CN112231704A - Trusted network environment protection method, apparatus and computer readable storage medium - Google Patents
Trusted network environment protection method, apparatus and computer readable storage medium Download PDFInfo
- Publication number
- CN112231704A CN112231704A CN202010737758.9A CN202010737758A CN112231704A CN 112231704 A CN112231704 A CN 112231704A CN 202010737758 A CN202010737758 A CN 202010737758A CN 112231704 A CN112231704 A CN 112231704A
- Authority
- CN
- China
- Prior art keywords
- network
- trusted
- network environment
- environment protection
- operating system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000001514 detection method Methods 0.000 claims abstract description 9
- 238000012360 testing method Methods 0.000 claims description 12
- 238000004458 analytical method Methods 0.000 claims description 2
- 230000008569 process Effects 0.000 description 7
- 238000005192 partition Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011217 control strategy Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention provides a trusted network environment protection method, a trusted network environment protection device and a computer readable storage medium. The method comprises the following steps: acquiring network characteristics of an accessible network after a power switch pressing event is detected and before an operating system is started based on a boot code of a BIOS; analyzing the network characteristics to determine whether the current network environment is trusted; when it is determined that the network environment is not trusted, a predetermined protection operation is performed. The embodiment of the invention can provide a safe and reliable network detection means for the computer, prevent the safety problem caused by intentionally or artificially carelessly connecting an untrusted network, and is particularly suitable for the trusted industry.
Description
Technical Field
The present invention belongs to the field of information technology, and in particular, relates to a trusted network environment protection method, apparatus and computer-readable storage medium.
Background
The information technology application innovation industry is called the innovation industry. The IT industry ecology established based on the self-owned IT bottom layer architecture and the standard is the main connotation of the trusted industry.
The trusted and created industry contains security and control strategies across the industry chain from the underlying software and hardware of IT to the overlying applications. Take "cloud" and "end" angles as examples: (1) the terminal full stack architecture based on the domestic platform comprises the following steps: the system comprises a domestic CPU, complete machine equipment, a Basic Input Output System (BIOS), an operating system, a driving layer, an application layer (office software and application software) and the like. The terminal equipment comprises a personal desktop computer, a notebook computer, a thin client connected to a cloud platform and the like which are separately deployed. (2) The cloud computing full stack architecture based on the domestic platform comprises the following steps: with the development of cloud computing, various industries such as governments, finance, telecommunications and the like gradually migrate from a traditional information system chimney-type construction mode to a private cloud and public cloud environment. The core of cloud computing is to perform configuration management and flexible expansion of resources such as computation, storage, and network by using a technology represented by virtualization. The overall architecture of the cloud computing comprises: based on the infrastructure layer of the domestic CPU, such as complete machine, network, storage, etc.; the IaaS layer comprises an operating system and a cloud management platform; the PaaS layer mainly performs micro-service customized packaging on application software by using a container environment, performs continuous deployment and integration on cloud native applications by using a DevOps concept, and performs unified cluster management on containers by using a container arrangement tool; the SaaS layer comprises business software of various industries such as government, finance, telecommunication and the like. In addition, the method also comprises the safety management, the operation and maintenance management and the corresponding standard establishment compliance of the whole platform.
With the development of the trusted industry, a large number of computers put higher and higher security requirements. In order to shield the possible latent virus and trojan attack on the internet, a safe and reliable network detection means is required to be provided for computers in the trust and creation industry so as to prevent the safety problem caused by intentionally or artificially carelessly connecting the internet.
Disclosure of Invention
The embodiment of the invention provides a trusted network environment protection method, a trusted network environment protection device and a computer readable storage medium.
The technical scheme of the embodiment of the invention is as follows:
a trusted network environment protection method, the method comprising:
acquiring network characteristics of an accessible network after a power switch pressing event is detected and before an operating system is started based on a boot code of a BIOS;
analyzing the network characteristics to determine whether the current network environment is trusted;
when it is determined that the network environment is not trusted, a predetermined protection operation is performed.
In one embodiment, the method further comprises, after detecting the power switch press event and before starting the operating system:
after the self-test is finished after the power-on is detected and before the operating system is started; or
After detecting the completion of updating the extended system configuration data ESCD and before starting the operating system.
In one embodiment, the obtaining network characteristics of the accessible network includes: and acquiring a reply packet for enabling the network card to send the Ping packet to the preset IP address.
In one embodiment, the performing the predetermined protection operation includes at least one of the following
Powering off the chip; network access is prohibited; encrypting hard disk data; data crushing of the hard disk; uploading a computer feature code; screen pop-up warnings.
A trusted network environment protection apparatus, comprising:
the network characteristic acquisition module is used for acquiring network-accessible network characteristics after a power switch pressing event is detected and before an operating system is started based on the starting code of the BIOS;
the analysis module is used for analyzing the network characteristics to judge whether the current network environment is credible;
and the protection module is used for executing a preset protection operation when the network environment is judged to be not credible.
In one embodiment, the network feature acquiring module is configured to acquire a network feature accessible to a network after detecting that a self-test is completed after power-up and before starting an operating system; or acquiring the network characteristics of the accessible network after detecting that the updating of the extended system configuration data ESCD is finished and before starting the operating system.
In one embodiment, the protection module is configured to perform at least one of:
powering off the chip; network access is prohibited; encrypting hard disk data; data crushing of the hard disk; uploading a computer feature code; screen pop-up warnings.
A trusted network environment protection appliance comprising a processor and a memory;
the memory has stored therein an application executable by the processor for causing the processor to perform the trusted network environment protection method as described in any one of the above.
A trusted network environment protection system, comprising:
the trusted network environment protection device is arranged in the mainboard chipset and used for acquiring network characteristics of an accessible network after a power switch pressing event is detected and before an operating system is started based on a starting code of the BIOS; analyzing the network characteristics to determine whether the current network environment is trusted; when it is determined that the network environment is not trusted, a predetermined protection operation is performed.
A computer-readable storage medium having computer-readable instructions stored therein for performing the trusted network environment protection method as recited in any one of the above.
As can be seen from the foregoing technical solutions, in the embodiments of the present invention, after a power switch press event is detected and before an operating system is started based on a boot code of a BIOS, a network feature of an accessible network is obtained; analyzing the network characteristics to determine whether the current network environment is trusted; when it is determined that the network environment is not trusted, a predetermined protection operation is performed. Therefore, the embodiment of the invention can provide a safe and reliable network detection means for the computer at the early stage of the startup of the computer, prevent the safety problem caused by intentionally or artificially carelessly connecting an untrusted network, and is particularly suitable for the trusted and created industry.
Moreover, the trusted network environment protection device is implemented as a hardware chip (for example, deployed in a motherboard chipset) or is fixed in a BIOS or an operating system, and may be started at startup, at regular time or as needed, and has various embodiments.
Drawings
Fig. 1 is a flowchart of a trusted network environment protection method according to an embodiment of the present invention.
Fig. 2 is an exemplary flowchart of a trusted network environment protection method according to an embodiment of the present invention.
Fig. 3 is a block diagram of a trusted network environment protection apparatus according to an embodiment of the present invention.
Fig. 4 is a block diagram of a trusted network environment protection apparatus having a memory-processor architecture according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the accompanying drawings.
For simplicity and clarity of description, the invention will be described below by describing several representative embodiments. Numerous details of the embodiments are set forth to provide an understanding of the principles of the invention. It will be apparent, however, that the invention may be practiced without these specific details. Some embodiments are not described in detail, but rather are merely provided as frameworks, in order to avoid unnecessarily obscuring aspects of the invention. Hereinafter, "including" means "including but not limited to", "according to … …" means "at least according to … …, but not limited to … … only". In view of the language convention of chinese, the following description, when it does not specifically state the number of a component, means that the component may be one or more, or may be understood as at least one.
Fig. 1 is a flowchart of a trusted network environment protection method according to an embodiment of the present invention.
As shown in fig. 1, the method includes:
step 101: network characteristics of the accessible network are obtained after detecting a power switch press event and prior to booting the operating system based on boot code of the BIOS.
First, a start-up process of the computer will be exemplarily described. The method specifically comprises the following steps:
the first step is as follows: when a user presses a power switch, the power supply supplies power to the mainboard and other equipment, the voltage is not stable at the moment, a control chip group on the mainboard sends and keeps a RESET signal to the CPU, the interior of the CPU is automatically restored to an initial state, but the CPU cannot execute an instruction immediately at the moment. When the control chipset detects that the power supply has started to stabilize the power supply, the RESET signal is removed (wherein if the RESET button on the computer panel is manually pressed to restart the machine, the RESET signal is removed by the chipset when the button is released), and the CPU starts executing instructions from address FFFF 0H. The address is within the address range of the system BIOS, specifically a jump instruction, to the real boot code in the system BIOS.
The second step is that: the boot code of the system BIOS first performs a Power-On Self Test (POST), and the POST has a main task of detecting whether or not key devices (such as a memory and a display card) in the system exist and can normally operate. Because the POST is the earliest detection process, the display card is not initialized at this time, if some fatal errors are found in the process of performing the POST by the system BIOS, for example, a memory is not found or a memory problem is found, the system BIOS directly controls the loudspeaker to sound to report the errors, and the length and the frequency of the sound represent the type of the error. After the POST is finished, other code is called to perform more complete hardware detection.
The third step: the system BIOS will then look up the display card's BIOS. The start address of the ROM chip storing the graphics card BIOS is usually set at C0000H, and the system BIOS calls its initialization code after finding the graphics card BIOS at this address, so as to initialize the graphics card by the graphics card BIOS. At this time, most of the display cards will display some initialization information on the screen to introduce the manufacturer, the graphics chip type, etc., and the system BIOS will then search the BIOS programs of other devices, and after finding the BIOS programs, call the initialization codes inside these BIOS to initialize the relevant devices.
The fourth step: after finding the BIOS of all other devices, the system BIOS displays its own boot screen, which includes the type, serial number, version number, etc. of the system BIOS.
The fifth step: then the system BIOS will detect and display the CPU type and working frequency, then start to test all RAMs, and display the progress of memory test on the screen at the same time, at this moment, the user can decide to use the simple test mode with less time consumption or more detailed test mode with more time consumption in the CMOS setting.
And a sixth step: after the memory test is passed, the system BIOS starts to detect some standard hardware devices installed in the system, including devices such as a hard disk, a CD-ROM, a serial port, a parallel port, and a floppy drive, and most of newer versions of the system BIOS also automatically detect and set timing parameters, parameters of the hard disk, access modes, and the like of the memory in this process.
The seventh step: after the standard device is detected, the code supporting plug and play in the system BIOS starts to detect and configure the plug and play device (e.g., a plug and play network card) installed in the system, and after finding a device, the system BIOS displays information such as the name and model of the device on a screen, and allocates resources such as an interrupt, a DMA channel, and an I/O port to the device.
Eighth step: when all hardware has been tested and configured, the system BIOS is re-screened and a table is displayed above the screen, which roughly lists the various standard hardware devices installed in the system, as well as the resources they use and some relevant operating parameters.
The ninth step: the System BIOS will then update the ESCD (Extended System Configuration Data). ESCD is a means by which the system BIOS exchanges hardware configuration information with the operating system, and this data is stored in CMOS (a small special RAM powered by the motherboard's battery). Generally, the ESCD data is updated only after the hardware configuration of the system is changed, so that the information of 'updateescd.. Success' cannot be seen every time the machine is started, however, the system BIOS of some motherboards uses a data format different from that of Windows9x when the ESCD data is stored, so that Windows9x modifies the ESCD data into its format during the starting process of the system itself, but the system BIOS changes the data format of the ESCD back even if the hardware configuration is not changed when the machine is started next time, and the cycle is repeated, so that the system BIOS updates the ESCD once every time the machine is started, which is why some machines display related information every time the machine is started.
The tenth step: after the update of the ESCD is completed, the boot code of the system BIOS will perform its last operation, i.e. boot from a floppy disk, hard disk or optical drive according to the boot sequence specified by the user. Taking the example of a boot from the C disk, the system BIOS will read and execute the master boot record on the hard disk, the master boot record will then find the first active partition from the partition table, and then read and execute the partition boot record of this active partition, and the partition boot record will be responsible for reading and executing the io.sys file. If the system is installed with tool software for booting multiple operating systems, the main boot record will be replaced with the boot code of the software, and the code will allow the user to select one operating system, and then read and execute the basic boot code of the operating system (the basic boot code of DOS and Windows is the partition boot record). The above description is about various initialization operations to be performed when the computer is turned on (or Reset key is pressed) for cold start.
Preferably, in step 101, after detecting that the self-test POST is completed after power-on and before starting the operating system, acquiring network characteristics of the accessible network; or acquiring the network characteristics of the accessible network after detecting that the updating of the extended system configuration data ESCD is finished and before starting the operating system.
More preferably, in step 101, between the sixth step and the ninth step of the above-mentioned starting process, the network characteristics of the accessible network are acquired. For example, applicants have found that: and after the detection of the standard hardware equipment is completed in the sixth step and before the ESCD is updated in the ninth step, network characteristics of the accessible network are obtained, so that not only can the safety detection be realized as soon as possible in the early stage of the starting of the computer, but also the computer can be ensured to have enough starting resources for completing the network detection.
Moreover, obtaining network characteristics of the accessible network includes: and acquiring a reply packet for enabling the network card to send the Ping packet to the preset IP address. For example, the predetermined IP address may be an address in an untrusted network environment.
Step 102: the network characteristics are parsed to determine whether the current network environment is trusted.
And when the reply packet is determined to be successfully received, determining that the current network environment is not trusted. And when the reply packet is determined not to be successfully received, the current network environment is determined to be credible.
Step 103: when it is determined that the network environment is not trusted, a predetermined protection operation is performed.
Here, when it is determined that the network environment is not trusted, at least one of the following operations may be performed: powering off the chip; network access is prohibited; encrypting hard disk data; data crushing of the hard disk; uploading a computer feature code; screen pop-up warnings, etc.
Fig. 2 is an exemplary flowchart of a trusted network environment protection method according to an embodiment of the present invention.
As shown in fig. 2, the method includes:
step 21: a power switch down event of the computer is detected.
Step 22: network characteristics of the accessible network are obtained prior to the BIOS-based boot code booting the operating system. For example, a Ping packet may be generated to a particular IP address (e.g., 74.125.23.147) in the untrusted network in an attempt to obtain a reply packet.
Step 23: whether the network environment is trusted is determined based on the network characteristics. For example, when a reply packet of the Ping packet is received, the network environment is considered to be not trusted; and when the reply packet of the Ping packet is not received, the network environment is considered to be credible. Wherein, when the network environment is determined to be not trusted, the step 24 and the following steps are executed; when the network environment is deemed to be trusted, step 31 and the following steps are performed.
Step 24: and executing the network breaking operation.
Step 25: and sending an alarm prompt and finishing the process.
Step 31: a heartbeat connection with a trusted network is run and maintained.
Step 32: and judging whether the network changes, if so, executing the step 23 and the subsequent steps, otherwise, executing the step 31 and the subsequent steps.
Based on the above description, the embodiment of the present invention further provides a trusted network environment protection apparatus.
Fig. 3 is a block diagram of a trusted network environment protection apparatus according to an embodiment of the present invention.
As shown in fig. 3, the trusted network environment protection apparatus 300 includes:
a network feature acquiring module 301, configured to acquire a network feature of an accessible network after detecting a power switch press event and before starting an operating system based on a boot code of the BIOS;
a parsing module 302 for parsing the network characteristics to determine whether the current network environment is trusted;
a protection module 303, configured to perform a predetermined protection operation when it is determined that the network environment is not trusted.
In one embodiment, the network feature acquiring module 301 is configured to acquire a network feature accessible to a network after detecting that a self-test is completed after power-on and before starting an operating system; or acquiring the network characteristics of the accessible network after detecting that the updating of the extended system configuration data ESCD is finished and before starting the operating system.
In one embodiment, the protection module 303 is configured to perform at least one of:
powering off the chip; network access is prohibited; encrypting hard disk data; data crushing of the hard disk; uploading a computer feature code; screen pop-up warnings.
The trusted network environment protection apparatus 300 may be implemented as a hardware chip (for example, deployed in a motherboard chipset) or solidified in the BIOS or the operating system, so as to ensure that the execution is performed preferentially. Also, the trusted network environment protection device 300 may be started at power-on, at regular times, or on demand. When launching on demand includes opening some applications or documents that require a trusted context. The network characteristics can be preset website or webpage information, PING return packets and the like. The protection module 303 may also present a configuration interface, which may configure and set specific protection operations to be performed when the network environment is not trusted according to the state and actual needs fed back by the user. Preferably, the network feature may further include establishing a "heartbeat" connection with the trusted network environment to ensure that the computer is always in the trusted network environment.
Fig. 4 is a block diagram of a trusted network environment protection apparatus having a memory-processor architecture according to an embodiment of the present invention.
As shown in fig. 4, the trusted network environment protection apparatus 400 having a memory-processor architecture includes: a processor 401 and a memory 402; in which memory 402 has stored therein an application executable by the processor 401 for causing the processor 401 to perform the trusted network environment protection method as described in any one of the above.
The memory 402 may be embodied as various storage media such as an Electrically Erasable Programmable Read Only Memory (EEPROM), a Flash memory (Flash memory), and a Programmable Read Only Memory (PROM). Processor 401 may be implemented to include one or more central processors or one or more field programmable gate arrays that integrate one or more central processor cores. In particular, the central processor or central processor core may be implemented as a CPU or MCU.
It should be noted that not all steps and modules in the above flows and structures are necessary, and some steps or modules may be omitted according to actual needs. The execution order of the steps is not fixed and can be adjusted as required. The division of each module is only for convenience of describing adopted functional division, and in actual implementation, one module may be divided into multiple modules, and the functions of multiple modules may also be implemented by the same module, and these modules may be located in the same device or in different devices.
The hardware modules in the various embodiments may be implemented mechanically or electronically. For example, a hardware module may include a specially designed permanent circuit or logic device (e.g., a special purpose processor such as an FPGA or ASIC) for performing specific operations. A hardware module may also include programmable logic devices or circuits (e.g., including a general-purpose processor or other programmable processor) that are temporarily configured by software to perform certain operations. The implementation of the hardware module in a mechanical manner, or in a dedicated permanent circuit, or in a temporarily configured circuit (e.g., configured by software), may be determined based on cost and time considerations.
The present invention also provides a machine-readable storage medium storing instructions for causing a machine to perform a method as described herein. Specifically, a system or an apparatus equipped with a storage medium on which a software program code that realizes the functions of any of the embodiments described above is stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program code stored in the storage medium. Further, part or all of the actual operations may be performed by an operating system or the like operating on the computer by instructions based on the program code. The functions of any of the above-described embodiments may also be implemented by writing the program code read out from the storage medium to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion unit connected to the computer, and then causing a CPU or the like mounted on the expansion board or the expansion unit to perform part or all of the actual operations based on the instructions of the program code.
Examples of the storage medium for supplying the program code include floppy disks, hard disks, magneto-optical disks, optical disks (e.g., CD-ROMs, CD-R, CD-RWs, DVD-ROMs, DVD-RAMs, DVD-RWs, DVD + RWs), magnetic tapes, nonvolatile memory cards, and ROMs. Alternatively, the program code may be downloaded from a server computer or the cloud by a communication network.
"exemplary" means "serving as an example, instance, or illustration" herein, and any illustration, embodiment, or steps described as "exemplary" herein should not be construed as a preferred or advantageous alternative. For the sake of simplicity, the drawings are only schematic representations of the parts relevant to the invention, and do not represent the actual structure of the product. In addition, in order to make the drawings concise and understandable, components having the same structure or function in some of the drawings are only schematically illustrated or only labeled. In this document, "a" does not mean that the number of the relevant portions of the present invention is limited to "only one", and "a" does not mean that the number of the relevant portions of the present invention "more than one" is excluded. In this document, "upper", "lower", "front", "rear", "left", "right", "inner", "outer", and the like are used only to indicate relative positional relationships between relevant portions, and do not limit absolute positions of the relevant portions.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A trusted network environment protection method, the method comprising:
acquiring network characteristics of an accessible network after a power switch pressing event is detected and before an operating system is started based on a boot code of a BIOS;
analyzing the network characteristics to determine whether the current network environment is trusted;
when it is determined that the network environment is not trusted, a predetermined protection operation is performed.
2. The method according to claim 1, wherein after detecting a power switch down event and before starting up the operating system, the method comprises:
after the self-test POST is finished after the power-on is detected and before the operating system is started; or
After detecting the completion of updating the extended system configuration data ESCD and before starting the operating system.
3. The trusted network environment protection method according to claim 1, wherein said obtaining network characteristics of the accessible network comprises: and acquiring a reply packet for enabling the network card to send the Ping packet to the preset IP address.
4. The trusted network environment protection method according to claim 1, wherein said performing a predetermined protection operation includes at least one of the following
Powering off the chip; network access is prohibited; encrypting hard disk data; data crushing of the hard disk; uploading a computer feature code; screen pop-up warnings.
5. A trusted network environment protection apparatus, comprising:
the network characteristic acquisition module is used for acquiring network-accessible network characteristics after a power switch pressing event is detected and before an operating system is started based on the starting code of the BIOS;
the analysis module is used for analyzing the network characteristics to judge whether the current network environment is credible;
and the protection module is used for executing a preset protection operation when the network environment is judged to be not credible.
6. The trusted network environment protection apparatus of claim 5,
the network characteristic acquisition module is used for acquiring network-accessible network characteristics after the self-test is finished after power-on detection and before an operating system is started; or acquiring the network characteristics of the accessible network after detecting that the updating of the extended system configuration data ESCD is finished and before starting the operating system.
7. The trusted network environment protection apparatus of claim 5,
a protection module to perform at least one of:
powering off the chip; network access is prohibited; encrypting hard disk data; data crushing of the hard disk; uploading a computer feature code; screen pop-up warnings.
8. A trusted network environment protection apparatus, comprising a processor and a memory;
the memory has stored therein an application executable by the processor for causing the processor to perform the trusted network environment protection method of any one of claims 1 to 4.
9. A trusted network environment protection system, comprising:
the trusted network environment protection device is arranged in the mainboard chipset and used for acquiring network characteristics of an accessible network after a power switch pressing event is detected and before an operating system is started based on a starting code of the BIOS; analyzing the network characteristics to determine whether the current network environment is trusted; when it is determined that the network environment is not trusted, a predetermined protection operation is performed.
10. A computer-readable storage medium having stored therein computer-readable instructions for performing the trusted network environment protection method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010737758.9A CN112231704B (en) | 2020-07-28 | 2020-07-28 | Trusted network environment protection method, device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010737758.9A CN112231704B (en) | 2020-07-28 | 2020-07-28 | Trusted network environment protection method, device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112231704A true CN112231704A (en) | 2021-01-15 |
| CN112231704B CN112231704B (en) | 2024-04-30 |
Family
ID=74115482
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010737758.9A Active CN112231704B (en) | 2020-07-28 | 2020-07-28 | Trusted network environment protection method, device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112231704B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114758555A (en) * | 2022-05-07 | 2022-07-15 | 杭州以诺行汽车科技股份有限公司 | Automobile spraying system and method based on multiple sensors |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100169629A1 (en) * | 2008-12-31 | 2010-07-01 | Lenovo (Beijing) Limited | Method for configuring computer by bios, server, computer, system startup method and computer system |
| CN101770382A (en) * | 2009-01-04 | 2010-07-07 | 北京联想软件有限公司 | System starting method and computer system |
| CN102880477A (en) * | 2011-07-14 | 2013-01-16 | 联想(北京)有限公司 | Method for realizing computer start and computer |
| CN103347027A (en) * | 2013-07-16 | 2013-10-09 | 湘潭大学 | Trusted network connecting method and system |
| CN107665308A (en) * | 2016-07-28 | 2018-02-06 | 华大半导体有限公司 | For building and keeping the TPCM systems and correlation method of credible running environment |
| CN111159700A (en) * | 2019-12-03 | 2020-05-15 | 北京工业大学 | Computer remote safe starting method and system based on UEFI system |
-
2020
- 2020-07-28 CN CN202010737758.9A patent/CN112231704B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100169629A1 (en) * | 2008-12-31 | 2010-07-01 | Lenovo (Beijing) Limited | Method for configuring computer by bios, server, computer, system startup method and computer system |
| CN101770382A (en) * | 2009-01-04 | 2010-07-07 | 北京联想软件有限公司 | System starting method and computer system |
| CN102880477A (en) * | 2011-07-14 | 2013-01-16 | 联想(北京)有限公司 | Method for realizing computer start and computer |
| CN103347027A (en) * | 2013-07-16 | 2013-10-09 | 湘潭大学 | Trusted network connecting method and system |
| CN107665308A (en) * | 2016-07-28 | 2018-02-06 | 华大半导体有限公司 | For building and keeping the TPCM systems and correlation method of credible running environment |
| CN111159700A (en) * | 2019-12-03 | 2020-05-15 | 北京工业大学 | Computer remote safe starting method and system based on UEFI system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114758555A (en) * | 2022-05-07 | 2022-07-15 | 杭州以诺行汽车科技股份有限公司 | Automobile spraying system and method based on multiple sensors |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112231704B (en) | 2024-04-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9501289B2 (en) | Method of a UEFI firmware and computer system thereof | |
| US10496424B2 (en) | Reconfiguring virtual machines | |
| US9292302B2 (en) | Allowing bypassing of boot validation in a computer system having secure boot enabled by default only under certain circumstances | |
| US20120191960A1 (en) | Booting computing devices | |
| US10210842B2 (en) | Techniques of displaying host data on a monitor connected to a service processor during pre-boot initialization stage | |
| US20110179260A1 (en) | Method for integrating operating system into bios chip and method for booting operating system from server | |
| CN104185836A (en) | Method and system for verifying proper operation of computing device after system change | |
| KR20130099701A (en) | Apparatus and method for handling the rebooting of mobile terminal | |
| US20210240545A1 (en) | Information Handling System And Method To Automatically Synchronize Operating System And Boot Firmware Languages | |
| EP2189906A1 (en) | Method and apparatus for abnormality recovering of data card, and data card | |
| US10025587B2 (en) | Method of bootup and installation, and computer system thereof | |
| CN111736906A (en) | BIOS-based boot entry synchronous storage method, system, terminal and storage medium | |
| US11030047B2 (en) | Information handling system and method to restore system firmware to a selected restore point | |
| CN109426527B (en) | Computer system and method for sharing Bluetooth data between UEFI firmware and operating system | |
| US9965292B2 (en) | Method of bluetooth pairing with UEFI firmware and computer system thereof | |
| CN111352702A (en) | Method, device, equipment and storage medium for determining credible state of virtual data center | |
| CN111078305A (en) | Information acquisition method and device, server and information management system | |
| US20140365758A1 (en) | Techniques for booting an information processing system | |
| CN112231704B (en) | Trusted network environment protection method, device and computer readable storage medium | |
| CN110096882B (en) | Safety measurement method in equipment operation process | |
| CN113849230A (en) | Server starting method and device, electronic equipment and readable storage medium | |
| CN110119625A (en) | A kind of trusted computing method | |
| CN114327733A (en) | Dynamic updating method, device, equipment and medium for starting interactive interface | |
| CN114153503A (en) | BIOS control method, device and medium | |
| CN115913913B (en) | Network card pre-starting execution environment function fault positioning method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |