CN115630377A - External device access method and device, computer device and external device - Google Patents

External device access method and device, computer device and external device Download PDF

Info

Publication number
CN115630377A
CN115630377A CN202211244099.0A CN202211244099A CN115630377A CN 115630377 A CN115630377 A CN 115630377A CN 202211244099 A CN202211244099 A CN 202211244099A CN 115630377 A CN115630377 A CN 115630377A
Authority
CN
China
Prior art keywords
information
firmware
external equipment
external
abstract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211244099.0A
Other languages
Chinese (zh)
Other versions
CN115630377B (en
Inventor
王剑
周修龙
姚炜林
朱毅
李辉
王亚宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Jinqili Information Technology Co ltd
Original Assignee
Guangzhou Jinqili Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Jinqili Information Technology Co ltd filed Critical Guangzhou Jinqili Information Technology Co ltd
Priority to CN202211244099.0A priority Critical patent/CN115630377B/en
Publication of CN115630377A publication Critical patent/CN115630377A/en
Application granted granted Critical
Publication of CN115630377B publication Critical patent/CN115630377B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to an access method and device of external equipment, computer equipment and the external equipment; the access method comprises the following steps: an access method of an external device is applied to an operating system and comprises the following steps: sending a first inquiry information command to external equipment, receiving returned encrypted access information, and decrypting to obtain equipment verification information and a first firmware abstract; reading firmware information of the firmware under the condition that the firmware of the external equipment is set to be readable, and generating a second firmware abstract by using a conversion algorithm; inquiring a third firmware abstract of the external equipment from a trusted external equipment list recorded with a legal firmware abstract according to the equipment verification information; comparing the first firmware abstract, the second firmware abstract and the third firmware abstract to judge a trusted external device; the technical scheme can ensure that the operating system is not damaged by the attack of illegal external equipment, virus propagation and the like, and improves the safety of the external equipment accessing the operating system.

Description

External device access method and device, computer device and external device
Technical Field
The present application relates to the field of computer technologies, and in particular, to an access method and an access device for an external device, a computer device, and an external device.
Background
In the field of computers, hardware devices are developed, and at present, hardware external devices in various forms are more and more numerous, functions that external devices (peripheral for short) can realize are more and more complicated, performances are more and more powerful, and information that needs to be communicated between the external devices and an operating system is more and more.
Currently, the primary way for an external device to communicate with an operating system is through firmware in the external device to communicate with drivers in the operating system. The operating system writes the driver corresponding to the external device in advance, and loads the driver in the operating system when starting. After the external device is inserted into the operating system, the operating system inquires the external device information through the driver, the external device information is provided by the external device firmware, and the operating system provides further service for the external device according to the information provided by the external device firmware. Because the current operating system adopts the same driver for the same type of external devices for convenience, when the external devices are accessed, illegal external devices can be disguised as other types of external devices (such as a keyboard and a mouse) to operate the operating system by modifying firmware, so that various viruses and the like can be spread, for example, worm viruses can be spread through the external devices, and the operating system can be controlled through a Bad USB device (a device with readable and writable USB firmware).
In the prior art, there are some security authentication schemes, when an external access device requests to access an operating system, identification information of the external access device or a built-in communication chip, such as basic information of a brand, a model, a manufacturer, etc., is acquired, the identification information is used to authenticate the external access device as a trusted device, and a distribution authority of the external access device is set; although the technical scheme can perform security identification on the external access device through the identification information, the identification information serving as the verification information has the possibility of disclosure, once the external device is illegally accessed and the identification information can be acquired, the external device can still be accessed to the operating system, and thus, a significant security threat is formed on the operating system.
Disclosure of Invention
In view of the foregoing, it is necessary to provide an external device accessing method, an external device accessing apparatus, a computer device, and an external device to improve security of accessing an operating system by the external device.
An access method of an external device is applied to an operating system and comprises the following steps:
sending a first inquiry information command to external equipment, receiving encrypted access information returned by the external equipment in response to the first inquiry information command, and decrypting the encrypted access information to obtain equipment verification information and a first firmware abstract of the external equipment; the encrypted access information is obtained by encrypting equipment verification information and firmware abstract information of the external equipment;
reading firmware information of the firmware under the condition that the firmware of the external equipment is set to be readable, and generating a second firmware abstract by using a conversion algorithm;
inquiring a third firmware abstract of the external equipment from a trusted external equipment list recorded with a legal firmware abstract according to the equipment verification information;
and comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, if the first firmware abstract, the second firmware abstract and the third firmware abstract are matched, judging that the external equipment is trusted external equipment, and otherwise, judging that the external equipment is untrustworthy external equipment.
In one embodiment, the device authentication information includes: device attribute information of the external device and service information of the external device requiring starting of the operating system;
the access method of the external device further comprises the following steps:
storing the service information needing to start the operating system;
loading a corresponding service program for the external equipment according to the service information, and carrying out communication interaction with the external equipment based on the service program;
when the external equipment is pulled out, acquiring the operation which is appointed to be continuously executed after the external equipment is pulled out from the operation information sent by the external equipment;
and continuing to execute the operation, and deleting the service information after the operation is executed.
In an embodiment, before the operating system accesses the external device, the method for accessing the external device further includes:
acquiring the device types of various external devices needing to be accessed;
setting security permission for the external equipment according to the equipment type and the corresponding security requirement;
and modifying the driving program of the external equipment according to the security authority, and setting the operation authority of the external equipment after the external equipment is accessed to an operating system.
In one embodiment, the decrypting the encrypted access information to obtain the device authentication information and the first firmware digest of the external device includes:
decrypting the encrypted access information by using an agreed private key to obtain decrypted information;
analyzing the equipment verification information and the firmware abstract information of the external equipment from the decryption information;
generating a first firmware abstract according to the firmware abstract information;
the encrypted access information is obtained by encrypting the equipment verification information and the firmware abstract information of the external equipment by using a conventional public key of an asymmetric encryption algorithm and is stored on the external equipment.
In one embodiment, the method for accessing an external device further includes:
reading a pre-stored first access time list of the external equipment; the first access time list is used for recording access time points of all legal external devices on an operating system;
sending a second inquiry information command for inquiring the access time list to the external equipment, and receiving a second access time list sent by the external equipment in response to the second inquiry information command; the second access time list is used for recording access time points of the external equipment accessing the operating system;
comparing the first access time list with the second access time list, if the comparison is successful, judging the external equipment as trustable external equipment, and writing the access time point into the first access time list;
and sending the access time point to the external equipment, and writing the access time point into a second access time list by the external equipment.
In one embodiment, the decrypting the encrypted access information by using the agreed private key to obtain decrypted information includes:
inquiring a key pair used by the external equipment in the access from a key pair record table; wherein the operating system appoints a key pair used for the next access each time the external device accesses;
decrypting the encrypted access information by using a private key in the key pair; the external equipment encrypts equipment verification information and firmware abstract information by using a public key of each key pair in advance;
if the encrypted access information is successfully decrypted to obtain decrypted information, a key pair used in the next access is appointed and written into a key pair record table; and if the encrypted access information cannot be decrypted, setting the external equipment as untrusted external equipment.
An access method of an external device is applied to the external device and comprises the following steps:
encrypting the equipment verification information and the firmware abstract information of the external equipment to obtain encrypted access information; the firmware abstract information is obtained by calculation by using a conversion algorithm and firmware information of external equipment;
setting the firmware of the external equipment to be in a readable state, and receiving a first inquiry information command sent by an operating system after the external equipment is connected to the operating system;
responding to the first inquiry information command, and sending the encrypted access information to the operating system for verification;
the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and inquires a third firmware abstract from a trusted external equipment list recorded with a legal firmware abstract according to the equipment verification information; and verifying the external equipment by utilizing whether the first firmware abstract, the second firmware abstract and the third firmware abstract are matched.
In one embodiment, the device authentication information includes: device attribute information of the external device and service information of the external device requiring starting of the operating system;
the access method of the external device further comprises the following steps:
sending service information needing to be started to an operating system;
after the operating system loads a service program corresponding to the service information, performing communication interaction with the service program;
sending operation information to the operating system, and specifying the operation which needs to be continuously executed after the operation system is pulled out; and when the external equipment is pulled out, the operating system continues to execute the operation, and deletes the service information after the operation is executed.
In one embodiment, the encrypting the device authentication information of the external device and the firmware digest information to obtain encrypted access information includes:
encrypting the equipment verification information and the firmware abstract information of the external equipment by using an agreed public key to obtain encrypted access information;
opening a storage unit on the external equipment and storing the encrypted access information on the storage unit;
and the operating system decrypts the encrypted access information by using an appointed private key to obtain the verification information and the first firmware abstract.
In one embodiment, the method for accessing an external device further includes:
receiving a second inquiry information command for inquiring the access time list sent by the operating system;
responding to the second inquiry information command, and sending a second access time list to the operating system; the second access time list is used for recording access time points of external equipment accessed to an operating system;
receiving a new access time point sent by the operating system, and writing the access time point into a second access time list;
the operating system reads and records a first access time list of access time points of all legal external equipment, judges that the external equipment is trusted external equipment when the first access time list is successfully matched with a second access time list, and writes the new access time point into the first access time list.
In one embodiment, the encrypting the device authentication information of the external device and the firmware digest information to obtain encrypted access information includes:
encrypting the equipment verification information and the firmware abstract information by using a public key of each key pair in advance to obtain encrypted access information, and storing the encrypted access information in a storage unit;
the sending the encrypted access information to the operating system for verification in response to the first query information command comprises:
when a first inquiry information command sent by the operating system is received, acquiring a key pair used for the access, which is agreed when the operating system is accessed last time; when the external equipment is accessed to the operating system every time, a key pair used for the next access is appointed;
selecting corresponding encrypted access information from the stored encrypted access information according to the key used at this time, and sending the corresponding encrypted access information to the operating system for verification;
the operating system inquires a key pair used in the current access from a key pair record table, decrypts the encrypted access information by using a private key of the key pair, and if the encrypted access information is successfully decrypted to obtain decrypted information, agrees to use the key pair when the access is performed next time and writes the key pair into the key pair record table; and if the encrypted access information cannot be decrypted, setting the external equipment as untrusted external equipment.
An access device of an external device, the device being applied to an operating system, comprising:
the first firmware abstract acquisition module is used for sending a first inquiry information command to the external equipment, receiving encrypted access information returned by the external equipment in response to the first inquiry information command, and decrypting the encrypted access information to obtain equipment verification information and a first firmware abstract of the external equipment; the encrypted access information is obtained by encrypting equipment verification information and firmware abstract information of the external equipment;
the second firmware abstract generating module is used for reading the firmware information of the firmware when the firmware of the external equipment is set to be in a readable state and generating a second firmware abstract by using a conversion algorithm;
the third firmware abstract query module is used for querying a third firmware abstract of the external equipment from a trusted external equipment list recorded with legal firmware abstract according to the equipment verification information;
and the firmware abstract information comparison module is used for comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, and if the first firmware abstract, the second firmware abstract and the third firmware abstract are matched, the external equipment is judged to be trusted external equipment, otherwise, the external equipment is judged to be untrustworthy external equipment.
An access method of an external device is applied to the external device and comprises the following steps:
encrypting the equipment verification information and the firmware abstract information of the external equipment to obtain encrypted access information; the firmware abstract information is obtained by calculation by using a conversion algorithm and firmware information of external equipment;
setting the firmware of the external equipment to be in a readable state, and receiving a first inquiry information command sent by an operating system after the external equipment is connected to the operating system;
responding to the first inquiry information command, and sending the encrypted access information to the operating system for verification;
the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and inquires a third firmware abstract from a trusted external equipment list recorded with a legal firmware abstract according to the equipment verification information; and verifying the external equipment by utilizing whether the first firmware abstract, the second firmware abstract and the third firmware abstract are matched.
An access device of an external device, the device being applied to the external device, comprising:
the encrypted access information generation module is used for encrypting the equipment verification information of the external equipment and the firmware abstract information to obtain encrypted access information; the firmware abstract information is obtained by utilizing a conversion algorithm and firmware information of external equipment through calculation;
the inquiry information command receiving module is used for setting the firmware of the external equipment to be in a readable state and receiving a first inquiry information command sent by an operating system after the external equipment is connected to the operating system;
the inquiry information command response module is used for responding to the first inquiry information command and sending the encrypted access information to the operating system for verification;
the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and inquires a third firmware abstract from a trusted external equipment list recorded with a legal firmware abstract according to the equipment verification information; and verifying the external equipment by utilizing whether the first firmware abstract, the second firmware abstract and the third firmware abstract are matched.
A computer device, the computer device having an operating system installed thereon, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the steps of the external device access method.
An external device configured to perform the steps of the external device's access method.
According to the technical scheme of each embodiment, the external equipment generates firmware summary information by using the firmware of the external equipment, and encrypts the firmware summary information by combining equipment verification information to obtain encrypted access information; when the external equipment is accessed to the operating system, the operating system inquires the encrypted access information and decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract; meanwhile, the operating system reads the firmware information of the firmware and calculates a second firmware abstract; then the operating system inquires a recorded third firmware abstract from the list of the trusted external equipment according to the equipment verification information; finally, comparing the first firmware abstract, the second firmware abstract and the third firmware abstract so as to verify the external equipment; according to the technical scheme, an external device access verification scheme based on the firmware abstract is designed to achieve safe and effective management of the operating system on the access of the external device, when the external device is accessed to the operating system, the operating system can be prevented from being damaged by illegal external device attack, virus propagation and the like, and the safety of the external device accessing to the operating system is improved.
Drawings
FIG. 1 is a schematic diagram of an exemplary hardware environment;
FIG. 2 is a flow diagram of an access method of an external device of an embodiment;
FIG. 3 is a flowchart of an exemplary decryption method;
FIG. 4 is a schematic diagram of an example encryption/decryption;
FIG. 5 is a flow diagram of an example of external device management;
FIG. 6 is an exemplary operational privilege setting flow diagram;
FIG. 7 is an example external device authentication flow diagram;
FIG. 8 is a block diagram of an access device of an external device according to an embodiment;
fig. 9 is a flowchart of an access method of an external device of another embodiment;
fig. 10 is a schematic structural diagram of an access device of an external device according to another embodiment;
FIG. 11 is a schematic diagram of an example external device interacting with an operating system;
FIG. 12 is a block diagram of an example computer device.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
In the embodiments of the present application, the words "first", "second", and the like are used for distinguishing the same or similar items having substantially the same action and function, and the meaning of "at least one" means one or more, and "a plurality" means two or more, for example, a plurality of objects means two or more objects. The word "comprising" or "comprises", and the like, means that the information presented before "comprises" or "comprising" covers the information presented after "comprises" or "comprising" and the equivalents thereof, and does not exclude other information. In the embodiments of the present application, the reference to "and/or" indicates that three kinds of relationships may exist, and the character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Referring to fig. 1, fig. 1 is a schematic diagram of an exemplary hardware environment, where an operating system is installed on a host, n (n ≧ 1) external devices can be connected in a wired or wireless manner, when the external devices are required to be used, the operating system of the host needs to be connected to the host from a physical connection, and meanwhile, the operating system of the host establishes an application connection with the external devices, so that the operating system can accurately identify the legal external devices, and prevent the external devices from operating the operating system and spreading various viruses, etc.; the application provides an access method of external equipment designed based on a Linux operating system, which overcomes the defects of a common security authentication scheme, thereby more effectively verifying and managing the access of the external equipment and improving the security of the operating system accessing the external equipment.
As shown in fig. 2, fig. 2 is a flowchart of an access method of an external device according to an embodiment, which may be applied to an operating system, so that the accessed external device may be managed safely and effectively; mainly comprises the following steps:
s110, sending a first inquiry information command to an external device, receiving encrypted access information returned by the external device in response to the first inquiry information command, and decrypting the encrypted access information to obtain device authentication information and a first firmware abstract of the external device; the encrypted access information is obtained by encrypting the equipment verification information and the firmware abstract information of the external equipment.
The firmware is the bottom layer code connecting hardware and an operating system when the computer is started, and is generally stored in an electrically erasable read-only memory EEPROM or FLASH chip in equipment, and the firmware abstract has fixed bytes and uniqueness.
In this step, the external device may first calculate a firmware digest of the firmware using a conversion algorithm, and then encrypt the device authentication information with the firmware digest to obtain encrypted access information, which is stored in the external device in advance; meanwhile, the external equipment is embedded with a script program and can respond to an instruction sent by an operating system; accordingly, when the operating system sends a first inquiry information command to the external device, the script program of the external device receives the first inquiry information command, responds to the first inquiry information command and sends the encrypted access information to the operating system; and after receiving the encrypted access information of the corresponding external equipment, the operating system decrypts the encrypted access information and analyzes the encrypted access information to obtain the equipment verification information and the first firmware abstract of the external equipment.
In one embodiment, referring to fig. 3, fig. 3 is a flowchart of an exemplary decryption method, where the method for decrypting the encrypted access information to obtain the device authentication information and the first firmware digest of the external device in step S110 includes:
s11, decrypting the encrypted access information by using an appointed private key to obtain decrypted information.
In this step, an asymmetric encryption algorithm is used for encryption, and first, the device authentication information and the firmware digest information of the external device are encrypted by using the agreed public key to obtain encrypted access information of the external device, and the encrypted access information is stored on the external device.
S12, analyzing the equipment verification information and the firmware abstract information of the external equipment from the decryption information; specifically, the device authentication information and the firmware digest information when the external device is encrypted can be obtained by analyzing the decryption information.
S13, generating a first firmware abstract according to the firmware abstract information; specifically, the parsed firmware digest information may be used as the first firmware digest, and if the first firmware digest is not the direct firmware digest information, the firmware digest information may be further converted into the first firmware digest according to the conversion relationship.
As an embodiment, in order to improve the encryption and decryption effect, when the asymmetric encryption algorithm is used in step S11 of this embodiment, the present application further designs a scheme for encrypting and decrypting the encrypted access information by using a dynamic key pair, which may specifically be as follows:
s1101, inquiring a key pair used by the external equipment in the access from a key pair record table; wherein the operating system agrees on a key pair to be used for the next access every time the external device accesses.
S1102, decrypting the encrypted access information by using a private key in the key pair; and the external equipment encrypts the equipment verification information and the firmware abstract information by using the public key of each key pair in advance.
S1103, if the encrypted access information is successfully decrypted to obtain decrypted information, a key pair used in the next access is appointed and written into a key pair record table; and if the encrypted access information cannot be decrypted, setting the external equipment as untrusted external equipment.
Referring to fig. 4, fig. 4 is a schematic diagram of an exemplary encryption and decryption, as shown in the figure, when an operating system and an external device are successfully accessed each time, both parties agree to a key pair used for next access, the external device encrypts access information by using private keys of various key pairs in advance, when the operating system inquires about the encrypted access information, the external device selects encrypted access information encrypted by an agreed private key to be sent to the operating system, the operating system decrypts the encrypted access information by using a public key of the same key pair, if the decryption is successful, it is determined that the external device is legal, meanwhile, both parties agree to the key pair used for next time, and if the decryption is failed, it is determined that the external device is an untrusted device.
According to the technical scheme of the embodiment, a set of dynamic key pair encryption and decryption scheme is designed, and when the operating system and the external equipment transmit the encrypted access information, the security effect is enhanced, so that the verification accuracy can be improved, and illegal external equipment can be found in time.
S120, reading firmware information of the firmware when the firmware of the external equipment is set to be in a readable state, and generating a second firmware abstract by using a conversion algorithm.
In this step, when the operating system accesses the external device, the firmware of the external device is first set to a readable state, the operating system reads the firmware information of the firmware, and the firmware information is calculated by using a conversion algorithm to obtain a second firmware abstract.
S130, inquiring a third firmware abstract of the external equipment from the trusted external equipment list recorded with the legal firmware abstract according to the equipment verification information.
In the step, the operating system is provided with a trusted external device list, and firmware abstracts of all legal external devices are recorded in advance, wherein the legal external devices are obtained by calculating the firmware of the external devices by using a conversion algorithm and have real validity; in combination with the device verification information analyzed in step S110, the operating system may identify the currently accessed external device, and then query a corresponding firmware digest as a third firmware digest from the trusted external device list according to the identified external device.
S140, comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, if the first firmware abstract, the second firmware abstract and the third firmware abstract are matched, judging that the external equipment is trusted external equipment, and otherwise, judging that the external equipment is untrustworthy external equipment.
Specifically, the operating system queries the current external device to obtain a first firmware digest in step S110, calculates a second firmware digest of the current external device according to the real-time read firmware information in step S120, and queries a trusted external device list stored in the operating system to obtain a third firmware digest of the current external device in step S130; and then comparing the three firmware abstracts, if the three firmware abstracts are matched, judging that the currently accessed external equipment is trustable external equipment, and otherwise, judging that the currently accessed external equipment is untrustworthy external equipment.
According to the technical scheme for accessing the external device, an external device access verification scheme based on the firmware abstract is designed to achieve safe and effective management of the operating system for the access of the external device, when the external device is accessed to the operating system, the operating system can be prevented from being attacked, virus spread and the like by illegal external devices, and the safety of the external device accessing to the operating system is improved.
In order to make the technical solutions of the present application clearer, further embodiments are described below with reference to the accompanying drawings.
In one embodiment, the device authentication information may include device attribute information of the external device and service information thereof that requires starting of the operating system; the device attribute information mainly refers to manufacturer information of the external device, hardware-related information, and the like.
Referring to fig. 5, fig. 5 is an exemplary flowchart illustrating an external device management process, and fig. 5 may further include a method for managing an external device based on service information, where the method may include the following steps:
s51, storing the service information of the operating system needing to be started; specifically, the operating system analyzes the device authentication information of the external device and stores the device authentication information for interactive use of the current access.
S52, loading a corresponding service program for the external equipment according to the service information, and carrying out communication interaction with the external equipment based on the service program; specifically, the operating system loads a corresponding service program for the accessed external device according to the service information, and performs communication interaction based on the service program.
And S53, deleting the service information when the external equipment is pulled out.
Specifically, when the external device is pulled out, whether an operation which is designated to be continuously executed after the external device is pulled out exists in operation information sent by the external device is detected, if not, the service information of the external device is deleted, if so, the operation is continuously executed, and the service information is deleted after the operation is executed.
According to the scheme of the embodiment, when the operating system is accessed by the external device, the service information is saved and the corresponding service program is loaded for interactive use, the relevant service information is deleted after one access is completed, and the communication interaction is reestablished after the next access is effectively verified through the verification process, so that the security of each external device access can be ensured.
In order to avoid the attack of disguising the operating system from the external device, in one embodiment, the operating authority of the external device may be configured when the external device accesses the operating system. Accordingly, referring to fig. 6, fig. 6 is an exemplary operation authority setting flowchart, and the method for accessing an external device according to the present application may further include the following steps:
s71, before accessing the external equipment, acquiring the equipment types of various external equipment needing to be accessed; for example, a storage device (U-disk, removable hard drive, etc.), an input device (mouse, keyboard, etc.) may be stored.
S72, setting security permission for the external equipment according to the equipment type and the corresponding security requirement; specifically, the corresponding security authority is set according to the device type and the security requirement of the user on the external device.
And S73, modifying the driving program of the external equipment according to the security authority, and setting the operation authority of the external equipment after the external equipment is accessed to the operating system.
According to the technical scheme of the embodiment, the driving program of the external device is modified to set the operation authority of the external device after the external device is accessed to the operating system, so that the external device can be prevented from operating the operating system beyond the operation authority of the external device in the using process of the external device, and the operating system can be prevented from being attacked by disguised external devices.
In order to further enhance the verification security of the operating system for the accessed external devices, a process of authenticating dynamic information can also be performed for each accessed external device. Accordingly, in an embodiment, referring to fig. 7, where fig. 7 is an exemplary external device authentication flowchart, the external device accessing method of step S140 in the present application may include the following steps:
s401, a first firmware abstract, a second firmware abstract and a third firmware abstract are obtained.
S402, determine whether the first firmware abstract, the second firmware abstract, and the third firmware abstract match? If yes, executing S403, otherwise, determining the external device to be an untrusted external device.
S403, reading a pre-stored first access time list of the external device; the first access time list is used for recording the access time points of all legal external devices on an operating system.
S404, sending a second inquiry information command for inquiring the access time list to the external equipment, and receiving a second access time list sent by the external equipment responding to the second inquiry information command; the second access time list is used for recording the access time point of the external device accessing the operating system.
S405, comparing the first access time list with the second access time list, if the comparison is successful, executing S406, otherwise, judging the external equipment to be the untrusted external equipment.
S406, the external device is judged to be a trusted external device, and the access time point of this time is written into the first access time list.
And S407, sending the access time point to the external equipment, and writing the access time point into a second access time list by the external equipment.
Specifically, a first access time list is prestored on an operating system, the list records access time points of all legal external devices, meanwhile, a second access time list is also respectively arranged on each external device, the access time points of the external devices accessing the operating system are recorded, after the operating system compares the first firmware abstract, the second firmware abstract and the third firmware abstract, the operating system further sends a second inquiry information command for inquiring the access time list to the external devices, the external devices feed back the second access time list to the operating system, the operating system compares the second access time list with the prestored first access time list, if the comparison of the access time of the external devices is successful, the external devices are legal, and then the external devices are judged to be trusted external devices; then the operating system updates the access time point to the first access time list, and simultaneously sends the access time point to the external equipment to update the access time point to the second access time list, so that the access time point is used in the subsequent verification process.
According to the technical scheme of the embodiment, the access time of the external equipment accessing the operating system each time is introduced to be used as the dynamic information for verification, so that the continuous verification of the external equipment can be ensured, the defect that the external equipment is falsely used in the access process is overcome, and the access safety is further improved.
Corresponding to the above-mentioned embodiment of the method for accessing an external device, the present application further provides an access apparatus for an external device, as shown in fig. 8, fig. 8 is a schematic structural diagram of an access apparatus for an external device according to an embodiment, where the access apparatus is applied to an operating system, and the access apparatus includes:
a first firmware digest obtaining module 110, configured to send a first query message command to an external device, receive encrypted access information returned by the external device in response to the first query message command, and decrypt the encrypted access information to obtain device authentication information and a first firmware digest of the external device; the encrypted access information is obtained by encrypting equipment verification information and firmware abstract information of the external equipment;
a second firmware abstract generating module 120, configured to read firmware information of the firmware when the firmware of the external device is set to be in a readable state, and generate a second firmware abstract from the firmware information by using a conversion algorithm;
a third firmware digest query module 130, configured to query, according to the device authentication information, a third firmware digest of the external device from a trusted external device list in which a legal firmware digest is recorded;
the firmware abstract information comparison module 140 is configured to compare the first firmware abstract, the second firmware abstract, and the third firmware abstract, and if the first firmware abstract, the second firmware abstract, and the third firmware abstract are matched with each other, determine that the external device is a trusted external device, otherwise, determine that the external device is an untrusted external device.
The access apparatus of the external device in this embodiment may execute the access method of the external device provided in this embodiment, and its implementation principle is similar, where actions performed by modules in the access apparatus of the external device in the embodiments of this application correspond to steps in the access method of the external device in the embodiments of this application, and for detailed functional descriptions of the modules in the access apparatus of the external device, reference may be specifically made to the description in the access method of the corresponding external device shown in the foregoing, and details are not repeated here.
The following provides an access method embodiment of an external device of another embodiment.
Referring to fig. 9, fig. 9 is a flowchart of an access method of an external device according to an embodiment, where the access method of the external device according to the embodiment is applied to the external device, and includes:
s210, encrypting the equipment verification information and the firmware abstract information of the external equipment to obtain encrypted access information; the firmware abstract information is obtained by calculation through a conversion algorithm and firmware information of external equipment.
In one embodiment, when the encrypted access information is obtained through encryption, the device authentication information and the firmware digest information may be encrypted in advance by using the public key of each key pair to obtain the encrypted access information, and the encrypted access information may be stored in the storage unit.
In one embodiment, the encryption scheme of step S210 may include the following:
and S111, encrypting the equipment verification information and the firmware abstract information of the external equipment by using the agreed public key to obtain encrypted access information.
S121, creating a storage unit on the external equipment, and storing the encrypted access information on the storage unit; and the operating system decrypts the encrypted access information by using an agreed private key to obtain the verification information and the first firmware abstract.
S220, setting the firmware of the external device to be in a readable state, and receiving a first inquiry information command sent by an operating system after the external device is connected to the operating system.
And S230, responding to the first inquiry information command, and sending the encrypted access information to the operating system for verification.
In one embodiment, the process of step S230 may include the following:
(a) When a first inquiry information command sent by the operating system is received, acquiring a key pair used for the access, which is agreed when the operating system is accessed last time; when the external equipment is accessed to the operating system every time, a key pair used for the next access is appointed;
(b) Selecting corresponding encrypted access information from the stored encrypted access information according to the key used at this time, and sending the corresponding encrypted access information to the operating system for verification;
correspondingly, the operating system inquires a key pair used in the current access from a key pair record table, decrypts the encrypted access information by using a private key of the key pair, and if the encrypted access information is successfully decrypted to obtain decrypted information, appoints the key pair used in the next access and writes the key pair into the key pair record table; and if the encrypted access information cannot be decrypted, setting the external equipment as untrusted external equipment.
According to the technical scheme of the embodiment, a set of dynamic key pair encryption and decryption scheme is designed, and when the operating system and the external equipment transmit the encrypted access information, the security effect is enhanced, so that the verification accuracy can be improved, and illegal external equipment can be found in time.
Further, after the encrypted access information is sent to the operating system based on the processing procedure of the steps S210 to S230, the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain device verification information and a first firmware digest, converts the firmware information into a second firmware digest by using the conversion algorithm, and queries a third firmware digest from a trusted external device list in which a legal firmware digest is recorded according to the device verification information; and verifying the external equipment by utilizing whether the first firmware abstract, the second firmware abstract and the third firmware abstract are matched.
For the processing flow executed by the operating system, reference may be made to the foregoing embodiments, which are all incorporated in this embodiment and thus claimed.
In an embodiment, the process that the external device of the present application may perform authentication of dynamic information when accessing the operating system corresponds to steps S401 to S404 in the foregoing embodiment, and the method for accessing an external device of the present application may further include:
s31, receiving a second inquiry information command for inquiring the access time list sent by the operating system;
s32, responding to the second inquiry information command, and sending a second access time list to the operating system; the second access time list is used for recording access time points of external equipment accessed to an operating system;
s33, receiving a new access time point sent by the operating system, and writing the access time point into a second access time list;
the operating system reads and records a first access time list of access time points of all legal external equipment, judges that the external equipment is trusted external equipment when the first access time list is successfully matched with a second access time list, and writes the new access time point into the first access time list.
According to the technical scheme of the embodiment, the access time of the external equipment accessing the operating system each time is introduced to be used as dynamic information for verification, so that the continuous verification of the external equipment can be ensured, the defect that the external equipment is falsely used in the access process is overcome, and the access safety is further improved.
In one embodiment, the device authentication information includes device attribute information of the external device and service information thereof requiring the start of the operating system; corresponding to steps S51 to S53 in the foregoing embodiment, the method for accessing an external device in the present application may further include:
and S61, sending service information needing to be started to the operating system.
S62, after the operating system loads the service program corresponding to the service information, the operating system carries out communication interaction with the service program; for example, a driver specified in the external device information is loaded, a specified program is run, and the like.
S63, sending operation information to the operating system, and specifying the operation which needs to be continuously executed after the pull-out operation; and when the external equipment is pulled out, the operating system continues to execute the operation, and deletes the service information after the operation is executed.
According to the scheme of the embodiment, when the operating system is accessed to the external device, the service information is stored and the corresponding service program is loaded for interactive use, the related service information is deleted after one-time access is finished, and communication interaction is reestablished after effective verification is carried out through a verification flow when the operating system is accessed next time, so that the safety of each-time external device access can be ensured.
Corresponding to the above-mentioned embodiment of the method for accessing an external device, the present application also provides an access apparatus for an external device, as shown in fig. 10, fig. 10 is a schematic structural diagram of an access apparatus for an external device according to another embodiment, where the apparatus is applied to an external device, and includes:
an encrypted access information generating module 210, configured to encrypt the device authentication information of the external device and the firmware digest information to obtain encrypted access information; the firmware abstract information is obtained by calculation through a conversion algorithm and firmware information of external equipment.
The query information command receiving module 220 is configured to set the firmware of the external device to a readable state, and receive a first query information command sent by an operating system after the external device is connected to the operating system.
A query information command response module 230, configured to respond to the first query information command, and send the encrypted access information to the operating system for verification.
The operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and inquires a third firmware abstract from a trusted external equipment list recorded with a legal firmware abstract according to the equipment verification information; and verifying the external equipment by utilizing whether the first firmware abstract, the second firmware abstract and the third firmware abstract are matched.
The access apparatus of the external device in this embodiment may execute the access method of the external device provided in this embodiment, and its implementation principle is similar, where actions performed by modules in the access apparatus of the external device in the embodiments of this application correspond to steps in the access method of the external device in the embodiments of this application, and for detailed functional descriptions of the modules in the access apparatus of the external device, reference may be specifically made to the description in the access method of the corresponding external device shown in the foregoing, and details are not repeated here.
To further clarify the technical effect of the technical solution of the present application, an example of interaction with an operating system in access of an external device is listed below, and fig. 11 is a schematic diagram of interaction between an external device and an operating system.
At the external equipment end, the following steps are executed:
s101, setting the firmware to a readable state, and calculating a first firmware digest.
And s102, calculating the encrypted access information.
And encrypting the equipment verification information, the operating system service information to be started and the first firmware abstract by using a public key agreed by an asymmetric encryption algorithm to obtain encrypted access information, wherein the access information comprises equipment verification information such as a generator and hardware information, the first firmware abstract generated in the step s101 and the like.
s103, storing the encrypted access information.
A storage unit can be arranged on the external device to store the encrypted access information, and a script program is embedded to respond to the query request of the operating system.
And s104, responding to the first inquiry information command sent by the operating system, and sending the encrypted access information to the operating system.
And s105, responding to a second inquiry information command sent by the operating system, and sending the second access time list to the operating system.
And s106, receiving the access time point sent by the operating system, and writing the access time point into a second access time list.
On the operating system side, the following steps are performed:
s201, when the external device accesses, sending a first query information command to the external device, and receiving the encrypted access information returned by the external device response.
The method comprises the following steps that a driver of each external device is modified on an operating system, and the security of the authority of different types of external devices is set; and if the external equipment does not respond to the returned encrypted access information, judging that the external equipment is untrustworthy external equipment, and forbidding the external equipment to operate.
s202, decrypting the encrypted access information to obtain the device authentication information and the first firmware digest of the external device,
the encrypted access information may be decrypted using the agreed private key to obtain device authentication information and a first firmware digest of the external device.
And s203, reading the firmware in the external device, and generating a second firmware abstract by using a conversion algorithm.
s204, querying a third firmware abstract from the list of trusted external devices.
The operating system establishes a trusted external device list in advance, and records device verification information and firmware abstract information of all trusted external devices.
s205, comparing the first firmware abstract, the second firmware abstract and the third firmware abstract.
If the three are matched, step s206 is performed, otherwise, the firmware of the external device or the encrypted access information sent by the external device is considered to be tampered, and the external device is determined to be an untrusted external device.
s206, inquiring the second access time list from the external device, and pairing the first access time list and the second access time list.
The operating system needs to establish a first access time list aiming at the external equipment in advance, if the pairing is successful, the external equipment is confirmed to be trustable equipment, the access time point of the time is sent to the external equipment, and the access time point is written into the first access time list of the operating system; and if the pairing is failed, the external equipment firmware or the encrypted access information sent by the external equipment firmware is considered to be tampered, and the external equipment is judged to be the untrusted external equipment.
And s207, storing the encrypted access information sent by the external device, and loading a corresponding service program for the external device according to the service information sent by the external device.
And s208, when the external device is pulled out, continuing to execute the operation that the external device needs to be continuously executed after being pulled out in advance, and deleting the stored encrypted access information and the service information in the encrypted access information.
The above is the flow of this example, and it can be seen from this example that, by performing safe and effective management on access of an external device through an operating system, when the external device accesses the operating system, it can be ensured that the operating system is not damaged by illegal attack and virus propagation of the external device, and the security of accessing the external device to the operating system is improved.
An embodiment of the external device of the present application is set forth below.
The external device provided by the present application may be configured to perform the steps of the access method of the external device of any of the above embodiments; compared with the conventional external equipment, a storage unit is opened on the external equipment, equipment authentication information and firmware abstract information of the external equipment are encrypted in advance to form encrypted access information which is stored in the storage unit, a script program is embedded in the external equipment, the firmware of the external equipment is set to be in a readable state in response to an inquiry information command sent by the external equipment, and when the external equipment is accessed, an operating system can read the firmware information.
The external device provided by this embodiment provides a verification scheme based on firmware digest access, and the operating system can perform safe and effective management on the access of the external device, thereby avoiding illegal external device access, ensuring that the operating system is not damaged by the attack of the illegal external device, virus propagation and the like, and improving the security of the external device accessing the operating system.
An embodiment of the computer device of the present application is set forth below.
The computer device provided by this embodiment, the operating system is installed to the computer device, and it includes: one or more processors, memory, and one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the steps of the method of accessing an external device of any of the embodiments described above.
As shown in FIG. 12, FIG. 12 is a block diagram of an example computer device. The computer device may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, a fitness device, a personal digital assistant, or the like; the apparatus 100 may include one or more of the following components: a processing component 102, a memory 104, a power component 106, a multimedia component 108, an audio component 110, an input/output (I/O) interface 112, a sensor component 114, and a communication component 116.
The processing component 102 generally controls overall operation of the device 100, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations.
The memory 104 is configured to store various types of data to support operation at the device 100. Such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
The power supply component 106 provides power to the various components of the device 100.
The multimedia component 108 includes a screen that provides an output interface between the device 100 and the user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). In some embodiments, the multimedia component 108 includes a front facing camera and/or a rear facing camera.
The audio component 110 is configured to output and/or input audio signals.
The I/O interface 112 provides an interface between the processing component 102 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 114 includes one or more sensors for providing various aspects of state assessment for the device 100. The sensor assembly 114 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact.
The communication component 116 is configured to facilitate wired or wireless communication between the apparatus 100 and other devices. The device 100 may access a wireless network based on a communication standard, such as WiFi, an operator network (such as 2G, 3G, 4G, or 5G), or a combination thereof.
In addition, the application provides a computer-readable storage medium for realizing the related functions of the image data transmission method of the video live broadcast. The computer readable storage medium stores at least one instruction, at least one program, a set of codes, or a set of instructions that is loaded by a processor and performs the method of accessing an external device of any embodiment. Illustratively, the computer-readable storage medium may be a non-transitory computer-readable storage medium comprising instructions, such as a memory comprising instructions, e.g., the non-transitory computer-readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and so forth.
The computer-readable storage medium of the foregoing embodiment may be used to store a corresponding execution code program and the like of the firmware-digest-based external device access verification scheme designed in the embodiment of the present application, so as to implement secure and effective management of the external device access by the operating system, and when the external device accesses the operating system, the operating system is ensured not to be damaged by illegal external device attack, virus propagation, and the like, so that the security of accessing the external device to the operating system is improved.
The above examples only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. An access method of an external device, applied to an operating system, is characterized by comprising:
sending a first inquiry information command to external equipment, receiving encrypted access information returned by the external equipment in response to the first inquiry information command, and decrypting the encrypted access information to obtain equipment verification information and a first firmware abstract of the external equipment; the encrypted access information is obtained by encrypting the equipment verification information and the firmware abstract information of the external equipment;
reading firmware information of the firmware under the condition that the firmware of the external equipment is set to be readable, and generating a second firmware abstract by using a conversion algorithm;
inquiring a third firmware abstract of the external equipment from a trusted external equipment list recorded with a legal firmware abstract according to the equipment verification information;
and comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, if the first firmware abstract, the second firmware abstract and the third firmware abstract are matched, judging that the external equipment is trusted external equipment, and otherwise, judging that the external equipment is untrustworthy external equipment.
2. The external device access method according to claim 1, wherein the device authentication information includes: device attribute information of the external device and service information of the external device requiring starting of the operating system;
the access method of the external device further comprises the following steps:
storing the service information needing to start the operating system;
loading a corresponding service program for the external equipment according to the service information, and carrying out communication interaction with the external equipment based on the service program;
when the external device is pulled out, acquiring operation which is appointed to be continuously executed after the external device is pulled out from operation information sent by the external device;
and continuing to execute the operation, and deleting the service information after the operation is executed.
3. The method for accessing an external device according to claim 1, further comprising, before the operating system accesses the external device:
acquiring the device types of various external devices needing to be accessed;
setting security permission for the external equipment according to the equipment type and the corresponding security requirement;
and modifying the driving program of the external equipment according to the security permission, and setting the operation permission of the external equipment after the external equipment is accessed to the operating system.
4. The method for accessing an external device according to claim 1, wherein the decrypting the encrypted access information to obtain device authentication information and a first firmware digest of the external device comprises:
decrypting the encrypted access information by using an agreed private key to obtain decrypted information;
analyzing the equipment verification information and the firmware abstract information of the external equipment from the decryption information;
generating a first firmware abstract according to the firmware abstract information;
the encrypted access information is obtained by encrypting the equipment verification information and the firmware abstract information of the external equipment by using a conventional public key of an asymmetric encryption algorithm and is stored on the external equipment.
5. The method for accessing an external device according to claim 1, further comprising:
reading a pre-stored first access time list of the external device; the first access time list is used for recording access time points of all legal external devices on an operating system;
sending a second inquiry information command for inquiring the access time list to the external equipment, and receiving a second access time list sent by the external equipment in response to the second inquiry information command; the second access time list is used for recording access time points of the external equipment accessing the operating system;
comparing the first access time list with the second access time list, if the comparison is successful, judging the external equipment as trustable external equipment, and writing the access time point into the first access time list;
and sending the access time point to the external equipment, and writing the access time point into a second access time list by the external equipment.
6. The method for accessing an external device according to claim 4, wherein the decrypting the encrypted access information using the agreed private key to obtain decrypted information includes:
inquiring a key pair used by the external equipment in the access from a key pair record table; wherein the operating system appoints a key pair used for the next access each time the external device accesses;
decrypting the encrypted access information by using a private key in the key pair; the external equipment encrypts equipment verification information and firmware abstract information by using a public key of each key pair in advance;
if the encrypted access information is successfully decrypted to obtain decrypted information, a key pair used in the next access is appointed and written into a key pair record table; and if the encrypted access information cannot be decrypted, setting the external equipment as untrusted external equipment.
7. An access method of an external device is applied to the external device, and is characterized by comprising the following steps:
encrypting the equipment verification information and the firmware abstract information of the external equipment to obtain encrypted access information; the firmware abstract information is obtained by utilizing a conversion algorithm and firmware information of external equipment through calculation;
setting the firmware of the external equipment to be in a readable state, and receiving a first inquiry information command sent by an operating system after the external equipment is connected to the operating system;
responding to the first inquiry information command, and sending the encrypted access information to the operating system for verification;
the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and inquires a third firmware abstract from a trusted external equipment list recorded with a legal firmware abstract according to the equipment verification information; and verifying the external equipment by utilizing whether the first firmware abstract, the second firmware abstract and the third firmware abstract are matched.
8. An access device for an external device, comprising:
the device is applied to an operating system and comprises:
the first firmware abstract acquisition module is used for sending a first inquiry information command to the external equipment, receiving encrypted access information returned by the external equipment in response to the first inquiry information command, and decrypting the encrypted access information to obtain equipment verification information and a first firmware abstract of the external equipment; the encrypted access information is obtained by encrypting equipment verification information and firmware abstract information of the external equipment;
the second firmware abstract generating module is used for reading the firmware information of the firmware when the firmware of the external equipment is set to be in a readable state and generating a second firmware abstract by using a conversion algorithm;
the third firmware abstract query module is used for querying a third firmware abstract of the external equipment from a trusted external equipment list recorded with legal firmware abstract according to the equipment verification information;
the firmware abstract information comparison module is used for comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, if the first firmware abstract, the second firmware abstract and the third firmware abstract are matched, the external equipment is judged to be trusted external equipment, and if not, the external equipment is judged to be untrusted external equipment;
or
The device is applied to external equipment and comprises:
the encrypted access information generation module is used for encrypting the equipment verification information of the external equipment and the firmware abstract information to obtain encrypted access information; the firmware abstract information is obtained by calculation by using a conversion algorithm and firmware information of external equipment;
the inquiry information command receiving module is used for setting the firmware of the external equipment into a readable state and receiving a first inquiry information command sent by an operating system after the firmware of the external equipment is connected to the operating system;
the inquiry information command response module is used for responding to the first inquiry information command and sending the encrypted access information to the operating system for verification;
the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and inquires a third firmware abstract from a trusted external equipment list recorded with a legal firmware abstract according to the equipment verification information; and verifying the external equipment by utilizing whether the first firmware abstract, the second firmware abstract and the third firmware abstract are matched.
9. A computer device having an operating system installed thereon, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to perform the steps of the external device access method of any of claims 1-7.
10. An external device, characterized in that it is configured to perform the steps of the external device access method of claim 7.
CN202211244099.0A 2022-10-10 2022-10-10 External device access method and device, computer device and external device Active CN115630377B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211244099.0A CN115630377B (en) 2022-10-10 2022-10-10 External device access method and device, computer device and external device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211244099.0A CN115630377B (en) 2022-10-10 2022-10-10 External device access method and device, computer device and external device

Publications (2)

Publication Number Publication Date
CN115630377A true CN115630377A (en) 2023-01-20
CN115630377B CN115630377B (en) 2023-06-06

Family

ID=84905541

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211244099.0A Active CN115630377B (en) 2022-10-10 2022-10-10 External device access method and device, computer device and external device

Country Status (1)

Country Link
CN (1) CN115630377B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007033321A2 (en) * 2005-09-14 2007-03-22 Sandisk Corporation Secure yet flexible system architecture for secure devices with flash mass storage memory
CN102413263A (en) * 2010-09-22 2012-04-11 佳能株式会社 Information processing apparatus and control method therefor
CN105303094A (en) * 2015-05-07 2016-02-03 同方计算机有限公司 Safety self-verification system of USB main control chip and safety self-verification method of USB main control chip
CN106161024A (en) * 2015-04-03 2016-11-23 同方股份有限公司 A kind of USB device authentic authentication method of USB control chip level and system thereof
US20180103017A1 (en) * 2015-09-08 2018-04-12 Tencent Technology (Shenzhen) Company Limited Service processing method and electronic device
US20200252382A1 (en) * 2019-01-31 2020-08-06 Salesforce.Com, Inc. User authentication using multi-party computation and public key cryptography
WO2022037346A1 (en) * 2020-08-21 2022-02-24 华为技术有限公司 Peripheral component interconnect express device startup method and apparatus, and storage medium
CN114936373A (en) * 2022-04-25 2022-08-23 国电南瑞南京控制系统有限公司 Trusted security chip, trusted data processing system and method
CN114969713A (en) * 2022-05-25 2022-08-30 超聚变数字技术有限公司 Equipment verification method, equipment and system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007033321A2 (en) * 2005-09-14 2007-03-22 Sandisk Corporation Secure yet flexible system architecture for secure devices with flash mass storage memory
CN102413263A (en) * 2010-09-22 2012-04-11 佳能株式会社 Information processing apparatus and control method therefor
CN106161024A (en) * 2015-04-03 2016-11-23 同方股份有限公司 A kind of USB device authentic authentication method of USB control chip level and system thereof
CN105303094A (en) * 2015-05-07 2016-02-03 同方计算机有限公司 Safety self-verification system of USB main control chip and safety self-verification method of USB main control chip
US20180103017A1 (en) * 2015-09-08 2018-04-12 Tencent Technology (Shenzhen) Company Limited Service processing method and electronic device
US20200252382A1 (en) * 2019-01-31 2020-08-06 Salesforce.Com, Inc. User authentication using multi-party computation and public key cryptography
WO2022037346A1 (en) * 2020-08-21 2022-02-24 华为技术有限公司 Peripheral component interconnect express device startup method and apparatus, and storage medium
CN114936373A (en) * 2022-04-25 2022-08-23 国电南瑞南京控制系统有限公司 Trusted security chip, trusted data processing system and method
CN114969713A (en) * 2022-05-25 2022-08-30 超聚变数字技术有限公司 Equipment verification method, equipment and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
马征宇: "基于USBKey的软件保护增强策略", 《计算机工程与设计》, pages 54 *

Also Published As

Publication number Publication date
CN115630377B (en) 2023-06-06

Similar Documents

Publication Publication Date Title
CN109600223B (en) Verification method, activation method, device, equipment and storage medium
CN112771826B (en) Application program login method, application program login device and mobile terminal
WO2021052086A1 (en) Information processing method and apparatus
US9762396B2 (en) Device theft protection associating a device identifier and a user identifier
KR100611628B1 (en) A method for processing information in an electronic device, a system, an electronic device and a processing block
US20220209951A1 (en) Authentication method, apparatus and device, and computer-readable storage medium
CN110719166A (en) Chip burning method, chip burning device, chip burning system and storage medium
US20230353363A1 (en) Login authentication method, apparatus, and system
CN107135205B (en) Network access method and system
CN108335105B (en) Data processing method and related equipment
CN113553572B (en) Resource information acquisition method, device, computer equipment and storage medium
CN109831435B (en) Database operation method, system, proxy server and storage medium
CN112468294A (en) Access method and authentication equipment for vehicle-mounted TBOX
CN113127844A (en) Variable access method, device, system, equipment and medium
CN110515700B (en) Virtual machine migration method, system, device and readable storage medium
CN110659474B (en) Inter-application communication method, device, terminal and storage medium
CN113127818A (en) Block chain-based data authorization method and device and readable storage medium
CN115906196A (en) Mobile storage method, device, equipment and storage medium
CN115630377B (en) External device access method and device, computer device and external device
CN108737341B (en) Service processing method, terminal and server
JP4981821B2 (en) Method and device for roaming and using DRM content on a device
CN114219055A (en) Bar code generation method, bar code verification method and payment system
WO2021114113A1 (en) Flash processing method and relevant apparatus
CN111460405A (en) Method, device, equipment and medium for enabling equipment outside cabinet to enter background setting
CN115913794B (en) Data security transmission method, device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant