CN100585609C - System and method for ensuring operation environment safety - Google Patents
System and method for ensuring operation environment safety Download PDFInfo
- Publication number
- CN100585609C CN100585609C CN200810105692A CN200810105692A CN100585609C CN 100585609 C CN100585609 C CN 100585609C CN 200810105692 A CN200810105692 A CN 200810105692A CN 200810105692 A CN200810105692 A CN 200810105692A CN 100585609 C CN100585609 C CN 100585609C
- Authority
- CN
- China
- Prior art keywords
- operating system
- file
- key equipment
- cipher key
- intelligent cipher
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 241000700605 Viruses Species 0.000 claims abstract description 44
- 238000011084 recovery Methods 0.000 claims abstract description 29
- 238000003860 storage Methods 0.000 claims description 27
- 238000004891 communication Methods 0.000 claims description 20
- 238000012795 verification Methods 0.000 claims description 17
- 230000008569 process Effects 0.000 claims description 11
- 230000008676 import Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 5
- 238000007689 inspection Methods 0.000 claims description 2
- 230000006835 compression Effects 0.000 abstract description 2
- 238000007906 compression Methods 0.000 abstract description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 abstract 1
- JEIPFZHSYJVQDO-UHFFFAOYSA-N iron(III) oxide Inorganic materials O=[Fe]O[Fe]=O JEIPFZHSYJVQDO-UHFFFAOYSA-N 0.000 abstract 1
- 230000002155 anti-virotic effect Effects 0.000 description 8
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 3
- 230000006378 damage Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000001066 destructive effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 206010033799 Paralysis Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 230000000840 anti-viral effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 230000002950 deficient Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 230000003071 parasitic effect Effects 0.000 description 1
- 230000000644 propagated effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a system and a method for ensuring the safety of an operating system, and belongs to the field of information security. The method comprises the following steps: when a computer starts, by configuring COMS or modifying MBR, the system is guided by intelligent cryptographic key equipment; a compression inner core of a first operating system is loaded in a computer memory; parameters of the first operating system are initialized, a main safe procedure is established, and the first operating system is operated; in the operating environment of the first operating system, a safety file in the intelligent cryptographic key equipment is read, a file recovery program is operated, and an original file is recovered by the safety file. The system comprises a first operating system module, the intelligent cryptographic key equipment and the computer. By utilizing the recovery technique, the invention can quickly realize safe operation of the system, and thoroughly killing hostile programs such as virus, Trojan virus, worm and rouge software.
Description
Technical field
The present invention relates to information security field, particularly a kind of system and method for guaranteeing operation environment safety.
Background technology
Along with the progress of society, the raising of living standards of the people, computing machine applies to social every field one after another, for social and family have created a large amount of wealth.Yet along with computer technology, Internet fast development particularly, the propagation of virus is from having climbed up the express of Internet communication by the floppy disk copy.Computer virus also occurs thereupon, and the loss that causes is increasing.
Computer virus is meant and enters computer data processing system, duplicate some destructive instruction, make these destructive instructions promptly breed repeatedly and spread in computer-internal, the operate as normal of destruction of computer systems causes information loss, the system failure even paralysis.Computer virus generally is one section program or one group of instruction, and it can revise file structure and system configuration in the computer system, and tends to join in the executable file, and is hidden in operating system, is difficult for being discovered and finding.
Computer virus always shows when we use a computer, and therefore, can judge the existence of computer virus according to some phenomenons.Lose or occur that file on random character, the disk is unexpectedly lost, the size of file increases, often occur crashing or other abnormal conditions during working procedure as the system start-up speed back file that obviously slows down, deposits, these phenomenons explanation computing machines have infected virus probably.Medium according to virus exists can be divided into virus network viruses, File Infector Virus and boot-type virus three classes.Network viruses is propagated the executable file that infects in the network by computer network; File in the File Infector Virus infect computers (as: .COM .EXE .DOC etc.); Boot-type virus infects the system boot sector (MBR) that starts sector (Boot) and hard disk.File Infector Virus claims parasitic virus again, usually infect execute file (.EXE), but also some can infect other executable file, as .DLL .SCR or the like, when carrying out infected file, virus just can be shown effect, and will oneself copy to other executable files at every turn, and continue to carry out original program, in order to avoid discovered by the user; Boot-type virus is hidden in the disk, and computer virus has resided in the internal memory before system file starts, when this computer virus memory-resident, just can infect all read in and the disk that do not have write protection.
Because the harm of computer virus brings loss difficult to the appraisal usually can for the computing machine user, therefore, in today, increasing people begin to pay close attention to the security in the computing machine use, in order to avoid computing machine is subjected to virus harm.At present the main product on the computer security software market is an anti-viral software, and these softwares have played great role to information security to a certain extent, but also exist very big deficiency, mainly show following some:
1. anti-virus manufacturer always is trapped in viral back, is limited by virus, and after having only virus to occur and damaging, anti-virus manufacturer just can obtain virus and analyze corresponding solution, is just gone to remove extremely by the user at last;
2. the anti-virus slip-stick artist need spend great amount of manpower Virus Sample is analyzed for a long time, exists serious human resources and expends;
3. can only kill and remove already present virus according to virus base, just powerless for unknown virus.
In the practical application of computing machine; the leak of various operating systems and server software is found that constantly attack method also emerges in an endless stream, and skillful hacker can break through protection layer by layer; the control authority of acquisition system, thus reach the purpose of destroying data message.In the face of this situation, general way is: bring in constant renewal in the upgrading anti-virus software; Server is isolated, and just server is isolated from network, tackles the supply behavior by firewall rule between server and external network; The hacker follows the tracks of, the daily record when checking assault; Response recovers, no matter incident seriousness how, start detection mechanism, check whether file is modified, recover with existing backup if just be modified, but this method running time is long, process is comparatively loaded down with trivial details, the user need detect with killing virus all types of files in testing process totally, and leaves leak easily.
Intelligent cipher key equipment is a kind of convenience that grew up in recent years, safe and reliable ID authentication device.It adopts the double strong factor certification mode of one-time pad, has solved the safe reliability of authenticating user identification well, and provides USB interface and computer expert now to use.It can built-in CPU, storage chip, chip operating system (COS), can store user's key or digital certificate, realizes the various algorithms of encryption and decryption and signature.Because the encryption and decryption computing is carried out in intelligent cipher key equipment, has guaranteed that key can not appear in the calculator memory, thereby has stopped the possibility that user key is intercepted by the hacker.Intelligent cipher key equipment of the prior art is many to connect by USB interface and computing machine, therefore is called USB Key equipment again.Continuous development along with intelligent cipher key equipment, the memory function of intelligent cipher key equipment develops into present mass memory by original low capacity storage in the prior art, promptly pass through at the inner integrated high capacity storage chip of intelligent cipher key equipment, the memory space of intelligent cipher key equipment is expanded as original hundred times, even thousands of times, make the user not only can use intelligent cipher key equipment to finish its intrinsic data enciphering/deciphering and handle and identity recognition function, can also realize the function of mass memory with it.
Summary of the invention
In order to ensure security in the computing machine use and ease for use, the embodiment of the invention provides a kind of system and method for guaranteeing operation environment safety.Described technical scheme is as follows:
A kind of system that guarantees operation environment safety, described system comprises first operating system module, intelligent cipher key equipment and computing machine;
Described first operating system module is used to store first operating system, and described first operating system is moved in described computing machine; In the described first operating system environment, read the secure file in the described intelligent cipher key equipment, utilize described secure file to recover source document corresponding in the described computing machine;
Described intelligent cipher key equipment is used for the storage security file, and carries out data communication with described computing machine;
Described computing machine comprises:
Storage unit is used to store second operating system and source document;
The program run unit, when being used for operate as normal, move second operating system in the described storage unit, when described second operating system is unusual, parameter to first operating system in described first operating system module is carried out initialization, create main security procedure, move first operating system in described first operating system module.
Described first operating system module comprises:
The decompress(ion) unit is used for the driver of described intelligent key module is unziped to calculator memory;
The secure communication unit is used for the data communication between described first operating system and the described intelligent cipher key equipment;
Query unit is used at the described first operating system environment, inquires about the concrete path of the source document that will recover according to the data structure of the secure file in the described intelligent cipher key equipment;
Command executing unit, be used at described first operating system environment, concrete path according to described query unit inquiry, utilize the secure file in the described intelligent cipher key equipment to cover source document corresponding in the described computing machine, or the secure file in the described intelligent cipher key equipment is copied in the described computing machine.
Secure file in the described intelligent cipher key equipment is a compressed file; Correspondingly, the decompress(ion) unit in described first operating system module also is used for the secure file of described intelligent cipher key equipment is decompressed.
Described query unit comprises:
Check to be used for subelement checking the data structure of described secure file at the described first operating system environment, described data structure comprise file logging, filename, file verification and and the complete trails of file;
The path obtains subelement, is used for determining according to the data structure that described inspection subelement is found the concrete path of the source document that is resumed.
Described intelligent cipher key equipment comprises:
Communication unit is used for the data communication between described intelligent cipher key equipment and the described computing machine;
Storage unit is used for the identity information of storage security file, enciphering/deciphering key, algorithm routine, validated user.
The enciphering/deciphering unit, the enciphering/deciphering key and the algorithm routine that are used for using described storage unit to store carry out the enciphering/deciphering processing to data;
Authentication unit is used under the described first operating system environment, and whether the authentication information of checking user input is legal, if legal, notifies described first operating system module to move described file recovery program; Otherwise notify described computing machine to withdraw from described first operating system.
The carrier of described first operating system module is CD, USB flash disk or described intelligent cipher key equipment.
A kind of method of guaranteeing operation environment safety, described method comprises:
Steps A: computer starting is provided with or revises MBR by COMS system is guided by intelligent cipher key equipment;
Step B: the kernel that loads first operating system is to calculator memory;
Step C: the parameter to described first operating system is carried out initialization, creates main security procedure, described first operating system of operation in described computing machine;
Step D: whether in the described first operating system environment, it is legal to call described intelligent cipher key equipment identifying user identity, legal as if described authentication information, then execution in step E;
Step e: read the secure file in the described intelligent cipher key equipment in the described first operating system environment, the operating file recovery routine utilizes described secure file to recover source document corresponding in the described computing machine;
Step F: withdraw from described first operating system;
Step G: described computer run second operating system;
Step H: the running status of second operating system of operation before second operating system of more current operation and secure file recover;
If the running status of second operating system of described current operation is undesired, return described steps A, use the next secure file of secure file described in the described intelligent cipher key equipment to recover source document corresponding in the described computing machine.
Whether described identifying user identity legal comprising:
The prompting user imports authentication information;
Whether the authentication information of described intelligent cipher key equipment internal verification user input is legal;
If described authentication information is legal, then allow the described file recovery program of operation;
If described authentication information is illegal, described intelligent cipher key equipment internal processes judges whether the checking number of times of this user's failure reaches setting value, if reach described setting value, and the prompting error message, otherwise point out described user to import authentication information once more.
Secure file in the described intelligent cipher key equipment in the described step e is a compressed file.
In the described step e, also comprise before the operating file recovery routine: the step that the secure file in the described intelligent cipher key equipment is decompressed.
The described source document that utilizes described secure file to recover correspondence in the described computing machine specifically comprises:
Utilize the secure file in the described intelligent cipher key equipment to cover source document corresponding in the described computing machine, or the secure file in the described intelligent cipher key equipment is copied in the described computing machine.
Described operating file recovery routine, utilize described secure file to recover source document corresponding in the described computing machine and comprise:
Move the file polling program in described first operating system program, the concrete path of the source document that inquiry will recover;
According to the concrete path that inquires, utilize described secure file to cover described source document.
Described operating file recovery routine, utilize described secure file to recover source document corresponding in the described computing machine and comprise:
When the source document of needs recovery has been deleted by Virus, move the file polling program in described first operating system program, the concrete path of the source document that inquiry will recover;
According to the concrete path that inquires, the secure file in the described intelligent cipher key equipment is copied under the concrete path of the described source document that will recover.
The concrete path of the source document that described inquiry will recover comprises:
In the described first operating system environment, the data structure of the described secure file of described file polling program checkout, described data structure comprise file logging, filename, file verification and and the complete trails of file;
Concrete path according to the definite source document that will recover of described data structure.
Described source document is an executable file.
Described secure file is for to back up in described intelligent cipher key equipment in advance, and described secure file is core document or User Defined file.
Described first operating system is (SuSE) Linux OS, Unix operating system, Windows PE operating system, perhaps its compact version.
The beneficial effect of the technical scheme that the embodiment of the invention provides is:
When computing machine occurs when unusual, use the secure file that is stored in the intelligent cipher key equipment to recover source document corresponding in the computing machine by first operating system (for example Unix operating system), can make computing machine can recover normal to the greatest extent.For example, when computing machine by virus, wooden horse, worm, when rogue programs such as rogue software are attacked, prior art needs corresponding antivirus software to remove rogue program usually, need carry out maintenance upgrade constantly to this antivirus software, when antivirus software is powerless to rogue program, usually need the refitting system, system recovery time is long, and after using technical scheme provided by the invention, can back up at the file of being attacked by rogue program easily, when system occurs when unusual, directly recover source document computing machine is recovered normally with the secure file of backup.The present invention utilizes the characteristics that intelligent cipher key equipment can built-in high capacity storage chip, secure file (for example: the file of key and core in system software or the application software) backup in the intelligent cipher key equipment, guarantee the correctness and the security of these files; And, security recovery operation of the present invention in safe and reliable system environments (for example is, simplify secure operating system) descend static state to carry out, virus in can successful dump, overcome anti-virus scheme of the prior art and always after virus occurs, just taken measures, removed the defective of virus.Simultaneously, system file or User Defined file storage in intelligent cipher key equipment, can be recovered system file or User Defined file selectively, and simple to operate, easy to use.
Description of drawings
Fig. 1 is the system architecture synoptic diagram of guaranteeing operation environment safety that the embodiment of the invention 1 provides;
Fig. 2 is the system architecture synoptic diagram of guaranteeing operation environment safety that the embodiment of the invention 1 provides;
Fig. 3 is the system architecture synoptic diagram of guaranteeing operation environment safety that the embodiment of the invention 2 provides;
Fig. 4 is the method flow diagram of guaranteeing operation environment safety that the embodiment of the invention 3 provides.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, embodiment of the present invention is described further in detail below in conjunction with accompanying drawing.
Present embodiment is stored in the intelligent cipher key equipment by simplifying secure operating system, start with its vectoring computer, when secure operating system is simplified in operation, secure file with the inner backup of intelligent cipher key equipment is replaced unsafe file under the origin operation system, computing machine is operated in the environment of safety to guarantee the user.
Embodiment 1
Present embodiment provides a kind of system that guarantees operation environment safety, the intelligent cipher key equipment of present embodiment is a USB Key equipment, first operating system module is the Unix operating system module, first operating system of its storage is Unix operating system, as shown in Figure 1, this Unix operating system module is arranged in the USB Key equipment, and this system that guarantees operation environment safety specifically comprises:
Unix operating system module 110 is used to store the Unix operating system program, this Unix operating system program launch is in computing machine 200, in Unix operating system program launch environment, read the secure file in the USB Key equipment 100, utilize this secure file to recover source document corresponding in the computing machine 200;
As shown in Figure 2, USB Key equipment 100 comprises:
Enciphering/deciphering unit 103 is used for using the enciphering/deciphering key of storage unit 102 storages and algorithm routine that data are carried out the enciphering/deciphering processing;
Unix operating system module 110 comprises:
Decompress(ion) unit 111 is used for the driver of USB Key equipment 100 is unziped to the internal memory of computing machine 200;
Wherein, the data structure of secure file comprises file logging, filename, file verification and and the complete trails of file, file verification and calculate during for the source document in the backup computer, when desire is recovered the source document of correspondence in the computing machine with secure file, can calculate earlier source document file verification and, the file verification that newly calculates with the data structure of secure file in file verification and whether consistent, if it is consistent, illustrate that then this source document does not change, do not need to recover, otherwise, illustrate that variation has taken place this source document, need carry out recovery operation, when needs carry out recovery operation, send trigger pip to command executing unit 114, trigger command performance element 114 carries out recovery operation.Certainly, also can not carry out file verification and comparison and decision operation, directly carry out the file recovery operation.Can be provided with flexibly as required herein.
Secure file in the USB Key equipment 100 is a compressed file; Correspondingly, the decompress(ion) unit 111 in the Unix operating system module 110 also is used for the secure file of USB Key equipment 100 is decompressed.
Wherein, above-mentioned source document can be a core document, also can be the User Defined file.Core document is for backing up the changeless file in USB Key equipment in advance, this core document is that the developer writes in the computing machine 200 in the process that the inside chip of USB Key equipment 100 is developed in advance, in the present embodiment, the type of this core document is an executable file.The User Defined file be the user under second operating system, the file that its file of revising in second operating system is backed up in realtime, and with self-defined file backup in USB Key equipment 100.
Because Virus often occurs with the form of program file, so the embodiment of the invention only carries out recovery operation to executable file, needn't suspect all types of files, and this has saved the running time to a certain extent.
Present embodiment is by being stored in first system (as: Unix operating system) in the USB Key equipment, start with its vectoring computer, when operation first operating system, secure file with the backup of USB Key device interior is replaced unsafe file under second operating system, computing machine is operated in the environment of safety to guarantee the user.
Embodiment 2
Present embodiment provides a kind of system that guarantees operation environment safety, present embodiment is by being stored in first operating system in the CD media, start with its vectoring computer, when operation first operating system, core document with the inner backup of intelligent cipher key equipment recovers unsafe core document under second operating system (operating system that computing machine is installed), computing machine is operated in the environment of safety to guarantee the user.In the present embodiment, intelligent cipher key equipment is a USB Key equipment, and first operating system is Unix operating system, and this operating system is stored in the CD media.
As shown in Figure 3, the system that guarantees operation environment safety specifically comprises:
USB Key equipment 300, Unix operating system module 400 and computing machine 500.Wherein, USB Key equipment 300 comprises: communication unit 301, storage unit 302, enciphering/deciphering unit 303 and authentication unit 304.Unix operating system module 400 comprises: decompress(ion) unit 401, secure communication unit 402, query unit 403 and command executing unit 404.Computing machine 500 comprises: storage unit 501 and program run unit 502.The Unix operating system module 400 of present embodiment is stored in the CD media.
As different from Example 1, in the present embodiment, Unix operating system is stored in the CD media.The function of respective modules or unit is identical among each module in the system of present embodiment or the function of unit and the embodiment 1, repeats no more herein.
Present embodiment has been realized the diversity of the carrier of operating system by Unix operating system is stored in the CD.
In the foregoing description, first operating system also can be (SuSE) Linux OS, Unix operating system, Windows PE operating system, or simplify Unix operating system, simplify (SuSE) Linux OS, simplify Windows PE operating system, support FAT (File Allocation Table, file allocation table) 32/16 or new technology file system.
Present embodiment is stored in the CD media by first operating system (simplifying secure operating system), start with its vectoring computer, when operation first operating system, secure file with the backup of USB Key device interior recovers unsafe file under second operating system (operating system that computing machine is installed), computing machine is operated in the environment of safety to guarantee the user.
Embodiment 3
As shown in Figure 4, present embodiment provides a kind of method of guaranteeing operation environment safety, is example with Unix operating system as first operating system, the secure operating system of simplifying in the present embodiment is the Unix operating system after simplifying as required, origin operation system in the computing machine of present embodiment is second operating system, specifically can be Windows 98 or XP system etc.; Simultaneously, present embodiment is that example describes with USB Key equipment as intelligent cipher key equipment, and this method may further comprise the steps:
Step 601: open computing machine, the USB Key equipment and the computing machine that are loaded with Unix operating system are connected, by BIOS (Basic Input Output System, Basic Input or Output System (BIOS)) start-up mode that is provided with or revises MBR (Main Boot Record, Main Boot Record) computing machine is to start from USB flash disk;
After the compression kernel of step 602:Unix operating system was loaded into calculator memory, the driver of decompress(ion) USB Key equipment was to calculator memory;
Create main security procedure after the step 603:Unix operating system initialization parameter;
Wherein, Unix operating system initialization parameter comprises initialization interruption, interrupt request and scheduling, related command is resolved distribute data buffer zone etc.;
Step 604:Unix operating system by main security procedure inquiry USB Key equipment, judges whether USB Key equipment exists, if exist, then execution in step 605, otherwise execution in step 612;
Step 605:Unix operating system finds USB Key equipment by main security procedure, and Unix operating system prompting user imports authentication information;
Wherein, authentication information comprises: PIN code information, User Defined password, user biological characteristic information etc.
Step 606: the user imports PIN code;
Step 607:USB Key device interior carries out authentication according to the PIN code of user's input to it, judges whether user identity is legal, if legal, then execution in step 608, otherwise execution in step 610;
Step 608:USB Key equipment judges that user identity is legal, and Unix operating system access USB Key equipment obtains the core document that backs up in the USBKey equipment;
Whether step 609:Unix operating system recovers unsafe core document under the origin operation system with the core document that backs up in the USB Key equipment by prompted dialog frame prompting user, after the user selects to recover, under Unix operating system, utilize the core document in the USB Key equipment to recover unsafe core document under the origin operation system;
The data structure of the core document that backs up in the USB Key equipment comprise file logging, filename, file verification and and the complete trails of file, can know the concrete path of unsafe core document under the origin operation system according to the information in this data structure, arrive corresponding file according to this path searching, and then the execute file recovery operation.
In the present embodiment, also comprise before the step 609: the core document in the inquiry USB Key equipment, this document under itself and the origin operation system is compared and judge, judge whether this document under the origin operation system changes, if judged result is that file is revised, then skip this recovery operation, next core document in the USB Key equipment and this document in the origin operation system are compared, when comparative result is inconsistent, the recovery operation of execution in step 609, the recovery operation of this moment are this document under the core document covering origin operation system that utilizes in the USB Key equipment.This is crossed operating process and can finish by the program in the Unix operating system.
Wherein, judge whether the file under the origin operation system changes and can realize in the following manner:
When desire is recovered the source document of correspondence in the computing machine with secure file, can calculate earlier source document file verification and, the file verification that newly calculates with the data structure of the secure file of USB Key device backup in file verification and whether consistent, if it is consistent, illustrate that then this source document does not change, do not need to recover, otherwise, illustrate that variation has taken place this source document, need carry out recovery operation, when needs carried out recovery operation, execution in step 609 was carried out recovery operation.Certainly, also can not carry out file verification and comparison and decision operation, directly carry out the file recovery operation.Can be provided with flexibly as required herein.
In the present embodiment, core document is for backing up the file in USB Key equipment in advance, be changeless, this core document is that the developer writes in the computing machine in the process that the inside chip of USB Key equipment is developed in advance, in the present embodiment, the type of this core document is an executable file.
Step 610:USB Key equipment judges that user identity is illegal, USB Key device interior program judges whether the checking number of times of this user's failure reaches setting value, in the present embodiment, the setting value of checking number of times is 3 times, if reach this setting value, then execution in step 611, otherwise return step 605, require the user to import authentication information once more;
Step 611:USB Key device interior program judges that the checking number of times of this user's failure reaches setting value, and computing machine enters the abnormality processing state;
In the present embodiment, after the process initiation of the information communication of Unix operating system and USB Key equipment, relevant interface service and process initiation, USB Key equipment is judged user's legitimacy, and the interface of appearance input user's ID authentication information, the user must import correct authentication information and determine that it is the legitimacy user of this USB Key equipment.
The main security procedure of step 612:Unix operating system judges that USB Key equipment does not exist, Unix operating system prompting error message, and locking system;
Step 613:Unix operating system finishes, and USB Key equipment disconnects with computing machine and being connected, and the Unix operating system in the internal memory withdraws from automatically, and discharges resource.
Core document in the above-mentioned USB Key equipment is a compressed file, correspondingly, also comprises in the step 608 secure file in the USB Key equipment is decompressed.
When utilizing core document to recover the unsafe file of correspondence in the computing machine in the step 609, can realize in the following manner:
Utilize the core document in the USB Key equipment to cover unsafe file corresponding in the computing machine, or the core document in the USB Key equipment is copied in the computing machine.For example: the file polling program in the operation Unix operating system program, the concrete path of the source document that inquiry will recover according to the concrete path that inquires, utilizes core document to cover source document corresponding in the computing machine.Perhaps, when the source document of needs recovery has been deleted by Virus, file polling program in the operation Unix operating system program, the concrete path of the source document that inquiry will recover, according to the concrete path that inquires, the core document in the USB Key equipment is copied under the concrete path of the source document that will recover.
After present embodiment step 613, the user can be by reruning Windows operating system, by the travelling speed of contrast Windows operating system before and after the core document overlapping operation, and whether situation such as unusual deadlock also appear in the size of disk file or the program operation process, judge whether computing machine has removed virus document by aforesaid operations, if above situation still exists, then the user can proceed above-mentioned file overlapping operation, cover corresponding file on the computing machine with other file in the USB Key equipment (core document or self-defined file), after withdrawing from Unix operating system, computing machine can be till normal operation under the Windows operating system.
The secure file of present embodiment is a core document, and this core document is for backing up the file in USB Key equipment in advance, and core document immobilizes; In addition, Unix operating system can also be by obtaining unsafe User Defined file that the User Defined file that backs up in the USB Key equipment recovers to store in the hard disc of computer, and concrete grammar, does not repeat them here to step 613 with step 601.Wherein, the User Defined file be the user under Windows operating system, the file that its file of revising in Windows operating system is backed up in realtime, and with self-defined file backup in USB Key equipment.
First operating system of present embodiment is Unix operating system, also can be (SuSE) Linux OS, Windows PE operating system, or simplifies Unix operating system, simplifies (SuSE) Linux OS, simplifies Windows PE operating system etc.
Present embodiment is by being stored in secure operating system in the USB Key equipment, start with its vectoring computer, in the secure operating system operational process, need check USB Key equipment when creating main security procedure, judge its validity, under the secure operating system environment, the legitimacy of USB Key device authentication user identity, after the user was legal, the respective file with in the secure file recovery computing machine in the USB Key equipment reached the purpose of removing virus.Make computing machine can eliminate virus as early as possible and disturb, enter normal operating conditions.And method of operating is simple, has very high practicality.
More than a kind ofly guarantee that the system and method for operation environment safety is described in detail to provided by the present invention, used specific case herein principle of the present invention and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that all can change in specific embodiments and applications, to sum up, this description should not be construed as limitation of the present invention.
Claims (17)
1. a system that guarantees operation environment safety is characterized in that, described system comprises first operating system module, intelligent cipher key equipment and computing machine;
Described first operating system module is used to store first operating system, and described first operating system is moved in described computing machine; In the described first operating system environment, read the secure file in the described intelligent cipher key equipment, utilize described secure file to recover source document corresponding in the described computing machine;
Described intelligent cipher key equipment is used for the storage security file, and carries out data communication with described computing machine;
Described computing machine comprises:
Storage unit is used to store second operating system and source document;
The program run unit, when being used for operate as normal, move second operating system in the described storage unit, when described second operating system is unusual, parameter to first operating system in described first operating system module is carried out initialization, create main security procedure, move first operating system in described first operating system module.
2. the system that guarantees operation environment safety as claimed in claim 1 is characterized in that, described first operating system module comprises:
The decompress(ion) unit is used for the driver of described intelligent key module is unziped to calculator memory;
The secure communication unit is used for the data communication between described first operating system and the described intelligent cipher key equipment;
Query unit is used at the described first operating system environment, inquires about the concrete path of the source document that will recover according to the data structure of the secure file in the described intelligent cipher key equipment;
Command executing unit, be used at described first operating system environment, concrete path according to described query unit inquiry, utilize the secure file in the described intelligent cipher key equipment to cover source document corresponding in the described computing machine, or the secure file in the described intelligent cipher key equipment is copied in the described computing machine.
3. the system that guarantees operation environment safety as claimed in claim 2 is characterized in that, the secure file in the described intelligent cipher key equipment is a compressed file; Correspondingly, the decompress(ion) unit in described first operating system module also is used for the secure file of described intelligent cipher key equipment is decompressed.
4. the system that guarantees operation environment safety as claimed in claim 2 is characterized in that, described query unit comprises:
Check to be used for subelement checking the data structure of described secure file at the described first operating system environment, described data structure comprise file logging, filename, file verification and and the complete trails of file;
The path obtains subelement, is used for determining according to the data structure that described inspection subelement is found the concrete path of the source document that is resumed.
5. the system that guarantees operation environment safety as claimed in claim 1 is characterized in that, described intelligent cipher key equipment comprises:
Communication unit is used for the data communication between described intelligent cipher key equipment and the described computing machine;
Storage unit is used for the identity information of storage security file, enciphering/deciphering key, algorithm routine, validated user;
The enciphering/deciphering unit, the enciphering/deciphering key and the algorithm routine that are used for using described storage unit to store carry out the enciphering/deciphering processing to data;
Authentication unit is used under the described first operating system environment, and whether the authentication information of checking user input is legal, if legal, notifies described first operating system module to move described file recovery program; Otherwise notify described computing machine to withdraw from described first operating system.
6. the system that guarantees operation environment safety as claimed in claim 1 is characterized in that, the carrier of described first operating system module is CD, USB flash disk or described intelligent cipher key equipment.
7. a method of guaranteeing operation environment safety is characterized in that, described method comprises:
Steps A: computer starting is provided with or revises MBR by COMS system is guided by intelligent cipher key equipment;
Step B: the kernel that loads first operating system is to calculator memory;
Step C: the parameter to described first operating system is carried out initialization, creates main security procedure, described first operating system of operation in described computing machine;
Step D: whether in the described first operating system environment, it is legal to call described intelligent cipher key equipment identifying user identity, legal as if described authentication information, then execution in step E;
Step e: read the secure file in the described intelligent cipher key equipment in the described first operating system environment, the operating file recovery routine utilizes described secure file to recover source document corresponding in the described computing machine;
Step F: withdraw from described first operating system;
Step G: described computer run second operating system;
Step H: the running status of second operating system of operation before second operating system of more current operation and secure file recover;
If the running status of second operating system of described current operation is undesired, return described steps A, use the next secure file of secure file described in the described intelligent cipher key equipment to recover source document corresponding in the described computing machine.
8. the method for guaranteeing operation environment safety as claimed in claim 7 is characterized in that, whether described identifying user identity legal comprising:
The prompting user imports authentication information;
Whether the authentication information of described intelligent cipher key equipment internal verification user input is legal;
If described authentication information is legal, then execution in step E;
If described authentication information is illegal, described intelligent cipher key equipment internal processes judges whether the checking number of times of this user's failure reaches setting value, if reach described setting value, and the prompting error message, otherwise point out described user to import authentication information once more.
9. the method for guaranteeing operation environment safety as claimed in claim 7 is characterized in that, the secure file in the described intelligent cipher key equipment in the described step e is a compressed file.
10. the method for guaranteeing operation environment safety as claimed in claim 7 is characterized in that, in the described step e, also comprises before the operating file recovery routine: the step that the secure file in the described intelligent cipher key equipment is decompressed.
11. the method for guaranteeing operation environment safety as claimed in claim 7 is characterized in that, the described source document that utilizes described secure file to recover correspondence in the described computing machine specifically comprises:
Utilize the secure file in the described intelligent cipher key equipment to cover source document corresponding in the described computing machine, or the secure file in the described intelligent cipher key equipment is copied in the described computing machine.
12. the method for guaranteeing operation environment safety as claimed in claim 7 is characterized in that, described operating file recovery routine utilizes described secure file to recover source document corresponding in the described computing machine and comprises:
Move the file polling program in described first operating system program, the concrete path of the source document that inquiry will recover;
According to the concrete path that inquires, utilize described secure file to cover described source document.
13. the method for guaranteeing operation environment safety as claimed in claim 7 is characterized in that, described operating file recovery routine utilizes described secure file to recover source document corresponding in the described computing machine and comprises:
When the source document of needs recovery has been deleted by Virus, move the file polling program in described first operating system program, the concrete path of the source document that inquiry will recover;
According to the concrete path that inquires, the secure file in the described intelligent cipher key equipment is copied under the concrete path of the described source document that will recover.
14., it is characterized in that the concrete path of the source document that described inquiry will recover comprises as claim 12 or the 13 described methods of guaranteeing operation environment safety:
In the described first operating system environment, the data structure of the described secure file of described file polling program checkout, described data structure comprise file logging, filename, file verification and and the complete trails of file;
Concrete path according to the definite source document that will recover of described data structure.
15. the method for guaranteeing operation environment safety as claimed in claim 7 is characterized in that, described source document is an executable file.
16. the method for guaranteeing operation environment safety as claimed in claim 7 is characterized in that, described secure file is for to back up in described intelligent cipher key equipment in advance, and described secure file is core document or User Defined file.
17. the method for guaranteeing operation environment safety as claimed in claim 7 is characterized in that, described first operating system is (SuSE) Linux OS, Unix operating system, Windows PE operating system, perhaps its compact version.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810105692A CN100585609C (en) | 2008-04-30 | 2008-04-30 | System and method for ensuring operation environment safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200810105692A CN100585609C (en) | 2008-04-30 | 2008-04-30 | System and method for ensuring operation environment safety |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101436234A CN101436234A (en) | 2009-05-20 |
| CN100585609C true CN100585609C (en) | 2010-01-27 |
Family
ID=40710670
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200810105692A Expired - Fee Related CN100585609C (en) | 2008-04-30 | 2008-04-30 | System and method for ensuring operation environment safety |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100585609C (en) |
Families Citing this family (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8544089B2 (en) * | 2009-08-17 | 2013-09-24 | Fatskunk, Inc. | Auditing a device |
| CN102012823A (en) * | 2009-09-04 | 2011-04-13 | 中兴通讯股份有限公司 | Method and device for quickly restarting computer |
| CN101782858B (en) * | 2010-02-22 | 2013-04-24 | 建汉科技股份有限公司 | System boot method for network device |
| CN102184357B (en) * | 2011-04-28 | 2014-03-19 | 郑州信大捷安信息技术股份有限公司 | Portable trustworthy private information processing system |
| CN102195987B (en) * | 2011-05-31 | 2014-04-30 | 成都七巧软件有限责任公司 | Distributed credibility authentication method and system thereof based on software product library |
| CN102298680B (en) * | 2011-08-12 | 2015-01-07 | 曙光信息产业(北京)有限公司 | Secure startup method for computer |
| CN102298679B (en) * | 2011-08-12 | 2015-05-13 | 无锡城市云计算中心有限公司 | BIOS (Basic Input/ Output System) authentication method based on USB (Universal Serial Bus) key |
| CN102722670B (en) * | 2012-05-29 | 2014-10-22 | 中国联合网络通信集团有限公司 | Mobile storage equipment-based file protection method, equipment and system |
| CN103678973A (en) * | 2013-12-13 | 2014-03-26 | 成都卫士通信息产业股份有限公司 | System capable of realizing access control of host and virtual machine simultaneously and working method thereof |
| CN104361298B (en) * | 2014-10-30 | 2017-10-10 | 中国人民解放军信息工程大学 | The method and apparatus of Information Security |
| US10614216B2 (en) * | 2015-04-14 | 2020-04-07 | Gigavation, Inc. | Paravirtualized security threat protection of a computer-driven system with networked devices |
| EP3182134A1 (en) * | 2015-12-18 | 2017-06-21 | Roche Diagnostics GmbH | Method for restoring settings of an instrument for processing a sample or a reagent, and system comprising an instrument for processing a sample or reagent |
| CN106411832A (en) * | 2016-03-30 | 2017-02-15 | 苏州美天网络科技有限公司 | Cloud authentication hard disk recovery method |
| CN108959915B (en) * | 2018-06-30 | 2022-07-22 | 平安科技(深圳)有限公司 | Rootkit detection method, rootkit detection device and server |
| CN115935321B (en) * | 2022-12-29 | 2024-04-19 | 长春吉大正元信息技术股份有限公司 | Method, device and storage medium for accessing algorithm library |
-
2008
- 2008-04-30 CN CN200810105692A patent/CN100585609C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101436234A (en) | 2009-05-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100585609C (en) | System and method for ensuring operation environment safety | |
| US10291634B2 (en) | System and method for determining summary events of an attack | |
| Araujo et al. | From patches to honey-patches: Lightweight attacker misdirection, deception, and disinformation | |
| Mutti et al. | Baredroid: Large-scale analysis of android apps on real devices | |
| US7725703B2 (en) | Systems and methods for securely booting a computer with a trusted processing module | |
| JP5011436B2 (en) | Method and apparatus for detecting malicious acts of a computer program | |
| Martignoni et al. | A layered architecture for detecting malicious behaviors | |
| US8474032B2 (en) | Firewall+ storage apparatus, method and system | |
| US7506380B2 (en) | Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module | |
| US7669059B2 (en) | Method and apparatus for detection of hostile software | |
| US20140020083A1 (en) | Customizable Storage Controller With Integrated F+ Storage Firewall Protection | |
| US11290492B2 (en) | Malicious data manipulation detection using markers and the data protection layer | |
| Fattori et al. | Hypervisor-based malware protection with accessminer | |
| US8549626B1 (en) | Method and apparatus for securing a computer from malicious threats through generic remediation | |
| Shan et al. | Malware clearance for secure commitment of OS-level virtual machines | |
| Pektaş et al. | A dynamic malware analyzer against virtual machine aware malicious software | |
| Alzahrani et al. | Ransomware in windows and android platforms | |
| Sun et al. | A praise for defensive programming: Leveraging uncertainty for effective malware mitigation | |
| Bacs et al. | System-level support for intrusion recovery | |
| Wu et al. | Iotprotect: Highly deployable whitelist-based protection for low-cost internet-of-things devices | |
| Reeves | Autoscopy Jr.: Intrusion detection for embedded control systems | |
| Németh et al. | Detection of persistent rootkit components on embedded IoT devices | |
| Bayer | Large-scale dynamic malware analysis | |
| Grill | Bootkits revisited: detecting, analysing and mitigating bootkit threats | |
| Daghmehchi Firoozjaei et al. | Parent process termination: an adversarial technique for persistent malware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: FEITIAN TECHNOLOGIES CO., LTD. Free format text: FORMER NAME: BEIJING FEITIAN CHENGXIN SCIENCE + TECHNOLOGY CO. LTD. |
|
| CP03 | Change of name, title or address |
Address after: 100085 Beijing city Haidian District Xueqing Road No. 9 Ebizal building B block 17 layer Patentee after: Feitian Technologies Co.,Ltd. Address before: 100083, Haidian District, Xueyuan Road, No. 40 research, 7 floor, 5 floor, Beijing Patentee before: FEITIAN TECHNOLOGIES Co.,Ltd. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100127 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |