CN103559591B - Software management system based on trust computing and management method - Google Patents
Software management system based on trust computing and management method Download PDFInfo
- Publication number
- CN103559591B CN103559591B CN201310582274.1A CN201310582274A CN103559591B CN 103559591 B CN103559591 B CN 103559591B CN 201310582274 A CN201310582274 A CN 201310582274A CN 103559591 B CN103559591 B CN 103559591B
- Authority
- CN
- China
- Prior art keywords
- software
- credible
- template
- installation
- trusted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Stored Programmes (AREA)
Abstract
The present invention discloses a kind of software management system based on trust computing and management method, described management system is included credible administrative center and is connected to the trusted terminal proxy module of credible administrative center by network, and described management method comprises the steps: the installation of credible administrative center and initialization, the installation of credible administration agent and initialization, software registration, credible tactful collection, software kit warehouse-in, configuration software template and the enforcement template of trusted terminal.The centralized management of all application in the high efficiency information system achieved trusted computer of the present invention, improves security reliability.
Description
[technical field]
The present invention relates to a kind of software management system based on trust computing and management method, belong to information security
Field, especially for software management system based on trust computing and management method based on this management system.
[background technology]
Current reliable computing technology numerous studies existing for the root of trust construction of unit and transitive trust and
Practice, and existing relevant criterion draft appearance (" trust computing specification third portion: credible base support programs ").
But for how, the overall information system being distributed under network environment is carried out the technology solution of credible management and protection
Certainly scheme then becomes the trend of development in current reliable computing technology.
[summary of the invention]
The present invention is directed to the software information management system with credible regulatory requirement, by credible administrative center to soft
In part information system, the deployment ruuning situation of all softwares carries out centralized management, improves the software information of trust computing
The safety of management system.
For realizing above-mentioned technical purpose, the present invention provides a kind of software information based on trust computing to manage system
Management method, described management system includes credible administrative center and connects credible administrative center by network
Trusted terminal, described trusted terminal includes that credible administration agent, described management method comprise the steps:
(1) software information based on trust computing manages installation and the initialization of system;
(2) credible administrative center receives software installation kit and relevant information, registers after checking;
(3) credible administrative center the software of described software installation kit is pre-installed, dependency analysis, strategy
Acquisition operations;
(4) credible administrative center is by described software installation kit, software information, software dependence and credible plan
Slightly pack and sign and generate trusted software bag and preserve;
(5) credible administrative center configures trusted terminal software installation form, and foundation according to software dependence
Corresponding trusted software bag is pushed to successively by trusted terminal software installation form by dependence can
Letter terminal;
(6) credible strategy and credible strategy associated documents are protected by trusted terminal, and pacify described software
The software of dress bag is installed and is controlled, and " associated documents " of this step refer to wrap in trusted software bag
The application that contains, script, dynamic base, kernel module etc. perform associated documents;
(7) credible administration agent is according to the instruction of credible administrative center, soft to specified trusted software bag
Part carries out installed/updated/unloading operation, updates corresponding credible strategy.
Management method as above, in described step (6), control installed by the software to described software installation kit
Including only allowing the amendment of credible administration agent and installing the software of described software installation kit.
Management method as above, described step (1) software information based on trust computing management system
With initializing, installation includes that the installation of credible administrative center and the installation of initialization and credible administration agent are with initial
Change.
Management method as above, described credible administrative center includes managing module, credible warehouse and gathering eventually
End, the management process of described management module includes verifying software source, to acquisition software packet signature, configuration template
With issue template, described credible warehouse preserve and management trusted software bag, described acquisition terminal pre installation software package,
Check software dependence, gather credible strategy and establishment acquisition software bag.
Management method as above, described step (2) comprises the steps:
(2.1) credible administrative center receives software installation kit and software information;
(2.2) check whether software installation kit has digital signature, if software installation kit does not has digital signature, then
This software kit being registered as other software, and terminates, if there being digital signature, entering next step;
(2.3) check that the digital signature of software installation kit is the most legal, if software installation kit signature is illegal,
Then this software kit is registered as other software, and terminates, if it is legal to sign, enter next step;
(2.4) software installation kit is registered as trusted software.
Management method as above, the software information in described step (2.1) includes program installation kit, journey
Sequence title, version number, software type, software manual.
Management method as above, described step (3) comprises the steps:
(1) opening installation tool, installation procedure starts;
(2) installation targets software, in installation process, automatically record the release of this installation kit and revised all
File is for installing record;
(3) after installing and terminating, installation tool filters installs record, obtains relevant all of target software and holds
Style of writing part (comprising application, dynamic base, kernel module), script, registry entry and startup
Service;
(4) record is installed in installation tool analysis, checks the dependence of wherein All Files and collects, concludes
For dependence file;
(5) installation tool calculates and installs the hash value of All Files in record, is recorded as credible strategy;
(6) packing source software, credible strategy, dependence file, generates acquisition software bag.
Management method as above, described step (4) generates the step of trusted software bag and includes:
(1) management module receives the acquisition software bag that acquisition terminal is sent;
(2) management module resolves acquisition software bag and dependence, generates index file;
(3) management module generates trusted software bag to acquisition software packet signature, and is stored in credible warehouse;
(4) identification code that this acquisition software wraps in credible warehouse is stored in index file by management module.
Management method as above, described administrative template configures trusted terminal according to software dependence
Software installation form, including creating, revise, issue, deleting template.
Management method as above, the method for described drawing template establishment, comprise the steps:
(1) manager sets up blank template;
(2) manager adds the software that trusted terminal needs to run in blank template;
(3) management module automatically analyzes the dependence of selected software, the software kit relied on by selected software
Add administrative template.
Management method as above, the amendment of described template, comprise the steps:
(1) template to be revised is selected;
(2) add or delete original target software in template;
(3) management module reanalyses support programs according to new target software combination, adds template.
Management method as above, issuing of described template, comprise the following steps that
(1) select template to be issued and corresponding trusted terminal, initiate to issue operation;
(2) judge whether trusted terminal has template, if it has not, then jump to the 6th step;
(3) the original template managing module this trusted terminal of comparison and the software change currently issued between template
Situation, if not having the template of correspondence, then it is assumed that except behaviour in current template before this trusted terminal
Make the outer all software kits of system and be new clothes software kit;
(4) if current template comprises original template, do not need the software kit of unloading, then labelling issues template
In all softwares be software need to be installed, skip to following step (6);
(5) management module is suitable by the be ranked unloading of uninstall bag of the principle of " after the software being relied on unload "
Sequence, generates unloading command sequence, and notice trusted terminal performs unloading operation successively;
(6) management module is ranked according to " software being relied on first is installed " principle and need to install trusted software bag
Erection sequence;
(7) management module notifies that credible warehouse generates the disposable download link that need to install software kit;
(8) management module presses trusted software bag erection sequence, download link life is encapsulated as software kit installation and refers to
Make sequence;
(9) notice specifies trusted terminal to start template implementing procedure, and issues job sequence successively, until peace
Install into.
Management method as above, the deletion of described administrative template, comprise the following steps that
(1) template to be deleted is selected;
(2) management this template of module check is the most applied by trusted terminal, if any, then deletion disabled
And point out, if it is not, enter next step;
(3) appointment template is deleted.
Management method as above, described step (6) trusted terminal is to credible strategy and credible strategy indication
Fixed file is protected, and comprises the steps:
(1) file operation behavior in trusted terminal inspection system, intercepts credible strategy and credible strategy indication
The amendment operation that fixed file is carried out;
(2) judge whether this amendment operation is received credible administration agent and initiated, as no, then forbid amendment;
(3) amendment is allowed.
Management method as above, the software installation of described software installation kit is controlled by described trusted terminal,
Comprise the steps:
(1) behavior installed by the software in trusted terminal inspection system;
(2) judge whether this installation operation is received credible administration agent and initiated, as no, then forbid;
(3) allow to install.
Management method as above, described step (7) farther includes following steps:
(1), when trusted terminal is run, timing is connected to administrative center, reports this trusted terminal running status;
(2) credible administrative center issues flow process by template and generates operational order sequence, and making present instruction is sequence
In Article 1;
(3) credible administrative center issues present instruction;
(4) after trusted terminal accepts instruction, by instruction sign test/installation/uninstall bag, and correspondence updates plan
Slightly;
(5) trusted terminal returns operating result to credible administrative center;
(6) if operating successfully, administrative center continues to send next instruction, otherwise retransmits present instruction;
(7) above 3-6 step is repeated, until all instructions of described operational order sequence are all successfully completed;
(8) credible administrative center sends installation information to trusted terminal.
As it has been described above, the management method of the present invention, it is ensured that the concordance of software version in information system, increase eventually
End software and the credibility of corresponding credible strategy thereof, improves safety, additionally, the present invention also to simplify terminal soft
The management process of part environment, improves credible strategy collecting efficiency.
[accompanying drawing explanation]
Fig. 1 is the system diagram of information system software based on the trust computing management system of the present invention.
Fig. 2 is the management flow chart of the management system of the present invention.
Fig. 3 is installation and the initialization flowchart of credible administrative center.
Fig. 4 is installation and the initialization flowchart of credible administration agent.
Fig. 5 is the structure chart of the credible administrative center of the management system of the present invention.
Fig. 6 is software registration and the warehouse-in flow chart of the software management system of the present invention.
Fig. 7 is the tactful collecting flowchart figure of the present invention.
Fig. 8 is the software warehouse-in flow chart of the software management system of the present invention.
Fig. 9 is the template establishment flow chart of the software management system of the present invention.
Figure 10 is the template modification process figure of the software management system of the present invention.
Figure 11 is that the template of the software management system of the present invention issues flow chart.
Figure 12 is that the template of the software management system of the present invention deletes flow chart.
Figure 13 is the trusted terminal structure chart of the software management system of the present invention.
Figure 14 is the trusted terminal protection flow chart to the file specified by credible strategy and credible strategy.
Figure 15 is that trusted terminal stops illegal software installation procedure figure.
Figure 16 is the trusted terminal application template flow chart of the software management system of the present invention.
[detailed description of the invention]
Technological means and effect that predetermined purpose is taked is reached, below in conjunction with accompanying drawing by the present invention is expanded on further
And embodiment, architectural feature, concrete structure and the effect thereof to the present invention, describe in detail as follows.
The present invention closing information system software based on trust computing management system include credible administrative center and
Trusted terminal, system structure is as it is shown in figure 1, credible administrative center is connected by network and manages each credible end
End.
Credible administrative center, as the core of the software management system of the present invention, is responsible for checking software source information,
Trusted terminal software environment is carried out templating management, and stores trusted software.
Trusted terminal disposes the computing terminal of trust computing function, is responsible for according to can fuse tube in software management system
The instruction at reason center, perform concrete software kit receive, install, unloading operation.
Refering to Fig. 2, the management process of the software management system of the present invention comprises the steps:
(1) system is installed and initializes flow process;
(2) register after credible administrative center receives software installation kit and relevant information, checking;
(3) credible administrative center trusted software is pre-installed, dependency analysis, strategy acquisition operations;
(4) credible administrative center is by software installation kit, software relevant information, software dependence and credible plan
Slightly pack, and after signature, preserve (hereafter the software kit after signature being referred to as trusted software bag);
(5) credible administrative center is according to software dependence configurating terminal software installation form, and according to template,
Relevant trusted software bag is pushed to successively by dependence terminal;
(6) trusted terminal is according to the instruction of credible administrative center, and designated software carries out installed/updated/unloading
Operation, updates the credible strategy of correspondence simultaneously.
Refering to Fig. 3, the installation of the credible administrative center of the present invention and initialization following steps:
(1) credible administrative center software is installed;
(2) certificate management list, terminal management list, policy template list, trusted software bag index are created
List;
(3) credible administrative center generates signing certificate pair;
(4) credible administrative center imports trusted software developer's public key certificate;
(5) credible administrative center imports preset trusted software bag, manipulative indexing list and policy template list;
Refering to Fig. 4, the installation of the credible administration agent of the present invention and initialization following steps:
(1) trusted terminal installs credible administration agent;
(2) trusted terminal initiates application for registration to credible administrative center;
(3) this terminal is added terminal list by credible administrative center;
(4) credible administrative center issues administrative center's public signature key to trusted terminal;
(5) trusted terminal preserves the public signature key of credible administrative center.
Composition and the principle of the administrative center of the present invention are described specifically below.
Fig. 5 is the structural design drawing of the credible administrative center of the present invention.Credible administrative center include manage module,
Credible warehouse and acquisition terminal.
Management module management function include verify software source, to acquisition software packet signature, configuration template and under
Send out template.The function in credible warehouse includes preserving and management trusted software bag.The function of acquisition terminal includes pre-peace
Fill software, inspection software dependence, gather credible strategy and establishment acquisition software bag.
The acquisition terminal disposable collection to credible strategy, simplifying tradition trusted terminal each software installation will
Carry out the loaded down with trivial details flow process of strategy collection, greatly improve the collecting efficiency of credible strategy, will originally be distributed in simultaneously
The strategy generating action of each terminal concentrates on administrative center, improves security of system, and is the concentration label of strategy
Name and management provide the foundation.
Credible warehouse is the exclusive source running software in trusted terminal, it is achieved thereby that software version in information system
This concordance.
Software kit source is verified and registers by management module, credible strategy is concentrated and signed and terminal software
Templating manage, it is achieved that to the centralized Control of software arrangements in whole information system, ensured policy store and
Credible in transmitting procedure, and can provide for application safety problem that may be present and trace foundation.Management module
It is a software part of administrative center, comprises interface, operation logic two parts, refering to description Fig. 5 and right
Should illustrate;Administrative template is administrative center's data structure for configurating terminal software installment state, see Fig. 9,
10,11,12 and corresponding explanation.
The management process of the credible administrative center of the present invention includes software registering flow path, strategy collecting flowchart, software
Warehouse-in flow process and Template Manager flow process.In detail below each specific works flow process of administrative center is described in detail and
Explanation.
Comprise the steps: refering to Fig. 6, software registration and warehouse-in flow process
(1) credible administrative center receives software and software information, including program installation kit, program name,
Version number, software type, software manual;
(2) check whether software kit has digital signature;
(3) not having digital signature such as software kit, then this software kit is registered as other software, flow process terminates;
(4) check that the digital signature of software kit is the most legal;
(5) as illegal in software kit signature, then this software kit is registered as other software, flow process terminates;
(6) software kit being registered as trusted software, flow process terminates.
Refering to Fig. 7, strategy collecting flowchart refers to after software has been registered, acquisition terminal carry out credible strategy
Gathering, and generate the workflow of acquisition software bag, software collection flow process comprises the steps:
(1) opening installation tool, installation procedure starts;
(2) installation targets software, in installation process, automatically record the release of this installation kit and revised all
File is for installing record;
(3) after installing and terminating, installation tool filters installs record, obtains relevant all of target software and holds
Style of writing part (comprising application, dynamic base, kernel module), script, registry entry and startup
Service;
(4) record is installed in installation tool analysis, checks the dependence of wherein All Files and collects, concludes
For dependence file;
(5) installation tool calculates and installs the hash value of All Files in record, is recorded as credible strategy;
(6) packing source software, credible strategy, dependence file, generates acquisition software bag.
Refering to Fig. 8, the software warehouse-in flow process of the software management system of the present invention includes trusted software bag is set up rope
Draw and put in storage, comprising the steps:
(1) management module receives the acquisition software bag that acquisition terminal is sent;
(2) management module resolves acquisition software bag and dependence, generates index file;(comprise program name
Title, version number, dependence, program description)
(3) management module is to acquisition software packet signature (after signature, acquisition software bag is referred to as trusted software bag),
And it is stored in credible warehouse;
(4) identification code that this acquisition software wraps in credible warehouse is stored in index file by management module.
The template management function of the software management system of the present invention can rely on according to software close based on index file
It it is configurating terminal software installation form.The management of template is divided into establishment, revises, issue, delete four kinds of flow processs.
It is respectively described for these four kinds of flow processs and illustrates separately below.
Refering to Fig. 9, the flow process of the drawing template establishment of the Template Manager of the present invention, comprise the following steps that
(1) manager sets up blank template;
(2) manager adds the software (referred to as target software) that terminal needs to run in blank template;
(3) management module automatically analyzes the dependence of selected software, the software kit relied on by selected software
(referred to as support programs) add template;
(4) template configuration is completed.
Refering to Figure 10, the method for the modification process of Template Manager, comprise the following steps that
(1) manager selects template to be revised;
(2) manager adds or deletes original target software in template;
(3) management module reanalyses support programs according to new target software combination, adds template;
(4) template configuration is completed.
Refering to Figure 11, the flow process that issues of Template Manager comprises the following steps that
(1) manager selects template to be issued and corresponding trusted terminal, initiates to issue operation;
(2) judge whether terminal has template, if it has not, then jump to the 6th step;
(3) manage the module comparison original template of this trusted terminal and currently issue software change situation between template,
If there is no corresponding templates before this terminal, then it is assumed that in current template, division operation system is outer all soft
Part bag is new clothes software kit;
(4) if current template comprises original template, the most do not need the software kit of unloading, then labelling issues mould
In plate, all softwares are and need to install software, skip to the 6th step;
(5) management module is suitable by the be ranked unloading of uninstall bag of the principle of " after the software being relied on unload "
Sequence, generates unloading command sequence, and notice trusted terminal performs unloading operation successively;
(6) management module is ranked according to " software being relied on first is installed " principle and need to install trusted software bag
Erection sequence;
(7) management module notifies that credible warehouse generates the disposable download link that need to install software kit;
(8) management module presses trusted software bag erection sequence, download link life is encapsulated as software kit installation and refers to
Make sequence;
(9) notice specifies trusted terminal to start template implementing procedure, and issues job sequence successively, until peace
Install into (the module implementing procedure of this step correspondence trusted terminal of *).
Refering to Figure 12, the method for the deletion flow process of Template Manager, comprise the following steps that
(1) manager selects template to be deleted;
(2) management this template of module check is the most applied by trusted terminal, if any, then deletion disabled is also
Prompting;
(3) appointment template is deleted.
Refering to Figure 13, for the structure design of the trusted terminal of the present invention.The trusted terminal of present invention design is passed through
Realize at the credible administration agent possessing basic trust computing function.Wherein, " basic trust computing function " bag
Include: (1) trust chain authentication function;(2) protection has added the application of trust not by the function of malicious modification;(3)
Forbid unknown software being arbitrarily installed and updating the function of existing software.
Implementing of above-mentioned basic trust computing function refers to China's standard " trust computing specification the 3rd
Part: credible base support programs " and the relevant documentation issued of Trusted Computing Group (TCG).
Under the support of above-mentioned basis trust computing function, the present invention passes through trusted code module, it is achieved can fuse tube
The management based on template that software in trusted terminal is installed, updated, unloads by reason center.
The workflow of trusted terminal of the present invention includes the guarantor to the file specified by credible strategy and credible strategy
Protect flow process, the control flow that software is installed, the application template flow process of credible administration agent.Flowed by these
The enforcement of journey, it is ensured that only having credible administration agent can configure the software environment of trusted terminal and revise,
I.e. ensure that only through administrative center's signature software could installation and operation in systems, thus prevent external
The installation of illegal software and to the illegal modifications installing software, it is ensured that in system the concordance of software version and
Terminal software and the credibility of corresponding credible strategy thereof.
Refering to Figure 14, the protection flow process to the file specified by credible strategy and credible strategy, including following
Step:
(1) file operation behavior in trusted terminal inspection system, intercepts credible strategy and credible strategy indication
The amendment operation that fixed file is carried out.
(2) judge whether this amendment operation is received credible administration agent and initiated, as no, then forbid amendment.
(3) amendment is allowed.
Refering to Figure 15, the control flow that software is installed, comprise the following steps that
(1) installation of the software in trusted terminal inspection system behavior (refers to executable file and associated script, chain
The establishment behavior connect).
(2) judge whether this installation operation is received credible administration agent and initiated, as no, then forbid.
(3) allow to install.
Refering to Figure 16, the application template flow process to credible administration agent, comprise the following steps that
(1), when trusted terminal is run, timing is connected to administrative center, reports this terminal running state;
(2) credible administrative center generates operational order sequence by " template issues flow process ", and instruction includes " behaviour
Make mode (installing/unloading), software kit mark (dbase and version number), download link
(effective when only installing) ", making present instruction is the Article 1 in sequence;
(3) credible administrative center issues present instruction;
(4) after trusted terminal accepts instruction, by instruction sign test/installation/uninstall bag, and correspondence updates plan
Slightly;
(5) trusted terminal returns operating result to administrative center;
(6) if operating successfully, administrative center continues to send next instruction, otherwise retransmits this instruction;
(7) above 3-6 step is repeated, until all instructions are all successfully completed;
(8) credible administrative center sends installation information to trusted terminal.
The above embodiment of the present invention is only in order to illustrate principle and the structure of the present invention, and those skilled in the art are accordingly
Made any apparent conversion implementer, all within protection scope of the present invention.
Claims (16)
1. a management method for software management system based on trust computing, described management system includes can
Believing administrative center and connected the trusted terminal of credible administrative center by network, described trusted terminal includes can fuse tube
Reason agency, it is characterised in that described management method comprises the steps:
(1) software information based on trust computing manages installation and the initialization of system;
(2) credible administrative center receives software installation kit and relevant information, registers after checking;
(3) credible administrative center the software of described software installation kit is pre-installed, dependency analysis, strategy
Acquisition operations;
(4) credible administrative center is by described software installation kit, software information, software dependence and credible plan
Slightly pack and sign and generate trusted software bag, and preserve;
(5) credible administrative center configures trusted terminal software installation form, and foundation according to software dependence
Corresponding trusted software bag is pushed to trusted terminal successively by trusted terminal software installation form by dependence;
(6) credible strategy and credible strategy associated documents are protected by trusted terminal, and pacify described software
The software of dress bag is installed and is controlled;
(7) credible administration agent is according to the instruction of credible administrative center, soft to specified trusted software bag
Part carries out installed/updated/unloading operation, updates corresponding credible strategy.
2. management method as claimed in claim 1, it is characterised in that to described soft in described step (6)
The software of part installation kit is installed control and is included only allowing the amendment of credible administration agent and installing described software installation kit
Software.
3. management method as claimed in claim 1, it is characterised in that described step (1) is based on credible meter
The software information management installation of system calculated and initialization, including credible administrative center installation with initialize and can
The installation of letter administration agent and initialization.
4. management method as claimed in claim 1, it is characterised in that credible administrative center includes managing mould
Block, credible warehouse and acquisition terminal, the management process of described management module includes verifying software source, to collection
Software kit signature, configuration template and issue template, described credible warehouse preserves and management trusted software bag, described
Acquisition terminal pre installation software package, check software dependence, gather credible strategy and establishment acquisition software bag.
5. management method as claimed in claim 1, it is characterised in that described step (2) includes walking as follows
Rapid:
(2.1) credible administrative center receives software installation kit and software information;
(2.2) check whether software installation kit has digital signature, if software installation kit does not has digital signature, then
This software kit being registered as other software, and terminates, if there being digital signature, entering next step;
(2.3) check that the digital signature of software installation kit is the most legal, if software installation kit signature is illegal,
Then this software kit is registered as other software, and terminates, if it is legal to sign, enter next step;
(2.4) software installation kit is registered as trusted software.
6. management method as claimed in claim 5, it is characterised in that the software in described step (2.1)
Information includes program installation kit, program name, version number, software type, software manual.
7. management method as claimed in claim 1, it is characterised in that described step (3) includes walking as follows
Rapid:
(3.1) opening installation tool, installation procedure starts;
(3.2) installation targets software, in installation process, records the release of this installation kit and the institute revised automatically
Having file is to install record;
(3.3) after installing and terminating, installation tool filters installs record, and obtaining relevant all of target software can
Perform file, script, registry entry and the service of startup;
(3.4) record is installed in installation tool analysis, checks the dependence of wherein All Files and collects, returns
Receive as dependence file;
(3.5) installation tool calculates and installs the hash value of All Files in record, is recorded as credible strategy;
(3.6) packing source software, credible strategy, dependence file, generates acquisition software bag.
8. management method as claimed in claim 1, it is characterised in that described step (4) including:
(4.1) management module receives the acquisition software bag that acquisition terminal is sent;
(4.2) management module resolves acquisition software bag and dependence, generates index file;
(4.3) management module generates trusted software bag to acquisition software packet signature, and is stored in credible warehouse;
(4.4) identification code that this acquisition software wraps in credible warehouse is stored in index file by management module.
9. management method as claimed in claim 4, it is characterised in that described administrative template is according to soft
The software installation form of part dependence configuration trusted terminal, including creating, revise, issue, deleting template.
10. management method as claimed in claim 9, it is characterised in that the side of described drawing template establishment
Method, comprises the steps:
(1) manager sets up blank template;
(2) manager adds the software that trusted terminal needs to run in blank template;
(3) management module automatically analyzes the dependence of selected software, the software kit relied on by selected software
Add administrative template.
11. management methods as claimed in claim 9, it is characterised in that the amendment of described template, including
Following steps:
(1) template to be revised is selected;
(2) add or delete original target software in template;
(3) management module reanalyses support programs according to new target software combination, adds template.
12. management methods as claimed in claim 9, it is characterised in that give out a contract for a project under described template
Include the steps:
(1) select template to be issued and corresponding trusted terminal, initiate to issue operation;
(2) judge whether trusted terminal has template, if it has not, then jump to the 6th step;
(3) the original template managing module this trusted terminal of comparison and the software change currently issued between template
Situation, if not having the template of correspondence, then it is assumed that except behaviour in current template before this trusted terminal
Make the outer all software kits of system and be new clothes software kit;
(4) if current template comprises original template, do not need the software kit of unloading, then labelling issues template
In all softwares be software need to be installed, skip to following step (6);
(5) management module is suitable by the be ranked unloading of uninstall bag of the principle of " after the software being relied on unload "
Sequence, generates unloading command sequence, and notice trusted terminal performs unloading operation successively;
(6) management module is ranked according to " software being relied on first is installed " principle and need to install trusted software bag
Erection sequence;
(7) management module notifies that credible warehouse generates the disposable download link that need to install software kit;
(8) management module presses trusted software bag erection sequence, download link life is encapsulated as software kit installation and refers to
Make sequence;
(9) notice specifies trusted terminal to start template implementing procedure, and issues job sequence successively, until peace
Install into.
13. management methods as claimed in claim 9, it is characterised in that the deletion of described administrative template
Comprise the following steps that
(1) template to be deleted is selected;
(2) management this template of module check is the most applied by trusted terminal, if any, then deletion disabled
And point out, if it is not, enter next step;
(3) appointment template is deleted.
14. management methods as claimed in claim 1, it is characterised in that described step (6) credible end
File specified by credible strategy and credible strategy is protected by end, comprises the steps:
(6.1) file operation behavior in trusted terminal inspection system, intercepts credible strategy and credible strategy institute
The amendment operation that the file specified is carried out;
(6.2) judge whether this amendment operation is received credible administration agent and initiated, if so, enter next step,
As no, then forbid amendment;
(6.3) amendment is allowed.
15. management methods as claimed in claim 1, it is characterised in that described step (6) credible end
Hold the software to described software installation kit to install to be controlled, comprise the steps:
(6.1) behavior installed by the software in trusted terminal inspection system;
(6.2) judge whether this installation operation is received credible administration agent and initiated, as no, then forbid;
(6.3) allow to install.
16. management methods as claimed in claim 1, it is characterised in that described step (7) is further
Comprise the steps:
(7.1), when trusted terminal is run, timing is connected to administrative center, reports this trusted terminal running status;
(7.2) credible administrative center issues flow process by template and generates operational order sequence, and making present instruction is sequence
Article 1 in row;
(7.3) credible administrative center issues present instruction;
(7.4) after trusted terminal accepts instruction, by instruction sign test/installation/uninstall bag, and correspondence updates
Strategy;
(7.5) trusted terminal returns operating result to credible administrative center;
(7.6) if operating successfully, administrative center continues to send next instruction, otherwise retransmits present instruction;
(7.7) above step (7.3)-step (7.6) is repeated, until all fingers of described operational order sequence
Order is all successfully completed;
(7.8) credible administrative center sends installation information to trusted terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310582274.1A CN103559591B (en) | 2013-11-20 | 2013-11-20 | Software management system based on trust computing and management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310582274.1A CN103559591B (en) | 2013-11-20 | 2013-11-20 | Software management system based on trust computing and management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103559591A CN103559591A (en) | 2014-02-05 |
| CN103559591B true CN103559591B (en) | 2016-10-26 |
Family
ID=50013831
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310582274.1A Active CN103559591B (en) | 2013-11-20 | 2013-11-20 | Software management system based on trust computing and management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103559591B (en) |
Families Citing this family (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103984579B (en) * | 2014-05-30 | 2018-04-13 | 满金标 | More equipment rooms share the method for current application program real-time running state |
| CN105635218B (en) * | 2014-11-05 | 2020-10-16 | 深圳市中兴通讯技术服务有限责任公司 | Software center system |
| CN107305495A (en) * | 2016-04-19 | 2017-10-31 | 华为技术有限公司 | Realize the method and terminal of software installation packet function modification |
| CN112256343B (en) * | 2016-05-10 | 2022-05-10 | 华为技术有限公司 | Software loading method, equipment and system |
| CN106250726A (en) * | 2016-08-10 | 2016-12-21 | 深圳金澜汉源科技有限公司 | Software version state management-control method |
| CN106775716B (en) | 2016-12-15 | 2020-04-17 | 中国科学院沈阳自动化研究所 | Trusted PLC (programmable logic controller) starting method based on measurement mechanism |
| CN106775912A (en) * | 2016-12-15 | 2017-05-31 | 广州视源电子科技股份有限公司 | Software distribution method and system |
| CN109255061A (en) * | 2018-08-13 | 2019-01-22 | 武汉飞游科技有限公司 | A kind of software backstage download management system |
| CN111198694A (en) * | 2018-11-20 | 2020-05-26 | 北京国双科技有限公司 | Software installation method and device |
| CN109861970B (en) * | 2018-12-18 | 2022-04-22 | 北京可信华泰信息技术有限公司 | System based on credible strategy |
| CN109309690B (en) * | 2018-12-28 | 2019-04-02 | 中国人民解放军国防科技大学 | Software white list control method based on message authentication code |
| CN110334517B (en) * | 2019-07-05 | 2021-05-14 | 北京可信华泰信息技术有限公司 | Trusted policy updating method and device and trusted security management platform |
| CN110334516B (en) * | 2019-07-05 | 2023-02-24 | 北京可信华泰信息技术有限公司 | Method and device for updating trusted policy |
| CN110363007B (en) * | 2019-07-05 | 2023-02-28 | 北京可信华泰信息技术有限公司 | Method and device for updating trusted policy |
| CN110677416A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Dynamic measurement method and device and trusted computing terminal |
| CN110704849B (en) * | 2019-09-29 | 2022-03-15 | 北京可信华泰信息技术有限公司 | Client information processing method and device |
| CN110677483B (en) * | 2019-09-29 | 2022-06-24 | 北京可信华泰信息技术有限公司 | Information processing system and trusted security management system |
| CN111565111B (en) * | 2020-03-20 | 2022-07-15 | 国电南瑞科技股份有限公司 | Trusted computing management system and method based on C/S architecture |
| CN111814138B (en) * | 2020-06-30 | 2023-05-02 | 郑州信大先进技术研究院 | Cloud platform-based software security management system |
| CN111898118B (en) * | 2020-07-13 | 2024-04-26 | 北京中软华泰信息技术有限责任公司 | Automatic deduction-based linux software security upgrading system and method |
| CN112101716A (en) * | 2020-08-07 | 2020-12-18 | 广东电网有限责任公司 | Terminal asset management method based on hierarchical decoupling |
| CN112104653B (en) * | 2020-09-15 | 2023-03-14 | 全球能源互联网研究院有限公司 | Trusted computing management method and device for charging system and storage medium |
| CN114356285B (en) * | 2021-04-28 | 2024-05-17 | 上海核工程研究设计院股份有限公司 | Paperless design system and design method thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242297A (en) * | 2007-09-14 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | A method for managing trusted network |
| CN101247410A (en) * | 2008-03-28 | 2008-08-20 | 兰雨晴 | Method for implementing reliable network system based on reliable computation |
| US8254579B1 (en) * | 2007-01-31 | 2012-08-28 | Hewlett-Packard Development Company, L.P. | Cryptographic key distribution using a trusted computing platform |
-
2013
- 2013-11-20 CN CN201310582274.1A patent/CN103559591B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8254579B1 (en) * | 2007-01-31 | 2012-08-28 | Hewlett-Packard Development Company, L.P. | Cryptographic key distribution using a trusted computing platform |
| CN101242297A (en) * | 2007-09-14 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | A method for managing trusted network |
| CN101247410A (en) * | 2008-03-28 | 2008-08-20 | 兰雨晴 | Method for implementing reliable network system based on reliable computation |
Non-Patent Citations (1)
| Title |
|---|
| 可信应用软件管理机制研究;王长辉;《中国优秀硕士学位论文全文数据库信息科技辑》;20120615 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103559591A (en) | 2014-02-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103559591B (en) | Software management system based on trust computing and management method | |
| CN101187867B (en) | Operating system monitoring setting information generating apparatus and operating system monitoring apparatus | |
| CN102736978B (en) | A kind of method and device detecting the installment state of application program | |
| TWI596959B (en) | Device validation, distress indication, and remediation | |
| CN102792307B (en) | The system and method for NS software is provided in virtual environment | |
| EP1897386B1 (en) | Apparatus and methods for managing firmware verification on a wireless device | |
| CN103530534B (en) | A kind of Android program ROOT authorization method based on signature verification | |
| US8769693B2 (en) | Trusted installation of a software application | |
| CN102420902B (en) | A kind of method of classification management over right of using functions and mobile terminal | |
| CN105354493B (en) | Trusted end-user Enhancement Method and system based on virtualization technology | |
| CN102236764B (en) | Method and monitoring system for Android system to defend against desktop information attack | |
| CN101788915A (en) | White list updating method based on trusted process tree | |
| CN107783776B (en) | Processing method and device of firmware upgrade package and electronic equipment | |
| CN104123481A (en) | Method and device for preventing application program from being tampered | |
| CN104573435A (en) | Method for terminal authority management and terminal | |
| CN109863475A (en) | The upgrade method and relevant device of a kind of application in safety element | |
| CN108415821A (en) | The generation method and device of test report | |
| CN112558946A (en) | Method, device and equipment for generating code and computer readable storage medium | |
| CN110263545A (en) | A kind of start-up course integrity measurement detection method based on android system | |
| CN108536451A (en) | Application program buries a method for implanting and device | |
| WO2017050186A1 (en) | Application permission management method and smart pos terminal | |
| CN104915262A (en) | Calibration system and method based on EXCEL data structure | |
| CN105825131A (en) | Computer security startup protection method on basis of UEFI (Unified Extensible Firmware Interface) | |
| CN111831308A (en) | Firmware updating method and program for quick charging equipment, quick charging equipment and storage medium | |
| WO2022078366A1 (en) | Application protection method and apparatus, device and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhang Yu Inventor after: Wang Xiaoping Inventor after: Tian Jiansheng Inventor after: Zhou Huawen Inventor after: Fan Zongliang Inventor before: Shen Jun |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: SHEN JUN TO: ZHANG YU WANG XIAOPING TIAN JIANSHENG ZHOU HUAWEN FAN ZONGLIANG |
|
| C53 | Correction of patent for invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Sun Yu Inventor after: Wang Xiaoping Inventor after: Tian Jiansheng Inventor after: Zhou Huawen Inventor after: Fan Zongliang Inventor before: Zhang Yu Inventor before: Wang Xiaoping Inventor before: Tian Jiansheng Inventor before: Zhou Huawen Inventor before: Fan Zongliang |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: ZHANG YU WANG XIAOPING TIAN JIANSHENG ZHOU HUAWEN FAN ZONGLIANG TO: SUN YU WANG XIAOPING TIAN JIANSHENG ZHOU HUAWEN FAN ZONGLIANG |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |