A kind of method of restricted software access right
Technical field
The invention belongs to computer software technologies, and in particular to a kind of method of restricted software access right.
Background technique
After system manufacturer develops a certain software, it is undesirable to the software of oneself exploitation is run in the product of opponent, so
A series of certification recognition methods can be considered as to avoid the software of oneself from operating in other systems.
In at the prior art, generally use following means: the installation of such as device drives usually goes equipment through BIOS
The ID that SVID (suppliers of the subsystems number) and SSID (Sub-System Number) in controller are set as own home comes and drives binding authentication,
But others the two ID that can be directed through in access equipment controller in this way get identification code, and it is hidden still to there is safety
Suffer from.
Summary of the invention
Goal of the invention: it is an object of the invention to solve the deficiencies in the prior art, providing a kind of restricted software makes
With the method for permission.
Technical solution: a kind of method of restricted software access right of the present invention includes the following steps:
(1) start application program;
(2) identification code in BIOS is obtained, (3) are entered step if obtaining successfully;
(3) judge whether that needing to decrypt acquired identification code classifies identification code if being not required to decrypt, if needing
It decrypts, is classified again after identification code is first decrypted and (whether need to decrypt herein by program developer design initial stage system
One regulation, BIOS and software if necessary are required, and encrypting and decrypting method is consistent, if you do not need to being then all not required to
It wants.So-called classification simultaneously is also customized according to function needs by program developer design initial stage, for example there are many functions, then exist
Multiple corresponding passwords are defined in software, is which password referring finally to what is set in BIOS, which function is just unlocked);
(4) identification code after conversion classification, and corresponding different permission.
The method of the identification code in BIOS is obtained in the step (2) are as follows: some directly in BIOS binary file is solid
The identification code of placement location different rights rank is positioned, then software in the process of implementation, the fixed bit of memory is mapped to from BIOS
Set the authentication information for obtaining and being stored in BIOS binary file.Code is simple in this method, it might even be possible to not pass through BIOS generation
Code direct editing binary file is realized.
The method of the identification code in BIOS is obtained in the step (2) are as follows: the EFI_RUNTIME_ provided with UEFI
The variable of a special meaning is established in EFI_SET_VARIABLE service in SERVICES, according to product and the rank of client,
The identification code (i.e. the content of particular meaning variable) of different rights rank is set, and by the option at the interface BIOS Setup come
Development of user interface;Then the preset password of information and software that software will acquire is compared, if using the side of encryption
Formula stores identification code, needs first to be decrypted in this link.During this, the variable of identification code limited length is only taken up
Area, and can be by the option at the interface BIOS Setup come development of user interface.Herein, the variable of special meaning refer to by
The variable name that BIOS and software developer know, and for defining software.By increase a Setup option, and by this
Setup option is associated with the variable of special meaning so that terminal user can by modify this Setup option come
The identification code being stored in modification BIOS, forms user interface.
The method of the identification code in BIOS is obtained in the step (2) are as follows: identification code is stored in some table of ACPI,
Such as DSDT;Software obtains identification code from ACPI table, and the identification code and preset password that then software will acquire are compared
It is right, the grade that can be used in the system then is determined according to comparison result or the software is not allowed to run.ACPI table is
What dynamic was set up, shutdown disappears, and first two mode identification code is stored in ROM.
In the above process, when obtaining the identification code in BIOS, it can be stored using cipher mode
The utility model has the advantages that the software needs in the present invention detect that run system has certain conditions just and can open pair
For users to use, this well binds software and system the function of answering, and can protect software makes on the platform of license
With without stolen;In addition it is used cooperatively with BIOS, different system hardwares is different, and BIOS is also at will to exchange
Use, this guarantee others cannot at will the BIOS containing authentication information in the system of oneself so that others
It is not available corresponding software application.
To sum up, the software needs in the present invention detect that run system has certain conditions just and can open pair
The function of answering for users to use, well binds software and system, and protection software uses on the platform of license, safety
Rank is high and easy to use.
Detailed description of the invention
Fig. 1 is overall flow schematic diagram of the invention.
Specific embodiment
Technical solution of the present invention is described in detail below, but protection scope of the present invention is not limited to the implementation
Example.
Embodiment 1:
Example is set to be stored in some fixed bit of BIOS binary file:
(1) pocket is divided on the FDF file of UEFI code be used to store identification code (FDF:Flash
Description File describes the file of each block message on ROM);
(2) compiling generates BIOS binary file, updates into test machine, and start to operating system;
(3) software is opened, software corresponding address from ROM obtains identification code;
(4) (12) step is jumped directly to if obtaining failure;
(5) software determines whether to that identification code is decrypted;
(6) (8) step is jumped directly to if not needing;
(7) identification code is decrypted;
(8) final identification code is analyzed, to determine access level;
(9) (12) step is jumped directly to if without access level;
(10) according to access level, the corresponding function privilege of User Exploitation is given;
(11) user's further operating is waited, until exiting software;
(12) access information is had no right in display, exits software;
Embodiment 2:
For being stored in BIOS Setup Variable:
(1) one is newly opened by the EFI_SET_VARIABLE service in EFI_RUNTIME_SERVICES in bios code
A Variable simultaneously opens up Setup option, storage default identification code;
(2) compiling generates BIOS binary file, updates into test machine, and start to operating system;
(3) software is opened, software is serviced by the EFI_GET_VARIABLE in EFI_RUNTIME_SERVICES from ROM
Middle acquisition identification code;
(4) (12) step is jumped directly to if obtaining failure;
(5) software determines whether to that identification code is decrypted;
(6) (8) step is jumped directly to if not needing;
(7) identification code is decrypted;
(8) final identification code is analyzed, to determine access level;
(9) (12) step is jumped directly to if without access level;
(10) according to access level, the corresponding function privilege of User Exploitation is given;
(11) user's further operating is waited, until exiting software
(12) access information is had no right in display, exits software;
(13) restart system, into BIOS Setup, set the Setup option to the identification code of authorization, and start to
Operating system;
(14) step (3)~(12) are repeated;
Embodiment 3:
For being stored in the DSDT table of ACPI:
(1) in the DSDT table of ACPI, the region of memory for having flag bit is newly opened, identification code is used to store;
(2) compiling generates BIOS binary file, updates into test machine, and start to operating system;
(3) software is opened, software is searched the flag bit being arranged in (1) from the DSDT table of ACPI and obtained, and takes identification code;
(4) (12) step is jumped directly to if obtaining failure;
(5) software determines whether to that identification code is decrypted;
(6) (8) step is jumped directly to if not needing;
(7) identification code is decrypted;
(8) final identification code is analyzed, to determine access level;
(9) (12) step is jumped directly to if without access level;
(10) according to access level, the corresponding function privilege of User Exploitation is given;
(11) user's further operating is waited, until exiting software;
(12) access information is had no right in display, exits software.