CN103729596A - Method for implementing safety of computer - Google Patents
Method for implementing safety of computer Download PDFInfo
- Publication number
- CN103729596A CN103729596A CN201310713157.4A CN201310713157A CN103729596A CN 103729596 A CN103729596 A CN 103729596A CN 201310713157 A CN201310713157 A CN 201310713157A CN 103729596 A CN103729596 A CN 103729596A
- Authority
- CN
- China
- Prior art keywords
- computing machine
- mac address
- target terminal
- network packet
- feedback information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for implementing safety of a commercial computer. The method comprises the following steps of starting a network detecting function of the commercial computer; transmitting a network package to an MAC (media access control) address of a sever by using the commercial computer; judging whether the network package from the commercial computer is received or not and performing corresponding actions according to the judgment result by using the server within a certain time; judging whether the MAC address of the commercial computer is valid or not and performing corresponding actions according to the judgment on validity of the MAC address of the commercial computer when the network package of the commercial computer is received; and judging whether a feedback network package from the server is received or not by using the commercial computer within a corresponding time, and performing corresponding actions according the judgment. By using the method, illegal operation on the commercial computer can be stopped, and leakage of trade secretes of a company can be prevented.
Description
Technical field
The present invention relates to computing machine, especially use computer method safely.
Background technology
For commercial computer, the domain server that employing company of most company builds, then the computer of company logs into territory, and input password can operate.If but user leaves company's network, still can continue to use the computer of oneself, so likely can reveal the relevant trade secret of some companies.
Summary of the invention
For the problems referred to above, the invention provides three kinds of methods of using for realizing computer security, to realize the safe handling of computing machine, prevent that the trade secret of enterprise from revealing.
For achieving the above object, one aspect of the present invention provides a kind of method of controlling computer run situation, and the method comprises:
Load NIC driver;
The network packet that transmission comprises target terminal MAC Address and this computing machine MAC Address is to this target terminal MAC Address, and wherein this target terminal MAC Address is when this computing machine uses for the first time, and input is in this computing machine;
Whether judgement receives within a certain period of time and comes from the network packet that this target terminal comprises feedback information;
Do not receive while coming from the network packet that this target terminal comprises feedback information, show error message and the sound that gives the alarm, out of service computing machine;
Receive while coming from the network packet that this target terminal comprises feedback information:
The feedback information receiving is, while checking by information, to start this computing machine, enters operating system; Or
When the feedback information receiving is error code information, show error message and the sound that gives the alarm, out of service computing machine.
The beneficial effect of the program of the present invention is to utilize the method can control the operation conditions of computing machine, to stop computing machine to carry out illegal operation, can prevent the leakage of company's trade secret.
Preferably, while sending the network packet that comprises this target terminal MAC Address and this computing machine MAC Address to this target terminal, the certificate of this computing machine is encrypted, increases the security of data transmission.
Preferably, close the NIC driver of this computing machine, to facilitate user's operation of not networking, facilitate user to leave company's network work.
Another aspect of the present invention provides a kind of method of controlling target terminal response mode, and the method comprises:
Judge whether to receive the network packet that comprises this target terminal MAC Address and this computing machine MAC Address from computing machine;
Do not receive in the situation of this network packet, do not send any network packet that comprises feedback information to this computing machine;
Receive in the situation of this network packet, in certain hour, judge this computing machine MAC Address validity and make response action:
The MAC Address of judging this computing machine when effective, send and comprises the network packet of checking computations by information to this computing machine;
The MAC Address of judging this computing machine when invalid, sends the network packet that comprises error code information to this computing machine.
The beneficial effect of the program of the present invention is to utilize the method can control the response mode of target terminal, and then controls the operation conditions of computing machine.
The 3rd aspect of the present invention provides a kind of method that realizes fail-safe computer, and the method comprises:
Load NIC driver in computing machine;
The network packet that transmission comprises target terminal MAC Address and this computing machine MAC Address is to this target terminal MAC Address, and wherein this target terminal MAC Address is when this computing machine uses for the first time, and input is in this computing machine;
Judge whether to receive the network packet that comprises this target terminal MAC Address and this computing machine MAC Address from this computing machine;
Do not receive in the situation of the network packet that comprises this target terminal MAC Address and this computing machine MAC Address, do not send any network packet that comprises feedback information to this computing machine;
While not receiving the network packet that comprises feedback information that comes from this target terminal, show error message and the sound that gives the alarm, out of service computing machine;
Receive in the situation of the network packet that comprises this target terminal MAC Address and this computing machine MAC Address, in certain hour, judge this computing machine MAC Address validity and make response action:
The MAC Address of judging this computing machine when effective, send and comprises the feedback network bag of checking computations by information to this computing machine;
While receiving the feedback information that comes from this target terminal and be checking computations by information, start this computing machine, enter operating system; Or
The MAC Address of judging this computing machine when invalid, sends the feedback network bag that comprises error code information to this computing machine;
When receiving the feedback information that comes from this target terminal and being error code information, show error message and the sound that gives the alarm, out of service computing machine.
The beneficial effect of the program of the present invention is because the method Computer is operated in UEFI BIOS layer, not be operated in OS layer, UEFI BIOS starts prior to OS, and UEFI BIOS is responsible for whole hardware initialization and the management of computing machine, by computing machine, can quite effectively stop computing machine to carry out illegal operation with communicating by letter of target terminal, can prevent the leakage of company's trade secret.
Accompanying drawing explanation
Fig. 1 shows the schematic diagram of commercial computer and server communication.
Fig. 2 shows the control program process flow diagram of commercial computer.
Fig. 3 shows the control program process flow diagram of server.
Embodiment
With reference to the accompanying drawings the specific embodiment of the present invention is described further:
Embodiment 1
As shown in Figure 1, according to embodiments of the present invention, relate to commercial computer 10, corporate server 20, communicates by letter by ICP/IP protocol between the two.When commercial computer 10 is used for the first time, utilize the mainboard configurator of commercial computer 10, that is, UEFI BIOS SETUP, arranges the MAC Address of inputting corporate server 20.When commercial computer 10 is started shooting, after UEFI BIOS hardware check finishes, in UEFI BIOS SETUP, can load NIC driver, opening network detecting function, as shown in S101 in Fig. 2.Commercial computer 10 can send the network packet that comprises corporate server 20MAC address and this commercial computer 10MAC address to the MAC Address of corporate server 20, as shown in S102 in Fig. 2, and the certificate to this commercial computer 10 is encrypted, then in 5 minutes, wait for the response of corporate server 20.
This commercial computer 10 can, within the time of 5 minutes, judge whether to receive the network packet that comprises feedback information from the said firm's server 20, as shown in S103 in Fig. 2.If do not receive the network packet that comprises feedback information from the said firm's server 20, this commercial computer 10 can show error message and the sound that gives the alarm so, and out of service commercial computer 10, as S107 in Fig. 2, shown in S108.
If corporate server 20 receives the network packet that comprises the server 20MAC of our company address and this commercial computer 10MAC address, our company's server 20 can be within the time of corresponding 5 minutes so, judge the validity of the MAC Address of this commercial computer 10, and make corresponding response according to judged result, as shown in S203 in Fig. 3.Wherein judgement according to being mac address table in corporate server 20, this table is by computer management personnel, to utilize server software that the MAC Address of Network Card of the relevant commercial computer of having inputted is set in advance in corporate server 20, and the form of input is commercial computer numbering MAC Address commercial computer certificate.
At corporate server 20, judge that the MAC Address of this commercial computer 10 is as in effective situation, corporate server 20 can send and comprise the network packet that checks the information of passing through to this commercial computer 10, as shown in S204 in Fig. 3.
This commercial computer 10 receive come from the said firm's server 20 comprise the network packet of checking computations by information time, can start this commercial computer 10, enter operating system, as S103A in Fig. 2, shown in S104.
The MAC Address of judging this commercial computer 10 at corporate server 20 is as invalid, and corporate server 20 can send the network packet that comprises error code information to this commercial computer 10, as shown in S205 in Fig. 3.
When this commercial computer 10 receives the network packet that comprises error code information that comes from corporate server 20, can show error message and the sound that gives the alarm, out of service commercial computer 10, as S103B in Fig. 2, S105, shown in S106.
In the UEFI of commercial computer 10 BIOS SETUP, can also arrange the option of closing network detecting function is provided, for user, determine whether to need to start this function.Closing the assistance that network detecting function must obtain the webmaster personnel of company can carry out, because company's webmaster personnel control the supervisor password of having set in UEFI BIOS SETUP.When utilizing the UEFI BIOS SETUP of commercial computer 10 to close by force this network detecting function, the user operation of can not networking, has met user and has left the demand of company's network work.
Claims (10)
1. a method of controlling computer run situation, is characterized in that: the method comprises loading NIC driver;
The network packet that transmission comprises target terminal MAC Address and this computing machine MAC Address is to this target terminal MAC Address, and wherein this target terminal MAC Address is when this computing machine uses for the first time, and input is in this computing machine;
Whether judgement receives within a certain period of time and comes from the network packet that this target terminal comprises feedback information;
Do not receive while coming from the network packet that this target terminal comprises feedback information, show error message and the sound that gives the alarm, out of service computing machine;
Receive while coming from the network packet that this target terminal comprises feedback information:
The feedback information receiving is, while checking by information, to start this computing machine, enters operating system; Or
When the feedback information receiving is error code information, show error message and the sound that gives the alarm, out of service computing machine.
2. method according to claim 1, is characterized in that: while sending the network packet that comprises this target terminal MAC Address and this computing machine MAC Address to this target terminal, the certificate of this computing machine is encrypted, increases the security of data transmission.
3. method according to claim 1, is characterized in that: close the NIC driver of this computing machine, to facilitate user's operation of not networking, facilitate user to leave company's network work.
4. a device of controlling computer run situation, is characterized in that: this device comprises the device that loads NIC driver;
The network packet that transmission comprises target terminal MAC Address and this computing machine MAC Address is to this target terminal MAC Address, and wherein this target terminal MAC Address is when this computing machine uses for the first time, the device of input in this computing machine;
Whether judgement receives the device that comes from the network packet that this target terminal comprises feedback information within a certain period of time;
Do not receive while coming from the network packet that this target terminal comprises feedback information, show error message and the sound that gives the alarm, the device of out of service computing machine;
Receive while coming from the network packet that this target terminal comprises feedback information:
The feedback information receiving is, while checking by information, to start this computing machine, enters the device of operating system; Or
When the feedback information receiving is error code information, show error message and the sound that gives the alarm, the device of out of service computing machine.
5. device according to claim 4, is characterized in that: while sending the network packet that comprises this target terminal MAC Address and this computing machine MAC Address to this target terminal, the certificate of this computing machine is encrypted, increases the device of the security of data transmission.
6. device according to claim 4, is characterized in that: close the NIC driver of this computing machine, to facilitate user's operation of not networking, facilitate user to leave the device of company's network work.
7. a method of controlling target terminal response mode, is characterized in that: the method comprises and judges whether to receive the network packet that comprises this target terminal MAC Address and this computing machine MAC Address from computing machine;
Do not receive in the situation of this network packet, do not send any network packet that comprises feedback information to this computing machine;
Receive in the situation of this network packet, in certain hour, judge this computing machine MAC Address validity and make response action:
The MAC Address of judging this computing machine when effective, send and comprises the network packet of checking computations by information to this computing machine;
The MAC Address of judging this computing machine when invalid, sends the network packet that comprises error code information to this computing machine.
8. a device of controlling target terminal response mode, is characterized in that: this device comprises and judges whether to receive the device from the network packet that comprises this target terminal MAC Address and this computing machine MAC Address of computing machine;
Do not receive in the situation of this network packet, do not send the device of any network packet that comprises feedback information to this computing machine;
Receive in the situation of this network packet, in certain hour, judge this computing machine MAC Address validity and make the device of response action:
The MAC Address of judging this computing machine when effective, send and comprises the device of the network packet of checking computations by information to this computing machine;
The MAC Address of judging this computing machine when invalid, sends the network packet that the comprises error code information device to this computing machine.
9. a method that realizes fail-safe computer, is characterized in that: the method comprises loads NIC driver in computing machine;
The network packet that transmission comprises target terminal MAC Address and this computing machine MAC Address is to this target terminal MAC Address, and wherein this target terminal MAC Address is when this computing machine uses for the first time, and input is in this computing machine;
Judge whether to receive the network packet that comprises this target terminal MAC Address and this computing machine MAC Address from this computing machine;
Do not receive in the situation of the network packet that comprises this target terminal MAC Address and this computing machine MAC Address, do not send any network packet that comprises feedback information to this computing machine;
While not receiving the network packet that comprises feedback information that comes from this target terminal, show error message and the sound that gives the alarm, out of service computing machine;
Receive in the situation of the network packet that comprises this target terminal MAC Address and this computing machine MAC Address, in certain hour, judge this computing machine MAC Address validity and make response action:
The MAC Address of judging this computing machine when effective, send and comprises the feedback network bag of checking computations by information to this computing machine;
While receiving the feedback information that comes from this target terminal and be checking computations by information, start this computing machine, enter operating system; Or
The MAC Address of judging this computing machine when invalid, sends the feedback network bag that comprises error code information to this computing machine;
When receiving the feedback information that comes from this target terminal and being error code information, show error message and the sound that gives the alarm, out of service computing machine.
10. a device of realizing fail-safe computer, is characterized in that: this device comprises and loads NIC driver to the device in computing machine;
The network packet that transmission comprises target terminal MAC Address and this computing machine MAC Address is to this target terminal MAC Address, and wherein this target terminal MAC Address is when this computing machine uses for the first time, the device of input in this computing machine;
Judge whether to receive the device from the network packet that comprises this target terminal MAC Address and this computing machine MAC Address of this computing machine;
Do not receive in the situation of the network packet that comprises this target terminal MAC Address and this computing machine MAC Address, do not send the device of any network packet that comprises feedback information to this computing machine;
While not receiving the network packet that comprises feedback information that comes from this target terminal, show error message and the sound that gives the alarm, the device of out of service computing machine;
Receive in the situation of the network packet that comprises this target terminal MAC Address and this computing machine MAC Address, in certain hour, judge this computing machine MAC Address validity and make the device of response action:
The MAC Address of judging this computing machine when effective, send and comprises the device of the feedback network bag of checking computations by information to this computing machine;
While receiving the feedback information that comes from this target terminal and be checking computations by information, start this computing machine, enter the device of operating system; Or
The MAC Address of judging this computing machine when invalid, sends the feedback network bag that the comprises error code information device to this computing machine;
When receiving the feedback information that comes from this target terminal and being error code information, show error message and the sound that gives the alarm, the device of out of service computing machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310713157.4A CN103729596B (en) | 2013-12-20 | 2013-12-20 | A kind of method for realizing fail-safe computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310713157.4A CN103729596B (en) | 2013-12-20 | 2013-12-20 | A kind of method for realizing fail-safe computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103729596A true CN103729596A (en) | 2014-04-16 |
| CN103729596B CN103729596B (en) | 2017-10-31 |
Family
ID=50453667
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310713157.4A Active CN103729596B (en) | 2013-12-20 | 2013-12-20 | A kind of method for realizing fail-safe computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103729596B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104980300A (en) * | 2014-10-17 | 2015-10-14 | 哈尔滨安天科技股份有限公司 | Network environment based system for controlling device networking and system based method for controlling device networking |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020010869A1 (en) * | 2000-06-07 | 2002-01-24 | Young-Il Kim | MAC address-based communication restricting method |
| CN1334510A (en) * | 2001-09-07 | 2002-02-06 | 清华大学 | Remoteboot method of computer in network environment |
| CN1506868A (en) * | 2002-12-10 | 2004-06-23 | 联想(北京)有限公司 | Method of remote controlling computer in different area via computer network |
| CN101344852A (en) * | 2008-09-02 | 2009-01-14 | 华为技术有限公司 | Method, device and system for allocating WINDOWS enterprise edition operating system |
| CN101997691A (en) * | 2009-08-08 | 2011-03-30 | 苏州彭华信息技术有限公司 | Remote starting unit |
| EP2560358A1 (en) * | 2010-04-14 | 2013-02-20 | Sony Computer Entertainment Inc. | Server connection method, server, and remote operation system |
| CN102983968A (en) * | 2011-09-02 | 2013-03-20 | 深圳市快播科技有限公司 | A method and a server for software backend authentication |
-
2013
- 2013-12-20 CN CN201310713157.4A patent/CN103729596B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020010869A1 (en) * | 2000-06-07 | 2002-01-24 | Young-Il Kim | MAC address-based communication restricting method |
| CN1334510A (en) * | 2001-09-07 | 2002-02-06 | 清华大学 | Remoteboot method of computer in network environment |
| CN1506868A (en) * | 2002-12-10 | 2004-06-23 | 联想(北京)有限公司 | Method of remote controlling computer in different area via computer network |
| CN101344852A (en) * | 2008-09-02 | 2009-01-14 | 华为技术有限公司 | Method, device and system for allocating WINDOWS enterprise edition operating system |
| CN101997691A (en) * | 2009-08-08 | 2011-03-30 | 苏州彭华信息技术有限公司 | Remote starting unit |
| EP2560358A1 (en) * | 2010-04-14 | 2013-02-20 | Sony Computer Entertainment Inc. | Server connection method, server, and remote operation system |
| CN102983968A (en) * | 2011-09-02 | 2013-03-20 | 深圳市快播科技有限公司 | A method and a server for software backend authentication |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104980300A (en) * | 2014-10-17 | 2015-10-14 | 哈尔滨安天科技股份有限公司 | Network environment based system for controlling device networking and system based method for controlling device networking |
| CN104980300B (en) * | 2014-10-17 | 2019-02-01 | 哈尔滨安天科技股份有限公司 | A kind of system and method that Network Environment manages equipment networking |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103729596B (en) | 2017-10-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10581803B1 (en) | Application-aware connection rules for network access client | |
| US9240977B2 (en) | Techniques for protecting mobile applications | |
| CN109479056B (en) | For establishing the method and firewall system that arrive the communication connection of safety of industrial automation system | |
| CN102144193B (en) | Method for granting authorization to access a computer-based object in an automation system, computer program, and automation system | |
| US20230009167A1 (en) | Post-connection client certificate authentication | |
| CN104753936A (en) | Opc security gateway system | |
| CN104580185B (en) | A kind of method and system of NS software | |
| CN103297437A (en) | Safety server access method for mobile intelligent terminal | |
| CN104202338A (en) | Secure access method applicable to enterprise-level mobile applications | |
| CN107846414A (en) | A kind of single-point logging method and system, Centralized Authentication System | |
| CN104660593A (en) | Method for filtering OPC security gateway data packets | |
| US20100154037A1 (en) | Techniques for network process identity enablement | |
| CN103188254A (en) | Network security protection method capable of giving consideration to both smoothness and safety of internal and external network information | |
| EP2985954A1 (en) | Secure network access processing method and apparatus | |
| CN107317816A (en) | A kind of method for network access control differentiated based on client application | |
| CN103347019A (en) | Secret-leakage-resisting method based on watermark technology | |
| CN103036883A (en) | Secure communication method and system of secure server | |
| CN115941171A (en) | Network key exchange negotiation method, device and network equipment | |
| CN102045309A (en) | Method and device for preventing computer from being attacked by virus | |
| CN103152351A (en) | Network equipment and AD (Active Directory) domain single sign on method and system | |
| CN111726328A (en) | Method, system and related device for remotely accessing a first device | |
| CN103729596A (en) | Method for implementing safety of computer | |
| KR101592323B1 (en) | System and method for remote server recovery | |
| CN104601578A (en) | Recognition method and device for attack message and core device | |
| Braband | What's Security Level got to do with Safety Integrity Level? |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |