CN116382740B - Automatic upgrade release system and method for application software - Google Patents

Automatic upgrade release system and method for application software Download PDF

Info

Publication number
CN116382740B
CN116382740B CN202310375045.6A CN202310375045A CN116382740B CN 116382740 B CN116382740 B CN 116382740B CN 202310375045 A CN202310375045 A CN 202310375045A CN 116382740 B CN116382740 B CN 116382740B
Authority
CN
China
Prior art keywords
software
security
package
control system
application server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310375045.6A
Other languages
Chinese (zh)
Other versions
CN116382740A (en
Inventor
唐新春
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Jingao Information Technology Co ltd
Original Assignee
Guangzhou Jingao Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Jingao Information Technology Co ltd filed Critical Guangzhou Jingao Information Technology Co ltd
Priority to CN202310375045.6A priority Critical patent/CN116382740B/en
Publication of CN116382740A publication Critical patent/CN116382740A/en
Application granted granted Critical
Publication of CN116382740B publication Critical patent/CN116382740B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Technology Law (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Stored Programmes (AREA)

Abstract

The application specifically discloses an automatic upgrade and release system and method of application software, wherein the system comprises a total control system, an upstream secure tunnel, a node control system, a downstream secure tunnel and an application server, wherein the total control system is used for supporting software development maintenance personnel to edit and release an initial software upgrade package; the upstream secure tunnel is used for detecting whether an upgradeable software upgrade package exists or not; the node control system is used for receiving the encapsulation security packet from the upstream security tunnel and then finishing protocol authentication to resend the encapsulation security packet to the downstream security tunnel; the downstream secure tunnel is used for receiving the encapsulated secure packet from the node control system and then interacting with an application server side to determine whether the encapsulated secure packet is needed, and the application server side is used for interacting with the client side and completing automatic upgrading of software at the client side.

Description

Automatic upgrade release system and method for application software
Technical Field
The application relates to the technical field of software development and maintenance, in particular to an automatic upgrade and release system and method for application software.
Background
Application software in the distributed service system is required to be deployed in different network environments, manual maintenance and release upgrading management are complex, and in the related prior art, obvious secondary or tertiary architecture is generally adopted to carry out multi-level maintenance management, for example, a special document CN1758607A in the related prior art discloses a software version upgrading technology in the distributed service system, the main secondary architecture of the technology is a centralized management server and an application server, wherein the centralized management server connects a plurality of application servers together through a network and is used for issuing new version application software file packages to the application servers or providing downloading service of the new version application software file packages according to version downloading requests initiated by the application servers; wherein the plurality of application servers are used to provide software version upgrades and management of the distributed business system to end users.
For example, patent document CN105740019a in the related prior art discloses an automatic upgrade and release technology of application software in a distributed network environment, and the main three-level architecture of the technology comprises a central control platform (1) and a plurality of node support platforms (2) in the distributed network, and further comprises an application server (3), wherein the node support platforms (2) are deployed on corresponding nodes of the distributed network, the node support platforms (2) can perform required information interaction with the central control platform (1), and the node support platforms (2) are connected with the plurality of application servers (3); the central control platform (1) builds and distributes an upgrade package of application software, the node support platform (2) can check and download the upgrade package of the application software distributed by the central control platform (1), the node support platform (2) pushes a software upgrade instruction to the application server (3) after downloading the upgrade package of the application software from the central control platform (1), so that the application server (3) actively grabs the upgrade package of the application software distributed by the node support platform (2) according to the software upgrade instruction, however, because different network environment requirements are met, the software version upgrade technology in the distributed service system needs to pay attention to the security problem, so that some solution of the prior art is focused, for example, the automatic upgrade distribution technology of the application software disclosed by the patent document CN105740019A adopts a certificate encryption method to carry out bidirectional encryption verification on interactive information, the certificate can ensure that data is not monitored, stolen or tampered in the transmission process, but is not absolutely safe, the application is widely supported to be forced to be applied to a special security scheme of a client, and the security coefficient of the whole security system is not attacked by the security system, and the security coefficient is not very low, and the security coefficient of the security system is not found on the side of the client.
Disclosure of Invention
The application aims to provide an automatic upgrade release system and method for application software, so as to solve the problems in the background technology.
In order to solve the technical problems, the application provides the following technical scheme:
the automatic upgrade and release system of the application software comprises a total control system, an upstream secure tunnel, a node control system, a downstream secure tunnel and an application server, wherein the total control system is used for supporting a software development maintainer to edit and release an initial software upgrade package; the upstream security tunnel is used for detecting whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, downloading the corresponding upgradeable software upgrade package from the total control system, adding a check code to the upgradeable software upgrade package, packaging to form a packaged security package, and sending the packaged security package to the node control system;
the node control system is used for receiving the encapsulation security packet from the upstream security tunnel and then finishing protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
the downstream security tunnel is used for receiving the encapsulation security packet from the node control system, then interactively determining whether the encapsulation security packet is needed or not with the application server, and when the encapsulation security packet is needed by the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and deliver the initial software upgrading packet to the application server;
the application server side is used for interacting with the client side and completing automatic upgrading of software at the client side.
Further, the upstream secure tunnel is arranged at one side of the total control system and is the same as the network environment of the total control system, and the downstream secure tunnel is arranged at one side of the application server and is the same as the network environment of the application server.
Further, the general control system is provided with a software compiling interface end, a software debugging interface end and a software testing interface end, the software compiling interface end supports a programmer to compile programs and files of software upgrading, the software debugging interface end supports the programmer to carry out joint debugging on software, and the software testing interface end supports a software project responsible person or a software testing engineer to test the software joint.
Further, the upstream secure tunnel is provided with a detection unit, a downloading unit, an unpacking and coding unit and a packaging unit, wherein the detection unit is used for detecting whether an upgradeable software upgrade package exists in the total control system; the downloading unit is used for downloading an upgradeable software upgrade package of the total control system; the unpacking and code adding unit is used for unpacking the software upgrading package and adding check codes to at least one executable file selected from the unpacked software upgrading package, and program call or function call relation of any executable file in the software upgrading package is not changed in the process of adding the check codes; the encapsulation unit is used for encapsulating the split software upgrading package again and sending the software upgrading package to the node control system, and program call or function call relation of any executable file in the software upgrading package is not changed in the encapsulation process.
Further, the node control system comprises a protocol authentication unit and a forwarding packet unit, wherein the protocol authentication unit is used for completing security certificate authentication, and the forwarding packet unit is used for carrying out subcontracting on the packaged security packet.
Furthermore, the downstream secure tunnel is provided with an interaction unit and a verification unpacking unit, the verification unpacking unit is used for finishing verification and unpacking of the packaged secure package and restoring the packaged secure package into an initial software upgrading package, and the interaction unit is used for confirming with an application server end whether the software upgrading package needs to be sent to the application server end or not and supporting that the restored software upgrading package is sent to the application server end.
The application server side further comprises an interactive confirmation unit, wherein the interactive confirmation unit is used for confirming whether the software upgrading package needs to be sent to the application server side with the downstream secure tunnel, and the interactive confirmation unit also supports the software upgrading package to be sent to the client side after the software upgrading package is received.
The automatic upgrade and release method of the application software comprises the steps of,
the general control system supports software development maintenance personnel to edit and release an initial software upgrade package; the upstream security tunnel detects whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, the corresponding upgradeable software upgrade package is downloaded from the overall control system, a check code is added to the upgradeable software upgrade package, and then the package is packaged to form a packaged security package and is sent to the node control system;
the node control system receives the encapsulation security packet from the upstream security tunnel and then completes protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
after receiving the encapsulation security packet from the node control system, the downstream security tunnel interacts with the application server to determine whether the encapsulation security packet is needed, and when the downstream security tunnel determines that the application server needs to encapsulate the security packet with the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and delivers the initial software upgrading packet to the application server;
the application server side interacts with the client side and completes automatic upgrading of the software at the client side.
Further, the upstream security tunnel detects whether an upgradeable software upgrade package exists, after the upgradeable software upgrade package is determined, the corresponding upgradeable software upgrade package is downloaded from the overall control system, check codes are added to the upgradeable software upgrade package and then packaged to form a packaged security package, the package is sent to the node control system, the package removing and adding unit is used for removing the upgradeable software upgrade package of the overall control system, at least one executable file is selected from the removed software upgrade package, the check codes are added, the program call or function call relation of any executable file in the software upgrade package is not changed in the process of adding the check codes, the packaging unit is used for packaging the detached software upgrade package again and sending the packaged software upgrade package to the node control system, and the program call or function call relation of any executable file in the software upgrade package is not changed in the packaging process; the check code is a dynamic check code.
Further, after the downstream security tunnel receives the encapsulated security packet from the node control system, the downstream security tunnel interacts with the application server to determine whether the encapsulated security packet is needed, when the downstream security tunnel determines that the application server needs the encapsulated security packet with the application server, the downstream security tunnel performs verification and unpacking on the encapsulated security packet to restore the encapsulated security packet to an initial software upgrade packet, and delivers the initial software upgrade packet to the application server, specifically includes verification and unpacking Bao Shanyuan on the encapsulated security packet to complete verification and unpacking on the encapsulated security packet, restore the encapsulated security packet to the initial software upgrade packet, and the interaction unit and the application server confirm whether the software upgrade packet needs to be sent to the application server and support the restoration of the software upgrade packet to be sent to the application server.
Compared with the prior art, the application has the beneficial effects that:
the application adds a secondary security tunnel based on the original three-level architecture and realizes the security control of the software upgrade package. Because the security of the intermediate node in the original three-level architecture is poor; the application weakens the functions and operations of the intermediate nodes in the original three-level architecture, reduces the load of the intermediate nodes, naturally reduces the risks, and simultaneously increases the safety by adding the two-level safety tunnel, so that the safety in the process of upgrading and publishing the software is greatly improved.
Drawings
FIG. 1 is a block diagram of an automatic upgrade distribution system of application software of the present application.
Detailed Description
The technical solutions of the embodiments of the present application will be clearly and completely described below in conjunction with the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Because the node to the application server and to the client side in the existing three-level architecture has no focused security scheme, the security coefficient of the whole application software upgrade package is very low, therefore, the application adds a two-level security tunnel and realizes the security control of the software upgrade package on the basis of adopting the original three-level architecture. Because the security of the intermediate node in the original three-level architecture is poor; the application weakens the functions and operations of the intermediate nodes in the original three-level architecture, reduces the load and increases the safety;
in a specific implementation, the application discloses an automatic upgrade and release system of application software, as shown in fig. 1, and the specific technology of the system comprises a total control system, an upstream secure tunnel, a node control system, a downstream secure tunnel and an application server side, wherein the total control system is used for supporting a software development maintainer to edit and release an initial software upgrade package;
the general control system is provided with a software compiling interface end, a software debugging interface end and a software testing interface end, wherein the software compiling interface end supports a programmer to compile programs and files of software upgrading, the software debugging interface end supports the joint debugging of the programmer to the software, and the software testing interface end supports the joint testing of a software project responsible person or a software testing engineer to the software;
the upstream security tunnel is used for detecting whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, downloading the corresponding upgradeable software upgrade package from the total control system, adding a check code to the upgradeable software upgrade package, packaging to form a packaged security package, and sending the packaged security package to the node control system;
the upstream secure tunnel is provided with a detection unit, a downloading unit, an unpacking and encoding unit and a packaging unit, wherein the detection unit is used for detecting whether an upgradeable software upgrade package exists in the total control system; the downloading unit is used for downloading an upgradeable software upgrade package of the total control system; the unpacking and code adding unit is used for unpacking the software upgrading package and adding check codes to at least one executable file selected from the unpacked software upgrading package, and program call or function call relation of any executable file in the software upgrading package is not changed in the process of adding the check codes; the encapsulation unit is used for encapsulating the split software upgrading package again and sending the software upgrading package to the node control system, and program call or function call relation of any executable file in the software upgrading package is not changed in the encapsulation process;
the node control system is used for receiving the encapsulation security packet from the upstream security tunnel and then finishing protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
the node control system comprises a protocol authentication unit and a forwarding packet unit, wherein the protocol authentication unit is used for completing security certificate authentication, and the forwarding packet unit is used for subcontracting an encapsulation security packet;
the downstream security tunnel is used for receiving the encapsulation security packet from the node control system, then interactively determining whether the encapsulation security packet is needed or not with the application server, and when the encapsulation security packet is needed by the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and delivering the initial software upgrading packet to the application server;
the downstream security tunnel is provided with an interaction unit and a verification unpacking unit, wherein the verification unpacking unit is used for finishing verification and unpacking of the packaged security package and restoring the packaged security package into an initial software upgrading package, and the interaction unit is used for confirming with an application server side whether the software upgrading package needs to be sent to the application server side or not and supporting the completion of sending the restored software upgrading package to the application server side;
the application server side is used for interacting with the client side and completing automatic upgrading of software at the client side;
the application server side comprises an interactive confirmation unit which is used for confirming whether the software upgrading packet needs to be sent to the application server side with a downstream secure tunnel or not, and the interactive confirmation unit also supports the software upgrading packet to be sent to the client side after the software upgrading packet is received;
in the implementation process, a general control system supports software development maintenance personnel to edit and release an initial software upgrading package, an upstream security tunnel detects whether an upgradeable software upgrading package exists or not, after the upgradeable software upgrading package is determined, a corresponding upgradeable software upgrading package is downloaded from the general control system, a check code is added to the upgradeable software upgrading package and then packaged to form a packaged security package and sent to a node control system, the node control system receives the packaged security package from the upstream security tunnel and then completes protocol authentication to send the packaged security package to a downstream security tunnel, the downstream security tunnel interacts with an application server to determine whether the packaged security package is needed or not after receiving the packaged security package from the node control system, and when the application server determines that the application server needs the packaged security package, the downstream security tunnel completes checking and unpacking of the packaged security package to restore the packaged security package to the initial software upgrading package to be delivered to the application server, and the application server interacts with a client and completes automatic software upgrading at the client; therefore, the application adds the secondary security tunnel and realizes the security control of the software upgrade package on the basis of adopting the original tertiary architecture. Because the security of the intermediate node in the original three-level architecture is poor; the application weakens the functions and operations of the intermediate nodes in the original three-level architecture, reduces the load of the intermediate nodes, naturally reduces the risks, and simultaneously increases the safety by adding the two-level safety tunnel, so that the safety in the process of upgrading and publishing the software is greatly improved.
In addition, in order to further weaken the functions and operations of intermediate nodes in the original three-level architecture, the load of the intermediate nodes is reduced, and the risk is naturally reduced.
The application discloses an automatic upgrade and release system of application software, which comprises a total control system, an upstream secure tunnel, a node control system, a downstream secure tunnel and an application server, wherein the total control system is used for supporting a software development maintainer to edit and release an initial software upgrade package; the upstream security tunnel is used for detecting whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, downloading the corresponding upgradeable software upgrade package from the total control system, adding a check code to the upgradeable software upgrade package, packaging to form a packaged security package, and sending the packaged security package to the node control system;
the node control system is used for receiving the encapsulation security packet from the upstream security tunnel and then finishing protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
the downstream security tunnel is used for receiving the encapsulation security packet from the node control system, then interactively determining whether the encapsulation security packet is needed or not with the application server, and when the encapsulation security packet is needed by the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and deliver the initial software upgrading packet to the application server;
the application server side is used for interacting with the client side and completing automatic upgrading of software at the client side.
Preferably, the upstream secure tunnel is disposed on the side of the overall control system and is the same as the network environment of the overall control system, and the downstream secure tunnel is disposed on the side of the application server and is the same as the network environment of the application server.
Preferably, the overall control system is provided with a software compiling interface end, a software debugging interface end and a software testing interface end, the software compiling interface end supports a programmer to compile programs and files for upgrading software, the software debugging interface end supports the programmer to carry out joint debugging on the software, and the software testing interface end supports a software project responsible person or a software testing engineer to test the software joint.
Preferably, the upstream secure tunnel is provided with a detection unit, a downloading unit, an unpacking and coding unit and a packaging unit, wherein the detection unit is used for detecting whether an upgradeable software upgrade package exists in the total control system; the downloading unit is used for downloading an upgradeable software upgrade package of the total control system; the unpacking and code adding unit is used for unpacking the software upgrading package and adding check codes to at least one executable file selected from the unpacked software upgrading package, and program call or function call relation of any executable file in the software upgrading package is not changed in the process of adding the check codes; the encapsulation unit is used for encapsulating the split software upgrading package again and sending the software upgrading package to the node control system, and program call or function call relation of any executable file in the software upgrading package is not changed in the encapsulation process.
Preferably, the node control system comprises a protocol authentication unit and a forwarding packet unit, wherein the protocol authentication unit is used for completing security certificate authentication, and the forwarding packet unit is used for carrying out subcontracting on the packaged security packet.
Preferably, the downstream secure tunnel is provided with an interaction unit and a verification unpacking unit, the verification unpacking unit is used for finishing verification and unpacking of the packaged secure package and restoring the packaged secure package into an initial software upgrading package, and the interaction unit is used for confirming with the application server side whether the software upgrading package needs to be sent to the application server side or not and supporting that the restored software upgrading package is sent to the application server side.
Preferably, the application server side includes an interactive confirmation unit, where the interactive confirmation unit is configured to confirm with the downstream secure tunnel whether the software upgrade package needs to be sent to the application server side, and further support to send the software upgrade package to the client side after receiving the software upgrade package is completed.
The application also discloses an automatic upgrade and release method of the application software, which comprises the following steps:
the general control system supports software development maintenance personnel to edit and release an initial software upgrade package;
the upstream security tunnel detects whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, the corresponding upgradeable software upgrade package is downloaded from the overall control system, a check code is added to the upgradeable software upgrade package, and then the package is packaged to form a packaged security package and is sent to the node control system;
the node control system receives the encapsulation security packet from the upstream security tunnel and then completes protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
after receiving the encapsulation security packet from the node control system, the downstream security tunnel interacts with the application server to determine whether the encapsulation security packet is needed, and when the downstream security tunnel determines that the application server needs to encapsulate the security packet with the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and delivers the initial software upgrading packet to the application server; the application server side interacts with the client side and completes automatic upgrading of the software at the client side.
Preferably, the main control system supports the software development maintenance personnel to edit and issue an initial software upgrading package, specifically comprises a program and a file for compiling the software upgrading by a programmer through a software compiling interface end, the programmer performs joint debugging on the software through a software debugging interface end, a project responsible person or a software testing engineer performs joint testing on the software at a software testing interface end, and the programmer issues the software upgrading package after determining that the testing is correct.
Preferably, the upstream security tunnel detects whether an upgradeable software upgrade package exists, after the upgradeable software upgrade package is determined, the corresponding upgradeable software upgrade package is downloaded from the overall control system, check codes are added to the upgradeable software upgrade package, the upgradeable software upgrade package is packaged to form a packaged security package and is sent to the node control system, the detection unit detects whether the upgradeable software upgrade package exists in the overall control system, the upgradeable software upgrade package of the overall control system is downloaded by the downloading unit, the unpacking and adding unit splits the software upgrade package, at least one executable file is selected from the split software upgrade package, the check codes are added, the program call or function call relation of any executable file in the software upgrade package is not changed in the process of adding the check codes, the packaging unit packages the software upgrade package after the splitting again and sends the software upgrade package to the node control system, and the program call or function call relation of any executable file in the software upgrade package is not changed in the packaging process.
Preferably, after receiving the encapsulated security packet from the node control system, the downstream security tunnel interacts with the application server to determine whether the encapsulated security packet is needed, and when determining with the application server that the application server needs the encapsulated security packet, the downstream security tunnel performs verification and unpacking on the encapsulated security packet to restore the encapsulated security packet to an initial software upgrade packet and delivers the initial software upgrade packet to the application server, specifically includes verification and unpacking Bao Shanyuan on the encapsulated security packet, restoring the encapsulated security packet to the initial software upgrade packet, and the interaction unit and the application server confirm whether the software upgrade packet needs to be sent to the application server and support the restoration of the software upgrade packet to the application server.
Preferably, the check code is a dynamic check code, the dynamic check code in the application is determined by the initial time, the current return time and the check rule function together, a check rule function and the initial time are determined before the dynamic check code is generated, then the integral quantity of the check rule function from the initial time to the current return time is calculated according to the current time, the value code corresponding to the integral quantity is used as the dynamic check code, the dynamic check code transmission process is configured to change along with the current return time, the dynamic check code also obtains the current time when checking, then the integral quantity of the check rule function from the initial time to the current return time is calculated according to the current time, and whether the check is passed or not is determined by comparing the value code corresponding to the integral quantity with the transmitted dynamic check code.
The integral quantity of the check rule function from the preset time to the current return time is calculated according to the current time, and the numerical code corresponding to the integral quantity is used as the dynamic check code, so that the check code and the corresponding check rule function can be effectively prevented from being attacked and cracked, and the safety can be greatly improved.
In a comprehensive view, the application adds a secondary security tunnel and realizes security control (such as inspection and encapsulation) of the software upgrade package on the basis of adopting the original three-level architecture (namely a central control platform, nodes and an application server). Because the security of the intermediate node in the original three-level architecture is poor; the application weakens the function and operation of the intermediate node in the original three-level architecture, namely, more software maintenance work is handed to the two-level security tunnel, the load is reduced, the risk opportunity is naturally reduced, meanwhile, the security is also increased by adding the two-level security tunnel, the security of the software upgrading and publishing process is greatly improved, and in addition, the security is also improved in the detail configuration of the dynamic check code.

Claims (6)

1. The automatic upgrade and release system of the application software is characterized by comprising a total control system, an upstream secure tunnel, a node control system, a downstream secure tunnel and an application server, wherein the total control system is used for supporting a software development maintainer to edit and release an initial software upgrade package; the upstream security tunnel is used for detecting whether an upgradeable software upgrade package exists or not, and after the upgradeable software upgrade package is determined, downloading the corresponding upgradeable software upgrade package from the total control system, adding a check code to the upgradeable software upgrade package, packaging to form a packaged security package, and sending the packaged security package to the node control system;
the node control system is used for receiving the encapsulation security packet from the upstream security tunnel and then finishing protocol authentication to resend the encapsulation security packet to the downstream security tunnel;
the downstream security tunnel is used for receiving the encapsulation security packet from the node control system, then interactively determining whether the encapsulation security packet is needed or not with the application server, and when the encapsulation security packet is needed by the application server, the downstream security tunnel performs verification and unpacking on the encapsulation security packet to restore the encapsulation security packet into an initial software upgrading packet and deliver the initial software upgrading packet to the application server;
the application server side is used for interacting with the client side and completing automatic upgrading of software at the client side;
the upstream secure tunnel is provided with a detection unit, a downloading unit, an unpacking and coding unit and a packaging unit, wherein the detection unit is used for detecting whether an upgradeable software upgrade package exists in the total control system; the downloading unit is used for downloading an upgradeable software upgrade package of the total control system; the unpacking and code adding unit is used for unpacking the software upgrading package and adding check codes to at least one executable file selected from the unpacked software upgrading package, and program call or function call relation of any executable file in the software upgrading package is not changed in the process of adding the check codes; the encapsulation unit is used for encapsulating the split software upgrading package again and sending the software upgrading package to the node control system, and program call or function call relation of any executable file in the software upgrading package is not changed in the encapsulation process;
the dynamic check code is determined by the initial time, the current return time and the check rule function, one check rule function and the initial time are determined before the dynamic check code is generated, then the integral quantity of the check rule function from the initial time to the current return time is calculated according to the current time, the numerical code corresponding to the integral quantity is used as the dynamic check code, the dynamic check code transmission process is configured to change along with the current return time, the dynamic check code also obtains the current time when checking, then the integral quantity of the check rule function from the initial time to the current return time is calculated according to the current time, and whether the check is passed or not is determined by comparing the numerical code corresponding to the integral quantity with the transmitted dynamic check code.
2. The automatic upgrade and release system of application software according to claim 1, wherein the upstream secure tunnel is disposed at a side of the overall control system and is identical to a network environment of the overall control system, and the downstream secure tunnel is disposed at a side of the application server and is identical to the network environment of the application server.
3. The automatic upgrade and release system of application software according to claim 1, wherein the overall control system is provided with a software compiling interface end, a software debugging interface end and a software testing interface end, the software compiling interface end supports a programmer to compile programs and files for software upgrade, the software debugging interface end supports the joint debugging of the software by the programmer, and the software testing interface end supports the joint testing of the software by a software project responsible person or a software testing engineer.
4. The system according to claim 1, wherein the node control system comprises a protocol authentication unit and a forwarding packet unit, the protocol authentication unit is used for completing security certificate authentication, and the forwarding packet unit is used for performing subcontracting on the encapsulated security packet.
5. The automatic upgrade and release system of application software according to claim 1, wherein the downstream secure tunnel is provided with an interaction unit and a verification unpacking unit, the verification unpacking unit is used for finishing verification and unpacking of the packaged secure package and restoring the packaged secure package into an initial software upgrade package, and the interaction unit is used for confirming with the application server side whether the software upgrade package needs to be sent to the application server side or not and supporting the completion of sending the restored software upgrade package to the application server side.
6. The system according to claim 1, wherein the application server side includes an interactive confirmation unit for confirming with the downstream secure tunnel whether the software upgrade package needs to be sent to the application server side, and further supporting the software upgrade package to be sent to the client side after completion of receiving the software upgrade package.
CN202310375045.6A 2023-04-10 2023-04-10 Automatic upgrade release system and method for application software Active CN116382740B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310375045.6A CN116382740B (en) 2023-04-10 2023-04-10 Automatic upgrade release system and method for application software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310375045.6A CN116382740B (en) 2023-04-10 2023-04-10 Automatic upgrade release system and method for application software

Publications (2)

Publication Number Publication Date
CN116382740A CN116382740A (en) 2023-07-04
CN116382740B true CN116382740B (en) 2023-11-14

Family

ID=86967231

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310375045.6A Active CN116382740B (en) 2023-04-10 2023-04-10 Automatic upgrade release system and method for application software

Country Status (1)

Country Link
CN (1) CN116382740B (en)

Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1694555A (en) * 2005-05-24 2005-11-09 北京易诚世纪科技有限公司 Dynamic cipher system and method based on mobile communication terminal
CN101877723A (en) * 2010-06-18 2010-11-03 中兴通讯股份有限公司 Wireless sensor network node remote update system, method and equipment
CN102945175A (en) * 2012-11-09 2013-02-27 杭州易和网络有限公司 Terminal software online upgrading system and method based on cloud computing environment
CN105740019A (en) * 2016-01-29 2016-07-06 公安部交通管理科学研究所 Automatic upgrading and releasing system and method for application software in distributed network environment
CN107682159A (en) * 2017-10-12 2018-02-09 北京握奇智能科技有限公司 The trusted application management method and trusted application management system of a kind of intelligent terminal
CN107786501A (en) * 2016-08-25 2018-03-09 大连楼兰科技股份有限公司 The method of car networking dynamic password verification based on SASL
CN112100582A (en) * 2020-09-22 2020-12-18 焦点教育科技有限公司 Method for protecting software distribution security by applying strong symmetric encryption
CN113114632A (en) * 2021-03-22 2021-07-13 国网河北省电力有限公司 Can peg graft formula intelligence financial audit platform
CN113268046A (en) * 2021-04-12 2021-08-17 延锋伟世通电子科技(上海)有限公司 Diagnosis networking safety unlocking implementation system under AUTOSAR framework
CN113378189A (en) * 2021-05-31 2021-09-10 中国电力科学研究院有限公司 Authentication and verification method and system for load identification module
CN114357040A (en) * 2021-11-30 2022-04-15 河南辉煌科技股份有限公司 High-availability rail transit security integrated platform based on micro-service architecture
CN114385169A (en) * 2022-01-14 2022-04-22 武汉源启科技股份有限公司 Application generation method and device
CN114595433A (en) * 2020-12-04 2022-06-07 公安部交通管理科学研究所 Information system data security reinforcing method
CN114826595A (en) * 2022-04-01 2022-07-29 安徽思帕德信息技术有限公司 Dynamic password control system and method
CN115022092A (en) * 2022-08-05 2022-09-06 中汽数据(天津)有限公司 Vehicle software upgrading method, device and storage medium
CN115242413A (en) * 2021-04-06 2022-10-25 中国移动通信有限公司研究院 Internet of things equipment firmware safety upgrading method and device, electronic equipment and medium

Patent Citations (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1694555A (en) * 2005-05-24 2005-11-09 北京易诚世纪科技有限公司 Dynamic cipher system and method based on mobile communication terminal
CN101877723A (en) * 2010-06-18 2010-11-03 中兴通讯股份有限公司 Wireless sensor network node remote update system, method and equipment
CN102945175A (en) * 2012-11-09 2013-02-27 杭州易和网络有限公司 Terminal software online upgrading system and method based on cloud computing environment
CN105740019A (en) * 2016-01-29 2016-07-06 公安部交通管理科学研究所 Automatic upgrading and releasing system and method for application software in distributed network environment
CN107786501A (en) * 2016-08-25 2018-03-09 大连楼兰科技股份有限公司 The method of car networking dynamic password verification based on SASL
CN107682159A (en) * 2017-10-12 2018-02-09 北京握奇智能科技有限公司 The trusted application management method and trusted application management system of a kind of intelligent terminal
CN112100582A (en) * 2020-09-22 2020-12-18 焦点教育科技有限公司 Method for protecting software distribution security by applying strong symmetric encryption
CN114595433A (en) * 2020-12-04 2022-06-07 公安部交通管理科学研究所 Information system data security reinforcing method
CN113114632A (en) * 2021-03-22 2021-07-13 国网河北省电力有限公司 Can peg graft formula intelligence financial audit platform
CN115242413A (en) * 2021-04-06 2022-10-25 中国移动通信有限公司研究院 Internet of things equipment firmware safety upgrading method and device, electronic equipment and medium
CN113268046A (en) * 2021-04-12 2021-08-17 延锋伟世通电子科技(上海)有限公司 Diagnosis networking safety unlocking implementation system under AUTOSAR framework
CN113378189A (en) * 2021-05-31 2021-09-10 中国电力科学研究院有限公司 Authentication and verification method and system for load identification module
CN114357040A (en) * 2021-11-30 2022-04-15 河南辉煌科技股份有限公司 High-availability rail transit security integrated platform based on micro-service architecture
CN114385169A (en) * 2022-01-14 2022-04-22 武汉源启科技股份有限公司 Application generation method and device
CN114826595A (en) * 2022-04-01 2022-07-29 安徽思帕德信息技术有限公司 Dynamic password control system and method
CN115022092A (en) * 2022-08-05 2022-09-06 中汽数据(天津)有限公司 Vehicle software upgrading method, device and storage medium

Also Published As

Publication number Publication date
CN116382740A (en) 2023-07-04

Similar Documents

Publication Publication Date Title
CN101699399B (en) Software update system and method
CN103034512B (en) The method and apparatus of more new procedures
CN107743115B (en) Identity authentication method, device and system for terminal application
US20120284567A1 (en) Model-based testing of an application program under test
CN101657793B (en) Method, system and computer program for configuring firewalls
CN107766050A (en) The dispositions method and device of a kind of heterogeneous applications
CN103678354A (en) Local relation type database node scheduling method and device based on cloud computing platform
CN107704607A (en) A kind of method of database in phase
US20090037984A1 (en) Automated password tool and method of use
CN116382740B (en) Automatic upgrade release system and method for application software
CN101930361A (en) Method and system for providing online data storage service
CN112559005A (en) Internet of things equipment firmware updating method and system based on block chain and distributed storage
CN111596939B (en) Electric energy meter upgrading method, device and concentrator
CN105391705A (en) Method of carrying out authentication on application service and device
CN113553078A (en) Trackside equipment system upgrading method and device, electronic equipment and readable storage medium
CN115086287A (en) Automatic deployment method and system for software products
CN102622550A (en) Safe online patch check system facing terminal computers
CN103442291A (en) Set top box upgrading method and device
CN116340956B (en) Trusted protection optimization method and device for electric embedded terminal equipment
CN104423963A (en) Control program management device, information processing device, and control program processing method
CN111427609A (en) Automatic application upgrading method based on multi-node server
CN114168182A (en) Method for upgrading Android terminal application
CN105391031A (en) Data processing method and system of relay protection device with plurality of plugins
CN112379889B (en) IC remote self-help burning method and system
CN111327600B (en) Manufacturing service resource integration system and method based on SaaS cloud platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant