CN101770558B - Computer and method and device for promoting safety performance of operation system thereof - Google Patents
Computer and method and device for promoting safety performance of operation system thereof Download PDFInfo
- Publication number
- CN101770558B CN101770558B CN 200810247042 CN200810247042A CN101770558B CN 101770558 B CN101770558 B CN 101770558B CN 200810247042 CN200810247042 CN 200810247042 CN 200810247042 A CN200810247042 A CN 200810247042A CN 101770558 B CN101770558 B CN 101770558B
- Authority
- CN
- China
- Prior art keywords
- administration module
- unit
- normal
- information
- computing machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a computer and a method and a device for promoting the safety performance of an operation system thereof. The method disclosed by the invention is applied to a computer device which comprises an embedded controller EC and a management module used for judging whether a device which is arranged inside or outside the computer is a legal device or not or judging whether the operation of the device which is arranged inside or outside the computer by a user is legal or not, a verification condition for verifying whether the management module works normally or not is arranged between the management module and the EC; and the method comprises the following steps: acquiring the information of the management module; judging whether the management module works normally or not according to the verification condition and the information; and generating an alarm message when the management module does not work normally. By adopting the computer, the method and the device, the safety of the operation system can be guaranteed to the greatest extent.
Description
Technical field
The present invention relates to field of computer technology, relate in particular to a kind of computing machine and promote method, the device of its safety performance of operation system.
Background technology
Computing machine can have an administration module when dispatching from the factory, this administration module be used for judging one be internal or external at computing machine equipment whether be legitimate device or be used for judges whether be internal or external at the operation of equipment of computing machine to one legal.
The inventor is in research process, and find that there is following shortcoming at least in operation system of computer: there is threat in the security of operating system.
Particularly, the security level of this administration module is low excessively, might illegally closed or be replaced at any time.And user and do not know that this administration module has illegally been closed or has been replaced if continue to use a computer, will constitute a threat to the security of operating system.
Summary of the invention
In view of this, the invention provides a kind of computing machine and promote method, the device of its safety performance of operation system, at utmost to guarantee the security of operating system.
A kind of method that promotes safety performance of operation system in the computing machine; Said method is applied to comprise in the computer equipment of an embedded controller EC and an administration module; Said administration module be used for judging one be internal or external at said computing machine equipment whether be legitimate device or be used for judges whether be internal or external at the operation of equipment of said computing machine to one legal; Exist between said administration module and said EC to be used to verify the whether verification condition of operate as normal of said administration module, said method comprises:
Obtain the information of said administration module;
According to said verification condition and said information, judge whether operate as normal of said administration module;
When said administration module does not have operate as normal, produce a warning message.
Preferably, said according to said verification condition and said information, judge whether operate as normal comprises said administration module:
After receiving said information, check according to said verification condition whether said administration module is provided with zone bit;
Whether be provided with said zone bit according to said administration module, judge whether operate as normal of said administration module.
Alternatively, judging said administration module according to said zone bit whether after the operate as normal, said method also comprises:
Remove said zone bit, and start timer, and notify said administration module to send said information once more;
In the time of said timer settings, judge whether operate as normal of said administration module according to said zone bit once more.
Preferably, said generation one warning message comprises:
Notify said operating system to get into alert status, said alert status is used to guarantee the security of said operating system.
A kind of embedded controller that promotes safety performance of operation system in the computing machine, said embedded controller comprises:
Acquiring unit is used to obtain the information of said administration module;
Judging unit, the said information that is used for the verification condition between basis and the administration module and obtains from said acquiring unit is judged whether operate as normal of said administration module;
Alarm unit is used for when said judgment unit judges goes out said administration module and do not have operate as normal, producing a warning message.
Preferably, said judging unit comprises:
Check the unit, be used for after receiving said information, check according to said verification condition whether said administration module is provided with zone bit;
Judgment sub-unit is used for the said zone bit that whether has of checking that according to said the unit checks, and judges whether operate as normal of said administration module.
Alternatively, said embedded controller also comprises:
Remove the unit, be used to remove said zone bit;
Start unit is used to start timer, to get into regularly detected state;
Notification unit is used for the process at said start unit startup timer, notifies said administration module to send said information once more;
Said judgment sub-unit also comprises:
First judgment sub-unit was used in the time of said timer settings, judged according to said zone bit whether said administration module is in normal mode of operation once more.
A kind of computing machine, said computing machine comprises embedded controller and mainboard, and said embedded controller is positioned on the said mainboard, and said embedded controller comprises:
Acquiring unit is used to obtain the information of said administration module;
Judging unit is used for the said information that verification condition and said acquiring unit between basis and the administration module obtain, and judges whether operate as normal of said administration module;
Alarm unit is used for when said judgment unit judges goes out said administration module and do not have operate as normal, producing a warning message.
Can find out; Administration module and embedded controller (EC among the present invention; Embeded Controller) carry out alternately, verification condition between EC basis and the administration module and the information that receives judges, thereby judges whether operate as normal of administration module; And when not having operate as normal, produce warning message.Thereby, farthest guaranteed the security of operating system.
Description of drawings
Fig. 1 is the inventive method process flow diagram;
Fig. 2 is the inventive method embodiment process flow diagram;
Fig. 3 is an embedded controller structural drawing of the present invention.
Embodiment
In order to make above-mentioned characteristic of the present invention, advantage more obviously understandable, the present invention is elaborated below in conjunction with embodiment.
Please refer to Fig. 1; Be the inventive method process flow diagram; Said method is applied to comprise in the computer equipment of an embedded controller EC and an administration module; Said administration module be used for judging one be internal or external at said computing machine equipment whether be legitimate device or be used for judges whether be internal or external at the operation of equipment of said computing machine to one legal, can may further comprise the steps:
Step 101: the information that obtains administration module;
Step 102:, judge whether operate as normal of said administration module according to said verification condition and said information;
Step 103: when said administration module does not have operate as normal, produce a warning message.
With an embodiment step shown in Figure 1 is elaborated below.Please refer to Fig. 2, be the inventive method embodiment process flow diagram, can may further comprise the steps:
Step 201: administration module is got into normal operating conditions by correct initialization;
Administration module is correctly installed by correct initial table exposed conduit reason module.
Step 202: administration module sends security information to EC, in this process, according to and EC between verification condition zone bit is set;
The security information that administration module sends is used for notifying the EC administration module correctly to install, and has got into normal operating conditions.At this moment, administration module is provided with zone bit and representes that administration module is in normal operating conditions.If administration module does not send security information to EC, then administration module is not provided with zone bit.
Verification condition is that administration module and EC hold consultation, and only is its two agreement of being grasped.The zone bit of administration module setting is used for representing whether administration module is in normal operating conditions.
After step 203:EC receives the security information from administration module, according to and administration module between verification condition check whether administration module is provided with zone bit;
In the present embodiment, EC learns that according to zone bit administration module is in normal mode of operation.
Administration module occurs that (administration module is damaged by malice replacement or administration module) owing to do not know and the verification condition of EC, can not be provided with zone bit so unusual administration module occurs when unusual.Can send security information to EC even unusual administration module occurs; EC can receive from the security information that unusual administration module sends occurring; Verification condition between EC basis and the administration module is checked when whether administration module is provided with zone bit; Check less than zone bit, then confirm the current warning message that needs to produce.
The all right clear flag position of step 204:EC starts inner timer, gets into regularly detected state, and notifies administration module to send security information once more;
EC can send SCI to administration module, sends security information once more with the notice administration module.
Step 205:EC is in the time of timer settings, and the verification condition between basis and the administration module checks whether administration module is provided with zone bit once more;
Whether step 206:EC is provided with zone bit according to administration module and carries out corresponding operation.
Be specially, if be provided with zone bit, the expression administration module is in normal mode of operation; EC continues the notice administration module and sends security information and return step 205; If zone bit is not set, the expression administration module is not in normal mode of operation, and EC produces warning message.
When judging administration module and do not have operate as normal, EC can interrupt (SCI, System Control Interrupt) to the control of operating system transmitting system, gets into alert status with the notifying operation system, and alert status is used to guarantee the security of said operating system.The form of expression that operating system gets into alert status can comprise: the sound that restarts, rings, ejection dialog box etc.Directly power down of EC guarantees that the security of operating system is perhaps stable.
With instantiation beneficial effect of the present invention is elaborated below.
For example, when computing machine dispatches from the factory, all interfaces being masked through BIOS based on the consideration of safety, and administration module has been installed, is example with the USB interface, by the Kai Heguan of this administration module unified management USB interface.When this administration module detect be inserted in the USB interface be mouse the time, just open corresponding USB interface, mouse can normally be used.When inserting USB flash disk, continue to mask based on the consideration meeting of safety USB interface, thereby protected the data in the computing machine correspondence.If this administration module is replaced or ruined the time, this administration module just can not have been managed USB interface, and the user does not know yet, the user just can not effectively protect the data on the computing machine at this moment.
For another example; Consideration based on safety is that (zone is the public domain in two zones with hard disk partition; This public domain can be by other user capture operation of any level; Part zone is a privacy area, and this privacy area only can conduct interviews for other user of supervisor level), when computing machine dispatches from the factory, the access rights in two zones are all given to mask.This administration module has been installed,, when the user who detects access hard disk is the administrator, the access rights in two zones has been opened by the Kai Heguan of this administration module unified management to two regional accessing operations of hard disk.When the user who detects access hard disk when the general user, will be open to the access rights of public domain, the access rights of privacy area are shielded, thereby have protected the data of privacy area in the computing machine.If this administration module is replaced or ruined the time; This administration module just can not leading subscriber access rights; The general user also can have access to the data of privacy area so, and the user does not know yet, this moment, the user just can not effectively protect the data on the computing machine.
Through method provided by the invention, after this administration module is replaced or is ruined since the replacement new application program do not know and EC between verification condition; So even if EC receives the information that the supervisory routine after the replacement is sent; EC checks that administration module is not provided with zone bit, and it is unusual to find that this administration module occurs, so EC just judges that the supervisory routine that is replaced is illegal; Thereby produce warning message with the prompting user, farthest guaranteed the security of operating system.
Please refer to Fig. 3, be embedded controller structural drawing of the present invention, can comprise:
Acquiring unit 301 is used to obtain the information of said administration module;
Judging unit 302 is used for the said information that verification condition and the said acquiring unit 301 between basis and the administration module obtains, and judges whether operate as normal of said administration module;
Said judging unit 302 comprises:
Check the unit, be used for after receiving said information, check according to said verification condition whether said administration module is provided with zone bit;
Judgment sub-unit is used for the said zone bit that whether has of checking that according to said the unit checks, and judges whether said administration module is in normal mode of operation.
Said embedded controller also comprises:
Remove the unit, be used to remove said zone bit;
Start unit is used to start timer, to get into regularly detected state;
Notification unit is used for the process at said start unit startup timer, notifies said administration module to send said information once more;
Said judgment sub-unit also comprises:
First judgment sub-unit, said first judgment sub-unit was used in the time of said timer settings, judged according to said zone bit whether said administration module is in normal mode of operation once more.
Associated methods embodiment, the operation that Fig. 3 carries out each unit is specially:
Administration module is got into normal operating conditions by correct initialization, and sends security information to EC, in this process, according to and EC between verification condition zone bit is set.
After the security information that the acquiring unit 301 of EC obtains from administration module, check that the verification condition between unit basis and the administration module checks whether administration module is provided with zone bit.Administration module is provided with zone bit, and judgment sub-unit is judged administration module and is in normal mode of operation.
Remove clear flag position, unit, start unit starts timer, and in this process, notification unit notice administration module sends security information at this.First judgment sub-unit continues to check the zone bit whether administration module is provided with according to verification condition in the time of timer settings, whether is provided with zone bit according to administration module and judges whether administration module is in normal mode of operation.If administration module occurs unusual, do not send security information to EC, then administration module is not provided with zone bit yet.In case EC judges administration module zone bit is not set, then alarm unit 303 produces a warning message.
Can find out that even if EC receives the information that the supervisory routine after the replacement is sent, EC can not discern,, thereby produce warning message, farthest guarantee the security of operating system to point out the user so EC just judges that the supervisory routine that is replaced is illegal.
The present invention also provides a kind of computing machine, and said computing machine comprises above-mentioned embedded controller and mainboard, and said embedded controller is positioned on the said mainboard, and said embedded controller comprises:
Acquiring unit is used to obtain the information of said administration module;
Judging unit is used for the said information that verification condition and said acquiring unit between basis and the administration module obtain, and judges whether operate as normal of said administration module;
Alarm unit is used for when said judgment unit judges goes out said administration module and do not have operate as normal, producing a warning message.
Wherein, the operation that each unit of the embedded controller of this electronic equipment is carried out is identical with the operation that each unit shown in Figure 3 is carried out, and specifically sees also the description to Fig. 3.
At last; Also need to prove; In this article; Relational terms such as first and second grades only is used for an entity or operation are made a distinction with another entity or operation, and not necessarily requires or hint relation or the order that has any this reality between these entities or the operation.And; Term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability; Thereby make and comprise that process, method, article or the equipment of a series of key elements not only comprise those key elements; But also comprise other key elements of clearly not listing, or also be included as this process, method, article or equipment intrinsic key element.Under the situation that do not having much more more restrictions, the key element that limits by statement " comprising ... ", and be not precluded within process, method, article or the equipment that comprises said key element and also have other identical element.
Description through above embodiment; Those skilled in the art can be well understood to the present invention and can realize by the mode that software adds essential hardware platform; Can certainly all implement, but the former is better embodiment under a lot of situation through hardware.Based on such understanding; All or part of can the coming out that technical scheme of the present invention contributes to background technology with the embodied of software product; This computer software product can be stored in the storage medium, like ROM/RAM, magnetic disc, CD etc., comprises that some instructions are with so that a computer equipment (can be a personal computer; Server, the perhaps network equipment etc.) carry out the described method of some part of each embodiment of the present invention or embodiment.
More than a kind of computing machine provided by the present invention and the method, the device that promote its safety performance of operation system have been carried out detailed introduction; Used concrete example among this paper principle of the present invention and embodiment are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to thought of the present invention, the part that on embodiment and range of application, all can change, in sum, this description should not be construed as limitation of the present invention.
Claims (8)
1. method that promotes safety performance of operation system in the computing machine; Said method is applied to comprise in the computer equipment of an embedded controller EC and an administration module; Said administration module be used for judging one be internal or external at said computing machine equipment whether be legitimate device or be used for judges whether be internal or external at the operation of equipment of said computing machine to one legal; It is characterized in that; Exist between said administration module and said EC to be used to verify the whether verification condition of operate as normal of said administration module, said method comprises:
Obtain the information of said administration module;
According to said verification condition and said information, judge whether operate as normal of said administration module;
When said administration module does not have operate as normal, produce a warning message.
2. method according to claim 1 is characterized in that, and is said according to said verification condition and said information, judges whether operate as normal comprises said administration module:
After receiving said information, check according to said verification condition whether said administration module is provided with zone bit;
Whether be provided with said zone bit according to said administration module, judge whether operate as normal of said administration module.
3. method according to claim 2 is characterized in that, is judging said administration module according to said zone bit whether after the operate as normal, and said method also comprises:
Remove said zone bit, and start timer, and notify said administration module to send said information once more;
In the time of said timer settings, judge whether operate as normal of said administration module according to said zone bit once more.
4. method according to claim 1 is characterized in that, said generation one warning message comprises:
Notify said operating system to get into alert status, said alert status is used to guarantee the security of said operating system.
5. embedded controller that promotes safety performance of operation system in the computing machine; Be applied to comprise in the computer equipment of an administration module; Said administration module be used for judging one be internal or external at said computing machine equipment whether be legitimate device or be used for judges whether be internal or external at the operation of equipment of said computing machine to one legal; It is characterized in that said embedded controller comprises:
Acquiring unit is used to obtain the information of said administration module;
Judging unit, the said information that is used for the verification condition between basis and the administration module and obtains from said acquiring unit is judged whether operate as normal of said administration module;
Alarm unit is used for when said judgment unit judges goes out said administration module and do not have operate as normal, producing a warning message.
6. embedded controller according to claim 5 is characterized in that, said judging unit comprises:
Check the unit, be used for after receiving said information, check according to said verification condition whether said administration module is provided with zone bit;
Judgment sub-unit is used for the said zone bit that whether has of checking that according to said the unit checks, and judges whether operate as normal of said administration module.
7. embedded controller according to claim 6 is characterized in that, said embedded controller also comprises:
Remove the unit, be used to remove said zone bit;
Start unit is used to start timer, to get into regularly detected state;
Notification unit is used for the process at said start unit startup timer, notifies said administration module to send said information once more;
Said judgment sub-unit also comprises:
First judgment sub-unit was used in the time of said timer settings, judged according to said zone bit whether said administration module is in normal mode of operation once more.
8. computing machine; Said computing machine comprises an administration module; Said administration module be used for judging one be internal or external at said computing machine equipment whether be legitimate device or be used for judges whether be internal or external at the operation of equipment of said computing machine to one legal, it is characterized in that said computing machine comprises embedded controller and mainboard; Said embedded controller is positioned on the said mainboard, and said embedded controller comprises:
Acquiring unit is used to obtain the information of said administration module;
Judging unit is used for the said information that verification condition and said acquiring unit between basis and the administration module obtain, and judges whether operate as normal of said administration module;
Alarm unit is used for when said judgment unit judges goes out said administration module and do not have operate as normal, producing a warning message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810247042 CN101770558B (en) | 2008-12-31 | 2008-12-31 | Computer and method and device for promoting safety performance of operation system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810247042 CN101770558B (en) | 2008-12-31 | 2008-12-31 | Computer and method and device for promoting safety performance of operation system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101770558A CN101770558A (en) | 2010-07-07 |
| CN101770558B true CN101770558B (en) | 2012-07-25 |
Family
ID=42503412
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810247042 Active CN101770558B (en) | 2008-12-31 | 2008-12-31 | Computer and method and device for promoting safety performance of operation system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101770558B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104199639A (en) * | 2014-02-20 | 2014-12-10 | 山东超越数控电子有限公司 | Trusted interface implementation method based on embedded platform |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1357456A2 (en) * | 2001-01-17 | 2003-10-29 | ContentGuard Holdings, Inc. | System and method for digital rights management using a standard rendering engine |
| EP1770585A2 (en) * | 2005-09-30 | 2007-04-04 | Samsung Electronics Co., Ltd. | Security method and system and computer-readable medium storing computer program for executing the security method |
-
2008
- 2008-12-31 CN CN 200810247042 patent/CN101770558B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1357456A2 (en) * | 2001-01-17 | 2003-10-29 | ContentGuard Holdings, Inc. | System and method for digital rights management using a standard rendering engine |
| EP1770585A2 (en) * | 2005-09-30 | 2007-04-04 | Samsung Electronics Co., Ltd. | Security method and system and computer-readable medium storing computer program for executing the security method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101770558A (en) | 2010-07-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10460132B2 (en) | Security keys associated with identification of physical USB protection devices | |
| JP2021522616A (en) | External device protection device and protection system | |
| EP2572310B1 (en) | Computer motherboard having peripheral security functions | |
| CN101795261B (en) | Information protection system and method based on mobile data safety | |
| CN103902934B (en) | A kind of cabinet tamper machine method for detecting and device | |
| RU2693188C1 (en) | Control method and unit for portable storage devices and storage medium | |
| CN108629206B (en) | Secure encryption method, encryption machine and terminal equipment | |
| CN103077345B (en) | Based on software authorization method and the system of virtual machine | |
| WO2013012435A1 (en) | Security parameter zeroization | |
| CN102999716A (en) | virtual machine monitoring system and method | |
| CN102624714A (en) | Terminal anti-eavesdropping warning method and terminal anti-eavesdropping warning device | |
| CN107944307B (en) | Computer safety protection management system | |
| CN112272083A (en) | Internet of things terminal safety protection device and method | |
| CN107045605A (en) | A kind of real-time metrics method and device | |
| CN101458667A (en) | Electronic apparatus with electronic security level identification, information exchange flow control system based on electronic security level identification, method and mobile memory | |
| CN101770558B (en) | Computer and method and device for promoting safety performance of operation system thereof | |
| CN104361280B (en) | A kind of method realizing carrying out authentic authentication to USB storage device by SMI interrupt | |
| CN105787394A (en) | Hard disk data destruction system and method | |
| EP1962217B1 (en) | Self-defensive protected software with suspended latent license enforcement | |
| CN102426592A (en) | Method for initializing database based on dynamic password | |
| CN101807276B (en) | Security management and supervision system of traffic management software and application method thereof | |
| CN113138901A (en) | Server uncovering detection method and system | |
| CN113868080A (en) | Expiration alarm method, device and medium for security certificate | |
| CN111859473A (en) | External terminal protection equipment and protection system based on space detection | |
| JP2004171500A (en) | Method for preventing unauthorized use of software program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |