CN103559591A - Software management system and management method based on trusted computing - Google Patents
Software management system and management method based on trusted computing Download PDFInfo
- Publication number
- CN103559591A CN103559591A CN201310582274.1A CN201310582274A CN103559591A CN 103559591 A CN103559591 A CN 103559591A CN 201310582274 A CN201310582274 A CN 201310582274A CN 103559591 A CN103559591 A CN 103559591A
- Authority
- CN
- China
- Prior art keywords
- software
- credible
- template
- trusted
- installation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Stored Programmes (AREA)
Abstract
The invention discloses a software management system and management method based on trusted computing. The management system comprises a trusted management center and a trusted terminal agent module, wherein the trusted terminal agent module is connected to the trusted management center through a network. The management method includes the following steps of installation and initialization of the trusted management center, installation and initialization of a trusted management agent, software registration, trusted policy acquisition, software package storage and configuration of a software template and an implementation template of a trusted terminal. According to the software management system and management method, centralized management and control of all applications in an information system of a trusted computer is efficiently achieved, and safe reliability is improved.
Description
Technical field
The present invention relates to a kind of software management system and management method based on credible calculating, belong to information security field, especially for the software management system based on credible calculating and the management method based on this management system.
Background technology
Current reliable computing technology is for root of trust construction and the existing a large amount of research and practices of transitive trust of unit, and existing relevant criterion draft is put into effect (calculating standard that < < is credible the 3rd part: credible shoring of foundation software > >).But become for the technical solution of how to carry out credible management and protection to being distributed in the overall information system of net environment the trend developing in current reliable computing technology.
Summary of the invention
The present invention is directed to the software information management system with credible regulatory requirement, by credible administrative center, the deployment ruuning situation of all softwares in software information system is carried out to centralized management, improve the security of the software information management system of credible calculating.
For realizing above-mentioned technical purpose, the invention provides a kind of management method of the software information management system based on credible calculating, described management system comprises credible administrative center and by network, is connected the trusted terminal of credible administrative center, described trusted terminal comprises credible administration agent, and described management method comprises the steps:
(1) installation and the initialization of the software information management system based on credible calculating;
(2) credible administrative center receives software installation kit and relevant information, registration after checking;
(3) credible administrative center carries out pre-installation, dependency analysis, tactful acquisition operations to the software of described software installation kit;
(4) credible administrative center packs described software installation kit, software information, software dependence and credible strategy sign and generates trusted software bag and preserve;
(5) credible administrative center configures trusted terminal software installation form according to software dependence, and according to trusted terminal software installation form, corresponding trusted software bag is pushed to trusted terminal successively by dependence;
(6) trusted terminal is protected credible strategy and credible tactful associated documents, and the software of described software installation kit is installed and controlled, the application that " associated documents " of this step refer to comprise in trusted software bag, script, dynamic base, kernel module etc. are carried out associated documents;
(7) credible administration agent, according to the instruction of credible administrative center, is installed the software of specified trusted software bag
/upgrade
/unloading operation, upgrades corresponding credible strategy.
Management method as above, installs control to the software of described software installation kit in described step (6) and comprises the software that only allows credible administration agent to revise and install described software installation kit.
Management method as above, the installation that the installation of the software information management system of described step (1) based on credible calculating and initialization comprise credible administrative center and installation and the initialization of initialization and credible administration agent.
Management method as above, described credible administrative center comprises administration module, credible warehouse and acquisition terminal, the management process of described administration module comprises verifying software source, to acquisition software packet signature, configuration template with issue template, described credible warehouse is preserved and management trusted software bag, described acquisition terminal pre installation software package, checks software dependence, gathers credible strategy and establishment acquisition software bag.
Management method as above, described step (2) comprises the steps:
(2.1) credible administrative center receives software installation kit and software information;
(2.2) check whether software installation kit has digital signature, if software installation kit does not have digital signature, this software package is registered as to other software, and finish, if there is digital signature to enter next step;
(2.3) whether the digital signature of inspection software installation kit is legal, if software installation kit signature is illegal, this software package is registered as to other software, and finishes, if sign the legal next step that enters;
(2.4) software installation kit is registered as to trusted software.
Management method as above, the software information in described step (2.1) comprises installation bag, program name, version number, software type, software manual.
Management method as above, described step (3) comprises the steps:
(1) open erecting tools, installation procedure starts;
(2) installation targets software, in installation process, records that this installation kit discharges and the All Files revised is installation record automatically;
(3), after installation finishes, erecting tools filters installs record, obtains the service of all executable files (comprising application, dynamic base, kernel module), script, registry entry and startup that target software is relevant;
(4) record is installed in erecting tools analysis, checks the dependence of All Files wherein and gathers, is summarized as dependence file;
(5) erecting tools calculates the hash value that All Files in record is installed, and is recorded as credible strategy;
(6) packing source software, credible strategy, dependence file, generate acquisition software bag.
Management method as above, the step that described step (4) generates trusted software bag comprises:
(1) administration module receives the acquisition software bag that acquisition terminal is sent;
(2) administration module is resolved acquisition software bag and dependence, generating indexes file;
(3) administration module generates trusted software bag to acquisition software packet signature, and deposits credible warehouse in;
(4) identification code that administration module wraps in this acquisition software in credible warehouse deposits index file in.
Management method as above, described administrative template is according to the software installation form of software dependence configuration trusted terminal, comprises establishment, revises, issues, deletes template.
Management method as above, the method for described drawing template establishment, comprises the steps:
(1) keeper sets up blank template;
(2) keeper adds the software that trusted terminal need to be moved in blank template;
(3) dependence of the selected software of administration module automatic analysis, the software package that selected software is relied on adds administrative template.
Management method as above, the modification of described template, comprises the steps:
(1) template that selection will be revised;
(2) original target software in interpolation or deletion template;
(3) administration module reanalyses support programs according to new target software combination, adds template.
Management method as above, issuing of described template, comprises following step:
(1) template that selection will issue and corresponding trusted terminal, initiate to issue operation;
(2) judge the whether existing template of trusted terminal, as do not have, jump to the 6th step;
(3) administration module is compared original template and the current software change situation issuing between template of this trusted terminal, if there is no corresponding template before this trusted terminal, thinks in current template that all software packages are new clothes software package except operating system;
(4) if comprise original template when front template, do not need the software package of unloading, mark issues in template all software and is and needs mounting software, skips to following step (6);
(5) administration module, by the be ranked sequence of unloading of uninstall bag of the principle of " unloading after the software being relied on ", generates unloading command sequence, notifies successively trusted terminal to carry out unloading operation;
(6) administration module is ranked and needs to install the erection sequence of trusted software bag according to " software being relied on is first installed " principle;
(7) administration module notifies credible warehouse to generate the disposable download link that needs mounting software bag;
(8) administration module is pressed trusted software bag erection sequence, download link life is encapsulated as to software package instruction sequence is installed;
(9) notice specifies trusted terminal to start template implementing procedure, and issues successively instruction sequence, until installation.
Management method as above, the deletion of described administrative template, comprises following step:
(1) template that selection will be deleted;
(2) administration module checks whether this template is applied by trusted terminal, if any, forbid deleting and pointing out, if not, enter next step;
(3) delete and specify template.
Management method as above, described step (6) trusted terminal is protected credible strategy and the specified file of credible strategy, comprises the steps:
(1) file operation behavior in trusted terminal check system, the retouching operation that interception is carried out credible strategy and the specified file of credible strategy;
(2) judge that whether this retouching operation is received credible administration agent and initiated, and as no, forbids revising;
(3) allow to revise.
Management method as above, described trusted terminal is installed and is controlled the software of described software installation kit, comprises the steps:
(1) software in trusted terminal check system is installed behavior;
(2) judge that whether this fitting operation is received credible administration agent and initiated, and as no, forbids;
(3) allow to install.
Management method as above, described step (7) further comprises the steps:
(1) when trusted terminal is moved, be regularly connected to administrative center, report this trusted terminal running status;
(2) credible administrative center issues flow process generating run instruction sequence by template, and making present instruction is the article one in sequence;
(3) credible administrative center issues present instruction;
(4) trusted terminal is accepted after instruction, by instruction sign test/installation/uninstall bag, and corresponding update strategy;
(5) trusted terminal is returned to operating result to credible administrative center;
(6) if operate successfully, administrative center continues to send next instruction, otherwise retransmits present instruction;
(7) repeat above 3-6 step, until all instructions of described operational order sequence are all successfully completed;
(8) credible administrative center sends installation information to trusted terminal.
As mentioned above, management method of the present invention, guarantees the consistance of software version in infosystem, the credibility that increases terminal software and corresponding credible strategy thereof, has improved security, in addition, the present invention also simplifies the management process of terminal software environment, improves credible tactful collecting efficiency.
[accompanying drawing explanation]
Fig. 1 is the system diagram of the information system software management system based on credible calculating of the present invention.
Fig. 2 is the management flow chart of management system of the present invention.
Fig. 3 is installation and the initialization flowchart of credible administrative center.
Fig. 4 is installation and the initialization flowchart of credible administration agent.
Fig. 5 is the structural drawing of the credible administrative center of management system of the present invention.
Fig. 6 is software registration and the warehouse-in process flow diagram of software management system of the present invention.
Fig. 7 is tactful collecting flowchart figure of the present invention.
Fig. 8 is the software warehouse-in process flow diagram of software management system of the present invention.
Fig. 9 is the template establishment process flow diagram of software management system of the present invention.
Figure 10 is the template modification process figure of software management system of the present invention.
Figure 11 is that the template of software management system of the present invention issues process flow diagram.
Figure 12 is that the template of software management system of the present invention is deleted process flow diagram.
Figure 13 is the trusted terminal structural drawing of software management system of the present invention.
The protection process flow diagram that Figure 14 is trusted terminal to credible strategy and the specified file of credible strategy.
Figure 15 is that trusted terminal stops illegal software installation procedure figure.
Figure 16 is the trusted terminal applying template process flow diagram of software management system of the present invention.
[embodiment]
For further setting forth the present invention, reach technological means and the effect that predetermined object is taked, below in conjunction with drawings and the embodiments, architectural feature, to concrete structure of the present invention and effect thereof, be described in detail as follows.
Sealing information system software management system based on credible calculating of the present invention comprises credible administrative center and trusted terminal, and as shown in Figure 1, credible administrative center connects by network and manages each trusted terminal system architecture.
Credible administrative center, as the core of software management system of the present invention, is responsible for verifying software source-information, trusted terminal software environment is carried out to templating management, and store trusted software.
Trusted terminal is disposed the computing terminal of credible computing function, is responsible for the instruction according to credible administrative center in software management system, carries out concrete software package reception, installation, unloading operation.
Consult Fig. 2, the management process of software management system of the present invention comprises the steps:
(1) system is installed and initialization flow process;
(2) after credible administrative center reception software installation kit and relevant information, checking, register;
(3) credible administrative center carries out pre-installation, dependency analysis, tactful acquisition operations to trusted software;
(4) software installation kit, software relevant information, software dependence and credible strategy are packed by credible administrative center, and after signature, preserve (below the software package after signature being called to trusted software bag);
(5) credible administrative center is according to software dependence configurating terminal software installation form, and according to template, relevant trusted software bag pushed to terminal successively by dependence;
(6) trusted terminal, according to the instruction of credible administrative center, is installed designated software
/upgrade
/unloading operation upgrades corresponding credible strategy simultaneously.
Consult Fig. 3, the installation of credible administrative center of the present invention and initialization following steps:
(1) credible administrative center software is installed;
(2) create certificate management list, terminal management list, policy template list, trusted software bag index;
(3) credible administrative center generates signing certificate pair;
(4) credible administrative center imports trusted software developer public key certificate;
(5) credible administrative center imports preset trusted software bag, manipulative indexing list and policy template list;
Consult Fig. 4, the installation of credible administration agent of the present invention and initialization following steps:
(1) trusted terminal is installed credible administration agent;
(2) trusted terminal is initiated application for registration to credible administrative center;
(3) credible administrative center adds terminal list by this terminal;
(4) credible administrative center issues administrative center's public signature key to trusted terminal;
(5) trusted terminal is preserved the public signature key of credible administrative center.
Formation and the principle of administrative center of the present invention are described below particularly.
Fig. 5 is the structural design drawing of credible administrative center of the present invention.Credible administrative center comprises administration module, credible warehouse and acquisition terminal.
The management function of administration module comprises verifying software source, to acquisition software packet signature, configuration template with issue template.The function in credible warehouse comprises preserves and management trusted software bag.The function of acquisition terminal comprises pre installation software package, checks software dependence, gathers credible strategy and establishment acquisition software bag.
The disposable collection of acquisition terminal to credible strategy, simplified the each software of traditional trusted terminal the loaded down with trivial details flow process that all will carry out strategy collection has been installed, greatly improved the collecting efficiency of credible strategy, originally the strategy that was distributed in each terminal is generated to action simultaneously and concentrate on administrative center, improved security of system, and be that tactful concentrated signature and management provides the foundation.
Credible warehouse is unique source of operating software in trusted terminal, thereby has realized the consistance of software version in infosystem.
Administration module is verified software package source and registration, the concentrated signature of credible strategy and the templating of terminal software management, realized the centralized control to software configuration in whole infosystem, ensured credible in policy store and transmitting procedure, and can provide and trace foundation for the application safety problem that may exist.Administration module is a software part of administrative center, comprises interface, operation logic two parts, consults instructions Fig. 5 and corresponding explanation; Administrative template is that administrative center is used for the data structure of configurating terminal software installment state, referring to Fig. 9,10,11,12 and corresponding explanation.
The management process of credible administrative center of the present invention comprises software registering flow path, tactful collecting flowchart, software warehouse-in flow process and Template Manager flow process.Each specific works flow process by administrative center of lower mask body is described in detail and explanation.
Consult Fig. 6, software registration and warehouse-in flow process comprise the steps:
(1) credible administrative center receives software and software information, comprises installation bag, program name, version number, software type, software manual;
(2) check whether software package has digital signature;
(3) as software package does not have digital signature, this software package is registered as to other software, flow process finishes;
(4) whether the digital signature of inspection software package is legal;
(5) as illegal in software package signature, this software package is registered as to other software, flow process finishes;
(6) software package is registered as to trusted software, flow process finishes.
Consult Fig. 7, tactful collecting flowchart refers to after software has been registered, and carries out credible strategy and gathers, and generate the workflow of acquisition software bag by acquisition terminal, and software collection flow process comprises the steps:
(1) open erecting tools, installation procedure starts;
(2) installation targets software, in installation process, records that this installation kit discharges and the All Files revised is installation record automatically;
(3), after installation finishes, erecting tools filters installs record, obtains the service of all executable files (comprising application, dynamic base, kernel module), script, registry entry and startup that target software is relevant;
(4) record is installed in erecting tools analysis, checks the dependence of All Files wherein and gathers, is summarized as dependence file;
(5) erecting tools calculates the hash value that All Files in record is installed, and is recorded as credible strategy;
(6) packing source software, credible strategy, dependence file, generate acquisition software bag.
Consult Fig. 8, the software warehouse-in flow process of software management system of the present invention comprises sets up index and warehouse-in to trusted software bag, comprises the steps:
(1) administration module receives the acquisition software bag that acquisition terminal is sent;
(2) administration module is resolved acquisition software bag and dependence, generating indexes file; (comprising program name, version number, dependence, program description)
(3) administration module is to acquisition software packet signature (after signature, acquisition software bag is called trusted software bag), and deposits credible warehouse in;
(4) identification code that administration module wraps in this acquisition software in credible warehouse deposits index file in.
The template management function of software management system of the present invention can be based on index file, according to software dependence configurating terminal software installation form.The management of template is divided into establishment, revises, issues, deletes four kinds of flow processs.For these four kinds of flow processs, describe respectively and illustrate respectively below.
Consult Fig. 9, the flow process of the drawing template establishment of Template Manager of the present invention, comprises following step:
(1) keeper sets up blank template;
(2) keeper adds the software (being called target software) that terminal need to be moved in blank template;
(3) dependence of the selected software of administration module automatic analysis, the software package that selected software is relied on (being called support programs) adds template;
(4) complete template configuration.
Consult Figure 10, the method for the modification process of Template Manager, comprises following step:
(1) keeper selects the template that will revise;
(2) original target software in keeper's interpolation or deletion template;
(3) administration module reanalyses support programs according to new target software combination, adds template;
(4) complete template configuration.
Consult Figure 11, the flow process that issues of Template Manager comprises following step:
(1) keeper selects template and the corresponding trusted terminal that will issue, and initiates to issue operation;
(2) judge the whether existing template of terminal, as do not have, jump to the 6th step;
(3) administration module is compared the original template of this trusted terminal and is currently issued software change situation between template, if there is no corresponding templates before this terminal, thinks that in front template all software packages are new clothes software package except operating system;
(4) if comprise original template when front template, do not need the software package of unloading, mark issues in template all software and is and needs mounting software, skips to the 6th step;
(5) administration module, by the be ranked sequence of unloading of uninstall bag of the principle of " unloading after the software being relied on ", generates unloading command sequence, notifies successively trusted terminal to carry out unloading operation;
(6) administration module is ranked and needs to install the erection sequence of trusted software bag according to " software being relied on is first installed " principle;
(7) administration module notifies credible warehouse to generate the disposable download link that needs mounting software bag;
(8) administration module is pressed trusted software bag erection sequence, download link life is encapsulated as to software package instruction sequence is installed;
(9) notice specifies trusted terminal to start template implementing procedure, and issues successively instruction sequence, until installation (the module implementing procedure of the corresponding trusted terminal of this step of *).
Consult Figure 12, the method for the deletion flow process of Template Manager, comprises following step:
(1) keeper selects the template that will delete;
(2) administration module checks whether this template is applied by trusted terminal, if any, forbid deleting and pointing out;
(3) delete and specify template.
Consulting Figure 13, is the structural design of trusted terminal of the present invention.The trusted terminal of the present invention's design is by realizing at the credible administration agent that possesses substantially credible computing function.Wherein, " substantially credible computing function " comprising: (1) trust chain authentication function; (2) application that trust has been added in protection is not by the function of malicious modification; (3) function of forbidding that unknown software is arbitrarily installed and upgrading existing software.
The specific implementation of above-mentioned substantially credible computing function can be with reference to credible calculating standard the 3rd part of China standard < <: the relevant documentation of credible shoring of foundation software > > and credible computation organization (TCG) issue.
Under the support of the credible computing function in above-mentioned basis, the present invention, by trusted code module, realizes the management based on template that credible administrative center installs, upgrades, unloads software in trusted terminal.
The workflow of trusted terminal of the present invention comprises the protection flow process of credible strategy and the specified file of credible strategy, the control flow that software is installed, the applying template flow process of credible administration agent.By the enforcement of these flow processs, guaranteed only to have credible administration agent can the software environment of trusted terminal is configured and be revised, guaranteed only to have through the software of administrative center's signature could be in system installation and operation, thereby stoped the installation of external illegal software and to the illegal modifications of mounting software, guaranteed the consistance of software version and the credibility of terminal software and corresponding credible strategy thereof in system.
Consult Figure 14, the protection flow process to credible strategy and the specified file of credible strategy, comprises following step:
(1) file operation behavior in trusted terminal check system, the retouching operation that interception is carried out credible strategy and the specified file of credible strategy.
(2) judge that whether this retouching operation is received credible administration agent and initiated, and as no, forbids revising.
(3) allow to revise.
Consult Figure 15, the control flow that software is installed, comprises following step:
(1) software in trusted terminal check system is installed behavior (referring to the establishment behavior of executable file and associated script, link).
(2) judge that whether this fitting operation is received credible administration agent and initiated, and as no, forbids.
(3) allow to install.
Consult Figure 16, the applying template flow process to credible administration agent, comprises following step:
(1) when trusted terminal is moved, be regularly connected to administrative center, report this terminal running state;
(2) credible administrative center is by " template issues flow process " generating run instruction sequence, instruction comprises " mode of operation (installing/unloading); software package sign (dbase and version number), download link (effective while only installing) ", and making present instruction is the article one in sequence;
(3) credible administrative center issues present instruction;
(4) trusted terminal is accepted after instruction, by instruction sign test/installation/uninstall bag, and corresponding update strategy;
(5) trusted terminal is returned to operating result to administrative center;
(6), if operate successfully, administrative center continues to send next instruction, otherwise retransmits this instruction;
(7) repeat above 3-6 step, until all instructions are all successfully completed;
(8) credible administrative center sends installation information to trusted terminal.
The above embodiment of the present invention is only in order to illustrate principle of the present invention and structure, and those skilled in the art do any apparent conversion implementer accordingly, all within protection scope of the present invention.
Claims (17)
1. the software management system based on credible calculating, comprise credible administrative center and trusted terminal, credible administrative center connects by network and manages each trusted terminal, it is characterized in that, described trusted terminal comprises credible administration agent, verifying software source-information in described credible management, trusted terminal software environment is carried out to templating management, and store trusted software, described trusted terminal is arranged at the computing terminal of credible computational grid, in software management system, be responsible for the instruction according to credible administrative center, carrying out concrete software package receives, install, unloading operation.
2. the management method of the software management system based on credible calculating, described management system comprises credible administrative center and by network, is connected the trusted terminal of credible administrative center, described trusted terminal comprises credible administration agent, it is characterized in that, described management method comprises the steps:
Installation and the initialization of the software information management system based on credible calculating;
Credible administrative center receives software installation kit and relevant information, registration after checking;
Credible administrative center carries out pre-installation, dependency analysis, tactful acquisition operations to the software of described software installation kit;
Credible administrative center packs described software installation kit, software information, software dependence and credible strategy sign and generates trusted software bag, and preserves;
Credible administrative center configures trusted terminal software installation form according to software dependence, and according to trusted terminal software installation form, corresponding trusted software bag is pushed to trusted terminal successively by dependence;
Trusted terminal is protected credible strategy and credible tactful associated documents, and the software of described software installation kit is installed and controlled;
Credible administration agent, according to the instruction of credible administrative center, is installed the software of specified trusted software bag
/upgrade
/unloading operation, upgrades corresponding credible strategy.
3. management method as claimed in claim 2, is characterized in that, in described step (6), the software of described software installation kit is installed to control to comprise the software that only allows credible administration agent to revise and install described software installation kit.
4. management method as claimed in claim 2, is characterized in that, the installation that the installation of the software information management system of described step (1) based on credible calculating and initialization comprise credible administrative center and installation and the initialization of initialization and credible administration agent.
5. management method as claimed in claim 2, it is characterized in that, credible administrative center comprises administration module, credible warehouse and acquisition terminal, the management process of described administration module comprises verifying software source, to acquisition software packet signature, configuration template with issue template, described credible warehouse is preserved and management trusted software bag, described acquisition terminal pre installation software package, checks software dependence, gathers credible strategy and establishment acquisition software bag.
6. management method as claimed in claim 2, is characterized in that, described step (2) comprises the steps:
(2.1) credible administrative center receives software installation kit and software information;
(2.2) check whether software installation kit has digital signature, if software installation kit does not have digital signature, this software package is registered as to other software, and finish, if there is digital signature to enter next step;
(2.3) whether the digital signature of inspection software installation kit is legal, if software installation kit signature is illegal, this software package is registered as to other software, and finishes, if sign the legal next step that enters;
(2.4) software installation kit is registered as to trusted software.
7. management method as claimed in claim 6, is characterized in that, the software information in described step (2.1) comprises installation bag, program name, version number, software type, software manual.
8. management method as claimed in claim 5, is characterized in that, described step (3) comprises the steps:
(1) open erecting tools, installation procedure starts;
(2) installation targets software, in installation process, records that this installation kit discharges and the All Files revised is installation record automatically;
(3), after installation finishes, erecting tools filters installs record, obtains the service of all executable files (comprising application, dynamic base, kernel module), script, registry entry and startup that target software is relevant;
(4) record is installed in erecting tools analysis, checks the dependence of All Files wherein and gathers, is summarized as dependence file;
(5) erecting tools calculates the hash value that All Files in record is installed, and is recorded as credible strategy;
(6) packing source software, credible strategy, dependence file, generate acquisition software bag.
9. management method as claimed in claim 2, is characterized in that, described step (4) comprising:
Administration module receives the acquisition software bag that acquisition terminal is sent;
Administration module is resolved acquisition software bag and dependence, generating indexes file;
Administration module generates trusted software bag to acquisition software packet signature, and deposits credible warehouse in;
The identification code that administration module wraps in this acquisition software in credible warehouse deposits index file in.
10. management method as claimed in claim 5, is characterized in that, described administrative template is according to the software installation form of software dependence configuration trusted terminal, comprises establishment, revises, issues, deletes template.
11. management methods as claimed in claim 10, is characterized in that, the method for described drawing template establishment, comprises the steps:
Keeper sets up blank template;
Keeper adds the software that trusted terminal need to be moved in blank template;
The dependence of the selected software of administration module automatic analysis, the software package that selected software is relied on adds administrative template.
12. as the management method of claim 10, it is characterized in that, the modification of described template, comprises the steps:
The template that selection will be revised;
Original target software in interpolation or deletion template;
Administration module reanalyses support programs according to new target software combination, adds template.
13. management methods as claimed in claim 10, is characterized in that, issuing of described template comprises following step:
The template that selection will issue and corresponding trusted terminal, initiate to issue operation;
Judge the whether existing template of trusted terminal, as do not have, jump to the 6th step;
Administration module is compared original template and the current software change situation issuing between template of this trusted terminal, if there is no corresponding template before this trusted terminal, thinks in current template that all software packages are new clothes software package except operating system;
If comprise original template when front template, do not need the software package of unloading, mark issues in template all software and is and needs mounting software, skips to following step (6);
Administration module, by the be ranked sequence of unloading of uninstall bag of the principle of " unloading after the software being relied on ", generates unloading command sequence, notifies successively trusted terminal to carry out unloading operation;
Administration module is ranked and needs to install the erection sequence of trusted software bag according to " software being relied on is first installed " principle;
Administration module notifies credible warehouse to generate the disposable download link that needs mounting software bag;
Administration module is pressed trusted software bag erection sequence, download link life is encapsulated as to software package instruction sequence is installed;
Notice specifies trusted terminal to start template implementing procedure, and issues successively instruction sequence, until installation.
14. management methods as claimed in claim 10, is characterized in that, the deletion of described administrative template comprises following step:
The template that selection will be deleted;
Administration module checks whether this template is applied by trusted terminal, if any, forbid deleting and pointing out, if not, enter next step;
Delete and specify template.
15. management methods as claimed in claim 2, is characterized in that, described step (6) trusted terminal is protected credible strategy and the specified file of credible strategy, comprises the steps:
File operation behavior in trusted terminal check system, the retouching operation that interception is carried out credible strategy and the specified file of credible strategy;
Judge whether this retouching operation is received credible administration agent and initiated, and if so, enters next step, as no, forbids revising;
Allow to revise.
16. management methods as claimed in claim 2, is characterized in that, described trusted terminal is installed and controlled the software of described software installation kit, comprises the steps:
Software in trusted terminal check system is installed behavior (referring to the establishment behavior of executable file and associated script, link);
Judge that whether this fitting operation is received credible administration agent and initiated, and as no, forbids;
Allow to install.
17. management methods as claimed in claim 2, is characterized in that, described step (7) further comprises the steps:
During trusted terminal operation, be regularly connected to administrative center, report this trusted terminal running status;
Credible administrative center issues flow process generating run instruction sequence by template, and making present instruction is the article one in sequence;
Credible administrative center issues present instruction;
Trusted terminal is accepted after instruction, by instruction sign test/installation/uninstall bag, and corresponding update strategy;
(5) trusted terminal is returned to operating result to credible administrative center;
(6) if operate successfully, administrative center continues to send next instruction, otherwise retransmits present instruction;
(7) repeat above 3-6 step, until all instructions of described operational order sequence are all successfully completed;
(8) credible administrative center sends installation information to trusted terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310582274.1A CN103559591B (en) | 2013-11-20 | 2013-11-20 | Software management system based on trust computing and management method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310582274.1A CN103559591B (en) | 2013-11-20 | 2013-11-20 | Software management system based on trust computing and management method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103559591A true CN103559591A (en) | 2014-02-05 |
| CN103559591B CN103559591B (en) | 2016-10-26 |
Family
ID=50013831
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310582274.1A Active CN103559591B (en) | 2013-11-20 | 2013-11-20 | Software management system based on trust computing and management method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103559591B (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103984579A (en) * | 2014-05-30 | 2014-08-13 | 满金标 | Method for multiple equipment rooms to share current application program real-time running state |
| WO2016070651A1 (en) * | 2014-11-05 | 2016-05-12 | 中兴通讯股份有限公司 | Software centre system |
| CN106250726A (en) * | 2016-08-10 | 2016-12-21 | 深圳金澜汉源科技有限公司 | Software version state management-control method |
| CN106775716A (en) * | 2016-12-15 | 2017-05-31 | 中国科学院沈阳自动化研究所 | A kind of credible PLC based on tolerance mechanism starts method |
| CN106775912A (en) * | 2016-12-15 | 2017-05-31 | 广州视源电子科技股份有限公司 | Software release method and system |
| CN107305495A (en) * | 2016-04-19 | 2017-10-31 | 华为技术有限公司 | Realize the method and terminal of software installation packet function modification |
| CN109255061A (en) * | 2018-08-13 | 2019-01-22 | 武汉飞游科技有限公司 | A kind of software backstage download management system |
| CN109309690A (en) * | 2018-12-28 | 2019-02-05 | 中国人民解放军国防科技大学 | Software white list control method based on message authentication code |
| CN109861970A (en) * | 2018-12-18 | 2019-06-07 | 北京可信华泰信息技术有限公司 | A kind of system based on credible strategy |
| CN110334517A (en) * | 2019-07-05 | 2019-10-15 | 北京可信华泰信息技术有限公司 | The update method and device of credible strategy, credible and secure management platform |
| CN110334516A (en) * | 2019-07-05 | 2019-10-15 | 北京可信华泰信息技术有限公司 | The update method and device of credible strategy |
| CN110363007A (en) * | 2019-07-05 | 2019-10-22 | 北京可信华泰信息技术有限公司 | The update method and device of credible strategy |
| CN110677416A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Dynamic measurement method and device and trusted computing terminal |
| CN110677483A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Information processing system and trusted security management system |
| CN110704849A (en) * | 2019-09-29 | 2020-01-17 | 北京可信华泰信息技术有限公司 | Client information processing method and device |
| CN111198694A (en) * | 2018-11-20 | 2020-05-26 | 北京国双科技有限公司 | Software installation method and device |
| CN111565111A (en) * | 2020-03-20 | 2020-08-21 | 国电南瑞科技股份有限公司 | Trusted computing management system and method based on C/S architecture |
| CN111814138A (en) * | 2020-06-30 | 2020-10-23 | 郑州信大先进技术研究院 | Software security management system based on cloud platform |
| CN111898118A (en) * | 2020-07-13 | 2020-11-06 | 北京中软华泰信息技术有限责任公司 | Linux software security upgrading system and method based on automatic deduction |
| CN112101716A (en) * | 2020-08-07 | 2020-12-18 | 广东电网有限责任公司 | Terminal asset management method based on hierarchical decoupling |
| CN112104653A (en) * | 2020-09-15 | 2020-12-18 | 全球能源互联网研究院有限公司 | Charging system trusted computing management method and device and storage medium |
| CN112256343A (en) * | 2016-05-10 | 2021-01-22 | 华为技术有限公司 | Software loading method, equipment and system |
| CN114356285A (en) * | 2021-04-28 | 2022-04-15 | 上海核工程研究设计院有限公司 | Paperless design system and design method thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242297A (en) * | 2007-09-14 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | A method for managing trusted network |
| CN101247410A (en) * | 2008-03-28 | 2008-08-20 | 兰雨晴 | Method for implementing reliable network system based on reliable computation |
| US8254579B1 (en) * | 2007-01-31 | 2012-08-28 | Hewlett-Packard Development Company, L.P. | Cryptographic key distribution using a trusted computing platform |
-
2013
- 2013-11-20 CN CN201310582274.1A patent/CN103559591B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8254579B1 (en) * | 2007-01-31 | 2012-08-28 | Hewlett-Packard Development Company, L.P. | Cryptographic key distribution using a trusted computing platform |
| CN101242297A (en) * | 2007-09-14 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | A method for managing trusted network |
| CN101247410A (en) * | 2008-03-28 | 2008-08-20 | 兰雨晴 | Method for implementing reliable network system based on reliable computation |
Non-Patent Citations (1)
| Title |
|---|
| 王长辉: "可信应用软件管理机制研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (40)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103984579B (en) * | 2014-05-30 | 2018-04-13 | 满金标 | More equipment rooms share the method for current application program real-time running state |
| CN103984579A (en) * | 2014-05-30 | 2014-08-13 | 满金标 | Method for multiple equipment rooms to share current application program real-time running state |
| CN105635218B (en) * | 2014-11-05 | 2020-10-16 | 深圳市中兴通讯技术服务有限责任公司 | Software center system |
| WO2016070651A1 (en) * | 2014-11-05 | 2016-05-12 | 中兴通讯股份有限公司 | Software centre system |
| CN105635218A (en) * | 2014-11-05 | 2016-06-01 | 中兴通讯股份有限公司 | Software center system |
| CN107305495A (en) * | 2016-04-19 | 2017-10-31 | 华为技术有限公司 | Realize the method and terminal of software installation packet function modification |
| CN112256343B (en) * | 2016-05-10 | 2022-05-10 | 华为技术有限公司 | Software loading method, equipment and system |
| CN112256343A (en) * | 2016-05-10 | 2021-01-22 | 华为技术有限公司 | Software loading method, equipment and system |
| CN106250726A (en) * | 2016-08-10 | 2016-12-21 | 深圳金澜汉源科技有限公司 | Software version state management-control method |
| CN106775912A (en) * | 2016-12-15 | 2017-05-31 | 广州视源电子科技股份有限公司 | Software release method and system |
| CN106775716B (en) * | 2016-12-15 | 2020-04-17 | 中国科学院沈阳自动化研究所 | Trusted PLC (programmable logic controller) starting method based on measurement mechanism |
| CN106775716A (en) * | 2016-12-15 | 2017-05-31 | 中国科学院沈阳自动化研究所 | A kind of credible PLC based on tolerance mechanism starts method |
| US11093258B2 (en) | 2016-12-15 | 2021-08-17 | Shenyang Institute Of Automation, Chinese Academy Of Sciences | Method for trusted booting of PLC based on measurement mechanism |
| CN109255061A (en) * | 2018-08-13 | 2019-01-22 | 武汉飞游科技有限公司 | A kind of software backstage download management system |
| CN111198694A (en) * | 2018-11-20 | 2020-05-26 | 北京国双科技有限公司 | Software installation method and device |
| CN109861970B (en) * | 2018-12-18 | 2022-04-22 | 北京可信华泰信息技术有限公司 | System based on credible strategy |
| CN109861970A (en) * | 2018-12-18 | 2019-06-07 | 北京可信华泰信息技术有限公司 | A kind of system based on credible strategy |
| CN109309690A (en) * | 2018-12-28 | 2019-02-05 | 中国人民解放军国防科技大学 | Software white list control method based on message authentication code |
| CN109309690B (en) * | 2018-12-28 | 2019-04-02 | 中国人民解放军国防科技大学 | Software white list control method based on message authentication code |
| CN110334516B (en) * | 2019-07-05 | 2023-02-24 | 北京可信华泰信息技术有限公司 | Method and device for updating trusted policy |
| CN110334516A (en) * | 2019-07-05 | 2019-10-15 | 北京可信华泰信息技术有限公司 | The update method and device of credible strategy |
| CN110363007B (en) * | 2019-07-05 | 2023-02-28 | 北京可信华泰信息技术有限公司 | Method and device for updating trusted policy |
| CN110334517A (en) * | 2019-07-05 | 2019-10-15 | 北京可信华泰信息技术有限公司 | The update method and device of credible strategy, credible and secure management platform |
| CN110363007A (en) * | 2019-07-05 | 2019-10-22 | 北京可信华泰信息技术有限公司 | The update method and device of credible strategy |
| CN110334517B (en) * | 2019-07-05 | 2021-05-14 | 北京可信华泰信息技术有限公司 | Trusted policy updating method and device and trusted security management platform |
| CN110704849A (en) * | 2019-09-29 | 2020-01-17 | 北京可信华泰信息技术有限公司 | Client information processing method and device |
| CN110704849B (en) * | 2019-09-29 | 2022-03-15 | 北京可信华泰信息技术有限公司 | Client information processing method and device |
| CN110677483A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Information processing system and trusted security management system |
| CN110677416A (en) * | 2019-09-29 | 2020-01-10 | 北京可信华泰信息技术有限公司 | Dynamic measurement method and device and trusted computing terminal |
| CN111565111A (en) * | 2020-03-20 | 2020-08-21 | 国电南瑞科技股份有限公司 | Trusted computing management system and method based on C/S architecture |
| CN111565111B (en) * | 2020-03-20 | 2022-07-15 | 国电南瑞科技股份有限公司 | Trusted computing management system and method based on C/S architecture |
| CN111814138A (en) * | 2020-06-30 | 2020-10-23 | 郑州信大先进技术研究院 | Software security management system based on cloud platform |
| CN111814138B (en) * | 2020-06-30 | 2023-05-02 | 郑州信大先进技术研究院 | Cloud platform-based software security management system |
| CN111898118A (en) * | 2020-07-13 | 2020-11-06 | 北京中软华泰信息技术有限责任公司 | Linux software security upgrading system and method based on automatic deduction |
| CN111898118B (en) * | 2020-07-13 | 2024-04-26 | 北京中软华泰信息技术有限责任公司 | Automatic deduction-based linux software security upgrading system and method |
| CN112101716A (en) * | 2020-08-07 | 2020-12-18 | 广东电网有限责任公司 | Terminal asset management method based on hierarchical decoupling |
| CN112104653A (en) * | 2020-09-15 | 2020-12-18 | 全球能源互联网研究院有限公司 | Charging system trusted computing management method and device and storage medium |
| CN112104653B (en) * | 2020-09-15 | 2023-03-14 | 全球能源互联网研究院有限公司 | Trusted computing management method and device for charging system and storage medium |
| CN114356285A (en) * | 2021-04-28 | 2022-04-15 | 上海核工程研究设计院有限公司 | Paperless design system and design method thereof |
| CN114356285B (en) * | 2021-04-28 | 2024-05-17 | 上海核工程研究设计院股份有限公司 | Paperless design system and design method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103559591B (en) | 2016-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103559591A (en) | Software management system and management method based on trusted computing | |
| Corina et al. | Difuze: Interface aware fuzzing for kernel drivers | |
| CN102792307B (en) | The system and method for NS software is provided in virtual environment | |
| US11093258B2 (en) | Method for trusted booting of PLC based on measurement mechanism | |
| CN101187867B (en) | Operating system monitoring setting information generating apparatus and operating system monitoring apparatus | |
| TWI596959B (en) | Device validation, distress indication, and remediation | |
| CN102520948B (en) | Application maintenance update method and device | |
| CN102420902B (en) | A kind of method of classification management over right of using functions and mobile terminal | |
| CN104270467B (en) | A kind of virtual machine management-control method for mixed cloud | |
| CN102236764B (en) | Method and monitoring system for Android system to defend against desktop information attack | |
| CN101788915A (en) | White list updating method based on trusted process tree | |
| CN102521548A (en) | Method for managing using rights of function and mobile terminal | |
| CN105205401A (en) | Trusted computer system based on safe password chip and trusted guiding method thereof | |
| CN104933354A (en) | Trusted computing based white list static measurement method | |
| CN112558946A (en) | Method, device and equipment for generating code and computer readable storage medium | |
| CN104573435A (en) | Method for terminal authority management and terminal | |
| Yang et al. | Finding consensus bugs in ethereum via multi-transaction differential fuzzing | |
| CN104216741A (en) | Android plug-in implementation method and device based on APK (Android Package) dynamic loading and interaction method | |
| CN105069352A (en) | Method for constructing trusted application program running environment on server | |
| WO2017050186A1 (en) | Application permission management method and smart pos terminal | |
| CN109863475A (en) | The upgrade method and relevant device of a kind of application in safety element | |
| CN105825131A (en) | Computer security startup protection method on basis of UEFI (Unified Extensible Firmware Interface) | |
| CN103944920A (en) | Network worm active hampering method based on driver checking and confronting tool automatic generation system | |
| Jia et al. | Programmable system call security with ebpf | |
| CN103885784A (en) | Method for establishing Android platform with security module and plugging function |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Zhang Yu Inventor after: Wang Xiaoping Inventor after: Tian Jiansheng Inventor after: Zhou Huawen Inventor after: Fan Zongliang Inventor before: Shen Jun |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: SHEN JUN TO: ZHANG YU WANG XIAOPING TIAN JIANSHENG ZHOU HUAWEN FAN ZONGLIANG |
|
| C53 | Correction of patent of invention or patent application | ||
| CB03 | Change of inventor or designer information |
Inventor after: Sun Yu Inventor after: Wang Xiaoping Inventor after: Tian Jiansheng Inventor after: Zhou Huawen Inventor after: Fan Zongliang Inventor before: Zhang Yu Inventor before: Wang Xiaoping Inventor before: Tian Jiansheng Inventor before: Zhou Huawen Inventor before: Fan Zongliang |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: INVENTOR; FROM: ZHANG YU WANG XIAOPING TIAN JIANSHENG ZHOU HUAWEN FAN ZONGLIANG TO: SUN YU WANG XIAOPING TIAN JIANSHENG ZHOU HUAWEN FAN ZONGLIANG |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |