Computing environment security method and electronic computing system

US 9,053,322 B2
Filed: 01/15/2013
Issued: 06/09/2015
Est. Priority Date: 07/12/2012
Status: Active Grant

First Claim

Patent Images

1. A computing environment security method, comprising:

a) dissolving an application package to be tested by an electronic computing system to obtain at least one data set, wherein each of the at least one data set is contents with respect to one of a plurality of aspects of the application package to be tested, wherein the contents with respect to the aspects comprise contents with respect to a user interface aspect, the at least one data set comprises a first data set, and the first data set is the contents with respect to the user interface aspect of the application package to be tested; and

b) evaluating whether the application package to be tested is a repackaged application package according to the at least one data set, step (b) comprising;

c) for each of the at least one data set, analyzing a characteristic relationship of the contents with respect to the aspect corresponding to the data set and generating characteristic data for the data set according to the characteristic relationship; and

d) determining whether the application package to be tested is the repackaged application package according to characteristic data of the at least one data set and a search result obtained from a database to generate a determination result;

wherein the search result corresponds to the characteristic data of the at least one data set within a corresponding distance, and the database includes characteristic data associated with the aspects corresponding to a plurality of application packages;

wherein the electronic computing system processes the application package to be tested according to the determination result.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing environment security method is provided. The method includes: a) dissolving an application package to be tested to obtain at least one data set, wherein each data set corresponds to contents with respect to one of a plurality of aspects of the application package; and b) evaluating whether the application package is a repackaged application according to the at least one data set. Step (b) includes: c) for each data set, analyzing a characteristic relationship of the contents with respect to the aspect corresponding to the data set to accordingly generate characteristic data for the data set; and d) determining whether the application package to be tested is a repackaged application package according to the characteristic data of the at least one data set and a search result obtained from a database, wherein the search result corresponds to the characteristic data within a corresponding distance.

25 Citations

View as Search Results

26 Claims

1. A computing environment security method, comprising:
- a) dissolving an application package to be tested by an electronic computing system to obtain at least one data set, wherein each of the at least one data set is contents with respect to one of a plurality of aspects of the application package to be tested, wherein the contents with respect to the aspects comprise contents with respect to a user interface aspect, the at least one data set comprises a first data set, and the first data set is the contents with respect to the user interface aspect of the application package to be tested; and
  
  b) evaluating whether the application package to be tested is a repackaged application package according to the at least one data set, step (b) comprising;
  
  c) for each of the at least one data set, analyzing a characteristic relationship of the contents with respect to the aspect corresponding to the data set and generating characteristic data for the data set according to the characteristic relationship; and
  
  d) determining whether the application package to be tested is the repackaged application package according to characteristic data of the at least one data set and a search result obtained from a database to generate a determination result;
  
  wherein the search result corresponds to the characteristic data of the at least one data set within a corresponding distance, and the database includes characteristic data associated with the aspects corresponding to a plurality of application packages;
  
  wherein the electronic computing system processes the application package to be tested according to the determination result.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computing environment security method according to claim 1, before the step of dissolving the application package to be tested, further comprising:
    - receiving the application package to be tested by a communication unit of the electronic computing system in response to a software release request;
      
      wherein step (b) is performed by the electronic computing system; and
      
      the electronic computing system is a server system, which declines the software release request to prohibit the application package to be tested from being released when the application package to be tested is determined as the repackaged application package and a malicious program.
  - 3. The computing environment security method according to claim 1, before the step of dissolving the application package to be tested, further comprising:
    - receiving the application package to be tested by a communication unit of the electronic computing system;
      
      wherein step (b) is performed by a control unit of the electronic computing system in response to a software installation program request before the application package to be tested is to be installed; and
      
      the electronic computing system declines installation of the application package to be tested when the application package to be tested is determined as the repackaged application package and a malicious program according to the determination result.
  - 4. The computing environment security method according to claim 1, wherein step (d) comprises:
    - evaluating a similarity of the application package to be tested according to the characteristic data of the at least one data set and the search result, wherein the search result is obtained from the database and corresponds to the characteristic data of the at least one data set within the corresponding distance;
      
      wherein the similarity of the application package to be tested is a similarity between the application package to be tested and an application package indicated in the database which corresponds to the search result; and
      
      determining whether the application package to be tested is the repackaged application package according to the similarity of the application package to be tested;
      
      wherein the electronic computing system obtains the search result from the database by a communication unit of the electronic computing system via a communication link.
  - 5. The computing environment security method according to claim 1, wherein step (c) comprises:
    - analyzing hierarchies of views and elements in at least one user interface indicated in the first data set to determine a first characteristic relationship accordingly, and generating first characteristic data for the first data set according to the first characteristic relationship.
  - 6. The computing environment security method according to claim 5, wherein step (c) further comprises:
    - analyzing executable code associated with the elements and a layout in the at least one user interface indicated in the first data set to obtain relationships between the elements and corresponding processing events, and names and numbers of corresponding application program interfaces, to determine a second characteristic relationship accordingly, and generating second characteristic data for the first data set according to the second characteristic relationship.
  - 7. The computing environment security method according to claim 6, wherein step (d) comprises:
    - determining similarity metadata with respect to the user interface aspect according to the first characteristic data, the second characteristic data of the first data set, and the search result, corresponding to characteristic data obtained from the database and corresponding to the first and second characteristic data within respective corresponding distances;
      
      determining the similarity of the application package to be tested based on the similarity metadata with respect to the user interface aspect, wherein the similarity of the application package to be tested is a similarity between the application package to be tested and an application package indicated in the database which corresponds to the search result; and
      
      determining whether the application package to be tested is the repackaged application package according to the similarity of the application package to be tested.
  - 8. The computing environment security method according to claim 1, wherein the contents with respect to the aspects further comprise contents with respect to a program operation aspect, the at least one data set further comprises a second data set, and the second data set is the contents with respect to the program operation aspect of the application package to be tested.
  - 9. The computing environment security method according to claim 8, wherein step (c) comprises:
    - analyzing relationship of parameters and parameter contents utilized by application program interfaces in executable code indicated in the second data set to determine a second characteristic relationship, and generating first characteristic data for the second data set according to the second characteristic relationship.
  - 10. The computing environment security method according to claim 8, wherein step (c) comprises:
    - analyzing a data flow of executable code indicated in the second data set to determine a third characteristic relationship based on a plurality of input data, operations undergone by the plurality of input data, and corresponding final operations of the plurality of input data in the second data set, and generating first characteristic data for the second data set according to the third characteristic relationship;
      
      wherein the operations undergone by the plurality of input data and the corresponding final operations of the plurality of input data are associated with application program interfaces in code flow of the second data set.
  - 11. The method according to claim 8, wherein step (d) comprises:
    - determining similarity metadata with respect to the user interface aspect according to characteristic data of the first data set and a first search result corresponding to characteristic data that is obtained from the database and corresponds to the characteristic data of the first data set within a first corresponding distance;
      
      determining similarity metadata with respect to the program operation aspect according to characteristic data of the second data set, and a second search result corresponding to characteristic data that is obtained from the database and corresponds to the characteristic data of the second data set within a second corresponding distance;
      
      determining the similarity of the application package to be tested based on the similarity metadata with respect to the user interface aspect and the similarity metadata with respect to the program operation aspect, wherein the similarity of the application package to be tested is a similarity between the application package to be tested and an application package indicated in the database which corresponds to the first and second search results; and
      
      determining whether the application package to be tested is the repackaged application package according to the similarity of the application package to be tested.
  - 12. The computing environment security method according to claim 8, wherein the contents with respect to the aspects further comprise contents with respect to a resource usage aspect, the at least one data set further comprises a third data set, and the third data set is the contents with respect to the resource usage aspect of the application package to be tested.
  - 13. The computing environment security method according to claim 12, wherein step (c) comprises:
    - analyzing relationships of resources indicated in the third data set to determine a fourth characteristic relationship, and generating characteristic data for the third data set according to the fourth characteristic relationship.
  - 14. The computing environment security method according to claim 13, wherein the relationships of resources are relationships of permissions setting requested by the application package to be tested.
  - 15. The computing environment security method according to claim 13, wherein the relationships of resources are relationships of non-code content in the application package to be tested.
  - 16. The computing environment security method according to claim 12, wherein step (d) comprises:
    - determining similarity metadata with respect to the user interface aspect according to characteristic data of the first data set and a first search result corresponding to characteristic data that is obtained from the database and corresponds to the characteristic data of the first data set within a first corresponding distance;
      
      determining similarity metadata with respect to the program operation aspect according to characteristic data of the second data set and a second search result corresponding to characteristic data that is obtained from the database and corresponds to the characteristic data of the second data set within a second corresponding distance;
      
      determining similarity metadata with respect to the resource usage aspect according to characteristic data of the third data set and a third search result corresponding to characteristic data that is obtained from the database and corresponds to the characteristic data of the third data set within a third corresponding distance;
      
      determining the similarity of the application package to be tested based on the similarity metadata with respect to the user interface aspect, the similarity metadata with respect to the program operation aspect, and the similarity metadata with respect to the resource usage aspect;
      
      wherein the similarity of the application package to be tested is a similarity between the application package to be tested and an application package indicated in the database and corresponding to the first, second, and third search results; and
      
      determining whether the application package to be tested is the repackaged application package according to the similarity of the application package to be tested.
  - 17. A non-transitory computing system readable storage medium, recording a plurality of instructions executable by a computing system, for executing steps of the computing environment security method of claim 1 when the computing system executes the instructions.

18. An electronic computing system, comprising:
- a communication unit; and
  
  a control unit, for receiving an application package to be tested through the communication unit, and the control unit at least;
  
  dissolves the application package to be tested to obtain at least one data set;
  
  wherein the application package to be tested comprises contents with respect to a plurality of aspects, and each of the at least one data set is contents with respect to one of a plurality of aspects of the application package to be tested, wherein the contents with respect to the aspects comprise contents with respect to a user interface aspect, the at least one data set comprises a first data set, and the first data set is the contents with respect to the user interface aspect of the application package;
  
  for each of the at least one data set, analyzes a characteristic relationship of the contents with respect to the aspect corresponding to the data set to generate characteristic data for the data set according to the characteristic relationship;
  
  determines whether the application package to be tested is a repackaged application package according to the characteristic data of the at least one data set and a search result obtained from a database to generate a determination result;
  
  wherein the search result corresponds to the characteristic data within a corresponding distance, and the electronic computing system processes the application package to be tested according to the determination result.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The electronic computing system according to claim 18, further comprising:
    - a database unit, comprising characteristic data associated with the aspects corresponding to a plurality of application packages;
      
      wherein the electronic computing system is a server system, which declines a release request when the application package to be tested is determined as the repackaged application package and a malicious program to prohibit the application package to be tested from being released.
  - 20. The electronic computing system according to claim 18, being an electronic device obtains the search result from a database unit by the communication unit of the electronic computing system via a communication link.
  - 21. The electronic computing system according to claim 20, wherein when the application package to be tested is determined as the repackaged application package and a malicious program according to the determination result, the electronic computing system declines installation of the application package to be tested.
  - 22. The electronic computing system according to claim 20, wherein when the control unit determines that the application package to be tested is not the repackaged application package and is a new application package, the electronic computing system sends the characteristic data of the at least one data set to the database unit via the communication link and stores the characteristic data of the at least one data set in the database unit.
  - 23. The electronic computing system according to claim 18, wherein the contents with respect to the aspects further comprise contents with respect to a program operation aspect, the at least one data set further comprises a second data set, and the second data set is the contents with respect to the program operation aspect of the application package.
  - 24. The electronic computing system according to claim 23, wherein the control unit:
    - determines similarity metadata with respect to the user interface aspect according to characteristic data of the first data set and a first search result corresponding to characteristic data that is obtained from the database and corresponds to the characteristic data of the first data set within a first corresponding distance; and
      
      determines similarity metadata with respect to the program operation aspect according to characteristic data of the second data set and a second search result corresponding to characteristic data that is obtained from the database and corresponds to the characteristic data of the second data set within a second corresponding distance; and
      
      determines the similarity of the application package to be tested based on the similarity metadata with respect to the user interface aspect and the similarity metadata with respect to the program operation aspect, and determines whether the application package to be tested is the repackaged application package, wherein the similarity of the application package to be tested is a similarity between the application package to be tested and an application package indicated in the database and corresponding to the first and the second search results.
  - 25. The electronic computing system according to claim 23, wherein the contents with respect to the aspects further comprise contents with respect to a resource usage aspect, the at least one data set further comprise a third data set, and the third data set is the contents with respect to the resource usage aspect in the application package.
  - 26. The electronic computing system according to claim 25, wherein the control unit:
    - determines similarity metadata with respect to the user interface aspect according to characteristic data of the first data set and a first search result corresponding to characteristic data that is obtained from the database and corresponds to the characteristic data of the first data set within a first corresponding distance; and
      
      determines similarity metadata with respect to the program operation aspect according to characteristic data of the second data set and a second search result corresponding to characteristic data that is obtained from the database and corresponds to the characteristic data of the second data set within a second corresponding distance;
      
      determines similarity metadata with respect to the resource usage aspect according to characteristic data of the third data set and a third search result corresponding to characteristic data that is obtained from the database and corresponds to the characteristic data of the third data set within a third corresponding distance; and
      
      determines the similarity of the application package to be tested based on the similarity metadata with respect to the user interface aspect, the similarity metadata with respect to the program operation aspect, and the similarity metadata with respect to the resource usage aspect, and determines whether the application package to be tested is the repackaged application package;
      
      wherein the similarity of the application package to be tested is a similarity between the application package to be tested and an application package indicated in the database and corresponding to the first and the second and the third search results.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Industrial Technology Research Institute
Original Assignee
Industrial Technology Research Institute
Inventors
Wang, Pang-Chieh, Shi, Jun-Bin, Yang, Shu-Fen, Chen, Jun-Yu
Primary Examiner(s)
CHEN, ALAN S

Application Number

US13/741,426
Publication Number

US 20140020094A1
Time in Patent Office

875 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/57   Certifying or maintaining t...

G06F 2221/033   Test or assess software

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/123   received data contents, e.g...

H04L 63/168   above the transport layer

Computing environment security method and electronic computing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

25 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Computing environment security method and electronic computing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others