CN107368715B - A kind of method of restricted software access right - Google Patents
A kind of method of restricted software access right Download PDFInfo
- Publication number
- CN107368715B CN107368715B CN201710825105.4A CN201710825105A CN107368715B CN 107368715 B CN107368715 B CN 107368715B CN 201710825105 A CN201710825105 A CN 201710825105A CN 107368715 B CN107368715 B CN 107368715B
- Authority
- CN
- China
- Prior art keywords
- identification code
- software
- bios
- variable
- access right
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 23
- 238000006243 chemical reaction Methods 0.000 claims abstract description 3
- 238000011161 development Methods 0.000 claims description 3
- 230000006870 function Effects 0.000 description 8
- 238000012360 testing method Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000000060 site-specific infrared dichroism spectroscopy Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
Abstract
A kind of method that the present invention discloses restricted software access right includes the following steps: to start application program;Obtain the identification code in BIOS;Judge whether that needing to decrypt acquired identification code classifies identification code if being not required to decrypt, and if desired decrypts, classifies again after identification code is first decrypted;Identification code after conversion classification, and corresponding different permission.Runs software needs detect that run system has certain conditions and just can open corresponding function for users to use in the present invention, this well binds software and system, can protect software and use on the platform of license, without stolen.
Description
Technical field
The invention belongs to computer software technologies, and in particular to a kind of method of restricted software access right.
Background technique
After system manufacturer develops a certain software, it is undesirable to the software of oneself exploitation is run in the product of opponent, so
A series of certification recognition methods can be considered as to avoid the software of oneself from operating in other systems.
In at the prior art, generally use following means: the installation of such as device drives usually goes equipment through BIOS
The ID that SVID (suppliers of the subsystems number) and SSID (Sub-System Number) in controller are set as own home comes and drives binding authentication,
But others the two ID that can be directed through in access equipment controller in this way get identification code, and it is hidden still to there is safety
Suffer from.
Summary of the invention
Goal of the invention: it is an object of the invention to solve the deficiencies in the prior art, providing a kind of restricted software makes
With the method for permission.
Technical solution: a kind of method of restricted software access right of the present invention includes the following steps:
(1) start application program;
(2) identification code in BIOS is obtained, (3) are entered step if obtaining successfully;
(3) judge whether that needing to decrypt acquired identification code classifies identification code if being not required to decrypt, if needing
It decrypts, is classified again after identification code is first decrypted and (whether need to decrypt herein by program developer design initial stage system
One regulation, BIOS and software if necessary are required, and encrypting and decrypting method is consistent, if you do not need to being then all not required to
It wants.So-called classification simultaneously is also customized according to function needs by program developer design initial stage, for example there are many functions, then exist
Multiple corresponding passwords are defined in software, is which password referring finally to what is set in BIOS, which function is just unlocked);
(4) identification code after conversion classification, and corresponding different permission.
The method of the identification code in BIOS is obtained in the step (2) are as follows: some directly in BIOS binary file is solid
The identification code of placement location different rights rank is positioned, then software in the process of implementation, the fixed bit of memory is mapped to from BIOS
Set the authentication information for obtaining and being stored in BIOS binary file.Code is simple in this method, it might even be possible to not pass through BIOS generation
Code direct editing binary file is realized.
The method of the identification code in BIOS is obtained in the step (2) are as follows: the EFI_RUNTIME_ provided with UEFI
The variable of a special meaning is established in EFI_SET_VARIABLE service in SERVICES, according to product and the rank of client,
The identification code (i.e. the content of particular meaning variable) of different rights rank is set, and by the option at the interface BIOS Setup come
Development of user interface;Then the preset password of information and software that software will acquire is compared, if using the side of encryption
Formula stores identification code, needs first to be decrypted in this link.During this, the variable of identification code limited length is only taken up
Area, and can be by the option at the interface BIOS Setup come development of user interface.Herein, the variable of special meaning refer to by
The variable name that BIOS and software developer know, and for defining software.By increase a Setup option, and by this
Setup option is associated with the variable of special meaning so that terminal user can by modify this Setup option come
The identification code being stored in modification BIOS, forms user interface.
The method of the identification code in BIOS is obtained in the step (2) are as follows: identification code is stored in some table of ACPI,
Such as DSDT;Software obtains identification code from ACPI table, and the identification code and preset password that then software will acquire are compared
It is right, the grade that can be used in the system then is determined according to comparison result or the software is not allowed to run.ACPI table is
What dynamic was set up, shutdown disappears, and first two mode identification code is stored in ROM.
In the above process, when obtaining the identification code in BIOS, it can be stored using cipher mode
The utility model has the advantages that the software needs in the present invention detect that run system has certain conditions just and can open pair
For users to use, this well binds software and system the function of answering, and can protect software makes on the platform of license
With without stolen;In addition it is used cooperatively with BIOS, different system hardwares is different, and BIOS is also at will to exchange
Use, this guarantee others cannot at will the BIOS containing authentication information in the system of oneself so that others
It is not available corresponding software application.
To sum up, the software needs in the present invention detect that run system has certain conditions just and can open pair
The function of answering for users to use, well binds software and system, and protection software uses on the platform of license, safety
Rank is high and easy to use.
Detailed description of the invention
Fig. 1 is overall flow schematic diagram of the invention.
Specific embodiment
Technical solution of the present invention is described in detail below, but protection scope of the present invention is not limited to the implementation
Example.
Embodiment 1:
Example is set to be stored in some fixed bit of BIOS binary file:
(1) pocket is divided on the FDF file of UEFI code be used to store identification code (FDF:Flash
Description File describes the file of each block message on ROM);
(2) compiling generates BIOS binary file, updates into test machine, and start to operating system;
(3) software is opened, software corresponding address from ROM obtains identification code;
(4) (12) step is jumped directly to if obtaining failure;
(5) software determines whether to that identification code is decrypted;
(6) (8) step is jumped directly to if not needing;
(7) identification code is decrypted;
(8) final identification code is analyzed, to determine access level;
(9) (12) step is jumped directly to if without access level;
(10) according to access level, the corresponding function privilege of User Exploitation is given;
(11) user's further operating is waited, until exiting software;
(12) access information is had no right in display, exits software;
Embodiment 2:
For being stored in BIOS Setup Variable:
(1) one is newly opened by the EFI_SET_VARIABLE service in EFI_RUNTIME_SERVICES in bios code
A Variable simultaneously opens up Setup option, storage default identification code;
(2) compiling generates BIOS binary file, updates into test machine, and start to operating system;
(3) software is opened, software is serviced by the EFI_GET_VARIABLE in EFI_RUNTIME_SERVICES from ROM
Middle acquisition identification code;
(4) (12) step is jumped directly to if obtaining failure;
(5) software determines whether to that identification code is decrypted;
(6) (8) step is jumped directly to if not needing;
(7) identification code is decrypted;
(8) final identification code is analyzed, to determine access level;
(9) (12) step is jumped directly to if without access level;
(10) according to access level, the corresponding function privilege of User Exploitation is given;
(11) user's further operating is waited, until exiting software
(12) access information is had no right in display, exits software;
(13) restart system, into BIOS Setup, set the Setup option to the identification code of authorization, and start to
Operating system;
(14) step (3)~(12) are repeated;
Embodiment 3:
For being stored in the DSDT table of ACPI:
(1) in the DSDT table of ACPI, the region of memory for having flag bit is newly opened, identification code is used to store;
(2) compiling generates BIOS binary file, updates into test machine, and start to operating system;
(3) software is opened, software is searched the flag bit being arranged in (1) from the DSDT table of ACPI and obtained, and takes identification code;
(4) (12) step is jumped directly to if obtaining failure;
(5) software determines whether to that identification code is decrypted;
(6) (8) step is jumped directly to if not needing;
(7) identification code is decrypted;
(8) final identification code is analyzed, to determine access level;
(9) (12) step is jumped directly to if without access level;
(10) according to access level, the corresponding function privilege of User Exploitation is given;
(11) user's further operating is waited, until exiting software;
(12) access information is had no right in display, exits software.
Claims (3)
1. a kind of method of restricted software access right, characterized by the following steps:
(1) start software application;
(2) identification code in BIOS is obtained, (3) are entered step if obtaining successfully;
(3) judge whether that needing to decrypt acquired identification code classifies identification code if being not required to decrypt, and if desired solves
It is close, classify again after identification code is first decrypted;
(4) identification code after conversion classification, and corresponding different permission;
Wherein, the method for the identification code in BIOS is obtained in the step (2) using any one in following three kinds of methods:
(A) directly in the identification code of some fixed bit placement location different rights rank of BIOS binary file, then software is answered
In the process of implementation with program, the certification being stored in from the fixation position acquisition that BIOS is mapped to memory in BIOS binary file
Information;
(B) the EFI_SET_VARIABLE service in the EFI_RUNTIME_SERVICES provided with UEFI establishes one especially
The identification code of different rights rank is arranged according to product and the rank of client in the variable of meaning, and passes through BIOS Setup circle
The option in face carrys out development of user interface;Then the preset password of information and software that software application will acquire is compared
It is right, if storing identification code by the way of encryption, need first to be decrypted in this link;
(C) identification code is stored in some table of ACPI;Software obtains identification code from ACPI table, and then software will acquire
Identification code and preset password be compared, then determine the grade that can be used in system or not according to comparison result
The software is allowed to run.
2. the method for restricted software access right according to claim 1, it is characterised in that: in the method (B), especially
The variable of meaning refers to the variable name known by BIOS and software developer, and for defining software.
3. the method for restricted software access right according to claim 1, it is characterised in that: in the method (B), pass through
Increase a Setup option, and this Setup option is associated with the variable of special meaning, so that terminal user
The identification code being stored in BIOS can be modified by modifying this Setup option, form user interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710825105.4A CN107368715B (en) | 2017-09-14 | 2017-09-14 | A kind of method of restricted software access right |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710825105.4A CN107368715B (en) | 2017-09-14 | 2017-09-14 | A kind of method of restricted software access right |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107368715A CN107368715A (en) | 2017-11-21 |
| CN107368715B true CN107368715B (en) | 2019-08-30 |
Family
ID=60302948
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710825105.4A Active CN107368715B (en) | 2017-09-14 | 2017-09-14 | A kind of method of restricted software access right |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107368715B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104732147A (en) * | 2015-04-13 | 2015-06-24 | 成都睿峰科技有限公司 | Application program processing method |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9047452B2 (en) * | 2006-07-06 | 2015-06-02 | Dell Products L.P. | Multi-user BIOS authentication |
| US20170249996A1 (en) * | 2016-02-26 | 2017-08-31 | Microsoft Technology Licensing, Llc | Opportunistic memory tuning for dynamic workloads |
| CN105912393A (en) * | 2016-04-12 | 2016-08-31 | 合肥联宝信息技术有限公司 | Method and device for forbidding partial functions of BIOS and computer |
| CN105955857A (en) * | 2016-04-29 | 2016-09-21 | 浪潮电子信息产业股份有限公司 | Method and device for testing BIOS (Basic Input Output System) |
-
2017
- 2017-09-14 CN CN201710825105.4A patent/CN107368715B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104732147A (en) * | 2015-04-13 | 2015-06-24 | 成都睿峰科技有限公司 | Application program processing method |
Non-Patent Citations (1)
| Title |
|---|
| 基于UEFI的数字签名接口的设计和实现;彭泉鑫;《中国优秀硕士论文全文数据库》;20160331;全文 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107368715A (en) | 2017-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101026455B (en) | Secure processor | |
| CN105429761B (en) | A kind of key generation method and device | |
| CN106330958B (en) | Secure access method and device | |
| CN104182662B (en) | Hiding and deployment method, system and the mobile terminal of hide application program | |
| CN105408912A (en) | Process authentication and resource permissions | |
| KR101654778B1 (en) | Hardware-enforced access protection | |
| CN106503494A (en) | A kind of firmware protection location and guard method with flash memory microcontroller on piece | |
| CN107111511B (en) | Access control method, device and system | |
| CN101419557A (en) | Program downloading control method | |
| CN107111728A (en) | Safe key export function | |
| CN104794388A (en) | Application program access protection method and application program access protection device | |
| CN107196907A (en) | A kind of guard method of Android SO files and device | |
| CN104346550B (en) | A kind of information processing method and a kind of electronic equipment | |
| JP2007534544A (en) | Certification of control equipment in the vehicle | |
| CN101964978A (en) | Reinforcement method for strengthening safety of mobile terminal system on basis of safe TF card | |
| CN109150834A (en) | A kind of embedded device license authorization management method | |
| CN113704826A (en) | Privacy protection-based business risk detection method, device and equipment | |
| CN104270754B (en) | A kind of Subscriber Identity Module method for authenticating and device | |
| CN110349316A (en) | A kind of visitor's access control system and control method | |
| CN105022965B (en) | A kind of data ciphering method and device | |
| CN112312400B (en) | Access control method, access controller and storage medium | |
| CN109889334A (en) | Embedded firmware encrypting method, apparatus, wifi equipment and storage medium | |
| CN105389503B (en) | A kind of screen locking guard method, system and mobile terminal | |
| CN110245464A (en) | The method and apparatus for protecting file | |
| US9977907B2 (en) | Encryption processing method and device for application, and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 210061 11/F, Block A, Chuangzhi Building, 17 Xinghuo Road, Nanjing High-tech Zone, Jiangsu Province Co-patentee after: JIANGSU ZHUOYI INFORMATION TECHNOLOGY CO., LTD. Patentee after: NANJING BYOSOFT CO., LTD. Co-patentee after: Kunshan one hundred Ao Electronic Technology Co., Ltd. Address before: 210000 10 Floor, Block B, Software Building 9 Xinghuo Road, Pukou District, Nanjing City, Jiangsu Province Co-patentee before: JIANGSU ZHUOYI INFORMATION TECHNOLOGY CO., LTD. Patentee before: NANJING BYOSOFT CO., LTD. Co-patentee before: Kunshan one hundred Ao Electronic Technology Co., Ltd. |