CN107196755A - A kind of VPN device safe starting method and system - Google Patents
A kind of VPN device safe starting method and system Download PDFInfo
- Publication number
- CN107196755A CN107196755A CN201710193656.3A CN201710193656A CN107196755A CN 107196755 A CN107196755 A CN 107196755A CN 201710193656 A CN201710193656 A CN 201710193656A CN 107196755 A CN107196755 A CN 107196755A
- Authority
- CN
- China
- Prior art keywords
- bios
- threshold value
- code
- vpn device
- legal threshold
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides electricity in a kind of VPN device safe starting method and system, VPN device, starts BIOS/firmware;Credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code operation result is compared with the first default legal threshold value;When BIOS, which starts code operation result, meets the first default legal threshold value, start the operating system of VPN device;Credible password module carries out Hash operation to the startup code of operating system, and os starting code operation result is preset into legal threshold value with second is compared;When os starting code operation result, which meets second, presets legal threshold value, VPN device normally starts.Present invention protection VPN device is avoided by rogue attacks on startup, ensure that private network accesses it is legal with it is reliable, it is ensured that information security.
Description
Technical field
The present invention relates to the cryptographic algorithm field of VPN device, more particularly to a kind of VPN device safe starting method and it is
System.
Background technology
With the fast development of modern network technology, the network interconnection has become a kind of irresistible trend, but this
Mutual contact mode is highly prone to various attacks, causes the unauthorized access to internal network and information leakage.VPN English full name be
Virtual Private Network, VPN is used as basic transmission using the network (such as Internet) of Common Open
Media, protect the private information transmitted on public network not to be stolen and distort by encrypting and verifying network traffics,
So as to provide the network service similar to private network (Private Network) performance to end user, but if starting
Stage will seriously be threatened by malicious attack, the access of private network, therefore, how safe and reliable VPN device
It is assistant officer's technical problem to be solved instantly.
The content of the invention
In order to overcome above-mentioned deficiency of the prior art, the present invention provides a kind of VPN device safe starting method, method bag
Include:
It is electric in VPN device, start BIOS/firmware;
Credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code operation result and first
Legal threshold value is preset to be compared;
When BIOS, which starts code operation result, meets the first default legal threshold value, start the operating system of VPN device;
Credible password module carries out Hash operation to the startup code of operating system, by os starting code operation result with
Second, which presets legal threshold value, is compared;
When os starting code operation result, which meets second, presets legal threshold value, VPN device normally starts.
Preferably, method includes:
When os starting code operation result, which meets second, presets legal threshold value, also include afterwards:
Start the application program of VPN device;
Credible password module carries out Hash operation to the startup code of application program, by application program launching code operation result with
3rd, which presets legal threshold value, is compared;
When application program launching code operation result, which meets the 3rd, presets legal threshold value, VPN device normally starts.
Preferably, method includes:
When BIOS, which starts code operation result, is unsatisfactory for the first default legal threshold value, VPN device stops starting.
Preferably, method includes:
When os starting code operation result, which is unsatisfactory for second, presets legal threshold value, VPN device stops starting.
Preferably, method includes:
When application program launching code operation result, which is unsatisfactory for the 3rd, presets legal threshold value, VPN device stops starting.
Preferably, method includes:
Hash operation uses MD5, SHA-1, SHA-2, SHA-256, SHA-512, SHA-3, RIPEMD one or more combinations.
Preferably, credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code computing knot
The method that fruit is compared with the first default legal threshold value also includes:
Credible password module is that BIOS/firmware configures the first memory for presetting legal threshold value, by BIOS/firmware in start-up course
Start code storage to prestore to memory to memory, and by the legal threshold value of parameters;The startup code of BIOS/firmware
Including:BIOS starts code parameter, BIOS boot parameters, bios version parameter, BIOS master clocks parameter, VPN device mainboard ginseng
Number;
Using Hash operation, computing is carried out according to the operating procedure of the startup code of BIOS/firmware, and to each step operation after
Operation result and the legal threshold value of memory storage be compared;
If current procedures meet legal threshold value, continue to load next BIOS/firmware start-up parameter, otherwise not under
One BIOS/firmware start-up parameter is loaded, and terminates VPN device stopping startup.
Preferably, credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code fortune
The method that calculation result is compared with the first default legal threshold value also includes:
The startup code of BIOS/firmware is loaded, BIOS startups code parameter is converted to BIOS and starts code ginseng by credible password module
Number cryptographic Hash, BIOS starts code parameter cryptographic Hash and is compared with the legal threshold value in memory, if meeting legal threshold value,
BIOS boot parameters are then loaded, BIOS boot parameters are converted to BIOS boot parameter cryptographic Hash by credible password module, and BIOS draws
Lead parameter cryptographic Hash to be compared with the legal threshold value in memory, if meeting legal threshold value, load bios version parameter,
Bios version Parameter Switch is bios version parameter cryptographic Hash, bios version parameter cryptographic Hash and memory by credible password module
In legal threshold value be compared, if meeting legal threshold value, load BIOS master clock parameters, credible password module is by BIOS
Master clock Parameter Switch is BIOS master clock parameter cryptographic Hash, BIOS master clock parameter cryptographic Hash and the legal threshold value in memory
It is compared, if meeting legal threshold value, loads VPN device mainboard parameter, credible password module is by VPN device mainboard parameter
VPN device mainboard parameter cryptographic Hash is converted to, VPN device mainboard parameter cryptographic Hash is compared with the legal threshold value in memory
It is right, if meeting legal threshold value, the start completion of BIOS/firmware;
Above-mentioned parameter is such as unsatisfactory for legal threshold value, terminates VPN device and stops starting.
A kind of VPN device secure startup system, including:VPN device starting module, credible password module starts and performs mould
Block;
VPN device starting module is used to make electric in VPN device, startup BIOS/firmware;
Credible password module is used to carry out Hash operation to the startup code of BIOS/firmware, by BIOS start code operation result with
First, which presets legal threshold value, is compared;
When BIOS, which starts code operation result, meets the first default legal threshold value, start the behaviour that performing module starts VPN device
Make system;
Credible password module carries out Hash operation to the startup code of operating system, by os starting code operation result with
Second, which presets legal threshold value, is compared;
When os starting code operation result, which meets second, presets legal threshold value, starting performing module makes VPN device just
Often start.
Preferably, credible password module includes:Memory, Parameter Switch module, parameter presetting module;
Memory is used for the startup code for storing BIOS/firmware in VPN device start-up course, the startup code of operating system, application
Legal threshold value is preset in the startup code of program, and storage first, and second presets legal threshold value, and the 3rd presets legal threshold value;
Parameter presetting module is used for the startup code according to BIOS/firmware, the startup code of operating system, the startup of application program
Code corresponds to default first and presets legal threshold value respectively, and second presets legal threshold value, and the 3rd presets legal threshold value, and will be default
First presets legal threshold value, and second presets legal threshold value, and the 3rd, which presets legal threshold value, stores to memory;
Parameter Switch module is used for the startup code of BIOS/firmware, the startup code of operating system, the startup generation of application program
The other corresponding conversion of code division be BIOS/firmware startup code cryptographic Hash, the startup code cryptographic Hash of operating system, application program
Start code cryptographic Hash, and by the startup code cryptographic Hash of the BIOS/firmware of conversion, the startup code cryptographic Hash of operating system should
Stored with the startup code cryptographic Hash of program to memory;
Credible password module is additionally operable to the startup code cryptographic Hash of the BIOS/firmware in VPN device start-up course, operating system
Startup code cryptographic Hash, the startup code cryptographic Hash of application program is corresponded to respectively presets legal threshold value with default first, the
Two preset legal threshold value, and the 3rd, which presets legal threshold value, is compared.
As can be seen from the above technical solutions, the present invention has advantages below:
VPN device safe starting method carries out parameter by credible password module to BIOS/firmware, operating system and application program
Compare, when only BIOS/firmware, operating system and application program all meet legal threshold value, VPN could normally start.Protect VPN
Equipment is avoided by rogue attacks on startup, ensure that private network accesses it is legal with it is reliable, it is ensured that information security.Using can
Believe that crypto module, as credible calculating platform, reliable and secure computational space and memory space is provided for cryptographic algorithm, makes computing
It is more safe and reliable with storing;The close algorithm of state built in credible password module, starts VPN device more autonomous controllable simultaneously,
It is safe and reliable.
Brief description of the drawings
In order to illustrate more clearly of technical scheme, it will make simple to the required accompanying drawing used in description below
Introduce on ground, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for ordinary skill
For personnel, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is VPN device safe starting method flow chart;
Fig. 2 is VPN device safe starting method embodiment method flow diagram;
Fig. 3 is VPN device secure startup system overall schematic.
Embodiment
, below will be with specific to enable goal of the invention, feature, the advantage of the present invention more obvious and understandable
Embodiment and accompanying drawing, the technical scheme that the present invention is protected are clearly and completely described, it is clear that implementation disclosed below
Example is only a part of embodiment of the invention, and not all embodiment.Based on the embodiment in this patent, the common skill in this area
All other embodiment that art personnel are obtained under the premise of creative work is not made, belongs to the model of this patent protection
Enclose.
The present embodiment provides a kind of VPN device safe starting method, as shown in figure 1, method includes:
S1:It is electric in VPN device, start BIOS/firmware;
S2:Credible password module carries out Hash operation to the startup code of BIOS/firmware, by BIOS start code operation result with
First, which presets legal threshold value, is compared;
S3:When BIOS, which starts code operation result, meets the first default legal threshold value, start the operating system of VPN device;
When BIOS, which starts code operation result, is unsatisfactory for the first default legal threshold value, VPN device stops starting.
S4:Credible password module carries out Hash operation to the startup code of operating system, and os starting code is transported
Result is calculated to be compared with the second default legal threshold value;
S5:When os starting code operation result, which meets second, presets legal threshold value, VPN device normally starts.
When os starting code operation result, which is unsatisfactory for second, presets legal threshold value, VPN device stops starting.
So, using credible password module, believable calculating platform is provided for VPN device, and it is available close to provide safety
Code algorithm function, can make credible measurement, whether judge start-up course to BIOS/firmware code, the startup code of operating system
Changed by rogue program.
Credible password module is combined with VPN device, the hash algorithm provided by credible password module, to VPN
Equipment does trust computing, and result of calculation is verified with actual value, so as to ensure the security of start-up course.By trusted cryptography's mould
Block carries out parameter comparison, it is ensured that every grade of code as comparison is trusted to VPN device BIOS/firmware to operating system, application program
Measurement is in legal state.
The present invention also provides a kind of embodiment and specifically included:As shown in Fig. 2
S11:It is electric in VPN device, start BIOS/firmware;
S12:Credible password module carries out Hash operation to the startup code of BIOS/firmware, by BIOS start code operation result with
First, which presets legal threshold value, is compared;
S13:When BIOS, which starts code operation result, meets the first default legal threshold value, start the operating system of VPN device;
S14:Credible password module carries out Hash operation to the startup code of operating system, by os starting code computing knot
Fruit presets legal threshold value with second and is compared;
S15:When os starting code operation result, which meets second, presets legal threshold value, start the application journey of VPN device
Sequence;
S16:Credible password module carries out Hash operation to the startup code of application program, by application program launching code computing knot
Fruit presets legal threshold value with the 3rd and is compared;
S17:When application program launching code operation result, which meets the 3rd, presets legal threshold value, VPN device normally starts.
When application program launching code operation result, which is unsatisfactory for the 3rd, presets legal threshold value, VPN device stops starting.
Hash operation uses MD5, SHA-1, SHA-2, SHA-256, SHA-512, SHA-3, RIPEMD one or more groups
Close.
In above-mentioned two embodiment, credible password module carries out Hash operation to the startup code of BIOS/firmware, by BIOS
The method that startup code operation result is compared with the first default legal threshold value also includes:
Credible password module is that BIOS/firmware configures the first memory for presetting legal threshold value, by BIOS/firmware in start-up course
Start code storage to prestore to memory to memory, and by the legal threshold value of parameters;The startup code of BIOS/firmware
Including:BIOS starts code parameter, BIOS boot parameters, bios version parameter, BIOS master clocks parameter, VPN device mainboard ginseng
Number;
Using Hash operation, computing is carried out according to the operating procedure of the startup code of BIOS/firmware, and to each step operation after
Operation result and the legal threshold value of memory storage be compared;
If current procedures meet legal threshold value, continue to load next BIOS/firmware start-up parameter, otherwise not under
One BIOS/firmware start-up parameter is loaded, and terminates VPN device stopping startup.
Further, credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code
The method that operation result is compared with the first default legal threshold value also includes:
The startup code of BIOS/firmware is loaded, BIOS startups code parameter is converted to BIOS and starts code ginseng by credible password module
Number cryptographic Hash, BIOS starts code parameter cryptographic Hash and is compared with the legal threshold value in memory, if meeting legal threshold value,
BIOS boot parameters are then loaded, BIOS boot parameters are converted to BIOS boot parameter cryptographic Hash by credible password module, and BIOS draws
Lead parameter cryptographic Hash to be compared with the legal threshold value in memory, if meeting legal threshold value, load bios version parameter,
Bios version Parameter Switch is bios version parameter cryptographic Hash, bios version parameter cryptographic Hash and memory by credible password module
In legal threshold value be compared, if meeting legal threshold value, load BIOS master clock parameters, credible password module is by BIOS
Master clock Parameter Switch is BIOS master clock parameter cryptographic Hash, BIOS master clock parameter cryptographic Hash and the legal threshold value in memory
It is compared, if meeting legal threshold value, loads VPN device mainboard parameter, credible password module is by VPN device mainboard parameter
VPN device mainboard parameter cryptographic Hash is converted to, VPN device mainboard parameter cryptographic Hash is compared with the legal threshold value in memory
It is right, if meeting legal threshold value, the start completion of BIOS/firmware;Above-mentioned parameter is such as unsatisfactory for legal threshold value, terminates VPN device and stops
Only start.
The present invention also provides a kind of VPN device secure startup system, as shown in figure 3, including:VPN device starting module 1,
Credible password module 2, starts performing module 3;
VPN device starting module 1 is used to make electric in VPN device, startup BIOS/firmware;
Credible password module 2 is used to carry out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code operation result
Legal threshold value is preset with first to be compared;When BIOS, which starts code operation result, meets the first default legal threshold value, start
Performing module 3 starts the operating system of VPN device;
Credible password module 2 carries out Hash operation to the startup code of operating system, by os starting code operation result
Legal threshold value is preset with second to be compared;When os starting code operation result, which meets second, presets legal threshold value,
Starting performing module 3 makes VPN device normally start.
In the present embodiment, credible password module 2 includes:Memory 6, Parameter Switch module 4, parameter presetting module 5;
Memory 6 is used for the startup code for storing BIOS/firmware in VPN device start-up course, and the startup code of operating system should
Legal threshold value is preset with the startup code of program, and storage first, second presets legal threshold value, and the 3rd presets legal threshold value;
Parameter presetting module 5 is used for the startup code according to BIOS/firmware, the startup code of operating system, the startup of application program
Code corresponds to default first and presets legal threshold value respectively, and second presets legal threshold value, and the 3rd presets legal threshold value, and will be default
First presets legal threshold value, and second presets legal threshold value, and the 3rd, which presets legal threshold value, stores to memory;
Parameter Switch module 4 is used for the startup code of BIOS/firmware, the startup code of operating system, the startup generation of application program
The other corresponding conversion of code division be BIOS/firmware startup code cryptographic Hash, the startup code cryptographic Hash of operating system, application program
Start code cryptographic Hash, and by the startup code cryptographic Hash of the BIOS/firmware of conversion, the startup code cryptographic Hash of operating system should
Stored with the startup code cryptographic Hash of program to memory;
Credible password module is additionally operable to the startup code cryptographic Hash of the BIOS/firmware in VPN device start-up course, operating system
Startup code cryptographic Hash, the startup code cryptographic Hash of application program is corresponded to respectively presets legal threshold value with default first, the
Two preset legal threshold value, and the 3rd, which presets legal threshold value, is compared.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or using the present invention.
A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein
General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, it is of the invention
The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one
The most wide scope caused.
Claims (10)
1. a kind of VPN device safe starting method, it is characterised in that method includes:
It is electric in VPN device, start BIOS/firmware;
Credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code operation result and first
Legal threshold value is preset to be compared;
When BIOS, which starts code operation result, meets the first default legal threshold value, start the operating system of VPN device;
Credible password module carries out Hash operation to the startup code of operating system, by os starting code operation result with
Second, which presets legal threshold value, is compared;
When os starting code operation result, which meets second, presets legal threshold value, VPN device normally starts.
2. VPN device safe starting method according to claim 1, it is characterised in that method includes:
When os starting code operation result, which meets second, presets legal threshold value, also include afterwards:
Start the application program of VPN device;
Credible password module carries out Hash operation to the startup code of application program, by application program launching code operation result with
3rd, which presets legal threshold value, is compared;
When application program launching code operation result, which meets the 3rd, presets legal threshold value, VPN device normally starts.
3. VPN device safe starting method according to claim 1, it is characterised in that method includes:
When BIOS, which starts code operation result, is unsatisfactory for the first default legal threshold value, VPN device stops starting.
4. VPN device safe starting method according to claim 1, it is characterised in that method includes:
When os starting code operation result, which is unsatisfactory for second, presets legal threshold value, VPN device stops starting.
5. VPN device safe starting method according to claim 2, it is characterised in that method includes:
When application program launching code operation result, which is unsatisfactory for the 3rd, presets legal threshold value, VPN device stops starting.
6. the VPN device safe starting method according to claim 1 or 2 or 3 or 4, it is characterised in that method includes:
Hash operation uses MD5, SHA-1, SHA-2, SHA-256, SHA-512, SHA-3, RIPEMD one or more combinations.
7. VPN device safe starting method according to claim 1, it is characterised in that credible password module is solid to BIOS
The startup code of part carries out Hash operation, and BIOS is started into code operation result and first presets the side that legal threshold value is compared
Method also includes:
Credible password module is that BIOS/firmware configures the first memory for presetting legal threshold value, by BIOS/firmware in start-up course
Start code storage to prestore to memory to memory, and by the legal threshold value of parameters;The startup code of BIOS/firmware
Including:BIOS starts code parameter, BIOS boot parameters, bios version parameter, BIOS master clocks parameter, VPN device mainboard ginseng
Number;
Using Hash operation, computing is carried out according to the operating procedure of the startup code of BIOS/firmware, and to each step operation after
Operation result and the legal threshold value of memory storage be compared;
If current procedures meet legal threshold value, continue to load next BIOS/firmware start-up parameter, otherwise not under
One BIOS/firmware start-up parameter is loaded, and terminates VPN device stopping startup.
8. VPN device safe starting method according to claim 7, it is characterised in that
Credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code operation result and first
The method that default legal threshold value is compared also includes:
The startup code of BIOS/firmware is loaded, BIOS startups code parameter is converted to BIOS and starts code ginseng by credible password module
Number cryptographic Hash, BIOS starts code parameter cryptographic Hash and is compared with the legal threshold value in memory, if meeting legal threshold value,
BIOS boot parameters are then loaded, BIOS boot parameters are converted to BIOS boot parameter cryptographic Hash by credible password module, and BIOS draws
Lead parameter cryptographic Hash to be compared with the legal threshold value in memory, if meeting legal threshold value, load bios version parameter,
Bios version Parameter Switch is bios version parameter cryptographic Hash, bios version parameter cryptographic Hash and memory by credible password module
In legal threshold value be compared, if meeting legal threshold value, load BIOS master clock parameters, credible password module is by BIOS
Master clock Parameter Switch is BIOS master clock parameter cryptographic Hash, BIOS master clock parameter cryptographic Hash and the legal threshold value in memory
It is compared, if meeting legal threshold value, loads VPN device mainboard parameter, credible password module is by VPN device mainboard parameter
VPN device mainboard parameter cryptographic Hash is converted to, VPN device mainboard parameter cryptographic Hash is compared with the legal threshold value in memory
It is right, if meeting legal threshold value, the start completion of BIOS/firmware;
Above-mentioned parameter is such as unsatisfactory for legal threshold value, terminates VPN device and stops starting.
9. a kind of VPN device secure startup system, it is characterised in that including:VPN device starting module, credible password module is opened
Dynamic performing module;
VPN device starting module is used to make electric in VPN device, startup BIOS/firmware;
Credible password module is used to carry out Hash operation to the startup code of BIOS/firmware, by BIOS start code operation result with
First, which presets legal threshold value, is compared;
When BIOS, which starts code operation result, meets the first default legal threshold value, start the behaviour that performing module starts VPN device
Make system;
Credible password module carries out Hash operation to the startup code of operating system, by os starting code operation result with
Second, which presets legal threshold value, is compared;
When os starting code operation result, which meets second, presets legal threshold value, starting performing module makes VPN device just
Often start.
10. VPN device secure startup system according to claim 9, it is characterised in that
Credible password module includes:Memory, Parameter Switch module, parameter presetting module;
Memory is used for the startup code for storing BIOS/firmware in VPN device start-up course, the startup code of operating system, application
Legal threshold value is preset in the startup code of program, and storage first, and second presets legal threshold value, and the 3rd presets legal threshold value;
Parameter presetting module is used for the startup code according to BIOS/firmware, the startup code of operating system, the startup of application program
Code corresponds to default first and presets legal threshold value respectively, and second presets legal threshold value, and the 3rd presets legal threshold value, and will be default
First presets legal threshold value, and second presets legal threshold value, and the 3rd, which presets legal threshold value, stores to memory;
Parameter Switch module is used for the startup code of BIOS/firmware, the startup code of operating system, the startup generation of application program
The other corresponding conversion of code division be BIOS/firmware startup code cryptographic Hash, the startup code cryptographic Hash of operating system, application program
Start code cryptographic Hash, and by the startup code cryptographic Hash of the BIOS/firmware of conversion, the startup code cryptographic Hash of operating system should
Stored with the startup code cryptographic Hash of program to memory;
Credible password module is additionally operable to the startup code cryptographic Hash of the BIOS/firmware in VPN device start-up course, operating system
Startup code cryptographic Hash, the startup code cryptographic Hash of application program is corresponded to respectively presets legal threshold value with default first, the
Two preset legal threshold value, and the 3rd, which presets legal threshold value, is compared.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710193656.3A CN107196755A (en) | 2017-03-28 | 2017-03-28 | A kind of VPN device safe starting method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710193656.3A CN107196755A (en) | 2017-03-28 | 2017-03-28 | A kind of VPN device safe starting method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107196755A true CN107196755A (en) | 2017-09-22 |
Family
ID=59870947
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710193656.3A Pending CN107196755A (en) | 2017-03-28 | 2017-03-28 | A kind of VPN device safe starting method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107196755A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111130756A (en) * | 2019-12-30 | 2020-05-08 | 江苏大周基业智能科技有限公司 | Node routing safety management and control system |
CN111399923A (en) * | 2020-03-17 | 2020-07-10 | 天津飞腾信息技术有限公司 | Firmware parameter configuration method and device and electronic equipment |
CN114115506A (en) * | 2020-08-28 | 2022-03-01 | 瑞昱半导体股份有限公司 | Computer system, electronic device and state restoring method |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080126802A1 (en) * | 2006-07-03 | 2008-05-29 | Lenovo (Beijing) Limited | Inter-system binding method and application based on hardware security unit |
CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
CN103747036A (en) * | 2013-12-23 | 2014-04-23 | 中国航天科工集团第二研究院七〇六所 | Trusted security enhancement method in desktop virtualization environment |
CN104158791A (en) * | 2013-05-14 | 2014-11-19 | 北大方正集团有限公司 | Safe communication authentication method and system in distributed environment |
CN104751063A (en) * | 2014-12-31 | 2015-07-01 | 国家电网公司 | Operation system trusted guide method based on real mode technology |
CN104966022A (en) * | 2015-06-12 | 2015-10-07 | 浪潮电子信息产业股份有限公司 | Chain-of-trust construction method and device based on chip |
-
2017
- 2017-03-28 CN CN201710193656.3A patent/CN107196755A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080126802A1 (en) * | 2006-07-03 | 2008-05-29 | Lenovo (Beijing) Limited | Inter-system binding method and application based on hardware security unit |
CN102332070A (en) * | 2011-09-30 | 2012-01-25 | 中国人民解放军海军计算技术研究所 | Trust chain transfer method for trusted computing platform |
CN104158791A (en) * | 2013-05-14 | 2014-11-19 | 北大方正集团有限公司 | Safe communication authentication method and system in distributed environment |
CN103747036A (en) * | 2013-12-23 | 2014-04-23 | 中国航天科工集团第二研究院七〇六所 | Trusted security enhancement method in desktop virtualization environment |
CN104751063A (en) * | 2014-12-31 | 2015-07-01 | 国家电网公司 | Operation system trusted guide method based on real mode technology |
CN104966022A (en) * | 2015-06-12 | 2015-10-07 | 浪潮电子信息产业股份有限公司 | Chain-of-trust construction method and device based on chip |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111130756A (en) * | 2019-12-30 | 2020-05-08 | 江苏大周基业智能科技有限公司 | Node routing safety management and control system |
CN111399923A (en) * | 2020-03-17 | 2020-07-10 | 天津飞腾信息技术有限公司 | Firmware parameter configuration method and device and electronic equipment |
CN114115506A (en) * | 2020-08-28 | 2022-03-01 | 瑞昱半导体股份有限公司 | Computer system, electronic device and state restoring method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104462965B (en) | Application integrity verification method and the network equipment | |
CN103595530B (en) | Software secret key updating method and device | |
US8966642B2 (en) | Trust verification of a computing platform using a peripheral device | |
US7913086B2 (en) | Method for remote message attestation in a communication system | |
CN103902915B (en) | Trustable industrial control terminal and establishing method thereof | |
US20220006653A1 (en) | System and methods for confidential computing | |
EP4047493A1 (en) | Software integrity protection and verification method, and device | |
CN107196755A (en) | A kind of VPN device safe starting method and system | |
Dave et al. | Sracare: Secure remote attestation with code authentication and resilience engine | |
CN101789939B (en) | Effective realization method for credible OpenSSH | |
Wang et al. | A survey of secure boot schemes for embedded devices | |
Liao et al. | Toward authenticating the master in the modbus protocol | |
CN101834852B (en) | Realization method of credible OpenSSH for protecting platform information | |
CN101582765B (en) | User bound portable trusted mobile device | |
CN117556430B (en) | Safe starting method, device, equipment and storage medium | |
CN112269980B (en) | Processor architecture | |
Crocetti et al. | A novel and robust security approach for authentication, integrity, and confidentiality of Lithium-ion Battery Management Systems | |
CN108549551A (en) | A kind of the startup method, apparatus and equipment of server network interface card | |
CN113961939B (en) | Method and system for protecting safety of embedded operating system | |
CN113676446B (en) | Communication network safety error-proof control method, system, electronic equipment and medium | |
WO2019183980A1 (en) | Technologies for securing network function virtualization images | |
CN112257119B (en) | Identity authentication method and protection method for ensuring security of encryption device | |
CN115061711A (en) | Upgrading method and device for intelligent charging pile | |
Shang et al. | The research and application of trusted startup of embedded TPM | |
CN114329522A (en) | Private key protection method, device, system and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170922 |