[go: up one dir, main page]

CN102622550A - Safe online patch check system facing terminal computers - Google Patents

Safe online patch check system facing terminal computers Download PDF

Info

Publication number
CN102622550A
CN102622550A CN2012101013264A CN201210101326A CN102622550A CN 102622550 A CN102622550 A CN 102622550A CN 2012101013264 A CN2012101013264 A CN 2012101013264A CN 201210101326 A CN201210101326 A CN 201210101326A CN 102622550 A CN102622550 A CN 102622550A
Authority
CN
China
Prior art keywords
patch
computer
central computer
terminal
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012101013264A
Other languages
Chinese (zh)
Other versions
CN102622550B (en
Inventor
韩磊
文梁
陈燕军
刘霞
姜红星
赵飞
朱喜刚
邓文浩
张东山
唐立才
张敬鹏
吴宏彬
方超
纪树峰
杨景校
吴晓明
王旭
石志勇
陈佳
纪曦
赵卫灵
陈楚平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
GUANGDONG AEROSPACE SATELLITE TECHNOLOGY Co Ltd
Beijing Institute of Spacecraft System Engineering
Original Assignee
GUANGDONG AEROSPACE SATELLITE TECHNOLOGY Co Ltd
Beijing Institute of Spacecraft System Engineering
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by GUANGDONG AEROSPACE SATELLITE TECHNOLOGY Co Ltd, Beijing Institute of Spacecraft System Engineering filed Critical GUANGDONG AEROSPACE SATELLITE TECHNOLOGY Co Ltd
Priority to CN201210101326.4A priority Critical patent/CN102622550B/en
Publication of CN102622550A publication Critical patent/CN102622550A/en
Application granted granted Critical
Publication of CN102622550B publication Critical patent/CN102622550B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

面向终端计算机的补丁安全在线检查系统,该系统在一台中心计算机上在线对所有终端计算机进行集中检查,所有的计算机之间通过网络连接;所述的系统包括在线检查工具、封装模块和中心计算机,封装模块将在线检查工具打包成CAB包的形式并存储在中心计算机上,中心计算机将CAB包嵌入IE浏览器,终端计算机通过IE浏览器从中心计算机上下载该CAB包并自动安装;中心计算机上存储所有最新的补丁包和补丁信息。本发明系统通过将检查工具封装成CAB包的形式并嵌入IE浏览器中,避免目前对每台终端计算机都需要现场检查的缺陷,解放了人力;可以一次性完成所有期望检查的项目,并最终实现一台中心计算机对网络内的所有终端计算机进行集中在线检查,提高了检查效率。

Figure 201210101326

A terminal computer-oriented patch security online inspection system, the system conducts a centralized inspection of all terminal computers online on a central computer, and all computers are connected through a network; the system includes online inspection tools, packaging modules and a central computer , the packaging module packs the online inspection tool into a CAB package and stores it on the central computer, the central computer embeds the CAB package into the IE browser, and the terminal computer downloads the CAB package from the central computer through the IE browser and automatically installs it; the central computer All the latest patch packages and patch information are stored on . The system of the present invention encapsulates the inspection tool into the form of a CAB package and embeds it in the IE browser, avoiding the defect that each terminal computer needs on-site inspection at present, and liberating manpower; all expected inspection items can be completed at one time, and finally Realize that a central computer conducts centralized online inspection on all terminal computers in the network, which improves the inspection efficiency.

Figure 201210101326

Description

面向终端计算机的补丁安全在线检查系统Patch Security Online Inspection System for Terminal Computers

技术领域 technical field

本发明涉及一种面向终端计算机的补丁安全在线检查系统,属于计算机安全技术检查领域。The invention relates to a terminal computer-oriented patch security online inspection system, which belongs to the field of computer security technology inspection.

背景技术 Background technique

在大规模的网络系统中通常包括大量不同的网络设备,例如网关、路由器和向用户提供服务、运行各种应用程序的服务器、客户机。设备、服务、应用程序、服务器、客户机以及用户,甚至他们之间的关系都是需要管理的对象。在这种大规模网络系统的内部高度复杂,导致管理异常困难,管理周期冗长,而且随着系统规模的扩大,管理的开销也成指数规律增加。A large-scale network system usually includes a large number of different network devices, such as gateways, routers, servers and clients that provide services to users and run various applications. Devices, services, applications, servers, clients, and users, and even their relationships are all objects that need to be managed. The internal complexity of this large-scale network system makes management extremely difficult and the management cycle is lengthy, and with the expansion of the system scale, the management overhead also increases exponentially.

每一次大规模蠕虫病毒的爆发,都提醒人们要居安思危,打好补丁,做好防范工作——补丁越来越成为安全管理的一个重要环节。黑客技术的不断变化和发展,留给管理员的时间将会越来越少,在最短的时间内安装补丁将会极大地保护网络和其所承载的机密,同时也可以使更少的用户免受蠕虫的侵袭。对于机器众多的用户,繁杂的手工补丁安装已经远远不能适应大规模网络的管理,必须依靠新的技术手段来实现对操作系统的补丁自动修补。因此,如何利用有效技术手段来及时、持续、稳定的安装计算机补丁,是所有网络安全管理人员、信息安全领导决策人员亟需解决的问题。Every large-scale worm outbreak reminds people to be prepared for danger in times of peace, to patch well, and to do a good job of prevention—patching has increasingly become an important part of security management. With the continuous change and development of hacker technology, the time left for administrators will be less and less. Installing patches in the shortest time will greatly protect the network and the secrets it carries, and at the same time, it will also save fewer users from Infested by worms. For users with many machines, complicated manual patch installation is far from being able to adapt to the management of large-scale networks, and new technical means must be relied on to realize automatic patching of the operating system. Therefore, how to use effective technical means to install computer patches in a timely, continuous, and stable manner is an urgent problem for all network security managers and information security leaders and decision-makers.

目前通用的操作是利用将各个终端当作独立的对象,手动为各个终端计算机进行补丁的相关管理,但是当网络比较庞大,计算机数量和软件数量较多时候,管理复杂。同时也不够实时性,提高了计算机安全的风险。即使利用手动管理补丁信息也需要用户需要一定的计算机专业技术知识才能够使用,且设置繁琐,不利于用户的操作。At present, the common operation is to treat each terminal as an independent object, and manually manage the patches for each terminal computer. However, when the network is relatively large and the number of computers and software is large, the management is complicated. At the same time, it is not real-time enough, which increases the risk of computer security. Even if the patch information is manually managed, the user needs certain computer expertise to use it, and the setting is cumbersome, which is not conducive to the user's operation.

发明内容Contents of the invention

本发明的技术解决问题:克服现有技术的不足,提供一种面向终端计算机的补丁安全在线检查系统,该系统能够在线实时对所有终端计算机进行集中补丁分发。The technical solution of the present invention is to overcome the deficiencies of the prior art and provide a terminal computer-oriented patch security online inspection system, which can perform centralized patch distribution to all terminal computers online in real time.

本发明的技术解决方案:面向终端计算机的补丁安全在线检查系统,在一台中心计算机上在线对所有终端计算机进行集中检查,所有的计算机之间通过网络连接;所述的系统包括在线检查工具、封装模块和中心计算机,封装模块将在线检查工具打包成CAB包的形式并存储在中心计算机上,中心计算机将CAB包嵌入IE浏览器,终端计算机通过IE浏览器从中心计算机上下载该CAB包并自动安装;中心计算机上存储所有最新的补丁包和补丁信息;所述在线检查工具包括策略定制模块、统一数据接口模块、补丁解析模块、查询模块和下载分发模块;The technical solution of the present invention: a terminal computer-oriented patch security online inspection system, which conducts a centralized inspection of all terminal computers online on a central computer, and all computers are connected through a network; the system includes online inspection tools, The encapsulation module and the central computer, the encapsulation module packs the online inspection tool into the form of a CAB package and stores it on the central computer, the central computer embeds the CAB package into the IE browser, and the terminal computer downloads the CAB package from the central computer through the IE browser and Automatic installation; all the latest patch packs and patch information are stored on the central computer; the online inspection tool includes a strategy customization module, a unified data interface module, a patch analysis module, a query module and a download distribution module;

用户通过中心计算机上的IE浏览器输入对每台终端计算机发起补丁安全在线检查指令,所述的补丁安全在线检查指令包括在线更新指令、补丁类型以及最新版本号;每台终端计算机上的CAB包根据接收的在线更新指令启动检查,具体如下:The user inputs through the IE browser on the central computer and initiates a patch security online inspection instruction for each terminal computer, and the patch security online inspection instruction includes an online update instruction, patch type and the latest version number; the CAB package on each terminal computer Initiate checks based on received online update instructions, as follows:

统一数据接口模块通过IE浏览器接收补丁安全在线检查指令,启动补丁解析模块;补丁解析模块根据补丁安全在线检查指令解析出补丁类型以及最新版本号;并从策略定制模块中获取本地计算机当前补丁类别及补丁版本号,将二者进行比对,若本地计算机当前补丁版本号小于最新版本号,则将补丁类别发送至下载分发模块;下载分发模块根据接收的补丁类别获取该补丁类别对应的补丁包,并下载安装,将安装后的状态及结果反馈给补丁解析模块;补丁解析模块根据反馈结果,当安装成功时,将安装的补丁包对应的最新版本号传给策略定制模块;若安装失败,则重新下载安装,若在预设的次数限制内一直安装失败,则通知查询模块将失败信息进行显示;策略定制模块中存储本地计算机的当前补丁类别及补丁版本号,并将接收的最新版本号与当前补丁版本号进行比对,当当前补丁版本号小于等于最新版本号时,用最新版本号更新当前补丁版本号;否则,调用查询模块将当前补丁版本号大于最新版本号进行显示。The unified data interface module receives the patch security online inspection instruction through the IE browser, and starts the patch analysis module; the patch analysis module analyzes the patch type and the latest version number according to the patch security online inspection instruction; and obtains the current patch category of the local computer from the policy customization module and the patch version number, compare the two, if the current patch version number of the local computer is less than the latest version number, then send the patch category to the download distribution module; the download distribution module obtains the patch package corresponding to the patch category according to the received patch category , and download and install, and feed back the installed status and results to the patch analysis module; the patch analysis module, according to the feedback result, when the installation is successful, sends the latest version number corresponding to the installed patch package to the policy customization module; if the installation fails, Then download and install again, if the installation fails within the preset number of times, the notification query module will display the failure information; the current patch category and patch version number of the local computer are stored in the strategy customization module, and the latest version number received Compare with the current patch version number, when the current patch version number is less than or equal to the latest version number, update the current patch version number with the latest version number; otherwise, call the query module to display the current patch version number greater than the latest version number.

所述的策略定制模块还存储本地计算机当前补丁检测周期,终端计算机根据补丁检测周期主动通过统一数据接口模块发起补丁更新申请至中心计算机,中心计算机将该补丁类型以及最新版本号发送至该终端计算机。The policy customization module also stores the current patch detection cycle of the local computer, and the terminal computer actively initiates a patch update application to the central computer through the unified data interface module according to the patch detection cycle, and the central computer sends the patch type and the latest version number to the terminal computer .

所述的下载分发模块具体实现步骤如下:The specific implementation steps of the download distribution module are as follows:

(1)接收补丁解析模块发送的需要更新的补丁类别,将该补丁类别信息发送至中心计算机;(1) receive the patch category that needs updating sent by the patch analysis module, and send the patch category information to the central computer;

(2)中心计算机通过Ping命令获取网络中中心计算机与各个终端计算机之间的连通状态;(2) the central computer obtains the connection state between the central computer and each terminal computer in the network by the Ping command;

(3)中心计算机通过IE浏览器发送网络状态查询指令,相应终端计算机的统一数据接口模块从IE浏览器上获取该指令发送给下载分发模块,下载分发模块获取与其它终端计算机的连接状态,并将获取的信息通过统一数据接口模块回传至中心计算机;(3) the central computer sends the network state query instruction through the IE browser, and the unified data interface module of the corresponding terminal computer obtains the instruction from the IE browser and sends it to the download distribution module, and the download distribution module obtains the connection status with other terminal computers, and Return the obtained information to the central computer through the unified data interface module;

(4)中心计算机根据接收到的状态信息,建立一个集合,该集合以中心计算机作为起点,遍历与之相连的终端计算机的状态,将显示连通状态良好的计算机之间的对应关系<Vi,Vj>存入该集合中,当中心计算机与终端计算机的响应时间为500毫秒以内时,表示中心计算机与终端之间连接状态良好,反之表示二者连接状态为阻塞,相应的阻塞终端计算机记为Vk;其中,Vi(i=1)代表中心计算机,Vj(j≠1)代表与中心计算机连通状态良好的终端计算机;(4) The central computer builds a collection according to the received state information, the collection takes the central computer as a starting point, traverses the states of the terminal computers connected to it, and will display the corresponding relationship between computers with good connectivity <V i , V j > is stored in this collection, when the response time between the central computer and the terminal computer is within 500 milliseconds, it means that the connection between the central computer and the terminal is in good condition, otherwise it means that the connection between the two is blocked, and the corresponding blocked terminal computer records is V k ; wherein, V i (i=1) represents the central computer, and V j (j≠1) represents a terminal computer in good communication with the central computer;

(5)在集合中确定与中心计算机阻塞的某一台终端计算机Vkm的对应关系,具体如下:(5) determine the corresponding relationship with a certain terminal computer V km blocked by the central computer in the set, specifically as follows:

(5.1)获取步骤(4)中与中心计算机阻塞的某一台终端计算机Vkm与步骤(4)集合中的Vj之间的连接状态信息,若存在连接状态良好的计算机,则将连接状态信息中响应时间最短的Vj与相应的Vkm的对应关系<Vj,Vkm>存入集合中;若Vj中不存在与该台终端计算机Vkm连接状态良好的计算机,则转步骤(5.2);(5.1) Obtain the connection state information between a certain terminal computer V km blocked by the central computer in step (4) and V j in the set of step (4), if there is a computer with good connection state, the connection state The corresponding relationship between V j with the shortest response time and the corresponding V km in the information <V j , V km > is stored in the set; if there is no computer in V j that is in good connection with the terminal computer V km , go to step (5.2);

(5.2)获取与该台终端计算机Vkm连接状态良好的其它与中心计算机阻塞的终端计算机Vkn;将<Vkn,Vkm>存入该集合,转(5.3);(5.2) Obtain other terminal computers Vkn blocked with the central computer in good connection state with this terminal computer Vkm ; < Vkn , Vkm > is stored in this collection, turn (5.3);

(5.3)获取终端计算机Vkn与步骤(4)集合中的Vj之间的连接状态信息,若存在连接状态良好的计算机,则将连接状态信息中响应时间最短的Vj与相应的Vkn的对应关系<Vj,Vkn>存入集合中;若不存在连接状态良好的计算机,则从集合中删除<Vkn,Vkm>,将<V1,Vkm>存入集合中;(5.3) Obtain the connection state information between the terminal computer V kn and the V j in the set of step (4), if there is a computer with a good connection state, then connect the V j with the shortest response time in the connection state information to the corresponding V kn The corresponding relationship <V j , V kn > is stored in the set; if there is no computer with good connection status, delete <V kn , V km > from the set, and store <V 1 , V km > in the set;

(6)对其它所有与中心计算机阻塞的终端计算机按照步骤(5)进行处理;(6) process according to step (5) to all other terminal computers blocked with the central computer;

(7)中心计算机根据集合中的内容,通过IE浏览器发送状态信息和相应的补丁包,与中心计算机连接良好的终端计算机的统一数据接口模块从IE浏览器上获取状态信息和补丁包,判断状态信息是否需要将该补丁包转发到其它的终端计算机。若需要,则将补丁包转发到其它终端计算机,并安装相应的补丁包,返回结果给补丁解析模块。(7) The central computer sends status information and corresponding patch packages through the IE browser according to the content in the collection, and the unified data interface module of the terminal computer that is well connected with the central computer obtains the status information and patch packages from the IE browser, and judges Status information Whether the patch package needs to be forwarded to other terminal computers. If necessary, the patch package is forwarded to other terminal computers, and the corresponding patch package is installed, and the result is returned to the patch analysis module.

本发明与现有技术相比的优点在于:The advantage of the present invention compared with prior art is:

(1)本发明系统通过将检查工具封装成CAB包的形式并嵌入IE浏览器中,避免目前对每台终端计算机都需要现场检查的缺陷,解放了人力;可以一次性完成所有期望检查的项目,并最终实现一台中心计算机对网络内的所有终端计算机进行集中在线检查,提高了检查效率。(1) The system of the present invention encapsulates the inspection tool into the form of a CAB package and embeds it in the IE browser, avoiding the defect that each terminal computer needs on-site inspection at present, and liberating manpower; all expected inspection items can be completed at one time , and finally realize a centralized online inspection of all terminal computers in the network by a central computer, which improves the inspection efficiency.

(2)本发明系统提供补丁自动代理转发功能,提高补丁下发效率,减少网络带宽的占用率,节省网络资源。可在指定时间、指定网络范围内以不同方式(如推、拉)分发补丁,或者根据脚本策略统一控制客户端下载补丁。当系统监测到有客户端未打补丁时,可对漏打补丁客户端进行推送补丁。(2) The system of the present invention provides a patch automatic agent forwarding function, improves the efficiency of patch delivery, reduces the occupancy rate of network bandwidth, and saves network resources. Patches can be distributed in different ways (such as push and pull) at a specified time and within a specified network range, or the client can be uniformly controlled to download patches according to script policies. When the system detects that some clients have not been patched, patches can be pushed to the missing clients.

(2)本发明系统提供补丁自动代理转发功能,提高了补丁下发效率,减少了网络带宽的占用率,节省了网络资源。可根据当前网络中各个节点之间网络连通状态,以转发的方式进行补丁的推送,而且降低了中心计算机的负载率,保证了中心计算机高效有序的进行工作。(2) The system of the present invention provides a patch automatic agent forwarding function, which improves the efficiency of patch distribution, reduces the occupation rate of network bandwidth, and saves network resources. According to the network connection status between each node in the current network, the patch can be pushed in the way of forwarding, and the load rate of the central computer is reduced, ensuring the efficient and orderly work of the central computer.

(3)本发明能够及时的反应各个客户端即终端计算机的补丁状态,当状态发生变化的时候,能够及时返回状态信息,提醒用户,使得计算机始终处于安全的环境内。(3) The present invention can timely reflect the patch status of each client terminal computer, and when the status changes, the status information can be returned in time to remind the user, so that the computer is always in a safe environment.

附图说明 Description of drawings

图1为本发明系统的体系结构图;Fig. 1 is the architecture diagram of the system of the present invention;

图2为本发明系统中的统一数据接口模块实现过程示意图;Fig. 2 is the schematic diagram of the realization process of the unified data interface module in the system of the present invention;

图3为本发明系统中的查询模块实现过程示意图;Fig. 3 is a schematic diagram of the implementation process of the query module in the system of the present invention;

图4为本发明系统中的补丁解析模块实现过程示意图;Fig. 4 is a schematic diagram of the implementation process of the patch analysis module in the system of the present invention;

图5为下载分发模块实现过程示意图。Fig. 5 is a schematic diagram of the implementation process of the download distribution module.

具体实施方式 Detailed ways

下面结合附图对本发明进行详细说明The present invention is described in detail below in conjunction with accompanying drawing

如图1所示,在一台中心计算机上在线对所有终端计算机进行集中检查,所有的计算机之间通过网络连接;所述的系统包括在线检查工具、封装模块和中心计算机,封装模块将在线检查工具打包成CAB包形式并存储在中心计算机上,中心计算机将CAB包嵌入IE浏览器(可以采用com技术实现嵌入),终端计算机通过IE浏览器从中心计算机上下载该CAB包并自动安装;中心计算机上存储所有最新的补丁包和补丁信息;所述在线检查工具包括策略定制模块、统一数据接口模块、补丁解析模块、查询模块和下载分发模块;As shown in Figure 1, all terminal computers are checked online on a central computer, and all computers are connected through a network; the system includes an online inspection tool, an encapsulation module and a central computer, and the encapsulation module will be checked online The tool is packaged into a CAB package and stored on the central computer. The central computer embeds the CAB package into the IE browser (com technology can be used to realize the embedding), and the terminal computer downloads the CAB package from the central computer through the IE browser and automatically installs it; All the latest patch packs and patch information are stored on the computer; the online inspection tool includes a strategy customization module, a unified data interface module, a patch parsing module, a query module and a download distribution module;

当集中对每台终端计算机进行补丁检查、分发时,用户通过中心计算机上的IE浏览器输入对每台终端计算机发起补丁安全在线检查指令,所述的补丁安全在线检查指令包括在线更新指令、补丁类型以及最新版本号;每台终端计算机上的CAB包根据接收的在线更新指令启动检查,具体如下:When patch inspection and distribution are performed on each terminal computer in a centralized manner, the user initiates a patch safety online inspection instruction for each terminal computer through the IE browser input on the central computer, and the described patch safety online inspection instruction includes an online update instruction, patch type and the latest version number; the CAB package on each terminal computer starts checking according to the received online update command, as follows:

统一数据接口模块通过IE浏览器接收补丁安全在线检查指令,启动补丁解析模块;The unified data interface module receives the patch security online inspection instruction through the IE browser, and starts the patch analysis module;

补丁解析模块根据补丁安全在线检查指令解析出补丁类型以及最新版本号;并从策略定制模块中获取本地计算机当前补丁类别及补丁版本号,将二者进行比对,若本地计算机当前补丁版本号小于最新版本号,则将补丁类别发送至下载分发模块;The patch analysis module analyzes the patch type and the latest version number according to the patch security online inspection instruction; and obtains the current patch category and patch version number of the local computer from the policy customization module, and compares the two. If the current patch version number of the local computer is less than The latest version number, then send the patch category to the download distribution module;

下载分发模块根据接收的补丁类别获取该补丁类别对应的补丁包,并下载安装,将安装后的状态及结果反馈给补丁解析模块;补丁解析模块根据反馈结果,当安装成功时,将安装的补丁包对应的最新版本号传给策略定制模块;若安装失败,则重新下载安装,若在预设的次数限制内一直安装失败,则通知查询模块将失败信息进行显示;The download and distribution module obtains the patch package corresponding to the patch category according to the received patch category, downloads and installs it, and feeds back the status and results after installation to the patch analysis module; the patch analysis module will, according to the feedback result, send the installed patch The latest version number corresponding to the package is passed to the strategy customization module; if the installation fails, download and install again; if the installation fails within the preset number of times, the query module will be notified to display the failure information;

策略定制模块中存储本地计算机的当前补丁类别及补丁版本号,并将接收的最新版本号与当前补丁版本号进行比对,当当前补丁版本号小于等于最新版本号时,用最新版本号更新当前补丁版本号;否则,调用查询模块将当前补丁版本号大于最新版本号进行显示。The current patch category and patch version number of the local computer are stored in the policy customization module, and the latest version number received is compared with the current patch version number. When the current patch version number is less than or equal to the latest version number, the current patch version number is updated with the latest version number. Patch version number; otherwise, call the query module to display the current patch version number greater than the latest version number.

当终端计算机需要进行主动补丁更新时,则可以在策略定制模块中存储本地计算机当前补丁检测周期,终端计算机根据补丁检测周期主动通过统一数据接口模块发起补丁更新申请至中心计算机,中心计算机将该补丁类型以及最新版本号以指令形式发送至该终端计算机,终端计算机的补丁解析模块及其他模块按照上述集中检查的方法进行补丁更新。When the terminal computer needs active patch update, the current patch detection cycle of the local computer can be stored in the policy customization module, and the terminal computer actively initiates a patch update application to the central computer through the unified data interface module according to the patch detection cycle, and the central computer applies the patch The type and the latest version number are sent to the terminal computer in the form of instructions, and the patch analysis module and other modules of the terminal computer perform patch updates according to the above-mentioned centralized inspection method.

中心计算机还可以通过IE浏览器发送补丁查询指令,相应终端计算机的统一数据接口模块从IE浏览器上获取该指令发送给查询模块,查询模块从策略定制模块中获取策略定制模块中存储的相应信息,并将获取的信息通过统一数据接口模块回传至中心计算机,由中心计算机进行显示。The central computer can also send a patch query instruction through the IE browser, and the unified data interface module of the corresponding terminal computer obtains the instruction from the IE browser and sends it to the query module, and the query module obtains the corresponding information stored in the strategy customization module from the strategy customization module , and the acquired information is returned to the central computer through the unified data interface module, and displayed by the central computer.

下面详细介绍每个模块的实现过程。The implementation process of each module is described in detail below.

(一)下载分发模块(1) Download the distribution module

为了提高下载分发的补丁下发效率,减少网络带宽占有率以及节省网络资源,方法具体步骤如图5所示:In order to improve the efficiency of downloading and distributing patches, reduce the occupation rate of network bandwidth and save network resources, the specific steps of the method are shown in Figure 5:

(1)接收补丁解析模块发送的需要更新的补丁类别,将该补丁类别信息发送至中心计算机;(1) receive the patch category that needs updating sent by the patch analysis module, and send the patch category information to the central computer;

(2)中心计算机通过应用程序接口API发出Ping命令至各个终端计算机,终端计算机通过接收该Ping命令后,操作系统返回一个接收到的信息至中心计算机,中心计算机根据发出命令到接收到信息的时间间隔,确定中心计算机与各个终端计算机之间的网络连通状态。(2) The central computer sends a Ping command to each terminal computer through the application program interface API. After the terminal computer receives the Ping command, the operating system returns a received message to the central computer. The central computer sends the command to the time when the message is received interval to determine the network connection status between the central computer and each terminal computer.

(3)中心计算机通过IE浏览器发送网络状态查询指令,相应终端计算机的统一数据接口模块从IE浏览器上获取该指令发送给下载分发模块,下载分发模块获取与其它终端计算机的连接状态,并将获取的信息通过统一数据接口模块回传至中心计算机。(3) the central computer sends the network state query instruction through the IE browser, and the unified data interface module of the corresponding terminal computer obtains the instruction from the IE browser and sends it to the download distribution module, and the download distribution module obtains the connection status with other terminal computers, and Return the obtained information to the central computer through the unified data interface module.

假设一台终端计算机记为A计算机从IE浏览器上获取网络状态查询指令,A计算机根据该网络状态查询指令通过应用程序接口API发出Ping命令至与A计算机相连的所有终端计算机,A计算机根据发出命令到接收到信息的时间间隔确定A计算机与其相连所有终端计算机的网络连通状态,A计算机上的下载分发模块将上述状态信息通过统一数据接口模块发送至中心计算机;Assuming that a terminal computer is recorded as computer A obtains a network status query command from the IE browser, computer A sends a Ping command to all terminal computers connected to computer A through the application program interface API according to the network status query command, and computer A sends out a Ping command according to the command The time interval from ordering to receiving information determines the network connection status of A computer and all terminal computers connected to it, and the download distribution module on A computer sends the above-mentioned status information to the central computer through the unified data interface module;

(4)中心计算机根据接收到的状态信息,建立一个集合,该集合以中心计算机作为起点,遍历与之相连的终端计算机的状态,将显示连通状态良好的计算机之间的对应关系<Vi,Vj>存入该集合中,一般中心计算机与终端计算机的响应时间(即状态信息)为500毫秒以内时,表示中心计算机与终端之间连接状态良好,反之表示二者连接状态为阻塞,相应的阻塞终端计算机记为Vk;其中,Vi(i=1)代表中心计算机,Vj(j≠1)代表与中心计算机连通状态良好的终端计算机;(4) The central computer builds a collection according to the received state information, the collection takes the central computer as a starting point, traverses the states of the terminal computers connected to it, and will display the corresponding relationship between computers with good connectivity <V i , V j > is stored in this set. Generally, when the response time (that is, status information) between the central computer and the terminal computer is within 500 milliseconds, it means that the connection between the central computer and the terminal is in good condition. Otherwise, it means that the connection between the two is blocked, and the corresponding The blocked terminal computer is denoted as V k ; wherein, V i (i=1) represents the central computer, and V j (j≠1) represents a terminal computer in good communication with the central computer;

(5)在集合中确定与中心计算机阻塞的某一台终端计算机Vkm的对应关系,具体如下:(5) determine the corresponding relationship with a certain terminal computer V km blocked by the central computer in the set, specifically as follows:

(5.1)获取步骤(4)中与中心计算机阻塞的某一台终端计算机Vkm与步骤(4)集合中的Vj之间的连接状态信息,若存在连接状态良好的计算机,则将连接状态信息中响应时间最短的Vj与相应的Vkm的对应关系<Vj,Vkm>存入集合中;若Vj中不存在与该台终端计算机Vkm连接状态良好的计算机,则转步骤(5.2);(5.1) Obtain the connection state information between a certain terminal computer V km blocked by the central computer in step (4) and V j in the set of step (4), if there is a computer with good connection state, the connection state The corresponding relationship between V j with the shortest response time and the corresponding V km in the information <V j , V km > is stored in the set; if there is no computer in V j that is in good connection with the terminal computer V km , go to step (5.2);

(5.2)获取与该台终端计算机Vkm连接状态良好的其它与中心计算机阻塞的终端计算机Vkn;将<Vkn,Vkm>存入该集合,转(5.3);(5.2) Obtain other terminal computers Vkn blocked with the central computer in good connection state with this terminal computer Vkm ; < Vkn , Vkm > is stored in this collection, turn (5.3);

(5.3)获取终端计算机Vkn与步骤(4)集合中的Vj之间的连接状态信息,若存在连接状态良好的计算机,则将连接状态信息中响应时间最短的Vj与相应的Vkn的对应关系<Vj,Vkn>存入集合中;若不存在连接状态良好的计算机,则从集合中删除<Vkn,Vkm>,将<V1,Vkm>存入集合中;(5.3) Obtain the connection state information between the terminal computer V kn and the V j in the set of step (4), if there is a computer with a good connection state, then connect the V j with the shortest response time in the connection state information to the corresponding V kn The corresponding relationship <V j , V kn > is stored in the set; if there is no computer with good connection status, delete <V kn , V km > from the set, and store <V 1 , V km > in the set;

(6)对其它所有与中心计算机阻塞的终端计算机按照步骤(5)进行处理;(6) process according to step (5) to all other terminal computers blocked with the central computer;

(7)中心计算机根据集合中的内容,通过IE浏览器发送状态信息和相应的补丁包,与中心计算机连接良好的终端计算机的统一数据接口模块从IE浏览器上获取状态信息和补丁包,判断状态信息是否需要将该补丁包转发到其它的终端计算机。若需要,则将补丁包转发到其它终端计算机,并安装相应的补丁包,返回结果给补丁解析模块。(7) The central computer sends status information and corresponding patch packages through the IE browser according to the content in the collection, and the unified data interface module of the terminal computer that is well connected with the central computer obtains the status information and patch packages from the IE browser, and judges Status information Whether the patch package needs to be forwarded to other terminal computers. If necessary, the patch package is forwarded to other terminal computers, and the corresponding patch package is installed, and the result is returned to the patch analysis module.

例如:集合中的内容For example: the contents of the collection

<V1,V2><V 1 , V 2 >

<V1,V3><V 1 , V 3 >

<V1,V5><V 1 , V 5 >

<V1,V7><V 1 , V 7 >

...... …

<V2,V4><V 2 , V 4 >

<V3,V6><V 3 , V 6 >

...... …

则,中心计算机需要通过IE浏览器发送状态信息和相应的补丁包,终端计算机V2、V3将根据状态信息将接收的补丁包转发给与中心计算机阻塞的V4、V6Then, the central computer needs to send the status information and the corresponding patch package through the IE browser, and the terminal computers V 2 and V 3 will forward the received patch package to V 4 and V 6 blocked by the central computer according to the status information.

(8)中心计算机根据各个终端返回的信息判断各个终端是否安装完成。(8) The central computer judges whether the installation of each terminal is completed according to the information returned by each terminal.

(二)补丁解析模块(2) Patch analysis module

该模块实现过程如图4所示。The implementation process of this module is shown in Figure 4.

(1)补丁解析模块根据补丁安全在线检查指令解析出补丁类型以及最新版本号;(1) The patch analysis module analyzes the patch type and the latest version number according to the patch security online inspection instruction;

(2)从策略定制模块中获取本地计算机当前补丁类别及补丁版本号,将二者进行比对,若本地计算机当前补丁版本号小于最新版本号,则将补丁类别发送至下载分发模块,转步骤(3);否则,不进行处理,结束流程;(2) Obtain the current patch category and the patch version number of the local computer from the strategy customization module, compare the two, if the current patch version number of the local computer is less than the latest version number, then send the patch category to the download distribution module, and turn to the step (3); otherwise, do not process and end the process;

(3)接收下载分发模块返回的安装状态及结果,当结果显示安装成功时,将安装的补丁包对应的最新版本号及安装时间传给策略定制模块;当结果显示安装失败时,启动下载分发模块重新下载安装,若在预设的次数限制内一直安装失败,则通知查询模块将失败信息进行显示并提示重新启动计算机。上述预设的次数一般为2次,也可以多次。(3) Receive the installation status and results returned by the download and distribution module. When the results show that the installation is successful, pass the latest version number and installation time corresponding to the installed patch package to the strategy customization module; when the results show that the installation fails, start the download and distribution The module is re-downloaded and installed. If the installation fails within the preset number of times, the notification query module will display the failure information and prompt to restart the computer. The preset number of times mentioned above is generally 2 times, and may also be multiple times.

(三)策略定制模块(3) Strategy customization module

策略定制模块中存储的内容可以包含补丁类别(例如,系统补丁、IE补丁、应用程序补丁等)、补丁版本号、补丁安装时间、补丁检测周期、操作系统种类等,其内容可以根据实际要求进行扩展,可以采用表格形式或者INI文件形式。The content stored in the policy customization module can include patch category (for example, system patch, IE patch, application program patch, etc.), patch version number, patch installation time, patch detection cycle, operating system type, etc., and its content can be customized according to actual requirements. The extension can be in the form of a table or an INI file.

例如采用INI形式:For example in INI form:

[补丁版本][Patch version]

Version=v1.6.0.8Version=v1.6.0.8

[补丁类别][Patch Category]

类别1=系统补丁Category 1 = System Patches

类别2=IE补丁Category 2 = IE Patches

[补丁检测周期][Patch detection cycle]

Time=10(默认单位是天)Time=10 (default unit is day)

[操作系统][operating system]

operating systems=Windows XPoperating systems = Windows XP

......

(四)查询模块(4) Query module

该模块实现过程如图3所示The implementation process of this module is shown in Figure 3.

(1)接收传入的补丁查询指令,解析指令所代表的查询条件,例如:补丁类型、补丁版本号,补丁安装时间等,根据这些条件调用统一数据接口模块从策略定制模块获取该类信息。(1) Receive the incoming patch query instruction, analyze the query conditions represented by the instruction, such as: patch type, patch version number, patch installation time, etc., and call the unified data interface module to obtain such information from the policy customization module according to these conditions.

(2)创建链表,将查询到的信息存入到链表中,记录信息的总量。若查询的补丁不存在,则返回查询的条件不存在或不存在该条补丁。(2) Create a linked list, store the queried information into the linked list, and record the total amount of information. If the queried patch does not exist, return the query condition does not exist or the patch does not exist.

(五)统一数据接口模块(5) Unified data interface module

统一数据接口模块如图2所示,主要作用接收中心计算机或者终端计算机其他模块传输的数据,将数据按照规则进行编码,可以根据IP地址将数据发送到相应的一端,例如IP地址:192.168.0.119等。The unified data interface module is shown in Figure 2. It is mainly used to receive data transmitted by the central computer or other modules of the terminal computer, encode the data according to the rules, and send the data to the corresponding end according to the IP address. For example, IP address: 192.168.0.119 wait.

统一数据接口模块通过利用成熟的JSON技术实现统一的数据接口。The unified data interface module implements a unified data interface by using mature JSON technology.

(六)封装模块(6) Encapsulation module

封装模块将在线检查工具打包成CAB包的形式,具体步骤如下:The packaging module packs the online inspection tool into a CAB package. The specific steps are as follows:

(1)利用makecert.exe制作数字签名(1) Use makecert.exe to make a digital signature

◆进入系统doc界面,输入命令cd makecert.exe的目录,按回车键。例如:cd C:/makeCab◆Enter the system doc interface, enter the directory of the command cd makecert.exe, and press the Enter key. For example: cd C:/makeCab

◆输入命令,命令格式如下:makecert -sv-n-ss-r-b-e。例如:makecert◆Enter the command, the command format is as follows: makecert -sv-n-ss-r-b-e. For example: makecert

-sv dsoframer.pvk-n“CN=XXXX”-ss My-r-b 01/01/1900-e01/01/9999-sv dsoframer.pvk -n "CN=XXXX" -ss My-r -b 01/01/1900 -e01/01/9999

-sv dsoframer.pvk意思是生成一个私匙文件dsoframer.pvk-sv dsoframer.pvk means to generate a private key file dsoframer.pvk

-n″CN=XXXX″其中的″XXXX″就是签名中显示的证书所有人的名字。-n "CN=XXXX" where "XXXX" is the name of the owner of the certificate displayed in the signature.

-ss My指定生成后的证书保存在个人证书中-ss My specifies that the generated certificate is stored in the personal certificate

-r  意思是说证书是自己颁发给自己。-r means that the certificate is issued to itself.

-b 01/01/2009指定证书的有效期起始日期,格式为 月/日/年,最低为1900年-b 01/01/2009 Specifies the valid start date of the certificate in the format of month/day/year, with a minimum of 1900

-e 01/01/2018指定证书的有效期终止日期,格式同上。-e 01/01/2018 specifies the expiry date of the validity period of the certificate, in the same format as above.

◆打开IE的″Internet选项″,切换到″内容″标签,点击″证书″按钮″选中″XXXX″就是生成的证书,把它″导出″为dsoframer.cer,◆Open the "Internet Options" of IE, switch to the "Content" tab, click the "Certificate" button" and select "XXXX" to be the generated certificate, and "export" it as dsoframer.cer,

(2)建立inf文件,运行IEXPRESS.EXE,选中″创建新的自解压缩指令文件″,进入下一步,选中″只创建压缩文件(ActiveX安装)″,进入下一步把用到的程序包括程序调用的DLL(如果有的话)添加进列表中,按配置选项后,就连续点″下一步″,即生成dsoframer.CAB。(2) Create an inf file, run IEXPRESS.EXE, select "create a new self-extracting command file", go to the next step, select "only create compressed files (ActiveX installation)", go to the next step to include the program used The DLL to be called (if any) is added into the list, and after pressing the configuration option, click "Next" continuously to generate dsoframer.CAB.

(3)运行signcode.exe,选择dsoframer.CAB,″签名选项″中的″签名类型″选定″自定义(C)″,下一步″从文件中选择″上面第一步导出的证书文件dsoframer.cer,再下一步的私匙选定第一步生成的dsoframer.pvk文件,然后进入描述,注意,图中″描述(可选)″:下的输入框中根据需要写上相应的描述语句,点击“下一步“,一直到签名完成。(3) Run signcode.exe, select dsoframer.CAB, select "Custom (C)" in "Signature Type" in "Signature Options", and then "select from the file" the certificate file dsoframer exported in the first step above .cer, then select the dsoframer.pvk file generated in the first step for the private key in the next step, and then enter the description, note that "description (optional)" in the figure: write the corresponding description sentence in the input box below as needed , click "Next" until the signature is completed.

(4)将做好的CAB包嵌入到网页。(4) Embed the completed CAB package into the web page.

应用举例:本发明的软件及方法已经成功应用于航天某院计算机在线保密检查过程,成功完成了多至1000多台计算机同时在线保密检查的任务。证明了软件具有开发周期短、可维护性好、灵活的开放接口、完善的调试功能以及易于使用和管理的优点。Application example: The software and method of the present invention have been successfully applied to the computer online security inspection process of a certain aerospace institute, and successfully completed the online security inspection task of up to 1,000 computers at the same time. It is proved that the software has the advantages of short development cycle, good maintainability, flexible open interface, perfect debugging function and easy to use and manage.

本发明未详细描述的部分属于本领域公知技术。Parts not described in detail in the present invention belong to the well-known technologies in the art.

Claims (3)

1. the patch safety On line inspection system of terminaloriented computing machine is characterized in that: online on a central computer all terminal computers are concentrated inspection, connect through network between all computing machines; Described system is included in ray examination instrument, package module and central computer; Package module is packaged into the form of CAB bag with the On line inspection instrument and is stored on the central computer; Central computer embeds the IE browser with the CAB bag, and terminal computer is downloaded this CAB through the IE browser from central computer and wrapped and install automatically; All up-to-date service packs and patch informations of storage on the central computer; Said On line inspection instrument comprises tactful customized module, uniform data interface module, patch parsing module, enquiry module and download distribution module;
The user initiates the instruction of patch safety On line inspection through the input of the IE browser on the central computer to every station terminal computing machine, and described patch safety On line inspection instruction comprises online update instruction, patch type and latest edition this shop; CAB bag on every station terminal computing machine starts inspection according to the online updating instruction that receives, and is specific as follows:
The uniform data interface module receives the instruction of patch safety On line inspection through the IE browser, starts the patch parsing module; Instruction parses patch type and latest edition this shop to the patch parsing module according to patch safety On line inspection; And from tactful customized module, obtain the current patch classification of local computer and patch release number, the two is compared, if the current patch release of local computer number less than latest edition this shop, then is sent to the download distribution module with the patch classification; The download distribution module is obtained the corresponding service packs of this patch classification according to the patch classification that receives, and downloads and installs, and state and result after installing are fed back to the patch parsing module; The patch parsing module is according to feedback result, and when installing successfully, the latest edition this shop that the service packs of installing is corresponding passes to tactful customized module; If failure is installed, then download and install again, if in preset number of times restriction, failure is installed always, then notify enquiry module that failure information is shown; Current patch classification and the patch release of storage local computer number in the strategy customized module; And the latest edition this shop that receives and current patch release number compared; When current patch release during number smaller or equal to latest edition this shop, upgrade current patch release number with latest edition this shop; Otherwise, call enquiry module current patch release number shown greater than latest edition this shop.
2. the patch safety On line inspection system of terminaloriented computing machine according to claim 1; It is characterized in that: described tactful customized module is also stored the current patch sense cycle of local computer; Terminal computer is initiatively initiated the patch renewal through the uniform data interface module according to the patch sense cycle and is applied for that to central computer central computer is sent to this terminal computer with this patch type and latest edition this shop.
3. the patch safety On line inspection system of terminaloriented computing machine according to claim 1, it is characterized in that: the concrete performing step of described download distribution module is following:
(1) the patch classification of the needs renewal of reception patch parsing module transmission is sent to central computer with this patch classification information;
(2) central computer obtains the connected state between the central computer and each terminal computer in the network through Ping order;
(3) central computer sends the network state query statement through the IE browser; The uniform data interface module of corresponding terminal computing machine is obtained this instruction from the IE browser and is sent to the download distribution module; The download distribution module is obtained the connection status with other terminal computer, and the information of obtaining is back to central computer through the uniform data interface module;
(4) central computer is set up a set according to the status information that receives, and as starting point, the state of the terminal computer that traversal is attached thereto is with the corresponding relation that shows between the good computing machine of connected state with central computer in this set<v i, V j>Depositing in this set, is in 500 milliseconds the time when the response time of central computer and terminal computer, good connection between expression central computer and the terminal, on the contrary represent that the two connection status for blocking, blocks terminal computer accordingly and be designated as V kWherein, V i(i=1) represent central computer, V j(j ≠ 1) representative and the good terminal computer of central computer connected state;
(5) definite a certain station terminal computing machine V that blocks with central computer in set KmCorresponding relation, specific as follows:
(5.1) a certain station terminal computing machine V that blocks with central computer in the obtaining step (4) KmWith the V in step (4) set jBetween connection state information, if there is the computing machine of good connection, then with the shortest V of response time in the connection state information jWith corresponding V KmCorresponding relation<v j, V Km>Deposit in the set; If V jIn do not exist and this station terminal computing machine V KmThe computing machine of good connection then changes step (5.2);
(5.2) obtain and this station terminal computing machine V KmThe terminal computer V that other of good connection and central computer block KnWill<v Kn, V Km>Deposit this set in, change (5.3);
(5.3) obtain terminal computer V KnWith the V in step (4) set jBetween connection state information, if there is the computing machine of good connection, then with the shortest V of response time in the connection state information jWith corresponding V KnCorresponding relation<v j, V Kn>Deposit in the set; If there is not the computing machine of good connection, then deletion from set<v Kn, V Km>, will<v 1, V Km>Deposit in the set;
(6) terminal computer that all and central computer block to other is handled according to step (5);
(7) central computer is according to the content in the set; Through IE browser send state information and corresponding service packs; The uniform data interface module that is connected good terminal computer with central computer is obtained status information and service packs from the IE browser, judges whether status information need be forwarded to this service packs other terminal computer.If need, then service packs is forwarded to other terminal computer, and corresponding service packs is installed, return results is given the patch parsing module.
CN201210101326.4A 2012-04-06 2012-04-06 Safe online patch check system facing terminal computers Active CN102622550B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210101326.4A CN102622550B (en) 2012-04-06 2012-04-06 Safe online patch check system facing terminal computers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210101326.4A CN102622550B (en) 2012-04-06 2012-04-06 Safe online patch check system facing terminal computers

Publications (2)

Publication Number Publication Date
CN102622550A true CN102622550A (en) 2012-08-01
CN102622550B CN102622550B (en) 2015-04-22

Family

ID=46562465

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210101326.4A Active CN102622550B (en) 2012-04-06 2012-04-06 Safe online patch check system facing terminal computers

Country Status (1)

Country Link
CN (1) CN102622550B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105260214A (en) * 2015-11-03 2016-01-20 用友网络科技股份有限公司 Intelligent patch pushing method and system applied to complex ERP system
CN105302606A (en) * 2015-11-03 2016-02-03 用友网络科技股份有限公司 Project permission based patch downloading method and system
CN106610857A (en) * 2016-12-23 2017-05-03 上海优刻得信息科技有限公司 Hot patch information inquiring method and device
CN107066247A (en) * 2016-12-29 2017-08-18 世纪龙信息网络有限责任公司 Patch querying method and device
CN107408184A (en) * 2015-02-06 2017-11-28 霍尼韦尔国际公司 Patch monitors and analysis
CN107481173A (en) * 2017-09-05 2017-12-15 王东红 A kind of Platform of Experimental Teaching experimental project update method and system
CN111857771A (en) * 2020-06-29 2020-10-30 国网福建省电力有限公司 Method and system for automatic installation of operating system patches based on deep learning

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119231A (en) * 2007-07-19 2008-02-06 南京联创网络科技有限公司 Method to centralized manage and automatic download mend of computer security leak base
US20080163196A1 (en) * 2005-05-12 2008-07-03 International Business Machines Corporation Apparatus and method for automatically defining, deploying and managing hardware and software resources in a logically-partitioned computer system
US20110145803A1 (en) * 2009-12-14 2011-06-16 Soederstedt Torbjoern Extension mechanism

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080163196A1 (en) * 2005-05-12 2008-07-03 International Business Machines Corporation Apparatus and method for automatically defining, deploying and managing hardware and software resources in a logically-partitioned computer system
CN101119231A (en) * 2007-07-19 2008-02-06 南京联创网络科技有限公司 Method to centralized manage and automatic download mend of computer security leak base
US20110145803A1 (en) * 2009-12-14 2011-06-16 Soederstedt Torbjoern Extension mechanism

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107408184A (en) * 2015-02-06 2017-11-28 霍尼韦尔国际公司 Patch monitors and analysis
CN107408184B (en) * 2015-02-06 2021-07-13 霍尼韦尔国际公司 Patch monitoring and analysis
CN105260214A (en) * 2015-11-03 2016-01-20 用友网络科技股份有限公司 Intelligent patch pushing method and system applied to complex ERP system
CN105302606A (en) * 2015-11-03 2016-02-03 用友网络科技股份有限公司 Project permission based patch downloading method and system
CN105260214B (en) * 2015-11-03 2018-12-18 用友网络科技股份有限公司 Intelligent patch method for pushing and system applied to complicated ERP system
CN106610857A (en) * 2016-12-23 2017-05-03 上海优刻得信息科技有限公司 Hot patch information inquiring method and device
CN106610857B (en) * 2016-12-23 2019-01-22 优刻得科技股份有限公司 A kind of hot patch information query method and device
CN107066247A (en) * 2016-12-29 2017-08-18 世纪龙信息网络有限责任公司 Patch querying method and device
CN107481173A (en) * 2017-09-05 2017-12-15 王东红 A kind of Platform of Experimental Teaching experimental project update method and system
CN111857771A (en) * 2020-06-29 2020-10-30 国网福建省电力有限公司 Method and system for automatic installation of operating system patches based on deep learning

Also Published As

Publication number Publication date
CN102622550B (en) 2015-04-22

Similar Documents

Publication Publication Date Title
CN102622550B (en) Safe online patch check system facing terminal computers
CN106844137B (en) Server monitoring method and device
CN105099739B (en) One kind being based on plug-in type software deployment method, apparatus and application server
CN112861190B (en) Data cross-chain cooperation method, system and device
CN110413295B (en) A remote firmware update method for embedded devices
US20080065753A1 (en) Electronic Device Management
EP2947569A1 (en) Hybrid applications operating between on-premise and cloud platforms
CN112925646A (en) Electric power data edge calculation system and calculation method
CN110196731A (en) A kind of operational system, method and storage medium
CN104322010A (en) Systems and methods for comparing configuration files and generating corrective commands
CN103019757A (en) Method, device and system for synchronizing software among multiple clients
CN102663298B (en) Safety online detecting system facing to terminal computers
CN107493199A (en) A kind of distributed type assemblies management method and system
CN109391673A (en) A kind of method, system and the terminal device of management update file
CN110062041B (en) A method and device for changing IOT equipment based on block chain
CN104135378A (en) Method of management control of Internet of Things gateways and management control entity for Internet of Things gateways
CN114024951A (en) Power edge heterogeneous deployment method based on cloud edge collaboration
EP2438709B1 (en) Network element integration
CN111666079A (en) Method, device, system, equipment and computer readable medium for software upgrading
CN102981942B (en) A kind of task processing method and system
CN110083457A (en) A kind of data capture method, device and data analysing method, device
CN112068929A (en) Unified management method for accessing multi-architecture cloud platform to third-party web service
CN113496002A (en) Mobile application platform based on mobile middle station
CN100583097C (en) Method, system and equipment for managing patch file
CN111049909B (en) Software release method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant