CN104166809B - The control method and system of operation information system - Google Patents
The control method and system of operation information system Download PDFInfo
- Publication number
- CN104166809B CN104166809B CN201310185909.4A CN201310185909A CN104166809B CN 104166809 B CN104166809 B CN 104166809B CN 201310185909 A CN201310185909 A CN 201310185909A CN 104166809 B CN104166809 B CN 104166809B
- Authority
- CN
- China
- Prior art keywords
- information
- information system
- check code
- code
- hardware
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000013475 authorization Methods 0.000 claims description 45
- 238000004422 calculation algorithm Methods 0.000 claims description 35
- 230000008569 process Effects 0.000 claims description 19
- 238000012795 verification Methods 0.000 claims description 7
- 230000006872 improvement Effects 0.000 description 10
- 230000006870 function Effects 0.000 description 9
- 238000012360 testing method Methods 0.000 description 7
- XUIMIQQOPSSXEZ-UHFFFAOYSA-N Silicon Chemical compound [Si] XUIMIQQOPSSXEZ-UHFFFAOYSA-N 0.000 description 6
- 230000003139 buffering effect Effects 0.000 description 6
- 229910052710 silicon Inorganic materials 0.000 description 6
- 239000010703 silicon Substances 0.000 description 6
- 238000004364 calculation method Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000008439 repair process Effects 0.000 description 3
- 238000013519 translation Methods 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of control method of operation information system, including step:Start the information system on hardware platform, described information system includes providing the operating system and application software of customizing messages service;Gather the id information of the built-in identity designation card of hardware module information and/or the hardware platform on the hardware platform;Id information based on the hardware module information for collecting and/or the identity designation card calculates check code;The check code prestored in the check code that will be calculated and information system is contrasted;Described information system initialization is just driven when the check code for calculating is identical with the check code contrast prestored in information system.The invention also discloses a kind of control system of operation information system.
Description
Technical field
The present invention relates to field of information security technology, more particularly to a kind of control method and system of operation information system.
Background technology
Hardware platform as background service hardware platform, the service that combining information system is specified for user provides.When
The preceding use to hardware platform is that software and hardware is separated, and hardware platform does not have positive connection, an information system with specific system
Can be used on many hardware platforms, it is impossible to effectively prevent piracy.Even if there is anti-piracy measure, the wind for cracking is there is also
Danger.
The content of the invention
It is an object of the invention to provide a kind of control method and system of operation information system, can be by information system and hard
Part platform is effectively bundled so that information system can only be run on specific hardware platform, it is ensured that information system it is legal,
Safe handling.
To achieve the above object, a kind of control method of operation information system, including step be the embodiment of the invention provides:
Start the information system on hardware platform, described information system includes providing the operation system of customizing messages service
System and application software;
Gather the ID of the built-in identity designation card of hardware module information and/or the hardware platform on the hardware platform
Information;
Id information based on the hardware module information for collecting and/or the identity designation card calculates check code;
The check code prestored in the check code that will be calculated and information system is contrasted;
Described information is just driven when the check code for calculating is identical with the check code contrast prestored in information system
System initialization.
Used as the improvement of such scheme, the hardware module information includes CPU sequence numbers, hard disk serial number and/or mainboard
Sequence number.
It is described to be indicated based on the hardware module information for collecting and/or the identity as the improvement of such scheme
The id information of card calculates check code, specifically includes:
The hardware module information and/or the id information of the identity designation card that will be collected are built into 128 words
The machine code of section;
The machine code of 128 byte is generated the authorization code of 20 bytes using hash algorithm;
The authorization code of 20 byte is generated the check code of 32 using CRC algorithm.
As the improvement of such scheme, the step of information system on hardware platform is started before, also including step:In advance
Generation one check code simultaneously be stored in described information system, and the generating process of the check code prestored in described information system with
The generating process of the check code for calculating is consistent.
Used as the improvement of such scheme, the hardware platform is server, embedded platform, Android platform, PC or industry control
Plate.
Correspondingly, the embodiment of the present invention also provides a kind of control system of operation information system, including:
Information system starting module, for starting the information system on hardware platform, described information system includes carrying
For the operating system and application software of customizing messages service;
Information acquisition module, after starting described information system according to described information system starting module, collection is described
The id information of the built-in identity designation card of hardware module information and/or the hardware platform on hardware platform;
Information computational module, for the hardware module information collected according to described information acquisition module and/or institute
The id information for stating identity designation card calculates check code;
Information comparison module, in the check code that calculates described information computing module and described information system
The check code for prestoring is contrasted;
Drive module, for what is prestored in the check code that will be calculated when described information comparing module and information system
When check code contrast is consistent, described information system initialization is driven.
Used as the improvement of such scheme, the hardware module information includes CPU sequence numbers, hard disk serial number and/or mainboard
Sequence number.
Used as the improvement of such scheme, described information computing module is specifically included:
Machine code generation unit, for the hardware module information and/or the ID of the identity designation card that will collect
Information architecture is into a machine code for 128 bytes;
Authorization code generation unit, for 128 byte for being generated the machine code generation unit using hash algorithm
Machine code generate 20 bytes authorization code;
Check code generation unit, the mandate of 20 bytes for being generated the authorization code generation unit using CRC algorithm
The check code of code generation 32.
As the improvement of such scheme, also include:
Prestore check code generation module, for previously generating a check code and being stored in described information system, and institute
State the generating process of the check code prestored in information system consistent with the generating process of the check code for calculating.
Used as the improvement of such scheme, the hardware platform is server, embedded platform, Android platform, PC or industry control
Plate.
Implement the embodiment of the present invention, have the advantages that:
The control method and system of operation information system provided in an embodiment of the present invention, first start the information on hardware platform
System, then gathers the built-in identity designation card of hardware module information and/or the hardware platform on the hardware platform
Id information, and the id information based on the hardware module information for collecting and/or the identity designation card calculates check code,
Then the check code prestored in the check code that will be calculated and information system is contrasted, only when the verification for calculating
Code just drives described information system initialization when identical with the check code contrast prestored in information system.The embodiment of the present invention can be by
Information system is bundled with hardware platform so that information system can only be run on specific hardware platform, it is ensured that information system
Legal, the safe handling of system.Special information service for hardware performance can be provided, system effectiveness is improved.Can also be for installation
The hardware platform customized information system of identity designation card, flexibly provides service.I.e. hardware platform can be built-in with identity designation card,
The startup of information system depend on hardware platform hardware information and identity sign card information, the mandate of effective protection information system and
Encryption.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the first embodiment of the control method of the operation information system that the present invention is provided;
Fig. 2 is the schematic flow sheet of the second embodiment of the control method of the operation information system that the present invention is provided;
Fig. 3 is the schematic flow sheet of the 3rd embodiment of the control method of the operation information system that the present invention is provided;
Fig. 4 is the structural representation of the control system of the operation information system that the present invention is provided.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
It is the schematic flow sheet of the first embodiment of the control method of the operation information system that the present invention is provided referring to Fig. 1,
The method is comprised the following steps:
S101, starts the information system on hardware platform, and described information system includes that customizing messages service can be provided
Operating system and application software;
S102, gathers the built-in identity of hardware module information and/or the hardware platform on the hardware platform and indicates
The id information of card;
S103, the id information based on the hardware module information for collecting and/or the identity designation card calculates school
Test code;
The check code prestored in S104, the check code that will be calculated and information system is contrasted;
S105, just drives described when the check code for calculating is identical with the check code contrast prestored in information system
Information system is initialized.
The control method of operation information system provided in an embodiment of the present invention, may be used in hardware platform, will can believe
Breath system and hardware platform are effectively bundled so that information system can only be run on specific hardware platform, it is ensured that information system
It is legal, safe handling.
The control method of the operation information system provided the present invention with reference to Fig. 2, Fig. 3 is described in detail.
It is the schematic flow sheet of the second embodiment of the control method of the operation information system that the present invention is provided referring to Fig. 2.
The method specifically includes following steps:
S201, starts the information system on hardware platform, and described information system includes that customizing messages service can be provided
Operating system and application software;
Specifically, hardware platform of the hardware platform as background service, combining information system can provide spy for user
Fixed service, the hardware platform is server, embedded platform, Android platform, PC or industrial control board etc..And in the present embodiment
In, it with hardware platform is binding that information system is, that is to say, that specific information system can only be in specific hardware platform
Run on (being based on hardware platform hardware information), there is provided for the special information service of hardware performance, and in a hardware platform
, it is necessary to be carried out by the control method of the present embodiment during one information system of upper operation, judge whether the information system can be at this
Run on hardware platform.Wherein, described information system includes providing the operating system and application software of customizing messages service.
S202, gathers the hardware module information on the hardware platform, the hardware module information include CPU sequence numbers,
Hard disk serial number and/or mainboard sequence number;
S203, machine code is built based on the hardware module information for collecting, and then generates authorization code according to machine code,
And check code is generated according to authorization code;
During specific implementation, including following steps:
(1) hardware module information that will be collected is built into a machine code for 128 bytes;
Specifically, the structure of machine code there can be various ways, buffering (including the CPU of the byte of multistage 128 can be such as constructed
Sequence number, hard disk serial number and/or mainboard sequence number), the sequence number that will be read is inserted after being converted into ASCII fromat, not enough
Byte zero padding, then multistage buffering is carried out into XOR, obtain the machine code of 128 bytes.
(2) machine code of 128 byte is generated the authorization code of 20 bytes using hash algorithm;
During specific implementation, generating authorization code according to machine code can use hash algorithm, and recommending (can using SHA-1 algorithms
Constant in algorithm is entered into line translation), generate the authorization code of 20 bytes.
Specific changing method refers to as follows:
(3) authorization code of 20 byte is generated the check code of 32 using CRC algorithm.
During implementation, generating check code according to authorization code can use CRC algorithm, it is preferred to use CRC-32, generation 32
Check code.
S204, the check code prestored in the check code and the information system that will be generated is contrasted, wherein, it is described to prestore
Check code to previously generate and be stored in described information system;
Specifically, information system needs the cryptography implementation pattern being pre-configured with before dispatching from the factory, the pattern include software pattern and
Identity indicates pattern.If starting software pattern, software code algorithm only is realized using software, identity designation card is not involved in meter
Calculate, system does not check that identity designation card whether there is or effective yet before starting;If indicating pattern using identity, software can be used
Or identity designation card realizes that cryptographic algorithm, system need to check that identity designation card whether there is or effective before starting.
In the present embodiment, to start software pattern, then only software code algorithm is realized using software.That is,
The operation of information system is only relevant with its hardware information (CPU sequence numbers, hard disk serial number and/or mainboard sequence number), is not related to
Identity designation card id information.In addition, described information system is given birth in the generating process of the check code prestored before dispatching from the factory with when starting
Into the generating process of the check code be consistent, that is to say, that described information system is hard for specific hardware platform
Related hardware module information (CPU sequence numbers, hard disk serial number and/or mainboard sequence number) is built machine code by part performance, and
Authorization code is generated according to machine code, then generates check code to be stored in information system according to authorization code.When information system fortune
During row, as long as hardware module information (the CPU sequences of the hardware module information of the hardware platform and above-mentioned specific hardware platform
Number, hard disk serial number and/or mainboard sequence number) it is consistent when, the check code of in-time generatin and the check code for prestoring are identicals.
The check code in addition, information system prestores before dispatching from the factory, can be by designing a function checkLicenceCode (no
With software publishing), this function is performed on screen can print the process and result of calculation for calculating check code, then by this school
Test during code is written to the CPLD of information system and preserved.Before dispatching from the factory, the hardware platform platform CPU sequences of target product are tackled
Number, hard disk serial number, mainboard sequence number, machine code, the relevant information such as authorization code and check code carries out record and puts on record.Put these on record
The purpose of information be when function checkLicenceCode is deleted by mistake or CPLD in prestore effect code changed when, system service
Provider can in time safeguard and repair.
S205, the letter is just driven when the check code of generation is identical with the check code contrast prestored in information system
Breath system initialization.
When the check code of generation is identical with the check code contrast prestored in information system, illustrate to be currently up information
The hardware module information of the hardware platform of system meets hardware module information (CPU sequence numbers, the hard disk sequence of the hardware platform specified
Row number and/or mainboard sequence number), therefore, it can drive described information system to be initialized, to realize on the hardware platform
Operation described information system.
The second embodiment of the control method of above-mentioned operation information system, first starts the information system on hardware platform,
Then the hardware module information on the hardware platform is gathered, and verification is generated based on the hardware module information for collecting
Code, the check code prestored in the check code and the information system that then will be generated is contrasted, only when the verification for generating
Code just drives described information system initialization when identical with the check code contrast prestored in information system.The embodiment of the present invention can be by
Information system is bundled with hardware platform so that information system can only be run on specific hardware platform, it is ensured that information system
Legal, the safe handling of system;And the special information service for hardware performance is provided, system effectiveness is improved.
It is the schematic flow sheet of the 3rd embodiment of the control method of the operation information system that the present invention is provided referring to Fig. 3.
The method specifically includes following steps:
S301, starts the information system on hardware platform, and described information system includes that customizing messages service can be provided
Operating system and application software, the built-in identity designation card of hardware platform;
Specifically, hardware platform of the hardware platform as background service, combining information system can provide spy for user
Fixed service, the hardware platform is server, embedded platform, Android platform, PC or industrial control board etc..And in the present embodiment
In, it with hardware platform is binding that information system is, that is to say, that specific information system can only be in specific hardware platform
Run on (being based on hardware platform hardware information), there is provided for the special information service of hardware performance;In addition, interior on hardware platform
Identity designation card is equipped with, the startup of information system depends on hardware platform hardware information and identity sign card information.And at one
, it is necessary to be carried out by the control method of the present embodiment when running an information system on hardware platform, judge that the information system is
It is no to be run on the hardware platform.Wherein, described information system include can provide customizing messages service operating system and
Application software.
S302, gathers the id information of the hardware module information and the identity designation card on the hardware platform, described hard
Part module information includes CPU sequence numbers, hard disk serial number and/or mainboard sequence number;
Specifically, silicon serial chip can be installed in being built in the identity designation card of hardware platform, now identity designation card
ID is silicon serial chip id, and the IOCTL of driver can be obtained by CPLD.If being fitted without silicon serial chip, can
To store an identity designation card ID in CPLD in advance, read by driver IOCTL.
S303, the id information based on the hardware module information for collecting and the identity designation card builds machine code,
Then authorization code is generated according to machine code, and check code is generated according to authorization code;
During specific implementation, including following steps:
(1) hardware module information and the id information of the identity designation card that will be collected are built into 128 words
The machine code of section;
Specifically, the structure of machine code there can be various ways, buffering (including the CPU of the byte of multistage 128 can be such as constructed
The id information of sequence number, at least one of hard disk serial number and mainboard sequence number information and identity designation card), by what is read
Sequence number is inserted after being converted into ASCII fromat, not enough byte zero padding, then multistage buffering is carried out into XOR, obtains 128 bytes
Machine code.
(2) machine code of 128 byte is generated the authorization code of 20 bytes using hash algorithm;
During specific implementation, generating authorization code according to machine code can use hash algorithm, and recommending (can using SHA-1 algorithms
Constant in algorithm is entered into line translation), generate the authorization code of 20 bytes.
Specific changing method refers to as follows:
(3) authorization code of 20 byte is generated the check code of 32 using CRC algorithm.
During implementation, generating check code according to authorization code can use CRC algorithm, it is preferred to use CRC-32, generation 32
Check code.
S304, the check code prestored in the check code and the information system that will be generated is contrasted, wherein, it is described to prestore
Check code to previously generate and be stored in described information system;
Specifically, information system needs the cryptography implementation pattern being pre-configured with before dispatching from the factory, the pattern include software pattern and
Identity indicates pattern.If starting software pattern, software code algorithm only is realized using software, identity designation card is not involved in meter
Calculate, system does not check that identity designation card whether there is or effective yet before starting;If indicating pattern using identity, software can be used
Or identity designation card realizes that cryptographic algorithm, system need to check that identity designation card whether there is or effective before starting.
In the present embodiment, it is identity sign pattern, then realizes cryptographic algorithm using software and identity designation card.Also
It is to say, the operation of information system was both relevant with its hardware information (CPU sequence numbers, hard disk serial number and/or mainboard sequence number),
It is related to the identity designation card id information on hardware platform.In addition, the life of the check code that described information system prestores before dispatching from the factory
With the generating process of the check code generated when starting it is consistent into process, that is to say, that described information system is directed to
The hardware performance of specific hardware platform is by related hardware module information (CPU sequence numbers, hard disk serial number and/or mainboard sequence
Row number) and identity designation card id information structure machine code, authorization code is then generated according to machine code, and school is generated according to authorization code
Code is tested to be stored in information system.When the information system is run, as long as the hardware module information and hardware of the hardware platform are put down
Hardware module information (CPU sequence numbers, the hard disk serial of the built-in identity designation card id information of platform and above-mentioned specific hardware platform
Number and/or mainboard sequence number) it is consistent with identity designation card id information when, the check code of in-time generatin and the check code for prestoring are phases
With.
The check code in addition, information system prestores before dispatching from the factory, can be by designing a function checkLicenceCode (no
With software publishing), this function is performed on screen can print the process and result of calculation for calculating check code, then by this school
Test during code is written to the CPLD of information system and preserved.Before dispatching from the factory, hardware platform CPU sequence numbers of target product, hard are tackled
Disk sequence number, mainboard sequence number, identity designation card ID, machine code, the relevant information such as authorization code and check code carries out record and puts on record.
The purpose of these information of putting on record be when function checkLicenceCode is deleted by mistake or CPLD in prestore effect code changed when,
System service provider can in time safeguard and repair.
S305, the letter is just driven when the check code of generation is identical with the check code contrast prestored in information system
Breath system initialization.
When the check code of generation is identical with the check code contrast prestored in information system, illustrate to be currently up information
The hardware module information and identity designation card id information of the hardware platform of system meet the hardware module letter of the hardware platform specified
Breath (CPU sequence numbers, hard disk serial number and/or mainboard sequence number) and identity designation card id information, therefore, it can drive the letter
Breath system is initialized, to realize running described information system on the hardware platform.
In addition, the treatment mechanism of the ECC chip status on the identity designation card:ECC chips are high by CS and address
Two carry out piece choosing, can control the state that is worked with unauthorized lower stopping under its normal authorization by this 1O.When CPLD reads in
Check code is contrasted when successfully with the check code that prestores, and into normal authorization flow, is verified successfully by driving to be sent to application software
Signal;When contrasting unsuccessful, into unauthorized flow, chip is made to be in the state that is stopped by foregoing IO, by driving
Verification failure signal is sent to application software.Unauthorized identity sign calorie requirement is reactivated, according to the specific of CPLD
Code difference has two ways:1. restart software to verify again.2. restart machine to verify again.
The 3rd embodiment of the control method of above-mentioned operation information system, first starts the information system on hardware platform,
Then the id information of the built-in identity designation card of hardware module information and the hardware platform on the hardware platform is gathered, and
Id information generation check code based on the hardware module information and identity designation card for collecting, the school that then will be generated
Test the check code prestored in code and information system to be contrasted, only when the school prestored in the check code and the information system of generation
Test when code contrasts identical and just drive described information system initialization.The embodiment of the present invention can tie information system and hardware platform
Tie up so that information system can only be run on specific hardware platform, it is ensured that legal, the safe handling of information system.Can
Special information service for hardware performance is provided, system effectiveness is improved.Can also be directed to and be mounted with that the hardware of identity designation card is put down
Platform customized information system, flexibly provides service.I.e. hardware platform can be built-in with identity designation card, and the startup of information system is depended on
Hardware platform hardware information and identity sign card information, the mandate and encryption of effective protection information system.
It is a kind of structural representation of the control system of operation information system that the present invention is provided referring to Fig. 4.
It should be noted that a kind of control system of operation information system 30 on hardware platform 20 that the present embodiment is provided
10, the step of be implemented for the control method of above-mentioned operation information system.The hardware platform 20 includes that hardware platform is hard
Part module 21 and built-in identity designation card 22, the hardware platform hardware module 21 provide hardware supported, and specific clothes are provided to run
Business.The identity designation card 22 is used for the legitimacy of the identity information of the information system for verifying operation.The information system 30 can only be
Run on specific hardware platform, with legal, the safe handling of guarantee information system;And the information system 30 is previously generated and deposited
Contain check code.
As shown in figure 4, the control system 10 is specifically included:
Information system starting module 1, for starting the information system 30 on hardware platform 20, described information system 30 includes
The operating system and application software of customizing messages service can be provided on hardware platform 10;
Specifically, hardware platform of the hardware platform as background service, combining information system can provide spy for user
Fixed service, the hardware platform is server, embedded platform, Android platform, PC or industrial control board etc..And in the present embodiment
In, it with hardware platform is binding that information system is, that is to say, that specific information system can only be in specific hardware platform
Run on (being based on hardware platform hardware information), there is provided for the special information service of hardware performance;In addition, interior on hardware platform
Identity designation card is equipped with, the startup of information system depends on hardware platform hardware information and identity sign card information.And at one
, it is necessary to be carried out by the control system of the present embodiment when running an information system on hardware platform, judge that the information system is
It is no to be run on the hardware platform.
Information acquisition module 2, after starting described information system according to described information system starting module 1, gathers institute
State the id information of the built-in identity designation card 22 of the information of hardware module 21 and/or the hardware platform on hardware platform 20;
Specifically, the hardware module information includes CPU sequence numbers, hard disk serial number and/or mainboard sequence number;And it is built-in
Silicon serial chip can be installed in the identity designation card of hardware platform, now identity designation card ID is silicon serial chip id,
The IOCTL of driver can be obtained by CPLD.If being fitted without silicon serial chip, one can be stored in CPLD in advance
Identity designation card ID, is read by driver IOCTL.
Information computational module 3, for the hardware module information that is collected according to described information acquisition module 2 and/or
The id information of the identity designation card calculates check code;
It is single that described information computing module 3 specifically includes the generation of machine code generation unit, authorization code generation unit and check code
Unit, wherein:
Machine code generation unit, for the hardware module information and/or the ID of the identity designation card that will collect
Information architecture is into a machine code for 128 bytes;
Specifically, the structure of machine code there can be various ways, buffering (including the CPU of the byte of multistage 128 can be such as constructed
The id information of sequence number, at least one of hard disk serial number and mainboard sequence number information and identity designation card), by what is read
Sequence number is inserted after being converted into ASCII fromat, not enough byte zero padding, then multistage buffering is carried out into XOR, obtains 128 bytes
Machine code.
Authorization code generation unit, for 128 byte for being generated the machine code generation unit using hash algorithm
Machine code generate 20 bytes authorization code;
During specific implementation, generating authorization code according to machine code can use hash algorithm, and recommending (can using SHA-1 algorithms
Constant in algorithm is entered into line translation), generate the authorization code of 20 bytes.
Specific changing method refers to as follows:
Check code generation unit, the mandate of 20 bytes for being generated the authorization code generation unit using CRC algorithm
The check code of code generation 32.
During implementation, generating check code according to authorization code can use CRC algorithm, it is preferred to use CRC-32, generation 32
Check code.
Information comparison module 4, for the check code and the described information system that calculate described information computing module 3
The check code for inside prestoring is contrasted;
Specifically, information system needs the cryptography implementation pattern being pre-configured with before dispatching from the factory, the pattern include software pattern and
Identity indicates pattern.If starting software pattern, software code algorithm only is realized using software, identity designation card is not involved in meter
Calculate, system does not check that identity designation card whether there is or effective yet before starting;If indicating pattern using identity, software can be used
Or identity designation card realizes that cryptographic algorithm, system need to check that identity designation card whether there is or effective before starting.
In the present embodiment, it is identity sign pattern, then realizes cryptographic algorithm using software and identity designation card.Also
It is to say, the operation of information system was both relevant with its hardware information (CPU sequence numbers, hard disk serial number and/or mainboard sequence number),
It is related to the identity designation card id information on hardware platform.
In addition, generating process and the school that when starting is generated of the described information system in the check code prestored before dispatching from the factory
The generating process for testing code is consistent, that is to say, that described information system for specific hardware platform hardware performance by phase
The hardware module information (CPU sequence numbers, hard disk serial number and/or mainboard sequence number) and identity designation card id information of pass build machine
Device code, then generates authorization code, and generate check code to be stored in information system according to authorization code according to machine code.When the information
During system operation, if the built-in identity designation card id information of the hardware module information and hardware platform of the hardware platform with it is above-mentioned
The hardware module information (CPU sequence numbers, hard disk serial number and/or mainboard sequence number) and identity designation card of specific hardware platform
When id information is consistent, the check code of in-time generatin and the check code for prestoring are identicals.
The check code in addition, information system prestores before dispatching from the factory, can be by designing a function checkLicenceCode (no
With software publishing), this function is performed on screen can print the process and result of calculation for calculating check code, then by this school
Test during code is written to the CPLD of information system and preserved.Before dispatching from the factory, the hardware platform platform CPU sequences of target product are tackled
Number, hard disk serial number, mainboard sequence number, identity designation card ID, machine code, the relevant information such as authorization code and check code recorded
Put on record.The purpose of these information of putting on record be when function checkLicenceCode deleted by mistake or CPLD in prestore effect code repaiied
When changing, system service provider can in time safeguard and repair.
Drive module 5, for being prestored in the check code that will be calculated when described information comparing module 4 and information system
Check code contrast it is consistent when, drive described information system 30 to initialize.
When the check code of generation is identical with the check code contrast prestored in information system, illustrate to be currently up information
The hardware module information and identity designation card id information of the hardware platform of system meet the hardware module letter of the hardware platform specified
Breath (CPU sequence numbers, hard disk serial number and/or mainboard sequence number) and identity designation card id information, therefore, it can drive the letter
Breath system is initialized, to realize running described information system on the hardware platform.
In addition, the treatment mechanism of the ECC chip status on the identity designation card:ECC chips are high by CS and address
Two carry out piece choosing, can control the state that is worked with unauthorized lower stopping under its normal authorization by this IO.When CPLD reads in
Check code is contrasted when successfully with the check code that prestores, and into normal authorization flow, is verified successfully by driving to be sent to application software
Signal;When contrasting unsuccessful, into unauthorized flow, chip is made to be in the state that is stopped by foregoing IO, by driving
Verification failure signal is sent to application software.Unauthorized identity sign calorie requirement is reactivated, according to the specific of CPLD
Code difference has two ways:1. restart software to verify again;2. restart machine to verify again.
Preferably, the control system of the operation information system of the present embodiment may also include the check code generation module that prestores (figure
Do not show), for previously generating a check code and being stored in described information system, and the verification prestored in described information system
The generating process of code is consistent with the generating process of the check code for calculating.
The control system 10 of the operation information system of above-described embodiment, hardware is started first with information system starting module 1
Information system on platform, then gathers hardware module information on the hardware platform and described by information acquisition module 2
The id information of the built-in identity designation card of hardware platform, and based on the hardware module information and identity designation card for collecting
Id information generates check code by information computational module 3, the check code and letter that then will be generated by information comparison module 4
The check code prestored in breath system is contrasted, only when the check code contrast prestored in the check code and information system of generation
Described information system initialization is just driven by drive module 5 when identical.The embodiment of the present invention can equal information system with hardware
Platform is bundled so that information system can only be run on specific hardware platform, it is ensured that legal, the safety of information system make
With.Special information service for hardware performance can be provided, system effectiveness is improved.Can also be directed to and be mounted with the hard of identity designation card
Part platform building information system, flexibly provides service.That is hardware platform can be built-in with identity designation card, the startup of information system according to
Rely in hardware platform hardware information and identity sign card information, the mandate and encryption of effective protection information system.
One of ordinary skill in the art will appreciate that all or part of flow in realizing above-described embodiment method, can be
The hardware of correlation is instructed to complete by computer program, described program can be stored in a computer read/write memory medium
In, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The above is the preferred embodiment of the present invention, it is noted that for those skilled in the art
For, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications are also considered as
Protection scope of the present invention.
Claims (8)
1. a kind of control method of operation information system, it is characterised in that including step:
Start hardware platform on information system, described information system include can provide customizing messages service operating system and
Application software;
The ID for gathering the built-in identity designation card of hardware module information and/or the hardware platform on the hardware platform believes
Breath;
Id information based on the hardware module information for collecting and/or the identity designation card calculates check code;
The check code prestored in the check code that will be calculated and information system is contrasted;
Described information system is just driven when the check code for calculating is identical with the check code contrast prestored in information system
Initialization;
The id information based on the hardware module information for collecting and/or the identity designation card calculates check code,
Specifically include:
The hardware module information and/or the id information of the identity designation card that will be collected are built into 128 byte
Machine code;
The machine code of 128 byte is generated the authorization code of 20 bytes using hash algorithm;
The authorization code of 20 byte is generated the check code of 32 using CRC algorithm.
2. the control method of operation information system as claimed in claim 1, it is characterised in that the hardware module information includes
CPU sequence numbers, hard disk serial number and/or mainboard sequence number.
3. the control method of operation information system as claimed in claim 1, it is characterised in that the letter on hardware platform is started
Before the step of breath system, also including step:
Previously generate a check code and be stored in described information system, and the check code prestored in described information system life
It is consistent with the generating process of the check code for calculating into process.
4. the control method of operation information system as claimed in claim 1, it is characterised in that the hardware platform is service
Device, embedded platform, Android platform, PC or industrial control board.
5. a kind of control system of operation information system, it is characterised in that including:
Information system starting module, for starting the information system on hardware platform, described information system includes that spy can be provided
Determine the operating system and application software of information service;
Information acquisition module, after starting described information system according to described information system starting module, gathers the hardware
The id information of the built-in identity designation card of hardware module information and/or the hardware platform on platform;
Information computational module, for the hardware module information collected according to described information acquisition module and/or the body
The id information of part designation card calculates check code;
Information comparison module, for being prestored in the check code that calculates described information computing module and described information system
Check code contrasted;
Drive module, for the verification prestored in the check code that will be calculated when described information comparing module and information system
When code contrast is consistent, described information system initialization is driven;
Described information computing module is specifically included:
Machine code generation unit, for the hardware module information and/or the id information of the identity designation card that will collect
It is built into a machine code for 128 bytes;
Authorization code generation unit, the machine of 128 byte for being generated the machine code generation unit using hash algorithm
The authorization code of device code 20 bytes of generation;
Check code generation unit, the authorization code life of 20 bytes for being generated the authorization code generation unit using CRC algorithm
Into the check code of 32.
6. the control system of operation information system as claimed in claim 5, it is characterised in that the hardware module information includes
CPU sequence numbers, hard disk serial number and/or mainboard sequence number.
7. the control system of operation information system as claimed in claim 5, it is characterised in that also include:
Prestore check code generation module, for previously generating a check code and being stored in described information system, and the letter
The generating process of the check code prestored in breath system is consistent with the generating process of the check code for calculating.
8. the control system of operation information system as claimed in claim 5, it is characterised in that the hardware platform is service
Device, embedded platform, Android platform, PC or industrial control board.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310185909.4A CN104166809B (en) | 2013-05-17 | 2013-05-17 | The control method and system of operation information system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310185909.4A CN104166809B (en) | 2013-05-17 | 2013-05-17 | The control method and system of operation information system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104166809A CN104166809A (en) | 2014-11-26 |
| CN104166809B true CN104166809B (en) | 2017-06-16 |
Family
ID=51910618
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310185909.4A Active CN104166809B (en) | 2013-05-17 | 2013-05-17 | The control method and system of operation information system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104166809B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573414A (en) * | 2015-01-06 | 2015-04-29 | 浪潮电子信息产业股份有限公司 | Verification control method for guaranteeing software activation |
| CN107579994A (en) * | 2017-09-30 | 2018-01-12 | 福建星网智慧软件有限公司 | A kind of distributed server system authentication control method and device |
| CN107783799B (en) * | 2017-10-30 | 2021-01-29 | 上海闻泰电子科技有限公司 | Mainboard identity marking method and system contained in intelligent electronic equipment |
| CN108256336B (en) * | 2018-02-09 | 2021-09-28 | 深圳市杰和科技发展有限公司 | Binding and identifying method for operating system and mainboard |
| CN109033762A (en) * | 2018-07-05 | 2018-12-18 | 南京云信达科技有限公司 | A method of for solving complicated checked object soft ware authorization |
| CN109561159B (en) * | 2018-12-28 | 2021-08-31 | 厦门熵基生物识别信息技术有限公司 | Data processing method and system based on Websocket long connection |
| CN110601854B (en) * | 2019-09-19 | 2023-07-14 | 许继集团有限公司 | Authorization client, power distribution terminal equipment and authorization method thereof |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101645128A (en) * | 2009-06-25 | 2010-02-10 | 厦门敏讯信息技术股份有限公司 | Piracy preventing method of system |
| CN102208003A (en) * | 2010-03-31 | 2011-10-05 | 鸿富锦精密工业(深圳)有限公司 | Software program protection system and method |
| CN102982264A (en) * | 2012-12-24 | 2013-03-20 | 上海斐讯数据通信技术有限公司 | Method for protecting embedded type device software |
-
2013
- 2013-05-17 CN CN201310185909.4A patent/CN104166809B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101645128A (en) * | 2009-06-25 | 2010-02-10 | 厦门敏讯信息技术股份有限公司 | Piracy preventing method of system |
| CN102208003A (en) * | 2010-03-31 | 2011-10-05 | 鸿富锦精密工业(深圳)有限公司 | Software program protection system and method |
| CN102982264A (en) * | 2012-12-24 | 2013-03-20 | 上海斐讯数据通信技术有限公司 | Method for protecting embedded type device software |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104166809A (en) | 2014-11-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104166809B (en) | The control method and system of operation information system | |
| CN102646077B (en) | A kind of method of the full disk encryption based on credible password module | |
| JP5551130B2 (en) | Encapsulation of reliable platform module functions by TCPA inside server management coprocessor subsystem | |
| AU2008200225B2 (en) | ROM bios based trusted encrypted operating system | |
| CN104951701B (en) | A kind of method of the terminal device booting operating system based on USB controller | |
| CN102289622B (en) | Trusted startup method based on authentication policy file and hardware information collection | |
| US20040268135A1 (en) | Methods and apparatus for secure collection and display of user interface information in a pre-boot environment | |
| US20080172557A1 (en) | Rom bios based trusted encrypted operating system | |
| CN108629206B (en) | Secure encryption method, encryption machine and terminal equipment | |
| CN103530548B (en) | Startup method that built-in terminal based on mobile trustable computation module is credible | |
| CN103793654A (en) | Server active management technology (AMT) assisted secure boot | |
| AU2009233685A1 (en) | Method and apparatus for incremental code signing | |
| US11755406B2 (en) | Error identification in executed code | |
| CN103186434A (en) | Method and system for recovering basic input/output system | |
| CN110096887B (en) | Trusted computing method and server | |
| CN107111717A (en) | Safe boot policy on upgrading virtual machine | |
| CN103269271A (en) | Method and system for back-upping private key in electronic signature token | |
| CN102819706A (en) | Device and method for implementing credible embedded system on existing embedded equipment | |
| CN112181513B (en) | Trusted measurement method based on control host system guidance of hardware board card | |
| CN112989362B (en) | CPU trusted starting system and method based on safety chip monitoring | |
| CN106569907A (en) | System start-up file verifying and compiling method | |
| CN101908115A (en) | Method for realizing software trusted execution based on trusted platform module | |
| CN104361298A (en) | Method and device for information safety and confidentiality | |
| CN111327429A (en) | Terminal starting processing method and device | |
| CN106778286A (en) | A kind of system and method whether attacked for detection service device hardware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |