CN106911997B - Geographic fence system based on UEFI firmware and implementation method thereof - Google Patents
Geographic fence system based on UEFI firmware and implementation method thereof Download PDFInfo
- Publication number
- CN106911997B CN106911997B CN201510969187.0A CN201510969187A CN106911997B CN 106911997 B CN106911997 B CN 106911997B CN 201510969187 A CN201510969187 A CN 201510969187A CN 106911997 B CN106911997 B CN 106911997B
- Authority
- CN
- China
- Prior art keywords
- computer
- electronic tag
- rfid electronic
- geo
- firmware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4403—Processor initialisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4411—Configuring for operating with peripheral devices; Loading of device drivers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/021—Services related to particular areas, e.g. point of interest [POI] services, venue services or geofences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/80—Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Abstract
The invention discloses a geo-fence system based on UEFI firmware and an implementation method thereof.A main program of a geo-fence client is self-started along with a computer operating system; the driving module is firmware conforming to UEFI specifications and is used for detecting whether the RFID electronic tag is accessed to the terminal and is within an authorized geographic range, if the RFID electronic tag is accessed to the terminal and is within the authorized geographic range, an operating system of the computer is allowed to be started, and otherwise, a preset security strategy is executed for the computer; the method comprises the steps that a main program of a geo-fence client receives geographic position information of an RFID electronic tag in real time during the operation period of an operating system, if the RFID electronic tag is accessed to a terminal and is within an authorized geographic range, the operating system continues to operate, and otherwise, a preset safety strategy is executed; the server is used for receiving and transmitting the reader-writer information and setting a preset security policy according to the reader-writer information. The invention also provides an implementation method of the system.
Description
Technical Field
The invention belongs to the technical field of computer firmware, and particularly relates to a geo-fencing system based on UEFI firmware and an implementation method thereof.
Background
Firmware is an indispensable important component in a computer and is a bridge connecting basic hardware and system software of the computer. The Basic Input Output System (BIOS) is one of the most important firmware on a computer. Firmware is software that is executed for the first time after a computer is powered on. After the computer is started and powered on, the firmware can check the states of a register, a timing chip, a programmable interrupt device and a DMA (direct memory access) controller in the CPU, and initialize and set a mainboard chip set, a dynamic memory, a display card and a register of a relevant periphery. Under the premise that the equipment normally runs, the equipment is responsible for guiding the operating system.
At present, a computer terminal management system is constructed by using a Radio Frequency Identification (RFID) technology to perform location-based management on devices, and the main characteristics of the system are as follows:
(1) and (3) sticking an electronic tag on the computer, deploying an electronic tag reader-writer in an important area, and identifying the electronic tag entering and exiting the access control system.
When the computer equipment enters or leaves the important area, the computer management system receives the notice sent by the reader-writer.
However, in the existing geo-fence system, the RFID tag is attached to the computer, and does not interact with the computer. When the computer with the electronic tag is separated from the safe area, the computer cannot be controlled.
The firmware can authorize the startup and use of the computer according to the position information, so that the computer can obtain the startup authorization when entering a certain specific area; when the computer device is out of the specific area, the computer can execute corresponding default strategies, such as automatic shutdown, startup prohibition, data destruction and the like.
Disclosure of Invention
In view of this, the invention provides a geo-fence system based on UEFI firmware and an implementation method thereof, and the system can enable a computer to sense the position of the computer through an accessed RFID tag after the computer is powered on and started up, so that the computer is allowed to be used only when the computer enters an allowed use area; when the computer device is out of the permitted area, the computer can execute a corresponding default policy; meanwhile, the client software module is released and protected through the firmware, so that the positioning and the control of the whole process of the computer can be realized during the startup and the system operation.
In order to achieve the purpose, the technical scheme of the invention is as follows: a geo-fence system based on UEFI firmware comprises a driving module located on a computer firmware layer, a geo-fence client main program and a server located on an operating system layer, and external equipment of a computer, wherein the external equipment comprises an RFID electronic tag and a reader-writer.
The main program of the geo-fence client is started with the computer operating system.
The driving module is firmware conforming to UEFI specifications and comprises a position detection submodule and a safety processing submodule: the position detection submodule is used for detecting whether the RFID electronic tag is connected to the computer or not and whether the RFID electronic tag is in an authorized geographic range or not in the process of starting the computer, and sending a detection result to the safety processing submodule; and (4) judging by a safety processing submodule: if the RFID electronic tag is accessed to the computer and is within the authorized geographic range, an operating system of the computer is allowed to be started, otherwise, a preset security policy is executed for the computer.
The preset security policy includes shutdown or prohibition of startup processing.
The method comprises the steps that a main program of a geo-fence client receives geographical location information of an RFID electronic tag in real time during the operation period of an operating system, and detects whether the RFID electronic tag is connected to a computer or not and whether the RFID electronic tag is in an authorized geographical range or not in real time; and if the RFID electronic tag is accessed into the computer and is within the authorized geographic range, the operating system continues to run, otherwise, a preset security policy is executed.
The server is used for receiving and transmitting the reader-writer information and setting a preset security policy according to the reader-writer information.
A method for implementing a geo-fencing system, comprising the steps of:
step one, powering on and starting up a computer;
secondly, operating the firmware, and scanning and enumerating the external equipment in the system;
step four, if the firmware detects that the RFID electronic tag is enumerated, executing step five, otherwise executing a set security strategy;
step five, detecting whether a computer to which the RFID electronic tag belongs is in an authorized range or not through the RFID electronic tag by firmware, if so, executing step six, and otherwise, executing a preset safety strategy;
step six, loading and starting the operating system by the firmware;
step seven, starting a main program of the geo-fence client;
step eight, detecting whether the RFID electronic tag is accessed to the computer or not in real time by the main program of the geo-fence client, if so, entering the step nine, and otherwise, executing a preset security policy;
step nine, detecting whether the computer is in an authorization range or not by the main program of the geo-fence client through the RFID electronic tag in real time, if so, executing the step ten, and otherwise, executing a preset safety strategy;
step ten, operating the system normally;
and step eleven, the main program of the geo-fence client repeatedly executes the steps eight to eleven until the flow is received after the operation stopping command is received.
Has the advantages that:
the system can enable the computer to sense the position of the computer through the accessed RFID electronic tag after the computer is powered on and started, so that the computer is allowed to be used when the computer enters an allowed use area; when the computer device is out of the permitted area, the computer can execute a corresponding default policy; meanwhile, the client software module is released and protected through the firmware, so that the positioning and the control of the whole process of the computer can be realized during the startup and the system operation.
The existing positioning equipment such as satellite positioning, base station positioning, radio frequency positioning and the like can be directly associated with firmware, and can carry out starting authorization according to the geographic position. The RFID electronic tag can be directly accessed to a computer, performs data interaction with the computer and executes a security policy. When the RFID electronic tag is pulled out of the computer or is separated from the safe area, the firmware can still control the computer.
Drawings
FIG. 1 is a general block diagram of an electronic fence system;
fig. 2 is a geo-fencing system overall work flow diagram.
Detailed Description
The invention is described in detail below by way of example with reference to the accompanying drawings.
Examples 1,
The invention aims to overcome the defects of the prior art and solve the problem of authorizing the use of a computer according to the position of the computer, and provides a method for realizing a geo-fence system based on UEFI firmware.
The specification divides the firmware into 7 phases SEC, PEI, DXE, BDS, TSL, RT, AL, each phase implementing a different function. The firmware is software which is firstly operated when the computer is powered on and started, performs allocation scheduling on bottom layer resources and guides the starting of an operating system.
A geo-fence system based on UEFI comprises a driving module located on a firmware layer, a geo-fence client main program and a server located on an operating system layer, and external equipment such as an RFID electronic tag and a reader-writer.
The driving module is mainly used for installing the contained geo-fence client main program in a memory or a hard disk and ensuring self-starting along with an operating system. The drive module is a drive program which conforms to UEFI specifications and is stationed at a firmware layer. The driving module comprises a position detection submodule and a safety processing submodule. The position detection submodule is mainly used for detecting whether the RFID electronic tag is connected to a computer or not and is in a geographic area authorized to be used or not in the starting process. The safety processing sub-module is mainly used for performing related processing such as shutdown, startup prohibition and the like on the computer according to a set strategy when the RFID electronic tag is found not to be accessed to the computer or is not in an authorized range.
The main function of the client main program is to receive the geographic position information of the RFID electronic tag, and to manage and control the computer according to a set strategy during the operation of the operating system.
The server side is mainly used for receiving and transmitting reader-writer information and carrying out strategy management on the computer.
Examples 2,
A method for realizing a firmware-based geo-fencing system, wherein the overall work flow of the geo-fencing system is shown in FIG. 2, and the specific process comprises the following steps:
step one, powering on and starting up a computer.
And step two, operating the firmware, and scanning and enumerating the equipment in the system.
And step four, whether the firmware detects and enumerates the RFID electronic tag or not. And if the RFID electronic tag is not detected to be accessed into the computer, executing the established security policy.
And step five, detecting whether the computer is in the area allowed to be used or not by the firmware through the RFID electronic tag. If not, the firmware executes the established security policy.
And step six, if the computer accesses the RFID label and is in the allowable use range, the firmware loads and starts the operating system.
And step seven, after the operating system is started, starting the geo-fence client program.
And step eight, the geo-fence client detects whether the RFID electronic tag is accessed to the computer in real time. And if the RFID electronic tag is not detected to be accessed into the computer, executing the established security policy.
And step nine, the geo-fence client detects whether the computer is in an area allowing to be used or not through the RFID electronic tag in real time. And if the mobile terminal is not in the use-allowed area, executing the established security policy.
Step ten, if the computer accesses the RFID label and is in the allowable use range, the operating system runs normally.
And step eleven, the geo-fence client detects whether a command of stopping running is received. If not, repeating the eight to the eleven steps within a certain time interval. If a stop command is received, the process ends.
From this point, the work process of the firmware-based geofence system is completed.
Examples 3,
Under a domestic platform, the working process of the firmware geo-fence system mainly comprises the following steps:
step one, powering on and starting up a computer.
And step two, initializing the key hardware of the computer by the firmware, and scanning and enumerating the equipment in the system.
And step four, whether the firmware detects whether the RFID electronic tag is accessed in the computer or not is judged. And if the RFID electronic tag is not detected, executing the established security policy. The security policy comprises alarming, shutting down, forbidding starting up and the like.
And step five, the firmware communicates with the RFID electronic tag, detects the position information of the electronic tag and determines whether the computer is in an area allowing use. If not, the firmware executes the established security policy.
And step six, if the computer accesses the RFID label and is in the allowable use range, the firmware loads and starts the operating system.
And step seven, after the operating system is started, starting the geo-fence client program.
And step eight, the geo-fence client detects whether the RFID electronic tag is accessed to the computer in real time. And if the RFID electronic tag is not detected to be accessed into the computer, executing the established security policy.
And step nine, the geo-fence client detects whether the computer is in an area allowing to be used or not through the RFID electronic tag in real time. And if the mobile terminal is not in the use-allowed area, executing the established security policy.
Step ten, if the computer accesses the RFID label and is in the allowable use range, the operating system runs normally.
And step eleven, the geo-fence client detects whether a command of stopping running is received. If not, repeating the eight to the eleven steps within a certain time interval. If a stop command is received, the process ends.
Through the implementation of the steps, the whole implementation process of carrying out geographic position management on the computer through UEFI firmware under a domestic platform is completed.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (2)
1. A geo-fence system based on UEFI firmware is characterized by comprising a driving module positioned on a computer firmware layer, a geo-fence client main program and a server positioned on an operating system layer, and external equipment of a computer, wherein the external equipment comprises an RFID electronic tag and a reader-writer;
the main program of the geo-fence client is started with a computer operating system;
the drive module is a firmware conforming to UEFI specifications and comprises a position detection submodule and a safety processing submodule: the position detection submodule is used for detecting whether the RFID electronic tag is connected to the computer or not and whether the RFID electronic tag is in an authorized geographic range or not in the process of starting the computer, and sending a detection result to the safety processing submodule; the safety processing submodule judges: if the RFID electronic tag is accessed to the computer and is within the authorized geographic range, allowing an operating system of the computer to be started, otherwise executing a preset security policy for the computer;
the preset security policy comprises shutdown or startup forbidding processing;
the method comprises the steps that a main program of a geo-fence client receives geographical location information of an RFID electronic tag in real time during the operation period of an operating system, and detects whether the RFID electronic tag is connected to a computer or not and whether the RFID electronic tag is in an authorized geographical range or not in real time; if the RFID electronic tag is accessed into the computer and is within the authorized geographic range, the operating system continues to operate, otherwise, a preset security policy is executed;
the server is used for receiving and transmitting the reader-writer information and setting a preset security policy according to the reader-writer information.
2. A method of implementing a geo-fencing system as claimed in claim 1, comprising the steps of:
step one, powering on and starting up a computer;
secondly, operating the firmware, and scanning and enumerating the external equipment in the system;
step four, if the firmware detects that the RFID electronic tag is enumerated, executing step five, otherwise executing a set security strategy;
step five, detecting whether a computer to which the RFID electronic tag belongs is in an authorized range or not through the RFID electronic tag by firmware, if so, executing step six, and otherwise, executing a preset safety strategy;
step six, loading and starting the operating system by the firmware;
step seven, starting a main program of the geo-fence client;
step eight, detecting whether the RFID electronic tag is accessed to the computer or not in real time by the main program of the geo-fence client, if so, entering the step nine, and otherwise, executing a preset security policy;
step nine, detecting whether the computer is in an authorization range or not by the main program of the geo-fence client through the RFID electronic tag in real time, if so, executing the step ten, and otherwise, executing a preset safety strategy;
step ten, operating the system normally;
and step eleven, the main program of the geo-fence client repeatedly executes the steps eight to eleven until the flow is received after the operation stopping command is received.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510969187.0A CN106911997B (en) | 2015-12-22 | 2015-12-22 | Geographic fence system based on UEFI firmware and implementation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510969187.0A CN106911997B (en) | 2015-12-22 | 2015-12-22 | Geographic fence system based on UEFI firmware and implementation method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106911997A CN106911997A (en) | 2017-06-30 |
| CN106911997B true CN106911997B (en) | 2021-05-28 |
Family
ID=59200433
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510969187.0A Active CN106911997B (en) | 2015-12-22 | 2015-12-22 | Geographic fence system based on UEFI firmware and implementation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106911997B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111767971A (en) * | 2020-06-30 | 2020-10-13 | 深圳市筑泰防务智能科技有限公司 | Terminal control method and device based on electronic tag, terminal and readable storage medium |
| EP4284109A4 (en) * | 2021-01-29 | 2024-02-28 | Huawei Tech Co Ltd | Communication method and communication apparatus |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101719295A (en) * | 2008-10-09 | 2010-06-02 | 凹凸电子(武汉)有限公司 | Electronic equipment with radio frequency identification (RFID) technology and losing prevention method thereof |
| CN101854581A (en) * | 2009-03-31 | 2010-10-06 | 联想(北京)有限公司 | Method for setting security level of mobile terminal on basis of position information and mobile terminal |
| CN103874021A (en) * | 2014-04-02 | 2014-06-18 | 上海坤士合生信息科技有限公司 | Safe region recognition method and device, and user terminal |
| CN204667406U (en) * | 2015-03-13 | 2015-09-23 | 合肥联宝信息技术有限公司 | For boot system and the electronic equipment group system of electronic equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9015494B2 (en) * | 2011-07-11 | 2015-04-21 | Salesforce.Com, Inc. | Methods and apparatus for digital steganography |
-
2015
- 2015-12-22 CN CN201510969187.0A patent/CN106911997B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101719295A (en) * | 2008-10-09 | 2010-06-02 | 凹凸电子(武汉)有限公司 | Electronic equipment with radio frequency identification (RFID) technology and losing prevention method thereof |
| CN101854581A (en) * | 2009-03-31 | 2010-10-06 | 联想(北京)有限公司 | Method for setting security level of mobile terminal on basis of position information and mobile terminal |
| CN103874021A (en) * | 2014-04-02 | 2014-06-18 | 上海坤士合生信息科技有限公司 | Safe region recognition method and device, and user terminal |
| CN204667406U (en) * | 2015-03-13 | 2015-09-23 | 合肥联宝信息技术有限公司 | For boot system and the electronic equipment group system of electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106911997A (en) | 2017-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9628146B2 (en) | Data access in a mobile device with NFC | |
| US9288107B2 (en) | Method and system for controlling operations in a mobile communication device that is enabled for near field communication (NFC) | |
| JP5981035B2 (en) | Hardware access protection | |
| US8255678B2 (en) | Method of booting a processing device | |
| CN109086079B (en) | Mounting management method and device for storage equipment | |
| US10075215B2 (en) | Radio communication devices and methods for controlling a radio communication device | |
| CN105468980A (en) | Security control method, device and system | |
| CN110116408B (en) | Robot safety control method, robot and computer readable storage medium | |
| WO2014026616A1 (en) | Nfc-based information exchange method and device | |
| US20090172372A1 (en) | Methods and apparatus for generating system management interrupts | |
| KR20180109919A (en) | Security verification method and device for smart card application | |
| US10869176B1 (en) | Near field communication (NFC) enhanced computing systems | |
| US10212272B1 (en) | Near field communication enhanced computing systems | |
| CN106911997B (en) | Geographic fence system based on UEFI firmware and implementation method thereof | |
| EP3065097A1 (en) | Device and method for facilitating a transaction | |
| EP2869230A1 (en) | Method of operating a security token, computer program product and security token | |
| CN104143996A (en) | Radio communication devices and methods for controlling a radio communication device | |
| US20170289129A1 (en) | System, Apparatus And Method For Securely Protecting A Processor In Transit | |
| US8121070B2 (en) | Security system for portable computer | |
| CN101694641A (en) | Method and system for initializing universal serial bus (USB) devices | |
| CN105446751A (en) | Information processing method and electronic equipment | |
| CN105787343A (en) | Method, device and electronic equipment for external equipment certification management | |
| WO2022204873A1 (en) | Electronic apparatus, system on chip, and physical core allocation method | |
| CN106778359A (en) | Reset the release method and its electronic installation of protection of dispatching from the factory | |
| EP3113375B1 (en) | Information processing apparatus, notification control method, program, and information processing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100083 north side, 13th floor, Taiji building, No.6 working area (South), wohuqiao, Haidian District, Beijing Patentee after: CLP Technology (Beijing) Co.,Ltd. Address before: 100083 north side, 13th floor, Taiji building, No.6 working area (South), wohuqiao, Haidian District, Beijing Patentee before: CETC (BEIJING) Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100083 north side, 13th floor, Taiji building, No.6 working area (South), wohuqiao, Haidian District, Beijing Patentee after: Kunlun Taike (Beijing) Technology Co.,Ltd. Address before: 100083 north side, 13th floor, Taiji building, No.6 working area (South), wohuqiao, Haidian District, Beijing Patentee before: CLP Technology (Beijing) Co.,Ltd. |