CN106940769B - Safe remote loading method for operating system - Google Patents
Safe remote loading method for operating system Download PDFInfo
- Publication number
- CN106940769B CN106940769B CN201710116649.3A CN201710116649A CN106940769B CN 106940769 B CN106940769 B CN 106940769B CN 201710116649 A CN201710116649 A CN 201710116649A CN 106940769 B CN106940769 B CN 106940769B
- Authority
- CN
- China
- Prior art keywords
- operating system
- computer
- loaded
- server
- loading
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000011068 loading method Methods 0.000 title claims abstract description 57
- 238000000034 method Methods 0.000 claims abstract description 34
- 230000008569 process Effects 0.000 claims abstract description 22
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 15
- 238000005259 measurement Methods 0.000 claims description 12
- KKIMDKMETPPURN-UHFFFAOYSA-N 1-(3-(trifluoromethyl)phenyl)piperazine Chemical compound FC(F)(F)C1=CC=CC(N2CCNCC2)=C1 KKIMDKMETPPURN-UHFFFAOYSA-N 0.000 claims description 9
- 230000006870 function Effects 0.000 claims description 9
- 102100033668 Cartilage matrix protein Human genes 0.000 claims description 8
- 101001018382 Homo sapiens Cartilage matrix protein Proteins 0.000 claims description 8
- 238000012795 verification Methods 0.000 claims description 8
- 238000012360 testing method Methods 0.000 claims description 6
- 238000012546 transfer Methods 0.000 claims description 4
- 230000007613 environmental effect Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 11
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
- H04L61/5014—Internet protocol [IP] addresses using dynamic host configuration protocol [DHCP] or bootstrap protocol [BOOTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The invention discloses a safe remote loading method of an operating system, which comprises the following steps: (1) verifying the legality of the computer to be loaded; (2) remote loading of an operating system; (3) and in the loading process, measuring the integrity of the operating system. Aiming at the problem that the existing security software cannot solve the malicious program of the operating system level, the integrity of the operating system can be measured before the operating system is started, so that the environmental security before the starting is ensured.
Description
Technical Field
The invention relates to a remote loading method of an operating system, in particular to a safe remote loading method of the operating system.
Background
Today, with the rapid development of cloud computing, data security problems are getting more and more serious, and security protection for operating system loading is also an important task while security software is used to ensure computer security. The technology for realizing the security protection of the operating system is rich at present, but the security protection measures for the loading environment and the loading process of the operating system and remote loading are still not perfect. In the process of remotely loading the operating system, the security and integrity of the operating system are difficult to guarantee, and meanwhile, the operating system can be tampered in the transmission process due to the insecurity of network transmission, and once the operating system is tampered, a client can be hijacked and other problems can be caused.
At present, a method adopted by a computer for malicious software is to add a malicious code prevention technology into a system, and the technology mainly scans and monitors program codes running in the system through a feature code scanning technology, an integrity checking technology, an access control technology and the like, so that destructive behaviors of the malicious codes are prevented. In order to stay in the system for a long time and maintain the control right of the system, malicious codes can utilize various hiding technologies to avoid the killing of security protection software, even some malicious software uses the system-level Rootkit technology to start before the security software in the system loading process, so that the control right of an operating system kernel is obtained, the operating system kernel is damaged, and even the execution of the security software is stopped, so that the operating system is in an unprotected state. Which are difficult to identify by existing security technologies.
With the rapid evolution of malware, malware is targeting the launch path as a preferred attack. Such attacks are difficult to prevent because the malware can disable the anti-malware product, completely preventing the anti-malware from being loaded. The existing remote loading mode has the danger of malicious program attack, and cannot verify the safety of the server, so that the danger of attack by a malicious server exists.
With the secure boot architecture and its established root of trust, a user may be prevented from executing malicious code in the root path by ensuring that only signed and authenticated "known secure" code and boot loader can be executed before the operating system is loaded. In a Unified Extensible Firmware Interface (UEFI) protocol, secure boot is used as one of its functions to support the reliability verification of Firmware on components, and an original equipment manufacturer can customize the Firmware through its platform customization certificate and management level, thereby satisfying the requirements of customers. Meanwhile, in the UEFI, a security policy is implemented by supporting firmware, a security boot protocol of the UEFI is a basis for realizing cross-platform and firmware security, is independent of an architecture, and is used for verifying a firmware image based on a Public Key Infrastructure (PKI) flow before executing the firmware image, so that the risk of being attacked by a boot loader is reduced. However, although the secure boot is included as an optional function in the operating system boot process in the UEFI boot stage, the integrity of the operating system is not measured from the server perspective, and thus there is still a risk of tampering with the operating system.
Disclosure of Invention
In view of the shortcomings in the prior art, the invention aims to provide a secure remote loading method for an operating system, which ensures the security and integrity of the operating system in the loading process.
In order to achieve the purpose, the technical scheme of the invention is as follows: a secure remote loading method of an operating system comprises the following steps: (1) verifying the legality of the computer to be loaded; (2) remote loading of an operating system; (3) and in the loading process, measuring the integrity of the operating system.
As a modification of the present invention, in the step (1), the method comprises: (101) establishing a trusted list on a DHCP server, wherein the trusted list is used for storing trusted system data, trusted host information and trusted user program information; (102) starting a network card drive by a computer to be loaded, and sending an IP address request to a DHCP server; and (3) the DHCP server carries out identity authentication on the computer to be loaded, compares the received request information with the information in the credible list, if the request information is the same as the information in the credible list, the DHCP server indicates that the computer to be loaded is credible, continues the step (2), and otherwise, the DHCP server is not credible and terminates the loading process.
As an improvement of the present invention, the IP address request includes: the method comprises the steps that self-testing is conducted before a diskless boot Rom interface based on a TCP/IP protocol obtains a control right, information obtained through testing comprises information of a physical address, a CPU, a memory and a network card of a host, the information is packaged into a DHCP message, and the DHCP message is sent to a DHCP server.
As a refinement of the present invention, in step (102), the comparing step includes: (102a) the DHCP server reads a Chaddr field of the DHCP message and reads a hardware address of the computer to be loaded from the Chaddr field; (102b) reading an Options field of the DHCP message, and acquiring an identifier of a host; (102c) and (4) performing Hash operation on the contents acquired in the step (102a) and the step (102b), and comparing the operated value with the value stored in the credible list.
As a modification of the present invention, in the step (2), the method includes: (201) after the validity of the computer to be loaded passes the verification, the DHCP server allocates a dynamic IP address for the computer to be loaded and provides the address of the TFTP server for the computer to be loaded; (202) the computer to be loaded acquires an operating system starting file from the TFTP server and starts a loading process, wherein the operating system starting file comprises a GRUB configuration file BOOTX64.conf, a UEFI starting image file BOOTX64.efi and a UEFI starting menu tool splash.xpm.gz; (203) loading UEFI drive by the computer to be loaded, establishing network connection with the FTP server, and acquiring an operating system and an SHA1 value of the operating system from the FTP server; (204) the control of the operating system is handed to the PEI kernel, the control transfer first switches the computer from real mode to containment mode and looks for BFV in UEFI firmware and finds the SEC image from BFV, then calls the SEC entry function, initializes the stack and IDT and EFI _ SEC _ PEI _ HAND _ OFF in the SEC function, passes EFI _ SEC _ PEI _ HAND _ OFF to PEI after initialization is complete, and then the control is handed to PEI.
As an improvement of the present invention, in step (3), the integrity measurement agent is started by UEFI firmware, and the integrity measurement specifically includes: (301) starting a TPM chip and resetting PCR on the system; (302) calculating the SHA1 value of CRTM, and performing OR operation on the obtained result and the PCR value; (303) using the value obtained in the step (302) to perform OR operation with the SHA1 value of GRUB and the SHA1 value of the operating system in sequence, and storing the value into a safety measurement list; (304) SHA1 operation is carried out on the GRUB and the operation system code which are obtained currently and the CRTM, and the operation system code is compared with the value in the security measurement list, if the GRUB and the operation system code are the same, the operation system enters a starting stage, otherwise, the loading of the operation system is interrupted.
Compared with the prior art, the method and the device have the advantages that aiming at the problem that the existing security software cannot solve the malicious program of the operating system level, the integrity of the operating system can be measured before the operating system is started, so that the environmental security before the starting is ensured; in addition, aiming at the problem that the server cannot be verified in the current remote loading process, the invention starts from UEFI firmware, writes a verification program in the UEFI firmware, and establishes a Trusted chain according to a Trusted root of a secure chip (TPM) in the starting process, thereby ensuring the security in the system loading process.
Drawings
The structure and advantageous effects of the present invention will be described in detail with reference to the accompanying drawings and the detailed description.
FIG. 1 is a flowchart of a secure remote loading method of an operating system according to the present invention.
FIG. 2 is a diagram illustrating a hardware connection used in the secure remote loading method of an operating system according to the present invention.
Fig. 3 is a flowchart of UEFI framework execution according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantageous technical effects of the present invention clearer, the present invention is described in further detail below with reference to the accompanying drawings and the detailed description. It should be understood that the detailed description and specific examples, while indicating the preferred embodiment of the invention, are intended for purposes of illustration only and are not intended to limit the scope of the invention.
In this embodiment, the TFTP server and the FTP server use ubuntu14.04 as an operating system, and the database is MySQL; the client (computer to be loaded) is a desktop and the operating system to be loaded is the Windows7 operating system.
Referring to fig. 1, fig. 2 and fig. 3, the method for secure remote loading of an operating system according to the present embodiment includes the following steps:
The DHCP Server is a Server configured with a dynamic host configuration protocol, in this example, the DHCP Server is a computer provided with a Windows 2000Server/Advanced Server system, the Server controls a section of IP range, and a client logs in the Server to automatically acquire an IP address.
And 2, starting a network card drive by the computer to be loaded, and sending an address request to the DHCP server, wherein the request content comprises a physical address (MAC) of the host to be loaded and hardware information, and the hardware information mainly comprises the MAC information of the network card. The IP address request method comprises the following steps: before a diskless boot Rom interface (Bootrom) based on a TCP/IP protocol obtains a control right, self-testing is carried out, information obtained by testing comprises information such as a physical address, a CPU (central processing unit), a memory, a network card and the like of a host, and the information is packaged into a DHCP message. And then Bootprom sends the message to a DHCP server, if the server receives the request and carries out identity verification on the client, the server sends back BOOTP/DHCP response after successful verification, and the content comprises the IP address of the client, a preset gateway and a boot image file. Otherwise, the server ignores this requirement.
And 3, the DHCP server verifies the information in the step 2, and the verification process is as follows:
A1. reading a Chaddr field of the DHCP message, and reading a hardware address of the client from the Chaddr field;
A2. reading the Options field to acquire the identifier of the host;
A3. and (4) carrying out Hash operation on the contents acquired in the A1 and the A2, comparing the operated value with the value stored in the trusted list in the step (1), if the values are the same, indicating that the client is trusted, turning to the step (4), otherwise, terminating the loading process if the client is not trusted.
Step 4, the DHCP server distributes a dynamic IP address for the computer to be loaded and provides the address of the TFTP server for the computer to be loaded; the TFTP server is a server configured with a simple text transfer protocol (TFTP), and is mainly used for providing a boot File for loading an operating system.
And 5, the computer to be loaded acquires an operating system boot file from the TFTP server and starts a loading process, wherein the operating system boot file comprises a configuration file BOOTX64.conf of a Unified boot loader (GRand Unified boot loader, GRUB), a boot image file BOOTX64.efi of UEFI and a UEFI boot menu tool splash.xpm.gz.
Step 6, loading UEFI drive by the computer to be loaded, establishing network connection with the FTP server, and acquiring an operating system and the SHA1 value of the operating system from the FTP server;
and 7: the control right of the operating system is handed to a preset extensible Firmware interface initialization (PEI) kernel, the control right transfer firstly converts the computer from a real mode to a contained mode, a Boot Firmware Volume (BFV) is found in UEFI Firmware, an SEC mirror image is found in the BFV, then a Security (SEC) entry function is called, a stack and an IDT and an EFI _ SEC _ PEI _ HAND _ OFF are initialized in the SEC function, the EFI _ SEC _ PEI _ HAND _ OFF is transferred to the PEI after the initialization is completed, and the control right is handed to the PEI.
And 8: starting an integrity measurement agent through UEFI firmware, and carrying out integrity measurement on the operating system in the step 4, wherein the integrity measurement specifically comprises the following steps:
A1. starting the TPM chip and clearing the PCR on the system.
A2. Calculating SHA1 value of CRTM, and performing OR operation on the obtained result and the value of platform status register (PCR);
A3. and performing OR operation on the obtained value in A2, the SHA1 value of GRUB and the SHA1 value of the operating system in sequence, and storing the values into a safety metric list.
A4. Performing SHA1 operation on the currently acquired GRUB and the operating system code and a Root of Trust (CRTM), comparing the obtained GRUB and the CRTM with values in a security measurement list, if the obtained GRUB and the CRTM are the same, turning to step 9, and otherwise, interrupting the loading of the operating system.
And step 9: and entering a starting stage, wherein the starting mode of the stage is the same as that of the traditional operating system, and the description is omitted.
The invention relates to a UEFI-based safe remote loading method for an operating system, which verifies the integrity of the remote operating system in a UEFI firmware writing mode to ensure the safe loading of the operating system. The invention can guarantee the security of the computer to be started, the prior art only compares the MAC addresses of the network cards of the computer to be started through the verification of the computer to be started, so that the risk of being attacked by malicious programs exists, and the invention establishes a credible list in the DHCP server, thereby only providing IP service for the computers in the list; the security of the operating system in the loading process can be ensured, the TPM trusted chain technology is adopted, and the integrity of the operating system is measured in the loading process of the operating system; the loading speed can be increased, and the problem of low loading speed in the conventional BIOS is solved by adopting a UEFI firmware verification technology.
From the view of the loading mode of the operating system: the implementation of the remote loading mode is mainly realized in a PXE mode, the loading of the operating system in the PXE mode is mainly realized by loading an operating system image and providing service support for a client through a remote host installation method; the invention directly loads the operating system by loading UEFI firmware from the perspective of UEFI, and loads the operating system locally on top of UEFI firmware programs in a streaming manner. From a security perspective: currently, the loading of the operating system only completes the detection of the operating system operation through a malicious code detection tool after the completion of the boot, although the security boot is taken as an optional function in the boot process of the operating system in the UEFI boot stage, the integrity of the operating system is still not measured from the perspective of the server, and thus the risk of tampering the operating system still exists; (ii) a The invention provides the operating system abstract mainly through the remote server, and measures the integrity of the operating system in the loading process, thereby ensuring the integrity and the safety of the operating system.
Appropriate changes and modifications to the embodiments described above will become apparent to those skilled in the art from the disclosure and teachings of the foregoing description. Therefore, the present invention is not limited to the specific embodiments disclosed and described above, and some modifications and variations of the present invention should fall within the scope of the claims of the present invention. Furthermore, although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (5)
1. A secure remote loading method for an operating system is characterized by comprising the following steps:
(1) verifying the legality of the computer to be loaded;
(2) remote loading of an operating system; in the step (2), the method comprises the following steps:
(201) after the validity of the computer to be loaded passes the verification, the DHCP server allocates a dynamic IP address for the computer to be loaded and provides the address of the TFTP server for the computer to be loaded;
(202) the computer to be loaded acquires an operating system starting file from the TFTP server and starts a loading process, wherein the operating system starting file comprises a GRUB configuration file BOOTX64.conf, a UEFI starting image file BOOTX64.efi and a UEFI starting menu tool splash.xpm.gz;
(203) loading UEFI drive by the computer to be loaded, establishing network connection with the FTP server, and acquiring an operating system and an SHA1 value of the operating system from the FTP server;
(204) the control right of the operating system is handed to a PEI kernel, the control right transfer firstly switches the computer from a real mode to an inclusion mode, finds BFV in UEFI firmware and finds an SEC mirror image from the BFV, then calls an SEC entry function, firstly initializes a stack and an IDT and EFI _ SEC _ PEI _ HAND _ OFF in the SEC function, and after the initialization is completed, the EFI _ SEC _ PEI _ HAND _ OFF is transferred to PEI, and at the moment, the control right is handed to PEI;
(3) and in the loading process, measuring the integrity of the operating system.
2. The secure remote loading method of the operating system according to claim 1, wherein in step (1), the method comprises:
(101) establishing a trusted list on a DHCP server, wherein the trusted list is used for storing trusted system data, trusted host information and trusted user program information;
(102) starting a network card drive by a computer to be loaded, and sending an IP address request to a DHCP server; and (3) the DHCP server carries out identity authentication on the computer to be loaded, compares the received request information with the information in the credible list, if the request information is the same as the information in the credible list, the DHCP server indicates that the computer to be loaded is credible, continues the step (2), and otherwise, the DHCP server is not credible and terminates the loading process.
3. The secure remote loading method of operating system according to claim 2, wherein the IP address request comprises: the method comprises the steps that self-testing is conducted before a diskless boot Rom interface based on a TCP/IP protocol obtains a control right, information obtained through testing comprises information of a physical address, a CPU, a memory and a network card of a host, the information is packaged into a DHCP message, and the DHCP message is sent to a DHCP server.
4. The method for secure remote loading of an operating system according to claim 3, wherein in step (102), the comparing step comprises:
(102a) the DHCP server reads a Chaddr field of the DHCP message and reads a hardware address of the computer to be loaded from the Chaddr field;
(102b) reading an Options field of the DHCP message, and acquiring an identifier of a host;
(102c) and (4) performing Hash operation on the contents acquired in the step (102a) and the step (102b), and comparing the operated value with the value stored in the credible list.
5. The secure remote loading method of an operating system according to claim 1, wherein in step (3), the integrity measurement agent is started through UEFI firmware, and the integrity measurement step specifically includes:
(301) starting a TPM chip and resetting PCR on the system;
(302) calculating the SHA1 value of CRTM, and performing OR operation on the obtained result and the PCR value;
(303) using the value obtained in the step (302) to perform OR operation with the SHA1 value of GRUB and the SHA1 value of the operating system in sequence, and storing the value into a safety measurement list;
(304) SHA1 operation is carried out on the GRUB and the operation system code which are obtained currently and the CRTM, and the operation system code is compared with the value in the security measurement list, if the GRUB and the operation system code are the same, the operation system enters a starting stage, otherwise, the loading of the operation system is interrupted.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710116649.3A CN106940769B (en) | 2017-03-01 | 2017-03-01 | Safe remote loading method for operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710116649.3A CN106940769B (en) | 2017-03-01 | 2017-03-01 | Safe remote loading method for operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106940769A CN106940769A (en) | 2017-07-11 |
| CN106940769B true CN106940769B (en) | 2020-04-28 |
Family
ID=59469445
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710116649.3A Active CN106940769B (en) | 2017-03-01 | 2017-03-01 | Safe remote loading method for operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106940769B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566174A (en) * | 2017-09-05 | 2018-01-09 | 郑州云海信息技术有限公司 | A kind of network interface card identification and the realization method and system of bulk filling system |
| US10757087B2 (en) * | 2018-01-02 | 2020-08-25 | Winbond Electronics Corporation | Secure client authentication based on conditional provisioning of code signature |
| CN111159700A (en) * | 2019-12-03 | 2020-05-15 | 北京工业大学 | Computer remote safe starting method and system based on UEFI system |
| CN112087294B (en) * | 2020-08-13 | 2022-03-18 | 中国电子科技集团公司第三十研究所 | Portable safety computer system based on secret hash label protection |
| CN112487435B (en) * | 2020-11-06 | 2022-09-06 | 麒麟软件有限公司 | Secure starting method based on X86 architecture |
| CN113051584B (en) * | 2021-05-31 | 2023-05-02 | 武汉深之度科技有限公司 | System security starting method and device, computing equipment and readable storage medium |
| CN116405316B (en) * | 2023-05-26 | 2023-08-25 | 苏州浪潮智能科技有限公司 | Method, device, equipment, medium and special machine management system for starting special machine |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1121008C (en) * | 2001-09-07 | 2003-09-10 | 清华大学 | Remoteboot method of computer in network environment |
| CN101866295A (en) * | 2010-06-21 | 2010-10-20 | 清华大学 | Network installation method of operating system |
| CN101964821A (en) * | 2010-10-12 | 2011-02-02 | 北京中科院软件中心有限公司 | Method and system for loading operating environment of remote terminal |
| TW201324354A (en) * | 2011-12-12 | 2013-06-16 | Wistron Corp | Method for automatic consecutive installing operating systems |
| US20140020096A1 (en) * | 2012-07-11 | 2014-01-16 | Clutch Mobile, Inc. | System to profile application software |
| CN103037002A (en) * | 2012-12-21 | 2013-04-10 | 中标软件有限公司 | Method and system for arranging server cluster in cloud computing cluster environment |
| CN103777981A (en) * | 2014-01-13 | 2014-05-07 | 中南大学 | Multi-operation-system remote loading implementation method suitable for X86 framework |
| CN104158857B (en) * | 2014-07-25 | 2017-10-27 | 中南大学 | A kind of apparatus and method that the service of networking operating system is provided |
| CN105391762A (en) * | 2015-10-12 | 2016-03-09 | 中国人民解放军63811部队 | Method for remote automatic installation of bid-winning Kylin operating system |
-
2017
- 2017-03-01 CN CN201710116649.3A patent/CN106940769B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN106940769A (en) | 2017-07-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106940769B (en) | Safe remote loading method for operating system | |
| US10635821B2 (en) | Method and apparatus for launching a device | |
| US10409978B2 (en) | Hypervisor and virtual machine protection | |
| US9087188B2 (en) | Providing authenticated anti-virus agents a direct access to scan memory | |
| US9471780B2 (en) | System, method, and computer program product for mounting an image of a computer system in a pre-boot environment for validating the computer system | |
| US9058504B1 (en) | Anti-malware digital-signature verification | |
| US20150288659A1 (en) | Systems and Methods for Mutual Integrity Attestation Between A Network Endpoint And A Network Appliance | |
| CN111159700A (en) | Computer remote safe starting method and system based on UEFI system | |
| US8086835B2 (en) | Rootkit detection | |
| US10592661B2 (en) | Package processing | |
| JP6023282B2 (en) | Malware risk scanner | |
| US9251350B2 (en) | Trusted operating environment for malware detection | |
| US10019577B2 (en) | Hardware hardened advanced threat protection | |
| US8499351B1 (en) | Isolated security monitoring system | |
| US20090217375A1 (en) | Mobile Data Handling Device | |
| US11392700B1 (en) | System and method for supporting cross-platform data verification | |
| Uppal | Enabling trusted distributed control with remote attestation | |
| Wang et al. | Coprocessor-based hierarchical trust management for software integrity and digital identity protection | |
| Pourali et al. | Racing for TLS Certificate Validation: A Hijacker’s Guide to the Android TLS Galaxy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: GUANGZHOU DAWEI COMMUNICATION CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980024622 Denomination of invention: Safe Remote Loading Method of Operating System Granted publication date: 20200428 License type: Common License Record date: 20221202 |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: Shenzhen Maiqi Big Data Technology Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980024931 Denomination of invention: Safe Remote Loading Method of Operating System Granted publication date: 20200428 License type: Common License Record date: 20221207 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: SHENZHEN VKSANTONG ELECTRONIC TECHNOLOGY Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980025183 Denomination of invention: Safe Remote Loading Method of Operating System Granted publication date: 20200428 License type: Common License Record date: 20221208 Application publication date: 20170711 Assignee: Shenzhen yunkong Automation Technology Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2022980025165 Denomination of invention: Safe Remote Loading Method of Operating System Granted publication date: 20200428 License type: Common License Record date: 20221208 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: SHENZHEN QIJIAN TECHNOLOGY CO.,LTD. Assignor: Guangzhou University Contract record no.: X2022980027510 Denomination of invention: Safe remote loading method of operating system Granted publication date: 20200428 License type: Common License Record date: 20230105 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: HUAYUAN ELECTRIC Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2023980030232 Denomination of invention: Safe remote loading method of operating system Granted publication date: 20200428 License type: Common License Record date: 20230110 |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20170711 Assignee: Guangzhou Baoxintong Information Technology Co.,Ltd. Assignor: Guangzhou University Contract record no.: X2023980047563 Denomination of invention: Secure Remote Loading Method for Operating System Granted publication date: 20200428 License type: Common License Record date: 20231120 |