously tampered information default application cause privacy information for revealing the default application.Eventually
End is by setting at least two mutually isolated running environment, and the default application of different information security grades operates at least two
Mutually isolated running environment, to prevent from carrying out data interaction between the different two or more application programs of information security grade
Period calls the privacy information of user, and causes the situation of information leakage, it is possible to increase the security of data and reliable in terminal
Property.
Brief description of the drawings
Technical scheme in order to illustrate the embodiments of the present invention more clearly, makes required in being described below to embodiment
Accompanying drawing is briefly described, it should be apparent that, drawings in the following description are some embodiments of the present invention, for ability
For the those of ordinary skill of domain, on the premise of not paying creative work, it can also be obtained according to these accompanying drawings other attached
Figure.
Fig. 1 is a kind of schematic flow diagram of the method for control application program provided in an embodiment of the present invention;
Fig. 2 is a kind of schematic flow diagram of the method for control application program that another embodiment of the present invention is provided;
Fig. 3 is a kind of schematic block diagram of terminal provided in an embodiment of the present invention;
Fig. 4 is a kind of terminal schematic block diagram that another embodiment of the present invention is provided;
Fig. 5 is a kind of terminal schematic block diagram that yet another embodiment of the invention is provided.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is a part of embodiment of the invention, rather than whole embodiments.Based on this hair
Embodiment in bright, the every other implementation that those of ordinary skill in the art are obtained under the premise of creative work is not made
Example, belongs to the scope of protection of the invention.
It should be appreciated that ought be in this specification and in the appended claims in use, term " comprising " and "comprising" be indicated
Described feature, entirety, step, operation, the presence of element and/or component, but be not precluded from one or more of the other feature, it is whole
Body, step, operation, element, component and/or its presence or addition for gathering.
It is also understood that the term used in this description of the invention is merely for the sake of the mesh for describing specific embodiment
And be not intended to limit the present invention.As used in description of the invention and appended claims, unless on
Other situations are hereafter clearly indicated, otherwise " one " of singulative, " one " and "the" are intended to include plural form.
It will be further appreciated that, the term "and/or" used in description of the invention and appended claims is
Refer to any combinations of one or more of the associated item listed and be possible to combination, and including these combinations.
As used in this specification and in the appended claims, term " if " can be according to context quilt
Be construed to " when ... " or " once " or " in response to determining " or " in response to detecting ".Similarly, phrase " if it is determined that " or
" if detecting [described condition or event] " can be interpreted to mean according to context " once it is determined that " or " in response to true
It is fixed " or " once detecting [described condition or event] " or " in response to detecting [described condition or event] ".
In the specific implementation, the terminal described in the embodiment of the present invention is including but not limited to such as with touch sensitive surface
The mobile phone, laptop computer or tablet PC of (for example, touch-screen display and/or touch pad) etc it is other just
Portable device.It is to be further understood that in certain embodiments, the equipment not portable communication device, but with touching
Touch the desktop computer of sensing surface (for example, touch-screen display and/or touch pad).
In discussion below, the terminal including display and touch sensitive surface is described.It is, however, to be understood that
It is that terminal can include one or more of the other physical user-interface device of such as physical keyboard, mouse and/or control-rod.
Terminal supports various application programs, such as one or more of following:Drawing application program, demonstration application journey
Sequence, word-processing application, website create application program, disk imprinting application program, spreadsheet applications, game application
Program, telephony application, videoconference application, email application, instant messaging applications, exercise
Support application program, photo management application program, digital camera application program, digital camera application program, web-browsing application
Program, digital music player application and/or video frequency player application program.
The various application programs that can be performed in terminal can use such as touch sensitive surface at least one is public
Physical user-interface device.It can adjust and/or change among applications and/or in corresponding application programs and touch sensitive table
The corresponding information shown in the one or more functions and terminal in face.So, the public physical structure of terminal is (for example, touch
Sensing surface) the various application programs with user interface directly perceived and transparent for a user can be supported.
Fig. 1 is referred to, Fig. 1 is a kind of schematic flow diagram of the method for control application program provided in an embodiment of the present invention.
The executive agent that the method for application program is controlled in the present embodiment is to have at least two mutually isolated operations in terminal, terminal
Environment, the different safe root of trust of each independent running environment correspondence.Terminal can be mobile eventually for mobile phone, tablet personal computer etc.
End.The method of control application program as shown in Figure 1 may include following steps:
S101:If detecting the predetermined registration operation that triggering starts the first default application, the described first default application is obtained
Mark.
Terminal is in normal work, when detecting the predetermined registration operation of the application of triggering startup first, according to the first application
Information judges whether the first application is default application, if the first application is default application, terminal recognition is touched to be currently detected
Hair starts the predetermined registration operation of the first default application, obtains the mark of the first default application.
Detecting the predetermined registration operation of the application of triggering startup first can be:Detect the application drawing that user clicks on the first application
Mark or click on the first peer link or interface applied in the interactive interface of other application.
Default application is the application that its information security is protected the need for being prestored in terminal, and the application can be to be related to use
The application of the privacy informations such as family personal information, important information or sensitive information.
The number of default application can be one, or at least two, not be limited herein.First default application
Mark can be the first default title applied.
S102:The information security grade of the described first default application is determined according to the mark of the described first default application.
Preset in terminal and store default application and the default corresponding relation of information security grade, terminal is default according to first
The default corresponding relation for identifying, presetting application and information security grade of application, determines that first presets the corresponding information peace of application
Congruent level.
Wherein, information security grade can be divided into common grade and severity level, can also set three or more
Information security grade, can specifically be configured according to actual needs.
S103:Identity is carried out to the described first default application by the corresponding target operating environment of described information safe class
Verification;Wherein, the target operating environment is one of them at least two mutually isolated running environment.
There are at least two mutually isolated running environment, the letter for the default application that each running environment is run in terminal
Cease safe class different.The different safe key root of each running environment correspondence, safe key root refers to depositing for storage root key
Storage area domain, safety chip is presently the most the place of safe storage key, so safety chip can be used as safe root of trust.
I.e. each running environment needs to rely on each self-corresponding safety chip as safe root of trust.
Wherein, the database (in the corresponding safety chip of running environment) of running environment, which preserves the running environment, allows fortune
The corresponding key root of capable all default applications, root key is used to allow the running environment the default application of operation to carry out identity
Verification.
Terminal determines that first presets the corresponding target operating environment of application according to the information security grade of the first default application,
It is determined that first it is default apply corresponding target operating environment when, obtain the first default application from the target operating environment corresponding
Root key, and proof of identity is carried out using the default application of the root secret key pair first got in target operating environment, to examine
Whether the first default application, which belongs to target operating environment, allows the default application of operation.
Wherein, running environment is corresponding with information security grade.When terminal only has two running environment, two different
Running environment allows the information security grade of the default application of operation different, and same running environment allows the default application run
Information security grade all same.When being provided with the running environment of 3 or more than 3 in terminal, each running environment allows fortune
The information security grade of capable default application is different, and same running environment allows information security of default application of operation etc.
Level can be with identical, can also different (now, same running environment allows the information security grade of the default application run to belong to
Same pre-set interval or preset range).
When the default application of terminal check first is that target operating environment allows the default application of operation, S104 is performed;
When the default application of terminal check first is not the default application that target operating environment is allowed, the first default application letter is identified as
Breath is maliciously tampered, and terminates this control flow, returns to S101.
S104:If proof of identity passes through, the described first default application is run by the target operating environment.
When the default application of terminal check first is that target operating environment allows the default application of operation, transported by target
The default application of row environment operation first.
It is understood that the interaction data that the default application of operation first is produced, which is stored in first, presets the corresponding mesh of application
Mark running environment.
Such scheme, if terminal detects the predetermined registration operation that triggering starts the first default application, obtains described first pre-
If the mark of application;The information security grade of the described first default application is determined according to the mark of the described first default application;It is logical
Cross described information safe class corresponding target operating environment and proof of identity is carried out to the described first default application;Wherein, it is described
Target operating environment is one of them at least two mutually isolated running environment;If proof of identity passes through, pass through institute
State the default application of target operating environment operation described first.Due to detecting the predetermined registration operation of the default application of triggering startup first
When, when the default application of verification first allows the default application of operation for its corresponding target operating environment, pass through object run
The default application of environment operation first;When recognizing the first default application message and being maliciously tampered, terminal is not run first and preset
Using, with prevent because operation be maliciously tampered information default application cause privacy information for revealing the default application.Terminal
By setting at least two mutually isolated running environment, the default application of different information security grades operates at least two phases
The running environment mutually isolated, to prevent from carrying out the data interaction phase between the different two or more application programs of information security grade
Between call the privacy information of user, and cause the situation of information leakage, it is possible to increase the safety and reliability of data in terminal.
Fig. 2 is referred to, Fig. 2 is a kind of exemplary flow of the method for control application program that another embodiment of the present invention is provided
Figure.The executive agent that the method for application program is controlled in the present embodiment is mutually isolated with least two in terminal, terminal
Running environment, the different safe root of trust of each independent running environment correspondence.Terminal can be mobile for mobile phone, tablet personal computer etc.
Terminal.The method of control application program as shown in Figure 2 may include following steps:
S201:If detecting the predetermined registration operation that triggering starts the first default application, the described first default application is obtained
Mark.
S201 is identical with the S101 of a upper embodiment in the present embodiment, specifically refers to the specific of S101 in an embodiment
Description, is not repeated herein.
S202:The information security grade of the described first default application is determined according to the mark of the described first default application.
Preset in terminal and store default application and the default corresponding relation of information security grade, terminal is default according to first
The default corresponding relation for identifying, presetting application and information security grade of application, determines that first presets the corresponding information peace of application
Congruent level.
Wherein, information security grade can be divided into common grade and severity level, can also set three or more
Information security grade, can specifically be configured according to actual needs.
S203:Identity is carried out to the described first default application by the corresponding target operating environment of described information safe class
Verification;Wherein, the target operating environment is one of them at least two mutually isolated running environment.
There are at least two mutually isolated running environment, the letter for the default application that each running environment is run in terminal
Cease safe class different.The different safe key root of each running environment correspondence, safe key root refers to depositing for storage root key
Storage area domain, safety chip is presently the most the place of safe storage key, so safety chip can be used as safe root of trust.
I.e. each running environment needs to rely on each self-corresponding safety chip as safe root of trust.
Wherein, the database (in the corresponding safety chip of running environment) of running environment, which preserves the running environment, allows fortune
The corresponding key root of capable all default applications, root key is used to allow the running environment the default application of operation to carry out identity
Verification.
Terminal determines that first presets the corresponding target operating environment of application according to the information security grade of the first default application,
It is determined that first it is default apply corresponding target operating environment when, obtain the first default application from the target operating environment corresponding
Root key, and proof of identity is carried out using the default application of the root secret key pair first got in target operating environment, to examine
Whether the first default application, which belongs to target operating environment, allows the default application of operation.
Wherein, running environment is corresponding with information security grade.When terminal only has two running environment, two different
Running environment allows the information security grade of the default application of operation different, and same running environment allows the default application run
Information security grade all same.When being provided with the running environment of 3 or more than 3 in terminal, each running environment allows fortune
The information security grade of capable default application is different, and same running environment allows information security of default application of operation etc.
Level can be with identical, can also different (now, same running environment allows the information security grade of the default application run to belong to
Same pre-set interval or preset range).
Below to include two safety chips in terminal, two safety chips correspond to two mutually isolated operation rings respectively
Illustrated exemplified by border.
For example, when the security information grade of the first default application is common grade, the corresponding object run ring of common grade
When border is the first running environment, terminal obtains the first corresponding key of default application from the first running environment, and first
Proof of identity is carried out using the default application of the root secret key pair first got in running environment;When the safety letter of the first default application
Breath grade is severity level, when the corresponding target operating environment of severity level is the second running environment, and terminal runs ring from second
The first corresponding key of default application is obtained in border, and it is pre- using the root secret key pair first got in the second running environment
If application carries out proof of identity.
Further, when being provided with the first running environment and the second running environment in terminal, S203 can include:
If the described first default application correspondence first information safe class, pre- to described first by the first running environment
If application carries out proof of identity;If described first the second information security grade of default application correspondence, passes through the second running environment
Proof of identity is carried out to the described first default application;Wherein, the first safe root of trust of first running environment correspondence, described the
Two running environment the second safe root of trust of correspondence.
