CN113448612A - Plug-in updating method, device, electronic equipment, medium and program product - Google Patents

Plug-in updating method, device, electronic equipment, medium and program product Download PDF

Info

Publication number
CN113448612A
CN113448612A CN202110787435.5A CN202110787435A CN113448612A CN 113448612 A CN113448612 A CN 113448612A CN 202110787435 A CN202110787435 A CN 202110787435A CN 113448612 A CN113448612 A CN 113448612A
Authority
CN
China
Prior art keywords
plug
packet
full
version number
historical
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110787435.5A
Other languages
Chinese (zh)
Inventor
李可
罗涛
赵海强
孙洋洋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202110787435.5A priority Critical patent/CN113448612A/en
Publication of CN113448612A publication Critical patent/CN113448612A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/658Incremental updates; Differential updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2255Hash tables
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2474Sequence data queries, e.g. querying versioned data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Fuzzy Systems (AREA)
  • Mathematical Physics (AREA)
  • Probability & Statistics with Applications (AREA)
  • Computational Linguistics (AREA)
  • Stored Programmes (AREA)

Abstract

The disclosure provides a plug-in updating method, which is applied to the technical field of information security and can be used for updating application plug-ins in the financial field. The plug-in updating method comprises the following steps: acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in; matching the version number of the current plug-in with the version number of the historical plug-in, matching the hash value of the current plug-in with the hash value of the historical plug-in, and generating a differential packet or a full packet according to a matching result; encrypting the delta packets or full packets; and sending the encrypted differential packet or full packet to the client so that the client updates the plug-in according to the encrypted differential packet or full packet. The present disclosure also provides a plug-in update apparatus, device, storage medium and program product.

Description

Plug-in updating method, device, electronic equipment, medium and program product
Technical Field
The present disclosure relates to the field of information security, and in particular, to a plug-in update method, apparatus, electronic device, medium, and program product, which can be used for updating applications in the financial field.
Background
With the continuous abundance of service functions, the volume of a client installation package is gradually increased, and the requirements for dynamic update and loading on demand are increasingly strong, the industry generally adopts a plug-in technology, peels off part of relatively independent service functions from the installation package, downloads the service functions in the form of a plug-in package according to the use requirements of users, and supports dynamic update. The existing plug-in package dynamic loading technology adopts a plug-in package full-quantity updating mode, encryption protection is not performed on the plug-in package, and if the plug-in package is maliciously intercepted or replaced in the network transmission process, functional logic leakage is possibly caused, and safety risk is introduced to a client; meanwhile, even if only a small amount of codes are modified, the plug-in functions need to be repackaged and updated in a full amount, so that user traffic and server network bandwidth are occupied, the operation cost is increased, and the user experience is influenced.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a plug-in update method, apparatus, device, medium, and program product based on delta update.
According to a first aspect of the present disclosure, there is provided a plug-in update method including: acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in; matching the version number of the current plug-in with the version number of the historical plug-in, matching the hash value of the current plug-in with the hash value of the historical plug-in, and generating a differential packet or a full packet according to a matching result; encrypting the delta packets or full packets; and sending the encrypted differential packet or full packet to the client so that the client updates the plug-in according to the encrypted differential packet or full packet.
According to an embodiment of the present disclosure, the generating the differential packet or the full packet according to the matching result includes: if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins, generating the full package; wherein the full volume package comprises all data of the latest version plug-in; if the version number of the current plug-in exists in the version numbers of the historical plug-ins, comparing the hash value of the historical plug-ins corresponding to the current plug-in with the hash value of the current plug-in; if the two hash values are equal, generating the difference packet, wherein the difference packet comprises difference data between historical plugins of the latest version plugin and corresponding to the current plugin; and if the two hash values are not equal, generating the full packet.
According to an embodiment of the present disclosure, the matching the version number of the current plug-in with the version number of the historical plug-in includes: sequencing according to the time corresponding to the version number of the historical plug-in; and searching and comparing from the version number of the latest plug-in.
According to an embodiment of the present disclosure, the encrypting the delta packet or the full packet comprises: encrypting data contained in the delta packet or the full packet by using a symmetric key; and signing the differential packet or the full packet by adopting an asymmetric encryption algorithm to generate signature information of the differential packet or the full packet.
According to an embodiment of the present disclosure, said signing the delta packet or the full packet with the asymmetric encryption algorithm includes: calculating a hash value corresponding to the differential packet or the full packet; and carrying out signature operation on the hash value by adopting an asymmetric encryption algorithm to obtain corresponding signature information.
According to an embodiment of the present disclosure, the client performing plug-in update according to the encrypted delta packet or full packet includes: performing signature verification on the signature information; if the verification is passed, decrypting the encrypted differential packet or full packet by adopting a symmetric key to obtain a decrypted differential packet or full packet; directly loading the decrypted full quantum packet for updating; and merging the decrypted delta packet and the current plug-in into a full packet and then loading for updating.
A second aspect of the present disclosure provides a plug-in update apparatus including: the acquisition module is used for acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in; the first matching module is used for matching the version number of the current plug-in with the version number of the historical plug-in; the second matching module is used for matching the hash value of the current plug-in with the hash value of the historical plug-in; the generating module is used for generating a differential packet or a full packet according to the matching result; an encryption module for encrypting the delta packet or the full packet; and the sending module is used for sending the encrypted differential packets or full packets to the client so as to enable the client to update the plug-in according to the encrypted differential packets or full packets.
According to an embodiment of the present disclosure, the generating module includes: a first judging unit, configured to generate the full package if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins; wherein the full volume package comprises all data of the latest version plug-in; the second judgment unit is used for comparing the hash value of the historical plugin corresponding to the current plugin with the hash value of the current plugin if the version number of the current plugin exists in the version numbers of the historical plugins; if the two hash values are equal, generating the difference packet, wherein the difference packet comprises difference data between historical plugins of the latest version plugin and corresponding to the current plugin; and if the two hash values are not equal, generating the full packet.
According to an embodiment of the present disclosure, the first matching module includes: the sequencing unit is used for sequencing according to the time corresponding to the version number of the historical plugin; and the comparison unit is used for searching and comparing from the version number of the latest plug-in.
According to an embodiment of the present disclosure, the encryption module includes: a first encryption unit configured to encrypt data included in the differential packet or the full packet using a symmetric key; and the second encryption unit is used for signing the differential packet or the full packet by adopting an asymmetric encryption algorithm and generating the signature information of the differential packet or the full packet.
According to an embodiment of the present disclosure, the second encryption unit includes: the calculating subunit is used for calculating the hash value corresponding to the differential packet or the full packet; and the signature subunit is used for performing signature operation on the hash value by adopting an asymmetric encryption algorithm to obtain corresponding signature information.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the plug-in update method described above.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described plug-in update method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the plug-in updating method described above.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a plug-in update method, apparatus, device, medium and program product according to embodiments of the disclosure;
FIG. 2 schematically illustrates a flow diagram of a plug-in update method according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow chart for producing delta or full packets according to an embodiment of the disclosure;
FIG. 4 schematically illustrates a flow chart of an encryption method according to an embodiment of the present disclosure;
FIG. 5 schematically shows a flow diagram of an asymmetric encryption algorithm according to an embodiment of the present disclosure;
FIG. 6 is a block diagram schematically illustrating a configuration of a plug-in update apparatus according to an embodiment of the present disclosure;
FIG. 7 schematically shows a block diagram of a generation module according to an embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of a first matching module according to an embodiment of the disclosure;
FIG. 9 schematically illustrates a block diagram of an encryption module according to an embodiment of the present disclosure;
fig. 10 schematically shows a block diagram of a second encryption unit according to an embodiment of the present disclosure; and
fig. 11 schematically shows a block diagram of an electronic device adapted to implement a plug-in update method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The plug-in updating method and device provided by the disclosure belong to the field of information security, can be used for updating application plug-ins in the financial field and can also be used for updating application plug-ins in any field except the financial field.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, necessary security measures are taken, and the customs of the public order is not violated.
An embodiment of the present disclosure provides a plug-in update method, including: acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in; matching the version number of the current plug-in with the version number of the historical plug-in, matching the hash value of the current plug-in with the hash value of the historical plug-in, and generating a differential packet or a full packet according to a matching result; encrypting the differential packets or the full packets; and sending the encrypted differential packet or full packet to the client so that the client updates the plug-in according to the encrypted differential packet or full packet.
Fig. 1 schematically shows an application scenario diagram of a plug-in update method according to an embodiment of the present disclosure.
As shown in FIG. 1, an application scenario 100 according to this embodiment may include an individual user client requesting an update plug-in or an enterprise user client requesting an update plug-in. Network 102 is the medium used to provide communication links between terminal devices 101 and server 103. Network 102 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use terminal device 101 to interact with server 103 over network 102 to receive or transmit data or the like. Various client applications, such as shopping applications, web browser applications, search applications, instant messaging tools, mailbox clients, social platform software, financial software, etc., may be installed on the terminal device 101.
The terminal device 101 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 103 may be a server that provides various services, such as an update data transmission server that provides support for a user after sending an update plug-in request using the terminal apparatus 101. The update data transmission server may perform processing such as analysis on data such as a received user request, and feed back a processing result (e.g., a packet for update) to the terminal device.
It should be noted that the plug-in update method provided by the embodiment of the present disclosure may be generally executed by the server 103. Accordingly, the plug-in update apparatus provided by the embodiment of the present disclosure may be generally disposed in the server 103. The plug-in update method provided by the embodiment of the present disclosure may also be executed by a server or a server cluster that is different from the server 103 and is capable of communicating with the terminal device 101 and/or the server 103. Accordingly, the plug-in updating apparatus provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster that is different from the server 103 and is capable of communicating with the terminal device 101 and/or the server 103.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The plug-in update method of the disclosed embodiment will be described in detail through fig. 2 to 5 based on the scenario described in fig. 1.
Fig. 2 schematically shows a flow chart of a plug-in update method according to an embodiment of the present disclosure.
As shown in fig. 2, the plug-in update method of this embodiment includes operations S201 to S204.
In operation S201, a version number and a hash value of a current plug-in of a client and a version number and a hash value of a historical plug-in are obtained.
In operation S202, the version number of the current plug-in is matched with the version number of the history plug-in, the hash value of the current plug-in is matched with the hash value of the history plug-in, and a differential packet or a full packet is generated according to a matching result.
Encrypting the differential packet or the full packet in operation S203;
in operation S204, the encrypted delta packet or full packet is sent to the client, so that the client performs plug-in update according to the encrypted delta packet or full packet.
In an embodiment of the present disclosure, a plug-in update method based on difference update and encryption protection technology is provided, which further saves user traffic and ensures service security while satisfying dynamic requirements of a client.
In an embodiment of the disclosure, a residual quantity updating method and a plug-in packaging tool are provided, which support automatic packaging and generation of a binary system full quantity packet and a residual quantity packet of a plug-in according to historical plug-in package information. The full packet comprises data packets of all data of the latest plug-in, and the differential packet comprises a differential data packet obtained by subtracting data of the plug-in to be updated (the current plug-in at the client) from the latest plug-in data. When the system runs, according to the current plug-in version of the user client, whether the current plug-in version of the client is a historical version stored by a server or whether the current plug-in version of the client is safe is matched, and a corresponding difference updating part or a whole updating data packet is issued according to the situation, namely, the difference packet or the whole updating data packet is issued, so that the network flow of a user and the network bandwidth of the server are saved, the use safety of the local user plug-in is improved, and meanwhile, because the difference updating packet is a binary code and does not contain whole service logic, even if the difference updating packet is intercepted in the network transmission process, an attacker cannot obtain the code logic, and the safety of the updating data transmission process is improved. The method provides an encryption protection technical scheme on the basis of difference updating, adopts a standard symmetric encryption algorithm to encrypt and protect the data packet, adopts an asymmetric encryption algorithm to sign the hash value of the data packet, and further improves the security of the data packet in the network transmission process.
FIG. 3 schematically illustrates a flow chart for producing delta or full packets according to an embodiment of the disclosure.
As shown in fig. 3, the production delta or full pack of this embodiment includes operations S301 to S303.
In operation S301, if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins, generating the full package; wherein the full package includes all data of the latest version plug-in.
In operation S302, if the version number of the current plug-in exists in the version numbers of the historical plug-ins, the hash value of the historical plug-in corresponding to the current plug-in is compared with the hash value of the current plug-in.
In operation S303, if the two hash values are equal, generating a delta packet, where the delta packet includes a difference between historical plugins of the latest version plugin and corresponding to the current plugin; and if the two hash values are not equal, generating the full packet.
In the embodiment of the present disclosure, operation S301 in fig. 3 performs a comparison search in the server according to the version number of the current plug-in, and determines whether the version of the previous plug-in is included in the server. For plug-ins which are not commonly used by many users, the updating frequency is low, and the plug-ins of older versions have the possibility of being lack in the server, and the server can clean up partial unused data when updating data. When the version does not exist, the full package containing all the updating data is directly sent to the user client side, so that the updating is ensured to be completed, and the updating experience of the user is not influenced.
In operations 302 and 303, if it is checked before the server has the version of the current plug-in of the client, the hash value of the current plug-in on the server and the hash value of the current plug-in of the client are compared to ensure that the data of the current plug-in of the client and the data of the corresponding plug-in of the server are consistent. When the hash values are not equal and the data of the hash values are not consistent, the data of the current plug-in of the client is damaged or modified, the current plug-in cannot be used continuously or has a safety problem, at the moment, a full package is sent to the client, the damaged plug-in of the user is directly replaced, and the safety of the plug-in used by the user is ensured.
Fig. 4 schematically shows a flow chart of an encryption method according to an embodiment of the present disclosure.
As shown in fig. 4, the encryption method of this embodiment includes operations S401 to S402.
In operation S401, data contained in the differential packet or the full packet is encrypted using the symmetric key.
In operation S402, the differential packet or the full packet is signed by using an asymmetric encryption algorithm, and signature information of the differential packet or the full packet is generated.
In the embodiment of the present disclosure, before the sending step S204 of the plug-in update method provided by the present disclosure, the delta packet or the full delta packet needs to be encrypted, and specifically, the operation S401 performs encryption protection on the data packet by using standard symmetric encryption, that is, encrypts the data packet by using this key. The same key is used for encryption and decryption in the symmetric encryption, and the encryption and decryption processes are as follows: plaintext- > key encryption- > ciphertext, ciphertext- > key decryption- > plaintext. The method has the advantages of small calculated amount, high encryption speed and high encryption efficiency.
Operation S402 adopts an asymmetric encryption algorithm to sign the hash value of the data packet, so as to further improve the security of the data packet in the network transmission process. Operation S402 will be described in detail below with reference to fig. 5.
Fig. 5 schematically shows a flow diagram of an asymmetric encryption algorithm according to an embodiment of the present disclosure.
As shown in fig. 5, the asymmetric encryption algorithm of this embodiment includes operations S501 to S502.
In operation S501, a hash value corresponding to a delta packet or a full packet is calculated.
In operation S502, an asymmetric encryption algorithm is used to perform a signature operation on the hash value to obtain corresponding signature information.
In the embodiment of the present disclosure, through operations S501 and S502, signature information is obtained, where the signature information is used to verify the security of the data packet after sending, and the security of data transmission in the update process is further improved.
In an embodiment of the present disclosure, matching the version number of the current plug-in with the version number of the historical plug-in includes: sequencing according to time corresponding to the version number of the historical plug-in; and searching and comparing from the version number of the latest plug-in. Generally, the plug-in updated by the client is a common plug-in, and the version of the plug-in is usually close to the version of the latest plug-in, so that the plug-ins are searched and compared from front to back according to the time sequence, the searching workload is reduced, and the searching speed is improved.
In an embodiment of the present disclosure, the client updating the plug-in according to the encrypted delta packet or the encrypted full packet includes: carrying out signature verification on the signature information; if the verification is passed, decrypting the encrypted differential packet or full packet by adopting a symmetric key to obtain a decrypted differential packet or full packet; directly loading the decrypted full quantum packet for updating; and merging the decrypted delta packet and the current plug-in into a full packet and then loading for updating.
After receiving the safely encrypted differential packet or full packet, the client side firstly verifies the signature information, and decrypts the differential packet or full packet by using a preset secret key under the condition that the verification is passed. The decrypted full quantum packet can be directly loaded to complete the updating, and the differential quantum packet needs to be merged with the current plug-in of the client to become the full quantum packet and then the loading is completed. If the current plug-in of the user is damaged or unsafe, the required full package containing the latest plug-in cannot be synthesized, or the safety problem is still contained, updating is carried out based on the full package or the differential package, the safety is guaranteed, the user updating experience is improved, and the transmission quantity of user data is reduced.
Based on the plug-in updating method, the disclosure also provides a plug-in updating device. The apparatus will be described in detail below with reference to fig. 6 to 10.
Fig. 6 schematically shows a block diagram of a plug-in update apparatus according to an embodiment of the present disclosure.
As shown in fig. 6, the plug-in updating apparatus 600 of this embodiment includes an obtaining module 610, a first matching module 620, a second matching module 630, a generating module 640, an encrypting module 650, and a sending module 660.
The obtaining module 610 is configured to obtain a version number and a hash value of a current plug-in of the client and a version number and a hash value of a historical plug-in. In an embodiment, the obtaining module 610 may be configured to perform the operation S201 described above, which is not described herein again.
And a first matching module 620, configured to match the version number of the current plug-in with the version number of the historical plug-in.
And a second matching module 630, configured to match the hash value of the current plug-in with the hash value of the historical plug-in.
And a generating module 640, configured to generate a differential packet or a full packet according to the matching result.
In an embodiment, the first matching module 620, the second matching module 630 and the generating module 640 may be configured to perform the operation S202 described above, and are not described herein again.
An encryption module 650 for encrypting the delta packets or the full packets. In an embodiment, the encryption module 650 may be configured to perform the operation S203 described above, which is not described herein again.
The sending module 660 is configured to send the encrypted difference packet or full packet to the client, so that the client performs plug-in update according to the encrypted difference packet or full packet. In an embodiment, the sending module 660 may be configured to perform the operation S204 described above, which is not described herein again.
Fig. 7 schematically shows a block diagram of a generating module according to an embodiment of the present disclosure.
As shown in fig. 7, the generating module 640 of this embodiment includes a first judging unit 641 and a second judging unit 642.
The first determining unit 641 is configured to generate a full package if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins; wherein the full package includes all data of the latest version plug-in. In an embodiment, the first determining unit 641 may be configured to perform the operation S301 described above, and is not described herein again.
The second judging unit 642 is configured to, if the version number of the current plug-in exists in the version numbers of the historical plug-ins, compare the hash value of the historical plug-ins corresponding to the current plug-in with the hash value of the current plug-in; if the two hash values are equal, generating a difference packet, wherein the difference packet comprises difference data between historical plugins of the latest version plugin and the current plugin; and if the two hash values are not equal, generating a full packet. In an embodiment, the second determining unit 642 may be configured to perform the operations S302 and S303 described above, which are not described herein again.
Fig. 8 schematically shows a block diagram of a first matching module according to an embodiment of the present disclosure.
As shown in fig. 8, the first matching module 620 of this embodiment includes a sorting unit 621 and a comparison unit 622.
And the sorting unit 621 is configured to sort according to the time corresponding to the version number of the history plug-in. In an embodiment, the sorting unit 621 may be configured to perform the corresponding operations described above, and is not described herein again.
And a comparison unit 622 for searching and comparing from the version number of the latest plug-in. In an embodiment, the sorting unit 622 may be configured to perform the corresponding operations described above, and will not be described herein again.
Fig. 9 schematically shows a block diagram of an encryption module according to an embodiment of the present disclosure.
As shown in fig. 9, the encryption module 650 of this embodiment includes a first encryption unit 651 and a second encryption unit 652.
A first encryption unit 651 is configured to encrypt data contained in the differential packet or the full packet using the symmetric key. In an embodiment, the first encryption unit 651 can be configured to perform the operation S401 described above, and is not described herein again.
The second encryption unit 652 is configured to sign the delta packet or the full packet by using an asymmetric encryption algorithm, and generate signature information of the delta packet or the full packet. In an embodiment, the second encryption unit 652 may be configured to perform the operation S402 described above, and is not described herein again.
Fig. 10 schematically shows a block diagram of a second encryption unit according to an embodiment of the present disclosure.
As shown in fig. 10, the second encryption unit 652 of this embodiment includes a calculation sub-unit 6521 and a signature sub-unit 6522.
And the computing subunit 6521 is configured to compute a hash value corresponding to the delta packet or the full packet. In an embodiment, the calculating sub-unit 6521 may be configured to perform the operation S501 described above, and is not described herein again.
And the signature sub-unit 6522 is configured to perform signature operation on the hash value by using an asymmetric encryption algorithm to obtain corresponding signature information. In an embodiment, the signature sub-unit 6522 may be configured to perform the operation S502 described above, which is not described herein again.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the obtaining module 610, the first matching module 620, the second matching module 630, the generating module 640, the encrypting module 650 and the sending module 660 may be combined and implemented in one module/unit/sub-unit, or any one of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to an embodiment of the present disclosure, at least one of the obtaining module 610, the first matching module 620, the second matching module 630, the generating module 640, the encrypting module 650, and the sending module 660 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or by a suitable combination of any several of them. Alternatively, at least one of the obtaining module 610, the first matching module 620, the second matching module 630, the generating module 640, the encrypting module 650, and the transmitting module 660 may be at least partially implemented as a computer program module that, when executed, may perform a corresponding function.
Fig. 11 schematically shows a block diagram of an electronic device adapted to implement a plug-in update method according to an embodiment of the present disclosure.
As shown in fig. 11, an electronic device 1100 according to an embodiment of the present disclosure includes a processor 1101, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)1102 or a program loaded from a storage section 1108 into a Random Access Memory (RAM) 1103. The processor 1101 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1101 may also include on-board memory for caching purposes. The processor 1101 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to the embodiments of the present disclosure.
In the RAM 1103, various programs and data necessary for the operation of the electronic device 1100 are stored. The processor 1101, the ROM 1102, and the RAM 1103 are connected to each other by a bus 1104. The processor 1101 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 1102 and/or the RAM 1103. It is noted that the programs may also be stored in one or more memories other than the ROM 1102 and RAM 1103. The processor 1101 may also perform various operations of the method flows according to the embodiments of the present disclosure by executing programs stored in the one or more memories.
Electronic device 1100 may also include input/output (I/O) interface 1105, input/output (I/O) interface 1105 also connected to bus 1104, according to an embodiment of the disclosure. Electronic device 1100 may also include one or more of the following components connected to I/O interface 1105: an input portion 1106 including a keyboard, mouse, and the like; an output portion 1107 including a signal output unit such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 1108 including a hard disk and the like; and a communication section 1109 including a network interface card such as a LAN card, a modem, or the like. The communication section 1109 performs communication processing via a network such as the internet. A driver 1110 is also connected to the I/O interface 1105 as necessary. A removable medium 1111 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1110 as necessary, so that a computer program read out therefrom is mounted into the storage section 1108 as necessary.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM 1102 and/or the RAM 1103 and/or one or more memories other than the ROM 1102 and the RAM 1103 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the item recommendation method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by the processor 1101. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via the communication part 1109, and/or installed from the removable medium 1111. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 1109 and/or installed from the removable medium 1111. The computer program, when executed by the processor 1101, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims (14)

1. A plug-in update method comprising:
acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in;
matching the version number of the current plug-in with the version number of the historical plug-in, matching the hash value of the current plug-in with the hash value of the historical plug-in, and generating a differential packet or a full packet according to a matching result;
encrypting the delta packets or full packets;
and sending the encrypted differential packet or full packet to the client so that the client updates the plug-in according to the encrypted differential packet or full packet.
2. The plug-in update method according to claim 1, wherein the generating of the delta packet or the full packet according to the matching result comprises:
if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins, generating the full package; wherein the full volume package comprises all data of the latest version plug-in;
if the version number of the current plug-in exists in the version numbers of the historical plug-ins, comparing the hash value of the historical plug-ins corresponding to the current plug-in with the hash value of the current plug-in;
if the two hash values are equal, generating the difference packet, wherein the difference packet comprises difference data between historical plugins of the latest version plugin and corresponding to the current plugin;
and if the two hash values are not equal, generating the full packet.
3. The plug-in updating method of claim 1, wherein the matching the version number of the current plug-in with the version number of the historical plug-in comprises:
sequencing according to the time corresponding to the version number of the historical plug-in;
and searching and comparing from the version number of the latest plug-in.
4. The plug-in update method of claim 1, the encrypting the delta or full packet comprising:
encrypting data contained in the delta packet or the full packet by using a symmetric key;
and signing the differential packet or the full packet by adopting an asymmetric encryption algorithm to generate signature information of the differential packet or the full packet.
5. The plug-in update method of claim 4, the signing the delta or full packet with an asymmetric encryption algorithm comprising:
calculating a hash value corresponding to the differential packet or the full packet;
and carrying out signature operation on the hash value by adopting an asymmetric encryption algorithm to obtain a corresponding signature message.
6. The plug-in updating method according to claim 4, wherein the plug-in updating performed by the client according to the encrypted delta packet or the encrypted full packet comprises:
performing signature verification on the signature information;
if the verification is passed, decrypting the encrypted differential packet or full packet by adopting a symmetric key to obtain a decrypted differential packet or full packet;
directly loading the decrypted full quantum packet for updating; and merging the decrypted delta packet and the current plug-in into a full packet and then loading for updating.
7. A plug-in update apparatus comprising:
the acquisition module is used for acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in;
the first matching module is used for matching the version number of the current plug-in with the version number of the historical plug-in;
the second matching module is used for matching the hash value of the current plug-in with the hash value of the historical plug-in;
the generating module is used for generating a differential packet or a full packet according to the matching result;
an encryption module for encrypting the delta packet or the full packet;
and the sending module is used for sending the encrypted differential packets or full packets to the client so as to enable the client to update the plug-in according to the encrypted differential packets or full packets.
8. The plug-in update apparatus of claim 7, the generation module comprising:
a first judging unit, configured to generate the full package if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins; wherein the full volume package comprises all data of the latest version plug-in;
the second judgment unit is used for comparing the hash value of the historical plugin corresponding to the current plugin with the hash value of the current plugin if the version number of the current plugin exists in the version numbers of the historical plugins; if the two hash values are equal, generating the difference packet, wherein the difference packet comprises difference data between historical plugins of the latest version plugin and corresponding to the current plugin; and if the two hash values are not equal, generating the full packet.
9. The plug-in update apparatus of claim 7, wherein the first matching module comprises:
the sequencing unit is used for sequencing according to the time corresponding to the version number of the historical plugin;
and the comparison unit is used for searching and comparing from the version number of the latest plug-in.
10. The plug-in update apparatus of claim 7, the encryption module comprising:
a first encryption unit configured to encrypt data included in the differential packet or the full packet using a symmetric key;
and the second encryption unit is used for signing the differential packet or the full packet by adopting an asymmetric encryption algorithm and generating the signature information of the differential packet or the full packet.
11. The plug-in updating apparatus according to claim 10, the second encryption unit comprising:
the calculating subunit is used for calculating the hash value corresponding to the differential packet or the full packet;
and the signature subunit is used for performing signature operation on the hash value by adopting an asymmetric encryption algorithm to obtain corresponding signature information.
12. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-6.
13. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 6.
14. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 6.
CN202110787435.5A 2021-07-12 2021-07-12 Plug-in updating method, device, electronic equipment, medium and program product Pending CN113448612A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110787435.5A CN113448612A (en) 2021-07-12 2021-07-12 Plug-in updating method, device, electronic equipment, medium and program product

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110787435.5A CN113448612A (en) 2021-07-12 2021-07-12 Plug-in updating method, device, electronic equipment, medium and program product

Publications (1)

Publication Number Publication Date
CN113448612A true CN113448612A (en) 2021-09-28

Family

ID=77815957

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110787435.5A Pending CN113448612A (en) 2021-07-12 2021-07-12 Plug-in updating method, device, electronic equipment, medium and program product

Country Status (1)

Country Link
CN (1) CN113448612A (en)

Similar Documents

Publication Publication Date Title
CN110414190B (en) Signature method of application installation package, related device, storage medium and electronic equipment
CN108923925B (en) Data storage method and device applied to block chain
CN112966287B (en) Method, system, device and computer readable medium for acquiring user data
CN111030827A (en) Information interaction method and device, electronic equipment and storage medium
CN111245811A (en) Information encryption method and device and electronic equipment
CN113572763B (en) Data processing method and device, electronic equipment and storage medium
CN111416788B (en) Method and device for preventing transmission data from being tampered
CN109711178B (en) Key value pair storage method, device, equipment and storage medium
CN113282951B (en) Application program security verification method, device and equipment
CN113055182A (en) Authentication method and system, terminal, server, computer system, and medium
CN110414269B (en) Processing method, related device, storage medium and system of application installation package
CN114615087B (en) Data sharing method, device, equipment and medium
CN115296807B (en) Key generation method, device and equipment for preventing industrial control network viruses
CN109995534B (en) Method and device for carrying out security authentication on application program
WO2019242163A1 (en) Data security verification method, apparatus and system, and computer device and storage medium
CN112966286B (en) Method, system, device and computer readable medium for user login
CN115484080A (en) Data processing method, device and equipment of small program and storage medium
CN113448612A (en) Plug-in updating method, device, electronic equipment, medium and program product
CN115001828A (en) Secure access method, system, electronic device and medium for transaction data
CN114584378A (en) Data processing method, device, electronic equipment and medium
CN114780124A (en) Differential upgrading method, device, medium and electronic equipment
CN113297588A (en) Password processing device, and control method and device of password processing device
CN114785560B (en) Information processing method, device, equipment and medium
CN116738472B (en) Task data encryption method, device and equipment applied to task data interaction
CN114386073A (en) Method and device for creating security certificate, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination