CN112328291A - APP light application market software version control method - Google Patents

APP light application market software version control method Download PDF

Info

Publication number
CN112328291A
CN112328291A CN202011445494.6A CN202011445494A CN112328291A CN 112328291 A CN112328291 A CN 112328291A CN 202011445494 A CN202011445494 A CN 202011445494A CN 112328291 A CN112328291 A CN 112328291A
Authority
CN
China
Prior art keywords
light application
cdlu
server
file
detection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011445494.6A
Other languages
Chinese (zh)
Inventor
王兆进
凌力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Residents Mail Information Service Co ltd
Original Assignee
Shanghai Residents Mail Information Service Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Residents Mail Information Service Co ltd filed Critical Shanghai Residents Mail Information Service Co ltd
Priority to CN202011445494.6A priority Critical patent/CN112328291A/en
Publication of CN112328291A publication Critical patent/CN112328291A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a method for managing and controlling a light application market software version, which is characterized in that a CDLU server is deployed at a cloud based on a version update discovery mechanism (CDLU) of light application software fingerprints, and f is adoptedHF= H (hf) calculation of H5 file digital fingerprint fHF(ii) a And registering metadata of the compliant light application; the CDLU server detection engine polls and accesses the corresponding URL according to the metadata records of all the light applications, and calculates the digital fingerprint f of the TFTF(ii) a Comparison fTFAnd fHFIf the two are equal, the detection is passed; and if not, reporting to the light application market operation management system by the CDLU server. The invention can simulate the real situation of client access without modifying domain name; third party applicationThe system is not sensible; the APP system is not sensible; the adopted bypass strategy does not influence the execution efficiency of the control flow and the access flow; management and control can be automatically executed without manual detection and omission; without consuming a large amount of computing resources.

Description

APP light application market software version control method
Technical Field
The invention relates to a method for managing and controlling an APP light application market software version.
Background
The super APP of the smart phone is rich in application ecology, a 'light application market' mode is usually adopted, and light application software developed by a third party and meeting the requirement of the entrance specification can be released to the 'light application market' through evaluation, so that the light application software can be searched and accessed by a user of the super APP. The smart phone APP becomes a hybrid mode combining Native APP (Native APP) and Light APP (Light APP, Lapp for short), as shown in fig. 1.
The light application is cross-terminal and cross-operating system application software developed by adopting an HTML5 standard (H5 for short), is particularly suitable for mobile terminals such as smart phones, and has the advantages that client software does not need to be downloaded and installed in advance, the client software can be accessed directly through a browser, after the application is finished and quit, traces are hardly left on the terminal, and terminal storage and computing resources are not occupied. Thus, light applications are well suited for small applications for super APP extended dynamic content, load on demand, and relatively independent, loosely coupled, leveraging APP traffic effects and in turn facilitating traffic growth by providing more applications.
The basic principle of light application release to the light application marketplace is to provide access links (i.e., URLs), and the governing mechanism of the light application marketplace is also implemented by "putting on the shelf" or "putting off the shelf" of light application links.
However, a difficult problem exists in the third-party light application management and control: after a third-party light application is evaluated through docking and "on shelf", since the H5 light application is not APP built-in software, the light application background system is independent (and may even be deployed in other cloud ends), and the management flow and the access flow are separated in time and space, as shown in the relationship and architecture diagram of the APP and the H5 light application in fig. 2, even if the light application is modified to an updated version, the APP and the light application thereof are difficult to find in the market. On one hand, the user service cannot be prompted to be upgraded and improved, on the other hand, the management and control vulnerability can also be utilized maliciously, for example, a 'compliance' version is used in the immigration evaluation stage, and after the light application is released, the light application is replaced by a 'non-compliance' version, and because the light application link is not changed, the operation manager in the APP light application market is difficult to find and stop.
A webpage tamper-proofing system firstly needs to embed an access stream (between a browser and a server) and/or an issuing stream (between a content management and a Web server); second, there is a need for orchestration of the systems to which each third party developer deploying the light applications belongs.
Disclosure of Invention
In order to solve the problem troubling the healthy operation of the APP, the invention aims to: a method for managing and controlling the software version of the light application market is provided.
The purpose of the invention is realized by the following scheme: a method for managing and controlling light application market software versions is based on a version update discovery mechanism (Code-fingerprint-based discovery scheme for Lapp version Updating, CDLU for short) of light application fingerprints to make up for the deficiency of management and control capability of super APP-resident third-party light application in an operation phase, a CDLU server is deployed at a cloud end and is deployed at any position of the Internet, and a monitoring process is as follows:
(1) the third-party light application (and the new version thereof) which is evaluated through the compliance is released at the super APP terminal, and simultaneously, the light application link is synchronously registered to the CDLU server; each light application is given a unique identifier LID; the CDLU server performs the following steps:
a) simulating a browser HTTP protocol, supporting an SSL VPN mode, namely accessing an HTML5 (H5) file pointed by a downloaded light application link (URL) in an HTTPs mode, and setting the file as HF;
b) calculating the H5 file digital fingerprint f by the following formula 1HF. The digital fingerprint algorithm is a hash function (i.e., a one-way function), such as the national commercial cipher standard SM3, where the algorithm function is h, then:
fHFh (HF) formula 1
c) The metadata records for the compliant light application are registered (or updated) as:
{LID,URL,version,fHF,Time-stamp}
(2) the CDLU server detection engine polls and accesses the corresponding URL according to the metadata records of all the light applications at a certain period, and executes the following verification steps:
a) downloading an H5 file as a target file by the simulation browser, and setting the target file as TF;
b) calculating the digital fingerprint f of TF using equation 1TF
c) Comparison fTFAnd fHFIf the two are equal, the detection is passed; if not, the light application is modified or tampered, and the CDLU server reports to the light application market operation management system. The flow ends.
The link contained by the master file is broken through to the files at two levels and below through H5.
In order to avoid misjudgment caused by incomplete downloaded files due to network transmission failure or congestion of an H5 server in the detection process, repeated detection is carried out for n times under the condition that the digital fingerprints are inconsistent, n is less than or equal to n3, and the judgment that the digital fingerprints pass through the detection is carried out only once.
The advantages of the CDLU method are mainly: the real situation of client access can be simulated without replacing or modifying the domain name; the third-party application system is not sensible, namely, the change of the existing development method can not be caused; the APP system is noninductive, namely, the existing light application release method cannot be greatly changed; the adopted Bypass strategy (Bypass Scheme) does not influence the execution efficiency of the control flow and the access flow; the method can be automatically executed, thereby avoiding occupying precious human resources and avoiding manual inspection omission; there is no need to check every time a user accesses, consuming a lot of computing resources and increasing access delay.
Drawings
FIG. 1 is a schematic diagram of a light application market;
fig. 2 illustrates the light application relationship and architecture of APP and H5.
Detailed Description
A method for managing and controlling a light application market software version is a version update discovery mechanism (CDLU for short) based on light application software fingerprints to make up for the deficiency of management and control capability of a third party light application where a super APP resides in an operation phase, a CDLU server is deployed at a cloud end and can be deployed at any position of the Internet, and the following monitoring process is realized:
(1) the third-party light application (and the new version thereof) which is evaluated through the compliance is released at the super APP terminal, and simultaneously, the light application link is synchronously registered to the CDLU server; each light application is given a unique identifier LID; the CDLU server performs the following steps:
a) simulating an HTTP protocol of a browser, supporting an SSL VPN mode, namely accessing and downloading an HTML5 file pointed by a light application link (URL) in an HTTPs mode, and setting the HTML5 file as HF;
b) calculating the H5 file digital fingerprint f by the following formula 1HFIf the digital fingerprint algorithm is a hash function (i.e., a one-way function), such as the national commercial cipher standard SM3, and the algorithm function is h, then:
fHFh (HF) formula 1
c) The metadata records for the compliant light application are registered (or updated) as:
{LID,URL,version,fHF,Time-stamp}
(2) the CDLU server detection engine polls and accesses the corresponding URL according to the metadata records of all the light applications at a certain period, and executes the following verification steps:
a) downloading an H5 file as a target file by the simulation browser, and setting the target file as TF;
b) calculating the digital fingerprint f of TF using equation 1TF
c) Comparison fTFAnd fHFIf the two are equal, the detection is passed; if not, the light application is modified or tampered, the CDLU server reports to the light application market operation management system, and the process is ended.
Or, the optimization of the method of the invention is to penetrate through the link contained in the H5 main file to the files of two layers and below, thus improving the detection depth and being more beneficial to finding codes and updating contents; in order to avoid erroneous judgment caused by incomplete downloaded files due to network transmission failure or congestion of an H5 server in the detection process, repeated detection can be performed under the condition that the digital fingerprints are inconsistent, and n =3 is set, namely, the digital fingerprints are judged to pass only once in 3 detections.
The CDLU method of the invention is completely different from a webpage tamper-proof system, and the difference is mainly as follows: first, the CDLU is embedded neither in the access stream (browser-to-server) nor in the publish stream (content management-to-Web server); second, there is no need for cooperation of the systems to which the respective third party developers deploying the light applications belong.

Claims (3)

1. A method for managing and controlling a light application market software version is based on a version update discovery mechanism (CDLU) of light application software fingerprints to make up for the deficiency of management and control capability of a super APP resident third party light application in an operation phase, a CDLU server is deployed at a cloud end and is deployed at any position of the Internet, and a monitoring process is as follows:
(1) the third-party light application (and the new version thereof) which is evaluated through the compliance is released at the super APP terminal, and simultaneously, the light application link is synchronously registered to the CDLU server; each light application is given a unique identifier LID; the CDLU server performs the following steps:
a) simulating a browser HTTP protocol, supporting an SSL VPN mode, namely accessing an HTML5 (H5) file pointed by a downloaded light application link (URL) in an HTTPs mode, and setting the file as HF;
b) calculating the H5 file digital fingerprint f by the following formula 1HFIf the digital fingerprint algorithm is a hash function and the algorithm function is h, then:
fHFh (HF) formula 1
c) The metadata records for the compliant light application are registered (or updated) as:
{LID,URL,version,fHF,Time-stamp}
(2) the CDLU server detection engine polls for access to corresponding URLs according to metadata records of all light applications, and performs the following verification steps:
a) downloading an H5 file as a target file by the simulation browser, and setting the target file as TF;
b) calculating the digital fingerprint f of TF using equation 1TF
c) Comparison fTFAnd fHFIf the two are equal, the detection is passed; if not, the light application is modified or tampered, the CDLU server reports to the light application market operation management system, and the process is ended.
2. The method for light application market software version management and control according to claim 1, wherein: the link contained by the master file is broken through to the files at two levels and below through H5.
3. The method for light application market software version management and control according to claim 1 or 2, characterized in that: in order to avoid misjudgment caused by incomplete downloaded files due to network transmission failure or congestion of an H5 server in the detection process, repeated detection is carried out for n times under the condition that the digital fingerprints are inconsistent, n is less than or equal to n3, and the judgment that the digital fingerprints pass through the detection is carried out only once.
CN202011445494.6A 2020-12-11 2020-12-11 APP light application market software version control method Pending CN112328291A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011445494.6A CN112328291A (en) 2020-12-11 2020-12-11 APP light application market software version control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011445494.6A CN112328291A (en) 2020-12-11 2020-12-11 APP light application market software version control method

Publications (1)

Publication Number Publication Date
CN112328291A true CN112328291A (en) 2021-02-05

Family

ID=74301560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011445494.6A Pending CN112328291A (en) 2020-12-11 2020-12-11 APP light application market software version control method

Country Status (1)

Country Link
CN (1) CN112328291A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030163718A1 (en) * 2000-04-12 2003-08-28 Johnson Harold J. Tamper resistant software-mass data encoding
US20110213700A1 (en) * 2009-12-09 2011-09-01 Sant Anselmo Robert Electronic notary system, method and computer-readable medium
WO2013094837A1 (en) * 2011-12-19 2013-06-27 주식회사 솔박스 Method for managing server load distribution by using hash function results, and apparatus for same
KR20130125245A (en) * 2012-05-08 2013-11-18 주식회사 핑거 Method and system for maintaining integrity of software installed in mobile device
CN105512280A (en) * 2015-12-07 2016-04-20 福建天晴数码有限公司 Site file caching method and system
CN108021692A (en) * 2017-12-18 2018-05-11 北京天融信网络安全技术有限公司 A kind of method of web page monitored, server and computer-readable recording medium
CN109889589A (en) * 2019-02-18 2019-06-14 闪联信息技术工程中心有限公司 One kind realizing embedded hardware OTA upgrade-system and method based on block chain
CN111901287A (en) * 2019-10-22 2020-11-06 刘高峰 Method and device for providing encryption information for light application and intelligent equipment

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030163718A1 (en) * 2000-04-12 2003-08-28 Johnson Harold J. Tamper resistant software-mass data encoding
US20110213700A1 (en) * 2009-12-09 2011-09-01 Sant Anselmo Robert Electronic notary system, method and computer-readable medium
WO2013094837A1 (en) * 2011-12-19 2013-06-27 주식회사 솔박스 Method for managing server load distribution by using hash function results, and apparatus for same
KR20130125245A (en) * 2012-05-08 2013-11-18 주식회사 핑거 Method and system for maintaining integrity of software installed in mobile device
CN105512280A (en) * 2015-12-07 2016-04-20 福建天晴数码有限公司 Site file caching method and system
CN108021692A (en) * 2017-12-18 2018-05-11 北京天融信网络安全技术有限公司 A kind of method of web page monitored, server and computer-readable recording medium
CN109889589A (en) * 2019-02-18 2019-06-14 闪联信息技术工程中心有限公司 One kind realizing embedded hardware OTA upgrade-system and method based on block chain
CN111901287A (en) * 2019-10-22 2020-11-06 刘高峰 Method and device for providing encryption information for light application and intelligent equipment

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
BANDAOYU: "安全】哈希(hash)算法可以防止数据被篡改的原理是什么", pages 1 - 2, Retrieved from the Internet <URL:《https://blog.csdn.net/bandaoyu/article/details/105292790》> *
CHEN S: "Tamper Detection of Batch Websites Based on Text Comparison", 《COMPUTER SCIENCE AND TECHNOLOGY》, pages 573 - 579 *
刘铁钢: "基于Hash函数的网页篡改检测模块的实现", 《中国教育和科研计算机网CERNET第十九届学术年会 》, pages 79 - 82 *
王春井: "互联网技术 基于网络爬虫与HASH的网站篡改检测系统的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》, pages 139 - 371 *

Similar Documents

Publication Publication Date Title
CN110597943B (en) Interest point processing method and device based on artificial intelligence and electronic equipment
US11914712B1 (en) Blockchain based secure naming and update verification
US11798028B2 (en) Systems and methods for monitoring malicious software engaging in online advertising fraud or other form of deceit
US10228925B2 (en) Systems, devices, and methods for deploying one or more artifacts to a deployment environment
CN113590497A (en) Business service test method and device, electronic equipment and storage medium
WO2011041465A1 (en) Enhanced website tracking system and method
CN112686671A (en) Intelligent contract deployment method, device, equipment and medium based on block chain
CN105302920A (en) Optimal management method and system for cloud storage data
CN113553269B (en) Page embedded point reporting method and related device
CN111611140B (en) Report verification method and device for buried point data, electronic equipment and storage medium
CN105279436A (en) Software updating method and system
CN111161006A (en) Block chain credit service method, system and storage medium
US10826802B2 (en) Managing network communication protocols
CN112597485A (en) Information checking method, device and equipment based on block chain and storage medium
US20140052851A1 (en) Systems and methods for discovering sources of online content
CN112182113A (en) Block chain consensus method, system, electronic device and storage medium
CN115934263A (en) Data processing method and device, computer equipment and storage medium
JP2023531701A (en) Efficient controller data generation and extraction
CN113806816A (en) Electronic file management method and device based on block chain and electronic equipment
CN112328291A (en) APP light application market software version control method
CN115086047B (en) Interface authentication method and device, electronic equipment and storage medium
CN111107143B (en) Network file transmission detection method, device and system
CN114065301A (en) Clock environment credibility verification method, device, equipment and storage medium
US10754915B2 (en) Tag plan generation
CN105610908B (en) A kind of samba service implementing method and system based on Android device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20210205