CN1900941A - Computer safety protective method based on software identity identifying technology - Google Patents

Computer safety protective method based on software identity identifying technology Download PDF

Info

Publication number
CN1900941A
CN1900941A CN 200610078622 CN200610078622A CN1900941A CN 1900941 A CN1900941 A CN 1900941A CN 200610078622 CN200610078622 CN 200610078622 CN 200610078622 A CN200610078622 A CN 200610078622A CN 1900941 A CN1900941 A CN 1900941A
Authority
CN
China
Prior art keywords
software
security
file
database
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200610078622
Other languages
Chinese (zh)
Inventor
傅玉生
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN 200610078622 priority Critical patent/CN1900941A/en
Publication of CN1900941A publication Critical patent/CN1900941A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention relates to computer security technology, and is a client end computer security protecting mechanism established around the certificating server based on software identity certification. The present invention includes: 1. establishing security certificating database with the unique flag code as ID; 2. establishing certificating server for providing software security certificating function with the security certificating database as kernel; 3. establishing security policy for limiting the software running in the client end; 4. monitoring the client end computer and extracting the unique ID and submitting it to the certificating server before starting the executable file; 5. inquiring the security certificating database with the certificating server and feeding back the corresponding security information to the client end computer; and 6. the client end computer judging whether to execute the software. Compared with traditional antivirus method, the present invention has more wide protection.

Description

A kind of computer safety protective method based on software identity identifying technology
One. technical field
The present invention relates to the Computer Applied Technology field, relate to a kind of guard method of computer security.Utilize this method can set up a kind of infrastructure that the computer safety protective service is provided.Utilize this method also can design a kind of application software that improves computer security.This method is by software on computers the execution of restriction without safety certification, the security that improves computer system.
Two. background technology
Preventing broadcast of computer virus harm, is an important topic of computer safety field.In " Computer Information System Security Protection Ordinance of the People's Republic of China "; the definition of computer virus is: " computer virus is meant establishment or destruction computer function or the data inserted in computer program, influence computing machine use and a set of computer instructions or program code that can self-replacation ".This shows that computer virus can be the executable file of an independent establishment, also can be one group of executable instruction or the program code that inserts in other computer program.No matter virus with which kind of form exists, traditional antivirus software, and the principle of work that all is based on a kind of being called " characteristic matching " is carried out the virus detection.Its principle of work is at first to make the database about virus characteristic in the antivirus software the inside, in virus killing, just the inspection object is scanned one by one according to these virus characteristics, if find the characteristic segments that certain feature in inspected object existence and the known viruse feature database is complementary, just be defined as and find virus.The principle of tradition antivirus software is: stop the operation of known harmful software.Design philosophy is based on the discovery to known non-fail-safe software, only the virus characteristic file that the match is successful is stoped or isolates, so can't realize monitoring to the non-secure file of the unknown.With respect to being for the non-secure file time of occurrence of representative with virus, the killing ability of traditional antivirus software lags behind.Have only this non-fail-safe software of working as to be found, reported, and after being acknowledged as destructiveness, just can include killing scope of traditional antivirus software and so in.Along with the improvement of virus technology, and the development of internet construction, the frequency of occurrences and the velocity of propagation of new virus all are greatly improved.Intrinsic hysteresis quality makes traditional antivirus software novel viral hard to guard against to these, can't thoroughly avoid the generation that endangers.
Another kind of method is based on the thought of file self-shield, for example invention disclosed " software self-protection method of microcomputer virus " (publication number: CN1068205A) and " method for protecting computer software " (publication number: CN1155700A).This method all is to manage to have the information of uniqueness characteristic in file self interpolation, when program brings into operation, check at first whether the current characteristic information of file is consistent with the characteristic information that self stores, and judge that thus whether file is illegally distorted, and then take appropriate measures.These class methods can prevent to a certain extent that software from being revised by Virus, but also exist obvious defects: 1. obviously not being suitable for virus is the situation of independent executable file.In other words, Virus has a style of one's own, and does not revise any file, and then these class methods are powerless; 2. not getting rid of virus can be before program be performed, alter program in advance, and then according to the file status after distorting, making uses the same method recomputates the characteristic information of file, replaces old characteristic information then.
Except taking precautions against virus attack, prevent that the hacker from directly utilizing the design leak of software that computer system is attacked, also be the important topic of current computer security fields.Wherein most typical no more than " buffer zone overflows " leak.Though " buffer zone overflows " attacks is a kind of very attack technology of " ancient " (even " Morris Worm " of in November, 1988 outburst just utilized the principle of " buffer zone overflows "), it is still very big to the security threat of computer system.Antivirus software and can prevent the invasion of virus to a certain extent based on the method for file self-shield, but the directtissima that carries out utilizing software vulnerability is powerless.How to prevent this class attack at present, still none is unified, effective method and instrument depend on the degree of understanding and the level of improving computer system functions of system manager to computer system security basically, and common method is exactly in time to stamp up-to-date system mend.
In addition, along with the development of Internet technology, various " wooden horse " software, ad ware has also brought threat to computer security, and operation has brought inconvenience to user's computer.For enterprise, how to limit the employee and in Intranet, move with work irrelevantly, even the software of potential security hole is arranged, also be a problem demanding prompt solution.
Three. summary of the invention
The purpose of this invention is to provide a kind of based on the software identification; adopt safety certification database and certificate server that software is carried out the computer system security guard method of Collective qualification, make and set up a computing system environments that only allows known believable fail-safe software operation in this way.
The present invention sets up characteristic information and the security information of safety certification database with storing software in advance, and each software of storing in the database all utilizes unique condition code of executable file to identify; And set up server program based on this safety certification database with safety certification function.When certain software in the client computer when being performed, watchdog routine can calculate unique condition code of the executable file of this software, and submits to certificate server.Certificate server searches out the security information and the characteristic information of this software from the safety certification database according to unique condition code, and give watchdog routine these information feedback, whether watchdog routine judges according to the result of feedback whether software satisfies security needs, can continue to carry out.
The present invention has overcome the deficiency of current antivirus software and these two class methods of file self-shield, introduces new thinking 1. and " only allows known believable fail-safe software operation "; 2. by saved software characteristic information and security information in the query set, the security at operating software is just assessed.
" known believable fail-safe software " is meant that the unique condition code of all executable files that 1. these softwares are comprised is present in the certificate server database, 2. authenticate through reliable authoritative institution, this software is not harmful programs such as virus or wooden horse, also not by virus and wooden horse correct, 3. the security level of this software satisfies the requirement of computer environment to software security, do not meet the executable file of above-mentioned arbitrary feature, all be considered as suspicious executable file, need after the special affirmation of user, could carry out.
The present invention both can effectively stop self-existent Virus running paper, also can effectively stop the program file operation of being revised by virus infections, owing to have only " known believable secure file just can be carried out ", not only known virus document can effectively be stoped, and the unknown destructive program that has also has been cut off the path of carrying out.The present invention can also reduce computer system to a certain extent and be subjected to the risk of being attacked because of bug.By the security information of storing on the authentication query server, the system manager can understand leak and the level of security that various softwares may exist in this computer system, thus in feasible scope the upgrade maintenance of implementation system.
Using the present invention can set up a cover computer system security takes good care of infrastructure.For example can set up a safety management platform based on the internet, for the Internet user provides the software information inquiry service, functions such as computer safety protective service.
Use the present invention also can develop the software that a cover is used for the computer system security protection, the centralized and unified protection of enterprise software running environment is provided for enterprise.Enterprise can set up safety certification database and the certificate server of oneself, works out the security strategy that this enterprise is suitable for, the specific running software condition of observing of this enterprise of standard.For example set up and allow the program listing carried out in the enterprise network, forbid that the user carries out the software that has nothing to do with job specification etc. in enterprise network.
Four. description of drawings
Further set forth content of the present invention below by the drawings and specific embodiments:
Fig. 1 is a system construction drawing of implementing the computer environment that the present invention built;
Fig. 2 is under the present invention's control, the detail flowchart of software performing process;
Fig. 3 is the software performing process sketch behind enforcement the present invention.
Five. embodiment
By implementing the present invention, can build a security context that has only known believable software to move.For realize this security context the infrastructure that must build comprise as shown in Figure 1 following three parts:
1. safety certification database;
2. certificate server program;
3. watchdog routine.
The safety certification lane database is stored various Characteristic of Software information and security information.The content of software features information and security information and scope can be adjusted according to the actual needs.In general, characteristic information comprises the title of software, manufacturer, version, the software executable title, purposes of software or the like is safety and security information comprises whether software authenticates, Virus whether, whether trojan horse program exists pregnable leak or the like.Whether whether these information can monitored program be used for judging that certain is about to whether virus of program of carrying out, be maliciously tampered, exist to be easy to the leak attacked, thereby further whether decision allows this program to carry out.And the system manager can assess present computing system environments security from these information accurately, thereby takes rationally, and feasible measure comes system is safeguarded and upgrades.
How each software being identified in the safety certification database is a difficult problem.The present invention adopts unique condition code of executable file to realize this demand.Unique condition code of the pairing executable file of software can be used as the identity characteristic of software.All softwares all are made up of file, and file is from be one group of orderly binary sequence at all.Carry out digital digest by binary sequence and calculate, just can obtain unique condition code of corresponding executable file executable file.The algorithm that can finish this class digital digest calculating comprises MD4, MD5, SHA etc.If any variation takes place in the binary sequence content of executable file, for example have only a binary digit to become 1 from 0, unique condition code of coming out through the digital digest algorithm computation will change.Because the existence of this uniqueness, unique condition code of executable file just can be used as the abundant necessity sign that confirms the software identity.Here related executable file comprises the .exe file, the .dll file, and the .sys file is explained execution script file etc. on the particular platform.
The basic function that the certificate server program need provide comprises: 1. set up and the maintenance safe authentication database, 2. inquire about according to the unique condition code of file that watchdog routine is sent, feedback Characteristic of Software information and security information.
The certificate server program can provide the safety certification database information to collect and the information typing function of modification.According to actual conditions, gather information and typing, the interface of revising information can adopt different means, can carry out automatically, also can manually carry out.The function of certificate server program has very strong extensibility according to the demand of reality, for example can increase the software upgrading suggestion, software security consultant, functions such as software rejuvenation.
Watchdog routine is installed on the computing machine that need carry out the safety certification protection.The basic function that watchdog routine need provide is the implementation of software on the supervisory control comuter, before software is carried out, unique condition code of software for calculation executable file submits to certificate server to authenticate, and according to the feedback information of certificate server whether software is continued to carry out and judge.The system manager works out security strategy according to actual conditions and is used for as the standard of judging whether software can continue to carry out, Virus for example, trojan horse program mustn't move, and whether the program of the unknown or unauthenticated safety is carried out by user decision etc. providing under the prompting prerequisite.Security strategy plays a part to regulate watchdog routine to the computer monitoring dynamics.Watchdog routine can be with system service, and the mode of driver or common process is moved.
Certificate server and watchdog routine can coexist as on same the computing machine, also can be distributed on the different computing machines, can pass through client/server between the two, and perhaps the form of browser/server communicates.Can adopt the various communications protocol that comprise TCP/IP to communicate between the two.
The function of watchdog routine also has very strong extensibility according to the demand of reality, for example can the help system keeper understand computing system environments, understands functions such as current security of system.
Enforcement of the present invention comprises four processes, is respectively:
1. set up the safety certification database
2. set up and the operation certificate server
3. design allows the security strategy of running software
4. install and the operation monitoring program
In the computing machine of implementing the present invention and being protected, the software execution flow journey comprises following seven steps as shown in Figure 2, is respectively:
1. certain software is operated system call;
2. watchdog routine scans the executable file of this software, unique condition code of spanned file;
3. watchdog routine sends to certificate server to the unique condition code of file;
4. certificate server is received unique condition code, the query safe authentication database;
5. certificate server is perhaps given watchdog routine the software information that inquires the message feedback of not finding software;
6. watchdog routine is called security strategy and is compared judgement according to the message of receiving;
7. watchdog routine allows running software or forbids running software according to judged result.
The above is the frame description that the present invention can realize function, the more variation, and all available above content of more function details is a core, add the present invention to, thereby it is more practical to offer user of the present invention, more powerful control ability and service ability.So the change that all are associated improves and application also is included in the spirit and scope of the present invention.

Claims (11)

1. one kind based on the software identification; adopt safety certification database and certificate server that software is carried out the computer system security guard method of Collective qualification, make and set up a computing system environments that only allows known believable fail-safe software operation in this way.
2. method according to claim 1 is characterized in that: the safety certification database is the characteristic information of storing software and the database of security information, and saved software all utilizes unique condition code of executable file to identify in the database.
3. method according to claim 1 is characterized in that: the safety of software is authenticated by certificate server; The basis of authentication is unique condition code of executable file; Certificate server searches out the security information and the characteristic information of this software according to unique condition code from the safety certification database, and gives client monitor process these information feedback.
4. method according to claim 1 is characterized in that: the process of enforcement constitutes (1) by four processes and sets up the safety certification database; (2) set up and move certificate server; (3) design allows the security strategy of running software; (4) also operation monitoring program is installed.
5. method according to claim 1, it is characterized in that: unique condition code of the executable file of employing is the statistical nature of this document, be continuous binary sequence that file is comprised as the input data, calculate the unique deterministic data mode record that has that is obtained through predetermined algorithm.
6. method according to claim 1 is characterized in that: the algorithm that obtains the unique condition code of executable file is a hashing algorithm, MD4 for example, MD5, SHA.
7. method according to claim 1 is characterized in that: the software features information in the safety certification database comprises the title of software, manufacturer, version, software executable title, the purposes of software.
8. method according to claim 1 is characterized in that: the software security information in the safety certification database comprises whether software authenticates and is safety, Virus whether, and whether trojan horse program exists pregnable leak.
9. method according to claim 1 is characterized in that: the executable file that is used to calculate comprises the .exe file, the .dll file, and the .sys file is explained the execution script file on the particular platform.
10. method according to claim 1, it is characterized in that: described watchdog routine, its function comprises the implementation of software on the supervisory control comuter, before software is carried out, unique condition code of software for calculation executable file, submit to certificate server to authenticate, and according to the feedback information of certificate server whether software is continued to carry out and judge.
11. method according to claim 1, it is characterized in that: certificate server and watchdog routine can coexist as on same the computing machine, also can be distributed on the different computing machines, can pass through client/server between the two, perhaps the form of browser/server communicates, and can adopt the various communications protocol that comprise TCP/IP to communicate between the two.
CN 200610078622 2006-04-28 2006-04-28 Computer safety protective method based on software identity identifying technology Pending CN1900941A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200610078622 CN1900941A (en) 2006-04-28 2006-04-28 Computer safety protective method based on software identity identifying technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200610078622 CN1900941A (en) 2006-04-28 2006-04-28 Computer safety protective method based on software identity identifying technology

Publications (1)

Publication Number Publication Date
CN1900941A true CN1900941A (en) 2007-01-24

Family

ID=37656828

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200610078622 Pending CN1900941A (en) 2006-04-28 2006-04-28 Computer safety protective method based on software identity identifying technology

Country Status (1)

Country Link
CN (1) CN1900941A (en)

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101667232A (en) * 2009-07-13 2010-03-10 北京中软华泰信息技术有限责任公司 Terminal credible security system and method based on credible computing
CN101110836B (en) * 2007-08-23 2010-05-19 上海交通大学 Real-time monitoring system authorization management method based on PE document
CN101924762A (en) * 2010-08-18 2010-12-22 奇智软件(北京)有限公司 Cloud security-based active defense method
CN101539978B (en) * 2009-04-29 2011-08-17 北京飞天诚信科技有限公司 Software protection method based on space
CN102195987A (en) * 2011-05-31 2011-09-21 成都七巧软件有限责任公司 Distributed credibility authentication method and system thereof based on software product library
WO2011124084A1 (en) * 2010-04-09 2011-10-13 Pan Yanhui System and method for multi-user cooperative security protection based on cloud calculation
CN102222183A (en) * 2011-04-28 2011-10-19 奇智软件(北京)有限公司 Mobile terminal software package safety detection method and system thereof
CN102236752A (en) * 2010-05-04 2011-11-09 航天信息股份有限公司 Trustiness measuring method for installing and upgrading software
WO2012034349A1 (en) * 2010-09-14 2012-03-22 Hu Zhishui Method and system for protecting computer safety
CN102750476A (en) * 2012-06-07 2012-10-24 腾讯科技(深圳)有限公司 Method and system for identifying file security
CN102779257A (en) * 2012-06-28 2012-11-14 奇智软件(北京)有限公司 Security detection method and system of Android application program
CN102799812A (en) * 2012-06-28 2012-11-28 腾讯科技(深圳)有限公司 Method and device for processing application program
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN103023884A (en) * 2012-11-26 2013-04-03 北京奇虎科技有限公司 Security data processing method and system
CN103136470A (en) * 2013-03-12 2013-06-05 无锡江南计算技术研究所 Method of enhancing safety of Java virtual machine
CN101414997B (en) * 2007-10-15 2013-06-12 北京瑞星信息技术有限公司 Method and apparatus for preventing malevolence program from accessing network
CN103198253A (en) * 2013-03-29 2013-07-10 北京奇虎科技有限公司 Method and system of file operation
CN103440455A (en) * 2011-04-28 2013-12-11 北京奇虎科技有限公司 Mobile terminal software package safety detection method and system
WO2014075504A1 (en) * 2012-11-14 2014-05-22 北京奇虎科技有限公司 Security control method and device for running application
CN104580161A (en) * 2014-12-17 2015-04-29 中国电子科技集团公司第十五研究所 Security-identity-document-based real-name software authentication method and device
CN104850775A (en) * 2014-02-14 2015-08-19 北京奇虎科技有限公司 Method and device for assessing safety of application program
WO2015120756A1 (en) * 2014-02-14 2015-08-20 北京奇虎科技有限公司 Method and device for identifying security of application process
CN106682504A (en) * 2015-11-06 2017-05-17 珠海市君天电子科技有限公司 Method and device for preventing file from being maliciously edited and electronic equipment
CN108206741A (en) * 2016-12-16 2018-06-26 北京国双科技有限公司 Verification method, the apparatus and system of service
CN115208933A (en) * 2022-07-07 2022-10-18 成都域卫科技有限公司 Software application control method, device and storage medium

Cited By (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101110836B (en) * 2007-08-23 2010-05-19 上海交通大学 Real-time monitoring system authorization management method based on PE document
CN101414997B (en) * 2007-10-15 2013-06-12 北京瑞星信息技术有限公司 Method and apparatus for preventing malevolence program from accessing network
CN101539978B (en) * 2009-04-29 2011-08-17 北京飞天诚信科技有限公司 Software protection method based on space
CN101667232B (en) * 2009-07-13 2014-12-10 北京可信华泰信息技术有限公司 Terminal credible security system and method based on credible computing
CN101667232A (en) * 2009-07-13 2010-03-10 北京中软华泰信息技术有限责任公司 Terminal credible security system and method based on credible computing
WO2011124084A1 (en) * 2010-04-09 2011-10-13 Pan Yanhui System and method for multi-user cooperative security protection based on cloud calculation
CN102236752B (en) * 2010-05-04 2014-10-22 航天信息股份有限公司 Trustiness measuring method for installing and upgrading software
CN102236752A (en) * 2010-05-04 2011-11-09 航天信息股份有限公司 Trustiness measuring method for installing and upgrading software
CN101924762A (en) * 2010-08-18 2010-12-22 奇智软件(北京)有限公司 Cloud security-based active defense method
US9916447B2 (en) 2010-08-18 2018-03-13 Beijing Qihoo Technology Company Limited Active defense method on the basis of cloud security
CN103078864B (en) * 2010-08-18 2015-11-25 北京奇虎科技有限公司 A kind of Initiative Defense Ile repair method based on cloud security
CN101924762B (en) * 2010-08-18 2013-02-27 北京奇虎科技有限公司 Cloud security-based active defense method
US9177141B2 (en) 2010-08-18 2015-11-03 Beijing Qihoo Technology Company Limited Active defense method on the basis of cloud security
WO2012034349A1 (en) * 2010-09-14 2012-03-22 Hu Zhishui Method and system for protecting computer safety
CN102222183A (en) * 2011-04-28 2011-10-19 奇智软件(北京)有限公司 Mobile terminal software package safety detection method and system thereof
CN102222183B (en) * 2011-04-28 2013-11-13 奇智软件(北京)有限公司 Mobile terminal software package safety detection method and system thereof
CN103440455A (en) * 2011-04-28 2013-12-11 北京奇虎科技有限公司 Mobile terminal software package safety detection method and system
CN102195987B (en) * 2011-05-31 2014-04-30 成都七巧软件有限责任公司 Distributed credibility authentication method and system thereof based on software product library
CN102195987A (en) * 2011-05-31 2011-09-21 成都七巧软件有限责任公司 Distributed credibility authentication method and system thereof based on software product library
CN102750476A (en) * 2012-06-07 2012-10-24 腾讯科技(深圳)有限公司 Method and system for identifying file security
WO2013182073A1 (en) * 2012-06-07 2013-12-12 腾讯科技(深圳)有限公司 Method and system for identifying file security and storage medium
CN102779257A (en) * 2012-06-28 2012-11-14 奇智软件(北京)有限公司 Security detection method and system of Android application program
CN102799812A (en) * 2012-06-28 2012-11-28 腾讯科技(深圳)有限公司 Method and device for processing application program
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN102831338B (en) * 2012-06-28 2015-09-30 北京奇虎科技有限公司 A kind of safety detection method of Android application program and system
CN102799812B (en) * 2012-06-28 2015-05-27 腾讯科技(深圳)有限公司 Method and device for processing application program
WO2014075504A1 (en) * 2012-11-14 2014-05-22 北京奇虎科技有限公司 Security control method and device for running application
CN103023884B (en) * 2012-11-26 2015-09-16 北京奇虎科技有限公司 Secure data processing method and system
CN103023884A (en) * 2012-11-26 2013-04-03 北京奇虎科技有限公司 Security data processing method and system
CN103136470B (en) * 2013-03-12 2015-08-12 无锡江南计算技术研究所 A kind of method strengthening safety of Java virtual machine
CN103136470A (en) * 2013-03-12 2013-06-05 无锡江南计算技术研究所 Method of enhancing safety of Java virtual machine
CN103198253B (en) * 2013-03-29 2016-03-30 北京奇虎科技有限公司 The method and system of operating file
CN103198253A (en) * 2013-03-29 2013-07-10 北京奇虎科技有限公司 Method and system of file operation
CN104850775A (en) * 2014-02-14 2015-08-19 北京奇虎科技有限公司 Method and device for assessing safety of application program
WO2015120756A1 (en) * 2014-02-14 2015-08-20 北京奇虎科技有限公司 Method and device for identifying security of application process
CN104580161A (en) * 2014-12-17 2015-04-29 中国电子科技集团公司第十五研究所 Security-identity-document-based real-name software authentication method and device
CN106682504A (en) * 2015-11-06 2017-05-17 珠海市君天电子科技有限公司 Method and device for preventing file from being maliciously edited and electronic equipment
CN106682504B (en) * 2015-11-06 2019-08-06 珠海豹趣科技有限公司 A kind of method, apparatus for preventing file from maliciously being edited and electronic equipment
CN108206741A (en) * 2016-12-16 2018-06-26 北京国双科技有限公司 Verification method, the apparatus and system of service
CN115208933A (en) * 2022-07-07 2022-10-18 成都域卫科技有限公司 Software application control method, device and storage medium

Similar Documents

Publication Publication Date Title
CN1900941A (en) Computer safety protective method based on software identity identifying technology
US8543824B2 (en) Safe distribution and use of content
US8578487B2 (en) System and method for internet security
US7712143B2 (en) Trusted enclave for a computer system
US20070016914A1 (en) Kernel validation layer
US20080301051A1 (en) Internet fraud prevention
US8291493B2 (en) Windows registry modification verification
US20100037317A1 (en) Mehtod and system for security monitoring of the interface between a browser and an external browser module
WO2014012106A2 (en) Method and apparatus for retroactively detecting malicious or otherwise undesirable software as well as clean software through intelligent rescanning
JP2005530223A (en) Methods for automatic configuration and updating of security policies
GB2581877A (en) Detecting obfuscated malware variants
US12093385B2 (en) Zero dwell time process library and script monitoring
US20220417255A1 (en) Managed detection and response system and method based on endpoints
KR101089157B1 (en) System and method for logically separating servers from clients on network using virtualization of client
CN101719846A (en) Security monitoring method, device and system
Deng et al. Lexical analysis for the webshell attacks
US7930727B1 (en) System and method for measuring and enforcing security policy compliance for software during the development process of the software
Barlev et al. Secure yet usable: Protecting servers and Linux containers
Supriya et al. Malware detection techniques: a survey
CN113641997A (en) Safety protection method, device and system for industrial host and storage medium
KR20100078738A (en) Security system and security method at web application server
CN110086812B (en) Safe and controllable internal network safety patrol system and method
CN111343000B (en) System and method for configuring a gateway to protect an automation system
CN111538990B (en) Internet analysis system
CN111343084B (en) System and method for protecting an automation system using a gateway

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C57 Notification of unclear or unknown address
DD01 Delivery of document by public notice

Addressee: Liu Yunxia

Document name: Notification before expiration of term

C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C57 Notification of unclear or unknown address
DD01 Delivery of document by public notice

Addressee: Liu Yunxia

Document name: the First Notification of an Office Action

C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20070124