CN108182095A - A kind of application dispositions method, device and equipment - Google Patents
A kind of application dispositions method, device and equipment Download PDFInfo
- Publication number
- CN108182095A CN108182095A CN201810037699.7A CN201810037699A CN108182095A CN 108182095 A CN108182095 A CN 108182095A CN 201810037699 A CN201810037699 A CN 201810037699A CN 108182095 A CN108182095 A CN 108182095A
- Authority
- CN
- China
- Prior art keywords
- closed container
- application
- packet
- deployment
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 53
- 238000003860 storage Methods 0.000 claims description 14
- 230000006378 damage Effects 0.000 claims description 10
- 238000004891 communication Methods 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 claims description 8
- 238000007599 discharging Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 14
- 239000000284 extract Substances 0.000 abstract description 2
- 230000006870 function Effects 0.000 description 11
- 238000004590 computer program Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 230000007246 mechanism Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 8
- 230000006872 improvement Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 5
- 101150096185 PAAS gene Proteins 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000000750 progressive effect Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 230000002269 spontaneous effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Abstract
This application discloses a kind of application dispositions method, device and equipment, this, when receiving using Disposition Instructions, generates closed container using in dispositions method;For closed container configuration access permission, wherein, the access rights only limit the closed container itself access;Application deployment packet is treated using closed container reception;Treat that application program operating file is deployed in the closed container by application deployment packet using described.The application can be avoided server in itself or remaining user extracts application program associated documents from closed container; to ensure that application program operating file is not stolen in operational process in the server, application program associated documents is made to obtain safeguard protection to greatest extent.
Description
Technical field
This application involves a kind of field of communication technology more particularly to application dispositions method, device and equipment.
Background technology
Cloud computing at present is divided into PaaS (Platform-as-a-Service, platform and service) cloud computing, IAAS
(Infrastructure as a Service, infrastructure service) cloud computing and SAAS (Software-as-a-
Service, software service) cloud computing.It is virtual machine one by one that IAAS cloud computings are corresponding, and application program can fix race
On a certain machine.PaaS is distributed platform, i.e., is run on the hardware device that application program cannot be specified at a certain, should
With the operation of program, it is assigned randomly on a certain machine hardware terminal.SAAS clouds are potentially based on IAAS, it is also possible to be based on
PAAS。
IAAS is being used as user so when providing service, directly can distribute the hardware device that specify, user for user
Application program can be managed by the equipment, during the service for buying service provider using commercially available, license be needed also may be used
It binds at any time.
However, since PaaS is without stationary machines, so the resource such as memory, cpu and memory capacity can only be provided.That is,
All PAAS applications, are required for running in a reservoir.At this point, if license based on binding mac, will be unable to
It uses.So PAAS platforms need to provide a kind of mechanism, to limit the use of application, i.e. service provider exceeds the time limit to make in application
Used time can control the destruction of application.
Meanwhile when being disposed in PAAS cloud platforms and running application program, user needs to upload source code packet and in a reservoir
Start.After source code wraps biography, it will usually be stored in specified position, at this point, the developer of cloud platform is can to obtain source code
Packet.When any application starts, it is required for parsing code that can just run, so the code after parsing can be retained in container, it is general
The parsing code of logical container, the developer of cloud platform can also obtain, application can not obtain safeguard protection to greatest extent.
Invention content
This specification embodiment provides a kind of application dispositions method, device and equipment, to ensure application program operation text
Part is not stolen in operational process in the server.
The a kind of of this specification embodiment offer applies dispositions method, the method includes:
When receiving using Disposition Instructions, closed container is generated;
For the closed container configuration access permission, wherein, the access rights only limit the closed container itself access;
Application deployment packet is treated using closed container reception;
Treat that application program operating file is deployed in the closed container by application deployment packet using described.
Based on similary thought, device is disposed in a kind of application that this specification embodiment also provides, and described device includes:
Generation module, for when receiving using Disposition Instructions, generating closed container;
Configuration module, for for the closed container configuration access permission, wherein, the access rights only limit the closing
Container itself accesses;
Receiving module, for treating application deployment packet using closed container reception;
Deployment module, for treating that application program operating file is deployed in the closed container by application deployment packet described in utilization
In.
In addition, this specification embodiment also provide it is a kind of using deployment facility, including:
Memory, storage is using deployment program;
Communication interface is received using Disposition Instructions;
Processor after communication interface is received using Disposition Instructions, calls the application deployment program stored in memory,
And it performs:
When receiving using Disposition Instructions, closed container is generated;
For the closed container configuration access permission, wherein, the access rights only limit the closed container itself access;
Application deployment packet is treated using closed container reception;
Treat that application program operating file is deployed in the closed container by application deployment packet using described.
Above-mentioned at least one technical solution that this specification embodiment uses can reach following advantageous effect:
When receiving the application Disposition Instructions that user sends out using deployment facility, a closed container is generated in advance, simultaneously
For the closed container configuration access permission, which only allows closed container itself to access, avoid server in itself or
Remaining user extracts application program associated documents from closed container, to ensure that application program operating file is run in the server
It is not stolen in the process, application program associated documents is made to obtain safeguard protection to greatest extent.
In addition, the application can also be by when the deployment operation of the application program operating file be completed, described in destruction
Application deployment packet is treated, to ensure to treat that application deployment packet is not stolen;When the application program operating file is out of service, destroy
The application program operating file, to ensure that application program operating file is not stolen;Meanwhile treat application deployment packet uploading
In the process, application source code is encrypted using asymmetric encryption mechanism, further improves the safety of application program
Property.
Description of the drawings
Attached drawing described herein is used for providing further understanding of the present application, forms the part of the application, this Shen
Illustrative embodiments and their description please do not form the improper restriction to the application for explaining the application.In the accompanying drawings:
Fig. 1 is the configuration diagram being based on using dispositions method that this specification embodiment provides;
Fig. 2 applies deployment process for what this specification embodiment provided;
Fig. 3 is the another kind application deployment process that this specification embodiment provides;
Fig. 4 is the application deployment flow diagram in practical applications that this specification embodiment provides;
Fig. 5 is the startup logical schematic for being used for application deployment flow that this specification embodiment provides;
Fig. 6 is the application deployment apparatus structure schematic diagram that this specification embodiment provides.
Specific embodiment
Purpose, technical scheme and advantage to make the application are clearer, below in conjunction with the application specific embodiment and
Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one
Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Go out all other embodiments obtained under the premise of creative work, shall fall in the protection scope of this application.
In one or more embodiments in the present specification, using the method for deployment can be applied to demand for security compared with
High application deployment work.
Specifically, the application described in the present embodiment refers to the computer software application for enterprise and personal use.With
Computer software application can be deployed in server by family using application deployment packet, wherein, application deployment packet includes
File packet after the program code of most original, compiling and obscure compressed executable file.
The closed container can be a kind of service routine, and in server a port, just there are one provide respective service
Program, and this program is exactly to handle the request sent out from client, such as Tomcat containers in JAVA.Specifically, this implementation
Closed container described in example is different from other containers, is not only configured with the peace for managing application program complete lifecycle
Full mechanism, also configure in only limit itself access access rights, have very high security performance, so as to ensure that application program from
Deployment phase is to the safe operation in destruction stage whole life cycle.
It is described that framework as shown in Figure 1 can be used using dispositions method in one or more embodiments of this specification.
The framework includes client and server end.Wherein, the client is used for server end into row information
Interaction, and then realize corresponding function.Client can run on PC (Personal Computer) ends, mobile terminal and can
The terminals such as wearable device should not form the restriction to the application here.
The server end can be cloud server, can also use the framework of distributed type assemblies;For receiving visitor
The access request at family end, and corresponding calculate, while will apply and dispose relevant distribution of services feedback is performed according to access request
To client.
Below based on framework as shown in Figure 1, to describe the tool using dispositions method provided in this specification embodiment
Body process, at least may include in Fig. 1:Client and server end.
There is provided a kind of using dispositions method in this specification embodiment, can be performed by server end, can as shown in Fig. 2,
Specifically include following steps:
Step S201:When receiving using Disposition Instructions, closed container is generated.
It is described to be opened using dispositions method by the application deployment order-driven received in the present embodiment.Wherein, it is described
It is used to open the deployment operation of application program using Disposition Instructions, it can be by user by clicking the default start button of client
It sends out, then this can be forwarded to using Disposition Instructions in server by client, and server receives this using after Disposition Instructions
Start the deployment operation using instruction.
The other information in server is isolated for the application program disposed to be needed to be encapsulated for the closed container
It comes.In the present embodiment, the life cycle of closed container can be associated with the life cycle of application program for needing to dispose;
Specifically, the life cycle model of application program can be fused in the life-cycle processes of closed container, for example, along with should
Stopped with the operation of program, can be also released for encapsulating the occupied various resources of the closed container of the application program.
Specifically, the closed container described in the present embodiment only allows to dispose an application program, and the closing generated
Container needs to correspond with application program to be disposed.It is corresponding, it can carry described treat in the application Disposition Instructions
The unique mark of disposing application program, server close appearance correspondingly according to unique mark generation with the unique mark
Device, with the corresponding association realized closed container with treat disposing application program.
Step S203:For the closed container configuration access permission, wherein, the access rights only limit the closed container
Itself is accessed.
After generating closed container, embodiment can also be closed container configuration access permission, and closing can be accessed with limitation
The object of container.Further, the corresponding access right of each stage in the whole life cycle of closed container can be limited
Limit;The life cycle of the closed container includes creating container instance stage, container startup stage, container stop phase, container
The deletion stage.Different access rights can be configured in this implementation to above-mentioned each stage, different field is used preferably to match
Use demand under scape.
In some embodiments, in order to ensure that remaining service is mutual indepedent in the internal environment of closed container and server,
Mutually nonintervention, the access rights of closed container are configurable to only closed container itself be allowed to access.And then in closed container
Content provide safeguard protection to greatest extent.
Step S205:Application deployment packet is treated using closed container reception.
Wherein, it is described after application deployment packet be integrated with original program code, compiling after file packet, obscure it is compressed
Executable file and some configuration files for being used to that application program running environment to be configured.
In the present embodiment, each treats application deployment packet, and only there are one closed container is matched, and then from application program
The incipient stage of deployment operation, it is possible to application program each present in server be separated, ensure application program
Independent operating does not access mutually.
In some embodiments, the execution of step S203 and step S205 sequence is not limited, can first held for closing
Device configuration access permission reuses closed container reception and treats application deployment packet;Can also first treat portion using closed container reception
Administration's application packet, then permission is configured for closed container.
Step S207:Treat that application program operating file is deployed in the closed container by application deployment packet using described.
Wherein, the application program operating file can be included whole in closed container after being disposed to application
The general name of file, such as application program operating file can be the application identities to application program, version number and description file etc.
The general name of file.
It can treat that application deployment packet is deployed in Cloud Server by described in the present embodiment.Specifically, resource can be passed through
Application deployment packet is treated in management assembly upload;Wherein, treat that application deployment include opening for preset application runtime environment mirror image and application
Dynamic script;After control assembly receives the establishment application request of management platform, on resource node after sending application deployment request
Resource management component, resource management component searches corresponding application runtime environment mirror image in the environment of the closed container,
And start a closed container;Application message in application deployment request is deployed in the closed container.
Another kind is provided using deployment process on the basis of above-described embodiment in this specification embodiment, as shown in figure 3,
Specifically include following steps:
Step S300, it when receiving using Disposition Instructions, treats application deployment packet using default public key information and encrypts.
In the present embodiment, server can be based on public key information input by user and private key information, to treat application deployment packet
The transmission stage provide security guarantee.
Specifically, public key information and private key information be obtained by a kind of algorithm a key pair (i.e. a public key and
One private key), public key is part disclosed in cipher key pair, and private key is then private part.Public key is commonly used in encryption session
The data that key, verification digital signature or encryption can be decrypted with corresponding private key.The key pair energy obtained by this algorithm
Guarantee is worldwide unique.When using this key pair, if encrypting one piece of data with one of key,
Another secret key decryption must be used.For example must just be decrypted with public key encryption data with private key, if also necessary with private key encryption
With public key decryptions, otherwise decryption will not succeed.
In the present embodiment, public key information is pre-entered by user, and the portion of application program is opened while inputting public key information
Affix one's name to work.When client, which receives, completes the public key information of input and application Disposition Instructions, client will utilize public key to believe
It ceases and treats that application deployment packet is encrypted to what needs transmitted, to ensure during treating that application deployment packet is uploaded onto the server,
Associated privacy information is not leaked.
In some embodiments, can be based on the public key information and using rivest, shamir, adelman encrypt described in wait to dispose
Using packet, to ensure better safety.
Step S302, closed container is generated.
Step S304, it is the closed container configuration access permission, wherein, the access rights only limit the closed container
Itself is accessed.
Step S306, application deployment packet and private key information are treated using closed container reception is encrypted.
The present embodiment can also receive to decrypt the private key for treating application deployment while application deployment packet is treated in reception
Information, the private key information can be inputted by user, can also be provided by the third party's service for being used to trust, specifically, private key is believed
Breath is mutually uniquely corresponding with public key information, therefore ensure that and treat application deployment packet being perfectly safe at this stage.
Step S308, treat that application deployment packet is decrypted to encrypted using the private key information.
Step S310, treat that application program operating file is deployed in the closed container by application deployment packet using described.
Step S312, it when the deployment operation for monitoring the application program operating file is completed, waits to dispose described in destruction
Using packet.
In some embodiments, it can monitor whether application program operating file disposes completion, monitoring mode can include, example
Such as when detecting that deployment schedule reaches 100%, then it represents that the deployment of application program operating file is completed;In another example can be with
Using be integrated in application program operating file described in the testing case treated in application deployment packet whether can with normal operation, if
It is, then it represents that the deployment operation of application program operating file is completed.
It further, can automatic trigger closed container when the deployment operation for detecting application program operating file is completed
Destruction mechanism, closed container can spontaneous destruction treat application deployment packet, effectively prevent other objects and treat application deployment packet
Integrated content steal.
Step S314, when monitoring that the application program operating file is out of service, the application program operation is destroyed
File.
In some embodiments, whether out of service server can also monitor application program operating file;When monitor should
With program operating file it is out of service when, then judge the application program stop service, at this time can automatic trigger closed container pin
Mechanism is ruined, to destroy application program operating file, terminates the life cycle of application program.
On the basis of above-described embodiment, when the corresponding application program of closed container stops service, and in closed container with
After the associated documents of application program are also all destroyed, then it represents that the life cycle of application program terminates.It is corresponding, related service
The occupied memory source of the closed container and Internet resources can be discharged, have terminated the life resource of closed container.
Based on the above, in practical applications, one completely can be as shown in Figure 4 using deployment process.It specifically includes
Following steps:
It is uploaded using the encryption of packet:Using the mechanism that packet is provided according to platform, it is encrypted, user need to first input public key,
Private key is taken care of by the third party trustee that owner's keeping or owner are trusted, and after encryption, application can upload;
After cloud platform receives the encrypted packet of user, closed container is created according to preset rules;After the completion of container creates, platform
User encryption packet is pushed into closed container;
After the completion of encrypted packet uploads, user can ask, using starting, using installation and deployment then to start;
After normal operation, destruction mechanism is triggered, encrypted packet is destroyed by closed container;
Expired using not using or servicing, user may be selected to stop application;
After stopping application, application is out of service;
Automatic trigger container is destroyed into mechanism using after out of service, all data will be completely removed in container, comprising
Disk data, internal document, Internet resources of closed container etc. will be destroyed completely.
On the basis of above-described embodiment, the present embodiment additionally provides a kind of application deployment and starts logic, as shown in figure 5,
The startup logic specifically includes:
Owner, which initiates to start, asks and is passed to private key to closed container.
Closed container verifies private key, if verification failure, notifies user, starts request failure.
After being proved to be successful, encrypted packet is decrypted, the source code packet after decryption is placed in closed container.
It has been decrypted that, loading application relies on, and application environment is configured, and starts application.
In addition, this specification embodiment also provides a kind of application deployment device, as shown in fig. 6, described device includes:
Generation module 601, for when receiving using Disposition Instructions, generating closed container;
Configuration module 602, for for the closed container configuration access permission, wherein, the access rights only limit described
Closed container itself accesses;
Receiving module 603, for treating application deployment packet using closed container reception;
Deployment module 604, for treating that application program operating file is deployed in the closing by application deployment packet described in utilization
In container.
On the basis of above-described embodiment, described device further includes, and ruins module using underwriting, described using journey when monitoring
When the deployment operation of sort run file is completed, application deployment packet is treated described in destruction.
On the basis of above-described embodiment, described device further includes, and file destroys module, and the application is monitored for working as
When program operating file is out of service, the application program operating file is destroyed.
On the basis of above-described embodiment, generation module 601, for when receiving using Disposition Instructions, using default
Public key information treats the encryption of application deployment packet;Generate closed container;
Receiving module 603 treats application deployment packet and private key information using closed container reception is encrypted;Wherein,
The private key information of the public key information matches;Treat that application deployment packet is decrypted to encrypted using the private key information.
On the basis of above-described embodiment, described device further includes, release module, for discharging shared by the closed container
Memory source.
In addition, this specification embodiment also provide it is a kind of using deployment facility, including:
Memory, storage is using deployment program;
Communication interface is received using Disposition Instructions;
Processor after communication interface is received using Disposition Instructions, calls the application deployment program stored in memory,
And it performs:
When receiving using Disposition Instructions, closed container is generated;
For the closed container configuration access permission, wherein, the access rights only limit the closed container itself access;
Application deployment packet is treated using closed container reception;
Treat that application program operating file is deployed in the closed container by application deployment packet using described.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment
Point just to refer each other, and the highlights of each of the examples are difference from other examples.Especially for device,
For equipment and medium class embodiment, since it is substantially similar to embodiment of the method, so description is fairly simple, related part
Illustrate referring to the part of embodiment of the method, just no longer repeat one by one here.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims
It is interior.In some cases, the action recorded in detail in the claims or step or module can be according to different from embodiments
Sequence performs and still can realize desired result.In addition, the process described in the accompanying drawings not necessarily requires what is shown
Particular order or consecutive order could realize desired result.In some embodiments, multitasking and parallel processing
It is also possible or it may be advantageous.
In the 1990s, the improvement of a technology can be distinguished clearly be on hardware improvement (for example,
Improvement to circuit structures such as diode, transistor, switches) or software on improvement (improvement for method flow).So
And with the development of technology, the improvement of current many method flows can be considered as directly improving for hardware circuit.
Designer nearly all obtains corresponding hardware circuit by the way that improved method flow is programmed into hardware circuit.Cause
This, it cannot be said that the improvement of a method flow cannot be realized with hardware entities module.For example, programmable logic device
(Programmable Logic Device, PLD) (such as field programmable gate array (Field Programmable Gate
Array, FPGA)) it is exactly such a integrated circuit, logic function determines device programming by user.By designer
Voluntarily programming a digital display circuit " integrated " on a piece of PLD, designs and make without asking chip maker
Dedicated IC chip.Moreover, nowadays, substitution manually makes IC chip, this programming is also used instead mostly " patrols
Volume compiler (logic compiler) " software realizes that software compiler used is similar when it writes with program development,
And the source code before compiling also write by handy specific programming language, this is referred to as hardware description language
(Hardware Description Language, HDL), and HDL is also not only a kind of, but there are many kind, such as ABEL
(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description
Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL
(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby
Hardware Description Language) etc., VHDL (Very-High-Speed are most generally used at present
Integrated Circuit Hardware Description Language) and Verilog.Those skilled in the art also should
This understands, it is only necessary to method flow slightly programming in logic and is programmed into integrated circuit with above-mentioned several hardware description languages,
The hardware circuit for realizing the logical method flow can be readily available.
Controller can be implemented in any suitable manner, for example, controller can take such as microprocessor or processing
The computer of computer readable program code (such as software or firmware) that device and storage can be performed by (micro-) processor can
Read medium, logic gate, switch, application-specific integrated circuit (Application Specific Integrated Circuit,
ASIC), the form of programmable logic controller (PLC) and embedded microcontroller, the example of controller include but not limited to following microcontroller
Device:ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicone Labs C8051F320, are deposited
Memory controller is also implemented as a part for the control logic of memory.It is also known in the art that in addition to
Pure computer readable program code mode is realized other than controller, can be made completely by the way that method and step is carried out programming in logic
Controller is obtained in the form of logic gate, switch, application-specific integrated circuit, programmable logic controller (PLC) and embedded microcontroller etc. to come in fact
Existing identical function.Therefore this controller is considered a kind of hardware component, and various to being used to implement for including in it
The device of function can also be considered as the structure in hardware component.Or even, the device for being used to implement various functions can be regarded
For either the software module of implementation method can be the structure in hardware component again.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by having the function of certain product.A kind of typical realization equipment is computer.Specifically, computer for example may be used
Think personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
It is any in device, navigation equipment, electronic mail equipment, game console, tablet computer, wearable device or these equipment
The combination of equipment.
For convenience of description, it is divided into various units during description apparatus above with function to describe respectively.Certainly, implementing this
The function of each unit is realized can in the same or multiple software and or hardware during application.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program
Product.Therefore, the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware can be used in the present invention
Apply the form of example.Moreover, the computer for wherein including computer usable program code in one or more can be used in the present invention
The computer program production that usable storage medium is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that it can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
The processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that the instruction performed by computer or the processor of other programmable data processing devices is generated for real
The device of function specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction generation being stored in the computer-readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that counted
Series of operation steps are performed on calculation machine or other programmable devices to generate computer implemented processing, so as in computer or
The instruction offer performed on other programmable devices is used to implement in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and memory.
Memory may include computer-readable medium in volatile memory, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moves
State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, CD-ROM read-only memory (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic tape cassette, the storage of tape magnetic rigid disk or other magnetic storage apparatus
Or any other non-transmission medium, available for storing the information that can be accessed by a computing device.It defines, calculates according to herein
Machine readable medium does not include temporary computer readable media (transitory media), the data letter number and carrier wave of such as modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising so that process, method, commodity or equipment including a series of elements are not only including those elements, but also wrap
Include other elements that are not explicitly listed or further include for this process, method, commodity or equipment it is intrinsic will
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that wanted including described
Also there are other identical elements in the process of element, method, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product.
Therefore, complete hardware embodiment, complete software embodiment or the embodiment in terms of combining software and hardware can be used in the application
Form.It is deposited moreover, the application can be used to can be used in one or more computers for wherein including computer usable program code
The shape of computer program product that storage media is implemented on (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
The application can be described in the general context of computer executable instructions, such as program
Module.Usually, program module includes performing particular transaction or realizes routine, program, object, the group of particular abstract data type
Part, data structure etc..The application can also be put into practice in a distributed computing environment, in these distributed computing environment, by
Affairs are performed and connected remote processing devices by communication network.In a distributed computing environment, program module can be with
In the local and remote computer storage media including storage device.
Each embodiment in this specification is described by the way of progressive, identical similar portion between each embodiment
Point just to refer each other, and the highlights of each of the examples are difference from other examples.Especially for system reality
For applying example, since it is substantially similar to embodiment of the method, so description is fairly simple, related part is referring to embodiment of the method
Part explanation.
The foregoing is merely embodiments herein, are not limited to the application.For those skilled in the art
For, the application can have various modifications and variations.All any modifications made within spirit herein and principle are equal
Replace, improve etc., it should be included among the interest field of the application.
Claims (11)
1. a kind of apply dispositions method, including:
When receiving using Disposition Instructions, closed container is generated;
For the closed container configuration access permission, wherein, the access rights only limit the closed container itself access;
Application deployment packet is treated using closed container reception;
Treat that application program operating file is deployed in the closed container by application deployment packet using described.
2. it according to the method described in claim 1, further includes:
When the deployment operation for monitoring the application program operating file is completed, application deployment packet is treated described in destruction.
3. it according to the method described in claim 1, further includes:
When monitoring that the application program operating file is out of service, the application program operating file is destroyed.
4. according to the method described in claim 1, when receiving using Disposition Instructions, closed container is generated, including:
When receiving using Disposition Instructions, treat application deployment packet using default public key information and encrypt;
Generate closed container;
Application deployment packet is treated using closed container reception, including:
Application deployment packet and private key information are treated using closed container reception is encrypted;Wherein, the private of the public key information
Key information match;
Treat that application deployment packet is decrypted to encrypted using the private key information.
5. it according to the method described in claim 3, further includes:
Discharge the occupied memory source of the closed container.
6. device is disposed in a kind of application, including:
Generation module, for when receiving using Disposition Instructions, generating closed container;
Configuration module, for for the closed container configuration access permission, wherein, the access rights only limit the closed container
Itself is accessed;
Receiving module, for treating application deployment packet using closed container reception;
Deployment module, for treating that application program operating file is deployed in the closed container by application deployment packet described in utilization.
7. device according to claim 6, further includes:
Module is ruined using underwriting, when the deployment operation for monitoring the application program operating file is completed, portion is treated described in destruction
Administration's application packet.
8. device according to claim 6, further includes:
File destroys module, for when monitoring that the application program operating file is out of service, destroying the application program
Operating file.
9. device according to claim 6, generation module, for when receiving using Disposition Instructions, utilizing default public affairs
Key information treats the encryption of application deployment packet;Generate closed container;
Receiving module treats application deployment packet and private key information using closed container reception is encrypted;Wherein, the public key
The private key information of information matches;Treat that application deployment packet is decrypted to encrypted using the private key information.
10. device according to claim 8, further includes:
Release module, for discharging the occupied memory source of the closed container.
11. a kind of apply deployment facility, including:
Memory, storage is using deployment program;
Communication interface is received using Disposition Instructions;
Processor after communication interface is received using Disposition Instructions, calls the application deployment program stored in memory, and hold
Row:
When receiving using Disposition Instructions, closed container is generated;
For the closed container configuration access permission, wherein, the access rights only limit the closed container itself access;
Application deployment packet is treated using closed container reception;
Treat that application program operating file is deployed in the closed container by application deployment packet using described.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810037699.7A CN108182095A (en) | 2018-01-16 | 2018-01-16 | A kind of application dispositions method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810037699.7A CN108182095A (en) | 2018-01-16 | 2018-01-16 | A kind of application dispositions method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108182095A true CN108182095A (en) | 2018-06-19 |
Family
ID=62550751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810037699.7A Pending CN108182095A (en) | 2018-01-16 | 2018-01-16 | A kind of application dispositions method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108182095A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110109686A (en) * | 2019-04-25 | 2019-08-09 | 中电科嘉兴新型智慧城市科技发展有限公司 | It is a kind of that O&M method and system is applied based on Container Management engine |
| CN110795162A (en) * | 2019-09-26 | 2020-02-14 | 北京浪潮数据技术有限公司 | Method and device for generating container mirror image file |
| CN112114932A (en) * | 2019-06-19 | 2020-12-22 | 霍尼韦尔国际公司 | Control execution environment and container-based architecture |
| CN112558997A (en) * | 2020-12-28 | 2021-03-26 | 航天信息股份有限公司 | Method and device for deploying applications |
| CN114221769A (en) * | 2021-11-12 | 2022-03-22 | 联奕科技股份有限公司 | Software authorization permission control method and device based on container |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110040967A1 (en) * | 2009-02-06 | 2011-02-17 | Thales Holdings Uk Plc | System and Method for Multilevel Secure Object Management |
| US20130124807A1 (en) * | 2011-11-14 | 2013-05-16 | Eric H. Nielsen | Enhanced Software Application Platform |
| US20140237087A1 (en) * | 2013-02-19 | 2014-08-21 | Red Hat, Inc. | Service pool for multi-tenant applications |
| CN104573507A (en) * | 2015-02-05 | 2015-04-29 | 浪潮电子信息产业股份有限公司 | Secure container and design method thereof |
| CN105577779A (en) * | 2015-12-21 | 2016-05-11 | 用友网络科技股份有限公司 | Method and system for containerized deployment of large enterprise private cloud |
| CN106020930A (en) * | 2016-05-13 | 2016-10-12 | 深圳市中润四方信息技术有限公司 | Application container based application management method and system |
| CN106534148A (en) * | 2016-11-29 | 2017-03-22 | 北京元心科技有限公司 | Access control method and device for application |
| CN106874028A (en) * | 2016-12-26 | 2017-06-20 | 新华三技术有限公司 | Using dispositions method and device |
| CN107577538A (en) * | 2017-10-23 | 2018-01-12 | 中国联合网络通信集团有限公司 | Container method for managing resource and system |
-
2018
- 2018-01-16 CN CN201810037699.7A patent/CN108182095A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110040967A1 (en) * | 2009-02-06 | 2011-02-17 | Thales Holdings Uk Plc | System and Method for Multilevel Secure Object Management |
| US20130124807A1 (en) * | 2011-11-14 | 2013-05-16 | Eric H. Nielsen | Enhanced Software Application Platform |
| US20140237087A1 (en) * | 2013-02-19 | 2014-08-21 | Red Hat, Inc. | Service pool for multi-tenant applications |
| CN104573507A (en) * | 2015-02-05 | 2015-04-29 | 浪潮电子信息产业股份有限公司 | Secure container and design method thereof |
| CN105577779A (en) * | 2015-12-21 | 2016-05-11 | 用友网络科技股份有限公司 | Method and system for containerized deployment of large enterprise private cloud |
| CN106020930A (en) * | 2016-05-13 | 2016-10-12 | 深圳市中润四方信息技术有限公司 | Application container based application management method and system |
| CN106534148A (en) * | 2016-11-29 | 2017-03-22 | 北京元心科技有限公司 | Access control method and device for application |
| CN106874028A (en) * | 2016-12-26 | 2017-06-20 | 新华三技术有限公司 | Using dispositions method and device |
| CN107577538A (en) * | 2017-10-23 | 2018-01-12 | 中国联合网络通信集团有限公司 | Container method for managing resource and system |
Non-Patent Citations (1)
| Title |
|---|
| 巩微 等: "《传媒信息安全》", 31 August 2015 * |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110109686A (en) * | 2019-04-25 | 2019-08-09 | 中电科嘉兴新型智慧城市科技发展有限公司 | It is a kind of that O&M method and system is applied based on Container Management engine |
| CN110109686B (en) * | 2019-04-25 | 2023-03-24 | 中电科嘉兴新型智慧城市科技发展有限公司 | Application operation and maintenance method and system based on container management engine |
| CN112114932A (en) * | 2019-06-19 | 2020-12-22 | 霍尼韦尔国际公司 | Control execution environment and container-based architecture |
| CN110795162A (en) * | 2019-09-26 | 2020-02-14 | 北京浪潮数据技术有限公司 | Method and device for generating container mirror image file |
| CN110795162B (en) * | 2019-09-26 | 2022-07-05 | 北京浪潮数据技术有限公司 | Method and device for generating container mirror image file |
| CN112558997A (en) * | 2020-12-28 | 2021-03-26 | 航天信息股份有限公司 | Method and device for deploying applications |
| CN114221769A (en) * | 2021-11-12 | 2022-03-22 | 联奕科技股份有限公司 | Software authorization permission control method and device based on container |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111539813B (en) | Method, device, equipment and system for backtracking processing of business behaviors | |
| CN108932297B (en) | Data query method, data sharing method, device and equipment | |
| CN108182095A (en) | A kind of application dispositions method, device and equipment | |
| EP3123657B1 (en) | Method and apparatus for cloud-assisted cryptography | |
| JP2020516992A (en) | Blockchain-based transaction processing method and apparatus | |
| CN109840436A (en) | The application method and device of data processing method, trusted user interface resource data | |
| US10255450B2 (en) | Customer load of field programmable gate arrays | |
| JP2017534971A (en) | Data synchronization method and apparatus | |
| CN111342966B (en) | Data storage method, data recovery method, device and equipment | |
| CN109560933B (en) | Authentication method and system based on digital certificate, storage medium and electronic equipment | |
| US9292708B2 (en) | Protection of interpreted source code in virtual appliances | |
| JP5567414B2 (en) | A method of processing data so that it can be stored externally while minimizing the risk of information leakage | |
| US11055428B1 (en) | Systems and methods for encrypted container image management, deployment, and execution | |
| US11341280B2 (en) | Executing entity-specific cryptographic code in a cryptographic coprocessor | |
| CN107025390A (en) | The reinforcement means and device of software installation bag | |
| US11755721B2 (en) | Trusted workload execution | |
| KR102446985B1 (en) | Key management mechanism for cryptocurrency wallet | |
| US9723002B2 (en) | Protecting access to a hardware device through use of an aggregate identity instance | |
| US11456867B2 (en) | Trust-anchoring of cryptographic objects | |
| CN108319872A (en) | A kind of closed container generation method, device and equipment | |
| WO2022003484A1 (en) | Secure embedded microcontroller image load | |
| CN114788221A (en) | Wrapping key with access control predicates | |
| US20230388279A1 (en) | Data processing methods, apparatuses, and devices | |
| WO2023044664A1 (en) | Protecting secret processing, secret input data, and secret output data using enclaves | |
| US20200067717A1 (en) | Authentication system, authentication device, terminal device, authentication method, and recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180619 |