Application management and control method for SSR centralized management platform

An application, centrally managed technology

Inactive Publication Date: 2018-11-16
ZHENGZHOU YUNHAI INFORMATION TECH CO LTD
6 Cites 3 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0004] An embodiment of the present invention provides an application control method of an SSR centra...
View more

Abstract

An embodiment of the invention discloses an application management and control method for an SSR centralized management platform. The method comprises the steps of searching for a to-be-controlled application; acquiring an operating system feature library from a white list data center; matching the to-be-controlled application with the operating system feature library; modifying the trust level ofthe to-be-controlled application according to a matching result; judging whether the to-be-controlled application exists or not after the trust level is modified; and if yes, acquiring the trust level again and modifying the trust level, otherwise, ending the process. According to the method, the application searching process is combined with the white list data center; the searched to-be-controlled application is matched with the white list data center; the trust level of the to-be-controlled application is determined; a big data platform of a white list is fully utilized; a data source of the trust level of the application is perfected; the data of the trust level of the application is ensured to be accurate and timely; and the control efficiency of the application is improved.

Application Domain

Platform integrity maintainanceTransmission

Technology Topic

Data platformTrust level +7

Image

  • Application management and control method for SSR centralized management platform
  • Application management and control method for SSR centralized management platform
  • Application management and control method for SSR centralized management platform

Examples

  • Experimental program(1)

Example Embodiment

[0049] In order to enable those skilled in the art to better understand the technical solutions in the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described The embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts shall fall within the protection scope of the present invention.
[0050] see figure 1 , a schematic flowchart of an application program management and control method for an SSR centralized management platform provided by an embodiment of the present invention, as shown in figure 1 As shown, the application program management and control method of the SSR centralized management platform provided by the embodiment of the present invention includes:
[0051] S10: Search for an application program to be controlled.
[0052] The centralized management platform is an operating system in which various applications are installed. Some programs can be automatically set to the whitelist because of their wide application range or large number of users, but many of them also have trust levels that are not in the whitelist. Misoperation may have a great impact on the centralized management platform. Therefore, it is necessary to search the applications installed on the centralized management platform to determine the applications to be controlled. For specific search steps, see figure 2 , a schematic flowchart of a method for searching for an application program to be controlled provided by an embodiment of the present invention, as shown in figure 2 As shown, searching for applications to be controlled specifically includes:
[0053] S11: Search for all application programs in the operating system.
[0054] S12: Obtain the trust level of each application.
[0055] S13: Use the application whose trust level is unknown or graylisted as the application to be controlled.
[0056] Search all applications on the centralized management platform to obtain the trust level of all applications. Among them, the trust level includes whitelist, blacklist, graylist and unknown, and the application with the trust level of whitelist can be run directly , for applications whose trust level is blacklisted, the operating system will prohibit them from running, because the corresponding operations of the two trust levels are determined, so no further control is required. For applications whose trust level is graylisted or unknown, because they cannot To determine its security level, it needs to be controlled, so it is an application to be controlled.
[0057] S20: Obtain the operating system signature database from the whitelist data center.
[0058] The embodiment of the present invention is implemented based on the whitelist data center, and the whitelist data center involved in the embodiment of the present invention is the whole network whitelist data center, including all the application programs that can run safely in various operating systems under different server configurations The data is included in the form of the operating system feature library. When you want to determine whether an application can be set as a whitelist, you first need to obtain the operating system feature library. See image 3 , a schematic flowchart of the method for obtaining the operating system feature library provided by the embodiment of the present invention, as shown in image 3 As shown, obtaining the operating system feature library from the whitelist data center specifically includes:
[0059] S21: Obtain the operating system type and feature code.
[0060] S21: Send the operating system type and feature code to the whitelist data center.
[0061] S21: Authenticate the feature code.
[0062] S21: Search the operating system feature database according to the operating system type after authentication.
[0063] The operating system feature library includes various application information and trust levels in a certain operating system under a certain server configuration. In the operating system feature library, the application program information is represented by the SHA1 value. Therefore, in order to obtain the operating system feature library, you first need to submit the The whitelist data center sends the operating system type and feature code, and the white list data center authenticates the feature code to confirm whether the source of the operating system type and feature code is reliable. When the authentication result indicates that the source of the information is reliable, the operating system type to judge, and obtain the operating system feature library corresponding to the operating system type, wherein the operating system type refers to the specific operating system type and version number, such as windows 7x86 or centOs 5.0, and the feature code is related to the server hardware information on the installation management platform. It is generated after encrypting the hardware information.
[0064] S30: Match the application program to be controlled with the operating system feature library.
[0065] After obtaining the operating system signature database, it is necessary to compare the searched applications to be controlled with the applications saved in the operating system signature database, and determine the trust level of the application to be controlled based on the trust level recorded in the operating system signature database , because the application information in the operating system signature database is stored in the form of SHA1 value, therefore, firstly, it is necessary to obtain the SHA1 value of the application to be controlled, and then match the SHA1 value of the application to be controlled with the SHA1 value in the operating system signature database .
[0066] S40: Modify the trust level of the application program to be controlled according to the matching result.
[0067] After matching the SHA1 value of the application to be controlled with the SHA1 value in the operating system signature database, two situations will occur. One situation is that the same SHA1 value can be matched, indicating that the application to be controlled and the operating system signature database are successfully matched. , modify the trust level of the application to be controlled to the whitelist (because the operating system signature library is obtained from the whitelist data center, so the trust levels of the applications stored in it are all whitelist), and the other case is that it cannot match If the same SHA1 value is found, it means that the application to be controlled fails to match the operating system signature database, but the failure to match the application to be controlled and the operating system signature database does not mean that the trust level of the application is not in the whitelist, it may be because the application It has not been run in this operating system, and there is no matching value. Therefore, the trust level of the application to be controlled that fails to be matched needs to be kept unchanged.
[0068] S50: Determine whether there is an application program to be controlled after the trust level is modified.
[0069] After all the application programs are matched, in order to more fully determine the trust level of the application programs, it is necessary to determine whether there are still application programs to be controlled, and to determine whether there are application programs to be controlled that fail to match, and if so, perform step S60: obtain again Trust level and modify, if not, end.
[0070] see Figure 4 , a schematic flowchart of the method for re-acquiring the trust level provided by the embodiment of the present invention, as shown in Figure 4 As shown, obtain the trust level again and modify it specifically includes:
[0071] S61: Obtain the SHA1 value of the application to be controlled.
[0072] S62: Send the SHA1 value to the whitelist data center.
[0073] S63: Perform matching according to the SHA1 value.
[0074] When the SHA1 value matches the whitelist data center successfully, perform step S64: modify the trust level of the application to be controlled to the whitelist.
[0075] When the SHA1 value fails to match the whitelist data center, perform step S65: modify the trust level of the application to be controlled to a blacklist.
[0076] In order to avoid the situation that there is no matching object for an application because it is running for the first time on a certain operating system, the SHA1 value of the application to be controlled that fails to match in the operating system signature database is directly sent to the whitelist data center, and the whitelist data center The application programs under all operating system types are matched. If the same SHA1 value can be matched, it means that the application to be controlled is running on the system for the first time, and its trust level can be whitelisted. If the matching fails again, it indicates that the application The trust level of the application to be controlled is indeed blacklisted.
[0077] see Figure 5 , a schematic flow diagram of another application program management and control method of the SSR centralized management platform provided by the embodiment of the present invention, as shown in Figure 5 As shown, the application control method of the SSR centralized management platform provided by the embodiment of the present invention also includes:
[0078] S70: Log in to the whitelist data center.
[0079] The centralized management platform and the whitelist data center are two independent systems. In order to prevent random modification of the information in the whitelist data center and affect its accuracy, you need to log in first when accessing the whitelist data center. See Image 6 A schematic flowchart of a method for logging in to a whitelist data center provided by an embodiment of the present invention, as shown in Image 6 As shown, the login to the whitelist data center specifically includes:
[0080] S71: Send a login request to the whitelist data center.
[0081] S72: Authenticate the feature code in the login request.
[0082] If the authentication result meets the login condition, execute step S73: allow login, otherwise execute step S74: prohibit login.
[0083] When the centralized management platform logs in to the whitelist data center, it first needs to send a login request. The login request includes the characteristic code of the centralized management platform (equivalent to a user name and password). The whitelist data center authenticates the characteristic code and determines the source Whether it is reliable, if the source is reliable, the login condition is met and the login is allowed, and if the source is unreliable, the login condition is not met and the login is prohibited.
[0084] The signature code sent when logging in to the whitelist data center is the same signature code as the signature code sent when obtaining the operating system signature database. The purpose of the former is to determine whether the identity of the centralized management platform is reliable, and the latter is to determine the identity of the operating system Whether the request source of the feature library is reliable.
[0085] It should be noted that the embodiment of the present invention can be used both online and offline. When using online, the centralized management platform and the whitelist data center directly communicate data through the network. When using offline, the centralized management platform does not need to log in to the whitelist data. Center, the data interaction between the two requires the user to manually import and export.
[0086] The above descriptions are only specific embodiments of the present invention, so that those skilled in the art can understand or implement the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the general principles defined herein may be implemented in other embodiments without departing from the spirit or scope of the invention. Therefore, the present invention will not be limited to the embodiments shown herein, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

Method for measuring flood discharge atomization rainfall capacity

PendingCN109633791Aaccurate data
Owner:NANJING HYDRAULIC RES INST +1

Data processing method and device

InactiveCN108805469ARich sources of dataThe evaluation data is diverse and comprehensive
Owner:TAIKANG LIFE INSURANCE CO LTD

Electronic livestock scale

InactiveCN102435272AEasy weighing processaccurate data
Owner:常熟市佳衡天平仪器有限公司

Crowd-sourcing road repairing curing method based on intelligent vehicle-mounted box

InactiveCN109671183ARich sources of dataSave human and material resources
Owner:广州通易科技有限公司

System and method for transmitting aviation flight data and navigation information

ActiveCN102946421Aaccurate dataGuarantee the safety of navigation
Owner:深圳市瑞达飞行科技有限公司

Calibration device and calibration method for radio frequency homing-based semi-physical simulation system

InactiveCN104516348ACalibration progress highaccurate data
Owner:GUIZHOU AEROSPACE INST OF MEASURING & TESTING TECH

Classification and recommendation of technical efficacy words

  • accurate data
  • Rich sources of data

Crowd-sourcing road repairing curing method based on intelligent vehicle-mounted box

InactiveCN109671183ARich sources of dataSave human and material resources
Owner:广州通易科技有限公司

Data processing method and device

InactiveCN108805469ARich sources of dataThe evaluation data is diverse and comprehensive
Owner:TAIKANG LIFE INSURANCE CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products