CN105760742B - External equipment authentication management method, apparatus and electronic equipment - Google Patents
External equipment authentication management method, apparatus and electronic equipment Download PDFInfo
- Publication number
- CN105760742B CN105760742B CN201410779885.XA CN201410779885A CN105760742B CN 105760742 B CN105760742 B CN 105760742B CN 201410779885 A CN201410779885 A CN 201410779885A CN 105760742 B CN105760742 B CN 105760742B
- Authority
- CN
- China
- Prior art keywords
- external equipment
- unique identifier
- equipment
- nuclear layer
- inner nuclear
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The embodiment of the present invention provides a kind of external equipment authentication management method, apparatus and electronic equipment, is related to equipment authentication techniques field, solves the problems, such as that external equipment authentication security and reliability be not high in the prior art.The method is applied to the first electronic equipment, it include: after the first electronic equipment starts, into the first system, when the first system detects that external equipment is connect with the first electronic equipment, obtains the unique identifier of external equipment and be saved in the list of devices of the first system;Into second system, when second system inner nuclear layer detects that external equipment is connect with the first electronic equipment, obtains the unique identifier of external equipment and be sent to the first system;The first system matches the unique identifier of the external equipment in list of devices, and matching result is sent to second system inner nuclear layer;Second system inner nuclear layer carries out corresponding operating to external equipment according to matching result.The embodiment of the present invention is suitable for linux system equipment and authenticates to external equipment.
Description
Technical field
The present invention relates to equipment authentication techniques field more particularly to a kind of external equipment authentication management method, apparatus and electricity
Sub- equipment.
Background technique
At this stage, external equipment is popularized rapidly with the advantages such as its using flexible, easy to carry.External equipment is in band
The security risks such as while carrying out ease of use, there is also confidential datas to leak, trojan horse is propagated may cause extremely serious
Consequence and harm.For the management and use of specification enterprises and institutions internal-external equipment, need to carry out certification pipe to external equipment
Reason.
For storing equipment, currently, usually realizing the authentication management of storage equipment in client layer, storage equipment, which is established, to be connected
After connecing, client layer application program gets the UID(Unique ID of storage equipment, unique identifier), it is authenticated, certification
After unique identification code encryption afterwards, it is added in list of devices, list of devices is saved in local disk with document form;Connect again
When connecing storage equipment, matched in list of devices file.
In the implementation of the present invention, inventor's discovery at least has the following technical problems in the prior art:
List of devices is stored in local disk, is easy under attack or is distorted, safety is not high;And refitting system
Afterwards, list of devices may be lost, and the certification of completed external equipment will fail, and reliability is not high.
Summary of the invention
External equipment authentication management method, apparatus provided by the invention and electronic equipment can be improved external equipment certification
Safety and reliability.
On the one hand, the present invention provides a kind of external equipment authentication management method, is applied to the first electronic equipment, the method
Include:
After first electronic equipment starting, into the first system, when the first system detects external equipment and described the
When one electronic equipment connects, the unique identifier of the external equipment is obtained, the unique identifier of the external equipment is saved
Into the list of devices of the first system;
Into second system, when second system inner nuclear layer detects that external equipment is connect with first electronic equipment,
The unique identifier of the external equipment is sent to the first system by the unique identifier for obtaining the external equipment;
The first system matches the unique identifier of the external equipment in the list of devices, and matching is tied
Fruit is sent to second system inner nuclear layer;
Second system inner nuclear layer carries out corresponding operating to the external equipment according to the matching result.
On the other hand, the present invention provides a kind of external equipment authentication management device, is located in the first electronic equipment, the dress
It sets including the first system and second system, wherein
The first system, it is described outer for obtaining when detecting that external equipment is connect with first electronic equipment
The unique identifier of the external equipment is saved in list of devices by the unique identifier of portion's equipment, is received in second system
The unique identifier for the external equipment that stratum nucleare is sent, the external equipment that second system inner nuclear layer is sent in the list of devices
Unique identifier matched, matching result is sent to second system inner nuclear layer;
The second system inner nuclear layer, for obtaining when detecting that external equipment is connect with first electronic equipment
The unique identifier of the external equipment is sent to the first system, receives the first system by the unique identifier of the external equipment
The matching result that system is sent carries out corresponding operating to the external equipment according to the matching result.
In another aspect, the present invention provides a kind of electronic equipment, including processor and external interface, the electronic equipment also wrap
Include said external equipment authentication device.
External equipment authentication management method, apparatus provided by the invention and electronic equipment, when the first system detects outside
When equipment is connect with electronic equipment, obtains the unique identifier of external equipment and be saved in the list of devices of the first system;When
When second system inner nuclear layer detects that external equipment is connect with electronic equipment, obtains the unique identifier of external equipment and be sent to
The first system;The first system matches the unique identifier of the external equipment in list of devices, and by matching result
It is sent to second system inner nuclear layer;Second system inner nuclear layer carries out corresponding operating to external equipment according to matching result.With it is existing
Technology is compared, and list of devices is stored in the first system of electronic equipment, it is not easy to which under attack or distort, safety is higher;
Even if electronic equipment resets system, list of devices will not be lost, and can guarantee the completed external equipment of electronic equipment
Certification is still effective, and reliability is higher.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the flow chart of external equipment authentication management method provided in an embodiment of the present invention;
Fig. 2 is the structural schematic diagram of external equipment authentication management device provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts all other
Embodiment shall fall within the protection scope of the present invention.
The embodiment of the present invention provides a kind of external equipment authentication management method, is applied to the first electronic equipment, such as Fig. 1 institute
Show, which comprises
After S11, first electronic equipment starting, into the first system, when the first system detects external equipment and institute
When stating the connection of the first electronic equipment, the unique identifier of the external equipment is obtained, by the unique identifier of the external equipment
It is saved in the list of devices of the first system;
Wherein, the connection of the external equipment and the first electronic equipment is physical connection.
The unique identifier of the external equipment includes PID(Product ID, product ID), VID(Vendor ID,
Supplier's identification code) and SID(Security Identifiers, secure identifier).
S12, into second system, when second system inner nuclear layer detects that external equipment is connect with first electronic equipment
When, the unique identifier of the external equipment is obtained, the unique identifier of the external equipment is sent to the first system.
S13, the first system match the unique identifier of the external equipment in the list of devices, and general
Second system inner nuclear layer is sent to result.
S14, second system inner nuclear layer carry out corresponding operating to the external equipment according to the matching result.
External equipment authentication management method provided in an embodiment of the present invention, when the first system detects external equipment and electronics
When equipment connects, obtains the unique identifier of external equipment and be saved in the list of devices of the first system;When in second system
When stratum nucleare detects that external equipment is connect with electronic equipment, obtains the unique identifier of external equipment and be sent to the first system;
The first system matches the unique identifier of the external equipment in list of devices, and matching result is sent to second
System kernel layer;Second system inner nuclear layer carries out corresponding operating to external equipment according to matching result.Compared with prior art, if
Standby list is stored in the first system of electronic equipment, it is not easy to which under attack or distort, safety is higher;Even if electronics
Equipment resets system, and list of devices will not be lost, and can guarantee that the completed external equipment certification of electronic equipment is still effective,
Reliability is higher.
Specifically, the second system inner nuclear layer can to external equipment progress corresponding operating according to the matching result
To include: to load the external equipment when the matching result is successful match;When the matching result is that it fails to match
When, it is not loaded with the external equipment, and generate the unauthenticated prompt information of external equipment.
Specifically, by taking USB storage device as an example, the USB storage device that linux system equipment interconnection enters is described below and carries out
The mode of operation of authentication management.
After the starting of linux system equipment, into BIOS, when BIOS detects USB storage device and the linux system equipment
When connection, the UID of the USB storage device is obtained, the UID of the USB storage device is saved in the list of devices of BIOS;Into
Operating system obtains the USB when operating system kernel layer detects that the USB storage device is connect with the linux system equipment
The UID for storing equipment, is sent to BIOS for the UID of the USB storage device;BIOS stores the USB in the list of devices
The UID of equipment is matched, and matching result is sent to operating system kernel layer;When the matching result is successful match,
Operating system kernel layer loads the USB storage device;When the matching result is that it fails to match, operating system kernel layer is not loaded with
The USB storage device, and generate the unauthenticated prompt information of the USB storage device.
Specifically, the unique identifier for obtaining the external equipment may include: to enumerate the external equipment, from piece
Lift the unique identifier that the external equipment is obtained in information.
Specifically, the unique identifier by the external equipment is sent to the first system of first electronic equipment
It may include: the SMI(System Management Interrupts by the first system of first electronic equipment, be
System management interrupt) unique identifier of the external equipment is sent to the first system of first electronic equipment by event.
The embodiment of the present invention also provides a kind of external equipment authentication management device, is located in the first electronic equipment, such as Fig. 2 institute
Show, described device includes the first system 11 and second system 12, wherein
The first system 11, for when detecting that external equipment is connect with first electronic equipment, described in acquisition
The unique identifier of the external equipment is saved in list of devices by the unique identifier of external equipment, receives second system
The unique identifier for the external equipment that inner nuclear layer 121 is sent sends second system inner nuclear layer 121 in the list of devices
The unique identifier of external equipment is matched, and matching result is sent to second system inner nuclear layer 121;
The second system inner nuclear layer 121, for obtaining when detecting that external equipment is connect with first electronic equipment
The unique identifier of the external equipment is sent to the first system 11 by the unique identifier for taking the external equipment, receives the
The matching result that one system 11 is sent carries out corresponding operating to the external equipment according to the matching result.
External equipment authentication management device provided by the invention, when the first system detects that external equipment and electronic equipment connect
When connecing, obtains the unique identifier of external equipment and be saved in the list of devices of the first system;When second system inner nuclear layer is examined
When measuring external equipment and being connect with electronic equipment, obtains the unique identifier of external equipment and be sent to the first system;First system
System matches the unique identifier of the external equipment in list of devices, and matching result is sent in second system
Stratum nucleare;Second system inner nuclear layer carries out corresponding operating to external equipment according to matching result.Compared with prior art, list of devices
It is stored in the first system of electronic equipment, it is not easy to which under attack or distort, safety is higher;Even if electronic equipment weight
Dress system, list of devices will not be lost, and can guarantee that the completed external equipment of electronic equipment authenticates still effective, reliability
It is higher.
Further, the second system inner nuclear layer 121 is also used to the load when the matching result is successful match
The external equipment;When the matching result is that it fails to match, it is not loaded with the external equipment, and generate external equipment and do not lead to
Cross the prompt information of certification.
Specifically, the first system 11, is also used to enumerate the external equipment, and the outside is obtained from enumerations information
The unique identifier of equipment;The second system inner nuclear layer 121, is also used to enumerate the external equipment, obtains from enumerations information
Take the unique identifier of the external equipment.
Specifically, the second system inner nuclear layer 121, being also used to will be described by the SMI event of the first system 11
The unique identifier of external equipment is sent to the first system 11.
In above-mentioned apparatus embodiment, the external equipment can be USB storage device, and first electronic equipment can be with
For linux system equipment, the first system can be BIOS, and the second system can be (SuSE) Linux OS.
The embodiment of the present invention also provides a kind of electronic equipment, and the electronic equipment includes processor and external interface, described
Electronic equipment further includes external equipment authentication device described in above-described embodiment.
Electronic equipment in the embodiment of the present invention can be desktop computer, notebook, mobile phone, PAD etc., but be not limited only to
This.External equipment in the embodiment of the present invention can be USB storage device, printer, scanner etc., but be not limited only to this.
External equipment authentication management method, apparatus of the embodiment of the present invention and electronic equipment, can be adapted for linux system and set
It is standby that external equipment is authenticated, but it is not limited only to this.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those familiar with the art, all answers
It is included within the scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.
Claims (10)
1. a kind of external equipment authentication management method is applied to the first electronic equipment characterized by comprising
After the first electronic equipment starting, into the first system, when the first system detects external equipment and first electricity
When sub- equipment connects, the unique identifier of the external equipment is obtained, the unique identifier of the external equipment is saved in the
In the list of devices of one system;
Into second system, when second system inner nuclear layer detects that external equipment is connect with first electronic equipment, obtain
The unique identifier of the external equipment is sent to the first system by the unique identifier of the external equipment;
The first system matches the unique identifier of the external equipment in the list of devices, and matching result is sent out
Give second system inner nuclear layer;
Second system inner nuclear layer carries out corresponding operating to the external equipment according to the matching result.
2. the method according to claim 1, wherein the second system inner nuclear layer is according to the matching result pair
The external equipment carries out corresponding operating
When the matching result is successful match, the external equipment is loaded;
When the matching result is that it fails to match, it is not loaded with the external equipment, and it is unauthenticated to generate external equipment
Prompt information.
3. the method according to claim 1, wherein the unique identifier packet for obtaining the external equipment
It includes: enumerating the external equipment, the unique identifier of the external equipment is obtained from enumerations information.
4. the method according to claim 1, wherein the unique identifier by the external equipment is sent to
The first system includes: to be sent the unique identifier of the external equipment by the system management interrupt SMI event of the first system
To the first system.
5. the method according to claim 1, wherein the connection of the external equipment and the first electronic equipment is object
Reason connection.
6. a kind of external equipment authentication management device is located in the first electronic equipment, which is characterized in that described device includes first
System and second system, wherein
The first system, for obtaining the outside and setting when detecting that external equipment is connect with first electronic equipment
The unique identifier of the external equipment is saved in list of devices by standby unique identifier, receives second system inner nuclear layer
The unique identifier of the external equipment of transmission, in the list of devices only to the external equipment of second system inner nuclear layer transmission
One identification code is matched, and matching result is sent to second system inner nuclear layer;
The second system inner nuclear layer, for when detecting that external equipment is connect with first electronic equipment, described in acquisition
The unique identifier of the external equipment is sent to the first system by the unique identifier of external equipment, receives the first system hair
The matching result sent carries out corresponding operating to the external equipment according to the matching result.
7. device according to claim 6, which is characterized in that the second system inner nuclear layer is also used to when the matching
When being as a result successful match, the external equipment is loaded;When the matching result is that it fails to match, it is not loaded with the outside and sets
It is standby, and generate the unauthenticated prompt information of external equipment.
8. device according to claim 6, which is characterized in that the first system is also used to enumerate the external equipment,
The unique identifier of the external equipment is obtained from enumerations information;
The second system inner nuclear layer, is also used to enumerate the external equipment, and the external equipment is obtained from enumerations information
Unique identifier.
9. device according to claim 6, which is characterized in that the second system inner nuclear layer is also used to through the first system
The unique identifier of the external equipment is sent to the first system by the SMI event of system.
10. a kind of electronic equipment, including processor and external interface, which is characterized in that the electronic equipment further includes that right is wanted
Device described in asking any one of 6 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410779885.XA CN105760742B (en) | 2014-12-17 | 2014-12-17 | External equipment authentication management method, apparatus and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410779885.XA CN105760742B (en) | 2014-12-17 | 2014-12-17 | External equipment authentication management method, apparatus and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105760742A CN105760742A (en) | 2016-07-13 |
| CN105760742B true CN105760742B (en) | 2019-01-15 |
Family
ID=56337049
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410779885.XA Active CN105760742B (en) | 2014-12-17 | 2014-12-17 | External equipment authentication management method, apparatus and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105760742B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106302541A (en) * | 2016-10-18 | 2017-01-04 | 安徽天达网络科技有限公司 | A kind of data safety supervision system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101118511A (en) * | 2006-08-01 | 2008-02-06 | 英业达股份有限公司 | Process for basic input output system supporting vertical card |
| US20090083849A1 (en) * | 2007-09-21 | 2009-03-26 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd . | Security protection method and portable electronic device using same |
| CN102236621A (en) * | 2010-04-28 | 2011-11-09 | 鸿富锦精密工业(深圳)有限公司 | Computer interface information configuration system and method |
| CN103914311A (en) * | 2012-12-31 | 2014-07-09 | 研祥智能科技股份有限公司 | Firmware management method and system |
| US20140245013A1 (en) * | 2011-11-04 | 2014-08-28 | Sk Planet Co., Ltd. | Method for interworking with trustzone between normal domain and secure domain, and management method of trusted application download, management server, device and system using it |
-
2014
- 2014-12-17 CN CN201410779885.XA patent/CN105760742B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101118511A (en) * | 2006-08-01 | 2008-02-06 | 英业达股份有限公司 | Process for basic input output system supporting vertical card |
| US20090083849A1 (en) * | 2007-09-21 | 2009-03-26 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd . | Security protection method and portable electronic device using same |
| CN102236621A (en) * | 2010-04-28 | 2011-11-09 | 鸿富锦精密工业(深圳)有限公司 | Computer interface information configuration system and method |
| US20140245013A1 (en) * | 2011-11-04 | 2014-08-28 | Sk Planet Co., Ltd. | Method for interworking with trustzone between normal domain and secure domain, and management method of trusted application download, management server, device and system using it |
| CN103914311A (en) * | 2012-12-31 | 2014-07-09 | 研祥智能科技股份有限公司 | Firmware management method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105760742A (en) | 2016-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI512521B (en) | Secure user attestation and authentication to a remote server | |
| US10708777B2 (en) | Method and apparatus for connection between electronic devices | |
| US10432627B2 (en) | Secure sensor data transport and processing | |
| KR101666187B1 (en) | Care provider terminal, method and computer readable medium for protecting care information | |
| US9223982B2 (en) | Continuation of trust for platform boot firmware | |
| EP2973164B1 (en) | Technologies for secure storage and use of biometric authentication information | |
| US20140282992A1 (en) | Systems and methods for securing the boot process of a device using credentials stored on an authentication token | |
| KR101654778B1 (en) | Hardware-enforced access protection | |
| US10187359B2 (en) | Secure message transmission apparatus and processing method thereof | |
| US20230032191A1 (en) | Third-party application risk assessment in an authorization service | |
| US10642983B2 (en) | Method and apparatus for protecting application | |
| CN111159691B (en) | Dynamic credibility verification method and system for application program | |
| JP6320558B2 (en) | Data integrity protection from rollback attacks for use with systems using message authentication code tags | |
| US20180004982A1 (en) | Transparent execution of secret content | |
| US10019577B2 (en) | Hardware hardened advanced threat protection | |
| CN105787343B (en) | External equipment authentication management method, apparatus and electronic equipment | |
| CN105760742B (en) | External equipment authentication management method, apparatus and electronic equipment | |
| EP3228045A1 (en) | System for establishing ownership of a secure workspace | |
| CN105227521A (en) | Communication terminal and method for managing security, device | |
| US20160352522A1 (en) | User Terminal For Detecting Forgery Of Application Program Based On Signature Information And Method Of Detecting Forgery Of Application Program Using The Same | |
| WO2016026333A1 (en) | Data protection method, device and storage medium in connection between terminal and pc | |
| US20150281959A1 (en) | Information processing device and authentication control method | |
| CN106603237B (en) | Safe payment method and device | |
| CN103218562A (en) | Reliable protection method and system for mobile terminal | |
| Dormann | Google authentication risks on iOS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |