CN115630377B - External device access method and device, computer device and external device - Google Patents

External device access method and device, computer device and external device Download PDF

Info

Publication number
CN115630377B
CN115630377B CN202211244099.0A CN202211244099A CN115630377B CN 115630377 B CN115630377 B CN 115630377B CN 202211244099 A CN202211244099 A CN 202211244099A CN 115630377 B CN115630377 B CN 115630377B
Authority
CN
China
Prior art keywords
information
firmware
external equipment
external
abstract
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211244099.0A
Other languages
Chinese (zh)
Other versions
CN115630377A (en
Inventor
王剑
周修龙
姚炜林
朱毅
李辉
王亚宁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Jinqili Information Technology Co ltd
Original Assignee
Guangzhou Jinqili Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Jinqili Information Technology Co ltd filed Critical Guangzhou Jinqili Information Technology Co ltd
Priority to CN202211244099.0A priority Critical patent/CN115630377B/en
Publication of CN115630377A publication Critical patent/CN115630377A/en
Application granted granted Critical
Publication of CN115630377B publication Critical patent/CN115630377B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Abstract

The application relates to an access method and device of external equipment, computer equipment and the external equipment; the access method comprises the following steps: an access method of external equipment is applied to an operating system and comprises the following steps: sending a first inquiry information command to external equipment, receiving returned encrypted access information, and decrypting to obtain equipment verification information and a first firmware abstract; reading firmware information of the firmware under the condition that the firmware of the external equipment is set to be readable, and generating a second firmware abstract from the firmware information by utilizing a conversion algorithm; inquiring a third firmware abstract of the external device from a trusted external device list recorded with legal firmware abstracts according to the device verification information; comparing the first firmware abstract, the second firmware abstract and the third firmware abstract to judge the trusted external equipment; according to the technical scheme, the operating system can be prevented from being damaged by illegal external equipment attack, virus transmission and the like, and the safety of the external equipment accessing the operating system is improved.

Description

External device access method and device, computer device and external device
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an access method and apparatus for an external device, a computer device, and an external device.
Background
In the field of computers, hardware devices are developed, so that at present, various forms of hardware external devices are more and more, functions which can be realized by the external devices (called peripherals for short) are more and more complex, performances are more and more powerful, and information which needs to be communicated between the external devices and an operating system is more and more.
Currently, the primary way for an external device to communicate with an operating system is through firmware in the external device to communicate with drivers in the operating system. The operating system writes the drive of the corresponding external device in advance, and is loaded in the operating system when starting. After the external device is inserted into the operating system, the operating system inquires the external device information through the driver, the external device information is provided by the external device firmware, and the operating system provides further service for the external device according to the information provided by the external device firmware. Since the current operating system uses the same driver for the same kind of external device for convenience, when the external device is accessed, the illegal external device can operate the operating system by modifying the firmware to disguise as other kinds of external devices (such as a keyboard and a mouse), so as to spread various viruses, for example, worm viruses can be spread through the external device, and the operating system can be controlled through the Bad USB device (a device readable and writable by the USB firmware).
In the prior art, some security authentication schemes exist, when an external access device requests to access an operating system, identification information of the external access device or a built-in communication chip, such as brand, model, manufacturer and the like, is acquired, the identification information is utilized to authenticate the external access device as a trusted device, and the distribution authority of the external access device is set; although the technical scheme can carry out safety identification on the external access equipment through the identification information, the possibility of disclosure exists in the identification information serving as verification information, and once the identification information can be acquired by the illegal access external equipment, the operation system can still be accessed, so that a great safety threat is formed to the operation system.
Disclosure of Invention
Based on this, it is necessary to provide an external device access method, apparatus, computer device and external device to improve security of access of the external device to the operating system, aiming at least one of the above technical drawbacks.
An access method of external equipment is applied to an operating system and comprises the following steps:
sending a first inquiry information command to external equipment, receiving encrypted access information returned by the external equipment in response to the first inquiry information command, and decrypting the encrypted access information to obtain equipment verification information and a first firmware abstract of the external equipment; the encrypted access information is obtained by encrypting equipment verification information and firmware abstract information of the external equipment;
Reading firmware information of the firmware when the firmware of the external equipment is in a readable state, and generating a second firmware abstract from the firmware information by using a conversion algorithm;
inquiring a third firmware abstract of the external device from a trusted external device list recorded with legal firmware abstracts according to the device verification information;
comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, if the first firmware abstract, the second firmware abstract and the third firmware abstract are matched, judging that the external equipment is trusted external equipment, otherwise, judging that the external equipment is not trusted external equipment.
In one embodiment, the device authentication information includes: device attribute information of external devices and service information of operating systems to be started;
the access method of the external equipment further comprises the following steps:
storing the service information of the operating system to be started;
loading a corresponding service program for the external equipment according to the service information, and carrying out communication interaction with the external equipment based on the service program;
when the external equipment is pulled out, acquiring operation information sent by the external equipment, wherein the operation which needs to be continuously executed after the external equipment is pulled out is specified;
and continuing to execute the operation, and deleting the service information after the operation is executed.
In one embodiment, the method for accessing the external device, before the operating system accesses the external device, further includes:
acquiring the device types of various external devices to be accessed;
setting security authority for the external equipment according to the equipment type and corresponding security requirements;
and modifying the driving program of the external equipment according to the security authority, and setting the operation authority of the external equipment after the external equipment is accessed to an operating system.
In one embodiment, the decrypting the encrypted access information to obtain the device authentication information of the external device and the first firmware digest includes:
decrypting the encrypted access information by using the agreed private key to obtain decryption information;
analyzing the equipment verification information and firmware abstract information of the external equipment from the decryption information;
generating a first firmware abstract according to the firmware abstract information;
the encrypted access information is obtained by encrypting the device verification information and the firmware abstract information of the external device by utilizing a convention public key of an asymmetric encryption algorithm, and is stored on the external device.
In one embodiment, the method for accessing an external device further includes:
Reading a pre-stored first access time list of the external equipment; the first access time list is used for recording access time points of all legal external devices on an operating system;
sending a second inquiry information command for inquiring the access time list to the external equipment, and receiving a second access time list sent by the external equipment in response to the second inquiry information command; the second access time list is used for recording access time points of the external equipment to the operating system;
comparing the first access time list with the second access time list, if the comparison is successful, judging that the external equipment is a trusted external equipment, and writing the current access time point into the first access time list;
and sending the current access time point to the external equipment, and writing the current access time point into a second access time list by the external equipment.
In one embodiment, the decrypting the encrypted access information using the agreed private key to obtain decrypted information includes:
inquiring a key pair used by the external equipment in the current access from a key pair record table; the operating system agrees with a key pair used for the next access every time when external equipment is accessed;
Decrypting the encrypted access information using a private key of the key pair; the external device encrypts device verification information and firmware abstract information by utilizing public keys of all key pairs in advance;
if the encrypted access information is successfully decrypted to obtain decryption information, agreeing on a key pair used in the next access and writing the key pair into a key pair record table; and if the encrypted access information cannot be decrypted, setting the external equipment as an untrusted external equipment.
An access method of an external device, applied to the external device, comprises the following steps:
encrypting the equipment verification information of the external equipment and the firmware abstract information to obtain encrypted access information; the firmware abstract information is obtained by calculating firmware information of external equipment by using a conversion algorithm;
setting the firmware of the external equipment to be in a readable state, and receiving a first inquiry information command sent by an operating system after the firmware is connected to the operating system;
responding to the first inquiry information command, and sending the encrypted access information to the operating system for verification;
the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and queries a third firmware abstract from a trusted external equipment list recorded with legal firmware abstracts according to the equipment verification information; and verifying the external device by using whether the first firmware digest, the second firmware digest and the third firmware digest are matched.
In one embodiment, the device authentication information includes: device attribute information of external devices and service information of operating systems to be started;
the access method of the external equipment further comprises the following steps:
sending service information to be started to an operating system;
after the operating system loads the service program corresponding to the service information, communication interaction is carried out with the service program;
sending operation information to the operation system, and designating the operation to be continuously executed after the operation system is pulled out; and when the external equipment is pulled out, the operating system continues to execute the operation, and deletes the service information after the operation is executed.
In one embodiment, encrypting the device authentication information of the external device and the firmware digest information to obtain encrypted access information includes:
encrypting the equipment verification information and the firmware abstract information of the external equipment by using the agreed public key to obtain encrypted access information;
opening a storage unit on external equipment, and storing the encrypted access information on the storage unit;
and the operating system decrypts the encrypted access information by using the agreed private key to obtain the verification information and the first firmware abstract.
In one embodiment, the method for accessing an external device further includes:
receiving a second inquiry information command which is sent by the operating system and inquires about an access time list;
responding to the second inquiry information command, and sending a second access time list to the operating system; the second access time list is used for recording access time points of the external equipment to the operating system;
receiving a new access time point sent by the operating system, and writing the access time point into a second access time list;
the operating system reads a first access time list recording access time points of all legal external devices, judges that the external devices are trusted external devices when the first access time list and the second access time list are successfully paired, and writes the new access time points into the first access time list.
In one embodiment, encrypting the device authentication information of the external device and the firmware digest information to obtain encrypted access information includes:
encrypting the equipment verification information and the firmware abstract information by utilizing the public key of each key pair in advance to obtain encrypted access information, and storing the encrypted access information in a storage unit;
The step of responding to the first inquiry information command and sending the encrypted access information to the operating system for verification comprises the following steps:
when a first inquiry information command sent by the operating system is received, acquiring a key pair used by the current access appointed when the operating system is accessed last time; the external equipment agrees with a key pair used for the next access when accessing the operating system each time;
selecting corresponding encrypted access information from the stored encrypted access information according to the key used at the time, and sending the selected encrypted access information to an operating system for verification;
the operating system inquires a key pair used in the current access from a key pair record table, decrypts the encrypted access information by using a private key of the key pair, obtains decryption information if the encrypted access information is successfully decrypted, agrees with the key pair used in the next access and writes the key pair into the key pair record table; and if the encrypted access information cannot be decrypted, setting the external equipment as an untrusted external equipment.
An access apparatus for an external device, the apparatus being applied to an operating system, comprising:
the first firmware abstract acquisition module is used for sending a first inquiry information command to the external equipment, receiving encrypted access information returned by the external equipment in response to the first inquiry information command, and decrypting the encrypted access information to obtain equipment verification information and a first firmware abstract of the external equipment; the encrypted access information is obtained by encrypting equipment verification information and firmware abstract information of the external equipment;
The second firmware abstract generating module is used for reading the firmware information of the firmware when the firmware of the external equipment is in a readable state, and generating a second firmware abstract by utilizing a conversion algorithm;
the third firmware digest inquiring module is used for inquiring the third firmware digest of the external device from a trusted external device list recorded with legal firmware digests according to the device verification information;
and the firmware abstract information comparison module is used for comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, judging that the external equipment is trusted external equipment if the first firmware abstract, the second firmware abstract and the third firmware abstract are matched, and judging that the external equipment is untrusted external equipment if the first firmware abstract, the second firmware abstract and the third firmware abstract are not trusted.
An access method of an external device, applied to the external device, comprises the following steps:
encrypting the equipment verification information of the external equipment and the firmware abstract information to obtain encrypted access information; the firmware abstract information is obtained by calculating firmware information of external equipment by using a conversion algorithm;
setting the firmware of the external equipment to be in a readable state, and receiving a first inquiry information command sent by an operating system after the firmware is connected to the operating system;
Responding to the first inquiry information command, and sending the encrypted access information to the operating system for verification;
the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and queries a third firmware abstract from a trusted external equipment list recorded with legal firmware abstracts according to the equipment verification information; and verifying the external device by using whether the first firmware digest, the second firmware digest and the third firmware digest are matched.
An access apparatus of an external device, the apparatus being applied to the external device, comprising:
the encryption access information generation module is used for encrypting the equipment verification information and the firmware abstract information of the external equipment to obtain encryption access information; the firmware abstract information is obtained by calculating firmware information of external equipment by using a conversion algorithm;
the inquiry information command receiving module is used for setting the firmware of the external equipment to be in a readable state and receiving a first inquiry information command sent by an operating system after the external equipment is connected to the operating system;
The inquiry information command response module is used for responding to the first inquiry information command and sending the encrypted access information to the operating system for verification;
the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and queries a third firmware abstract from a trusted external equipment list recorded with legal firmware abstracts according to the equipment verification information; and verifying the external device by using whether the first firmware digest, the second firmware digest and the third firmware digest are matched.
A computer device having an operating system installed thereon, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to perform the steps of the method of accessing an external device.
An external device configured to perform the steps of the method of accessing the external device.
According to the technical scheme of the embodiments, the external device generates firmware abstract information by utilizing own firmware, and encrypts by combining device verification information to obtain encrypted access information; when external equipment is accessed to an operating system, the operating system inquires encrypted access information and decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract; simultaneously, the operating system reads firmware information of the firmware and calculates a second firmware abstract; then the operating system inquires a recorded third firmware abstract from the trusted external equipment list according to the equipment verification information; finally, comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, and verifying the external equipment; according to the technical scheme, the external equipment access verification scheme based on the firmware abstract is designed to realize safe and effective management of the external equipment access by the operating system, and when the external equipment is accessed to the operating system, the operating system can be ensured not to be damaged by attack, virus propagation and the like of illegal external equipment, so that the safety of the external equipment access to the operating system is improved.
Drawings
FIG. 1 is a schematic diagram of an exemplary hardware environment;
FIG. 2 is a flow chart of an access method of an external device of one embodiment;
FIG. 3 is a flow chart of an exemplary decryption method;
FIG. 4 is a schematic diagram of an example encryption and decryption;
FIG. 5 is an exemplary external device management flow diagram;
FIG. 6 is an exemplary operational rights setting flow diagram;
FIG. 7 is an example external device authentication flow diagram;
FIG. 8 is a schematic diagram of an access arrangement of an external device of one embodiment;
FIG. 9 is a flow chart of an access method of an external device according to another embodiment;
fig. 10 is a schematic view of an access apparatus structure of an external device according to another embodiment;
FIG. 11 is a schematic diagram of an example external device interacting with an operating system;
FIG. 12 is a block diagram of an example computer device.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
In the embodiments of the present application, reference to "first," "second," etc. is used to distinguish between identical items or similar items that have substantially the same function and function, "at least one" means one or more, "a plurality" means two or more, e.g., a plurality of objects means two or more. The words "comprise" or "comprising" and the like mean that information preceding the word "comprising" or "comprises" is meant to encompass the information listed thereafter and equivalents thereof as well as additional information not being excluded. Reference to "and/or" in the embodiments of the present application indicates that there may be three relationships, and the character "/" generally indicates that the associated object is an "or" relationship.
Referring to FIG. 1, FIG. 1 is a schematic diagram of an exemplary hardware environment, in which an operating system is installed on a host, n (n is greater than or equal to 1) external devices can be connected through a wired or wireless manner, when an external device is needed, the external device needs to be connected to the host from a physical connection, and meanwhile, the operating system of the host establishes an application connection with the external device, so that the operating system can accurately identify legal external devices, and the external device is prevented from operating the operating system, spreading various viruses and the like; the application provides an access method of external equipment designed based on a Linux operating system, which solves the defects of a common security authentication scheme, so that the access of the external equipment is verified and managed more effectively, and the security of the access of the operating system to the external equipment is improved.
As shown in fig. 2, fig. 2 is a flowchart of an access method of an external device according to an embodiment, where the method may be applied to an operating system, so that the accessed external device may be safely and effectively managed; the method mainly comprises the following steps:
s110, sending a first inquiry information command to external equipment, receiving encrypted access information returned by the external equipment in response to the first inquiry information command, and decrypting the encrypted access information to obtain equipment verification information and a first firmware abstract of the external equipment; the encrypted access information is obtained by encrypting the equipment verification information and the firmware abstract information of the external equipment.
The firmware is a bottom code connecting hardware and an operating system when the computer is started, and is generally stored in an EEPROM or FLASH chip in the device, and the firmware abstract has fixed bytes and uniqueness.
In this step, the external device may first calculate a firmware digest of the firmware using a conversion algorithm, then encrypt the firmware digest of the device authentication information to obtain encrypted access information, and store the encrypted access information in the external device in advance; meanwhile, the external equipment is embedded with a script program and can respond to an instruction sent by an operating system; accordingly, when the operating system sends a first inquiry information command to the external device, the script program of the external device receives the first inquiry information command, and the script program responds to the first inquiry information command and sends the encrypted access information to the operating system; after receiving the encrypted access information of the corresponding external device, the operating system decrypts the encrypted access information and analyzes the encrypted access information to obtain device verification information and a first firmware abstract of the external device.
In one embodiment, referring to fig. 3, fig. 3 is a flowchart of an exemplary decryption method, and the method for decrypting the encrypted access information to obtain the device authentication information of the external device and the first firmware digest in step S110 includes:
S11, decrypting the encrypted access information by using the agreed private key to obtain decryption information.
In the step, an asymmetric encryption algorithm is adopted for encryption, firstly, the equipment verification information and the firmware abstract information of the external equipment are encrypted by utilizing a convention public key to obtain encrypted access information of the external equipment, and the encrypted access information is stored on the external equipment.
S12, analyzing the equipment verification information and the firmware abstract information of the external equipment from the decryption information; specifically, the device verification information and the firmware abstract information when the external device is encrypted can be obtained by analyzing the decryption information.
S13, generating a first firmware abstract according to the firmware abstract information; specifically, the parsed firmware summary information may be used as the first firmware summary, and if the first firmware summary is not the direct firmware summary information, the firmware summary information may be further converted into the first firmware summary according to the conversion relationship.
As an embodiment, in order to improve the encryption and decryption effects, when an asymmetric encryption algorithm is used in step S11 of this embodiment, the present application further designs a dynamic key pair encryption and decryption scheme for the encrypted access information, which may specifically be as follows:
S1101, inquiring a key pair used by the external device in the current access from a key pair record table; the operating system agrees with a key pair used by the next access every time when the external equipment is accessed.
S1102, decrypting the encrypted access information by using a private key in the key pair; the external device encrypts the device verification information and the firmware abstract information by utilizing public keys of the key pairs in advance.
S1103, if the encrypted access information is successfully decrypted to obtain decryption information, a key pair used in the next access is agreed and written into a key pair record table; and if the encrypted access information cannot be decrypted, setting the external equipment as an untrusted external equipment.
Referring to fig. 4, fig. 4 is an exemplary encryption and decryption schematic diagram, where, when an operating system and an external device successfully access each time, both parties agree on a key pair used for next access, the external device encrypts access information by using private keys of various key pairs in advance, when the operating system inquires about the encrypted access information, the external device selects encrypted access information encrypted by the agreed private keys to send to the operating system, the operating system decrypts the encrypted access information by using a public key of the same key pair, if decryption is successful, it is determined that the external device is legal, and both parties agree on the key pair used next, if decryption fails, it is determined that the external device is an untrusted device.
According to the technical scheme, a set of dynamic key pair encryption and decryption scheme is designed, and when the operating system and the external equipment transmit encryption access information, the safety effect is enhanced, so that verification accuracy can be improved, and illegal external equipment can be found timely.
And S120, reading firmware information of the firmware when the firmware of the external equipment is in a readable state, and generating a second firmware abstract from the firmware information by using a conversion algorithm.
In this step, when the operating system accesses the external device, the firmware of the external device is first set to a readable state, the operating system reads the firmware information of the firmware, and the firmware information is calculated by using a conversion algorithm to obtain a second firmware abstract.
S130, inquiring a third firmware digest of the external device from a trusted external device list recorded with legal firmware digests according to the device verification information.
In the step, an operating system is provided with a trusted external device list, firmware abstracts of all legal external devices are recorded in advance, and the legal external devices are obtained by calculating the firmware of the external devices by using a conversion algorithm, so that the method has real effectiveness; in combination with the device verification information parsed in step S110, the operating system may identify the external device currently accessed, and then query the corresponding firmware digest from the trusted external device list as the third firmware digest according to the identified external device.
And S140, comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, and judging that the external equipment is trusted external equipment if the first firmware abstract, the second firmware abstract and the third firmware abstract are matched, otherwise judging that the external equipment is not trusted external equipment.
Specifically, the operating system obtains the first firmware digest by querying the current external device in step S110, calculates the second firmware digest of the current external device by real-time reading of the firmware information in step S120, and obtains the third firmware digest of the current external device by querying the trusted external device list stored in step S130; and comparing the three firmware summaries, if the three firmware summaries are matched, judging that the external equipment which is accessed currently is trusted external equipment, otherwise, judging that the external equipment which is accessed currently is untrusted external equipment.
According to the access technical scheme of the external equipment, an external equipment access verification scheme based on the firmware abstract is designed to realize safe and effective management of external equipment access by the operating system, and when the external equipment is accessed to the operating system, the operating system can be ensured not to be damaged by attack, virus propagation and the like of illegal external equipment, so that the safety of the external equipment access to the operating system is improved.
For the sake of better clarity of the technical solutions of the present application, further embodiments are described below with reference to the accompanying drawings.
In one embodiment, for the device authentication information, device attribute information of the external device and service information thereof that needs to start the operating system may be included; the device attribute information mainly refers to manufacturer information, hardware related information and the like of the external device.
Referring to fig. 5, fig. 5 is an exemplary external device management flowchart, and may further include an external device management method based on service information, and may include the following steps:
s51, storing the service information of the operating system to be started; specifically, the operating system analyzes and obtains the device verification information of the external device and stores the device verification information for interactive use of the access.
S52, loading a corresponding service program for the external equipment according to the service information, and carrying out communication interaction with the external equipment based on the service program; specifically, the operating system loads a corresponding service program for the accessed external device according to the service information, and performs communication interaction based on the service program.
And S53, deleting the service information when the external equipment is pulled out.
Specifically, when the external device is pulled out, detecting whether an operation which is required to be continuously executed after the external device is specified in operation information sent by the external device, if not, deleting the service information of the external device, if so, continuously executing the operation, and deleting the service information after the operation is executed.
According to the scheme of the embodiment, when the external equipment is accessed, the operating system stores service information and loads the corresponding service program for interactive use, related service information is deleted after the access is completed for the next time, and communication interaction is reestablished after effective verification is carried out through a verification flow when the external equipment is accessed for the next time, so that the safety of each external equipment access can be ensured.
In order to avoid attacks in which the operating system is disguised by the external device, in one embodiment, the operating rights of the external device may also be configured when the external device is accessed. Accordingly, referring to fig. 6, fig. 6 is an exemplary operation authority setting flowchart, and the access method of the external device of the present application may further include the following steps:
s71, before accessing the external equipment, acquiring equipment types of various external equipment to be accessed; for example, a device (USB flash disk, removable hard disk, etc.) may be stored, and an input device (mouse, keyboard, etc.) may be used.
S72, setting security authority for the external equipment according to the equipment type and corresponding security requirements; specifically, the corresponding security authority is set according to the type of the device and the security requirement of the user on the external device.
S73, modifying the driving program of the external equipment according to the security authority, and setting the operation authority of the external equipment after the external equipment is accessed to an operating system.
According to the technical scheme of the embodiment, the operating authority of the external device after being accessed to the operating system is set by modifying the driving program of the external device, so that the external device can be prevented from operating the operating system beyond the operating authority of the external device in the using process of the external device, and the operating system can be prevented from being attacked by the external device in a disguised manner.
In order to further enhance the security of the operating system for verifying the accessed external devices, a process of dynamic information authentication may also be performed for each accessed external device. Accordingly, in one embodiment, referring to fig. 7, fig. 7 is an exemplary external device authentication flowchart, and the method for accessing an external device in step S140 of the present application may include the following steps:
s401, acquiring a first firmware abstract, a second firmware abstract and a third firmware abstract.
S402, determine whether the first firmware digest, the second firmware digest, and the third firmware digest match? If so, S403 is performed, otherwise, the external device is determined to be an untrusted external device.
S403, reading a pre-stored first access time list of the external equipment; the first access time list is used for recording access time points of all legal external devices on an operating system.
S404, sending a second inquiry information command for inquiring the access time list to the external equipment, and receiving a second access time list sent by the external equipment in response to the second inquiry information command; the second access time list is used for recording access time points of the external equipment to the operating system.
S405, comparing the first access time list with the second access time list, if the comparison is successful, executing S406, otherwise, judging the external device to be an untrustworthy external device.
S406, the external device is judged to be a trusted external device, and the current access time point is written into the first access time list.
S407, sending the access time point to the external equipment, and writing the access time point into a second access time list by the external equipment.
Specifically, a first access time list is pre-stored on an operating system, the list records access time points of all legal external devices, a second access time list is also respectively arranged on each external device, the access time points of the external devices to the operating system are recorded, the operating system further sends a second inquiry information command for inquiring the access time list to the external devices after comparing the first firmware abstract, the second firmware abstract and the third firmware abstract to be matched, the external devices feed back the second access time list to the operating system, the operating system compares the second access time list with the pre-stored first access time list, if the external device access time comparison is successful, the external device is legal, and then the external device is judged to be a trusted external device; and the operating system updates the current access time point to the first access time list and simultaneously sends the updated current access time point to the second access time list to the external equipment, so that the updated current access time point is used in the subsequent verification process.
According to the technical scheme, the access time of the external equipment in each access to the operating system is used as dynamic information for verification, so that the continuous verification of the external equipment can be ensured, the defect that the external equipment is falsely used in the access process is overcome, and the access safety is further improved.
Corresponding to the embodiment of the method for accessing the external device, the application further provides an access device for the external device, referring to fig. 8, fig. 8 is a schematic structural diagram of the access device for the external device according to one embodiment, where the device is applied to an operating system, and includes:
the first firmware digest obtaining module 110 is configured to send a first query information command to an external device, receive encrypted access information returned by the external device in response to the first query information command, and decrypt the encrypted access information to obtain device verification information and a first firmware digest of the external device; the encrypted access information is obtained by encrypting equipment verification information and firmware abstract information of the external equipment;
the second firmware digest generating module 120 is configured to read firmware information of the firmware when the firmware of the external device is set to be in a readable state, and generate a second firmware digest from the firmware information by using a conversion algorithm;
a third firmware digest inquiry module 130, configured to inquire a third firmware digest of the external device from a trusted external device list in which legal firmware digests are recorded according to the device verification information;
And the firmware digest information comparison module 140 is configured to compare the first firmware digest, the second firmware digest, and the third firmware digest, and determine that the external device is a trusted external device if the first firmware digest, the second firmware digest, and the third firmware digest are matched, or determine that the external device is an untrusted external device if the first firmware digest, the second firmware digest, and the third firmware digest are not matched.
The access device of the external device of the present embodiment may execute an access method of the external device provided in the embodiment of the present application, and its implementation principle is similar, and actions executed by each module in the access device of the external device in each embodiment of the present application correspond to steps in the access method of the external device in each embodiment of the present application, and detailed functional descriptions of each module in the access device of the external device may be specifically referred to the descriptions in the corresponding access method of the external device shown in the foregoing, which are not repeated herein.
An embodiment of an access method of the external device of another embodiment is provided below.
Referring to fig. 9, fig. 9 is a flowchart of an access method of an external device according to an embodiment, where the access method of an external device according to the embodiment is applied to an external device, and includes:
s210, encrypting the equipment verification information of the external equipment and the firmware abstract information to obtain encrypted access information; the firmware abstract information is obtained by calculating the firmware abstract information by using a conversion algorithm and the firmware information of the external equipment.
In one embodiment, when the encrypted access information is obtained in step S210, the device authentication information and the firmware digest information may be encrypted by using the public key of each key pair in advance to obtain the encrypted access information, and stored in the storage unit.
In one embodiment, for the encryption scheme of step S210, the following may be included:
s111, encrypting the device verification information and the firmware abstract information of the external device by using the agreed public key to obtain encrypted access information.
S121, a storage unit is opened up on external equipment, and the encrypted access information is stored in the storage unit; and the operating system decrypts the encrypted access information by using the agreed private key to obtain the verification information and the first firmware abstract.
S220, setting the firmware of the external equipment to be in a readable state, and receiving a first inquiry information command sent by an operating system after the external equipment is connected to the operating system.
S230, the encrypted access information is sent to the operating system for verification in response to the first inquiry information command.
In one embodiment, the process of step S230 may include the following:
(a) When a first inquiry information command sent by the operating system is received, acquiring a key pair used by the current access appointed when the operating system is accessed last time; the external equipment agrees with a key pair used for the next access when accessing the operating system each time;
(b) Selecting corresponding encrypted access information from the stored encrypted access information according to the key used at the time, and sending the selected encrypted access information to an operating system for verification;
correspondingly, the operating system inquires a key pair used in the current access from a key pair record table, decrypts the encrypted access information by using a private key of the key pair, obtains decryption information if the encrypted access information is successfully decrypted, agrees on the key pair used in the next access and writes the key pair into the key pair record table; and if the encrypted access information cannot be decrypted, setting the external equipment as an untrusted external equipment.
According to the technical scheme, a set of dynamic key pair encryption and decryption scheme is designed, and when the operating system and the external equipment transmit encryption access information, the safety effect is enhanced, so that verification accuracy can be improved, and illegal external equipment can be found timely.
Further, after the encrypted access information is sent to the operating system based on the processing procedure in the steps S210-S230, the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain the device verification information and the first firmware abstract, converts the firmware information into the second firmware abstract by using the conversion algorithm, and queries the third firmware abstract from the trusted external device list recorded with legal firmware summaries according to the device verification information; and verifying the external device by using whether the first firmware digest, the second firmware digest and the third firmware digest are matched.
For the processing flow performed by the operating system, reference may be made to the previous embodiments, which may all be incorporated into this embodiment, and thus be declared.
In one embodiment, the process that the external device of the present application may further perform authentication of dynamic information when accessing to the operating system corresponds to steps S401 to S404 of the foregoing embodiment, and the method for accessing the external device of the present application may further include:
s31, receiving a second inquiry information command of inquiring the access time list sent by the operating system;
s32, responding to the second inquiry information command, and sending a second access time list to the operating system; the second access time list is used for recording access time points of the external equipment to the operating system;
S33, receiving a new access time point sent by the operating system, and writing the access time point into a second access time list;
the operating system reads a first access time list recording access time points of all legal external devices, judges that the external devices are trusted external devices when the first access time list and the second access time list are successfully paired, and writes the new access time points into the first access time list.
According to the technical scheme, the access time of the external equipment in each access to the operating system is used as dynamic information for verification, so that the continuous verification of the external equipment can be ensured, the defect that the external equipment is falsely used in the access process is overcome, and the access safety is further improved.
In one embodiment, the device authentication information includes device attribute information of the external device and service information thereof requiring starting of an operating system; corresponding to steps S51-S53 of the foregoing embodiment, the access method of the external device of the present application may further include:
s61, sending service information to be started to an operating system.
S62, after the operating system loads the service program corresponding to the service information, communication interaction is carried out with the service program; for example, a driver specified in the external device information is loaded, a specified program is run, and the like.
S63, sending operation information to the operation system, and designating the operation to be continuously executed after the operation system is pulled out; and when the external equipment is pulled out, the operating system continues to execute the operation, and deletes the service information after the operation is executed.
According to the scheme of the embodiment, when the external equipment is accessed, the operating system stores service information and loads the corresponding service program for interactive use, related service information is deleted after the access is completed for the next time, and communication interaction is reestablished after effective verification is carried out through a verification flow when the external equipment is accessed for the next time, so that the safety of each external equipment access can be ensured.
Corresponding to the embodiment of the method for accessing the external device, the application further provides an access device for the external device, referring to fig. 10, fig. 10 is a schematic structural diagram of an access device for an external device according to another embodiment, where the device is applied to the external device, and includes:
an encrypted access information generating module 210, configured to encrypt the device authentication information of the external device and the firmware digest information to obtain encrypted access information; the firmware abstract information is obtained by calculating the firmware abstract information by using a conversion algorithm and the firmware information of the external equipment.
The inquiry information command receiving module 220 is configured to set the firmware of the external device to a readable state, and receive a first inquiry information command sent by the operating system after the external device is connected to the operating system.
The challenge information command response module 230 is configured to send the encrypted access information to the operating system for verification in response to the first challenge information command.
The operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and queries a third firmware abstract from a trusted external equipment list recorded with legal firmware abstracts according to the equipment verification information; and verifying the external device by using whether the first firmware digest, the second firmware digest and the third firmware digest are matched.
The access device of the external device of the present embodiment may execute an access method of the external device provided in the embodiment of the present application, and its implementation principle is similar, and actions executed by each module in the access device of the external device in each embodiment of the present application correspond to steps in the access method of the external device in each embodiment of the present application, and detailed functional descriptions of each module in the access device of the external device may be specifically referred to the descriptions in the corresponding access method of the external device shown in the foregoing, which are not repeated herein.
In order to more clearly describe the technical effects of the technical solution of the present application, an example of interaction with an operating system during access of an external device is listed below, and referring to fig. 11, fig. 11 is a schematic diagram illustrating interaction between an external device and an operating system.
At the external device side, the following steps are performed:
s101, setting the firmware to a readable state, and calculating a first firmware digest.
s102, calculating the encrypted access information.
And encrypting the equipment verification information, the operating system service information to be started and the first firmware abstract by utilizing a public key agreed by an asymmetric encryption algorithm to obtain encrypted access information, wherein the access information comprises equipment verification information such as a manufacturer, hardware information and the like, the first firmware abstract generated in the step s101 and the like.
s103, storing the encrypted access information.
The encryption access information can be stored in a storable unit on the external device, and a script program is embedded to respond to the inquiry request of the operating system.
And s104, transmitting the encrypted access information to the operating system in response to the first inquiry information command transmitted by the operating system.
s105, responding to the second inquiry information command sent by the operating system, and sending the second access time list to the operating system.
And S106, receiving the access time point sent by the operating system, and writing the access time point into a second access time list.
At the operating system side, the following steps are executed:
s201, when the external device accesses, sending a first inquiry information command to the external device, and receiving encrypted access information returned by the external device in response.
Modifying the driving program of each external device on an operating system, and setting the security of the authority of different types of external devices; if the external device does not respond to the return of the encrypted access information, the external device is judged to be an untrustworthy external device, and the external device is forbidden to operate.
s202, decrypting the encrypted access information to obtain device authentication information and a first firmware digest of the external device,
the encrypted access information may be decrypted using the agreed private key to obtain device authentication information and a first firmware digest of the external device.
s203, reading the firmware in the external device, and generating a second firmware digest by using a conversion algorithm.
s204, querying a third firmware digest from the trusted external device list.
The operating system establishes a trusted external device list in advance and records device verification information and firmware abstract information of all trusted external devices.
s205, comparing the first firmware abstract, the second firmware abstract and the third firmware abstract.
If the three are matched, step s206 is performed, otherwise, the firmware of the external device or the encrypted access information sent by the firmware is considered to be tampered, and the external device is judged to be an untrusted external device.
s206, inquiring the external device about the second access time list, and pairing the first access time list with the second access time list.
The operating system needs to pre-establish a first access time list aiming at the external equipment, if the pairing is successful, the external equipment is confirmed to be a trusted equipment, the access time point is sent to the external equipment, and the access time point is written into the first access time list of the operating system; if the pairing fails, the external device firmware or the encrypted access information sent by the external device firmware is considered to be tampered, and the external device is judged to be an untrustworthy external device.
s207, storing the encrypted access information sent by the external device, and loading the corresponding service program for the external device according to the service information sent by the external device.
s208, when the external device is unplugged, continuing to execute the operation that the external device needs to continue to execute after the external device is unplugged, and deleting the stored encrypted access information and the service information therein.
The above is the flow of the example, and according to the example, the external device access is safely and effectively managed by the operating system, and when the external device is accessed to the operating system, the operating system can be ensured not to be damaged by attack, virus propagation and the like of illegal external devices, so that the security of the external device access to the operating system is improved.
An embodiment of the external device of the present application is set forth below.
The external device provided by the application may be configured to perform the steps of the method for accessing the external device in any of the above embodiments; compared with the conventional external equipment, a storage unit is opened on the external equipment, equipment verification information and firmware abstract information of the external equipment are encrypted in advance to be encrypted access information and stored in the storage unit, a script program is embedded in the external equipment, the firmware of the external equipment is set to be in a readable state in response to an inquiry information command sent by the external equipment, and an operating system can read the firmware information when the external equipment is accessed.
The external device provided by the embodiment provides a firmware digest access verification scheme, so that the operating system can safely and effectively manage the access of the external device, illegal external device access is avoided, the operating system is prevented from being damaged by attack, virus propagation and the like of the illegal external device, and the security of the access of the external device to the operating system is improved.
Embodiments of the computer device of the present application are set forth below.
The computer device provided in this embodiment is provided with an operating system, and includes: one or more processors, memory, and one or more application programs, wherein the one or more application programs are stored in the memory and configured to be executed by the one or more processors, the one or more program configured to perform the steps of the external device access method of any of the embodiments described above.
As shown in FIG. 12, FIG. 12 is a block diagram of an example computer device. The computer device may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, etc.; the apparatus 100 may include one or more of the following components: a processing component 102, a memory 104, a power component 106, a multimedia component 108, an audio component 110, an input/output (I/O) interface 112, a sensor component 114, and a communication component 116.
The processing component 102 generally controls overall operation of the device 100, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations.
The memory 104 is configured to store various types of data to support operations at the device 100. Such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk.
The power supply assembly 106 provides power to the various components of the device 100.
The multimedia component 108 includes a screen between the device 100 and the user that provides an output interface. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). In some embodiments, the multimedia component 108 includes a front-facing camera and/or a rear-facing camera.
The audio component 110 is configured to output and/or input audio signals.
The I/O interface 112 provides an interface between the processing component 102 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: homepage button, volume button, start button, and lock button.
The sensor assembly 114 includes one or more sensors for providing status assessment of various aspects of the device 100. The sensor assembly 114 may include a proximity sensor configured to detect the presence of nearby objects without any physical contact.
The communication component 116 is configured to facilitate communication between the apparatus 100 and other devices in a wired or wireless manner. The device 100 may access a wireless network based on a communication standard, such as WiFi, an operator network (e.g., 2G, 3G, 4G, or 5G), or a combination thereof.
In addition, the application provides a computer readable storage medium for realizing the related functions of the image data transmission method of live video. The computer readable storage medium stores at least one instruction, at least one program, code set, or instruction set, the at least one instruction, at least one program, code set, or instruction set being loaded by a processor and executing the method of accessing an external device of any of the embodiments. By way of example, the computer-readable storage medium may be a non-transitory computer-readable storage medium comprising instructions, such as a memory comprising instructions, e.g., the non-transitory computer-readable storage medium may be a ROM, random Access Memory (RAM), CD-ROM, magnetic tape, floppy disk, optical data storage device, etc.
The computer readable storage medium of the above embodiment can be used for storing corresponding execution code programs and the like of the external device access verification scheme based on the firmware abstract designed in the embodiment of the application, so as to realize safe and effective management of external device access by an operating system, and when the external device is accessed to the operating system, the operating system can be ensured not to be damaged by attack, virus propagation and the like of illegal external devices, and the security of the external device access to the operating system is improved.
The foregoing examples represent only a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.

Claims (10)

1. An access method of external equipment, applied to an operating system, is characterized by comprising the following steps:
sending a first inquiry information command to external equipment, receiving encrypted access information returned by the external equipment in response to the first inquiry information command, and decrypting the encrypted access information to obtain equipment verification information and a first firmware abstract of the external equipment; the encrypted access information is obtained by encrypting equipment verification information and firmware abstract information of the external equipment; the device authentication information includes: device attribute information of external devices and service information of operating systems to be started;
reading firmware information of the firmware when the firmware of the external equipment is in a readable state, and generating a second firmware abstract from the firmware information by using a conversion algorithm;
Inquiring a third firmware abstract of the external device from a trusted external device list recorded with legal firmware abstracts according to the device verification information;
comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, if the first firmware abstract, the second firmware abstract and the third firmware abstract are matched, judging that the external equipment is trusted external equipment, otherwise, judging that the external equipment is not trusted external equipment; loading a corresponding service program for the external equipment according to the service information, and carrying out communication interaction with the external equipment based on the service program; and deleting the service information when the external device is unplugged.
2. The access method of an external device according to claim 1, further comprising:
storing the service information of the operating system to be started;
when the external equipment is pulled out, acquiring operation information sent by the external equipment, wherein the operation which needs to be continuously executed after the external equipment is pulled out is specified;
and continuing to execute the operation, and deleting the service information after the operation is executed.
3. The access method of an external device according to claim 1, further comprising, before the operating system accesses the external device:
Acquiring the device types of various external devices to be accessed;
setting security authority for the external equipment according to the equipment type and corresponding security requirements;
and modifying the driving program of the external equipment according to the security authority, and setting the operation authority of the external equipment after the external equipment is accessed to an operating system.
4. The method for accessing the external device according to claim 1, wherein decrypting the encrypted access information to obtain the device authentication information and the first firmware digest of the external device comprises:
decrypting the encrypted access information by using the agreed private key to obtain decryption information;
analyzing the equipment verification information and firmware abstract information of the external equipment from the decryption information;
generating a first firmware abstract according to the firmware abstract information;
the encrypted access information is obtained by encrypting the device verification information and the firmware abstract information of the external device by utilizing a convention public key of an asymmetric encryption algorithm, and is stored on the external device.
5. The access method of an external device according to claim 1, further comprising:
reading a pre-stored first access time list of the external equipment; the first access time list is used for recording access time points of all legal external devices on an operating system;
Sending a second inquiry information command for inquiring the access time list to the external equipment, and receiving a second access time list sent by the external equipment in response to the second inquiry information command; the second access time list is used for recording access time points of the external equipment to the operating system;
comparing the first access time list with the second access time list, if the comparison is successful, judging that the external equipment is a trusted external equipment, and writing the current access time point into the first access time list;
and sending the current access time point to the external equipment, and writing the current access time point into a second access time list by the external equipment.
6. The method for accessing the external device according to claim 4, wherein decrypting the encrypted access information using the agreed private key to obtain the decrypted information comprises:
inquiring a key pair used by the external equipment in the current access from a key pair record table; the operating system agrees with a key pair used for the next access every time when external equipment is accessed;
decrypting the encrypted access information using a private key of the key pair; the external device encrypts device verification information and firmware abstract information by utilizing public keys of all key pairs in advance;
If the encrypted access information is successfully decrypted to obtain decryption information, agreeing on a key pair used in the next access and writing the key pair into a key pair record table; and if the encrypted access information cannot be decrypted, setting the external equipment as an untrusted external equipment.
7. An access method of an external device, applied to the external device, is characterized by comprising the following steps:
encrypting the equipment verification information and the firmware abstract information of the external equipment to obtain encrypted access information; the firmware abstract information is obtained by calculating firmware information of external equipment by using a conversion algorithm; the device authentication information includes: device attribute information of external devices and service information of operating systems to be started;
setting the firmware of the external equipment to be in a readable state, and receiving a first inquiry information command sent by an operating system after the firmware is connected to the operating system;
responding to the first inquiry information command, and sending the encrypted access information to the operating system for verification;
the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and queries a third firmware abstract from a trusted external equipment list recorded with legal firmware abstracts according to the equipment verification information; verifying the external device by using whether the first firmware digest, the second firmware digest and the third firmware digest are matched; loading a corresponding service program for the external equipment according to the service information, and carrying out communication interaction with the external equipment based on the service program; and deleting the service information when the external device is unplugged.
8. An access device for an external device, characterized in that:
the apparatus is applied to an operating system, and comprises:
the first firmware abstract acquisition module is used for sending a first inquiry information command to the external equipment, receiving encrypted access information returned by the external equipment in response to the first inquiry information command, and decrypting the encrypted access information to obtain equipment verification information and a first firmware abstract of the external equipment; the encrypted access information is obtained by encrypting equipment verification information and firmware abstract information of the external equipment; the device authentication information includes: device attribute information of external devices and service information of operating systems to be started;
the second firmware abstract generating module is used for reading the firmware information of the firmware when the firmware of the external equipment is in a readable state, and generating a second firmware abstract by utilizing a conversion algorithm;
the third firmware digest inquiring module is used for inquiring the third firmware digest of the external device from a trusted external device list recorded with legal firmware digests according to the device verification information;
the firmware abstract information comparison module is used for comparing the first firmware abstract, the second firmware abstract and the third firmware abstract, judging that the external equipment is trusted external equipment if the first firmware abstract, the second firmware abstract and the third firmware abstract are matched, and judging that the external equipment is untrusted external equipment if the first firmware abstract, the second firmware abstract and the third firmware abstract are not trusted; loading a corresponding service program for the external equipment according to the service information, and carrying out communication interaction with the external equipment based on the service program; and deleting the service information when the external device is unplugged;
Or alternatively
The device is applied to external equipment and comprises:
the encryption access information generation module is used for encrypting the equipment verification information and the firmware abstract information of the external equipment to obtain encryption access information; the firmware abstract information is obtained by calculating firmware information of external equipment by using a conversion algorithm; the device authentication information includes: device attribute information of external devices and service information of operating systems to be started;
the inquiry information command receiving module is used for setting the firmware of the external equipment to be in a readable state and receiving a first inquiry information command sent by an operating system after the external equipment is connected to the operating system;
the inquiry information command response module is used for responding to the first inquiry information command and sending the encrypted access information to the operating system for verification;
the operating system reads the firmware information of the firmware, decrypts the encrypted access information to obtain equipment verification information and a first firmware abstract, converts the firmware information into a second firmware abstract by using the conversion algorithm, and queries a third firmware abstract from a trusted external equipment list recorded with legal firmware abstracts according to the equipment verification information; verifying the external device by using whether the first firmware digest, the second firmware digest and the third firmware digest are matched; loading a corresponding service program for the external equipment according to the service information, and carrying out communication interaction with the external equipment based on the service program; and deleting the service information when the external device is unplugged.
9. A computer device having an operating system installed thereon, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to perform the steps of the method of accessing an external device of any of claims 1-7.
10. An external device, characterized in that the external device is configured for performing the steps of the access method of an external device according to claim 7.
CN202211244099.0A 2022-10-10 2022-10-10 External device access method and device, computer device and external device Active CN115630377B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211244099.0A CN115630377B (en) 2022-10-10 2022-10-10 External device access method and device, computer device and external device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211244099.0A CN115630377B (en) 2022-10-10 2022-10-10 External device access method and device, computer device and external device

Publications (2)

Publication Number Publication Date
CN115630377A CN115630377A (en) 2023-01-20
CN115630377B true CN115630377B (en) 2023-06-06

Family

ID=84905541

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211244099.0A Active CN115630377B (en) 2022-10-10 2022-10-10 External device access method and device, computer device and external device

Country Status (1)

Country Link
CN (1) CN115630377B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022037346A1 (en) * 2020-08-21 2022-02-24 华为技术有限公司 Peripheral component interconnect express device startup method and apparatus, and storage medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101014179B1 (en) * 2005-09-14 2011-02-14 디스크레틱스 테크놀로지스 엘티디. Secure yet flexible system architecture for secure devices with flash mass storage memory
JP5795848B2 (en) * 2010-09-22 2015-10-14 キヤノン株式会社 Information processing apparatus, control method thereof, and program
CN106161024B (en) * 2015-04-03 2023-05-12 同方股份有限公司 USB control chip-level USB equipment credibility authentication method and system thereof
CN105303094B (en) * 2015-05-07 2016-11-09 同方计算机有限公司 The safety of a kind of USB main control chip is from check system and from proved recipe method
CN105721413B (en) * 2015-09-08 2018-05-29 腾讯科技(深圳)有限公司 Method for processing business and device
US11095634B2 (en) * 2019-01-31 2021-08-17 Salesforce.Com, Inc. User authentication using multi-party computation and public key cryptography
CN114936373A (en) * 2022-04-25 2022-08-23 国电南瑞南京控制系统有限公司 Trusted security chip, trusted data processing system and method
CN114969713A (en) * 2022-05-25 2022-08-30 超聚变数字技术有限公司 Equipment verification method, equipment and system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022037346A1 (en) * 2020-08-21 2022-02-24 华为技术有限公司 Peripheral component interconnect express device startup method and apparatus, and storage medium

Also Published As

Publication number Publication date
CN115630377A (en) 2023-01-20

Similar Documents

Publication Publication Date Title
WO2021052086A1 (en) Information processing method and apparatus
CN109600223B (en) Verification method, activation method, device, equipment and storage medium
CN108322461B (en) Method, system, device, equipment and medium for automatically logging in application program
US9652610B1 (en) Hierarchical data security measures for a mobile device
US9762396B2 (en) Device theft protection associating a device identifier and a user identifier
CN108632253B (en) Client data security access method and device based on mobile terminal
WO2020093214A1 (en) Application program login method, application program login device and mobile terminal
US20220209951A1 (en) Authentication method, apparatus and device, and computer-readable storage medium
CN111737366B (en) Private data processing method, device, equipment and storage medium of block chain
CN107154935B (en) Service request method and device
CN111475832B (en) Data management method and related device
WO2020186457A1 (en) Authentication method and apparatus for ip camera
US20220294624A1 (en) Encryption method and device, electronic apparatus and storage medium
CN113553572A (en) Resource information acquisition method and device, computer equipment and storage medium
KR20130031435A (en) Method and apparatus for generating and managing of encryption key portable terminal
CN115129332A (en) Firmware burning method, computer equipment and readable storage medium
CN109474431B (en) Client authentication method and computer readable storage medium
CN115630377B (en) External device access method and device, computer device and external device
CN108737341B (en) Service processing method, terminal and server
JP4981821B2 (en) Method and device for roaming and using DRM content on a device
CN110166452B (en) Access control method and system based on JavaCard shared interface
CN113127844A (en) Variable access method, device, system, equipment and medium
CN108769989B (en) Wireless network connection method, wireless access device and equipment
CN115913794B (en) Data security transmission method, device and medium
US11340801B2 (en) Data protection method and electronic device implementing data protection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant