CN101668284A - Method and device for guaranteeing security of edition software on network device - Google Patents
Method and device for guaranteeing security of edition software on network device Download PDFInfo
- Publication number
- CN101668284A CN101668284A CN200910092856A CN200910092856A CN101668284A CN 101668284 A CN101668284 A CN 101668284A CN 200910092856 A CN200910092856 A CN 200910092856A CN 200910092856 A CN200910092856 A CN 200910092856A CN 101668284 A CN101668284 A CN 101668284A
- Authority
- CN
- China
- Prior art keywords
- version
- software
- network equipment
- version software
- self
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a method for guaranteeing the security of edition software on a network device. The method comprises the following steps: a network device detects the integrality of the edition software after updating the edition software, and if the edition software is complete, the edition software works; and if the edition software is not complete, the edition software is updated. The invention also discloses a device for guaranteeing the security of edition software on a network device, which comprises a first monitoring module used for triggering a detection module after monitoring that the edition software of the network device is updated and a detection module used for detecting whether the edition software of the network device is complete or not and determining to run theedition software or update the edition software according to the detection result. The security of the edition software on the network device can be guaranteed by adopting the method and the device.
Description
Technical field
The present invention relates to field of communication security, relate in particular to a kind of method that guarantees security of edition software on network device and device.
Background technology
In mobile communication system, ensure the safety of software on the network equipment, be one of basis that provides to the user safe and reliable communication, at present, by the network equipment being placed in the safe environment, ensureing the safety of the network equipment by security context, and then ensure the safety of software on the network equipment.For example, with universal mobile telecommunications system (UMTS, Universal Mobile Telecommunications System) attaching position register (HLR in, Home Location Register), VLR Visitor Location Register (VLR, VisitorLocation Register), radio network controller (RNC, Radio Network Controller) etc. the network equipment is placed in the machine room of operator, ensures the fail safe of version software on it.But some network equipment can't be placed in the safe environment, for example, the base station of evolution (eNB) is because its deployment scenario flexibly, great majority are arranged at the field, environment of living in is absolutely unsafe, version software on it may be replaced at any time, and this makes the fail safe and the reliability of the communication environment that provides to the user to ensure.
Summary of the invention
In view of this, main purpose of the present invention is to provide a kind of method that guarantees security of edition software on network device and device, can ensure the safety of edition software on network device.
For achieving the above object, technical scheme of the present invention is achieved in that
A kind of method that guarantees security of edition software on network device, this method comprises:
The network equipment detects the integrality of self version software after upgrading self version software, if complete, move self version software; If imperfect, upgrade self version software.
Further, before the integrality of described detection self version software, this method also comprises: the network equipment upgrades the version software of self, is specially:
The network equipment reports the version number of self version software to version server; The version number that version server inquires version software is higher than the version number that receives, and then issues the version software that inquires to the network equipment; The network equipment receives this version software that inquires, and replaces the version software of self by this version software that inquires; Perhaps,
When receiving the version number that version server sends, the network equipment determines that the version number that receives is higher than the version number of self version software, then ask version server to send the version software of the version number's correspondence that receives, replace the version software of self by the version software that version server is sent.
Further, this method also comprises: the network equipment starts or when restarting, and detects the integrality of self version software.
Further, this method further comprises:
On the network equipment, set up trusted context TRE; Wherein, TRE is outer invisible to the operation of TRE inside;
The operating among the described TRE of integrality of described network equipment detection self version software carried out.
Further, this method further comprises:
The number of times that the network equipment upgrades self version software exceeds described maximum update times and self version software when still imperfect, gives the alarm.
The present invention also provides a kind of device that guarantees security of edition software on network device, and this device comprises: first monitoring modular and detection module; Wherein,
First monitoring modular, after being used to monitor the version software renewal of the network equipment, the detection trigger module;
Detection module, whether the version software that is used to detect the network equipment is complete, and in testing result when being complete, this version software of indication network equipment operation; When being imperfect, indication network equipment carries out version software to be upgraded in testing result.
Further, this device also comprises:
Update module is used for the version number to version server report network device version software, and when receiving the version software that version server issues, more the version software of new network device; Or receive the version number that version server is sent, and when determining that the version number that receives is higher than the version number of network appliance version software, the request version server issues version software, and the version software of new network device more.
Further, this device also comprises:
Second monitoring modular is used for detection trigger module when monitoring network equipment startup or restarting.
Further, this device also comprises:
TRE comprises input port, the delivery outlet of communicating by letter with TRE outward, is used to make TRE outer invisible to the operation of TRE inside;
Described detection module is arranged in the TRE.
Further, this method also comprises:
Upgrade monitoring modular, be used for the number of times of the version software of the Monitoring and Update network equipment, and exceed the version software of the maximum update times that sets in advance and the network equipment when still imperfect, give the alarm at the number of times of the version software of new network device more.
Method that guarantees security of edition software on network device provided by the present invention and device, when more the version software of new network device finishes, version software to the network equipment carries out integrity detection, like this, when being distorted, the version software of the network equipment can in time find, the version software that in time stops network equipment operation to be distorted, and the version software that upgrades in time and distorted, ensured the safety of edition software on network device, and then avoided because of the version software distorted of operation, dangerous to the communication environment that the user provides, insecure problem, and avoided influencing network equipment operation.The present invention also has following advantage and characteristics:
1, when the network equipment starts or restarts, version software to the network equipment carries out integrity detection, can in time find when the network equipment is out of service,, guarantee that the network equipment can not move the version software of being distorted distorting that the version software of the network equipment carries out;
2, execution is carried out the operation of integrity detection to the version software of the network equipment in TRE, guarantees that operating process can not be subjected to the outer interference of TRE, makes testing result credible.
Description of drawings
The realization flow figure of the method that Fig. 1 guarantees security of edition software on network device for the embodiment of the invention;
The structural representation of the device that Fig. 2 guarantees security of edition software on network device for the embodiment of the invention.
Embodiment
The realization flow of the method that the embodiment of the invention guarantees security of edition software on network device may further comprise the steps as shown in Figure 1:
Step 101: the network equipment is after upgrading self version software, and whether detect self version software complete, if imperfect, execution in step 102; If complete, execution in step 103;
Wherein, detect whether complete being specially of version software:
PKI in the digital certificate of sending according to version server, the digital signature of the version software that the check version server is sent is upchecked, and thinks that then version software is complete; Otherwise, think that version software is imperfect.
In the embodiment of the invention, step 101 also comprises: the network equipment upgrades the version software of self, is specially:
The network equipment reports the version number of self version software to version server; The version number that version server inquires version software is higher than the version number that receives, and then issues the version software that inquires to the network equipment; The network equipment receives this version software that inquires, and replaces the version software of self by this version software that inquires; Perhaps,
When receiving the version number that version server sends, the network equipment determines that the version number that receives is higher than the version number of self version software, then ask version server to send the version software of the version number's correspondence that receives, replace the version software of self by the version software that version server is sent;
The embodiment of the invention also comprises: on the network equipment, set up trusted context (TRE, TrustEnvironment) concrete, this TRE comprises input port, the delivery outlet of communicating by letter with TRE outward, and the outer operation to TRE inside of TRE is sightless;
Step 102: the network equipment upgrades the version software of self, returns step 101.
Wherein, the version software of described more new network device is specially:
Send the request of the version number of carrying network appliance version software to version server; The version number that version server carries according to the request that receives determines the version software of network equipment needs and sends; The version software of being sent by version server is replaced the version software of the network equipment.
The embodiment of the invention also can comprise before the version software that upgrades self: the network equipment determines whether the number of times of renewal self version software exceeds the maximum update times that sets in advance, if exceed, think that the version software on the version server is illegal, or the network equipment is connected on the illegal version server, then give the alarm, with informing network plant maintenance personnel, judge that by the network equipment maintenance personnel the problems referred to above are that version software on the version server is illegal, or the network equipment is connected and causes on the illegal version server, and according to the version software on the judged result reparation version server, or the network equipment is connected with legal version server, so that the network equipment can download to legal version software; If do not exceed, execution in step 102.
Further, in the embodiment of the invention, when the network equipment starts or restarts, execution in step 102.
Step 103: the version software of network equipment operation self.
The structure of the device that the embodiment of the invention guarantees security of edition software on network device comprises as shown in Figure 2: first monitoring modular and detection module; Wherein,
First monitoring modular, after being used to monitor the version software renewal of the network equipment, the detection trigger module;
Detection module, whether the version software that is used to detect the network equipment is complete, and in testing result when being complete, this version software of indication network equipment operation; When being imperfect, indication network equipment carries out version software to be upgraded in testing result.
Further, this device also comprises:
Update module is used for the version number to version server report network device version software, and when receiving the version software that version server issues, more the version software of new network device; Or receive the version number that version server is sent, and when determining that the version number that receives is higher than the version number of network appliance version software, the request version server issues version software, and the version software of new network device more.
Further, this device also comprises:
Second monitoring modular is used for detection trigger module when monitoring network equipment startup or restarting.
Further, this device also comprises:
TRE comprises input port, the delivery outlet of communicating by letter with TRE outward, is used to make TRE outer invisible to the operation of TRE inside;
Described detection module is arranged in the TRE.
Further, this device also comprises:
Upgrade monitoring modular, be used for the number of times of the version software of the Monitoring and Update network equipment, and exceed the version software of the maximum update times that sets in advance and the network equipment when still imperfect, give the alarm at the number of times of the version software of new network device more.
The device that the embodiment of the invention guarantees security of edition software on network device is arranged on the network equipment.
The above is preferred embodiment of the present invention only, is not to be used to limit protection scope of the present invention.
Claims (10)
1, a kind of method that guarantees security of edition software on network device is characterized in that, this method comprises:
The network equipment detects the integrality of self version software after upgrading self version software, if complete, move self version software; If imperfect, upgrade self version software.
According to the described method that guarantees security of edition software on network device of claim 1, it is characterized in that 2, before the integrality of described detection self version software, this method also comprises: the network equipment upgrades the version software of self, is specially:
The network equipment reports the version number of self version software to version server; The version number that version server inquires version software is higher than the version number that receives, and then issues the version software that inquires to the network equipment; The network equipment receives this version software that inquires, and replaces the version software of self by this version software that inquires; Perhaps,
When receiving the version number that version server sends, the network equipment determines that the version number that receives is higher than the version number of self version software, then ask version server to send the version software of the version number's correspondence that receives, replace the version software of self by the version software that version server is sent.
3, according to claim 1 or the 2 described methods that guarantee security of edition software on network device, it is characterized in that this method also comprises: the network equipment starts or when restarting, and detects the integrality of self version software.
4, according to claim 1 or the 2 described methods that guarantee security of edition software on network device, it is characterized in that this method further comprises:
On the network equipment, set up trusted context TRE; Wherein, TRE is outer invisible to the operation of TRE inside;
The operating among the described TRE of integrality of described network equipment detection self version software carried out.
5, according to claim 1 or the 2 described methods that guarantee security of edition software on network device, it is characterized in that this method further comprises:
The number of times that the network equipment upgrades self version software exceeds described maximum update times and self version software when still imperfect, gives the alarm.
6, a kind of device that guarantees security of edition software on network device is characterized in that, this device comprises: first monitoring modular and detection module; Wherein,
First monitoring modular, after being used to monitor the version software renewal of the network equipment, the detection trigger module;
Detection module, whether the version software that is used to detect the network equipment is complete, and in testing result when being complete, this version software of indication network equipment operation; When being imperfect, indication network equipment carries out version software to be upgraded in testing result.
7, according to the described device that guarantees security of edition software on network device of claim 6, it is characterized in that this device also comprises:
Update module is used for the version number to version server report network device version software, and when receiving the version software that version server issues, more the version software of new network device; Or receive the version number that version server is sent, and when determining that the version number that receives is higher than the version number of network appliance version software, the request version server issues version software, and the version software of new network device more.
8, according to claim 6 or the 7 described devices that guarantee security of edition software on network device, it is characterized in that this device also comprises:
Second monitoring modular is used for detection trigger module when monitoring network equipment startup or restarting.
9, according to claim 6 or the 7 described devices that guarantee security of edition software on network device, it is characterized in that this device also comprises:
TRE comprises input port, the delivery outlet of communicating by letter with TRE outward, is used to make TRE outer invisible to the operation of TRE inside;
Described detection module is arranged in the TRE.
10, according to claim 6 or the 7 described devices that guarantee security of edition software on network device, it is characterized in that this method also comprises:
Upgrade monitoring modular, be used for the number of times of the version software of the Monitoring and Update network equipment, and exceed the version software of the maximum update times that sets in advance and the network equipment when still imperfect, give the alarm at the number of times of the version software of new network device more.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910092856A CN101668284A (en) | 2009-09-09 | 2009-09-09 | Method and device for guaranteeing security of edition software on network device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910092856A CN101668284A (en) | 2009-09-09 | 2009-09-09 | Method and device for guaranteeing security of edition software on network device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101668284A true CN101668284A (en) | 2010-03-10 |
Family
ID=41804664
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200910092856A Pending CN101668284A (en) | 2009-09-09 | 2009-09-09 | Method and device for guaranteeing security of edition software on network device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101668284A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102567063A (en) * | 2012-01-20 | 2012-07-11 | 飞天诚信科技股份有限公司 | Method and device for automatically installing software |
-
2009
- 2009-09-09 CN CN200910092856A patent/CN101668284A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102567063A (en) * | 2012-01-20 | 2012-07-11 | 飞天诚信科技股份有限公司 | Method and device for automatically installing software |
CN102567063B (en) * | 2012-01-20 | 2014-07-30 | 飞天诚信科技股份有限公司 | Method and device for automatically installing software |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104765629B (en) | A kind of installation method and device of system application | |
CN103473505B (en) | A kind of scanning reminding method of software vulnerability and device | |
US7933584B2 (en) | Method for implementing security update of mobile station and a correlative reacting system | |
WO2018010011A1 (en) | Updating firmware at enterprise devices | |
KR20130027157A (en) | Apparatus and method that enhance security using virtual interface in cloud system | |
CN103491064B (en) | Terminal software maintaining method, service customer end and service server | |
CN104932912A (en) | Software updating method and system and mobile device | |
CN104965492A (en) | Detection method of household appliances, detection device of household appliances and terminal | |
CN106789373A (en) | A kind of method that remote upgrade is carried out to concentrator | |
CN105141756A (en) | Abnormity processing method and abnormity processing device | |
CN102957673B (en) | A kind of processing method of information, equipment and system | |
US9118558B2 (en) | Software upgrades of network elements in telecommunications network | |
CN103593616A (en) | System and method for preventing and controlling USB flash disk viruses in enterprise information network | |
KR101244037B1 (en) | Method and System for Managing Mobile Terminal | |
CN104965747A (en) | Method and device for upgrading software | |
CN102905290B (en) | base station maintenance method and apparatus | |
JP2017536759A (en) | Method and apparatus for self-healing after disconnection of base station | |
CN111897556B (en) | Video monitoring service system based on cloud computing | |
CN101668284A (en) | Method and device for guaranteeing security of edition software on network device | |
CN101175315A (en) | Method and system for updating control mobile station | |
CN105634852A (en) | Check processing method and device | |
US20120054535A1 (en) | System and Method for Transmitting Data | |
CN103634398A (en) | MOST network-based software upgrading method | |
KR101504183B1 (en) | Method and Apparatus of Performing Wireless Network Connectivity Monitoring and Auto Healing for Improving Mobile Communication Service Quality and VOC | |
KR101946569B1 (en) | Method and apparatus for preventing outgoing call spoofing in mobile operating system, computer readable medium and computer program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100310 |