CN112231704B - Trusted network environment protection method, device and computer readable storage medium - Google Patents
Trusted network environment protection method, device and computer readable storage medium Download PDFInfo
- Publication number
- CN112231704B CN112231704B CN202010737758.9A CN202010737758A CN112231704B CN 112231704 B CN112231704 B CN 112231704B CN 202010737758 A CN202010737758 A CN 202010737758A CN 112231704 B CN112231704 B CN 112231704B
- Authority
- CN
- China
- Prior art keywords
- network
- trusted
- network environment
- bios
- acquiring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 32
- 238000004458 analytical method Methods 0.000 claims description 2
- 238000001514 detection method Methods 0.000 abstract description 8
- 238000012360 testing method Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000005192 partition Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001012 protector Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/572—Secure firmware programming, e.g. of basic input output system [BIOS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/575—Secure boot
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention provides a trusted network environment protection method, a trusted network environment protection device and a computer readable storage medium. The method comprises the following steps: acquiring network characteristics of an accessible network after detecting a power switch pressing event and before starting an operating system based on a start code of a BIOS; analyzing the network characteristics to determine whether the current network environment is trusted; when it is determined that the network environment is not trusted, a predetermined protection operation is performed. The embodiment of the invention can provide a safe and reliable network detection means for the computer, prevent the safety problem caused by intentional or artificial overlooking connection with an unreliable network, and is particularly suitable for the credit and debit industry.
Description
Technical Field
The present invention belongs to the field of information technology, and in particular, relates to a trusted network environment protection method, device and computer readable storage medium.
Background
The so-called credit industry, i.e. the information technology application innovation industry. The ecological state of the IT industry established based on the own IT infrastructure and standard is the main connotation of the credit and debit industry.
The credit industry contains security and controllable policies from the underlying software and hardware of the IT bottom layer to the full industry chain of application software of the upper layer. Taking the "cloud" and "end" angles as examples: (1) a terminal full stack architecture based on a domestic platform: the system comprises a domestic CPU, complete equipment, a Basic Input Output System (BIOS), an operating system, a driving layer, an application layer (office software and application software) and the like. The terminal equipment comprises a personal desktop computer, a notebook computer, a thin client accessed to a cloud platform and the like which are deployed independently. (2) cloud computing full stack architecture based on domestic platform: with the development of cloud computing, various industries such as government, finance, telecom and the like gradually migrate from a chimney type construction mode of a traditional information system to private cloud and public cloud environments. The core of cloud computing is to utilize technology represented by virtualization to perform configuration management and elastic expansion of resources such as computing, storage, network and the like. The cloud computing overall architecture comprises: an infrastructure layer based on a domestic CPU (Central processing Unit), such as a complete machine, a network, a storage and the like; the IaaS layer comprises an operating system and a cloud management platform; the PaaS layer is mainly used for carrying out micro-service custom packaging on application software by using a container environment, continuously deploying and integrating cloud native applications by using a DevOps concept, and carrying out unified cluster management on the container by using a container arrangement tool; the SaaS layer includes business software for various industries such as government, finance, telecommunications, etc. In addition, the method also comprises safety management, operation and maintenance management and corresponding standard establishment compliance of the whole platform.
With the development of the credit industry, a large number of computers are put forth higher and higher security requirements. In order to shield the possible hidden virus and Trojan horse invasion on the internet, a safe and reliable network detection means is provided for the computer in the information creation industry so as to prevent the safety problem caused by intentional or artificial missed connection with the internet.
Disclosure of Invention
The embodiment of the invention provides a trusted network environment protection method, a trusted network environment protection device and a computer readable storage medium.
The technical scheme of the embodiment of the invention is as follows:
a method of trusted network environment protection, the method comprising:
Acquiring network characteristics of an accessible network after detecting a power switch pressing event and before starting an operating system based on a start code of a BIOS;
analyzing the network characteristics to determine whether the current network environment is trusted;
when it is determined that the network environment is not trusted, a predetermined protection operation is performed.
In one embodiment, the method includes, after detecting the power switch press event and before starting the operating system:
after the self-checking is finished after the power-up is detected and before an operating system is started; or (b)
After detecting that updating the extended system configuration data ESCD is complete and before starting the operating system.
In one embodiment, the acquiring network characteristics of the accessible network includes: and acquiring a reply packet which enables the network card to send the Ping packet to the preset IP address.
In one embodiment, the performing the predetermined protection operation includes at least one of the following
The chip is powered off; prohibiting network access; encrypting hard disk data; crushing hard disk data; uploading a computer feature code; the screen pops a window warning.
A trusted network environment protection device, comprising:
the network feature acquisition module is used for acquiring network features of the accessible network after the power switch pressing event is detected and before the operating system is started based on the starting code of the BIOS;
The analysis module is used for analyzing the network characteristics to judge whether the current network environment is credible or not;
And the protection module is used for executing preset protection operation when the network environment is not trusted.
In one embodiment, the network feature acquisition module is configured to acquire a network feature of the accessible network after the detection of the completion of the self-test after power-up and before the start of the operating system; or, after detecting that updating the extended system configuration data ESCD is completed and before starting the operating system, obtaining the network characteristics of the accessible network.
In one embodiment, the protection module is configured to perform at least one of:
The chip is powered off; prohibiting network access; encrypting hard disk data; crushing hard disk data; uploading a computer feature code; the screen pops a window warning.
A trusted network environment protection device, comprising a processor and a memory;
the memory has stored therein an application executable by the processor for causing the processor to perform the trusted network environment protection method as set forth in any one of the above.
A trusted network environment protection system, comprising:
The trusted network environment protection device is arranged in the mainboard chipset and is used for acquiring network characteristics of an accessible network after detecting a power switch pressing event and before starting an operating system based on a starting code of the BIOS; analyzing the network characteristics to determine whether the current network environment is trusted; when it is determined that the network environment is not trusted, a predetermined protection operation is performed.
A computer readable storage medium having stored therein computer readable instructions for performing the trusted network environment protection method as claimed in any one of the above.
As can be seen from the above technical solution, in the embodiment of the present invention, after detecting the power switch pressing event and before starting the operating system based on the boot code of the BIOS, the network feature of the accessible network is obtained; analyzing the network characteristics to determine whether the current network environment is trusted; when it is determined that the network environment is not trusted, a predetermined protection operation is performed. Therefore, the embodiment of the invention can provide a safe and reliable network detection means for the computer at the early stage of starting the computer, prevent the safety problem caused by intentional or artificial overlooking connection with an unreliable network, and is particularly suitable for the credit and debit industry.
Moreover, implementing trusted network environment protectors as hardware chips (e.g., deployed in a motherboard chipset) or solidified within a BIOS or operating system may be initiated at power-on, timed-on, or on-demand, with various implementations.
Drawings
Fig. 1 is a flowchart of a trusted network environment protection method according to an embodiment of the present invention.
Fig. 2 is an exemplary flow chart of a trusted network environment protection method according to an embodiment of the present invention.
Fig. 3 is a block diagram of a trusted network environment protection apparatus according to an embodiment of the present invention.
Fig. 4 is a block diagram of a trusted network environment protection apparatus having a memory-processor architecture according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings, in order to make the objects, technical solutions and advantages of the present invention more apparent.
For simplicity and clarity of description, the following description sets forth aspects of the invention by describing several exemplary embodiments. Numerous details in the embodiments are provided solely to aid in the understanding of the invention. It will be apparent, however, that the embodiments of the invention may be practiced without limitation to these specific details. Some embodiments are not described in detail in order to avoid unnecessarily obscuring aspects of the present invention, but rather only to present a framework. Hereinafter, "comprising" means "including but not limited to", "according to … …" means "according to at least … …, but not limited to only … …". The term "a" or "an" is used herein to refer to a number of components, either one or more, or at least one, unless otherwise specified.
Fig. 1 is a flowchart of a trusted network environment protection method according to an embodiment of the present invention.
As shown in fig. 1, the method includes:
step 101: network characteristics of the accessible network are obtained after detecting a power switch press event and before starting the operating system based on the boot code of the BIOS.
First, a start-up procedure of the computer will be exemplarily described. The method specifically comprises the following steps:
The first step: when the user presses the power switch, the power supply supplies power to the main board and other devices, the voltage is not stable, and the control chip set on the main board sends and maintains a RESET (RESET) signal to the CPU, so that the interior of the CPU automatically recovers to an initial state, but the CPU does not immediately execute instructions at the moment. When the control chipset detects that the power supply has started to supply power steadily, the RESET signal is removed (wherein if the RESET button on the computer panel is manually pressed to restart the machine, the RESET signal is removed by the chipset when the RESET button is released), and the CPU starts executing instructions from address FFFF 0H. The address is within the address range of the system BIOS, specifically a jump instruction, and jumps to the actual boot code in the system BIOS.
And a second step of: the startup code of the system BIOS firstly executes Power-On Self Test (POST), and the main task of the POST is to detect whether key devices (such as a memory, a display card and the like) in the system exist and can work normally. Since POST is the earliest detection process, the graphics card is not initialized at this time, if the system BIOS finds some fatal errors in the POST process, for example, no memory is found or there is a problem in the memory, the system BIOS directly controls the speaker to sound to report the error, and the sound length and number represent the type of error. After the POST is finished, other code is called to perform more complete hardware detection.
And a third step of: the system BIOS will then look up the BIOS of the graphics card. The starting address of the ROM chip storing the display card BIOS is usually set at C0000H, and after the system BIOS finds the display card BIOS at this address, it invokes its initialization code, and the display card BIOS initializes the display card. At this time, most display cards will display some initialization information on the screen, introducing the contents of manufacturers, graphics chip types, etc., the system BIOS will then search for the BIOS programs of other devices, and then call the initialization codes inside these BIOS to initialize the related devices.
Fourth step: after the BIOS of all other devices is found, the system BIOS will display its own startup screen, which includes the type, serial number, version number, and other contents of the system BIOS.
Fifth step: the system BIOS will then detect and display the CPU type and operating frequency, then start testing all RAMs, and display the progress of the memory test on the screen at the same time, at this time, the user can decide to use the simple less time-consuming or detailed more time-consuming test mode in CMOS setting by himself.
Sixth step: after the memory test is passed, the system BIOS starts to detect some standard hardware devices installed in the system, including hard disk, CD-ROM, serial port, parallel port, floppy drive, etc., and most newer versions of system BIOS also automatically detect and set the timing parameters, hard disk parameters, access modes, etc. of the memory in the process.
Seventh step: after the standard device is detected, a code supporting plug and play in the system BIOS starts to detect and configure the plug and play device (such as a plug and play network card) installed in the system, and after each device is found, the system BIOS displays information such as the name and model of the device on a screen, and simultaneously allocates resources such as interrupt, DMA channels and I/O ports for the device.
Eighth step: all hardware has been tested and configured so far, the system BIOS will re-screen and display a table above the screen listing schematically the various standard hardware devices installed in the system, as well as the resources they use and some related operating parameters.
Ninth step: next the system BIOS will update the ESCD (Extended System Configuration Data, extend the system configuration data). ESCD is a means by which the system BIOS exchanges hardware configuration information with the operating system, and this data is stored in CMOS (a small special RAM, powered by a battery on the motherboard). Usually, the ESCD data is updated only after the configuration of the hardware of the system is changed, so that the information of "updateescscd..success" can not be seen every time the machine is started, however, the system BIOS of some mainboards uses a data format different from that of Windows9x when saving the ESCD data, so that Windows9x modifies the ESCD data into its own format during its own startup, but when the machine is started next time, even if the hardware configuration is not changed, the system BIOS changes the data format of the ESCD back, and this cycle will result in that the system BIOS is updated once every time the machine is started, which is why some machines display relevant information every time the machine is started.
Tenth step: after the ESCD is updated, the boot code of the system BIOS will perform its last task, i.e., boot from a floppy disk, hard disk, or optical drive according to the boot sequence specified by the user. Taking the example of a slave C disk boot, the system BIOS will read and execute the master boot record on the hard disk, which then finds the first active partition from the partition table, then reads and executes the partition boot record for this active partition, which will be responsible for reading and executing the io.sys file. If the system has installed therein tool software that boots multiple operating systems, typically the master boot record will be replaced with the boot code of the software, which will allow the user to select one of the operating systems and then read and execute the basic boot code of that operating system (DOS and Windows basic boot codes are partition boot records). The above description describes various initialization operations that the computer performs when turning on the power switch (or pressing the Reset key) for a cold start.
Preferably, in step 101, after detecting that the POST self-test POST is completed after power-up and before starting the operating system, network characteristics of the accessible network are obtained; or, after detecting that updating the extended system configuration data ESCD is completed and before starting the operating system, obtaining the network characteristics of the accessible network.
More preferably, in step 101, network characteristics of the accessible network are obtained between the sixth and ninth steps of the above start-up procedure. For example, applicants found that: and after the standard hardware equipment is detected in the sixth step and before the ESCD is updated in the ninth step, the network characteristics of the accessible network are obtained, so that the security detection can be realized as soon as possible in the early stage of starting the computer, and the computer can be ensured to have enough starting resources for completing the network detection.
Moreover, acquiring network characteristics of the accessible network includes: and acquiring a reply packet which enables the network card to send the Ping packet to the preset IP address. For example, the predetermined IP address may be an address in an untrusted network environment.
Step 102: the network characteristics are parsed to determine if the current network environment is trusted.
And when the reply packet is determined to be successfully received, the current network environment is determined to be not trusted. When it is determined that the reply packet has not been successfully received, the current network environment is deemed to be authentic.
Step 103: when it is determined that the network environment is not trusted, a predetermined protection operation is performed.
Here, when it is determined that the network environment is not trusted, at least one of the following operations may be performed: the chip is powered off; prohibiting network access; encrypting hard disk data; crushing hard disk data; uploading a computer feature code; screen pop-up warnings, etc.
Fig. 2 is an exemplary flow chart of a trusted network environment protection method according to an embodiment of the present invention.
As shown in fig. 2, the method includes:
Step 21: a power switch press event of the computer is detected.
Step 22: network characteristics of the accessible network are obtained before the operating system is booted based on the boot code of the BIOS. For example, a Ping packet occurs to a particular IP address (e.g., 74.125.23.147) in an untrusted network in an attempt to obtain a reply packet.
Step 23: whether the network environment is trusted is determined based on the network characteristics. For example, when receiving a reply packet of the Ping packet, the network environment is determined to be not trusted; when no reply packet of the Ping packet is received, the network environment is considered to be trusted. Wherein, when the network environment is not trusted, executing step 24 and the following steps; when the network environment is determined to be authentic, step 31 and subsequent steps are performed.
Step 24: and executing the network disconnection operation.
Step 25: and sending out an alarm prompt and ending the flow.
Step 31: a heartbeat connection with a trusted network is operated and maintained.
Step 32: judging whether the network is changed, if so, executing the step 23 and the following steps, otherwise, executing the step 31 and the following steps.
Based on the above description, the embodiment of the invention also provides a trusted network environment protection device.
Fig. 3 is a block diagram of a trusted network environment protection apparatus according to an embodiment of the present invention.
As shown in fig. 3, the trusted network environment protection apparatus 300 includes:
A network feature acquisition module 301, configured to acquire a network feature of an accessible network after detecting a power switch press event and before starting an operating system based on a boot code of a BIOS;
A parsing module 302, configured to parse the network characteristics to determine whether the current network environment is trusted;
a protection module 303, configured to perform a predetermined protection operation when it is determined that the network environment is not trusted.
In one embodiment, the network feature obtaining module 301 is configured to obtain a network feature of the accessible network after the self-checking after the power-up is detected and before the operating system is started; or, after detecting that updating the extended system configuration data ESCD is completed and before starting the operating system, obtaining the network characteristics of the accessible network.
In one embodiment, the protection module 303 is configured to perform at least one of the following:
The chip is powered off; prohibiting network access; encrypting hard disk data; crushing hard disk data; uploading a computer feature code; the screen pops a window warning.
The trusted network environment protection device 300 may be implemented as a hardware chip (e.g., deployed in a motherboard chipset) or solidified within a BIOS or operating system, thereby ensuring preferential execution. Moreover, the trusted network environment protection device 300 may be powered on, timed on, or on as needed. When an application or document requiring a trusted environment is launched, including opening, as required. The network characteristics may be preset web addresses or web page information, PING return package, etc. The protection module 303 may also display a configuration interface, and may configure and set specific protection operations performed when the network environment is not trusted according to the status and actual needs fed back by the user. Preferably, the network feature may further comprise establishing a "heartbeat" connection with the trusted network environment to ensure that the computer is in the trusted network environment at all times.
Fig. 4 is a block diagram of a trusted network environment protection apparatus having a memory-processor architecture according to an embodiment of the present invention.
As shown in fig. 4, a trusted network environment protection apparatus 400 having a memory-processor architecture includes: a processor 401 and a memory 402; in which a memory 402 has stored therein an application executable by the processor 401 for causing the processor 401 to perform the trusted network environment protection method as claimed in any one of the above.
The memory 402 may be implemented as a variety of storage media such as an electrically erasable programmable read-only memory (EEPROM), a Flash memory (Flash memory), a programmable read-only memory (PROM), and the like. Processor 401 may be implemented to include one or more central processors or one or more field programmable gate arrays, where the field programmable gate arrays integrate one or more central processor cores. In particular, the central processor or central processor core may be implemented as a CPU or MCU.
It should be noted that not all the steps and modules in the above processes and the structure diagrams are necessary, and some steps or modules may be omitted according to actual needs. The execution sequence of the steps is not fixed and can be adjusted as required. The division of the modules is merely for convenience of description and the division of functions adopted in the embodiments, and in actual implementation, one module may be implemented by a plurality of modules, and functions of a plurality of modules may be implemented by the same module, and the modules may be located in the same device or different devices.
The hardware modules in the various embodiments may be implemented mechanically or electronically. For example, a hardware module may include specially designed permanent circuits or logic devices (e.g., special purpose processors such as FPGAs or ASICs) for performing certain operations. A hardware module may also include programmable logic devices or circuits (e.g., including a general purpose processor or other programmable processor) temporarily configured by software for performing particular operations. As regards implementation of the hardware modules in a mechanical manner, either by dedicated permanent circuits or by circuits that are temporarily configured (e.g. by software), this may be determined by cost and time considerations.
The application also provides a machine-readable storage medium storing instructions for causing a machine to perform the method of the application. Specifically, a system or apparatus provided with a storage medium on which a software program code realizing the functions of any of the above embodiments is stored, and a computer (or CPU or MPU) of the system or apparatus may be caused to read out and execute the program code stored in the storage medium. Further, some or all of the actual operations may be performed by an operating system or the like operating on a computer based on instructions of the program code. The program code read out from the storage medium may also be written into a memory provided in an expansion board inserted into a computer or into a memory provided in an expansion unit connected to the computer, and then, based on instructions of the program code, a CPU or the like mounted on the expansion board or the expansion unit may be caused to perform part or all of actual operations, thereby realizing the functions of any of the above embodiments.
Storage medium implementations for providing program code include floppy disks, hard disks, magneto-optical disks, optical disks (e.g., CD-ROMs, CD-R, CD-RWs, DVD-ROMs, DVD-RAMs, DVD-RWs, DVD+RWs), magnetic tapes, non-volatile memory cards, and ROMs. Alternatively, the program code may be downloaded from a server computer or cloud by a communications network.
In this document, "schematic" means "serving as an example, instance, or illustration," and any illustrations, embodiments described herein as "schematic" should not be construed as a more preferred or advantageous solution. For simplicity of the drawing, the parts relevant to the present invention are shown only schematically in the drawings, and do not represent the actual structure thereof as a product. Additionally, in order to simplify the drawing for ease of understanding, components having the same structure or function in some of the drawings are shown schematically with only one of them, or only one of them is labeled. In this document, "a" does not mean to limit the number of relevant portions of the present invention to "only one thereof", and "an" does not mean to exclude the case where the number of relevant portions of the present invention is "more than one". In this document, "upper", "lower", "front", "rear", "left", "right", "inner", "outer", and the like are used merely to indicate relative positional relationships between the relevant portions, and do not limit the absolute positions of the relevant portions.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (7)
1. A method of trusted network environment protection, the method comprising:
Acquiring network characteristics of an accessible network after detecting a power switch pressing event and before starting an operating system based on a start code of a BIOS; wherein the network feature is acquired after the BIOS-based boot code detects the standard hardware device and before the update of the extended system configuration data ESCD is detected;
analyzing the network characteristics to determine whether the current network environment is trusted;
When the network environment is not trusted, executing a preset protection operation;
The acquiring network characteristics of the accessible network includes: acquiring a reply packet enabling the network card to send a Ping packet to a preset IP address;
The parsing the network characteristics to determine whether the current network environment is trusted includes: when receiving a reply packet of the Ping packet, determining that the network environment is not trusted; when no reply packet of the Ping packet is received, the network environment is considered to be trusted.
2. The trusted network environment protection method of claim 1, wherein said performing a predetermined protection operation comprises at least one of:
The chip is powered off; prohibiting network access; encrypting hard disk data; crushing hard disk data; uploading a computer feature code; the screen pops a window warning.
3. A trusted network environment protection apparatus, comprising:
The network feature acquisition module is used for acquiring network features of the accessible network after the power switch pressing event is detected and before the operating system is started based on the starting code of the BIOS; wherein the network feature is acquired after the BIOS-based boot code detects the standard hardware device and before the update of the extended system configuration data ESCD is detected;
The analysis module is used for analyzing the network characteristics to judge whether the current network environment is credible or not;
the protection module is used for executing preset protection operation when the network environment is not trusted;
The acquiring network characteristics of the accessible network includes: acquiring a reply packet enabling the network card to send a Ping packet to a preset IP address;
The parsing the network characteristics to determine whether the current network environment is trusted includes: when receiving a reply packet of the Ping packet, determining that the network environment is not trusted; when no reply packet of the Ping packet is received, the network environment is considered to be trusted.
4. The trusted network environment protection apparatus of claim 3,
A protection module for performing at least one of:
The chip is powered off; prohibiting network access; encrypting hard disk data; crushing hard disk data; uploading a computer feature code; the screen pops a window warning.
5. A trusted network environment protection device, comprising a processor and a memory;
The memory has stored therein an application executable by the processor for causing the processor to perform the trusted network environment protection method of any one of claims 1 to 2.
6. A trusted network environment protection system, comprising:
The trusted network environment protection device is arranged in the mainboard chipset and is used for acquiring network characteristics of an accessible network after detecting a power switch pressing event and before starting an operating system based on a starting code of the BIOS; analyzing the network characteristics to determine whether the current network environment is trusted; when the network environment is not trusted, executing a preset protection operation; wherein the network feature is acquired after the BIOS-based boot code detects the standard hardware device and before the update of the extended system configuration data ESCD is detected; the acquiring network characteristics of the accessible network includes: acquiring a reply packet enabling the network card to send a Ping packet to a preset IP address; the parsing the network characteristics to determine whether the current network environment is trusted includes: when receiving a reply packet of the Ping packet, determining that the network environment is not trusted; when no reply packet of the Ping packet is received, the network environment is considered to be trusted.
7. A computer readable storage medium having stored therein computer readable instructions for performing the trusted network environment protection method of any one of claims 1 to 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010737758.9A CN112231704B (en) | 2020-07-28 | 2020-07-28 | Trusted network environment protection method, device and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010737758.9A CN112231704B (en) | 2020-07-28 | 2020-07-28 | Trusted network environment protection method, device and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112231704A CN112231704A (en) | 2021-01-15 |
| CN112231704B true CN112231704B (en) | 2024-04-30 |
Family
ID=74115482
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010737758.9A Active CN112231704B (en) | 2020-07-28 | 2020-07-28 | Trusted network environment protection method, device and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112231704B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114758555A (en) * | 2022-05-07 | 2022-07-15 | 杭州以诺行汽车科技股份有限公司 | Automobile spraying system and method based on multiple sensors |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101770382A (en) * | 2009-01-04 | 2010-07-07 | 北京联想软件有限公司 | System starting method and computer system |
| CN102880477A (en) * | 2011-07-14 | 2013-01-16 | 联想(北京)有限公司 | Method for realizing computer start and computer |
| CN103347027A (en) * | 2013-07-16 | 2013-10-09 | 湘潭大学 | Trusted network connecting method and system |
| CN107665308A (en) * | 2016-07-28 | 2018-02-06 | 华大半导体有限公司 | For building and keeping the TPCM systems and correlation method of credible running environment |
| CN111159700A (en) * | 2019-12-03 | 2020-05-15 | 北京工业大学 | Computer remote safe starting method and system based on UEFI system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100169629A1 (en) * | 2008-12-31 | 2010-07-01 | Lenovo (Beijing) Limited | Method for configuring computer by bios, server, computer, system startup method and computer system |
-
2020
- 2020-07-28 CN CN202010737758.9A patent/CN112231704B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101770382A (en) * | 2009-01-04 | 2010-07-07 | 北京联想软件有限公司 | System starting method and computer system |
| CN102880477A (en) * | 2011-07-14 | 2013-01-16 | 联想(北京)有限公司 | Method for realizing computer start and computer |
| CN103347027A (en) * | 2013-07-16 | 2013-10-09 | 湘潭大学 | Trusted network connecting method and system |
| CN107665308A (en) * | 2016-07-28 | 2018-02-06 | 华大半导体有限公司 | For building and keeping the TPCM systems and correlation method of credible running environment |
| CN111159700A (en) * | 2019-12-03 | 2020-05-15 | 北京工业大学 | Computer remote safe starting method and system based on UEFI system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112231704A (en) | 2021-01-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9501289B2 (en) | Method of a UEFI firmware and computer system thereof | |
| US7421620B2 (en) | Configuration proxy service for the extended firmware interface environment | |
| KR101332815B1 (en) | Apparatus and method for handling the rebooting of mobile terminal | |
| US20120191960A1 (en) | Booting computing devices | |
| CN110162435B (en) | Method, system, terminal and storage medium for starting and testing PXE of server | |
| CN109426613B (en) | Method for retrieving debugging data in UEFI and computer system thereof | |
| EP2189906A1 (en) | Method and apparatus for abnormality recovering of data card, and data card | |
| CN102135893A (en) | Method for integrating operating system on BIOS (Basic Input Output System) chip and starting operating system on server | |
| US20180226051A1 (en) | Techniques of displaying host data on a monitor connected to a service processor during pre-boot initialization stage | |
| CN109426527B (en) | Computer system and method for sharing Bluetooth data between UEFI firmware and operating system | |
| US20170337064A1 (en) | System and method for booting an information handling system | |
| US9965292B2 (en) | Method of bluetooth pairing with UEFI firmware and computer system thereof | |
| CN112506745A (en) | Memory temperature reading method and device and computer readable storage medium | |
| CN112231704B (en) | Trusted network environment protection method, device and computer readable storage medium | |
| CN110096882B (en) | Safety measurement method in equipment operation process | |
| CN116627472A (en) | Firmware program upgrading method and server of high-speed peripheral component equipment | |
| CN115913913A (en) | Network card pre-starting execution environment function fault positioning method and device | |
| CN116112412A (en) | Virtual network card binding redundancy function test method, system, device and medium | |
| CN113821265B (en) | Operating system control method and device, computer mainboard and readable storage medium | |
| CN110119625A (en) | A kind of trusted computing method | |
| CN114153503A (en) | BIOS control method, device and medium | |
| KR20070089399A (en) | Method for booting control of digital store apparatus | |
| CN110673974A (en) | System debugging method and device | |
| CN114115977B (en) | BMC mirror image construction method, system, terminal and storage medium | |
| CN110119624A (en) | A kind of security measure method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |