CN107194264A - A kind of network interface card with safety certification function based on UEFI - Google Patents
A kind of network interface card with safety certification function based on UEFI Download PDFInfo
- Publication number
- CN107194264A CN107194264A CN201710373177.XA CN201710373177A CN107194264A CN 107194264 A CN107194264 A CN 107194264A CN 201710373177 A CN201710373177 A CN 201710373177A CN 107194264 A CN107194264 A CN 107194264A
- Authority
- CN
- China
- Prior art keywords
- network interface
- ukey
- interface card
- uefi
- safety certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Stored Programmes (AREA)
Abstract
The present invention discloses a kind of network interface card with safety certification function based on UEFI, is related to operation system information safety certification field;The invention discloses a kind of network interface card with safety certification function based on UEFI, based on UEFI BIOS frameworks, by UKEY relevant controls and verification process, develop in the trawl performance by UEFI standard implementations, and trawl performance and the configuration information of network interface card and other relevant informations are integrated in network interface card ROM, corresponding bootload is configured in systems, it can be conveniently applied on any UEFI BIOS systems, and authentication is realized before system loads, the security of increase system, reduces system bios space-consuming.
Description
Technical field
The present invention discloses a kind of network interface card with safety certification function based on UEFI, is related to operation system information and recognizes safely
Card field.
Background technology
UEFI full name " unified Extensible Firmware Interface " (Unified Extensible Firmware
Interface), it is a kind of standard that style interface is described in detail.This interface is used for the automatic behaviour from pretrigger of operating system
Make environment, be loaded into a kind of operating system.UEFI BIOS systems are supported also to have formulated relevant criterion in driving aspect, with reality
Existing compatibility, every driver according to this standard development, it may not be necessary to change driving, directly matched somebody with somebody by simple UEFI
Put, be applied on UEFI BIOS.UEFI start-up courses include SEC, PEI, DXE, BDS, TSL, RT several stages.And PEI
Code is un-compressed, is used to reduce ROM Space, should also try one's best various regarded as output controlling being put into DXE and afterwards each
Stage.Wherein UKEY information security certifications, are the dual keys of the safety certification USB flash disk passed through, realize the process of authentication.This hair
It is bright to disclose a kind of network interface card with safety certification function based on UEFI, based on UEFI BIOS frameworks, by UKEY relevant controls
And verification process, exploitation arrived in the trawl performance by UEFI standard implementations, and by the configuration information of trawl performance and network interface card and its
His relevant information is integrated in network interface card ROM, and corresponding bootload is configured in systems, in that context it may be convenient to applied to any UEFI
On BIOS system, and authentication is realized before system loads, increase the security of system, the occupancy for reducing system bios is empty
Between.
The content of the invention
The present invention provides a kind of network interface card with safety certification function based on UEFI, in that context it may be convenient to applied to any
On UEFI BIOS systems, and authentication is realized before system loads, increase the security of system, before wide application
Scape.
Concrete scheme proposed by the present invention is:
A kind of network interface card with safety certification function based on UEFI:
The driving of network interface card includes the UKEY associated verification programs by UEFI standard implementations, and trawl performance and network interface card relevant configuration
Information is stored in network interface card ROM simultaneously, and reutilization system BIOS configures corresponding bootload, makes network interface card in any UEFI
Authentication is realized before BIOS system loading.
The DXE phase operation that the trawl performance guiding is verified in UKEY, carries out associative operation in BDS phase, runs to
Network card equipment, first starts UKEY safety certification, if otherwise certification is shut down by carrying out follow-up system loads and RT stages again
Restart.
The UKEY associated verifications function includes detection operation driving and authentication of the UKEY based on UEFI BIOS frameworks
Program.
A kind of application method of the network interface card with safety certification function based on UEFI, the network interface card is installed to UEFI
On BIOS system mainboard, safety verification USB flash disk is connected with mainboard,
Starting up, by UEFI BIOS each startup stage, when running to trawl performance, starts UKEY correlation functions, UKEY
Control program detects UKEY and runs corresponding UKEY safety certification process,
Safety certification is carried out to the information of main frame by UKEY, judges whether to continue to start, is verified, continue follow-up open
Dynamic process, completion system is safely loaded with, and does not otherwise continue to start.
The DXE phase operation that trawl performance guiding is verified in UKEY in described method, related behaviour is carried out in BDS phase
Make, run to network card equipment, first start UKEY safety certification, if certification by carrying out follow-up system loads and RT ranks again
Section, otherwise cycle power.
Usefulness of the present invention is:
The invention discloses a kind of network interface card with safety certification function based on UEFI, the driving of network interface card includes pressing UEFI standards
The UKEY associated verification programs of realization, and trawl performance and network interface card relevant configuration information be stored in network interface card ROM simultaneously, then profit
Corresponding bootload is configured with system bios, network interface card is realized authentication before the loading of any UEFI BIOS systems;This hair
Bright is to be based on UEFI BIOS frameworks, and by UKEY relevant controls and verification process, the trawl performance by UEFI standard implementations is arrived in exploitation
In, and trawl performance and the configuration information of network interface card and other relevant informations are integrated in network interface card ROM, configure corresponding in systems
Bootload, in that context it may be convenient to applied on any UEFI BIOS systems, and authentication is realized before system loads, increased
The security of adding system, reduces system bios space-consuming.
Brief description of the drawings
Fig. 1 is network interface card operation logic schematic flow sheet of the present invention.
Fig. 2 network interface card application method schematic flow sheets of the present invention.
Embodiment
The present invention provides a kind of network interface card with safety certification function based on UEFI:
The driving of network interface card includes the UKEY associated verification programs by UEFI standard implementations, and trawl performance and network interface card relevant configuration
Information is stored in network interface card ROM simultaneously, and reutilization system BIOS configures corresponding bootload, makes network interface card in any UEFI
Authentication is realized before BIOS system loading.
The application method of above-mentioned network interface card is provided simultaneously:
The network interface card is installed on UEFI BIOS system mainboards, and safety verification USB flash disk is connected with mainboard,
Starting up, by UEFI BIOS each startup stage, when running to trawl performance, starts UKEY correlation functions, UKEY
Control program detects UKEY and runs corresponding UKEY safety certification process,
Safety certification is carried out to the information of main frame by UKEY, judges whether to continue to start, is verified, continue follow-up open
Dynamic process, completion system is safely loaded with, and does not otherwise continue to start.
With reference to accompanying drawing, the present invention will be further described.
Network interface card wherein of the present invention is by correlations such as detection operation drivings of the UKEY based on UEFI BIOS frameworks and authentications
Function program is developed into trawl performance;
Trawl performance and network card configuration message file are integrated into network interface card ROM, reduce system bios;
In system bios, trawl performance bootstrap is set;
By UEFI SEC phase after client rs PC is started shooting, it is initialization before EFI to set CPU protected mode, PEI phase
After PEI, into DXE phase;
Start that each Device handle and protocol are installed, now run network interface card bootstrap, carried out in BDS phase related
When shadow is operated, network card equipment is run to, first starts UKEY safety certification, certification by carrying out follow-up system loads again
And the RT stages;Otherwise shutdown need to restart manually, i.e., the safety certification of system is completed before system loads, it is ensured that the safety of system.
Realize that UEKY safety certification functions complete the safety certification of system in driving in trawl performance above, realize band
There is the network interface card of UKEY authentication functions, and can be conveniently suitable in UEFI BIOS, do not increase system bios to a certain extent
Size.
Wherein above-mentioned network interface card is in specifically used, after network interface card is installed on computer main board, and safety verification USB flash disk and mainboard are connected
Connect, starting up.
By UEFI BIOS each startup stage, when running to trawl performance, start UKEY correlation functions, UKEY controls
Programmable detection is to UKEY and runs corresponding UKEY safety certification process,
Safety certification is carried out to the information of main frame by UKEY, judges whether to continue to start computer:
If checking does not pass through, in order to which computer security does not continue to start, automatic shutdown;Then continue follow-up if the verification passes
Start-up course, completion system is safely loaded with.
Claims (5)
1. a kind of network interface card with safety certification function based on UEFI, it is characterized in that
The driving of network interface card includes the UKEY associated verification programs by UEFI standard implementations, and trawl performance and network interface card relevant configuration
Information is stored in network interface card ROM simultaneously, and reutilization system BIOS configures corresponding bootload, makes network interface card in any UEFI
Authentication is realized before BIOS system loading.
2. network interface card according to claim 1, it is characterized in that the DXE phase fortune that trawl performance guiding is verified in UKEY
OK, associative operation is carried out in BDS phase, runs to network card equipment, first start UKEY safety certification, if certification by carrying out again
Follow-up system loads and RT stages, otherwise cycle power.
3. network interface card according to claim 1 or 2, it is characterized in that the UKEY associated verifications function, which includes UKEY, is based on UEFI
The detection operation driving of BIOS frameworks and authentication program.
4. a kind of application method of the network interface card with safety certification function based on UEFI, it is characterized in that the network interface card is installed to
On UEFI BIOS system mainboards, safety verification USB flash disk is connected with mainboard,
Starting up, by UEFI BIOS each startup stage, when running to trawl performance, starts UKEY correlation functions, UKEY
Control program detects UKEY and runs corresponding UKEY safety certification process,
Safety certification is carried out to the information of main frame by UKEY, judges whether to continue to start, is verified, continue follow-up open
Dynamic process, completion system is safely loaded with, and does not otherwise continue to start.
5. method according to claim 4, it is characterized in that the DXE phase fortune that trawl performance guiding is verified in UKEY
OK, associative operation is carried out in BDS phase, runs to network card equipment, first start UKEY safety certification, if certification by carrying out again
Follow-up system loads and RT stages, otherwise cycle power.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710373177.XA CN107194264A (en) | 2017-05-24 | 2017-05-24 | A kind of network interface card with safety certification function based on UEFI |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710373177.XA CN107194264A (en) | 2017-05-24 | 2017-05-24 | A kind of network interface card with safety certification function based on UEFI |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107194264A true CN107194264A (en) | 2017-09-22 |
Family
ID=59875282
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710373177.XA Pending CN107194264A (en) | 2017-05-24 | 2017-05-24 | A kind of network interface card with safety certification function based on UEFI |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107194264A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108287988A (en) * | 2017-12-25 | 2018-07-17 | 武汉华工安鼎信息技术有限责任公司 | Safety management system and method for mobile terminal document |
CN111831306A (en) * | 2020-03-26 | 2020-10-27 | 成都万创科技有限责任公司 | Serial number and ProjectName reading and writing method based on network card NVM |
CN112363776A (en) * | 2020-11-13 | 2021-02-12 | 北京智芯微电子科技有限公司 | Terminal control method and device and terminal |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1609748A (en) * | 2004-10-14 | 2005-04-27 | 苏州超锐微电子有限公司 | Method for realizing starting up lock function in network card bootstrap zone |
CN102244684A (en) * | 2011-07-29 | 2011-11-16 | 电子科技大学 | EFI (Extensible Firmware Interface) trusted Cloud chain guiding method based on USBKey |
CN102629309A (en) * | 2012-03-16 | 2012-08-08 | 苏州优康通信设备有限公司 | Method for protecting personal information through network card |
CN105975842A (en) * | 2016-05-11 | 2016-09-28 | 浪潮集团有限公司 | KEY-based BIOS safety authentication method and system in UEFI |
-
2017
- 2017-05-24 CN CN201710373177.XA patent/CN107194264A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1609748A (en) * | 2004-10-14 | 2005-04-27 | 苏州超锐微电子有限公司 | Method for realizing starting up lock function in network card bootstrap zone |
CN102244684A (en) * | 2011-07-29 | 2011-11-16 | 电子科技大学 | EFI (Extensible Firmware Interface) trusted Cloud chain guiding method based on USBKey |
CN102629309A (en) * | 2012-03-16 | 2012-08-08 | 苏州优康通信设备有限公司 | Method for protecting personal information through network card |
CN105975842A (en) * | 2016-05-11 | 2016-09-28 | 浪潮集团有限公司 | KEY-based BIOS safety authentication method and system in UEFI |
Non-Patent Citations (1)
Title |
---|
王晓箴 等: "EFI BIOS安全隐患分析及基于Ukey的可信防护策略", 《全国计算机、网络在现代科学技术领域的应用学术会议2009》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108287988A (en) * | 2017-12-25 | 2018-07-17 | 武汉华工安鼎信息技术有限责任公司 | Safety management system and method for mobile terminal document |
CN111831306A (en) * | 2020-03-26 | 2020-10-27 | 成都万创科技有限责任公司 | Serial number and ProjectName reading and writing method based on network card NVM |
CN112363776A (en) * | 2020-11-13 | 2021-02-12 | 北京智芯微电子科技有限公司 | Terminal control method and device and terminal |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9886580B2 (en) | Method for optimizing boot time of an information handling system | |
US8826261B1 (en) | Programming processors through CAN interface without changing the boot mode select pins | |
US7752428B2 (en) | System and method for trusted early boot flow | |
CN106020875B (en) | Firmware update management method and device of embedded terminal | |
CN101656949B (en) | Method and terminals for aerial upgrade of firmware | |
CN104102518B (en) | double-CPU system and program upgrading method thereof | |
CN104581397B (en) | The method for upgrading system and device of android set top box | |
CN107194264A (en) | A kind of network interface card with safety certification function based on UEFI | |
CN105825131B (en) | A kind of computer safety start means of defence based on UEFI | |
CN111125675B (en) | Method and system for controlling debug port and test method | |
CN105488418B (en) | trusted starting method and system of virtualization platform server | |
WO2017219861A1 (en) | Method and device for controlling system start-up mode | |
US20090019435A1 (en) | System and method for over the air programming | |
CN100504778C (en) | Open system and method for computer | |
WO2016062146A1 (en) | Serial number information update method, device and terminal | |
CN104951328A (en) | Embedded equipment and starting method thereof | |
CN103019758A (en) | Electronic device starting-up acceleration method and related electronic device | |
CN112860330A (en) | Method and device for installing operating system, computer equipment and storage medium | |
CN110457073A (en) | A kind of credible starting method of the Pre-boot Execution Environment PXE of Shen prestige server | |
CN105677409B (en) | A kind of method for upgrading system and device | |
CN102414662A (en) | Method and system for providing a data module lock to device hardware, system and method for confirming that a circuit card is compatible with a computer | |
CN108139901B (en) | Runtime verification using external devices | |
CN102622254B (en) | Television outage disposal route and system | |
CN106919423B (en) | Firmware upgrading method and device | |
US11023220B2 (en) | Firmware update with integrated smart sequence and action engine |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170922 |