CN112256352A - Method and device for authorized starting of embedded operating system and computer system - Google Patents
Method and device for authorized starting of embedded operating system and computer system Download PDFInfo
- Publication number
- CN112256352A CN112256352A CN202011178800.4A CN202011178800A CN112256352A CN 112256352 A CN112256352 A CN 112256352A CN 202011178800 A CN202011178800 A CN 202011178800A CN 112256352 A CN112256352 A CN 112256352A
- Authority
- CN
- China
- Prior art keywords
- identification code
- operating system
- authorization file
- activation
- starting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000013475 authorization Methods 0.000 claims abstract description 79
- 238000001994 activation Methods 0.000 claims description 86
- 230000004913 activation Effects 0.000 claims description 74
- 238000012545 processing Methods 0.000 claims description 18
- 230000008569 process Effects 0.000 claims description 13
- 238000012795 verification Methods 0.000 claims description 9
- 229910002056 binary alloy Inorganic materials 0.000 claims description 7
- 230000005540 biological transmission Effects 0.000 claims description 5
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 230000002265 prevention Effects 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 3
- 230000003213 activating effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Evolutionary Computation (AREA)
- Evolutionary Biology (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Computational Biology (AREA)
- Artificial Intelligence (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Life Sciences & Earth Sciences (AREA)
- Stored Programmes (AREA)
Abstract
The invention relates to a method and a device for authorized starting of an embedded operating system and a computer system, wherein the method for authorized starting of the embedded operating system comprises the following steps: after the kernel of the operating system is basically initialized, trying to acquire an identification code and an authorization file of a chip; after the identification code and the authorization file are successfully acquired, judging whether the identification code is matched with the authorization file; and when the identification code is matched with the authorization file, controlling the starting of the operating system. The invention provides a method for authorizing and starting a high-reliability operating system based on an SOC chip and an embedded operating system, which can realize that the embedded operating system can be started only aiming at a specified chip batch, thereby achieving the purpose of protecting the copyright of the software of the embedded operating system.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a device for authorized starting of an embedded operating system and a computer system.
Background
The development of embedded operating systems is usually very invested, however, the problems which are ubiquitous at present are: the copyright of the developed embedded operating system software cannot be effectively protected, and great loss is caused to software developers. In order to solve the above problems, especially when manufacturers downstream of the embedded operating system developed by the manufacturers of the SOC chip need to perform secondary development, the manufacturers of the SOC chip need to have a method, which can issue the source code of the embedded operating system to customers in a limited source code form, so that the manufacturers downstream of the SOC chip have the right to compile and make images, and at the same time, the customers cannot bypass the authorized starting process of the operating system, so as to better protect the copyright of the software of the embedded operating system without affecting the normal use of the customers.
Disclosure of Invention
In view of the above, the present invention provides a method, an apparatus and a computer system for authorizing booting of an embedded operating system to overcome the deficiencies of the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme: a method for authorizing start of an embedded operating system comprises the following steps:
after the kernel of the operating system is basically initialized, trying to acquire an identification code and an authorization file of a chip;
after the identification code and the authorization file are successfully acquired, judging whether the identification code is matched with the authorization file;
and when the identification code is matched with the authorization file, controlling the starting of the operating system.
Optionally, the determining whether the identification code is matched with the authorization file specifically includes:
decrypting the authorization file by using a built-in public key of an operating system;
and judging whether the decrypted content of the authorization file is matched with the identification code.
Optionally, the method further includes:
and when the identification code is failed to be acquired, restarting the operating system and stopping under the boot.
Optionally, the method further includes:
and starting an activation process to acquire the authorization file after the identification code is successfully acquired and the authorization file is unsuccessfully acquired.
Optionally, the starting an activation process to obtain an authorization file specifically includes:
logging in an activation server through an account password and sending an activation request to the activation server, wherein the activation server acquires the residual activation times corresponding to the account, and if the residual activation times are zero, the activation request of the chip is not accepted;
the identification code is subjected to specific processing and then encrypted through a public key, and then the identification code is sent to the activation server;
the activation server decrypts the received information by using a private key, performs specific processing to obtain an identification code, and verifies the correctness of the identification code; and when the identification code is correct, performing specific processing on the identification code, encrypting the identification code through a private key to generate an authorization file, and transmitting the authorization file back to the chip.
Optionally, the checking the correctness of the identification code specifically includes:
comparing the identification code with an identification code prestored in the activation server;
if the identification code is different from all identification codes prestored in the activation server, the identification code is wrong; otherwise, the identification code is correct.
Optionally, the specifically processing the identification code specifically includes:
and performing obfuscation processing on the identification code by using an obfuscation algorithm.
Optionally, the method further includes: skipping prevention of a verification process; the anti-skipping check flow comprises the following steps:
the kernel starting parameters are set to be starting parameters which do not accept any bootload transmission when the kernel is compiled;
storing the program related to verification in the root file system by using a binary system;
recording the sha256 check value of an initialization program during kernel compiling, and performing sha256 comparison on a related binary system in a root file system when the check program is started; after the comparison is successful, the operating system can be started.
The invention also provides a device for authorizing and starting the embedded operating system, which comprises:
the acquisition module is used for trying to acquire the identification code and the authorization file of the chip after the kernel of the operating system is basically initialized;
the judging module is used for judging whether the identification code is matched with the authorization file or not after the identification code and the authorization file are successfully acquired;
and the control module is used for controlling the starting of the operating system when the identification code is matched with the authorization file.
The present invention also provides a computer system comprising:
the system comprises an SOC chip, an activation tool and an activation server;
the SOC chip is pre-loaded with an embedded operating system; the SOC chip controls the starting of the operating system by adopting the method;
when the method for authorizing and starting the embedded operating system is executed, after the identification code of the SOC chip is successfully acquired and the authorization file is unsuccessfully acquired, the SOC chip establishes an interactive relation with the activation server through the activation tool so as to try to acquire the authorization file from the activation server.
By adopting the technical scheme, the method for authorized starting of the embedded operating system comprises the following steps: after the kernel of the operating system is basically initialized, trying to acquire an identification code and an authorization file of a chip; after the identification code and the authorization file are successfully acquired, judging whether the identification code is matched with the authorization file; and when the identification code is matched with the authorization file, controlling the starting of the operating system. The invention provides a method for authorizing and starting a high-reliability operating system based on an SOC chip and an embedded operating system, which can realize that the embedded operating system can be started only aiming at a specified chip batch, thereby achieving the purpose of protecting the copyright of the software of the embedded operating system.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of an embodiment of a method for authorized booting of an embedded operating system according to the present invention;
FIG. 2 is a flowchart of a second embodiment of a method for authorized booting of an embedded operating system according to the present invention;
FIG. 3 is a flow diagram of the activation process of FIG. 2;
FIG. 4 is a schematic diagram of a check flow for preventing skipping during startup of an SOC chip;
FIG. 5 is a block diagram of an apparatus for authorized booting of an embedded OS according to an embodiment of the present invention;
FIG. 6 is a block diagram of a computer system according to an embodiment of the present invention.
In the figure: 1. an acquisition module; 2. a judgment module; 3. a control module; 4. an SOC chip; 5. activating the tool; 6. the server is activated.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be described in detail below. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the examples given herein without any inventive step, are within the scope of the present invention.
Fig. 1 is a flowchart illustrating an embodiment of a method for authorized booting of an embedded operating system according to the present invention.
As shown in fig. 1, the method for authorized start of an embedded operating system according to this embodiment includes:
s11: after the kernel of the operating system is basically initialized, trying to acquire an identification code and an authorization file of a chip;
s12: after the identification code and the authorization file are successfully acquired, judging whether the identification code is matched with the authorization file;
further, the determining whether the identification code matches the authorization file specifically includes:
decrypting the authorization file by using a built-in public key of an operating system;
and judging whether the decrypted content of the authorization file is matched with the identification code.
S13: and when the identification code is matched with the authorization file, controlling the starting of the operating system.
By using the method of the embodiment, when the embedded operating system is downloaded to an SOC chip without an identification code, or an identification code recorded by an activation server is not available, the embedded operating system cannot be started correctly. The method is a high-reliability authorized starting method of the operating system, and effectively guarantees the copyright of the embedded operating system.
Fig. 2 is a flowchart illustrating a method for authorized booting of an embedded operating system according to a second embodiment of the present invention.
As shown in fig. 2, the method for authorized start of an embedded operating system according to this embodiment includes:
s21: powering on and starting;
s22: basic initialization of an operating system kernel;
s23: attempting to acquire an identification code of a chip;
s24: when the identification code is successfully acquired, attempting to acquire an authorization file;
when the identification code acquisition fails, executing S21, namely restarting the operating system and stopping under the boot;
s25: after the authorization file is successfully acquired, judging whether the identification code is matched with the authorization file;
further, the determining whether the identification code matches the authorization file specifically includes:
decrypting the authorization file by using a built-in public key of an operating system;
and judging whether the decrypted content of the authorization file is matched with the identification code.
S26: when the identification code is matched with the authorization file, controlling the operating system to start;
s27: when the authorization file is failed to be acquired or the identification code is not matched with the authorization file, starting an activation process;
s28: after the activation process is completed, the process returns to step S21 to restart the operating system.
Further, the starting activation process specifically includes:
logging in an activation server through an account password and sending an activation request to the activation server, wherein the activation server acquires the residual activation times corresponding to the account, and if the residual activation times are zero, the activation request of the chip is not accepted;
the identification code is subjected to specific processing and then encrypted through a public key, and then the identification code is sent to the activation server;
the activation server decrypts the received information by using a private key, performs specific processing to obtain an identification code, and verifies the correctness of the identification code; and when the identification code is correct, performing specific processing on the identification code, encrypting the identification code through a private key to generate an authorization file, and transmitting the authorization file back to the chip.
Further, the checking the correctness of the identification code specifically includes:
comparing the identification code with an identification code prestored in the activation server;
if the identification code is different from all identification codes prestored in the activation server, the identification code is wrong; otherwise, the identification code is correct.
Further, the specifically processing the identification code specifically includes:
and performing obfuscation processing on the identification code by using an obfuscation algorithm.
The processing mode can guarantee the safety of the identification code in transmission, the identification code in transmission is confused by using the confusion algorithm, even if the private key is leaked carelessly, a cracker cannot directly generate an authorization file, and the reliability of the starting method is favorably ensured.
It should be noted that, the method described in this embodiment is provided on the premise that a trusted module is built in the SOC chip, and the module stores a unique identification code of the chip, and the trusted module is characterized in that the trusted module can be written only once.
In actual use, the embodiment relates to the improvement of the existing embedded operating system, the development of an activation tool and the development of activation server-side software. In this embodiment, an SOC chip identification code check program is added to a default loading program of a root file system to obtain the identification code, and a check program for determining whether an authorization file exists is added to obtain the authorization file; when the authorization file does not exist (namely the authorization file is not acquired), an activation process is started to acquire the authorization file again. When the activation process is started to obtain the authorization file, a computer with an activation tool needs to be loaded, the computer end interacts with the single board carrying the SOC chip through a network, and the computer end carrying the activation tool is connected with the activation server. It is understood that the interaction mode of the SOC chip and the activation server is not limited to the computer side, and other connection modes capable of implementing the interaction between the SOC chip and the activation server are also within the protection scope of the present application.
In this embodiment, the identification codes implanted in each SOC chip are different, and all the identification codes are prestored in the activation server.
As shown in fig. 3, the activation process may include the following steps:
s31: the activation tool firstly logs in an activation server through an account password;
s32: activating a tool end computer to establish communication connection with a single board carrying the SOC chip;
s33: the SOC chip sends an activation request to an activation server through an activation tool;
s34: the activation server obtains the residual activation times of the login account, and if the residual activation times are 0, the activation request of the chip is not accepted;
s35: the SOC chip confuses the identification code of the SOC chip through a confusion algorithm, encrypts the identification code through a public key and sends the identification code to an activation tool;
s36: after receiving the information, the activation tool sends the information to an activation server;
s37: the activation server decrypts the received information by using a private key, performs de-obfuscation by using a certain algorithm (corresponding to an obfuscation algorithm) to obtain an identification code, and verifies the correctness of the identification code; when the identification code is correct, the identification code is subjected to confusion processing and then encrypted through a private key to generate an authorization file, and the authorization file is transmitted back to an activation tool;
s38: the activation tool transmits the authorization file back to the SOC chip.
It should be noted that, when the system is started, the ramdisk start check process is first performed, and if the kernel start parameter is manually specified so that the kernel start parameter is not loaded on the ramdisk, or the ramdisk is rewritten and replaced with the initialization program, there may be a risk of skipping. As shown in fig. 4, in order to prevent skipping the verification process when the SOC chip is started, the method further includes: skipping prevention of a verification process; further, the anti-skip verification process includes:
the kernel starting parameters are set to be starting parameters which do not accept any bootload transmission when the kernel is compiled; namely, the kernel starting parameter is a fixed value and is not allowed to be modified; therefore, the root file system can be ensured to be accessed in a certain way during starting;
storing the program related to verification in the root file system by using a binary system; no form of script is used here to prevent being viewed and modified in the clear;
recording the sha256 check value of an initialization program during kernel compiling, and performing sha256 comparison on a related binary system in a root file system when the check program is started so as to prevent the file from being replaced by a modified executable file; and when the comparison is successful, the operating system can be started.
Through the process, the system can be ensured to enter a preset check flow at certain time when being started and cannot be skipped.
By adopting the method of the embodiment, for the SOC chip customer to develop the special driver, only the kernel header file is provided, and the key file is provided in a binary system, so that the driver development can be satisfied. The method enables the client not to modify the key starting process of the kernel; meanwhile, the key binary file is subjected to digital signature, verification is carried out in the compiling process, and once the key binary file is illegally modified, mirror image production cannot be finished.
The embodiment provides a method for authorized starting of a high-reliability operating system based on an SOC chip and an embedded operating system, which realizes that the version of the embedded operating system can be started only for a specified chip batch.
FIG. 5 is a schematic structural diagram provided by an embodiment of an apparatus for authorizing booting of an embedded operating system according to the present invention.
As shown in fig. 5, the device for authorizing and starting the embedded operating system according to this embodiment includes:
the acquisition module 1 is used for trying to acquire an identification code and an authorization file of a chip after an operating system kernel is basically initialized;
the judging module 2 is configured to judge whether the identification code is matched with the authorization file after the identification code and the authorization file are successfully acquired;
and the control module 3 is used for controlling the starting of the operating system when the identification code is matched with the authorization file.
The working principle of the device for authorized start of an embedded operating system according to this embodiment is the same as the working principle of the method for authorized start of an embedded operating system according to fig. 1 or fig. 2, and is not described herein again.
The embodiment provides a device for authorized starting of a high-reliability operating system based on an SOC chip and an embedded operating system, which can realize that the embedded operating system can be started only aiming at a specified chip batch, thereby achieving the purpose of protecting the copyright of the software of the embedded operating system.
FIG. 6 is a block diagram of a computer system according to an embodiment of the present invention.
As shown in fig. 6, the computer system according to this embodiment includes:
an SOC chip 4, an activation tool 5, and an activation server 6;
the SOC chip 4 is pre-loaded with an embedded operating system; the SOC chip 4 controls the start of the operating system by adopting the method described above;
when the method for authorizing and starting the embedded operating system is executed, after the identification code of the SOC chip 4 is successfully acquired and the authorization file is unsuccessfully acquired, the SOC chip 4 establishes an interactive relation with the activation server 6 through the activation tool 5 so as to try to acquire the authorization file from the activation server 6.
For the working principle among the SOC chip 4, the activation tool 5, and the activation server 6, please refer to the description of the activation process to obtain the authorization file, which is not described herein again.
It is understood that the same or similar parts in the above embodiments may be mutually referred to, and the same or similar parts in other embodiments may be referred to for the content which is not described in detail in some embodiments.
It should be noted that the terms "first," "second," and the like in the description of the present invention are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Further, in the description of the present invention, the meaning of "a plurality" means at least two unless otherwise specified.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.
Claims (10)
1. A method for authorizing start of an embedded operating system, comprising:
after the kernel of the operating system is basically initialized, trying to acquire an identification code and an authorization file of a chip;
after the identification code and the authorization file are successfully acquired, judging whether the identification code is matched with the authorization file;
and when the identification code is matched with the authorization file, controlling the starting of the operating system.
2. The method of claim 1, wherein the determining whether the identification code matches the authorization file specifically comprises:
decrypting the authorization file by using a built-in public key of an operating system;
and judging whether the decrypted content of the authorization file is matched with the identification code.
3. The method of claim 1, further comprising:
and when the identification code is failed to be acquired, restarting the operating system and stopping under the boot.
4. The method of claim 1, further comprising:
and starting an activation process to acquire the authorization file after the identification code is successfully acquired and the authorization file is unsuccessfully acquired.
5. The method according to claim 4, wherein the starting the activation process to obtain the authorization file specifically includes:
logging in an activation server through an account password and sending an activation request to the activation server, wherein the activation server acquires the residual activation times corresponding to the account, and if the residual activation times are zero, the activation request of the chip is not accepted;
the identification code is subjected to specific processing and then encrypted through a public key, and then the identification code is sent to the activation server;
the activation server decrypts the received information by using a private key, performs specific processing to obtain an identification code, and verifies the correctness of the identification code; and when the identification code is correct, performing specific processing on the identification code, encrypting the identification code through a private key to generate an authorization file, and transmitting the authorization file back to the chip.
6. The method of claim 5, wherein verifying the correctness of the identification code specifically comprises:
comparing the identification code with an identification code prestored in the activation server;
if the identification code is different from all identification codes prestored in the activation server, the identification code is wrong; otherwise, the identification code is correct.
7. The method according to claim 5, wherein the specific processing of the identification code specifically includes:
and performing obfuscation processing on the identification code by using an obfuscation algorithm.
8. The method of any one of claims 1 to 7, further comprising: skipping prevention of a verification process; the anti-skipping check flow comprises the following steps:
the kernel starting parameters are set to be starting parameters which do not accept any bootload transmission when the kernel is compiled;
storing the program related to verification in the root file system by using a binary system;
recording the sha256 check value of an initialization program during kernel compiling, and performing sha256 comparison on a related binary system in a root file system when the check program is started; after the comparison is successful, the operating system can be started.
9. An apparatus for authorizing booting of an embedded operating system, comprising:
the acquisition module is used for trying to acquire the identification code and the authorization file of the chip after the kernel of the operating system is basically initialized;
the judging module is used for judging whether the identification code is matched with the authorization file or not after the identification code and the authorization file are successfully acquired;
and the control module is used for controlling the starting of the operating system when the identification code is matched with the authorization file.
10. A computer system, comprising:
the system comprises an SOC chip, an activation tool and an activation server;
the SOC chip is pre-loaded with an embedded operating system; the SOC chip controls the operating system to boot up using the method of any of claims 1 to 8;
when the method for authorizing and starting the embedded operating system is executed, after the identification code of the SOC chip is successfully acquired and the authorization file is unsuccessfully acquired, the SOC chip establishes an interactive relation with the activation server through the activation tool so as to try to acquire the authorization file from the activation server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011178800.4A CN112256352A (en) | 2020-10-29 | 2020-10-29 | Method and device for authorized starting of embedded operating system and computer system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011178800.4A CN112256352A (en) | 2020-10-29 | 2020-10-29 | Method and device for authorized starting of embedded operating system and computer system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112256352A true CN112256352A (en) | 2021-01-22 |
Family
ID=74262193
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011178800.4A Pending CN112256352A (en) | 2020-10-29 | 2020-10-29 | Method and device for authorized starting of embedded operating system and computer system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112256352A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114546506A (en) * | 2022-02-24 | 2022-05-27 | 科东(广州)软件科技有限公司 | Authorization method, device, equipment and medium for embedded operating system |
| CN115859230A (en) * | 2023-02-27 | 2023-03-28 | 深圳市启明智显科技有限公司 | Authorization management system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1471406A1 (en) * | 2003-04-25 | 2004-10-27 | Culture.com Technology (Macau) Ltd | Method of verifying authorized use of electronic book on an information platform |
| US20100017886A1 (en) * | 2006-12-22 | 2010-01-21 | Nxp, B.V. | System and method for remotely tracking an activation of protected software |
| CN110555290A (en) * | 2019-09-02 | 2019-12-10 | 积成电子股份有限公司 | industrial control software copyright protection method and system based on FPGA |
| CN111339502A (en) * | 2020-02-23 | 2020-06-26 | 苏州浪潮智能科技有限公司 | Starting method, system, equipment and medium for kernel in FPGA |
| CN111414588A (en) * | 2019-01-08 | 2020-07-14 | 杭州海康威视数字技术股份有限公司 | Authorization key generation method, authorization key generation device and authorization server |
-
2020
- 2020-10-29 CN CN202011178800.4A patent/CN112256352A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1471406A1 (en) * | 2003-04-25 | 2004-10-27 | Culture.com Technology (Macau) Ltd | Method of verifying authorized use of electronic book on an information platform |
| US20100017886A1 (en) * | 2006-12-22 | 2010-01-21 | Nxp, B.V. | System and method for remotely tracking an activation of protected software |
| CN111414588A (en) * | 2019-01-08 | 2020-07-14 | 杭州海康威视数字技术股份有限公司 | Authorization key generation method, authorization key generation device and authorization server |
| CN110555290A (en) * | 2019-09-02 | 2019-12-10 | 积成电子股份有限公司 | industrial control software copyright protection method and system based on FPGA |
| CN111339502A (en) * | 2020-02-23 | 2020-06-26 | 苏州浪潮智能科技有限公司 | Starting method, system, equipment and medium for kernel in FPGA |
Non-Patent Citations (1)
| Title |
|---|
| 何永瑾 等: "基于注册码的软件授权保护系统的设计与实现", 信息技术与网络安全, no. 05 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114546506A (en) * | 2022-02-24 | 2022-05-27 | 科东(广州)软件科技有限公司 | Authorization method, device, equipment and medium for embedded operating system |
| CN114546506B (en) * | 2022-02-24 | 2022-12-02 | 科东(广州)软件科技有限公司 | Authorization method, device, equipment and medium for embedded operating system |
| CN115859230A (en) * | 2023-02-27 | 2023-03-28 | 深圳市启明智显科技有限公司 | Authorization management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10931451B2 (en) | Securely recovering a computing device | |
| US8688967B2 (en) | Secure booting a computing device | |
| Garriss et al. | Trustworthy and personalized computing on public kiosks | |
| CA2655151C (en) | System and method for authenticating a gaming device | |
| US8826405B2 (en) | Trusting an unverified code image in a computing device | |
| CN110719166A (en) | Chip burning method, chip burning device, chip burning system and storage medium | |
| US20080022380A1 (en) | Method of patching applications on small resource-constrained secure devices | |
| US8533829B2 (en) | Method for monitoring managed device | |
| CN110688660B (en) | Method and device for safely starting terminal and storage medium | |
| CN112256352A (en) | Method and device for authorized starting of embedded operating system and computer system | |
| WO2020037613A1 (en) | Security upgrade method, apparatus and device for embedded program, and storage medium | |
| CN111797038B (en) | Burning control method, system, device, equipment and computer readable storage medium | |
| CN112231649A (en) | Firmware encryption processing method, device, equipment and medium | |
| CN111095206B (en) | Method for verifying medical application program, end user device and medical system | |
| CN112966276B (en) | Method, device and medium for safely starting computer | |
| CN111125710B (en) | Information processing method and device, electronic equipment and storage medium | |
| KR101485468B1 (en) | Apparatus and method for booting system in portable terminal | |
| CN116594803B (en) | MacOS repairing method and device based on processing chip and related medium | |
| CN118133246A (en) | Encryption control method and device for chip firmware and electronic equipment | |
| CN117278219A (en) | Data processing method, apparatus, computer device, readable storage medium, and product | |
| KR20140136166A (en) | Method and apparatus for preventing of accessing an administartor right | |
| CN115587342A (en) | Software product authorization license protection system and method | |
| CN111625836A (en) | Trusted boot method of entrance guard type electronic equipment | |
| CN117932623A (en) | Safe booting method and system for operating system | |
| CN117892359A (en) | Integrity measurement method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |