CN108256336B - Binding and identifying method for operating system and mainboard - Google Patents
Binding and identifying method for operating system and mainboard Download PDFInfo
- Publication number
- CN108256336B CN108256336B CN201810136473.2A CN201810136473A CN108256336B CN 108256336 B CN108256336 B CN 108256336B CN 201810136473 A CN201810136473 A CN 201810136473A CN 108256336 B CN108256336 B CN 108256336B
- Authority
- CN
- China
- Prior art keywords
- operating system
- mainboard
- information code
- product information
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4406—Loading of operating system
Abstract
The invention discloses a binding and identifying method of an operating system and a mainboard, which mainly comprises the steps of presetting a product information code comprising a BIOS information code, a mainboard information code and an operating system information code in an independently researched and developed operating system and mainboard; the operating system encryption module identifies the mainboard encryption module; after the identification is passed, the operating system calls a complete product information code identification program; and after calling, the operating system runs a complete product information code identification program, and obtains three product information codes of the mainboard and compares and verifies the three product information codes. The invention adopts an independent identification program to identify the product information code, and can be continuously started only if the operating system can correctly identify the encryption module of the mainboard and call the product information code identification program; the program in the encryption chip can not be read or copied, so that the possibility that the complete program for identifying the product information code is cracked is fundamentally avoided, and the use safety is greatly improved.
Description
Technical Field
The invention relates to the field of operating systems, in particular to a method for binding a mainboard and independently developing an operating system.
Background
In the current X86 platform motherboard industry, operating systems developed autonomously are easily used by others without authorization due to their reproducibility and portability. For example, a user may detach a hard disk with an operating system and mount the hard disk on another motherboard to use the operating system normally. The above problems are often economically harmful to developers of operating systems, and if the developed operating systems can be bound with a motherboard, the problems can be solved.
Disclosure of Invention
The invention aims to provide a method for binding and identifying an independently developed operating system and a mainboard, so that the developed operating system is prevented from being used by others at will. In order to achieve the above purpose, the invention provides the following technical scheme: a binding and recognition method of an operating system and a mainboard is suitable for being executed in computer equipment, wherein the operating system is provided with an operating system encryption module; the operating system encryption module is used for encrypting an operating system instruction, transmitting the encrypted operating system instruction to the mainboard, receiving the encrypted return information of the mainboard, decrypting the encrypted return information and verifying the decrypted return information; the mainboard is provided with a mainboard encryption module; the mainboard encryption module is used for receiving and decrypting an encryption instruction of the operating system, encrypting return information and transmitting the encrypted return information to the operating system encryption module; the operating system stores a product information code identification program part subroutine; the main board encryption module stores a part of subprogram of a product information code identification program;
the binding and identifying method of the operating system and the mainboard comprises the following steps:
s1, presetting a product information code comprising a BIOS information code, a mainboard information code and an operating system information code in the operating system and the mainboard;
s2, the operating system encryption module identifies the mainboard encryption module;
s3, after the step S2 identifies that the product passes, the operating system calls a complete product information code identification program;
and S4, after the calling in the step S3, the operating system runs a complete product information code identification program to obtain the three product information codes of the mainboard and carry out comparison and verification.
Preferably, the motherboard encryption module comprises an encryption chip; the encryption chip stores an operating system information code and a partial subroutine of a product information code identification program.
Preferably, the encryption chip of the motherboard is EAL5+ smart card core encryption chip.
Preferably, the operating system encryption module and the main board encryption module both use symmetric 3DES encryption and decryption keys and store the same key value.
Preferably, the motherboard further includes a BIOS module storing BIOS information codes, and a south bridge module storing motherboard information codes.
Preferably, the step S2 specifically includes:
s21, the operating system generates a random code and sends a check instruction, and the random code is encrypted by the operating system encryption module and then sent to the mainboard encryption chip;
s22, the main board encryption chip receives the random code and decrypts the random code;
s23, the encryption chip of the mainboard encrypts the decrypted random code again and returns the encrypted random code to the operating system;
and S24, the operating system receives the random code, decrypts the random code, compares the random code with the random code sent before, and verifies whether the random code is consistent with the random code.
Preferably, the step S3 specifically includes: the operating system generates a call instruction to call out an identification information code subprogram stored in the mainboard encryption chip, and the called-out subprogram and a product information code identification subprogram carried by the operating system form a complete product information code identification program.
Preferably, the step S4 specifically includes the steps of:
s41, obtaining BIOS information code in the main board BIOS module;
s42, obtaining mainboard information code in the mainboard south bridge chip;
s43, sending the command after encryption and decryption to obtain the operating system identification code stored in the mainboard encryption chip;
and S44, comparing and checking the three product information codes acquired on the mainboard with the three product information codes preset by the operating system, and identifying whether the acquired product information codes are all consistent with the preset values of the operating system.
According to the technical scheme, the operating system can be normally started only by gradually identifying the three product information codes and comparing and checking the three product information codes with the authorized product information codes preset by the operating system, wherein the information codes are completely consistent. The product information code is identified by adopting an independent identification program, subprograms of the identification program are respectively stored in the operating system and the mainboard encryption module, and the operating system can be continuously started only if the operating system can correctly identify the encryption module of the mainboard and can call the product information code identification program. The program in the encryption chip can not be read or copied, so that the possibility that the complete program for identifying the product information code is cracked is fundamentally avoided.
Drawings
FIG. 1 is a block diagram of encryption and decryption logic between an operating system and a motherboard according to an embodiment of the present invention;
FIG. 2 is a logic block diagram of an operating system identifying a cryptographic chip in an embodiment of the present invention;
FIG. 3 is a logic diagram of an operating system invoking a product information identification procedure in an exemplary embodiment of the invention;
FIG. 4 is a logic diagram of an operating system acquiring and verifying a motherboard product information code in an embodiment of the present invention;
FIG. 5 is a flowchart of a method for binding and identifying an operating system and a motherboard according to an embodiment of the present invention.
Detailed Description
In order to make the technical staff understand the invention better, the following embodiment of the invention is explained in detail with reference to the attached drawings, but the invention is not limited. It is to be understood that the described embodiments are merely a few embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In a specific embodiment, the technical scheme of the invention is that three product information codes are set on an independently developed operating system and a mainboard, wherein the three product information codes comprise a BIOS information code, a mainboard information code and an operating system information code. Wherein the information code in the operating system is authorized. In the process of starting the mainboard, three product information codes in the mainboard are gradually identified and compared with information codes in the operating system for verification, and only when the three product information codes of the mainboard are identified to be completely consistent with the information codes of the operating system, the mainboard is considered to be authorized to use the operating system, the operating system can normally start and work, otherwise, the operating system stops starting. In order to implement the binding of the operating system and the motherboard, in a specific embodiment, an operating system encryption module and a motherboard encryption module are respectively arranged in the operating system and the motherboard to form an encryption system for binding the operating system and the motherboard, and the operating system and the motherboard both use symmetric 3DES encryption and decryption keys, and the key values of the encryption keys are the same. Specifically, as shown in fig. 1: the encryption module of the operating system is a functional module of the operating system and adopts a symmetric 3DES encryption and decryption key; the mainboard encryption module is composed of independent encryption chip related electronic circuits, and is a functional module on the mainboard. The encryption chip stores an operating system information code, and the operating system can obtain the operating system information code after decryption; the encryption chip also stores a part of program for identifying product information code, and the operating system calls the program in the process of identifying the product information code. When the system works, the operating system generates a random code and sends a verification instruction, and the random code is encrypted by the operating system encryption module and then sent to the mainboard encryption chip; the mainboard encryption chip receives and decrypts the random code, encrypts the decrypted random code again and returns the encrypted random code to the operating system; the operating system receives the random code, decrypts the random code and compares the random code with the random code sent before. According to the technical scheme, the data communication and the instruction communication between the operating system and the mainboard can be realized through the operating system encryption module and the mainboard encryption module, and the binding between the operating system and the mainboard is realized. Meanwhile, the technical scheme of the invention adopts a specific product information code identification program, and stores part of the subprogram in the operating system, and stores the other part of the subprogram in the encryption module of the mainboard.
In a specific embodiment, as shown in fig. 2 to 5, the method for binding and identifying the operating system and the motherboard of the present invention includes the following steps:
step S1, three product information codes are preset in the independently developed operating system and motherboard, including BIOS information code, motherboard information code, and operating system information code.
Setting a product information code on the motherboard comprises storing the BIOS information code in a BIOS module of the motherboard and storing the motherboard information code in a south bridge chip of the motherboard; the method also comprises the step of arranging an encryption chip on the mainboard, wherein as mentioned above, the encryption chip in the encryption chip stores the operating system information code, and the operating system can acquire the operating system information code after decryption.
After the information codes are preset, the operating system can gradually identify the three product information codes on the mainboard when being started each time, and the three product information codes are compared and verified with the information codes preset by the operating system, the information codes are completely consistent, normal starting and working can be realized, otherwise, the starting is stopped, and the purpose that the operating system binds the mainboard is realized.
Step S2, during the process of starting the operating system, the encryption chip on the motherboard is identified. Specifically, as shown in fig. 2, the operating system generates a random code and sends a verification instruction, the random code is encrypted by the operating system encryption module and then sent to the motherboard encryption chip, and the motherboard encryption chip receives and decrypts the random code; then, the encryption chip of the mainboard encrypts the decrypted random code again and returns the encrypted random code to the operating system; the operating system receives the random code, decrypts the random code and compares the random code with the random code sent before.
If the random codes are the same, the encryption chip is correct, and the operating system continues to be started. Otherwise, the operating system stops booting.
In step S3, if the operating system can correctly identify the cryptographic chip on the motherboard in step S2, the operating system starts to call the complete product information code identification program. Specifically, as shown in fig. 3, the operating system generates a call instruction to call out a part of the product information code identification program stored in the motherboard encryption chip, i.e., the identification information code subprogram B. The called subroutine B and the product id subroutine a in the os constitute a complete product id routine, i.e., the id routine C shown in the figure. Subsequently, the operating system runs the complete product information code identification program C.
And S4, the operating system runs a complete product information code identification program C, and three product information codes of the mainboard are obtained and compared and verified. As shown in fig. 4, the specific steps include: firstly, acquiring a BIOS information code in a mainboard BIOS module, and acquiring a mainboard information code in a mainboard south bridge chip; and then sending an instruction, and acquiring the operating system identification code stored in the encryption chip through encryption and decryption. Then, comparing and checking the three product information codes acquired on the mainboard with three product information codes preset by an operating system; if the product information codes are all consistent with the preset values, the product information codes are correct, and the operating system can continue to be started until the operating system works normally. Otherwise, the operating system will stop booting.
The invention discloses a method for binding and identifying an independently researched and developed operating system and a mainboard. The operating system needs to gradually identify the three product information codes, and compares and verifies the three product information codes with authorized product information codes preset by the operating system, and the information codes are completely consistent, so that the operating system can be normally started. Secondly, the encryption module in the technical scheme of the invention adopts a high-end with extremely high security (EAL5+) smart card kernel encryption chip, stores a part of program for identifying the product information code in the encryption chip, and can operate the program by calling a function mode. The encryption chip is a part of an operating system, and programs in the encryption chip cannot be read or copied, so that the possibility that complete programs for identifying product information codes are cracked is fundamentally avoided. Thirdly, according to the technical scheme of the invention, three product information codes are stored in different modules of the mainboard; the BIOS information code is stored in the system BIOS software; the operating system information code is stored in an independent encryption module of the mainboard. The mainboard information code is an 8-bit information code consisting of 8 GPIOs of the south bridge, and belongs to the hardware identification code. The general mainboard south bridge has nearly 200 GPIOs that can be used to set the identification code. In addition, the encryption module added in the mainboard can play an encryption effect only when the specified independently developed operating system is used, and cannot influence the installation and use of other operating systems, such as a windows operating system and the like, on the mainboard.
In summary, the method for binding and identifying the independently developed operating system and the mainboard, disclosed by the invention, is matched with the 3DES encryption module, and a 3-layer authorization way is adopted to obtain the product information code. And an independent identification program is adopted to identify the product information code, and part of the identification program is stored in the operating system and part of the identification program is stored in the encryption module of the mainboard. The method for binding the independently developed operating system and the mainboard is high in safety and extremely difficult to break.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and all technical extensions or innovations made by using the contents of the present specification and drawings are included in the scope of the present invention.
Claims (5)
1. A binding and recognition method of an operating system and a mainboard is suitable for being executed in computer equipment, and is characterized in that the operating system is provided with an operating system encryption module; the operating system encryption module is used for encrypting an operating system instruction, transmitting the encrypted operating system instruction to the mainboard, receiving the encrypted return information of the mainboard, decrypting the encrypted return information and verifying the decrypted return information;
the mainboard is provided with a mainboard encryption module; the mainboard encryption module is used for receiving and decrypting an encryption instruction of the operating system, encrypting return information and transmitting the encrypted return information to the operating system encryption module;
the operating system stores a product information code identification program part subroutine; the main board encryption module stores a part of subprogram of a product information code identification program;
the binding and identifying method of the operating system and the mainboard comprises the following steps:
s1, presetting a product information code comprising a BIOS information code, a mainboard information code and an operating system information code in the operating system and the mainboard;
s2, the operating system encryption module identifies the mainboard encryption module;
s3, after the step S2 identifies that the product passes, the operating system calls a complete product information code identification program;
s4, after the calling in the step S3, the operating system runs a complete product information code identification program to obtain three product information codes of the mainboard and carry out comparison and verification;
wherein, the step S2 specifically includes:
s21, the operating system generates a random code and sends a check instruction, and the random code is encrypted by the operating system encryption module and then sent to the mainboard encryption chip;
s22, the main board encryption chip receives the random code and decrypts the random code;
s23, the encryption chip of the mainboard encrypts the decrypted random code again and returns the encrypted random code to the operating system;
s24, the operating system receives the random code and decrypts the random code, compares the random code with the random code and verifies the random code, and identifies whether the random code is consistent with the random code;
the step S3 specifically includes:
the operating system generates a call instruction, calls out an identification information code subprogram stored in the mainboard encryption chip, and the called-out subprogram and a product information code identification subprogram carried by the operating system form a complete product information code identification program;
the step S4 specifically includes the steps of:
s41, obtaining BIOS information code in the main board BIOS module;
s42, obtaining a mainboard information code in a mainboard south bridge chip, wherein the mainboard information code is composed of 8 GPIOs in a south bridge, and the mainboard information code is an 8-bit information code composed of the GPIOs in the south bridge;
s43, sending the command after encryption and decryption to obtain the operating system identification code stored in the mainboard encryption chip;
and S44, comparing and checking the three product information codes acquired on the mainboard with the three product information codes preset by the operating system, and identifying whether the acquired product information codes are all consistent with the preset values of the operating system.
2. The method for binding and identifying an operating system and a motherboard as recited in claim 1, wherein the motherboard encryption module comprises an encryption chip; the encryption chip stores an operating system information code and a partial subroutine of a product information code identification program.
3. The method for binding and identifying an operating system and a motherboard as recited in claim 2, wherein the cryptographic chip of the motherboard is EAL5+ smart card kernel cryptographic chip.
4. The method as claimed in claim 2, wherein the os encryption module and the motherboard encryption module both use symmetric 3DES encryption/decryption keys and store the same key value.
5. The method as claimed in claim 4, wherein the motherboard further comprises a BIOS module for storing BIOS information code, and a south bridge module for storing motherboard information code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810136473.2A CN108256336B (en) | 2018-02-09 | 2018-02-09 | Binding and identifying method for operating system and mainboard |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810136473.2A CN108256336B (en) | 2018-02-09 | 2018-02-09 | Binding and identifying method for operating system and mainboard |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108256336A CN108256336A (en) | 2018-07-06 |
| CN108256336B true CN108256336B (en) | 2021-09-28 |
Family
ID=62745198
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810136473.2A Active CN108256336B (en) | 2018-02-09 | 2018-02-09 | Binding and identifying method for operating system and mainboard |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108256336B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110472420B (en) * | 2019-07-19 | 2021-05-11 | 深圳中电长城信息安全系统有限公司 | Binding identification method, system, terminal equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1851603A (en) * | 2005-04-22 | 2006-10-25 | 联想(北京)有限公司 | Random binding software installing method |
| CN101034378A (en) * | 2007-04-27 | 2007-09-12 | 吴晓栋 | Method for implementing processor and computer system information processing environment high safety and trust |
| CN104166809A (en) * | 2013-05-17 | 2014-11-26 | 广州杰赛科技股份有限公司 | Control method and system for operating information system |
| CN106971102A (en) * | 2017-03-24 | 2017-07-21 | 山东超越数控电子有限公司 | A kind of start authentication method and device based on harddisk password module |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP4349789B2 (en) * | 2002-11-06 | 2009-10-21 | 富士通株式会社 | Safety judgment device and safety judgment method |
| JP3958243B2 (en) * | 2003-04-14 | 2007-08-15 | 松下電器産業株式会社 | IC card and its OS startup method |
-
2018
- 2018-02-09 CN CN201810136473.2A patent/CN108256336B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1851603A (en) * | 2005-04-22 | 2006-10-25 | 联想(北京)有限公司 | Random binding software installing method |
| CN101034378A (en) * | 2007-04-27 | 2007-09-12 | 吴晓栋 | Method for implementing processor and computer system information processing environment high safety and trust |
| CN104166809A (en) * | 2013-05-17 | 2014-11-26 | 广州杰赛科技股份有限公司 | Control method and system for operating information system |
| CN106971102A (en) * | 2017-03-24 | 2017-07-21 | 山东超越数控电子有限公司 | A kind of start authentication method and device based on harddisk password module |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108256336A (en) | 2018-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10430616B2 (en) | Systems and methods for secure processing with embedded cryptographic unit | |
| JP6239788B2 (en) | Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium | |
| CN101939754B (en) | Finger sensing apparatus using hybrid matching and associated methods | |
| US9734091B2 (en) | Remote load and update card emulation support | |
| CN110688660B (en) | Method and device for safely starting terminal and storage medium | |
| CN101971182B (en) | Finger sensing apparatus with credential release and associated methods | |
| CN108304698B (en) | Product authorized use method and device, computer equipment and storage medium | |
| CN112257086B (en) | User privacy data protection method and electronic equipment | |
| CN102063591A (en) | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform | |
| CN112528257A (en) | Security debugging method and device, electronic equipment and storage medium | |
| JP4226556B2 (en) | Program execution control device, OS, client terminal, server, program execution control system, program execution control method, program execution control program | |
| US20130227262A1 (en) | Authentication device and authentication method | |
| CN109684789B (en) | Method and device for software security protection in embedded product and computer equipment | |
| EP2372593A2 (en) | Method for protecting a software license, system for same, server, terminal, and computer-readable recording medium | |
| US20070198844A1 (en) | Method and control device for controlling access of a computer to user data | |
| US7577849B2 (en) | Keyed-build system for controlling the distribution of software | |
| CN108256336B (en) | Binding and identifying method for operating system and mainboard | |
| CN111783120A (en) | Data interaction method, computing device, BMC chip and electronic device | |
| CN110674525A (en) | Electronic equipment and file processing method thereof | |
| CN112861137A (en) | Secure firmware | |
| CN110851881B (en) | Security detection method and device for terminal equipment, electronic equipment and storage medium | |
| CN113055157B (en) | Biological characteristic verification method and device, storage medium and electronic equipment | |
| AU2019279983A1 (en) | Secure access to encrypted data of a user terminal | |
| US7913310B2 (en) | Device for protecting against unauthorized use of software | |
| US11757646B2 (en) | Methods for generating an encrypted signal simulation with a cryptographic interface card (GCIC) and devices thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |