TW201106197A - Verifiable embedded system and the verification method thereof - Google Patents

Verifiable embedded system and the verification method thereof Download PDF

Info

Publication number
TW201106197A
TW201106197A TW98126336A TW98126336A TW201106197A TW 201106197 A TW201106197 A TW 201106197A TW 98126336 A TW98126336 A TW 98126336A TW 98126336 A TW98126336 A TW 98126336A TW 201106197 A TW201106197 A TW 201106197A
Authority
TW
Taiwan
Prior art keywords
identification data
preset
storage device
embedded system
embedded
Prior art date
Application number
TW98126336A
Other languages
Chinese (zh)
Inventor
Sheng-Xiang Cheng
sheng-qi Wang
Original Assignee
Via Tech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Via Tech Inc filed Critical Via Tech Inc
Priority to TW98126336A priority Critical patent/TW201106197A/en
Publication of TW201106197A publication Critical patent/TW201106197A/en

Links

Landscapes

  • Stored Programmes (AREA)

Abstract

A verifiable embedded system and the verification method thereof are provided to ensure a program is executed under a predetermined embedded system environment. The method includes: providing a certification information with plurality of default identification data; executing a verification program of the application program for reading several system elements' applied identification data of the elements of the embedded system; comparing the applied identification data with the default identification data to see if they are identical; and approving of executing a content program in the embedded system while the identification data and the default data are the same.

Description

201106197 、發明說明: 【發明所屬之技術領域】 本發明係關於一種欲入式糸統及其驗證方法,尤其係涉 及驗證應用程式在預定的嵌入式系統環境下作業之方法。 【先前技術】 嵌入式系統是為了特定應用功能所設置之運算系統,在 嵌入式糸統中所運用的程式軟體多半也為了所適用的應用 功能而另行開發,使研發廠商更重視保護其所開發的程式軟 體與硬體不被分離而複製到其他的硬體裝置中使用。 在防止非法複製軟體程式的技術當中,其中一種係採用 綁定軟體程式及賴此健之特定硬财置的方式,用以產 生只能在特定硬體上執行所述倾的效果,以維縣 統的完整性及保護應用程式。 $ 在已知的作法上,係於軟體程式一開始執行時,先设 裝載該軟體的其中-裝置的識別瑪,例 (PCI)的廠商識別碼(v吟叨,判_軟體= 的識=懒, 因此即:二產之相同裝置的薇商識·_ 受_裝二r:硬更換, 式系統的硬體上執行,因 係在一預定的嵌 完整性的目的無法達成。使㈣錄赌雜及維護系 201106197 【發明内容】 本發明提供一種嵌入式系統驗證方法及可驗證礙入式 系統,用以確保應用程式在預設的嵌入式系統環境下運作, 防止程式被複製到其他的裝置之中執行;同時亦達到維護鹿 用程式所在之系統的完整性的效果。 • 以及一儲存裝置,連接至處理器,具有一儲存裝置識別資 料;其中,當本發明實施例之嵌入式系統啟動時,處理器執 行一驗證程式以讀取一網路單元識別資料、一儲存裝置識別 資料以及-作業系統識別資料,並將這些識別資料與本發明 實施例之嵌人式线複數個預設識職料崎,若預設^別201106197, invention: [Technical Field] The present invention relates to a system and a verification method thereof, and in particular to a method for verifying that an application operates in a predetermined embedded system environment. [Prior Art] The embedded system is an arithmetic system set for specific application functions. Most of the software used in the embedded system is also developed separately for the applicable application functions, so that the R&D vendors pay more attention to protecting their development. The program software and hardware are not separated and copied to other hardware devices. Among the technologies for preventing illegal copying of software programs, one of them adopts a binding software program and a specific hard-for-money method to generate an effect that can only be performed on a specific hardware. System integrity and protection applications. In the known practice, when the software program is executed at the beginning, the identification device of the device in which the software is loaded is first set, and the manufacturer identification code of the (PCI) (v吟叨, judgment_software= Lazy, so that is: the same device of the second production of Wei business _ _ _ installed two r: hard replacement, the hardware implementation of the system, because the purpose of a predetermined embedded integrity can not be achieved. The present invention provides an embedded system verification method and a verifiable blocking system for ensuring that an application operates in a preset embedded system environment, preventing the program from being copied to other programs. Executing in the device; also achieving the effect of maintaining the integrity of the system in which the deer program is located. • and a storage device coupled to the processor having a storage device identification data; wherein, in the embedded system of the embodiment of the present invention At startup, the processor executes a verification program to read a network unit identification data, a storage device identification data, and an operating system identification data, and implement the identification data with the present invention. Example of embedded line multiple presets to know the job, if the preset ^

和預設識別資料;2 皆相符,則執行一 統。 本發明實施方案提供一種可驗證嵌入式系統,搭载有一 作業系統。本發明實施例之可驗證嵌入式系統包括:一處理 器;一網路單元,連接至處理器,具有一網路單元識別資料; 乐領別資料;比對這些識別資料 ㈣識別㈣_設識別資料 •内谷程式於本發明實施例之嵌入式系 201106197 【實施方式】 置及其驗證方法,— 嵌入式系統上順利執行。詳細實:方程^ 說明。 方式明配合圖式參照下歹丨] 方塊圖,;發明的—種领證嵌人式緖實施例之And the preset identification data; if both match, the system is executed. Embodiments of the present invention provide a verifiable embedded system that is equipped with an operating system. The verifiable embedded system of the embodiment of the present invention comprises: a processor; a network unit connected to the processor, having a network unit identification data; a music collection material; and the identification data (4) identification (4) _ identification The data system is embedded in the embedded system 201106197 according to the embodiment of the present invention. [Embodiment] The verification method and the verification method thereof are successfully performed on the embedded system. Detailed: Equation ^ Description. The method is as shown in the figure below, and the block diagram is in the form of an invented

攸f钱1由多個系統元件所組成,包括第一儲存穿置 =儲,、網路單元14、處== 儲存;=存錢1G搭财—作業纽⑽,第二 载有應用程式m。雖然本實施例以兩個 獨=储存裝置分別儲存作業系統⑽以及應用程式. 蟄者應知道這兩者實際上也可以存放於同一個 儲存裝置中。 —本實施例之網路單元14例如為—内建網路卡。網路單 兀14具備有—舰存取控繼址(mac addfess),以做為 在網路上識別此網路單元14的資訊。攸f money 1 consists of a number of system components, including the first storage wear = storage, network unit 14, where == storage; = save money 1G fortune - job button (10), the second contains the application m . Although the present embodiment stores the operating system (10) and the application separately in two separate storage devices, it should be understood that the two can actually be stored in the same storage device. - The network unit 14 of this embodiment is, for example, a built-in network card. The network unit 14 has a mac addfess as a means of identifying the network element 14 on the network.

作業系統100存放在第一儲存裝置1〇 (例如恤也 ROM),作業系統1〇〇的識別資料包括作業系統1〇〇映像檔 (image)的建立曰期及版本編號。嵌入式系統1常用的作 業系統 100 包括:Windows CE、Windows XP embedded、The operating system 100 is stored in the first storage device 1 (e.g., a shirt), and the identification data of the operating system 1 includes the creation date and version number of the image of the operating system. Embedded system 1 commonly used operating system 100 includes: Windows CE, Windows XP embedded,

Embedded Linux、VxWorks等等’不同作業系統的建立日期 和版本亦不相同。 此外,裝載應用程式120的第二儲存裝置12亦具有其 獨特的裝置序號(device serial number),與薇商識別碼不同 6 201106197 的地方,在於每-裝置之序號皆不相同,因此不會發生兩個 以上裝置具有相同賴的情形。顧程式12G包括二個部 分:驗證程式12GG及内容程式聰。驗證㈣丨係為 -應用程式介面(API),用以哞叫函式庫(Lib·)中的函 式以驗證嵌人式系統丨中各轉統元件,繼此項應用程式 120是否處在縣預設的系統環境之巾。内容程式體即 為該應用程式12G實際上所欲提供的_軟體服務,例如文 件編輯、行事記錄、網路_料,此部分的服務,將於驗 證完成後供使用者操作使用。 本貝把例的§己憶單元18中記錄一驗證資料,其中包括 預先指定的欽式系統i巾數_統元件的預設識別資 料。本實施例中例如包括:預設媒體存取控制位址、預 設裝置序號、預設作職統日期與版本編號。上述識別 資料可由喪人式系統1的製造或銷售薇商,在嵌入式系 統1的軟、硬體都裝設完成後,利用軟體程式讀取出: (1)網路單元的媒體存取控制位址;(2)儲存裝置的儲 存裝置序號;以及⑶作業线的映像财立日期與版 本編號。再將上述讀取到之資料做為所述的預設識別資 料’寫入δ己憶單元18的系統設定檔(systejnregistry) 當中’做為確認原始嵌入式系統丨之組成元件的驗證資 料。其中,§己憶單元18可為隨機存取記憶體或非揮發 性記憶體。 此外,本實施例包含一驗證程式12〇〇,裝載於嵌入式 糸統1的應用程式120當中。當應用程式丨2〇被執行時,處 理器16即先行執行驗證程式1200,亦即呼叫一特定的函 式’以讀取當時嵌入式系統1之軟硬體識別資料,例如: (j) 201106197 網路單元14的媒體存取控制位址;(2)第二儲存裝置12 的儲存襞置序號,·及(3)作業系統100的映像檔建立曰 期與版本編號。 ,此外’驗證程式1200亦讀取被存在記憶單元18系統設 定檔中的預設驗證資料,並與先前讀取到的識別資料進行^ 對。本實施例的驗證程式1200可設計成依照驗證資料被記 錄的架構’按序讀取出識別資料,以便與預設識別資料一二 對照,判斷相對應的識別資料是否相符,例如:比對第二儲 存裝置I2的齡裝置序號是否與預設儲存裝置序號相 若不相同,即可得知進行驗證當時,應用程式120並非裝載 在嵌入式系、统1原始預設的儲存裝置中。另外兩類識別資料 的比對亦然,若驗證料謂所讀取_舰存取控制位 址與預設媒體存取控制位址不同,或作錢統⑽的映像檀 建立日期與版本編號與預設作料、統日期與版本編號不 同,即表示系統元件已被更換、或應用程式12〇已被複 其他系統中。 ^ 經過驗證程式mo比對驗證資料中的麟識別資料及 翻資料後’若有其中任-項資料不相符,即不允許再繼續 ,行内容程式1202 ’例如:由驗證程式12_請整個應用 程式12G。唯有每-項識糖料皆符合娜應_設識別資 料的情況下,内容程式1202才會被執行。 根據上述方式’即可確保應用程式12〇唯有裝载在預設 的嵌入式系統1之中方能順利提供翻服務,即可保護應用 程式120不被·複製或搬移到其他的賴上;同時,也由 於對嵌入式系統1的多項系統元件同時進行驗證 嵌入式系統1的完整性。 准及 201106197 在上述貫施例中,以媒體存取控制位址、作業系統及第 二儲存裝置三者之識別資料為例的原因在於,透過應用程式 120中的驗證程式12〇〇來驗證上述系統元件的識別資料, 可達到完整保護嵌入式系統1的硬體、軟體及管理此二者的 中介媒體。請參閱第二圖,嵌入式系統la的組成可晝分為 硬體40層面、軟體44層面,以及介於兩者之間,用^管理 及協調軟、硬體之資源分配的中介媒體42層面。 驗證網路單元14的媒體存取控制位址、及儲存襞置序 φ 唬,即保護了嵌入式系統1a的硬體40層面(如:處理器 16及各儲存裝置);驗證作業系統1〇〇的映像檔建立日期與 版本編號,則確保控制整個嵌入式系統la運作的中介媒^ 42的正確性;而透過驗證程式12〇〇檢驗嵌入式系統丨的系 統環境,即是保護了嵌入式系統la的軟體44層面(如:應 用程式120)。以此種同時驗證系統軟、硬體及中介媒體白g 手段,即使只更換了其中一項系統元件,也會造成應用程式 12〇無法提供應用服務的結果,大幅增加應用程式12〇被聿 • 載在其他裝置或系統上執行的困難度,能較習知手段更有^ 地防止應用程式12〇從預設的嵌入式系統la中遭分離或複 製’也更能保障嵌入式系統的完整性。 睛參閱第三圖所顯示的另一種可驗證嵌入式系統實 施例方塊圖,其中包括了存放在非揮發性記憶體中的—基^ 輸出入系統(Bl〇s) 2〇。在本實施例中,上述的預設識別 資料除了可記錄在記憶單元18的系統註冊檔之外,亦^事 先寫入基本輪出入系統2〇當中。當嵌入式系統lb開機時, 上述預設識別資料即會被讀取。驗證程式1200可呼叫函式 到基本輸出入系統20中讀取預設識別資料。 二 201106197 第四圖係為本發明所提供的一種嵌入式系統驗證方法 實施例之流程圖’利用全面性地驗證安裝了受保護之應用程 式的嵌入式系統的方式,確認應用程式處於一未經變更的嵌 入式系統中,才允許程式執行。 . 首先於一嵌入式系統提供包含數個預設識別資料的一 組驗證資料(S401),本實施例的驗證資料包括了預設媒體 存取控制位址、預設襞置序號,及預設作業系統日期及 版本編號。驗證資料可預先記錄在嵌入式系統的系統設定 檔中或是基本輸出入系統。 應用程式包括二部分程式:其一為驗證程式,另一部分籲 為内容程式。當應用程式被執行時,驗證程式可自函式庫呼 叫函式’以讀取當時喪入式系統之系統元件的識別資料 (S403 )。識別資料包含組成嵌入式系統的軟、硬體或中介 媒體的識別資料。而本實施例中的識別資料包括:嵌入式系 統網路單元的媒體存取控制位址、嵌入式系統存放應用程式 之第二儲存裝置的儲存裝置序號,以及嵌入式系統所搭載作 業系統映像檔的建立日期與版本編號。上述識別資料皆為所 屬系統元件的獨特識別資料,可用來作為判別每一系統元件 _ 之“身分”的特徵。 接著’驗證程式將識別資料與其相對應的預設識別資料 分別比對(S405),以判斷應用程式被執行時,由驗證程式 所取得的識別資料是否符合預設識別資料中的記錄(s4〇7 )。 、,若比對的結果發現其中有任一者不相符,表示應用程式 ,未安裝在預設的嵌入式系統上,因此不允許執行後續的内 各矛王式(S409),反之,若經比對後,每一項識別資料都正 讀對應到預设識別資料’則可癌認應用程式係安裝在預設的 10 201106197 嵌入式系統當中,則允許繼續執行應用程式申的内容程式 (S411)。Embedded Linux, VxWorks, etc. The date and version of the different operating systems are also different. In addition, the second storage device 12 of the loading application 120 also has its unique device serial number, which is different from the Weishang identification code. 6 201106197, the serial number of each device is different, so it does not occur. More than two devices have the same situation. The program 12G includes two parts: the verification program 12GG and the content program. Verification (4) is the application interface (API) used to call the function in the library (Lib) to verify the various components in the embedded system, whether the application 120 is in the The pre-set system environment towel. The content program body is the _software service that the application program 12G actually wants to provide, such as file editing, event recording, and network information. The service of this part will be used by the user after the verification is completed. In the example of the present invention, a verification data is recorded in the unit 18, which includes a pre-designated default identification data of the system. The embodiment includes, for example, a preset media access control address, a preset device serial number, a preset job date, and a version number. The above identification data may be manufactured or sold by the mourner system 1 after the software and hardware of the embedded system 1 are installed, and the software program is used to read out: (1) Media access control of the network unit Address; (2) the storage device serial number of the storage device; and (3) the image financial date and version number of the work line. The above-mentioned read data is then used as the preset identification data 'write to the system configuration file (systejnregistry) of the δ recall unit 18 as the verification material for confirming the constituent elements of the original embedded system. Wherein, the unit 18 can be a random access memory or a non-volatile memory. In addition, the embodiment includes a verification program 12, which is loaded in the application 120 of the embedded system 1. When the application program is executed, the processor 16 executes the verification program 1200 first, that is, calls a specific function 'to read the software and hardware identification data of the embedded system 1 at that time, for example: (j) 201106197 The media access control address of the network unit 14; (2) the storage device serial number of the second storage device 12, and (3) the image file creation period and version number of the operating system 100. In addition, the verification program 1200 also reads the preset verification data stored in the system setting file of the memory unit 18, and performs the matching with the previously read identification data. The verification program 1200 of the embodiment can be designed to read the identification data in order according to the structure in which the verification data is recorded, so as to compare with the preset identification data to determine whether the corresponding identification data matches, for example, the comparison Whether the serial number of the storage device I2 is different from the preset storage device number, it can be known that the application 120 is not loaded in the original preset storage device of the embedded system. The comparison of the other two types of identification data is also the same. If the verification data indicates that the read_ship access control address is different from the preset media access control address, or the image of the Tao (10) is established and the version number is The preset material, system date and version number are different, which means that the system component has been replaced, or the application program 12 has been restored to other systems. ^ After the verification program mo compares the identification data in the verification data and the data, if there is any inconsistency in the item-item data, it is not allowed to continue. The line content program 1202 'For example: by the verification program 12_ please the entire application Program 12G. The content program 1202 will only be executed if each item of the item is in compliance with Na Ying's identification information. According to the above method, it can be ensured that the application 12 can only be successfully loaded in the preset embedded system 1 to protect the application 120 from being copied or moved to other applications; Also, the integrity of the embedded system 1 is verified simultaneously for multiple system components of the embedded system 1. In the above embodiment, the identification data of the media access control address, the operating system and the second storage device is taken as an example in that the verification program 12 in the application 120 verifies the above. The identification data of the system components can completely protect the hardware, software and intermediary media of the embedded system 1. Please refer to the second figure. The composition of the embedded system la can be divided into hardware 40 level, software 44 level, and between the two, using ^ to manage and coordinate the distribution of soft and hardware resources. . Verifying the media access control address of the network unit 14 and the storage sequence φ 唬, that is, protecting the hardware 40 layer of the embedded system 1a (eg, the processor 16 and each storage device); verifying the operating system 1〇 〇The image creation date and version number ensure the correctness of the mediator controlling the operation of the entire embedded system la; and the system environment of the embedded system is verified by the verification program 12, which protects the embedded system. The software 44 level of the system la (eg, application 120). By simultaneously verifying the system software, hardware and mediation media, even if only one of the system components is replaced, the application 12 can not provide the result of the application service, and the application 12 is greatly increased. The difficulty of executing on other devices or systems can prevent the application 12 from being separated or copied from the preset embedded system la more than the conventional means. It also ensures the integrity of the embedded system. . See the third diagram of another verifiable embedded system embodiment shown in Figure 3, which includes the base-in system (Bl〇s) 2存放 stored in non-volatile memory. In the embodiment, the preset identification data may be recorded in the system registration file of the memory unit 18, and is also written in the basic wheel entry and exit system. When the embedded system lb is powered on, the above-mentioned preset identification data will be read. The verification program 1200 can call the function to read the preset identification data into the basic input/output system 20. II201106197 The fourth figure is a flow chart of an embodiment of an embedded system verification method provided by the present invention. The method for comprehensively verifying an embedded system in which a protected application is installed is used to confirm that the application is in an unexisting manner. Program execution is allowed in a modified embedded system. First, a set of verification data (S401) including a plurality of preset identification data is provided in an embedded system, and the verification data in the embodiment includes a preset media access control address, a preset device serial number, and a preset. Operating system date and version number. The verification data can be pre-recorded in the system configuration file of the embedded system or the basic input and output system. The application consists of two parts: one is the verification program and the other is the content program. When the application is executed, the verification program can read the function from the library call function to read the identification data of the system component of the then lost system (S403). Identification data contains identifying data for the soft, hard or intermediate media that make up the embedded system. The identification data in the embodiment includes: a media access control address of the embedded system network unit, a storage device serial number of the second storage device in which the embedded system stores the application, and an operating system image file embedded in the embedded system. The date of creation and the version number. The above identification data are unique identification data of the system components, and can be used as a feature for discriminating the "identity" of each system component. Then the verification program compares the identification data with the corresponding preset identification data (S405) to determine whether the identification data obtained by the verification program conforms to the record in the preset identification data when the application is executed (s4〇) 7). If the result of the comparison finds that any one of them does not match, it means that the application is not installed on the preset embedded system, so it is not allowed to execute the subsequent internal spears (S409), and vice versa. After the comparison, each identification data is read to correspond to the preset identification data', then the cancer application system is installed in the preset 10 201106197 embedded system, and the content program of the application application is allowed to continue (S411 ).

以本實施例的預設識別資料及識別資料為例,在判斷識 別資料與預設識別資料是否相符的步驟中(S407),驗證程 式將一一進行下列比對(參照第五圖):判斷網路單元自^ 體存取控制位址與預設媒體存取控制位址是否相同 (S4070),若不相同即停止執行後續程式(§4〇9);若 相同則比較儲存裝置的儲存裝置序號與預設裝置序號是 否相同(S4072) ’若不相同亦停止(S4〇9);若仍相同 則繼續比較作業系統映像檔建立日期、版本編號與預設作 業系統日期及版本編號是否完全相符(S4〇74 ),若不同 也需停止(S409)’狀若完全相同,則完成全部的比 對判斷,允許繼續執行内容程式(S411)。 然而上述步驟S4070到S4074的執行順序並益限 制,只要確定三類識別資料皆經過驗證即可,而經比對 發現有不相符的情瞒,除了停止執行後續程式外 可發出警示音加以提示。 用以驗證系統元件的識別資料不限於上述各實施例中 =_目,更完整轉應用程式所在的執行環境未經 f交,遇可更進—步為處理器嵌人獨特的-控制碼’並且將 處理器的預設處理器控制碼也作為驗證#料其中之一 辦,更讀取處理器的射㈣,叫斷處理 时疋否被更換為其他錢鎮他雜之設備。 =外’所述驗證賴亦可於嵌人式纽皱時,即登錄 =$^!庫^未示)#_,嵌人細之處理器執行 孝切’經由網路單元連接到遠端資料庫讀取相闕的預 201106197 設識別資料,再加以比對。 經由上述所揭露的敌入式系統驗證方法及可驗證嵌入 式系統,以全面性驗證嵌入式系統之軟、硬體及中介媒體的 手&,除可確保應用程式不受非法的複製搬移之外,同時也 保障嵌入式系統的完整性,避免系統令各項系統元件被更換 為其他的替代裝置,影響系統的運作效能及安全性。 上述各貫施例所揭露之裝置、元件等項目僅為說明本發 明實施=式之例示,並賴以限縮本發明所適用之範脅,如 有其他符合本發明之精神與未實質改變本發明之技術手段 者,皆屬本發明所涵蓋保護之範圍。 【圖式簡單說明】 第-圖:本發明所提供—種可驗證嵌人式祕實施例之方 塊圖; 弟二圖:本發明所提供—種可驗證嵌人式祕資料架構實 施例示意圖; 第一圖.本發明所提供另—種可驗證嵌人式祕實施例方 塊圖; 第四圖.本發贿提供—種m统驗證方法實施例之 流程圖;及 供—種崎朗資料實施例之流程圖。 【主要元件符號說明】 l la-b嵌入式系統 10第一儲存裝置 12 201106197 100作業系統 12第二儲存裝置 120應用程式Taking the preset identification data and the identification data of the embodiment as an example, in the step of determining whether the identification data matches the preset identification data (S407), the verification program will perform the following comparisons one by one (refer to the fifth figure): Whether the network unit self-access control control address is the same as the preset media access control address (S4070), if not the same, the subsequent program is stopped (§4〇9); if the same, the storage device of the storage device is compared Whether the serial number and the preset device serial number are the same (S4072) 'If they are not the same, stop (S4〇9); if they are still the same, continue to compare the operating system image file creation date, the version number and the default operating system date and version number are completely consistent. (S4〇74), if it is different, it is necessary to stop (S409). If the same is true, all the comparison determinations are completed, and the execution of the content program is allowed (S411). However, the execution order of the above steps S4070 to S4074 is limited, as long as it is determined that the three types of identification data are verified, and the comparison finds that there is a mismatch, and in addition to stopping the execution of the subsequent program, a warning tone can be issued to prompt. The identification data used to verify the system components is not limited to the above-mentioned embodiments, and the execution environment in which the application is located is not transferred, and the processor can be embedded into a unique control code. And the processor's preset processor control code is also used as one of the verification # materials, and the processor is read (four), and the device is replaced by other equipments. = outside 'the verification can be used in the embedded wrinkle, ie login = $ ^! library ^ not shown) #_, embedded fine processor execution filial 'connected to the remote data via the network unit The library reads the corresponding pre-201106197 data and compares them. Through the above-mentioned enemies-based system verification method and verifiable embedded system, the hands and devices of the soft, hardware and intermediate media of the embedded system can be comprehensively verified, in addition to ensuring that the application is not illegally copied and moved. In addition, the integrity of the embedded system is also guaranteed, and the system is prevented from being replaced by other alternative devices, which affects the operational efficiency and safety of the system. The items, components, and the like disclosed in the above embodiments are merely illustrative of the implementation of the present invention, and are intended to limit the scope of the invention, and if the invention is in accordance with the spirit of the invention, The technical means of the invention are within the scope of protection covered by the invention. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a block diagram of an embodiment of a verifiable embedded embedding embodiment provided by the present invention; FIG. 2 is a schematic diagram of an embodiment of a verifiable embedded embedding data structure provided by the present invention; The first figure is a block diagram of another embodiment of the verifiable embedded embedding embodiment provided by the present invention; the fourth figure is a flow chart of the embodiment of the method for verifying the bribe; and the embodiment of the data source Flow chart. [Main component symbol description] l la-b embedded system 10 first storage device 12 201106197 100 operating system 12 second storage device 120 application

1200驗證程式 1202内容程式 14網路單元 16處理器 18記憶單元 20基本輸出入糸統 40硬體 42中介媒體 44軟體 S401〜S411流程步驟 S4070〜S4074流程步驟1200 Verification Program 1202 Content Program 14 Network Unit 16 Processor 18 Memory Unit 20 Basic Input and Output System 40 Hardware 42 Intermediary Media 44 Software S401~S411 Process Steps S4070~S4074 Process Steps

3 133 13

Claims (1)

201106197 七、申請專利範圍: 1. 一種嵌入式系統驗證方法,該嵌入式系統搭載一作業系 統,該嵌入式系統包括一網路單元、一處理器、及一儲存 裝置,該方法包括: 提供該嵌入式系統之複數個預設識別資料; 執行一驗證程式,以讀取該嵌入式系統中之一網路單元 識別資料、一儲存裝置識別資料,以及一作業系統識 別資料; 比對該等識別資料和該等預設識別資料;及 若該等識別資料與該等預設識別資料皆相符,則執行一 内容程式。 2. 如申請專利範圍第1項所述之方法,其中,該網路單元識 別資料係為該網路單元之一媒體存取控制位址。 3. 如申請專利範圍第1項所述之方法,其中,該儲存裝置識 別資料係為該儲存裝置之一儲存裝置序號。 4. 如申請專利範圍第1項所述之方法,其中,該作業系統識 別資料係為該作業系統之一映像檔建立日期及版本編號。 5. 如申請專利範圍第1項所述之方法,其中,該等預設識別 資料包括:一預設媒體存取控制位址、一預設裝置序號、 及一預設作業系統日期及版本編號。 6. 如申請專利範圍第1項所述之方法,其中更包括比對該處 理器之一控制碼與一預設處理器控制碼。 7. 如申請專利範圍第1項所述之方法,其中更包括: 若一個以上之該等識別資料與其相對應之該預設識別 資料不相符,停止執行該應用程式。 201106197 8. 如申請專利範圚 料記錄於該嵌入項所迷之方法’其中該等預設識別資 9. 如申請專利範圍1线之—記憶單元。 料記錄於該嵌入^ 述之方法,其中該等預設識別資 10如由吐式系統之基本輸出入系統。 10·# ί 6月專利範圍 資料庫存取該箄=1項所逃之方法’其中更包含至一遠端 11 1由χ寺預設識別資料。 11·如申睛專利範图 内容第項所述之方法,其中該驗證程式與該 円谷私式储存於該儲存裂置。201106197 VII. Patent application scope: 1. An embedded system verification method, the embedded system is equipped with an operation system, the embedded system includes a network unit, a processor, and a storage device, and the method includes: providing the a plurality of preset identification data of the embedded system; executing a verification program to read one of the network unit identification data, a storage device identification data, and an operation system identification data in the embedded system; The data and the preset identification data; and if the identification data matches the preset identification data, executing a content program. 2. The method of claim 1, wherein the network element identification data is a media access control address of the network element. 3. The method of claim 1, wherein the storage device identification data is a storage device serial number of the storage device. 4. The method of claim 1, wherein the operating system identification data is an image creation date and a version number of the operating system. 5. The method of claim 1, wherein the preset identification data comprises: a preset media access control address, a preset device serial number, and a preset operating system date and version number . 6. The method of claim 1, wherein the method further comprises controlling a code and a predetermined processor control code. 7. The method of claim 1, wherein the method further comprises: stopping execution of the application if more than one of the identification data does not match the corresponding identification data corresponding thereto. 201106197 8. If the patent application is documented in the method of the embedded item, wherein the preset identification is as follows: The method is described in the method of embedding, wherein the preset identification resources are input into the system as a basic output of the spit system. 10·# ί June Patent Scope The data inventory is taken from the 箄=1 item escape method, which further includes a remote end 11 1 by the χ temple preset identification data. 11. The method of claim 2, wherein the verification program is stored in the storage compartment privately with the Shibuya. 包=可驗也耿入式系統’搭載一作業系統’該嵌入式系統 一處理器; 一網路單元,連接至該處理器,該網路單元 單元識別資料;及 、 儲存裝置,連接至該處理器,該儲存裝置具有一儲存 裝置識別資料; 其中,當該嵌入式系統啟動時,該處理器執行一驗證程 式,以讀取該網路單元識別資料、該儲存裝置識別資 料以及該作業系統之一作業系統識別資料,並將該等 識別資料與該嵌入式系統複數個預設識別資料比 對,若該等預設識別資料及該等識別資料皆符合,則 於該嵌入式系統執行一内容程式。 13.如申請專利範圍第12項所述之系統,其中,該網路單元 識別資料為該網路單元之一媒體存取控制位址。 14·如申睛專利範圍第12項所述之系統,其中,該儲存裝置 °哉別資料係為該儲存裝置之一儲存裝置序號。 201106197 15. 如申請專利範圍第12項所述之系統,其中,該作業系統 識別資料係為該作業系統之一映像檔建立日期及版本編 號。 16. 如申請專利範圍第12項所述之系統,其中該等預設識別 資料包括:一預設媒體存取控制位址、一預設裝置序號、 及一預設作業系統日期及版本編號。 17. 如申請專利範圍第12項所述之系統,其中該驗證程式與 該内容程式儲存於該儲存裝置。 18. 如申請專利範圍第12項所述之系統,其中,該嵌入式系 統更包括: 一基本輸出入系統,該等預設識別資料儲存於該基本輸 出入系統。 19. 如申請專利範圍第12項所述之系統,其中,該嵌入式系 統更包括: 一記憶單元,該等預設驗證資料以一系統註冊檔型式儲 存於該記憶單元。 20. 如申請專利範圍第12項所述之系統,其中該嵌入式系統 透過該網路單元,經由網路至一遠端資料庫存取該等預設 識別資料。 16Package = 耿 耿 耿 ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' a processor having a storage device identification data; wherein, when the embedded system is booted, the processor executes a verification program to read the network unit identification data, the storage device identification data, and the operating system The operating system identifies the data, and compares the identification data with the plurality of preset identification data of the embedded system. If the preset identification data and the identification data are all consistent, performing an execution on the embedded system Content program. 13. The system of claim 12, wherein the network element identification data is a media access control address of the network element. 14. The system of claim 12, wherein the storage device is a storage device serial number of the storage device. The system of claim 12, wherein the operating system identification data is an image creation date and version number of one of the operating systems. 16. The system of claim 12, wherein the preset identification data comprises: a predetermined media access control address, a preset device serial number, and a preset operating system date and version number. 17. The system of claim 12, wherein the verification program and the content program are stored in the storage device. 18. The system of claim 12, wherein the embedded system further comprises: a basic input and output system, the preset identification data being stored in the basic input and output system. 19. The system of claim 12, wherein the embedded system further comprises: a memory unit, wherein the predetermined verification data is stored in the memory unit in a system registration format. 20. The system of claim 12, wherein the embedded system retrieves the preset identification data via the network unit to a remote data repository. 16
TW98126336A 2009-08-05 2009-08-05 Verifiable embedded system and the verification method thereof TW201106197A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW98126336A TW201106197A (en) 2009-08-05 2009-08-05 Verifiable embedded system and the verification method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW98126336A TW201106197A (en) 2009-08-05 2009-08-05 Verifiable embedded system and the verification method thereof

Publications (1)

Publication Number Publication Date
TW201106197A true TW201106197A (en) 2011-02-16

Family

ID=44814261

Family Applications (1)

Application Number Title Priority Date Filing Date
TW98126336A TW201106197A (en) 2009-08-05 2009-08-05 Verifiable embedded system and the verification method thereof

Country Status (1)

Country Link
TW (1) TW201106197A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI740272B (en) * 2019-11-14 2021-09-21 和碩聯合科技股份有限公司 Device, method and non-transitory computer readable medium for writing image files into memories

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI740272B (en) * 2019-11-14 2021-09-21 和碩聯合科技股份有限公司 Device, method and non-transitory computer readable medium for writing image files into memories

Similar Documents

Publication Publication Date Title
US10019594B2 (en) Pattern for secure store
JP5821034B2 (en) Information processing apparatus, virtual machine generation method, and application distribution system
JP5828081B2 (en) Information processing apparatus, information processing method, and program distribution system
US8171301B2 (en) Method and system for integrated securing and managing of virtual machines and virtual appliances
CN102693379B (en) Protection operating system Configuration Values
JP5900911B2 (en) File system access for one or more sandboxed applications
JP4404940B2 (en) Method and system for providing custom software images to a computer system
RU2388051C2 (en) Random password, automatically generated by basic input/output (bios) system for protecting data storage device
US20080005029A1 (en) Image forming apparatus, license management method, and license management program product
US20100205457A1 (en) Portable Mass Storage Device with Virtual Machine Activation
CN107003866A (en) The safety establishment of encrypted virtual machine from encrypted template
TW201535145A (en) System and method to store data securely for firmware using read-protected storage
EA012921B1 (en) Method and device for protecting software from unauthorized use
MX2007011377A (en) Secure boot.
JP2004265422A (en) Compact hardware identification for connecting software package to computer system having tolerance of hardware change
JP2007034875A (en) Use management method for peripheral, electronic system and constituent device therefor
US20090287917A1 (en) Secure software distribution
CN110998571A (en) Offline activation of applications installed on a computing device
KR101504647B1 (en) Portable mass storage with virtual machine activation
CN114651253A (en) Virtual environment type verification for policy enforcement
US8656182B2 (en) Security mechanism for developmental operating systems
US20020169976A1 (en) Enabling optional system features
TW201638775A (en) Booting user devices to custom operating system (OS) images
CN108647516B (en) Method and device for defending against illegal privilege escalation
JP2006146358A (en) Usb peripheral equipment control system and usb peripheral equipment control method