Specific embodiment
In the related art, after developer needs the data such as patch code being packaged into document form, by patch textPart is stored in server.Since patch file has been subjected to packing processing, thus server can not read the category of the patch fileProperty information is merely able to by from server so that developer needs to access patch file when viewing or editing operation to realizeIt is middle to download corresponding patch file to realize.
In addition, not provided in the related technology when user installs from server downloading patch file to patch textThe verification means of part, cause hacker to be easy to the patch file such as distort, and cause serious security risks.
Therefore, the application is by improvement to patch maintenance mode and content authentication, to improve present in the relevant technologiesAbove-mentioned technical problem.For the application is further described, the following example is provided:
Fig. 1 is a kind of flow chart of the patch distribution method provided according to one exemplary embodiment of the application, such as Fig. 1 instituteTo show, this method is applied to server-side (i.e. server or server end), it may comprise steps of:
Step 102, the patch acquisition request sent according to client, extracts corresponding patch from patch platform databaseData.
In the present embodiment, the system type information and application version information in the patch acquisition request are read;It extracts from the patch platform database and matches most with the system type information and the application version informationNew version patch data.
Step 104, the patch data is returned into the client;Wherein, the patch data include patch code andCheck information corresponding with the patch code, to be carried out according to the check information to the patch code by the clientVerification.
In the present embodiment, check information is that the abstract signed via the private key at the patch platform database is believedBreath, the summary info are that the patch code is calculated according to default digest algorithm.By calculating patch codeCorresponding summary info, the data length for being used in private key signature is controllable, solve patch code overabundance of data and can not be directThe problem of signature or signature low efficiency.
With embodiment illustrated in fig. 1 correspondingly, Fig. 2 be according to one exemplary embodiment of the application provide a kind of patch obtainTake the flow chart of method, as shown in Fig. 2, this method be applied to client (terminal of the application program of the client is installed,Such as computer, mobile phone, plate equipment), it may comprise steps of:
Step 202, patch acquisition request is sent to server-side.
Step 204, the patch data that the server-side returns is received, the patch data includes patch code and verification letterBreath.
In the present embodiment, check information can be to pluck via what the private key at the patch platform database was signedInformation is wanted, the summary info is that the patch code is calculated according to default digest algorithm.
Step 206, the patch code is verified according to the check information, and is held through verificationThe row patch code.
In the present embodiment, client can calculate the corresponding reality of the patch code according to the default digest algorithmWhen summary info;When the check information meets following conditions, determine that the patch code has passed through the check informationVerification: the decoded information and the real-time summary info that is carried out by signature decoding, and is obtained for the check information by local public keyUnanimously.In this embodiment, signature decoding is carried out to check information by local public key, the source of the patch data can be verifiedIt is whether correct, i.e., unsafe patch number is sent to client by modes such as such as DNS interception, setting agencies with the presence or absence of hackerAccording to;Meanwhile by the verifying to summary info, mistake can occur in data transmission procedure to avoid patch code or usurpedChange, has thereby further ensured that the validity and safety of patch data.
In the technical solution of the application, the interaction and cooperation being related between server-side and client, such as Fig. 3 instituteShow, under the application scenarios of an exemplary embodiment, server is equipped with answering as client configured with server-side, in terminalWith program, then server can safeguard patch data, and terminal to server by initiating to request, corresponding to obtainPatch data is simultaneously installed.
1, patch is safeguarded
After server-side receives the patch code of developer's upload, is read and generated by the attribute to the patch codeAfter corresponding check information, that is, corresponding patch data is produced, and establish corresponding data structure, in order to safeguard.
Fig. 4 is the data structure that the patch of an exemplary embodiment is safeguarded, which may include three levels: beSystem type, application version and patch release.
System type.System type refers to that the OS Type that terminal uses, different types of operating system needs are adoptedWith different types of application program, corresponding patch is not also identical.For example system type may include iOS, Android, Win(i.e. Windows Phone) etc..
Application version.There may be one or more application program version under every kind of system type, application programVersion updating means the whole updating of application program and reinstalls, and user is needed to re-download the installation of entire application programFile simultaneously updates;And if added only for the amendment of minor error or function, it does not often need to carry out version to application programThis update, but repaired by way of patch.It is distinguished between different editions by version number, than as shown in Figure 4System type be iOS in the case where, there are version number be multiple versions such as " 1.0.0 ", " 1.0.1 " application program.
Patch release.There may be one or more patches, such as system shown in Fig. 4 for the application program of the same versionUnder the application program that type is iOS, version number is 1.0.1, including 2 patches: patch 1 and patch 2.
Since server-side safeguards patch data using the form of database, i.e., developer when uploading patch notIt will do it packing processing, so that the attribute information of patch data can be read directly in server-side, and pass through patch number shown in Fig. 4Sorted out according to structure and is managed.Correspondingly, developer, can be to the patch in database without the form of " downloading "Data access.For example, developer can initiate web access requests, then server-side to server-side by local browserAfter the identity and access authority for demonstrating developer, the patch situation corresponded in the patch platform database is returnedWeb data makes local browser that system type administration interface shown in Fig. 5 A can be generated;Then, developer can pass throughThe administration interface issues patch maintenance instruction, then server-side, can be to patch platform number according to the patch maintenance instruction receivedPatch maintenance is carried out according to library.
In the system type administration interface shown in Fig. 5 A, developer can intuitively check existing every kind of system classThe patch situation of type can also add more system types by " newly-increased ".It is corresponded to it is assumed that developer clicks " iOS "" entrance " operation, then be transferred to application version administration interface shown in Fig. 5 B.
In the application version administration interface shown in Fig. 5 B, developer can intuitively check is in system typeIn the case where iOS, existing patch quantity under existing application version and each version;As " 1.0.1 ", " 1.0.2 "," 2.0.1 " etc..Meanwhile developer can also add more application versions by " newly-increased ".It is assumed that developerSome existing version is had selected, then is transferred to patch management interface shown in Fig. 5 C.
In the patch management interface shown in Fig. 5 C, developer can intuitively be checked in the feelings that system type is iOSPatch details under condition, under each application version.Such as in the case where version number is the application program of 3.3.0, including number is 1With 2 two patches, and developer can carry out the management of the forms such as " editor " or " deletion " to existing patch.
It is assumed that developer clicks " editor " operation of patch 2, then it is transferred to patch editing interface shown in Fig. 5 D, it can be with" patch description ", " patch code " etc. are edited.In addition, also shown in Fig. 5 D patch " Override (cover by pressureLid) " option, after developer chooses the option, client will force to obtain the patch from server-side and carry out covering installation,Regardless of whether local have existed the patch equally numbered, which is used to carry out remedial pressure to the patch providedCorrigendum.
Since developer can directly pass through such as browser form, access and online to the patch in server-sideThe operation such as editor, without the operation such as patch being downloaded, being packaged, the maintenance and management for helping to simplify patch is operated.
2, patch obtains
Fig. 6 is the flow chart of a kind of patch granting and acquisition methods that are provided according to one exemplary embodiment of the application, such asShown in Fig. 6, this method be may comprise steps of:
Step 602, server-side obtains patch code.
In the present embodiment, patch code is generated by developer and is stored to server-side;For example, developer can lead toCross browser and be transferred to administration interface shown in Fig. 5 A-5D, and to the patch under every kind of system type, each application version intoRow management, the generation including new patch or the editor etc. to existing patch.
Step 604, server-side calculates the corresponding summary info of patch code.
In the present embodiment, since check information and patch code correspond, then for newly-generated patch code orBy edited existing patch code, server-side is required to regenerate corresponding check information.
In the present embodiment, the corresponding abstract letter of patch code can be calculated by such as MD5 scheduling algorithm in server-sideBreath.Such as when patch code is " Hello World ", corresponding MD5 value, that is, summary info is " b10a8db164e0754105b7a99be72e3fe5”。
Step 606, server-side signs to summary info using private key, obtains check information.
In the present embodiment, private key is preserved at server-side, is mutually matched between the public key at the private key and client.By private key to the signature of summary info, then when client verifies the signature using public key, that is, may recognize that correspondingWhether the source of patch data is really server-side, such as to above-mentioned " b10a8db164e0754105b7a99be72e3fe5 "After summary info is signed, obtaining signature string is " PAzf7S/eT/IUOm7LLqXx ".
In the present embodiment, it since the length of different patch codes is uncertain, then if patch code is too long, may leadTime length, the low efficiency for causing private key to sign are unfavorable for the patch maintenance of server-side;Meanwhile under some cases, private key is carried outThere is also to the length limitation for being signed content when signature, then the patch code that content is excessive, length is too long is likely to can not be byEffectively signature.It therefore, can after the summary info in the application by the way that the uncontrollable patch code of length to be converted to regular lengthLength to avoid patch code it is too long and can not sign or sign inefficiency the problem of, to facilitate the patch of server-sideMaintenance and client in follow-up phase to the safety check of patch data.
Step 608, server-side is associated storage using patch code and check information as patch data.
Step 610, server-side receives the patch acquisition request of client transmission.
In the present embodiment, client can traverse local with the presence or absence of benefit first when detecting that patch is upgraded demandFourth data.If local, there are patch datas, can solve the patch by local patch data and upgrade demand;If localThere is no patch datas, just by initiating patch acquisition request to server-side, to obtain patch data from server-side.
Step 612, server-side reads the system type information and application version information in patch acquisition request.
Step 614, server-side extracts the benefit to match with system type information, application version information from databaseFourth data.
In the present embodiment, according to system type information and application version information, server-side can be chosen accordinglyLatest patch simultaneously returns to client.Such as in the case of shown in Fig. 5 C, if the system type information that client is sent isIOS, application version information are 3.3.0, then server-side can inquire and return to newest patch 2.
Step 616, server-side returns to the patch data extracted to client.
Step 618, client obtains the patch code and check information in patch data.
Step 620, client executing data check.
In the present embodiment, the data check of client may include two parts:
1, signature check.Public key is stored at client, which matches with the private key at server-side, and client passes throughPublic key carries out signature decoding to the check information received, if being successfully decoded to obtain summary info, it is determined that patch data comesFrom server-side, otherwise illustrate the source of patch data there may be risk, for example hacker the modes such as may be intercepted by DNS and be distortedThe address of server-side makes client obtain unsafe patch data from false server-side.
It is assumed that check information is " PAzf7S/eT/IUOm7LLqXx ", then if smoothly decoding, can be obtained and pluck accordinglyWant information " b10a8db164e0754105b7a99be72e3fe5 ".
2, data tampering verifies.Client and server-side understand the summary info algorithm of use, such as MD5 algorithm in advance,Then client calculates the corresponding real-time summary info of patch code by MD5 algorithm.If patch code data are being transmitted acrossSituations such as missing has occurred in journey, distorts, the then summary info decoded in real-time summary info and " signature check " are inevitable notTogether, illustrating patch code, there are security risks, should not install;And if patch data has passed through signature check and data tamperingVerification, then illustrate that patch data is safe and reliable, can execute patch code to complete to install.
In other words, if the patch code that client receives remains as " Hello World ", the MD5 value generated mustSo it is " b10a8db164e0754105b7a99be72e3fe5 ", it is identical as the summary info decoded in " signature check ", fromAnd pass through verification.
Step 622, if by data check, otherwise client executing patch code does not execute.
By above technical scheme as it can be seen that the application manages patch data by patch platform database, so that exploit personIt is flat to be also convenient for patch without carrying out being packaged as patch file to patch data, parse without client to patch file by memberPlatform database is read out and manages to attributes such as system type, the version numbers of patch file.By in patch data simultaneouslyComprising patch code and check information, verify client accordingly, identify patch source substituted, patch codeIt the risk status such as is tampered, facilitates the safety for promoting patch installation.
Fig. 7 shows the schematic configuration diagram of the electronic equipment of the exemplary embodiment according to the application.Referring to FIG. 7,In hardware view, which includes processor, internal bus, network interface, memory and nonvolatile memory, certainlyIt is also possible that hardware required for other business.Processor read from nonvolatile memory corresponding computer program toIt is then run in memory, forms patch dispensing apparatus on logic level.Certainly, other than software realization mode, the applicationOther implementations, such as logical device or the mode of software and hardware combining etc. is not precluded, that is to say, that following processing streamThe executing subject of journey is not limited to each logic unit, is also possible to hardware or logical device.
Referring to FIG. 8, the patch dispensing apparatus may include extraction unit and return unit in Software Implementation.Wherein:
Extraction unit extracts corresponding mend according to the patch acquisition request that client is sent from patch platform databaseFourth data;
The patch data is returned to the client by return unit;Wherein, the patch data include patch code andCheck information corresponding with the patch code, to be carried out according to the check information to the patch code by the clientVerification.
Optionally, the check information is that the abstract signed via the private key at the patch platform database is believedBreath, the summary info are that the patch code is calculated according to default digest algorithm.
Optionally, the extraction unit is specifically used for:
Read the system type information and application version information in the patch acquisition request;
It is extracted and the system type information and the application version information phase from the patch platform databaseMatched latest edition patch data.
Optionally, further includes:
Request reception unit, receives web access requests, and the web access requests pass through local browsing by developerDevice is initiated;
Data return unit returns to the web data of the patch situation corresponded in the patch platform database, so thatThe local browser generates the administration interface to the patch platform database according to the web data;
Patch maintenance unit receives the patch maintenance instruction that the developer is sent by the administration interface, to instituteIt states patch platform database and carries out patch maintenance.
Fig. 9 shows the schematic configuration diagram of the electronic equipment of the exemplary embodiment according to the application.Referring to FIG. 9,In hardware view, which includes processor, internal bus, network interface, memory and nonvolatile memory, certainlyIt is also possible that hardware required for other business.Processor read from nonvolatile memory corresponding computer program toIt is then run in memory, forms patch acquisition device on logic level.Certainly, other than software realization mode, the applicationOther implementations, such as logical device or the mode of software and hardware combining etc. is not precluded, that is to say, that following processing streamThe executing subject of journey is not limited to each logic unit, is also possible to hardware or logical device.
Referring to FIG. 10, in Software Implementation, the patch acquisition device may include transmission unit, receiving unit andVerification unit.Wherein:
Transmission unit sends patch acquisition request to server-side;
Receiving unit receives the patch data that the server-side returns, and the patch data includes patch code and verificationInformation;
Verification unit verifies the patch code according to the check information, and through verificationExecute the patch code.
Optionally, further includes:
Detection unit detects whether that there are patches to upgrade demand;
Traversal Unit, when upgrading demand there are the patch, traversal is local to whether there is patch data;
Processing unit solves the patch by local patch data and upgrades demand when local there are when patch data;WhenLocal there is no when patch data, Xiang Suoshu server-side sends the patch acquisition request, to obtain patch from the server-sideData.
Optionally, the check information is that the abstract signed via the private key at the patch platform database is believedBreath, the summary info are that the patch code is calculated according to default digest algorithm.
Optionally, the verification unit is specifically used for:
The corresponding real-time summary info of the patch code is calculated according to the default digest algorithm;
When the check information meets following conditions, determine that the patch code has passed through the school of the check informationIt tests: the decoded information and the real-time summary info one that is carried out by signature decoding, and is obtained for the check information by local public keyIt causes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, netNetwork interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/orThe forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable mediumExample.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any methodOr technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data.The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), movesState random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasableProgrammable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM),Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devicesOr any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculatesMachine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludabilityIt include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrapInclude other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic wantElement.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described wantThere is also other identical elements in the process, method of element, commodity or equipment.
The foregoing is merely the preferred embodiments of the application, not to limit the application, all essences in the applicationWithin mind and principle, any modification, equivalent substitution, improvement and etc. done be should be included within the scope of the application protection.