[go: up one dir, main page]

CN104573474B - A kind of identity generation system and method based on UEFI - Google Patents

A kind of identity generation system and method based on UEFI Download PDF

Info

Publication number
CN104573474B
CN104573474B CN201410457574.1A CN201410457574A CN104573474B CN 104573474 B CN104573474 B CN 104573474B CN 201410457574 A CN201410457574 A CN 201410457574A CN 104573474 B CN104573474 B CN 104573474B
Authority
CN
China
Prior art keywords
information
identity
module
uefi
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410457574.1A
Other languages
Chinese (zh)
Other versions
CN104573474A (en
Inventor
陈小春
孙亮
张超
朱立森
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Kunlun Taike (Beijing) Technology Co.,Ltd.
Original Assignee
CETC Beijing Co
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC Beijing Co filed Critical CETC Beijing Co
Priority to CN201410457574.1A priority Critical patent/CN104573474B/en
Publication of CN104573474A publication Critical patent/CN104573474A/en
Application granted granted Critical
Publication of CN104573474B publication Critical patent/CN104573474B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a kind of, and the equipment identities mark based on UEFI generates system and method, belongs to computer security technical field.System includes equipment information collection module, local authentication interface and identifier generation module;Wherein, the equipment information collection module is used to acquire the hardware information of equipment, and the local authentication interface is for accessing external identity-validation device;The identifier generation module can generate unique device identification number in conjunction with local device information and external equipment information.The present invention replace hard disk, again subregion, reinstall operating system in the case where, do not need that specific software is installed, corresponding mark can be generated in firmware layer.

Description

A kind of identity generation system and method based on UEFI
Technical field
This is related to one kind based on UEFI firmware, in booting bootup process the invention belongs to computer security technical field The method for generating unique machine mark.
Background technique
Currently, equipment unique identification is generally used for server or other computer equipments can in computer safety field Quickly it is recognized by the system.Device identification generally by operating system specific software generate, have it is below not Foot, specifically includes that
(1) replacement hard disk, again subregion, reinstall operating system after, need to reinstall specific device identification Program is generated, it could generating device mark.
(2) device identification installed in an operating system generates program, is easy to be distorted and delete by virus or wooden horse, Cause system that can not identify existing equipment.
Summary of the invention
Have the purpose of the invention is to overcome the defect of prior art, in order to solve in the bootup process of booting, behaviour Before making system starting, the problem of capableing of the identity of generating device, proposes that a kind of equipment identities mark based on UEFI generates System and method.
A kind of identity generation system based on UEFI, the system comprises equipment information collection modules, local identity Verify interface and identifier generation module;Wherein, the equipment information collection module is used to acquire the hardware information of local device, institute Local authentication interface is stated for accessing external identity-validation device, such as U-key, IC card;The identifier generation module Unique device identification number can be generated in conjunction with local device information and external identity-validation device.
Its process generated are as follows:
Step 1: computer booting powers on, into booting bootup process;
Step 2: loading corresponding hardware driving, such as hard drive in firmware layer;
Step 3: acquiring specific hardware information (such as mainboard number, CPU number);
Step 4: detecting whether external identification apparatus;If there is external equipment is transferred to step 5;If no External equipment then skips this step, enters step nine;
Step 5: loading corresponding device drives;
Step 6: extracting the authentication information of external identity-validation device;
Step 7: detecting whether that user is needed to input presupposed information;If it is required, then being transferred to step 6, otherwise, it is transferred to step Rapid nine;
Step 8: user inputs presupposed information, such as some specific character string;
Step 9: the information being collected into is encrypted, unique device identification number is generated;
Step 10: continuing booting guidance, this process terminates.
The utility model has the advantages that
1, the present invention replace hard disk, again subregion, reinstall operating system in the case where, it is specific not need installation Software can generate corresponding mark in firmware layer.
2, the present invention generates corresponding mark in firmware layer, is not easily susceptible to distorting and deleting for virus or wooden horse.
Detailed description of the invention
Fig. 1 is system overall frame structure figure of the invention;
Fig. 2 is the flow chart that present device Identity Code generates.
Specific embodiment
The present invention will now be described in detail with reference to the accompanying drawings and examples.
As shown in Fig. 1, the present invention provides a kind of, and the identity based on UEFI generates system, and the system comprises set Standby information acquisition module, local authentication interface and identifier generation module;Wherein, the equipment information collection module is for adopting Collect the hardware information of local device, the local authentication interface for accessing external identity-validation device, as U-key, IC card etc.;The identifier generation module can generate Unique Device in conjunction with local device information and external identity-validation device Identification code.
The present invention before application, needs to dispose in advance in terminal, and the method that can be selected includes:
A) drive module is added in UEFI kernel image.
B) the carry Option ROM module in UEFI kernel image.
C) the carry drive module in other peripheral equipments such as trusted card.
As shown in Fig. 2, the present invention is based on the specific implementation method key steps of the software total process protective method of UEFI It is as follows:
Step 1: being inserted into USB KEY on computers, the inside contains identity identification information.Computer booting powers on, into Enter the bootup process that is switched on.
Step 2: loading corresponding hardware driving, such as hard drive in firmware layer.
Step 3: acquiring specific hardware information (such as mainboard number, CPU number).
Step 4: detecting external identification apparatus USB KEY.
Step 5: the driving of load identification apparatus USB KEY.
Step 6: extracting the authentication information of external identity-validation device.
Step 7: the interface of pop-up input presupposed information.
Step 8: user can input the specific character string communicated with presupposed information.
Step 9: the hardware information being collected into and authentication information are encrypted, unique device identification number is generated.
Step 10: continuing booting guidance, this process terminates.
In conclusion the above is merely preferred embodiments of the present invention, being not intended to limit the scope of the present invention. All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in of the invention Within protection scope.

Claims (1)

1. a kind of identity based on UEFI generates system, which is characterized in that the system comprises equipment information collection module, Local authentication interface and identifier generation module;Wherein, the equipment information collection module is for acquiring the hard of local device Part information, the local authentication interface is for accessing external identity-validation device;The identifier generation module combines this Ground facility information and external identity-validation device information generate unique device identification number;
The system is implemented as follows process:
Step 1: computer booting powers on, into booting bootup process;
Step 2: loading corresponding hardware driving in firmware layer;
Step 3: acquiring specific hardware information;
Step 4: detecting whether external identity-validation device;If so, entering step five;If it is not, will be collected into Hardware information encrypted, generate unique device identification number, and enter step 10;
Step 5: loading corresponding identity-validation device driving;
Step 6: extracting the authentication information of external identity-validation device;
Step 7: judging whether that pop-up has the interface of input presupposed information;If so, then entering step eight, if not having, enter step Nine;
Step 8: user inputs presupposed information;
Step 9: the hardware information being collected into and authentication information are encrypted, unique device identification number is generated;
Step 10: continuing booting guidance, this process terminates;
Wherein, before the system work, terminal deployment is carried out, deployment way is that driving is added in UEFI kernel image Module;Alternatively, the carry Option ROM module in UEFI kernel image;Alternatively, the carry drive module in peripheral equipment.
CN201410457574.1A 2014-09-10 2014-09-10 A kind of identity generation system and method based on UEFI Active CN104573474B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410457574.1A CN104573474B (en) 2014-09-10 2014-09-10 A kind of identity generation system and method based on UEFI

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410457574.1A CN104573474B (en) 2014-09-10 2014-09-10 A kind of identity generation system and method based on UEFI

Publications (2)

Publication Number Publication Date
CN104573474A CN104573474A (en) 2015-04-29
CN104573474B true CN104573474B (en) 2019-01-11

Family

ID=53089515

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410457574.1A Active CN104573474B (en) 2014-09-10 2014-09-10 A kind of identity generation system and method based on UEFI

Country Status (1)

Country Link
CN (1) CN104573474B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110990073B (en) * 2019-11-13 2023-09-29 北京城市网邻信息技术有限公司 Method and device for verifying customization requirements of application program
CN112966276B (en) * 2021-04-02 2022-08-16 杭州华澜微电子股份有限公司 Method, device and medium for safely starting computer

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1936761A (en) * 2005-09-23 2007-03-28 联想(北京)有限公司 Computer system of bottom identity identification and method therefor
CN101165696A (en) * 2006-10-16 2008-04-23 中国长城计算机深圳股份有限公司 Safety identification method based on safe computer
CN101777105A (en) * 2010-01-25 2010-07-14 上海北大方正科技电脑系统有限公司 Computer booting anti-counterfeit authentication method based on BIOS
CN101873331A (en) * 2010-07-07 2010-10-27 中国工商银行股份有限公司 Safety authentication method and system
US20110035515A1 (en) * 2009-08-04 2011-02-10 Dell Products, Lp System and Method of Providing a User-Friendly Device Path
CN102932336A (en) * 2012-10-18 2013-02-13 北京奇虎科技有限公司 Terminal identification method and device
CN102930230A (en) * 2012-10-18 2013-02-13 北京奇虎科技有限公司 Computing device identifying method and device
CN103024090A (en) * 2011-09-20 2013-04-03 阿里巴巴集团控股有限公司 Method and system for identifying user terminal
WO2013150238A1 (en) * 2012-04-05 2013-10-10 Toucan System Method for securing access to a computer device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1936761A (en) * 2005-09-23 2007-03-28 联想(北京)有限公司 Computer system of bottom identity identification and method therefor
CN101165696A (en) * 2006-10-16 2008-04-23 中国长城计算机深圳股份有限公司 Safety identification method based on safe computer
US20110035515A1 (en) * 2009-08-04 2011-02-10 Dell Products, Lp System and Method of Providing a User-Friendly Device Path
CN101777105A (en) * 2010-01-25 2010-07-14 上海北大方正科技电脑系统有限公司 Computer booting anti-counterfeit authentication method based on BIOS
CN101873331A (en) * 2010-07-07 2010-10-27 中国工商银行股份有限公司 Safety authentication method and system
CN103024090A (en) * 2011-09-20 2013-04-03 阿里巴巴集团控股有限公司 Method and system for identifying user terminal
WO2013150238A1 (en) * 2012-04-05 2013-10-10 Toucan System Method for securing access to a computer device
CN102932336A (en) * 2012-10-18 2013-02-13 北京奇虎科技有限公司 Terminal identification method and device
CN102930230A (en) * 2012-10-18 2013-02-13 北京奇虎科技有限公司 Computing device identifying method and device

Also Published As

Publication number Publication date
CN104573474A (en) 2015-04-29

Similar Documents

Publication Publication Date Title
US9998488B2 (en) Protection system including machine learning snapshot evaluation
Rathnayaka et al. An efficient approach for advanced malware analysis using memory forensic technique
CN103473346B (en) A kind of Android based on application programming interface beats again bag applying detection method
CN105205358B (en) The method and detection method that a kind of identification Android APP are reinforced
US20130160127A1 (en) System and method for detecting malicious code of pdf document type
CN106682497A (en) System and method of secure execution of code in hypervisor mode
CN102222199A (en) Method and system for identifying identification of application program
CN101916348A (en) Method and system for safely guiding operating system of user
CN105825131B (en) A kind of computer safety start means of defence based on UEFI
CN105653947B (en) A method and device for assessing application data security risks
CN107408176A (en) The execution of malicious objects dissects detection
KR20170068814A (en) Apparatus and Method for Recognizing Vicious Mobile App
CN108763951B (en) Data protection method and device
CN102650944A (en) Operation system security bootstrap device and bootstrap device
CN104580136A (en) UEFI-based long-distance identity authentication system and method
KR101369251B1 (en) Apparatus, method, terminal and system for recovery protection of system files
CN103093129A (en) Registration code generation method and device used for software licensing
CN105488414A (en) Method and system for preventing malicious codes from detecting virtual environments
KR20170020324A (en) Method for completing a secure erase operation
CN106599688A (en) Application category-based Android malicious software detection method
CN105335264A (en) Computer PCIE adapter card function test method based on UEFI
KR102311336B1 (en) Position-fixed iot device for protecting secure storage access information and method for protecting secure storage access information for position-fixed iot device
CN104573474B (en) A kind of identity generation system and method based on UEFI
CN102819700A (en) Device and method for identifying a plurality of biological characteristics in isolation environment
CN107437088A (en) File identification method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100083 north side, 13th floor, Taiji building, No.6 working area (South), wohuqiao, Haidian District, Beijing

Patentee after: CLP Technology (Beijing) Co.,Ltd.

Address before: 100083 north side, 13th floor, Taiji building, No.6 working area (South), wohuqiao, Haidian District, Beijing

Patentee before: CETC (BEIJING) Co.,Ltd.

CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100083 north side, 13th floor, Taiji building, No.6 working area (South), wohuqiao, Haidian District, Beijing

Patentee after: Kunlun Taike (Beijing) Technology Co.,Ltd.

Address before: 100083 north side, 13th floor, Taiji building, No.6 working area (South), wohuqiao, Haidian District, Beijing

Patentee before: CLP Technology (Beijing) Co.,Ltd.

CP01 Change in the name or title of a patent holder