CN112328291A - APP light application market software version control method - Google Patents
APP light application market software version control method Download PDFInfo
- Publication number
- CN112328291A CN112328291A CN202011445494.6A CN202011445494A CN112328291A CN 112328291 A CN112328291 A CN 112328291A CN 202011445494 A CN202011445494 A CN 202011445494A CN 112328291 A CN112328291 A CN 112328291A
- Authority
- CN
- China
- Prior art keywords
- light application
- cdlu
- server
- file
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000001514 detection method Methods 0.000 claims abstract description 19
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000007812 deficiency Effects 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 claims description 3
- 238000004088 simulation Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000003032 molecular docking Methods 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method for managing and controlling a light application market software version, which is characterized in that a CDLU server is deployed at a cloud based on a version update discovery mechanism (CDLU) of light application software fingerprints, and f is adoptedHF= H (hf) calculation of H5 file digital fingerprint fHF(ii) a And registering metadata of the compliant light application; the CDLU server detection engine polls and accesses the corresponding URL according to the metadata records of all the light applications, and calculates the digital fingerprint f of the TFTF(ii) a Comparison fTFAnd fHFIf the two are equal, the detection is passed; and if not, reporting to the light application market operation management system by the CDLU server. The invention can simulate the real situation of client access without modifying domain name; third party applicationThe system is not sensible; the APP system is not sensible; the adopted bypass strategy does not influence the execution efficiency of the control flow and the access flow; management and control can be automatically executed without manual detection and omission; without consuming a large amount of computing resources.
Description
Technical Field
The invention relates to a method for managing and controlling an APP light application market software version.
Background
The super APP of the smart phone is rich in application ecology, a 'light application market' mode is usually adopted, and light application software developed by a third party and meeting the requirement of the entrance specification can be released to the 'light application market' through evaluation, so that the light application software can be searched and accessed by a user of the super APP. The smart phone APP becomes a hybrid mode combining Native APP (Native APP) and Light APP (Light APP, Lapp for short), as shown in fig. 1.
The light application is cross-terminal and cross-operating system application software developed by adopting an HTML5 standard (H5 for short), is particularly suitable for mobile terminals such as smart phones, and has the advantages that client software does not need to be downloaded and installed in advance, the client software can be accessed directly through a browser, after the application is finished and quit, traces are hardly left on the terminal, and terminal storage and computing resources are not occupied. Thus, light applications are well suited for small applications for super APP extended dynamic content, load on demand, and relatively independent, loosely coupled, leveraging APP traffic effects and in turn facilitating traffic growth by providing more applications.
The basic principle of light application release to the light application marketplace is to provide access links (i.e., URLs), and the governing mechanism of the light application marketplace is also implemented by "putting on the shelf" or "putting off the shelf" of light application links.
However, a difficult problem exists in the third-party light application management and control: after a third-party light application is evaluated through docking and "on shelf", since the H5 light application is not APP built-in software, the light application background system is independent (and may even be deployed in other cloud ends), and the management flow and the access flow are separated in time and space, as shown in the relationship and architecture diagram of the APP and the H5 light application in fig. 2, even if the light application is modified to an updated version, the APP and the light application thereof are difficult to find in the market. On one hand, the user service cannot be prompted to be upgraded and improved, on the other hand, the management and control vulnerability can also be utilized maliciously, for example, a 'compliance' version is used in the immigration evaluation stage, and after the light application is released, the light application is replaced by a 'non-compliance' version, and because the light application link is not changed, the operation manager in the APP light application market is difficult to find and stop.
A webpage tamper-proofing system firstly needs to embed an access stream (between a browser and a server) and/or an issuing stream (between a content management and a Web server); second, there is a need for orchestration of the systems to which each third party developer deploying the light applications belongs.
Disclosure of Invention
In order to solve the problem troubling the healthy operation of the APP, the invention aims to: a method for managing and controlling the software version of the light application market is provided.
The purpose of the invention is realized by the following scheme: a method for managing and controlling light application market software versions is based on a version update discovery mechanism (Code-fingerprint-based discovery scheme for Lapp version Updating, CDLU for short) of light application fingerprints to make up for the deficiency of management and control capability of super APP-resident third-party light application in an operation phase, a CDLU server is deployed at a cloud end and is deployed at any position of the Internet, and a monitoring process is as follows:
(1) the third-party light application (and the new version thereof) which is evaluated through the compliance is released at the super APP terminal, and simultaneously, the light application link is synchronously registered to the CDLU server; each light application is given a unique identifier LID; the CDLU server performs the following steps:
a) simulating a browser HTTP protocol, supporting an SSL VPN mode, namely accessing an HTML5 (H5) file pointed by a downloaded light application link (URL) in an HTTPs mode, and setting the file as HF;
b) calculating the H5 file digital fingerprint f by the following formula 1HF. The digital fingerprint algorithm is a hash function (i.e., a one-way function), such as the national commercial cipher standard SM3, where the algorithm function is h, then:
fHFh (HF) formula 1
c) The metadata records for the compliant light application are registered (or updated) as:
{LID,URL,version,fHF,Time-stamp}
(2) the CDLU server detection engine polls and accesses the corresponding URL according to the metadata records of all the light applications at a certain period, and executes the following verification steps:
a) downloading an H5 file as a target file by the simulation browser, and setting the target file as TF;
b) calculating the digital fingerprint f of TF using equation 1TF;
c) Comparison fTFAnd fHFIf the two are equal, the detection is passed; if not, the light application is modified or tampered, and the CDLU server reports to the light application market operation management system. The flow ends.
The link contained by the master file is broken through to the files at two levels and below through H5.
In order to avoid misjudgment caused by incomplete downloaded files due to network transmission failure or congestion of an H5 server in the detection process, repeated detection is carried out for n times under the condition that the digital fingerprints are inconsistent, n is less than or equal to n3, and the judgment that the digital fingerprints pass through the detection is carried out only once.
The advantages of the CDLU method are mainly: the real situation of client access can be simulated without replacing or modifying the domain name; the third-party application system is not sensible, namely, the change of the existing development method can not be caused; the APP system is noninductive, namely, the existing light application release method cannot be greatly changed; the adopted Bypass strategy (Bypass Scheme) does not influence the execution efficiency of the control flow and the access flow; the method can be automatically executed, thereby avoiding occupying precious human resources and avoiding manual inspection omission; there is no need to check every time a user accesses, consuming a lot of computing resources and increasing access delay.
Drawings
FIG. 1 is a schematic diagram of a light application market;
fig. 2 illustrates the light application relationship and architecture of APP and H5.
Detailed Description
A method for managing and controlling a light application market software version is a version update discovery mechanism (CDLU for short) based on light application software fingerprints to make up for the deficiency of management and control capability of a third party light application where a super APP resides in an operation phase, a CDLU server is deployed at a cloud end and can be deployed at any position of the Internet, and the following monitoring process is realized:
(1) the third-party light application (and the new version thereof) which is evaluated through the compliance is released at the super APP terminal, and simultaneously, the light application link is synchronously registered to the CDLU server; each light application is given a unique identifier LID; the CDLU server performs the following steps:
a) simulating an HTTP protocol of a browser, supporting an SSL VPN mode, namely accessing and downloading an HTML5 file pointed by a light application link (URL) in an HTTPs mode, and setting the HTML5 file as HF;
b) calculating the H5 file digital fingerprint f by the following formula 1HFIf the digital fingerprint algorithm is a hash function (i.e., a one-way function), such as the national commercial cipher standard SM3, and the algorithm function is h, then:
fHFh (HF) formula 1
c) The metadata records for the compliant light application are registered (or updated) as:
{LID,URL,version,fHF,Time-stamp}
(2) the CDLU server detection engine polls and accesses the corresponding URL according to the metadata records of all the light applications at a certain period, and executes the following verification steps:
a) downloading an H5 file as a target file by the simulation browser, and setting the target file as TF;
b) calculating the digital fingerprint f of TF using equation 1TF;
c) Comparison fTFAnd fHFIf the two are equal, the detection is passed; if not, the light application is modified or tampered, the CDLU server reports to the light application market operation management system, and the process is ended.
Or, the optimization of the method of the invention is to penetrate through the link contained in the H5 main file to the files of two layers and below, thus improving the detection depth and being more beneficial to finding codes and updating contents; in order to avoid erroneous judgment caused by incomplete downloaded files due to network transmission failure or congestion of an H5 server in the detection process, repeated detection can be performed under the condition that the digital fingerprints are inconsistent, and n =3 is set, namely, the digital fingerprints are judged to pass only once in 3 detections.
The CDLU method of the invention is completely different from a webpage tamper-proof system, and the difference is mainly as follows: first, the CDLU is embedded neither in the access stream (browser-to-server) nor in the publish stream (content management-to-Web server); second, there is no need for cooperation of the systems to which the respective third party developers deploying the light applications belong.
Claims (3)
1. A method for managing and controlling a light application market software version is based on a version update discovery mechanism (CDLU) of light application software fingerprints to make up for the deficiency of management and control capability of a super APP resident third party light application in an operation phase, a CDLU server is deployed at a cloud end and is deployed at any position of the Internet, and a monitoring process is as follows:
(1) the third-party light application (and the new version thereof) which is evaluated through the compliance is released at the super APP terminal, and simultaneously, the light application link is synchronously registered to the CDLU server; each light application is given a unique identifier LID; the CDLU server performs the following steps:
a) simulating a browser HTTP protocol, supporting an SSL VPN mode, namely accessing an HTML5 (H5) file pointed by a downloaded light application link (URL) in an HTTPs mode, and setting the file as HF;
b) calculating the H5 file digital fingerprint f by the following formula 1HFIf the digital fingerprint algorithm is a hash function and the algorithm function is h, then:
fHFh (HF) formula 1
c) The metadata records for the compliant light application are registered (or updated) as:
{LID,URL,version,fHF,Time-stamp}
(2) the CDLU server detection engine polls for access to corresponding URLs according to metadata records of all light applications, and performs the following verification steps:
a) downloading an H5 file as a target file by the simulation browser, and setting the target file as TF;
b) calculating the digital fingerprint f of TF using equation 1TF;
c) Comparison fTFAnd fHFIf the two are equal, the detection is passed; if not, the light application is modified or tampered, the CDLU server reports to the light application market operation management system, and the process is ended.
2. The method for light application market software version management and control according to claim 1, wherein: the link contained by the master file is broken through to the files at two levels and below through H5.
3. The method for light application market software version management and control according to claim 1 or 2, characterized in that: in order to avoid misjudgment caused by incomplete downloaded files due to network transmission failure or congestion of an H5 server in the detection process, repeated detection is carried out for n times under the condition that the digital fingerprints are inconsistent, n is less than or equal to n3, and the judgment that the digital fingerprints pass through the detection is carried out only once.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011445494.6A CN112328291A (en) | 2020-12-11 | 2020-12-11 | APP light application market software version control method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011445494.6A CN112328291A (en) | 2020-12-11 | 2020-12-11 | APP light application market software version control method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112328291A true CN112328291A (en) | 2021-02-05 |
Family
ID=74301560
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011445494.6A Pending CN112328291A (en) | 2020-12-11 | 2020-12-11 | APP light application market software version control method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112328291A (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030163718A1 (en) * | 2000-04-12 | 2003-08-28 | Johnson Harold J. | Tamper resistant software-mass data encoding |
US20110213700A1 (en) * | 2009-12-09 | 2011-09-01 | Sant Anselmo Robert | Electronic notary system, method and computer-readable medium |
WO2013094837A1 (en) * | 2011-12-19 | 2013-06-27 | 주식회사 솔박스 | Method for managing server load distribution by using hash function results, and apparatus for same |
KR20130125245A (en) * | 2012-05-08 | 2013-11-18 | 주식회사 핑거 | Method and system for maintaining integrity of software installed in mobile device |
CN105512280A (en) * | 2015-12-07 | 2016-04-20 | 福建天晴数码有限公司 | Site file caching method and system |
CN108021692A (en) * | 2017-12-18 | 2018-05-11 | 北京天融信网络安全技术有限公司 | A kind of method of web page monitored, server and computer-readable recording medium |
CN109889589A (en) * | 2019-02-18 | 2019-06-14 | 闪联信息技术工程中心有限公司 | One kind realizing embedded hardware OTA upgrade-system and method based on block chain |
CN111901287A (en) * | 2019-10-22 | 2020-11-06 | 刘高峰 | Method and device for providing encryption information for light application and intelligent equipment |
-
2020
- 2020-12-11 CN CN202011445494.6A patent/CN112328291A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030163718A1 (en) * | 2000-04-12 | 2003-08-28 | Johnson Harold J. | Tamper resistant software-mass data encoding |
US20110213700A1 (en) * | 2009-12-09 | 2011-09-01 | Sant Anselmo Robert | Electronic notary system, method and computer-readable medium |
WO2013094837A1 (en) * | 2011-12-19 | 2013-06-27 | 주식회사 솔박스 | Method for managing server load distribution by using hash function results, and apparatus for same |
KR20130125245A (en) * | 2012-05-08 | 2013-11-18 | 주식회사 핑거 | Method and system for maintaining integrity of software installed in mobile device |
CN105512280A (en) * | 2015-12-07 | 2016-04-20 | 福建天晴数码有限公司 | Site file caching method and system |
CN108021692A (en) * | 2017-12-18 | 2018-05-11 | 北京天融信网络安全技术有限公司 | A kind of method of web page monitored, server and computer-readable recording medium |
CN109889589A (en) * | 2019-02-18 | 2019-06-14 | 闪联信息技术工程中心有限公司 | One kind realizing embedded hardware OTA upgrade-system and method based on block chain |
CN111901287A (en) * | 2019-10-22 | 2020-11-06 | 刘高峰 | Method and device for providing encryption information for light application and intelligent equipment |
Non-Patent Citations (4)
Title |
---|
BANDAOYU: "安全】哈希(hash)算法可以防止数据被篡改的原理是什么", pages 1 - 2, Retrieved from the Internet <URL:《https://blog.csdn.net/bandaoyu/article/details/105292790》> * |
CHEN S: "Tamper Detection of Batch Websites Based on Text Comparison", 《COMPUTER SCIENCE AND TECHNOLOGY》, pages 573 - 579 * |
刘铁钢: "基于Hash函数的网页篡改检测模块的实现", 《中国教育和科研计算机网CERNET第十九届学术年会 》, pages 79 - 82 * |
王春井: "互联网技术 基于网络爬虫与HASH的网站篡改检测系统的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》, pages 139 - 371 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110597943B (en) | Interest point processing method and device based on artificial intelligence and electronic equipment | |
US11914712B1 (en) | Blockchain based secure naming and update verification | |
US11798028B2 (en) | Systems and methods for monitoring malicious software engaging in online advertising fraud or other form of deceit | |
US10228925B2 (en) | Systems, devices, and methods for deploying one or more artifacts to a deployment environment | |
CN113590497A (en) | Business service test method and device, electronic equipment and storage medium | |
WO2011041465A1 (en) | Enhanced website tracking system and method | |
CN112686671A (en) | Intelligent contract deployment method, device, equipment and medium based on block chain | |
CN105302920A (en) | Optimal management method and system for cloud storage data | |
CN113553269B (en) | Page embedded point reporting method and related device | |
CN111611140B (en) | Report verification method and device for buried point data, electronic equipment and storage medium | |
CN105279436A (en) | Software updating method and system | |
CN111161006A (en) | Block chain credit service method, system and storage medium | |
US10826802B2 (en) | Managing network communication protocols | |
CN112597485A (en) | Information checking method, device and equipment based on block chain and storage medium | |
US20140052851A1 (en) | Systems and methods for discovering sources of online content | |
CN112182113A (en) | Block chain consensus method, system, electronic device and storage medium | |
CN115934263A (en) | Data processing method and device, computer equipment and storage medium | |
JP2023531701A (en) | Efficient controller data generation and extraction | |
CN113806816A (en) | Electronic file management method and device based on block chain and electronic equipment | |
CN112328291A (en) | APP light application market software version control method | |
CN115086047B (en) | Interface authentication method and device, electronic equipment and storage medium | |
CN111107143B (en) | Network file transmission detection method, device and system | |
CN114065301A (en) | Clock environment credibility verification method, device, equipment and storage medium | |
US10754915B2 (en) | Tag plan generation | |
CN105610908B (en) | A kind of samba service implementing method and system based on Android device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210205 |