CN103218562A - Reliable protection method and system for mobile terminal - Google Patents
Reliable protection method and system for mobile terminal Download PDFInfo
- Publication number
- CN103218562A CN103218562A CN2013100929935A CN201310092993A CN103218562A CN 103218562 A CN103218562 A CN 103218562A CN 2013100929935 A CN2013100929935 A CN 2013100929935A CN 201310092993 A CN201310092993 A CN 201310092993A CN 103218562 A CN103218562 A CN 103218562A
- Authority
- CN
- China
- Prior art keywords
- portable terminal
- information
- load document
- document information
- system start
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a reliable protection method and a reliable protection system for a mobile terminal. The method comprises the following steps of: when the mobile terminal is started by electrifying, judging whether system startup loading file information is correct or not, and allowing the mobile terminal to start an operating system normally if the system startup loading file information is correct, which indicates that system startup loading file information for guiding operating system startup is not modified illegally by Trojans or viruses and is safe; and if the system startup loading file information is wrong, which indicates that the system startup loading file information for guiding operating system startup is modified illegally by Trojans or viruses and an operating system of the mobile terminal is unsafe, prompting the user that output startup loading file information is wrong prompting information and making the user perform corresponding remedies. The scheme provided by the invention has the advantages of improvement on the safety of mobile equipment, and the like.
Description
Technical field
The present invention relates to transfer the terminal technology field, in particular, relate to credible means of defence of portable terminal and system.
Background technology
Along with the sales volume of panel computer and smart mobile phone continues to catch up with and surpass PC, more a plurality of people's sensitive informations will be stored in the mobile device, and mobile device becomes the important target of attack of offender gradually, and the security that improves mobile device has great importance.
The threat of those puzzlement traditional computer operating systems; for example wooden horse or virus etc.; can exert an influence to smart mobile phone and panel computer equally, these wooden horses and virus can be propagated by the mode of Email, social online media sites, recreation, screen protection program, instant message and lantern slide.
In research and practice process to prior art, the present inventor finds that there is following problem in prior art:
Existing solution is that antivirus software etc. is installed, but antivirus software is the security protection that belongs to application layer, can only after mobile device starts the operating system fully, carry out killing, and antivirus software before not entering operating system as yet, mobile device is helpless; And existing antivirus software is merely able to known virus of killing and wooden horse, also is helpless for the virus and the wooden horse of the unknown, so existing application layer antivirus software can't guarantee the safety of mobile device fully.
Therefore, how to improve the security of mobile device, become the problem that needs most solution at present.
Summary of the invention
In view of this, purpose of design of the present invention is, credible means of defence of a kind of portable terminal and system are provided, to improve the security of mobile device.
The embodiment of the invention is achieved in that
The credible means of defence of a kind of portable terminal comprises:
When described portable terminal powers up startup, send first request instruction of the system start-up load document information of obtaining described portable terminal to described portable terminal;
Receive the system start-up load document information that described portable terminal sends through encrypting;
Described system start-up load document information is decrypted;
Judge whether described system start-up load document information is correct, if then allow described portable terminal to start the operating system according to described system start-up load document information; Otherwise exporting described system start-up load document information is wrong information.
Preferably, described system start-up load document information is specially booting operating system information BootLoader.
Preferably, described system start-up load document information is specially the information after booting operating system information BootLoader calculates according to preset rules.
Preferably, described system start-up load document information is specially the information after booting operating system information BootLoader calculates according to cryptographic hash.
Preferably, when the step that allows described portable terminal to start the operating system according to described system start-up load document information, also comprise:
Send second request instruction that obtains operation system information to described portable terminal;
After described portable terminal receives described second request instruction, receive the operation system information that described portable terminal sends through encrypting;
Described operation system information is decrypted;
Judge whether described operation system information is correct, if then allow described operating system normally to start; Otherwise exporting described operation system information is wrong information.
Preferably, described operation system information is specially the information after operating system linux kernel code file calculates according to preset rules.
Preferably, described operation system information is specially the cryptographic hash of operating system linux kernel code file.
The credible guard system of a kind of portable terminal comprises:
Sending module is used for sending first request instruction of the system start-up load document information of obtaining described portable terminal to described portable terminal when described portable terminal powers up startup;
Receiver module is used to receive the system start-up load document information through encrypting that described portable terminal sends;
Deciphering module is used for described system start-up load document information is decrypted;
Judge module is used to judge whether described system start-up load document information is correct, if then allow described portable terminal to start the operating system according to described system start-up load document information; Otherwise exporting described system start-up load document information is wrong information.
Compared with prior art, the technical scheme that provides of present embodiment has the following advantages and characteristics:
In scheme provided by the invention, when portable terminal powers up startup, judge whether system start-up load document information is correct, if system start-up load document information is correct, the system start-up load document information that pilot operationp system start-up is described so is not by wooden horse or viral illegal modifications, so be safe, thereby allow portable terminal to start the operating system normally; If system start-up load document information is wrong, the system start-up load document information that pilot operationp system start-up is described so may be by wooden horse or viral illegal modifications, thereby the operating system that causes portable terminal becomes dangerous, so need to remind the user, output system start-up loading fileinfo is wrong information, so that the user remedies accordingly.Therefore, scheme provided by the invention has advantages such as the mobile device of raising security.
Description of drawings
In order to be illustrated more clearly in the present invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the process flow diagram of the credible means of defence of a kind of portable terminal provided by the present invention;
Fig. 2 is the module map of the credible guard system of a kind of portable terminal provided by the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The embodiment of the invention provides credible means of defence of a kind of portable terminal and system, to improve the security of mobile device.Because there is multiple mode in the specific implementation of credible means of defence of above-mentioned portable terminal and system, is elaborated below by specific embodiment:
See also shown in Figure 1ly, shown in Figure 1 is the process flow diagram of the credible means of defence of a kind of portable terminal, and this method comprises:
Step S11, power up when starting, send first request instruction of the system start-up load document information of obtaining described portable terminal to described portable terminal at described portable terminal;
Wherein, portable terminal can be equipment such as panel computer and smart mobile phone, and the loading of the operating system of equipment such as panel computer and smart mobile phone starts to be finished by the system start-up load document, and wherein system start-up load document is specifically as follows bootloader.In embedded OS, bootloader is operation before the operating system nucleus operation, it can initiating hardware equipment, set up the memory headroom mapping graph, thereby take the hardware environment of system to a proper states, so that be ready to correct environment for final call operation system kernel.
The system start-up load document information that step S12, the described portable terminal of reception send through encrypting;
Wherein, system start-up load document information is specifically as follows booting operating system information BootLoader, also can be the information of booting operating system information BootLoader after calculating according to cryptographic hash, certainly, also can be the information of booting operating system information BootLoader after calculating according to preset rules, no matter system start-up load document information is specially above-mentioned any, its purpose all is the accuracy for verification system start-up loading fileinfo, so be not limited to above-mentioned situation to mention.In addition, booting operating system information BootLoader also comprises polytype, because these types are techniques well known all, does not repeat them here.
Step S13, described system start-up load document information is decrypted;
Wherein, for safety of files is considered, need system start-up load document information is encrypted in the portable terminal the inside, so after receiving system start-up load document information, also need system start-up load document information is decrypted.
Step S14, judge whether described system start-up load document information is correct, if, execution in step S15 then; Otherwise, execution in step S16.
Wherein, because system start-up load document information can get access to by normal approach, so after getting access to the system start-up load document information of portable terminal, need the system start-up load document information that will get access to from portable terminal and correct system start-up load document information to compare, if it is identical, so just illustrate that the system start-up load document information that gets access to from portable terminal is correct, execution in step S15, if it is different, so just illustrate that the system start-up load document information that gets access to from portable terminal is incorrect, execution in step S16.
Step S15, the described portable terminal of permission start the operating system according to described system start-up load document information;
Step S16, the described system start-up load document information of output are wrong informations.
In the embodiment shown in fig. 1, when portable terminal powers up startup, judge whether system start-up load document information is correct, if system start-up load document information is correct, the system start-up load document information that pilot operationp system start-up is described so is not by wooden horse or viral illegal modifications, so be safe, thereby allow portable terminal to start the operating system normally; If system start-up load document information is wrong information, the system start-up load document information that pilot operationp system start-up is described so may be by wooden horse or viral illegal modifications, thereby the operating system that causes portable terminal becomes dangerous, so need to remind the user, output system start-up loading fileinfo is wrong information, so that the user remedies accordingly.Therefore, scheme provided by the invention has advantages such as the mobile device of raising security.
In the embodiment shown in fig. 1, can the solution of the present invention be described by concrete application examples: concrete application scenarios of the present invention can for, be inserted into usb card on the portable terminal in advance, when described portable terminal powers up startup, usb card can send the instruction of Request System start-up loading fileinfo to portable terminal, after portable terminal receives this instruction, system start-up load document information can be encrypted, to guarantee the safety of this information, and then the system start-up load document information after will encrypting sends to TCM safety chip (the Trusted Cryptography Module in the usb card, credible password module), the TCM safety chip can be decrypted the system start-up load document information after encrypting, judge through the system start-up load document information of deciphering and the system start-up load document information of standard then and compare, and make different operations according to the result who judges, if judge it is correct through the system start-up load document information via of deciphering, so just allow described portable terminal to start the operating system according to described system start-up load document information, if judge it is wrong through the system start-up load document information via of deciphering, exporting described system start-up load document information so is wrong information, so that the user recognizes that this system start-up load document information is wrong, make the precautionary measures as early as possible.
In the embodiment shown in fig. 1, after judging that system start-up load document information is whether correct, need also to judge whether the operation system information of portable terminal is correct, so when the step that allows described portable terminal to start the operating system according to described system start-up load document information, can also may further comprise the steps: send second request instruction that obtains operation system information to portable terminal; After described portable terminal receives described second request instruction, receive the operation system information that described portable terminal sends through encrypting; Described operation system information is decrypted; Judge whether described operation system information is correct, if then allow described operating system normally to start; Otherwise exporting described operation system information is wrong information.Wherein, operation system information can be specially the information after operating system linux kernel code file calculates according to preset rules, also can be specially the cryptographic hash of operating system linux kernel code file.
See also shown in Figure 2, shown in Figure 2 is the module map of the credible guard system of a kind of portable terminal, this system comprises: sending module 11, be used for when described portable terminal 2 powers up startup, send first request instruction of the system start-up load document information of obtaining described portable terminal 2 to described portable terminal 2; Receiver module 12 is used to receive the system start-up load document information through encrypting that described portable terminal 2 sends; Deciphering module 13 is used for described system start-up load document information is decrypted; Judge module 14 is used to judge whether described system start-up load document information is correct, if then allow described portable terminal to start the operating system according to described system start-up load document information; Otherwise exporting described system start-up load document information is wrong information.
Need to prove that Fig. 1 is the preferred embodiment that the present invention introduces to embodiment shown in Figure 2, those skilled in the art can design more embodiment on this basis fully, therefore do not give unnecessary details herein.
Multiple modification to these embodiment will be conspicuous concerning those skilled in the art, and defined herein General Principle can realize under the situation that does not break away from the spirit or scope of the present invention in other embodiments.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet and principle disclosed herein and features of novelty the wideest corresponding to scope.
Claims (8)
1. the credible means of defence of portable terminal is characterized in that, comprising:
When described portable terminal powers up startup, send first request instruction of the system start-up load document information of obtaining described portable terminal to described portable terminal;
Receive the system start-up load document information that described portable terminal sends through encrypting;
Described system start-up load document information is decrypted;
Judge whether described system start-up load document information is correct, if then allow described portable terminal to start the operating system according to described system start-up load document information; Otherwise exporting described system start-up load document information is wrong information.
2. the credible means of defence of portable terminal according to claim 1 is characterized in that, described system start-up load document information is specially booting operating system information BootLoader.
3. the credible means of defence of portable terminal according to claim 1 is characterized in that, described system start-up load document information is specially the information after booting operating system information BootLoader calculates according to preset rules.
4. the credible means of defence of portable terminal according to claim 3 is characterized in that, described system start-up load document information is specially the information after booting operating system information BootLoader calculates according to cryptographic hash.
5. the credible means of defence of portable terminal according to claim 1 is characterized in that, when the step that allows described portable terminal to start the operating system according to described system start-up load document information, also comprises:
Send second request instruction that obtains operation system information to described portable terminal;
After described portable terminal receives described second request instruction, receive the operation system information that described portable terminal sends through encrypting;
Described operation system information is decrypted;
Judge whether described operation system information is correct, if then allow described operating system normally to start; Otherwise exporting described operation system information is wrong information.
6. the credible means of defence of portable terminal according to claim 5 is characterized in that, described operation system information is specially the information after operating system linux kernel code file calculates according to preset rules.
7. the credible means of defence of portable terminal according to claim 6 is characterized in that described operation system information is specially the cryptographic hash of operating system linux kernel code file.
8. the credible guard system of portable terminal is characterized in that, comprising:
Sending module is used for sending first request instruction of the system start-up load document information of obtaining described portable terminal to described portable terminal when described portable terminal powers up startup;
Receiver module is used to receive the system start-up load document information through encrypting that described portable terminal sends;
Deciphering module is used for described system start-up load document information is decrypted;
Judge module is used to judge whether described system start-up load document information is correct, if then allow described portable terminal to start the operating system according to described system start-up load document information; Otherwise exporting described system start-up load document information is wrong information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2013100929935A CN103218562A (en) | 2013-03-21 | 2013-03-21 | Reliable protection method and system for mobile terminal |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2013100929935A CN103218562A (en) | 2013-03-21 | 2013-03-21 | Reliable protection method and system for mobile terminal |
Publications (1)
Publication Number | Publication Date |
---|---|
CN103218562A true CN103218562A (en) | 2013-07-24 |
Family
ID=48816339
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2013100929935A Pending CN103218562A (en) | 2013-03-21 | 2013-03-21 | Reliable protection method and system for mobile terminal |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103218562A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104239095A (en) * | 2014-09-01 | 2014-12-24 | 小米科技有限责任公司 | Operating-system starting method, device and terminal equipment |
CN104008340B (en) * | 2014-06-09 | 2017-02-15 | 北京奇虎科技有限公司 | Virus scanning and killing method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060155988A1 (en) * | 2005-01-07 | 2006-07-13 | Microsoft Corporation | Systems and methods for securely booting a computer with a trusted processing module |
CN102841989A (en) * | 2011-06-24 | 2012-12-26 | 国民技术股份有限公司 | Operation system protection method and operation system protection device |
-
2013
- 2013-03-21 CN CN2013100929935A patent/CN103218562A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060155988A1 (en) * | 2005-01-07 | 2006-07-13 | Microsoft Corporation | Systems and methods for securely booting a computer with a trusted processing module |
CN102841989A (en) * | 2011-06-24 | 2012-12-26 | 国民技术股份有限公司 | Operation system protection method and operation system protection device |
Non-Patent Citations (1)
Title |
---|
李小将等: "基于TCM的嵌入式可信终端系统设计", 《计算机工程与设计》, vol. 31, no. 4, 28 February 2010 (2010-02-28) * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104008340B (en) * | 2014-06-09 | 2017-02-15 | 北京奇虎科技有限公司 | Virus scanning and killing method and device |
CN104239095A (en) * | 2014-09-01 | 2014-12-24 | 小米科技有限责任公司 | Operating-system starting method, device and terminal equipment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9223982B2 (en) | Continuation of trust for platform boot firmware | |
US10176330B2 (en) | Global platform health management | |
EP3262560B1 (en) | System and method for verifying integrity of an electronic device | |
KR101654778B1 (en) | Hardware-enforced access protection | |
US20150302201A1 (en) | Device and method for processing transaction request in processing environment of trust zone | |
KR20150115619A (en) | System and method for bidirectional trust between downloaded applications and mobile devices including a secure charger and malware scanner | |
EP3100168B1 (en) | Data erasure of a target device | |
US9843451B2 (en) | Apparatus and method for multi-state code signing | |
CN110245495B (en) | BIOS checking method, configuration method, device and system | |
US9973527B2 (en) | Context-aware proactive threat management system | |
US20160352522A1 (en) | User Terminal For Detecting Forgery Of Application Program Based On Signature Information And Method Of Detecting Forgery Of Application Program Using The Same | |
EP3228045A1 (en) | System for establishing ownership of a secure workspace | |
CN103218562A (en) | Reliable protection method and system for mobile terminal | |
Angelogianni et al. | How many FIDO protocols are needed? Surveying the design, security and market perspectives | |
US10321317B1 (en) | NFC-enhanced firmware security | |
US20180121644A1 (en) | Device, System, and Method for Securing Executable Operations | |
KR102201218B1 (en) | Access control system and method to security engine of mobile terminal | |
Yoon et al. | Mobile security technology for smart devices | |
KR20150110236A (en) | How to operate a computer security system linked to a mobile phone | |
Bae et al. | Building the Android platform security mechanism using TrustZone | |
Angelogianni et al. | How many FIDO protocols are needed? Analysing the technology, security and compliance | |
EP3190762A1 (en) | Dynamic instruction processing method, dynamic instruction processing apparatus, and terminal | |
Shah et al. | Enhanced micro-TCB approach for smartphone security | |
KR20140112242A (en) | User authentication system and method thereof, and apparatus applied to the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C12 | Rejection of a patent application after its publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130724 |