CN103368916A - Technology for generating trusted identity certification of computer terminal based on hardware information - Google Patents

Technology for generating trusted identity certification of computer terminal based on hardware information Download PDF

Info

Publication number
CN103368916A
CN103368916A CN201210096245XA CN201210096245A CN103368916A CN 103368916 A CN103368916 A CN 103368916A CN 201210096245X A CN201210096245X A CN 201210096245XA CN 201210096245 A CN201210096245 A CN 201210096245A CN 103368916 A CN103368916 A CN 103368916A
Authority
CN
China
Prior art keywords
information
hardware
trusted identity
terminal
configuration information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201210096245XA
Other languages
Chinese (zh)
Inventor
宾彬
王屿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN201210096245XA priority Critical patent/CN103368916A/en
Publication of CN103368916A publication Critical patent/CN103368916A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a technology for generating trusted identity certification of a computer terminal based on hardware information. The technology comprises the following steps of: acquiring hardware configuration information of a plurality of hardware devices in the computer terminal; generating the trusted identity certification and a trusted identity certification abstract of the computer terminal according to the hardware configuration information, wherein the trusted identity certification comprises the hardware configuration information of the plurality of hardware devices, and the trusted identity certification abstract is acquired by calculating the hardware configuration information of the plurality of hardware devices according to a hash algorithm. The trusted identity certification acquired according to the embodiment of the invention can improve the discrimination of computer hardware, and can ensure to discriminate the computer uniquely. The hardware configuration information is acquired through bypassing an operating system (OS) and by a device driving mode, thereby improving the accuracy of acquisition, avoiding hacker intrusions, and ensuring the security of information. The invention further provides a computer terminal, a trusted identity certification authentication system, and a software authorization verification system.

Description

Based on the credible proof generation technique of the terminal of hardware information
Technical field
The present invention relates to field of computer technology, particularly the credible proof generation technique of a kind of terminal based on hardware information.
Background technology
Client data is safely the important component part of internet arena safety, and the Internet hacker's attack not only is confined to the attack to network service, server, and the attack of client is also become the general trend of computer security.Trusted identity proves a key character of credible calculating, and purpose is whether identity or the configuration information of proof remote platform be reliable, and it is the assurance that the network environment terminal box is trusted mutually.
Concerning the Internet and software company, exist a lot of application scenarioss to relate to the mandate that client environment is used.Such as the mandate to high value software, music, digital publishing rights, company may wish only to authorize a certain subscriber computer to use, and does not allow it to copy privately; Some game companies wish to prevent that game user from practising fraud by the mode of revising game client; Or the computing network resource of a company, only allow to use through the client connection of authorizing.To these application that relates to safety or authorize, how the object believable to liking, through authorizing of the own service that provides is provided, become a very urgent and critical demand.Reach this target, require subscription client to provide a kind of believable method to remove to measure and report the environment of platform, this wherein most important demand be need to obtain one to be used for the reliable characteristic that subscriber computer is distinguished in identification.
This function is a main ability described in the credible calculating, i.e. remote identification ability (Remote Attestation).So-called remote identification refers to the summary by a client hardware and software configuration, thereby allows the third party to go checking client whether change has occured, and carries out the tolerance of completeness of platform.The technic relization scheme of traditional remote identification ownership goal client computer comprises:
1, software is kept in local file or the registration table by the unique guid of api acquisition that the call operation system provides, and carries out server authentication by the mode of encrypting.The method is easy to be cracked and attack in client by modes such as tracking, modification, forgeries by the hacker.
2, application layer hardware identification, these class methods are by obtain a certain class hardware information at the client application layer, such as the hard disk sequence number; The modes such as network interface card Mac address are distinguished computer, and this method is utilized existing hardware vendor's standard, obtain the distinctive identification information of computer hardware and make up, thereby obtain the feature of this computer uniqueness of sign.The shortcoming of this method is that some hardware information can not identify computer accurately in actual applications, the discrimination of hardware information is affected by the standardized degree of hardware information combination variety, hardware information, the acquisition methods of hardware etc., such as the machine without hard disk, or without machine of network interface card etc.And in hardware information that application layer the is obtained a information copy of hardware information in operating system file or registration table often.The hardware information of these systems can be revised and forge in the operating system aspect, such as the Mac address of network interface card.
Summary of the invention
The present invention is intended to solve at least one of technical problem that exists in the prior art.
For this reason, first purpose of the present invention is to propose a kind of trusted identity proof and trusted identity proof of obtaining terminal and makes a summary accurately, reliably the trusted identity of terminal proof generation method.
Second purpose of the present invention is to propose a kind of terminal.
The 3rd purpose of the present invention is to propose the trusted identity proof Verification System of the terminal that a kind of terminal authentication is accurate, reliability is high.
The 4th purpose of the present invention is to propose a kind of soft ware authorization verification system.
To achieve these goals, first aspect present invention embodiment has proposed a kind of trusted identity proof generation method of the terminal based on hardware information, may further comprise the steps: obtain the identification information that comprises in the hardware configuration information of a plurality of hardware devices in the terminal and the described hardware configuration information by driving the ground mode; And
Generate trusted identity proof and the trusted identity proof summary of described terminal according to the identification information that comprises in described hardware configuration information and the described hardware configuration information, wherein, described trusted identity proof comprises the hardware configuration information of described a plurality of hardware devices, and described trusted identity proof summary calculates the identification information that comprises in the hardware configuration information of described a plurality of hardware devices and the described hardware configuration information according to the hash algorithm.
Second aspect present invention embodiment has proposed a kind of terminal, comprising: acquisition module, for the identification information that comprises in the hardware configuration information that obtains a plurality of hardware devices of terminal by driving ground mode and the described hardware configuration information; And
Generation module, the trusted identity proof and the trusted identity proof that are used for generating according to the identification information that described hardware configuration information and described hardware configuration information comprise described terminal are made a summary, wherein, described trusted identity proof comprises the hardware configuration information of described a plurality of hardware devices, and described trusted identity proof summary calculates the identification information that comprises in the hardware configuration information of described a plurality of hardware devices and the described hardware configuration information according to the hash algorithm.
Trusted identity proof generation method and terminal according to the terminal of the embodiment of the invention, the trusted identity proof that obtains and trusted identity proof summary, it has promoted reliability that discrimination, discrimination and this trusted identity to terminal prove and safe.
Third aspect present invention embodiment has proposed a kind of trusted identity proof Verification System of terminal, comprise: the described terminal of above-mentioned second aspect embodiment, described terminal have described trusted identity proof and described trusted identity proof summary; And cloud server, be used for proving that according to described trusted identity proof and described trusted identity summary authenticates the identity of described terminal.
Trusted identity proof Verification System according to the terminal of the embodiment of the invention, realize the cloud authentication and cloud command function of the cloud server (server end) under internet environment, thereby formed the cloud authentication system of a network trusted terminal of cover (terminal).Have authentication accurately, the advantage that reliability is high can effectively be avoided hacker's intrusion.
Fourth aspect present invention embodiment has proposed a kind of soft ware authorization verification system, comprising: the described terminal of above-mentioned second aspect embodiment, described terminal have described trusted identity proof and described trusted identity proof summary; And authentication server, be used for described trusted identity proof and described trusted identity proof made a summary and register that described terminal is registered and authorize.
Soft ware authorization verification system according to the embodiment of the invention, computer unique identification by calculating and terminal, it is the authentication of the cloud certification mode generation of credible proof of identification (CMID) and cloud server, it is a kind of safe and accurately authorize the ability of a certain computer that thereby authentication server can offer ISP and client software manufacturer according to this authentication, and stop cracking and illegally copying of hacker.Or offer the pattern of a kind of stricter secure log of user, prevent because the stolen illegal mandate that causes of user cipher and user's economic loss.
Additional aspect of the present invention and advantage in the following description part provide, and part will become obviously from the following description, or recognize by practice of the present invention.
Description of drawings
Above-mentioned and/or additional aspect of the present invention and advantage are from obviously and easily understanding becoming the description of embodiment in conjunction with following accompanying drawing, wherein:
Fig. 1 is the flow chart based on the trusted identity proof generation method of the terminal of hardware information of the embodiment of the invention;
Fig. 2 is the structure chart of a plurality of hardware acquisition modes of the terminal of the embodiment of the invention;
Fig. 3 is the computer bus structural representation of the terminal of the embodiment of the invention;
Fig. 4 is the generation schematic diagram based on the trusted identity proof generation method of the terminal of hardware information of one embodiment of the invention;
Fig. 5 is the structure chart of the terminal of the embodiment of the invention;
Fig. 6 is the structure chart that the trusted identity of the terminal of the embodiment of the invention proves Verification System;
Fig. 7 is the identifying procedure figure that the trusted identity of the terminal of the embodiment of the invention proves Verification System;
Fig. 8 is the structure chart of the soft ware authorization verification system of the embodiment of the invention; And
Fig. 9 is the mandate schematic diagram of the soft ware authorization verification system of the embodiment of the invention.
Embodiment
The below describes embodiments of the invention in detail, and the example of described embodiment is shown in the drawings, and wherein identical or similar label represents identical or similar element or the element with identical or similar functions from start to finish.Be exemplary below by the embodiment that is described with reference to the drawings, only be used for explaining the present invention, and can not be interpreted as limitation of the present invention.
With reference to following description and accompanying drawing, these and other aspects of embodiments of the invention will be known.These describe and accompanying drawing in, specifically disclose some particular implementation in the embodiments of the invention, represent to implement some modes of the principle of embodiments of the invention, still should be appreciated that the scope of embodiments of the invention is not limited.On the contrary, embodiments of the invention comprise spirit and interior all changes, modification and the equivalent of intension scope that falls into additional claims.
Below in conjunction with accompanying drawing trusted identity proof generation method according to the terminal of the embodiment of the invention is described at first.
Referring to Fig. 1, the trusted identity proof generation method based on the terminal of hardware information according to the embodiment of the invention comprises the steps:
Step S101 obtains the identification information that comprises in the hardware configuration information of a plurality of hardware devices in the terminal and the described hardware configuration information by driving the ground mode.In one embodiment of the invention, the hardware configuration information of a plurality of hardware devices comprises multiple in BIOS TCG information, mainboard information, memory SPD information, hard disk controller information, network interface card information, the display EDID information (Extended Display Identification Data).In an embodiment of the present invention, identification information refer in hardware configuration information can the different computer hardwares of unique differentiation information, the MAC Address of network interface card for example, the sequence number of hard disk, the sequence number of CPU etc.
Particularly:
BIOS is one group of computer program that hardware is set, and is kept among the EPROM or eeprom chip on the mainboard, and the inside fills systematic important information and the setting program of system parameters is set.BIOS has special information and interrupt call for TCG, can be used as the feature of distinguishing computer, UUID field wherein, and spatially it is unique value with upper assurance of time.The UUID value of the BIOS that the embodiment of the invention is obtained is as BIOS TCG information (distinguishing characteristics).
Mainboard information comprises one or more in mainboard chip information and the mainboard source-information.The elements such as DC power supply connector that BIOS chip, I/O control chip, keyboard and panel control switch interface, indicator light plug connector, expansion slot, mainboard and plug-in card more specifically, are generally arranged in the mainboard chip.Therefore, the mainboard chip information spinner will comprise the information of above-mentioned each chip and chip type, production sequence number information etc.And the mainboard source-information generally comprises the information such as manufacturer of mainboard chip.
The memory SPD information spinner will comprise the information such as manufacturer's information, the time of making the product and sequence number of internal memory, particularly, SPD is that the serial that module exists detects (SERIAL PRESENCE DETECT), because present global internal memory manufacturer only has several giants seldom, therefore the standard of internal memory standard has more comparatively speaking comprised enough manufacturer's information, the time of making the product and the sequence numbers of information in the SPD information.Internal memory just begins to comprise the SPD chip from PC100 (before 10 years), and the most internal memories that therefore use at present comprise SPD information.
SPD be one group about the configuration information of memory modules, such as P-Bank quantity, voltage, row address/column address quantity, bit wide, various main time sequential routine (such as CL, tRCD, tRP, tRAS etc.), and product ID.Among the EEPROM that it is 256 bytes that these configuration informations leave a capacity in (Electrically Erasable Programmable Read Only Memory, electrically erasable programmable ROM).
The SPD coding has three kinds, is respectively Legacy, DDR2 FB-DIMM, DDR3 SDRAM.To different classes of internal memory, the identification information that the embodiment of the invention is obtained is the id of manufacturer in the JEDEC tissue, manufacturer's sequence number, the combination of internal memory date of manufacture and four marks of this memory modules sequence number.As shown in table 1, show internal memory and SPD classification:
Fundamental Memory Type SPD Encoding
Fast Page Mode(FPM) Legacy
Extended Data Out(EDO) Legacy
SDRAM Legacy
DDR1 SDRAM Legacy
DDR2 SDRAM except for FB-DIMM Legacy
DDR2 FB-DIMM DDR2 FB-DIMM
DDR3 SDRAM DDR3 SDRAM
Table 1
Hard disk controller information comprises the hard disk sequence number.Normal conditions, the abundant information in the hard disk controller is and credible, and its topmost hard disk controller information is the hard disk sequence number, and normally, the hard disk sequence number can be determined the uniqueness of hard disk.
In network interface card packets of information purse rope card manufacturer information, network interface card type information and the MAC Address of Network Card information one or more.Particularly, MAC Address of Network Card is one and is assigned to a unique identifier of network interface card at the physics network segment, comprises that such as IEEE 802 networks Ethernet is all in accordance with this address standard.MAC Address of Network Card is usually distributed by the manufacturer of network interface unit and is stored in the read-only memory of interface card or in the firmware chip.According to the standard of IEEE, mainly contain at present MAC-48, EUI-48, the MAC Address of three kinds of forms of EUI-64, and IEEE 802 networks use the MAC-48 form, namely 48 address space can have 281,474,976,710,656 kinds of possible MAC Address altogether.
Monitor information generally includes the display EDID information of sign display device sequence number.Particularly, EDID is a display standard by the definition of VESA-VESA, the display of main flow all includes the EDID information of sign display device sequence number at present, it has identified the resolution of display, refresh rate, the hardware capabilities information such as size, and produce family, the information such as product ID of producing.EDID is one 256 combining characters string, and wherein the 8th to 19 is product ID, even obtain this segment data in the embodiment of the invention as one of feature that identifies computer.
Certainly embodiments of the invention are not limited to this, can also obtain other reliable hardware unique identification information, and make up and obtain trusted identity and prove, in general, the standard of selected hardware information sign for this reason hardware is computer (terminal) standard fitting, and possesses the hardware unique identification feature that meets producer's consensus standard.
Computer hardware equipment acquisition methods by the way, can be by the kind (combinations of a plurality of hardware informations) of maximized acquisition computer hardware information, and a plurality of hardware informations are made up, the trusted identity that obtains thus proves that (feature of difference computer) can increase substantially the discrimination of computer hardware in actual applications, and usually can guarantee the differentiation computer that it can be unique.
After the above-mentioned hardware information that obtains obtaining, the embodiment of the invention is by directly reading bus message or read hardware information to obtain the hardware configuration information of a plurality of hardware devices in the terminal by call driver at the driving layer.Particularly, from the angle of fail safe with anti-deception, the hardware configuration information that traditional application layer API that utilizes operating system (OS) gets access to is also unreliable, because they are easy to be tampered (as revising windows registry information).Based on above-mentioned consideration, embodiments of the invention are in order to obtain reliable hardware information, by walking around OS with the form of device drives, namely by directly read bus message or direct and a plurality of hardware device communications by call driver at the driving layer, get access to relevant hardware information.Thus, promote the obtaining information accuracy, avoid hacker's intrusion, the fail safe of guarantee information, the information that prevented is tampered.
As shown in Figure 2, show a example by driving layer and directly reading bus message or read hardware information by call driver.Particularly, the hardware configuration information that traditional approach utilizes the application layer API of OS operating system to get access to is also unreliable, because the hardware configuration information that obtains is easy to be tampered (as revising windows registry information).Therefore, obtain reliable hardware information, need to walk around OS, with the form of device drives, direct and hardware device communication gets access to relevant hardware information.As shown in Figure 3, show the bus structures of terminal.
In conjunction with Fig. 3, the embodiment of the invention comprises by directly reading bus message or read hardware information by call driver at the driving layer:
1) BIOS TCG information and SMBIOS information are obtained by WMI or physical memory Direct Access Mode driving layer, and BIOS provides some to obtain the power function of hardware device information, conveniently obtain.
2) the memory SPD information exchange is crossed the SMBUS bus realization of reading board chip set, or obtains by the SMBios power function.
3) the hard disk controller information exchange is crossed DeviceIOControl and is obtained, uses the SMART state to obtain from hard drive, perhaps obtains by IO port mode.
4) the mainboard information exchange is crossed BIOS and is obtained.
5) network interface card information (mac address information) is by driving the directly EPROM acquisition of access physical network card of layer.
6) the overdrive read-only memory of layer access display of display EDID information exchange obtains.
Step S102, generate trusted identity proof and the trusted identity proof summary of described terminal according to the identification information that comprises in hardware configuration information and the hardware configuration information, wherein, described trusted identity proof comprises the hardware configuration information of described a plurality of hardware devices, and described trusted identity proof summary calculates the identification information that comprises in the hardware configuration information of a plurality of hardware devices and the hardware configuration information according to the hash algorithm.As shown in Figure 4, prove the schematic diagram of making a summary for trusted identity proof and the trusted identity that generates described terminal.
Particularly, the trusted identity proof that generates described terminal comprises:
1, described terminal generates the first session key by randomizer, described the first session key has the AES encryption key, namely generate a SessionKey (the first session key) with randomizer, the key that the packet data piece income AES that encapsulates as the hardware configuration information to a plurality of hardware devices encrypts.
2, the hardware configuration information of described a plurality of hardware devices merged, and the hardware configuration information of the described a plurality of hardware devices after being combined according to the RSA PKI that described the first session key and described terminal prestore is encrypted, namely be encrypted with each hardware identification data merging that obtains and with key, SessionKey is encrypted by the RSA PKI that system prestores.
3, encryption is finished and merge after the hardware configuration information of described a plurality of hardware devices encode to generate trusted identity and prove, namely finish data stuffing, and whole bag is carried out base64 encode, generate trusted identity and prove (client unique identification code).
The trusted identity proof summary that generates described terminal comprises:
1, terminal generates the second session key by randomizer, the second session key has the AES encryption key, that is to say, generate a SessionKey (the second session key) with randomizer, as the key that packet data piece income AES is encrypted.
2, the hardware configuration information of a plurality of hardware devices merged, and the summary of the hardware configuration information of a plurality of hardware devices after obtaining merging by the hash algorithm, namely merge with each hardware identification data that obtains and draw summary with the hash algorithm.
3, the RSA PKI that prestores according to the second session key and terminal is encrypted the summary of the hardware configuration information of a plurality of hardware devices, namely is encrypted with key, and SessionKey is encrypted by the RSA PKI that system prestores.
4, the summary of the hardware configuration information of a plurality of hardware devices after encrypting is encoded to generate trusted identity proof summary, namely finish data stuffing, and whole bag is carried out base64 encode, generate trusted identity proof summary (client hash identification code).
As shown in Figure 5, further embodiment of the present invention has proposed a kind of terminal 400, comprises acquisition module 410 and generation module 420, wherein:
Acquisition module 410 is for the identification information that comprises in the hardware configuration information that obtains a plurality of hardware devices of terminal by driving ground mode and the hardware configuration information.In one embodiment of the invention, the hardware configuration information of a plurality of hardware devices comprises multiple in BIOS TCG information, mainboard information, memory SPD information, hard disk controller information, network interface card information, the display EDID information.Particularly: mainboard information comprises one or more in mainboard chip information and the mainboard source-information.The elements such as DC power supply connector that BIOS chip, I/O control chip, keyboard and panel control switch interface, indicator light plug connector, expansion slot, mainboard and plug-in card more specifically, are generally arranged in the mainboard chip.Therefore, the mainboard chip information spinner will comprise the information of above-mentioned each chip and chip type, production sequence number information etc.And the mainboard source-information generally comprises the information such as manufacturer of mainboard chip.
BIOS is one group of computer program that hardware is set, and is kept among the EPROM or eeprom chip on the mainboard, and the inside fills systematic important information and the setting program of system parameters is set.BIOS has special information and interrupt call for TCG, can be used as the feature of distinguishing computer, UUID field wherein, and spatially it is unique value with upper assurance of time.The UUID value of the BIOS that the embodiment of the invention is obtained is as BIOS TCG information (distinguishing characteristics).
The memory SPD information spinner will comprise the information such as manufacturer's information, the time of making the product and sequence number of internal memory, particularly, SPD is that the serial that module exists detects (SERIAL PRESENCE DETECT), because present global internal memory manufacturer only has several giants seldom, therefore the standard of internal memory standard has more comparatively speaking comprised enough manufacturer's information, the time of making the product and the sequence numbers of information in the SPD information.Internal memory just begins to comprise the SPD chip from PC100 (before 10 years), and the most internal memories that therefore use at present comprise SPD information.
SPD be one group about the configuration information of memory modules, such as P-Bank quantity, voltage, row address/column address quantity, bit wide, various main time sequential routine (such as CL, tRCD, tRP, tRAS etc.), and product ID.Among the EEPROM that it is 256 bytes that these configuration informations leave a capacity in (Electrically Erasable Programmable Read Only Memory, electrically erasable programmable ROM).
The SPD coding has three kinds, is respectively Legacy, DDR2 FB-DIMM, DDR3 SDRAM.To different classes of internal memory, the identification information that the embodiment of the invention is obtained is the id of manufacturer in the JEDEC tissue, manufacturer's sequence number, the combination of internal memory date of manufacture and four marks of this memory modules sequence number.As shown in table 1, show internal memory and SPD classification:
Fundamental Memory Type SPD Encoding
Fast Page Mode(FPM) Legacy
Extended Data Out (EDO) Legacy
SDRAM Legacy
DDR1 SDRAM Legacy
DDR2 SDRAM except for FB-DIMM Legacy
DDR2 FB-DIMM DDR2 FB-DIMM
DDR3 SDRAM DDR3 SDRAM
Table 1
Hard disk controller information comprises the hard disk sequence number.Normal conditions, the abundant information in the hard disk controller is and credible, and its topmost hard disk controller information is the hard disk sequence number, and normally, the hard disk sequence number can be determined the uniqueness of hard disk.
In network interface card packets of information purse rope card manufacturer information, network interface card type information and the MAC Address of Network Card information one or more.Particularly, MAC Address of Network Card is one and is assigned to a unique identifier of network interface card at the physics network segment, comprises that such as IEEE 802 networks Ethernet is all in accordance with this address standard.MAC Address of Network Card is usually distributed by the manufacturer of network interface unit and is stored in the read-only memory of interface card or in the firmware chip.According to the standard of IEEE, mainly contain at present MAC-48, EUI-48, the MAC Address of three kinds of forms of EUI-64, and IEEE 802 networks use the MAC-48 form, namely 48 address space can have 281,474,976,710,656 kinds of possible MAC Address altogether.
Monitor information generally includes the display EDID information of sign display device sequence number.Particularly, EDID is a display standard by the definition of VESA-VESA, the display of main flow all includes the EDID information of sign display device sequence number at present, it has identified the resolution of display, refresh rate, the hardware capabilities information such as size, and produce family, the information such as product ID of producing.EDID is one 256 combining characters string, and wherein the 8th to 19 is product ID, even obtain this segment data in the embodiment of the invention as one of feature that identifies computer.
Certainly embodiments of the invention are not limited to this, can also obtain other reliable hardware unique identification information, and make up and obtain trusted identity and prove, in general, the standard of selected hardware information sign for this reason hardware is computer (terminal) standard fitting, and possesses the hardware unique identification feature that meets producer's consensus standard.
Thus, can be by the kind (combinations of a plurality of hardware informations) of maximized acquisition computer hardware information, and a plurality of hardware informations are made up, the trusted identity that obtains thus proves that (feature of difference computer) can increase substantially the discrimination of computer hardware in actual applications, and usually can guarantee the differentiation computer that it can be unique.Particularly:
After the above-mentioned hardware information that obtains obtaining, the embodiment of the invention is by directly reading bus message or read hardware information to obtain the hardware configuration information of a plurality of hardware devices in the terminal by call driver at the driving layer.Particularly, from the angle of fail safe with anti-deception, the hardware configuration information that traditional application layer API that utilizes operating system (OS) gets access to is also unreliable, because they are easy to be tampered (as revising windows registry information).Based on above-mentioned consideration, the acquisition module 410 of embodiments of the invention is in order to obtain reliable hardware information, by walking around OS with the form of device drives, namely by directly read bus message or direct and a plurality of hardware device communications by call driver at the driving layer, get access to relevant hardware information, be that acquisition module 410 is by driving the direct information that reads a plurality of hardware devices from the pci bus 430 of terminal 400 of layer, perhaps by going to the Dongcheng District to read the information of each hardware device, can be by the kind (combinations of a plurality of hardware informations) of maximized acquisition computer hardware information.Thus, promote the obtaining information accuracy, avoid hacker's intrusion, the fail safe of guarantee information, the information that prevented is tampered.Increase substantially in actual applications the discrimination of computer hardware, and usually can guarantee the differentiation computer that it can be unique.
As shown in Figure 2, show a example by driving layer and directly reading bus message or read hardware information by call driver.Particularly, the hardware configuration information that traditional approach utilizes the application layer API of OS operating system to get access to is also unreliable, because the hardware configuration information that obtains is easy to be tampered (as revising windows registry information).Therefore, obtain reliable hardware information, need to walk around OS, with the form of device drives, direct and hardware device communication gets access to relevant hardware information.As shown in Figure 3, show the bus structures of terminal.
In conjunction with Fig. 3, the embodiment of the invention comprises by directly reading bus message or read hardware information by call driver at the driving layer:
1) BIOS TCG information and SMBIOS information are obtained by WMI or physical memory Direct Access Mode driving layer, and BIOS provides some to obtain the power function of hardware device information, conveniently obtain.
2) the memory SPD information exchange is crossed the SMBUS bus realization of reading board chip set, or obtains by the SMBios power function.
3) the hard disk controller information exchange is crossed DeviceIOControl and is obtained, uses the SMART state to obtain from hard drive, perhaps obtains by IO port mode.
4) the mainboard information exchange is crossed BIOS and is obtained.
5) network interface card information (mac address information) is by driving the directly EPROM acquisition of access physical network card of layer.
6) the overdrive read-only memory of layer access display of display EDID information exchange obtains.
Then, generation module 420 is used for generating according to the identification information that hardware configuration information and described hardware configuration information comprise trusted identity proof and the trusted identity proof of terminal 400 and makes a summary, wherein, trusted identity proof comprises the hardware configuration information of a plurality of hardware devices, and trusted identity proof summary calculates the identification information that comprises in the hardware configuration information of a plurality of hardware devices and the described hardware configuration information according to the hash algorithm.
Particularly, particularly, the trusted identity proof that generation module 420 generates terminal comprises:
1, described terminal generates the first session key by randomizer, described the first session key has the AES encryption key, namely generate a SessionKey (the first session key) with randomizer, the key that the packet data piece income AES that encapsulates as the hardware configuration information to a plurality of hardware devices encrypts.
2, the hardware configuration information of described a plurality of hardware devices merged, and the hardware configuration information of the described a plurality of hardware devices after being combined according to the RSA PKI that described the first session key and described terminal prestore is encrypted, namely be encrypted with each hardware identification data merging that obtains and with key, SessionKey is encrypted by the RSA PKI that system prestores.
3, encryption is finished and merge after the hardware configuration information of described a plurality of hardware devices encode to generate trusted identity and prove, namely finish data stuffing, and whole bag is carried out base64 encode, generate trusted identity and prove (client unique identification code).
The trusted identity proof summary that generation module 420 generates terminal comprises:
1, terminal generates the second session key by randomizer, the second session key has the AES encryption key, that is to say, generate a SessionKey (the second session key) with randomizer, as the key that packet data piece income AES is encrypted.
2, the hardware configuration information of a plurality of hardware devices merged, and the summary of the hardware configuration information of a plurality of hardware devices after obtaining merging by the hash algorithm, namely merge with each hardware identification data that obtains and draw summary with the hash algorithm.
3, the RSA PKI that prestores according to the second session key and terminal is encrypted the summary of the hardware configuration information of a plurality of hardware devices, namely is encrypted with key, and SessionKey is encrypted by the RSA PKI that system prestores.
4, the summary of the hardware configuration information of a plurality of hardware devices after encrypting is encoded to generate trusted identity proof summary, namely finish data stuffing, and whole bag is carried out base64 encode, generate trusted identity proof summary (client hash identification code).
The trusted identity that obtains according to trusted identity proof generation method and the terminal of the terminal of the embodiment of the invention proves, it has promoted the reliability of discrimination, discrimination and this trusted identity proof to terminal and safe.Particularly, by the kind of maximized acquisition computer hardware information, increase substantially in actual applications the discrimination of computer hardware, and guarantee in theory the differentiation computer that it can be unique.In addition, by directly reading bus message or read each hardware unique identification by call driver driving layer, thereby greatly improve the threshold of malicious user cheating, make it abandon cheating.
As shown in Figure 6, embodiments of the invention have also proposed a kind of trusted identity proof Verification System 500 of terminal, comprise the terminal 400 shown in above-described embodiment and cloud server 330 (cloud authentication server as shown in Figure 4).
This terminal 400 has trusted identity proof and the trusted identity proof summary that obtains by the way.Cloud server 330 is used for proving that according to trusted identity proof and trusted identity summary authenticates the identity of terminal 400.Particularly, terminal 400 (client) communicates with cloud with cloud server 330 (server end) and authenticates under networked environment, and terminal 400 can be accepted the instruction in high in the clouds, thereby realizes effective control of 330 pairs of trusted computer terminals 400 of cloud server.The trusted identity that terminal 400 adopts the mode of above-described embodiment to obtain proves (CMID), generate corresponding communications packets by the cloud indentification protocol, and in the process of terminal 400 registration, checking, pass to cloud server 330 and verify, so that identification, mandate and the checking of 330 pairs of terminals 400 of cloud server.Thus, realize the cloud authentication and cloud command function of the cloud server 330 (server end) under internet environment, thereby formed the cloud authentication system of a network trusted terminal of cover (terminal 400).Have authentication accurately, the advantage that reliability is high can effectively be avoided hacker's intrusion.
As shown in Figure 7, the flow process that authenticates for the identity of 330 pairs of terminals 400 of cloud server of the trusted identity proof Verification System 600 of the terminal of one embodiment of the invention.
Particularly, in conjunction with Fig. 4, terminal 400 (client computer) carries out disposable checking or starts a timer regularly and server communication when starting, the trusted identity that cloud server 330 (cloud authentication server) obtains terminal 400 (client computer) proves (computer unique identification) and compares with the trusted identity proof that this terminal 400 has been registered, and return results to terminal 400 this terminal 400 users are pointed out this terminal 400 whether be authorized to.
In conjunction with Fig. 7, as a concrete example, the identify label proof procedure of 330 pairs of terminals 400 of cloud server is as follows:
Step S701, client terminal start-up, namely terminal 400 starts.
Step S702, the checking client software integrity.Whether the software of namely judging terminal 400 is complete, if otherwise go to step S703, otherwise execution in step S704.
Step S703, be verified as by, return the unauthorized result.
Step S704 starts timer.
Step S705, client (terminal 400) is driving layer acquisition hardware information and is obtaining short hash summary, the i.e. summary of hardware information.
Step S706 encapsulates with server end (cloud authentication server 330) by network application-level protocol and to communicate, and server end unpacks and contrast the registered information of server.
Step S707, whether good authentication computer hardware integrality.
Step S708, if step S707 authentication failed, authorization function is closed in then unauthorized success.
Step S709, if step S707 is proved to be successful, the client authorization function is held open.
For the terminal 400 after some authentications, after authentication, just can license some such as services such as charging softwares, particularly, in traditional mode, the chargeable service of ISP user id's normally Network Based, judge namely whether the user has bought a certain service, is to verify by the mode of user id.No matter the user is on which platform computer, as long as this user has bought this service, then can use this service.This kind ways of services supplied often causes some leaks to produce, service such as some member system website is illegally shared, or certain some digital publishing rights resource is illegally copied on many computers, or because user's login password is stolen, causes passive safety and illegal licensing issue.Some Online Video service providers may need to guarantee that its Online Video service that provides can only be running in through on the machine of authorizing, rather than based on the pattern of user id.Therefore, adopt the trusted identity of the terminal of the embodiment of the invention to prove that the trusted identity of passing through terminal 400 (client computer) of Verification System 600 proves the authentication mode of (unique identification), namely adopt trusted identity to prove (subscriber set unique identification code) and timestamp as the mode of authorization identification information, can be spatially upward control and authenticate the mandate of network service with the time.
Same, client software manufacturer is the most normal, and what run into also is the licensing issue of software.Because the particularity of this commodity of software is easy to produce illegal software copy.The mode whether this just requires software vendor to need a kind of verifying software to be authorized to.The mode that adopts the checking of software registration code is the mode of normal use of client software.Yet the charge that the most normal problem of running into of client software manufacturer is exactly software and mandate are cracked by the hacker, cause walking crosswise of piracy software, and the software losses of revenues are serious.The hacker cracks the mode of client nothing more than several, and a kind of is to have cracked the method that client is obtained the authorization, such as the algorithm of registration code; A kind of is directly to revise the client binary code to walk around licensing process; A kind of is the copying and forging authorization code, thereby produces illegal client software copy.Yet, the client computer unique identification (trusted identity proves) that the authentication mode of the trusted identity proof Verification System 600 of the terminal by the embodiment of the invention proposes and the cloud certification mode of server end (cloud server 330), it is a kind of safe and accurately authorize the ability of a certain computer to offer ISP and client software manufacturer, and stop cracking and illegally copying of hacker, improved internet security.
For another example, some enterprise is stolen for preventing network hardware assets, need to manage hardware assets.The trusted identity of the terminal 400 that the aforesaid way by the embodiment of the invention obtains proves, this trusted identity proof enlarges the content of hardware obtaining information, increase hardware quantity, classification, performance, the information such as business men also obtains the hash value and registers (obtaining trusted identity proof summary), then the computer (above-mentioned terminal 400) in the network is regularly reported hardware information hash value to server (cloud server 330), if the 400 report times of terminal, the overtime terminal 400 that shows broke away from network, change has occured if report hardware information hash value, illustrate that variation has occured terminal 400 hardware configurations, server is reported to the police.Like this, further promote the fail safe of terminal 400, avoided the hardware information of terminal 400 to be tampered, guaranteed the safety that terminal 400 is authorized.
Certainly, the certification mode of the trusted identity of embodiment of the invention proof Verification System 600 can also strengthen the login security of terminal 400.Particularly:
A little less than traditional user name+the cryptographic consumer identity authorization system is highly brittle, for example cause easily a large amount of leakages of website account number cipher database.And the mode of the embodiment of the invention can prevent or reduce the various actives of user account number or passive password and reveal the loss that causes for carrying out safe enhancing as the basis of login banner at user's network account and password.As a concrete example, if connected user authenticated adopts secure log, then the user is after verifying that account number and password pass through, report the hardware information unique identification code (trusted identity proves) of terminal 400 to server end (cloud server 330), with the user account number binding, and in server end mark unlatching secure log.Like this, the computer hardware information unique identification code of related report of when login next time through encrypting if variation has occured identification code, then closed such as virtual article trading, the higher function of security requirement such as transfer accounts.Prompting user is taked the safety verification mode password of resetting during later on login, illegally is not benefited by unauthorized user with the protection account number.
In other example of the present invention, higher to the security requirement of internal network such as secure private network enterprise or government.The embodiment of the invention can prevent that equally non-authority computer from using the internal security network, such as above-mentioned cloud authentication mode by the method for computer registration and server authentication.In addition, embodiments of the invention can also be to real user machine quantity statistics, and particularly, computer unique identification code (trusted identity proves) can be applied to the statistics of access to netwoks isolated user machine (terminal 400) quantity.For example each time customer access network service all needs to report computer unique identification code, and server end (cloud server 330) can be collected and add up computer unique identification code (trusted identity proves).This is because the trusted identity proof of each terminal 400 is all different, realizes thus that to real user machine quantity statistics namely each trusted identity proof represents a real subscriber set.
In addition, embodiments of the invention have proposed a kind of corresponding soft ware authorization verification system, and referring to Fig. 8, this soft ware authorization verification system 700 comprises the terminal 400 shown in above-described embodiment and authentication server 710 (registration server).
Terminal 400 has the trusted identity shown in above-described embodiment proves (CMID) and trusted identity proof summary.Authentication server 710 is used for trusted identity proof and described trusted identity proof made a summary and registers that terminal is registered and authorize.Thus, computer unique identification by terminal 400, it is the authentication of the cloud certification mode generation of credible proof of identification (CMID) and authentication server 710, it is a kind of safe and accurately authorize the ability of a certain computer that thereby authentication server 710 can offer ISP and client software manufacturer according to this authentication, and stop cracking and illegally copying of hacker.Or offer the pattern of a kind of stricter secure log of user, prevent because the stolen illegal mandate that causes of user cipher and user's economic loss.
Referring to Fig. 9, the flow process of authorizing for the identity of 710 pairs of terminals 400 of authentication server of the soft ware authorization verification system 700 of the terminal of one embodiment of the invention.
In conjunction with Fig. 9, as a concrete example, licensing process is as follows:
Step S901, client terminal start-up.
Step S902, the checking client software integrity.If checking client software is imperfect, then goes to step S903, otherwise go to step S904.
Step S903 returns the unauthorized result.
Step S904, client generates computer unique identification (identify label).
Step S905 encapsulates by network application-level protocol.
Step S906 communicates with server end (registration server as shown in Figure 4, authentication server 710 as shown in Figure 8), and server end unpacks and computer is registered.
Step S907 judges whether to be registrated successfully, if otherwise go to step S908, otherwise go to step S909.
Step S908, unregistered success.
Step S909, the client terminal start-up authorization function.
Certainly embodiments of the invention are not limited to this, in actual applications, the system of the embodiment of the invention can also be applied to hardware assets management, account binding, exempts from that the Password Input safety automation logs in, the safe enhancing of IM, digital publishing rights and background user quantity statistics be medium.
The hardware configuration information that obtains of mode according to an embodiment of the invention, the single hardware information that obtains than in the past mode, discrimination such as hard disk controller sequence number or physical network card Mac address etc. often can only reach 85% to 90%, and is broken through and forge by the hacker easily.And the hardware configuration information that the mode of the embodiment of the invention obtains is combined to form with a plurality of hardware informations, its discrimination shows through the test of thousands of nearly 1,000,000 computers in Internet bar in the whole nation, its hardware zone calibration reaches 99.81%, thus, can distinguish accurately and identify user's computer, and the hardware information acquisition methods of the embodiment of the invention, application layer by the workaround system, form with device drives, directly and the hardware device communication, get access to relevant hardware information, so that fail safe is greatly improved, the difficulty that the hacker cracks promotes greatly.
In flow chart the expression or in this logic of otherwise describing and/or step, for example, can be considered to the sequencing tabulation for the executable instruction that realizes logic function, may be embodied in any computer-readable medium, use for instruction execution system, device or equipment (such as the computer based system, comprise that the system of processor or other can and carry out the system of instruction from instruction execution system, device or equipment instruction fetch), or use in conjunction with these instruction execution systems, device or equipment.With regard to this specification, " computer-readable medium " can be anyly can comprise, storage, communication, propagation or transmission procedure be for instruction execution system, device or equipment or the device that uses in conjunction with these instruction execution systems, device or equipment.
The more specifically example of computer-readable medium (non-exhaustive list) comprises following: the electrical connection section (electronic installation) with one or more wirings, portable computer diskette box (magnetic device), random access memory (RAM), read-only memory (ROM), the erasable read-only memory (EPROM or flash memory) of editing, fiber device, and portable optic disk read-only memory (CDROM).In addition, computer-readable medium even can be paper or other the suitable media that to print described program thereon, because can be for example by paper or other media be carried out optical scanner, then edit, decipher or process to obtain described program in the electronics mode with other suitable methods in case of necessity, then it is stored in the computer storage.
Should be appreciated that each several part of the present invention can realize with hardware, software, firmware or their combination.In the above-described embodiment, a plurality of steps or method can realize with being stored in the memory and by software or firmware that suitable instruction execution system is carried out.For example, if realize with hardware, the same in another embodiment, can realize with the combination of each or they in the following technology well known in the art: have for the discrete logic of data-signal being realized the logic gates of logic function, application-specific integrated circuit (ASIC) with suitable combinational logic gate circuit, programmable gate array (PGA), field programmable gate array (FPGA) etc.
In the description of this specification, the description of reference term " embodiment ", " some embodiment ", " example ", " concrete example " or " some examples " etc. means to be contained at least one embodiment of the present invention or the example in conjunction with specific features, structure, material or the characteristics of this embodiment or example description.In this manual, the schematic statement of above-mentioned term not necessarily referred to identical embodiment or example.And the specific features of description, structure, material or characteristics can be with suitable mode combinations in any one or more embodiment or example.
Although illustrated and described embodiments of the invention, those having ordinary skill in the art will appreciate that: can carry out multiple variation, modification, replacement and modification to these embodiment in the situation that does not break away from principle of the present invention and aim, scope of the present invention is limited by claim and equivalent thereof.

Claims (18)

1. the trusted identity proof generation method based on the terminal of hardware information is characterized in that, may further comprise the steps:
Obtain the identification information that comprises in the hardware configuration information of a plurality of hardware devices in the terminal and the described hardware configuration information by driving the ground mode; And
Generate trusted identity proof and the trusted identity proof summary of described terminal according to the identification information that comprises in described hardware configuration information and the described hardware configuration information, wherein, described trusted identity proof comprises the hardware configuration information of described a plurality of hardware devices, wherein, described trusted identity proof summary calculates the identification information that comprises in the hardware configuration information of described a plurality of hardware devices and the described hardware configuration information according to the hash algorithm.
2. the trusted identity of the terminal based on hardware information as claimed in claim 1 proof generation method is characterized in that the trusted identity that generates described terminal proves, further comprises:
Described terminal generates the first session key by randomizer, and described the first session key has the AES encryption key;
Hardware configuration information to described a plurality of hardware devices merges, and the hardware configuration information of the described a plurality of hardware devices after being combined according to the RSA PKI that described the first session key and described terminal prestore is encrypted; And
To encryption finish and merge after the hardware configuration information of described a plurality of hardware devices encode to generate described trusted identity and prove.
3. the trusted identity of the terminal based on hardware information as claimed in claim 1 proof generation method is characterized in that, generates the trusted identity proof summary of described terminal, further comprises:
Described terminal generates the second session key by randomizer, and described the second session key has the AES encryption key;
Hardware configuration information to described a plurality of hardware devices merges, and the summary of the hardware configuration information of the described a plurality of hardware devices after obtaining merging by described hash algorithm;
The RSA PKI that prestores according to described the second session key and described terminal is encrypted the summary of the hardware configuration information of described a plurality of hardware devices; And
Summary to the hardware configuration information of the described a plurality of hardware devices after encrypting encodes to generate described trusted identity proof summary.
4. the trusted identity of the terminal based on hardware information as claimed in claim 1 proof generation method, it is characterized in that the hardware configuration information of described a plurality of hardware devices comprises multiple in BIOS TCG information, mainboard information, memory SPD information, hard disk controller information, network interface card information, the display EDID information.
5. such as the trusted identity proof generation method of claim 1 or 4 described terminals based on hardware information, it is characterized in that described hard disk controller information comprises the hard disk sequence number.
6. such as the trusted identity proof generation method of each described terminal based on hardware information of claim 1-5, it is characterized in that described mainboard information comprises one or more in mainboard chip information and the mainboard source-information.
7. such as the trusted identity proof generation method of each described terminal based on hardware information of claim 1-6, it is characterized in that one or more in described network interface card packets of information purse rope card manufacturer information, network interface card type information and the MAC Address of Network Card information.
8. such as the trusted identity proof generation method of each described terminal based on hardware information of claim 1-7, it is characterized in that, by directly reading bus message or read hardware information to obtain the hardware configuration information of a plurality of hardware devices in the terminal by call driver at the driving layer.
9. a terminal is characterized in that, comprising:
Acquisition module is for the identification information that comprises in the hardware configuration information that obtains a plurality of hardware devices of terminal by driving ground mode and the described hardware configuration information; And
Generation module, the trusted identity proof and the trusted identity proof that are used for generating according to the identification information that described hardware configuration information and described hardware configuration information comprise described terminal are made a summary, wherein, described trusted identity proof comprises the hardware configuration information of described a plurality of hardware devices, and described trusted identity proof summary calculates the identification information that comprises in the hardware configuration information of described a plurality of hardware devices and the described hardware configuration information according to the hash algorithm.
10. terminal as claimed in claim 9, it is characterized in that, described generation module generates the first session key by described terminal by randomizer, described the first session key has the AES encryption key, and the hardware configuration information of described a plurality of hardware devices merged, and the hardware configuration information of the described a plurality of hardware devices after being combined according to the RSA PKI that described the first session key and described terminal prestore is encrypted, then encryption is finished and merge after the hardware configuration information of described a plurality of hardware devices encode to generate described trusted identity and prove.
11. terminal as claimed in claim 9, it is characterized in that, described generation module generates the second session key by described terminal by randomizer, described the second session key has the AES encryption key, and the hardware configuration information of described a plurality of hardware devices merged, and the summary of the hardware configuration information of the described a plurality of hardware devices after obtaining merging by described hash algorithm; And the RSA PKI that prestores according to described the second session key and described terminal is encrypted the summary of the hardware configuration information of described a plurality of hardware devices, then the summary of the hardware configuration information of the described a plurality of hardware devices after encrypting encoded to generate described trusted identity proof summary.
12. terminal as claimed in claim 9, it is characterized in that the hardware configuration information of described a plurality of hardware devices comprises multiple in BIOS TCG information, mainboard information, memory SPD information, hard disk controller information, network interface card information, the display EDID information.
13., it is characterized in that described hard disk controller information comprises the hard disk sequence number such as claim 9 or 12 described terminals.
14., it is characterized in that described mainboard information comprises one or more in mainboard chip information and the mainboard source-information such as claim 9 or 12 described terminals.
15., it is characterized in that one or more in described network interface card packets of information purse rope card manufacturer information, network interface card type information and the MAC Address of Network Card information such as claim 9 or 12 described terminals.
16. terminal as claimed in claim 9 is characterized in that, described acquisition module is by directly reading bus message or read hardware information to obtain the hardware configuration information of a plurality of hardware devices in the terminal by call driver at the driving layer.
17. the trusted identity of terminal proof Verification System is characterized in that, comprising:
Such as each described terminal of claim 9-16, described terminal has described trusted identity proof and described trusted identity proof summary; And
Cloud server is used for proving that according to described trusted identity proof and described trusted identity summary authenticates the identity of described terminal.
18. a soft ware authorization verification system is characterized in that, comprising:
Such as each described terminal of claim 9-16, described terminal has described trusted identity proof and described trusted identity proof summary; And
Authentication server is used for described trusted identity proof and described trusted identity proof made a summary and registers that described terminal is registered and authorize.
CN201210096245XA 2012-04-01 2012-04-01 Technology for generating trusted identity certification of computer terminal based on hardware information Pending CN103368916A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210096245XA CN103368916A (en) 2012-04-01 2012-04-01 Technology for generating trusted identity certification of computer terminal based on hardware information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210096245XA CN103368916A (en) 2012-04-01 2012-04-01 Technology for generating trusted identity certification of computer terminal based on hardware information

Publications (1)

Publication Number Publication Date
CN103368916A true CN103368916A (en) 2013-10-23

Family

ID=49369467

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210096245XA Pending CN103368916A (en) 2012-04-01 2012-04-01 Technology for generating trusted identity certification of computer terminal based on hardware information

Country Status (1)

Country Link
CN (1) CN103368916A (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104601366A (en) * 2014-12-05 2015-05-06 无锡城市云计算中心有限公司 Configuration service method and device for control and service nodes
CN104794626A (en) * 2015-04-28 2015-07-22 广东欧珀移动通信有限公司 Anti-counterfeiting method and anti-counterfeiting device based on hardware information
CN105095700A (en) * 2015-09-29 2015-11-25 苏州谷夫道自动化科技有限公司 Online authorization method of CNC (computer numerical control) system
CN105426782A (en) * 2015-07-09 2016-03-23 中华电信股份有限公司 System and method for authorizing firmware of smart card
CN106204143A (en) * 2016-07-14 2016-12-07 精硕世纪科技(北京)有限公司 Acquisition equipment characteristic ID method and system and with the method for judgement virtual unit
CN106453006A (en) * 2016-10-31 2017-02-22 美的智慧家居科技有限公司 Binding control method and device for household appliance and cloud server
CN106656480A (en) * 2016-10-31 2017-05-10 美的智慧家居科技有限公司 Key agreement method and key agreement device for household appliance clients
CN107818273A (en) * 2016-09-14 2018-03-20 深圳中电长城信息安全系统有限公司 Measure the method and system of fail-safe computer equipment
CN107819780A (en) * 2017-11-22 2018-03-20 国网山东省电力公司 A kind of method for network authorization based on 802.1x
CN109286501A (en) * 2018-11-13 2019-01-29 北京深思数盾科技股份有限公司 Authentication method and encryption equipment for encryption equipment
CN110119626A (en) * 2019-05-14 2019-08-13 长讯通信服务有限公司 The communication engineering project life cycle credible management method based on Intelligent mobile equipment cloud service
CN110704814A (en) * 2018-07-09 2020-01-17 中移物联网有限公司 Anti-copy method and device, and storage medium
WO2020119157A1 (en) * 2018-12-14 2020-06-18 北京京东尚科信息技术有限公司 Authentication method and apparatus, and computer readable storage medium
CN111950003A (en) * 2020-08-05 2020-11-17 北京每日优鲜电子商务有限公司 Method and device for generating unique identification information of user equipment and electronic equipment
CN112380586A (en) * 2020-11-11 2021-02-19 随锐科技集团股份有限公司 Processing method and system for bar code information of hardware equipment
CN112560120A (en) * 2020-11-25 2021-03-26 深圳市金泰克半导体有限公司 Secure memory bank and starting method thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1448851A (en) * 2003-04-24 2003-10-15 上海交通大学 Virtual private network applying hardware encipher/decipher
CN1828547A (en) * 2005-03-02 2006-09-06 华为技术有限公司 Method and system for obtaining hardware information
CN101145230A (en) * 2006-09-15 2008-03-19 汉王科技股份有限公司 Enciphered sign board and composite encryption signing method
CN101330494A (en) * 2007-06-19 2008-12-24 瑞达信息安全产业股份有限公司 Method for implementing computer terminal safety admittance based on credible authentication gateway
WO2009042482A2 (en) * 2007-09-21 2009-04-02 Texas Instruments Incorporated Systems and methods for hardware key encryption

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1448851A (en) * 2003-04-24 2003-10-15 上海交通大学 Virtual private network applying hardware encipher/decipher
CN1828547A (en) * 2005-03-02 2006-09-06 华为技术有限公司 Method and system for obtaining hardware information
CN101145230A (en) * 2006-09-15 2008-03-19 汉王科技股份有限公司 Enciphered sign board and composite encryption signing method
CN101330494A (en) * 2007-06-19 2008-12-24 瑞达信息安全产业股份有限公司 Method for implementing computer terminal safety admittance based on credible authentication gateway
WO2009042482A2 (en) * 2007-09-21 2009-04-02 Texas Instruments Incorporated Systems and methods for hardware key encryption

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
百科ROBOT: "《百度百科-驱动程序》", 《HTTP://BAIKE.BAIDU.COM/HISTORY/%E9%A9%B1%E5%8A%A8%E7%A8%8B%E5%BA%8F/23712932》 *

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104601366A (en) * 2014-12-05 2015-05-06 无锡城市云计算中心有限公司 Configuration service method and device for control and service nodes
CN104601366B (en) * 2014-12-05 2018-11-27 无锡城市云计算中心有限公司 It is a kind of control, service node configuration service method and device
CN104794626B (en) * 2015-04-28 2018-09-11 广东欧珀移动通信有限公司 A kind of method for anti-counterfeit and device based on hardware information
CN104794626A (en) * 2015-04-28 2015-07-22 广东欧珀移动通信有限公司 Anti-counterfeiting method and anti-counterfeiting device based on hardware information
CN105426782A (en) * 2015-07-09 2016-03-23 中华电信股份有限公司 System and method for authorizing firmware of smart card
CN105095700A (en) * 2015-09-29 2015-11-25 苏州谷夫道自动化科技有限公司 Online authorization method of CNC (computer numerical control) system
CN106204143A (en) * 2016-07-14 2016-12-07 精硕世纪科技(北京)有限公司 Acquisition equipment characteristic ID method and system and with the method for judgement virtual unit
CN107818273A (en) * 2016-09-14 2018-03-20 深圳中电长城信息安全系统有限公司 Measure the method and system of fail-safe computer equipment
CN106656480A (en) * 2016-10-31 2017-05-10 美的智慧家居科技有限公司 Key agreement method and key agreement device for household appliance clients
CN106453006A (en) * 2016-10-31 2017-02-22 美的智慧家居科技有限公司 Binding control method and device for household appliance and cloud server
CN106656480B (en) * 2016-10-31 2020-04-03 美的智慧家居科技有限公司 Key agreement method and device for client of household appliance
CN107819780A (en) * 2017-11-22 2018-03-20 国网山东省电力公司 A kind of method for network authorization based on 802.1x
CN110704814A (en) * 2018-07-09 2020-01-17 中移物联网有限公司 Anti-copy method and device, and storage medium
CN110704814B (en) * 2018-07-09 2022-02-01 中移物联网有限公司 Anti-copy method and device, and storage medium
CN109286501A (en) * 2018-11-13 2019-01-29 北京深思数盾科技股份有限公司 Authentication method and encryption equipment for encryption equipment
CN109286501B (en) * 2018-11-13 2021-07-13 北京深思数盾科技股份有限公司 Authentication method for encryption device and encryption device
WO2020119157A1 (en) * 2018-12-14 2020-06-18 北京京东尚科信息技术有限公司 Authentication method and apparatus, and computer readable storage medium
US11899770B2 (en) 2018-12-14 2024-02-13 Beijing Jingdong Shangke Information Technology Co., Ltd. Verification method and apparatus, and computer readable storage medium
CN110119626A (en) * 2019-05-14 2019-08-13 长讯通信服务有限公司 The communication engineering project life cycle credible management method based on Intelligent mobile equipment cloud service
CN110119626B (en) * 2019-05-14 2023-01-24 长讯通信服务有限公司 Communication engineering project life cycle credible management method based on intelligent mobile device cloud service
CN111950003A (en) * 2020-08-05 2020-11-17 北京每日优鲜电子商务有限公司 Method and device for generating unique identification information of user equipment and electronic equipment
CN112380586A (en) * 2020-11-11 2021-02-19 随锐科技集团股份有限公司 Processing method and system for bar code information of hardware equipment
CN112560120A (en) * 2020-11-25 2021-03-26 深圳市金泰克半导体有限公司 Secure memory bank and starting method thereof
CN112560120B (en) * 2020-11-25 2024-04-05 深圳市金泰克半导体有限公司 Secure memory bank and method for starting secure memory bank

Similar Documents

Publication Publication Date Title
CN103368916A (en) Technology for generating trusted identity certification of computer terminal based on hardware information
TWI735691B (en) Data key protection method, device and system
US9129536B2 (en) Circuit for secure provisioning in an untrusted environment
CA2838763C (en) Credential authentication methods and systems
CN101444063B (en) Secure time functionality for a wireless device
CN110149328B (en) Interface authentication method, device, equipment and computer readable storage medium
US9094205B2 (en) Secure provisioning in an untrusted environment
CN103530548B (en) Startup method that built-in terminal based on mobile trustable computation module is credible
KR20210132216A (en) Verification of the identity of emergency vehicles during operation
JP2022545627A (en) Decentralized data authentication
CN108616504B (en) Sensor node identity authentication system and method based on Internet of things
US20070044160A1 (en) Program, computer, and data processing method
MX2007014237A (en) Implementation of an integrity-protected secure storage.
CN101241528A (en) Terminal access trusted PDA method and access system
CN102647278B (en) Apparatus and method for authenticating flash program
US10404689B2 (en) Password security
CN113032814B (en) Internet of things data management method and system
CN113132404B (en) Identity authentication method, terminal and storage medium
CN112311718A (en) Method, device and equipment for detecting hardware and storage medium
CN111932261A (en) Asset data management method and device based on verifiable statement
CN108363912B (en) Program code secret protection method and device
US20230010319A1 (en) Deriving independent symmetric encryption keys based upon a type of secure boot using a security processor
CN114978677A (en) Asset access control method, device, electronic equipment and computer readable medium
RU2334272C1 (en) Device protecting against unauthorised access to information
CN110364237A (en) Electronic prescription tamper-proof method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20131023