Trusted Boot Method Based on Authentication Policy File and Hardware Information Collection

An authentication strategy and boot-up technology, applied in digital data authentication, computer security devices, instruments, etc., can solve the problems of fixed authentication process, lack of local authentication capabilities of terminal equipment, difficulty in meeting flexible and changeable authentication requirements, etc., to achieve guaranteed safety effect

Inactive Publication Date: 2011-12-21
XIDIAN UNIV
View PDF2 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The existing technology usually requires an additional device like an authentication server to complete the authentication of the terminal device, lacks the local authentication capability of the terminal device, and cannot ensure that the terminal operates in a trusted physical environment when the connection with the authentication server fails; At the same time, the certification process of the existing technology is relatively fixed. When the terminal equipment certification requirements change, it is impossible to make corresponding changes flexibly and efficiently, and it is difficult to meet the flexible and changeable certification requirements.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Trusted Boot Method Based on Authentication Policy File and Hardware Information Collection
  • Trusted Boot Method Based on Authentication Policy File and Hardware Information Collection
  • Trusted Boot Method Based on Authentication Policy File and Hardware Information Collection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0039] The invention is a credible booting method based on authentication policy files and hardware information collection. Configure authentication policy files for terminal devices in a trusted environment, and save them in the terminal security area. The verification value of the hardware device item, the specific process of a trusted boot is as follows:

[0040] (1) The terminal equipment is powered on and started, and the terminal equipment usually refers to a computer.

[0041] (2) Collect hardware device information, and authenticate the terminal device according to the configured authentication policy file. The authentication steps include:

[0042] 2.1) Read the authentication policy file, if there is no authentication policy file, go to step 2.7), if there is an authentication policy file, go to step 2.2).

[0043] The authentication policy file is pre-configured, and the policy file specifies the hardware equipment items that the terminal needs to authenticate, th...

Embodiment 2

[0062] The trusted boot method based on authentication policy files and hardware information collection is the same as that in Embodiment 1.

[0063] The concrete realization of the present invention is described in conjunction with the specific development example under the linux operating system CentOS 5.3 (kernel version: 2.6.18).

[0064] A specific terminal device authentication process is as follows: figure 2 As shown, the specific implementation is as follows:

[0065] 2.1) The authentication policy file is saved in / root / hw, read this file to obtain the authentication policy file, and store its directory address in the policy_dir_list of the policy file list, if there is no authentication policy file, go to step 2.7), if there is an authentication policy file Proceed to step 2.2).

[0066] 2.2) Collect hardware device information, respectively collect hardware device information of processor (CPU), PC, BIOS, motherboard (Motherboard), memory (MEM), USB, hard disk (H...

Embodiment 3

[0090] The trusted booting method based on authentication policy file and hardware information collection is the same as that in Embodiments 1 and 2.

[0091] The computer starts up with the correct hard disk, internal memory, and USB port removable storage device. After steps 2.1), 2.2), 2.3), and 2.6) the computer is authenticated successfully, and the operating system is trusted to start.

[0092] The computer uses the correct hard disk and memory and the wrong USB interface mobile storage device to start up. After steps 2.1), 2.2), 2.3), 2.4), and 2.5), the computer authentication fails, and the verification failure message is displayed: Lack of proper USB device .Consider change a correct one.

[0093] Operate according to the verification failure information: If the correct USB interface mobile storage device is replaced, the computer authentication is successful after steps 2.1), 2.2), 2.3), and 2.6), and the operating system can be trusted to start; if the correct USB ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a trusted startup method based on an authentication policy file and hardware information collection. When a computer terminal device is electrified and started, the terminal is authenticated according to the preset authentication policy file; at first the authentication policy file is read and then information of hardware devices is collected; and each hardware device item is verified according to the authentication policy file and after the verification is successful, the computer terminal device is started credibly. If the verification fails, the authentication policy file which is not applied is searched; if the authentication policy file which is not applied exists, a new authentication policy file is used for new verification; and the procedure is the same until no authentication policy file exist. The method of the invention does not have to interact with an authentication server and other devices and the terminal device is authenticated locally so that the terminal device is ensured to run in a trusted physical environment and the safety of an information system is ensured. The authentication policy file can be flexibly configured according to the diversity of authentication requirements, thus the safety requirement of the information system can be met in a changeable situation.

Description

technical field [0001] The invention belongs to computer terminal equipment authentication technology, in particular to a terminal equipment local authentication technology, in particular to a trusted booting method based on authentication policy files and hardware information collection. It is used to ensure that the computer terminal information system starts in a trusted environment. Background technique [0002] At present, most of the security protection of computer information systems starts from the application level, such as identity authentication, access control, data encryption, security audit, network firewall, anti-virus software and other technologies. These technologies need to be built on the underlying hardware and software facilities. The facilities are all destroyed and invaded, and the above-mentioned technologies will lose their due effect. Therefore, only by taking measures at the bottom of the software and hardware of the information system can the se...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/00G06F21/44
Inventor 李兴华马建峰张亮芦笛郭朝辉杨力王一川邓晶晶岳盼孟宪佳
Owner XIDIAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap