CN105354493B - Trusted end-user Enhancement Method and system based on virtualization technology - Google Patents
Trusted end-user Enhancement Method and system based on virtualization technology Download PDFInfo
- Publication number
- CN105354493B CN105354493B CN201510696555.9A CN201510696555A CN105354493B CN 105354493 B CN105354493 B CN 105354493B CN 201510696555 A CN201510696555 A CN 201510696555A CN 105354493 B CN105354493 B CN 105354493B
- Authority
- CN
- China
- Prior art keywords
- ukey
- trusted terminal
- white list
- application program
- virtual machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The present invention provides a kind of trusted end-user Enhancement Method and system based on virtualization technology.Wherein, this method includes:Trusted terminal carries out completeness check according to the check information stored in Ukey, to operating system nucleus file and bare machine type virtual machine associated documents, and verification passes through rear start-up operation system;Trusted terminal drives the application program of dynamically load, service and external equipment according to white list configuration file and white list driver and carries out integrity check, realizes the credible enhancing of trusted terminal.The present invention, come start-up operation system, establishes static trust chain, prevents the leakage of operation system information from inside or distort according to the check information stored in Ukey.And integrity check is carried out to the application program of load according to white list configuration file, dynamic trust chain is established, prevents malicious attack and unauthorized access from outside.
Description
Technical field
The present invention relates to trust computing fields, enhance in particular to a kind of trusted end-user based on virtualization technology
Method and system.
Background technique
With popularizing for terminal, terminal security has become major issue concerned by people.How to realize terminal security, for
Family provides reliable terminal and calculates environment, it has also become urgent problem at present.
Currently, terminal security problem, especially terminal operating system safety problem are directed to, mainly by firewall,
Traditional operating system security technology such as intrusion detection and antivirus protection blocks from outside and attempts shared information resource and go beyond one's commission
The illegal user of access.
But these traditional operating system security technologies can only prevent malicious attack and unauthorized access from outside, it can not
It prevents the leakage of terminal operating system internal information or distorts.
Summary of the invention
In view of this, the embodiment of the present invention is designed to provide a kind of trusted end-user enhancing side based on virtualization technology
Method and system prevent the leakage of operation system information from inside or distort, realize the credible enhancing of terminal.
In a first aspect, the embodiment of the invention provides a kind of trusted end-user Enhancement Method based on virtualization technology, described
Method includes:
Trusted terminal is according to the check information stored in small memory device Ukey, to operating system nucleus file and bare machine
Type virtual machine associated documents carry out completeness check, and verification passes through rear start-up operation system;
Application program of the trusted terminal according to white list configuration file and white list driver to dynamically load, clothes
Business and external equipment driving carry out integrity check, realize the credible enhancing of the trusted terminal;Wherein, the white list configuration
File includes the digest value of the mark of application program, the mark of the dynamic base of the application program and the application program.
With reference to first aspect, the embodiment of the invention provides the first possible implementation of above-mentioned first aspect,
In, the trusted terminal is related to operating system nucleus file and bare machine type virtual machine according to the check information stored in Ukey
File carries out completeness check, including:
When trusted terminal starting up, the check value and operating system nucleus file of bare machine type virtual machine associated documents are generated
Check value;
The trusted terminal calls the cryptographic Hash SM3 algorithm interface in Ukey related to the bare machine type virtual machine respectively
The check value of the check value of file and the operating system nucleus file carries out secondary verification, obtains the bare machine type virtual machine phase
Close the secondary check value of file and the secondary check value of the operating system nucleus file;
The trusted terminal is respectively by the secondary check value of the bare machine type virtual machine associated documents and the operating system
The check information stored in the secondary check value of kernel file and the Ukey is compared, determine according to the result of the comparison described in
The integrality of operating system nucleus file and the bare machine type virtual machine associated documents.
With reference to first aspect, the embodiment of the invention provides second of possible implementation of above-mentioned first aspect,
In, the trusted terminal according to white list configuration file and white list driver to the application program of dynamically load, service and
External equipment driving carries out integrity check, including:
After the trusted terminal start-up operation system, white list driver is loaded, the white list driver is passed through
It intercepts and is driven in the application program of User space dynamically load, service and external equipment;
The trusted terminal calls local SM3 algorithm to drive the application program, service and the external equipment intercepted
It tests operation, respectively obtains the application program, service and external equipment and drive corresponding check value;
The mark that the trusted terminal drives according to white list configuration file and the application program, service and external equipment
Know, drives corresponding check value to verify the application program, service and external equipment, institute is determined according to the result of verification
State the integrality of application program, service and external equipment driving.
With reference to first aspect, the embodiment of the invention provides the third possible implementation of above-mentioned first aspect,
In, the trusted terminal is related to operating system nucleus file and bare machine type virtual machine according to the check information stored in Ukey
Before file carries out completeness check, further include
Trusted terminal receives the white list configuration file and bare machine type virtual machine installation procedure that administrative center sends, and stores institute
White list configuration file is stated, according to the bare machine type virtual machine installation procedure, the bare machine type virtual machine of preset quantity is installed, and lead to
It crosses serial communication bus USB interface and Ukey is established and communicated to connect.
The third possible implementation with reference to first aspect, the embodiment of the invention provides the of above-mentioned first aspect
Four kinds of possible implementations, wherein described established by serial communication bus USB interface and Ukey communicates to connect, including:
When the trusted terminal detects that USB interface has Ukey insertion, user is prompted to input personal recognition code PIN code;
The trusted terminal obtains the PIN code stored in the Ukey, the PIN code that will acquire and user input
PIN code is compared;
If the PIN code of the acquisition is identical as the PIN code that the user inputs, the trusted terminal is built with the Ukey
Vertical communication connection.
With reference to first aspect, the embodiment of the invention provides the 5th kind of possible implementation of above-mentioned first aspect,
In, the method also includes:
The trusted terminal acquisition user's operation information and access behavioural information, by the user's operation information and the visit
It asks that behavioural information forms security log, stores the security log, and the security log is sent to by every preset time period
Administrative center.
Second aspect, the trusted end-user Enhancement Method based on virtualization technology that the embodiment of the invention provides a kind of are described
Method includes:
Administrative center generates Ukey configuration information, and the Ukey configuration information is stored in the corresponding Ukey of trusted terminal
In, the Ukey configuration information includes check information, so that the trusted terminal is according to the check information stored in the Ukey
Start-up operation system;
The administrative center obtains white list configuration file, the white list configuration file include application program mark,
The digest value of the mark of the dynamic base of the application program and the application program;
The administrative center sends bare machine type virtual machine installation procedure and the white list configuration file to the credible end
End makes the trusted terminal install bare machine type virtual machine according to the bare machine type virtual machine installation procedure, and makes described credible
Terminal realizes credible enhancing according to the white list configuration file.
In conjunction with second aspect, the embodiment of the invention provides the first possible implementation of above-mentioned second aspect,
In, the administrative center obtains white list configuration file, including:
The administrative center calls local SM3 algorithm to calculate when installing application program on template processing machine, through trusted process
The digest value of each executable file of the application program, obtains the digest value of the application program;
When the administrative center detects load dynamic base in the application program installation process, the dynamic base is obtained
Title;
The administrative center is by the abstract of the title of the application program, the title of the dynamic base and the application program
The corresponding record of application program described in value composition white list configuration file.
In conjunction with second aspect, the embodiment of the invention provides second of possible implementation of above-mentioned second aspect,
In, the method also includes:
The administrative center receives the security log that the trusted terminal is sent, and the security log is sent to audit pipe
The corresponding terminal of reason person.
The third aspect, the embodiment of the invention provides a kind of, and the trusted end-user based on virtualization technology enhances system, described
System includes:Administrative center and trusted terminal;
The Ukey configuration information is stored in the credible end for generating Ukey configuration information by the administrative center
It holds in corresponding Ukey, obtains white list configuration file, and transmission bare machine type virtual machine installation procedure and the white list are matched
File is set to the trusted terminal, the Ukey configuration information includes check information, and the white list configuration file includes application
The digest value of the mark of program, the mark of the dynamic base of the application program and the application program;
The trusted terminal, for according to the check information stored in the Ukey, to operating system nucleus file and naked
Type virtual machine associated documents carry out completeness check, and verification passes through starting back operation system;And receive the administrative center
The bare machine type virtual machine installation procedure and the white list configuration file of transmission are pacified according to the bare machine type virtual machine installation procedure
Bare machine type virtual machine is filled, application program, clothes according to the white list configuration file and white list driver to dynamically load
Business and external equipment driving carry out integrity check, realize the credible enhancing of the trusted terminal.
In embodiments of the present invention, trusted terminal is according to the check information stored in Ukey, to operating system nucleus file
And bare machine type virtual machine associated documents carry out completeness check, verify through rear start-up operation system, establish static trust chain,
The leakage of operation system information is prevented from inside or is distorted.In addition, trusted terminal is driven according to white list configuration file and white list
Dynamic program drives the application program of dynamically load, service and external equipment and carries out integrity check, establishes dynamic trust chain,
Malicious attack and unauthorized access are prevented from outside, realizes the credible enhancing of trusted terminal.
To enable the above objects, features and advantages of the present invention to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only certain embodiments of the present invention, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Figure 1A shows a kind of trusted end-user Enhancement Method based on virtualization technology provided by the embodiment of the present invention 1
Signaling interaction diagram;
Figure 1B shows a kind of schematic diagram of Ukey configuration information provided by the embodiment of the present invention 1;
Fig. 1 C shows the architectural schematic of the virtual trusted terminal of one kind provided by the embodiment of the present invention 1;
Fig. 1 D shows a kind of schematic diagram of static state trust chain establishment process provided by the embodiment of the present invention 1;
Fig. 2 shows a kind of trusted end-user enhancing systems based on virtualization technology provided by the embodiment of the present invention 2
Structural schematic diagram.
Specific embodiment
Below in conjunction with attached drawing in the embodiment of the present invention, technical solution in the embodiment of the present invention carries out clear, complete
Ground description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Usually exist
The component of the embodiment of the present invention described and illustrated in attached drawing can be arranged and be designed with a variety of different configurations herein.Cause
This, is not intended to limit claimed invention to the detailed description of the embodiment of the present invention provided in the accompanying drawings below
Range, but it is merely representative of selected embodiment of the invention.Based on the embodiment of the present invention, those skilled in the art are not doing
Every other embodiment obtained under the premise of creative work out, shall fall within the protection scope of the present invention.
In view of the traditional operating system security technology of firewall, intrusion detection and antivirus protection etc. in the related technology, only
Malicious attack and unauthorized access can be prevented from outside, the leakage of terminal operating system internal information can not be prevented or distorted.Base
In this, the embodiment of the invention provides a kind of trusted end-user Enhancement Method and system based on virtualization technology.Below by reality
Example is applied to be described.
Credible Enhancement Method provided by the present invention is more suitable for the terminal of installation bare machine type virtual machine.Bare machine type virtual machine
Be based on operating system on the basis of virtual machine, in the different bare machine type virtual machines installed on switching terminal, need close work as
The preceding bare machine type virtual machine just enabled, then starting needs bare machine type virtual machine to be used.Bare machine type virtual machine and application layer are empty
Quasi- machine is different, and difference between the two is, the system resource of application layer virtual machine common terminal, and starting application layer virtual machine is not
Need to close the other application layer virtual machine of terminal installation.And bare machine type virtual machine monopolizes the system resource of using terminal, every time
Other bare machine type virtual machines of terminal installation will be first closed when using a bare machine type virtual machine.It is provided by the invention to be based on virtually
The trusted end-user Enhancement Method of change technology is namely based on the bare machine type virtualization technology of terminal.Below by specific embodiment
To describe the credible Enhancement Method.
Embodiment 1
Referring to Figure 1A, the trusted end-user Enhancement Method based on virtualization technology that the embodiment of the invention provides a kind of.At this
In inventive embodiments, based on bare machine type virtual machine technique and reliable computing technology, trusted terminal is designed and developed, pipe is passed through
Reason center is managed collectively trusted terminal, realizes the credible enhancing of trusted terminal.In the present invention, trusted terminal can be
The terminal devices such as computer, gateway or PAD (Portable Android Device, tablet computer).This method specifically include with
Lower step:
Wherein, when realizing the credible enhancing of trusted terminal, administrative center's operation of 101-104 as follows first
To carry out initial configuration to trusted terminal.
Step 101:Administrative center generates Ukey (small memory device) configuration information, and Ukey configuration information is stored in can
Believe in the corresponding Ukey of terminal, which includes check information;
In embodiments of the present invention, administrative center can for management server or with management control function terminal etc.,
Trusted terminal can be the equipment such as computer or gateway.Above-mentioned Ukey be it is a kind of by USB (Universal Serial Bus,
Universal serial bus) interface is directly connected with trusted terminal, the small memory device with cryptographic authorization functions and reliable high speed.
And built-in SM3 (cryptographic Hash algorithm) algorithm in Ukey of the present invention, SM2 (asymmetric cryptographic algorithm) algorithm and
SM4 (symmetric cryptographic algorithm) algorithm.
Administrative center's Data Structure and Algorithm according to needed for system operation generates Ukey configuration information.Ukey
The occupied Ukey storage size of configuration information is about 2KB.As shown in Figure 1B, Ukey configuration information includes PIN
(Personal Identification Number, personal recognition code) code, Ukey certificate, Ukey private key, check information, shape
The certificate of state position and administrative center.Above-mentioned check information includes kernel white list check value and bare machine type virtual machine file, MBR
The check value of (Main Boot Record, master boot record) and OSLOADER (operating system loading procedure).Wherein, Tu1BZhong
Do not identify check information clearly, but directly draw kernel white list check value and bare machine type virtual machine file, MBR and
The check value of OSLOADER.The size of above-mentioned check value is 32 bytes.
Wherein, for carrying out equipment certification, terminal needs defeated first PIN code when needing to read or write the data in Ukey
Enter PIN code, by just allowing to perform the next step operation after certification.In addition, can be installed according to user demand in trusted terminal more
A bare machine type virtual machine, Ukey certificate are that administrative center is the certificate that each bare machine type virtual machine in trusted terminal generates,
The number of Ukey certificate is identical as the number of bare machine type virtual machine in trusted terminal.Ukey private key and Ukey certificate correspond,
Therefore the number of Ukey private key is also identical as the number of bare machine type virtual machine.Above-mentioned kernel white list check value includes system registry
The SM3 check value of all boot (guidance) items in table.The size of each boot of SM3 check value is 32 bytes.Ukey matches
The mode bit that confidence breath includes need to execute installation procedure when being 0 or 1,0 expression starting, i.e. completion check value collection process, and 1 indicates
Static trust chain Establishing process, i.e. normal boot process need to be executed when starting.
After administrative center generates Ukey configuration information, Ukey configuration information is stored in the corresponding Ukey of trusted terminal
In.In embodiments of the present invention, administrative center can be managed collectively multiple trusted terminals, be according to the operation of this step
Each trusted terminal configures Ukey.The corresponding use of the trusted terminal is issued to after the completion of the corresponding Ukey configuration of trusted terminal
Family.
In the present invention, in such a way that external Ukey tests, the static trust chain of virtual trusted terminal is realized
With the complete transmitting of dynamic trust chain, the secure and trusted of terminal has been ensured.Wherein, static trust chain is each layer text of operating system
For part completeness check by rear start-up operation system, dynamic trust chain is that application is loaded after application integrity is upchecked
Program.
After configuring Ukey for trusted terminal, trusted terminal can detect the complete of operating system each section by Ukey
Property, after operating system each section, which detects, to be passed through, ability start-up operation system, so that the foundation of static trust chain is realized,
Enhance the credibility of trusted terminal.
In the present invention, administrative center such as is issued Ukey, safeguarded or is nullified at the management operation.It selects first a certain naked
Type virtual machine, can view this corresponding Ukey information of bare machine type virtual machine, including Ukey number, issuing date, publisher,
Maintenance time, maintenance people and current state.Current state be divided into, it is out of date and wait issue three kinds of states.With state category
In normal condition, state out of date is needed to be serviced, and the Ukey of state to be issued is unavailable.
When issuing Ukey, initial p IN code, mode bit are written into Ukey.The bare machine type obtained in counterpart terminal simultaneously is empty
Quasi- machine quantity, calls certificates constructing interface to generate the certificate and private key of corresponding number, Ukey is written, while certificate data being deposited again
Enter in administrative center's database.
In the present invention, after guaranteeing that the operating system of trusted terminal normally starts by Ukey, add in trusted terminal
Application program, service or external equipment driving of load etc. are also likely to be present possibility that is imperfect or being tampered, lead to trusted terminal
Credibility it is not high, therefore administrative center needs as follows 102 operation to configure one for all trusted terminal
General white list configuration file allows trusted terminal to examine the application program of load, clothes according to the white list configuration file
The integrality of business or external equipment driving, to further enhance the credibility of trusted terminal.
Step 102:Administrative center obtain white list configuration file, white list configuration file include application program mark,
The mark of the dynamic base of application program and the digest value of application program;
Administrative center generates white list configuration file by installing the application program of needs on template processing machine, specific to wrap
It includes:
Administrative center calls local SM3 algorithm to calculate application when installing application program on template processing machine, through trusted process
The digest value of each executable file of program, the digest value for the program that is applied.Administrative center detects that application program is installed
When loading dynamic base in the process, the title of dynamic base is obtained.Administrative center is by the title of application program, the title of dynamic base and answers
With the corresponding record of the application program in the digest value composition white list configuration file of program.Each application for needs
Program generates the corresponding record of the application program all in accordance with aforesaid way.
In addition, for the operating system of different editions, there are different kernel applications, this part kernel applications
Also information collection is completed by template processing machine trusted process in the manner described above, by collected information adding into whitelist file.
Collected information is uploaded to administrative center by template processing machine, and the information that administrative center uploads each template processing machine summarizes, obtains
To white list configuration file.
Administrative center also by data inputs databases such as the title of institute's acquisition applications program, acquisition time, acquisition people, is convenient for
Administrator checks.Administrative center has white list management function, main checking including white list information.Administrator can pass through
Application name, acquisition time and acquisition included in current white list configuration file are inquired with list mode by administrative center
The information such as people.When trusted terminal needs to run new application program, can file an application to administrative center, administrator passes
Afterwards, administrative center acquires the digest value of the new application program by way of installing the new application program on template processing machine
White list configuration file is added, the new white list configuration file of generation is handed down to trusted terminal, makes trusted terminal using newly
White list configuration file replace original white list configuration file.
101 and 102 operative configuration trusted terminal corresponding Ukey through the above steps, and generate white list configuration
After file, as follows 103 operation is needed to carry out initial configuration to trusted terminal.
Step 103:Administrative center sends bare machine type virtual machine installation procedure and white list configuration file to trusted terminal;
In the present invention, bare machine type bare machine type virtual machine is developed, it is empty that multiple user's bare machine types are fictionalized from bottom hardware
Quasi- machine.Before trusted terminal installs bare machine type virtual machine, administrative center sends bare machine type void by online or offline mode
Intend machine installation procedure to trusted terminal.Above-mentioned offline mode can be by transmission mediums such as fixing discs that bare machine type is virtual
Machine installation file is handed down to trusted terminal.Meanwhile white list configuration file is sent to trusted terminal.
In addition, can also actively be installed in this step from trusted terminal to administrative center's request bare machine type virtual machine
Degree and white list configuration file.
In the present invention, multiple trusted terminals can be managed collectively by administrative center.It is stored in administrative center every
The record of a trusted terminal.It include trusted terminal ID (Identity, identity number), affiliated portion in the record of trusted terminal
Door, responsible person ID, bare machine type virtual machine quantity and current state.Wherein, bare machine type virtual machine quantity is preset, can be 1
Any value between to 8.Current state is for identifying whether the trusted terminal has enabled.Administrative staff can be by management
The heart inquires the record of each trusted terminal.Other information can be modified in addition to trusted terminal ID in the record of trusted terminal.?
When deleting the record of a trusted terminal, need to first determine whether this trusted terminal has distributed Ukey.If having distributed, elder generation is needed
Its Ukey is nullified, then deletes the record of the trusted terminal.If unallocated Ukey, the record of the trusted terminal can be directly deleted.
After deletion record, which cannot normally be enabled.And it is credible to delete this when deleting the record of the trusted terminal simultaneously
The corresponding bare machine type virtual machine record of terminal.
Step 104:Trusted terminal receives the bare machine type virtual machine installation procedure that administrative center sends and white list configuration text
Part stores white list configuration file, is established and is communicated to connect by USB interface and Ukey, according to bare machine type virtual machine installation procedure,
The bare machine type virtual machine of preset quantity is installed;
Trusted terminal is as follows by USB interface and the process of Ukey foundation communication connection in this step:
When trusted terminal detects that USB interface has Ukey insertion, user is prompted to input PIN code, when detecting that user's is defeated
Enter to obtain the PIN code of user's input when operating.Trusted terminal is stored in acquisition Ukey by communicating to connect between Ukey
PIN code, the PIN code that will acquire are compared with the PIN code that user inputs, if the PIN code phase that the PIN code obtained is inputted with user
Together, then trusted terminal and Ukey establish communication connection.Otherwise communication connection failure is established, user can be prompted to input PIN again
Code, is operated again in the manner described above, but in order to ensure the safety of trusted terminal, the mistake of PIN code can be set
Number is forbidden establishing communication link with the Ukey when the errors number of the PIN code of user's input is more than the errors number of setting
It connects, can so prevent illegal user from malicious from cracking the PIN code of Ukey.
In the present invention, it is provided with the number for the bare machine type virtual machine that trusted terminal can be installed in advance according to use demand
Amount.After trusted terminal receives the bare machine type virtual machine installation procedure of administrative center's transmission, the bare machine type for installing preset quantity is empty
Quasi- machine, the specific installation process of bare machine type virtual machine are as follows:
Trusted terminal executes installation process according to bare machine type virtual machine installation procedure, and operating system program is copied to local
Hard disk, reboot operation system.After system reboot, system program completes installation, and acquires each stage check value of static trust chain and write
Enter Ukey, then system restarts, and user selects the virtual machine normal operating of bare machine type.
Wherein, above-mentioned check value collection process includes:Local SM3 algorithm is called to verify bare machine type virtual machine associated documents,
Generate the check value of 32 bytes, bare machine type virtual machine associated documents include VMM (Virtual Machine Monitor, it is naked
Type monitor of virtual machine), IO (Input Output, input and output) bare machine type virtual machine and user's bare machine type virtual machine etc.;
It calls local SM3 algorithm to verify MBR and OSLOADER, generates the check value of 32 bytes;It is empty that lookup is currently up bare machine type
The registration table of quasi- machine, finds out boot all, and local SM3 algorithm is called to generate each boot check value, each boot as behaviour
Make system kernel file;Ukey User space SM3 algorithm interface is called, secondary verification is carried out to the check value of above-mentioned generation, is obtained
The secondary check value of bare machine type virtual machine associated documents, each boot of secondary check value and MBR and OSLOADER it is secondary
Ukey is written in obtained secondary check value by check value, wherein the kernel in each boot of secondary check value write-in Ukey is white
In list check value.
In this step, pass through NTFS (New Technology File System, New Technology File System) file system
System identifies All Files relevant to boot in each bare machine type VME operating system.By new technology file system, can search
Associated documents item in registration table.For each bare machine type virtual machine, the note of the corresponding digest value of all boot items
Record.Digest value initializes in bare machine type virtual machine installation process, is stored in Ukey.After these startup items are updated, need
Update the digest value in Ukey.
In the present invention, the architecture of virtual trusted terminal is as shown in Figure 1 C, and virtual trusted terminal mainly includes:
Universal computing platform hardware, BIOS (Basic Input Output System, basic input output system), MGR (management
Device), bare machine type virtual machine module, operating system nucleus module, white list module and virtual desktop module etc..
After administrative center completes to the initial configuration of trusted terminal, when the configuration information of trusted terminal changes
When, it need to be adjusted by administrative center.Wherein, the configuration file of the bare machine type virtual machine itself in trusted terminal no longer into
Row updates.The public key certificate of the private key of Ukey, the public key certificate of Ukey and administrative center is by reissuing the side of user Ukey
Formula is updated offline.White list configuration file can be updated by online or offline mode.
In the present invention, administrative center is also managed collectively all bare machine type virtual machines in trusted terminal, when credible
When newly installing a bare machine type virtual machine in terminal, administrative center adds bare machine type virtual machine record, and selection bare machine type first is empty
The quasi- corresponding trusted terminal ID of machine, is judged by the bare machine type virtual machine quantity being arranged in the record of trusted terminal, is checked
Whether the bare machine type virtual machine quantity of trusted terminal installation has reached maximum quantity.If so, not allowing to continue to add bare machine type
Otherwise virtual machine can be configured according to each attribute of bare machine type virtual machine.Each attribute of bare machine type virtual machine includes bare machine type
Virtual machine ID, the address affiliated trusted terminal ID, IP (Internet Protocol, network between interconnection protocol) and whether mark online
Know etc..Administrative staff can be inquired by administrative center, modification or deletion bare machine type virtual machine record, bare machine type virtual machine record
After being deleted, this bare machine type virtual machine cannot be run in its corresponding trusted terminal again.
The operation of 101-104 through the above steps just completes the initial configuration to trusted terminal, and trusted terminal can be with
Static trust chain and dynamic trust chain are established in 105 and 106 operation as follows, realize credible enhancing.
Step 105:Trusted terminal is empty to operating system nucleus file and bare machine type according to the check information stored in Ukey
Quasi- machine associated documents carry out completeness check, and verification passes through rear start-up operation system;
When trusted terminal starting up, the check value and operating system nucleus file of bare machine type virtual machine associated documents are generated
Check value, call Ukey in SM3 algorithm interface respectively to the check value and operating system of bare machine type virtual machine associated documents
The check value of kernel file carries out secondary verification, obtains in secondary check value and the operating system of bare machine type virtual machine associated documents
The secondary check value of core file.Trusted terminal respectively will be in the secondary check value and operating system of bare machine type virtual machine associated documents
The check information stored in the secondary check value and Ukey of core file is compared, and is determined in operating system according to the result of the comparison
The integrality of core file and bare machine type virtual machine associated documents, if the secondary check value of bare machine type virtual machine associated documents and operation
The corresponding check value in check information stored in the secondary check value and Ukey of system kernel file is identical, it is determined that operation system
Kernel file of uniting and the integrality of bare machine type virtual machine associated documents are high, start-up operation system, otherwise not start-up operation system, and
User is prompted to carry out state recovery.
The establishment process of static trust chain as shown in figure iD after trusted terminal starting up, loads BIOS, then BIOS
MGR is loaded, MGR loads the driving of Ukey real pattern, new technology file system and local SM3 algorithm, and executes following operation:
1. MGR call local SM3 algorithm verification bare machine type virtual machine associated documents, including VMM, IO bare machine type virtual machine and
User's bare machine type virtual machine etc. generates the check value of 32 bytes;2. MGR call local SM3 algorithm verification MBR with
OSLOADER generates the check value of 32 bytes;3. MGR is currently up bare machine type virtual machine using new technology file system lookup
Registration table, find out boot all, call each boot check value of local SM3 algorithm generation;4. calling Ukey under real pattern
SM3 algorithm interface, secondary check is carried out to the value of relatively testing 1. and 2. generated, and is compared with the check value stored in Ukey, if
It is identical as the check value stored in Ukey, then it executes 5., otherwise stops executing and user is prompted to carry out state recovery;5. calling real
The SM3 algorithm interface of Ukey under mode, the secondary verification of each boot check values difference to generating in 3., and with stored in Ukey
Kernel white list check value be compared, if compare it is identical if execute 6., otherwise stop execute and prompt user carry out state
Restore;6. reading administrative center's public key certificate in Ukey, signed using the SM2 algorithm interface of public key and Ukey to application white list
It is checked, executes next-step operation if passing through, otherwise stop executing and user is prompted to carry out state recovery.
After above-mentioned all verifications pass through, MGR gives right of execution sequence to MBR, OSLOADER and OSKERNAL (operating system
Kernel) etc., operating system normally starts, and completes the foundation of static trust chain.
Step 106:Trusted terminal is according to white list configuration file and white list driver to the application journey of dynamically load
Sequence, service and external equipment driving carry out integrity check, realize the credible enhancing of trusted terminal;
After trusted terminal start-up operation system, white list driver is loaded as early as possible, is intercepted by white list driver
It is driven in the application program of User space dynamically load, service and external equipment, calls local SM3 algorithm to the application journey intercepted
Sequence, service and external equipment drive operation of testing, and respectively obtain application program, service and external equipment and drive corresponding school
Test value.The mark that trusted terminal drives according to white list configuration file and application program, service and external equipment, according to using journey
The mark of sequence, service and external equipment driving obtains application program, service and external equipment driving from white list configuration file
Corresponding check value, by check value that above-mentioned checked operation obtains compared with the check value obtained from white list configuration file,
If the two is identical, verification passes through, and determines that the integrality of application program, service and external equipment driving is high, allows to load and apply
Program, service and external equipment driving, otherwise refusal load.
It, can in order to further enhance through the above steps after the credible enhancing of 105 and 106 operation realization trusted terminal
Believe the credibility of terminal, can also as follows 107 and 108 operation execute the peace that records to trusted terminal by managing
Full-time will is examined, to ensure the credibility of trusted terminal.
Step 107:Trusted terminal acquires user's operation information and access behavioural information, and user's operation information and access are gone
Security log is formed for information, stores security log, and security log is sent to administrative center by every preset time period;
Above-mentioned preset time period can be work in one day one week etc..Above-mentioned security log may include trusted terminal ID, bare machine
Type virtual machine ID, event and date etc..
Step 108:Administrative center receives the security log that trusted terminal is sent, and security log is sent to audit administrator
Corresponding terminal.
Security log to trusted terminal is examined, it can also be straight using personal authorization Ukey by audit administrator
It connects and logs in the trusted terminal, Safety Examination is carried out to the security log of trusted terminal storage.
In embodiments of the present invention, based on bare machine type virtual machine technique and reliable computing technology, designing and develop can
Believe terminal, realizes that a trusted terminal fictionalizes multiple credible virtual terminals, start with from trusted end-user, chain-of-trust can be extended
To network application and service, guarantee the secure and trusted of whole network, with meet information system high safety, it is highly reliable, high in real time
Task guarantee needs.
In embodiments of the present invention, trusted terminal is according to the check information stored in Ukey, to operating system nucleus file
And bare machine type virtual machine associated documents carry out completeness check, verify through rear start-up operation system, establish static trust chain,
The leakage of operation system information is prevented from inside or is distorted.In addition, trusted terminal is driven according to white list configuration file and white list
Dynamic program drives the application program of dynamically load, service and external equipment and carries out integrity check, establishes dynamic trust chain,
Malicious attack and unauthorized access are prevented from outside, realizes the credible enhancing of trusted terminal.
Embodiment 2
Referring to fig. 2, the embodiment of the invention provides a kind of, and the trusted end-user based on virtualization technology enhances system, the system
For executing the above-mentioned trusted end-user Enhancement Method based on virtualization technology.The system specifically includes:Administrative center 201 and credible
Terminal 202;
It is corresponding to be stored in trusted terminal 202 for generating Ukey configuration information by administrative center 201 for Ukey configuration information
Ukey in, obtain white list configuration file, and send bare machine type virtual machine installation procedure and white list configuration file to can
Believe terminal 202, Ukey configuration information includes check information, and white list configuration file includes the mark of application program, application program
Dynamic base mark and application program digest value;
Trusted terminal 202, it is empty to operating system nucleus file and bare machine type for according to the check information stored in Ukey
Quasi- machine associated documents carry out completeness check, and verification passes through starting back operation system;And receive the naked of the transmission of administrative center 201
Type virtual machine installation procedure and white list configuration file install bare machine type virtual machine according to bare machine type virtual machine installation procedure,
The application program of dynamically load, service and external equipment are driven according to white list configuration file and white list driver and carried out
Integrity check realizes the credible enhancing of trusted terminal 202.
In addition, trusted terminal 202 also acquires user's operation information and access behavioural information, by user's operation information and access
Behavioural information forms security log, stores security log, and security log is sent to administrative center by every preset time period
202.Administrative center 202 receives the security log that trusted terminal 201 is sent, and it is corresponding that security log is sent to audit administrator
Terminal.
In embodiments of the present invention, trusted terminal is according to the check information stored in Ukey, to operating system nucleus file
And bare machine type virtual machine associated documents carry out completeness check, verify through rear start-up operation system, establish static trust chain,
The leakage of operation system information is prevented from inside or is distorted.In addition, trusted terminal is driven according to white list configuration file and white list
Dynamic program drives the application program of dynamically load, service and external equipment and carries out integrity check, establishes dynamic trust chain,
Malicious attack and unauthorized access are prevented from outside, realizes the credible enhancing of trusted terminal.
System, the skill of fields are enhanced for the trusted end-user provided by the embodiment of the present invention based on virtualization technology
Art personnel can be understood that, for convenience and simplicity of description, the specific works of the system of foregoing description, module and unit
Process, the corresponding process during reference can be made to the above method embodiment.
In several embodiments provided herein, it should be understood that disclosed system and method, it can be by other
Mode realize.System embodiment described above is only schematical, for example, the division of the unit, only one
Kind of logical function partition, there may be another division manner in actual implementation, in another example, multiple units or components can combine or
Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Between coupling, direct-coupling or communication connection can be through some communication interfaces, the INDIRECT COUPLING or logical of device or unit
Letter connection can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized in the form of SFU software functional unit and when sold or used as an independent product
It is stored in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially in other words
The part of the part that contributes to existing technology or the technical solution can be embodied in the form of software products, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) it performs all or part of the steps of the method described in the various embodiments of the present invention.
And storage medium above-mentioned includes:USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
Those familiar with the art in the technical scope disclosed by the present invention, can easily think of the change or the replacement, and should all contain
Lid is within protection scope of the present invention.Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. a kind of trusted end-user Enhancement Method based on virtualization technology, which is characterized in that the method includes:
Trusted terminal is empty to operating system nucleus file and bare machine type according to the check information stored in small memory device Ukey
Quasi- machine associated documents carry out completeness check, and verification passes through rear start-up operation system;The check information includes kernel white list
The check value of check value and bare machine type virtual machine file, Master Boot Record and operating system loading procedure OSLOADER;
The trusted terminal according to white list configuration file and white list driver to the application program of dynamically load, service and
External equipment driving carries out integrity check, realizes the credible enhancing of the trusted terminal;Wherein, the white list configuration file
The mark of the dynamic base of mark, the application program including application program and the digest value of the application program.
2. the method according to claim 1, wherein the trusted terminal is believed according to the verification stored in Ukey
Breath carries out completeness check to operating system nucleus file and bare machine type virtual machine associated documents, including:
When trusted terminal starting up, the check value of bare machine type virtual machine associated documents and the school of operating system nucleus file are generated
Test value;
The trusted terminal calls the cryptographic Hash SM3 algorithm interface in Ukey respectively to the bare machine type virtual machine associated documents
Check value and the check value of the operating system nucleus file carry out secondary verification, obtain the related text of the bare machine type virtual machine
The secondary check value of the secondary check value of part and the operating system nucleus file;
The trusted terminal is respectively by the secondary check value and the operating system nucleus of the bare machine type virtual machine associated documents
The check information stored in the secondary check value of file and the Ukey is compared, and determines the operation according to the result of the comparison
The integrality of system kernel file and the bare machine type virtual machine associated documents.
3. the method according to claim 1, wherein the trusted terminal is according to white list configuration file and white name
Single driver, which drives the application program of dynamically load, service and external equipment, carries out integrity check, including:
After the trusted terminal start-up operation system, white list driver is loaded, is intercepted by the white list driver
It is driven in the application program of User space dynamically load, service and external equipment;
The trusted terminal calls local SM3 algorithm to carry out the application program, service and the external equipment driving intercepted
Checked operation respectively obtains the application program, service and external equipment and drives corresponding check value;
The mark that the trusted terminal drives according to white list configuration file and the application program, service and external equipment is right
The application program, service and external equipment drive corresponding check value to be verified, and answer according to the determination of the result of verification
The integrality driven with program, service and external equipment.
4. the method according to claim 1, wherein the trusted terminal is believed according to the verification stored in Ukey
It ceases, before carrying out completeness check to operating system nucleus file and bare machine type virtual machine associated documents, further includes
Trusted terminal receives the white list configuration file and bare machine type virtual machine installation procedure that administrative center sends, and stores described white
List configuration file installs the bare machine type virtual machine of preset quantity according to the bare machine type virtual machine installation procedure, and passes through string
Row communication bus USB interface and Ukey, which are established, to be communicated to connect.
5. according to the method described in claim 4, it is characterized in that, described built by serial communication bus USB interface with Ukey
Vertical communication connection, including:
When the trusted terminal detects that USB interface has Ukey insertion, user is prompted to input personal recognition code PIN code;
The trusted terminal obtains the PIN code stored in the Ukey, the PIN code of the PIN code that will acquire and user input
It is compared;
If the PIN code of the acquisition is identical as the PIN code that the user inputs, the trusted terminal and the Ukey are established and are led to
Letter connection.
6. the method according to claim 1, wherein the method also includes:
The trusted terminal acquisition user's operation information and access behavioural information, the user's operation information and the access are gone
Security log is formed for information, stores the security log, and the security log is sent to management by every preset time period
Center.
7. a kind of trusted end-user Enhancement Method based on virtualization technology, which is characterized in that the method includes:
Administrative center generates Ukey configuration information, the Ukey configuration information is stored in the corresponding Ukey of trusted terminal, institute
Stating Ukey configuration information includes check information, so that the trusted terminal is according to the check information starting behaviour stored in the Ukey
Make system;The check information includes kernel white list check value and bare machine type virtual machine file, Master Boot Record and behaviour
Make the check value of system loads program OSLOADER;
The administrative center obtains white list configuration file, and the white list configuration file includes the mark, described of application program
The digest value of the mark of the dynamic base of application program and the application program;
The administrative center sends bare machine type virtual machine installation procedure and the white list configuration file to the trusted terminal, makes
The trusted terminal installs bare machine type virtual machine according to the bare machine type virtual machine installation procedure, and makes the trusted terminal root
Credible enhancing is realized according to the white list configuration file.
8. the method according to the description of claim 7 is characterized in that the administrative center obtain white list configuration file, including:
The administrative center is called described in the calculating of local SM3 algorithm when installing application program on template processing machine by trusted process
The digest value of each executable file of application program, obtains the digest value of the application program;
When the administrative center detects load dynamic base in the application program installation process, the name of the dynamic base is obtained
Claim;
The administrative center is by the digest value group of the title of the application program, the title of the dynamic base and the application program
At the corresponding record of application program described in white list configuration file.
9. the method according to the description of claim 7 is characterized in that the method also includes:
The administrative center receives the security log that the trusted terminal is sent, and the security log is sent to audit administrator
Corresponding terminal.
10. a kind of trusted end-user based on virtualization technology enhances system, which is characterized in that the system comprises:Administrative center
And trusted terminal;
The Ukey configuration information is stored in the trusted terminal pair for generating Ukey configuration information by the administrative center
In the Ukey answered, white list configuration file is obtained, and sends bare machine type virtual machine installation procedure and white list configuration text
Part gives the trusted terminal, and the Ukey configuration information includes check information, and the white list configuration file includes application program
Mark, the mark of the dynamic base of the application program and the digest value of the application program;The check information includes kernel
The school of white list check value and bare machine type virtual machine file, Master Boot Record and operating system loading procedure OSLOADER
Test value;
The trusted terminal, for according to the check information stored in the Ukey, to operating system nucleus file and bare machine type
Virtual machine associated documents carry out completeness check, and verification passes through starting back operation system;And it receives the administrative center and sends
Bare machine type virtual machine installation procedure and the white list configuration file, according to the bare machine type virtual machine installation procedure install it is naked
Type virtual machine, according to the white list configuration file and white list driver to the application program of dynamically load, service and
External equipment driving carries out integrity check, realizes the credible enhancing of the trusted terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510696555.9A CN105354493B (en) | 2015-10-22 | 2015-10-22 | Trusted end-user Enhancement Method and system based on virtualization technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510696555.9A CN105354493B (en) | 2015-10-22 | 2015-10-22 | Trusted end-user Enhancement Method and system based on virtualization technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105354493A CN105354493A (en) | 2016-02-24 |
| CN105354493B true CN105354493B (en) | 2018-11-23 |
Family
ID=55330464
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510696555.9A Expired - Fee Related CN105354493B (en) | 2015-10-22 | 2015-10-22 | Trusted end-user Enhancement Method and system based on virtualization technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105354493B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107516039B (en) * | 2016-06-17 | 2020-12-22 | 咪咕音乐有限公司 | Safety protection method and device for virtualization system |
| CN106372487A (en) * | 2016-08-30 | 2017-02-01 | 孙鸿鹏 | Method and system for enhancing trust of server operating system |
| CN106452721A (en) * | 2016-10-14 | 2017-02-22 | 牛毅 | Method and system for instruction identification of intelligent device based on identification public key |
| CN107071012B (en) * | 2017-03-29 | 2020-01-14 | 广州杰赛科技股份有限公司 | Method, device and system for automatically connecting cloud terminal to virtual machine |
| CN108021798A (en) * | 2017-12-21 | 2018-05-11 | 鸿秦(北京)科技有限公司 | A kind of trusted operating system based on USBkey |
| CN108763935A (en) * | 2018-05-30 | 2018-11-06 | 郑州云海信息技术有限公司 | A kind of operating system OS virtual machine kernels integrality monitoring system and method |
| CN108959903B (en) * | 2018-06-11 | 2022-03-04 | 超越科技股份有限公司 | Mobile storage device safety management and control method and system |
| CN109388474A (en) * | 2018-09-25 | 2019-02-26 | 郑州云海信息技术有限公司 | A kind of detection method and system of Qemu virtual credible root data integrity |
| CN110135153A (en) * | 2018-11-01 | 2019-08-16 | 哈尔滨安天科技股份有限公司 | The credible detection method and device of software |
| EP3650968A1 (en) * | 2018-11-07 | 2020-05-13 | Siemens Aktiengesellschaft | Production or machine tool and method for operating a production or machine tool and computer program for operating a production or machine tool |
| CN110188547B (en) * | 2019-05-14 | 2021-05-14 | 北京可信华泰信息技术有限公司 | Trusted encryption system and method |
| CN110247740B (en) * | 2019-05-17 | 2022-03-08 | 五邑大学 | Data transmission method, device, equipment and storage medium |
| CN110990807B (en) * | 2019-11-18 | 2022-04-12 | 上海龙旗科技股份有限公司 | Method and equipment for encrypting and decrypting mobile terminal |
| CN113836542A (en) * | 2021-10-13 | 2021-12-24 | 南方电网数字电网研究院有限公司 | Credible white list matching method, system and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244684A (en) * | 2011-07-29 | 2011-11-16 | 电子科技大学 | EFI (Extensible Firmware Interface) trusted Cloud chain guiding method based on USBKey |
| CN102546601A (en) * | 2011-12-19 | 2012-07-04 | 广州杰赛科技股份有限公司 | Auxiliary device of cloud computing terminal for accessing virtual machine |
| CN104378206A (en) * | 2014-10-20 | 2015-02-25 | 中国科学院信息工程研究所 | Virtualization desktop safety certification method and system based on USB-Key |
| CN104951712A (en) * | 2014-03-24 | 2015-09-30 | 国家计算机网络与信息安全管理中心 | Data safety protection method in Xen virtualization environment |
-
2015
- 2015-10-22 CN CN201510696555.9A patent/CN105354493B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102244684A (en) * | 2011-07-29 | 2011-11-16 | 电子科技大学 | EFI (Extensible Firmware Interface) trusted Cloud chain guiding method based on USBKey |
| CN102546601A (en) * | 2011-12-19 | 2012-07-04 | 广州杰赛科技股份有限公司 | Auxiliary device of cloud computing terminal for accessing virtual machine |
| CN104951712A (en) * | 2014-03-24 | 2015-09-30 | 国家计算机网络与信息安全管理中心 | Data safety protection method in Xen virtualization environment |
| CN104378206A (en) * | 2014-10-20 | 2015-02-25 | 中国科学院信息工程研究所 | Virtualization desktop safety certification method and system based on USB-Key |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105354493A (en) | 2016-02-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105354493B (en) | Trusted end-user Enhancement Method and system based on virtualization technology | |
| US11489863B1 (en) | Foundation of sidescanning | |
| US11176255B2 (en) | Securely booting a service processor and monitoring service processor integrity | |
| US11503030B2 (en) | Service processor and system with secure booting and monitoring of service processor integrity | |
| CN103329093B (en) | Method and system for updating the code in performing environment | |
| US7788730B2 (en) | Secure bytecode instrumentation facility | |
| US9137023B1 (en) | Self-signed certificates for computer application signatures | |
| CN103530563B (en) | For updating the system and method for authorized software | |
| CN103368987B (en) | Cloud server, application program verification, certification and management system and application program verification, certification and management method | |
| CN104137114A (en) | Centralized operation management | |
| CN110661831B (en) | Big data test field security initialization method based on trusted third party | |
| JP2016535547A (en) | Method for authenticating operations performed on a subject computing device | |
| CN105760787B (en) | System and method for the malicious code in detection of random access memory | |
| WO2011146305A2 (en) | Extending an integrity measurement | |
| CN108537042A (en) | Self-defined plug-in unit generation method, device, equipment and storage medium | |
| CN106372487A (en) | Method and system for enhancing trust of server operating system | |
| CN110199283A (en) | For the system and method that authentication platform is trusted in network function virtualized environment | |
| CN108205491B (en) | NKV 6.0.0 system-based trusted technology compatibility testing method | |
| CN109522683A (en) | Software source tracing method, system, computer equipment and storage medium | |
| WO2018233638A1 (en) | Method and apparatus for determining security state of ai software system | |
| CN116724309A (en) | Apparatus and communication method | |
| JP2019008568A (en) | Whitelist management system and whitelist management method | |
| Mellberg | Secure Updating of Configurations in a System of Devices | |
| Hohenegger | Developing a Vulnerability Assessment Concept for eHealth iOS Applications | |
| WO2022229731A1 (en) | Systems and methods for side scanning |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20181123 Termination date: 20191022 |