An integrity check method for remote network service

Abstract

The utility model provides an integrity detecting method for the remote network service, which comprises a network service test protocol and a test system for the integrity at the server end; wherein, the protocol stipulates that the customer requests testing the integrity of the specific network by sending a message in a specific format to the specific network port of the remote server, and the message is expected to specify the interception port used in the network service to be tested. After receiving the request for testing, the remote server judges the current safety status of the specific network service by inspecting the integrity of the corresponding service progress, the corresponding service program image file and other relevant files based on the network service strategy, and feed back the test results to the customer, thus establishing a reliable path for the remote users to access network service. The method can be widely applied to various network service and is admirably accessible, moreover, the method is compatible with common server terminals and client terminals; the method can be implemented by a reliable module or process of the server terminal, therefore, the reliability does not depend on a specific network service program and is insusceptible to the intrusion of any malicious programs.

Description

technical field [0001] The invention relates to the field of information security, in particular to the security guarantee technology of remote network services. Background technique [0002] A security system must provide a mechanism to ensure that the user's path to the system is safe and credible, free from malicious program intrusion or forgery. For accessing the system through a local terminal, the existing operating system generally provides a trusted path mechanism. There are two common implementation methods: one is to reserve an uncoverable warning area on the display output interface of the system for Indicates the current security state of the system, and provides a mechanism for the user to call to switch the system to a secure state; the second is the Secure Attention Key (SAK) mechanism. The SAK key settings used by different systems may be different, and the title and specific processing may also be different, but the basic principle is the same, that is, the...

AI Technical Summary

Problems solved by technology

[0006] The universality, scalability and application compatibility of this remote trusted path scheme, which relies on the implementation of the network service program, are poor

In order to support a new network service, the network application protocol and server program must be modified, and sometimes it is difficult or even impossible to modify the network application protocol; for trusted access to each network service, in addition to the dedicated server-side program, it must also With specially supported client programs, this requires re-providing a complete set of server-side and client-side programs without reusing existing programs

The more important problem is that this scheme actually requires complete trust in the service routines of network services, and cannot deal with the security loopholes in the service program itself, and the situation that it is invaded or replaced by malicious programs.

However, since network service programs usually run in the application layer process context like ordinary applications, there is also the possibility of being infected by malicious programs, and cannot be fully trusted

Images