TW201935358A - Application or driver verification method - Google Patents

Application or driver verification method Download PDF

Info

Publication number
TW201935358A
TW201935358A TW107105507A TW107105507A TW201935358A TW 201935358 A TW201935358 A TW 201935358A TW 107105507 A TW107105507 A TW 107105507A TW 107105507 A TW107105507 A TW 107105507A TW 201935358 A TW201935358 A TW 201935358A
Authority
TW
Taiwan
Prior art keywords
decryption
data
authorization
interpretation
target program
Prior art date
Application number
TW107105507A
Other languages
Chinese (zh)
Other versions
TWI675340B (en
Inventor
王正凱
Original Assignee
神雲科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 神雲科技股份有限公司 filed Critical 神雲科技股份有限公司
Priority to TW107105507A priority Critical patent/TWI675340B/en
Publication of TW201935358A publication Critical patent/TW201935358A/en
Application granted granted Critical
Publication of TWI675340B publication Critical patent/TWI675340B/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

An Application or driver verification method, implemented by a computer device, including: (A) Executing a firmware to generate a command interpretation environment; (B) In the command interpretation environment, after receiving an execution instruction related to a target program, obtaining a decryption method corresponding to a time interval comprising a system time and an encrypted authorization data corresponding to the target program and corresponding to an encryption method corresponding to the decryption method based on the system time of a system management data and a lookup table related to decryption methods and time intervals; (C) According to the decryption method, the encrypted authorization data is decrypted to generate the decryption authorization data; and (D) Generating an authorization message indicating whether the target program is valid or not according to a first metadata of the system management data corresponding to the target program and the decryption authorization data.

Description

程式驗證方法Program verification method

本發明是有關於一種驗證資料完整性的方法,特別是指一種用於可擴展韌體介面的程式驗證方法。The invention relates to a method for verifying the integrity of data, in particular to a program verification method for an extensible firmware interface.

為了免除基本輸入/輸出系統(Basic Input/Output system, BIOS)的先天限制,英特爾公司(Intel Corporation)發展出一種可延伸式韌體介面(Extensible Firmware Interface, EFI)規格,EFI是一種個人電腦系統的規格,可使用標準的程式語言工具加入新元件,具有更佳的擴充性,由於EFI係以C語言的模組化架構,比使用組合語言的BIOS更有彈性,程式更容易維護、閱讀。In order to eliminate the inherent limitations of the Basic Input / Output system (BIOS), Intel Corporation has developed an Extensible Firmware Interface (EFI) specification. EFI is a personal computer system Specifications, you can use standard programming language tools to add new components, which has better expandability. Because EFI is based on the modular structure of C language, it is more flexible than the combined language BIOS, and the program is easier to maintain and read.

EFI為用於聯繫作業系統(operating system, OS)以及提供連接作業系統與硬體的介面,當EFI所有元件載入完畢時,便會啟動一個類似於作業系統殼層(Shell)的命令解釋環境(即EFI Shell),在EFI Shell中,使用者可以掛載執行任何EFI應用程式或EFI驅動程式,這些程式可以是硬體檢測及除錯軟體、開機管理軟體、設定軟體、作業系統的啟動程式等等。然,這些程式可能為駭客以惡意軟體所植入的惡意程式,因此,現有的電腦裝置會預先儲存對應這些程式的授權資料,以使電腦裝置透過授權資料驗證所對應的這些程式是否合法。EFI is used to contact the operating system (OS) and provide an interface to connect the operating system and hardware. When all components of EFI are loaded, a command interpretation environment similar to the shell of the operating system is started. (EFI Shell). In EFI Shell, users can mount and execute any EFI application or EFI driver. These programs can be hardware detection and debugging software, boot management software, configuration software, and startup programs for the operating system. and many more. However, these programs may be malicious programs implanted by hackers with malicious software. Therefore, the existing computer device stores the authorization data corresponding to these programs in advance, so that the computer device verifies whether the corresponding programs are legitimate through the authorization data.

然而,現有的授權資料沒有妥善的保護機制,授權資料可能會外流,且內容可能會被解析,而被駭客偽造非法的授權資料。However, the existing authorization data does not have a proper protection mechanism. The authorization data may be outflowed, and the content may be parsed, and hackers may forge illegal authorization data.

因此,本發明的目的,即在提供一種具有保護機制的程式驗證方法。Therefore, an object of the present invention is to provide a program verification method with a protection mechanism.

於是,本發明程式驗證方法由一電腦裝置來實施,該電腦裝置與一儲存裝置電連接,並儲存有一韌體、多個程式、一時間區間對解密方式的查找表,及系統管理資料,該系統管理資料包括一相關於該電腦裝置當前時間的系統時間,及多筆分別對應該等程式的第一詮釋資料,該儲存裝置儲存有每一程式各自所對應的多筆加密授權資料,每一程式各自所對應的該等加密授權資料分別對應多種加密方式,該查找表包括多個時間區間,及多個分別對應該等時間區間且分別對應該等加密方式的解密方式,該程式驗證方法包含一步驟(A)、一步驟(B)、一步驟(C),及一步驟(D)。Therefore, the program verification method of the present invention is implemented by a computer device, which is electrically connected to a storage device, and stores a firmware, a plurality of programs, a lookup table of a time interval pair decryption method, and system management data. The system management data includes a system time related to the current time of the computer device and a plurality of first interpretation data corresponding to the programs. The storage device stores a plurality of encrypted authorization data corresponding to each program. The encryption authorization data corresponding to each program corresponds to multiple encryption methods. The lookup table includes multiple time intervals and multiple decryption methods corresponding to the time intervals and corresponding encryption methods. The program verification method includes One step (A), one step (B), one step (C), and one step (D).

在該步驟(A)中,該電腦裝置執行該韌體以產生一命令解釋環境。In step (A), the computer device executes the firmware to generate a command interpretation environment.

在該步驟(B)中,該電腦裝置於該命令解釋環境下,在接收到一相關於一目標程式的執行指令後,根據該系統管理資料的該系統時間及該查找表,獲得涵蓋有該系統時間之時間區間所對應的解密方式,及對應於該目標程式且對應於該解密方式所對應之加密方式的加密授權資料,其中該目標程式為該等程式之一者。In step (B), the computer device, under the command interpretation environment, receives an execution instruction related to a target program, and obtains the information covering the system according to the system time and the lookup table of the system management data. The decryption method corresponding to the time interval of the system time, and the encryption authorization data corresponding to the target program and the encryption method corresponding to the decryption method, wherein the target program is one of the programs.

在該步驟(C)中,該電腦裝置根據步驟(B)所獲得的該解密方式,解密步驟(B)所獲得的該加密授權資料,以產生解密授權資料。In step (C), the computer device decrypts the encrypted authorization data obtained in step (B) according to the decryption method obtained in step (B) to generate decryption authorization data.

在該步驟(D)中,該電腦裝置根據該系統管理資料中之對應該目標程式的第一詮釋資料及該解密授權資料,產生一指示出該目標程式是否合法的授權訊息。In step (D), the computer device generates an authorization message indicating whether the target program is legal according to the first interpretation data corresponding to the target program in the system management data and the decryption authorization data.

本發明之功效在於:藉由該處理單元根據該系統時間及該查找表獲得該解密方式及該加密授權資料,並根據該解密方式,解密該加密授權資料,以產生該解密授權資料,最後根據該系統管理資料的該第一詮釋資料及該解密授權資料產生指示出該目標程式是否合法的該授權訊息,提高授權資料的安全性,以避免偽造授權資料的情形發生。The effect of the present invention is that the decryption method and the encryption authorization data are obtained by the processing unit according to the system time and the lookup table, and the encryption authorization data is decrypted according to the decryption method to generate the decryption authorization data. The first interpretation data of the system management data and the decryption authorization data generate the authorization message indicating whether the target program is legitimate, improving the security of the authorization data, and avoiding the situation where the authorization data is forged.

參閱圖1,說明用來實施本發明程式驗證方法之一實施例的一電腦裝置100,該電腦裝置100包含一儲存單元11,及一電連接該儲存單元11的處理單元12,該電腦裝置100電連接一儲存裝置200。在本實施例中,該儲存單元11例如為快閃記憶體(Flash Memory),該儲存裝置200例如為外接硬碟(External hard drive),在其他實施方式中,該儲存單元11可為電子可抹除可程式化唯讀記憶體(Electrically-Erasable Programmable Read-Only Memory, EEPROM),不以此為限。Referring to FIG. 1, a computer device 100 for implementing an embodiment of the program verification method of the present invention is described. The computer device 100 includes a storage unit 11 and a processing unit 12 electrically connected to the storage unit 11. The computer device 100 Electrically connected to a storage device 200. In this embodiment, the storage unit 11 is, for example, a flash memory, and the storage device 200 is, for example, an external hard drive. In other embodiments, the storage unit 11 may be an electronic storage device. Erase Programmable Read-Only Memory (EEPROM), not limited to this.

該儲存單元11儲存有一韌體、多個程式、一時間區間對解密方式的查找表、多個分別對應多種不同加密演算法的解密金鑰,及系統管理資料。該查找表包括多個時間區間,及多個分別對應該等時間區間且分別對應多種加密方式的解密方式,每一加密方式對應多個對應該等加密演算法的加密金鑰之至少二者,並指示出一相關於該加密方式所對應的加密金鑰的加密順序,每一解密方式對應該至少二加密金鑰所對應的加密演算法對應的解密金鑰,並指示出一相關於該解密方式所對應的解密金鑰的解密順序,表1示例出該查找表。值得注意的是,在其他實施方式中,每一解密方式係對應該等解密金鑰之一對應者,不以此為限。該系統管理資料包括一相關於該電腦裝置100當前時間的系統時間,及多筆分別對應該等程式的第一詮釋資料,每一第一詮釋資料具有一第一產品名稱及第一客戶名稱之其中至少一者。在本實施例中,該韌體例如為BIOS,該等程式例如為EFI應用程式或EFI驅動程式,該等加密演算法例如為RSA加密演算法、進階加密標準(Advanced Encryption Standard, AES)加密演算法、資料加密標準(Data Encryption Standard, DES)加密演算法,及三重資料加密標準(Triple Data Encryption Standard, 3DES)加密演算法,該系統管理資料例如為系统管理基本輸入/輸出系統(System Management BIOS, SMBIOS)資料。 表1 The storage unit 11 stores a firmware, a plurality of programs, a lookup table of a decryption method in a time interval, a plurality of decryption keys corresponding to a plurality of different encryption algorithms, and system management data. The lookup table includes a plurality of time intervals, and a plurality of decryption modes corresponding to the time intervals and a plurality of encryption methods, each encryption method corresponding to at least two of the plurality of encryption keys corresponding to the encryption algorithms, An encryption sequence related to the encryption key corresponding to the encryption method is indicated, and each decryption method corresponds to a decryption key corresponding to the encryption algorithm corresponding to at least two encryption keys, and an instruction related to the decryption is indicated. The decryption order of the decryption key corresponding to the method. Table 1 illustrates the lookup table. It is worth noting that, in other embodiments, each decryption method corresponds to a counterpart of the decryption keys, and is not limited thereto. The system management data includes a system time related to the current time of the computer device 100, and a plurality of first interpretation data corresponding to the programs, each first interpretation data having a first product name and a first customer name. At least one of them. In this embodiment, the firmware is, for example, a BIOS, the programs are, for example, an EFI application program or an EFI driver, and the encryption algorithms are, for example, an RSA encryption algorithm or an Advanced Encryption Standard (AES) encryption. Algorithms, Data Encryption Standard (DES) encryption algorithms, and Triple Data Encryption Standard (3DES) encryption algorithms. The system management data is, for example, a system management basic input / output system (System Management BIOS, SMBIOS) information. Table 1

該儲存裝置200儲存有每一程式各自所對應的多筆加密授權資料,每一程式各自所對應的該等加密授權資料分別對應該等加密方式,每一加密授權資料包括第二詮釋資料及一授權期間,每一第二詮釋資料具有一第二產品名稱及一第二客戶名稱之其中至少一者。The storage device 200 stores a plurality of encrypted authorization data corresponding to each program, the encrypted authorization data corresponding to each program corresponds to the encryption methods, and each encrypted authorization data includes a second interpretation data and a During the authorization period, each second interpretation data has at least one of a second product name and a second customer name.

參閱圖1及圖2,說明該電腦裝置100如何執行本發明程式驗證方法之該實施例。以下詳細說明該實施例所包含的步驟。Referring to FIG. 1 and FIG. 2, how the computer device 100 executes the embodiment of the program verification method of the present invention is described. The steps included in this embodiment are described in detail below.

在步驟301中,該處理單元12執行該儲存單元11儲存的該韌體以產生一命令解釋環境,在實施例中,該命令解釋環境例如為EFI Shell。In step 301, the processing unit 12 executes the firmware stored by the storage unit 11 to generate a command interpretation environment. In an embodiment, the command interpretation environment is, for example, an EFI Shell.

在步驟302中,該處理單元12於該命令解釋環境下,在接收到一相關於一目標程式的執行指令後,該處理單元12根據該系統管理資料的該系統時間及該查找表,獲得涵蓋有該系統時間之時間區間所對應的解密方式,及該儲存裝置200中對應於該目標程式且對應於該解密方式所對應之加密方式的加密授權資料,其中該目標程式為該等程式之一者。舉例來說,若該系統時間為2018/1/1,該處理單元12根據表1可獲得該解密方式所指示出的解密順序為RSA, AES, 3DES, DES,再根據該解密方式可獲得對應該目標程式且以DES, 3DES, AES, RSA的加密方式加密的該加密授權資料。In step 302, in the command interpretation environment, after receiving an execution instruction related to a target program, the processing unit 12 obtains coverage according to the system time and the lookup table of the system management data. There is a decryption method corresponding to the time interval of the system time, and encryption authorization data corresponding to the target program and corresponding to the encryption method corresponding to the decryption method in the storage device 200, wherein the target program is one of the programs By. For example, if the system time is 2018/1/1, the processing unit 12 can obtain the decryption order indicated by the decryption method according to Table 1 as RSA, AES, 3DES, DES, and then obtain the corresponding decryption method according to the decryption method. The encryption authorization data that should be encrypted by the target program and encrypted by DES, 3DES, AES, RSA.

在步驟303中,該處理單元12取得步驟302所獲得的該解密方式所對應的解密金鑰及該解密順序,並根據該解密金鑰及該解密順序解密步驟302所獲得的該加密授權資料,以產生解密授權資料。值得注意的是,在其他每一解密方式對應該等解密金鑰之一對應者的實施方式中,該處理單元12係僅根據該解密方式所對應的解密金鑰解密該加密授權資料,且該解密授權資料為解密後的加密授權資料,因此該解密授權資料也包括解密後的第二詮釋資料及一授權期間。In step 303, the processing unit 12 obtains the decryption key and the decryption order corresponding to the decryption method obtained in step 302, and decrypts the encryption authorization data obtained in step 302 according to the decryption key and the decryption order. To generate decryption authorization data. It is worth noting that, in the implementation of each of the other decryption methods corresponding to one of the decryption keys, the processing unit 12 only decrypts the encryption authorization data according to the decryption key corresponding to the decryption method, and the The decryption authorization data is the decrypted encrypted authorization data, so the decryption authorization data also includes the decrypted second interpretation data and an authorization period.

在步驟304中,該處理單元12判定對應該目標程式的第一詮釋資料與第二詮釋資料是否匹配,亦即判定該第一詮釋資料的該第一產品名稱及該第一客戶名稱之至少一者是否與該第二詮釋資料的該第二產品名稱及該第二客戶名稱之至少一者相同。當該處理單元12判定出該第一詮釋資料與該第二詮釋資料匹配時,進行步驟305;而當該處理單元12判定出該第一詮釋資料與該第二詮釋資料不匹配時,進行步驟307。In step 304, the processing unit 12 determines whether the first interpretation data corresponding to the target program matches the second interpretation data, that is, determines at least one of the first product name and the first customer name of the first interpretation data. Whether this is the same as at least one of the second product name and the second customer name of the second interpretation information. When the processing unit 12 determines that the first interpretation data matches the second interpretation data, proceed to step 305; and when the processing unit 12 determines that the first interpretation data does not match the second interpretation data, proceed to step 305 307.

在步驟305中,該處理單元12判定該系統管理資料的該系統時間是否在該解密授權資料的該授權期間內。當該處理單元12判定出該系統時間在該授權期間內時,進行步驟306;而當該處理單元12判定出該系統時間不在該授權期間內時,進行步驟307。舉例來說,若該系統時間為2018/1/1,該授權期間為2016/1/1~2018/12/31,該系統時間在該授權期間內,而若該授權期間為2016/1/1~2017/12/31,則該系統時間不在該授權期間內。In step 305, the processing unit 12 determines whether the system time of the system management data is within the authorization period of the decryption authorization data. When the processing unit 12 determines that the system time is within the authorization period, step 306 is performed; and when the processing unit 12 determines that the system time is not within the authorization period, step 307 is performed. For example, if the system time is 2018/1/1 and the authorization period is 2016/1/1 ~ 2018/12/31, the system time is within the authorization period, and if the authorization time is 2016/1 / 1 ~ 2017/12/31, the system time is not within the authorization period.

在步驟306中,該處理單元12產生一指示出該目標程式合法的授權訊息。In step 306, the processing unit 12 generates an authorization message indicating that the target program is legal.

在步驟307中,該處理單元12產生一指示出該目標程式非法的授權訊息,並移除該目標程式。In step 307, the processing unit 12 generates an authorization message indicating that the target program is illegal, and removes the target program.

要特別注意的是,在本實施例中,在該處理單元12執行步驟302後,若在一預設時間內未產生任何授權訊息,則該處理單元12直接進行步驟307。It should be particularly noted that, in this embodiment, after the processing unit 12 executes step 302, if no authorization message is generated within a preset time, the processing unit 12 directly performs step 307.

綜上所述,本發明程式驗證方法,藉由該處理單元12根據該系統時間及該查找表獲得該解密方式及該加密授權資料,並根據該解密方式,解密該加密授權資料,以產生該解密授權資料。最後根據該系統時間、該系統管理資料的該第一詮釋資料及該解密授權資料的該第二詮釋資料產生指示出該目標程式是否合法的該授權訊息,提高授權資料的安全性,以避免偽造授權資料的情形發生,故確實能達成本發明的目的。In summary, in the program verification method of the present invention, the processing unit 12 obtains the decryption method and the encryption authorization data according to the system time and the lookup table, and decrypts the encryption authorization data according to the decryption method to generate the encryption authorization data. Decrypt authorization data. Finally, according to the system time, the first interpretation data of the system management data, and the second interpretation data of the decryption authorization data, the authorization message indicating whether the target program is legitimate is generated to improve the security of the authorization data to avoid counterfeiting. The situation of authorizing the data happened, so it could indeed achieve the purpose of the invention.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above are only examples of the present invention. When the scope of implementation of the present invention cannot be limited by this, any simple equivalent changes and modifications made according to the scope of the patent application and the contents of the patent specification of the present invention are still Within the scope of the invention patent.

100‧‧‧電腦裝置 100‧‧‧Computer device

11‧‧‧儲存單元 11‧‧‧Storage Unit

12‧‧‧處理單元 12‧‧‧ processing unit

200‧‧‧儲存裝置 200‧‧‧Storage device

301~307‧‧‧步驟 301 ~ 307‧‧‧ steps

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中:  圖1是一方塊圖,示例地繪示一用來實施本發明程式驗證方法之一實施例的電腦裝置;及  圖2是一流程圖,說明本發明程式驗證方法的該實施例。Other features and effects of the present invention will be clearly presented in the embodiment with reference to the drawings, in which: FIG. 1 is a block diagram illustrating, by way of example, a computer for implementing an embodiment of the program verification method of the present invention Device; and FIG. 2 is a flowchart illustrating the embodiment of the program verification method of the present invention.

Claims (7)

一種程式驗證方法由一電腦裝置來實施,該電腦裝置與一儲存裝置電連接,並儲存有一韌體、多個程式、一時間區間對解密方式的查找表,及系統管理資料,該系統管理資料包括一相關於該電腦裝置當前時間的系統時間,及多筆分別對應該等程式的第一詮釋資料,該儲存裝置儲存有每一程式各自所對應的多筆加密授權資料,每一程式各自所對應的該等加密授權資料分別對應多種加密方式,該查找表包括多個時間區間,及多個分別對應該等時間區間且分別對應該等加密方式的解密方式,該程式驗證方法包含以下步驟: (A)執行該韌體以產生一命令解釋環境; (B)於該命令解釋環境下,在接收到一相關於一目標程式的執行指令後,根據該系統管理資料的該系統時間及該查找表,獲得涵蓋有該系統時間之時間區間所對應的解密方式,及對應於該目標程式且對應於該解密方式所對應之加密方式的加密授權資料,其中該目標程式為該等程式之一者; (C)根據步驟(B)所獲得的該解密方式,解密步驟(B)所獲得的該加密授權資料,以產生解密授權資料;及 (D)根據該系統管理資料中之對應該目標程式的第一詮釋資料及該解密授權資料,產生一指示出該目標程式是否合法的授權訊息。A program verification method is implemented by a computer device that is electrically connected to a storage device and stores a firmware, a plurality of programs, a look-up table of a time interval decryption method, and system management data. The system management data Including a system time related to the current time of the computer device, and a plurality of first interpretation data corresponding to the programs, the storage device stores a plurality of encrypted authorization data corresponding to each program, and each program independently The corresponding encryption authorization data corresponds to multiple encryption methods. The lookup table includes multiple time intervals and multiple decryption methods corresponding to the time intervals and the encryption methods. The program verification method includes the following steps: (A) execute the firmware to generate a command interpretation environment; (B) under the command interpretation environment, after receiving an execution instruction related to a target program, according to the system time and the search of the system management data Table to obtain the decryption method corresponding to the time interval covering the system time, and the corresponding target program and The encryption authorization data corresponding to the encryption method corresponding to the decryption method, wherein the target program is one of the programs; (C) According to the decryption method obtained in step (B), decrypt the data obtained in step (B). Encrypting the authorization data to generate decryption authorization data; and (D) generating an authorization message indicating whether the target program is legitimate according to the first interpretation data corresponding to the target program in the system management data and the decryption authorization data. 如請求項1所述的程式驗證方法,該電腦裝置還儲存有多個分別對應多種不同加密演算法的解密金鑰,每一解密方式對應該等解密金鑰之一對應者,其中,在步驟(C)中係根據該解密方式所對應的解密金鑰解密該加密授權資料。According to the program verification method described in claim 1, the computer device further stores a plurality of decryption keys corresponding to a plurality of different encryption algorithms, and each decryption method corresponds to one of the decryption keys. In the step, (C) decrypts the encrypted authorization data according to the decryption key corresponding to the decryption method. 如請求項1所述的程式驗證方法,該電腦裝置還儲存有多個分別對應多種不同加密演算法的解密金鑰,每一解密方式對應該等解密金鑰之至少二者,並指示出一相關於該解密方式所對應的解密金鑰的解密順序,其中,在步驟(C)中係根據該解密方式所對應的解密金鑰及該解密順序解密該加密授權資料。According to the program verification method described in claim 1, the computer device further stores a plurality of decryption keys corresponding to a plurality of different encryption algorithms, and each decryption method corresponds to at least two of the decryption keys, and indicates a Related to the decryption order of the decryption key corresponding to the decryption method, in step (C), the encrypted authorization data is decrypted according to the decryption key corresponding to the decryption method and the decryption order. 如請求項1所述的程式驗證方法,每一加密授權資料包括第二詮釋資料,其中,步驟(D)包括以下子步驟: (D-1)判定對應該目標程式的第一詮釋資料與第二詮釋資料是否匹配; (D-2)當判定出該第一詮釋資料與該第二詮釋資料匹配時,產生一指示出該目標程式合法的授權訊息;及 (D-3)當判定出該第一詮釋資料與該第二詮釋資料不匹配時,產生一指示出該目標程式非法的授權訊息。According to the program verification method described in claim 1, each encrypted authorization data includes a second interpretation data, wherein step (D) includes the following sub-steps: (D-1) determining the first interpretation data corresponding to the target program and the first interpretation data Whether the second interpretation data matches; (D-2) when it is determined that the first interpretation data matches the second interpretation data, an authorization message indicating that the target program is legal is generated; and (D-3) when it is determined that the When the first interpretation data does not match the second interpretation data, an authorization message indicating that the target program is illegal is generated. 如請求項4所述的程式驗證方法,其中,在步驟(D-1)中,該第一詮釋資料具有一第一產品名稱及第一客戶名稱之其中至少一者,該第二詮釋資料具有一第二產品名稱及一第二客戶名稱之其中至少一者。The program verification method according to claim 4, wherein in step (D-1), the first interpretation data has at least one of a first product name and a first customer name, and the second interpretation data has At least one of a second product name and a second customer name. 如請求項4所述的程式驗證方法,每一加密授權資料還包括一授權期間,其中,在子步驟(D-1)及(D-2)間步驟(D)還包括以下子步驟: (D-4)判定該系統管理資料的該系統時間是否在該解密授權資料的該授權期間內; 在子步驟(D-2)中當判定出該第一詮釋資料與該第二詮釋資料匹配且該系統時間在該授權期間內時,產生指示出該目標程式合法的該授權訊息,且在子步驟(D-4)後步驟(D)還包括以下子步驟: (D-5)當判定出該系統時間不在該授權期間內時,產生指示出該目標程式非法的該授權訊息。According to the program verification method described in claim 4, each encrypted authorization data further includes an authorization period, wherein step (D) between sub-steps (D-1) and (D-2) further includes the following sub-steps: ( D-4) determine whether the system time of the system management data is within the authorization period of the decryption authorization data; in sub-step (D-2), it is determined that the first interpretation data matches the second interpretation data and When the system time is within the authorization period, the authorization message indicating that the target program is legal is generated, and after step (D-4), step (D) further includes the following substeps: (D-5) When it is determined When the system time is not within the authorization period, the authorization message indicating that the target program is illegal is generated. 如請求項1所述的程式驗證方法,其中,在步驟(A)中,該命令解釋環境為可擴展韌體介面指令殼層。The program verification method according to claim 1, wherein in step (A), the command interprets the environment as an extensible firmware interface instruction shell.
TW107105507A 2018-02-14 2018-02-14 Application or driver verification method TWI675340B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107105507A TWI675340B (en) 2018-02-14 2018-02-14 Application or driver verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107105507A TWI675340B (en) 2018-02-14 2018-02-14 Application or driver verification method

Publications (2)

Publication Number Publication Date
TW201935358A true TW201935358A (en) 2019-09-01
TWI675340B TWI675340B (en) 2019-10-21

Family

ID=68618319

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107105507A TWI675340B (en) 2018-02-14 2018-02-14 Application or driver verification method

Country Status (1)

Country Link
TW (1) TWI675340B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110321701A (en) * 2018-03-29 2019-10-11 佛山市顺德区顺达电脑厂有限公司 Program verification method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1310464C (en) * 2002-09-24 2007-04-11 黎明网络有限公司 Method for safe data transmission based on public cipher key architecture and apparatus thereof
CN103164244A (en) * 2013-03-15 2013-06-19 南京工业大学 Firmware system long-distance updating methods based on unified extensible firmware interface
CN103714273B (en) * 2013-12-31 2017-06-09 深圳市兴邦创新信息技术有限公司 A kind of software authorization system and method based on online dynamic authorization
CN105471810B (en) * 2014-05-28 2018-07-31 北京奇安信科技有限公司 The verification method and system of soft ware authorization information
CN107169344B (en) * 2017-05-10 2020-04-21 威盛电子股份有限公司 Method for blocking unauthorized application and apparatus using the same

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110321701A (en) * 2018-03-29 2019-10-11 佛山市顺德区顺达电脑厂有限公司 Program verification method

Also Published As

Publication number Publication date
TWI675340B (en) 2019-10-21

Similar Documents

Publication Publication Date Title
US10931451B2 (en) Securely recovering a computing device
US8560820B2 (en) Single security model in booting a computing device
US8826405B2 (en) Trusting an unverified code image in a computing device
US8254568B2 (en) Secure booting a computing device
CN109669734B (en) Method and apparatus for starting a device
EP2711858B1 (en) Method and system for securely updating firmware in a computing device
US20100082960A1 (en) Protected network boot of operating system
US8209542B2 (en) Methods and apparatus for authenticating components of processing systems
KR101209252B1 (en) Booting method and boot authentication method for electronic device
US8127146B2 (en) Transparent trust validation of an unknown platform
US8364975B2 (en) Methods and apparatus for protecting data
KR100792287B1 (en) Method for security and the security apparatus thereof
US20090259855A1 (en) Code Image Personalization For A Computing Device
EP3588354B1 (en) Automatic verification method and system
WO2022156513A1 (en) Server operation system guiding method and apparatus, device, and medium
TWI675340B (en) Application or driver verification method
CN110674525A (en) Electronic equipment and file processing method thereof
KR101765209B1 (en) Apparatus and method for safe booting