CN104200149A - Computer software security protection method based on IC card authentication - Google Patents
Computer software security protection method based on IC card authentication Download PDFInfo
- Publication number
- CN104200149A CN104200149A CN201410435734.2A CN201410435734A CN104200149A CN 104200149 A CN104200149 A CN 104200149A CN 201410435734 A CN201410435734 A CN 201410435734A CN 104200149 A CN104200149 A CN 104200149A
- Authority
- CN
- China
- Prior art keywords
- software
- card
- platform configuration
- card user
- user authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Abstract
The invention discloses a computer software security protection method based on IC card authentication. A computer with an IC card user authentication interface and an IC card are used for the method. The method includes the following steps that a constant is defined in software, a software lock is added in, software runs, the defined constant is read, the software lock is executed, if read information is consistent with the defined constant, the software continues to be executed, if the read information is inconsistent with the defined constant, software execution is stopped, it is guaranteed that the software runs in a credible environment, and security of a system is further improved.
Description
Technical field
The invention belongs to safety protection field, particularly a kind of computer security protection method.
Background technology
Along with the development of Computer Applied Technology, be more and more widely used in for some critical softwares taking large amount of complex software as basic infosystem, if because be tampered by malicious attack and destroying, greatly may cause serious consequence.At present, exist at the software of middle operation and do not examine user and whether there is legal authorization, do not check that whether safety just allows the problem of carrying out to software runtime environment, may cause software by the problem such as malicious attack or unauthorized use.Especially to some user's critical softwares, if attacked, suffer heavy losses, therefore, how to guarantee that software security operation seems extremely important.
Summary of the invention
The object of the invention is: a kind of security of computer software means of defence based on IC-card certification is provided, thus the security that improves computer software.
Technical scheme of the present invention is: a kind of security of computer software means of defence based on IC-card, and it uses computing machine, the IC-card of IC-card user authentication interface, and comprises the following steps:
A1. in software, define two constants, record respectively the platform configuration information of IC-card user authentication information, computing machine, add in an arbitrary point the software locks of the platform configuration for verifying IC-card user identity, computing machine;
A2. operating software;
A3. from the constant of A1 step definition, obtain the platform configuration information of IC-card user authentication information, computing machine;
A4. when carry out to add described software locks time, carry out following operation;
A5. call Computer I C card user authentication interface, from IC-card, read user profile;
Whether the IC-card user profile that A6. judgement is read is consistent with the IC-card user authentication information recording in the constant of A1 step definition, if consistent, turn A7, otherwise turn A8;
A7. prompting reinserts correct IC-card, and turns A5;
A8. in the constant of the platform configuration information that reads of judgement and the definition of A1 step, record platform configuration information whether consistent, if unanimously, turn A9, otherwise turn A10; ;
A9. continue executive software;
A10. the platform configuration information of prompting is incorrect, and turns A11;
A11. exit software.
The present invention by adding software locks in software, whether realize the software and hardware execution environment of software to IC-card user identity, computing machine (as bios version number, operating system version number, whether accessed illegal peripheral hardware etc.) correctly verifies, if incorrect, stop the execution of software, if correctly, continue executive software, guarantee the environment operation of software trust, the security that further improves system.
Brief description of the drawings
Fig. 1 is process flow diagram of the present invention.
Embodiment
Embodiment 1: referring to accompanying drawing 1, a kind of security of computer software means of defence based on IC-card, it uses computing machine, the IC-card of IC-card user authentication interface, and comprises the following steps:
A1. in software, define two constants, record respectively the platform configuration information of IC-card user authentication information, computing machine, add in an arbitrary point the software locks of the platform configuration for verifying IC-card user identity, computing machine;
A2. operating software;
A3. from the constant of A1 step definition, obtain the platform configuration information of IC-card user authentication information, computing machine;
A4. when carry out to add described software locks time, carry out following operation;
A5. call Computer I C card user authentication interface, from IC-card, read user profile;
Whether the IC-card user profile that A6. judgement is read is consistent with the IC-card user authentication information recording in the constant of A1 step definition, if consistent, turn A7, otherwise turn A8;
A7. prompting reinserts correct IC-card, and turns A5;
A8. in the constant of the platform configuration information that reads of judgement and the definition of A1 step, record platform configuration information whether consistent, if unanimously, turn A9, otherwise turn A10; ;
A9. continue executive software;
A10. the platform configuration information of prompting is incorrect, and turns A11;
A11. exit software.
Claims (1)
1. the security of computer software means of defence based on IC-card certification, is characterized in that: it uses computing machine, the IC-card of IC-card user authentication interface, and comprises the following steps:
A1. in software, define two constants, record respectively the platform configuration information of IC-card user authentication information, computing machine, add in an arbitrary point the software locks of the platform configuration for verifying IC-card user identity, computing machine;
A2. operating software;
A3. from the constant of A1 step definition, obtain the platform configuration information of IC-card user authentication information, computing machine;
A4. when carry out to add described software locks time, carry out following operation;
A5. call Computer I C card user authentication interface, from IC-card, read user profile;
Whether the IC-card user profile that A6. judgement is read is consistent with the IC-card user authentication information recording in the constant of A1 step definition, if consistent, turn A7, otherwise turn A8;
A7. prompting reinserts correct IC-card, and turns A5;
A8. in the constant of the platform configuration information that reads of judgement and the definition of A1 step, record platform configuration information whether consistent, if unanimously, turn A9, otherwise turn A10; ;
A9. continue executive software;
A10. the platform configuration information of prompting is incorrect, and turns A11;
A11. exit software.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410435734.2A CN104200149A (en) | 2014-08-31 | 2014-08-31 | Computer software security protection method based on IC card authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410435734.2A CN104200149A (en) | 2014-08-31 | 2014-08-31 | Computer software security protection method based on IC card authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104200149A true CN104200149A (en) | 2014-12-10 |
Family
ID=52085441
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410435734.2A Pending CN104200149A (en) | 2014-08-31 | 2014-08-31 | Computer software security protection method based on IC card authentication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104200149A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW569144B (en) * | 2002-01-03 | 2004-01-01 | Winbond Electronics Corp | Smart card with built-in keypro |
CN1773415A (en) * | 2004-11-10 | 2006-05-17 | 英业达股份有限公司 | Method for protecting program utilizing recognition hardware information |
US20100031350A1 (en) * | 2008-07-29 | 2010-02-04 | Konica Minolta Business Technologies, Inc. | Ic card authentication apparatus, ic card authentication method, and recording medium having ic card authentication program recorded thereon |
CN103634467A (en) * | 2013-11-22 | 2014-03-12 | 华为技术有限公司 | Privacy protecting method and mobile terminal |
-
2014
- 2014-08-31 CN CN201410435734.2A patent/CN104200149A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW569144B (en) * | 2002-01-03 | 2004-01-01 | Winbond Electronics Corp | Smart card with built-in keypro |
CN1773415A (en) * | 2004-11-10 | 2006-05-17 | 英业达股份有限公司 | Method for protecting program utilizing recognition hardware information |
US20100031350A1 (en) * | 2008-07-29 | 2010-02-04 | Konica Minolta Business Technologies, Inc. | Ic card authentication apparatus, ic card authentication method, and recording medium having ic card authentication program recorded thereon |
CN103634467A (en) * | 2013-11-22 | 2014-03-12 | 华为技术有限公司 | Privacy protecting method and mobile terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10516533B2 (en) | Password triggered trusted encryption key deletion | |
Shepherd et al. | Secure and trusted execution: Past, present, and future-a critical review in the context of the internet of things and cyber-physical systems | |
Parno et al. | Bootstrapping trust in modern computers | |
EP2634959B1 (en) | Method and Apparatus for Incremental Code Signing | |
EP3455764B1 (en) | Method and apparatus for dynamic executable verification | |
CN104008342A (en) | Method for achieving safe and trusted authentication through BIOS and kernel | |
Nauman et al. | Using trusted computing for privacy preserving keystroke-based authentication in smartphones | |
CN112257086A (en) | User privacy data protection method and electronic equipment | |
TW201530344A (en) | Application program access protection method and application program access protection device | |
WO2011047069A1 (en) | Method and apparatus for ensuring consistent system configuration in secure applications | |
WO2022078366A1 (en) | Application protection method and apparatus, device and medium | |
CN104182695A (en) | System and methods for ensuring confidentiality of information used during authentication and authorization operations | |
US8707050B1 (en) | Integrity self-check of secure code within a VM environment using native VM code | |
US11190356B2 (en) | Secure policy ingestion into trusted execution environments | |
EP3338214B1 (en) | Secure computation environment | |
Qin et al. | RIPTE: runtime integrity protection based on trusted execution for IoT device | |
EP3935538A1 (en) | Secure policy ingestion into trusted execution environments | |
Urien | Innovative countermeasures to defeat cyber attacks against blockchain wallets | |
US11593780B1 (en) | Creation and validation of a secure list of security certificates | |
CN104200149A (en) | Computer software security protection method based on IC card authentication | |
Egners et al. | Hackers in your pocket: A survey of smartphone security across platforms | |
Msgna et al. | Secure application execution in mobile devices | |
Lee et al. | A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services | |
Desai | A survey on Android ransomware and its detection methods | |
CN106355085B (en) | Trusted application operation safety control method |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141210 |