Method and device of upgrading Web software

A technology of software and upgrade packages, applied to encryption devices with shift registers/memory, program control devices, electrical components, etc. The risk of tampering, the effect of improving security

Active Publication Date: 2014-11-05
武汉益模科技股份有限公司
3 Cites 5 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0009] 1. Before downloading the upgrade package based on the network (FTP), the encryption key is not used to verify whether the upgrade package is legal, resulting in the risk of illegal download of the upgrade package and lack of security;
[0010] 2. In the process of installing the upgrade package, the upgrade package does not have an encryption key, which leads to the risk of t...
View more

Method used

[0172] The upgrade method and device for Web software provided by the embodiments of the present invention, at the upgrade server end, first generate an upgrade sequence set from the original upgrade package, and encrypt the original upgrade package and the upgrade sequence set to obtain the encrypted upgrade package and Upgrade sequence set. On the local server side, decrypt the encrypted upgrade package and upgrade sequence set to obtain the decrypted upgrade package and upgrade sequence set; then decrypt the files contained in the decrypted upgrade package and the file information in the decrypted upgrade sequence set Compare, and then judge whether to upgrade according to the comparison result. Since the present invention not only encrypts the data when transmitting the data, the risk of data tampering is reduced; it also judges the accuracy of the obtained upgrade file, which improves the security of the software upgrade. In addition, in order to further improve...
View more

Abstract

The invention relates to the technical field of software upgrading and discloses a method and a device of upgrading Web software. The method comprises the following steps of: at an upgrade server side: generating an upgrade sequence set by an original upgrade package; encrypting the original upgrade package and the upgrade sequence set to obtain an encrypted upgrade package and an encrypted upgrade sequence set; at a local service side: decrypting the encrypted upgrade package and the encrypted upgrade sequence set to obtain a decrypted upgrade package and a decrypted upgrade sequence set; comparing a file included in the decrypted upgrade package and file information in the decrypted upgrade sequence set; if not matched, stopping upgrading; and if matched successfully, upgrading according to an upgrade file. According to the method and the device, when data are transmitted, the encryption processing is carried out on the data, so that the risk of tampering the data is reduced; in addition, accuracy of the obtained upgrade file is judged, so that security of software upgrading is improved.

Application Domain

Encryption apparatus with shift registers/memoriesProgram loading/initiating

Technology Topic

UpgradeServer-side +3

Image

  • Method and device of upgrading Web software
  • Method and device of upgrading Web software
  • Method and device of upgrading Web software

Examples

  • Experimental program(1)

Example Embodiment

[0087] In order to further explain the technical means and effects of the present invention to achieve the intended purpose of the invention, the specific implementation and working principles of the method and device for upgrading Web software proposed in accordance with the present invention will be described in detail below with reference to the accompanying drawings and preferred embodiments. Description.
[0088] See figure 1 , The method for upgrading Web software provided by the embodiment of the present invention includes:
[0089] On the upgrade server side:
[0090] Step S110: Generate an upgrade sequence set from the original upgrade package;
[0091] To explain this step, first integrate the basic information of the upgrade file in the original upgrade package (such as patch0630.zip) into an upgrade sequence, and then store the upgrade sequence in the upgrade sequence set (such as path0630.jsons). Among them, the basic information of the upgrade file includes: creation time, size, file type, path, MD5, etc.
[0092] Step S120: Encrypt the original upgrade package and the upgrade sequence set to obtain the encrypted upgrade package and the upgrade sequence set;
[0093] This step is explained. The original upgrade package and the upgrade sequence set are encrypted based on the AES encryption algorithm. Specifically, the original upgrade package and the upgrade sequence set are subjected to bit operation, string operation, and XOR operation with the extended key to obtain the encrypted The original upgrade package and the upgrade sequence set; it should be noted that the embodiment of the present invention may also encrypt the original upgrade package and the upgrade sequence set in other ways, not limited to the AES encryption algorithm, and the embodiment of the present invention does not specifically describe this limit.
[0094] On the local server side:
[0095] Step S130: decrypt the encrypted upgrade package and upgrade sequence set to obtain the decrypted upgrade package and upgrade sequence set;
[0096] This step is explained, the encrypted upgrade package and the upgrade sequence set and the extended key are XOR, reverse string calculation, and reverse bit calculation to obtain the decrypted upgrade package and upgrade sequence set.
[0097] Step S140: Compare the files contained in the decrypted upgrade package with the file information in the decrypted upgrade sequence set; in the embodiment of the present invention, all basic information of all upgrade files in the decrypted upgrade package needs to be compared with Compare all basic information of all upgrade files in the decrypted upgrade sequence set;
[0098] If it does not match, it means that the data has been tampered with, and the security of the software upgrade is reduced, and the upgrade step is stopped; in the embodiment of the present invention, if any basic information of any one of the upgrade files does not match, the upgrade is stopped;
[0099] If the match is successful, the data is normal, and the upgrade is performed according to the upgrade file. In the embodiment of the present invention, if all the basic information of all the upgrade files are matched successfully, the upgrade is performed according to the upgrade files.
[0100] It should be noted that, in order to further improve the security of the software upgrade in the embodiment of the present invention, the embodiment of the present invention may further include the steps of obfuscation and anti-obfuscation of data.
[0101] See figure 2 , The steps to obfuscate data include:
[0102] On the upgrade server side:
[0103] Generate the identification code and key key of the encrypted upgrade sequence set; where the identification code of the encrypted upgrade sequence set is MD5 code, such as 202cb962ac59075b964b07152d234b70. It should be noted here that the identification code of the encrypted upgrade sequence set may also be other unique identification codes, and is not limited to the MD5 code, which is not specifically limited in the embodiment of the present invention. In the embodiment of the present invention, the encrypted upgrade sequence set can be mapped to generate the key of the encrypted upgrade sequence set, such as: c7-56-f8-88-52-6s-ef.
[0104] Encrypt the Key key of the encrypted upgrade sequence set to obtain the encrypted Key key;
[0105] To explain this step, perform bit operation, string operation, and XOR operation with the expanded key of the encrypted upgrade sequence set to obtain the encrypted Key key; it should be noted that in this step, When encrypting the Key key, you can perform three operations of bit operation, string operation, and XOR operation with the extended key to achieve encryption, and the order of the three is not restricted; you can also perform this operation on the key key. Encryption is realized by any one or two of the three operations; among them, when any two operations are performed on the Key key to realize encryption, the order of the two operations is not restricted. The embodiment of the present invention does not make specific restrictions on the encryption step of the key key.
[0106] Obfuscate the encrypted Key key to obtain the obfuscated Key key, such as YzctNTYtZjgtODgtNTItNnMtZWY=; combine the obfuscated Key key with the identification code of the encrypted upgrade sequence set to obtain the obfuscated encrypted Key key, such as 202cb962ac59075b964b07152d234b70#YzctNTYtZjgttgtNTWItN =; Among them, the specific steps of obfuscating the encrypted Key key to obtain the obfuscated Key key are: perform bit obfuscation and/or string obfuscation on the encrypted Key key to obtain the obfuscated Key key; what needs to be explained Yes, in this step, when the encrypted Key key is obfuscated, both bit obfuscation and string obfuscation can be performed, and the order of the two is not limited; or only one of the two can be performed, that is, only bit Confusion or string confusion. Of course, other obfuscation methods can also be used to obfuscate the encrypted Key key, and are not limited to these two obfuscation methods. The embodiment of the present invention does not specifically limit the key obfuscation steps.
[0107] The steps to de-obfuscate the data include:
[0108] On the local server side:
[0109] De-obfuscate the obfuscated and encrypted Key key to obtain the encrypted Key key and the identification code of the encrypted upgrade sequence set; it should be noted that in order to be able to de-obfuscate the obfuscated and encrypted Key key, the upgrade server , It is also necessary to generate the identification code of the key key of the encrypted upgrade sequence set; and create a codebook by the identification code of the key key; wherein the identification code of the key key of the encrypted upgrade sequence set is the MD5 code. Of course, the identification code of the Key key can also be other unique identification codes, and is not limited to the MD5 code. The embodiment of the present invention does not impose specific restrictions on this; the codebook is randomly scattered and re-integrated according to the identification code, and generated by the key key In the embodiment of the present invention, the identification code matches the unique codebook, and the AES encryption key can be obfuscated through the codebook, and the correct AES encryption key can also be obtained by anti-obfuscation. See image 3 , To give a specific description of this step, first obtain the identification code of the key key of the encrypted upgrade sequence set, and then compare the obtained identification code of the key key with the password book created on the upgrade server; if it does not match, then It means that the identification code of the key key may have been tampered with during the transmission process, the key key is illegal, the security of the software upgrade is reduced, and the upgrade step is stopped; if the match is successful, the data is normal, the key key is legal, and the encrypted key key is obfuscated Perform bit de-obfuscation and/or string de-obfuscation to obtain the encrypted Key key and the identification code of the encrypted upgrade sequence set. Among them, the step of de-obfuscation of the obfuscated and encrypted Key key is the inverse operation of the obfuscation step, that is, when only the Key key is bit-obfuscated, only the obfuscated Key key is bit-de-obfuscated; when only the Key key is performed When the string is obfuscated, only the obfuscated Key key is deobfuscated; when the Key key is both bit obfuscated and string obfuscated, the obfuscated Key key is both bit deobfuscated and string obfuscated. Anti-obfuscation, anti-obfuscation is the reverse operation of obfuscation.
[0110] Compare the identification code of the encrypted upgrade sequence set obtained on the local server with the identification code of the encrypted upgrade sequence set generated on the upgrade server;
[0111] If it does not match, stop the upgrade;
[0112] If the matching is successful, decrypt the encrypted upgrade package and upgrade sequence set.
[0113] What needs to be explained here is that if you do not perform the steps of obfuscation and de-obfuscation on the encrypted Key key, but only perform the steps of encryption and decryption, you do not need to execute the identification code of the Key key that generates the encrypted upgrade sequence set and pass The identification code of the Key key creates a codebook, obfuscates the encrypted Key key, and de-obfuscates the obfuscated encrypted Key key.
[0114] Finally, it should be noted that if the embodiment of the present invention is constructed based on the JDK1.6 of the C/S architecture, the staff on the upgrade server will send the obfuscated encrypted Key key, upgrade package and upgrade sequence set to the local server. ; The staff on the local server side receives the data and performs corresponding operations; if the embodiment of the present invention is constructed based on the B/S architecture, the staff on the local server side needs to download the obfuscated and encrypted Key key, Upgrade package and upgrade sequence set, and perform corresponding operations.
[0115] The functions of the encryption-related API (application program interface) of the embodiment of the present invention are:
[0116] Public static byte[]encrypt(String content){}
[0117] AES encryption function, encrypt the plain text and return an array;
[0118] Public static byte[]decrypt(String content){}
[0119] AES decryption function, decrypt the encryption key and return a string of arrays;
[0120] Public static byte[]hexEncrypt(String content){}
[0121] Obfuscation algorithm function, returns the key to a string of arrays;
[0122] Public static byte[]hexDecrypt(String content){}
[0123] The de-obfuscation algorithm function, returns the obfuscated key to a string of arrays.
[0124] See Figure 4 , The Web software upgrade device provided by the embodiment of the present invention includes:
[0125] On the upgrade server side:
[0126] The upgrade sequence set generation module 100 is used to generate the upgrade sequence set from the original upgrade package;
[0127] In the embodiment of the present invention, the upgrade sequence set generation module 100 is specifically used to integrate the basic information of the upgrade file in the original upgrade package (such as patch0630.zip) into an upgrade sequence, and then store the upgrade sequence in the upgrade sequence set (such as path0630). .jsons). Among them, the basic information of the upgrade file includes: creation time, size, file type, path, MD5, etc.
[0128] The first encryption module 200 is used to encrypt the original upgrade package and the upgrade sequence set to obtain the encrypted upgrade package and the upgrade sequence set;
[0129] In the embodiment of the present invention, the first encryption module 200 is specifically used to perform bit operations, string operations, and XOR operations with the extended key on the original upgrade package and the upgrade sequence set to obtain the encrypted original upgrade package and upgrade Sequence set
[0130] On the local server side:
[0131] The decryption module 300 is used to decrypt the encrypted upgrade package and the upgrade sequence set to obtain the decrypted upgrade package and the upgrade sequence set;
[0132] In the embodiment of the present invention, the decryption module 300 is specifically used to perform exclusive OR, reverse string calculation, and bit reverse operations on the encrypted upgrade package and the upgrade sequence set and the extended key to obtain the decrypted upgrade package and upgrade Sequence set.
[0133] The first matching module 400 is used to compare the files contained in the decrypted upgrade package with the file information in the decrypted upgrade sequence set;
[0134] In the embodiment of the present invention, the first matching module 400 is specifically configured to compare all basic information of all upgrade files in the decrypted upgrade package with all basic information of all upgrade files in the decrypted upgrade sequence set;
[0135] The suspension module 500 is configured to stop the upgrade step if the comparison result of the first matching module 400 is a mismatch;
[0136] In the embodiment of the present invention, the suspension module 500 is specifically configured to stop the upgrade if the comparison result of the first matching module 400 is that any basic information of any upgrade file does not match;
[0137] The upgrade module 600 is configured to upgrade according to the upgrade file if the comparison result of the first matching module 400 is a successful match.
[0138] In the embodiment of the present invention, the upgrade module 600 is specifically configured to perform the upgrade according to the upgrade file if the comparison result of the first matching module 400 is that all the basic information of all upgrade files are matched successfully.
[0139] It should be noted that, in order to further improve the security of the software upgrade in the embodiment of the present invention, the embodiment of the present invention may further include a functional module for obfuscation and anti-obfuscation of data. Specifically:
[0140] On the upgrade server side:
[0141] The first identification code generation module is used to generate the identification code of the encrypted upgrade sequence set; wherein the identification code of the encrypted upgrade sequence set is an MD5 code, such as 202cb962ac59075b964b07152d234b70. It should be noted here that the identification code of the encrypted upgrade sequence set may also be other unique identification codes, and is not limited to the MD5 code, which is not specifically limited in the embodiment of the present invention.
[0142] Key generation module, used to generate the key key of the encrypted upgrade sequence set;
[0143] In the embodiment of the present invention, the key generation module is specifically used to map the encrypted upgrade sequence set to generate the key key of the encrypted upgrade sequence set, such as: c7-56-f8-88-52-6s- ef.
[0144] The second encryption module is used to encrypt the Key key of the encrypted upgrade sequence set to obtain the encrypted Key key;
[0145] In the embodiment of the present invention, the second encryption module is specifically used to perform bit operations, string operations, and XOR operations with the extended key of the encrypted upgrade sequence set Key key to obtain the encrypted Key key; It is explained that in this step, when encrypting the Key key, three operations can be performed on the Key key: bit operation, string operation, and XOR operation with the extended key to achieve encryption, and the order of the three is not Restrictions; you can also perform any one or two of these three operations on the Key key to achieve encryption; among them, when performing any two operations on the Key key to achieve encryption, the order of these two operations is not done limit. The embodiment of the present invention does not make specific restrictions on the encryption step of the key key.
[0146] The obfuscation execution module is used to obfuscate the encrypted Key key to obtain the obfuscated Key key, such as YzctNTYtZjgtODgtNTItNnMtZWY=;
[0147] In the embodiment of the present invention, the obfuscation execution module is specifically used to perform bit obfuscation and/or string obfuscation on the encrypted Key key to obtain the obfuscated Key key; it should be noted that in this step, the encrypted key When obfuscating the Key, you can perform both bit obfuscation and string obfuscation, and the order of the two is not limited; it is also possible to perform only one of the two, that is, only bit obfuscation or string obfuscation. Of course, other obfuscation methods can also be used to obfuscate the encrypted Key key, and are not limited to these two obfuscation methods. The embodiment of the present invention does not specifically limit the key obfuscation steps.
[0148] The obfuscated encryption key generation module is used to combine the obfuscated Key key with the identification code of the encrypted upgrade sequence set to obtain the obfuscated and encrypted Key key, such as 202cb962ac59075b964b07152d234b70#YzctNTYtZjgtODgtNTItNnMtZWY=;
[0149] On the local server side:
[0150] The anti-obfuscation module is used to de-obfuscate the obfuscated and encrypted Key key to obtain the encrypted Key key and the identification code of the encrypted upgrade sequence set;
[0151] It should be noted that, in order to be able to de-obfuscate the obfuscated and encrypted Key key, the upgrade server side also needs to include:
[0152] The second identification code generation module is used to generate the identification code of the Key key of the encrypted upgrade sequence set; wherein the identification code of the Key key of the encrypted upgrade sequence set is an MD5 code. Of course, the identification code of the Key key can also be other unique identification codes, not limited to the MD5 code, which is not specifically limited in the embodiment of the present invention;
[0153] The cipher book generation module is used to create a cipher book by the identification code of the key key of the encrypted upgrade sequence set; wherein the cipher book is randomly scattered and re-integrated according to the identification code, and the identification code generated by the key key is in the embodiment of the present invention Match the unique codebook, the AES encryption key can be obfuscated through the codebook, and the correct AES encryption key can also be obtained by anti-obfuscation.
[0154] It can be seen from this that, in the embodiment of the present invention, the anti-aliasing module includes:
[0155] The comparison unit is used to obtain the identification code of the key key of the encrypted upgrade sequence set, and compare the obtained identification code of the key key with the codebook;
[0156] The suspension unit is used to stop the upgrade step if the comparison result of the comparison unit is not matched;
[0157] The anti-obfuscation execution unit is used to perform bit de-obfuscation and/or string de-obfuscation on the obfuscated and encrypted Key key if the comparison result of the comparison unit is a successful match to obtain the encrypted Key key and the encrypted upgrade sequence set Identification code. Among them, the step of de-obfuscation of the obfuscated and encrypted Key key is the inverse operation of the obfuscation step, that is, when only the Key key is bit-obfuscated, only the obfuscated Key key is bit-de-obfuscated; when only the Key key is performed When the string is obfuscated, only the obfuscated Key key is deobfuscated; when the Key key is both bit obfuscated and string obfuscated, the obfuscated Key key is both bit deobfuscated and string obfuscated. Anti-obfuscation, anti-obfuscation is the reverse operation of obfuscation.
[0158] The second matching module is used to compare the identification code of the encrypted upgrade sequence set obtained on the local server with the identification code of the encrypted upgrade sequence set generated on the upgrade server;
[0159] The interrupt module is used to stop the upgrade if the comparison result of the second matching module is not matched;
[0160] The decryption module is specifically used to decrypt the encrypted upgrade package and the upgrade sequence set to obtain the decrypted upgrade package and the upgrade sequence set if the comparison result of the second matching module is a successful match.
[0161] What needs to be explained here is that if you do not perform the steps of obfuscation and de-obfuscation on the encrypted Key key, but only perform the steps of encryption and decryption, you may not include the obfuscation execution module, the obfuscation encryption key generation module, the anti-obfuscation module, and the second identifier. The code generation module and the cipher book generation module, the embodiment of the present invention is a preferred embodiment including these several functional modules.
[0162] Finally, it should be noted that if the embodiment of the present invention is constructed based on the JDK1.6 of the C/S architecture, the staff on the upgrade server will send the obfuscated encrypted Key key, upgrade package and upgrade sequence set to the local server. ; The staff on the local server side receives the data and performs corresponding operations; if the embodiment of the present invention is constructed based on the B/S architecture, the staff on the local server side needs to download the obfuscated and encrypted Key key, Upgrade package and upgrade sequence set, and perform corresponding operations.
[0163] The functions of the encryption-related API (application program interface) of the embodiment of the present invention are:
[0164] Public static byte[]encrypt(String content){}
[0165] AES encryption function, encrypt the plain text and return an array;
[0166] Public static byte[]decrypt(String content){}
[0167] AES decryption function, decrypt the encryption key and return a string of arrays;
[0168] Public static byte[]hexEncrypt(String content){}
[0169] Obfuscation algorithm function, returns the key to a string of arrays;
[0170] Public static byte[]hexDecrypt(String content){}
[0171] The de-obfuscation algorithm function, returns the obfuscated key to a string of arrays.
[0172] In the method and device for upgrading Web software provided by the embodiments of the present invention, at the upgrade server side, an upgrade sequence set is first generated from the original upgrade package, and the original upgrade package and the upgrade sequence set are encrypted to obtain the encrypted upgrade package and the upgrade sequence set . On the local server side, decrypt the encrypted upgrade package and upgrade sequence set to obtain the decrypted upgrade package and upgrade sequence set; then perform the decryption of the files contained in the decrypted upgrade package and the file information in the decrypted upgrade sequence set Compare, and then judge whether to upgrade based on the comparison result. Since the present invention not only encrypts the data when transmitting data, it reduces the risk of data being tampered with; it also judges the accuracy of the obtained upgrade file, which improves the security of software upgrade. In addition, in order to further improve the security of software upgrades, the embodiment of the present invention also includes the steps of obfuscation and de-obfuscation of data, which realizes the dual processing of data encryption and obfuscation, ensuring that the data even after being illegally intercepted , The interceptor cannot master the encryption method of the key, thereby reducing the risk of data being cracked, further reducing the risk of data being tampered with, protecting the original data, and further improving the security of software upgrades. In addition, since the embodiment of the present invention can be constructed based on the JDK1.6 of the C/S architecture, the software upgrade method provided is different from the existing method of storing the complete upgrade package on the Web software server, and manually calling the tool to analyze the upgrade package for upgrade. Therefore, it also avoids the situation of untimely upgrade and data loss.
[0173] Finally, it should be noted that the above specific embodiments are only used to illustrate the technical solutions of the present invention and not to limit them. Although the present invention has been described in detail with reference to examples, those of ordinary skill in the art should understand that the technical solutions of the present invention can be implemented Modifications or equivalent replacements, without departing from the spirit and scope of the technical solution of the present invention, shall be covered by the scope of the claims of the present invention.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof

InactiveCN101986641Aimprove securityachieve security
Owner:HANGZHOU SYNOCHIP DATA SECURITY TECH CO LTD

Hidden frame glass curtain wall structure and method for mounting same

InactiveCN107829513AImprove decorationimprove security
Owner:XINCHANG SICHUANG DESIGN CONSULTING CO LTD

Data transmission method and device and electronic equipment

PendingCN111431724AReduce the risk of tamperingensure original integrity
Owner:MICRO DREAM TECHTRONIC NETWORK TECH CHINACO

Classification and recommendation of technical efficacy words

  • Reduce the risk of tampering
  • improve security

Data transmission method and device and electronic equipment

PendingCN111431724AReduce the risk of tamperingensure original integrity
Owner:MICRO DREAM TECHTRONIC NETWORK TECH CHINACO

Pesticide micro-capsule granules and preparation method thereof

InactiveCN102100229Alow toxicityimprove security
Owner:联合国南通农药剂型开发中心 +1

Method for achieving user authentication by utilizing camera

InactiveCN103678984Aimprove securityGuaranteed picture quality
Owner:湖北微模式科技发展有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products