CN102622550B - Safe online patch check system facing terminal computers - Google Patents

Safe online patch check system facing terminal computers Download PDF

Info

Publication number
CN102622550B
CN102622550B CN201210101326.4A CN201210101326A CN102622550B CN 102622550 B CN102622550 B CN 102622550B CN 201210101326 A CN201210101326 A CN 201210101326A CN 102622550 B CN102622550 B CN 102622550B
Authority
CN
China
Prior art keywords
patch
central computer
computer
module
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210101326.4A
Other languages
Chinese (zh)
Other versions
CN102622550A (en
Inventor
韩磊
文梁
陈燕军
刘霞
姜红星
赵飞
朱喜刚
邓文浩
张东山
唐立才
张敬鹏
吴宏彬
方超
纪树峰
杨景校
吴晓明
王旭
石志勇
陈佳
纪曦
赵卫灵
陈楚平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GUANGDONG AEROSPACE SATELLITE TECHNOLOGY Co Ltd
Beijing Institute of Spacecraft System Engineering
Original Assignee
GUANGDONG AEROSPACE SATELLITE TECHNOLOGY Co Ltd
Beijing Institute of Spacecraft System Engineering
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GUANGDONG AEROSPACE SATELLITE TECHNOLOGY Co Ltd, Beijing Institute of Spacecraft System Engineering filed Critical GUANGDONG AEROSPACE SATELLITE TECHNOLOGY Co Ltd
Priority to CN201210101326.4A priority Critical patent/CN102622550B/en
Publication of CN102622550A publication Critical patent/CN102622550A/en
Application granted granted Critical
Publication of CN102622550B publication Critical patent/CN102622550B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a safe online patch check system facing terminal computers. The system checks all terminal computers online on a central computer in a concentration way, and all the computers are connected together through a network; the system comprises an online check tool, an encapsulation module and a central computer, wherein the encapsulation module is used for packing the online check tool to be in a CAB (Computer Address Bus) packet form and stores a CAB packet on the central computer, the central computer embeds the CAB packet in an IE browser, and terminal computers download the CAB packet from the central computer through the IE browser and automatically install the CAB packet; and all latest patch packet and patch information are stored on the central computer. The system disclosed by the invention encapsulates the check tool to be in the CAB packet form and embeds the CAB packet in the IE browser, thereby avoiding the defect of checking each terminal computer onsite in the prior art and releasing the manpower, and the system can finish all expected check items at one time and finally realize the central online check of all the terminal computers in the network through one central computer, thereby improving the check efficiency.

Description

The safe On line inspection system of patch of terminaloriented computing machine
Technical field
The present invention relates to a kind of safe On line inspection system of patch of terminaloriented computing machine, belong to computer security technique and check field.
Background technology
The network equipments different is in a large number generally included, such as gateway, router and provide service to user, run server, the client computer of various application program in large-scale network system.Equipment, service, application program, server, client computer and user, the relation even between them is all the object needing management.Complicated in the internal height of this large-scale networks, cause managing abnormal difficult, the management cycle is tediously long, and along with the expansion of system scale, and the expense of management also exponentially rule increases.
The outburst of extensive worm-type virus each time, all remind people to think of danger in times of safety, accomplish fluently patch, carry out prevention work---patch more and more becomes an important step of safety management.The continuous change and progress of hacking technique, the time leaving keeper for will be fewer and feweri, and within the shortest time, install patch will greatly protecting network and its secret carried, and less user also can be made from the invasion and attack of worm simultaneously.For the user that machine is numerous, numerous and diverse manual patch installs the management that can not adapt to large scale network far away, must rely on new technological means to realize the patch auto-mending to operating system.Therefore, how to utilize effective technology means to come in time, continue, stable installation computing machine patch, be all-network safety manager, problem that information security managerial decision personnel need solution badly.
Operation general at present utilizes each terminal to be used as independently object, and manually for each terminal computer carries out the related management of patch, but it is huger to work as network, number of computers and amount of software more time, complex management.Simultaneously also real-time not, improves the risk of computer security.Even if utilize manual administration patch information also to need user to need certain computer major technical know-how to use, and arrange loaded down with trivial details, be unfavorable for the operation of user.
Summary of the invention
Technology of the present invention is dealt with problems: overcome the deficiencies in the prior art, provides a kind of patch of terminaloriented computing machine safe On line inspection system, and this system can carry out concentrated patch distribution to all terminal computers in real time online.
Technical solution of the present invention: the safe On line inspection system of patch of terminaloriented computing machine, a central computer is carried out concentrating inspection to all terminal computers online, is connected between all computing machines by network; Described system is included in ray examination instrument, package module and central computer, On line inspection instrument is packaged into the form of CAB bag and is stored on central computer by package module, CAB bag is embedded IE browser by central computer, and terminal computer is downloaded this CAB by IE browser from central computer and wrapped and Auto-mounting; Central computer stores all up-to-date service packs and patch information; Described On line inspection instrument comprises tactful customized module, uniform data interface module, patch parsing module, enquiry module and download distribution module;
User initiates the safe On line inspection instruction of patch by the IE browser input on central computer to every station terminal computing machine, and the instruction of described patch safe On line inspection comprises online update instruction, patch type and latest edition number; CAB bag on every station terminal computing machine is according to the online updating instruction start-up check received, specific as follows:
Uniform data interface module receives the safe On line inspection instruction of patch by IE browser, starts patch parsing module; Patch parsing module goes out patch type and latest edition number according to the safe On line inspection instructions parse of patch; And from tactful customized module, obtain the current patch classification of local computer and patch release number, the two is compared, if local computer current patch release number is less than latest edition number, then patch classification is sent to download distribution module; Download distribution module obtains service packs corresponding to this patch classification according to the patch classification received, and downloads and installs, by the state after installing and result feedback to patch parsing module; Latest edition corresponding for the service packs of installation number, according to feedback result, when successful installation, is passed to tactful customized module by patch parsing module; If install unsuccessfully, then again download and install, if install failure in the number of times restriction preset always, then notify that failure information shows by enquiry module; Current patch classification and the patch release number of local computer is stored in strategy customized module, and the latest edition of reception number is compared with current patch release number, when current patch release number is less than or equal to latest edition, upgrade current patch release number by latest edition number; Otherwise, call enquiry module and current patch release number is greater than latest edition number shows.
Described tactful customized module also stores the current patch sense cycle of local computer, terminal computer initiatively passes through uniform data interface module according to patch sense cycle and initiates patch renewal application to central computer, and this patch type and latest edition number are sent to this terminal computer by central computer.
Described download distribution module specific implementation step is as follows:
(1) receive the patch classification of the needs renewal that patch parsing module sends, this patch classification information is sent to central computer;
(2) central computer is by the connected state in Ping order acquisition network between central computer and each terminal computer;
(3) central computer sends network status query instruction by IE browser, the uniform data interface module of corresponding terminal computing machine obtains this instruction from IE browser and sends to download distribution module, download distribution module obtains the connection status with other terminal computer, and the information of acquisition is back to central computer by uniform data interface module;
(4) central computer is according to the status information received, set up a set, this set, using central computer as starting point, travels through the state of the terminal computer be attached thereto, by the corresponding relation <V between computing machine good for display connected state i, V j> is stored in this set, when the response time of central computer and terminal computer is within 500 milliseconds, represent good connection between central computer and terminal, otherwise connection status both representing is for blocking, the corresponding terminal computer that blocks is designated as V k; Wherein, V i(i=1) central computer is represented, V jthe terminal computer that (j ≠ 1) representative is good with central computer connected state;
(5) in set, determine a certain station terminal computing machine V blocked with central computer kmcorresponding relation, specific as follows:
(5.1) a certain station terminal computing machine V blocked with central computer in obtaining step (4) kmv in gathering with step (4) jbetween connection state information, if there is the computing machine of good connection, then by the V the shortest response time in connection state information jwith corresponding V kmcorresponding relation <V j, V km> is stored in set; If V jin do not exist and this station terminal computing machine V kmthe computing machine of good connection, then go to step (5.2);
(5.2) obtain and this station terminal computing machine V kmthe terminal computer V that other and central computer of good connection block kn; By <V kn, V km>, stored in this set, turns (5.3);
(5.3) terminal computer V is obtained knv in gathering with step (4) jbetween connection state information, if there is the computing machine of good connection, then by the V the shortest response time in connection state information jwith corresponding V kncorresponding relation <V j, V kn> is stored in set; If there is not the computing machine of good connection, then from set, delete <V kn, V km>, by <V 1, V km> is stored in set;
(6) other all terminal computer blocked with central computer is processed according to step (5);
(7) central computer is according to the content in set, status information and corresponding service packs is sent by IE browser, the uniform data interface module being connected good terminal computer with central computer obtains status information and service packs from IE browser, judges that status information is the need of this service packs being forwarded to other terminal computer.If desired, then service packs is forwarded to other terminal computer, and corresponding service packs is installed, return results to patch parsing module.
The present invention's advantage is compared with prior art:
(1) present system is by being packaged into the form of CAB bag and embedding in IE browser by checking tool, avoids the defect at present every station terminal computing machine all being needed to site inspection, has liberated manpower; Disposablely can complete all projects expecting to check, and finally realize a central computer ray examination is concentrated on to all terminal computers in network, improve checking efficiency.
(2) present system provides patch active agency forwarding capability, improves patch and issues efficiency, reduce the occupancy of the network bandwidth, save Internet resources.Can at the appointed time, (as push away, draw) distribution patch by different way within the scope of specified network, or control client downloads patch according to script strategy is unified.When system monitoring is to when having a non-patch installing of client, propelling movement patch can be carried out to no marking patch client.
(2) present system provides patch active agency forwarding capability, improves patch and issues efficiency, decreases the occupancy of the network bandwidth, saves Internet resources.Can according to network-in-dialing state between each node in current network, carry out the propelling movement of patch in the mode forwarded, and reduce the load factor of central computer, what ensure that central computer effective carries out work.
(3) the present invention can react the patch state of each client and terminal computer timely, when state changes time, can return state information in time, and reminding user, makes computing machine be in all the time in safe environment.
Accompanying drawing explanation
Fig. 1 is the system assumption diagram of present system;
Fig. 2 is the uniform data interface module implementation procedure schematic diagram in present system;
Fig. 3 is the enquiry module implementation procedure schematic diagram in present system;
Fig. 4 is the patch parsing module implementation procedure schematic diagram in present system;
Fig. 5 is download distribution module implementation procedure schematic diagram.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in detail
As shown in Figure 1, a central computer carries out concentrating inspection to all terminal computers online, is connected by network between all computing machines; Described system is included in ray examination instrument, package module and central computer, On line inspection instrument is packaged into CAB packet form and is stored on central computer by package module, CAB bag is embedded IE browser (com technology can be adopted to realize embedding) by central computer, and terminal computer is downloaded this CAB by IE browser from central computer and wrapped and Auto-mounting; Central computer stores all up-to-date service packs and patch information; Described On line inspection instrument comprises tactful customized module, uniform data interface module, patch parsing module, enquiry module and download distribution module;
When concentrate to every station terminal computing machine carry out patch inspection, distribution time, user initiates the safe On line inspection instruction of patch by the IE browser input on central computer to every station terminal computing machine, and the instruction of described patch safe On line inspection comprises online update instruction, patch type and latest edition number; CAB bag on every station terminal computing machine is according to the online updating instruction start-up check received, specific as follows:
Uniform data interface module receives the safe On line inspection instruction of patch by IE browser, starts patch parsing module;
Patch parsing module goes out patch type and latest edition number according to the safe On line inspection instructions parse of patch; And from tactful customized module, obtain the current patch classification of local computer and patch release number, the two is compared, if local computer current patch release number is less than latest edition number, then patch classification is sent to download distribution module;
Download distribution module obtains service packs corresponding to this patch classification according to the patch classification received, and downloads and installs, by the state after installing and result feedback to patch parsing module; Latest edition corresponding for the service packs of installation number, according to feedback result, when successful installation, is passed to tactful customized module by patch parsing module; If install unsuccessfully, then again download and install, if install failure in the number of times restriction preset always, then notify that failure information shows by enquiry module;
Current patch classification and the patch release number of local computer is stored in strategy customized module, and the latest edition of reception number is compared with current patch release number, when current patch release number is less than or equal to latest edition, upgrade current patch release number by latest edition number; Otherwise, call enquiry module and current patch release number is greater than latest edition number shows.
When terminal computer needs to carry out the renewal of active patch, then can store the current patch sense cycle of local computer in tactful customized module, terminal computer initiatively passes through uniform data interface module according to patch sense cycle and initiates patch renewal application to central computer, this patch type and latest edition number are sent to this terminal computer with instruction type by central computer, and the patch parsing module of terminal computer and other modules carry out patch renewal according to the method for above-mentioned concentrated inspection.
Central computer can also send patch query statement by IE browser, the uniform data interface module of corresponding terminal computing machine obtains this instruction from IE browser and sends to enquiry module, the corresponding information that enquiry module stores in acquisition strategy customized module from tactful customized module, and the information of acquisition is back to central computer by uniform data interface module, shown by central computer.
Introduce the implementation procedure of each module below in detail.
(1) download distribution module
In order to the patch improving download distribution issues efficiency, reduce network bandwidth occupation rate and save Internet resources, method concrete steps as shown in Figure 5:
(1) receive the patch classification of the needs renewal that patch parsing module sends, this patch classification information is sent to central computer;
(2) central computer sends Ping order to each terminal computer by application programming interfaces API, terminal computer is by after this Ping order of reception, operating system returns the information received to central computer, central computer, according to the time interval issuing commands to the information of receiving, determines the network-in-dialing state between central computer and each terminal computer.
(3) central computer sends network status query instruction by IE browser, the uniform data interface module of corresponding terminal computing machine obtains this instruction from IE browser and sends to download distribution module, download distribution module obtains the connection status with other terminal computer, and the information of acquisition is back to central computer by uniform data interface module.
Suppose that a station terminal computing machine is designated as A computing machine and obtains network status query instruction from IE browser, A computing machine sends Ping order to all terminal computers be connected with A computing machine according to this network status query instruction by application programming interfaces API, A computing machine determines the network-in-dialing state of the coupled all terminal computers of A computing machine according to the time interval issuing commands to the information of receiving, and above-mentioned status information is sent to central computer by uniform data interface module by the download distribution module on A computing machine;
(4) central computer is according to the status information received, set up a set, this set, using central computer as starting point, travels through the state of the terminal computer be attached thereto, by the corresponding relation <V between computing machine good for display connected state i, V j> is stored in this set, General Central computing machine and terminal computer response time, (i.e. status information) was within 500 milliseconds time, represent good connection between central computer and terminal, otherwise connection status both representing is for blocking, the corresponding terminal computer that blocks is designated as V k; Wherein, V i(i=1) central computer is represented, V jthe terminal computer that (j ≠ 1) representative is good with central computer connected state;
(5) in set, determine a certain station terminal computing machine V blocked with central computer kmcorresponding relation, specific as follows:
(5.1) a certain station terminal computing machine V blocked with central computer in obtaining step (4) kmv in gathering with step (4) jbetween connection state information, if there is the computing machine of good connection, then by the V the shortest response time in connection state information jwith corresponding V kmcorresponding relation <V j, V km> is stored in set; If V jin do not exist and this station terminal computing machine V kmthe computing machine of good connection, then go to step (5.2);
(5.2) obtain and this station terminal computing machine V kmthe terminal computer V that other and central computer of good connection block kn; By <V kn, V km>, stored in this set, turns (5.3);
(5.3) terminal computer V is obtained knv in gathering with step (4) jbetween connection state information, if there is the computing machine of good connection, then by the V the shortest response time in connection state information jwith corresponding V kncorresponding relation <V j, V kn> is stored in set; If there is not the computing machine of good connection, then from set, delete <V kn, V km>, by <V 1, V km> is stored in set;
(6) other all terminal computer blocked with central computer is processed according to step (5);
(7) central computer is according to the content in set, status information and corresponding service packs is sent by IE browser, the uniform data interface module being connected good terminal computer with central computer obtains status information and service packs from IE browser, judges that status information is the need of this service packs being forwarded to other terminal computer.If desired, then service packs is forwarded to other terminal computer, and corresponding service packs is installed, return results to patch parsing module.
Such as: the content in set
<V 1,V 2>
<V 1,V 3>
<V 1,V 5>
<V 1,V 7>
<V 2,V 4>
<V 3,V 6>
Then, central computer needs to send status information and corresponding service packs, terminal computer V by IE browser 2, V 3according to status information, the service packs of reception will be transmitted to the V blocked with central computer 4, V 6.
(8) central computer judges the whether installation of each terminal according to the information that each terminal returns.
(2) patch parsing module
This module implementation procedure as shown in Figure 4.
(1) patch parsing module goes out patch type and latest edition number according to the safe On line inspection instructions parse of patch;
(2) from tactful customized module, obtain the current patch classification of local computer and patch release number, the two is compared, if local computer current patch release number is less than latest edition number, then patch classification is sent to download distribution module, goes to step (3); Otherwise, do not process, process ends;
(3) receive installment state and result that download distribution module returns, when result display successful installation, latest edition corresponding for the service packs of installation number and set-up time are passed to tactful customized module; When result display is installed unsuccessfully, start download distribution module and again download and install, if install failure in the number of times restriction preset always, then notify that failure information carries out showing and pointing out restarting computing machine by enquiry module.Above-mentioned default number of times is generally 2 times, also can be repeatedly.
(3) tactful customized module
The content stored in strategy customized module can comprise patch classification (such as, system mend, IE patch, application program patch etc.), patch release number, the patch set-up time, patch sense cycle, type of operating system etc., its content can be expanded according to actual requirement, can adopt form or ini file form.
Such as adopt INI form:
[patch release]
Version=v1.6.0.8
[patch classification]
Classification 1=system mend
Classification 2=IE patch
[patch sense cycle]
Time=10 (default units is sky)
[operating system]
operating systems=Windows XP
(4) enquiry module
This module implementation procedure as shown in Figure 3
(1) receive the patch query statement imported into, resolve the querying condition representated by instruction, such as: patch type, patch release number, the patch set-up time etc., call uniform data interface module according to these conditions and obtain this category information from tactful customized module.
(2) create chained list, the information inquired is deposited in chained list, the total amount of recorded information.If the patch of inquiry does not exist, then return condition not this patch of presence or absence of inquiry.
(5) uniform data interface module
Uniform data interface module as shown in Figure 2, the data of Main Function receiving center computing machine or other module transfer of terminal computer, data are encoded according to rule, according to IP address, data can be sent to corresponding one end, such as IP address: 192.168.0.119 etc.
Uniform data interface module realizes unified data-interface by utilizing ripe JSON technology.
(6) package module
On line inspection instrument is packaged into the form of CAB bag by package module, and concrete steps are as follows:
(1) makecert.exe is utilized to make digital signature
◆ enter system doc interface, the catalogue of input command cd makecert.exe, by enter key.Such as: cd C:/makeCab
◆ input command, command format is as follows: makecert-sv-n-ss-r-b-e.Such as: makecert
-sv dsoframer.pvk-n“CN=XXXX”-ss My-r-b 01/01/1900-e01/01/9999
-sv dsoframer.pvk is meant to the private spoon file dsoframer.pvk of generation one
-n " CN=XXXX " " XXXX " is wherein exactly the proprietary name of certificate of display in signature.
-ss My specifies the certificate after generating to be kept in personal certificate
-r means that certificate is that oneself is presented to oneself.
-b 01/01/2009 specifies the term of validity from date of certificate, form be the moon/day/year, minimum is 1900
-e 01/01/2018 specifies the expiration of limitation period date of certificate, and form is the same.
◆ open " internet option " of IE, be switched to " content " label, click " certificate " button and " choose " XXXX " being exactly the certificate generated, is dsoframer.cer its " derivation ",
(2) inf file is set up, run IEXPRESS.EXE, choose " create new explaining by oneself and compress command file ", enter next step, choose " only creating compressed file (ActiveX installation) ", enter the DLL (if any) that next step program used comprises routine call and be added in list, after config option, with regard to continuity point " next step ", namely generate dsoframer.CAB.
(3) signcode.exe is run, select dsoframer.CAB, " signature type " in " signature option " is selected " self-defined (C) ", the certificate file dsoframer.cer that above next step " from file selection ", the first step derives, the dsoframer.pvk file that the first step generates selected by next step private spoon again, then description is entered, note, in figure " describe (optional) ": under input frame in write corresponding descriptive statement as required, click " next step ", until signed.
(4) ready-made CAB bag is embedded into webpage.
Applicating example: software of the present invention and method have been successfully applied to the online censorship process of space flight institute computing machine, for successfully completing the task of as many as 1000 multiple stage computing machine online censorship simultaneously.Demonstrate software and there is construction cycle short, maintainable good, open interface, perfect debug function and be easy to the advantage that uses and manage flexibly.
The part that the present invention does not describe in detail belongs to techniques well known.

Claims (3)

1. the safe On line inspection system of the patch of terminaloriented computing machine, is characterized in that: carry out concentrating inspection to all terminal computers online on a central computer, connected between all computing machines by network; Described system is included in ray examination instrument, package module and central computer, On line inspection instrument is packaged into the form of CAB bag and is stored on central computer by package module, CAB bag is embedded IE browser by central computer, and terminal computer is downloaded this CAB by IE browser from central computer and wrapped and Auto-mounting; Central computer stores all up-to-date service packs and patch information; Described On line inspection instrument comprises tactful customized module, uniform data interface module, patch parsing module, enquiry module and download distribution module;
User initiates the safe On line inspection instruction of patch by the IE browser input on central computer to every station terminal computing machine, and the instruction of described patch safe On line inspection comprises online update instruction, patch type and latest edition number; CAB bag on every station terminal computing machine is according to the online updating instruction start-up check received, specific as follows:
Uniform data interface module receives the safe On line inspection instruction of patch by IE browser, starts patch parsing module; Patch parsing module goes out patch type and latest edition number according to the safe On line inspection instructions parse of patch; And from tactful customized module, obtain the current patch classification of local computer and patch release number, the two is compared, if local computer current patch release number is less than latest edition number, then patch classification is sent to download distribution module; Download distribution module obtains service packs corresponding to this patch classification according to the patch classification received, and downloads and installs, by the state after installing and result feedback to patch parsing module; Latest edition corresponding for the service packs of installation number, according to feedback result, when successful installation, is passed to tactful customized module by patch parsing module; If install unsuccessfully, then again download and install, if install failure in the number of times restriction preset always, then notify that failure information shows by enquiry module; Current patch classification and the patch release number of local computer is stored in strategy customized module, and the latest edition of reception number is compared with current patch release number, when current patch release number is less than or equal to latest edition, upgrade current patch release number by latest edition number; Otherwise, call enquiry module and current patch release number is greater than latest edition number shows.
2. the safe On line inspection system of the patch of terminaloriented computing machine according to claim 1, it is characterized in that: described tactful customized module also stores the current patch sense cycle of local computer, terminal computer initiatively passes through uniform data interface module according to patch sense cycle and initiates patch renewal application to central computer, and this patch type and latest edition number are sent to this terminal computer by central computer.
3. the safe On line inspection system of the patch of terminaloriented computing machine according to claim 1, is characterized in that: described download distribution module specific implementation step is as follows:
(1) receive the patch classification of the needs renewal that patch parsing module sends, this patch classification information is sent to central computer;
(2) central computer is by the connected state in Ping order acquisition network between central computer and each terminal computer;
(3) central computer sends network status query instruction by IE browser, the uniform data interface module of corresponding terminal computing machine obtains this instruction from IE browser and sends to download distribution module, download distribution module obtains the connection status with other terminal computer, and the information of acquisition is back to central computer by uniform data interface module;
(4) central computer is according to the status information received, set up a set, this set, using central computer as starting point, travels through the state of the terminal computer be attached thereto, by the corresponding relation < V between computing machine good for display connected state i, V j> is stored in this set, when the response time of central computer and terminal computer is within 500 milliseconds, represent good connection between central computer and terminal, otherwise connection status both representing is for blocking, the corresponding terminal computer that blocks is designated as V k; Wherein, V i(i=1) central computer is represented, the terminal computer that representative is good with central computer connected state;
(5) in set, determine a certain station terminal computing machine V blocked with central computer kmcorresponding relation, specific as follows:
(5.1) a certain station terminal computing machine V blocked with central computer in obtaining step (4) kmv in gathering with step (4) jbetween connection state information, if there is the computing machine of good connection, then by the V the shortest response time in connection state information jwith corresponding V kmcorresponding relation < V j, V km> is stored in set; If V jin do not exist and this station terminal computing machine V kmthe computing machine of good connection, then go to step (5.2);
(5.2) obtain and this station terminal computing machine V kmthe terminal computer V that other and central computer of good connection block kn; By < V kn, V km>, stored in this set, turns (5.3);
(5.3) terminal computer V is obtained knv in gathering with step (4) jbetween connection state information, if there is the computing machine of good connection, then by the V the shortest response time in connection state information jwith corresponding V kncorresponding relation < V j, V kn> is stored in set; If there is not the computing machine of good connection, then from set, delete < V kn, V km>, by < V 1, V km> is stored in set;
(6) other all terminal computer blocked with central computer is processed according to step (5);
(7) central computer is according to the content in set, status information and corresponding service packs is sent by IE browser, the uniform data interface module being connected good terminal computer with central computer obtains status information and service packs from IE browser, judges that status information is the need of this service packs being forwarded to other terminal computer; If desired, then service packs is forwarded to other terminal computer, and corresponding service packs is installed, return results to patch parsing module.
CN201210101326.4A 2012-04-06 2012-04-06 Safe online patch check system facing terminal computers Active CN102622550B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210101326.4A CN102622550B (en) 2012-04-06 2012-04-06 Safe online patch check system facing terminal computers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210101326.4A CN102622550B (en) 2012-04-06 2012-04-06 Safe online patch check system facing terminal computers

Publications (2)

Publication Number Publication Date
CN102622550A CN102622550A (en) 2012-08-01
CN102622550B true CN102622550B (en) 2015-04-22

Family

ID=46562465

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210101326.4A Active CN102622550B (en) 2012-04-06 2012-04-06 Safe online patch check system facing terminal computers

Country Status (1)

Country Link
CN (1) CN102622550B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10719608B2 (en) * 2015-02-06 2020-07-21 Honeywell International Inc. Patch monitoring and analysis
CN105302606A (en) * 2015-11-03 2016-02-03 用友网络科技股份有限公司 Project permission based patch downloading method and system
CN105260214B (en) * 2015-11-03 2018-12-18 用友网络科技股份有限公司 Intelligent patch method for pushing and system applied to complicated ERP system
CN106610857B (en) * 2016-12-23 2019-01-22 优刻得科技股份有限公司 A kind of hot patch information query method and device
CN107066247B (en) * 2016-12-29 2020-08-18 世纪龙信息网络有限责任公司 Patch query method and device
CN107481173A (en) * 2017-09-05 2017-12-15 王东红 A kind of Platform of Experimental Teaching experimental project update method and system
CN111857771A (en) * 2020-06-29 2020-10-30 国网福建省电力有限公司 Deep learning-based automatic operating system patch installation method and system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119231A (en) * 2007-07-19 2008-02-06 南京联创网络科技有限公司 Method to centralized manage and automatic download mend of computer security leak base

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7386698B2 (en) * 2005-05-12 2008-06-10 International Business Machines Corporation Apparatus and method for automatically defining, deploying and managing hardware and software resources in a logically-partitioned computer system
US8701104B2 (en) * 2009-12-14 2014-04-15 Opera Software Asa System and method for user agent code patch management

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119231A (en) * 2007-07-19 2008-02-06 南京联创网络科技有限公司 Method to centralized manage and automatic download mend of computer security leak base

Also Published As

Publication number Publication date
CN102622550A (en) 2012-08-01

Similar Documents

Publication Publication Date Title
CN102622550B (en) Safe online patch check system facing terminal computers
CN106936633B (en) Application installation package manufacturing method and server
US10140103B2 (en) POS application development method and cloud server
CN103001965B (en) Server certificate update method and server
CN104965726A (en) Configuration updating method, apparatus and system
CN105224362A (en) Host computer carries out the method and system of program upgrade to slave computer
CN103685554A (en) Upgrading method, device and system
US8060919B2 (en) Automated password tool and method of use
CN101894059B (en) A kind of detection method of running status and system
CN111433773B (en) Updating gateways in substations
CN104282093A (en) Tax-control equipment collective invoicing system and method
CN105991698A (en) Method, system and device for mobile terminal remotely managing intelligent router file
CN102611574A (en) Automatic configuration system and configuration method for VPN (Virtual Private Network)
CN106713507A (en) Management method and management system for batches of cloud terminal devices
CN106534342A (en) Connection control method and system, and hosts
CN103401931A (en) Method and system for downloading file
CN103186405B (en) A kind of unified control method and device of realizing equipment
CN104253832A (en) Remote file management method and system
CN104301419A (en) Non-local-machine remote download control system and method
CN104468493A (en) Method and system for logging into web page in network communication
CN104185167A (en) Method and terminal for updating cardlock information of terminal
CN113965571B (en) Management method, device, equipment and medium of distributed embedded equipment
CN109062599A (en) The management method and device of code update under micro services framework
CN102137058B (en) A kind of page access method and apparatus based on tab page
CN112559472B (en) File transmission method, device, computer equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant