CN107196755A - A kind of VPN device safe starting method and system - Google Patents

A kind of VPN device safe starting method and system Download PDF

Info

Publication number
CN107196755A
CN107196755A CN201710193656.3A CN201710193656A CN107196755A CN 107196755 A CN107196755 A CN 107196755A CN 201710193656 A CN201710193656 A CN 201710193656A CN 107196755 A CN107196755 A CN 107196755A
Authority
CN
China
Prior art keywords
bios
threshold value
code
vpn device
legal threshold
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710193656.3A
Other languages
Chinese (zh)
Inventor
刘强
蒋海波
朱书杉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Chaoyue Numerical Control Electronics Co Ltd
Original Assignee
Shandong Chaoyue Numerical Control Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Chaoyue Numerical Control Electronics Co Ltd filed Critical Shandong Chaoyue Numerical Control Electronics Co Ltd
Priority to CN201710193656.3A priority Critical patent/CN107196755A/en
Publication of CN107196755A publication Critical patent/CN107196755A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides electricity in a kind of VPN device safe starting method and system, VPN device, starts BIOS/firmware;Credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code operation result is compared with the first default legal threshold value;When BIOS, which starts code operation result, meets the first default legal threshold value, start the operating system of VPN device;Credible password module carries out Hash operation to the startup code of operating system, and os starting code operation result is preset into legal threshold value with second is compared;When os starting code operation result, which meets second, presets legal threshold value, VPN device normally starts.Present invention protection VPN device is avoided by rogue attacks on startup, ensure that private network accesses it is legal with it is reliable, it is ensured that information security.

Description

A kind of VPN device safe starting method and system
Technical field
The present invention relates to the cryptographic algorithm field of VPN device, more particularly to a kind of VPN device safe starting method and it is System.
Background technology
With the fast development of modern network technology, the network interconnection has become a kind of irresistible trend, but this Mutual contact mode is highly prone to various attacks, causes the unauthorized access to internal network and information leakage.VPN English full name be Virtual Private Network, VPN is used as basic transmission using the network (such as Internet) of Common Open Media, protect the private information transmitted on public network not to be stolen and distort by encrypting and verifying network traffics, So as to provide the network service similar to private network (Private Network) performance to end user, but if starting Stage will seriously be threatened by malicious attack, the access of private network, therefore, how safe and reliable VPN device It is assistant officer's technical problem to be solved instantly.
The content of the invention
In order to overcome above-mentioned deficiency of the prior art, the present invention provides a kind of VPN device safe starting method, method bag Include:
It is electric in VPN device, start BIOS/firmware;
Credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code operation result and first Legal threshold value is preset to be compared;
When BIOS, which starts code operation result, meets the first default legal threshold value, start the operating system of VPN device;
Credible password module carries out Hash operation to the startup code of operating system, by os starting code operation result with Second, which presets legal threshold value, is compared;
When os starting code operation result, which meets second, presets legal threshold value, VPN device normally starts.
Preferably, method includes:
When os starting code operation result, which meets second, presets legal threshold value, also include afterwards:
Start the application program of VPN device;
Credible password module carries out Hash operation to the startup code of application program, by application program launching code operation result with 3rd, which presets legal threshold value, is compared;
When application program launching code operation result, which meets the 3rd, presets legal threshold value, VPN device normally starts.
Preferably, method includes:
When BIOS, which starts code operation result, is unsatisfactory for the first default legal threshold value, VPN device stops starting.
Preferably, method includes:
When os starting code operation result, which is unsatisfactory for second, presets legal threshold value, VPN device stops starting.
Preferably, method includes:
When application program launching code operation result, which is unsatisfactory for the 3rd, presets legal threshold value, VPN device stops starting.
Preferably, method includes:
Hash operation uses MD5, SHA-1, SHA-2, SHA-256, SHA-512, SHA-3, RIPEMD one or more combinations.
Preferably, credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code computing knot The method that fruit is compared with the first default legal threshold value also includes:
Credible password module is that BIOS/firmware configures the first memory for presetting legal threshold value, by BIOS/firmware in start-up course Start code storage to prestore to memory to memory, and by the legal threshold value of parameters;The startup code of BIOS/firmware Including:BIOS starts code parameter, BIOS boot parameters, bios version parameter, BIOS master clocks parameter, VPN device mainboard ginseng Number;
Using Hash operation, computing is carried out according to the operating procedure of the startup code of BIOS/firmware, and to each step operation after Operation result and the legal threshold value of memory storage be compared;
If current procedures meet legal threshold value, continue to load next BIOS/firmware start-up parameter, otherwise not under One BIOS/firmware start-up parameter is loaded, and terminates VPN device stopping startup.
Preferably, credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code fortune The method that calculation result is compared with the first default legal threshold value also includes:
The startup code of BIOS/firmware is loaded, BIOS startups code parameter is converted to BIOS and starts code ginseng by credible password module Number cryptographic Hash, BIOS starts code parameter cryptographic Hash and is compared with the legal threshold value in memory, if meeting legal threshold value, BIOS boot parameters are then loaded, BIOS boot parameters are converted to BIOS boot parameter cryptographic Hash by credible password module, and BIOS draws Lead parameter cryptographic Hash to be compared with the legal threshold value in memory, if meeting legal threshold value, load bios version parameter, Bios version Parameter Switch is bios version parameter cryptographic Hash, bios version parameter cryptographic Hash and memory by credible password module In legal threshold value be compared, if meeting legal threshold value, load BIOS master clock parameters, credible password module is by BIOS Master clock Parameter Switch is BIOS master clock parameter cryptographic Hash, BIOS master clock parameter cryptographic Hash and the legal threshold value in memory It is compared, if meeting legal threshold value, loads VPN device mainboard parameter, credible password module is by VPN device mainboard parameter VPN device mainboard parameter cryptographic Hash is converted to, VPN device mainboard parameter cryptographic Hash is compared with the legal threshold value in memory It is right, if meeting legal threshold value, the start completion of BIOS/firmware;
Above-mentioned parameter is such as unsatisfactory for legal threshold value, terminates VPN device and stops starting.
A kind of VPN device secure startup system, including:VPN device starting module, credible password module starts and performs mould Block;
VPN device starting module is used to make electric in VPN device, startup BIOS/firmware;
Credible password module is used to carry out Hash operation to the startup code of BIOS/firmware, by BIOS start code operation result with First, which presets legal threshold value, is compared;
When BIOS, which starts code operation result, meets the first default legal threshold value, start the behaviour that performing module starts VPN device Make system;
Credible password module carries out Hash operation to the startup code of operating system, by os starting code operation result with Second, which presets legal threshold value, is compared;
When os starting code operation result, which meets second, presets legal threshold value, starting performing module makes VPN device just Often start.
Preferably, credible password module includes:Memory, Parameter Switch module, parameter presetting module;
Memory is used for the startup code for storing BIOS/firmware in VPN device start-up course, the startup code of operating system, application Legal threshold value is preset in the startup code of program, and storage first, and second presets legal threshold value, and the 3rd presets legal threshold value;
Parameter presetting module is used for the startup code according to BIOS/firmware, the startup code of operating system, the startup of application program Code corresponds to default first and presets legal threshold value respectively, and second presets legal threshold value, and the 3rd presets legal threshold value, and will be default First presets legal threshold value, and second presets legal threshold value, and the 3rd, which presets legal threshold value, stores to memory;
Parameter Switch module is used for the startup code of BIOS/firmware, the startup code of operating system, the startup generation of application program The other corresponding conversion of code division be BIOS/firmware startup code cryptographic Hash, the startup code cryptographic Hash of operating system, application program Start code cryptographic Hash, and by the startup code cryptographic Hash of the BIOS/firmware of conversion, the startup code cryptographic Hash of operating system should Stored with the startup code cryptographic Hash of program to memory;
Credible password module is additionally operable to the startup code cryptographic Hash of the BIOS/firmware in VPN device start-up course, operating system Startup code cryptographic Hash, the startup code cryptographic Hash of application program is corresponded to respectively presets legal threshold value with default first, the Two preset legal threshold value, and the 3rd, which presets legal threshold value, is compared.
As can be seen from the above technical solutions, the present invention has advantages below:
VPN device safe starting method carries out parameter by credible password module to BIOS/firmware, operating system and application program Compare, when only BIOS/firmware, operating system and application program all meet legal threshold value, VPN could normally start.Protect VPN Equipment is avoided by rogue attacks on startup, ensure that private network accesses it is legal with it is reliable, it is ensured that information security.Using can Believe that crypto module, as credible calculating platform, reliable and secure computational space and memory space is provided for cryptographic algorithm, makes computing It is more safe and reliable with storing;The close algorithm of state built in credible password module, starts VPN device more autonomous controllable simultaneously, It is safe and reliable.
Brief description of the drawings
In order to illustrate more clearly of technical scheme, it will make simple to the required accompanying drawing used in description below Introduce on ground, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for ordinary skill For personnel, on the premise of not paying creative work, other accompanying drawings can also be obtained according to these accompanying drawings.
Fig. 1 is VPN device safe starting method flow chart;
Fig. 2 is VPN device safe starting method embodiment method flow diagram;
Fig. 3 is VPN device secure startup system overall schematic.
Embodiment
, below will be with specific to enable goal of the invention, feature, the advantage of the present invention more obvious and understandable Embodiment and accompanying drawing, the technical scheme that the present invention is protected are clearly and completely described, it is clear that implementation disclosed below Example is only a part of embodiment of the invention, and not all embodiment.Based on the embodiment in this patent, the common skill in this area All other embodiment that art personnel are obtained under the premise of creative work is not made, belongs to the model of this patent protection Enclose.
The present embodiment provides a kind of VPN device safe starting method, as shown in figure 1, method includes:
S1:It is electric in VPN device, start BIOS/firmware;
S2:Credible password module carries out Hash operation to the startup code of BIOS/firmware, by BIOS start code operation result with First, which presets legal threshold value, is compared;
S3:When BIOS, which starts code operation result, meets the first default legal threshold value, start the operating system of VPN device;
When BIOS, which starts code operation result, is unsatisfactory for the first default legal threshold value, VPN device stops starting.
S4:Credible password module carries out Hash operation to the startup code of operating system, and os starting code is transported Result is calculated to be compared with the second default legal threshold value;
S5:When os starting code operation result, which meets second, presets legal threshold value, VPN device normally starts.
When os starting code operation result, which is unsatisfactory for second, presets legal threshold value, VPN device stops starting.
So, using credible password module, believable calculating platform is provided for VPN device, and it is available close to provide safety Code algorithm function, can make credible measurement, whether judge start-up course to BIOS/firmware code, the startup code of operating system Changed by rogue program.
Credible password module is combined with VPN device, the hash algorithm provided by credible password module, to VPN Equipment does trust computing, and result of calculation is verified with actual value, so as to ensure the security of start-up course.By trusted cryptography's mould Block carries out parameter comparison, it is ensured that every grade of code as comparison is trusted to VPN device BIOS/firmware to operating system, application program Measurement is in legal state.
The present invention also provides a kind of embodiment and specifically included:As shown in Fig. 2
S11:It is electric in VPN device, start BIOS/firmware;
S12:Credible password module carries out Hash operation to the startup code of BIOS/firmware, by BIOS start code operation result with First, which presets legal threshold value, is compared;
S13:When BIOS, which starts code operation result, meets the first default legal threshold value, start the operating system of VPN device;
S14:Credible password module carries out Hash operation to the startup code of operating system, by os starting code computing knot Fruit presets legal threshold value with second and is compared;
S15:When os starting code operation result, which meets second, presets legal threshold value, start the application journey of VPN device Sequence;
S16:Credible password module carries out Hash operation to the startup code of application program, by application program launching code computing knot Fruit presets legal threshold value with the 3rd and is compared;
S17:When application program launching code operation result, which meets the 3rd, presets legal threshold value, VPN device normally starts.
When application program launching code operation result, which is unsatisfactory for the 3rd, presets legal threshold value, VPN device stops starting.
Hash operation uses MD5, SHA-1, SHA-2, SHA-256, SHA-512, SHA-3, RIPEMD one or more groups Close.
In above-mentioned two embodiment, credible password module carries out Hash operation to the startup code of BIOS/firmware, by BIOS The method that startup code operation result is compared with the first default legal threshold value also includes:
Credible password module is that BIOS/firmware configures the first memory for presetting legal threshold value, by BIOS/firmware in start-up course Start code storage to prestore to memory to memory, and by the legal threshold value of parameters;The startup code of BIOS/firmware Including:BIOS starts code parameter, BIOS boot parameters, bios version parameter, BIOS master clocks parameter, VPN device mainboard ginseng Number;
Using Hash operation, computing is carried out according to the operating procedure of the startup code of BIOS/firmware, and to each step operation after Operation result and the legal threshold value of memory storage be compared;
If current procedures meet legal threshold value, continue to load next BIOS/firmware start-up parameter, otherwise not under One BIOS/firmware start-up parameter is loaded, and terminates VPN device stopping startup.
Further, credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code The method that operation result is compared with the first default legal threshold value also includes:
The startup code of BIOS/firmware is loaded, BIOS startups code parameter is converted to BIOS and starts code ginseng by credible password module Number cryptographic Hash, BIOS starts code parameter cryptographic Hash and is compared with the legal threshold value in memory, if meeting legal threshold value, BIOS boot parameters are then loaded, BIOS boot parameters are converted to BIOS boot parameter cryptographic Hash by credible password module, and BIOS draws Lead parameter cryptographic Hash to be compared with the legal threshold value in memory, if meeting legal threshold value, load bios version parameter, Bios version Parameter Switch is bios version parameter cryptographic Hash, bios version parameter cryptographic Hash and memory by credible password module In legal threshold value be compared, if meeting legal threshold value, load BIOS master clock parameters, credible password module is by BIOS Master clock Parameter Switch is BIOS master clock parameter cryptographic Hash, BIOS master clock parameter cryptographic Hash and the legal threshold value in memory It is compared, if meeting legal threshold value, loads VPN device mainboard parameter, credible password module is by VPN device mainboard parameter VPN device mainboard parameter cryptographic Hash is converted to, VPN device mainboard parameter cryptographic Hash is compared with the legal threshold value in memory It is right, if meeting legal threshold value, the start completion of BIOS/firmware;Above-mentioned parameter is such as unsatisfactory for legal threshold value, terminates VPN device and stops Only start.
The present invention also provides a kind of VPN device secure startup system, as shown in figure 3, including:VPN device starting module 1, Credible password module 2, starts performing module 3;
VPN device starting module 1 is used to make electric in VPN device, startup BIOS/firmware;
Credible password module 2 is used to carry out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code operation result Legal threshold value is preset with first to be compared;When BIOS, which starts code operation result, meets the first default legal threshold value, start Performing module 3 starts the operating system of VPN device;
Credible password module 2 carries out Hash operation to the startup code of operating system, by os starting code operation result Legal threshold value is preset with second to be compared;When os starting code operation result, which meets second, presets legal threshold value, Starting performing module 3 makes VPN device normally start.
In the present embodiment, credible password module 2 includes:Memory 6, Parameter Switch module 4, parameter presetting module 5;
Memory 6 is used for the startup code for storing BIOS/firmware in VPN device start-up course, and the startup code of operating system should Legal threshold value is preset with the startup code of program, and storage first, second presets legal threshold value, and the 3rd presets legal threshold value;
Parameter presetting module 5 is used for the startup code according to BIOS/firmware, the startup code of operating system, the startup of application program Code corresponds to default first and presets legal threshold value respectively, and second presets legal threshold value, and the 3rd presets legal threshold value, and will be default First presets legal threshold value, and second presets legal threshold value, and the 3rd, which presets legal threshold value, stores to memory;
Parameter Switch module 4 is used for the startup code of BIOS/firmware, the startup code of operating system, the startup generation of application program The other corresponding conversion of code division be BIOS/firmware startup code cryptographic Hash, the startup code cryptographic Hash of operating system, application program Start code cryptographic Hash, and by the startup code cryptographic Hash of the BIOS/firmware of conversion, the startup code cryptographic Hash of operating system should Stored with the startup code cryptographic Hash of program to memory;
Credible password module is additionally operable to the startup code cryptographic Hash of the BIOS/firmware in VPN device start-up course, operating system Startup code cryptographic Hash, the startup code cryptographic Hash of application program is corresponded to respectively presets legal threshold value with default first, the Two preset legal threshold value, and the 3rd, which presets legal threshold value, is compared.
The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field to realize or using the present invention. A variety of modifications to these embodiments will be apparent for those skilled in the art, as defined herein General Principle can be realized in other embodiments without departing from the spirit or scope of the present invention.Therefore, it is of the invention The embodiments shown herein is not intended to be limited to, and is to fit to and principles disclosed herein and features of novelty phase one The most wide scope caused.

Claims (10)

1. a kind of VPN device safe starting method, it is characterised in that method includes:
It is electric in VPN device, start BIOS/firmware;
Credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code operation result and first Legal threshold value is preset to be compared;
When BIOS, which starts code operation result, meets the first default legal threshold value, start the operating system of VPN device;
Credible password module carries out Hash operation to the startup code of operating system, by os starting code operation result with Second, which presets legal threshold value, is compared;
When os starting code operation result, which meets second, presets legal threshold value, VPN device normally starts.
2. VPN device safe starting method according to claim 1, it is characterised in that method includes:
When os starting code operation result, which meets second, presets legal threshold value, also include afterwards:
Start the application program of VPN device;
Credible password module carries out Hash operation to the startup code of application program, by application program launching code operation result with 3rd, which presets legal threshold value, is compared;
When application program launching code operation result, which meets the 3rd, presets legal threshold value, VPN device normally starts.
3. VPN device safe starting method according to claim 1, it is characterised in that method includes:
When BIOS, which starts code operation result, is unsatisfactory for the first default legal threshold value, VPN device stops starting.
4. VPN device safe starting method according to claim 1, it is characterised in that method includes:
When os starting code operation result, which is unsatisfactory for second, presets legal threshold value, VPN device stops starting.
5. VPN device safe starting method according to claim 2, it is characterised in that method includes:
When application program launching code operation result, which is unsatisfactory for the 3rd, presets legal threshold value, VPN device stops starting.
6. the VPN device safe starting method according to claim 1 or 2 or 3 or 4, it is characterised in that method includes:
Hash operation uses MD5, SHA-1, SHA-2, SHA-256, SHA-512, SHA-3, RIPEMD one or more combinations.
7. VPN device safe starting method according to claim 1, it is characterised in that credible password module is solid to BIOS The startup code of part carries out Hash operation, and BIOS is started into code operation result and first presets the side that legal threshold value is compared Method also includes:
Credible password module is that BIOS/firmware configures the first memory for presetting legal threshold value, by BIOS/firmware in start-up course Start code storage to prestore to memory to memory, and by the legal threshold value of parameters;The startup code of BIOS/firmware Including:BIOS starts code parameter, BIOS boot parameters, bios version parameter, BIOS master clocks parameter, VPN device mainboard ginseng Number;
Using Hash operation, computing is carried out according to the operating procedure of the startup code of BIOS/firmware, and to each step operation after Operation result and the legal threshold value of memory storage be compared;
If current procedures meet legal threshold value, continue to load next BIOS/firmware start-up parameter, otherwise not under One BIOS/firmware start-up parameter is loaded, and terminates VPN device stopping startup.
8. VPN device safe starting method according to claim 7, it is characterised in that
Credible password module carries out Hash operation to the startup code of BIOS/firmware, and BIOS is started into code operation result and first The method that default legal threshold value is compared also includes:
The startup code of BIOS/firmware is loaded, BIOS startups code parameter is converted to BIOS and starts code ginseng by credible password module Number cryptographic Hash, BIOS starts code parameter cryptographic Hash and is compared with the legal threshold value in memory, if meeting legal threshold value, BIOS boot parameters are then loaded, BIOS boot parameters are converted to BIOS boot parameter cryptographic Hash by credible password module, and BIOS draws Lead parameter cryptographic Hash to be compared with the legal threshold value in memory, if meeting legal threshold value, load bios version parameter, Bios version Parameter Switch is bios version parameter cryptographic Hash, bios version parameter cryptographic Hash and memory by credible password module In legal threshold value be compared, if meeting legal threshold value, load BIOS master clock parameters, credible password module is by BIOS Master clock Parameter Switch is BIOS master clock parameter cryptographic Hash, BIOS master clock parameter cryptographic Hash and the legal threshold value in memory It is compared, if meeting legal threshold value, loads VPN device mainboard parameter, credible password module is by VPN device mainboard parameter VPN device mainboard parameter cryptographic Hash is converted to, VPN device mainboard parameter cryptographic Hash is compared with the legal threshold value in memory It is right, if meeting legal threshold value, the start completion of BIOS/firmware;
Above-mentioned parameter is such as unsatisfactory for legal threshold value, terminates VPN device and stops starting.
9. a kind of VPN device secure startup system, it is characterised in that including:VPN device starting module, credible password module is opened Dynamic performing module;
VPN device starting module is used to make electric in VPN device, startup BIOS/firmware;
Credible password module is used to carry out Hash operation to the startup code of BIOS/firmware, by BIOS start code operation result with First, which presets legal threshold value, is compared;
When BIOS, which starts code operation result, meets the first default legal threshold value, start the behaviour that performing module starts VPN device Make system;
Credible password module carries out Hash operation to the startup code of operating system, by os starting code operation result with Second, which presets legal threshold value, is compared;
When os starting code operation result, which meets second, presets legal threshold value, starting performing module makes VPN device just Often start.
10. VPN device secure startup system according to claim 9, it is characterised in that
Credible password module includes:Memory, Parameter Switch module, parameter presetting module;
Memory is used for the startup code for storing BIOS/firmware in VPN device start-up course, the startup code of operating system, application Legal threshold value is preset in the startup code of program, and storage first, and second presets legal threshold value, and the 3rd presets legal threshold value;
Parameter presetting module is used for the startup code according to BIOS/firmware, the startup code of operating system, the startup of application program Code corresponds to default first and presets legal threshold value respectively, and second presets legal threshold value, and the 3rd presets legal threshold value, and will be default First presets legal threshold value, and second presets legal threshold value, and the 3rd, which presets legal threshold value, stores to memory;
Parameter Switch module is used for the startup code of BIOS/firmware, the startup code of operating system, the startup generation of application program The other corresponding conversion of code division be BIOS/firmware startup code cryptographic Hash, the startup code cryptographic Hash of operating system, application program Start code cryptographic Hash, and by the startup code cryptographic Hash of the BIOS/firmware of conversion, the startup code cryptographic Hash of operating system should Stored with the startup code cryptographic Hash of program to memory;
Credible password module is additionally operable to the startup code cryptographic Hash of the BIOS/firmware in VPN device start-up course, operating system Startup code cryptographic Hash, the startup code cryptographic Hash of application program is corresponded to respectively presets legal threshold value with default first, the Two preset legal threshold value, and the 3rd, which presets legal threshold value, is compared.
CN201710193656.3A 2017-03-28 2017-03-28 A kind of VPN device safe starting method and system Pending CN107196755A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710193656.3A CN107196755A (en) 2017-03-28 2017-03-28 A kind of VPN device safe starting method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710193656.3A CN107196755A (en) 2017-03-28 2017-03-28 A kind of VPN device safe starting method and system

Publications (1)

Publication Number Publication Date
CN107196755A true CN107196755A (en) 2017-09-22

Family

ID=59870947

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710193656.3A Pending CN107196755A (en) 2017-03-28 2017-03-28 A kind of VPN device safe starting method and system

Country Status (1)

Country Link
CN (1) CN107196755A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111130756A (en) * 2019-12-30 2020-05-08 江苏大周基业智能科技有限公司 Node routing safety management and control system
CN111399923A (en) * 2020-03-17 2020-07-10 天津飞腾信息技术有限公司 Firmware parameter configuration method and device and electronic equipment
CN114115506A (en) * 2020-08-28 2022-03-01 瑞昱半导体股份有限公司 Computer system, electronic device and state restoring method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080126802A1 (en) * 2006-07-03 2008-05-29 Lenovo (Beijing) Limited Inter-system binding method and application based on hardware security unit
CN102332070A (en) * 2011-09-30 2012-01-25 中国人民解放军海军计算技术研究所 Trust chain transfer method for trusted computing platform
CN103747036A (en) * 2013-12-23 2014-04-23 中国航天科工集团第二研究院七〇六所 Trusted security enhancement method in desktop virtualization environment
CN104158791A (en) * 2013-05-14 2014-11-19 北大方正集团有限公司 Safe communication authentication method and system in distributed environment
CN104751063A (en) * 2014-12-31 2015-07-01 国家电网公司 Operation system trusted guide method based on real mode technology
CN104966022A (en) * 2015-06-12 2015-10-07 浪潮电子信息产业股份有限公司 Chain-of-trust construction method and device based on chip

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080126802A1 (en) * 2006-07-03 2008-05-29 Lenovo (Beijing) Limited Inter-system binding method and application based on hardware security unit
CN102332070A (en) * 2011-09-30 2012-01-25 中国人民解放军海军计算技术研究所 Trust chain transfer method for trusted computing platform
CN104158791A (en) * 2013-05-14 2014-11-19 北大方正集团有限公司 Safe communication authentication method and system in distributed environment
CN103747036A (en) * 2013-12-23 2014-04-23 中国航天科工集团第二研究院七〇六所 Trusted security enhancement method in desktop virtualization environment
CN104751063A (en) * 2014-12-31 2015-07-01 国家电网公司 Operation system trusted guide method based on real mode technology
CN104966022A (en) * 2015-06-12 2015-10-07 浪潮电子信息产业股份有限公司 Chain-of-trust construction method and device based on chip

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111130756A (en) * 2019-12-30 2020-05-08 江苏大周基业智能科技有限公司 Node routing safety management and control system
CN111399923A (en) * 2020-03-17 2020-07-10 天津飞腾信息技术有限公司 Firmware parameter configuration method and device and electronic equipment
CN114115506A (en) * 2020-08-28 2022-03-01 瑞昱半导体股份有限公司 Computer system, electronic device and state restoring method

Similar Documents

Publication Publication Date Title
CN104462965B (en) Application integrity verification method and the network equipment
CN103595530B (en) Software secret key updating method and device
US8966642B2 (en) Trust verification of a computing platform using a peripheral device
US7913086B2 (en) Method for remote message attestation in a communication system
CN103902915B (en) Trustable industrial control terminal and establishing method thereof
US20220006653A1 (en) System and methods for confidential computing
EP4047493A1 (en) Software integrity protection and verification method, and device
CN107196755A (en) A kind of VPN device safe starting method and system
Dave et al. Sracare: Secure remote attestation with code authentication and resilience engine
CN101789939B (en) Effective realization method for credible OpenSSH
Wang et al. A survey of secure boot schemes for embedded devices
Liao et al. Toward authenticating the master in the modbus protocol
CN101834852B (en) Realization method of credible OpenSSH for protecting platform information
CN101582765B (en) User bound portable trusted mobile device
CN117556430B (en) Safe starting method, device, equipment and storage medium
CN112269980B (en) Processor architecture
Crocetti et al. A novel and robust security approach for authentication, integrity, and confidentiality of Lithium-ion Battery Management Systems
CN108549551A (en) A kind of the startup method, apparatus and equipment of server network interface card
CN113961939B (en) Method and system for protecting safety of embedded operating system
CN113676446B (en) Communication network safety error-proof control method, system, electronic equipment and medium
WO2019183980A1 (en) Technologies for securing network function virtualization images
CN112257119B (en) Identity authentication method and protection method for ensuring security of encryption device
CN115061711A (en) Upgrading method and device for intelligent charging pile
Shang et al. The research and application of trusted startup of embedded TPM
CN114329522A (en) Private key protection method, device, system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170922