CN104866761B - A kind of high security Android intelligent terminal - Google Patents
A kind of high security Android intelligent terminal Download PDFInfo
- Publication number
- CN104866761B CN104866761B CN201510292398.5A CN201510292398A CN104866761B CN 104866761 B CN104866761 B CN 104866761B CN 201510292398 A CN201510292398 A CN 201510292398A CN 104866761 B CN104866761 B CN 104866761B
- Authority
- CN
- China
- Prior art keywords
- unit
- program
- application
- loading
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000001514 detection method Methods 0.000 claims abstract description 42
- 238000011084 recovery Methods 0.000 claims abstract description 6
- 230000009471 action Effects 0.000 claims description 21
- 230000005540 biological transmission Effects 0.000 claims description 13
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 238000006243 chemical reaction Methods 0.000 claims description 9
- 238000013500 data storage Methods 0.000 claims description 9
- 230000003993 interaction Effects 0.000 claims description 6
- 238000005192 partition Methods 0.000 claims description 5
- 239000002131 composite material Substances 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 238000009434 installation Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000004888 barrier function Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6281—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The unauthorized application program that the high security Android intelligent terminal of the present invention includes setting gradually illegally loads detection unit, application program operation authentication unit, internal sensitive data secret unit, data space arrangement unit and data recovery unit;By the setting of each unit, the application program and internal storage data in Android operation system are effectively protected, equipment loss is reduced, improves user experience.
Description
Technical Field
The invention relates to the field of mobile communication, in particular to a high-security android intelligent terminal.
Background
Along with the popularization and the performance increase of mobile equipment (intelligent terminals and tablet computers), the application on the mobile equipment is more and more, the range is wider and wider, and the mobile equipment not only relates to entertainment and tools, but also has the application of internet banking and the like. Protection of software programs and protection of private data in mobile devices is also becoming increasingly important.
Because a large amount of user privacy information is stored in the intelligent terminal, a large amount of fraudulent application programs are attracted to be sprayed into an application program market, and the privacy information of the user is stolen; in addition, the supervision and management system and the detection method of each application program market are not complete, and the application programs cannot be screened for fraudulence, so that a large amount of private information of users is leaked, and users of the application programs suffer great loss.
In the prior art, the protection of the mobile application program is only limited in the aspect of the installation flow of the software, which hardly causes barriers to crackers. At present, an effective protection scheme for protecting an application program and memory data in an android operating system is lacked. Therefore, a technical scheme for providing corresponding android operating system application programs and internal data for security protection is urgently needed.
Disclosure of Invention
The purpose of the invention is realized by the following technical scheme.
According to the embodiment of the invention, the high-security android intelligent terminal is provided, and comprises an unauthorized application program illegal loading detection unit, an application program operation authentication unit, an internal sensitive data confidentiality unit, a data space arrangement unit and a data restoration unit which are sequentially arranged; wherein,
the unauthorized application program illegal loading detection unit is used for detecting unauthorized application program illegal loading;
the application program operation authentication unit is used for authenticating when the application program in the intelligent terminal is operated;
the internal sensitive data security unit is used for the security processing of internal sensitive data which can be called by an application program;
the data space arrangement unit is used for managing data read-write storage space; and
the data recovery unit is used for recovering data of the android operating system.
According to an embodiment of the present invention, the unauthorized application illegal loading detection unit includes: the system comprises a program nonstandard detection unit, a first interaction unit, a pre-analysis unit, an action registration unit, a self-adaptive reaction unit and a second transmission unit; wherein,
the program nonstandard detection unit is used for detecting abnormal phenomena in the intelligent terminal;
the pre-analysis unit is used for acquiring application program information installed in an intelligent terminal where the system is located, and establishing a program group to be judged through operation of a database for pre-classified illegal actions;
the unauthorized application program illegal loading detection unit calls a detection result of the program non-standard detection unit through the first interaction unit, and the obtained non-standard detection result is sent to the action registration unit;
the action registration unit compares the abnormal phenomenon detected by the nonstandard detection unit of the android operating system program with the action in the program group to be judged;
the action registration unit compares the abnormal phenomenon detected by the program non-standard detection unit with the action in the program group to be judged, which is completed by the pre-analysis unit in the initialization stage, obtains the operation authority related to the abnormal phenomenon, then takes out the programs corresponding to the operation authority from the program group to be judged, finally carries out corresponding processing on information according to the difference of the obtained program number, and directly enters the self-adaptive reaction unit as an illegal program to execute corresponding operation if only one program is obtained and is compared as the program to be judged, namely, the self-adaptive reaction unit determines the corresponding type according to the illegal level in the comparison information; otherwise, the information of the program to be judged is sent to the safety center server through the second transmission unit for further judgment, and the program to be judged is handed to the safety center server for passive analysis.
According to a further embodiment of the present invention, the unauthorized application illegal loading detection unit may further include an operation permission determination unit and a first prompt unit, where the operation permission determination unit takes out an application containing a power-on automatic operation permission from an installed application, displays information of the applications to a user in a prompt form, and allows the user to select a program trusted as safe, and then removes the safe program selected by the user from the group of programs to be determined, so that subsequent determination is not performed.
According to one embodiment of the present invention, the application execution authentication unit includes: an identification code obtaining unit, a key obtaining unit, a first encryption unit, a second encryption unit, and an authentication request transmitting unit.
According to an embodiment of the invention, the internal sensitive data securing unit comprises: a rights file establishing unit, an independent control unit, and a determining unit, wherein,
the authority file establishing unit is used for establishing an authority file for storing an application authority record table at the lowest layer of the android operating system and storing the sensitive data in the application authority record table in a classified manner;
the independent control unit is used for generating an independent application programming interface at the lowest layer of the android operating system and setting the content of the application authority record table through the independent application programming interface;
and the determining unit is used for determining whether the application has the authority to acquire the sensitive data according to the application authority record table in the local framework layer of the android operating system when the application program reads the sensitive data.
According to an embodiment of the present invention, the data restoring unit includes: a program removing unit, a load class removing unit, and a program reconstructing unit, wherein
The program removing unit is used for traversing the loading categories of the applications recorded by a first program guide document in a data storage area of the android operating system, removing the applications of which the loading categories are newly loaded by the user, wherein the first program guide document carries the loading categories of all the applications currently installed by the system, and the loading categories are used for identifying the applications as newly loaded applications of the user or originally set applications;
the loading category removing unit is used for removing the loading category corresponding to the removed application in the first program guide document;
the program reconstruction unit is used for comparing a second program guide document in a system partition of the android operating system with a first program guide document after the loading category corresponding to the removed application is removed, copying and reconstructing the application corresponding to the loading category which is not recorded in the first program guide document according to the loading category recorded in the second program guide document, wherein the second program guide document is used for recording the loading category of the application installed when the android operating system is installed for the first time.
The high-security android intelligent terminal comprises an unauthorized application program illegal loading detection unit, an application program operation authentication unit, an internal sensitive data confidentiality unit, a data space arrangement unit and a data restoration unit which are sequentially arranged; through the setting of each unit, the application program and the memory data in the android operating system are effectively protected, the equipment loss is reduced, and the user experience is improved.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a schematic structural diagram of a high-security android intelligent terminal according to an embodiment of the invention;
FIG. 2 is a schematic diagram illustrating an unauthorized application illegal loading detection unit according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating an application running authentication unit according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an internal sensitive data security unit according to an embodiment of the present invention;
FIG. 5 is a schematic diagram of a data space arrangement unit according to an embodiment of the present invention;
fig. 6 shows a schematic diagram of a data recovery unit structure according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
According to an embodiment of the invention, a high-security android intelligent terminal is provided, as shown in fig. 1, the intelligent terminal comprises an unauthorized application program illegal loading detection unit, an application program operation authentication unit, an internal sensitive data confidentiality unit, a data space arrangement unit and a data restoration unit which are sequentially arranged; wherein,
the unauthorized application program illegal loading detection unit is used for detecting unauthorized application program illegal loading;
the application program operation authentication unit is used for authenticating when the application program in the intelligent terminal is operated;
the internal sensitive data security unit is used for the security processing of internal sensitive data which can be called by an application program;
the data space arrangement unit is used for managing data read-write storage space; and
the data recovery unit is used for recovering data of the android operating system.
According to the embodiment of the invention, the high-security android intelligent terminal is communicated with a security center server arranged at a cloud end, and the security center server comprises a first transmission unit, a passive analysis unit, a first decryption unit, a second decryption unit and a cloud end authentication unit which are sequentially arranged; wherein,
the first transmission unit is used for transmitting interactive data with the safety protection unit;
the passive analysis unit is used for passively analyzing the application program of the intelligent terminal;
the first decryption unit and the second decryption unit are used for executing decryption of data sent by the application program operation authentication unit of the security protection unit; and
the cloud authentication unit is used for executing cloud authentication of the intelligent terminal application program.
According to an embodiment of the present invention, as shown in fig. 2, the unauthorized application illegal loading detection unit includes: the system comprises a program nonstandard detection unit, a first interaction unit, a pre-analysis unit, an action registration unit, a self-adaptive reaction unit and a second transmission unit; wherein,
the program nonstandard detection unit is used for detecting abnormal phenomena in the intelligent terminal;
the pre-analysis unit is used for acquiring application program information installed in an intelligent terminal where the system is located, and establishing a program group to be judged through operation of a database for pre-classified illegal actions;
the unauthorized application program illegal loading detection unit calls a detection result of the program non-standard detection unit through the first interaction unit, and the obtained non-standard detection result is sent to the action registration unit;
the action registration unit compares the abnormal phenomenon detected by the nonstandard detection unit of the android operating system program with the action in the program group to be judged;
the action registration unit compares the abnormal phenomenon detected by the program non-standard detection unit with the action in the program group to be judged, which is completed by the pre-analysis unit in the initialization stage, obtains the operation authority related to the abnormal phenomenon, then takes out the programs corresponding to the operation authority from the program group to be judged, finally carries out corresponding processing on information according to the difference of the obtained program number, and directly enters the self-adaptive reaction unit as an illegal program to execute corresponding operation if only one program is obtained and is compared as the program to be judged, namely, the self-adaptive reaction unit determines the corresponding type according to the illegal level in the comparison information; otherwise, the information of the program to be judged is sent to the safety center server through the second transmission unit for further judgment, and the program to be judged is handed to the safety center server for passive analysis.
The passive analysis unit is used for passively analyzing an exe file of the intelligent terminal application program; the passive analysis unit is in a thread control running state, when an unauthorized application program illegally loads a message which is requested to be analyzed by the detection unit, the passive analysis unit starts to execute, an exe file is obtained from the message, then a passive analysis function is called to analyze the exe file, a normal program call function library and a non-standard program call function library which are already established are used during analysis, and finally a return message of the security center server to the unauthorized application program illegally loads the detection unit is set according to a result returned by the analysis function.
According to a further embodiment of the present invention, the unauthorized application illegal loading detection unit may further include an operation permission determination unit and a first prompt unit, where the operation permission determination unit takes out an application containing a power-on automatic operation permission from an installed application, displays information of the applications to a user in a prompt form, and allows the user to select a program trusted as safe, and then removes the safe program selected by the user from the group of programs to be determined, so that subsequent determination is not performed.
According to an embodiment of the present invention, as shown in fig. 3, the application program operation authentication unit includes: an identification code obtaining unit, a key obtaining unit, a first encryption unit, a second encryption unit, and an authentication request transmitting unit, wherein,
the identification code obtaining unit is used for obtaining the international identification code of the mobile equipment of the intelligent terminal and the telephone number of the mobile terminal when the program to be operated is operated;
the key obtaining unit is used for obtaining a first encryption algorithm key, a second encryption algorithm key and a current time identification sequence; the first encryption algorithm may be, but is not limited to, an asymmetric encryption algorithm, and the second encryption algorithm may be, but is not limited to, a symmetric encryption algorithm;
the first encryption unit is used for encrypting the international identification code of the mobile equipment, the telephone number of the mobile terminal and the signature sequence of the program to be operated according to a second encryption algorithm key and the current time identification sequence;
the second encryption unit is used for carrying out composite encryption on the second encryption algorithm key according to the first encryption algorithm key,
the authentication request sending unit is used for sending an authentication request message to a security center server, wherein the authentication request message carries the encrypted international identification code of the mobile equipment, the telephone number of the mobile terminal, the signature sequence of the program to be operated and a second encryption algorithm key;
the security center server receives the authentication request message through a first transmission unit;
the first decryption unit decrypts the encrypted second encryption algorithm key according to the first encryption algorithm key to obtain a current time identification sequence;
the second decryption unit decrypts the encrypted international mobile equipment identification code, the mobile terminal telephone number and the signature sequence of the program to be operated according to the decrypted second encryption algorithm key and the current time identification sequence;
and the cloud authentication unit authenticates the intelligent terminal and the application program to be operated according to the decrypted international identification code of the mobile equipment, the telephone number of the mobile terminal and the signature sequence of the program to be operated.
According to one embodiment of the present invention, as shown in fig. 4, the internal sensitive data security unit includes: a rights file establishing unit, an independent control unit, and a determining unit, wherein,
the authority file establishing unit is used for establishing an authority file for storing an application authority record table at the lowest layer of the android operating system and storing the sensitive data in the application authority record table in a classified manner;
the independent control unit is used for generating an independent application programming interface at the lowest layer of the android operating system and setting the content of the application authority record table through the independent application programming interface;
and the determining unit is used for determining whether the application has the authority to acquire the sensitive data according to the application authority record table in the local framework layer of the android operating system when the application program reads the sensitive data.
According to an embodiment of the invention, the independent control unit comprises:
the independent application programming interface generating unit is used for setting application installation permission and generating an independent application programming interface at the lowest layer of the android operating system;
the authority management unit is used for accessing the application authority record table through the independent application programming interface, and modifying the type of the application program with the acquired authority in the application authority record table and the content of the sensitive data acquired by the application program with the authority; and
and the first storage unit is used for storing the modified application authority record table.
According to an embodiment of the present invention, the determining unit includes:
the permission record table reading unit is used for calling the standard application programming interface to access the independent application programming interface and reading the application permission record table when the application program reads the sensitive data;
the consistency determining unit is used for determining whether the current application is consistent with the application in the application permission record table or not in the local framework layer of the android operating system; and
and the execution unit is used for inquiring the type of the sensitive data which is obtained by the current application with the authority in the application authority record table when the determination result is consistent, and obtaining and displaying the information data corresponding to the type through a standard application programming interface.
According to an embodiment of the present invention, as shown in fig. 5, the data space arrangement unit includes: a space arrangement scheme setting unit, an access interface request first transmission unit, an access interface request intercepting unit, a destination modification unit and an access interface request second transmission unit, wherein,
the space arrangement scheme setting unit is used for presetting a data read-write storage scheme in the intelligent terminal;
the access interface request first transmission unit is used for transmitting an access interface request to a virtual file switch layer of a kernel layer of the android operating system when an application layer of the android operating system accesses data on the intelligent terminal;
the access interface request intercepting unit is used for intercepting an access interface request at a virtual file switch layer of a kernel layer of an android operating system;
the target modifying unit modifies or reserves a target database of the access interface request according to the space arrangement scheme, and transmits the access interface request to a real data space; and
and the access interface request second transmission unit is used for transmitting the access interface request to a driving program of the intelligent terminal through a real data space.
According to the embodiment of the present invention, the preset data read-write storage scheme in the intelligent terminal specifically comprises: dividing the data storage space into a safe area and a temporary storage area, intercepting a file read-write operation request at a virtual file switch layer of a kernel layer when the data storage space is in a safety guarantee state, and redirecting the write operation of the safe area to the temporary storage area; when the file is in a non-safety guarantee state, directly issuing all file read-write operation requests; when the system is restored, the data in the temporary storage area is abandoned; and writing the data in the temporary storage area back to the safe area when the system is backed up.
According to an embodiment of the present invention, as shown in fig. 6, the data restoring unit includes: a program removing unit, a load class removing unit, and a program reconstructing unit, wherein
The program removing unit is used for traversing the loading categories of the applications recorded by a first program guide document in a data storage area of the android operating system, removing the applications of which the loading categories are newly loaded by the user, wherein the first program guide document carries the loading categories of all the applications currently installed by the system, and the loading categories are used for identifying the applications as newly loaded applications of the user or originally set applications;
the loading category removing unit is used for removing the loading category corresponding to the removed application in the first program guide document;
the program reconstruction unit is used for comparing a second program guide document in a system partition of the android operating system with a first program guide document after the loading category corresponding to the removed application is removed, copying and reconstructing the application corresponding to the loading category which is not recorded in the first program guide document according to the loading category recorded in the second program guide document, wherein the second program guide document is used for recording the loading category of the application installed when the android operating system is installed for the first time.
According to an embodiment of the present invention, the data restoring unit may further include:
the first judging unit is used for judging whether a first program guide document exists in the data storage area when the android operating system runs for the first time;
the first installation loading type adding unit is used for copying a second program guide document of the system partition to the data storage area when the first program guide document does not exist, and taking the copied second program guide document of the system partition as the first program guide document of the data storage area;
and the new loading type adding unit is used for receiving an instruction of completing the installation of the third-party application and recording the loading type of the third-party application in the first program guide document of the data storage area.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (5)
1. A high-security android intelligent terminal comprises an unauthorized application program illegal loading detection unit, an application program operation authentication unit, an internal sensitive data confidentiality unit, a data space arrangement unit and a data restoration unit which are sequentially arranged; wherein,
the unauthorized application program illegal loading detection unit is used for detecting unauthorized application program illegal loading;
the application program operation authentication unit is used for authenticating when the application program in the intelligent terminal is operated;
the internal sensitive data security unit is used for the security processing of internal sensitive data which can be called by an application program;
the data space arrangement unit is used for managing data read-write storage space; and
the data recovery unit is used for recovering data of an android operating system;
the unauthorized application illegal loading detection unit includes: the system comprises a program nonstandard detection unit, a first interaction unit, a pre-analysis unit, an action registration unit, a self-adaptive reaction unit and a second transmission unit; wherein,
the program nonstandard detection unit is used for detecting abnormal phenomena in the intelligent terminal;
the pre-analysis unit is used for acquiring application program information installed in an intelligent terminal where the system is located, and establishing a program group to be judged through operation of a database for pre-classified illegal actions;
the unauthorized application program illegal loading detection unit calls a detection result of the program non-standard detection unit through the first interaction unit, and the obtained non-standard detection result is sent to the action registration unit;
the action registration unit compares the abnormal phenomenon detected by the nonstandard detection unit of the android operating system program with the action in the program group to be judged;
the action registration unit compares the abnormal phenomenon detected by the program non-standard detection unit with the action in the program group to be judged, which is completed by the pre-analysis unit in the initialization stage, obtains the operation authority related to the abnormal phenomenon, then takes out the programs corresponding to the operation authority from the program group to be judged, finally carries out corresponding processing on information according to the difference of the obtained program number, if only one program is obtained and compared as the program to be judged, the program directly enters the self-adaptive reaction unit as an illegal program to execute corresponding operation, and the self-adaptive reaction unit determines the corresponding type according to the illegal level in the compared information; otherwise, the information of the program to be judged is sent to the safety center server through the second transmission unit for further judgment, and the program to be judged is handed to the safety center server for passive analysis.
2. The terminal as claimed in claim 1, wherein the unauthorized application illegal loading detection unit further comprises an operation permission determination unit and a first prompt unit, the operation permission determination unit takes out the application containing the power-on automatic operation permission from the installed application, displays the information of the applications to the user in a prompt mode, and allows the user to select the program which is trusted as safe, and then removes the safe program selected by the user from the group of programs to be determined without subsequent determination.
3. A terminal according to claim 2, the application execution authentication unit comprising: an identification code obtaining unit, a key obtaining unit, a first encryption unit, a second encryption unit, and an authentication request transmitting unit; the identification code obtaining unit and the key obtaining unit are respectively connected with a first encryption unit, the first encryption unit is connected with a second encryption unit, and the second encryption unit is connected with an authentication request sending unit,
the identification code obtaining unit is used for obtaining the international identification code of the mobile equipment of the intelligent terminal and the telephone number of the mobile terminal when the program to be operated is operated;
the key obtaining unit is used for obtaining a first encryption algorithm key, a second encryption algorithm key and a current time identification sequence;
the first encryption unit is used for encrypting the international identification code of the mobile equipment, the telephone number of the mobile terminal and the signature sequence of the program to be operated according to a second encryption algorithm key and the current time identification sequence;
the second encryption unit is used for carrying out composite encryption on the second encryption algorithm key according to the first encryption algorithm key;
the authentication request sending unit is used for sending an authentication request message to the security center server.
4. A terminal according to claim 3, said internal sensitive data security unit comprising: a rights file establishing unit, an independent control unit, and a determining unit, wherein,
the authority file establishing unit is used for establishing an authority file for storing an application authority record table at the lowest layer of the android operating system and storing the sensitive data in the application authority record table in a classified manner;
the independent control unit is used for generating an independent application programming interface at the lowest layer of the android operating system and setting the content of the application authority record table through the independent application programming interface;
and the determining unit is used for determining whether the application has the authority to acquire the sensitive data according to the application authority record table in the local framework layer of the android operating system when the application program reads the sensitive data.
5. A terminal according to claim 4, the data recovery unit comprising: a program removing unit, a load class removing unit, and a program reconstructing unit, wherein
The program removing unit is used for traversing the loading categories of the applications recorded by a first program guide document in a data storage area of the android operating system, removing the applications of which the loading categories are newly loaded by the user, wherein the first program guide document carries the loading categories of all the applications currently installed by the system, and the loading categories are used for identifying the applications as newly loaded applications of the user or originally set applications;
the loading category removing unit is used for removing the loading category corresponding to the removed application in the first program guide document;
the program reconstruction unit is used for comparing a second program guide document in a system partition of the android operating system with a first program guide document after the loading category corresponding to the removed application is removed, copying and reconstructing the application corresponding to the loading category which is not recorded in the first program guide document according to the loading category recorded in the second program guide document, wherein the second program guide document is used for recording the loading category of the application installed when the android operating system is installed for the first time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510292398.5A CN104866761B (en) | 2015-06-01 | 2015-06-01 | A kind of high security Android intelligent terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510292398.5A CN104866761B (en) | 2015-06-01 | 2015-06-01 | A kind of high security Android intelligent terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104866761A CN104866761A (en) | 2015-08-26 |
| CN104866761B true CN104866761B (en) | 2017-10-31 |
Family
ID=53912584
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510292398.5A Active CN104866761B (en) | 2015-06-01 | 2015-06-01 | A kind of high security Android intelligent terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104866761B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107491695A (en) * | 2017-08-10 | 2017-12-19 | 佛山市三水区彦海通信工程有限公司 | A kind of critical data reads recording method |
| CN110046494B (en) * | 2019-04-24 | 2019-11-19 | 天聚地合(苏州)数据股份有限公司 | Big data processing method and system based on terminal |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101866407A (en) * | 2010-06-18 | 2010-10-20 | 北京九合创胜网络科技有限公司 | Method and device for realizing security of operating system platform |
| CN102222194A (en) * | 2011-07-14 | 2011-10-19 | 哈尔滨工业大学 | Module and method for LINUX host computing environment safety protection |
| CN102508768A (en) * | 2011-09-30 | 2012-06-20 | 奇智软件(北京)有限公司 | Monitoring method and monitoring device for application program |
| CN103259806A (en) * | 2012-02-15 | 2013-08-21 | 深圳市证通电子股份有限公司 | Android intelligent terminal application program security detection method and system |
| CN103368904A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Mobile terminal, and system and method for suspicious behavior detection and judgment |
| CN104182688A (en) * | 2014-08-26 | 2014-12-03 | 北京软安科技有限公司 | Android malicious code detection device and method based on dynamic activation and behavior monitoring |
| CN104318176A (en) * | 2014-10-28 | 2015-01-28 | 东莞宇龙通信科技有限公司 | Terminal and data management method and device thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350052B (en) * | 2007-10-15 | 2010-11-03 | 北京瑞星信息技术有限公司 | Method and apparatus for discovering malignancy of computer program |
-
2015
- 2015-06-01 CN CN201510292398.5A patent/CN104866761B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101866407A (en) * | 2010-06-18 | 2010-10-20 | 北京九合创胜网络科技有限公司 | Method and device for realizing security of operating system platform |
| CN102222194A (en) * | 2011-07-14 | 2011-10-19 | 哈尔滨工业大学 | Module and method for LINUX host computing environment safety protection |
| CN102508768A (en) * | 2011-09-30 | 2012-06-20 | 奇智软件(北京)有限公司 | Monitoring method and monitoring device for application program |
| CN103259806A (en) * | 2012-02-15 | 2013-08-21 | 深圳市证通电子股份有限公司 | Android intelligent terminal application program security detection method and system |
| CN103368904A (en) * | 2012-03-27 | 2013-10-23 | 百度在线网络技术(北京)有限公司 | Mobile terminal, and system and method for suspicious behavior detection and judgment |
| CN104182688A (en) * | 2014-08-26 | 2014-12-03 | 北京软安科技有限公司 | Android malicious code detection device and method based on dynamic activation and behavior monitoring |
| CN104318176A (en) * | 2014-10-28 | 2015-01-28 | 东莞宇龙通信科技有限公司 | Terminal and data management method and device thereof |
Non-Patent Citations (1)
| Title |
|---|
| 基于数据签名的Linux兼容内核上应用程序的安全机制;褚力行;《中国优秀硕士学位论文全文数据库 信息科技辑》;20070430;12-52 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104866761A (en) | 2015-08-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112513857B (en) | Personalized cryptographic secure access control in trusted execution environments | |
| CN109923548B (en) | Method, system and computer program product for implementing data protection by supervising process access to encrypted data | |
| US9712565B2 (en) | System and method to provide server control for access to mobile client data | |
| CN105260663B (en) | A kind of safe storage service system and method based on TrustZone technologies | |
| CN105447406B (en) | A kind of method and apparatus for accessing memory space | |
| CN106534148B (en) | Access control method and device for application | |
| US7712135B2 (en) | Pre-emptive anti-virus protection of computing systems | |
| KR101295428B1 (en) | Method and Apparatus | |
| CN103827881A (en) | Method and system for dynamic platform security in a device operating system | |
| CN104318176B (en) | Data management method and device for terminal and terminal | |
| US20120137372A1 (en) | Apparatus and method for protecting confidential information of mobile terminal | |
| CN108595982B (en) | Secure computing architecture method and device based on multi-container separation processing | |
| WO2005081115A1 (en) | Application-based access control system and method using virtual disk | |
| WO2017193750A1 (en) | Processing method for presenting copy attack, and server and client | |
| US10339307B2 (en) | Intrusion detection system in a device comprising a first operating system and a second operating system | |
| US20170201528A1 (en) | Method for providing trusted service based on secure area and apparatus using the same | |
| CN115329389B (en) | File protection system and method based on data sandbox | |
| US20170329963A1 (en) | Method for data protection using isolated environment in mobile device | |
| CN104955043B (en) | A kind of intelligent terminal security protection system | |
| CN103970540A (en) | Method and device for safely calling key function | |
| CN104866761B (en) | A kind of high security Android intelligent terminal | |
| KR101711024B1 (en) | Method for accessing temper-proof device and apparatus enabling of the method | |
| CN108345804B (en) | Storage method and device in trusted computing environment | |
| EP3123384B1 (en) | Protecting an item of software | |
| CN112507302A (en) | Calling party identity authentication method and device based on cryptographic module execution |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |