CN113794704B - Feature library file updating method and device, storage medium and processor - Google Patents
Feature library file updating method and device, storage medium and processor Download PDFInfo
- Publication number
- CN113794704B CN113794704B CN202111015874.0A CN202111015874A CN113794704B CN 113794704 B CN113794704 B CN 113794704B CN 202111015874 A CN202111015874 A CN 202111015874A CN 113794704 B CN113794704 B CN 113794704B
- Authority
- CN
- China
- Prior art keywords
- file
- feature library
- management system
- network security
- security management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method, a device, a storage medium and a processor for updating a feature library file. The method comprises the following steps: receiving a first encrypted file through a network security management system, wherein the first encrypted file is a file obtained by encrypting a target feature library file by adopting a first asymmetric encryption algorithm; decrypting the first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file; the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file; and updating the feature library file of the target device through the second encrypted file. The method and the device solve the problem of low updating efficiency of the feature library file in the related technology.
Description
Technical Field
The present application relates to the field of information processing technologies, and in particular, to a method and apparatus for updating a feature library file, a storage medium, and a processor.
Background
In the prior art, many enterprises generally divide a network structure into various local area networks, which can be roughly divided into a production area, a management area, an external connection area and the like, and in order to obtain a safer internal network environment, safety devices such as an IDS, an IPS, a firewall and the like deployed in the production area must strictly forbid access to the Internet, while a network safety management system deployed in the management area cannot directly access to the Internet, but can access the Internet through a proxy server.
Under the division of the network structure, the feature library updating requirements of a large number of security devices such as firewalls can only be manually downloaded to the U disk, after the verification, the feature library files are brought into a production area by staff, and then each device is manually updated and upgraded in sequence, so that the efficiency is low. And because the required feature library files of each device are different, a great deal of manpower resources are consumed, and meanwhile, potential safety hazards can be brought.
Aiming at the problem of low updating efficiency of the feature library file in the related technology, no effective solution is proposed at present.
Disclosure of Invention
The application mainly aims to provide a method, a device, a storage medium and a processor for updating a feature library file, so as to solve the problem of low updating efficiency of the feature library file in the related technology.
In order to achieve the above object, according to one aspect of the present application, there is provided a feature library file updating method. The method comprises the following steps: receiving a first encrypted file through a network security management system, wherein the first encrypted file is a file obtained by encrypting a target feature library file by adopting a first asymmetric encryption algorithm; decrypting the first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file; the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file; and updating the feature library file of the target device through the second encrypted file.
Further, before receiving the first encrypted file through the network security management system, the method further comprises: the target feature library server encrypts the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameters to obtain a first encrypted file; the first encrypted file is sent to a network security management system.
Further, before the target feature library server encrypts the target feature library file according to the second identification parameter by using the first asymmetric encryption algorithm, the method further includes: adding the proxy server into a network security management system, and starting a target service mode of a corresponding target feature library file in the proxy server; the network security management system establishes network connection with the target feature library server through the proxy server, wherein the network security management system sends second identification parameters matched with the target feature library server to the target feature library server.
Further, before the network security management system encrypts the first decrypted file by using a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file, the method further includes: the network security management system receives a first identification parameter sent by the target device.
Further, updating the feature library file of the target device by the second encrypted file includes: the second encrypted file is issued to the target equipment through the network security management system; decrypting the second encrypted file in the target device by adopting a second asymmetric decryption algorithm to obtain a second decrypted file, wherein the second decrypted file is a target feature library file required by the target device; and updating the feature library file of the target device through the second decryption file.
In order to achieve the above object, according to another aspect of the present application, there is provided a feature library file updating apparatus. The device comprises: the first receiving unit is used for receiving a first encrypted file through the network security management system, wherein the first encrypted file is a file obtained by encrypting the target feature library file by adopting a first asymmetric encryption algorithm; the first processing unit is used for decrypting the first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file; the second processing unit is used for encrypting the first decrypted file by the network security management system according to the first identification parameter of the target device by adopting a second asymmetric encryption algorithm to obtain a second encrypted file; and the first updating unit is used for updating the feature library file of the target device through the second encrypted file.
Further, the apparatus further comprises: the third processing unit is used for encrypting the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameters by the target feature library server before receiving the first encrypted file through the network security management system to obtain a first encrypted file; and the first sending unit is used for sending the first encrypted file to the network security management system.
Further, the apparatus further comprises: the first adding unit is used for adding the proxy server into the network security management system before the target feature library server encrypts the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameter, and starting a target service mode of the corresponding target feature library file in the proxy server; the first connection unit is used for establishing network connection between the network security management system and the target feature library server through the proxy server, wherein the network security management system sends second identification parameters matched with the target feature library server to the target feature library server.
Further, the apparatus further comprises: the second receiving unit is used for receiving the first identification parameter sent by the target device by the network security management system before the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file.
Further, the first updating unit includes: the first sending module is used for sending the second encrypted file to the target equipment through the network security management system; the first processing module is used for carrying out decryption processing on the second encrypted file in the target equipment by adopting a second asymmetric decryption algorithm to obtain a second decrypted file, wherein the second decrypted file is a target feature library file required by the target equipment; and the first updating module is used for updating the feature library file of the target device through the second decryption file.
According to another aspect of the embodiment of the present application, there is also provided a processor, configured to execute a program, where the program executes the method of any one of the above steps.
According to another aspect of an embodiment of the present application, there is also provided a computer-readable storage medium having stored thereon a computer program/instruction which, when executed by a processor, performs the method of any of the above.
According to the application, the following steps are adopted: receiving a first encrypted file through a network security management system, wherein the first encrypted file is a file obtained by encrypting a target feature library file by adopting a first asymmetric encryption algorithm; decrypting the first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file; the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file; and updating the feature library file of the target device through the second encrypted file. The problem of low updating efficiency of the feature library file in the related art is solved. The network security management system decrypts the received first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file, encrypts the first decrypted file by adopting a second asymmetric encryption algorithm to obtain a second encrypted file, and updates the feature library file based on the second encrypted file, so that the network security of the feature library file transmission process is ensured, and the effect of updating the feature library file is improved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application. In the drawings:
FIG. 1 is a flowchart of a method for updating a feature library file according to an embodiment of the present application;
FIG. 2 is a schematic diagram of a system operation of a method for updating a profile library according to an embodiment of the present application; and
fig. 3 is a schematic diagram of a feature library file updating apparatus according to an embodiment of the present application.
Detailed Description
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the application herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of description, the following will describe some terms or terminology involved in the embodiments of the present application:
IDS: an intrusion detection system (intrusion detection system) is a network security device that is capable of immediate monitoring of network transmissions and alerting or taking proactive action when suspicious transmissions are found.
IPS: an intrusion prevention system (Intrusion Prevention System) is a computer network security device that can timely interrupt, adjust or isolate abnormal or damaging network data transmission activities.
SIG: separate digital signature files, generated using powerful asymmetric encryption algorithms, are widely used to sign financial, government, personal and other digital communications/files that must remain tamper-and counterfeit-proof.
Ccproxy: a proxy server deployed in a windows system.
Squid: a proxy server deployed in a linux system.
According to an embodiment of the application, a feature library file updating method is provided.
Fig. 1 is a flowchart of a feature library file updating method according to an embodiment of the present application. As shown in fig. 1, the method comprises the steps of:
step S101, a first encrypted file is received through a network security management system, wherein the first encrypted file is a file obtained by encrypting a target feature library file by adopting a first asymmetric encryption algorithm.
For example, the first encrypted file a needs to be encrypted using a first asymmetric encryption algorithm before it is received by the network security management system.
Optionally, in the method for updating a feature library file provided in the embodiment of the present application, before receiving the first encrypted file through the network security management system, the method further includes: the target feature library server encrypts the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameters to obtain a first encrypted file; the first encrypted file is sent to a network security management system.
It should be noted that, the target feature library file receives the second identification parameter sent by the network security management system, where the second identification parameter is used to match with the target feature library server, and before identifying the target feature library server according to the second identification parameter, network connection between the network security management system and the target feature library server needs to be established.
Optionally, in the method for updating a feature library file provided in the embodiment of the present application, before the target feature library server encrypts the target feature library file by using the first asymmetric encryption algorithm according to the second identification parameter, the method further includes: adding the proxy server into a network security management system, and starting a target service mode of a corresponding target feature library file in the proxy server; the network security management system establishes network connection with the target feature library server through the proxy server, wherein the network security management system sends second identification parameters matched with the target feature library server to the target feature library server.
Specifically, before establishing network connection between the network security management system and the target feature library file, various verification information of a proxy server needs to be added in the network security management system, wherein the verification information comprises IP address information and port information of the proxy server, a proxy service mode of a feature library file updating function is started in the proxy server, if an updating action of the target feature library is detected, the network security management system starts proxy identity authentication, network connection between the network security management system and the target feature library server is established, the network security management system sends identification parameters matched with the target feature library by the second identification parameters, and if the second identification parameters of the network security management system and the target feature library are successfully verified, the communication links of the network security management system and the target feature library are correct. According to the application, the proxy server is added in the network security management system to establish network connection with the feature library server, and the identification parameters are sent to the feature library server, so that the security of communication between data is improved.
Before the proxy server added by the network security management system can successfully access the feature library server on the network, the network environment needs to be deployed in advance, for example, CCproxy is installed in Windows environment or required is installed in linux environment, the environment can access the network, security devices such as a boundary firewall, an IPS (in-plane switching) and an IDS (integrated services) and the network security management system are built in a local area network, and the devices are limited to be unable to access the network. The technical implementation environment of the application can be deployed in Windows environment and Linux environment, and supports a plurality of proxy servers such as CCproxy, squid.
Specifically, after a proxy server added by the network security management system can successfully access a feature library server on a network, the target feature library server encrypts a target feature library file requested by the network security management system according to the acquired second identification parameter according to an asymmetric encryption algorithm A to obtain a first encrypted file, and the encrypted signature file (corresponding to the first encrypted file in the application) of the target feature library file is transmitted to the network security management system, wherein the first encrypted file is a necessary file for program operation, the updating efficiency of the feature library file is further improved, and the target feature library file is encrypted for the first time on the target feature library server, wherein the application adopts an asymmetric encryption algorithm to encrypt, so that the security of subsequent file transmission is ensured.
Step S102, the first encrypted file is decrypted by adopting a first asymmetric decryption algorithm, and a first decrypted file is obtained.
For example, if the target feature library server successfully transmits the first encrypted file to the network security management system, the network security management system decrypts the first encrypted file by using a first asymmetric decryption algorithm A to obtain a first decrypted file.
Step S103, the network security management system adopts a second asymmetric encryption algorithm to encrypt the first decrypted file according to the first identification parameter of the target device, and a second encrypted file is obtained.
And step S104, updating the feature library file of the target device through the second encrypted file.
Specifically, before the network security management system encrypts the first decrypted file according to the first identification parameter of the target device, the network security management system needs to acquire the first identification parameter.
Optionally, in the method for updating a feature library file provided in the embodiment of the present application, before the network security management system encrypts the first decrypted file by using a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file, the method further includes: the network security management system receives a first identification parameter sent by the target device.
Specifically, different types of security devices in the local area network respectively send first identification parameters and device operation requirements of the security devices to the network security management system, for example, the different types of security devices comprise a target device A, a target device B and a target device C, the identification parameters A corresponding to the target device A are set, the identification parameters A comprise parameters for information verification of the target device A and the network security management system, the identification parameters B corresponding to the target device B are set, the identification parameters C corresponding to the target device C are set, the network security management system encrypts a target feature library file (corresponding to a first decryption file in the application) decrypted from a target feature library server by using a second asymmetric encryption algorithm B according to the different identification parameters, and a second encrypted file is obtained. By conducting secondary encryption on the target feature library file on the network security management system, the feature library file updating efficiency is improved, and the security of feature library file updating is further guaranteed.
Optionally, in the method for updating a feature library file provided by the embodiment of the present application, updating the feature library file of the target device by using the second encrypted file includes: the second encrypted file is issued to the target equipment through the network security management system; decrypting the second encrypted file in the target device by adopting a second asymmetric decryption algorithm to obtain a second decrypted file, wherein the second decrypted file is a target feature library file required by the target device; and updating the feature library file of the target device through the second decryption file.
For example, after the target device a obtains the second encrypted file issued by the network security management system, the target device a decrypts the second encrypted file by using a decryption algorithm B (corresponding to the second asymmetric decryption algorithm in the present application) to obtain the target feature library file required by the target device a, and after the target device a obtains the target feature library file required by the target device a, the update of the feature library file of the target device a is realized.
Optionally, fig. 2 is a schematic system operation diagram of a feature library file updating method according to an embodiment of the present application, as shown in fig. 2, a network security management system sends identification parameters to a feature library server, and performs primary encryption on a feature library file based on the identification parameters in the feature library server to obtain a first encrypted file, the first encrypted file is sent to the network security management system through the feature library server, the network security management system decrypts the first encrypted file to obtain a decrypted feature library file (a first decrypted file), a plurality of security devices send different identification parameters to the network security management system, and the network security management system encrypts the first decrypted file to obtain a second encrypted file, and after the network security management system sends the second encrypted file to a plurality of security devices, the different security devices decrypt the second encrypted file obtained respectively to obtain the second decrypted file.
According to the application, the processing modes of the asymmetric encryption algorithm and the asymmetric decryption algorithm are carried out on the target feature library files required by different types of safety equipment, so that the safety of file transmission is ensured, and meanwhile, the network safety management system automatically downloads the feature library files and automatically transmits the feature library files to various safety equipment, thereby greatly reducing the labor cost on the basis of safety and improving the updating efficiency of the feature library files of the target equipment.
In summary, in the feature library file updating method provided by the embodiment of the application, the first encrypted file is received through the network security management system, wherein the first encrypted file is a file obtained by encrypting the target feature library file by adopting a first asymmetric encryption algorithm; decrypting the first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file; the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file; and updating the feature library file of the target device through the second encrypted file. The problem of low updating efficiency of the feature library file in the related art is solved. The network security management system decrypts the received first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file, encrypts the first decrypted file by adopting a second asymmetric encryption algorithm to obtain a second encrypted file, and updates the feature library file based on the second encrypted file, so that the network security of the feature library file transmission process is ensured, and the effect of updating the feature library file is improved.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
The embodiment of the application also provides a feature library file updating device, and the feature library file updating device can be used for executing the feature library file updating method. The following describes a feature library file updating device provided by the embodiment of the application.
Fig. 3 is a schematic diagram of a feature library file updating apparatus according to an embodiment of the present application. As shown in fig. 3, the apparatus includes: a first receiving unit 301, a first processing unit 302, a second processing unit 303, a first updating unit 304.
Specifically, the first receiving unit 301 is configured to receive, through the network security management system, a first encrypted file, where the first encrypted file is a file obtained by encrypting the target feature library file with a first asymmetric encryption algorithm;
a first processing unit 302, configured to decrypt the first encrypted file by using a first asymmetric decryption algorithm, to obtain a first decrypted file;
a second processing unit 303, configured to encrypt the first decrypted file by using a second asymmetric encryption algorithm according to the first identification parameter of the target device by using the network security management system, so as to obtain a second encrypted file;
a first updating unit 304, configured to update the feature library file of the target device through the second encrypted file.
In summary, in the feature library file updating device provided by the embodiment of the present application, a first receiving unit 301 receives a first encrypted file through a network security management system, where the first encrypted file is a file obtained by encrypting a target feature library file by using a first asymmetric encryption algorithm; the first processing unit 302 performs decryption processing on the first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file; the second processing unit 303 encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device by the network security management system to obtain a second encrypted file; the first updating unit 304 updates the feature library file of the target device through the second encrypted file, so that the problem of low update efficiency of the feature library file in the related art is solved. The network security management system decrypts the received first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file, encrypts the first decrypted file by adopting a second asymmetric encryption algorithm to obtain a second encrypted file, and updates the feature library file based on the second encrypted file, so that the network security of the feature library file transmission process is ensured, and the effect of updating the feature library file is improved.
Optionally, in the feature library file updating apparatus provided in the embodiment of the present application, the apparatus further includes: the third processing unit is used for encrypting the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameters by the target feature library server before receiving the first encrypted file through the network security management system to obtain a first encrypted file; and the first sending unit is used for sending the first encrypted file to the network security management system.
Optionally, in the feature library file updating apparatus provided in the embodiment of the present application, the apparatus further includes: the first adding unit is used for adding the proxy server into the network security management system before the target feature library server encrypts the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameter, and starting a target service mode of the corresponding target feature library file in the proxy server; the first connection unit is used for establishing network connection between the network security management system and the target feature library server through the proxy server, wherein the network security management system sends second identification parameters matched with the target feature library server to the target feature library server.
Optionally, in the feature library file updating apparatus provided in the embodiment of the present application, the apparatus further includes: the second receiving unit is used for receiving the first identification parameter sent by the target device by the network security management system before the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file.
Optionally, in the feature library file updating apparatus provided in the embodiment of the present application, the first updating unit 304 includes: the first sending module is used for sending the second encrypted file to the target equipment through the network security management system; the first processing module is used for carrying out decryption processing on the second encrypted file in the target equipment by adopting a second asymmetric decryption algorithm to obtain a second decrypted file, wherein the second decrypted file is a target feature library file required by the target equipment; and the first updating module is used for updating the feature library file of the target device through the second decryption file.
The feature library file updating apparatus includes a processor and a memory, the first receiving unit 301, the first processing unit 302, the second processing unit 303, the first updating unit 304, and the like are stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be provided with one or more than one, and the feature library file is updated by adjusting kernel parameters.
The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.
The embodiment of the application provides a storage medium, on which a program is stored, which when executed by a processor, implements a feature library file updating method.
The embodiment of the application provides a processor, which is used for running a program, wherein the program runs to execute a feature library file updating method.
The embodiment of the application provides equipment, which comprises a processor, a memory and a program stored in the memory and capable of running on the processor, wherein the processor realizes the following steps when executing the program: receiving a first encrypted file through a network security management system, wherein the first encrypted file is a file obtained by encrypting a target feature library file by adopting a first asymmetric encryption algorithm; decrypting the first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file; the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file; and updating the feature library file of the target device through the second encrypted file.
The processor also realizes the following steps when executing the program: before receiving the first encrypted file through the network security management system, the target feature library server encrypts the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameter to obtain the first encrypted file; the first encrypted file is sent to a network security management system.
The processor also realizes the following steps when executing the program: before the target feature library server encrypts the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameter, adding the proxy server into a network security management system, and starting a target service mode of the corresponding target feature library file in the proxy server; the network security management system establishes network connection with the target feature library server through the proxy server, wherein the network security management system sends second identification parameters matched with the target feature library server to the target feature library server.
The processor also realizes the following steps when executing the program: and before the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file, the network security management system receives the first identification parameter sent by the target device.
The processor also realizes the following steps when executing the program: the second encrypted file is issued to the target equipment through the network security management system; decrypting the second encrypted file in the target device by adopting a second asymmetric decryption algorithm to obtain a second decrypted file, wherein the second decrypted file is a target feature library file required by the target device; and updating the feature library file of the target device through the second decryption file.
The device herein may be a server, PC, PAD, cell phone, etc.
The application also provides a computer program product adapted to perform, when executed on a data processing device, a program initialized with the method steps of: receiving a first encrypted file through a network security management system, wherein the first encrypted file is a file obtained by encrypting a target feature library file by adopting a first asymmetric encryption algorithm; decrypting the first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file; the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file; and updating the feature library file of the target device through the second encrypted file.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: before receiving the first encrypted file through the network security management system, the target feature library server encrypts the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameter to obtain the first encrypted file; the first encrypted file is sent to a network security management system.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: before the target feature library server encrypts the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameter, adding the proxy server into a network security management system, and starting a target service mode of the corresponding target feature library file in the proxy server; the network security management system establishes network connection with the target feature library server through the proxy server, wherein the network security management system sends second identification parameters matched with the target feature library server to the target feature library server.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: and before the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file, the network security management system receives the first identification parameter sent by the target device.
When executed on a data processing device, is further adapted to carry out a program initialized with the method steps of: the second encrypted file is issued to the target equipment through the network security management system; decrypting the second encrypted file in the target device by adopting a second asymmetric decryption algorithm to obtain a second decrypted file, wherein the second decrypted file is a target feature library file required by the target device; and updating the feature library file of the target device through the second decryption file.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.
Claims (9)
1. A method for updating a feature library file, comprising:
receiving a first encrypted file through a network security management system, wherein the first encrypted file is a file obtained by encrypting a target feature library file by adopting a first asymmetric encryption algorithm;
decrypting the first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file;
the network security management system encrypts the first decrypted file by adopting a second asymmetric encryption algorithm according to the first identification parameter of the target device to obtain a second encrypted file;
updating the feature library file of the target device through the second encrypted file;
and before the network security management system encrypts the first decryption file by adopting a second asymmetric encryption algorithm according to a first identification parameter of the target device to obtain a second encryption file, the network security management system receives the first identification parameter sent by the target device, wherein the first identification parameter is determined by the category of the target device.
2. The method of claim 1, wherein prior to receiving the first encrypted file via the network security management system, the method further comprises:
the target feature library server encrypts the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameters to obtain the first encrypted file;
and sending the first encrypted file to the network security management system.
3. The method of claim 2, wherein prior to the target feature library server encrypting the target feature library file using the first asymmetric encryption algorithm based on the second identification parameter, the method further comprises:
adding a proxy server into the network security management system, and starting a target service mode of a corresponding target feature library file in the proxy server;
the network security management system establishes network connection with the target feature library server through the proxy server, wherein the network security management system sends a second identification parameter matched with the target feature library server to the target feature library server.
4. The method of claim 1, wherein updating the profile of the target device with the second encrypted file comprises:
issuing the second encrypted file to the target equipment through the network security management system;
decrypting the second encrypted file in the target device by adopting a second asymmetric decryption algorithm to obtain a second decrypted file, wherein the second decrypted file is a target feature library file required by the target device;
and updating the feature library file of the target equipment through the second decryption file.
5. A profile updating apparatus, comprising:
the first receiving unit is used for receiving a first encrypted file through the network security management system, wherein the first encrypted file is a file obtained by encrypting a target feature library file by adopting a first asymmetric encryption algorithm;
the first processing unit is used for decrypting the first encrypted file by adopting a first asymmetric decryption algorithm to obtain a first decrypted file;
the second processing unit is used for encrypting the first decrypted file by the network security management system according to the first identification parameter of the target device by adopting a second asymmetric encryption algorithm to obtain a second encrypted file;
the first updating unit is used for updating the feature library file of the target device through the second encrypted file;
wherein, the feature library file updating device further comprises: the second receiving unit is configured to, when the network security management system encrypts the first decrypted file by using a second asymmetric encryption algorithm according to a first identification parameter of the target device, and before obtaining a second encrypted file, receive the first identification parameter sent by the target device by using the network security management system, where the first identification parameter is determined by a class of the target device.
6. The apparatus of claim 5, wherein the apparatus further comprises:
the third processing unit is used for encrypting the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameters by the target feature library server before receiving the first encrypted file through the network security management system to obtain the first encrypted file;
and the first sending unit is used for sending the first encrypted file to the network security management system.
7. The apparatus of claim 6, wherein the apparatus further comprises:
the first adding unit is used for adding the proxy server into the network security management system before the target feature library server encrypts the target feature library file by adopting a first asymmetric encryption algorithm according to the second identification parameter, and starting a target service mode of the corresponding target feature library file in the proxy server;
the network security management system is used for sending a second identification parameter matched with the target feature library server to the target feature library server.
8. A processor for running a program, wherein the program when run performs the method of any one of claims 1 to 4.
9. A computer readable storage medium storing a computer program executable by a processor to implement the method steps of any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111015874.0A CN113794704B (en) | 2021-08-31 | 2021-08-31 | Feature library file updating method and device, storage medium and processor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111015874.0A CN113794704B (en) | 2021-08-31 | 2021-08-31 | Feature library file updating method and device, storage medium and processor |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113794704A CN113794704A (en) | 2021-12-14 |
| CN113794704B true CN113794704B (en) | 2023-09-26 |
Family
ID=79182464
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111015874.0A Active CN113794704B (en) | 2021-08-31 | 2021-08-31 | Feature library file updating method and device, storage medium and processor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113794704B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161072A (en) * | 2015-04-20 | 2016-11-23 | ***通信集团重庆有限公司 | The collocation method of a kind of feature database, feature configuration management platform and feature plug-in unit |
| CN107547499A (en) * | 2017-05-11 | 2018-01-05 | 新华三信息安全技术有限公司 | Feature database collocation method and device |
| US10075439B1 (en) * | 2015-11-06 | 2018-09-11 | Cisco Technology, Inc. | Programmable format for securely configuring remote devices |
| CN111371798A (en) * | 2020-02-24 | 2020-07-03 | 迈普通信技术股份有限公司 | Data security transmission method, system, device and storage medium |
-
2021
- 2021-08-31 CN CN202111015874.0A patent/CN113794704B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161072A (en) * | 2015-04-20 | 2016-11-23 | ***通信集团重庆有限公司 | The collocation method of a kind of feature database, feature configuration management platform and feature plug-in unit |
| US10075439B1 (en) * | 2015-11-06 | 2018-09-11 | Cisco Technology, Inc. | Programmable format for securely configuring remote devices |
| CN107547499A (en) * | 2017-05-11 | 2018-01-05 | 新华三信息安全技术有限公司 | Feature database collocation method and device |
| CN111371798A (en) * | 2020-02-24 | 2020-07-03 | 迈普通信技术股份有限公司 | Data security transmission method, system, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113794704A (en) | 2021-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3937424B1 (en) | Blockchain data processing methods and apparatuses based on cloud computing | |
| US10341321B2 (en) | System and method for policy based adaptive application capability management and device attestation | |
| CN108768630B (en) | Encryption communication method and system for block chain node | |
| KR20200097744A (en) | Systems and methods for protecting data transmission between non-IP endpoint devices and connected services connected to gateway devices | |
| US11303431B2 (en) | Method and system for performing SSL handshake | |
| US9954834B2 (en) | Method of operating a computing device, computing device and computer program | |
| CN109450620B (en) | Method for sharing security application in mobile terminal and mobile terminal | |
| CN110661748B (en) | Log encryption method, log decryption method and log encryption device | |
| US10148621B2 (en) | Provisioning proxy for provisioning data on hardware resources | |
| US20190222414A1 (en) | System and method for controlling usage of cryptographic keys | |
| CN111274611A (en) | Data desensitization method, device and computer readable storage medium | |
| WO2016176424A1 (en) | System, method, and apparatus for secure identity authentication | |
| WO2024139273A1 (en) | Federated learning method and apparatus, readable storage medium, and electronic device | |
| CN112700242A (en) | Method, device and medium for detecting sensitive information of block chain in advance | |
| EP3732816B1 (en) | Secure installation of application keys | |
| CN112751866B (en) | Network data transmission method and system | |
| KR101473656B1 (en) | Method and apparatus for security of mobile data | |
| CN113794704B (en) | Feature library file updating method and device, storage medium and processor | |
| JP7191999B2 (en) | Mini-program package transmission method, apparatus, electronics computer readable medium and computer program product | |
| US20230179667A1 (en) | Method and system for transmitting software artifacts from a source network to a target network | |
| CN114861144A (en) | Data authority processing method based on block chain | |
| CN115118426A (en) | Data processing method, device and equipment of block chain system and storage medium | |
| CN114329596A (en) | Firmware updating method, device and system for Internet of things equipment | |
| CN110233859B (en) | Novel wind control method and wind control system | |
| CN116015961B (en) | Control processing method, security CPE, system and medium of down-hanging terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |