185 results about "Master boot record" patented technology

A method, an apparatus and a virtual machine for detecting a malicious program(s) are disclosed. The method comprises: setting a virtual memory (301); reading a Master Boot Record (MBR) and storing the MBR in the virtual memory (302); and executing each instruction of the MBR in the virtual memory simulatedly, and detecting whether the virtual memory is modified after executing each instruction (303); if so, a malicious program is found, otherwise, continuing to execute the next instruction simulatedly until completing simulation execution of all instructions of the MBR. The technical solution can find the deformed malicious program(s).

Techniques detect bootkits resident on a computer by detecting a change or attempted change to contents of boot locations (e.g., the master boot record) of persistent storage, which may evidence a resident bootkit. Some embodiments may monitor computer operations seeking to change the content of boot locations of persistent storage, where the monitored operations may include API calls performing, for example, WRITE, READ or APPEND operations with respect to the contents of the boot locations. Other embodiments may generate a baseline hash of the contents of the boot locations at a first point of time and a hash snapshot of the boot locations at a second point of time, and compare the baseline hash and hash snapshot where any difference between the two hash values constitutes evidence of a resident bootkit.

The invention discloses a trust chain transfer method for a trusted computing platform. A trusted computing module (TCM) serving as a starting point of starting a trust chain is started and actively initiated at first to verify the trustiness of a BIOS (basic input output system) chip; after the trusted BIOS chip is started, a MAIN BLOCK of the BIOS chip performs concentrated integrity verification on key files of an MBR (master boot record), an operating system loader and an operating system kernel; in the starting process of an operating system, the starting and running of an unauthorized program are prevented in a way of combining the integrity verification based on a white list and running program control; and hashing operations for the integrity verification are finished by a hardware computing engine. When a user starts any executable program, a security module in the operating system kernel checks the integrity of the program and checks whether the program is in the trusted program white list or not, and only application programs which are in the trusted program white list of the system and have integrity measures consistent with an expected value are permitted to be run. High-efficiency and fine-grained trust chain transfer is realized, the damages of viruses to system files and program files can be prevented, and the execution of the unauthorized program can be prevented.

The invention discloses a unified extensible firmware interface (UEFI) trusted supporting system and a method for controlling the same. The UEFI trusted supporting system comprises UEFI trusted supporting system firmware and a trusted platform control module (TPCM), wherein the UEFI trusted supporting system firmware is stored on a nonvolatile memory and connected with the TPCM by a system bus; and the TPCM is connected with a trusted computation platform by the system bus. The method for controlling the UEFI trusted supporting system comprises the following steps of: firstly, loading a driver for the TPCM; secondly, sequentially authenticating the identity of users, performing measurement validation on a basis input/output system (BIOS), the characteristic data of hardware and a master boot record (MBR) / operating system (OS) Loader/OS Kernel, controlling different hardware peripheral interfaces according to an I/O strategy of the users, and performing safety guide setting on the system by a safety guide module; and finally, controlling by the BIOS or the OS. By the system and the method, trusted computation, the configuration management of the TPCM, the backup/recovery of the BIOS/MBR/OS Loader/OS Kernel and the physical protection of key data are realized on a firmware layer. The invention can be simultaneously applied to a Linux system which opens source codes and a Windows system which does not open the source codes, so that a fault does not occur in a trust chain between BIOS firmware and OS software, and the safety of a computer and the friendliness of human-computer interaction are improved.

A method and system are provided for authenticating and securing an embedded device using a secure boot procedure and a full non-volatile memory encryption process that implements Elliptic Curve Pinstov-Vanstone Signature (ECPV) scheme with message recovery on a personalized BIOS and master boot record. The signature includes code that is recovered in order to unlock a key that is in turn used to decrypt the non-volatile memory. The use of ECPVS provides an implicit verification that the hardware is bound to the BIOS since the encrypted memory is useless unless properly decrypted with the proper key.

Certain aspects of a method for iSCSI boot may include loading boot BIOS code from a host bus adapter or a network interface controller (NIC) by an iSCSI client device. A connection may be established to an iSCSI target by the iSCSI client device after loading the boot BIOS code. The boot BIOS code may be chained to at least one interrupt handler over iSCSI protocol. An operating system may be remotely booted from the iSCSI target by the iSCSI client device based on chaining the interrupt handler. An Internet protocol (IP) address and/or location of the iSCSI target may be received. At least one iSCSI connection may be initiated to the iSCSI target based on chaining at least one interrupt handler. The iSCSI target may be booted in real mode if at least one master boot record is located in the memory.

A data processing system and method are described for booting a computer system from a virtual floppy diskette. A native operating system is executed by the computer system which utilizes a native file system. A boot able floppy diskette image is stored on the hard drive. The image includes a second operating system which utilizes a second file system. A master boot record stored on the hard drive is modified to include a boot bit. The boot bit is set in response to a storage of the image. The computer system is then booted from the image in response to the boot bit being set. The native operating system and the native file system are unchanged during the booting of the computer system from the image.

Provided are a booting method of updating software components installed in a system and recovering from an error that occurs in an update, a method and system for automatically updating the software and recovering from the error, and a computer readable recording medium storing the method. The master boot record and the backup boot record are used to stably update a kernel and effectively recover from an update error. The component configuration database is used to update a plurality of software components including a kernel in a transaction, and perfectly recover from an update error.

The invention discloses an MBR (Master Boot Record)-based GPS (Global Position System) track map matching method. Portable GPS equipment is connected with a computer host. The MBR-based GPS track map matching method has the following advantages and active effects: 1, historical information and road network topology information are introduced, and a matching path is judged by using the distance and angle, thus, the matching precision is improved, and errors are reduced; 2, the MBR-based GPS track map matching method is simple and effective, capable of processing larger data volume and good in real-time property, the complexity of matching calculation is lowered, and the time efficiency is increased; 3, the fault tolerance property is better, and incorrect data input is allowed; and 4, error point filtering is realized, and the positioning accuracy is further improved.

The invention discloses a computer system starting method and a computer terminal. The computer system starting method comprises the following steps of: operating a program self-detection hardware state of a BIOS (Basic Input-Output System) after starting; reading and executing a MBR (Master Boot Record) program in a disk after self-detection; in an MBR program executing program, guiding and loading a trusted guide program; guiding and loading a main starting program stored in the disk after loading the trusted guiding program; in a process of loading the trusted guiding program, reading the main starting program stored in the disk so as to carry out credibility verification; when the credibility verification is not passed, reading the corresponding standby starting program in the disk to replace the main starting program which is not verified; and in a process of loading the main starting program stored in the disk, completing the starting program. According to the computer system starting method and the computer terminal provided by the invention, the starting process is safe and trusted.

A storage medium driving device including a storage medium having a user area and a non-user area, and to record master boot record information that is backed up in the non-user area, and a controller to compare the backup master boot record information with master boot record information read from the user area, and to restore master boot record information recorded in the user area according to the comparison results.

The invention discloses an MID (Mobile Internet Device) multiple operating system parallelizing method. The mater boot record of an external memory such as SSD (Solid State Disk) hardware on the MID is modified, an operation system start-up boot management program is added, the external memory is reasonably partitioned for be used by multiple operating systems, and thus, the penalization and the coexistence of two even more operating systems are achieved. The method effectively widens the user objects and the application range of the MID, a user can experience multiple operating systems without purchasing additional hardware, and the multiple operating systems can be conveniently switched through the start-up boot management program.

A method and system for providing an event driven hardfile image in a computer system is disclosed. The computer system includes a hardfile, a hardfile adapter, a master boot record and an operating system. The method and system include providing an extended physical partition table describing a plurality of partitions on the hardfile and defining at least one image using a utility. Each image corresponds to at least a portion of the plurality of partitions and to a corresponding event. An image is to be mapped to the master boot record in response to an occurrence of the corresponding event. The method and system also include providing an event driven table including each of the at least one image.

The invention discloses a trusted software base providing an active security service, comprising a trusted password module and an operating system kernel. The operating system kernel is provided with a kernel-level trusted password module driver, a kernel-level trusted software stack and a kernel-level security service module; a security manager and a security strategy server are arranged in the kernel-level security service module; the trusted password module provides a hardware engine for encryption operation and hash operation, and verifies integrity of a trusted BIOS (Basic Input/Output System); the trusted BIOS is used for verifies the integrity of PC hardware devices and an MBR (Master Boot Record); the MBR is used for guiding an OS (Operating system) Loader, and verifies the integrity of the OS Loader; and the kernel-level security service module captures security related information at a key security control point in a kernel layer of the operating system, and performs access control and least privilege control. The trusted software base effectively prevents unauthorized operations and rogue programs from performing unauthorized modification on application codes and configurations, and prevents secret disclosure of application resources, thereby guaranteeing the privacy and the integrity of an application environment.

The invention discloses a storage device and a system starting method thereof. The system starting method includes partitioning the storage device into system partitions and a plurality of data blocks, storing a kernel image file into the system partitions, and storing boot loaders and backing up the data blocks; finding and executing the accurate boot loaders by judging, and loading and executing the kernel image file by the accurate boot loaders, and starting the operating system. The storage device is partitioned into the system partitions, a master boot recording area and the data blocks, the boot loaders are stored and backed up in the data block, accuracy of the boot loaders is guaranteed, success rate of the kernel image file in the loading system partition of the boot loaders is increased, and reliability in system starting of the storage device is improved.

A method for finding files or folders, including the following steps: acquiring a hard disk partition format; acquiring the recording addresses of all the file or folder attributes in the hard disk according to the hard disk partition format, and reading all the file or folder attributes into an internal memory according to the recording addresses of the file or folder attributes; and traversing and finding all or part of the files or folders in all the file or folder attributes read into the internal memory.Also provided is a device for finding files or folders for realizing the method above.The method and device for finding files or folders in the present invention can find files or folders rapidly, and reduce occupied computer resources.

The invention provides a device, a computer and a method for protecting and restoring an operating system; wherein, the device is applied to a computer which is provided with a memory equipment and independent redundant disk array card, and at least comprises a configuration information memory unit, a calibrating unit and a restoring unit; the configuration information memory unit is used for storing the initial independent redundant disk array configuration information and the initial master boot record partitioning configuration information, the calibrating unit is used for comparing the initial independent redundant disk array configuration information with the current independent redundant disk array configuration information, and the initial master boot record partitioning configuration information with the current master boot record partitioning configuration information, and for generating a restoring command if the comparison result is inconsistent, and the restoring unit is used for restoring the current independent redundant disk array configuration information and the current master boot record partitioning configuration information. With the adoption of the technology provided by the above preferential embodiment of the invention, under the circumstance that HPA of the memory system configuration is damaged, RAID card configuration information and hard disk MBR partitioning configuration information can be still guaranteed simultaneously, thus ensuring the next normal starting of the operating system.

An electronic device includes a storage unit to store a master boot record (MBR) and an operating system, a control unit to boot the electronic device using the stored MBR and operating system, to generate and store backup data of the MBR in the storage unit when the electronic device is booted, a validity determination unit to determine validity of the MBR when a predetermined event has occurred, and a restoration unit to restore the MBR using the backup data stored in the storage unit if the MBR is not valid.

An apparatus for and a method of restoring a master boot record infected with a virus. The apparatus comprises a first storage unit storing a master boot record (MBR), and a virus check unit searching the storage position of the MBR within the first storage unit, to determine whether the MBR is infected with the virus and, if the MBR is infected, to restore the MBR.

The embodiment of the invention discloses a method for expanding the disk space of a virtual machine. The method comprises the following steps of powering off the virtual machine with a to-be-expanded disk; distributing a target disk to the virtual machine, wherein the space capacity of the target disk is equal to the expected value of the disk space required by the virtual machine; completely copying data files in the current disk to the target disk; calling a disk expanding tool to modify a master boot record (MBR) of the target disk and a disk file system partition table, so that the space capacity of the target disk is identified; building association between the target disk and the virtual machine, and releasing the current disk. The embodiment of the invention also discloses a device for expanding the disk space of the virtual machine. According to the embodiment of the invention, space expansion for a data disk and a system disk of the virtual machine can be directly realized by a virtualized resource manager, and the method is simple in operation and relatively strong in feasibility.