Verification method and device of system loginer, computing device and readable storage medium

Abstract

The application discloses a kind of system loginer's verification method and device, computing device and readable storage medium, it is related to computing system security login technical field, can solve the problem that login program is easily intercepted tampering.System loginer's verification method includes: the measurement operation is carried out to the system loginer currently started, obtains the current measurement value of the system loginer;Judge whether reference measurement value can be taken out from the sealed object of secure chip;If so, then judge whether the current measurement value is consistent with the reference measurement value;If consistent, then allow the system loginer currently started to start;If not consistent, then refuse the system loginer currently started to start.According to the technical scheme of the application, it can be used to verify whether the started loginer is tampered with maliciously or accidentally.

Description

Technical Field

[0001] This invention relates to the field of secure login technology for computing systems, and in particular to a method and apparatus for verifying a system login device, a computing device, and a readable storage medium. Background Technology

[0002] In a computer system, users interact with the operating system through an untrusted intermediate application layer. When logging in, defining security attributes in the operating system, or changing file security levels, users must ensure they are communicating with the security core, not with a Trojan horse virus.

[0003] The current technology to achieve this goal is to construct a trusted path to ensure that communication between the user and the kernel is not stolen or altered, thereby preventing Trojan viruses from imitating the login process and stealing user password information. It also ensures that the information output to the terminal by privileged users when they perform privileged operations is correct and reliable.

[0004] Taking Linux systems as an example, to ensure that users' usernames and passwords are not stolen, the system provides a security confirmation key, SAK. SAK is a key or a set of keys that, when pressed, ensures that the user sees the genuine system launcher, not a Trojan horse-faked login emulator. The system launcher is the verification interface for logging into the desktop operating system, requiring the verification of the entered username and password.

[0005] Although the security confirmation key SAK is responded to by the kernel, it still cannot completely guarantee a trusted path. While it kills the login emulator listening on the terminal device upon response, there is no way to prevent other login emulators from starting to listen on the terminal device, killing their own login emulator processes, and launching themselves after SAK is pressed. Therefore, there is no guarantee that login emulators launched after SAK is pressed will be accurately identified and blocked. Summary of the Invention

[0006] Therefore, the present invention provides a system login verification method and apparatus, a computing device and a readable storage medium, in an attempt to solve or at least alleviate at least one of the problems mentioned above.

[0007] According to a first aspect of the present invention, a method for verifying a system login device is provided, comprising: performing a measurement operation on a currently launched system login device to obtain a current measurement value of the system login device; determining whether a reference measurement value can be extracted from a sealed object of a security chip; if so, determining whether the current measurement value is consistent with the reference measurement value; if consistent, allowing the currently launched system login device to start; if inconsistent, rejecting the startup of the currently launched system login device.

[0008] Optionally, in the method of the present invention, the benchmark metric is a metric obtained by performing a metric operation on a trusted system login device and stored in a sealed object in the security chip.

[0009] Optionally, in the method of the present invention, the step of determining whether a reference metric value can be retrieved from the sealed object of the security chip includes: obtaining a reference metric value in the sealed object based on an extended metric value in the platform configuration register of the security chip; the extended metric value is an extended value that extends the reference metric value to the available bits in the platform configuration register, and the extended metric value is bound to the sealed object; if the extended metric value in the platform configuration register has not changed, then the reference metric value can be retrieved from the sealed object of the security chip.

[0010] Optionally, in the method of the present invention, the extended metric value is bound to the extended properties of the sealed object.

[0011] Optionally, in the method of the present invention, in response to changes in the executable program of the trusted system login, the signature verification result of the update package of the trusted system login is received; if the update package is officially signed, the baseline metric is updated.

[0012] Optionally, in the method of the present invention, the step of retrieving the reference measurement value from the sealed object of the security chip further includes: if it is not possible, then determining that the system login device has been illegally tampered with.

[0013] Optionally, in the method of the present invention, the available bit in the platform configuration register is the tenth bit in the platform configuration register.

[0014] Optionally, in the method of the present invention, the step of performing a measurement operation on the currently launched system login device further includes: performing a measurement operation on the currently launched system login device in response to the activation of the security confirmation key.

[0015] According to a second aspect of the present invention, a system login verification device is provided, comprising: a measurement module, configured to perform a measurement operation on a currently launched system login to obtain a current measurement value of the system login; a first judgment module, configured to determine whether a reference measurement value can be extracted from a sealed object of a security chip; the first judgment module, configured to determine whether the current measurement value is consistent with the reference measurement value if the reference measurement value can be extracted from the sealed object of the security chip; and a startup module, configured to allow the currently launched system login to start if the current measurement value is consistent with the reference measurement value, and to refuse the startup of the currently launched system login if they are inconsistent.

[0016] According to a third aspect of the present invention, a computing device is provided, comprising: at least one processor and a memory storing program instructions; when the program instructions are read and executed by the processor, the computing device performs the method described above.

[0017] According to a fourth aspect of the present invention, a readable storage medium storing program instructions is provided, which, when read and executed by a computing device, causes the computing device to perform the method described above.

[0018] According to the technical solution of the present invention, it can be ensured that the login server responded to by the constructed trusted path is verifiable. Attached Figure Description

[0019] To achieve the foregoing and related objectives, certain illustrative aspects are described herein in conjunction with the following description and accompanying drawings. These aspects indicate various ways in which the principles disclosed herein may be practiced, and all aspects and their equivalents are intended to fall within the scope of the claimed subject matter. The foregoing and other objectives, features, and advantages of this disclosure will become more apparent from the following detailed description, taken in conjunction with the accompanying drawings. Throughout this disclosure, the same reference numerals generally refer to the same parts or elements.

[0020] Figure 1 An architecture diagram of a trusted login baseline value creation method for a system login device according to an embodiment of the present invention is shown.

[0021] Figure 2 A flowchart of an exemplary process for a trusted login baseline value creation method for a system login device according to an embodiment of the present invention is shown.

[0022] Figure 3 An architecture diagram of a system login verification method according to an embodiment of the present invention is shown.

[0023] Figure 4 A flowchart illustrating an exemplary process of a system login verification method according to an embodiment of the present invention is shown.

[0024] Figure 5 An architecture diagram of a system login monitoring method according to an embodiment of the present invention is shown.

[0025] Figure 6 A flowchart illustrating an exemplary process of a system login monitoring method according to an embodiment of the present invention is shown.

[0026] Figure 7 An architecture diagram of a system login update method according to an embodiment of the present invention is shown.

[0027] Figure 8A flowchart illustrating an exemplary process of a system login update method according to an embodiment of the present invention is shown.

[0028] Figure 9 A schematic block diagram of an example structure of a trusted login baseline value creation apparatus for a system login device according to an embodiment of the present invention is shown.

[0029] Figure 10 A schematic block diagram of an example structure of a system login verification device according to an embodiment of the present invention is shown.

[0030] Figure 11 A schematic block diagram of an example structure of a system login monitoring device according to an embodiment of the present invention is shown.

[0031] Figure 12 A schematic block diagram of an example structure of a system login update apparatus according to an embodiment of the present invention is shown.

[0032] Figure 13 A schematic diagram of a computing device according to an embodiment of the present invention is shown. Detailed Implementation

[0033] Exemplary embodiments of the present disclosure will now be described in more detail with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be implemented in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

[0034] The overall approach of this invention is as follows: Verification is performed using firmware SRTM (Static Root of Trust Measurement, i.e., the trust measurement at boot time). The integrity measurement architecture (IMA) is used to measure the system launcher program in memory, extending the system launcher program's measurement value to the security chip's PCR (essentially writing the MD5 value into the PCR). After pressing the security confirmation button, the IMA is used to measure the started application process to check if the new measurement value matches the previously extended measurement value. This prevents the system launcher from being intercepted and tampered with before responding, thus constructing a trusted path combined with the hardware security chip. Specifically, IMA is a kernel function that detects whether files have been accidentally or maliciously modified remotely or locally. It evaluates the file's measurement based on a "good" value stored as an extended attribute and enforces local file integrity. PCR is the platform configuration register, a register in the security chip used to record the system's running status.

[0035] The following describes a method for creating a trusted login baseline value for a system login device according to an embodiment of the present invention. This creation method, as well as the verification method, monitoring method, and update method described below, are all executed by invoking the IMA. Figure 1 The architecture diagram of this method is shown. (e.g.) Figure 1 As shown, a measurement operation is performed on the system login gateway that the user determines to be trustworthy, extending the measurement value to the available bits in the PCR (Programmable Logic Registry). A trustworthy system login gateway is, for example, the login interface at the start of a Windows system, which is determined to be trustworthy by the user and serves as the trusted basis for subsequent verification and monitoring operations. Optionally, the measurement value can be extended to the tenth bit of the PCR (PCR 10), that is, the measurement value is written to PCR 10. The tenth bit of the PCR is generally not occupied by processes, so extending it to the tenth bit is relatively safe and will not negatively impact system performance or process operation. Besides the tenth bit of the PCR, other bits that will not negatively impact the computing system can also be written to; this invention is not limited thereto. The measurement operation is essentially a hash calculation, and the measurement value is a complete modification of the hash value. The method calls the automatic function in the security chip to execute the process of constructing the PCR authorization policy in the available bits of the PCR. This authorization policy serves as the authentication mechanism for key confidentiality, thereby ensuring that the value written to the PCR register cannot be arbitrarily changed and can only be changed by specific users. A sealed object is created on the security chip and bound to a metric value on the available bits of the PCR (Programmable Logic Controller). This involves binding the extended value to the extended attributes of the sealed object (i.e., the key) and sealing the metric value of the trusted system login device within the created object, thus protecting the metric value with the sealed object. Furthermore, this metric value can be persistently stored in the non-volatile memory of the security chip. Figure 1 In this context, xxxxxxx represents the extended value. Policy.pcr is the authorization policy file.

[0036] Figure 2 A schematic flowchart illustrating an example of a trusted login baseline value creation method according to an embodiment of the present invention is shown. Figure 2 As shown, in this example, the method includes steps S210-S250. Each step is described below.

[0037] In step S210, a measurement operation is performed on the trusted system login device to obtain the measurement value of the trusted system login device. The trusted system login device is determined to be trusted by the user.

[0038] In step S220, the metric value of the system login device is extended to the available bits of the platform configuration register to be used as a trusted login baseline value, also known as the extended metric value.

[0039] In step S230, the authorization policy of the platform configuration register is constructed in the platform configuration register.

[0040] In step S240, a sealing object is created on the security chip, and the sealing object is bound to a metric value in the available bits of the platform configuration register.

[0041] In step S250, the metric value of the trusted system login device is sealed within a sealed object as a baseline metric value.

[0042] In another example, the trusted login baseline value creation method may further include the step of storing the aforementioned metric value in the non-volatile memory of the security chip. By storing the metric value in non-volatile memory, the information in the hardware cannot be decrypted without a key, preventing unauthorized access. Furthermore, even after a restart or program exit, or when the available PCR bits are cleared, the value in the non-volatile memory will not be cleared, thereby increasing the security of the method.

[0043] The above creation method examples combine hardware (i.e., security chips) to implement the process, providing a layer of protection against attacks, thereby increasing protection such as... Figure 1 and Figure 2 The safety of the method shown.

[0044] In addition to expanding and sealing the measurement value into the security chip, the measurement value can also be written to the extended attributes of a file. The file can be stored anywhere on the computing system and can be in any format. In this case, a security chip is not required.

[0045] Below, for reference Figure 3 An exemplary process is described below for a system login verification method according to an embodiment of the present invention. This exemplary process uses a benchmark value created by the trusted login benchmark value creation method described above, thereby enabling verification of whether an application launched in response to a security confirmation key has been illegally tampered with.

[0046] like Figure 3As shown, pressing the security confirmation key (SAK key in Linux system example) will kill all processes related to the current console. After the security confirmation key is triggered, some programs will detect the signal issued by the kernel and start immediately. It is necessary to determine whether the started program is a real login client or a Trojan virus spoofing a login, in order to prevent malicious login programs from obtaining usernames and passwords. In response to the detection that the security confirmation key has been triggered, IMA begins to perform measurement operations on all currently started application processes. The measurement value sealed in the sealed object of the security chip is retrieved through the above PCR authorization policy (policy.pcr). Optionally, if it cannot be retrieved, it may prove that the value extended to the available bits of PCR has been changed, which means that the trusted system login client has been illegally tampered with. This is because only if the extended measurement value is correct can the measurement value in the sealed object be retrieved and a correct login be performed. If the extended measurement value has changed, the measurement value in the sealed object cannot be retrieved. A recovery operation is required for the trusted login client program to start normally. If it can be retrieved normally, the retrieved measurement value is compared with... Figure 3 The system compares the metrics of the currently running application process with the metrics of the application process. If the metrics match, the application is allowed to start and the measurement is terminated. If the metrics do not match, the application is rejected and the next measurement and comparison operation is performed.

[0047] Figure 4 A schematic flowchart illustrating an exemplary process of a system login verification method according to an embodiment of the present invention is shown. Figure 4 As shown, this exemplary process includes steps S410-S450, each of which is described below.

[0048] In step S410, a measurement operation is performed on the currently launched system login device to obtain the current measurement value of the system login device.

[0049] As an example, this step can be performed in response to the activation of the security confirmation key, or it can be performed periodically.

[0050] In step S420, it is determined whether a baseline metric value can be retrieved from the sealed object of the security chip. The baseline metric value is a metric value obtained by performing a metric operation on a trusted system login device and is stored in the sealed object of the security chip.

[0051] As an example, the steps to determine whether a baseline metric can be retrieved from a sealed object of a security chip may include: obtaining the baseline metric from the sealed object based on the extended metric in the platform configuration register of the security chip; if the extended metric in the platform configuration register has not changed, then determining that the baseline metric can be retrieved from the sealed object of the security chip.

[0052] The extended metric is an extended value that extends the aforementioned baseline metric to the available bits in the platform configuration register, and the extended metric is bound to the sealed object.

[0053] If it is determined in step S420 that a reference measurement value can be retrieved from the sealed object of the security chip, then in step S430, it is further determined whether the current measurement value is consistent with the reference measurement value.

[0054] As an example, if it is determined in step S420 that the sealing measurement value cannot be retrieved from the sealed object of the security chip, it can be determined that the trusted system login device has been illegally tampered with.

[0055] like Figure 4 As shown, if step S430 determines that the current metric value is consistent with the baseline metric value, then step S440 is executed to allow the currently running system login to start.

[0056] If step S430 determines that the current measurement value is inconsistent with the baseline measurement value, then step S450 is executed to refuse the startup of the currently running system login device.

[0057] As an example, when extending the metric to the file's extended attributes, it is not necessary to obtain the metric from the sealed object. Instead, the metric in the file's extended attributes can be retrieved directly for comparison. If the comparison matches, the process passes; if the comparison does not match, the startup is rejected.

[0058] As an example, Figure 4 The exemplary process shown may further include the following steps: in response to changes in the executable program of the trusted system login, receiving the signature verification result of the update package of the trusted system login; if the update package is officially signed, updating the baseline metric value. Thus, this step enables the system login verification operation to be performed based on the updated baseline metric value.

[0059] Figure 5 An architecture diagram of a system login monitoring method according to an embodiment of the present invention is shown.

[0060] like Figure 5 As shown, the system is designed with a monitoring program running in the background. This program, which can exist as a systemddaemon service, monitors changes to the executable program of the trusted system launcher and sends these changes to the IMA. These changes could be malicious tampering or normal update operations. The IMA re-measures the system launcher and re-expands the values ​​on the PCR available bits or file extension attributes.

[0061] Figure 6 A schematic flowchart illustrating an exemplary process of the aforementioned system login monitoring method is shown. Figure 6 As shown, this exemplary process includes steps S610-S630, each of which is described below.

[0062] In step S610, the executable program changes of the trusted system login server are monitored.

[0063] In step S620, in response to the change, the available bits of the sealing object and platform configuration registers are cleared.

[0064] In step S630, the trusted login baseline value creation process is performed as follows: a measurement operation is performed on the changed system login device; the measurement value of the changed system login device is extended to the available bits in the platform configuration register to be used as a trusted login baseline value; the authorization policy of the platform configuration register is constructed in the platform configuration register; a sealed object is created on the security chip, and the sealed object is bound to the measurement value in the available bits of the platform configuration register; the measurement value of the changed system login device is sealed in the sealed object.

[0065] also, Figure 7 An architecture diagram of a system login update method according to an embodiment of the present invention is shown.

[0066] like Figure 7 As shown, the update package for the trusted system login is packaged in DEB format and originates from a trusted source. Packages within a trusted source are all signed and certified. The system has a built-in certificate by default, so during installation, the first step is to verify whether the package is officially signed. If the verification passes, the PCR register value and the sealed object created during the baseline value creation process are cleared and removed, respectively. Then, the updated system login's metric value is remeasured, and the trusted login baseline value creation process is executed again.

[0067] Figure 8 A flowchart illustrating an exemplary process of a system login update method according to an embodiment of the present invention is shown. Figure 8 As shown, this exemplary process includes steps S810-S830, each of which is described below.

[0068] In step S810, a verification result is received, which indicates that the update package of the trusted system login is officially issued.

[0069] In step S820, in response to receiving an update packet from a trusted system login device that is an officially signed verification result, the available bits of the aforementioned sealed object and platform configuration register are cleared.

[0070] In step S830, the trusted login baseline value creation process is performed as follows: a measurement operation is performed on the updated system login device; the measurement value of the updated system login device is expanded to the available bits in the platform configuration register to be used as a trusted login baseline value; the authorization policy of the platform configuration register is constructed in the platform configuration register; a sealed object is created on the security chip, and the sealed object is bound to the measurement value in the available bits of the platform configuration register; the measurement value of the trusted system login device is sealed in the sealed object.

[0071] The above trusted login baseline creation process ensures that a baseline value is available to verify the security and trustworthiness of the login information displayed on the screen during the next trusted path response construction process; the system login verification method ensures that the login responder in the trusted path construction response is verifiable; the system login monitoring process ensures that the system login will not pass verification after being accidentally tampered with; and the system login update process ensures that the system login installed in the system is officially certified for security.

[0072] The aforementioned "login launcher responding to the 'build trusted path' operation" refers to the launcher initiated in response to the "build trusted path" operation (or action). Furthermore, "the launcher responding to the 'build trusted path' operation is verifiable" means that the launcher initiated in response to the "build trusted path" operation can be verified as having not been maliciously or accidentally tampered with.

[0073] According to embodiments of the present invention, a trusted login baseline value creation apparatus is also provided. For example... Figure 9 As shown, the device includes a measurement module 910, an expansion module 920, a construction module 930, a creation module 940, and a sealing module 950. Each module is described below.

[0074] The measurement module 910 is used to perform measurement operations on trusted system logins to obtain the measurement value of trusted system logins, wherein trusted system logins are determined to be trusted by users.

[0075] Extension module 920 is used to extend the trusted system login metric to the available bits of the platform configuration register for use as a trusted login baseline value, also known as the extended metric.

[0076] Module 930 is used to build the authorization policy of the platform configuration register in the above platform configuration register.

[0077] The creation module 940 is used to create a sealed object on the security chip and bind the sealed object to a metric value in an available bit of the platform configuration register.

[0078] The sealing module 950 is used to seal the metrics of a trusted system login device within a sealed object as a baseline metric.

[0079] The trusted login baseline value creation device may further include a storage module for storing the aforementioned measurement values ​​in the non-volatile memory of the security chip. By storing these measurement values ​​in the non-volatile memory, the information in the hardware cannot be decrypted without a key, preventing unauthorized access. Furthermore, even after a restart or program exit, or when the available PCR bits are cleared, the values ​​in the non-volatile memory will not be cleared, thereby increasing the security of the method.

[0080] In addition to extending and sealing the measurement value into the security chip, extension module 920 can also write the measurement value into the extended attributes of a file. The file can be stored anywhere on the computing system and can be in any format. In this case, the security chip is no longer needed, nor are building module 930, creation module 940, and sealing module 950 required.

[0081] According to embodiments of the present invention, a system login verification device is also provided. For example... Figure 10 As shown, the device includes a measurement value acquisition module 1010, a first judgment module 1020, a second judgment module 1030, and a startup module 1040. Each module is described below.

[0082] The measurement value acquisition module 1010 is used to perform measurement operations on the currently launched system login and obtain the current measurement value of the system login.

[0083] The first judgment module 1020 is used to determine whether the reference measurement value can be extracted from the sealed object of the security chip.

[0084] The second judgment module 1030 is used to determine whether the current measurement value is consistent with the reference measurement value when the reference measurement value can be retrieved from the sealed object of the security chip.

[0085] The startup module 1040 is used to allow the currently running system launcher to start if the current metric value is consistent with the baseline metric value, and to refuse the startup of the currently running system launcher if they are inconsistent.

[0086] In addition, when the metric is extended to the file's extended attributes, it is not necessary to obtain the metric from the sealed object. The second judgment module 1030 can directly retrieve the metric from the file's extended attributes and compare it with the current metric. If the comparison is consistent, the system launcher is allowed to start; if the comparison is inconsistent, the launch is rejected.

[0087] Figure 10The apparatus may further include: an update module, configured to receive the verification result of an update package from the trusted system login in response to changes in the executable program of the trusted system login; and, if the update package is officially signed, update the baseline metric. This allows the system login verification operation to be performed based on the updated baseline metric.

[0088] According to embodiments of the present invention, a system login device monitoring apparatus is also provided. For example... Figure 11 As shown, the device includes a monitoring module 1110, a zeroing module 1120, and a trusted login baseline value creation module 1130. Each module is described below.

[0089] The monitoring module 1110 is used to monitor changes in the executable program of a trusted system login server.

[0090] The clearing module 1120 is used to clear the available bits of the sealed object and platform configuration registers in response to changes.

[0091] The trusted login baseline value creation module 1130 includes: a measurement module 1130-1, used to perform measurement operations on the changed system login device; an extension module 1130-2, used to extend the measurement value of the changed system login device to the available bits in the platform configuration register for use as a trusted login baseline value; a construction module 1130-3, used to construct the authorization policy of the platform configuration register in the platform configuration register; a creation module 1130-4, used to create a sealed object on the security chip and bind the sealed object to the measurement value in the available bits of the platform configuration register; and a sealing module 1130-5, used to seal the measurement value of the changed system login device within the sealed object.

[0092] According to embodiments of the present invention, a system login update device is also provided. For example... Figure 12 As shown, the device includes a zeroing module 1210 and a trusted login baseline value creation module 1220. The modules are described below.

[0093] The clearing module 1210 is used to receive the update packet from the trusted system login device, which is an officially signed verification result, and in response, clears the available bits of the aforementioned sealed object and platform configuration register.

[0094] The trusted login baseline value creation module 1220 includes: a measurement module 1220-1, used to perform measurement operations on the updated system login device; an extension module 1220-2, used to extend the measurement value of the updated system login device to the available bits in the platform configuration register for use as a trusted login baseline value; a construction module 1220-3, used to construct the authorization policy of the platform configuration register in the platform configuration register; a creation module 1220-4, used to create a sealed object on the security chip and bind the sealed object to the measurement value in the available bits of the platform configuration register; and a sealing module 1220-5, used to seal the aforementioned trusted system login device measurement value within the sealed object.

[0095] The method of this invention can be executed in a computing device. The computing device can be any device with storage and computing capabilities, such as a server, workstation, or a personal computer such as a desktop computer or laptop computer, or a terminal device such as a mobile phone, tablet computer, smart wearable device, or Internet of Things device, but is not limited thereto.

[0096] Figure 13 A schematic diagram of a computing device according to an embodiment of the present invention is shown. It should be noted that... Figure 13 The computing device shown is merely an example. In practice, the computing device used to implement the method of this invention can be any type of device, and its hardware configuration can be similar to... Figure 13 The computing device shown is the same as that shown, and can also be used with Figure 13 The computing devices shown are different. Relative to... Figure 13 The hardware components of the computing device shown may be added to or removed in practice when implementing the method of the present invention. The present invention does not limit the specific hardware configuration of the computing device.

[0097] like Figure 13 As shown, the device may include: a processor 1310, a memory 1320, an input / output interface 1330, a communication interface 1340, and a bus 1350. The processor 1310, memory 1320, input / output interface 1330, and communication interface 1340 are interconnected within the device via the bus 1350.

[0098] The processor 1310 can be implemented using a general-purpose CPU (Central Processing Unit), microprocessor, application-specific integrated circuit (ASIC), or one or more integrated circuits, and is used to execute relevant programs to implement the technical solutions provided in the embodiments of this specification.

[0099] The memory 1320 can be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory), static storage device, dynamic storage device, etc. The memory 1320 can store the operating system and other application programs. When the technical solutions provided in the embodiments of this specification are implemented by software or firmware, the relevant program code is stored in the memory 1320 and is called and executed by the processor 1310.

[0100] The input / output interface 1330 is used to connect input / output modules to realize information input and output. Input / output modules can be configured as components within the device (not shown in the figure) or externally connected to the device to provide corresponding functions. Input devices may include keyboards, mice, touchscreens, microphones, various sensors, etc., while output devices may include displays, speakers, vibrators, indicator lights, etc.

[0101] The communication interface 1340 is used to connect a communication module (not shown in the figure) to enable communication between this device and other devices. The communication module can communicate via wired means (such as USB, Ethernet cable, etc.) or wireless means (such as mobile network, WIFI, Bluetooth, etc.).

[0102] Bus 1350 includes a pathway for transmitting information between various components of the device, such as processor 1310, memory 1320, input / output interface 1330, and communication interface 1340.

[0103] It should be noted that although the above-described device only shows the processor 1310, memory 1320, input / output interface 1330, communication interface 1340, and bus 1350, in specific implementations, the device may also include other components necessary for normal operation. Furthermore, those skilled in the art will understand that the above-described device may only include the components necessary for implementing the embodiments of this specification, and not necessarily all the components shown in the figures.

[0104] This invention also provides a non-transitory readable storage medium storing instructions for causing a computing device to execute a method according to an embodiment of the invention. The readable medium in this embodiment includes both permanent and non-permanent, removable and non-removable media, and information storage can be implemented by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of readable storage media include, but are not limited to: phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, magnetic disk storage, etc.

[0105] In the specification provided herein, the algorithms and displays are not inherently related to any particular computer, virtual system, or other device. Various general-purpose systems can also be used with the examples of this invention. The required structure for constructing such systems is apparent from the above description. Furthermore, this invention is not directed to any particular programming language. It should be understood that the contents of the invention described herein can be implemented using various programming languages, and the above description of specific languages ​​is for the purpose of disclosing preferred embodiments of the invention.

[0106] Numerous specific details are set forth in the specification provided herein. However, it will be understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures, and techniques have not been shown in detail so as not to obscure the understanding of this specification.

[0107] Similarly, it should be understood that, in order to simplify this disclosure and aid in understanding one or more aspects of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof in the above description of exemplary embodiments of the invention. However, this method of disclosure should not be construed as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Those skilled in the art will understand that modules, units, or components of the device in the examples disclosed herein can be arranged in the device described in this embodiment, or alternatively, can be located in one or more devices different from the device in this example. The modules in the foregoing examples can be combined into a single module or further divided into multiple sub-modules.

[0108] Those skilled in the art will understand that modules in the apparatus of an embodiment can be adaptively modified and placed in one or more devices different from that embodiment. Modules, units, or components in an embodiment can be combined into a single module, unit, or component, and further, they can be divided into multiple sub-modules, sub-units, or sub-components. Unless at least some of such features and / or processes or units are mutually exclusive, any combination can be used to combine all features disclosed in this specification (including the accompanying claims, abstract, and drawings) and all processes or units of any method or apparatus so disclosed. Unless expressly stated otherwise, each feature disclosed in this specification (including the accompanying claims, abstract, and drawings) may be replaced by an alternative feature that serves the same, equivalent, or similar purpose.

[0109] Furthermore, those skilled in the art will understand that although some embodiments described herein include certain features but not others included in other embodiments, combinations of features from different embodiments are meant to be within the scope of the invention and form different embodiments. Additionally, some of the embodiments described herein are described as methods or combinations of method elements that can be implemented by a processor of a computer system or by other means of performing the functions. Therefore, a processor having the necessary instructions for implementing the method or method elements forms means for implementing the method or method elements.

[0110] As used herein, unless otherwise specified, the use of ordinal numbers such as “first,” “second,” “third,” etc., to describe ordinary objects merely indicates different instances of similar objects and is not intended to imply that the objects being described must have a given order in time, space, ordering, or any other manner.

[0111] Although the invention has been described with respect to a limited number of embodiments, those skilled in the art will understand from the foregoing description that other embodiments are conceivable within the scope of the invention described herein. Furthermore, it should be noted that the language used in this specification has been chosen primarily for readability and instructional purposes, and not for the purpose of explaining or limiting the subject matter of the invention.

Claims

1. A method for verifying a system login device, comprising: In response to pressing the security confirmation key, kill all processes associated with the current console. Determine whether the program launched after pressing the security confirmation key is a legitimate login client, including the following steps: Perform a measurement operation on the currently launched system launcher to obtain the current measurement value of the system launcher; Determine whether a baseline measurement value can be extracted from the sealed object of the security chip; If so, determine whether the current metric value is consistent with the baseline metric value; If they match, the currently running system launcher is allowed to start; If there is a discrepancy, the currently running system launcher will be refused to start; The method further includes: monitoring changes to the executable program of a trusted system login client; In response to a change, the available bits in the platform configuration registers of the sealed object and the security chip are cleared. The trusted login baseline value creation process includes: performing a measurement operation on the changed system login device; expanding the measurement value of the changed system login device into the available bits in the platform configuration register to be used as a trusted login baseline value; constructing the authorization policy of the platform configuration register in the platform configuration register; creating a new sealing object on the security chip and binding the new sealing object to the measurement value in the available bits of the platform configuration register; sealing the measurement value of the changed system login device within the new sealing object; the trusted login baseline value is used to verify the security and trustworthiness of the login information appearing on the screen the next time.

2. The system login verification method as described in claim 1, wherein, The baseline metric is a metric obtained by performing a metric operation on a trusted system login device and is stored in a sealed object within the security chip.

3. The system login verification method as described in claim 2, wherein, The step of determining whether the reference measurement value can be extracted from the sealed object of the security chip includes: Based on the extended metric value in the platform configuration register of the security chip, the baseline metric value in the sealed object is obtained; the extended metric value is an extended value that extends the baseline metric value into the available bits in the platform configuration register, and the extended metric value is bound to the sealed object; If the extended metric value in the platform configuration register remains unchanged, the baseline metric value can be retrieved from the sealed object of the security chip.

4. The system login verification method as described in claim 3, wherein, The extended metric is bound to the extended properties of the sealed object.

5. The system login verification method as described in claim 2, wherein, In response to changes in the executable program of the trusted system login, the signature verification result of the update package from the trusted system login is received; If the update package is officially issued, then the baseline metric is updated.

6. The system login verification method as described in claim 1, wherein, The step of retrieving the reference measurement value from the sealed object of the security chip further includes: If not, it is determined that the system login device has been illegally tampered with.

7. The system login verification method as described in claim 3 or 4, wherein, The available bit in the platform configuration register is the tenth bit in the platform configuration register.

8. The system login verification method as described in claim 1, wherein, The steps for performing measurement operations on the currently launched system launcher also include: In response to the activation of the security confirmation key, a measurement operation is performed on the currently running system login client.

9. A verification device for a system login device, the device being configured to kill all processes associated with the current console in response to pressing a security confirmation key; And the device for determining whether the program launched after pressing the security confirmation key is a genuine login client includes: The measurement value acquisition module is used to perform measurement operations on the currently launched system launcher and obtain the current measurement value of the system launcher. The first judgment module is used to determine whether the baseline measurement value can be extracted from the sealed object of the security chip; The second judgment module is used to determine whether the current measurement value is consistent with the reference measurement value when the reference measurement value can be retrieved from the sealed object of the security chip. A startup module is configured to allow the currently running system launcher to start when the current metric value matches the baseline metric value. If there is a discrepancy, the currently running system launcher will be refused to start; The device is also used to: monitor changes in the executable program of a trusted system login device; In response to a change, the available bits in the platform configuration registers of the sealed object and the security chip are cleared. The trusted login baseline value creation process includes: performing a measurement operation on the changed system login device; expanding the measurement value of the changed system login device into the available bits in the platform configuration register to be used as a trusted login baseline value; constructing the authorization policy of the platform configuration register in the platform configuration register; creating a new sealing object on the security chip and binding the new sealing object to the measurement value in the available bits of the platform configuration register; sealing the measurement value of the changed system login device within the new sealing object; the trusted login baseline value is used to verify the security and trustworthiness of the login information appearing on the screen the next time.

10. A computing device, comprising: At least one processor and a memory storing program instructions; When the program instructions are read and executed by the processor, the computing device performs the method as described in any one of claims 1-8.

11. A readable storage medium storing program instructions that, when read and executed by a computing device, cause the computing device to perform the method as described in any one of claims 1-8.

Images