TW200414733A - Information verification device ensuring confidentiality and non-modifiability of remotely loaded data and method thereof - Google Patents

Abstract

The invention relates to an information verification device ensuring confidentiality and non-modifiability of remotely loaded data and method thereof, in particular, the method and device that deducts the partial original article contents, further proceeds the compression and reorganization regarding the original program sequence experienced with the partial data extraction, messes up the original program contents and significantly increases the decryption difficulty of hacker. The device comprises a calibrator, puncher, compressor, encoder, sewing unit, decompressor and decrypter. Local workstation intends to submit the program to the server. Divide the program into several subroutine sequences by going through the calibration program of calibrator and saving the calibration result. Proceed punching process in the unit of subroutine sequence and store the data where the hole is located in storage unit. The sequence blank space appears after compressing the punched subroutine sequence, making partial contents miss from the original sequence. Further encrypt the new sequence and then go through the network to be stored in the server. When downloading program from the remote site, the local workstation downloads program from the server. After decrypting and decompressing sequence, the stored hole value data is sequentially patched and restored to the original complete program sequence in accordance with the stored punched data in the storage data. Later, proceed equivalent calibration and compare the result with the original calibrated value in the storage unit to determine if the program is complete or modified. After passing the calibration, the local computer can then operate the program. 5. (1) Typical figure of the invention: Figure 1 (2) Typical component notation in typical figure of the invention: 10 CPU 11 Storage unit 12 Network interface card 20 Hardware chip 21 Calibrator 22 Puncher 23 Compressor 24 Encrypter 25 Decrypter 26 Decompressor 27 Sewing unit 30 Network A Local workstation B Server.

Description

200414733 V. Description of the invention (1) [Technical field to which the invention belongs] The present invention relates to an information verification device method for ensuring the confidentiality of remotely loaded data and the modification of X4, especially # 不 被 # 二 1 program Part of the sequence is missing information to achieve the purpose of small car performance in exchange for greater security. [Previous technology] Press, remote loading is a mode of booting a workstation on a network by using the server hard disk = station hard disk. At present, the application of the universal terminal startup technology is becoming more and more widely used, especially because it is simple to manage and easy to maintain. This greatly reduces the overall cost of ownership of the system. The main principles of this technology are: • Startup programs, applications, etc.::==Person's Department: When the client needs this part of the program ' In the service status, when the client PR0M) sends a connection request to the server to the server, the request will be sent back. The request sent by the Boo_t client will be returned? The link sent to the temple server should be: address 'user terminal PR0M', and then go through the network to start the process from the server (Βοοΐ program.) Service download—cut the required equipment to start the traditional remote loading method. A secure network environment, each communication ;: f 罔 路 '€ is considered, so the communication security issue has not been ^ to maintain the trust between each other ^ / knife consideration, both parties of the communication are finished 200414733 V. Invention Explanation (2) Information is transmitted and exchanged in a completely open environment. However, with the increasingly prominent problem of network security, many security measures are also used in the remote loading process. Generally, the security measures for the remote loading process include encryption. with There are two types of encryption. The encryption method generally uses general block encryption and stream encryption, and the verification method is mainly Hash function verification. The so-called Hash function verification is to compress the entire program sequence to obtain a short summary 'as said The basis for post-verification. However, the traditional encryption algorithms and hash function check methods have a high degree of computational complexity, a large amount of data, and are difficult to implement. At the same time, the performance requirements of the device are relatively high. At the same time, the registered programs are in a complete form on the Internet. The communication is saved on the server. Therefore, the communication J ί Iί ί has the possibility of being intercepted, cracked, and tampered with. The application of all the methods to the local workstation will harm the local workstation. Wang Zhi caused serious damage to the resources of the local workstation. The reason is that the confidentiality of the material of this invention and the difficulty of compressing and resolving it without detaining some of the original columns are achieved in accordance with the foregoing, this verifier, Before the hole punching process: 1. A hole punch, the main purpose of the line is to modify the content of the text, group, confuse the procedures and procedures for the invention of the smaller performance In this mode, the information of the workstation is loaded and the original process cost is exchanged for the verification column. The device and method are provided to ensure remote loading of the verification device. The content of the original program, which mainly obtained part of the information, has increased significantly. The attacker takes the purpose of greater security. The devices include: Verification, which is mainly performed after the program is supplemented by the program. The entire program sequence stored by the server

Page 6 200414733

An encrypter, a decryptor, a decompressor, and hole location information, the program sequence of the dry space is the program sequence formed by the foregoing compression, and the program downloaded from the server is encrypted. ’Based on local workstation storage: two secrets. ^ The decrypted compressed program sequence is re-developed with Ϊ; a stitcher, each sub-program sequence is based on the rules of the number of divisions previously described, and the information of the present invention is processed by the incomplete person who has detained the content in the data message. The following will explain the subprogram sequence that is involved, and this section is another way of the purpose of the process. The content, the program, the deficiency, and the relative decrease in encryption. For the present invention, please read the attached drawings and add to each The present invention considers that the simple reduction in the transmission during the transmission process at the speed of the system and technology. The number of encryption and decryption columns of the present invention and the applicable operation can be designed. At the same time, the lifted part will choose the strength coat structure design formula. In order to communicate the need for cracked subroutines and communicate with the server, the server type is missing. The architecture principle of the large-scale encryption algorithm is sampled. Yes, the permissible savings are part of the cost of a face-to-face attack. A detailed go one step further

200414733

V. Understanding of Invention Description (4). [Embodiment] As shown in Fig. 1, it is the eight intentions of the system hardware architecture according to the embodiment of the present invention; the method adopted in the embodiment of the present invention is to integrate functions such as program sequence hole punching and verification into the hardware chip Among them, the hardware is completed independently, and this function can also be completed by specific software. The present invention is provided with a hardware chip 20 on the path of the local workstation A to enter and exit the CPU 10, which mainly includes: a checker 21, which checks the program sequence. The check operation occurs in two cases. One is uploading the program sequence y, before punching processing, and the other is downloading the program sequence, the stitching process = after the row; pounding a hole state 2 2 is a program that the local workstation a wants to save to the server B The sequence is divided into a number of subprogram sequences, and information is extracted with a certain regularity in two rows of each subroutine. The foregoing program segment and information extraction rules are determined by the designer according to actual needs. The number of segmented program sequences and the number of samples in each program sequence. On the same day, this also decides to decrypt and increase the difficulty later. 23, program compression processing of the puncher 22 processing result 'new program sequence used to generate information confusion; a Jiacha is 2 4' is used to encrypt the aforementioned new program sequence; a decryptor 25 is used to The storage sequence downloaded by the server B is decrypted; a decompressor 26 is stored according to the storage unit 11 of the local workstation A

200414733 V. Description of the invention (5) Save the hole location information, and re-expand the decrypted compressed program sequence into a program sequence with a right stem space; 'One stitcher 2 7 is the hole value stored in the storage unit 11 The information makes up the original position in each sub-program sequence one by one, and is combined into a complete program sequence 歹 | J. The storage unit 11 described above stores the hole value information and its corresponding location, which can be the memory (fUsh) of the workstation A itself, or it can be produced in the chip. As shown in FIG. 2 'is the flowchart of the steps of the local workstation storing the program in the embodiment of the present invention; the sequence of the program to be sent by the local station A is transmitted to the hardware chip 208. A certain verification method is used to verify the flow of the program f (step S1) (for example, the verification method, such as the method of calibrating a spear, is to add the program sequence bit by bit to obtain A check 2 such as the sequence 0101 1011 has a checksum of 丨). Immediately after the verification is completed, the two values are stored in the storage unit u (step S2) (see (A) in FIG. 4 and described in detail later). The edge puncher 2 2 receives the verified program to be registered. The program flows through the hardware chip 20 in the form of 疒 ^. The puncher 2 2 sends the subroutine sequence to a certain length of bits according to the setting. The group is cut into a plurality of subroutines. Each subroutine sequence is taken as a unit, from which a predetermined rule is used to extract information of a certain length as hole value information (step S4). The position in the sub-program segment is saved in the local workstation storage element 12 (step S5), and the punching process is completed. 200414733 was extracted 5. The description of the program (6) The contents of the program sequence appeared a number of empty & correspondingly, the contents of the program sequence were missing. The Shao compressor 23 compresses the entire program sequence to remove the vacant space ^ to reorganize and obfuscate the information of the original program sequence (step: f program sequence is encrypted by the encryptor 24 and converted into cipher text (step) Step 3 this = The ciphertext information is transmitted and stored by the network card 12 via the network 30 (step S7). D. The communication protocol between the server 2 and the server B during the network communication is the same as that of the existing network. : This: As shown in FIG. 3, it is a flowchart of the steps of the J-end = formula in the embodiment of the present invention; the local workstation A :: = iiiirtrrdshaking), ^^^^-After hanging the network, the local workstation A starts From the servo cry iLV ·: V, the downloaded program is decrypted and converted into plain text by the decryptor 25 (; private == is a number of sub-program sequences, and is re-expanded according to the previous local sequence, and the program sequence is restored to a number of empty seats. : The quilting applicator 27 obtains the value of each hole from the health storage unit 11: = content: and sequentially sew it back to each phase of each subroutine sequence: = fight Γ! Into a complete program sequence (step _, ⑷. The school: 2: 2: The assembled program sequence is performed the same school :: L /: D6) 'Self-storage at the same time Memory unit 11 obtains the upload process Ϊ:, two; t (Step person # D7) 'second check result of this comparison (step t the right means that if this program is consistent with a complete, I have not been changed, the "

Page 10 200414733 V. Description of the invention (7) Normal use (step D 9); otherwise, the local workstation A will regard it as an error and refuse to use it (step D1 0). After that, the local workstation a can use the program that passed the verification to fulfill the work requirements of the local workstation A, such as starting the workstation. Regarding the cutting and punching process of the aforesaid puncher, the following is shown in (A) ~ (C) of Figure 4 for an example: Figure 4 (A) shows the entire program sequence, each The address information corresponds to one byte of program information. In this embodiment, every 256 bytes are divided into a subroutine sequence (as shown in the subroutine sequences 1, 2), so that the entire program sequence is divided into Several subroutine sequences. _ Figure 4 (B) shows the punching process. In this embodiment, the puncher 22 ^ random positions of each subroutine sequence, extracts the content of a positioning group length, and then saves and extracts it with 丨 bytes. The relative position of the output string in the subroutine sequence, for example, extract the address in the 4-byte address of 〇56 [1 to 〇05911, Yuxun, and the address information saved in this storage unit is: 〇 〇56Η, Hoko's Uchiya shouts are 001,001,001,100,000, and 111%. Or the puncher 22 extracts one or two pieces of information at any four random positions in the subroutine sequence, and uses the other four bytes to save the positions of the four bytes in two :: 歹, J. Therefore, the hole punching method of the present invention can be flexible and different settings can achieve different security performances. Squeeze the second picture ΐ?) Is to show the program sequence with some information extracted. There will be a number of vacancies in the program sequence with the partial information: Push the contents of the side forward and compress all empty spaces. . In this case, the information from addresses 0056Η to 0 05 9 被 is extracted. The original address

Page 11 200414733 'Invention description (8) ____ is 0 05A content to the premise to the address 〇56H, = is a byte ^ due to the computer's — 讯 讯 二; buckets are binary codes' after extraction and reorganization The latter binary code is also very different in meaning from 7: the lack of the content, in terms of meaning: :: = 内 = Γ 次 2 in every 2 5 6 bytes of subroutine sequences randomly extracted 歹 4 Bit M, that is, 32-bit information is extracted from it. When the cracker intercepts the information, there are 232 kinds of knife analysis for every 25Θ bytes, which will bring great difficulty to the final crack. Possibly, according to the above description, the present invention provides a guarantee for remote loading

c The information verification device that is not modified and Fang & buckle: the original content of the sword, and the extracted part of the resource 远 Yuankou P and reorganization; r4 & & Moreover, the original private content is confused, even if all the information transmitted in the communication is intercepted by the illegal person. Renzhong, facing great difficulty. It is even more difficult for attackers to crack: the two parties can adopt relatively simple encryption methods. 2.net, communication to achieve high security performance, and can be implemented with a small investment, corresponding software can be compiled to use The flexible method is given in the hardware chip, and it is directly completed by the hardware. The direct integration of the material process provides a more secure barrier. To sum up, for the back-end loading, as mentioned above, the enterprise-owned and unmodifiable information provided by the present invention verifies the confidentiality of the loaded loading data, so that the user can type keys ::: ： The keyboard device is obtained and used as the basis for authentication; 2 = The simple comparison of the behavioral habit can be arrested for the information of the warrant ', but for the behavior of the two :; In the process of' *, it is the special desire to recognize the probabilistic statistics. 200414733

200414733 Brief description of the drawings [Simplified illustration of the drawings] Figure 1 is a schematic diagram of the hardware architecture of the system according to the embodiment of the present invention; Figure 2 is a flowchart of the steps for the local workstation to store the program to the server in the embodiment of the present invention; FIG. 3 is a flowchart of steps for loading a program from a remote station by a local workstation according to an embodiment of the present invention; and FIG. 4 is a diagram of the processing of uploading and downloading program sequences during startup in accordance with an embodiment of the present invention. Description of Drawing Numbers 10 Central Processing Unit 11 Storage Unit 12 Network Card 20 Hardware Chip 21 Checker 22 Hole Punch 23 Compressor 24 Force Sealer 25 Decryptor 26 Decompressor 27 Stitcher 30 Network A Local Workstation B server

Page 14

Claims (1)

200414733 June 2 Patent Application Scope [· A type of information verification dream fan and is not modified, including = to ensure the confidentiality of remotely loaded data stored in-storage, single; ^: yun-type sequence check 'and generate- The check value storage program sequence is divided into: d: servo: the entire sequence of the regular storage pumping sequence, and two compressors in each subroutine, is a new program for the hole puncher to generate information confusion Sequence 1 enters the program sequence-Li Er, Qi 'is to perform the new program sequence: poor. Xie Society, Qi, is to cry from the feeding service ^ secret; w download the sequence of the program, ^ shrink, according to The program sequence stored in the storage unit; the formula sequence is re-expanded into a stitcher with a number of vacancies, which is to sew the storage unit back to the original: stored hole value information in each sub-program sequence step-by-program sequence. ^ A's original position 'and combined into the complete range of the information verification device described in item 1, wherein the complete program sequence of the stitched combination = listed here, the complementer compares to determine the completeness of the program. The verification value will be the information verification device as described in the first item of the scope, in which the stored memory is a flash memory (ash) or the workstation's own, which is already on page 15 200414733. . A method to ensure the verification and reorganization, upload the program in the upload process, upload the program a • process b • machine extraction c. Compress to the download process d • process sequence; 4 the confidentiality of the remotely loaded data and not be “Modifiability” is mainly caused by the extraction and compression of program sequence information to make the program sequence lack some information. It is used for a workstation to upload a program to a server, including I, for the workstation to upload the program from the server. The program downloading program includes the following steps: $ '”sequence verification; program segmentation, and each segmented subroutine sequence is followed by a piece of positioning group length information; the subroutine sequence generated in step b, and Network upload server; The formula includes the following steps ... The formula is re-expanded and stitched to form a complete program sequence. • The startup program of step d is verified to determine whether the program is complete and has been tampered with. F • If the verification is successful, the workstation can apply this program. As described in item 4 of the scope of patent application, ensure that the remotely loaded data is loose and not modified. Information verification method, wherein the step a generates a check value, and the check value is stored in a storage unit. As described in item 4 of the scope of patent application, the content of the remotely loaded data is guaranteed and protected Modified information verification method, wherein in step b, the extracted hole value information is stored with its relative position in the subroutine 8 9 200414733 6. The scope of patent application is stored in a storage unit. 7 · The information verification method for ensuring the confidentiality of the remotely loaded data and no modification as described in item 4 of the scope of the patent application, wherein the information extraction method in step b can continuously extract a positioning tuple length The information verification method for ensuring remotely loaded data / confidence and no modification as described in item 4 of the scope of patent application, wherein the information extraction method in step b can extract several single-byte information separately. And record the position of each hole with the same number of bytes. As described in item 4 of the scope of the patent application, a method for verifying the remotely loaded data / social, non-modifiable and non-modifiable information is verified. The step c further includes an encryption step to increase the difficulty of cracking. 1 〇 · The information verification method for ensuring the remotely loaded data confidentiality and unmodifiability as described in item 4 of the scope of patent application, wherein step d further includes a decryption step for Stored cipher text program: Decrypted into plain text program. · U. = The method for ensuring remote loading of data as described in item 4 of the scope of patent application. 4 = Information verification method for generating and not being modified, where this step is ^ Jin Er =. The original position of each subroutine t. 12. The information verification method for ensuring that the remotely loaded title m is not modified as described in item 4, wherein the step "is, =: =: and is compared with the check value stored in a storage unit.疋 Whether the long form is complete and has been tampered with.