CN115586910A - Application upgrading method and computer equipment - Google Patents

Application upgrading method and computer equipment Download PDF

Info

Publication number
CN115586910A
CN115586910A CN202211110619.9A CN202211110619A CN115586910A CN 115586910 A CN115586910 A CN 115586910A CN 202211110619 A CN202211110619 A CN 202211110619A CN 115586910 A CN115586910 A CN 115586910A
Authority
CN
China
Prior art keywords
application
application software
software
computer
list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211110619.9A
Other languages
Chinese (zh)
Inventor
黄全伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Henan Kunlun Technology Co ltd
Original Assignee
XFusion Digital Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by XFusion Digital Technologies Co Ltd filed Critical XFusion Digital Technologies Co Ltd
Priority to CN202211110619.9A priority Critical patent/CN115586910A/en
Publication of CN115586910A publication Critical patent/CN115586910A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Stored Programmes (AREA)

Abstract

The application discloses an application upgrading method and computer equipment, and relates to the field of computers. The method comprises the following steps: and responding to the application upgrading instruction, acquiring the use permission of the application software to be used for upgrading the application, and upgrading the application by using the application software when the use permission of the application software indicates that the application software is allowed to be used for upgrading. The method and the device can avoid upgrading the application by using the application software with safety risk during application upgrading, so that upgrading failure is avoided.

Description

Application upgrading method and computer equipment
Technical Field
The invention relates to the field of computers, in particular to an application upgrading method and computer equipment.
Background
At present, in order to repair defects of application software, enhance functions of the application software, and improve user experience, the application software is upgraded or rolled back. However, the released application software may generate some security holes over time, and there may be a security risk in using the application software having the security holes. If the version anti-rollback mode is adopted for upgrading the application software, the version of the application software can only be prevented from rolling back to an old version, and the application software cannot be ensured to be successfully upgraded to avoid safety risks. Therefore, how to ensure the upgrade of the application software to a safe version is a problem that needs to be solved urgently at present.
Disclosure of Invention
The application upgrading method and the computer equipment solve the problem of how to ensure the successful upgrading of application software.
In a first aspect, a method for upgrading an application is provided, and the method includes: and responding to an upgrading instruction of the application, acquiring the use permission of the application software to be used for upgrading the application, and upgrading the application by using the application software when the use permission of the application software indicates that the application software is allowed to be used for upgrading.
Since the application software applied may have security risks over time, each application software is set with corresponding usage rights. When the application is upgraded, whether the application is upgraded by using the application software is decided according to the use permission of the application software, when the use permission indicates that the application is allowed to be used, the application software is safe and available, the application is upgraded by using the application software, the safety of the application upgrade can be improved, the application software is ensured to be successfully upgraded, and the application upgrading failure caused by the fact that the application is upgraded by using the application software with safety risk is avoided.
Specifically, after responding to an upgrade instruction of the application, an application software revoke list for indicating the use permission of a plurality of application software of the application is obtained, and the application software revoke list is inquired according to the application identification of the application software to determine the use permission of the application software indicated by the application identification. Therefore, the application identifier of the application software, the use permission of the application software and the corresponding relation are stored in the application software revoke list, the use permission of the application software indicated by the application identifier can be conveniently determined according to the application software revoke list, and the application upgrading efficiency is effectively improved.
Optionally, a digital signature corresponding to the application software revocation list is obtained, and the application software revocation list is verified according to the digital signature. And when the application software revocation list is verified to be legal, determining the use authority of the application software indicated by the application identifier in the application software revocation list. Therefore, whether the used application software revocation list is consistent with the issued application software revocation list or not is verified in a digital signature mode, application upgrading is avoided by using a tampered application software revocation list, and safety of the application software revocation list is improved.
In one possible implementation mode, when the use permission of the application software indicates that the application software is not allowed to be used, the application software is cancelled, and the application software is not allowed to be used for upgrading.
When the use authority of the application software indicates that the application software is not allowed to be used according to the application software revoke list, the fact that the application software has a safety risk is shown, and the application software is threatened to the terminal equipment when the application software is used for upgrading the application, so that the application software is revoked and is not allowed to be used any more when the use authority of the application software indicates that the application software is not allowed to be used.
In another possible implementation, the application revocation list represents the usage rights of the application in the form of a mask.
The mask is a string of binary codes, and the application software revocation list is represented in the form of the mask, so that the use authority of the reference software and the corresponding relation between the application software and the use authority of the application software can be more intuitively represented.
In another possible implementation manner, after obtaining the application revocation list and before obtaining the usage right of the application, the method further includes: and updating the application software revocation list into the released application software revocation list of the latest version.
And the stored application software revocation list is updated, so that the situation that newly discovered application software with safety risks is used for upgrading during application upgrading due to the fact that the application software revocation list is not updated timely is avoided.
In another possible implementation manner, after obtaining the application software revocation list, the method further includes: and storing the acquired application software overhead list in a FLASH (FLASH) memory.
The FLASH memory is characterized by being erasable for many times, and power failure data can not be lost. Therefore, the acquired application software revoke list is stored in the FLASH memory, and when the application software revoke list is updated, the updated application software revoke list is written into the FLASH memory.
In another possible implementation manner, after obtaining the application software revocation list, the method further includes: the retrieved application revocation list is written into the OTP register,
different from a FLASH memory, the OTP register has the characteristic of one-time programming, so that the information of the application software revoke list is written into the OTP register, the application software revoke list is not required to be verified by using a digital signature, and the application software revoke list can be prevented from being tampered.
In a second aspect, a method for upgrading an application is provided, and the method includes: the method comprises the steps of obtaining an application identifier of application software with security risk, setting the use authority of the application software, and generating an application software overhead cancellation list according to the application identifier and the use authority of the application software.
And when the application software has safety risk, generating an application software overhead list indicating the use authority of the application software in time. When the application is upgraded, whether the application is upgraded or not is decided according to the use permission of the application software. When the use permission indication allows use, the application software is represented as a safe software version, and the application software is used for upgrading the application, so that the safety risk of the computer after upgrading the application is avoided, and the application software is ensured to be successfully upgraded. When the use permission indicates that the use is not allowed, the application software is represented to be an unsafe software version, and the application is prevented from being upgraded by the computer according to the application software, so that the safety of application upgrading is effectively improved.
In a third aspect, an application upgrading apparatus is provided, which includes functions of respective modules for performing the method in the first aspect or any one of the possible implementations of the first aspect.
In a fourth aspect, an application upgrade management apparatus is provided, which includes functions of respective modules for executing the method in the second aspect or any one of the possible implementations of the second aspect.
In a fifth aspect, there is provided a computer device comprising an out-of-band controller, a communication interface, and a memory for storing a set of computer instructions and usage rights for application software, the memory comprising a FLASH memory and an OTP register; the communication interface is used for receiving an application software upgrading instruction; the out-of-band controller is used for responding to the application upgrading instruction; acquiring the use permission of application software according to an application identifier of the application, wherein the application identifier is used for indicating the application software to be used for upgrading the application; when the use permission indicates that the use is allowed, upgrading the application according to the application software indicated by the application identifier; when the use permission indicates that the use is not allowed, the application software indicated by the application identification is revoked; the functions of the various modules of the method of the first aspect or any one of the possible implementations of the first aspect are performed when the set of computer instructions is executed by the out-of-band controller.
In a sixth aspect, a computer device is provided, the computer device comprising a memory for storing a set of computer instructions and a processor; the processor, when executing the set of computer instructions, performs the functions of the respective modules of the method of the second aspect or any of its possible implementations.
In a seventh aspect, a computer-readable storage medium is provided, comprising computer software instructions; the computer software instructions, when executed in a computer, cause the computer to perform the method of the first aspect or any one of its possible implementations.
In an eighth aspect, a computer-readable storage medium is provided that includes computer software instructions; the computer software instructions, when executed in a computer, cause the computer to perform the method according to the second aspect or any one of its possible implementations.
In a ninth aspect, there is provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the first aspect or any implementation of the first aspect.
A tenth aspect provides a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of any of the implementations of the second aspect or the second aspect described above.
The present application can further combine to provide more implementations on the basis of the implementations provided by the above aspects.
Drawings
Fig. 1 is a schematic structural diagram of an application upgrade system provided in the present application;
fig. 2 is a schematic flow chart of an application upgrade issuing method provided in the present application;
fig. 3 is a schematic flowchart of an application upgrade method provided in the present application;
fig. 4 is a schematic flowchart of another application upgrading method provided in the present application;
fig. 5 is a schematic structural diagram of an application upgrading apparatus provided in the present application;
fig. 6 is a schematic structural diagram of an application upgrade management apparatus provided in the present application;
fig. 7 is a schematic structural diagram of a computer device provided in the present application.
Detailed Description
To facilitate understanding of the aspects of the embodiments of the present application, a brief introduction of related concepts is first given as follows:
the application software comprises the following steps: the application is a collection of various programming languages that can be used by the computer and application programs compiled by the various programming languages, that is, versions of applications issued by the cloud server. An application may have multiple versions, i.e. multiple application software.
And (3) hoisting the application software: indicating that upgrading the application using the application software is not allowed.
The application upgrading method includes that a computer responds to an upgrading instruction of an application and decides whether to upgrade the application or not according to the use permission of application software. When the use permission indication allows use, the application software is a safe software version, and the application software is used for upgrading the application, so that the safety risk of the computer after upgrading the application is avoided, and the application software is ensured to be successfully upgraded. When the use permission indicates that the use is not allowed, the application software is represented to be an unsafe software version, and the application is prevented from being upgraded by the computer according to the application software, so that the safety of application upgrading is effectively improved.
Embodiments of the present application will be described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic structural diagram of an application upgrade system according to an embodiment of the present application. The application upgrade system 100 includes a cloud server 110 and a computer 120. Cloud server 110 and computer 120 communicate over network 130.
Cloud server 110 may be a file server, a database server, an application server, and the like. It should be noted that, in the embodiment of the present application, a specific form of the cloud server is not limited, and the foregoing is only an exemplary description. In the following embodiments, only the cloud server is taken as an application server for example.
The cloud server 110 includes: an out-of-band controller 111 and a memory 112. The out-of-band controller 111 includes an out-of-band management module. The out-of-band management module may be a management unit of the non-business module. For example, the out-of-band management module may be completely independent from the operating system of the computer device, and may communicate with a basic input output system (bios) and an OS (or OS management unit) through an out-of-band management interface of the computer device.
Illustratively, the out-of-band management module may include a monitoring management unit external to the computer device, a management system in a management chip outside the processor, a Board Management Controller (BMC) of the computer device, a System Management Module (SMM), and the like. It should be noted that, the specific form of the out-of-band management module in the embodiments of the present application is not limited, and the above is only an exemplary description. In the following embodiments, only the out-of-band management module is taken as the BMC for example.
It should be noted that the cloud server has a different name for BMC, for example, some companies are called BMC, some companies are called iLO, and another company is called icdac. Whether called BMC, iLO or isdac, may be understood as BMC in embodiments of the present invention.
The out-of-band management module is used for managing and maintaining the application software. For example, the application software for the application, the application software revocation list, and the corresponding digital signature are published and sent to the computer 120.
The computer 120 is configured to obtain the application software and the application software revocation list of the application from the cloud server, and determine the usage right of the application software according to the application software revocation list, so as to determine whether to allow the application to use the application software for upgrading. The computer 120 may be a mobile phone, a tablet, a desktop computer, a notebook, etc., and it should be noted that the embodiment of the present application is not limited to a specific form of the computer, and the above is only an exemplary description. In the following embodiments, a computer is described as an example of a desktop computer.
Next, the application upgrade method will be described in detail with reference to the drawings. Fig. 2 is a schematic flowchart of an application upgrade issuing method according to an embodiment of the present application. The cloud server 110 and the computer 120 shown in fig. 1 are used as examples for explanation.
Step 210, the cloud server issues an application software revocation list.
When the cloud server finds that the issued application software has a security risk, the cloud server can indicate the application software with the security risk through the application software revoke list.
In some embodiments, the cloud server may publish the application revocation list at the technical support service website for the computer to obtain the application revocation list from the technical support service website. The application software revocation list is used for indicating the use authority of a plurality of application software of the application. The usage right is used to indicate whether the application software to be used is allowed to be used.
When the usage authority of the application software indicates that the application software is allowed to be used, the application software is represented that no safety risk exists, and the application software is not revoked. When the usage authority of the application software indicates that the application software is not allowed to be used, the application software is indicated to have a safety risk and is revoked.
In one example, the usage rights of the application software indicated by the application software revocation list may be represented in a masked form. The application software revoke list expressed in the mask mode can express the use authority of the application software more intuitively, save storage space and facilitate computer analysis. The bits in the mask correspond one-to-one to the application software. For example, one bit corresponds to an application identification of an application software. The application identifier is used to indicate the application software to be used for upgrading the application, i.e., the version number of the application.
The value of the bit of the application software revocation list can be 0 or 1. When the value of the bit is 0, the use permission of the application software is indicated as permission. When the value of the bit is 1, the use permission of the application software is not allowed. The initial value of the mask in the application software revoke list may be 0x00000000 …, which indicates that all the usage rights of the application software in the initial state are allowed to be used. As shown in table 1, when the cloud server finds that the application software with version numbers 1 and 3 has a security risk, the first bit and the third bit of the application software revoke list are set to 1, and the mask in the application software revoke list is 0x10100000 ….
Table 1 application software revocation list 1
Application identification Bit position
1 1
2 0
3 1
4 0
In other embodiments, the application software revocation list may also indicate usage rights for a plurality of application software for a plurality of applications. As shown in table 2. The computer may upgrade the plurality of applications according to the application software revocation list.
Table 2 application revocation list 2
Applications of Mask code
1 0x10100000
2 0x10011000
3 0x10100100
4 0x10001100
The cloud server indicates the application software with the security risk and can actively send an application software revoke list to the computer. The cloud server can also send the application software revocation list to the computer according to the request of the computer.
Step 220, the computer obtains an application software revocation list.
The computer can receive the application software revoke list actively sent to the computer by the cloud server through the network. Or the computer sends an acquisition request to the cloud server and receives an application software overhead list sent by the cloud server.
For example, the computer may periodically and automatically obtain the latest version of the application software revocation list from the cloud server.
In example two, the computer may obtain the application revocation list from the cloud server according to the user instruction. The application software revocation list acquired by the computer according to the user instruction can be the latest version or the old version.
Optionally, since the obtained application software revocation list may be an old version, before the application software revocation list is stored in the computer, it is determined whether the version of the application software revocation list is the latest version, if so, the application software revocation list of the latest version is stored in the computer to replace the application software revocation list of the old version, otherwise, the application software revocation list is discarded.
In some embodiments, the computer may obtain a digital signature of the application revocation list from the cloud server through the network, and verify the application revocation list through the digital signature to determine whether the application revocation list is safe and usable.
The digital signature acquired by the computer from the cloud server comprises: the encrypted application revokes the list digest and the public key. The cloud server processes the application software revocation list through a one-way hash function to obtain a first application software revocation list abstract, and encrypts the first application software revocation list abstract through a private key to obtain an encrypted application software revocation list abstract.
When the computer verifies the application software revoke list through the digital signature, the computer processes the application software revoke list obtained from the cloud server through a one-way hash function to obtain a second application software revoke list abstract, decrypts the encrypted application software revoke list abstract through a public key in the digital signature, compares the application software revoke list abstract obtained through decryption with the second application software revoke list abstract, if the application software revoke list is consistent with the second application software revoke list abstract, the application software revoke list is successfully verified through the computer, and otherwise, the application software revoke list is discarded. The application software revocation list is verified through the digital signature, so that the safety of the application software revocation list can be improved, and the tampered application software revocation list is prevented from being used.
The computer is configured with different memories, and therefore the application software revocation list is stored in the corresponding memory.
In One embodiment, the computer does not have a One Time Programmable (OTP) register, and thus stores the application revocation list to FLASH (FLASH) memory, which is a type of non-volatile memory. And when the application software revoke list in the server is updated, storing the updated application software revoke list into the FLASH memory, and deleting the old version of application software revoke list in the FLASH memory.
In another embodiment, the computer has a Single-Chip Microcomputer (Single-Chip Microcomputer), which is an integrated circuit Chip and is a Microcomputer system formed by integrating functions of a central processing unit with data processing capability, a Random Access Memory (RAM), a Read Only Memory (ROM), an OTP register, various input/output ports, an interrupt system, a timer/counter and the like on a silicon Chip by adopting a very large scale integrated circuit technology. And writing the application software revoke list into an OTP register in the singlechip. The bits of the OTP register correspond to the application identifications of the application software one by one, and the bits of the OTP register are used for indicating the use permission of one application software. Of course, the OTP register may also be a register of the BMC. For example, the initial value of the OTP register is 0x00000000 …, the application revocation list obtained by the computer from the cloud server is 0x10010000 …, and it can be known from the application revocation list that the usage authority of the application identified as 1 and 4 is not allowed to be used, so the first bit and the fourth bit of the OTP register are set to 1, that is, 0x10010000 ….
Due to the one-time programming characteristic of the OTP register, when the application software overhead list is updated, only the updated information is written into the corresponding bit in the OTP register. For example, the currently stored application software overhead list of the computer is 0x10010000 …, the updated application software overhead list indicates that the application software with application identifiers 1, 4 and 5 has security risk, the fifth bit of the OTP register is set to 1, and the OTP register is updated to 0x10011000 ….
Since the OTP register is a one-time programmable memory type, after the program is burned, the information written in the OTP register cannot be changed or cleared again, so that the bit in the OTP register in this embodiment cannot be changed to 0 after the bit is set to 1, in other words, after the unsecured version of the application software is revoked, the usage right of the version of the application software cannot be recovered, and therefore, the information in the revocation list of the application software can be prevented from being tampered without being protected and verified by a digital signature.
Optionally, the FLASH memory has a programmable feature, and the revocation list of the application software stored in the FLASH memory may be tampered, so that the usage right of the unsafe version of the application software indicates that the application is allowed to be used, and the application fails. The application revocation list stored in FLASH memory is thus verified by digital signature.
Specifically, the digital signature and the application software revoke list are obtained from the FLASH memory, and the security of the application software revoke list is verified through the digital signature, so that the application software revoke list stored in the FLASH memory is prevented from being tampered. The digital signature verification method is the same as the above verification method, and is not described in detail herein. Fig. 3 is a schematic flowchart of an application upgrade method according to an embodiment of the present application. The cloud server 110 and the computer 120 shown in fig. 1 are used as examples for explanation.
And step 310, the computer responds to the application software upgrading instruction and acquires the use permission of the application software according to the application identification of the application.
After responding to an application software upgrading instruction triggered by a user, the computer searches a bit corresponding to an application identifier in an application software revoke list according to the application identifier of the application software, and obtains the use permission of the application software according to the indication of the bit.
In one embodiment, the application revocation list indicates usage rights for a plurality of applications of an application. And the computer inquires an application software overhead list according to the application identifier of the application software to be used, and the use authority of the application software can be known through the bit corresponding to the application identifier in the application software overhead list.
For example, the revocation list of the application software acquired by the computer from the cloud server is 0x10100000 …, the computer uses the application software with the version number of 3 according to the instruction of the user to upgrade the application, that is, the application identifier of the application is 3, and the computer queries the bit corresponding to the application identifier of 3 in the revocation list of the application software to acquire the use permission of the application software with the version number of 3.
In another embodiment, the application software revocation list indicates usage rights for a plurality of application software of the plurality of applications. The computer firstly inquires the mask corresponding to the application, inquires the mask according to the application identifier of the application software to be used, and the use permission of the application software can be known through the bit corresponding to the application identifier in the mask.
In step 320, the computer determines whether the usage rights of the application software indicate that the application software is allowed to be used.
And the computer judges the use authority of the application software according to the stored application software overhead list so as to determine whether the application is upgraded. When the usage rights indicate that usage is allowed, step 330 is performed, i.e., the computer upgrades the application according to the application software indicated by the application identifier.
When the use permission indicates that the use is not allowed, the application software indicated by the application identification has a safety risk, the application software is cancelled, and the computer is not allowed to upgrade the application according to the application software. According to the above example, the bit corresponding to the application identifier 3 is 1, the usage right of the application software is not allowed, and the application upgrade fails. When the application fails to be upgraded, the computer sends out warning information of the failed upgrade to prompt the user.
In this embodiment, when the bit corresponding to the application identifier in the application revocation list is 1, the usage right of the application indicated by the application identifier is permitted to be used, and when the bit corresponding to the application identifier in the application revocation list is 0, the usage right of the application is not permitted to be used.
And step 330, the computer upgrades the application according to the application software indicated by the application identifier.
And when the use permission of the application software indicated by the application identification indicates that the use is allowed, the computer upgrades the application according to the application software. At the moment, the application software for upgrading is safely available, so that the condition that the computer is upgraded by using the application software with safety risk is avoided.
Fig. 4 is a schematic flowchart of an application upgrade method according to an embodiment of the present application. The difference from the method shown in fig. 3 is that before the computer obtains the usage right of the application software according to the application identifier of the application, the computer also needs to perform integrity verification on the application software corresponding to the application identifier.
And step 410, the computer performs integrity verification on the application software corresponding to the application identifier.
Since the application software acquired by the computer from the cloud server may be tampered, before the computer acquires the usage right of the application software according to the application identifier of the application, that is, before step 310 is executed, integrity verification needs to be performed on the application software to determine that the application software acquired by the computer is consistent with the application software issued by the cloud server.
Specifically, the computer verifies the application software according to the digital signature of the application software acquired from the cloud server. The computer decrypts the encrypted application software abstract through the public key, compares whether the decrypted application software abstract is consistent with the application software abstract acquired from the cloud server, if so, the application software is safe and complete, the computer can acquire the use permission of the application software according to the application identifier of the application to perform application upgrading, otherwise, the application is not allowed to use the application software to perform upgrading.
The integrity verification of the application software can prevent the application software acquired by the computer from being tampered, and when the application software is found to be tampered, whether the application software has the use authority or not does not need to be judged, and the application software can be directly not allowed to be upgraded by using the application software.
It is understood that, in order to implement the functions of the foregoing embodiments, the computer and the cloud server include hardware structures and/or software modules for performing the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and method steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is performed as hardware or computer software driven hardware depends on the particular application scenario and design constraints imposed on the solution.
Fig. 5 is a schematic structural diagram of an application upgrading apparatus according to an embodiment of the present application. The application upgrading devices can be used for realizing the functions of the computer in the method embodiment, so that the beneficial effects of the method embodiment can be realized. In an embodiment of the present application, the application upgrading apparatus may be a computer 120 as shown in fig. 3 or fig. 4.
As shown in fig. 5, the application upgrading apparatus 500 includes an obtaining module 501 and an upgrading module 502. The application upgrade apparatus 500 is used to implement the functions of the computer 120 in the method embodiments shown in fig. 3 or fig. 4.
When the application upgrade apparatus 500 is used to implement the functions of the computer 120 in the method embodiment shown in fig. 3 or fig. 4: the obtaining module 501 is configured to obtain the usage right of the application software according to an application identifier of the application, where the application identifier is used to indicate that the application software to be used is to be upgraded. For example, the obtaining module 501 performs step 310.
The upgrade module 502 is configured to respond to the application upgrade instruction, and upgrade the application according to the application software indicated by the application identifier when the usage permission indicates permission to use. For example, upgrade module 502 is used to perform steps 320 and 330.
When the use authority indicates that the use is not allowed, the application software indicated by the application identification is revoked.
The obtaining module 501 is specifically configured to: acquiring an application software revoke list, wherein the application software revoke list is used for indicating the use permission of a plurality of application software of the application; and determining the use authority of the application software indicated by the application identification in the application software revoke list.
The obtaining module 501 is specifically configured to: acquiring an application software revocation list and a digital signature; the application revocation list is verified based on the digital signature.
The obtaining module 501 is further configured to: and updating the acquisition request according to the application software revoke list to acquire the application software revoke list.
The application upgrade apparatus 500 further includes a storage module 503. The storage module 503 is used to store the application software revocation list.
The more detailed description about the obtaining module 501, the upgrading module 502, and the storing module 503 can be directly obtained by referring to the related description in the embodiment of the method shown in fig. 3 or fig. 4, and details are not repeated here.
Fig. 6 is a schematic structural diagram of an application upgrade management apparatus according to an embodiment of the present application. The application upgrade management devices can be used for realizing the functions of the cloud server in the method embodiment, so that the beneficial effects of the method embodiment can be realized. In an embodiment of the present application, the application upgrade management apparatus may be the cloud server 110 shown in fig. 2.
As shown in fig. 6, the application upgrade management apparatus 600 includes an acquisition module 601, a distribution module 602, and a storage module 603. The application upgrade management device 600 is configured to implement the functions of the cloud server 110 in the method embodiment shown in fig. 2.
When the application upgrade management apparatus 600 is used to implement the functions of the cloud server 110 in the method embodiment shown in fig. 2: the obtaining module 601 is configured to obtain an application identifier of application software with a security risk, set a usage right of the application software, and generate an application software revocation list according to the application identifier and the usage right of the application software.
The publishing module 602 is configured to publish the application revocation list. For example, the publish module 602 is used to perform step 210.
The storage module 603 is used for storing the application software revocation list.
More detailed descriptions about the obtaining module 601 and the publishing module 602 can be directly obtained by referring to the related descriptions in the embodiment of the method shown in fig. 2, which are not repeated herein.
Fig. 7 provides a computer device. The computer device 700 shown in fig. 7 may be specifically used to implement the functions of the application upgrade apparatus 500 or the application upgrade management apparatus 600 in the embodiments shown in fig. 5 or fig. 6.
The computer device 700 includes a bus 701, a processor 702, an out-of-band controller 703, a communication interface 704, and a memory 705. The processor 702, the out-of-band controller 703, the memory 705, and the communication interface 704 communicate with each other via a bus 701. The bus 701 may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in FIG. 7, but that does not indicate only one bus or one type of bus. Communication interface 704 is used to communicate with the outside, such as receiving application software revocation lists, and the like.
The processor 702 may be a Central Processing Unit (CPU). The out-of-band controller 703 is used for responding to an application upgrade instruction; acquiring the use permission of application software according to an application identifier of the application, wherein the application identifier is used for indicating the application software to be used for upgrading the application; when the use permission indicates that the use is allowed, upgrading the application according to the application software indicated by the application identifier; when the use authority indicates that the use is not allowed, the application software indicated by the application identification is revoked. The out-of-band controller 703 may include a monitoring management unit outside the computer device, a management system in a management chip outside the processor, a computer device substrate management unit (BMC), and a System Management Module (SMM). The memory 705 may include a volatile memory (volatile memory), such as a Random Access Memory (RAM). The memory 705 may also include a non-volatile memory (non-volatile memory), such as a read-only memory (ROM), a flash memory, an HDD, or an SSD.
The memory 705 has stored therein executable code that the processor 702 executes to perform the aforementioned method of application upgrade.
Specifically, in the case of implementing the embodiment shown in fig. 5 and the modules described in the embodiment of fig. 5 are implemented by software, the memory 705 stores software or program codes required for executing the functions of the upgrade module 502 in fig. 5, the communication interface 704 implements the functions of the acquisition module 501, and the out-of-band controller 703 is configured to execute the instructions in the memory 705 and execute the method of application upgrade applied to the application upgrade apparatus 500.
Specifically, in the case of implementing the embodiment shown in fig. 6 and the modules described in the embodiment of fig. 6 are implemented by software, the memory 705 stores software or program codes required for executing the functions of the publishing module 602 in fig. 6, the communication interface 704 implements the functions of the obtaining module 601, and the out-of-band controller is used for executing the instructions in the memory 705 and executing the method of application upgrade applied to the application upgrade management apparatus 600.
The present application also provides a computer-readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the above-described method of application upgrade applied to the application upgrade apparatus 500.
The present application also provides a computer-readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the above-described method of application upgrade applied to the application upgrade management apparatus 600.
The present application also provides a computer program product which, when executed by a computer, performs any of the methods described above. The computer program product may be a software installation package, which may be downloaded and executed on a computer in case it is desired to use any of the methods described above.
It should be noted that the above-described embodiments of the apparatus are merely schematic, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. In addition, in the drawings of the embodiments of the apparatus provided in the present application, the connection relationship between the modules indicates that there is a communication connection therebetween, and may be implemented as one or more communication buses or signal lines.
Through the above description of the embodiments, those skilled in the art will clearly understand that the present application can be implemented by software plus necessary general-purpose hardware, and certainly can also be implemented by special-purpose hardware including special-purpose integrated circuits, special-purpose CPUs, special-purpose memories, special-purpose components and the like. Generally, functions performed by computer programs can be easily implemented by corresponding hardware, and specific hardware structures for implementing the same functions may be various, such as analog circuits, digital circuits, or dedicated circuits. However, for the present application, the implementation of a software program is more preferable. Based on such understanding, the technical solutions of the present application may be substantially embodied in the form of a software product, which is stored in a readable storage medium, such as a floppy disk, a usb disk, a removable hard disk, a ROM, a RAM, a magnetic disk, or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, an exercise device, or a network device) to execute the method according to the embodiments of the present application.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, it may be implemented in whole or in part in the form of a computer program product.
The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, training device, or data center to another website site, computer, training device, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that a computer can store or a data storage device, such as a training device, a data center, etc., that incorporates one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.

Claims (10)

1. An application upgrade method, comprising:
responding to an application upgrading instruction;
acquiring the use permission of application software according to the application identifier of the application, wherein the application identifier is used for indicating the application software to be used for upgrading the application;
and when the use permission indicates that the use is allowed, upgrading the application according to the application software indicated by the application identification.
2. The method of claim 1, further comprising:
and when the use authority indicates that the use is not allowed, the application software indicated by the application identification is revoked.
3. The method of claim 2, wherein obtaining the usage right of the application software according to the application identifier of the application comprises:
acquiring an application software revoke list, wherein the application software revoke list is used for indicating the use permission of a plurality of application software of the application;
and determining the use authority of the application software indicated by the application identification in the application software revocation list.
4. The method of claim 3, wherein the usage rights of the plurality of application software of the application indicated by the application revocation list are represented in a masked form.
5. The method of claim 3 or 4, wherein obtaining the list of application software revocations comprises:
acquiring the application software revocation list and a digital signature;
verifying the application software revocation list according to the digital signature;
determining the usage right of the application software indicated by the application identifier in the application software revoke list, including:
and when the application software revoke list is verified to be legal, determining the use authority of the application software indicated by the application identification in the application software revoke list.
6. The method according to any one of claims 1-5, wherein before obtaining the usage right of the application software according to the application identification of the application, the method further comprises:
receiving the application software revocation list;
storing the application software revocation list to a FLASH (FLASH) memory; or the like, or, alternatively,
writing the application software revocation list to a one-time programming (OTP) register.
7. A computer device, comprising an out-of-band controller to:
responding to an application upgrading instruction;
acquiring the use permission of application software according to an application identifier of the application, wherein the application identifier is used for indicating the application software to be used for upgrading the application;
and when the use permission indicates that the use is allowed, upgrading the application according to the application software indicated by the application identification.
8. The computer device of claim 7, further comprising a communication interface coupled to an out-of-band controller, the communication interface configured to receive the application software upgrade instructions.
9. The computer device of claim 7, further comprising a memory for storing usage rights for application software, the memory including a FLASH memory and an OTP register.
10. The computer device of claim 7, wherein the out-of-band controller is further configured to, when the usage right indicates that usage is not allowed, revoke the application software indicated by the application identifier.
CN202211110619.9A 2022-09-13 2022-09-13 Application upgrading method and computer equipment Pending CN115586910A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211110619.9A CN115586910A (en) 2022-09-13 2022-09-13 Application upgrading method and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211110619.9A CN115586910A (en) 2022-09-13 2022-09-13 Application upgrading method and computer equipment

Publications (1)

Publication Number Publication Date
CN115586910A true CN115586910A (en) 2023-01-10

Family

ID=84778597

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211110619.9A Pending CN115586910A (en) 2022-09-13 2022-09-13 Application upgrading method and computer equipment

Country Status (1)

Country Link
CN (1) CN115586910A (en)

Similar Documents

Publication Publication Date Title
US11093258B2 (en) Method for trusted booting of PLC based on measurement mechanism
EP3805968B1 (en) Technologies for secure hardware and software attestation for trusted i/o
US10318736B2 (en) Validating operating firmware of a periperhal device
US11487852B2 (en) Blockchain-based license management
US8869264B2 (en) Attesting a component of a system during a boot process
EP2876568B1 (en) Permission management method and apparatus, and terminal
US20140250290A1 (en) Method for Software Anti-Rollback Recovery
CN101308538B (en) Method and apparatus for checking integrity of firmware
CN102063591B (en) Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform
US11106798B2 (en) Automatically replacing versions of a key database for secure boots
JP2011210129A (en) Storage device, data processing device, registration method, and computer program
US9768952B1 (en) Removable circuit for unlocking self-encrypting data storage devices
US11436324B2 (en) Monitoring parameters of controllers for unauthorized modification
CN110096886A (en) Compared based on inventory and executes safe action
JP6385842B2 (en) Information processing terminal, information processing method, and information processing system
TW202044022A (en) Update signals
US10855451B1 (en) Removable circuit for unlocking self-encrypting data storage devices
US20170154184A1 (en) Operating system agnostic validation of firmware images
US11190519B2 (en) Dock administration using a token
CN105518686A (en) Software revocation infrastructure
CN109032636A (en) A method of UEFI firmware is updated based on encryption certification BMC
WO2023179745A1 (en) Trusted verification method and apparatus
CN115981687A (en) Firmware upgrading method, device, equipment and storage medium
WO2017220014A1 (en) System permission management method and apparatus, and intelligent terminal
CN111224826A (en) Configuration updating method, device, system and medium based on distributed system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20231122

Address after: 450046, 10th Floor, North Chuangzhi Tiandi Building, Shigeng Street, Longzihu Wisdom Island Middle Road East, Zhengdong New District, Zhengzhou City, Henan Province

Applicant after: Henan Kunlun Technology Co.,Ltd.

Address before: 450046 Floor 9, building 1, Zhengshang Boya Plaza, Longzihu wisdom Island, Zhengdong New Area, Zhengzhou City, Henan Province

Applicant before: xFusion Digital Technologies Co., Ltd.