CN114428952B - Method, system and server for verifying characteristic value of public network electronic file - Google Patents
Method, system and server for verifying characteristic value of public network electronic file Download PDFInfo
- Publication number
- CN114428952B CN114428952B CN202210357307.1A CN202210357307A CN114428952B CN 114428952 B CN114428952 B CN 114428952B CN 202210357307 A CN202210357307 A CN 202210357307A CN 114428952 B CN114428952 B CN 114428952B
- Authority
- CN
- China
- Prior art keywords
- file
- software
- name
- data
- characteristic value
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2282—Tablespace storage structures; Management thereof
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2474—Sequence data queries, e.g. querying versioned data
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Fuzzy Systems (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Computational Linguistics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to the field of information system security, and discloses a method, a system and a server for verifying characteristic values of electronic files in a public network, wherein the method comprises the following steps: receiving a release command sent by at least one release client and release data of software to be released; verifying whether the issuing command and the issuing data meet preset conditions or not, and sending feedback information to at least one issuing client; if the issuing command and the issuing data meet the preset conditions, storing the issuing data to a data storage system according to preset rules; receiving a query command and query information of a file characteristic value sent by at least one query client, wherein the query information is a part or all of the issued data; inquiring release data matched with the inquiry information in the data storage system, and determining a file characteristic value corresponding to the release data; and sending the query result containing the file characteristic value to at least one query client. The invention can provide a reliable information source for global software to determine whether the software is tampered.
Description
Technical Field
The invention relates to the field of information system security, in particular to a method, a system and a server for verifying characteristic values of electronic files in a public network.
Background
Any intelligent device with a file system, such as a computer, a mobile phone and the like, can be hacked, so that economic loss is caused, and the hacking mainly tampers with the file system of the software, so that the characteristic value of the software file needs to be authenticated and verified.
There are many ways to implement the software file tamper-resistant feature value check. The most common is manual inspection, followed by inspection of the document against tampering by various commercial software implementations. For example, chinese patent publication No. CN110162964B discloses a method, an apparatus, and a system for checking file tampering, in which after an application program is installed, characteristic information such as a hash value of a file to be checked in which the application program is installed is acquired to determine whether tampering has occurred. That is, the file characteristic value collection is collected during the security software installation or application software installation process. Neither of these methods can find a file that was tampered with before the characteristic value was collected. The traditional characteristic value identification system is generally a private system of each security software company, the software level is uneven, and the development is time-consuming and labor-consuming. In addition, the existing file tampering identification system only aims at the installed software, cannot cover the software before installation, and cannot cover the open source code. Finally, traditional file tamper resistance cannot override a software installer.
Therefore, it is necessary to provide a method for authenticating the authenticity and tamper resistance of electronic documents for ordinary users, so that all regularly released software can have a public system for inquiring and verifying the characteristic value of public internet software.
Disclosure of Invention
In view of the above-mentioned drawbacks and deficiencies in the prior art, the present invention provides a method, a system, and a server for verifying a feature value of an electronic document over a public network, which can solve some or all of the above-mentioned technical problems.
One aspect of the present invention provides a method for verifying a feature value of an electronic file on a public network, comprising:
receiving a release command sent by at least one release client and release data of software to be released;
verifying whether the issuing command and the issuing data meet preset conditions or not, and sending feedback information to at least one issuing client;
if the issuing command and the issuing data meet the preset conditions, storing the issuing data to a data storage system according to preset rules;
receiving a query command and query information of a file characteristic value sent by at least one query client, wherein the query information is a part or all of release data;
inquiring the release data matched with the inquiry information in a data storage system, and determining a file characteristic value corresponding to the release data;
and sending the query result containing the file characteristic value to at least one query client.
Further, the release data includes a software name, a file name, a feature value algorithm, a feature value of a file, a file state type, a software version number, an operating system name, and an operating system version number.
Further, the query information includes essential query information and optional query information.
Furthermore, the release data of the software to be released is transmitted in the form of a data packet, and the content organization form of the data packet is an information release command, an information release protocol version number, a software name, a software version number, an operating system name, an operating system version number, a file state type, a file characteristic value algorithm name, a file characteristic value and a relative path file name which are sequentially arranged.
Further, the feedback information includes: repeatedly issuing prompt information, error prompt information of user log-in failure, error prompt information of issued content, error prompt information of issued information format, correct prompt information of issued content and/or prompt information of user absence.
Further, the data storage system is a database storage system, and the database table structure at least comprises the following fields: software name, software version, file name, file state type, file feature value algorithm name, operating system name, and operating system version number.
Further, the data storage system is a file storage system,
the step of storing the release data to the data storage system according to the preset rule comprises the following steps:
one directory is selected as the root directory of the file storage system,
setting a four-level subdirectory under the root directory, wherein the four-level subdirectory comprises:
the first-level subdirectory consists of 16-bit 16-system hash value character strings converted by software names;
the second-level subdirectory is composed of software name character strings;
the third-level subdirectory is composed of operating system name character strings;
the four-level subdirectory consists of character strings of the version number of the operating system;
the directory sequence of the first-level subdirectory and the second-level subdirectory is not adjustable, and the directory sequence of the third-level subdirectory and the fourth-level subdirectory is adjustable;
and storing the file name, the file characteristic value and the file characteristic value algorithm of the software to be released in a four-level subdirectory.
Further, the necessary query information includes a software name, a software version number, an operating system name, an operating system version and a file state type; the optional query information includes a file name.
In another aspect of the present invention, a system for verifying a characteristic value of an electronic document in a public network is provided, which includes:
the first receiving module is configured to receive a publishing command sent by at least one publishing client and publishing data of software to be published;
the first sending module is configured to verify whether the issuing command and the issuing data meet preset conditions or not, and send feedback information to at least one issuing client;
the storage module is configured to store the issued data to the data storage system according to a preset rule if the issued command and the issued data meet a preset condition;
the second receiving module is configured to receive a query command and query information of the file characteristic value sent by at least one query client, wherein the query information is a part or all of the issued data;
the query module is configured to query the release data matched with the query information in the data storage system and determine a file characteristic value corresponding to the release data;
and the second sending module is configured to send the query result containing the file characteristic value to at least one query client.
In another aspect of the present invention, a server is provided, including:
one or more processors;
storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method for verifying the characteristic values of the public network electronic document as described in the first aspect above.
The verification method, the verification system and the verification server of the characteristic value of the public network electronic file have the following beneficial effects that:
(1) social resources are saved to the maximum extent, and a reliable information source for determining whether the software is tampered or not is provided for global software;
(2) the method comprises the steps of covering characteristic value verification of each stage including source codes, software installation, software operation, software upgrading, scripts, source code patches, binary file patches and the like;
(3) and a reliable information source for preventing file information from being tampered is provided for various intelligent devices such as computers, mobile phones and PADs.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments with reference to the attached drawings:
FIG. 1 is a schematic diagram of an electronic document feature value query system composed of a client and a server according to an embodiment of the present application;
FIG. 2 is a flowchart of a method for verifying a characteristic value of a public network electronic document working on a server side according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a system for verifying characteristic values of a public network electronic document operating on a server side according to an embodiment of the present application;
fig. 4 is a schematic diagram of an internal structure of a server according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the description of the invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that although the terms first, second, third, etc. may be used to describe the acquisition modules in the embodiments of the present invention, these acquisition modules should not be limited to these terms. These terms are only used to distinguish the acquisition modules from each other.
The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrase "if determined" or "if detected (a stated condition or event)" may be interpreted as "upon determining" or "in response to determining" or "upon detecting (a stated condition or event)" or "in response to detecting (a stated condition or event)" depending on the context.
It should be noted that the terms "upper," "lower," "left," "right," and the like used in the description of the embodiments of the present invention are illustrated in the drawings, and should not be construed as limiting the embodiments of the present invention. In addition, in this context, it is also to be understood that when an element is referred to as being "on" or "under" another element, it can be directly formed on "or" under "the other element or be indirectly formed on" or "under" the other element through an intermediate element.
The verification system for the characteristic value of the public network electronic file can be divided into an issuing client, an inquiring client and a server from the whole system. The system enables all normally released software to have a public Internet-oriented software characteristic value query platform.
Referring to fig. 1, a server 103 is used to provide a publication service of a file feature value to at least one publishing client 101 from the world/country/region, and simultaneously provide a query service of a file feature value to at least one querying client 102 from the world/country/region. The publishing client 101 is a publishing platform under the control of a software developer or software developer, and is capable of publishing the original feature values of the software file. The method comprises the steps that anti-tampering software for identifying tampered storage disk system files is operated on an inquiry client 102, the anti-tampering software regularly checks whether illegal system files exist in a storage system of the client 102, a verification system and a verification method of public network electronic file characteristic values are needed to obtain original characteristic values of the software files in the regular checking process, and the original characteristic values are compared with local software file characteristic values of the inquiry client 102, so that whether software is tampered or not is identified.
Further, after the tamper-resistant software of the query client 102 is started, the specified file is checked according to the set requirement. These tamper-resistant software typically sets which directories to check, the periodicity of the checks, how files should be handled to check for characteristic value mismatches, and may also set characteristic value algorithms. When the tamper-resistant software wants to compare the characteristic value of the file with the characteristic value of the verification system of the present invention, the URL or IP address of the server 103 is set in addition to the previously set contents, and the queried port number is designated.
Further, when scanning a file, first, the software to which the file belongs, the version number of the software, the name of the operating system, the version number of the operating system, and the file path are confirmed, and then these pieces of information are sent to the URL of the server 103, so that the characteristic value of the file can be queried. And then generating a local characteristic value of the file, and comparing the two characteristic values. If consistent, there is no problem; if not, the file is disposed according to the set action.
Further, all the set files to be scanned are processed one by one each time. Besides cyclic scanning according to a set period, characteristic values of files to be checked in the file loading process can also be set. The implementation method of checking in the loading process needs the loading of the hook application program, or the loading process of the application program can be modified in the source code.
Referring to fig. 2, the method for verifying the characteristic value of the public network electronic file executed at the server side of the present invention specifically includes the following steps:
step S101, receiving a release command sent by at least one release client and release data of software to be released;
if the query client can query the software file characteristic value stored in the server, a characteristic value data storage system of various software to be issued must be established on the server, and then the server can issue the file characteristic value of the software to the outside. Specifically, a publishing client under the control of a software developer packages publishing data of software to be published into data according to a data organization format of a predetermined requirement, and sends the data to a server through, for example, a socket network to verify an information publishing port number of a system URL address.
The data of information distribution contains three kinds of information, namely, a format version number followed by the distributed information, a distribution command, and distribution data.
The publishing data is used for determining the following information of each file of the software to be published as an information domain of each file to be published:
(1) software (or software package) name, domain name sofware;
(2) software version number, domain name is version;
(3) the filename, the domain name being a filename, includes filenames without full paths and relative path filenames. Specifically, a file is placed under a directory on a disk, and if the file name from the disk root directory is a full path; if it is from the software installation directory where the file is located, it is the relative path.
(4) File status type, domain name status, various types including: software before installation (installpack), installed (installed), source code (sourcecode), source code compressed packet (sourcecodepack), script (script), and the like.
(5) The file feature value, the domain name is flagvalue, the file feature value is a result obtained by processing the file content by using a selected feature value algorithm, and is usually a 16-system character string, and the feature value algorithm needs to select one of the feature value algorithms published in the verification system.
(6) The file feature value algorithm name, the domain name is algorithm, and the feature value algorithm needs to select one of the feature value algorithms published in the verification system.
(7) The installation platform name, the domain name is platform, which is the name of the operating system, which is consistent with the name of the tool lookup system on the operating system.
(8) And the installation platform version number and the domain name are platformver, namely the version number of the operating system, which is consistent with the version number obtained by searching on the operating system.
The above-mentioned domain name as a flag needs to be present in the distribution data to play a role of flagging. Of course, other strings may be used as the domain names of the respective domains.
Further, the version number of the format followed by the information to be distributed is located on the first line of the information distribution data, and the format is as follows: ISSUE _ VER = version number. Where the version number is an integer string starting with 1.
Further, issuing commands includes, but is not limited to, the following three: an information issuing command Issue, an information deleting command Delete and an information replacing command Replace.
Further, the content of the information distribution is organized as follows:
the first line of the information release data is an information release command; the second line is the information distribution protocol version number: ISSUE _ VER = version number; the third line is the software name, in the format sofware = software name; the fourth line is the software version number in the format version = software version number; the fifth row is the platform name, in the format of platform = platform name (operating system name); the sixth line is the platform version number (os version number) in the format platformver = platform version number (os version number); the seventh line is the file status type, with the format status = file status; the eighth line is the file feature value algorithm name, algorithm = algorithm name; the other rows are file information rows, each row containing two parts: hexadecimal string feature values and relative path filenames.
Step S102, verifying whether the issuing command and the issuing data meet preset conditions or not, and sending feedback information to the at least one client;
specifically, the server reads file information from the socket and issues feedback data, where the feedback data includes: repeatedly issuing prompt information, error prompt information that the user does not log in, error prompt information of issued content, error prompt information of issued information format, correct prompt information of issued content and/or prompt information that the user does not exist.
For example, the feedback data may be in the form and content as follows:
“0:OK”
“1:wrong content”
“2:duplicated”
“3:field number wrong”
“4:field name wrong[wrong filed 1]...[wrong filed n]”
“5:field value wrong[wrong filed 1]...[wrong filed n]”
“6:data is too long”
“7:no owner”
“8:not login or register”
step S103, if the issuing command and the issuing data meet preset conditions, storing the issuing data to a data storage system according to preset rules;
specifically, if the issued data and the issued command completely satisfy the preset rule, the issued data may be stored in the database storage system of the server, or may be stored in the file storage system of the server.
If the server stores data in a database mode, the database table structure at least comprises fields: software name, software version number, file name, file state type, file feature value algorithm name, installation platform name (operating system name), installation platform version number (operating system version number).
If the server stores data in the form of a file storage system, the storage manner is as follows:
A. selecting a directory as a root directory of the file storage system;
B. using a character string formed by a 16-bit 16-system hash value character string of the software name as a first-level subdirectory in a root directory;
C. under the first level subdirectory is a second level subdirectory formed by software names, the second level subdirectory is also called a name directory, and the name is a software name character string;
D. under the second level subdirectory is a third level subdirectory composed of operating system names, which are names without version numbers, such as: windows10, Windows xp, Windows _ server, Ubuntu, centros, FreeBSD, macos, Android, harmony, and so forth.
E. Under the third level of subdirectory is the fourth level of subdirectory name, which is made up of the operating system version number.
F. Under the four levels of subdirectories are a plurality of files, which are respectively:
software source code files
File name: src _ list _ ver
Software source code package file
File name: src _ pack _ ver
Installing software files
File name: install _ ver
Source code patch file
File name: src _ patch _ ver
Binary patch file
File name: install _ patch _ ver
Other types of files
File name: type _ ver
The content of each file is as follows:
one file per line, each file containing three fields: file name, file characteristic value algorithm name, three domains are separated by domain dividers. Wherein, the separator is a character string which is unique and special in the file, and the separator cannot appear in the file name, the 16-system characteristic value character and the characteristic value algorithm name.
Furthermore, the directory sequence between the first-level subdirectory and the second-level subdirectory is not adjustable, the directory sequence between the third-level subdirectory and the fourth-level subdirectory is adjustable, and the directory sequence between the third-level subdirectory, the fourth-level subdirectory and the first-level subdirectory and the second-level subdirectory with fixed sequences is also adjustable.
The file storage mode avoids huge data repetition. Because if each file has information of own operating system name, operating system version, software name, software version and the like, hundreds of files exist in one software, and the same information is repeated hundreds of times; each operating system name and software name are also tens of bytes long, and the repeated part will occupy a lot of storage space.
The file storage mode changes the storage which cannot be realized into the storage which can be realized. Because there are tens of millions of software in the world, if the software is stored in the disk system, the software is not divided into a directory tree according to the attribute of the software and is stored through a flat directory, so many directories and files cannot be stored in a directory of the disk system. The above embodiment forms the 16-bit 16-system hash value character string of the software name into a directory, and the total number is only 65535, so that the existing disk system directory can complete storage.
The file storage mode can also realize the quick search of the file and the characteristic value of the software. For example, a computer opening a directory may need to find the corresponding directory name by comparing the directory names at different levels. If there are too many sub-directories in a directory, it will take too long to find the directory. The method for storing the software into the directory tree in the embodiment can greatly shorten the time for searching the file.
The file storage mode can also fully cover various operating systems and versions of one software, various different versions of the software and various state files of the software.
Step S104, receiving a query command and query information of a file characteristic value sent by at least one client, wherein the query information is a part or all of the release data;
specifically, the query command uses a string: search- >. The query information includes essential query information and optional query information. Wherein, the necessary query information comprises: software name, software version number, operating system name, operating system version number, and file state type. The optional query information includes: the name of the file.
The format of the query command is defined as:
the first line of the information distribution data is search- >
Second row information release format version number: ISSUE _ VER = version number
The third row is the software name, in the format sofware = software name
The fourth row is the software version number in the format version = software version number
The fifth row is the platform name, in the format of platform = platform name
The sixth line is the platform version number in the format of platform = platform version number
Line seven is the file state type, in the format status = file state
The eighth line is the file feature value algorithm name, algorithm = algorithm name
The other rows are optional rows, all being relative path filenames of the files to be queried.
Further, the information query method is to send the data in the format to a designated port of a designated domain name (or IP address) of the internet by using, for example, a socket, and then read file information query feedback data from the socket.
Step S105, inquiring the release data matched with the inquiry information in the data storage system, and determining a file characteristic value corresponding to the release data;
and step S106, sending the query result containing the file characteristic value to the at least one query client.
Specifically, there are two types of information query results: 1. a correct result; 2. and (4) an erroneous result.
The data format and content of the correct result are exemplarily defined as follows:
the first line of the information release data is the correct result of the information query: OK;
the second line is the information distribution protocol version number: ISSUE _ VER = version number;
the third line is the software name, in the format sofware = software name;
the fourth line is the software version number in the format version = software version number;
the fifth row is the platform name (operating system name) in the format of platform = platform name;
the sixth line is the platform version number (operating system version number) in the format of platformver = platform version number;
the seventh line is the file state type, in the format status = file state;
the eighth line is the file characteristic value algorithm name, algorithm = algorithm name;
the other rows are file information rows, each row containing two parts: hexadecimal string feature values and relative path filenames.
The data format and content of the error result are exemplarily defined as follows:
first row: the software name is not found;
a second row: the software version number is not found;
third row: a software platform is not found;
fourth row: the version number of the software platform is not found;
the fifth element: software for which no query status is found;
a sixth row: finding no software characteristic value algorithm;
on the seventh line: a file is not found;
the verification method for the characteristic value of the public network electronic file provided by the embodiment can save social resources to the greatest extent and provide a reliable information source for determining whether the software is tampered or not for global software; the method can cover various stages including source code, software installation, software operation, software upgrading, scripts, source code patches, binary file patches and the like; the method can provide a reliable information source for preventing the file information from being tampered for various intelligent devices such as computers, mobile phones and PADs.
Referring to fig. 3, another embodiment of the present invention further provides a system 200 for verifying the characteristic value of the public network electronic file, which works on the server side, and the system 200 includes a first receiving module 201, a first sending module 202, a storage module 203, a second receiving module 204, a query module 205, and a second sending module 206. The system 200 is used to perform the various steps described in the above-described embodiments of the authentication method.
Specifically, the system 200 includes:
a first receiving module 201 configured to receive a publishing command sent by at least one publishing client and publishing data of software to be published;
a first sending module 202 configured to verify whether the issuing command and the issuing data satisfy a preset condition, and send feedback information to at least one issuing client;
the storage module 203 is configured to store the issued data to a data storage system according to a preset rule if the issued command and the issued data meet a preset condition;
a second receiving module 204, configured to receive a query command and query information of a file feature value sent by at least one query client, where the query information is a part or all of the release data;
the query module 205 is configured to query, in the data storage system, the published data matched with the query information, and determine a file feature value corresponding to the published data;
and a second sending module 206 configured to send the query result containing the file feature value to at least one query client.
It should be noted that, the verification system 200 for feature values of electronic documents in the public network provided in this embodiment is used to implement the technical solutions of the embodiments of the methods, and the implementation principle and the technical effects are similar to those of the methods, and are not described herein again.
Fig. 4 is a schematic structural diagram of a server according to an embodiment of the present invention.
Referring now specifically to fig. 4, a schematic block diagram of a server 500 suitable for use in implementing the present embodiment is shown. The server 500 may include, but is not limited to, an electronic device with sufficient computing power, storage capability, such as a desktop computer, high-performance computer, network server, industrial server, and the like. The server shown in fig. 4 is only an example, and should not bring any limitation to the function and the use range of the embodiment of the present invention.
As shown in fig. 4, the server 500 may include a processing device 501 (e.g., a central processing unit, a graphics processor, etc.) that may perform various suitable actions and processes to implement the methods of the various embodiments as described herein according to a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage device 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data necessary for the operation of the server 500 are also stored. The processing device 501, the ROM 502, and the RAM 503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
Generally, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, touch pad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; output devices 507 including, for example, a Liquid Crystal Display (LCD), speakers, vibrators, and the like; storage devices 508 including, for example, magnetic tape, hard disk, etc.; and a communication device 509. The communication means 509 may allow the server 500 to perform wireless or wired communication with other devices to exchange data. While fig. 4 illustrates a server 500 having various devices, it is to be understood that not all illustrated devices are required to be implemented or provided. May alternatively be implemented or have more or fewer devices.
The above description is that of the preferred embodiment of the invention only. It will be understood by those skilled in the art that the scope of the present disclosure is not limited to the specific combinations of the above-described features, and other embodiments can be made by combining the above-described features or their equivalents without departing from the spirit of the present disclosure. For example, the above features and (but not limited to) features having similar functions disclosed in the present invention are mutually replaced to form the technical solution.
Claims (8)
1. A verification method of a public network electronic file characteristic value applied to a server is characterized by comprising the following steps:
the method comprises the steps that a server receives a release command sent by at least one release client and release data of software to be released, wherein the release data comprise a software name, a file name, a characteristic value algorithm, a characteristic value of a file, a file state type, a software version number, an operating system name and an operating system version number;
verifying whether the issuing command and the issuing data meet preset conditions or not, and sending feedback information to the at least one issuing client;
if the issuing command and the issuing data meet preset conditions, storing the issuing data to a data storage system on a server according to preset rules;
receiving a query command and query information of a file characteristic value sent by at least one query client, wherein the query information is a part or all of the issued data;
inquiring the release data matched with the inquiry information in the data storage system, and determining a file characteristic value corresponding to the release data;
sending a query result containing the file characteristic value to the at least one query client, wherein the query result further comprises a file characteristic value algorithm name;
the data storage system is a file storage system,
the step of storing the release data to a data storage system according to a preset rule comprises the following steps:
one directory is selected as the root directory of the file storage system,
setting four levels of subdirectories under the root directory, wherein the four levels of subdirectories comprise:
the first-level subdirectory consists of 16-bit 16-system hash value character strings converted by software names;
the second-level subdirectory is composed of software name character strings;
the third-level subdirectory is composed of operating system name character strings;
the four-level subdirectory consists of character strings of the version number of the operating system;
the directory sequence of the first-level subdirectory and the second-level subdirectory is not adjustable, and the directory sequence of the third-level subdirectory and the fourth-level subdirectory is adjustable;
and storing the file name, the file characteristic value and the file characteristic value algorithm of the software to be released in a four-level subdirectory.
2. The method for verifying the characteristic value of the electronic document in the public network applied to the server as claimed in claim 1, wherein:
the query information includes essential query information and optional query information.
3. The method for verifying the characteristic value of the electronic document in the public network applied to the server as claimed in claim 1, wherein:
the release data of the software to be released is transmitted in the form of a data packet, and the content organization form of the data packet is an information release command, an information release protocol version number, a software name, a software version number, an operating system name, an operating system version number, a file state type, a file characteristic value algorithm name, a file characteristic value and a relative path file name which are sequentially arranged.
4. The method for verifying the characteristic value of the electronic document in the public network applied to the server according to claim 1, wherein the feedback information comprises: repeatedly issuing prompt information, error prompt information that the user does not log in, error prompt information of issued content, error prompt information of issued information format, correct prompt information of issued content and/or prompt information that the user does not exist.
5. The method for verifying the characteristic value of the electronic document on the public network applied to the server according to claim 1,
the data storage system is replaced by a database storage system, and a database table structure at least comprises the following fields: software name, software version, file name, file state type, file characteristic value algorithm name, operating system name, and operating system version number.
6. The method for verifying the characteristic value of the electronic document in the public network applied to the server as claimed in claim 2,
the necessary query information comprises a software name, a software version number, an operating system name, an operating system version and a file state type;
the optional query information includes a file name.
7. A verification system of public network electronic file characteristic values applied to a server is characterized by comprising the following components: in the case of a server-side operation,
the first receiving module is configured to receive a release command sent by at least one release client and release data of software to be released, wherein the release data comprises a software name, a file name, a characteristic value algorithm, a characteristic value of a file, a file state type, a software version number, an operating system name and an operating system version number;
the first sending module is configured to verify whether the issuing command and the issuing data meet preset conditions or not, and send feedback information to the at least one issuing client;
the storage module is configured to store the issued data to a data storage system on a server according to a preset rule if the issued command and the issued data meet a preset condition;
the second receiving module is configured to receive a query command and query information of the file characteristic value sent by at least one query client, wherein the query information is a part or all of the release data;
the query module is configured to query the published data matched with the query information in the data storage system and determine a file characteristic value corresponding to the published data;
a second sending module configured to send a query result containing the file feature value to the at least one query client, the query result further including a file feature value algorithm name;
the data storage system is a file storage system, four levels of subdirectories are arranged under a root directory of the file storage system, and the four levels of subdirectories comprise:
the first-level subdirectory consists of 16-bit 16-system hash value character strings converted by software names;
the second-level subdirectory is composed of software name character strings;
the third-level subdirectory is composed of operating system name character strings;
the four-level subdirectory consists of character strings of the version number of the operating system;
the directory sequence of the first-level subdirectory and the second-level subdirectory is not adjustable, and the directory sequence of the third-level subdirectory and the fourth-level subdirectory is adjustable;
and storing the file name, the file characteristic value and the file characteristic value algorithm of the software to be released in a four-level subdirectory.
8. A server, comprising:
one or more processors;
storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of verifying public network electronic file characteristic values applied to a server of any one of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210357307.1A CN114428952B (en) | 2022-04-07 | 2022-04-07 | Method, system and server for verifying characteristic value of public network electronic file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210357307.1A CN114428952B (en) | 2022-04-07 | 2022-04-07 | Method, system and server for verifying characteristic value of public network electronic file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114428952A CN114428952A (en) | 2022-05-03 |
| CN114428952B true CN114428952B (en) | 2022-07-19 |
Family
ID=81314283
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210357307.1A Active CN114428952B (en) | 2022-04-07 | 2022-04-07 | Method, system and server for verifying characteristic value of public network electronic file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114428952B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101917433A (en) * | 2010-08-17 | 2010-12-15 | 上海交通大学 | A Protection System for Network Remote Registration and Localized Reproducibility |
| CN104036157A (en) * | 2014-06-05 | 2014-09-10 | 蓝盾信息安全技术有限公司 | Method based on comprehensive characteristic value for detecting tampering of file |
| CN106936907A (en) * | 2017-03-09 | 2017-07-07 | 腾讯科技(深圳)有限公司 | A kind of document handling method, logical server, access server and system |
| CN107135077A (en) * | 2017-05-05 | 2017-09-05 | 中国联合网络通信集团有限公司 | Software protecting method and device |
| CN107770144A (en) * | 2016-08-23 | 2018-03-06 | 中国移动通信有限公司研究院 | Using monitoring method, development platform, client and information system |
| CN108304728A (en) * | 2017-11-28 | 2018-07-20 | 中国电子科技集团公司电子科学研究院 | A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE |
| CN110008249A (en) * | 2019-01-31 | 2019-07-12 | 阿里巴巴集团控股有限公司 | A kind of time-based data query method, device and equipment |
| CN112101716A (en) * | 2020-08-07 | 2020-12-18 | 广东电网有限责任公司 | Terminal asset management method based on hierarchical decoupling |
| CN114021115A (en) * | 2021-11-17 | 2022-02-08 | 山石网科通信技术股份有限公司 | Malicious application detection method and device, storage medium and processor |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6931530B2 (en) * | 2002-07-22 | 2005-08-16 | Vormetric, Inc. | Secure network file access controller implementing access control and auditing |
| CN101599916A (en) * | 2008-06-06 | 2009-12-09 | 北京美科互动科技有限公司 | File issue client terminal, file distribution server, file distribution system and method |
| CN102609645B (en) * | 2012-01-19 | 2014-07-16 | 北京工业大学 | Website data tampering preventing method based on network isolation structure |
| CN103929440B (en) * | 2014-05-09 | 2017-10-17 | 国家电网公司 | Webpage tamper resistant device and its method based on web server cache match |
| US10754962B2 (en) * | 2016-12-15 | 2020-08-25 | Blackberry Limited | System for secure context-aware password management |
| CN111881473B (en) * | 2020-07-22 | 2024-03-19 | 深圳市友杰智新科技有限公司 | Privacy file protection method, device, computer equipment and readable storage medium |
-
2022
- 2022-04-07 CN CN202210357307.1A patent/CN114428952B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101917433A (en) * | 2010-08-17 | 2010-12-15 | 上海交通大学 | A Protection System for Network Remote Registration and Localized Reproducibility |
| CN104036157A (en) * | 2014-06-05 | 2014-09-10 | 蓝盾信息安全技术有限公司 | Method based on comprehensive characteristic value for detecting tampering of file |
| CN107770144A (en) * | 2016-08-23 | 2018-03-06 | 中国移动通信有限公司研究院 | Using monitoring method, development platform, client and information system |
| CN106936907A (en) * | 2017-03-09 | 2017-07-07 | 腾讯科技(深圳)有限公司 | A kind of document handling method, logical server, access server and system |
| CN107135077A (en) * | 2017-05-05 | 2017-09-05 | 中国联合网络通信集团有限公司 | Software protecting method and device |
| CN108304728A (en) * | 2017-11-28 | 2018-07-20 | 中国电子科技集团公司电子科学研究院 | A kind of method, apparatus and computer-readable medium of TERMINAL DEFENSE |
| CN110008249A (en) * | 2019-01-31 | 2019-07-12 | 阿里巴巴集团控股有限公司 | A kind of time-based data query method, device and equipment |
| CN112101716A (en) * | 2020-08-07 | 2020-12-18 | 广东电网有限责任公司 | Terminal asset management method based on hierarchical decoupling |
| CN114021115A (en) * | 2021-11-17 | 2022-02-08 | 山石网科通信技术股份有限公司 | Malicious application detection method and device, storage medium and processor |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114428952A (en) | 2022-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10979440B1 (en) | Preventing serverless application package tampering | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN104067283B (en) | Identifying Trojanized Applications in Mobile Environments | |
| CN101473590B (en) | System and method for caching web files | |
| CN109561085A (en) | A kind of auth method based on EIC equipment identification code, server and medium | |
| CN108989355B (en) | A kind of vulnerability detection method and device | |
| CN110888838A (en) | Object storage based request processing method, device, equipment and storage medium | |
| CN110489701A (en) | Extract the method, apparatus and CMS recognition methods of CMS identification feature | |
| CN110417718A (en) | Handle method, apparatus, equipment and the storage medium of the risk data in website | |
| CN115086047B (en) | Interface authentication method and device, electronic equipment and storage medium | |
| US20250258930A1 (en) | Secure application development using distributed ledgers | |
| US11750660B2 (en) | Dynamically updating rules for detecting compromised devices | |
| Fu et al. | Data correlation‐based analysis methods for automatic memory forensic | |
| CN114139161A (en) | Method, device, electronic equipment and medium for batch vulnerability detection | |
| CN109992955A (en) | Detection and interception method, device, system, device and medium of illegal installation package | |
| CN110443039A (en) | Detection method, device and the electronic equipment of plug-in security | |
| CN114830117A (en) | Verification information correction device, verification information correction method, and verification information correction program | |
| CN115396421A (en) | Data transmission and filtering method, device, electronic device and storage medium | |
| CN114428952B (en) | Method, system and server for verifying characteristic value of public network electronic file | |
| WO2020233044A1 (en) | Plug-in verification method and device, and server and computer-readable storage medium | |
| CN117235809A (en) | File integrity detection method, device, equipment and storage medium | |
| CN111291044A (en) | Sensitive data identification method, device, electronic device and storage medium | |
| CN105224572B (en) | Method and device for identifying garbage catalogue | |
| CN117034360A (en) | File disclosure risk detection method, equipment, storage medium and device | |
| CN111427774A (en) | Request parameter modification method and system for application program test case |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |