CN111970124A - Computer factory mode control method and device, computer equipment and storage medium - Google Patents

Computer factory mode control method and device, computer equipment and storage medium Download PDF

Info

Publication number
CN111970124A
CN111970124A CN202010807579.8A CN202010807579A CN111970124A CN 111970124 A CN111970124 A CN 111970124A CN 202010807579 A CN202010807579 A CN 202010807579A CN 111970124 A CN111970124 A CN 111970124A
Authority
CN
China
Prior art keywords
computer
data
server
factory mode
identification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010807579.8A
Other languages
Chinese (zh)
Other versions
CN111970124B (en
Inventor
余新来
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Dawning Information Industry Beijing Co Ltd
Original Assignee
Dawning Information Industry Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dawning Information Industry Beijing Co Ltd filed Critical Dawning Information Industry Beijing Co Ltd
Priority to CN202010807579.8A priority Critical patent/CN111970124B/en
Priority claimed from CN202010807579.8A external-priority patent/CN111970124B/en
Publication of CN111970124A publication Critical patent/CN111970124A/en
Application granted granted Critical
Publication of CN111970124B publication Critical patent/CN111970124B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to a computer factory mode control method, a computer factory mode control device, computer equipment and a storage medium. The method comprises the following steps: receiving a configuration request for starting a factory mode sent by a server; sending a data acquisition request to a server according to a configuration request for starting a factory mode, wherein the data acquisition request carries computer identification information; receiving encrypted characteristic data corresponding to the computer identification information fed back by the server, and decrypting the encrypted characteristic data corresponding to the computer identification information to obtain decrypted characteristic data; matching and checking the decrypted characteristic data and the data of the basic input and output system; and if the decrypted characteristic data is consistent with the data of the basic input and output system, indicating the basic input and output system to start the computer factory mode. By adopting the method, the safety control of the computer equipment entering the factory mode can be realized.

Description

Computer factory mode control method and device, computer equipment and storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for controlling a computer factory mode, a computer device, and a storage medium.
Background
Before the computer equipment is shipped, various configuration operations need to be performed on the computer equipment in a factory Mode (MFG Mode), and after the computer equipment is shipped, the MFG Mode must be turned off to ensure that the computer system is not configured and operated at will for the safety of the computer system. However, for the computer returned to the factory, the factory mode needs to be entered again to reconfigure the computer. Therefore, how to ensure the safety and controllability of the computer factory model becomes very important.
In a conventional computer factory model design: in the first mode, a dial switch is reserved on a computer mainboard, and the configuration of a General-Purpose Input/Output port (GPIO) is set by a jumper. The BIOS (Basic Input/Output System) judges whether to start the factory mode by reading the GPIO value. And secondly, reserving a special I2C (two-wire serial bus) device on a computer mainboard, wherein the special reading and setting mode of the device can permanently store a plurality of data values, and the control of the computer system entering the factory mode can be realized by setting special data of the computer entering the factory mode into the I2C device.
However, in the conventional design scheme of the factory model of the computer, a computer manufacturer cannot perform automatic batch operation on the computer, and a tool (a dial switch or an I2C device, etc.) for setting the factory privilege mode reserved on a computer motherboard has no universality, which increases the design cost and the device cost of the computer motherboard, and meanwhile, the tool for setting the factory model has no security and is easy to be utilized to perform malicious configuration on the computer system.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a computer factory mode control method, apparatus, computer device and storage medium for solving the above technical problems.
A computer factory mode control method, the method comprising:
receiving a configuration request for starting a factory mode sent by a server;
sending a data acquisition request to the server according to the configuration request for starting the factory mode, wherein the data acquisition request carries computer identification information;
receiving encrypted characteristic data corresponding to the computer identification information fed back by the server, and decrypting the encrypted characteristic data corresponding to the computer identification information to obtain decrypted characteristic data;
matching and checking the decrypted characteristic data and the data of the basic input and output system;
and if the decrypted characteristic data is consistent with the data of the basic input and output system, indicating the basic input and output system to start a computer factory mode.
In one embodiment, before the receiving the configuration request for starting the factory mode sent by the server, the method further includes:
sending a system public key acquisition request to a server, wherein the system public key acquisition request carries computer identification information;
receiving a system public key generated by the server according to the computer identification information, and solidifying the system public key into the firmware image file of the basic input and output system;
the decrypting the encrypted feature data corresponding to the computer identification information to obtain the decrypted feature data includes:
and decrypting the encrypted feature data corresponding to the computer identification information by using the system public key solidified in the BIOS firmware image file to obtain the decrypted feature data.
In this embodiment, by pre-fixing the system public key in the key pair corresponding to the computer identification information of the computer itself to the firmware image file of the bios of the computer device, not only can the identity data (feature data) verification be performed on the factory-opening mode of the computer be achieved, but also by using the asymmetric encryption technology, the server encrypts the feature data corresponding to the computer identification by using the system private key, and the computer device can decrypt the feature data by using the system public key fixed to the firmware image file of the bios, so that the security of data transmission in the process of opening the factory mode of the computer can be ensured, and the security control of the factory mode of the computer device can be achieved.
In one embodiment, the server stores the corresponding relationship between the computer identification information and the computer type information; the receiving a system public key generated by the server according to the computer identification information and solidifying the system public key into the bios firmware image file includes:
and receiving a system public key generated by the server according to the type information of the target computer, and solidifying the system public key into the firmware image file of the basic input and output system, wherein the type information of the target computer is determined from the corresponding relation according to the identification information of the computer.
In this embodiment, the server determines the target computer type information in the corresponding relationship between the computer identification information and the computer type information according to the computer identification information, generates a key pair (including a system public key) with the target computer type information, and feeds the system public key back to the target computer device, and the target computer device solidifies the received system public key corresponding to the target computer type information into the mirror image file of the basic input/output system firmware, thereby implementing the one-to-one corresponding relationship between the system public key and the computer device, and enhancing the security control of the factory model of the computer device.
In one embodiment, before decrypting the encrypted feature data corresponding to the computer identification information by using the system public key fixed in the bios firmware image file, the method further includes:
calculating the hash value of the system public key, and comparing and checking the hash value of the system public key solidified in the BIOS firmware image file with the calculated hash value of the system public key;
and when the hash value of the system public key solidified in the basic input output system firmware image file is consistent with the calculated hash value of the system public key, the system public key is successfully verified.
In this embodiment, when the system public key is solidified into the bios firmware image file, the hash value of the system public key is also solidified into the bios firmware image file, and then before the system public key is used to decrypt the feature data, the system public key is verified in advance, the hash value of the current system public key is calculated and compared with the hash value of the system public key solidified into the image file, and if the verification (comparison) is passed, subsequent decryption operation using the system public key is performed, so that leakage and falsification of the system public key are avoided, and the security of data in the computer factory mode is enhanced.
In one embodiment, before instructing the bios to turn on the computer factory mode, the method further comprises:
acquiring current time data in the server, and performing difference calculation on the current time data and timestamp data carried in the characteristic data to obtain a time difference between the current time data and the timestamp data;
when the time difference is smaller than a preset time difference threshold value, the characteristic data are valid data;
and when the characteristic data is valid data, executing the step of indicating the basic input and output system to start the computer factory mode.
In the embodiment, the effective time of the encrypted feature data corresponding to the computer identification information in the verification process is limited by additionally arranging the time verification process, when the encrypted feature data is obtained and copied under extreme conditions, when the encrypted feature data is further used to try to maliciously start the factory mode of the computer device, the time check process in the embodiment is used for checking, and the time difference calculated by the current time data of the server and the timestamp information carried by the acquired and copied encrypted feature data exceeds the preset time difference threshold, so that, the obtained and copied encrypted feature data are judged to be invalid data and cannot be used for starting the computer factory mode, so that the computer factory mode cannot be started at will even if the encrypted feature data are leaked, and the safety of the computer factory mode is improved.
In one embodiment, the method further comprises:
in a computer factory mode, when the configuration of a computer is finished, receiving a factory mode ending request sent by the server;
and clearing all data in the starting process of the computer factory mode, and ending the computer factory mode.
In this embodiment, after the process of performing production configuration in the factory mode by the computer device is finished, all data in the process of starting the factory mode is cleared, so that it is ensured that no data is left in the hard disk or the removable storage device, and further, the safety control of the factory mode of the computer is ensured.
In one embodiment, the server comprises a computer configuration server, a hardware security server and a network time protocol server;
the receiving a configuration request for starting a factory mode sent by a server includes:
receiving a configuration request for starting a factory mode sent by the computer configuration server;
the sending a data acquisition request to the server according to the configuration request for starting the factory mode, where the data acquisition request carries computer identification information, includes:
sending a data acquisition request to the hardware security server according to the configuration request for starting the factory mode, wherein the data acquisition request carries computer identification information;
the receiving the encrypted feature data corresponding to the computer identification information fed back by the server comprises:
receiving encrypted characteristic data corresponding to the computer identification information fed back by the hardware security server;
the obtaining of the current time data in the server and the difference calculation of the current time data and the timestamp data carried in the feature data to obtain the time difference between the current time data and the timestamp data includes:
and acquiring current time data in the network time protocol server, and performing difference calculation on the current time data and timestamp data carried in the characteristic data to obtain a time difference between the current time data and the timestamp data.
A computer factory mode control apparatus, the apparatus comprising:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving a configuration request for starting a factory mode sent by a server;
a sending module, configured to send a data acquisition request to the server according to the configuration request for starting the factory mode, where the data acquisition request carries computer identification information;
the decryption module is used for receiving the encrypted characteristic data corresponding to the computer identification information fed back by the server and decrypting the encrypted characteristic data corresponding to the computer identification information to obtain the decrypted characteristic data;
the verification module is used for matching and verifying the decrypted characteristic data and the data of the basic input and output system;
and the processing module is used for indicating the basic input and output system to start a computer factory mode if the decrypted characteristic data is consistent with the data of the basic input and output system.
A computer device comprising a memory and a processor, the memory storing a computer program, the processor implementing the following steps when executing the computer program:
receiving a configuration request for starting a factory mode sent by a server;
sending a data acquisition request to the server according to the configuration request for starting the factory mode, wherein the data acquisition request carries computer identification information;
receiving encrypted characteristic data corresponding to the computer identification information fed back by the server, and decrypting the encrypted characteristic data corresponding to the computer identification information to obtain decrypted characteristic data;
matching and checking the decrypted characteristic data and the data of the basic input and output system;
and if the decrypted characteristic data is consistent with the data of the basic input and output system, indicating the basic input and output system to start a computer factory mode.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of:
receiving a configuration request for starting a factory mode sent by a server;
sending a data acquisition request to the server according to the configuration request for starting the factory mode, wherein the data acquisition request carries computer identification information;
receiving encrypted characteristic data corresponding to the computer identification information fed back by the server, and decrypting the encrypted characteristic data corresponding to the computer identification information to obtain decrypted characteristic data;
matching and checking the decrypted characteristic data and the data of the basic input and output system;
and if the decrypted characteristic data is consistent with the data of the basic input and output system, indicating the basic input and output system to start a computer factory mode.
According to the computer factory mode control method, the computer factory mode control device, the computer equipment and the storage medium, the computer equipment receives a factory mode starting configuration request sent by the server; sending a data acquisition request to the server according to the configuration request for starting the factory mode, wherein the data acquisition request carries computer identification information; receiving encrypted characteristic data corresponding to the computer identification information fed back by the server, and decrypting the encrypted characteristic data corresponding to the computer identification information to obtain decrypted characteristic data; finally, the computer equipment carries out matching verification on the decrypted characteristic data and the data of the basic input and output system; and if the decrypted characteristic data is consistent with the data of the basic input and output system, the computer equipment indicates the basic input and output system to start a computer factory mode. By adopting the method, the safety control of the computer equipment entering the factory mode can be realized without setting any external interface and special devices for the computer equipment, and meanwhile, because the method has no hardware intervention, the factory mode of the computer can be started through the corresponding server, and the automatic batch configuration production of the computer equipment can be realized.
Drawings
FIG. 1 is a diagram of an exemplary environment in which a method for factory mode control of a computer is implemented;
FIG. 2 is a diagram illustrating the internal architecture of a computing device, according to one embodiment;
FIG. 3 is a flow chart illustrating a method for factory mode control in one embodiment;
FIG. 4 is a flowchart illustrating a method for obtaining a system public key according to an embodiment;
FIG. 5 is a flowchart illustrating a system public key verification method according to an embodiment;
FIG. 6 is a flow diagram illustrating a method for time verification in one embodiment;
FIG. 7 is a flow diagram illustrating a method for ending a factory mode in one embodiment;
FIG. 8 is a diagram illustrating an exemplary embodiment of a factory mode control method;
FIG. 9 is a block diagram of a computer factory mode control apparatus according to an embodiment;
FIG. 10 is a diagram showing an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The computer factory mode control method provided by the present application can be applied to the computer factory mode control system 100 shown in fig. 1. The computer factory mode control system 100 includes: the server 110 may be implemented by an independent server or a server cluster composed of a plurality of servers, for example, a server cluster composed of a plurality of servers is taken as an example to implement the computer factory control method of the present application, and then the server cluster may include a computer configuration server 111, a Hardware Security Module (HSM) server 112, and a Network Time Protocol (NTP) server 113. The architecture of the computer device 120 in the present application is shown in fig. 2, wherein Basic Input Output System (BIOS) firmware is provided on a motherboard of the computer device in the form of a BIOS chip, on which a program executable by a central processing unit CPU and/or a South Bridge chip (South Bridge) is stored.
In one embodiment, as shown in fig. 3, a computer factory mode control method is provided, which is illustrated by applying the method to fig. 1, and includes the following steps:
step 301, receiving a configuration request for starting a factory mode sent by a server.
In implementation, the computer device refreshes BIOS (Basic Input Output System) firmware in the System, performs online booting, and then the computer device may receive a configuration request for booting the factory mode sent by the server.
Step 302, according to the configuration request for starting the factory mode, sending a data acquisition request to the server, where the data acquisition request carries computer identification information.
In implementation, the basic input/output system of the computer device stores feature data, and the feature data may correspondingly represent identity information of the computer device, for example, information of a manufacturer of the computer, a type of a motherboard of the computer, a type of a Central Processing Unit (CPU), and the like. The computer device may determine its own computer identification information according to the stored feature data, for example, the computer manufacturer information in the feature data is used as its own computer identification information, and then, after receiving an instruction of a configuration request for starting a factory mode sent by the server, the computer device sends a data acquisition request to the server, where the data acquisition request carries the computer identification information.
And step 303, receiving the encrypted characteristic data corresponding to the computer identification information fed back by the server, and decrypting the encrypted characteristic data corresponding to the computer identification information to obtain decrypted characteristic data.
In implementation, the server searches, according to the computer identification information, target data corresponding to the identity information (computer identification information) of the target computer device in a database of the feature data, which corresponds to the feature data corresponding to the encrypted computer identification information that the (target) computer device can receive feedback from the server, and then the computer device (target computer device) decrypts the encrypted feature data to obtain the decrypted feature data.
And step 304, matching and checking the decrypted characteristic data and the data of the basic input and output system.
In implementation, the basic input/output system of the computer device stores the feature data corresponding to the computer device, and the computer device may perform matching verification on the received decrypted feature data and the feature data of the basic input/output system (BIOS) to obtain a verification result.
In step 305, if the decrypted feature data is consistent with the data of the bios, the bios is instructed to start the computer factory mode.
In implementation, if the decrypted feature data is consistent with the feature data in the Basic Input Output System (BIOS) and the feature data is successfully verified, the computer device instructs the BIOS to start the factory mode.
Optionally, if the decrypted feature data is inconsistent with the feature data of the basic input/output system and the verification fails, the computer device clears all data in the verification process, stops the verification, and restores the operation mode to the factory leaving mode.
In the computer factory mode control method, the computer equipment receives a configuration request for starting a factory mode, which is sent by a server; sending a data acquisition request to a server according to a configuration request for starting a factory mode, wherein the data acquisition request carries computer identification information; then, the computer equipment receives the encrypted characteristic data corresponding to the computer identification information fed back by the server, and decrypts the encrypted characteristic data corresponding to the computer identification information to obtain decrypted characteristic data; finally, the computer equipment carries out matching verification on the decrypted characteristic data and the data of the basic input and output system; and if the decrypted characteristic data is consistent with the data of the basic input and output system, the computer equipment indicates the basic input and output system to start the computer factory mode. By adopting the method, the safety control of the computer equipment entering the factory mode can be realized without setting any external interface and special devices for the computer equipment, and meanwhile, because the method has no hardware intervention, the automatic batch configuration production of the computer equipment can be realized by carrying out the starting and configuration operation of the factory mode of the computer through the corresponding server.
In one embodiment, as shown in fig. 4, prior to step 301, the method further comprises:
step 401, sending a system public key obtaining request to a server, where the system public key obtaining request carries computer identification information.
In implementation, in the process of starting the computer factory mode, the computer device needs to send a system public key acquisition request to the server, where the system public key acquisition request carries computer identification information. After receiving the system public key acquisition request, the server generates a key pair (including a system public key KEYpub and a system private key KEYpriv) according to the computer identification information carried in the system public key acquisition request, where the key pair corresponds to the target computer device that sent the system public key acquisition request, and then the server may feed back the system public key (KEYpub) in the key pair to the target computer device (i.e., the computer device that sent the system public key acquisition request).
Step 402, receiving a system public key generated by the server according to the computer identification information, and solidifying the system public key into the firmware image file of the basic input output system.
In implementation, the computer device receives a system public key generated by the server according to the own computer identification information, and then solidifies the system public key into a Basic Input Output System (BIOS) firmware image file.
Optionally, the system public key may be compiled into the bios firmware image file by interaction between the code compiling server and the computer device, so the embodiment of the present application is not limited.
Then, in step 303, the encrypted feature data corresponding to the computer identification information is decrypted to obtain decrypted feature data, and the specific processing procedure is as follows:
and step 403, decrypting the encrypted feature data corresponding to the computer identification information by using the system public key solidified in the basic input/output system firmware image file to obtain decrypted feature data.
In implementation, after generating a key pair according to the computer identification information, the server feeds back a system public key (KEYpub) in the key pair to the computer device, and encrypts feature data corresponding to the computer identification information by using a system private key (KEYpriv) in the key pair to obtain encrypted feature data (DATpriv). Therefore, after receiving the encrypted feature data (DATpriv) fed back by the server, the computer device may decrypt the encrypted feature data corresponding to the own computer identification information by using the system public key solidified in the bios firmware image file to obtain the decrypted feature data.
In this embodiment, by pre-fixing the system public key in the key pair corresponding to the computer identification information of the computer itself to the firmware image file of the bios of the computer device, not only can the identity data (feature data) verification be performed on the factory-opening mode of the computer be achieved, but also by using the asymmetric encryption technology, the server encrypts the feature data corresponding to the computer identification by using the system private key, and the computer device can decrypt the feature data by using the system public key fixed to the firmware image file of the bios, so that the security of data transmission in the process of opening the factory mode of the computer can be ensured, and the security control of the factory mode of the computer device can be achieved.
In an embodiment, the server stores a corresponding relationship between the computer identification information and the computer type information, and the specific processing procedure of step 402 is as follows:
and receiving a system public key generated by the server according to the type information of the target computer, and solidifying the system public key into the firmware image file of the basic input and output system, wherein the type information of the target computer is determined from the corresponding relation according to the identification information of the computer.
In an implementation, the target computer type information is type information corresponding to the target computer device determined by the server according to the received computer identification information in a pre-stored correspondence between the computer identification information and the computer type information, so that a plurality of computer devices determined by the received computer identification information can further determine a unique computer device (target computer) according to the target computer type information, and further, the server can generate a key pair according to the target computer type information, so that the key pair corresponds to the target computer device in a one-to-one correspondence, and then the computer device receives a system public key generated by the server according to the target computer type information and solidifies the system public key into the basic input/output system image firmware file.
In this embodiment, the server determines the target computer type information from the correspondence between the computer identification information and the computer type information according to the computer identification information (e.g., computer manufacturer information), generates a key pair (including a system public key) according to the target computer type information, and feeds back the system public key to the target computer device, and the target computer device solidifies the received system public key corresponding to the target computer type information into an image file of the basic input/output system firmware, so that the one-to-one correspondence between the system public key and the computer device is realized, and the security control on the factory model of the computer device is enhanced.
In one embodiment, as shown in fig. 5, before step 403, the method further comprises:
step 501, calculating a hash value of the system public key, and comparing the hash value of the system public key solidified into the bios firmware image file with the calculated hash value of the system public key for verification.
In implementation, after receiving the system public key fed back by the server, the computer device may solidify the system public key and a Hash value (Hash value) of the system public key generated according to the system public key into the bios firmware image file, where the Hash value of the system public key may be stored in a preset location in the image file. Then, when the computer device receives the encrypted feature data corresponding to the computer identification information sent by the server, the system public key is checked in advance, the hash value of the current system public key is calculated, then, the hash value of the system public key solidified in the image file is inquired at the specific position of the basic input/output system firmware image file, and the calculated hash value of the current system public key is compared with the hash value of the system public key solidified in the image file for checking.
Optionally, the system public key and a total checksum (checksum) of the system public key may also be solidified into the bios firmware image file, so as to check the system public key in advance. The process of verifying the system public key by using the checksum is similar to the process of verifying the system public key by using the hash value in step 501, and the embodiment of the present application is not described again.
Alternatively, the code compiling server may instruct the computer device to complete compiling the system public key and the Hash value (Hash value) and/or the checksum (checksum) of the system public key into the bios firmware image file.
Step 502, when the hash value of the system public key in the bios firmware image file is consistent with the calculated hash value of the system public key, the system public key is successfully verified.
In implementation, when the hash value of the system public key pre-fixed in the bios firmware image file is consistent with the calculated hash value of the current system public key, the computer device determines that the system public key is successfully verified.
In this embodiment, when the system public key is solidified into the bios firmware image file, the hash value of the system public key is also solidified into the bios firmware image file, and then before the system public key is used to decrypt the feature data, the system public key is verified in advance, the hash value of the current system public key is calculated and compared with the hash value of the system public key solidified into the image file, and if the verification (comparison) is passed, subsequent decryption operation using the system public key is performed, so that leakage and falsification of the system public key are avoided, and the security of data in the computer factory mode is enhanced.
In one embodiment, as shown in fig. 6, before the bios is instructed to turn on the factory mode, the method further includes:
step 601, obtaining current time data in the server, and performing difference calculation on the current time data and timestamp data carried in the feature data to obtain a time difference between the current time data and the timestamp data.
In implementation, the computer device obtains current time data of the server, and performs difference calculation on the current time data and timestamp data carried in the characteristic data fed back by the server to obtain a time difference between the current time data and the carried timestamp data.
Step 602, when the time difference is smaller than a preset time difference threshold, the feature data is valid data.
In implementation, when the time difference is smaller than a preset time difference threshold, the computer device determines that the feature data received this time is valid data. When the computer device determines that the received feature data is valid data, and all verification processes of the computer factory mode are completed, the computer device executes the operation of instructing a Basic Input Output System (BIOS) to start the computer factory mode in step 305.
Optionally, when the time difference is greater than or equal to a preset time difference threshold, the computer device determines that the received feature data is invalid data, the time verification in the computer factory mode fails, the computer device rejects the invalid feature data, and instructs the bios firmware to clearly verify all data in the process, and then, the computer device returns to the factory mode.
In the embodiment, the effective time of the encrypted feature data corresponding to the computer identification information in the verification process is limited by additionally arranging the time verification process, when the encrypted feature data is obtained and copied under extreme conditions, when the encrypted feature data is further used to try to maliciously start the factory mode of the computer device, the time check process in the embodiment is used for checking, and the time difference calculated by the current time data of the server and the timestamp information carried by the acquired and copied encrypted feature data exceeds the preset time difference threshold, so that, the obtained and copied encrypted feature data are judged to be invalid data and cannot be used for starting the computer factory mode, so that the computer factory mode cannot be started at will even if the encrypted feature data are leaked, and the safety of the computer factory mode is improved.
In one embodiment, as shown in fig. 7, the computer factory control method further includes:
step 701, in the computer factory mode, when the configuration of the computer is completed, a factory mode end request sent by the server is received.
In implementation, after the factory mode of the computer is normally turned on, after the configuration of the computer device is completed through interaction with the server, etc., the computer device may receive a factory mode end request sent by the server.
Step 702, clearing all data in the starting process of the computer factory mode, and ending the computer factory mode.
In implementation, after the computer device receives a factory mode end request sent by the server, the computer device instructs a Basic Input Output System (BIOS) to clear all data in a factory mode starting process, and ends the factory mode of the computer, that is, the computer device is switched to a factory mode, and the computer device does not allow configuration in the computer device to be changed at will in the factory mode.
In this embodiment, after the process of performing production configuration in the factory mode by the computer device is finished, all data in the process of starting the factory mode is cleared, so that it is ensured that no data is left in the hard disk or the removable storage device, and further, the safety control of the factory mode of the computer is ensured.
In one embodiment, as shown in FIG. 8, if the server includes a computer configuration server, a hardware security server, and a network time protocol server. Each server has strict management and access authority limitation, only a special administrator in an intranet environment can configure and operate the process of each server, so as to further ensure the security when the computer equipment is configured through the server, and the specific processing procedures in the steps 301, 302, 303 and 601 for each server are as follows:
in implementation, in the computer factory mode control system 100, the computer device 120 receives a configuration request sent by the computer configuration server 111 (process automation configuration module) to start the factory mode; according to the configuration request for starting the factory mode, the BIOS data acquisition module in the computer device 120 sends a data acquisition request to the hardware security server 112, where the data acquisition request carries computer identification information; then, the BIOS DATpriv check module in the computer device 120 receives the encrypted feature data corresponding to the computer identification information fed back by the hardware security server 112(HSM security module), and decrypts the encrypted feature data corresponding to the computer identification information to obtain decrypted feature data; matching and checking the decrypted characteristic data and the data of the basic input and output system; if the decrypted feature data is consistent with data of a Basic Input Output System (BIOS), a BIOS timestamp check module in the computer device 120 obtains current time data in the network time protocol Server 113 (that is, an example NTP Server in the figure), and performs difference calculation on the current time data and timestamp data carried in the feature data to obtain a time difference between the current time data and the timestamp data. When the time difference is smaller than a preset time difference threshold value, the characteristic data are valid data; when the feature data is valid data, the computer factory mode check is all passed, and the computer device 120 instructs a Basic Input Output System (BIOS) to turn on the computer factory mode.
Optionally, after the computer factory mode is started, corresponding configuration operation may be performed on the computer device through the computer configuration server 111 (production line automatic configuration module), after configuration is completed, after the computer device 120 receives a factory mode completion request sent by the computer configuration server 111 (production line automatic configuration module), the BIOS clears all data in the factory mode starting process, and the computer device 120 completes the computer factory mode (i.e., switches to the factory mode).
Optionally, when the data (DATpriv) check fails and/or the timestamp check fails, the factory mode of the computer cannot be entered, the BIOS clears all data in the process of starting the factory mode, and the computer recovers the factory mode.
It should be understood that although the various steps in the flow charts of fig. 3-7 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least some of the steps in fig. 3-7 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least some of the other steps.
In one embodiment, as shown in fig. 9, there is provided a computer factory mode control apparatus 800 comprising: a receiving module 910, a sending module 920, a decrypting module 930, a checking module 940 and a processing module 950, wherein:
a receiving module 910, configured to receive a configuration request sent by a server to start a factory mode.
The sending module 920 is configured to send a data obtaining request to the server according to the configuration request for starting the factory mode, where the data obtaining request carries the computer identification information.
The decryption module 930 is configured to receive the encrypted feature data corresponding to the computer identification information fed back by the server, and decrypt the encrypted feature data corresponding to the computer identification information to obtain decrypted feature data.
And a verification module 940, configured to perform matching verification on the decrypted feature data and data of the basic input/output system.
The processing module 950 is configured to instruct the bios to start the computer factory mode if the decrypted feature data is consistent with the bios data.
The apparatus 900 for controlling a factory model of a computer includes a receiving module 910, a sending module 920, a decrypting module 930, a verifying module 940 and a processing module 950, wherein the receiving module 910 is configured to receive a configuration request for starting a factory model sent by a server. The sending module 920 is configured to send a data obtaining request to the server according to the configuration request for starting the factory mode, where the data obtaining request carries the computer identification information. The decryption module 930 is configured to receive the encrypted feature data corresponding to the computer identification information fed back by the server, and decrypt the encrypted feature data corresponding to the computer identification information to obtain decrypted feature data. And a verification module 940, configured to perform matching verification on the decrypted feature data and data of the basic input/output system. The processing module 950 is configured to instruct the bios to start the computer factory mode if the decrypted feature data is consistent with the bios data. By adopting the device, the safety control of the computer equipment entering the factory mode can be realized without setting any external interface and special devices for the computer equipment, and meanwhile, because the method is not subjected to hardware intervention, the factory mode of the computer is started through the corresponding server, and the automatic batch configuration production of the computer equipment can be realized.
In one embodiment, the computer factory mode control apparatus 900 further comprises:
and the sending module is used for sending a system public key obtaining request to the server, wherein the system public key obtaining request carries the computer identification information.
And the compiling module is used for receiving the system public key generated by the server according to the computer identification information and solidifying the system public key into the firmware image file of the basic input and output system.
The decryption module 930 is specifically configured to decrypt the encrypted feature data corresponding to the computer identification information by using the system public key solidified in the bios firmware image file, so as to obtain decrypted feature data.
In one embodiment, the server stores the corresponding relation between the computer identification information and the computer type information; the compiling module is specifically configured to receive a system public key generated by the server according to the type information of the target computer, and solidify the system public key into the basic input/output system firmware image file, where the type information of the target computer is determined from the corresponding relationship according to the computer identification information.
In one embodiment, the computer factory mode control apparatus 900 further comprises:
and the verification module is used for calculating the hash value of the system public key and comparing the hash value of the system public key solidified into the basic input and output system firmware image file with the calculated hash value of the system public key for verification.
And the determining module is used for successfully verifying the system public key when the hash value of the system public key solidified in the basic input/output system firmware image file is consistent with the calculated hash value of the system public key.
In one embodiment, the computer factory mode control apparatus 900 further comprises:
and the checking module is used for acquiring the current time data in the server, and performing difference calculation on the current time data and the timestamp data carried in the characteristic data to obtain the time difference between the current time data and the timestamp data.
And the judging module is used for judging the characteristic data to be valid data when the time difference is smaller than a preset time difference threshold value. And when the characteristic data is valid data, executing the step of indicating the basic input and output system to start the computer factory mode.
In one embodiment, the computer factory mode control apparatus 900 further comprises:
and the receiving module is used for receiving a factory mode ending request sent by the server when the computer configuration is finished in the computer factory mode.
And the clearing module is used for clearing all data in the starting process of the computer factory mode and ending the computer factory mode.
In one embodiment, the servers include a computer configuration server, a hardware security server, and a network time protocol server.
The receiving module 910 is specifically configured to receive a configuration request for starting a plant mode sent by a computer configuration server.
The sending module 920 is specifically configured to send a data obtaining request to the hardware security server according to the configuration request for starting the factory mode, where the data obtaining request carries computer identification information.
The decryption module 930 is specifically configured to receive the encrypted feature data corresponding to the computer identification information fed back by the hardware security server.
The checking module is specifically configured to acquire current time data in the network time protocol server, and perform difference calculation on the current time data and timestamp data carried in the feature data to obtain a time difference between the current time data and the timestamp data.
For the specific definition of the computer factory mode control device, reference may be made to the above definition of the computer factory mode control method, which is not described herein again. The modules in the computer factory pattern control device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 10. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a computer factory mode control method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.
Those skilled in the art will appreciate that the architecture shown in fig. 10 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory having a computer program stored therein, the processor implementing the following steps when executing the computer program:
and receiving a configuration request for starting the factory mode sent by the server.
And sending a data acquisition request to the server according to the configuration request for starting the factory mode, wherein the data acquisition request carries computer identification information.
And receiving the encrypted characteristic data corresponding to the computer identification information fed back by the server, and decrypting the encrypted characteristic data corresponding to the computer identification information to obtain the decrypted characteristic data.
And matching and checking the decrypted characteristic data and the data of the basic input and output system.
And if the decrypted characteristic data is consistent with the data of the basic input and output system, indicating the basic input and output system to start a computer factory mode.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and sending a system public key acquisition request to the server, wherein the system public key acquisition request carries computer identification information.
And receiving a system public key generated by the server according to the computer identification information, and solidifying the system public key into the firmware image file of the basic input and output system.
And decrypting the encrypted feature data corresponding to the computer identification information by using the system public key solidified in the BIOS firmware image file to obtain the decrypted feature data.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and receiving a system public key generated by the server according to the type information of the target computer, and solidifying the system public key into the firmware image file of the basic input and output system, wherein the type information of the target computer is determined from the corresponding relation according to the identification information of the computer.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and calculating the hash value of the system public key, and comparing and checking the hash value of the system public key solidified in the BIOS firmware image file with the calculated hash value of the system public key.
And when the hash value of the system public key solidified in the basic input output system firmware image file is consistent with the calculated hash value of the system public key, the system public key is successfully verified.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and acquiring current time data in the server, and performing difference calculation on the current time data and timestamp data carried in the characteristic data to obtain a time difference between the current time data and the timestamp data.
And when the time difference is smaller than a preset time difference threshold value, the characteristic data is valid data.
And when the characteristic data is valid data, executing the step of indicating the basic input and output system to start the computer factory mode.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and in the computer factory mode, when the configuration of the computer is finished, receiving a factory mode ending request sent by the server.
And clearing all data in the starting process of the computer factory mode, and ending the computer factory mode.
In one embodiment, the processor, when executing the computer program, further performs the steps of:
and receiving a configuration request for starting the factory mode sent by the computer configuration server.
And sending a data acquisition request to the hardware security server according to the configuration request for starting the factory mode, wherein the data acquisition request carries computer identification information.
And receiving encrypted characteristic data corresponding to the computer identification information fed back by the hardware security server.
And acquiring current time data in the network time protocol server, and performing difference calculation on the current time data and timestamp data carried in the characteristic data to obtain a time difference between the current time data and the timestamp data.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include at least one of non-volatile and volatile memory. Non-volatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical storage, or the like. Volatile Memory can include Random Access Memory (RAM) or external cache Memory. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A computer factory mode control method, the method comprising:
receiving a configuration request for starting a factory mode sent by a server;
sending a data acquisition request to the server according to the configuration request for starting the factory mode, wherein the data acquisition request carries computer identification information;
receiving encrypted characteristic data corresponding to the computer identification information fed back by the server, and decrypting the encrypted characteristic data corresponding to the computer identification information to obtain decrypted characteristic data;
matching and checking the decrypted characteristic data and the data of the basic input and output system;
and if the decrypted characteristic data is consistent with the data of the basic input and output system, indicating the basic input and output system to start a computer factory mode.
2. The method of claim 1, wherein prior to receiving the configuration request sent by the server to initiate the factory mode, the method further comprises:
sending a system public key acquisition request to a server, wherein the system public key acquisition request carries computer identification information;
receiving a system public key generated by the server according to the computer identification information, and solidifying the system public key into the firmware image file of the basic input and output system;
the decrypting the encrypted feature data corresponding to the computer identification information to obtain the decrypted feature data includes:
and decrypting the encrypted feature data corresponding to the computer identification information by using the system public key solidified in the BIOS firmware image file to obtain the decrypted feature data.
3. The method according to claim 2, wherein the server stores therein a correspondence relationship between computer identification information and computer type information; the receiving a system public key generated by the server according to the computer identification information and solidifying the system public key into the bios firmware image file includes:
and receiving a system public key generated by the server according to the type information of the target computer, and solidifying the system public key into the firmware image file of the basic input and output system, wherein the type information of the target computer is determined from the corresponding relation according to the identification information of the computer.
4. The method of claim 2, wherein prior to decrypting the encrypted feature data corresponding to the computer identification information using the system public key solidified in the bios firmware image file, the method further comprises:
calculating the hash value of the system public key, and comparing and checking the hash value of the system public key solidified in the BIOS firmware image file with the calculated hash value of the system public key;
and when the hash value of the system public key solidified in the basic input output system firmware image file is consistent with the calculated hash value of the system public key, the system public key is successfully verified.
5. The method of claim 1, wherein prior to instructing the bios to initiate computer factory mode, the method further comprises:
acquiring current time data in the server, and performing difference calculation on the current time data and timestamp data carried in the characteristic data to obtain a time difference between the current time data and the timestamp data;
when the time difference is smaller than a preset time difference threshold value, the characteristic data are valid data;
and when the characteristic data is valid data, executing the step of indicating the basic input and output system to start the computer factory mode.
6. The method of claim 1, further comprising:
in a computer factory mode, when the configuration of a computer is finished, receiving a factory mode ending request sent by the server;
and clearing all data in the starting process of the computer factory mode, and ending the computer factory mode.
7. The method of claim 5, wherein the server comprises a computer configuration server, a hardware security server, and a network time protocol server;
the receiving a configuration request for starting a factory mode sent by a server includes:
receiving a configuration request for starting a factory mode sent by the computer configuration server;
the sending a data acquisition request to the server according to the configuration request for starting the factory mode, where the data acquisition request carries computer identification information, includes:
sending a data acquisition request to the hardware security server according to the configuration request for starting the factory mode, wherein the data acquisition request carries computer identification information;
the receiving the encrypted feature data corresponding to the computer identification information fed back by the server comprises:
receiving encrypted characteristic data corresponding to the computer identification information fed back by the hardware security server;
the obtaining of the current time data in the server and the difference calculation of the current time data and the timestamp data carried in the feature data to obtain the time difference between the current time data and the timestamp data includes:
and acquiring current time data in the network time protocol server, and performing difference calculation on the current time data and timestamp data carried in the characteristic data to obtain a time difference between the current time data and the timestamp data.
8. A computer factory mode control apparatus, the apparatus comprising:
the system comprises a receiving module, a sending module and a processing module, wherein the receiving module is used for receiving a configuration request for starting a factory mode sent by a server;
a sending module, configured to send a data acquisition request to the server according to the configuration request for starting the factory mode, where the data acquisition request carries computer identification information;
the decryption module is used for receiving the encrypted characteristic data corresponding to the computer identification information fed back by the server and decrypting the encrypted characteristic data corresponding to the computer identification information to obtain the decrypted characteristic data;
the verification module is used for matching and verifying the decrypted characteristic data and the data of the basic input and output system;
and the processing module is used for indicating the basic input and output system to start a computer factory mode if the decrypted characteristic data is consistent with the data of the basic input and output system.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of any of claims 1 to 7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202010807579.8A 2020-08-12 Computer factory mode control method, device, computer equipment and storage medium Active CN111970124B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010807579.8A CN111970124B (en) 2020-08-12 Computer factory mode control method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010807579.8A CN111970124B (en) 2020-08-12 Computer factory mode control method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111970124A true CN111970124A (en) 2020-11-20
CN111970124B CN111970124B (en) 2024-07-09

Family

ID=

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101277194A (en) * 2008-05-13 2008-10-01 江苏科技大学 Transmitting/receiving method for secret communication
US20110099368A1 (en) * 2009-10-26 2011-04-28 Hon Hai Precision Industry Co., Ltd. Cable modem and certificate testing method thereof
CN104484592A (en) * 2014-12-31 2015-04-01 广州视源电子科技股份有限公司 Starting method and system of mobile equipment factory pattern
CN105718762A (en) * 2014-12-05 2016-06-29 中国长城计算机深圳股份有限公司 Basic input output system (BIOS) authentication method and apparatus
WO2017008728A1 (en) * 2015-07-16 2017-01-19 福建联迪商用设备有限公司 Method and system for classifying development mode and product mode for terminal
US20170061272A1 (en) * 2015-08-31 2017-03-02 American Express Travel Related Services Company, Inc. Magnetic card swipe emulation systems and methods
CN107094097A (en) * 2017-05-12 2017-08-25 深圳前海茂佳软件科技有限公司 A kind of long-range replay method of fault message and device
CN107135229A (en) * 2017-06-02 2017-09-05 云丁网络技术(北京)有限公司 Intelligent home information safe verification method, device, equipment and system
CN107679372A (en) * 2017-09-26 2018-02-09 努比亚技术有限公司 Access control method, terminal and the storage medium of application program
CN109144552A (en) * 2018-09-10 2019-01-04 郑州云海信息技术有限公司 A kind of boot firmware method for refreshing and device
CN109309567A (en) * 2018-09-04 2019-02-05 福建联迪商用设备有限公司 A kind of method and system for transmitting key
CN111177693A (en) * 2019-12-11 2020-05-19 福建魔方电子科技有限公司 Method, device, equipment and medium for verifying terminal root certificate
WO2020125389A1 (en) * 2018-12-17 2020-06-25 深圳壹账通智能科技有限公司 Image file acquisition method, apparatus, computer device and storage medium

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101277194A (en) * 2008-05-13 2008-10-01 江苏科技大学 Transmitting/receiving method for secret communication
US20110099368A1 (en) * 2009-10-26 2011-04-28 Hon Hai Precision Industry Co., Ltd. Cable modem and certificate testing method thereof
CN105718762A (en) * 2014-12-05 2016-06-29 中国长城计算机深圳股份有限公司 Basic input output system (BIOS) authentication method and apparatus
CN104484592A (en) * 2014-12-31 2015-04-01 广州视源电子科技股份有限公司 Starting method and system of mobile equipment factory pattern
WO2017008728A1 (en) * 2015-07-16 2017-01-19 福建联迪商用设备有限公司 Method and system for classifying development mode and product mode for terminal
US20170061272A1 (en) * 2015-08-31 2017-03-02 American Express Travel Related Services Company, Inc. Magnetic card swipe emulation systems and methods
CN107094097A (en) * 2017-05-12 2017-08-25 深圳前海茂佳软件科技有限公司 A kind of long-range replay method of fault message and device
CN107135229A (en) * 2017-06-02 2017-09-05 云丁网络技术(北京)有限公司 Intelligent home information safe verification method, device, equipment and system
CN107679372A (en) * 2017-09-26 2018-02-09 努比亚技术有限公司 Access control method, terminal and the storage medium of application program
CN109309567A (en) * 2018-09-04 2019-02-05 福建联迪商用设备有限公司 A kind of method and system for transmitting key
CN109144552A (en) * 2018-09-10 2019-01-04 郑州云海信息技术有限公司 A kind of boot firmware method for refreshing and device
WO2020125389A1 (en) * 2018-12-17 2020-06-25 深圳壹账通智能科技有限公司 Image file acquisition method, apparatus, computer device and storage medium
CN111177693A (en) * 2019-12-11 2020-05-19 福建魔方电子科技有限公司 Method, device, equipment and medium for verifying terminal root certificate

Similar Documents

Publication Publication Date Title
CN108810894B (en) Terminal authorization method, device, computer equipment and storage medium
US10033534B2 (en) Methods and apparatus to provide for efficient and secure software updates
CN106133739B (en) Security protection of loading of data into non-volatile memory of a secure element
CN106384052A (en) Method for realizing BMC U-boot trusted boot control
CN110737897B (en) Method and system for starting measurement based on trusted card
CN108200078B (en) Downloading and installing method of signature authentication tool and terminal equipment
JP6391439B2 (en) Information processing apparatus, server apparatus, information processing system, control method, and computer program
KR20160098756A (en) Hardware secure module, method for updating integrity check value stored in the hardware secure module and program stored in terminal by the hardware secure module
CN112202747A (en) Target device binding method and device, storage medium and electronic device
CN112162825A (en) Equipment configuration method, device, equipment and storage medium
CN111177709A (en) Execution method and device of terminal trusted component and computer equipment
CN111901304B (en) Registration method and device of mobile security equipment, storage medium and electronic device
CN114296873B (en) Virtual machine image protection method, related device, chip and electronic equipment
US20220182248A1 (en) Secure startup method, controller, and control system
US9940480B2 (en) Securing delegated remote management with digital signature
CN109150813B (en) Equipment verification method and device
CN113438264B (en) Wearable massager connection method, device, computer equipment and storage medium
CN114143197B (en) OTA (over the air) upgrading method, device and equipment for Internet of things equipment and readable storage medium
CN111970124B (en) Computer factory mode control method, device, computer equipment and storage medium
CN111970124A (en) Computer factory mode control method and device, computer equipment and storage medium
CN111400699B (en) Terminal verification method, device and system and storage medium
CN104933367A (en) Information processing method and electronic device
CN112000935A (en) Remote authentication method, device, system, storage medium and computer equipment
CN109683972B (en) Information control method and device
CN112862040B (en) Multi-unit decryption method, system, device and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant