CN101986325A - Computer security access control system and method - Google Patents
Computer security access control system and method Download PDFInfo
- Publication number
- CN101986325A CN101986325A CN2010105265918A CN201010526591A CN101986325A CN 101986325 A CN101986325 A CN 101986325A CN 2010105265918 A CN2010105265918 A CN 2010105265918A CN 201010526591 A CN201010526591 A CN 201010526591A CN 101986325 A CN101986325 A CN 101986325A
- Authority
- CN
- China
- Prior art keywords
- user
- operating system
- access control
- usbkey
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a computer security access control system and a computer security access control method, and belongs to the technical field of information security. A unified extensible firmware interface (UEFI) chip and a transmission control module (TCM) chip are included; a control system comprises an operating system pre-booting access control subsystem and an operating system running access control subsystem, wherein the operating system pre-booting access control subsystem comprises USBKey equipment, a USBkey equipment initialization module, a user management module, an operating system pre-booting identity authentication module and an encryption storage module; and the operating system running access control subsystem comprises USBKey equipment, an operating system user logon module, and an operating system user running protection module. The control method comprises an initialization method, an operating system pre-booting access control method and an operating system running access control method. The invention solves the problems that in the operating system, the reliability of access control is low, user identity information storage is insecure, and identity protection is insufficient in the running process after a user with legal identity logs on.
Description
Technical field
The present invention relates to a kind of field of information security technology, specifically a kind of computer security access control system and control method.
Background technology
The develop rapidly of computer nowadays technology; all trades and professions use ten hundreds of computing machines to carry out computing; enjoy application software; the information-based facility that data processing provides to us; yet thing followed information security issue is threatening government, enterprises and institutions particularly to have the information security of the linked groups of concerning security matters demand as potential safety hazards such as illegal use, virus, malicious attacks all the time; user data is badly in need of safeguard protection, the comprehensive access control safety strategy of user's an urgent demand.
At present the access control method of computing machine being adopted the authentication mode mostly comprises:
The mode with registered permanent residence password and password based on operating system and software is carried out granted access to the user.This mode uses the computer program of setting to set up different users and user identification authorization, can realize the security strategy of user capture according to different user rights.
Authentication mode based on smart card or dynamic password card.This mode strengthens the verification mode of simple software control, adds hardware devices such as external smart card and dynamic password card.A kind of is that PIN code or dynamic algorithm by static state produces PIN code, the user need provide smart card device and import the PIN code identity verification, another kind is at the embedded digital certificate of smart card, mode by program realization digital signature is carried out authentication, and above method is commonly referred to double factor authentication mode.
Double factor authentication based on biotechnology.Characteristic according to biological characteristic, the biological characteristic that extracts the checking object by information extracting device replaces the PIN code factor, as use fingerprint identification device and the extraction algorithm information that takes the fingerprint, come identifying user identity, corresponding iris recognition mode in addition, these biological characteristics have uniqueness and lifelong property, thereby have improved the accuracy and the security of double factor checking.
Along with the continuous maturation of infotech and cryptographic algorithm, more than the Validation Mode of several access control generally approved gradually, yet there are problems in present technology:
One, the cryptographic algorithm based on external smart card hardware equipment lacks safety assurance, produces algorithm as dynamic password and adopts the synchronous mode of random number mostly, and strict checking is not passed through in its security, and security intensity does not have national standard and authority's authentication.
Two, the access control scheme that extracts based on biological characteristic the identification difficulty can occur to the less colony of biological characteristic, feature recognition algorithms as the algorithm of iris recognition without excessive sample training, stability can not get guaranteeing that biological information identification equipment price is higher, has increased production cost.
Three, no matter existing several mode is that the identification or the identity access control policy of external hardware device mostly are that the form with software realizes under operating system, be that identification and access control are to carry out after operating system file loads, this moment malicious codes such as wooden horse and the virus control of having an opportunity fully to obtain.Owing to realize that under operating system the storage location of authority information and encrypted message and mode also are potential safety hazards.Access control before the operating system at present mostly is the single capacity checking, lacks the classification rights management to login user.
Four, existing access control scheme is mostly verified the user identity of start, but lacks protection when moving in the use after the validated user login system, and when the user left machine, access control power did not obtain respective handling, has security breaches.
Basic Input or Output System (BIOS) (Basic Input and Output System, BIOS) as the core firmware of computing machine bottom, be that computer system is soft, the programmable interface between the hardware, being used for program software function and being connected that computer hardware is realized, is the first road barrier of computer starting safety.Traditional BIOS does not have unified standard, brand various, adopts the exploitation of 16 bit pattern assembly language, and its compatibility, security and extensibility can't satisfy the develop rapidly of hardware and integrated circuit technique.UEFI (Universal Extensible Firmware Interface, unified Extensible Firmware Interface) framework arises at the historic moment, it be one extendible, standardized unified firmware interface standard adopts the constant storehouse transfer mode of modularization, dynamic link and C diction to come constructing system.The UEFI standard has redefined the interface between firmware and the operating system, the startup environment of a standard is provided for operating system, be a kind of BIOS of high security, 16 bit combination codes of traditional B IOS complexity have been broken away from, support C language users software, Chinese graphic interface, overcome many defectives of traditional B IOS.
Trusted Computing (Trusted Computing; TC) be one by Trusted Computing tissue (TrustedComputing Group; TCG) technology that promotes and develop; be intended to carry out calculating with communication system in be extensive use of based on the credible calculating platform under the hardware security module support; the Chinese government pays much attention to the application of Trusted Computing at information security field; set up Chinese Trusted Computing working group (TCMU); on Dec 29th, 2007; Password Management office of country has issued " creditable calculation password support platform function and interface specification "; a series of Trusted Computing and cryptographic specification have been stipulated; comprising credible password module; credible password module has defined a subsystem with memory protection and execute protection; this subsystem will be the computing platform foundation that breaks the wall of mistrust, and its independently computational resource will set up strict limited safety protecting mechanism.
Reaching its maturity of UEFI and TCM (Trusted Cryptography Module credible password module scheme), the technical scheme of developing high reliability and security for the developer provides technical support, has determined technical feasibility for realizing the access control system before the os starting.
Summary of the invention
Technical assignment of the present invention provides a kind of problem that the access control reliability is low under the operating system, the subscriber identity information storage is dangerous, legal identity user logins identity protection when afterwards lacking operation that solved, based on a kind of computer security access control system and the control method of UEFI, TCM and USBKey.
Technical assignment of the present invention is realized in the following manner, comprises UEFI chip and TCM chip, access control sub when described control system comprises operating system pretrigger access control sub and operating system;
Operating system pretrigger access control sub comprises:
USBKey equipment: as login user authentication key, the subscriber identity information of USBKey stored PIN code data and encryption;
USBKey device initialize module: be embedded in the UEFI chip, be used for setting up the USBKey file system, initial p IN sign indicating number is set, create initial user information;
User management module: be embedded in the UEFI chip, be used for managing user information.Comprise two-stage user management authority, that can carry out user profile increases, deletes, changes operation.
Operating system pretrigger authentication module: be embedded in the UEFI chip, be used for identifying user identity, the identification user right, the control illegal identity is landed locking;
Encrypt memory module: be embedded in the UEFI chip, be used for encrypting the storage subscriber identity information in the USBKey nonvolatile storage with the TCM chip communication;
Access control sub comprises during operating system:
USBKey equipment: be used for logon operation system and guarantee to leave when the user moves safety, with described operating system pretrigger access control sub USBKey equipment be same equipment;
The operating system user log-in block: customization is replaced the Windows authentication and is landed graphic interface Gina, is used for finishing the USBKey authentication and lands;
Protection module when operating system user moves: the user leaves and triggers after computing machine removes USBKey equipment, and screen, keyboard and mouse and peripheral port lock immediately, and user's retrieval system input PIN code identity verification is again landed, and system recovery is to normal condition;
Described control method comprises initial method, and access control method when operating system pretrigger access control method and operating system said method comprising the steps of:
Described initial method performing step is as follows:
Step I1, set up the hard disk hidden partition, duplicate UEFI user interface picture to hidden partition;
Step I2, set up the USBKey installable file system, write initial p IN sign indicating number;
Step I3, initialization user profile are created management threshold person's user name, user password and user right class information, and described user right rank comprises administrator right and domestic consumer's authority two-stage authority;
Step I4, be stored in the USBKey nonvolatile storage after initial user information encrypted by TCM chip symmetric encipherment algorithm; Initial user information comprises user name, user password and user right information;
Described operating system pretrigger access control method performing step is as follows:
Step P1, user's start power up pretrigger authentication module graphical interfaces immediately, and the authentication information that the pretrigger authentication module detects USBKey equipment and accepts to import from the user comprises user name, password and PIN code;
Step P2, authentication module are by identity information in the described nonvolatile storage of TCM decryption chip and input information contrast, and PIN code is verified in computing in USBKey equipment simultaneously;
Step P3, subscriber identity information and PIN code simultaneous verification correct back logon operation system or enter user management module, and according to identification user right determine User Identity, described User Identity is stored in the internal memory assigned address, passes to upper system and use; The Permission Levels of user right comprise administrator and domestic consumer's two-stage;
Step P4, hypothesis verification input information mistake, errors number accumulative total adds 1, input error number of times accumulative total reaches predetermined number of times N log-in interface locking a period of time T hour continuously, after this can't carry out input operation in T hour, rear interface release in T hour so circulates i time, and input error accumulative total reaches L back locking of upper limit USBKey equipment continuously, the USBKey equipment of locking can't use, and need only the correct start-stop counter zero clearing of input in its process;
The access control method performing step is as follows during described operating system:
Step S1, when landing, operating system is in the lock state, eject the authentication log-in interface simultaneously, the user keeps USBKey equipment to connect, the input PIN code, checking is by the back login system, by keeping lock-out state, input error number of times accumulative total does not reach the USBKey locking of L back of the upper limit and can't use in checking;
Under step S2, the operating system state, the user leaves computing machine and pulls out USBKey, protection module locking keyboard, mouse and peripheral port during the operation of trigger action system user;
Step S3, user return computing machine, insert USBKey, activate the authentication log-in interface, and proof procedure is identical with described step S 1 described access control process.
A kind of computer security access control system of the present invention and control method have the following advantages:
1, adopts the USBKey hardware device, compare more reliable and more stablely with biometric apparatus, reduced cost simultaneously; Identity information is stored in the USBKey device security storage area with the ciphertext form, and ciphering process uses the TCM chip to finish, and the TCM chip adopts the close algorithm of state, and private key can not obtain, and USBKey equipment can be carried, and has realized the safe storage protection of user profile;
2, adopt the UEFI chip to realize the authentication function, and the user management strategy is set, comparing with single authentication has increased dirigibility; The authentication start powers up immediately and starts, and finishes before operating system, and proof procedure can not be walked around, and comparing with the access control method under the operating system has increased security;
3, remove USBKey equipment during operating system and lock computer keyboard, mouse and peripheral port immediately, access control safety when having increased system's operation;
4, UEFI adopts Chinese graphical interfaces, supports mouse action, has increased user's ease for use and intelligibility; Thereby, have good value for applications.
Description of drawings
The present invention is further described below in conjunction with accompanying drawing.
Accompanying drawing 1 is a kind of frame diagram of computer security access control system;
Accompanying drawing 2 is a kind of realization flow figure of initial method of computer security access control method;
Accompanying drawing 3 is a kind of realization flow figure of operating system pretrigger access control method of computer security access control method;
The realization flow figure of access control method when accompanying drawing 4 is a kind of operating system of computer security access control method.
Embodiment
Explain to a kind of computer security access control system of the present invention and below the control method work with reference to Figure of description and specific embodiment.
Embodiment:
A kind of computer security access control system of the present invention and control method comprise UEFI chip and TCM chip.
Access control sub when as shown in Figure 1, described control system comprises operating system pretrigger access control sub and operating system;
Operating system pretrigger access control sub comprises:
USBKey equipment: as login user authentication key, the subscriber identity information of USBKey stored PIN code data and encryption;
USBKey device initialize module: be embedded in the UEFI chip, be used for setting up the USBKey file system, initial p IN sign indicating number is set, create initial user information;
User management module: be embedded in the UEFI chip, be used for managing user information.Comprise two-stage user management authority, that can carry out user profile increases, deletes, changes operation.
Operating system pretrigger authentication module: be embedded in the UEFI chip, be used for identifying user identity, the identification user right, the control illegal identity is landed locking;
Encrypt memory module: be embedded in the UEFI chip, be used for encrypting the storage subscriber identity information in the USBKey nonvolatile storage with the TCM chip communication;
Access control sub comprises during operating system:
USBKey equipment: be used for logon operation system and guarantee to leave when the user moves safety, with described operating system pretrigger access control sub USBKey equipment be same equipment;
The operating system user log-in block: customization is replaced the Windows authentication and is landed graphic interface Gina, is used for finishing the USBKey authentication and lands;
Protection module when operating system user moves: the user leaves and triggers after computing machine removes USBKey equipment, and screen, keyboard and mouse and peripheral port lock immediately, and user's retrieval system input PIN code identity verification is again landed, and system recovery is to normal condition;
Described control method comprises initial method, and access control method when operating system pretrigger access control method and operating system said method comprising the steps of:
As shown in Figure 2, described initial method performing step is as follows:
Step I1, set up the hard disk hidden partition, duplicate UEFI user interface picture to hidden partition;
Step I2, set up the USBKey installable file system, write initial p IN sign indicating number;
Step I3, initialization user profile are created management threshold person's user name, user password and user right class information, and described user right rank comprises administrator right and domestic consumer's authority two-stage authority;
Step I4, be stored in the USBKey nonvolatile storage after initial user information encrypted by TCM chip symmetric encipherment algorithm; Initial user information comprises user name, user password and user right information;
As shown in Figure 3, described operating system pretrigger access control method performing step is as follows:
Step P1, user's start power up pretrigger authentication module graphical interfaces immediately, and the authentication information that the pretrigger authentication module detects USBKey equipment and accepts to import from the user comprises user name, password and PIN code;
Step P2, authentication module are by identity information in the described nonvolatile storage of TCM decryption chip and input information contrast, and PIN code is verified in computing in USBKey equipment simultaneously;
Step P3, subscriber identity information and PIN code simultaneous verification correct back logon operation system or enter user management module, and according to identification user right determine User Identity, described User Identity is stored in the internal memory assigned address, passes to upper system and use; The Permission Levels of user right comprise administrator and domestic consumer's two-stage;
Step P4, hypothesis verification input information mistake, errors number accumulative total adds 1, input error number of times accumulative total reaches predetermined number of times N log-in interface locking a period of time T hour continuously, after this can't carry out input operation in T hour, rear interface release in T hour so circulates i time, and input error accumulative total reaches L back locking of upper limit USBKey equipment continuously, the USBKey equipment of locking can't use, and need only the correct start-stop counter zero clearing of input in its process;
As shown in Figure 4, the access control method performing step is as follows during described operating system:
Step S1, when landing, operating system is in the lock state, eject the authentication log-in interface simultaneously, the user keeps USBKey equipment to connect, the input PIN code, checking is by the back login system, by keeping lock-out state, input error number of times accumulative total does not reach the USBKey locking of L back of the upper limit and can't use in checking;
Under step S2, the operating system state, the user leaves computing machine and pulls out USBKey, protection module locking keyboard, mouse and peripheral port during the operation of trigger action system user;
Step S3, user return computing machine, insert USBKey, activate the authentication log-in interface, and proof procedure is identical with the described access control process of described step S1.
The present invention adopts the USBKey hardware device realizing access control to the user under the UEFI and under the operating system simultaneously in conjunction with the TCM chip; subscriber identity information is stored in the USBKey device security storage area with the ciphertext form; adopt state's Data Encryption Standard cryptographic algorithm; ciphering process is finished in the TCM chip; private key is subjected to the SMK safeguard protection; USBKey equipment can be carried, and has realized the safe storage protection of user profile.
The UEFI chip is realized the authentication function, and the user management strategy is set, and comparing with single authentication has increased dirigibility; The authentication start powers up immediately and starts, and proof procedure can not be walked around, and has improved security.UEFI adopts Chinese graphical interfaces, supports mouse action, has increased user's ease for use and intelligibility.
Remove USBKey equipment during operating system and lock computer keyboard, mouse and peripheral port immediately, access control safety when having realized system's operation.
Except that the described technical characterictic of instructions, be the known technology of those skilled in the art.
Claims (1)
1. computer security access control system and control method comprise UEFI chip and TCM chip, access control sub when it is characterized in that described control system comprises operating system pretrigger access control sub and operating system;
Operating system pretrigger access control sub comprises:
USBKey equipment: as login user authentication key, the subscriber identity information of USBKey stored PIN code data and encryption;
USBKey device initialize module: be embedded in the UEFI chip, be used for setting up the USBKey file system, initial p IN sign indicating number is set, create initial user information;
User management module: be embedded in the UEFI chip, be used for managing user information.Comprise two-stage user management authority, that can carry out user profile increases, deletes, changes operation;
Operating system pretrigger authentication module: be embedded in the UEFI chip, be used for identifying user identity, the identification user right, the control illegal identity is landed locking;
Encrypt memory module: be embedded in the UEFI chip, be used for encrypting the storage subscriber identity information in the USBKey nonvolatile storage with the TCM chip communication;
Access control sub comprises during operating system:
USBKey equipment: be used for logon operation system and guarantee to leave when the user moves safety, with described operating system pretrigger access control sub USBKey equipment be same equipment;
The operating system user log-in block: customization is replaced the Windows authentication and is landed graphic interface Gina, is used for finishing the USBKey authentication and lands;
Protection module when operating system user moves: the user leaves and triggers after computing machine removes USBKey equipment, and screen, keyboard and mouse and peripheral port lock immediately, and user's retrieval system input PIN code identity verification is again landed, and system recovery is to normal condition;
Described control method comprises initial method, and access control method when operating system pretrigger access control method and operating system said method comprising the steps of:
Described initial method performing step is as follows:
Step I1, set up the hard disk hidden partition, duplicate UEFI user interface picture to hidden partition;
Step I2, set up the USBKey installable file system, write initial p IN sign indicating number;
Step I3, initialization user profile are created management threshold person's user name, user password and user right class information, and described user right rank comprises administrator right and domestic consumer's authority two-stage authority;
Step I4, be stored in the USBKey nonvolatile storage after initial user information encrypted by TCM chip symmetric encipherment algorithm; Initial user information comprises user name, user password and user right information;
Described operating system pretrigger access control method performing step is as follows:
Step P1, user's start power up pretrigger authentication module graphical interfaces immediately, and the authentication information that the pretrigger authentication module detects USBKey equipment and accepts to import from the user comprises user name, password and PIN code;
Step P2, authentication module are by identity information in the described nonvolatile storage of TCM decryption chip and input information contrast, and PIN code is verified in computing in USBKey equipment simultaneously;
Step P3, subscriber identity information and PIN code simultaneous verification correct back logon operation system or enter user management module, and according to identification user right determine User Identity, described User Identity is stored in the internal memory assigned address, passes to upper system and use; The Permission Levels of user right comprise administrator and domestic consumer's two-stage;
Step P4, hypothesis verification input information mistake, errors number accumulative total adds 1, input error number of times accumulative total reaches predetermined number of times N log-in interface locking a period of time T hour continuously, after this can't carry out input operation in T hour, rear interface release in T hour so circulates i time, and input error accumulative total reaches L back locking of upper limit USBKey equipment continuously, the USBKey equipment of locking can't use, and need only the correct start-stop counter zero clearing of input in its process;
The access control method performing step is as follows during described operating system:
Step S1, when landing, operating system is in the lock state, eject the authentication log-in interface simultaneously, the user keeps USBKey equipment to connect, the input PIN code, checking is by the back login system, by keeping lock-out state, input error number of times accumulative total does not reach the USBKey locking of L back of the upper limit and can't use in checking;
Under step S2, the operating system state, the user leaves computing machine and pulls out USBKey, protection module locking keyboard, mouse and peripheral port during the operation of trigger action system user;
Step S3, user return computing machine, insert USBKey, activate the authentication log-in interface, and proof procedure is identical with the described access control process of described step S1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105265918A CN101986325A (en) | 2010-11-01 | 2010-11-01 | Computer security access control system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105265918A CN101986325A (en) | 2010-11-01 | 2010-11-01 | Computer security access control system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101986325A true CN101986325A (en) | 2011-03-16 |
Family
ID=43710672
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105265918A Pending CN101986325A (en) | 2010-11-01 | 2010-11-01 | Computer security access control system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101986325A (en) |
Cited By (40)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236755A (en) * | 2011-05-04 | 2011-11-09 | 山东超越数控电子有限公司 | One-machine multi-user security access control method |
| CN102236756A (en) * | 2011-05-09 | 2011-11-09 | 山东超越数控电子有限公司 | File encryption method based on TCM (trusted cryptography module) and USBkey |
| CN102244684A (en) * | 2011-07-29 | 2011-11-16 | 电子科技大学 | EFI (Extensible Firmware Interface) trusted Cloud chain guiding method based on USBKey |
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN103200246A (en) * | 2013-03-21 | 2013-07-10 | 东信和平科技股份有限公司 | Network access control method and system based on dependable computing |
| CN103617404A (en) * | 2013-12-17 | 2014-03-05 | 天津赢达信科技有限公司 | Storing device of safety partitions |
| CN103870765A (en) * | 2014-03-11 | 2014-06-18 | 凤阳广农信息科技有限公司 | USB (Universal Serial Bus) security lock and method for protecting data by using USB security lock |
| CN103902876A (en) * | 2012-12-24 | 2014-07-02 | 上海格尔软件股份有限公司 | General method for identifying and using encrypted medium |
| CN103942483A (en) * | 2014-05-15 | 2014-07-23 | 成都卫士通信息产业股份有限公司 | Encryption machine with biological feature detecting function and working method thereof |
| CN104079414A (en) * | 2014-07-18 | 2014-10-01 | 成都卫士通信息产业股份有限公司 | Encryptor authentication method and device with identity authentication mechanism |
| CN104484629A (en) * | 2014-12-03 | 2015-04-01 | 合肥联宝信息技术有限公司 | Computer starting method and device |
| CN104537295A (en) * | 2014-12-31 | 2015-04-22 | 北京明朝万达科技有限公司 | Computer system and method for managing computer user right |
| CN104735082A (en) * | 2015-04-10 | 2015-06-24 | 山东中孚信息产业股份有限公司 | Login authentication method based on linux system |
| CN104735085A (en) * | 2015-04-15 | 2015-06-24 | 上海汉邦京泰数码技术有限公司 | Terminal two-factor secure login protection method |
| CN105141416A (en) * | 2015-10-14 | 2015-12-09 | 公安部第三研究所 | User authority distribution control system based on hardware chip and method thereof |
| CN105227577A (en) * | 2015-10-27 | 2016-01-06 | 江苏电力信息技术有限公司 | Unified database access agent equalization methods under a kind of multi-client |
| CN105282166A (en) * | 2015-11-04 | 2016-01-27 | 浪潮(北京)电子信息产业有限公司 | Identity authentication method and system for linux operating system |
| CN105550602A (en) * | 2016-01-29 | 2016-05-04 | 深圳市铂盛科技有限公司 | Secure computer motherboard encrypted based on State-Cryptography-Administration algorithm and encryption method |
| CN105809043A (en) * | 2016-03-03 | 2016-07-27 | 丽水市职业高级中学 | Data security protection method of computer |
| CN105930283A (en) * | 2016-04-12 | 2016-09-07 | 珠海市魅族科技有限公司 | Information storage method and mobile terminal |
| CN106127016A (en) * | 2016-07-18 | 2016-11-16 | 浪潮集团有限公司 | System and implementation method for trusted authentication of user login of operating system |
| CN106790307A (en) * | 2017-03-28 | 2017-05-31 | 联想(北京)有限公司 | Network safety managing method and server |
| CN107133075A (en) * | 2017-05-23 | 2017-09-05 | 合肥联宝信息技术有限公司 | Os starting method and device |
| CN107172053A (en) * | 2017-05-26 | 2017-09-15 | 河南职业技术学院 | The method of controlling security and safety control of computer |
| CN107392039A (en) * | 2017-09-22 | 2017-11-24 | 华北理工大学 | Computer hard disk data encrypting method and its device |
| CN107609385A (en) * | 2017-09-16 | 2018-01-19 | 杭州弼木建筑科技有限公司 | The system that BIM models are combined in ancient building repair reinforcing engineering with GIS |
| WO2018086469A1 (en) * | 2016-11-11 | 2018-05-17 | 阿里巴巴集团控股有限公司 | Data storage method utilized in non-volatile storage space in integrated circuit, and trusted integrated circuit |
| CN108171039A (en) * | 2017-12-25 | 2018-06-15 | 西安雷风电子科技有限公司 | A kind of safe office procedure based on UKEY |
| CN108256302A (en) * | 2018-01-10 | 2018-07-06 | 四川阵风科技有限公司 | Data Access Security method and device |
| CN109101282A (en) * | 2018-07-10 | 2018-12-28 | 苏州赛维新机电检测技术服务有限公司 | A kind of computer activation system of the detection with authentication |
| CN109308417A (en) * | 2017-07-27 | 2019-02-05 | 阿里巴巴集团控股有限公司 | Unlocking method and device based on trust computing |
| CN109347831A (en) * | 2018-10-24 | 2019-02-15 | 国家电网有限公司 | A kind of double authentication safety access system and method based on UKey certification |
| CN110096850A (en) * | 2019-04-09 | 2019-08-06 | 北京空间飞行器总体设计部 | A kind of vehicle-mounted reinforcement type observing and controlling encryption and decryption machine |
| CN110147660A (en) * | 2019-05-15 | 2019-08-20 | 四川长虹电器股份有限公司 | Digital verification system and digital verification method based on classification of risks |
| CN112405242A (en) * | 2020-11-20 | 2021-02-26 | 重庆工程职业技术学院 | A kind of jewelry processing equipment |
| CN112597504A (en) * | 2020-12-22 | 2021-04-02 | 中国兵器装备集团自动化研究所 | Two-stage safe starting system and method for domestic computer |
| CN112905976A (en) * | 2021-01-27 | 2021-06-04 | 嘉兴迪迈科技有限公司 | User data protection method for security computer |
| CN113282904A (en) * | 2021-06-15 | 2021-08-20 | 北京中宇万通科技股份有限公司 | Operation authority identification method and device for numerical control system |
| CN114417395A (en) * | 2021-12-08 | 2022-04-29 | 慧之安信息技术股份有限公司 | Operating system secure routing processing method and system |
| CN115225350A (en) * | 2022-07-01 | 2022-10-21 | 浪潮云信息技术股份公司 | Government affair cloud encryption login verification method based on national secret certificate and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003034267A1 (en) * | 2001-10-18 | 2003-04-24 | 360 Degree Web, Inc. | Multimedia intelligent business card system |
| CN101196968A (en) * | 2007-12-17 | 2008-06-11 | 山东超越数控电子有限公司 | Security protection method for single machine information |
| CN101436247A (en) * | 2007-11-12 | 2009-05-20 | 中国长城计算机深圳股份有限公司 | Biological personal identification method and system based on UEFI |
-
2010
- 2010-11-01 CN CN2010105265918A patent/CN101986325A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2003034267A1 (en) * | 2001-10-18 | 2003-04-24 | 360 Degree Web, Inc. | Multimedia intelligent business card system |
| CN101436247A (en) * | 2007-11-12 | 2009-05-20 | 中国长城计算机深圳股份有限公司 | Biological personal identification method and system based on UEFI |
| CN101196968A (en) * | 2007-12-17 | 2008-06-11 | 山东超越数控电子有限公司 | Security protection method for single machine information |
Cited By (50)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102236755A (en) * | 2011-05-04 | 2011-11-09 | 山东超越数控电子有限公司 | One-machine multi-user security access control method |
| CN102236756A (en) * | 2011-05-09 | 2011-11-09 | 山东超越数控电子有限公司 | File encryption method based on TCM (trusted cryptography module) and USBkey |
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN102244684A (en) * | 2011-07-29 | 2011-11-16 | 电子科技大学 | EFI (Extensible Firmware Interface) trusted Cloud chain guiding method based on USBKey |
| CN102244684B (en) * | 2011-07-29 | 2013-07-17 | 电子科技大学 | EFI (Extensible Firmware Interface) trusted Cloud chain guiding method based on USBKey |
| CN103902876A (en) * | 2012-12-24 | 2014-07-02 | 上海格尔软件股份有限公司 | General method for identifying and using encrypted medium |
| CN103902876B (en) * | 2012-12-24 | 2016-10-05 | 上海格尔软件股份有限公司 | A kind of universal method identifying and use encryption medium |
| CN103200246A (en) * | 2013-03-21 | 2013-07-10 | 东信和平科技股份有限公司 | Network access control method and system based on dependable computing |
| CN103200246B (en) * | 2013-03-21 | 2016-01-13 | 东信和平科技股份有限公司 | A kind of method for network access control based on trust computing and system |
| CN103617404A (en) * | 2013-12-17 | 2014-03-05 | 天津赢达信科技有限公司 | Storing device of safety partitions |
| CN103870765A (en) * | 2014-03-11 | 2014-06-18 | 凤阳广农信息科技有限公司 | USB (Universal Serial Bus) security lock and method for protecting data by using USB security lock |
| CN103942483A (en) * | 2014-05-15 | 2014-07-23 | 成都卫士通信息产业股份有限公司 | Encryption machine with biological feature detecting function and working method thereof |
| CN104079414A (en) * | 2014-07-18 | 2014-10-01 | 成都卫士通信息产业股份有限公司 | Encryptor authentication method and device with identity authentication mechanism |
| CN104484629A (en) * | 2014-12-03 | 2015-04-01 | 合肥联宝信息技术有限公司 | Computer starting method and device |
| CN104537295B (en) * | 2014-12-31 | 2017-12-26 | 北京明朝万达科技股份有限公司 | A kind of method of computer system and management computer user authority |
| CN104537295A (en) * | 2014-12-31 | 2015-04-22 | 北京明朝万达科技有限公司 | Computer system and method for managing computer user right |
| CN104735082A (en) * | 2015-04-10 | 2015-06-24 | 山东中孚信息产业股份有限公司 | Login authentication method based on linux system |
| CN104735085A (en) * | 2015-04-15 | 2015-06-24 | 上海汉邦京泰数码技术有限公司 | Terminal two-factor secure login protection method |
| CN105141416A (en) * | 2015-10-14 | 2015-12-09 | 公安部第三研究所 | User authority distribution control system based on hardware chip and method thereof |
| CN105227577A (en) * | 2015-10-27 | 2016-01-06 | 江苏电力信息技术有限公司 | Unified database access agent equalization methods under a kind of multi-client |
| CN105282166A (en) * | 2015-11-04 | 2016-01-27 | 浪潮(北京)电子信息产业有限公司 | Identity authentication method and system for linux operating system |
| CN105550602A (en) * | 2016-01-29 | 2016-05-04 | 深圳市铂盛科技有限公司 | Secure computer motherboard encrypted based on State-Cryptography-Administration algorithm and encryption method |
| CN105809043A (en) * | 2016-03-03 | 2016-07-27 | 丽水市职业高级中学 | Data security protection method of computer |
| CN105930283A (en) * | 2016-04-12 | 2016-09-07 | 珠海市魅族科技有限公司 | Information storage method and mobile terminal |
| CN106127016A (en) * | 2016-07-18 | 2016-11-16 | 浪潮集团有限公司 | System and implementation method for trusted authentication of user login of operating system |
| CN106127016B (en) * | 2016-07-18 | 2018-08-17 | 浪潮集团有限公司 | System and implementation method for trusted authentication of user login of operating system |
| WO2018086469A1 (en) * | 2016-11-11 | 2018-05-17 | 阿里巴巴集团控股有限公司 | Data storage method utilized in non-volatile storage space in integrated circuit, and trusted integrated circuit |
| CN106790307A (en) * | 2017-03-28 | 2017-05-31 | 联想(北京)有限公司 | Network safety managing method and server |
| CN107133075A (en) * | 2017-05-23 | 2017-09-05 | 合肥联宝信息技术有限公司 | Os starting method and device |
| CN107172053A (en) * | 2017-05-26 | 2017-09-15 | 河南职业技术学院 | The method of controlling security and safety control of computer |
| CN109308417A (en) * | 2017-07-27 | 2019-02-05 | 阿里巴巴集团控股有限公司 | Unlocking method and device based on trust computing |
| CN107609385A (en) * | 2017-09-16 | 2018-01-19 | 杭州弼木建筑科技有限公司 | The system that BIM models are combined in ancient building repair reinforcing engineering with GIS |
| CN107392039B (en) * | 2017-09-22 | 2020-06-30 | 华北理工大学 | Computer hard disk data encryption method and device |
| CN107392039A (en) * | 2017-09-22 | 2017-11-24 | 华北理工大学 | Computer hard disk data encrypting method and its device |
| CN108171039A (en) * | 2017-12-25 | 2018-06-15 | 西安雷风电子科技有限公司 | A kind of safe office procedure based on UKEY |
| CN108256302A (en) * | 2018-01-10 | 2018-07-06 | 四川阵风科技有限公司 | Data Access Security method and device |
| CN108256302B (en) * | 2018-01-10 | 2020-05-29 | 四川阵风科技有限公司 | Data security access method and device |
| CN109101282A (en) * | 2018-07-10 | 2018-12-28 | 苏州赛维新机电检测技术服务有限公司 | A kind of computer activation system of the detection with authentication |
| CN109347831A (en) * | 2018-10-24 | 2019-02-15 | 国家电网有限公司 | A kind of double authentication safety access system and method based on UKey certification |
| CN110096850A (en) * | 2019-04-09 | 2019-08-06 | 北京空间飞行器总体设计部 | A kind of vehicle-mounted reinforcement type observing and controlling encryption and decryption machine |
| CN110147660A (en) * | 2019-05-15 | 2019-08-20 | 四川长虹电器股份有限公司 | Digital verification system and digital verification method based on classification of risks |
| CN112405242A (en) * | 2020-11-20 | 2021-02-26 | 重庆工程职业技术学院 | A kind of jewelry processing equipment |
| CN112597504A (en) * | 2020-12-22 | 2021-04-02 | 中国兵器装备集团自动化研究所 | Two-stage safe starting system and method for domestic computer |
| CN112597504B (en) * | 2020-12-22 | 2024-04-30 | 中国兵器装备集团自动化研究所有限公司 | Two-stage safe starting system and method for domestic computer |
| CN112905976A (en) * | 2021-01-27 | 2021-06-04 | 嘉兴迪迈科技有限公司 | User data protection method for security computer |
| CN113282904A (en) * | 2021-06-15 | 2021-08-20 | 北京中宇万通科技股份有限公司 | Operation authority identification method and device for numerical control system |
| CN114417395A (en) * | 2021-12-08 | 2022-04-29 | 慧之安信息技术股份有限公司 | Operating system secure routing processing method and system |
| CN114417395B (en) * | 2021-12-08 | 2022-08-19 | 慧之安信息技术股份有限公司 | Operating system secure routing processing method and system |
| CN115225350A (en) * | 2022-07-01 | 2022-10-21 | 浪潮云信息技术股份公司 | Government affair cloud encryption login verification method based on national secret certificate and storage medium |
| CN115225350B (en) * | 2022-07-01 | 2024-05-31 | 浪潮云信息技术股份公司 | Government cloud encryption login verification method based on national secret certificate and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101986325A (en) | Computer security access control system and method | |
| JP6239788B2 (en) | Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium | |
| CN111723383B (en) | Data storage and verification method and device | |
| CN102624699B (en) | Method and system for protecting data | |
| CA2838763C (en) | Credential authentication methods and systems | |
| CN105453102B (en) | The system and method for the private cipher key leaked for identification | |
| US9009814B1 (en) | Systems and methods for generating secure passwords | |
| US8549314B2 (en) | Password generation methods and systems | |
| CN113841145A (en) | Lexus software in inhibit integration, isolation applications | |
| US10771441B2 (en) | Method of securing authentication in electronic communication | |
| US20230155818A1 (en) | Systems and methods for non-deterministic multi-party, multi-user sender-receiver authentication and non-repudiatable resilient authorized access to secret data | |
| CN102184357B (en) | Portable trustworthy private information processing system | |
| CN102316112A (en) | Password authentication method in network application and system | |
| US8984599B2 (en) | Real time password generation apparatus and method | |
| CN104834840B (en) | Cipher code protection method based on mapping drift technology | |
| DK2767922T3 (en) | Password Verification System | |
| CN106372487A (en) | Method and system for enhancing trust of server operating system | |
| CN102184358B (en) | USB (Universal Serial Bus) embedded trustworthiness private information processing device and system | |
| CN103198037A (en) | Reliable pipe control method and system for IO (input output) equipment | |
| CN107196932A (en) | Managing and control system in a kind of document sets based on virtualization | |
| CN102456102A (en) | Method for carrying out identity recertification on particular operation of information system by using Usb key technology | |
| CN102024115B (en) | Computer with user security subsystem | |
| WO2017172239A1 (en) | Secure archival and recovery of multifactor authentication templates | |
| US12197582B2 (en) | Implementation of trusted computing system based on master controller of solid-state drive | |
| Lee et al. | A study on a secure USB mechanism that prevents the exposure of authentication information for smart human care services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110316 |