Summary of the invention
At the problems referred to above, the invention provides a kind of credible starting up's method based on certification policy file and hardware information collection, to improve the local authentication ability, satisfy flexible and changeable authentication demand.
Implementation of the present invention is to be terminal equipment configuration certification policy file under trusted context, be stored in the terminal security zone, this strategy file indicate each hardware device item that terminal need authenticate, every verification type and between logical relation, and comprise the proof test value of each hardware device item, once credible starting up's process as shown in Figure 1, concrete steps are as follows:
(1) terminal device powers up startup;
(2) collect hardware device information, according to the certification policy file that has disposed terminal device is authenticated, authenticating step includes:
2.1) read the certification policy file, if there is not the certification policy file carry out step 2.7), if there is the certification policy file carry out step 2.2);
2.2) collection hardware device information;
2.3) according to the certification policy file each hardware device item is carried out verification, verification succeeds carry out step 2.6), otherwise record verification failure relevant information carry out step 2.4);
2.4) if not application authorization strategy file is arranged, then use new certification policy file repeating step 2.2), otherwise carry out step 2.5);
2.5) if do not reach set repeat to authenticate number of times, show that authentication failure message prompting user carries out corresponding operating, waits for certain hour repeating step 2.2), stand-by period length is specifically set with experience as required, otherwise carry out step 2.8);
2.6) the terminal device authentication success, by authentication, the credible startup of infosystem;
2.7) there is not the certification policy file, do not carry out terminal device authentication, infosystem starts, and this situation belongs to common startup, can not guarantee that terminal device moves under trusted context, can not the credible startup of guarantee information system;
2.8) the terminal device authentication failure, default treatment, for example: shut down, report an error to the keeper;
(3) if terminal device is by authenticating, the guarantee information system starts under trusted context; If authentification failure carries out respective handling.
The present invention is after terminal device powers up startup, before infosystem starts, collect hardware device information, according to the certification policy file that has disposed it is carried out verification, promptly carry out the local authentication of terminal device, the assurance terminal is moved under believable physical environment, guarantee that infosystem starts under believable environment, effectively the safety of guarantee information system.
By configuration certification policy file, can realize the terminal device local authentication, need not to connect network and server interaction, higher degree ground guarantees that terminal device moves the guarantee information security of system under trusted context; By disposing the certification policy file neatly, under the situation that does not need the higher-security energy, do not dispose the certification policy file, infosystem starts in normal way, needing under the situation of high safety performance, according to real needs configuration certification policy file, the credible startup of guarantee information system.
Realization of the present invention also is: the certification policy file is according to request for utilization configuration flexibly, and its number is indefinite, as long as satisfy a certification policy file, just can guarantee that terminal starts operation under believable physical environment, with the credible startup of guarantee information system.
For a terminal, have a plurality of certification policy files simultaneously, represent the demand of various authentications, as long as satisfy one of them certification policy file, terminal device is with regard to authentication success.
The present invention is according to different running environment or different demand for security, and authentication details is different, and fixing identifying procedure obviously can not satisfy various authentication demand, and disposing a plurality of certification policy files neatly can well address this problem.Usually terminal is according to fixing certification policy file commonly used of demand configuration, and can revise the certification policy file flexibly along with running environment or demand for security change, when special requirement is arranged, can dispose a plurality of new certification policy files to satisfy special authentication demand.
Realization of the present invention also is: the verification of record failure relevant information is divided into two kinds step 2.3): a kind of for equating the verification failure information, the hardware device of insertion is undesirable, please change a correct hardware device; A kind ofly this hardware device should be do not inserted, this hardware device please be changed for not waiting verification failure information.The present invention is divided into two kinds with the verification relevant information of failing, and two kinds of verification types in the corresponding certification policy file respectively are to satisfy processing requirements.
Realization of the present invention also is: step 2.3), the process that once authenticates comprises:
2.3.1) at a certain hardware device, judge whether the needs verification according to the certification policy file, carry out step 2.3.2 as the needs verification), otherwise carry out step 2.3.3);
2.3.2) extract the hardware device information collect, compare according to the verification type of corresponding hardware information item in the certification policy file and the corresponding proof test value in the certification policy file, if meet the certification policy documentation requirements, this hardware check success, carry out step 2.3.3), otherwise carry out step 2.3.5);
2.3.3) do not handle as also having hardware device, then at the next one hardware device repeating step 2.3.1 that is untreated), otherwise carry out step 2.3.4);
2.3.4) verification succeeds;
2.3.5) the verification failure, record verification failure relevant information.
Corresponding certification policy file once authenticates.
Realization of the present invention also is: the certification policy documentation requirements above-mentioned steps 2.3.2) is: if the certification policy documentation requirements equates verification to this hardware device, the cryptographic hash of the hardware device information of then collecting is identical with the proof test value of corresponding hardware device item in the certification policy file; If the certification policy documentation requirements carries out not waiting verification to this hardware device, the cryptographic hash of the hardware device information of then collecting is different with the proof test value of corresponding hardware device item in the certification policy file.
The present invention can satisfy various authentication demand.Equal verification is equivalent to password authentication, need insert specific movable storage device during such as the credible startup of a certain terminal, and for example flash disk can be opened Yishanmen as a key and guarantee the terminal device clean boot; Do not wait verification can finish wider authentication needs, do not allow to insert any movable storage device during such as the credible startup of a certain terminal.
The present invention has the following advantages compared with prior art:
1. the present invention is stored in the terminal device owing to the certification policy file, do not need with equipment such as certificate servers mutual, can finish authentication in this locality, guarantee that terminal device moves under believable physical environment, guarantee the security of computer information system terminal device.
2. the present invention adopts the authentication mode based on the certification policy file, is not limited to certain fixing identifying procedure, at the variation of authentication demand or the situation that the terminal device authentication demand has change, can dispose the certification policy file flexibly to satisfy the authentication demand.
Embodiment
Embodiment 1
The present invention is a kind of credible starting up's method based on certification policy file and hardware information collection.It under trusted context terminal equipment configuration certification policy file, be stored in the terminal security zone, this strategy file indicate each hardware device item that terminal need authenticate, every verification type and between logical relation, and comprise the proof test value of each hardware device item, once credible starting up's detailed process is as follows:
(1) terminal device powers up startup, and terminal device is often referred to computing machine.
(2) collect hardware device information, according to the certification policy file that has disposed terminal device is authenticated, authenticating step includes:
2.1) read the certification policy file, if there is not the certification policy file carry out step 2.7), if there is the certification policy file carry out step 2.2).
The certification policy file is pre-configured, and this strategy file indicates the hardware device item that terminal need authenticate, every verification type and every between logical relation, and preserve the proof test value of each hardware device item.
But certification policy file flexible configuration as required.The certification policy file disposes a plurality of according to flexible request for utilization, generally, only need certification policy file of configuration such as special-purpose or fixing the use, a plurality of certification policy files of possible configuration use to satisfy flexibly under the situation that specific demand or environmental change are arranged.When a plurality of certification policy file of configuration, the present invention is as long as satisfy a certification policy file, and terminal just can authentication success, and the guarantee information system is with regard to credible startup.
The certification policy file has one in this example, it is hard disk, internal memory and the movable storage device that inserts by USB interface that strategy file indicates each hardware device item that terminal need authenticate, strategy file also indicates every verification that all equates, every between logical relation be logical and.Each hardware device item proof test value is the check information of hard disk, internal memory and the USB interface movable storage device of appointment.
2.2) collection hardware device information.
2.3) according to the certification policy file each hardware device item is carried out verification, verification succeeds carry out step 2.6), otherwise record verification failure relevant information carry out step 2.4).Verification failure relevant information is divided into two kinds: a kind of for equating the verification failure information, the hardware device of insertion is undesirable, please change a correct hardware device; A kind ofly this hardware device should be do not inserted, this hardware device please be changed for not waiting verification failure information.
The process that once authenticates comprises:
2.3.1) at a certain hardware device, judge whether the needs verification according to the certification policy file, carry out step 2.3.2 as the needs verification, otherwise carry out step 2.3.3).
2.3.2) extract the hardware device information collect, compare according to the verification type of corresponding hardware information item in the certification policy file and the corresponding proof test value in the certification policy file, if meet the certification policy documentation requirements, this hardware check success, carry out step 2.3.3), otherwise carry out step 2.3.5).Certification policy documentation requirements wherein is: if the certification policy documentation requirements equates verification to this hardware device, the cryptographic hash of the hardware device information of then collecting is identical with the proof test value of corresponding hardware device item in the certification policy file; If the certification policy documentation requirements carries out not waiting verification to this hardware device, the cryptographic hash of the hardware device information of then collecting is different with the proof test value of corresponding hardware device item in the certification policy file.
2.3.3) do not handle as also having hardware device, then at the next one hardware device repeating step 2.3.1 that is untreated), otherwise carry out step 2.3.4).
2.3.4) verification succeeds.
2.3.5) the verification failure, record verification failure relevant information.
2.4) if not application authorization strategy file is arranged, then use new certification policy file repeating step 2.2), otherwise carry out step 2.5).
2.5) if do not reach set repeat to authenticate number of times, show that authentication failure message prompting user carries out corresponding operating, waits for certain hour repeating step 2.2), stand-by period length is specifically set with experience as required, otherwise carry out step 2.8).
2.6) the terminal device authentication success, by authentication, the credible startup of infosystem.
2.7) there is not the certification policy file, do not carry out terminal device authentication, infosystem starts.This situation belongs to common startup, can not guarantee that terminal device moves under trusted context, can not the credible startup of guarantee information system.
2.8) the terminal device authentication failure, default treatment.Default treatment can be provided with according to demand, as shutting down, reporting an error to the keeper.
(3) if terminal device is by authenticating, the guarantee information system starts under trusted context; If authentification failure carries out respective handling.
The present invention has utilized the authentication mode of certification policy file, but certification policy file flexible configuration, a plurality of configurations are disposed corresponding certification policy file according to concrete use needs, realize the safety guarantee of infosystem under the changeable demand for security by the computer terminal local authentication.
Embodiment 2
Credible starting up's method of collecting based on certification policy file and hardware information is with embodiment 1.
(the kernel version: the concrete developing example 2.6.18) is described specific implementation of the present invention to be combined in linux operating system CentOS 5.3.
A concrete terminal device authentication process is implemented as follows as shown in Figure 2:
2.1) the certification policy file is kept at/root/hw in, read this file with the access authentication strategy file, its directory address is deposited among the strategy file tabulation policy_dir_list, if there is not the certification policy file carry out step 2.7), if there is the certification policy file carry out step 2.2).
2.2) collection hardware device information, the hardware device information of difference collecting and treating apparatus (CPU), PC, BIOS, mainboard (Motherboard), internal memory (MEM), USB, hard disk (HDD), network interface card (NIC), be kept in the relevant hardware facility information object, and deposit the pointer of point at objects in hardware device information list HWLIST_[10] _ continuous item in, specifically each hardware device information gathering mode is as follows:
Obtain CPU information: cpu information is obtained by carrying out this instruction of cpuid.The cpuid instruction is the assembly instruction that obtains CPU information under the intel IA32 framework, can obtain cpu type, model, manufacturer's information, trademark information, sequence number, the thing that a series of CPU such as buffer memory are relevant.Cpuid uses eax as input parameter, eax, and ebx, ecx, edx is as output parameter.Such as, can obtain eax=0 as input parameter manufacturer's information of CPU.Obtain these information being coupled together carry out Hash then, and these information are deposited in the CPU_INFO object after each information of cpu by carrying out cpuid.
Obtain PC, BIOS, Mother board, MEM information: DMI is the abbreviation of English word Desktop Management interface, Desktop Management Interface just, it contains the configuration information relevant for system hardware, the each startup of computing machine all carries out verification to the DMI data, if these data are made mistakes or hardware changes to some extent, if computing machine thinks normally to start one that just must satisfy in following two conditions in this case, first condition is that the hardware that computing machine is more corrected one's mistakes is replaced with original hardware again, and to be the user that has super authority on this TV station computing machine to configuration information change allowing that the hardware that inserts is changed for second condition.The chief component of DMI is Management Information Format (MIF) database, this database has comprised all information about computer system and accessory, and by DMI, we can obtain sequence number, manufacturer computer, Serial Port Information and other system accessory information.In this patent, we use dump memory method, it can make user's dump internal storage data, we can obtain every information of PC, BIOS, Mother board and MEM like this, respectively every information of each hardware is coupled together and carry out Hash, and itself and the essential information of each hardware are deposited among corresponding separately hardware device information object PC_INFO, BIOS_INFO, MOTHER_BOARD_INFO, the MEM_DEVICE_INFO together.
Obtain USB information: USB information leaves in/proc/bus/usb/devices in, by reading the manufacturer information of this file with USB device, product information and sequence number read out, and these information are coupled together carry out Hash then, and these information are deposited in the USB_INFO object.
Obtain HDD information: HDD information generally is placed on/dev/had ,/dev/sda in, read model that these two files can obtain HDD with sequence number, these information are coupled together carry out Hash then, and these information are deposited in the HDD_INFO object.
Obtain NIC information: NIC information generally is placed on/sys/class/net in, read the various information that this file can obtain NIC, the information of obtaining is coupled together carry out Hash then, and these information are deposited in the NIC_INFO object.
2.3) obtain the certification policy file according to the directory address of storing among the Policy List policy_dir_list, carry out the verification of hardware device item according to the certification policy file, verification succeeds carry out step 2.6), otherwise carry out step 2.4).
2.4) if also have the certification policy file of not using among the Policy List policy_dir_list, then use new certification policy file repeating step 2.2), otherwise carry out step 2.5).
2.5) if the terminal device authentication number of times that had carried out do not reach set repeat to authenticate number of times (OSSTART_CHK_RETRY_TIMES), show the failure information of this verification and point out the user to carry out corresponding operating, wait for certain hour repeating step 2.2), stand-by period length is specifically set with experience as required, this example is set at 30 seconds, otherwise carry out step 2.8).
2.6) the terminal device authentication success, by authentication, the credible startup of operating system.
2.7) there is not the certification policy file, do not carry out terminal device authentication, os starting.This situation belongs to common startup, can not guarantee that terminal device moves under trusted context, can not guarantee the credible startup of operating system.
2.8) the terminal device authentication failure, default treatment.Promptly shut down, report an error to the keeper.
Described step 2.1) in, each certification policy file saves as a file, require the hardware device item message file of verification in the conversation strategy, its filename comprises the hardware device sign, as cpuid/NOTcpuid, usbid/NOTusbid etc., hardware device item and the verification type thereof of representing required authentication are preserved the cryptographic hash that all information of corresponding hardware device couple together, i.e. its proof test value in each file.Tactful literature kit contains three hardware device item files in this example, and filename is respectively hddid, memid and usbid.
Described step 2.5) in, the verification failure information of demonstration divides two kinds:
Equate the verification failure information, Lack ofproper hardware identifier .Consider change a correct one.
Do not wait the verification failure information, Invalid hardware identifier .Consider change it.
Described step 2.3) in, the verification of hardware device item is carried out according to the order of CPU, PC, BIOS, Mother board, Memory, HDD, NIC, USB, and detailed process is implemented as follows as shown in Figure 3:
2.3.1) verification is from CPU, searches in applied certification policy file whether the hardware device item file that comprises cpuid in the filename is arranged, and as crossing the step of carrying out 2.3.2 arranged), otherwise show [CPU Check Not Set], carry out step 2.3.3).
2.3.2) continuous item _ HWLIST_[HWPRT_CPU by hardware information tabulation] obtain the cryptographic hash of CPU facility information, compare according to the verification type of corresponding hardware information item in the certification policy file and the corresponding proof test value in the certification policy file, if meet the strategy file requirement, the CPU verification succeeds, show [CPU Check OK], carry out step 2.3.3), otherwise show [CPU Check Failed], carry out step 2.3.5).
2.3.3) do not handle as also having hardware device, then at the next one hardware device repeating step 2.3.1 that is untreated), otherwise carry out step 2.3.4).
2.3.4) verification succeeds.
2.3.5) the verification failure, record verification failure relevant information.
Described step 2.3.2) in, the certification policy documentation requirements is: if comprise NOT (promptly not waiting verification) in the hardware device item filename, cryptographic hash in the file will with from _ HWLIST_[10] the cryptographic hash of the hardware device information obtained different, if do not comprise NOT (promptly equate to verification) in the hardware device item filename, the cryptographic hash in the file will with from _ HWLIST_[10] the cryptographic hash of the hardware device information obtained identical.
Embodiment 3
Credible starting up's method of collecting based on certification policy file and hardware information is with embodiment 1,2.
Computing machine uses correct hard disk, internal memory and USB interface movable storage device starting up, through step 2.1), 2.2), 2.3), 2.6) the computing machine authentication success, the credible startup of operating system.
Computing machine uses correct hard disk and internal memory and wrong USB interface movable storage device starting up, process step 2.1), 2.2), 2.3), 2.4), 2.5), the computing machine authentification failure shows the verification failure information: Lack of proper USB device.Consider change a correct one.
Operate according to the verification failure information: if change correct USB interface movable storage device, through step 2.1), 2.2), 2.3), 2.6) the computing machine authentication success, the credible startup of operating system; If do not change correct USB interface movable storage device, through step 2.1), 2.2), 2.3), 2.4), 2.5), authentification failure repeats verification process, reach repeat to authenticate number of times after, the computing machine authentification failure shuts down and notifies the keeper.
The present invention can carry out local authentication to terminal, do not needing to connect under the situation of certificate server, collect the assurance terminal by certification policy file and hardware information and under the physical environment of safety, move, guarantee to run on the credible startup of infosystem on the terminal.
Embodiment 4
Credible starting up's method of collecting based on certification policy file and hardware information is with embodiment 1,2,3.
Because work requirements needs a more jumbo USB interface movable storage device, disposes a new certification policy file.It is hard disk, internal memory and the movable storage device that inserts by USB interface that strategy file indicates each hardware device item that terminal need authenticate, and strategy file also indicates every verification that all equates, every between logical relation be logical and.Each hardware device item proof test value is the check information of hard disk, internal memory and a jumbo USB interface movable storage device of appointment.
This computer-chronograph has two certification policy files, satisfies one of them certification policy file when needing only start and just can guarantee the credible startup of operating system.
Computing machine uses the USB interface movable storage device starting up of correct hard disk, internal memory and low capacity, through step 2.1), 2.2), 2.3), 2.6) the computing machine authentication success, the credible startup of operating system.
Computing machine uses correct hard disk, internal memory and jumbo USB interface movable storage device starting up, through step 2.1), 2.2), 2.3), 2.4), 2.2), 2.3), 2.6) the computing machine authentication success, the credible startup of operating system.
Computing machine uses correct hard disk and internal memory and wrong USB interface movable storage device starting up, process step 2.1), 2.2), 2.3), 2.4), 2.5), the computing machine authentification failure shows the verification failure information: Lack of proper USB device.Consider change a correct one.
Operate according to the verification failure information: if change one of two correct USB interface movable storage devices, through step 2.1), 2.2), 2.3), 2.6) or 2.1), 2.2), 2.3), 2.4), 2.2), 2.3), 2.6) the computing machine authentication success, the credible startup of operating system; If do not change one of two correct USB interface movable storage devices, through step 2.1), 2.2), 2.3), 2.4), 2.5), authentification failure repeats verification process, reach repeat to authenticate number of times after, the computing machine authentification failure shuts down and notifies the keeper.
But the present invention has the advantage of flexible configuration certification policy file, at the authentic authentication method, as flexible configuration effectively, will have influence on the efficient of system, loses actual using value.Dispose one or more certification policy files neatly according to concrete operating position, the authentication demand that can satisfy various authentication demand and change flexibly, the efficient of assurance authentication, availability is strong.
Embodiment 5
Credible starting up's method of collecting based on certification policy file and hardware information is with embodiment 1-4.
The present invention guarantees the credible startup of the infosystem on the terminal device, and terminal device is often referred to computing machine, and infosystem is often referred to operating system.
Infosystem is subjected to a lot of security threats at present; for example various computer viruses are at user cipher and user data etc.; the safety of much protecting infosystem at the software approach of above-mentioned security threat is also arranged simultaneously; but the security threat from hardware device does not obtain good treatment; computing machine just has not been in unsafe state when also entering infosystem, even if there are sophisticated software safeguard procedures to be difficult to the safety of guarantee information system very much yet.
The saboteur can use special USB movable storage device, keyboard, mouse or hard disk to insert computing machine, obtains various confidential information in operating system, causes user's loss in various degree.The present invention is directed to the security threat that this dangerous hardware device causes, behind computer starting, before the os starting, with experience the hardware device of sensitivity is carried out local authentication according to demand, guarantee to start the operating system under the physical environment of safety, the hardware device of stopping various danger produces security threat to operating system.