CN115378811B - Offline upgrading method based on portable operation and maintenance gateway - Google Patents

Offline upgrading method based on portable operation and maintenance gateway Download PDF

Info

Publication number
CN115378811B
CN115378811B CN202211023045.1A CN202211023045A CN115378811B CN 115378811 B CN115378811 B CN 115378811B CN 202211023045 A CN202211023045 A CN 202211023045A CN 115378811 B CN115378811 B CN 115378811B
Authority
CN
China
Prior art keywords
maintenance
upgrade
time
upgrade package
image
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211023045.1A
Other languages
Chinese (zh)
Other versions
CN115378811A (en
Inventor
刘欣欣
张晓东
孔令武
关勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Luoan Technology Co Ltd
Original Assignee
Beijing Luoan Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Luoan Technology Co Ltd filed Critical Beijing Luoan Technology Co Ltd
Priority to CN202211023045.1A priority Critical patent/CN115378811B/en
Publication of CN115378811A publication Critical patent/CN115378811A/en
Application granted granted Critical
Publication of CN115378811B publication Critical patent/CN115378811B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/082Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)

Abstract

An off-line upgrading method based on a portable operation and maintenance gateway is applied to an industrial control system using the operation and maintenance gateway, wherein operation and maintenance assets in the industrial control system are connected with a gateway main body, the gateway main body is connected with an operation and maintenance computer, and an operation and maintenance terminal is connected with the operation and maintenance computer; connecting the operation and maintenance terminal with an operation and maintenance computer, and binding the currently connected operation and maintenance terminal with the operation and maintenance computer by the operation and maintenance computer; and the operation and maintenance computer selects the encrypted upgrade package in the operation and maintenance terminal according to the target upgraded software and/or service, and upgrades the target upgraded software and/or service by using the corresponding encrypted upgrade package. The method and the system avoid the dismantling work during upgrading, reduce the cost, supervise the upgrading condition and avoid influencing the use of a gateway main body or operation and maintenance assets due to upgrading failure.

Description

Offline upgrading method based on portable operation and maintenance gateway
Technical Field
The invention relates to the technical field of offline upgrading, in particular to an offline upgrading method based on a portable operation and maintenance gateway.
Background
In an industrial control system, the operation and maintenance gateway is usually used for monitoring the safety of the industrial control system, but for upgrading the application and/or service in the gateway main body, especially in the operation and maintenance asset, the gateway main body or the operation and maintenance asset needs to be disassembled to complete the upgrading, so that the cost of upgrading materials is increased, manual upgrading is needed one by one, and the workload of maintenance personnel is further increased.
Therefore, the problems of the prior art are to be further improved and developed.
Disclosure of Invention
The object of the invention is: in order to solve the problems in the prior art, the present invention provides an offline upgrade method based on a portable operation and maintenance gateway.
The technical scheme is as follows: in order to solve the above technical problems, the present technical solution provides an offline upgrade method based on a portable operation and maintenance gateway, which is applied to an industrial control system using the operation and maintenance gateway, and specifically includes the following steps,
firstly, an upgrade forming unit makes an upgrade package of software and/or service, compresses and encrypts the upgrade package and stores the upgrade package in an operation and maintenance terminal; the upgrading forming unit comprises a character library, the character library stores time character images, an encryption subsection of the upgrading forming unit selects the time character images according to operation and maintenance personnel who realize upgrading and operation time periods, and the time character images are covered on a compression upgrading packet;
connecting the operation and maintenance terminal with an operation and maintenance computer, and binding the currently connected operation and maintenance terminal with the operation and maintenance computer by the operation and maintenance computer;
thirdly, the operation and maintenance computer selects an encrypted upgrade package in the operation and maintenance terminal according to the target upgraded software and/or service, and upgrades the target upgraded software and/or service by using the corresponding encrypted upgrade package;
step three includes step 3.1, the decryption unit of the operation and maintenance computer decrypts the encrypted upgrade package; the operation and maintenance computer comprises a camera shooting unit, the decryption unit reads time information on the time figure image and checks whether the time period on the time figure image is consistent with the current operation time or not; the camera shooting unit collects image information of operation and maintenance personnel, the collected image information is compared with the person image part in the person image at the time, and when the persons in the two images are determined to be the same person, the operation and maintenance computer continues upgrading operation.
In the first step, the manufacturing branch of the upgrade forming unit manufactures an upgrade package of software to be upgraded aiming at different operating systems, different upgrade services and running scripts; and the compression branch of the upgrade forming unit compresses the manufactured upgrade package, and the encryption branch of the upgrade forming unit encrypts the compressed upgrade package.
In the second step, when the operation and maintenance terminal is connected with the operation and maintenance computer, the operation and maintenance computer responds to the detection of the access of an external storage device, namely the access of the operation and maintenance terminal is detected, a binding unit of the operation and maintenance computer detects basic information of the operation and maintenance terminal, displays an operation and maintenance terminal partition, selects an appointed partition, scans the operation and maintenance terminal for viruses, and binds the operation and maintenance terminal currently connected with the operation and maintenance computer under the condition of safe scanning; when the binding unit of the operation and maintenance computer monitors that the operation and maintenance terminal contains viruses, the operation and maintenance terminal is not allowed to be used.
Wherein, the third step also comprises the following steps,
step 3.2, decompressing the decrypted upgrade package by a decompression unit of the operation and maintenance computer; the decompression unit stores the decompressed upgrade package into a temporary directory of the operation and maintenance computer;
step 3.3, comparing the information of the decompressed upgrade package with the information of the target upgraded software and/or service by an execution unit of the operation and maintenance computer, and if the version of the upgrade package is smaller than the version of the gateway, not allowing upgrading, and if the version of the upgrade package is larger than the version of the gateway, allowing upgrading;
and 3.4, finishing the upgrading of the software and/or service of the target upgrading according to the structure type of the decompressed upgrading packet by the execution unit of the operation and maintenance computer.
When the file storage time under the temporary directory is longer than or equal to the first time and shorter than the second time, the temporary directory sends a display prompt to a display screen of the operation and maintenance computer, meanwhile, the temporary directory sends a reading progress command to an execution unit of the operation and maintenance computer, the execution unit sends the upgrading progress of decompressing the upgrade package to the display screen, and the display screen displays the display prompt and the upgrading progress of decompressing the upgrade package;
when the file storage duration under the temporary directory is greater than or equal to the second duration, the temporary directory sends a display warning to the display screen of the operation and maintenance computer, and when the duration of sending the display warning to the display screen of the operation and maintenance computer by the temporary directory is greater than a first threshold, the temporary directory deletes the decompression upgrade package with the storage duration greater than or equal to the second duration.
Wherein, when the software and/or service of the target upgrade is the executable service type, the step 3.4 includes specifically,
step 3.4.1, the execution unit uses the preset command to uninstall the software and/or service of the target upgrade; the preset command may be a "stop _" preset command;
step 3.4.2, the execution unit backs up the original content of the target upgraded software and/or service, and copies the software and/or service in the decompressed upgrade package to a preset directory;
step 3.4.3, the execution unit executes the software and/or service upgrading deployment operation of the target upgrading; the upgrade deployment operation can be executed by using an 'install' command, and the 'install' operation can include a preset directory process for copying original software and/or service contents to target upgraded software and/or services;
step 3.4.4, the execution unit restarts the software and/or service of the target upgrade to complete the upgrade; software and/or services that restart the targeted upgrade may use a "start _" command to complete the upgrade.
When the software and/or service of the target upgrade is a static resource service type, the specific operation in step 3.4 includes that the execution unit backups the original software and/or service content of the software and/or service of the target upgrade, and copies and decompresses the static resource in the upgrade package to the preset directory.
When the software and/or service of the target upgrade is a database service type, the specific operation in step 3.4 includes that the execution unit executes different operation behaviors including insert, update and delete according to the database sql, and supports incremental upgrade and full deployment.
The character library is provided with a plurality of character directories, the character images of an operation and maintenance person are correspondingly stored in one character directory, and the character images with different time period marks of the character are stored in each character directory: a temporal character image;
the upgrade forming unit further includes a first gallery in which image blocks are stored, the image blocks corresponding to the time character images one-to-one, when a specific time character image is selected by the encryption section, the image block corresponding to the selected time character image in the first gallery is selected at the same time, and the image block corresponding to the selected time character image is placed between the compression upgrade package and the time character image by the encryption section;
the storage unit of the operation and maintenance computer stores a stereo image and a time axis, a plurality of characters are arranged around the stereo image, the characters correspond to the character images of the operation and maintenance personnel in the character library, and the characters respectively rotate in the 360-degree direction of the stereo image according to the positions of the time axis, so that different characters have different visual fields on different time axes to the stereo image;
and the decryption unit adjusts the time axis of the storage unit to be the time period on the time character image according to the characters and the time period on the time character image, selects the characters on the time character image under the time period of the time character image, determines the time period, captures the view field image after the characters are opposite to the view field of the three-dimensional image, and compares and decrypts the view field capture with the image blocks between the compression upgrade package and the time character image.
When the self-deleting command is started, the upgrading packet and/or the compressed upgrading packet are/is completely deleted;
when the encryption subsection of the upgrade forming unit decrypts the compressed upgrade package, a decryption error upper limit is set, and when the decryption error frequency of the compressed upgrade package reaches the decryption error upper limit, the compressed upgrade package starts a self-deleting command to completely delete the upgrade package and/or the compressed upgrade package.
(III) the beneficial effects are as follows: the off-line upgrading method based on the portable operation and maintenance gateway provided by the invention avoids the dismantling work when the application and/or service in the gateway main body or the operation and maintenance asset is upgraded, reduces the material cost and the workload of maintenance personnel, can supervise the upgrading condition, avoids the influence on the use of the gateway main body or the operation and maintenance asset due to the upgrading failure, realizes the limitation on the use of the upgrading packet, reduces the large-range illegal use of software crackers, improves the safety of the upgrading packet, and avoids the damage of hackers on the industrial control system by using the upgrading packet.
Drawings
FIG. 1 is a schematic diagram illustrating steps of an off-line upgrading method based on a portable operation and maintenance gateway according to the present invention;
fig. 2 is a schematic diagram of a connection relationship of an industrial control system using an operation and maintenance gateway applied in the present invention.
Detailed Description
The present invention will be described in further detail with reference to preferred embodiments, and more details are set forth in the following description in order to provide a thorough understanding of the present invention, but it is apparent that the present invention can be embodied in many other forms different from the description herein and can be similarly generalized and deduced by those skilled in the art based on the practical application without departing from the spirit of the present invention, and therefore, the scope of the present invention should not be limited by the contents of this detailed embodiment.
The drawings are schematic representations of embodiments of the invention, and it is noted that the drawings are intended only as examples and are not drawn to scale and should not be construed as limiting the true scope of the invention.
An off-line upgrading method based on a portable operation and maintenance gateway is a method for upgrading software and services in an industrial control system needing operation and maintenance or software and services in the operation and maintenance gateway when the portable operation and maintenance gateway is used.
An off-line upgrading method based on a portable operation and maintenance gateway is applied to an industrial control system using the operation and maintenance gateway to upgrade software and services in the industrial control system or the operation and maintenance gateway. When the operation and maintenance gateway is used by the industrial control system, the operation and maintenance assets in the industrial control system are connected with the gateway main body, when operation and maintenance or updating is needed, the gateway main body is connected with the operation and maintenance computer, the operation and maintenance terminal is connected with the operation and maintenance computer, and the operation and maintenance terminal can upgrade software and/or services in the gateway main body or the operation and maintenance assets through the operation and maintenance computer.
The offline upgrade also includes an upgrade forming unit for making an upgrade package, where the upgrade forming unit may be a PC terminal, a notebook computer, a tablet computer, or other intelligent terminals, and is not limited herein. The upgrade forming unit comprises a manufacturing subsection, a compression subsection and an encryption subsection.
The off-line upgrade method specifically comprises the following steps,
step one, an upgrade forming unit makes an upgrade package of software and/or service, compresses and encrypts the upgrade package and stores the upgrade package in an operation and maintenance terminal.
And step two, connecting the operation and maintenance terminal with an operation and maintenance computer, and binding the currently connected operation and maintenance terminal with the operation and maintenance computer by the operation and maintenance computer.
And step three, the operation and maintenance computer selects the encrypted upgrade package in the operation and maintenance terminal according to the target upgraded software and/or service, and upgrades the target upgraded software and/or service by using the corresponding encrypted upgrade package.
In the first step, the manufacturing branch of the upgrade forming unit manufactures the upgrade package of the software to be upgraded aiming at different operating systems, different upgrade services and running scripts.
And after the compression part of the upgrade forming unit compresses the manufactured upgrade package, the encryption part of the upgrade forming unit encrypts the upgrade package. Wherein the compression format of the compressed packet may use a 7z format.
The manufacturing method of the software and/or service upgrading package of the target upgrading by the manufacturing branch of the upgrading forming unit is that structure setting is carried out according to the software and/or service needing upgrading, the specified service is upgraded in each module, the specified service comprises a software and/or service deployment structure to be upgraded, a command for closing the software and/or service is preset, the command needing to be operated is upgraded, the upgrading module can be expanded, different modules are constructed according to different software and/or services, the name of a script is appointed, a start _ "is used as a starting script, a stop _" is used as an ending script, and an install _ "is used as an execution script; the DB module is used as a data upgrade, and other software and/or services may define the upgrade module.
In the second step, when the operation and maintenance terminal is connected with the operation and maintenance computer, the operation and maintenance computer responds to the detection of the access of an external storage device, namely the access of the operation and maintenance terminal is detected, a binding unit of the operation and maintenance computer detects basic information of the operation and maintenance terminal, displays an operation and maintenance terminal partition, selects an appointed partition, scans the operation and maintenance terminal for viruses, and binds the operation and maintenance terminal currently connected with the operation and maintenance computer under the condition of safe scanning; when the binding unit of the operation and maintenance computer monitors that the operation and maintenance terminal contains viruses, the operation and maintenance terminal is not allowed to use.
The following operation steps are specifically included in the third step,
step 3.1, the decryption unit of the operation and maintenance computer decrypts the encrypted upgrade package, and if decryption verification fails, upgrade is not allowed;
step 3.2, decompressing the decrypted upgrade package by a decompression unit of the operation and maintenance computer; the decompression unit stores the decompressed upgrade package into a temporary directory of the operation and maintenance computer;
step 3.3, comparing the information of the decompressed upgrade package with the information of the target upgraded software and/or service by the execution unit of the operation and maintenance computer, if the version of the upgrade package is smaller than the version of the gateway, not allowing the upgrade, and if the version of the upgrade package is larger than the version of the gateway, allowing the upgrade;
step 3.4, the execution unit of the operation and maintenance computer completes the upgrading of the software and/or service of the target upgrading according to the decompressed upgrading packet structure; the execution unit judges the type of the software and/or service of the upgrading target, can execute the service type, the static resource service type and the database service type, upgrades the execution script and finishes the upgrading operation of the software and/or service of the upgrading target;
when the targeted upgraded software and/or services are of the executable service type, the specific operations include,
step 3.4.1, the execution unit uses the preset command to uninstall the software and/or service upgraded by the target; the preset command may be a "stop _" preset command;
step 3.4.2, the execution unit backs up the original content of the target upgraded software and/or service, and copies the software and/or service in the decompressed upgrade package to a preset directory;
step 3.4.3, the execution unit executes the software and/or service upgrading deployment operation of the target upgrading; the upgrade deployment operation can be executed by using an 'install' command, and the 'install' operation can include a preset directory process for copying original software and/or service contents to target upgraded software and/or services;
step 3.4.4, the execution unit restarts the software and/or service of the target upgrade to complete the upgrade; software and/or services that restart the targeted upgrade may use a "start _" command to complete the upgrade.
When the software and/or service of the target upgrade is a static resource service type, the specific operations include,
the execution unit backups the original software and/or service content of the target upgraded software and/or service, and copies the static resources in the decompressed upgrade package to a preset directory.
When the targeted upgraded software and/or service is a database service type, the specific operations include,
the execution unit executes different operation behaviors including insert, update and delete according to the database sql, and supports incremental upgrading and full deployment.
The temporary directory sets a first time length and a second time length of the storage time length.
When the file storage time under the temporary directory is longer than or equal to a first time and shorter than a second time, the temporary directory sends a display prompt to a display screen of the operation and maintenance computer, meanwhile, the temporary directory sends a reading progress command to an execution unit of the operation and maintenance computer, the execution unit sends the upgrading progress of decompressing the upgrading packet to the display screen,
the display screen displays prompts to an operator, wherein the prompt comprises that the storage time of the upgrade package is decompressed to exceed a first time, and the upgrade of software and/or service is checked in time: and decompressing the upgrade progress details of the upgrade package. The upgrade progress details of the decompressed upgrade package at least comprise whether the upgrade is started or not and the upgrade progress percentage of the decompressed upgrade package.
The operator can select whether to renew the target software and/or service or renew the compressed upgrade package of the target software and/or service according to the prompt displayed by the display screen.
When the file storage duration under the temporary directory is greater than or equal to the second duration, the temporary directory sends a display warning to the display screen of the operation and maintenance computer, and when the duration that the temporary directory sends the display warning to the display screen of the operation and maintenance computer is greater than the first threshold, the temporary directory deletes the decompression upgrade package with the storage duration greater than or equal to the second duration, so that the storage space occupied by upgrading is reduced, and meanwhile, the leakage of the upgrade program of software and/or service is avoided.
The upgrade forming unit further comprises a person library, the person library is provided with a plurality of person directories, and a person image of an operation and maintenance person is correspondingly stored in one person directory. Each person directory stores the person images with different time period labels of the person: a temporal character image. The time character image comprises operation and maintenance personnel for specifically realizing the upgrading operation and a time period for the operation and maintenance personnel to carry out the upgrading operation.
And the encryption subsection selects a specific character directory from the character library according to operation and maintenance personnel for realizing upgrading, then selects a specific time character image under the selected character directory according to the time period requirement for upgrading operation, and covers the selected time character image on the compressed upgrading package. When the character image is determined, the specific operation and maintenance personnel who realize the use (upgrade execution) of the upgrade package and the time period for carrying out the upgrade operation can be determined.
And the decryption unit of the operation and maintenance computer decrypts the encrypted upgrade package by primary decryption and secondary decryption.
The operation and maintenance computer comprises a camera shooting unit, when a decryption unit of the operation and maintenance reading computer performs primary decryption on the encrypted upgrade package, the decryption unit reads time information on the time character image, checks a time period on the time character image with the current operation time, and determines whether the current operation time is in the time period on the character image. The decryption operation is terminated when the current operation time is not within the time period of the figure image; when the current operation time is within the time period of the figure image, the camera shooting unit collects the image information of the operation and maintenance personnel, the collected image information is compared with the figure image part covered on the time figure image of the compression upgrading package, and when the comparison similarity is larger than or equal to the figure threshold value, the operation and maintenance computer continues upgrading operation. The human figure threshold is a preset numerical value, preferably a value greater than or equal to 95%.
The upgrade formation unit further comprises a first gallery in which image segments are stored, the image segments corresponding one-to-one to the time character images, i.e. when the encryption subsection selects a specific time character image, the image segment in the first gallery corresponding to the selected time character image is selected. And the encryption section places the image patch corresponding to the selected temporal character image between the compression upgrade package and the temporal character image.
The operation and maintenance computer further comprises a storage unit, a stereoscopic image and a time axis are stored in the storage unit, a plurality of people are arranged around the stereoscopic image and rotate in the 360-degree direction of the stereoscopic image according to the positions of the time axis, namely, different people around the stereoscopic image have different views for the stereoscopic image when the different people are in different time periods. The multiple characters around the stereo image correspond to the character images of the operation and maintenance personnel in the upgrade forming unit character library, namely the characters around the stereo image are respectively the same as the characters in the character images in the upgrade forming unit character library.
The stereo image is preferably formed by splicing a plurality of stereo images. The human being around the stereoscopic image is non-uniformly arranged around the stereoscopic image.
And after the decryption unit of the operation and maintenance computer completes the primary decryption of the encrypted upgrade package, the decryption unit performs secondary decryption on the encrypted upgrade package. At this time, the decryption unit reads the person and the time slot on the time character image, then the decryption unit adjusts the time axis of the storage unit to the time slot on the time character image according to the person and the time slot on the time character image, selects the person on the time character image under the time slot of the time character image, and determines the time slot, wherein the person is relatively in the visual field of the stereoscopic image. And then the decryption unit captures the view of the corresponding character and the time period, compares the captured view with the image blocks between the compressed upgrade package and the time character image, succeeds in decryption when the similarity between the view captured view and the image blocks is larger than a similarity threshold, and fails in decryption when the similarity between the view captured view and the image faces of the image blocks is smaller than or equal to the similarity threshold.
The similarity threshold may be any value between greater than 90% and less than or equal to 100%.
And the manufacturing branch sets a self-deleting command when manufacturing the upgrade package, and completely deletes the upgrade package and/or the compressed upgrade package when the self-deleting command is started.
When the encryption subsection decrypts the compression upgrade package, a decryption error upper limit is set, and when the number of times of first-stage decryption and/or second-stage decryption errors of the compression upgrade package reaches the decryption error upper limit, the compression upgrade package starts a self-deleting command to completely delete the compression upgrade package.
The invention sets the first-stage decryption and the second-stage decryption when the compression upgrade package is decrypted, thereby avoiding the decryption by using the images of the operation and maintenance personnel by non-appointed operation and maintenance personnel.
An off-line upgrading method based on a portable operation and maintenance gateway avoids dismantling work when upgrading application and/or service in a gateway main body or operation and maintenance assets, reduces material cost and workload of maintenance personnel, can supervise upgrading conditions, and avoids influencing the use of the gateway main body or the operation and maintenance assets due to upgrading failure; meanwhile, the upgrade package is encrypted, so that the use of the upgrade package is limited and only authorized users can use the upgrade package, the large-range illegal use of software crackers is reduced, the safety of the upgrade package is improved, and the damage of hackers to industrial control systems by using the upgrade package is avoided.
The above description is provided for the purpose of illustrating the preferred embodiments of the present invention and will assist those skilled in the art in more fully understanding the technical solutions of the present invention. However, these examples are merely illustrative, and the embodiments of the present invention are not to be considered as being limited to the description of these examples. For those skilled in the art to which the invention pertains, several simple deductions and changes can be made without departing from the inventive concept, and all should be considered as falling within the protection scope of the invention.

Claims (6)

1. An off-line upgrading method based on a portable operation and maintenance gateway is characterized in that the method is applied to an industrial control system using the operation and maintenance gateway and specifically comprises the following steps,
firstly, an upgrade forming unit makes an upgrade package of software and/or service, compresses and encrypts the upgrade package and stores the upgrade package in an operation and maintenance terminal; the upgrading forming unit comprises a character library, the character library stores time character images, an encryption subsection of the upgrading forming unit selects the time character images according to operation and maintenance personnel who realize upgrading and operation time periods, and the time character images are covered on a compression upgrading packet;
connecting the operation and maintenance terminal with an operation and maintenance computer, and binding the currently connected operation and maintenance terminal with the operation and maintenance computer by the operation and maintenance computer;
thirdly, the operation and maintenance computer selects an encryption upgrade package in the operation and maintenance terminal according to the target upgraded software and/or service, and upgrades the target upgraded software and/or service by using the corresponding encryption upgrade package;
step three includes step 3.1, the decryption unit of the operation and maintenance computer performs primary decryption on the encrypted upgrade package; the operation and maintenance computer comprises a camera shooting unit, the decryption unit reads time information on the time figure image and checks whether the current operation time is a time point in a time period on the time figure image; when the current operation time is within the time period of the figure image, the camera unit collects the image information of the operation and maintenance personnel, the collected image information is compared with the figure image part in the figure image at the time, and when the figures in the two images are the same, the operation and maintenance computer continues upgrading operation;
the character library is provided with a plurality of character directories, a character image of an operation and maintenance person is correspondingly stored in one character directory, and the character image with different time period marks is stored in each character directory: a temporal character image;
the upgrade forming unit further comprises a first gallery in which image blocks are stored, the image blocks corresponding to the time character images one to one, when a specific time character image is selected by the encryption section, the image block corresponding to the selected time character image in the first gallery is selected at the same time, and the image block corresponding to the selected time character image is placed between the compression upgrade package and the time character image by the encryption section;
the storage unit of the operation and maintenance computer stores a stereo image and a time axis, a plurality of characters are arranged around the stereo image, the characters correspond to the character images of the operation and maintenance personnel in the character library, and the characters respectively rotate in the 360-degree direction of the stereo image according to the positions of the time axis, so that different characters have different visual fields on different time axes to the stereo image;
after the decryption unit of the operation and maintenance computer completes the first-level decryption of the encrypted upgrade package, the decryption unit performs the second-level decryption of the encrypted upgrade package: the decryption unit adjusts the time axis of the storage unit to be the time period on the time character image according to the characters and the time period on the time character image, selects the characters on the time character image under the time period of the time character image, determines the time period, captures the view field image after the characters correspond to the view field of the stereo image, and compares and decrypts the view field capture with the image blocks between the compression upgrade package and the time character image: and when the similarity between the view screenshot and the image block is greater than the similarity threshold, the decryption is successful.
2. The off-line upgrading method based on the portable operation and maintenance gateway as claimed in claim 1, wherein in step one, the manufacturing subsection of the upgrade forming unit manufactures the upgrade package of the software to be upgraded aiming at different operating systems, different upgrade services and running scripts; and the compression branch of the upgrade forming unit compresses the manufactured upgrade package, and the encryption branch of the upgrade forming unit encrypts the compressed upgrade package.
3. The off-line upgrading method based on the portable operation and maintenance gateway as claimed in claim 1, wherein in step two, when the operation and maintenance terminal is connected to the operation and maintenance computer, the operation and maintenance computer detects that an external storage device is connected, that is, the operation and maintenance terminal is connected, the binding unit of the operation and maintenance computer detects basic information of the operation and maintenance terminal, displays a partition of the operation and maintenance terminal, selects a designated partition, scans the operation and maintenance terminal for viruses, and binds the operation and maintenance terminal currently connected to the operation and maintenance computer with the operation and maintenance computer under the condition of safe scanning; when the binding unit of the operation and maintenance computer monitors that the operation and maintenance terminal contains viruses, the operation and maintenance terminal is not allowed to be used.
4. The off-line upgrading method based on the portable operation and maintenance gateway according to claim 1, further comprising in step three,
step 3.2, decompressing the decrypted upgrade package by a decompression unit of the operation and maintenance computer; the decompression unit stores the decompressed upgrade package into a temporary directory of the operation and maintenance computer;
step 3.3, comparing the information of the decompressed upgrade package with the information of the target upgraded software and/or service by the execution unit of the operation and maintenance computer, if the version of the upgrade package is smaller than the version of the gateway, not allowing the upgrade, and if the version of the upgrade package is larger than the version of the gateway, allowing the upgrade;
step 3.4, the execution unit of the operation and maintenance computer completes the upgrading of the software and/or service of the target upgrading according to the structure type of the decompressed upgrading packet;
when the software and/or service targeted for upgrade is of the executable service type, step 3.4 includes in particular,
step 3.4.1, the execution unit uses the preset command to uninstall the software and/or service upgraded by the target; the preset command may be a "stop _" preset command;
step 3.4.2, the execution unit backs up the original content of the target upgraded software and/or service, and copies the software and/or service in the decompressed upgrade package to a preset directory;
step 3.4.3, the execution unit executes the software and/or service upgrading deployment operation of the target upgrading; the upgrade deployment operation can be executed by using an 'install' command, and the 'install' operation can include a preset directory process for copying original software and/or service contents to target upgraded software and/or services;
step 3.4.4, the execution unit restarts the software and/or service of the target upgrade to complete the upgrade; software and/or services that restart the target upgrade may use a "start _" command to complete the upgrade;
when the software and/or service of the target upgrade is the static resource service type, the specific operation in step 3.4 includes that the execution unit backups the original software and/or service content of the software and/or service of the target upgrade, and copies and decompresses the static resource in the upgrade package to the preset directory;
when the software and/or service of the target upgrade is a database service type, the specific operation in step 3.4 includes that the execution unit executes different operation behaviors including insert, update and delete according to the database sql, and supports incremental upgrade and full deployment.
5. The off-line upgrading method based on the portable operation and maintenance gateway as claimed in claim 4, wherein the temporary directory sets a first time length and a second time length of a storage time length, when the file storage time length under the temporary directory is greater than or equal to the first time length and smaller than the second time length, the temporary directory sends a display prompt to a display screen of the operation and maintenance computer, meanwhile, the temporary directory sends a reading progress command to an execution unit of the operation and maintenance computer, the execution unit sends an upgrading progress of decompressing the upgrade package to the display screen, and the display screen displays the display prompt and the upgrading progress of decompressing the upgrade package;
when the file storage time under the temporary directory is longer than or equal to the second time, the temporary directory sends a display warning to the display screen of the operation and maintenance computer, and when the time for sending the display warning to the display screen of the operation and maintenance computer by the temporary directory is longer than a first threshold, the temporary directory deletes the decompression upgrade package with the storage time longer than or equal to the second time.
6. The off-line upgrading method based on the portable operation and maintenance gateway as claimed in claim 1, wherein the manufacturing subsection of the upgrade forming unit sets a self-deleting command when manufacturing the upgrade package, and when the self-deleting command is started, the upgrade package and/or the compressed upgrade package are/is completely deleted;
when the encryption subsection of the upgrade formation unit decrypts the compressed upgrade package, a decryption error upper limit is set, and when the number of decryption errors of the compressed upgrade package reaches the decryption error upper limit, the compressed upgrade package starts a self-deleting command to completely delete the upgrade package and/or the compressed upgrade package.
CN202211023045.1A 2022-08-25 2022-08-25 Offline upgrading method based on portable operation and maintenance gateway Active CN115378811B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211023045.1A CN115378811B (en) 2022-08-25 2022-08-25 Offline upgrading method based on portable operation and maintenance gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211023045.1A CN115378811B (en) 2022-08-25 2022-08-25 Offline upgrading method based on portable operation and maintenance gateway

Publications (2)

Publication Number Publication Date
CN115378811A CN115378811A (en) 2022-11-22
CN115378811B true CN115378811B (en) 2023-04-07

Family

ID=84066991

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211023045.1A Active CN115378811B (en) 2022-08-25 2022-08-25 Offline upgrading method based on portable operation and maintenance gateway

Country Status (1)

Country Link
CN (1) CN115378811B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113765780A (en) * 2021-09-27 2021-12-07 北京珞安科技有限责任公司 Portable operation and maintenance gateway based on Internet of things

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000339507A (en) * 1999-05-27 2000-12-08 Is Co Ltd Security system including room entry restriction release means
JP2008257487A (en) * 2007-04-05 2008-10-23 Multi Solution:Kk Face-authentication-based shoplifting detection system
CN106022046B (en) * 2016-05-24 2018-11-20 苏州安至上机电科技有限公司 A kind of accredited operation monitoring and managing method of special equipment
CN112241276B (en) * 2019-07-19 2022-04-22 华为技术有限公司 Equipment upgrading method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113765780A (en) * 2021-09-27 2021-12-07 北京珞安科技有限责任公司 Portable operation and maintenance gateway based on Internet of things

Also Published As

Publication number Publication date
CN115378811A (en) 2022-11-22

Similar Documents

Publication Publication Date Title
US20230403374A1 (en) Self-healing video surveillance system
CN105573780B (en) A kind of mobile terminal operating system upgrade method and device based on container
WO2017067448A1 (en) Firmware-over-the-air upgrade method, system and computer storage medium
CN105138347A (en) Difference upgrade patch generating method, software upgrading method and corresponding apparatus
CN106648781B (en) Method and system for upgrading remote firmware of communication equipment
KR101369251B1 (en) Apparatus, method, terminal and system for recovery protection of system files
KR20170017713A (en) Boot loader update firmware, method for updating boot loader
CN102289622A (en) Trusted startup method based on authentication policy file and hardware information collection
CN105468393A (en) Module version upgrading method and terminal apparatus
CN115378811B (en) Offline upgrading method based on portable operation and maintenance gateway
CN107133056A (en) The method and apparatus of smart machine upgrading restoring subregion
IL267062B2 (en) Data backup system and method
KR102221593B1 (en) System for maintaining the installation envoronment of computer terminals
CN111353150B (en) Trusted boot method, trusted boot device, electronic equipment and readable storage medium
CN111125710B (en) Information processing method and device, electronic equipment and storage medium
CN108063693B (en) Information uploading method and terminal equipment
CN116489210B (en) Method, device and computer equipment for remote configuration and application issuing
JP2016200942A (en) Installation device and installation method
CN111464333A (en) Remote debugging method, computer equipment, storage device and remote debugging system
CN113608750B (en) Deployment method and device of monitoring component, computer equipment and storage medium
CN117970907B (en) Trusted DCS controller trusted function test method, electronic equipment and storage medium
CN114048072A (en) File management method and device, touch screen terminal, electronic device and storage medium
CN110597519A (en) Upgrading failure processing method, device and system
CN116501340A (en) Method and system for constructing release system of embedded system
EP3948519A1 (en) Systems and methods for implementing model-based application control frameworks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant