CN116382740A - Automatic upgrade release system and method for application software - Google Patents
Automatic upgrade release system and method for application software Download PDFInfo
- Publication number
- CN116382740A CN116382740A CN202310375045.6A CN202310375045A CN116382740A CN 116382740 A CN116382740 A CN 116382740A CN 202310375045 A CN202310375045 A CN 202310375045A CN 116382740 A CN116382740 A CN 116382740A
- Authority
- CN
- China
- Prior art keywords
- software
- security
- package
- control system
- application server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000005538 encapsulation Methods 0.000 claims abstract description 58
- 238000011144 upstream manufacturing Methods 0.000 claims abstract description 33
- 238000012423 maintenance Methods 0.000 claims abstract description 9
- 238000012795 verification Methods 0.000 claims description 28
- 238000013522 software testing Methods 0.000 claims description 14
- 238000004806 packaging method and process Methods 0.000 claims description 13
- 230000003993 interaction Effects 0.000 claims description 12
- 238000001514 detection method Methods 0.000 claims description 9
- 230000002452 interceptive effect Effects 0.000 claims description 9
- 238000012790 confirmation Methods 0.000 claims description 8
- 238000012360 testing method Methods 0.000 claims description 6
- 238000012858 packaging process Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 description 8
- 230000005540 biological transmission Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/71—Version control; Configuration management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Technology Law (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Health & Medical Sciences (AREA)
- Multimedia (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Stored Programmes (AREA)
Abstract
The invention specifically discloses an automatic upgrade and release system and method of application software, wherein the system comprises a total control system, an upstream secure tunnel, a node control system, a downstream secure tunnel and an application server, wherein the total control system is used for supporting software development maintenance personnel to edit and release an initial software upgrade package; the upstream secure tunnel is used for detecting whether an upgradeable software upgrade package exists or not; the node control system is used for receiving the encapsulation security packet from the upstream security tunnel and then finishing protocol authentication to resend the encapsulation security packet to the downstream security tunnel; the downstream secure tunnel is used for receiving the encapsulated secure packet from the node control system and then interacting with an application server side to determine whether the encapsulated secure packet is needed, and the application server side is used for interacting with the client side and completing automatic upgrading of software at the client side.
Description
Technical Field
The invention relates to the technical field of software development and maintenance, in particular to an automatic upgrade and release system and method for application software.
Background
Application software in the distributed service system is required to be deployed in different network environments, manual maintenance and release upgrading management are complex, and in the related prior art, obvious secondary or tertiary architecture is generally adopted to carry out multi-level maintenance management, for example, a special document CN1758607A in the related prior art discloses a software version upgrading technology in the distributed service system, the main secondary architecture of the technology is a centralized management server and an application server, wherein the centralized management server connects a plurality of application servers together through a network and is used for issuing new version application software file packages to the application servers or providing downloading service of the new version application software file packages according to version downloading requests initiated by the application servers; wherein the plurality of application servers are used to provide software version upgrades and management of the distributed business system to end users.
For example, patent document CN105740019a in the related prior art discloses an automatic upgrade and release technology of application software in a distributed network environment, and the main three-level architecture of the technology comprises a central control platform (1) and a plurality of node support platforms (2) in the distributed network, and further comprises an application server (3), wherein the node support platforms (2) are deployed on corresponding nodes of the distributed network, the node support platforms (2) can perform required information interaction with the central control platform (1), and the node support platforms (2) are connected with the plurality of application servers (3); the central control platform (1) builds and distributes an upgrade package of application software, the node support platform (2) can check and download the upgrade package of the application software distributed by the central control platform (1), the node support platform (2) pushes a software upgrade instruction to the application server (3) after downloading the upgrade package of the application software from the central control platform (1), so that the application server (3) actively grabs the upgrade package of the application software distributed by the node support platform (2) according to the software upgrade instruction, however, because different network environment requirements are met, the software version upgrade technology in the distributed service system needs to pay attention to the security problem, so that some solution of the prior art is focused, for example, the automatic upgrade distribution technology of the application software disclosed by the patent document CN105740019A adopts a certificate encryption method to carry out bidirectional encryption verification on interactive information, the certificate can ensure that data is not monitored, stolen or tampered in the transmission process, but is not absolutely safe, the application is widely supported to be forced to be applied to a special security scheme of a client, and the security coefficient of the whole security system is not attacked by the security system, and the security coefficient is not very low, and the security coefficient of the security system is not found on the side of the client.
Disclosure of Invention
The invention aims to provide an automatic upgrade release system and method for application software, so as to solve the problems in the background technology.
In order to solve the technical problems, the invention provides the following technical scheme:
the automatic upgrade and release system of the application software comprises a total control system, an upstream secure tunnel, a node control system, a downstream secure tunnel and an application server, wherein the total control system is used for supporting a software development maintainer to edit and release an initial software upgrade package; the upstream security tunnel is used for detecting whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, downloading the corresponding upgradeable software upgrade package from the total control system, adding a check code to the upgradeable software upgrade package, packaging to form a packaged security package, and sending the packaged security package to the node control system;
the node control system is used for receiving the encapsulation security packet from the upstream security tunnel and then finishing protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
the downstream security tunnel is used for receiving the encapsulation security packet from the node control system, then interactively determining whether the encapsulation security packet is needed or not with the application server, and when the encapsulation security packet is needed by the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and deliver the initial software upgrading packet to the application server;
the application server side is used for interacting with the client side and completing automatic upgrading of software at the client side.
Further, the upstream secure tunnel is arranged at one side of the total control system and is the same as the network environment of the total control system, and the downstream secure tunnel is arranged at one side of the application server and is the same as the network environment of the application server.
Further, the general control system is provided with a software compiling interface end, a software debugging interface end and a software testing interface end, the software compiling interface end supports a programmer to compile programs and files of software upgrading, the software debugging interface end supports the programmer to carry out joint debugging on software, and the software testing interface end supports a software project responsible person or a software testing engineer to test the software joint.
Further, the upstream secure tunnel is provided with a detection unit, a downloading unit, an unpacking and coding unit and a packaging unit, wherein the detection unit is used for detecting whether an upgradeable software upgrade package exists in the total control system; the downloading unit is used for downloading an upgradeable software upgrade package of the total control system; the unpacking and code adding unit is used for unpacking the software upgrading package and adding check codes to at least one executable file selected from the unpacked software upgrading package, and program call or function call relation of any executable file in the software upgrading package is not changed in the process of adding the check codes; the encapsulation unit is used for encapsulating the split software upgrading package again and sending the software upgrading package to the node control system, and program call or function call relation of any executable file in the software upgrading package is not changed in the encapsulation process.
Further, the node control system comprises a protocol authentication unit and a forwarding packet unit, wherein the protocol authentication unit is used for completing security certificate authentication, and the forwarding packet unit is used for carrying out subcontracting on the packaged security packet.
Furthermore, the downstream secure tunnel is provided with an interaction unit and a verification unpacking unit, the verification unpacking unit is used for finishing verification and unpacking of the packaged secure package and restoring the packaged secure package into an initial software upgrading package, and the interaction unit is used for confirming with an application server end whether the software upgrading package needs to be sent to the application server end or not and supporting that the restored software upgrading package is sent to the application server end.
The application server side further comprises an interactive confirmation unit, wherein the interactive confirmation unit is used for confirming whether the software upgrading package needs to be sent to the application server side with the downstream secure tunnel, and the interactive confirmation unit also supports the software upgrading package to be sent to the client side after the software upgrading package is received.
The automatic upgrade and release method of the application software comprises the steps of,
the general control system supports software development maintenance personnel to edit and release an initial software upgrade package; the upstream security tunnel detects whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, the corresponding upgradeable software upgrade package is downloaded from the overall control system, a check code is added to the upgradeable software upgrade package, and then the package is packaged to form a packaged security package and is sent to the node control system;
the node control system receives the encapsulation security packet from the upstream security tunnel and then completes protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
after receiving the encapsulation security packet from the node control system, the downstream security tunnel interacts with the application server to determine whether the encapsulation security packet is needed, and when the downstream security tunnel determines that the application server needs to encapsulate the security packet with the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and delivers the initial software upgrading packet to the application server;
the application server side interacts with the client side and completes automatic upgrading of the software at the client side.
Further, the upstream security tunnel detects whether an upgradeable software upgrade package exists, after the upgradeable software upgrade package is determined, the corresponding upgradeable software upgrade package is downloaded from the overall control system, check codes are added to the upgradeable software upgrade package and then packaged to form a packaged security package, the package is sent to the node control system, the package removing and adding unit is used for removing the upgradeable software upgrade package of the overall control system, at least one executable file is selected from the removed software upgrade package, the check codes are added, the program call or function call relation of any executable file in the software upgrade package is not changed in the process of adding the check codes, the packaging unit is used for packaging the detached software upgrade package again and sending the packaged software upgrade package to the node control system, and the program call or function call relation of any executable file in the software upgrade package is not changed in the packaging process; the check code is a dynamic check code.
Further, after the downstream security tunnel receives the encapsulated security packet from the node control system, the downstream security tunnel interacts with the application server to determine whether the encapsulated security packet is needed, when the downstream security tunnel determines that the application server needs the encapsulated security packet with the application server, the downstream security tunnel performs verification and unpacking on the encapsulated security packet to restore the encapsulated security packet to an initial software upgrade packet, and delivers the initial software upgrade packet to the application server, specifically includes verification and unpacking Bao Shanyuan on the encapsulated security packet to complete verification and unpacking on the encapsulated security packet, restore the encapsulated security packet to the initial software upgrade packet, and the interaction unit and the application server confirm whether the software upgrade packet needs to be sent to the application server and support the restoration of the software upgrade packet to be sent to the application server.
Compared with the prior art, the invention has the beneficial effects that:
the method and the device increase the secondary security tunnel and realize the security control of the software upgrade package on the basis of adopting the original tertiary architecture. Because the security of the intermediate node in the original three-level architecture is poor; the method weakens functions and operations of the intermediate nodes in the original three-level architecture, reduces the probability that the load of the intermediate nodes naturally reduces risks, and simultaneously increases safety by increasing the two-level safety tunnel, so that the safety of the software upgrading and publishing process is greatly improved.
Drawings
FIG. 1 is a block diagram of an automatic upgrade distribution system for application software of the present application.
Detailed Description
The technical solutions of the embodiments of the present invention will be clearly and completely described below in conjunction with the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Because the node to the application server and to the client side in the existing three-level architecture has no focused security scheme, the security coefficient of the whole application software upgrade package is very low, and therefore, the application adds a two-level security tunnel and realizes the security control of the software upgrade package on the basis of adopting the original three-level architecture. Because the security of the intermediate node in the original three-level architecture is poor; the function and operation of the intermediate node in the original three-level architecture are weakened, the load of the intermediate node is reduced, and the safety is also improved;
in a specific implementation, the application discloses an automatic upgrade and release system of application software, as shown in fig. 1, and the specific technology of the system comprises a total control system, an upstream secure tunnel, a node control system, a downstream secure tunnel and an application server side, wherein the total control system is used for supporting a software development maintainer to edit and release an initial software upgrade package;
the general control system is provided with a software compiling interface end, a software debugging interface end and a software testing interface end, wherein the software compiling interface end supports a programmer to compile programs and files of software upgrading, the software debugging interface end supports the joint debugging of the programmer to the software, and the software testing interface end supports the joint testing of a software project responsible person or a software testing engineer to the software;
the upstream security tunnel is used for detecting whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, downloading the corresponding upgradeable software upgrade package from the total control system, adding a check code to the upgradeable software upgrade package, packaging to form a packaged security package, and sending the packaged security package to the node control system;
the upstream secure tunnel is provided with a detection unit, a downloading unit, an unpacking and encoding unit and a packaging unit, wherein the detection unit is used for detecting whether an upgradeable software upgrade package exists in the total control system; the downloading unit is used for downloading an upgradeable software upgrade package of the total control system; the unpacking and code adding unit is used for unpacking the software upgrading package and adding check codes to at least one executable file selected from the unpacked software upgrading package, and program call or function call relation of any executable file in the software upgrading package is not changed in the process of adding the check codes; the encapsulation unit is used for encapsulating the split software upgrading package again and sending the software upgrading package to the node control system, and program call or function call relation of any executable file in the software upgrading package is not changed in the encapsulation process;
the node control system is used for receiving the encapsulation security packet from the upstream security tunnel and then finishing protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
the node control system comprises a protocol authentication unit and a forwarding packet unit, wherein the protocol authentication unit is used for completing security certificate authentication, and the forwarding packet unit is used for subcontracting an encapsulation security packet;
the downstream security tunnel is used for receiving the encapsulation security packet from the node control system, then interactively determining whether the encapsulation security packet is needed or not with the application server, and when the encapsulation security packet is needed by the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and delivering the initial software upgrading packet to the application server;
the downstream security tunnel is provided with an interaction unit and a verification unpacking unit, wherein the verification unpacking unit is used for finishing verification and unpacking of the packaged security package and restoring the packaged security package into an initial software upgrading package, and the interaction unit is used for confirming with an application server side whether the software upgrading package needs to be sent to the application server side or not and supporting the completion of sending the restored software upgrading package to the application server side;
the application server side is used for interacting with the client side and completing automatic upgrading of software at the client side;
the application server side comprises an interactive confirmation unit which is used for confirming whether the software upgrading packet needs to be sent to the application server side with a downstream secure tunnel or not, and the interactive confirmation unit also supports the software upgrading packet to be sent to the client side after the software upgrading packet is received;
in the implementation process, a general control system supports software development maintenance personnel to edit and release an initial software upgrading package, an upstream security tunnel detects whether an upgradeable software upgrading package exists or not, after the upgradeable software upgrading package is determined, a corresponding upgradeable software upgrading package is downloaded from the general control system, a check code is added to the upgradeable software upgrading package and then packaged to form a packaged security package and sent to a node control system, the node control system receives the packaged security package from the upstream security tunnel and then completes protocol authentication to send the packaged security package to a downstream security tunnel, the downstream security tunnel interacts with an application server to determine whether the packaged security package is needed or not after receiving the packaged security package from the node control system, and when the application server determines that the application server needs the packaged security package, the downstream security tunnel completes checking and unpacking of the packaged security package to restore the packaged security package to the initial software upgrading package to be delivered to the application server, and the application server interacts with a client and completes automatic software upgrading at the client; therefore, the method and the device increase the secondary security tunnel and realize the security control of the software upgrade package on the basis of adopting the original tertiary architecture. Because the security of the intermediate node in the original three-level architecture is poor; the method weakens functions and operations of the intermediate nodes in the original three-level architecture, reduces the probability that the load of the intermediate nodes naturally reduces risks, and simultaneously increases safety by increasing the two-level safety tunnel, so that the safety of the software upgrading and publishing process is greatly improved.
In addition, in order to further weaken the functions and operations of intermediate nodes in the original three-level architecture, the load of the intermediate nodes is reduced, and the risk is naturally reduced.
As an embodiment of the application, the application discloses an automatic upgrade and release system of application software, which comprises a total control system, an upstream security tunnel, a node control system, a downstream security tunnel and an application server, wherein the total control system is used for supporting a software development maintainer to edit and release an initial software upgrade package; the upstream security tunnel is used for detecting whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, downloading the corresponding upgradeable software upgrade package from the total control system, adding a check code to the upgradeable software upgrade package, packaging to form a packaged security package, and sending the packaged security package to the node control system;
the node control system is used for receiving the encapsulation security packet from the upstream security tunnel and then finishing protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
the downstream security tunnel is used for receiving the encapsulation security packet from the node control system, then interactively determining whether the encapsulation security packet is needed or not with the application server, and when the encapsulation security packet is needed by the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and deliver the initial software upgrading packet to the application server;
the application server side is used for interacting with the client side and completing automatic upgrading of software at the client side.
Preferably, the upstream secure tunnel is disposed on the side of the overall control system and is the same as the network environment of the overall control system, and the downstream secure tunnel is disposed on the side of the application server and is the same as the network environment of the application server.
Preferably, the overall control system is provided with a software compiling interface end, a software debugging interface end and a software testing interface end, the software compiling interface end supports a programmer to compile programs and files for upgrading software, the software debugging interface end supports the programmer to carry out joint debugging on the software, and the software testing interface end supports a software project responsible person or a software testing engineer to test the software joint.
Preferably, the upstream secure tunnel is provided with a detection unit, a downloading unit, an unpacking and coding unit and a packaging unit, wherein the detection unit is used for detecting whether an upgradeable software upgrade package exists in the total control system; the downloading unit is used for downloading an upgradeable software upgrade package of the total control system; the unpacking and code adding unit is used for unpacking the software upgrading package and adding check codes to at least one executable file selected from the unpacked software upgrading package, and program call or function call relation of any executable file in the software upgrading package is not changed in the process of adding the check codes; the encapsulation unit is used for encapsulating the split software upgrading package again and sending the software upgrading package to the node control system, and program call or function call relation of any executable file in the software upgrading package is not changed in the encapsulation process.
Preferably, the node control system comprises a protocol authentication unit and a forwarding packet unit, wherein the protocol authentication unit is used for completing security certificate authentication, and the forwarding packet unit is used for carrying out subcontracting on the packaged security packet.
Preferably, the downstream secure tunnel is provided with an interaction unit and a verification unpacking unit, the verification unpacking unit is used for finishing verification and unpacking of the packaged secure package and restoring the packaged secure package into an initial software upgrading package, and the interaction unit is used for confirming with the application server side whether the software upgrading package needs to be sent to the application server side or not and supporting that the restored software upgrading package is sent to the application server side.
Preferably, the application server side includes an interactive confirmation unit, where the interactive confirmation unit is configured to confirm with the downstream secure tunnel whether the software upgrade package needs to be sent to the application server side, and further support to send the software upgrade package to the client side after receiving the software upgrade package is completed.
The application also discloses an automatic upgrade release method of the application software, which comprises the following steps:
the general control system supports software development maintenance personnel to edit and release an initial software upgrade package;
the upstream security tunnel detects whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, the corresponding upgradeable software upgrade package is downloaded from the overall control system, a check code is added to the upgradeable software upgrade package, and then the package is packaged to form a packaged security package and is sent to the node control system;
the node control system receives the encapsulation security packet from the upstream security tunnel and then completes protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
after receiving the encapsulation security packet from the node control system, the downstream security tunnel interacts with the application server to determine whether the encapsulation security packet is needed, and when the downstream security tunnel determines that the application server needs to encapsulate the security packet with the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and delivers the initial software upgrading packet to the application server; the application server side interacts with the client side and completes automatic upgrading of the software at the client side.
Preferably, the main control system supports the software development maintenance personnel to edit and issue an initial software upgrading package, specifically comprises a program and a file for compiling the software upgrading by a programmer through a software compiling interface end, the programmer performs joint debugging on the software through a software debugging interface end, a project responsible person or a software testing engineer performs joint testing on the software at a software testing interface end, and the programmer issues the software upgrading package after determining that the testing is correct.
Preferably, the upstream security tunnel detects whether an upgradeable software upgrade package exists, after the upgradeable software upgrade package is determined, the corresponding upgradeable software upgrade package is downloaded from the overall control system, check codes are added to the upgradeable software upgrade package, the upgradeable software upgrade package is packaged to form a packaged security package and is sent to the node control system, the detection unit detects whether the upgradeable software upgrade package exists in the overall control system, the upgradeable software upgrade package of the overall control system is downloaded by the downloading unit, the unpacking and adding unit splits the software upgrade package, at least one executable file is selected from the split software upgrade package, the check codes are added, the program call or function call relation of any executable file in the software upgrade package is not changed in the process of adding the check codes, the packaging unit packages the software upgrade package after the splitting again and sends the software upgrade package to the node control system, and the program call or function call relation of any executable file in the software upgrade package is not changed in the packaging process.
Preferably, after receiving the encapsulated security packet from the node control system, the downstream security tunnel interacts with the application server to determine whether the encapsulated security packet is needed, and when determining with the application server that the application server needs the encapsulated security packet, the downstream security tunnel performs verification and unpacking on the encapsulated security packet to restore the encapsulated security packet to an initial software upgrade packet and delivers the initial software upgrade packet to the application server, specifically includes verification and unpacking Bao Shanyuan on the encapsulated security packet, restoring the encapsulated security packet to the initial software upgrade packet, and the interaction unit and the application server confirm whether the software upgrade packet needs to be sent to the application server and support the restoration of the software upgrade packet to the application server.
Preferably, the check code is a dynamic check code, the dynamic check code in the application is determined by the preset time, the current return time and the check rule function together, a check rule function and the preset time are determined before the dynamic check code is generated, then the integral quantity of the check rule function from the preset time to the current return time is calculated according to the current time, the numerical value corresponding to the integral quantity is encoded into the dynamic check code, the dynamic check code transmission process is configured to change along with the current return time, the dynamic check code also obtains the current time when checking, then the integral quantity of the check rule function from the preset time to the current return time is calculated according to the current time, and whether the check is passed or not is determined by comparing the numerical value corresponding to the integral quantity with the transmitted dynamic check code.
The integral quantity of the check rule function from the preset time to the current return time is calculated according to the current time, and the numerical code corresponding to the integral quantity is used as the dynamic check code, so that the check code and the corresponding check rule function can be effectively prevented from being attacked and cracked, and the safety can be greatly improved.
In a comprehensive view, the method and the system add a secondary security tunnel and realize security control (such as inspection and encapsulation) of the software upgrade package on the basis of adopting an original three-level architecture (namely a central control platform, nodes and an application server). Because the security of the intermediate node in the original three-level architecture is poor; the method weakens the function and operation of the intermediate node in the original three-level architecture, namely more software maintenance work is handed to the secondary security tunnel, the probability that the load of the secondary security tunnel naturally reduces risks is reduced, meanwhile, the security is also increased by increasing the secondary security tunnel, the security of the software in the upgrading and publishing processes is greatly improved, and in addition, the security is also improved on the dynamic check code detail configuration.
Claims (10)
1. The automatic upgrade and release system of the application software is characterized by comprising a total control system, an upstream secure tunnel, a node control system, a downstream secure tunnel and an application server, wherein the total control system is used for supporting a software development maintainer to edit and release an initial software upgrade package; the upstream security tunnel is used for detecting whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, downloading the corresponding upgradeable software upgrade package from the total control system, adding a check code to the upgradeable software upgrade package, packaging to form a packaged security package, and sending the packaged security package to the node control system;
the node control system is used for receiving the encapsulation security packet from the upstream security tunnel and then finishing protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
the downstream security tunnel is used for receiving the encapsulation security packet from the node control system, then interactively determining whether the encapsulation security packet is needed or not with the application server, and when the encapsulation security packet is needed by the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and deliver the initial software upgrading packet to the application server;
the application server side is used for interacting with the client side and completing automatic upgrading of software at the client side.
2. The automatic upgrade and release system of application software according to claim 1, wherein the upstream secure tunnel is disposed at a side of the overall control system and is identical to a network environment of the overall control system, and the downstream secure tunnel is disposed at a side of the application server and is identical to the network environment of the application server.
3. The automatic upgrade and release system of application software according to claim 1, wherein the overall control system is provided with a software compiling interface end, a software debugging interface end and a software testing interface end, the software compiling interface end supports a programmer to compile programs and files for software upgrade, the software debugging interface end supports the joint debugging of the software by the programmer, and the software testing interface end supports the joint testing of the software by a software project responsible person or a software testing engineer.
4. The automatic upgrade and release system of application software according to claim 1, wherein the upstream secure tunnel is provided with a detection unit, a download unit, an unpacking and coding unit and a packaging unit, and the detection unit is used for detecting whether an upgradeable software upgrade package exists in the overall control system; the downloading unit is used for downloading an upgradeable software upgrade package of the total control system; the unpacking and code adding unit is used for unpacking the software upgrading package and adding check codes to at least one executable file selected from the unpacked software upgrading package, and program call or function call relation of any executable file in the software upgrading package is not changed in the process of adding the check codes; the encapsulation unit is used for encapsulating the split software upgrading package again and sending the software upgrading package to the node control system, and program call or function call relation of any executable file in the software upgrading package is not changed in the encapsulation process.
5. The system according to claim 1, wherein the node control system comprises a protocol authentication unit and a forwarding packet unit, the protocol authentication unit is used for completing security certificate authentication, and the forwarding packet unit is used for performing subcontracting on the encapsulated security packet.
6. The automatic upgrade and release system of application software according to claim 1, wherein the downstream secure tunnel is provided with an interaction unit and a verification unpacking unit, the verification unpacking unit is used for finishing verification and unpacking of the packaged secure package and restoring the packaged secure package into an initial software upgrade package, and the interaction unit is used for confirming with the application server side whether the software upgrade package needs to be sent to the application server side or not and supporting the completion of sending the restored software upgrade package to the application server side.
7. The system according to claim 1, wherein the application server side includes an interactive confirmation unit for confirming with the downstream secure tunnel whether the software upgrade package needs to be sent to the application server side, and further supporting the software upgrade package to be sent to the client side after completion of receiving the software upgrade package.
8. The automatic upgrade and release method of the application software is characterized by comprising the following steps of,
the general control system supports software development maintenance personnel to edit and release an initial software upgrade package; the upstream security tunnel detects whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, the corresponding upgradeable software upgrade package is downloaded from the overall control system, a check code is added to the upgradeable software upgrade package, and then the package is packaged to form a packaged security package and is sent to the node control system;
the node control system receives the encapsulation security packet from the upstream security tunnel and then completes protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
after receiving the encapsulation security packet from the node control system, the downstream security tunnel interacts with the application server to determine whether the encapsulation security packet is needed, and when the downstream security tunnel determines that the application server needs to encapsulate the security packet with the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and delivers the initial software upgrading packet to the application server;
the application server side interacts with the client side and completes automatic upgrading of the software at the client side.
9. The automatic upgrade distribution method of application software according to claim 8, comprising the steps of, detecting whether an upgradeable software upgrade package exists in an upstream security tunnel, and after determining that the upgradeable software upgrade package exists, downloading a corresponding upgradeable software upgrade package from a general control system, adding a check code to the upgradeable software upgrade package, and packaging to form a packaged security package, and sending the packaged security package to a node control system, wherein the detecting unit detects whether the upgradeable software upgrade package exists in the general control system, the downloading unit downloads the upgradeable software upgrade package of the general control system, the unpacking and adding code unit unpacks the software upgrade package, and at least selects one executable file in the unpacked software upgrade package, the program call or function call relation of any executable file in the software upgrade package is not changed in the process of adding the check code, and the packaging unit packages the software upgrade package again after being packaged and sends the software upgrade package to the node control system, and the program call or function call relation of any executable file in the software upgrade package is not changed in the packaging process; the check code is a dynamic check code.
10. The automatic upgrade and release method of application software according to claim 8, wherein the downstream security tunnel receives the encapsulated security package from the node control system and then interacts with the application server to determine whether the encapsulated security package is needed, and when the downstream security tunnel determines that the application server needs to encapsulate the security package with the application server, the downstream security tunnel performs verification and unpacking on the encapsulated security package to restore the encapsulated security package to an initial software upgrade package and delivers the initial software upgrade package to the application server, and the verification unpacking Bao Shanyuan specifically includes performing verification and unpacking on the encapsulated security package to restore the encapsulated security package to the initial software upgrade package, and the interaction unit and the application server confirm whether the software upgrade package needs to be sent to the application server and support the restoration of the software upgrade package to the application server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310375045.6A CN116382740B (en) | 2023-04-10 | 2023-04-10 | Automatic upgrade release system and method for application software |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202310375045.6A CN116382740B (en) | 2023-04-10 | 2023-04-10 | Automatic upgrade release system and method for application software |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116382740A true CN116382740A (en) | 2023-07-04 |
CN116382740B CN116382740B (en) | 2023-11-14 |
Family
ID=86967231
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202310375045.6A Active CN116382740B (en) | 2023-04-10 | 2023-04-10 | Automatic upgrade release system and method for application software |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116382740B (en) |
Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1694555A (en) * | 2005-05-24 | 2005-11-09 | 北京易诚世纪科技有限公司 | Dynamic cipher system and method based on mobile communication terminal |
CN101877723A (en) * | 2010-06-18 | 2010-11-03 | 中兴通讯股份有限公司 | Wireless sensor network node remote update system, method and equipment |
CN102945175A (en) * | 2012-11-09 | 2013-02-27 | 杭州易和网络有限公司 | Terminal software online upgrading system and method based on cloud computing environment |
CN105740019A (en) * | 2016-01-29 | 2016-07-06 | 公安部交通管理科学研究所 | Automatic upgrading and releasing system and method for application software in distributed network environment |
CN107682159A (en) * | 2017-10-12 | 2018-02-09 | 北京握奇智能科技有限公司 | The trusted application management method and trusted application management system of a kind of intelligent terminal |
CN107786501A (en) * | 2016-08-25 | 2018-03-09 | 大连楼兰科技股份有限公司 | The method of car networking dynamic password verification based on SASL |
CN112100582A (en) * | 2020-09-22 | 2020-12-18 | 焦点教育科技有限公司 | Method for protecting software distribution security by applying strong symmetric encryption |
CN113114632A (en) * | 2021-03-22 | 2021-07-13 | 国网河北省电力有限公司 | Can peg graft formula intelligence financial audit platform |
CN113268046A (en) * | 2021-04-12 | 2021-08-17 | 延锋伟世通电子科技(上海)有限公司 | Diagnosis networking safety unlocking implementation system under AUTOSAR framework |
CN113378189A (en) * | 2021-05-31 | 2021-09-10 | 中国电力科学研究院有限公司 | Authentication and verification method and system for load identification module |
CN114357040A (en) * | 2021-11-30 | 2022-04-15 | 河南辉煌科技股份有限公司 | High-availability rail transit security integrated platform based on micro-service architecture |
CN114385169A (en) * | 2022-01-14 | 2022-04-22 | 武汉源启科技股份有限公司 | Application generation method and device |
CN114595433A (en) * | 2020-12-04 | 2022-06-07 | 公安部交通管理科学研究所 | Information system data security reinforcing method |
CN114826595A (en) * | 2022-04-01 | 2022-07-29 | 安徽思帕德信息技术有限公司 | Dynamic password control system and method |
CN115022092A (en) * | 2022-08-05 | 2022-09-06 | 中汽数据(天津)有限公司 | Vehicle software upgrading method, device and storage medium |
CN115242413A (en) * | 2021-04-06 | 2022-10-25 | 中国移动通信有限公司研究院 | Internet of things equipment firmware safety upgrading method and device, electronic equipment and medium |
-
2023
- 2023-04-10 CN CN202310375045.6A patent/CN116382740B/en active Active
Patent Citations (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1694555A (en) * | 2005-05-24 | 2005-11-09 | 北京易诚世纪科技有限公司 | Dynamic cipher system and method based on mobile communication terminal |
CN101877723A (en) * | 2010-06-18 | 2010-11-03 | 中兴通讯股份有限公司 | Wireless sensor network node remote update system, method and equipment |
CN102945175A (en) * | 2012-11-09 | 2013-02-27 | 杭州易和网络有限公司 | Terminal software online upgrading system and method based on cloud computing environment |
CN105740019A (en) * | 2016-01-29 | 2016-07-06 | 公安部交通管理科学研究所 | Automatic upgrading and releasing system and method for application software in distributed network environment |
CN107786501A (en) * | 2016-08-25 | 2018-03-09 | 大连楼兰科技股份有限公司 | The method of car networking dynamic password verification based on SASL |
CN107682159A (en) * | 2017-10-12 | 2018-02-09 | 北京握奇智能科技有限公司 | The trusted application management method and trusted application management system of a kind of intelligent terminal |
CN112100582A (en) * | 2020-09-22 | 2020-12-18 | 焦点教育科技有限公司 | Method for protecting software distribution security by applying strong symmetric encryption |
CN114595433A (en) * | 2020-12-04 | 2022-06-07 | 公安部交通管理科学研究所 | Information system data security reinforcing method |
CN113114632A (en) * | 2021-03-22 | 2021-07-13 | 国网河北省电力有限公司 | Can peg graft formula intelligence financial audit platform |
CN115242413A (en) * | 2021-04-06 | 2022-10-25 | 中国移动通信有限公司研究院 | Internet of things equipment firmware safety upgrading method and device, electronic equipment and medium |
CN113268046A (en) * | 2021-04-12 | 2021-08-17 | 延锋伟世通电子科技(上海)有限公司 | Diagnosis networking safety unlocking implementation system under AUTOSAR framework |
CN113378189A (en) * | 2021-05-31 | 2021-09-10 | 中国电力科学研究院有限公司 | Authentication and verification method and system for load identification module |
CN114357040A (en) * | 2021-11-30 | 2022-04-15 | 河南辉煌科技股份有限公司 | High-availability rail transit security integrated platform based on micro-service architecture |
CN114385169A (en) * | 2022-01-14 | 2022-04-22 | 武汉源启科技股份有限公司 | Application generation method and device |
CN114826595A (en) * | 2022-04-01 | 2022-07-29 | 安徽思帕德信息技术有限公司 | Dynamic password control system and method |
CN115022092A (en) * | 2022-08-05 | 2022-09-06 | 中汽数据(天津)有限公司 | Vehicle software upgrading method, device and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN116382740B (en) | 2023-11-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107743115B (en) | Identity authentication method, device and system for terminal application | |
CN103154956B (en) | For the method and apparatus of downloading digital copyright management module | |
CN103701930A (en) | Mobile application program real-time updating method and system | |
CN111880826A (en) | Cloud service application upgrading method and device, electronic equipment and storage medium | |
US20090037984A1 (en) | Automated password tool and method of use | |
CN112559005A (en) | Internet of things equipment firmware updating method and system based on block chain and distributed storage | |
CN111682976B (en) | Method for ensuring distributed multi-machine communication monitoring | |
CN116382740B (en) | Automatic upgrade release system and method for application software | |
CN109614131A (en) | A kind of broadcasting equipment upgrading control system | |
CN115086287A (en) | Automatic deployment method and system for software products | |
CN111596939B (en) | Electric energy meter upgrading method, device and concentrator | |
CN107133049A (en) | The treating method and apparatus of service based on communication | |
CN113553078A (en) | Trackside equipment system upgrading method and device, electronic equipment and readable storage medium | |
CN111427609A (en) | Automatic application upgrading method based on multi-node server | |
CN114168182A (en) | Method for upgrading Android terminal application | |
CN111045722A (en) | Intelligent contract packaging method, device, system, computer equipment and storage medium | |
CN114362920A (en) | Message authentication method, system and medium based on HMAC control | |
CN103442291A (en) | Set top box upgrading method and device | |
CN116340956B (en) | Trusted protection optimization method and device for electric embedded terminal equipment | |
CN112559980A (en) | Applet operation capable of embedding numerous arbitrary APPs | |
KR101322402B1 (en) | System and Method for Security of Application, Communication Terminal Therefor | |
CN101175315A (en) | Method and system for updating control mobile station | |
CN115208761A (en) | OTA upgrading system | |
CN113805957A (en) | Dynamic loading method and device for edge terminal program | |
CN113326055B (en) | Equipment updating method and related device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |