[summary of the invention]
The present invention is directed to the software information management system with credible regulatory requirement, by credible administrative center to soft
In part information system, the deployment ruuning situation of all softwares carries out centralized management, improves the software information of trust computing
The safety of management system.
For realizing above-mentioned technical purpose, the present invention provides a kind of software information based on trust computing to manage system
Management method, described management system includes credible administrative center and connects credible administrative center by network
Trusted terminal, described trusted terminal includes that credible administration agent, described management method comprise the steps:
(1) software information based on trust computing manages installation and the initialization of system;
(2) credible administrative center receives software installation kit and relevant information, registers after checking;
(3) credible administrative center the software of described software installation kit is pre-installed, dependency analysis, strategy
Acquisition operations;
(4) credible administrative center is by described software installation kit, software information, software dependence and credible plan
Slightly pack and sign and generate trusted software bag and preserve;
(5) credible administrative center configures trusted terminal software installation form, and foundation according to software dependence
Corresponding trusted software bag is pushed to successively by trusted terminal software installation form by dependence can
Letter terminal;
(6) credible strategy and credible strategy associated documents are protected by trusted terminal, and pacify described software
The software of dress bag is installed and is controlled, and " associated documents " of this step refer to wrap in trusted software bag
The application that contains, script, dynamic base, kernel module etc. perform associated documents;
(7) credible administration agent is according to the instruction of credible administrative center, soft to specified trusted software bag
Part carries out installed/updated/unloading operation, updates corresponding credible strategy.
Management method as above, in described step (6), control installed by the software to described software installation kit
Including only allowing the amendment of credible administration agent and installing the software of described software installation kit.
Management method as above, described step (1) software information based on trust computing management system
With initializing, installation includes that the installation of credible administrative center and the installation of initialization and credible administration agent are with initial
Change.
Management method as above, described credible administrative center includes managing module, credible warehouse and gathering eventually
End, the management process of described management module includes verifying software source, to acquisition software packet signature, configuration template
With issue template, described credible warehouse preserve and management trusted software bag, described acquisition terminal pre installation software package,
Check software dependence, gather credible strategy and establishment acquisition software bag.
Management method as above, described step (2) comprises the steps:
(2.1) credible administrative center receives software installation kit and software information;
(2.2) check whether software installation kit has digital signature, if software installation kit does not has digital signature, then
This software kit being registered as other software, and terminates, if there being digital signature, entering next step;
(2.3) check that the digital signature of software installation kit is the most legal, if software installation kit signature is illegal,
Then this software kit is registered as other software, and terminates, if it is legal to sign, enter next step;
(2.4) software installation kit is registered as trusted software.
Management method as above, the software information in described step (2.1) includes program installation kit, journey
Sequence title, version number, software type, software manual.
Management method as above, described step (3) comprises the steps:
(1) opening installation tool, installation procedure starts;
(2) installation targets software, in installation process, automatically record the release of this installation kit and revised all
File is for installing record;
(3) after installing and terminating, installation tool filters installs record, obtains relevant all of target software and holds
Style of writing part (comprising application, dynamic base, kernel module), script, registry entry and startup
Service;
(4) record is installed in installation tool analysis, checks the dependence of wherein All Files and collects, concludes
For dependence file;
(5) installation tool calculates and installs the hash value of All Files in record, is recorded as credible strategy;
(6) packing source software, credible strategy, dependence file, generates acquisition software bag.
Management method as above, described step (4) generates the step of trusted software bag and includes:
(1) management module receives the acquisition software bag that acquisition terminal is sent;
(2) management module resolves acquisition software bag and dependence, generates index file;
(3) management module generates trusted software bag to acquisition software packet signature, and is stored in credible warehouse;
(4) identification code that this acquisition software wraps in credible warehouse is stored in index file by management module.
Management method as above, described administrative template configures trusted terminal according to software dependence
Software installation form, including creating, revise, issue, deleting template.
Management method as above, the method for described drawing template establishment, comprise the steps:
(1) manager sets up blank template;
(2) manager adds the software that trusted terminal needs to run in blank template;
(3) management module automatically analyzes the dependence of selected software, the software kit relied on by selected software
Add administrative template.
Management method as above, the amendment of described template, comprise the steps:
(1) template to be revised is selected;
(2) add or delete original target software in template;
(3) management module reanalyses support programs according to new target software combination, adds template.
Management method as above, issuing of described template, comprise the following steps that
(1) select template to be issued and corresponding trusted terminal, initiate to issue operation;
(2) judge whether trusted terminal has template, if it has not, then jump to the 6th step;
(3) the original template managing module this trusted terminal of comparison and the software change currently issued between template
Situation, if not having the template of correspondence, then it is assumed that except behaviour in current template before this trusted terminal
Make the outer all software kits of system and be new clothes software kit;
(4) if current template comprises original template, do not need the software kit of unloading, then labelling issues template
In all softwares be software need to be installed, skip to following step (6);
(5) management module is suitable by the be ranked unloading of uninstall bag of the principle of " after the software being relied on unload "
Sequence, generates unloading command sequence, and notice trusted terminal performs unloading operation successively;
(6) management module is ranked according to " software being relied on first is installed " principle and need to install trusted software bag
Erection sequence;
(7) management module notifies that credible warehouse generates the disposable download link that need to install software kit;
(8) management module presses trusted software bag erection sequence, download link life is encapsulated as software kit installation and refers to
Make sequence;
(9) notice specifies trusted terminal to start template implementing procedure, and issues job sequence successively, until peace
Install into.
Management method as above, the deletion of described administrative template, comprise the following steps that
(1) template to be deleted is selected;
(2) management this template of module check is the most applied by trusted terminal, if any, then deletion disabled
And point out, if it is not, enter next step;
(3) appointment template is deleted.
Management method as above, described step (6) trusted terminal is to credible strategy and credible strategy indication
Fixed file is protected, and comprises the steps:
(1) file operation behavior in trusted terminal inspection system, intercepts credible strategy and credible strategy indication
The amendment operation that fixed file is carried out;
(2) judge whether this amendment operation is received credible administration agent and initiated, as no, then forbid amendment;
(3) amendment is allowed.
Management method as above, the software installation of described software installation kit is controlled by described trusted terminal,
Comprise the steps:
(1) behavior installed by the software in trusted terminal inspection system;
(2) judge whether this installation operation is received credible administration agent and initiated, as no, then forbid;
(3) allow to install.
Management method as above, described step (7) farther includes following steps:
(1), when trusted terminal is run, timing is connected to administrative center, reports this trusted terminal running status;
(2) credible administrative center issues flow process by template and generates operational order sequence, and making present instruction is sequence
In Article 1;
(3) credible administrative center issues present instruction;
(4) after trusted terminal accepts instruction, by instruction sign test/installation/uninstall bag, and correspondence updates plan
Slightly;
(5) trusted terminal returns operating result to credible administrative center;
(6) if operating successfully, administrative center continues to send next instruction, otherwise retransmits present instruction;
(7) above 3-6 step is repeated, until all instructions of described operational order sequence are all successfully completed;
(8) credible administrative center sends installation information to trusted terminal.
As it has been described above, the management method of the present invention, it is ensured that the concordance of software version in information system, increase eventually
End software and the credibility of corresponding credible strategy thereof, improves safety, additionally, the present invention also to simplify terminal soft
The management process of part environment, improves credible strategy collecting efficiency.
[detailed description of the invention]
Technological means and effect that predetermined purpose is taked is reached, below in conjunction with accompanying drawing by the present invention is expanded on further
And embodiment, architectural feature, concrete structure and the effect thereof to the present invention, describe in detail as follows.
The present invention closing information system software based on trust computing management system include credible administrative center and
Trusted terminal, system structure is as it is shown in figure 1, credible administrative center is connected by network and manages each credible end
End.
Credible administrative center, as the core of the software management system of the present invention, is responsible for checking software source information,
Trusted terminal software environment is carried out templating management, and stores trusted software.
Trusted terminal disposes the computing terminal of trust computing function, is responsible for according to can fuse tube in software management system
The instruction at reason center, perform concrete software kit receive, install, unloading operation.
Refering to Fig. 2, the management process of the software management system of the present invention comprises the steps:
(1) system is installed and initializes flow process;
(2) register after credible administrative center receives software installation kit and relevant information, checking;
(3) credible administrative center trusted software is pre-installed, dependency analysis, strategy acquisition operations;
(4) credible administrative center is by software installation kit, software relevant information, software dependence and credible plan
Slightly pack, and after signature, preserve (hereafter the software kit after signature being referred to as trusted software bag);
(5) credible administrative center is according to software dependence configurating terminal software installation form, and according to template,
Relevant trusted software bag is pushed to successively by dependence terminal;
(6) trusted terminal is according to the instruction of credible administrative center, and designated software carries out installed/updated/unloading
Operation, updates the credible strategy of correspondence simultaneously.
Refering to Fig. 3, the installation of the credible administrative center of the present invention and initialization following steps:
(1) credible administrative center software is installed;
(2) certificate management list, terminal management list, policy template list, trusted software bag index are created
List;
(3) credible administrative center generates signing certificate pair;
(4) credible administrative center imports trusted software developer's public key certificate;
(5) credible administrative center imports preset trusted software bag, manipulative indexing list and policy template list;
Refering to Fig. 4, the installation of the credible administration agent of the present invention and initialization following steps:
(1) trusted terminal installs credible administration agent;
(2) trusted terminal initiates application for registration to credible administrative center;
(3) this terminal is added terminal list by credible administrative center;
(4) credible administrative center issues administrative center's public signature key to trusted terminal;
(5) trusted terminal preserves the public signature key of credible administrative center.
Composition and the principle of the administrative center of the present invention are described specifically below.
Fig. 5 is the structural design drawing of the credible administrative center of the present invention.Credible administrative center include manage module,
Credible warehouse and acquisition terminal.
Management module management function include verify software source, to acquisition software packet signature, configuration template and under
Send out template.The function in credible warehouse includes preserving and management trusted software bag.The function of acquisition terminal includes pre-peace
Fill software, inspection software dependence, gather credible strategy and establishment acquisition software bag.
The acquisition terminal disposable collection to credible strategy, simplifying tradition trusted terminal each software installation will
Carry out the loaded down with trivial details flow process of strategy collection, greatly improve the collecting efficiency of credible strategy, will originally be distributed in simultaneously
The strategy generating action of each terminal concentrates on administrative center, improves security of system, and is the concentration label of strategy
Name and management provide the foundation.
Credible warehouse is the exclusive source running software in trusted terminal, it is achieved thereby that software version in information system
This concordance.
Software kit source is verified and registers by management module, credible strategy is concentrated and signed and terminal software
Templating manage, it is achieved that to the centralized Control of software arrangements in whole information system, ensured policy store and
Credible in transmitting procedure, and can provide for application safety problem that may be present and trace foundation.Management module
It is a software part of administrative center, comprises interface, operation logic two parts, refering to description Fig. 5 and right
Should illustrate;Administrative template is administrative center's data structure for configurating terminal software installment state, see Fig. 9,
10,11,12 and corresponding explanation.
The management process of the credible administrative center of the present invention includes software registering flow path, strategy collecting flowchart, software
Warehouse-in flow process and Template Manager flow process.In detail below each specific works flow process of administrative center is described in detail and
Explanation.
Comprise the steps: refering to Fig. 6, software registration and warehouse-in flow process
(1) credible administrative center receives software and software information, including program installation kit, program name,
Version number, software type, software manual;
(2) check whether software kit has digital signature;
(3) not having digital signature such as software kit, then this software kit is registered as other software, flow process terminates;
(4) check that the digital signature of software kit is the most legal;
(5) as illegal in software kit signature, then this software kit is registered as other software, flow process terminates;
(6) software kit being registered as trusted software, flow process terminates.
Refering to Fig. 7, strategy collecting flowchart refers to after software has been registered, acquisition terminal carry out credible strategy
Gathering, and generate the workflow of acquisition software bag, software collection flow process comprises the steps:
(1) opening installation tool, installation procedure starts;
(2) installation targets software, in installation process, automatically record the release of this installation kit and revised all
File is for installing record;
(3) after installing and terminating, installation tool filters installs record, obtains relevant all of target software and holds
Style of writing part (comprising application, dynamic base, kernel module), script, registry entry and startup
Service;
(4) record is installed in installation tool analysis, checks the dependence of wherein All Files and collects, concludes
For dependence file;
(5) installation tool calculates and installs the hash value of All Files in record, is recorded as credible strategy;
(6) packing source software, credible strategy, dependence file, generates acquisition software bag.
Refering to Fig. 8, the software warehouse-in flow process of the software management system of the present invention includes trusted software bag is set up rope
Draw and put in storage, comprising the steps:
(1) management module receives the acquisition software bag that acquisition terminal is sent;
(2) management module resolves acquisition software bag and dependence, generates index file;(comprise program name
Title, version number, dependence, program description)
(3) management module is to acquisition software packet signature (after signature, acquisition software bag is referred to as trusted software bag),
And it is stored in credible warehouse;
(4) identification code that this acquisition software wraps in credible warehouse is stored in index file by management module.
The template management function of the software management system of the present invention can rely on according to software close based on index file
It it is configurating terminal software installation form.The management of template is divided into establishment, revises, issue, delete four kinds of flow processs.
It is respectively described for these four kinds of flow processs and illustrates separately below.
Refering to Fig. 9, the flow process of the drawing template establishment of the Template Manager of the present invention, comprise the following steps that
(1) manager sets up blank template;
(2) manager adds the software (referred to as target software) that terminal needs to run in blank template;
(3) management module automatically analyzes the dependence of selected software, the software kit relied on by selected software
(referred to as support programs) add template;
(4) template configuration is completed.
Refering to Figure 10, the method for the modification process of Template Manager, comprise the following steps that
(1) manager selects template to be revised;
(2) manager adds or deletes original target software in template;
(3) management module reanalyses support programs according to new target software combination, adds template;
(4) template configuration is completed.
Refering to Figure 11, the flow process that issues of Template Manager comprises the following steps that
(1) manager selects template to be issued and corresponding trusted terminal, initiates to issue operation;
(2) judge whether terminal has template, if it has not, then jump to the 6th step;
(3) manage the module comparison original template of this trusted terminal and currently issue software change situation between template,
If there is no corresponding templates before this terminal, then it is assumed that in current template, division operation system is outer all soft
Part bag is new clothes software kit;
(4) if current template comprises original template, the most do not need the software kit of unloading, then labelling issues mould
In plate, all softwares are and need to install software, skip to the 6th step;
(5) management module is suitable by the be ranked unloading of uninstall bag of the principle of " after the software being relied on unload "
Sequence, generates unloading command sequence, and notice trusted terminal performs unloading operation successively;
(6) management module is ranked according to " software being relied on first is installed " principle and need to install trusted software bag
Erection sequence;
(7) management module notifies that credible warehouse generates the disposable download link that need to install software kit;
(8) management module presses trusted software bag erection sequence, download link life is encapsulated as software kit installation and refers to
Make sequence;
(9) notice specifies trusted terminal to start template implementing procedure, and issues job sequence successively, until peace
Install into (the module implementing procedure of this step correspondence trusted terminal of *).
Refering to Figure 12, the method for the deletion flow process of Template Manager, comprise the following steps that
(1) manager selects template to be deleted;
(2) management this template of module check is the most applied by trusted terminal, if any, then deletion disabled is also
Prompting;
(3) appointment template is deleted.
Refering to Figure 13, for the structure design of the trusted terminal of the present invention.The trusted terminal of present invention design is passed through
Realize at the credible administration agent possessing basic trust computing function.Wherein, " basic trust computing function " bag
Include: (1) trust chain authentication function;(2) protection has added the application of trust not by the function of malicious modification;(3)
Forbid unknown software being arbitrarily installed and updating the function of existing software.
Implementing of above-mentioned basic trust computing function refers to China's standard " trust computing specification the 3rd
Part: credible base support programs " and the relevant documentation issued of Trusted Computing Group (TCG).
Under the support of above-mentioned basis trust computing function, the present invention passes through trusted code module, it is achieved can fuse tube
The management based on template that software in trusted terminal is installed, updated, unloads by reason center.
The workflow of trusted terminal of the present invention includes the guarantor to the file specified by credible strategy and credible strategy
Protect flow process, the control flow that software is installed, the application template flow process of credible administration agent.Flowed by these
The enforcement of journey, it is ensured that only having credible administration agent can configure the software environment of trusted terminal and revise,
I.e. ensure that only through administrative center's signature software could installation and operation in systems, thus prevent external
The installation of illegal software and to the illegal modifications installing software, it is ensured that in system the concordance of software version and
Terminal software and the credibility of corresponding credible strategy thereof.
Refering to Figure 14, the protection flow process to the file specified by credible strategy and credible strategy, including following
Step:
(1) file operation behavior in trusted terminal inspection system, intercepts credible strategy and credible strategy indication
The amendment operation that fixed file is carried out.
(2) judge whether this amendment operation is received credible administration agent and initiated, as no, then forbid amendment.
(3) amendment is allowed.
Refering to Figure 15, the control flow that software is installed, comprise the following steps that
(1) installation of the software in trusted terminal inspection system behavior (refers to executable file and associated script, chain
The establishment behavior connect).
(2) judge whether this installation operation is received credible administration agent and initiated, as no, then forbid.
(3) allow to install.
Refering to Figure 16, the application template flow process to credible administration agent, comprise the following steps that
(1), when trusted terminal is run, timing is connected to administrative center, reports this terminal running state;
(2) credible administrative center generates operational order sequence by " template issues flow process ", and instruction includes " behaviour
Make mode (installing/unloading), software kit mark (dbase and version number), download link
(effective when only installing) ", making present instruction is the Article 1 in sequence;
(3) credible administrative center issues present instruction;
(4) after trusted terminal accepts instruction, by instruction sign test/installation/uninstall bag, and correspondence updates plan
Slightly;
(5) trusted terminal returns operating result to administrative center;
(6) if operating successfully, administrative center continues to send next instruction, otherwise retransmits this instruction;
(7) above 3-6 step is repeated, until all instructions are all successfully completed;
(8) credible administrative center sends installation information to trusted terminal.
The above embodiment of the present invention is only in order to illustrate principle and the structure of the present invention, and those skilled in the art are accordingly
Made any apparent conversion implementer, all within protection scope of the present invention.