Below to include two safety chips in terminal, two safety chips correspond to two mutually isolated operation rings respectively
Illustrated exemplified by border.(the first running environment relies on the first safe core to the first safe root of trust of first running environment correspondence
Piece), the second running environment the second safe root of trust (the second running environment relies on the second safety chip) of correspondence, the first operation ring
Border allow information security grade and the second running environment of the default application of operation allow operation default application information security
Grade is different.
For example, when the security information grade of the first default application is common grade, the corresponding object run ring of common grade
When border is the first running environment, terminal obtains the first corresponding key of default application from the first running environment, and first
Proof of identity is carried out using the default application of the root secret key pair first got in running environment, whether to examine the first default application
Belonging to the first running environment allows the default application of operation.It is that the first running environment is allowed to preset application when terminal check first
During the default application of operation, S204 is performed;When the default application of terminal check first be not the first running environment allowed it is default
Using when, be identified as the first default application message and be maliciously tampered, terminate this control flow, return to S201.
When the security information grade of the first default application is severity level, the corresponding target operating environment of severity level is the
During two running environment, terminal obtains the first corresponding key of default application from the second running environment, and runs ring second
Proof of identity is carried out using the default application of the root secret key pair first that gets in border, to examine whether the first default application belongs to the
Two running environment allow the default application of operation.When the default application of terminal check first is that the second running environment allows operation
It is default when applying, perform S204;When the default application of terminal check first is not the default application that the second running environment is allowed,
It is identified as the first default application message to be maliciously tampered, terminates this control flow, return to S201.
Further, S203 can include S2031~S2033:
S2031:The unique identity of the described first default application is obtained from the described first default application.
Further, the unique identity includes the bag name of the first default application or calculated by Message Digest 5
Obtained digital signature.
Terminal can preset associated documents (installation file or the operation applied according to the mark of the first default application from first
The associated documents that data are produced) the middle bag name for obtaining the first default application.
Terminal can also obtain Message Digest 5 (Message Digest Algorithm) from the first default application
Calculate obtained digital signature.Digital signature can be MD5 values.MD5 is Message Digest Algorithm 5.
Specifically, the developer of the first default application is before the default application of issue first, using Message Digest 5 the 5th
Version (Message Digest Algorithm, MD5) produces informative abstract for a segment information of the first default application, with to the
One default application is digitally signed, to prevent from being tampered.Terminal be mounted with first it is default apply when, can be default from first
MD5 values are obtained in the associated documents of application.
S2032:The described first default application is obtained from the database of the target operating environment corresponding default unique
Identity.
Default unique identity can be bag name or obtained numeral label are calculated by Message Digest 5
Name.
S2033:Compare the unique identity and the default unique identity of the carrying, so as to described first
Default application carries out proof of identity;Wherein, if the unique identity of the carrying is identical with the default unique identity,
Then the check results pass through for proof of identity;If the unique identity of the carrying and the default unique identity are not
Identical, then the check results fail for proof of identity.
Further, when the described first default application correspondence first key pair, first secret key pair includes the first public key
And first private key, the second secret key pair of the target operating environment correspondence, second secret key pair includes the second public key and the
During two private keys, S203 can include S2034~S2036:
S2034:First message is sent to close pipe server by the described first default application.
S2035:Receive the second message that the close pipe server is sent according to first message;Wherein, described second
Message presets corresponding first private key of application using described first by the close pipe server and first message is signed,
And the second public key of the use target operating environment is encrypted to first message after signature and obtained.
Wherein, first key pair and the terminal institute of all default applications have been prestored in the database of close pipe server
The key of the running environment of support is to (public key that can also only preserve the running environment that terminal is supported).
Close pipe server is when receiving the first message that terminal is sent by the first default application, and acquisition first is default should
First key pair, and the corresponding key pair of target operating environment is obtained, and using the first of the first default application
Private key is signed to the first message, and the first message after signature is carried out using target operating environment corresponding second public key
Encryption obtains the second message, and the second message is sent to terminal.
Close pipe server carries out signature to the first message using the first private key of the first default application and referred to, private using first
Key encrypts the wherein one piece of data of the first message.
S2036:Control the target operating environment using corresponding second private key of the target operating environment to described the
Two messages are decrypted, and corresponding first public key of the default application of use described first enters to second message after decryption
Row sign test.
Wherein, if second message carries out sign test success, it is identified as proof of identity and passes through;If second message enters
Row sign test fails, then is identified as proof of identity failure.
Terminal is obtained when receiving the second message that close pipe server is sent according to the first message from target operating environment
The first key pair of the first default application is taken, and obtains the second key pair of target operating environment, and control targe operation ring
The second message is decrypted using corresponding second private key of target operating environment for border.Terminal in the second message of successful decryption,
The message (the first message after signature) after close pipe server is signed using the first private key of the first default application is obtained, this
When, terminal presets corresponding first public key of application using first and carries out sign test to the second message after decryption.
Terminal presets application corresponding first public key using first and the second message progress sign test after decryption is specifically referred to:
Terminal presets corresponding first public key of application to the second message after decryption using first, decrypts and is serviced in the second message by close pipe
Device uses the data that the first private key is encrypted, to reduce the first message.
Terminal is when reducing the first message, by the first message of reduction and the first message by the first default application transmission
It is compared, if the first message of reduction is identical with the first message sent by the first default application, sign test success, terminal
The proof of identity for being identified as the first default application passes through.
Terminal is preset corresponding first public key of application using first and can not decrypted in the second message by the use of close pipe server
During the data that the first private key is encrypted, sign test failure is identified as the first default application message and is maliciously tampered, first it is default should
Proof of identity fails.
It is understood that because the unique identity of the first default application may also be tampered, terminal is being performed
When S2031~S2033 passes through to the first default application identity verification, S2034~S2036 is can also carry out, further to first
Default application carries out proof of identity, to improve the degree of accuracy of proof of identity.
It is understood that in the present embodiment, when being provided with the first running environment and the second running environment in terminal,
First running environment and the second running environment can carry out identity using identical identity verification method to the first default application
Verification, it would however also be possible to employ different identity verification methods is verified to the first default application.When the first running environment and
Two running environment are verified using different identity verification methods to the first default application, and the first running environment allows operation
When the information security grade of default application allows the information security grade of default application of operation higher than the second running environment, first
Running environment can perform S2031~S2033 and carry out proof of identity to the first default application, and the second running environment can be performed
S2034~S2036 applications default to first carry out proof of identity, or the second running environment can perform S2031~S2033 with
And S2034~S2036 carries out proof of identity to the first default application, can be specifically configured, not done according to actual conditions herein
Limitation.
S204:If proof of identity passes through, the described first default application is run by the target operating environment.
When the default application of terminal check first is that target operating environment allows the default application of operation, transported by target
The default application of row environment operation first.
It is understood that the interaction data that the default application of operation first is produced, which is stored in first, presets the corresponding mesh of application
Mark running environment.
Further, when being provided with the first running environment and the second running environment in terminal, S204 can include:If institute
State the first running environment and proof of identity is carried out to the described first default application, and proof of identity passes through, then is transported by described first
The default application of row environment operation described first;If second running environment carries out proof of identity to the described first default application,
And proof of identity passes through, then the described first default application is run by second running environment.
For example, when the default application of terminal check first is that the first running environment allows the default application of operation, passing through
The default application of first running environment operation first.The default application of terminal check first is that the second running environment allows the pre- of operation
If using when, pass through the default application of the second running environment operation first.
Such scheme, if terminal detects the predetermined registration operation that triggering starts the first default application, obtains described first pre-
If the mark of application;The information security grade of the described first default application is determined according to the mark of the described first default application;It is logical
Cross described information safe class corresponding target operating environment and proof of identity is carried out to the described first default application;Wherein, it is described
Target operating environment is one of them at least two mutually isolated running environment;If proof of identity passes through, pass through institute
State the default application of target operating environment operation described first.Due to detecting the predetermined registration operation of the default application of triggering startup first
When, when the default application of verification first allows the default application of operation for its corresponding target operating environment, pass through object run
The default application of environment operation first;When recognizing the first default application message and being maliciously tampered, terminal is not run first and preset
Using, with prevent because operation be maliciously tampered information default application cause privacy information for revealing the default application.Terminal
By setting at least two mutually isolated running environment, the default application of different information security grades operates at least two phases
The running environment mutually isolated, to prevent from carrying out the data interaction phase between the different two or more application programs of information security grade
Between call the privacy information of user, and cause the situation of information leakage, it is possible to increase the safety and reliability of data in terminal.
Terminal can carry out proof of identity using different identity verification methods to the first default application, to improve identity school
The degree of accuracy tested.
Referring to Fig. 3, Fig. 3 is a kind of schematic block diagram of terminal provided in an embodiment of the present invention.Terminal can be mobile phone, put down
The mobile terminals such as plate computer, but this is not limited to, it can also be other-end, not be limited herein.The terminal bag of the present embodiment
The each unit included is used to perform each step in the corresponding embodiments of Fig. 1, specifically refers to the corresponding embodiments of Fig. 1 and Fig. 1
In associated description, do not repeat herein.The terminal 300 of the present embodiment includes:Acquiring unit 310, determining unit 320, identity school
Verification certificate member 330 and control unit 340.
If acquiring unit 310 is used to detect the predetermined registration operation that triggering starts the first default application, described first is obtained
The mark of default application.
Determining unit 320 is used to determine that the information of the described first default application is pacified according to the mark of the described first default application
Congruent level.
Proof of identity unit 330 is used for pre- to described first by the corresponding target operating environment of described information safe class
If application carries out proof of identity;Wherein, the target operating environment be at least two mutually isolated running environment in wherein
One, the running environment is corresponded with safe root of trust.
If control unit 340 passes through for proof of identity, run described first by the target operating environment and preset
Using.
Such scheme, if terminal detects the predetermined registration operation that triggering starts the first default application, obtains described first pre-
If the mark of application;The information security grade of the described first default application is determined according to the mark of the described first default application;It is logical
Cross described information safe class corresponding target operating environment and proof of identity is carried out to the described first default application;Wherein, it is described
Target operating environment is one of them at least two mutually isolated running environment;If proof of identity passes through, pass through institute
State the default application of target operating environment operation described first.Due to detecting the predetermined registration operation of the default application of triggering startup first
When, when the default application of verification first allows the default application of operation for its corresponding target operating environment, pass through object run
The default application of environment operation first;When recognizing the first default application message and being maliciously tampered, terminal is not run first and preset
Using, with prevent because operation be maliciously tampered information default application cause privacy information for revealing the default application.Terminal
By setting at least two mutually isolated running environment, the default application of different information security grades operates at least two phases
The running environment mutually isolated, to prevent from carrying out the data interaction phase between the different two or more application programs of information security grade
Between call the privacy information of user, and cause the situation of information leakage, it is possible to increase the safety and reliability of data in terminal.
Referring to Fig. 4, Fig. 4 is a kind of schematic block diagram for terminal that another embodiment of the present invention is provided.Terminal can be hand
The mobile terminals such as machine, tablet personal computer, but this is not limited to, it can also be other-end, not be limited herein.The end of the present embodiment
Hold each unit included to be used to perform each step in the corresponding embodiments of Fig. 2, specifically refer to the corresponding realities of Fig. 2 and Fig. 2
The associated description in example is applied, is not repeated herein.The terminal 400 of the present embodiment includes:Acquiring unit 410, determining unit 420, body
Part verification unit 430 and control unit 440.Proof of identity unit 430 can include:It is identity acquiring unit 431, default
Identity acquiring unit 432 and comparing unit 433.Proof of identity unit 430 can also include:Packet sending unit 434,
Message receiving unit 435 and sign test unit 436.
If acquiring unit 410 is used to detect the predetermined registration operation that triggering starts the first default application, described first is obtained
The mark of default application.
Determining unit 420 is used to determine that the information of the described first default application is pacified according to the mark of the described first default application
Congruent level.
Proof of identity unit 430 is used for pre- to described first by the corresponding target operating environment of described information safe class
If application carries out proof of identity;Wherein, the target operating environment be at least two mutually isolated running environment in wherein
One, the running environment is corresponded with safe root of trust.
Further, when the running environment number be two when, proof of identity unit 430 specifically for:If described
First default application correspondence first information safe class, then carry out identity by the first running environment to the described first default application
Verification;If described first the second information security grade of default application correspondence, default to described first by the second running environment
Using progress proof of identity;Wherein, the first safe root of trust of the first running environment correspondence, the second running environment correspondence
Second safe root of trust.
Further, proof of identity unit 430 can include:Identity acquiring unit 431, default identity are obtained
Unit 432 and comparing unit 433;
Identity acquiring unit 431, for obtaining the described first default application only from the described first default application
One identity;
Alternatively, the unique identity includes the bag name of the first default application or calculated by Message Digest 5
The digital signature arrived;
Default identity acquiring unit 432:For obtaining described first from the database of the target operating environment
It is default to apply corresponding default unique identity;
Comparing unit 433, unique identity and the default unique identity for comparing the carrying, so that
Proof of identity is carried out to the described first default application;
Wherein, if the unique identity of the carrying is identical with the default unique identity, it is identified as identity
Verification passes through;If the unique identity of the carrying is differed with the default unique identity, identity school is identified as
Test failure.
Further, the described first default application correspondence first key pair, first secret key pair include the first public key with
And first private key, the second secret key pair of the target operating environment correspondence, second secret key pair includes the second public key and second
Private key;Proof of identity unit 430 can also include:Packet sending unit 434, message receiving unit 435 and sign test unit
436;
Packet sending unit 434, for sending the first message to close pipe server by the described first default application;
Message receiving unit 435, for receiving the second message that the close pipe server is sent according to first message;
Wherein, second message presets corresponding first private key of application to described first by the close pipe server using described first
Message is signed, and first message after signature is encrypted using the second public key of the target operating environment
Arrive;
Sign test unit 436, for controlling the target operating environment using corresponding second private of the target operating environment
Second message is decrypted key, and using corresponding first public key of the described first default application to described in after decryption
Second message carries out sign test;
Wherein, if sign test success, is identified as proof of identity and passes through;If sign test fails, proof of identity failure is identified as.
If control unit 440 passes through for proof of identity, run described first by the target operating environment and preset
Using.
Further, when the running environment number be two when, control unit 440 specifically for:If described first
Running environment carries out proof of identity to the described first default application, and proof of identity passes through, then passes through first running environment
Run the described first default application;If second running environment carries out proof of identity, and identity to the described first default application
Verification passes through, then runs the described first default application by second running environment.
Such scheme, if terminal detects the predetermined registration operation that triggering starts the first default application, obtains described first pre-
If the mark of application;The information security grade of the described first default application is determined according to the mark of the described first default application;It is logical
Cross described information safe class corresponding target operating environment and proof of identity is carried out to the described first default application;Wherein, it is described
Target operating environment is one of them at least two mutually isolated running environment;If proof of identity passes through, pass through institute
State the default application of target operating environment operation described first.Due to detecting the predetermined registration operation of the default application of triggering startup first
When, when the default application of verification first allows the default application of operation for its corresponding target operating environment, pass through object run
The default application of environment operation first;When recognizing the first default application message and being maliciously tampered, terminal is not run first and preset
Using, with prevent because operation be maliciously tampered information default application cause privacy information for revealing the default application.Terminal
By setting at least two mutually isolated running environment, the default application of different information security grades operates at least two phases
The running environment mutually isolated, to prevent from carrying out the data interaction phase between the different two or more application programs of information security grade
Between call the privacy information of user, and cause the situation of information leakage, it is possible to increase the safety and reliability of data in terminal.
Terminal can carry out proof of identity using different identity verification methods to the first default application, to improve identity school
The degree of accuracy tested.
Referring to Fig. 5, Fig. 5 is a kind of terminal schematic block diagram that yet another embodiment of the invention is provided.This reality as depicted
The terminal 500 applied in example can include:One or more processors 510;One or more input equipments 520, it is one or more
Output equipment 530 and memory 540.Above-mentioned processor 510, input equipment 520, output equipment 530 and memory 540 are by total
Line 550 is connected.
Memory 540 is instructed for storage program.
The programmed instruction that processor 510 is used to be stored according to memory 540 performs following operate:
If processor 510 is used to detect the predetermined registration operation that triggering starts the first default application, described first is obtained pre-
If the mark of application.
Processor 510 is additionally operable to determine the information peace of the described first default application according to the mark of the described first default application
Congruent level.
Processor 510 is additionally operable to answer by the way that the corresponding target operating environment of described information safe class is default to described first
With carrying out proof of identity;Wherein, the target operating environment is one of them at least two mutually isolated running environment,
The running environment is corresponded with safe root of trust.
Pass through if processor 510 is additionally operable to proof of identity, run described first by the target operating environment and preset
Using.
Alternatively, the number of the running environment be two, processor 510 specifically for:If the described first default application
Correspondence first information safe class, then carry out proof of identity, if identity by the first running environment to the described first default application
Verification passes through, then runs the described first default application by first running environment;If the described first default application correspondence the
Two information security grades, then carry out proof of identity, if proof of identity is logical by the second running environment to the described first default application
Cross, then the described first default application is run by second running environment;Wherein, the first running environment correspondence first is pacified
Full root of trust, the second safe root of trust of the second running environment correspondence.
Alternatively, processor 510 specifically for:The described first default application is obtained from the described first default application only
One identity;Described first is obtained from the database of the target operating environment and presets the corresponding default unique identities of application
Mark;Compare the unique identity and the default unique identity of the carrying, so as to the described first default application
Carry out proof of identity;Wherein, if the unique identity of the carrying is identical with the default unique identity, it is identified as
Proof of identity passes through;If the unique identity of the carrying is differed with the default unique identity, body is identified as
Part verification failure.
Alternatively, the described first default application correspondence first key pair, first secret key pair include the first public key and
First private key, the second secret key pair of the target operating environment correspondence, second secret key pair includes the second public key and the second private
Key;
Processor 510 is additionally operable to:First message is sent to close pipe server by the described first default application;Receive described
The second message that close pipe server is sent according to first message;Wherein, second message is adopted by the close pipe server
Corresponding first private key of application is preset with described first to sign to first message, and uses the target operating environment
The second public key first message after signature be encrypted obtained;The target operating environment is controlled to use the target
Second message is decrypted corresponding second private key of running environment, and using the described first default application corresponding the
One public key carries out sign test to second message after decryption;Wherein, if sign test success, is identified as proof of identity and passes through;If
Sign test fails, then is identified as proof of identity failure.
Alternatively, the unique identity includes the bag name of the first default application or calculated by Message Digest 5
The digital signature arrived.
Such scheme, if terminal detects the predetermined registration operation that triggering starts the first default application, obtains described first pre-
If the mark of application;The information security grade of the described first default application is determined according to the mark of the described first default application;It is logical
Cross described information safe class corresponding target operating environment and proof of identity is carried out to the described first default application;Wherein, it is described
Target operating environment is one of them at least two mutually isolated running environment;If proof of identity passes through, pass through institute
State the default application of target operating environment operation described first.Due to detecting the predetermined registration operation of the default application of triggering startup first
When, when the default application of verification first allows the default application of operation for its corresponding target operating environment, pass through object run
The default application of environment operation first;When recognizing the first default application message and being maliciously tampered, terminal is not run first and preset
Using, with prevent because operation be maliciously tampered information default application cause privacy information for revealing the default application.Terminal
By setting at least two mutually isolated running environment, the default application of different information security grades operates at least two phases
The running environment mutually isolated, to prevent from carrying out the data interaction phase between the different two or more application programs of information security grade
Between call the privacy information of user, and cause the situation of information leakage, it is possible to increase the safety and reliability of data in terminal.
Terminal can carry out proof of identity using different identity verification methods to the first default application, to improve identity school
The degree of accuracy tested.
It should be appreciated that in embodiments of the present invention, alleged processor 510 can be CPU (Central
Processing Unit, CPU), the processor can also be other general processors, digital signal processor (Digital
Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit,
ASIC), ready-made programmable gate array (Field-Programmable Gate Array, FPGA) or other FPGAs
Device, discrete gate or transistor logic, discrete hardware components etc..General processor can be microprocessor or this at
It can also be any conventional processor etc. to manage device.
Input equipment 520 can include Trackpad, fingerprint adopt sensor (finger print information that is used to gathering user and fingerprint
Directional information), microphone etc., output equipment 530 can include display (LCD etc.), loudspeaker etc..
The memory 540 can include read-only storage and random access memory, and to processor 510 provide instruction and
Data.The a part of of memory 540 can also include nonvolatile RAM.For example, memory 540 can also be deposited
Store up the information of device type.
In the specific implementation, processor 510, input equipment 520, the output equipment 530 described in the embodiment of the present invention can
Perform the reality described in the first embodiment and second embodiment of the method for control application program provided in an embodiment of the present invention
Existing mode, also can perform the implementation of the terminal described by the embodiment of the present invention, will not be repeated here.
Those of ordinary skill in the art are it is to be appreciated that the list of each example described with reference to the embodiments described herein
Member and algorithm steps, can be realized with electronic hardware, computer software or the combination of the two, in order to clearly demonstrate hardware
With the interchangeability of software, the composition and step of each example are generally described according to function in the above description.This
A little functions are performed with hardware or software mode actually, depending on the application-specific and design constraint of technical scheme.Specially
Industry technical staff can realize described function to each specific application using distinct methods, but this realization is not
It is considered as beyond the scope of this invention.
It is apparent to those skilled in the art that, for convenience of description and succinctly, the end of foregoing description
End and the specific work process of unit, may be referred to the corresponding process in preceding method embodiment, will not be repeated here.
, can be by it in several embodiments provided herein, it should be understood that disclosed terminal and method
Its mode is realized.For example, device embodiment described above is only schematical, for example, the division of the unit, only
Only a kind of division of logic function, can there is other dividing mode when actually realizing, such as multiple units or component can be tied
Another system is closed or is desirably integrated into, or some features can be ignored, or do not perform.In addition, shown or discussed phase
Coupling or direct-coupling or communication connection between mutually can be INDIRECT COUPLING or the communication by some interfaces, device or unit
Connection or electricity, mechanical or other forms are connected.
Step in present invention method can be sequentially adjusted, merged and deleted according to actual needs.
Unit in terminal of the embodiment of the present invention can be combined, divided and deleted according to actual needs.
The unit illustrated as separating component can be or may not be it is physically separate, it is aobvious as unit
The part shown can be or may not be physical location, you can with positioned at a place, or can also be distributed to multiple
On NE.Some or all of unit therein can be selected to realize scheme of the embodiment of the present invention according to the actual needs
Purpose.
In addition, each functional unit in each embodiment of the invention can be integrated in a processing unit, can also
It is that unit is individually physically present or two or more units are integrated in a unit.It is above-mentioned integrated
Unit can both be realized in the form of hardware, it would however also be possible to employ the form of SFU software functional unit is realized.
If the integrated unit is realized using in the form of SFU software functional unit and as independent production marketing or used
When, it can be stored in a computer read/write memory medium.Understood based on such, technical scheme is substantially
The part contributed in other words to prior art, or all or part of the technical scheme can be in the form of software product
Embody, the computer software product is stored in a storage medium, including some instructions are to cause a computer
Equipment (can be personal computer, server, or network equipment etc.) performs the complete of each embodiment methods described of the invention
Portion or part steps.And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only
Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc. are various can store journey
The medium of sequence code.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, various equivalent modifications can be readily occurred in or replaced
Change, these modifications or substitutions should be all included within the scope of the present invention.Therefore, protection scope of the present invention should be with right
It is required that protection domain be defined.
Claims (10)
1. a kind of method for controlling application program, it is characterised in that methods described includes:
If detecting the predetermined registration operation that triggering starts the first default application, the mark of the described first default application is obtained;
The information security grade of the described first default application is determined according to the mark of the described first default application;
Proof of identity is carried out to the described first default application by the corresponding target operating environment of described information safe class;Its
In, the target operating environment is one of them at least two mutually isolated running environment, the running environment and peace
Full root of trust is corresponded;
If proof of identity passes through, the described first default application is run by the target operating environment.
2. according to the method described in claim 1, it is characterised in that the number of the running environment is two, described to pass through institute
State information security grade corresponding target operating environment and proof of identity is carried out to the described first default application, including:
If the described first default application correspondence first information safe class, answered by the way that the first running environment is default to described first
With carrying out proof of identity;
If described first the second information security grade of default application correspondence, answered by the way that the second running environment is default to described first
With carrying out proof of identity;Wherein, the first safe root of trust of first running environment correspondence, the second running environment correspondence the
Two safe root of trusts;
If the proof of identity passes through, the described first default application is run by the target operating environment, including:
If first running environment carries out proof of identity to the described first default application, and proof of identity passes through, then passes through institute
State the default application of the first running environment operation described first;
If second running environment carries out proof of identity to the described first default application, and proof of identity passes through, then passes through institute
State the default application of the second running environment operation described first.
3. method according to claim 1 or 2, it is characterised in that described to pass through the corresponding mesh of described information safe class
Mark running environment carries out proof of identity to the described first default application to be included:
The unique identity of the described first default application is obtained from the described first default application;
Described first is obtained from the database of the target operating environment and presets the corresponding default unique identity of application;
Compare the unique identity of the carrying and the default unique identity, thus it is default to described first apply into
Row proof of identity;
Wherein, if the unique identity of the carrying is identical with the default unique identity, it is identified as proof of identity
Pass through;If the unique identity of the carrying is differed with the default unique identity, proof of identity mistake is identified as
Lose.
4. method according to claim 3, it is characterised in that the described first default application correspondence first key pair, described
First secret key pair includes the first public key and the first private key, and the target operating environment corresponds to the second secret key pair, and described second is secret
Key is to including the second public key and the second private key;
It is described that proof of identity is carried out to the described first default application by the corresponding target operating environment of described information safe class
Including:
First message is sent to close pipe server by the described first default application;
Receive the second message that the close pipe server is sent according to first message;Wherein, second message is by described
Close pipe server presets corresponding first private key of application using described first and first message is signed, and using described
Second public key of target operating environment is encrypted to first message after signature and obtained;
The target operating environment is controlled to be carried out using corresponding second private key of the target operating environment to second message
Decryption, and corresponding first public key of application is preset to second message progress sign test after decryption using described first;
Wherein, if sign test success, is identified as proof of identity and passes through;If sign test fails, proof of identity failure is identified as.
5. method according to claim 3, it is characterised in that the unique identity includes the bag of the first default application
Name calculates obtained digital signature by Message Digest 5.
6. a kind of terminal, it is characterised in that the terminal includes:
Acquiring unit, if starting the predetermined registration operation of the first default application for detecting triggering, obtain described first it is default should
Mark;
Determining unit, information security for determining the described first default application according to the mark of the described first default application etc.
Level;
Proof of identity unit, for being applied by the way that the corresponding target operating environment of described information safe class is default to described first
Carry out proof of identity;Wherein, the target operating environment is one of them at least two mutually isolated running environment, institute
Running environment is stated to correspond with safe root of trust;
Control unit, if passing through for proof of identity, the described first default application is run by the target operating environment.
7. terminal according to claim 6, it is characterised in that the number of the running environment is two,
The proof of identity unit specifically for:If the described first default application correspondence first information safe class, by the
One running environment carries out proof of identity to the described first default application;If described first second information security of default application correspondence etc.
Level, then carry out proof of identity by the second running environment to the described first default application;Wherein, the first running environment correspondence
First safe root of trust, the second safe root of trust of the second running environment correspondence;
Described control unit specifically for:If first running environment carries out proof of identity to the described first default application, and
Proof of identity passes through, then runs the described first default application by first running environment;If second running environment pair
Described first default application carries out proof of identity, and proof of identity passes through, then runs described the by second running environment
One default application.
8. the terminal according to claim 6 or 7, it is characterised in that the proof of identity unit includes:
Identity acquiring unit, the unique identities mark for obtaining the described first default application from the described first default application
Know;
Default identity acquiring unit:For obtaining the described first default application from the database of the target operating environment
Corresponding default unique identity;
Comparing unit, unique identity and the default unique identity for comparing the carrying, so as to described
First default application carries out proof of identity;
Wherein, if the unique identity of the carrying is identical with the default unique identity, it is identified as proof of identity
Pass through;If the unique identity of the carrying is differed with the default unique identity, proof of identity mistake is identified as
Lose.
9. terminal according to claim 8, it is characterised in that the described first default application correspondence first key pair, described
First secret key pair includes the first public key and the first private key, and the target operating environment corresponds to the second secret key pair, and described second is secret
Key is to including the second public key and the second private key;
The proof of identity unit also includes:
Packet sending unit, for sending the first message to close pipe server by the described first default application;
Message receiving unit, for receiving the second message that the close pipe server is sent according to first message;Wherein, institute
The second message is stated to enter first message using corresponding first private key of the described first default application by the close pipe server
Go and sign, and use the second public key of the target operating environment that first message after signature is encrypted and obtain;
Sign test unit, for controlling the target operating environment using corresponding second private key of the target operating environment to described
Second message is decrypted, and presets corresponding first public key of application to second message after decryption using described first
Carry out sign test;
Wherein, if sign test success, is identified as proof of identity and passes through;If sign test fails, proof of identity failure is identified as.
10. terminal according to claim 8, it is characterised in that the unique identity includes the first default application
Bag name calculates obtained digital signature by Message Digest 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710281466.7A CN107169343A (en) | 2017-04-25 | 2017-04-25 | A kind of method and terminal of control application program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710281466.7A CN107169343A (en) | 2017-04-25 | 2017-04-25 | A kind of method and terminal of control application program |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107169343A true CN107169343A (en) | 2017-09-15 |
Family
ID=59812305
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710281466.7A Withdrawn CN107169343A (en) | 2017-04-25 | 2017-04-25 | A kind of method and terminal of control application program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107169343A (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107919960A (en) * | 2017-12-04 | 2018-04-17 | 北京深思数盾科技股份有限公司 | The authentication method and system of a kind of application program |
| CN108595942A (en) * | 2018-04-12 | 2018-09-28 | Oppo广东移动通信有限公司 | Application program safety control method and device, mobile terminal and storage medium |
| CN108846310A (en) * | 2018-04-28 | 2018-11-20 | Oppo广东移动通信有限公司 | Image processing method, device, electronic equipment and computer readable storage medium |
| CN108985255A (en) * | 2018-08-01 | 2018-12-11 | Oppo广东移动通信有限公司 | Data processing method, device, computer readable storage medium and electronic equipment |
| CN108985062A (en) * | 2018-07-06 | 2018-12-11 | Oppo(重庆)智能科技有限公司 | File transfer control method, device and equipment |
| WO2019205888A1 (en) * | 2018-04-28 | 2019-10-31 | Oppo广东移动通信有限公司 | Image processing method and apparatus, electronic device, and storage medium |
| CN112905258A (en) * | 2021-02-05 | 2021-06-04 | 杭州天宽科技有限公司 | Mobile terminal application safety starting method |
| US11157605B2 (en) | 2018-04-12 | 2021-10-26 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Security control method and device of application, and electronic device |
| US11373445B2 (en) | 2018-08-01 | 2022-06-28 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method and apparatus for processing data, and computer readable storage medium |
| CN119004422A (en) * | 2024-08-08 | 2024-11-22 | 北京建恒信安科技有限公司 | Hierarchical identity verification method and device and electronic equipment |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104102876A (en) * | 2014-07-17 | 2014-10-15 | 北京握奇智能科技有限公司 | Device for safeguarding operational security of client side |
| CN104537537A (en) * | 2014-12-24 | 2015-04-22 | 深圳市小兵智能科技有限公司 | Safety payment method based on Android system |
-
2017
- 2017-04-25 CN CN201710281466.7A patent/CN107169343A/en not_active Withdrawn
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104102876A (en) * | 2014-07-17 | 2014-10-15 | 北京握奇智能科技有限公司 | Device for safeguarding operational security of client side |
| CN104537537A (en) * | 2014-12-24 | 2015-04-22 | 深圳市小兵智能科技有限公司 | Safety payment method based on Android system |
Cited By (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107919960A (en) * | 2017-12-04 | 2018-04-17 | 北京深思数盾科技股份有限公司 | The authentication method and system of a kind of application program |
| CN108595942B (en) * | 2018-04-12 | 2019-12-10 | Oppo广东移动通信有限公司 | Application security control method, device, mobile terminal, and storage medium |
| CN108595942A (en) * | 2018-04-12 | 2018-09-28 | Oppo广东移动通信有限公司 | Application program safety control method and device, mobile terminal and storage medium |
| US11157605B2 (en) | 2018-04-12 | 2021-10-26 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Security control method and device of application, and electronic device |
| CN112668547A (en) * | 2018-04-28 | 2021-04-16 | Oppo广东移动通信有限公司 | Image processing method, image processing device, electronic equipment and computer readable storage medium |
| WO2019205888A1 (en) * | 2018-04-28 | 2019-10-31 | Oppo广东移动通信有限公司 | Image processing method and apparatus, electronic device, and storage medium |
| CN108846310B (en) * | 2018-04-28 | 2021-02-02 | Oppo广东移动通信有限公司 | Image processing method, image processing device, electronic equipment and computer readable storage medium |
| CN108846310A (en) * | 2018-04-28 | 2018-11-20 | Oppo广东移动通信有限公司 | Image processing method, device, electronic equipment and computer readable storage medium |
| CN108985062A (en) * | 2018-07-06 | 2018-12-11 | Oppo(重庆)智能科技有限公司 | File transfer control method, device and equipment |
| CN108985062B (en) * | 2018-07-06 | 2020-12-15 | Oppo(重庆)智能科技有限公司 | File transmission control method, device and equipment |
| CN108985255A (en) * | 2018-08-01 | 2018-12-11 | Oppo广东移动通信有限公司 | Data processing method, device, computer readable storage medium and electronic equipment |
| CN108985255B (en) * | 2018-08-01 | 2021-05-18 | Oppo广东移动通信有限公司 | Data processing method and device, computer readable storage medium and electronic equipment |
| US11373445B2 (en) | 2018-08-01 | 2022-06-28 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method and apparatus for processing data, and computer readable storage medium |
| CN112905258A (en) * | 2021-02-05 | 2021-06-04 | 杭州天宽科技有限公司 | Mobile terminal application safety starting method |
| CN119004422A (en) * | 2024-08-08 | 2024-11-22 | 北京建恒信安科技有限公司 | Hierarchical identity verification method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107169343A (en) | A kind of method and terminal of control application program | |
| CN107704765A (en) | A kind of interface access method, server and computer-readable recording medium | |
| CN107480519A (en) | A kind of method and server for identifying risk application | |
| CN107786328A (en) | A kind of method, service node device and computer-readable medium for generating key | |
| CN108171025B (en) | Method for realizing multi-user login mode, terminal and computer readable storage medium | |
| CN106778130B (en) | Message display method, display device and mobile terminal | |
| CN107358114A (en) | A kind of method and terminal for preventing user data loss | |
| CN107038369A (en) | The method and terminal of a kind of resources accessing control | |
| CN101398875A (en) | Software publisher trust extension application | |
| CN106357672A (en) | Login method and terminal | |
| CN107466031A (en) | A kind of method and terminal for protecting data | |
| CN107612901A (en) | One kind applies encryption method and terminal | |
| CN107086984A (en) | A kind of method, terminal and server for obtaining and generating identifying code | |
| CN106355059A (en) | Password input method and terminal | |
| CN107592636A (en) | A kind of method of processing information, terminal and server | |
| CN106815518B (en) | Application installation method and electronic equipment | |
| CN107608724A (en) | A kind of method, terminal and computer-readable recording medium for managing application program | |
| CN106603510A (en) | Data processing method and terminal | |
| CN107370872A (en) | Method, terminal and the control device of a kind of terminal lock machine and control terminal lock machine | |
| CN106686585A (en) | Binding method and system | |
| CN106209853A (en) | The login method of a kind of application program and terminal | |
| CN107864039A (en) | A kind of application signature method, terminal and computer-readable recording medium | |
| CN106446683A (en) | Detection method for malignant program and terminal | |
| CN108229210A (en) | A kind of method, terminal and computer readable storage medium for protecting data | |
| CN106657574A (en) | SOS method and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WW01 | Invention patent application withdrawn after publication | ||
| WW01 | Invention patent application withdrawn after publication |
Application publication date: 20170915 |