Geographic fence system based on UEFI firmware and implementation method thereof
Technical Field
The invention belongs to the technical field of computer firmware, and particularly relates to a geo-fencing system based on UEFI firmware and an implementation method thereof.
Background
Firmware is an indispensable important component in a computer and is a bridge connecting basic hardware and system software of the computer. The Basic Input Output System (BIOS) is one of the most important firmware on a computer. Firmware is software that is executed for the first time after a computer is powered on. After the computer is started and powered on, the firmware can check the states of a register, a timing chip, a programmable interrupt device and a DMA (direct memory access) controller in the CPU, and initialize and set a mainboard chip set, a dynamic memory, a display card and a register of a relevant periphery. Under the premise that the equipment normally runs, the equipment is responsible for guiding the operating system.
At present, a computer terminal management system is constructed by using a Radio Frequency Identification (RFID) technology to perform location-based management on devices, and the main characteristics of the system are as follows:
(1) and (3) sticking an electronic tag on the computer, deploying an electronic tag reader-writer in an important area, and identifying the electronic tag entering and exiting the access control system.
When the computer equipment enters or leaves the important area, the computer management system receives the notice sent by the reader-writer.
However, in the existing geo-fence system, the RFID tag is attached to the computer, and does not interact with the computer. When the computer with the electronic tag is separated from the safe area, the computer cannot be controlled.
The firmware can authorize the startup and use of the computer according to the position information, so that the computer can obtain the startup authorization when entering a certain specific area; when the computer device is out of the specific area, the computer can execute corresponding default strategies, such as automatic shutdown, startup prohibition, data destruction and the like.
Disclosure of Invention
In view of this, the invention provides a geo-fence system based on UEFI firmware and an implementation method thereof, and the system can enable a computer to sense the position of the computer through an accessed RFID tag after the computer is powered on and started up, so that the computer is allowed to be used only when the computer enters an allowed use area; when the computer device is out of the permitted area, the computer can execute a corresponding default policy; meanwhile, the client software module is released and protected through the firmware, so that the positioning and the control of the whole process of the computer can be realized during the startup and the system operation.
In order to achieve the purpose, the technical scheme of the invention is as follows: a geo-fence system based on UEFI firmware comprises a driving module located on a computer firmware layer, a geo-fence client main program and a server located on an operating system layer, and external equipment of a computer, wherein the external equipment comprises an RFID electronic tag and a reader-writer.
The main program of the geo-fence client is started with the computer operating system.
The driving module is firmware conforming to UEFI specifications and comprises a position detection submodule and a safety processing submodule: the position detection submodule is used for detecting whether the RFID electronic tag is connected to the computer or not and whether the RFID electronic tag is in an authorized geographic range or not in the process of starting the computer, and sending a detection result to the safety processing submodule; and (4) judging by a safety processing submodule: if the RFID electronic tag is accessed to the computer and is within the authorized geographic range, an operating system of the computer is allowed to be started, otherwise, a preset security policy is executed for the computer.
The preset security policy includes shutdown or prohibition of startup processing.
The method comprises the steps that a main program of a geo-fence client receives geographical location information of an RFID electronic tag in real time during the operation period of an operating system, and detects whether the RFID electronic tag is connected to a computer or not and whether the RFID electronic tag is in an authorized geographical range or not in real time; and if the RFID electronic tag is accessed into the computer and is within the authorized geographic range, the operating system continues to run, otherwise, a preset security policy is executed.
The server is used for receiving and transmitting the reader-writer information and setting a preset security policy according to the reader-writer information.
A method for implementing a geo-fencing system, comprising the steps of:
step one, powering on and starting up a computer;
secondly, operating the firmware, and scanning and enumerating the external equipment in the system;
step four, if the firmware detects that the RFID electronic tag is enumerated, executing step five, otherwise executing a set security strategy;
step five, detecting whether a computer to which the RFID electronic tag belongs is in an authorized range or not through the RFID electronic tag by firmware, if so, executing step six, and otherwise, executing a preset safety strategy;
step six, loading and starting the operating system by the firmware;
step seven, starting a main program of the geo-fence client;
step eight, detecting whether the RFID electronic tag is accessed to the computer or not in real time by the main program of the geo-fence client, if so, entering the step nine, and otherwise, executing a preset security policy;
step nine, detecting whether the computer is in an authorization range or not by the main program of the geo-fence client through the RFID electronic tag in real time, if so, executing the step ten, and otherwise, executing a preset safety strategy;
step ten, operating the system normally;
and step eleven, the main program of the geo-fence client repeatedly executes the steps eight to eleven until the flow is received after the operation stopping command is received.
Has the advantages that:
the system can enable the computer to sense the position of the computer through the accessed RFID electronic tag after the computer is powered on and started, so that the computer is allowed to be used when the computer enters an allowed use area; when the computer device is out of the permitted area, the computer can execute a corresponding default policy; meanwhile, the client software module is released and protected through the firmware, so that the positioning and the control of the whole process of the computer can be realized during the startup and the system operation.
The existing positioning equipment such as satellite positioning, base station positioning, radio frequency positioning and the like can be directly associated with firmware, and can carry out starting authorization according to the geographic position. The RFID electronic tag can be directly accessed to a computer, performs data interaction with the computer and executes a security policy. When the RFID electronic tag is pulled out of the computer or is separated from the safe area, the firmware can still control the computer.
Drawings
FIG. 1 is a general block diagram of an electronic fence system;
fig. 2 is a geo-fencing system overall work flow diagram.
Detailed Description
The invention is described in detail below by way of example with reference to the accompanying drawings.
Examples 1,
The invention aims to overcome the defects of the prior art and solve the problem of authorizing the use of a computer according to the position of the computer, and provides a method for realizing a geo-fence system based on UEFI firmware.
The specification divides the firmware into 7 phases SEC, PEI, DXE, BDS, TSL, RT, AL, each phase implementing a different function. The firmware is software which is firstly operated when the computer is powered on and started, performs allocation scheduling on bottom layer resources and guides the starting of an operating system.
A geo-fence system based on UEFI comprises a driving module located on a firmware layer, a geo-fence client main program and a server located on an operating system layer, and external equipment such as an RFID electronic tag and a reader-writer.
The driving module is mainly used for installing the contained geo-fence client main program in a memory or a hard disk and ensuring self-starting along with an operating system. The drive module is a drive program which conforms to UEFI specifications and is stationed at a firmware layer. The driving module comprises a position detection submodule and a safety processing submodule. The position detection submodule is mainly used for detecting whether the RFID electronic tag is connected to a computer or not and is in a geographic area authorized to be used or not in the starting process. The safety processing sub-module is mainly used for performing related processing such as shutdown, startup prohibition and the like on the computer according to a set strategy when the RFID electronic tag is found not to be accessed to the computer or is not in an authorized range.
The main function of the client main program is to receive the geographic position information of the RFID electronic tag, and to manage and control the computer according to a set strategy during the operation of the operating system.
The server side is mainly used for receiving and transmitting reader-writer information and carrying out strategy management on the computer.
Examples 2,
A method for realizing a firmware-based geo-fencing system, wherein the overall work flow of the geo-fencing system is shown in FIG. 2, and the specific process comprises the following steps:
step one, powering on and starting up a computer.
And step two, operating the firmware, and scanning and enumerating the equipment in the system.
And step four, whether the firmware detects and enumerates the RFID electronic tag or not. And if the RFID electronic tag is not detected to be accessed into the computer, executing the established security policy.
And step five, detecting whether the computer is in the area allowed to be used or not by the firmware through the RFID electronic tag. If not, the firmware executes the established security policy.
And step six, if the computer accesses the RFID label and is in the allowable use range, the firmware loads and starts the operating system.
And step seven, after the operating system is started, starting the geo-fence client program.
And step eight, the geo-fence client detects whether the RFID electronic tag is accessed to the computer in real time. And if the RFID electronic tag is not detected to be accessed into the computer, executing the established security policy.
And step nine, the geo-fence client detects whether the computer is in an area allowing to be used or not through the RFID electronic tag in real time. And if the mobile terminal is not in the use-allowed area, executing the established security policy.
Step ten, if the computer accesses the RFID label and is in the allowable use range, the operating system runs normally.
And step eleven, the geo-fence client detects whether a command of stopping running is received. If not, repeating the eight to the eleven steps within a certain time interval. If a stop command is received, the process ends.
From this point, the work process of the firmware-based geofence system is completed.
Examples 3,
Under a domestic platform, the working process of the firmware geo-fence system mainly comprises the following steps:
step one, powering on and starting up a computer.
And step two, initializing the key hardware of the computer by the firmware, and scanning and enumerating the equipment in the system.
And step four, whether the firmware detects whether the RFID electronic tag is accessed in the computer or not is judged. And if the RFID electronic tag is not detected, executing the established security policy. The security policy comprises alarming, shutting down, forbidding starting up and the like.
And step five, the firmware communicates with the RFID electronic tag, detects the position information of the electronic tag and determines whether the computer is in an area allowing use. If not, the firmware executes the established security policy.
And step six, if the computer accesses the RFID label and is in the allowable use range, the firmware loads and starts the operating system.
And step seven, after the operating system is started, starting the geo-fence client program.
And step eight, the geo-fence client detects whether the RFID electronic tag is accessed to the computer in real time. And if the RFID electronic tag is not detected to be accessed into the computer, executing the established security policy.
And step nine, the geo-fence client detects whether the computer is in an area allowing to be used or not through the RFID electronic tag in real time. And if the mobile terminal is not in the use-allowed area, executing the established security policy.
Step ten, if the computer accesses the RFID label and is in the allowable use range, the operating system runs normally.
And step eleven, the geo-fence client detects whether a command of stopping running is received. If not, repeating the eight to the eleven steps within a certain time interval. If a stop command is received, the process ends.
Through the implementation of the steps, the whole implementation process of carrying out geographic position management on the computer through UEFI firmware under a domestic platform is completed.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.