CN113448612A - Plug-in updating method, device, electronic equipment, medium and program product - Google Patents
Plug-in updating method, device, electronic equipment, medium and program productDownload PDFInfo
- Publication number
- CN113448612A CN113448612ACN202110787435.5ACN202110787435ACN113448612ACN 113448612 ACN113448612 ACN 113448612ACN 202110787435 ACN202110787435 ACN 202110787435ACN 113448612 ACN113448612 ACN 113448612A
- Authority
- CN
- China
- Prior art keywords
- plug
- packet
- full
- version number
- historical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/658—Incremental updates; Differential updates
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
- G06F16/2255—Hash tables
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2474—Sequence data queries, e.g. querying versioned data
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Fuzzy Systems (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Computational Linguistics (AREA)
- Stored Programmes (AREA)
Abstract
Description
Technical Field
The present disclosure relates to the field of information security, and in particular, to a plug-in update method, apparatus, electronic device, medium, and program product, which can be used for updating applications in the financial field.
Background
With the continuous abundance of service functions, the volume of a client installation package is gradually increased, and the requirements for dynamic update and loading on demand are increasingly strong, the industry generally adopts a plug-in technology, peels off part of relatively independent service functions from the installation package, downloads the service functions in the form of a plug-in package according to the use requirements of users, and supports dynamic update. The existing plug-in package dynamic loading technology adopts a plug-in package full-quantity updating mode, encryption protection is not performed on the plug-in package, and if the plug-in package is maliciously intercepted or replaced in the network transmission process, functional logic leakage is possibly caused, and safety risk is introduced to a client; meanwhile, even if only a small amount of codes are modified, the plug-in functions need to be repackaged and updated in a full amount, so that user traffic and server network bandwidth are occupied, the operation cost is increased, and the user experience is influenced.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a plug-in update method, apparatus, device, medium, and program product based on delta update.
According to a first aspect of the present disclosure, there is provided a plug-in update method including: acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in; matching the version number of the current plug-in with the version number of the historical plug-in, matching the hash value of the current plug-in with the hash value of the historical plug-in, and generating a differential packet or a full packet according to a matching result; encrypting the delta packets or full packets; and sending the encrypted differential packet or full packet to the client so that the client updates the plug-in according to the encrypted differential packet or full packet.
According to an embodiment of the present disclosure, the generating the differential packet or the full packet according to the matching result includes: if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins, generating the full package; wherein the full volume package comprises all data of the latest version plug-in; if the version number of the current plug-in exists in the version numbers of the historical plug-ins, comparing the hash value of the historical plug-ins corresponding to the current plug-in with the hash value of the current plug-in; if the two hash values are equal, generating the difference packet, wherein the difference packet comprises difference data between historical plugins of the latest version plugin and corresponding to the current plugin; and if the two hash values are not equal, generating the full packet.
According to an embodiment of the present disclosure, the matching the version number of the current plug-in with the version number of the historical plug-in includes: sequencing according to the time corresponding to the version number of the historical plug-in; and searching and comparing from the version number of the latest plug-in.
According to an embodiment of the present disclosure, the encrypting the delta packet or the full packet comprises: encrypting data contained in the delta packet or the full packet by using a symmetric key; and signing the differential packet or the full packet by adopting an asymmetric encryption algorithm to generate signature information of the differential packet or the full packet.
According to an embodiment of the present disclosure, said signing the delta packet or the full packet with the asymmetric encryption algorithm includes: calculating a hash value corresponding to the differential packet or the full packet; and carrying out signature operation on the hash value by adopting an asymmetric encryption algorithm to obtain corresponding signature information.
According to an embodiment of the present disclosure, the client performing plug-in update according to the encrypted delta packet or full packet includes: performing signature verification on the signature information; if the verification is passed, decrypting the encrypted differential packet or full packet by adopting a symmetric key to obtain a decrypted differential packet or full packet; directly loading the decrypted full quantum packet for updating; and merging the decrypted delta packet and the current plug-in into a full packet and then loading for updating.
A second aspect of the present disclosure provides a plug-in update apparatus including: the acquisition module is used for acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in; the first matching module is used for matching the version number of the current plug-in with the version number of the historical plug-in; the second matching module is used for matching the hash value of the current plug-in with the hash value of the historical plug-in; the generating module is used for generating a differential packet or a full packet according to the matching result; an encryption module for encrypting the delta packet or the full packet; and the sending module is used for sending the encrypted differential packets or full packets to the client so as to enable the client to update the plug-in according to the encrypted differential packets or full packets.
According to an embodiment of the present disclosure, the generating module includes: a first judging unit, configured to generate the full package if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins; wherein the full volume package comprises all data of the latest version plug-in; the second judgment unit is used for comparing the hash value of the historical plugin corresponding to the current plugin with the hash value of the current plugin if the version number of the current plugin exists in the version numbers of the historical plugins; if the two hash values are equal, generating the difference packet, wherein the difference packet comprises difference data between historical plugins of the latest version plugin and corresponding to the current plugin; and if the two hash values are not equal, generating the full packet.
According to an embodiment of the present disclosure, the first matching module includes: the sequencing unit is used for sequencing according to the time corresponding to the version number of the historical plugin; and the comparison unit is used for searching and comparing from the version number of the latest plug-in.
According to an embodiment of the present disclosure, the encryption module includes: a first encryption unit configured to encrypt data included in the differential packet or the full packet using a symmetric key; and the second encryption unit is used for signing the differential packet or the full packet by adopting an asymmetric encryption algorithm and generating the signature information of the differential packet or the full packet.
According to an embodiment of the present disclosure, the second encryption unit includes: the calculating subunit is used for calculating the hash value corresponding to the differential packet or the full packet; and the signature subunit is used for performing signature operation on the hash value by adopting an asymmetric encryption algorithm to obtain corresponding signature information.
A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the plug-in update method described above.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described plug-in update method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the plug-in updating method described above.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be apparent from the following description of embodiments of the disclosure, which proceeds with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates an application scenario diagram of a plug-in update method, apparatus, device, medium and program product according to embodiments of the disclosure;
FIG. 2 schematically illustrates a flow diagram of a plug-in update method according to an embodiment of the disclosure;
FIG. 3 schematically illustrates a flow chart for producing delta or full packets according to an embodiment of the disclosure;
FIG. 4 schematically illustrates a flow chart of an encryption method according to an embodiment of the present disclosure;
FIG. 5 schematically shows a flow diagram of an asymmetric encryption algorithm according to an embodiment of the present disclosure;
FIG. 6 is a block diagram schematically illustrating a configuration of a plug-in update apparatus according to an embodiment of the present disclosure;
FIG. 7 schematically shows a block diagram of a generation module according to an embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of a first matching module according to an embodiment of the disclosure;
FIG. 9 schematically illustrates a block diagram of an encryption module according to an embodiment of the present disclosure;
fig. 10 schematically shows a block diagram of a second encryption unit according to an embodiment of the present disclosure; and
fig. 11 schematically shows a block diagram of an electronic device adapted to implement a plug-in update method according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The plug-in updating method and device provided by the disclosure belong to the field of information security, can be used for updating application plug-ins in the financial field and can also be used for updating application plug-ins in any field except the financial field.
In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, necessary security measures are taken, and the customs of the public order is not violated.
An embodiment of the present disclosure provides a plug-in update method, including: acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in; matching the version number of the current plug-in with the version number of the historical plug-in, matching the hash value of the current plug-in with the hash value of the historical plug-in, and generating a differential packet or a full packet according to a matching result; encrypting the differential packets or the full packets; and sending the encrypted differential packet or full packet to the client so that the client updates the plug-in according to the encrypted differential packet or full packet.
Fig. 1 schematically shows an application scenario diagram of a plug-in update method according to an embodiment of the present disclosure.
As shown in FIG. 1, anapplication scenario 100 according to this embodiment may include an individual user client requesting an update plug-in or an enterprise user client requesting an update plug-in. Network 102 is the medium used to provide communication links betweenterminal devices 101 andserver 103.Network 102 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may useterminal device 101 to interact withserver 103 overnetwork 102 to receive or transmit data or the like. Various client applications, such as shopping applications, web browser applications, search applications, instant messaging tools, mailbox clients, social platform software, financial software, etc., may be installed on theterminal device 101.
Theterminal device 101 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
Theserver 103 may be a server that provides various services, such as an update data transmission server that provides support for a user after sending an update plug-in request using theterminal apparatus 101. The update data transmission server may perform processing such as analysis on data such as a received user request, and feed back a processing result (e.g., a packet for update) to the terminal device.
It should be noted that the plug-in update method provided by the embodiment of the present disclosure may be generally executed by theserver 103. Accordingly, the plug-in update apparatus provided by the embodiment of the present disclosure may be generally disposed in theserver 103. The plug-in update method provided by the embodiment of the present disclosure may also be executed by a server or a server cluster that is different from theserver 103 and is capable of communicating with theterminal device 101 and/or theserver 103. Accordingly, the plug-in updating apparatus provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster that is different from theserver 103 and is capable of communicating with theterminal device 101 and/or theserver 103.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The plug-in update method of the disclosed embodiment will be described in detail through fig. 2 to 5 based on the scenario described in fig. 1.
Fig. 2 schematically shows a flow chart of a plug-in update method according to an embodiment of the present disclosure.
As shown in fig. 2, the plug-in update method of this embodiment includes operations S201 to S204.
In operation S201, a version number and a hash value of a current plug-in of a client and a version number and a hash value of a historical plug-in are obtained.
In operation S202, the version number of the current plug-in is matched with the version number of the history plug-in, the hash value of the current plug-in is matched with the hash value of the history plug-in, and a differential packet or a full packet is generated according to a matching result.
Encrypting the differential packet or the full packet in operation S203;
in operation S204, the encrypted delta packet or full packet is sent to the client, so that the client performs plug-in update according to the encrypted delta packet or full packet.
In an embodiment of the present disclosure, a plug-in update method based on difference update and encryption protection technology is provided, which further saves user traffic and ensures service security while satisfying dynamic requirements of a client.
In an embodiment of the disclosure, a residual quantity updating method and a plug-in packaging tool are provided, which support automatic packaging and generation of a binary system full quantity packet and a residual quantity packet of a plug-in according to historical plug-in package information. The full packet comprises data packets of all data of the latest plug-in, and the differential packet comprises a differential data packet obtained by subtracting data of the plug-in to be updated (the current plug-in at the client) from the latest plug-in data. When the system runs, according to the current plug-in version of the user client, whether the current plug-in version of the client is a historical version stored by a server or whether the current plug-in version of the client is safe is matched, and a corresponding difference updating part or a whole updating data packet is issued according to the situation, namely, the difference packet or the whole updating data packet is issued, so that the network flow of a user and the network bandwidth of the server are saved, the use safety of the local user plug-in is improved, and meanwhile, because the difference updating packet is a binary code and does not contain whole service logic, even if the difference updating packet is intercepted in the network transmission process, an attacker cannot obtain the code logic, and the safety of the updating data transmission process is improved. The method provides an encryption protection technical scheme on the basis of difference updating, adopts a standard symmetric encryption algorithm to encrypt and protect the data packet, adopts an asymmetric encryption algorithm to sign the hash value of the data packet, and further improves the security of the data packet in the network transmission process.
FIG. 3 schematically illustrates a flow chart for producing delta or full packets according to an embodiment of the disclosure.
As shown in fig. 3, the production delta or full pack of this embodiment includes operations S301 to S303.
In operation S301, if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins, generating the full package; wherein the full package includes all data of the latest version plug-in.
In operation S302, if the version number of the current plug-in exists in the version numbers of the historical plug-ins, the hash value of the historical plug-in corresponding to the current plug-in is compared with the hash value of the current plug-in.
In operation S303, if the two hash values are equal, generating a delta packet, where the delta packet includes a difference between historical plugins of the latest version plugin and corresponding to the current plugin; and if the two hash values are not equal, generating the full packet.
In the embodiment of the present disclosure, operation S301 in fig. 3 performs a comparison search in the server according to the version number of the current plug-in, and determines whether the version of the previous plug-in is included in the server. For plug-ins which are not commonly used by many users, the updating frequency is low, and the plug-ins of older versions have the possibility of being lack in the server, and the server can clean up partial unused data when updating data. When the version does not exist, the full package containing all the updating data is directly sent to the user client side, so that the updating is ensured to be completed, and the updating experience of the user is not influenced.
In operations 302 and 303, if it is checked before the server has the version of the current plug-in of the client, the hash value of the current plug-in on the server and the hash value of the current plug-in of the client are compared to ensure that the data of the current plug-in of the client and the data of the corresponding plug-in of the server are consistent. When the hash values are not equal and the data of the hash values are not consistent, the data of the current plug-in of the client is damaged or modified, the current plug-in cannot be used continuously or has a safety problem, at the moment, a full package is sent to the client, the damaged plug-in of the user is directly replaced, and the safety of the plug-in used by the user is ensured.
Fig. 4 schematically shows a flow chart of an encryption method according to an embodiment of the present disclosure.
As shown in fig. 4, the encryption method of this embodiment includes operations S401 to S402.
In operation S401, data contained in the differential packet or the full packet is encrypted using the symmetric key.
In operation S402, the differential packet or the full packet is signed by using an asymmetric encryption algorithm, and signature information of the differential packet or the full packet is generated.
In the embodiment of the present disclosure, before the sending step S204 of the plug-in update method provided by the present disclosure, the delta packet or the full delta packet needs to be encrypted, and specifically, the operation S401 performs encryption protection on the data packet by using standard symmetric encryption, that is, encrypts the data packet by using this key. The same key is used for encryption and decryption in the symmetric encryption, and the encryption and decryption processes are as follows: plaintext- > key encryption- > ciphertext, ciphertext- > key decryption- > plaintext. The method has the advantages of small calculated amount, high encryption speed and high encryption efficiency.
Operation S402 adopts an asymmetric encryption algorithm to sign the hash value of the data packet, so as to further improve the security of the data packet in the network transmission process. Operation S402 will be described in detail below with reference to fig. 5.
Fig. 5 schematically shows a flow diagram of an asymmetric encryption algorithm according to an embodiment of the present disclosure.
As shown in fig. 5, the asymmetric encryption algorithm of this embodiment includes operations S501 to S502.
In operation S501, a hash value corresponding to a delta packet or a full packet is calculated.
In operation S502, an asymmetric encryption algorithm is used to perform a signature operation on the hash value to obtain corresponding signature information.
In the embodiment of the present disclosure, through operations S501 and S502, signature information is obtained, where the signature information is used to verify the security of the data packet after sending, and the security of data transmission in the update process is further improved.
In an embodiment of the present disclosure, matching the version number of the current plug-in with the version number of the historical plug-in includes: sequencing according to time corresponding to the version number of the historical plug-in; and searching and comparing from the version number of the latest plug-in. Generally, the plug-in updated by the client is a common plug-in, and the version of the plug-in is usually close to the version of the latest plug-in, so that the plug-ins are searched and compared from front to back according to the time sequence, the searching workload is reduced, and the searching speed is improved.
In an embodiment of the present disclosure, the client updating the plug-in according to the encrypted delta packet or the encrypted full packet includes: carrying out signature verification on the signature information; if the verification is passed, decrypting the encrypted differential packet or full packet by adopting a symmetric key to obtain a decrypted differential packet or full packet; directly loading the decrypted full quantum packet for updating; and merging the decrypted delta packet and the current plug-in into a full packet and then loading for updating.
After receiving the safely encrypted differential packet or full packet, the client side firstly verifies the signature information, and decrypts the differential packet or full packet by using a preset secret key under the condition that the verification is passed. The decrypted full quantum packet can be directly loaded to complete the updating, and the differential quantum packet needs to be merged with the current plug-in of the client to become the full quantum packet and then the loading is completed. If the current plug-in of the user is damaged or unsafe, the required full package containing the latest plug-in cannot be synthesized, or the safety problem is still contained, updating is carried out based on the full package or the differential package, the safety is guaranteed, the user updating experience is improved, and the transmission quantity of user data is reduced.
Based on the plug-in updating method, the disclosure also provides a plug-in updating device. The apparatus will be described in detail below with reference to fig. 6 to 10.
Fig. 6 schematically shows a block diagram of a plug-in update apparatus according to an embodiment of the present disclosure.
As shown in fig. 6, the plug-inupdating apparatus 600 of this embodiment includes an obtainingmodule 610, afirst matching module 620, asecond matching module 630, agenerating module 640, anencrypting module 650, and a sendingmodule 660.
The obtainingmodule 610 is configured to obtain a version number and a hash value of a current plug-in of the client and a version number and a hash value of a historical plug-in. In an embodiment, the obtainingmodule 610 may be configured to perform the operation S201 described above, which is not described herein again.
And afirst matching module 620, configured to match the version number of the current plug-in with the version number of the historical plug-in.
And asecond matching module 630, configured to match the hash value of the current plug-in with the hash value of the historical plug-in.
And agenerating module 640, configured to generate a differential packet or a full packet according to the matching result.
In an embodiment, thefirst matching module 620, thesecond matching module 630 and thegenerating module 640 may be configured to perform the operation S202 described above, and are not described herein again.
Anencryption module 650 for encrypting the delta packets or the full packets. In an embodiment, theencryption module 650 may be configured to perform the operation S203 described above, which is not described herein again.
The sendingmodule 660 is configured to send the encrypted difference packet or full packet to the client, so that the client performs plug-in update according to the encrypted difference packet or full packet. In an embodiment, the sendingmodule 660 may be configured to perform the operation S204 described above, which is not described herein again.
Fig. 7 schematically shows a block diagram of a generating module according to an embodiment of the present disclosure.
As shown in fig. 7, thegenerating module 640 of this embodiment includes afirst judging unit 641 and asecond judging unit 642.
The first determiningunit 641 is configured to generate a full package if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins; wherein the full package includes all data of the latest version plug-in. In an embodiment, the first determiningunit 641 may be configured to perform the operation S301 described above, and is not described herein again.
Thesecond judging unit 642 is configured to, if the version number of the current plug-in exists in the version numbers of the historical plug-ins, compare the hash value of the historical plug-ins corresponding to the current plug-in with the hash value of the current plug-in; if the two hash values are equal, generating a difference packet, wherein the difference packet comprises difference data between historical plugins of the latest version plugin and the current plugin; and if the two hash values are not equal, generating a full packet. In an embodiment, the second determiningunit 642 may be configured to perform the operations S302 and S303 described above, which are not described herein again.
Fig. 8 schematically shows a block diagram of a first matching module according to an embodiment of the present disclosure.
As shown in fig. 8, thefirst matching module 620 of this embodiment includes asorting unit 621 and acomparison unit 622.
And thesorting unit 621 is configured to sort according to the time corresponding to the version number of the history plug-in. In an embodiment, thesorting unit 621 may be configured to perform the corresponding operations described above, and is not described herein again.
And acomparison unit 622 for searching and comparing from the version number of the latest plug-in. In an embodiment, thesorting unit 622 may be configured to perform the corresponding operations described above, and will not be described herein again.
Fig. 9 schematically shows a block diagram of an encryption module according to an embodiment of the present disclosure.
As shown in fig. 9, theencryption module 650 of this embodiment includes afirst encryption unit 651 and asecond encryption unit 652.
Afirst encryption unit 651 is configured to encrypt data contained in the differential packet or the full packet using the symmetric key. In an embodiment, thefirst encryption unit 651 can be configured to perform the operation S401 described above, and is not described herein again.
Thesecond encryption unit 652 is configured to sign the delta packet or the full packet by using an asymmetric encryption algorithm, and generate signature information of the delta packet or the full packet. In an embodiment, thesecond encryption unit 652 may be configured to perform the operation S402 described above, and is not described herein again.
Fig. 10 schematically shows a block diagram of a second encryption unit according to an embodiment of the present disclosure.
As shown in fig. 10, thesecond encryption unit 652 of this embodiment includes acalculation sub-unit 6521 and asignature sub-unit 6522.
And thecomputing subunit 6521 is configured to compute a hash value corresponding to the delta packet or the full packet. In an embodiment, the calculating sub-unit 6521 may be configured to perform the operation S501 described above, and is not described herein again.
And thesignature sub-unit 6522 is configured to perform signature operation on the hash value by using an asymmetric encryption algorithm to obtain corresponding signature information. In an embodiment, thesignature sub-unit 6522 may be configured to perform the operation S502 described above, which is not described herein again.
Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.
For example, any plurality of the obtainingmodule 610, thefirst matching module 620, thesecond matching module 630, thegenerating module 640, the encryptingmodule 650 and the sendingmodule 660 may be combined and implemented in one module/unit/sub-unit, or any one of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to an embodiment of the present disclosure, at least one of the obtainingmodule 610, thefirst matching module 620, thesecond matching module 630, thegenerating module 640, the encryptingmodule 650, and the sendingmodule 660 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or by a suitable combination of any several of them. Alternatively, at least one of the obtainingmodule 610, thefirst matching module 620, thesecond matching module 630, thegenerating module 640, the encryptingmodule 650, and thetransmitting module 660 may be at least partially implemented as a computer program module that, when executed, may perform a corresponding function.
Fig. 11 schematically shows a block diagram of an electronic device adapted to implement a plug-in update method according to an embodiment of the present disclosure.
As shown in fig. 11, anelectronic device 1100 according to an embodiment of the present disclosure includes aprocessor 1101, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)1102 or a program loaded from astorage section 1108 into a Random Access Memory (RAM) 1103. Theprocessor 1101 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Theprocessor 1101 may also include on-board memory for caching purposes. Theprocessor 1101 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to the embodiments of the present disclosure.
In theRAM 1103, various programs and data necessary for the operation of theelectronic device 1100 are stored. Theprocessor 1101, theROM 1102, and theRAM 1103 are connected to each other by abus 1104. Theprocessor 1101 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in theROM 1102 and/or theRAM 1103. It is noted that the programs may also be stored in one or more memories other than theROM 1102 andRAM 1103. Theprocessor 1101 may also perform various operations of the method flows according to the embodiments of the present disclosure by executing programs stored in the one or more memories.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, a computer-readable storage medium may include theROM 1102 and/or theRAM 1103 and/or one or more memories other than theROM 1102 and theRAM 1103 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method illustrated in the flow chart. When the computer program product runs in a computer system, the program code is used for causing the computer system to realize the item recommendation method provided by the embodiment of the disclosure.
The computer program performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure when executed by theprocessor 1101. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via thecommunication part 1109, and/or installed from theremovable medium 1111. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network through thecommunication portion 1109 and/or installed from theremovable medium 1111. The computer program, when executed by theprocessor 1101, performs the above-described functions defined in the system of the embodiment of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.
In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.
Claims (14)
1. A plug-in update method comprising:
acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in;
matching the version number of the current plug-in with the version number of the historical plug-in, matching the hash value of the current plug-in with the hash value of the historical plug-in, and generating a differential packet or a full packet according to a matching result;
encrypting the delta packets or full packets;
and sending the encrypted differential packet or full packet to the client so that the client updates the plug-in according to the encrypted differential packet or full packet.
2. The plug-in update method according to claim 1, wherein the generating of the delta packet or the full packet according to the matching result comprises:
if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins, generating the full package; wherein the full volume package comprises all data of the latest version plug-in;
if the version number of the current plug-in exists in the version numbers of the historical plug-ins, comparing the hash value of the historical plug-ins corresponding to the current plug-in with the hash value of the current plug-in;
if the two hash values are equal, generating the difference packet, wherein the difference packet comprises difference data between historical plugins of the latest version plugin and corresponding to the current plugin;
and if the two hash values are not equal, generating the full packet.
3. The plug-in updating method of claim 1, wherein the matching the version number of the current plug-in with the version number of the historical plug-in comprises:
sequencing according to the time corresponding to the version number of the historical plug-in;
and searching and comparing from the version number of the latest plug-in.
4. The plug-in update method of claim 1, the encrypting the delta or full packet comprising:
encrypting data contained in the delta packet or the full packet by using a symmetric key;
and signing the differential packet or the full packet by adopting an asymmetric encryption algorithm to generate signature information of the differential packet or the full packet.
5. The plug-in update method of claim 4, the signing the delta or full packet with an asymmetric encryption algorithm comprising:
calculating a hash value corresponding to the differential packet or the full packet;
and carrying out signature operation on the hash value by adopting an asymmetric encryption algorithm to obtain a corresponding signature message.
6. The plug-in updating method according to claim 4, wherein the plug-in updating performed by the client according to the encrypted delta packet or the encrypted full packet comprises:
performing signature verification on the signature information;
if the verification is passed, decrypting the encrypted differential packet or full packet by adopting a symmetric key to obtain a decrypted differential packet or full packet;
directly loading the decrypted full quantum packet for updating; and merging the decrypted delta packet and the current plug-in into a full packet and then loading for updating.
7. A plug-in update apparatus comprising:
the acquisition module is used for acquiring the version number and the hash value of the current plug-in of the client and the version number and the hash value of the historical plug-in;
the first matching module is used for matching the version number of the current plug-in with the version number of the historical plug-in;
the second matching module is used for matching the hash value of the current plug-in with the hash value of the historical plug-in;
the generating module is used for generating a differential packet or a full packet according to the matching result;
an encryption module for encrypting the delta packet or the full packet;
and the sending module is used for sending the encrypted differential packets or full packets to the client so as to enable the client to update the plug-in according to the encrypted differential packets or full packets.
8. The plug-in update apparatus of claim 7, the generation module comprising:
a first judging unit, configured to generate the full package if the version number of the current plug-in does not exist in the version numbers of the historical plug-ins; wherein the full volume package comprises all data of the latest version plug-in;
the second judgment unit is used for comparing the hash value of the historical plugin corresponding to the current plugin with the hash value of the current plugin if the version number of the current plugin exists in the version numbers of the historical plugins; if the two hash values are equal, generating the difference packet, wherein the difference packet comprises difference data between historical plugins of the latest version plugin and corresponding to the current plugin; and if the two hash values are not equal, generating the full packet.
9. The plug-in update apparatus of claim 7, wherein the first matching module comprises:
the sequencing unit is used for sequencing according to the time corresponding to the version number of the historical plugin;
and the comparison unit is used for searching and comparing from the version number of the latest plug-in.
10. The plug-in update apparatus of claim 7, the encryption module comprising:
a first encryption unit configured to encrypt data included in the differential packet or the full packet using a symmetric key;
and the second encryption unit is used for signing the differential packet or the full packet by adopting an asymmetric encryption algorithm and generating the signature information of the differential packet or the full packet.
11. The plug-in updating apparatus according to claim 10, the second encryption unit comprising:
the calculating subunit is used for calculating the hash value corresponding to the differential packet or the full packet;
and the signature subunit is used for performing signature operation on the hash value by adopting an asymmetric encryption algorithm to obtain corresponding signature information.
12. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-6.
13. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method of any one of claims 1 to 6.
14. A computer program product comprising a computer program which, when executed by a processor, implements a method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110787435.5ACN113448612B (en) | 2021-07-12 | 2021-07-12 | Plug-in updating method, device, electronic equipment, medium and program product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110787435.5ACN113448612B (en) | 2021-07-12 | 2021-07-12 | Plug-in updating method, device, electronic equipment, medium and program product |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113448612Atrue CN113448612A (en) | 2021-09-28 |
| CN113448612B CN113448612B (en) | 2024-08-02 |
Family
ID=77815957
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110787435.5AActiveCN113448612B (en) | 2021-07-12 | 2021-07-12 | Plug-in updating method, device, electronic equipment, medium and program product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113448612B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330936A (en)* | 2016-08-31 | 2017-01-11 | 广州品唯软件有限公司 | A plug-in data transmission method, client and server |
| CN106648712A (en)* | 2017-02-27 | 2017-05-10 | 百度在线网络技术(北京)有限公司 | Incremental updating packet generating method and device, and server |
| CN110162964A (en)* | 2019-05-29 | 2019-08-23 | 中国银行股份有限公司 | A kind of inspection method that file is distorted, apparatus and system |
| CN111262726A (en)* | 2020-01-08 | 2020-06-09 | Oppo广东移动通信有限公司 | Configuration information updating method and device and computer readable storage medium |
| CN112732312A (en)* | 2021-02-09 | 2021-04-30 | 北京百度网讯科技有限公司 | Method and device for updating application program, electronic equipment and medium |
- 2021
- 2021-07-12CNCN202110787435.5Apatent/CN113448612B/enactiveActive
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330936A (en)* | 2016-08-31 | 2017-01-11 | 广州品唯软件有限公司 | A plug-in data transmission method, client and server |
| CN106648712A (en)* | 2017-02-27 | 2017-05-10 | 百度在线网络技术(北京)有限公司 | Incremental updating packet generating method and device, and server |
| CN110162964A (en)* | 2019-05-29 | 2019-08-23 | 中国银行股份有限公司 | A kind of inspection method that file is distorted, apparatus and system |
| CN111262726A (en)* | 2020-01-08 | 2020-06-09 | Oppo广东移动通信有限公司 | Configuration information updating method and device and computer readable storage medium |
| CN112732312A (en)* | 2021-02-09 | 2021-04-30 | 北京百度网讯科技有限公司 | Method and device for updating application program, electronic equipment and medium |
Non-Patent Citations (1)
| Title |
|---|
| 王栋等: "一种基于增量存储的多副本文件版本控制方法", 物联网技术, no. 09, 20 September 2017 (2017-09-20), pages 79 - 81* |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113448612B (en) | 2024-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10601590B1 (en) | Secure secrets in hardware security module for use by protected function in trusted execution environment | |
| CN110414190B (en) | Signature method of application installation package, related device, storage medium and electronic equipment | |
| CN113282951B (en) | Application program security verification method, device and equipment | |
| CN113572763B (en) | Data processing method and device, electronic equipment and storage medium | |
| CN107920060B (en) | Data access method and device based on account | |
| CN114785560B (en) | Information processing method, device, equipment and medium | |
| CN108923925B (en) | Data storage method and device applied to block chain | |
| CN114553570B (en) | Method, device, electronic equipment and storage medium for generating token | |
| CN111030827A (en) | Information interaction method and device, electronic equipment and storage medium | |
| CN114826733A (en) | File transfer method, device, system, apparatus, medium, and program product | |
| CN112966287B (en) | Method, system, device and computer readable medium for acquiring user data | |
| CN115296807B (en) | Key generation method, device and equipment for preventing industrial control network viruses | |
| CN112819469A (en) | Payment method and system, terminal, server, computer system and medium | |
| CN110414269B (en) | Processing method, related device, storage medium and system of application installation package | |
| CN114584378B (en) | Data processing method, device, electronic equipment and medium | |
| CN111416788B (en) | Method and device for preventing transmission data from being tampered | |
| CN109711178B (en) | Key value pair storage method, device, equipment and storage medium | |
| CN112966286B (en) | Method, system, device and computer readable medium for user login | |
| CN114024732A (en) | Upgrade package downloading method, apparatus, storage medium, and program product | |
| CN114201771A (en) | Data encryption and decryption method and device, electronic equipment and storage medium | |
| CN113448612B (en) | Plug-in updating method, device, electronic equipment, medium and program product | |
| CN109995534B (en) | Method and device for carrying out security authentication on application program | |
| CN115484080B (en) | Mini-program data processing method, device, equipment, and storage medium | |
| WO2019242163A1 (en) | Data security verification method, apparatus and system, and computer device and storage medium | |
| CN113742774A (en) | Data processing method and device, readable medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |