CN116956364A - Virtualized product integrity verification method, device and system and electronic equipment - Google Patents
Virtualized product integrity verification method, device and system and electronic equipment Download PDFInfo
- Publication number
- CN116956364A CN116956364A CN202311222005.4A CN202311222005A CN116956364A CN 116956364 A CN116956364 A CN 116956364A CN 202311222005 A CN202311222005 A CN 202311222005A CN 116956364 A CN116956364 A CN 116956364A
- Authority
- CN
- China
- Prior art keywords
- product
- target
- virtualized
- hash value
- virtualized product
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012795 verification Methods 0.000 title claims abstract description 110
- 238000000034 method Methods 0.000 title claims abstract description 61
- 238000004519 manufacturing process Methods 0.000 claims abstract description 80
- 238000009434 installation Methods 0.000 claims abstract description 47
- 230000001419 dependent effect Effects 0.000 claims abstract description 27
- 238000012545 processing Methods 0.000 claims description 29
- 230000002159 abnormal effect Effects 0.000 claims description 14
- 230000008569 process Effects 0.000 claims description 11
- 238000005516 engineering process Methods 0.000 abstract description 7
- 238000011161 development Methods 0.000 description 11
- 238000010586 diagram Methods 0.000 description 6
- 238000011900 installation process Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000003912 environmental pollution Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/72—Signcrypting, i.e. digital signing and encrypting simultaneously
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02P—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
- Y02P90/00—Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
- Y02P90/30—Computing systems specially adapted for manufacturing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Biomedical Technology (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a virtualized product integrity checking method, device and system and electronic equipment. Wherein the method comprises the following steps: acquiring a target virtualized product and signature files of the target virtualized product, wherein the signature files are key files and key dependent files in product installation packages of the target virtualized product and the target virtualized product, and files obtained by signing production information of the target virtualized product; verifying the signature file, and calculating to obtain a target hash value corresponding to the target virtualized product according to the signature file after the signature file passes the verification; and comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete or not according to a comparison result. The application solves the technical problem of lower reliability of the virtualized product caused by the fact that the damaged object of the virtualized product cannot be positioned and whether the damaged product can be repaired cannot be determined in the related technology.
Description
Technical Field
The application relates to the field of data security, in particular to a virtualized product integrity verification method, device and system and electronic equipment.
Background
In the related art, when a virtualized product is released, whether a file in the virtualized product is damaged or not can only be checked when the virtualized product is checked, but after the product is determined to be damaged, the product cannot be further analyzed to determine the damaged object of the product and whether the damaged object of the product can be repaired or not, so that the reliability of the virtualized product in the related art is lower.
In view of the above problems, no effective solution has been proposed at present.
Disclosure of Invention
The embodiment of the application provides a virtualized product integrity checking method, device, system and electronic equipment, which at least solve the technical problem that the reliability of a virtualized product is low because a damaged object of the virtualized product cannot be positioned and whether the damaged product can be repaired cannot be determined in the related technology.
According to an aspect of an embodiment of the present application, there is provided a virtualized product integrity checking method, including: acquiring a target virtualized product and signature files of the target virtualized product, wherein the signature files are key files and key dependent files in product installation packages of the target virtualized product and the target virtualized product, and files obtained by signing production information of the target virtualized product, and the production information comprises producer information and production equipment information; verifying the signature file, and calculating to obtain a target hash value corresponding to the target virtualized product according to the signature file after the signature file passes the verification; and comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to an expected state of the target virtualized product.
Optionally, the target hash value includes a first target hash value corresponding to each of at least one product metadata included in the signature file, the expected hash value includes an expected hash value corresponding to each of the product metadata, and the product metadata includes at least one of: the version number of the target virtualized product, the release date of the target virtualized product, producer information of the target virtualized product and production equipment information.
Optionally, the producer information includes physiological characteristic information of a producer of the target virtualized product, the production equipment information includes address information of a production equipment of the target virtualized product, time information of an installation package of the target virtualized product generated by the production equipment, characteristic value information of a virtualized platform corresponding to the target virtualized product and chip architecture value information supported by the virtualized platform.
Optionally, the step of determining whether the target virtualized product is complete according to the comparison result includes: under the condition that the comparison result is that the target hash value corresponding to each product metadata is equal to the corresponding expected hash value, determining that the target virtualized product is complete; under the condition that the comparison result is that the target hash value corresponding to the existing product metadata is not equal to the corresponding expected hash value, determining that the target virtualized product is incomplete, and generating error indication information according to the comparison result, wherein the error indication information comprises at least one of the following components: error type information, error cause information, error location information.
Optionally, the step of generating the error indication information according to the comparison result includes: determining abnormal product metadata in the metadata according to the comparison result, wherein the abnormal product metadata are product metadata with different corresponding target hash values and expected hash values; and generating error indication information according to the abnormal product metadata.
Optionally, after the step of determining that the target virtualized product is incomplete, the virtualized product integrity verification method further comprises: determining a verification object according to the producer information and the production equipment information, wherein the verification object is used for verifying the target virtualized product, confirming whether the target virtualized product can be repaired or not according to a verification result, and positioning a damage object for damaging the virtualized product; and sending the installation package of the target virtualized product to the verification object.
Optionally, the signature file includes a first signature file corresponding to the target virtualized product and a second signature file corresponding to each installation file in the installation package of the target virtualized product, and the target hash value includes a second target hash value corresponding to each second signature file; the step of verifying the signature file and calculating the target hash value corresponding to the target virtualized product according to the verification result comprises the following steps: under the condition that the first signature files pass the verification, verifying each second signature file; and after verification, determining second target hash values corresponding to the second signature files according to the second signature files.
Optionally, the step of verifying the signature file further comprises: obtaining public keys of target virtualized products, wherein the public keys corresponding to different users are different; and verifying the signature file through the public key, and sending the public key and address information corresponding to the user to the issuer of the target virtualized product in the verification process, wherein the public key and the address information corresponding to the user are used for determining a tampered object of the signature file tampered with the target virtualized product under the condition that the signature file of the target virtualized product is detected to be tampered with.
According to another aspect of the embodiment of the present application, there is also provided a virtualized product integrity verification method, including: signing key files and key dependent files in the target virtualized product and the product installation package of the target virtualized product and production information of the target virtualized product to obtain signature files of the target virtualized product, wherein the production information comprises producer information and production equipment information; issuing a target virtualized product and signature files of the target virtualized product; when a user side obtains a target virtualized product and signature files of the target virtualized product, a public key corresponding to the user side is provided for the user side, wherein the public key is used for verifying the signature files of the target virtualized product, and the public keys corresponding to the user sides are different.
Optionally, after the step of providing the public key corresponding to the user terminal, the virtualized product integrity verification method further includes: and receiving a public key and address information corresponding to the user side, which are sent in the verification process of verifying the signature file by the user side, wherein the public key and the address information corresponding to the user side are used for determining a tampered object of the signature file tampered with the target virtualized product under the condition that the signature file of the target virtualized product is tampered.
According to another aspect of the embodiment of the present application, there is also provided a virtualized product integrity verification system, including: the signature module is used for signing key files and key dependent files in the target virtualized product and the product installation package of the target virtualized product and production information of the target virtualized product to obtain signature files of the target virtualized product, wherein the production information comprises producer information and production equipment information; the issuing module is used for issuing the target virtualized product and signature files of the target virtualized product; the verification module is used for verifying the signature file and calculating to obtain a target hash value corresponding to the target virtualized product according to the verification result; comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to an expected state of the target virtualized product; the result processing module is used for allowing the target virtualized product to normally operate under the condition that the comparison result is that the target hash value is consistent with the expected hash value; and under the condition that the comparison result is that the target hash value is inconsistent with the expected hash value, stopping the operation of the target virtualized product, and reporting error information.
According to another aspect of the embodiment of the present application, there is also provided a virtualized product integrity verification apparatus, including: the first processing module is used for acquiring a target virtualized product and signature files of the target virtualized product, wherein the signature files are key files and key dependent files in product installation packages of the target virtualized product and the target virtualized product, and files obtained by signing production information of the target virtualized product, and the production information comprises producer information and production equipment information; the second processing module is used for verifying the signature file and calculating to obtain a target hash value corresponding to the target virtualized product according to the verification result; and the third processing module is used for comparing the target hash value with an expected hash value corresponding to the target virtualized product and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to the expected state of the target virtualized product.
According to another aspect of the embodiment of the present application, there is further provided a nonvolatile storage medium, in which a program is stored, where when the program runs, a device in which the nonvolatile storage medium is controlled to execute the virtualized product integrity verification method.
In the embodiment of the application, a target virtualized product and a signature file of the target virtualized product are acquired, wherein the signature file is a key file and a key dependent file in a product installation package of the target virtualized product and the target virtualized product, and a file obtained by signing production information of the target virtualized product, and the production information comprises producer information and production equipment information; verifying the signature file, and calculating to obtain a target hash value corresponding to the target virtualized product according to the signature file after the signature file passes the verification; and comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to an expected state of the target virtualized product. By signing the producer information of the target virtualized product and the key files and the key dependent files in the installation package to obtain signature files, the purposes that a verification object is determined according to the producer information when the target virtualized product is determined to be damaged and whether the target virtualized product can be repaired and the damaged object is positioned are achieved by the verification object are achieved, the technical effect of improving the reliability of the virtualized product is achieved, and the technical problem that the reliability of the virtualized product is low because the damaged object of the virtualized product cannot be positioned in the related technology and whether the damaged product can be repaired cannot be determined is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
FIG. 1 is a schematic diagram of a virtualized product integrity verification system provided in accordance with an embodiment of the application;
FIG. 2 is a schematic workflow diagram of a virtualized product integrity verification system provided in accordance with an embodiment of the application;
FIG. 3 is a flow chart of a virtualized product integrity verification method provided in accordance with an embodiment of the present application;
FIG. 4 is a flow chart of another virtualized product integrity verification method provided in accordance with an embodiment of the application;
FIG. 5 is a schematic diagram of a virtualized product integrity verification device in accordance with an embodiment of the application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the application described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In order to better understand the embodiments of the present application, technical terms related to the embodiments of the present application are explained as follows:
and (3) virtualization: virtualization is a technology for abstracting physical resources into logical resources, and can realize functions of dynamic allocation, isolation, multiplexing and the like of the resources.
Virtualization product: virtualized products refer to software or hardware products developed based on virtualization technologies, such as virtual machines, virtual networks, virtual storage, and the like.
Virtualizing product integrity: the integrity of the virtualized product refers to the property that the virtualized product is not maliciously modified or tampered with during development, release, deployment, operation, and the like. The integrity of the virtualized product is critical to ensuring the security and reliability of the virtualized environment. If the virtualized product is modified or tampered maliciously, the virtualized environment may not operate normally, or malicious code such as a backdoor or a Trojan horse is implanted, so that data and applications in the virtualized environment are endangered.
In the related art, when verifying the integrity of a virtualized product, it is generally only possible to determine whether a file is destroyed, but after determining that the file is destroyed, the product cannot be further analyzed to determine the destroyed object of the product and whether it can be repaired. In addition, environmental pollution that may occur in the installation process of the virtualized product cannot be avoided in the related art. In order to solve this problem, related solutions are provided in the embodiments of the present application, and are described in detail below.
In accordance with an embodiment of the present application, there is provided a method embodiment of a virtualized product integrity verification method, it being noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions and that, although a logical order is illustrated in the flowcharts, in some cases, the steps illustrated or described may be performed in an order other than that illustrated herein.
The virtualized product integrity verification method provided by the application can be executed in a virtualized product integrity verification system shown in figure 1. As can be seen from fig. 1, the virtualized product integrity verification system provided by the present application includes: a development signature module 10, configured to sign a target virtualized product, a key file and a key dependency file in a product installation package of the target virtualized product, and production information of the target virtualized product, to obtain a signature file of the target virtualized product, where the production information includes producer information and production equipment information; a publishing module 12 for publishing the target virtualized product and the signature file of the target virtualized product; the verification module 14 is used for verifying the signature file and calculating a target hash value corresponding to the target virtualized product according to a verification result; comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to an expected state of the target virtualized product; a result processing module 16, configured to allow the target virtualized product to operate normally if the comparison result is that the target hash value is consistent with the expected hash value; and under the condition that the comparison result is that the target hash value is inconsistent with the expected hash value, preventing the target virtualized product from running, and reporting error information.
Specifically, as can be seen from fig. 1, the system may be composed of a product release server and a plurality of user side devices, wherein each user side device includes a verification module 14 and a result processing module 16, and the development signature module 10 and the release module 12 are disposed in the product release server.
In some embodiments of the present application, the workflow of the virtualized product integrity verification system depicted in FIG. 1 is shown in FIG. 2, comprising the steps of:
step S202, a signature development module initializes a signature file;
in the technical solution provided in step S202, the development signature module 10 may sign the target virtualized product, the key files and the key dependent files in the product installation package of the target virtualized product, and the production information of the target virtualized product, to obtain the signature file of the target virtualized product.
Step S204, the publishing module provides a target virtualized product, a signature file of the target virtualized product and a public key corresponding to each user side;
step S206, the verification module verifies the signature file according to the public key;
in the technical solution provided in step S206, the step of verifying the signature file by the verification module 14 according to the public key includes: verifying the signature file, and calculating to obtain a target hash value corresponding to the target virtualized product according to a verification result; and comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete or not according to a comparison result.
Step S208, the result processing module determines whether to run the target virtualized product according to the verification result, and reports the abnormal information under the condition that the target virtualized product cannot be run.
In the above operating environment, the embodiment of the present application provides a method for verifying the integrity of a virtualized product, as shown in fig. 3, the method includes the following steps:
step S302, a target virtualized product and signature files of the target virtualized product are obtained, wherein the signature files are key files and key dependent files in product installation packages of the target virtualized product and the target virtualized product, and files obtained by signing production information of the target virtualized product, and the production information comprises producer information and production equipment information;
in the technical solution provided in step S302, the producer information includes physiological characteristic information of a producer of the target virtualized product, the production equipment information includes address information of a production equipment of the target virtualized product, time information of an installation package of the target virtualized product generated by the production equipment, characteristic value information of a virtualized platform corresponding to the target virtualized product, and chip architecture value information supported by the virtualized platform.
Specifically, when signing the target virtualized product, any signature algorithm or key can be adopted to sign the target virtualized product, so as to obtain a signature file. The type of signature algorithm, the key generation method, the format of the signature file, and the like are not limited in the present application. For example, the key may be a key generated by any encryption algorithm, such as RSA, DSA, ECC. The digital signature may be a signature generated by any type of signature algorithm, such as MD5, SHA1, SHA256, etc. The signature file may also be in any type of file format, such as TXT, XML, JSON. Signing the target virtualized product includes signing metadata of the target virtualized product, key files in the target virtualized product, and key dependent software.
As an alternative embodiment, the key file, the key dependent software, the respective metadata, etc. may also be signed separately.
By signing the key files and the key dependent software, other files in the installation environment can be prevented from polluting the installation process when the target virtualized program is installed on the user side equipment. For example, depending software used when different versions of program files or different versions of virtualized products are installed may remain in the user side device, so as to avoid installation failure caused by calling the residual program files of different versions or using the dependent software pollution installation process corresponding to the versions in the installation process, signature verification can be performed on the used key files and key dependent software. Therefore, only the program files and key dependent software which pass signature verification can be called, and the failure of the installation process caused by pollution of residual files in the installation process is avoided.
In addition, as different versions of the target virtualized product can be responsible for development and maintenance by different development centers and developers, the verification object can be rapidly determined under the condition that the integrity of the target virtualized product is determined to be damaged by writing the production equipment information of the development center corresponding to the target virtualized product, the physiological characteristic information of the producer and other identity verification information into the signature file, and the damage degree and the damage object of the target virtualized product can be determined by the verification object.
As an alternative implementation manner, the MAC address of the production machine that produces the installation package of the target virtualized product, the production time of the installation package, the feature value of the virtualized platform, the chip architecture value supported by the virtualized platform, and the identity authentication information (such as the physiological feature information such as the fingerprint value) of the producer that is responsible for producing the installation package can be used as data to be processed, and converted into a 16-system character string by adopting an arbitrary signature algorithm, and then the character string can be reversed by bits and then shifted to the right by two bits to obtain a unique signature, and written into the detailed field of the installation file in the installation package of the target virtualized product.
Step S304, verifying the signature file, and calculating according to the signature file after verification is passed to obtain a target hash value corresponding to the target virtualized product;
In the technical solution provided in step S304, the step of calculating the target hash value corresponding to the target virtualized product according to the signature file after the verification is passed includes: under the condition that the comparison result is that the target hash value corresponding to each product metadata is equal to the corresponding expected hash value, determining that the target virtualized product is complete; under the condition that the comparison result is that the target hash value corresponding to the existing product metadata is not equal to the corresponding expected hash value, determining that the target virtualized product is incomplete, and generating error indication information according to the comparison result, wherein the error indication information comprises at least one of the following components: error type information, error cause information, error location information.
As an optional implementation manner, the signature file includes a first signature file corresponding to the target virtualized product and a second signature file corresponding to each installation file in the installation package of the target virtualized product, and the target hash value includes a second target hash value corresponding to each second signature file; the step of verifying the signature file and calculating the target hash value corresponding to the target virtualized product according to the verification result comprises the following steps: under the condition that the first signature files pass the verification, verifying each second signature file; and after verification, determining second target hash values corresponding to the second signature files according to the second signature files.
Specifically, the hash value corresponding to the signature file may be a hash value calculated using the signature file as an input parameter, or may be a hash value calculated from specific data recorded in the signature file.
In some embodiments of the present application, when a user obtains a target virtualized product and a signature file of the target virtualized product from a product publisher, the user also obtains a public key allocated by the publisher to the user, and the public key obtained by each user is different. Thus, the step of verifying the signature file further comprises: obtaining public keys of target virtualized products, wherein the public keys corresponding to different users are different; and verifying the signature file through the public key, and sending the public key and address information corresponding to the user to the issuer of the target virtualized product in the verification process, wherein the public key and the address information corresponding to the user are used for determining a tampered object of the signature file tampered with the target virtualized product under the condition that the signature file of the target virtualized product is detected to be tampered with.
As an alternative implementation, when the user installs or runs the virtualized program product, an operation log containing operation information of the user on the product, a public key allocated to the user and an IP address of the user is generated according to preset rules, and the log document is fed back to the product publisher. The product publisher can determine whether a user performs illegal operations according to the operation log, such as tampering a product signature, tampering a file in an installation package and the like, which can damage the integrity of the target virtualized product, and locate, according to the distributed public key and IP, who specifically damages the integrity of the target virtualized product after determining that the illegal operations occur.
Step S306, comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete according to the comparison result, wherein the expected hash value is a hash value corresponding to the expected state of the target virtualized product.
In the technical solution provided in step S306, the target hash value includes a first target hash value corresponding to each product metadata in at least one product metadata included in the signature file, the expected hash value includes an expected hash value corresponding to each product metadata, and the product metadata includes at least one of: the version number of the target virtualized product, the release date of the target virtualized product, producer information of the target virtualized product and production equipment information.
In some embodiments of the present application, the step of calculating the target hash value corresponding to the target virtualized product according to the signature file after the verification is passed includes: under the condition that the comparison result is that the target hash value corresponding to each product metadata is equal to the corresponding expected hash value, determining that the target virtualized product is complete; under the condition that the comparison result is that the target hash value corresponding to the existing product metadata is not equal to the corresponding expected hash value, determining that the target virtualized product is incomplete, and generating error indication information according to the comparison result, wherein the error indication information comprises at least one of the following components: error type information, error cause information, error location information. The error indication information may also be used to prompt the user or administrator for a process that may be undertaken, such as re-downloading, re-installing, updating a product version, or contacting a technical support person, etc.
As an alternative embodiment, the step of generating the error indication information according to the comparison result includes: determining abnormal product metadata in the metadata according to the comparison result, wherein the abnormal product metadata are product metadata with different corresponding target hash values and expected hash values; error indication information is generated according to the abnormal metadata.
After the incomplete step of the target virtualized product is determined, a check object can be determined according to the producer information and the production equipment information, wherein the check object is used for checking the target virtualized product, confirming whether the target virtualized product can be repaired or not according to a check result, and positioning a damage object for damaging the virtualized product; and then sending the installation package of the target virtualized product to the verification object.
Specifically, different versions of the target virtualized product may be responsible for development and maintenance by different development centers and developers, and by writing the development equipment information of the development center corresponding to the target virtualized product and the identity verification information such as the physiological characteristic information of the developer into the signature file, the verification object can be quickly determined under the condition that the integrity of the target virtualized product is determined to be damaged, and the damage degree and the damage object of the target virtualized product can be determined by the verification object.
The method comprises the steps of obtaining a target virtualized product and signature files of the target virtualized product, wherein the signature files are key files and key dependent files in product installation packages of the target virtualized product and the target virtualized product, and files obtained by signing production information of the target virtualized product, and the production information comprises producer information and production equipment information; verifying the signature file, and calculating to obtain a target hash value corresponding to the target virtualized product according to the signature file after the signature file passes the verification; and comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to an expected state of the target virtualized product. The method has the advantages that the producer information of the target virtualized product is signed with the key file and the key dependent file in the installation package to obtain the signature file, so that the purposes that a verification object is determined according to the producer information when the target virtualized product is determined to be damaged and whether the target virtualized product can be repaired and the damaged object is positioned are achieved by the verification object, the technical effect of improving the reliability of the virtualized product is achieved, and the technical problem that the damaged object of the virtualized product cannot be positioned in the related technology and whether the damaged product can be repaired or not is solved, and the reliability of the virtualized product is low is solved.
In addition, in the embodiment of the application, the integrity of the virtualized product is checked by adopting a combination verification mode of combining the digital signature with the hash value, so that the virtualized product can be effectively prevented from being tampered or destroyed in various links such as development, release, deployment, operation and the like in the circulation process. And the signature file is verified by means of public key and key matching, so that the authenticity and the credibility of the signature file are ensured, and the signature file is prevented from being forged or destroyed. In the embodiment of the application, the abnormal condition of the virtualized product can be found and processed in time by carrying out real-time integrity check when a user or an administrator deploys or runs the virtualized product, so that the safety and reliability of the installation and production environment of the virtualized product are improved.
In the above operating environment, another method for verifying the integrity of a virtualized product is also provided in the embodiment of the present application, and fig. 4 is a schematic flow chart of the method, as shown in fig. 4, and the method includes the following steps:
step S402, signing key files and key dependent files in the target virtualized product and a product installation package of the target virtualized product and production information of the target virtualized product to obtain a signature file of the target virtualized product, wherein the production information comprises producer information and production equipment information;
Step S404, issuing a target virtualized product and signature files of the target virtualized product;
in step S406, when the user side obtains the target virtualized product and the signature file of the target virtualized product, a public key corresponding to the user side is provided to the user side, where the public key is used to verify the signature file of the target virtualized product, and the public key corresponding to each user side is different.
In the technical solution provided in step S406, after the step of providing the public key corresponding to the user side, the virtualized product integrity verification method further includes: and receiving a public key and address information corresponding to the user side, which are sent in the verification process of verifying the signature file by the user side, wherein the public key and the address information corresponding to the user side are used for determining a tampered object of the signature file tampered with the target virtualized product under the condition that the signature file of the target virtualized product is tampered.
An embodiment of the present application provides a virtualized product integrity verification device, fig. 5 is a schematic structural diagram of the device, and as can be seen from fig. 5, the device includes: a first processing module 50, configured to obtain a target virtualized product and a signature file of the target virtualized product, where the signature file is a key file and a key dependent file in a product installation package of the target virtualized product and the target virtualized product, and a file obtained by signing production information of the target virtualized product, and the production information includes producer information and production equipment information; the second processing module 52 is configured to verify the signature file, and calculate a target hash value corresponding to the target virtualized product according to the verification result; and a third processing module 54, configured to compare the target hash value with an expected hash value corresponding to the target virtualized product, and determine whether the target virtualized product is complete according to the comparison result, where the expected hash value is a hash value corresponding to the expected state of the target virtualized product.
In some embodiments of the present application, the target hash value includes a first target hash value corresponding to each of at least one product metadata included in the signature file, the expected hash value includes an expected hash value corresponding to each of the product metadata, and the product metadata includes at least one of: the version number of the target virtualized product, the release date of the target virtualized product, producer information of the target virtualized product and production equipment information.
In some embodiments of the present application, the producer information includes physiological characteristic information of a producer of the target virtualized product, the production equipment information includes address information of a production equipment of the target virtualized product, time information of an installation package of the target virtualized product generated by the production equipment, characteristic value information of a virtualization platform corresponding to the target virtualized product, and chip architecture value information supported by the virtualization platform.
In some embodiments of the present application, the step of calculating, by the second processing module 52, the target hash value corresponding to the target virtualized product according to the signature file after the verification is passed includes: under the condition that the comparison result is that the target hash value corresponding to each product metadata is equal to the corresponding expected hash value, determining that the target virtualized product is complete; under the condition that the comparison result is that the target hash value corresponding to the existing product metadata is not equal to the corresponding expected hash value, determining that the target virtualized product is incomplete, and generating error indication information according to the comparison result, wherein the error indication information comprises at least one of the following components: error type information, error cause information, error location information.
In some embodiments of the present application, the signature file includes a first signature file corresponding to the target virtualized product, and a second signature file corresponding to each installation file in the installation package of the target virtualized product, and the target hash value includes a second target hash value corresponding to each second signature file; the step of verifying the signature file by the second processing module 52 and calculating a target hash value corresponding to the target virtualized product according to the verification result includes: under the condition that the first signature files pass the verification, verifying each second signature file; and after verification, determining second target hash values corresponding to the second signature files according to the second signature files.
In some embodiments of the present application, the step of verifying the signature file by the second processing module 52 further comprises: obtaining public keys of target virtualized products, wherein the public keys corresponding to different users are different; and verifying the signature file through the public key, and sending the public key and address information corresponding to the user to the issuer of the target virtualized product in the verification process, wherein the public key and the address information corresponding to the user are used for determining a tampered object of the signature file tampered with the target virtualized product under the condition that the signature file of the target virtualized product is detected to be tampered with.
In some embodiments of the present application, the step of calculating, by the third processing module 54, the target hash value corresponding to the target virtualized product according to the signature file after the verification is passed includes: under the condition that the comparison result is that the target hash value corresponding to each product metadata is equal to the corresponding expected hash value, determining that the target virtualized product is complete; under the condition that the comparison result is that the target hash value corresponding to the existing product metadata is not equal to the corresponding expected hash value, determining that the target virtualized product is incomplete, and generating error indication information according to the comparison result, wherein the error indication information comprises at least one of the following components: error type information, error cause information, error location information.
In some embodiments of the present application, the step of generating the error indication information by the third processing module 54 according to the comparison result includes: determining abnormal product metadata in the metadata according to the comparison result, wherein the abnormal product metadata are product metadata with different corresponding target hash values and expected hash values; error indication information is generated according to the abnormal metadata.
In some embodiments of the present application, after the step of determining that the target virtualized product is incomplete, the third processing module 54 is further configured to: determining a verification object according to the producer information and the production equipment information, wherein the verification object is used for verifying the target virtualized product, confirming whether the target virtualized product can be repaired or not according to a verification result, and positioning a damage object for damaging the virtualized product; and sending the installation package of the target virtualized product to the verification object.
Note that each module in the above-mentioned virtualized product integrity verification apparatus may be a program module (for example, a set of program instructions for implementing a specific function), or may be a hardware module, and for the latter, it may be represented by the following form, but is not limited thereto: the expression forms of the modules are all a processor, or the functions of the modules are realized by one processor.
According to an embodiment of the present application, there is also provided a nonvolatile storage medium. The nonvolatile storage medium stores a program, wherein the device where the nonvolatile storage medium is controlled to execute the virtualized product integrity verification method as shown in fig. 3 when the program runs: acquiring a target virtualized product and signature files of the target virtualized product, wherein the signature files are key files and key dependent files in product installation packages of the target virtualized product and the target virtualized product, and files obtained by signing production information of the target virtualized product, and the production information comprises producer information and production equipment information; verifying the signature file, and calculating to obtain a target hash value corresponding to the target virtualized product according to the signature file after the signature file passes the verification; and comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to an expected state of the target virtualized product.
As an optional implementation manner, the program may further control a device where the nonvolatile storage medium is located to execute the virtualized product integrity verification method as shown in fig. 4 when running: signing key files and key dependent files in the target virtualized product and the product installation package of the target virtualized product and production information of the target virtualized product to obtain signature files of the target virtualized product, wherein the production information comprises producer information and production equipment information; issuing a target virtualized product and signature files of the target virtualized product; when a user side obtains a target virtualized product and signature files of the target virtualized product, a public key corresponding to the user side is provided for the user side, wherein the public key is used for verifying the signature files of the target virtualized product, and the public keys corresponding to the user sides are different.
The method embodiments provided by the embodiments of the present application may be performed in a mobile terminal, a computer terminal or similar electronic device. Fig. 6 shows a block diagram of a hardware architecture of an electronic device 60 for implementing a virtualized product integrity verification method, such as may be performed as shown in fig. 3: acquiring a target virtualized product and signature files of the target virtualized product, wherein the signature files are key files and key dependent files in product installation packages of the target virtualized product and the target virtualized product, and files obtained by signing production information of the target virtualized product, and the production information comprises producer information and production equipment information; verifying the signature file, and calculating to obtain a target hash value corresponding to the target virtualized product according to the signature file after the signature file passes the verification; and comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to an expected state of the target virtualized product. Or a virtualized product integrity verification method as shown in fig. 4: signing key files and key dependent files in the target virtualized product and the product installation package of the target virtualized product and production information of the target virtualized product to obtain signature files of the target virtualized product, wherein the production information comprises producer information and production equipment information; issuing a target virtualized product and signature files of the target virtualized product; when a user side obtains a target virtualized product and signature files of the target virtualized product, a public key corresponding to the user side is provided for the user side, wherein the public key is used for verifying the signature files of the target virtualized product, and the public keys corresponding to the user sides are different. As shown in fig. 6, the electronic device 60 may include one or more processors 602 (shown as 602a, 602b, … …,602 n) that may include, but are not limited to, a processing means such as a microprocessor MCU or a programmable logic device FPGA, a memory 604 for storing data, and a transmission module 606 for communication functions. In addition, the method may further include: a display, an input/output interface (I/O interface), a Universal Serial BUS (USB) port (which may be included as one of the ports of the BUS), a network interface, a power supply, and/or a camera. It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 6 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, the electronic device 60 may also include more or fewer components than shown in FIG. 6, or have a different configuration than shown in FIG. 6.
It should be noted that the one or more processors 602 and/or other data processing circuits described above may be referred to herein generally as "data processing circuits. The data processing circuit may be embodied in whole or in part in software, hardware, firmware, or any other combination. Further, the data processing circuitry may be a single stand-alone processing module, or incorporated in whole or in part into any of the other elements in the electronic device 60. As referred to in embodiments of the application, the data processing circuit acts as a processor control (e.g., selection of the path of the variable resistor termination connected to the interface).
The memory 604 may be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the virtualized product integrity verification method in the embodiments of the application, and the processor 602 executes the software programs and modules stored in the memory 604 to perform various functional applications and data processing, i.e., implement the virtualized product integrity verification method of application programs described above. Memory 604 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid state memory. In some examples, memory 604 may further comprise memory located remotely from processor 602, which may be connected to electronic device 60 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission means 606 is used for receiving or transmitting data via a network. Specific examples of the network described above may include a wireless network provided by a communications provider of electronic device 60. In one example, the transmission device 606 includes a network adapter (Network Interface Controller, NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission device 606 may be a Radio Frequency (RF) module for communicating with the internet wirelessly.
The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with a user interface of the electronic device 60.
In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in essence or a part contributing to the related art or all or part of the technical solution, in the form of a software product stored in a storage medium, including several instructions for causing a computer device (which may be a personal computer, a server or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The foregoing is merely a preferred embodiment of the present application and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present application, which are intended to be comprehended within the scope of the present application.
Claims (14)
1. A method of verifying integrity of a virtualized product, comprising:
acquiring a target virtualized product and a signature file of the target virtualized product, wherein the signature file is a file obtained by signing key files and key dependent files in product installation packages of the target virtualized product and production information of the target virtualized product, and the production information comprises producer information and production equipment information;
verifying the signature file, and calculating to obtain a target hash value corresponding to the target virtualized product according to the signature file after verification is passed;
and comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to the expected state of the target virtualized product.
2. The virtualized product integrity verification method of claim 1, wherein a first target hash value corresponding to each of at least one product metadata contained in the signature file is included in the target hash value, wherein the expected hash value includes the expected hash value corresponding to each of the product metadata, wherein the product metadata includes at least one of: the version number of the target virtualized product, the release date of the target virtualized product, the producer information of the target virtualized product and the production equipment information.
3. The virtualized product integrity verification method of claim 2, wherein the producer information comprises physiological characteristic information of a producer of the target virtualized product, the production equipment information comprises address information of a production equipment of the target virtualized product, the production equipment generates time information of an installation package of the target virtualized product, characteristic value information of a virtualized platform corresponding to the target virtualized product, and chip architecture value information supported by the virtualized platform.
4. The method of claim 2, wherein the step of determining whether the target virtualized product is complete based on the comparison result comprises:
determining that the target virtualized product is complete under the condition that the comparison result is that the target hash value corresponding to each product metadata is equal to the corresponding expected hash value;
and under the condition that the comparison result is that the target hash value corresponding to the product metadata is not equal to the corresponding expected hash value, determining that the target virtualized product is incomplete, and generating error indication information according to the comparison result, wherein the error indication information comprises at least one of the following components: error type information, error cause information, error location information.
5. The method of claim 4, wherein the step of generating error indication information based on the comparison result comprises:
determining abnormal product metadata in the metadata according to the comparison result, wherein the abnormal product metadata are corresponding product metadata with different target hash values and expected hash values;
And generating the error indication information according to the abnormal product metadata.
6. The virtualized product integrity verification method of claim 4, wherein after the step of determining that the target virtualized product is incomplete, the virtualized product integrity verification method further comprises:
determining a verification object according to the producer information and the production equipment information, wherein the verification object is used for verifying the target virtualized product, confirming whether the target virtualized product can be repaired or not according to a verification result, and positioning a damage object for damaging the virtualized product;
and sending the installation package of the target virtualization product to the verification object.
7. The method for verifying the integrity of a virtualized product according to claim 1, wherein the signature files comprise a first signature file corresponding to the target virtualized product and a second signature file corresponding to each installation file in the installation package of the target virtualized product, and the target hash value comprises a second target hash value corresponding to each second signature file; the step of verifying the signature file and calculating the target hash value corresponding to the target virtualized product according to the verification result comprises the following steps:
Under the condition that the first signature files pass verification, verifying each second signature file;
and after verification, determining the second target hash value corresponding to each second signature file according to each second signature file.
8. The virtualized product integrity verification method of claim 1, wherein the step of verifying the signature file further comprises:
obtaining public keys of the target virtualized products, wherein the public keys corresponding to different users are different;
and verifying the signature file through the public key, and transmitting the public key and address information corresponding to the user to the issuer of the target virtualized product in the verification process, wherein the public key and the address information corresponding to the user are used for determining a tamper object for tampering with the signature file of the target virtualized product under the condition that the signature file of the target virtualized product is detected to be tampered.
9. A method of verifying integrity of a virtualized product, comprising:
signing a target virtualized product, key files and key dependent files in a product installation package of the target virtualized product and production information of the target virtualized product to obtain a signature file of the target virtualized product, wherein the production information comprises producer information and production equipment information;
Issuing the target virtualized product and signature files of the target virtualized product;
when a user side obtains the target virtualized product and signature files of the target virtualized product, a public key corresponding to the user side is provided for the user side, wherein the public key is used for verifying the signature files of the target virtualized product, and the public keys corresponding to the user sides are different.
10. The virtualized product integrity verification method of claim 9, wherein after the step of providing the public key corresponding to the user side, the virtualized product integrity verification method further comprises:
and receiving the public key and address information corresponding to the user terminal, which are sent in the verification process of verifying the signature file by the user terminal, wherein the public key and the address information corresponding to the user terminal are used for determining a tampered object of the signature file tampered with the target virtualized product under the condition that the signature file of the target virtualized product is detected to be tampered with.
11. A virtualized product integrity verification system comprising:
the signature module is used for signing the target virtualized product, key files and key dependent files in a product installation package of the target virtualized product and production information of the target virtualized product to obtain signature files of the target virtualized product, wherein the production information comprises producer information and production equipment information;
The issuing module is used for issuing the target virtualized product and the signature file of the target virtualized product;
the verification module is used for verifying the signature file and calculating a target hash value corresponding to the target virtualized product according to a verification result; comparing the target hash value with an expected hash value corresponding to the target virtualized product, and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to an expected state of the target virtualized product;
the result processing module is used for allowing the target virtualized product to normally operate under the condition that the comparison result is that the target hash value is consistent with the expected hash value; and under the condition that the comparison result is that the target hash value is inconsistent with the expected hash value, preventing the target virtualized product from running, and reporting error information.
12. A virtualized product integrity verification apparatus comprising:
the first processing module is used for acquiring a target virtualized product and signature files of the target virtualized product, wherein the signature files are key files and key dependent files in product installation packages of the target virtualized product and the target virtualized product, and files obtained by signing production information of the target virtualized product, and the production information comprises producer information and production equipment information;
The second processing module is used for verifying the signature file and calculating a target hash value corresponding to the target virtualized product according to a verification result;
and the third processing module is used for comparing the target hash value with an expected hash value corresponding to the target virtualized product and determining whether the target virtualized product is complete according to a comparison result, wherein the expected hash value is a hash value corresponding to the expected state of the target virtualized product.
13. A non-volatile storage medium, wherein a program is stored in the non-volatile storage medium, and wherein the program, when executed, controls a device in which the non-volatile storage medium is located to perform the virtualized product integrity verification method of any one of claims 1 to 8 or claims 9 to 10.
14. An electronic device, comprising: a memory and a processor for executing a program stored in the memory, wherein the program is run to perform the virtualized product integrity verification method of any one of claims 1 to 8 or 9 to 10.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311222005.4A CN116956364B (en) | 2023-09-21 | 2023-09-21 | Virtualized product integrity verification method, device and system and electronic equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311222005.4A CN116956364B (en) | 2023-09-21 | 2023-09-21 | Virtualized product integrity verification method, device and system and electronic equipment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN116956364A true CN116956364A (en) | 2023-10-27 |
CN116956364B CN116956364B (en) | 2024-02-09 |
Family
ID=88449695
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311222005.4A Active CN116956364B (en) | 2023-09-21 | 2023-09-21 | Virtualized product integrity verification method, device and system and electronic equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN116956364B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101436141A (en) * | 2008-11-21 | 2009-05-20 | 深圳创维数字技术股份有限公司 | Firmware upgrading and encapsulating method and device based on digital signing |
CN103747036A (en) * | 2013-12-23 | 2014-04-23 | 中国航天科工集团第二研究院七〇六所 | Trusted security enhancement method in desktop virtualization environment |
CN106612272A (en) * | 2016-07-12 | 2017-05-03 | 四川用联信息技术有限公司 | Verification and recovery algorithm for data tampering in cloud storage |
US20170215074A1 (en) * | 2016-01-26 | 2017-07-27 | Electronics And Telecommunications Research Institute | Firmware integrity verification method performed in virtualization system |
US20170300696A1 (en) * | 2015-01-07 | 2017-10-19 | Huawei Technologies Co., Ltd. | Software verification method and apparatus |
CN108600163A (en) * | 2018-03-13 | 2018-09-28 | 南京邮电大学 | A kind of cloud environment distributed hash chain framework and cloud data integrity verification method |
CN113544679A (en) * | 2019-03-08 | 2021-10-22 | 国际商业机器公司 | Incremental decryption and integrity verification of secure operating system images |
CN115795560A (en) * | 2022-11-11 | 2023-03-14 | 重庆傲雄在线信息技术有限公司 | Method, device, equipment and medium for checking integrity of file across systems |
-
2023
- 2023-09-21 CN CN202311222005.4A patent/CN116956364B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101436141A (en) * | 2008-11-21 | 2009-05-20 | 深圳创维数字技术股份有限公司 | Firmware upgrading and encapsulating method and device based on digital signing |
CN103747036A (en) * | 2013-12-23 | 2014-04-23 | 中国航天科工集团第二研究院七〇六所 | Trusted security enhancement method in desktop virtualization environment |
US20170300696A1 (en) * | 2015-01-07 | 2017-10-19 | Huawei Technologies Co., Ltd. | Software verification method and apparatus |
US20170215074A1 (en) * | 2016-01-26 | 2017-07-27 | Electronics And Telecommunications Research Institute | Firmware integrity verification method performed in virtualization system |
CN106612272A (en) * | 2016-07-12 | 2017-05-03 | 四川用联信息技术有限公司 | Verification and recovery algorithm for data tampering in cloud storage |
CN108600163A (en) * | 2018-03-13 | 2018-09-28 | 南京邮电大学 | A kind of cloud environment distributed hash chain framework and cloud data integrity verification method |
CN113544679A (en) * | 2019-03-08 | 2021-10-22 | 国际商业机器公司 | Incremental decryption and integrity verification of secure operating system images |
CN115795560A (en) * | 2022-11-11 | 2023-03-14 | 重庆傲雄在线信息技术有限公司 | Method, device, equipment and medium for checking integrity of file across systems |
Also Published As
Publication number | Publication date |
---|---|
CN116956364B (en) | 2024-02-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11861372B2 (en) | Integrity manifest certificate | |
US8694763B2 (en) | Method and system for secure software provisioning | |
EP3317875B1 (en) | Keyless signature infrastructure based virtual machine integrity | |
CN110688660B (en) | Method and device for safely starting terminal and storage medium | |
CN108259479B (en) | Business data processing method, client and computer readable storage medium | |
WO2012064171A1 (en) | A method for enabling a trusted platform in a computing system | |
CN101983375A (en) | Binding a cryptographic module to a platform | |
US20210216636A1 (en) | Determining Authenticity of Binary Images | |
CN108345805B (en) | Method and device for verifying firmware | |
KR20170089352A (en) | Firmware integrity verification for performing the virtualization system | |
US9122864B2 (en) | Method and apparatus for transitive program verification | |
CN115934194A (en) | Controller starting method and device, electronic equipment and storage medium | |
CN111147259B (en) | Authentication method and device | |
WO2023124420A1 (en) | Application signature methods and system, transaction terminal and service platform | |
CN112955889A (en) | Safe starting device and method | |
CN113448681B (en) | Registration method, equipment and storage medium of virtual machine monitor public key | |
CN113127873A (en) | Credible measurement system of fortress machine and electronic equipment | |
CN115618366B (en) | Authentication method and device for server | |
CN116956364B (en) | Virtualized product integrity verification method, device and system and electronic equipment | |
CN111400771A (en) | Target partition checking method and device, storage medium and computer equipment | |
CN116561734A (en) | Verification method, verification device, computer and computer configuration system | |
CN110311917A (en) | Host measure and device | |
CN115021995A (en) | Multi-channel login method, device, equipment and storage medium | |
EP3575953B1 (en) | A blockchain network agent for verifying and accepting patch requests from a patch initiator and method thereof | |
CN112054895A (en) | Trusted root construction method and application |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 100176 101, Floor 1-8, Building 8, Yard 13, Ronghua South Road, Economic and Technological Development Zone, Daxing District, Beijing (Yizhuang Cluster, High end Industrial Area, Beijing Pilot Free Trade Zone) Applicant after: AVIC International Golden Net (Beijing) Technology Co.,Ltd. Address before: Building 8, No.13 Ronghua South Road, Daxing District Economic and Technological Development Zone, Beijing, 100176 Applicant before: AVIC INTERNATIONAL E-BUSINESS Inc. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |