CN102456111A - Method and system for license control of Linux operating system - Google Patents
Method and system for license control of Linux operating system Download PDFInfo
- Publication number
- CN102456111A CN102456111A CN2011101945175A CN201110194517A CN102456111A CN 102456111 A CN102456111 A CN 102456111A CN 2011101945175 A CN2011101945175 A CN 2011101945175A CN 201110194517 A CN201110194517 A CN 201110194517A CN 102456111 A CN102456111 A CN 102456111A
- Authority
- CN
- China
- Prior art keywords
- permission control
- module
- license
- permission
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a method for the license control of a Linux operating system. The method comprises two parts, namely a self protection mechanism and a license management mechanism respectively, wherein the self protection mechanism is implemented by both a kernel layer license control self-inspection module and an application layer license communication module; and the license management mechanism is implemented through a license communication module by an application layer license control module and an application layer license distribution module. The self protection mechanism loads the license control self-inspection module into a kernel space by utilizing the loading of a Linux system kernel, and the license control self-inspection module finishes integrity inspection on the license control function of the system and performs corresponding processing according to an inspection result. By the method, the problem that the license control function of the conventional software or system is cancelled can be effectively solved, and the validity of a license file in a distribution process can be ensured by multiple encryption, so the license file is prevented from being randomly falsified. The method has universality, and can be used for realizing user license control in a Linux environment.
Description
Technical field
The present invention relates to a kind of method and system of (SuSE) Linux OS permission control.
Background technology
Permission control (License Control) is meant through authority or sequence number mode, a kind of mode that production firm's rights and interests, intellecture property are protected.
At present, the Windows system is to carry out authentication through the mode of sequence number for the method for controlling of permission, according to the polytype of sequence number, and information such as each version of control system, term of life.This mode is beneficial to deployment, and domestic consumer just can upgrade sequence number, and simultaneously, its permission control can be networked and further verified.
The permission control of commercial application software and system software is comparatively ripe at present; Because the operating system software self characteristics; Its permission control way is comparatively single; Particularly for the character of (SuSE) Linux OS owing to its open source software, itself does not consider the content of permission control basically in design and exploitation.
The authorization control method of the method for soft ware authorization permission control and content and Windows system was similar in the past, and this method is easy to be easy-to-use, but had very big problem simultaneously.For example, be easy to the authorization control program process of above-mentioned software or system is replaced, replacing with one does not have functional programs, so just with destroying whole authorization control function.
Summary of the invention
To above reason; The present invention proposes a kind of method and system of (SuSE) Linux OS permission control; This method comprises self-protective mechanism and empowerment management mechanism two parts; Self-protective mechanism is by inner nuclear layer permission control selftest module and common realization of application layer permission communication module, and empowerment management mechanism is then realized by the permission communication module by application layer permission control module and application layer license distribution module.Wherein, the permission control selftest module is an integrality of guaranteeing the permission control module, prevents that the permission control module from being distorted or replacing, and the authorization control function that can effectively solve software in the past or system is made the problem destroyed; The permission communication module mainly is to set up communicating by letter between permission control selftest module and the permission control module, carries out the transmission of grant message; The permission control module realizes the mandate to system through the decryption verification license file, and realizes different functions according to different user's requests, as binds specific hardware information, specifies permitted hours etc.; The license distribution module is that the method through a kind of authorization file distributing realizes that the method for this authorization file distributing is guaranteed the validity of authorization file through multi-enciphering, thereby prevents that the authorization file from arbitrarily being distorted.
For realizing above-mentioned purpose; The invention provides a kind of method of (SuSE) Linux OS permission control, it comprises: permission control self check step, this step are to guarantee the integrality of permission control module; Distorted or replaced to prevent the permission control module; It is after computing machine powers up, and during via the boot of BIOS start-up system, utilizes the loading of linux system kernel that the permission control selftest module is loaded into kernel spacing; Accomplish by module again the permission control function of system is carried out integrity check, and handle accordingly according to assay.
Wherein, the permission control function realizes through a kind of linux system permission control method, and this method is after the linux system kernel starts, and the init process through system is with the function on of authorization control module.
This permission control self check step comprises:
Step 101: after computing machine powered up, system was via the boot of BIOS startup (SuSE) Linux OS, and the (SuSE) Linux OS boot can load linux kernel;
Step 102:Linux kernel can load corresponding driving and other modules; And with the loading of permission control selftest module, as a kernel level thread operation;
Step 103: the permission control selftest module generates key, and this key will be used for step 108 to be deciphered the authorization file, and it leaves the unreadable core position of user program in, has only the permission control module can read the content of this key;
Step 104: load the permission communication module, this permission communication module is opened up a kernel spacing, and this kernel spacing is used for communicating with the permission control module; The key that simultaneously step 103 is generated is deposited in this kernel spacing;
Step 105: the value AX after the init program X that the permission control selftest module obtains the permission control module encrypts is used for comparing with the authenticating documents key (AX) that is stored in file system; The permission communication module is delivered to AX in the kernel spacing that step 104 opens up; At this moment, just there are AX and authenticating documents key (AX) in this kernel spacing; If authenticating documents key (AX) accomplishes the checking to AX, explain that then the init program of permission control module is not distorted, authorization control is correct from the detection state, can further authorize system; Otherwise the init program X of permission control module is distorted, and authorization control detects status error certainly, thereby can't authorize system.
For step 105; Preferred scheme is; The permission control selftest module is asked the MD5 hash value to obtain MD5 (AX) to it, and is asked the MD5 hash value to obtain key (MD5 (AX)) to the authenticating documents key (AX) that is stored in the file system after obtaining the value AX after the init program encryption of permission control module; The permission communication module is delivered to MD5 (AX) in the kernel spacing that step 104 opens up, and then MD5 (AX) and key (MD5 (AX)) is compared.
So far, this system has promptly realized self-protective mechanism through the permission control self check, and empowerment management mechanism is then realized by the permission communication module by application layer permission control module and application layer license distribution module.At first, the license distribution module generates license file through specific encryption method, and is as shown in Figure 2, and it is relatively independent generating the process of license file and the process of the described permission control self check of preceding text; License file is written to it in system through methods such as issue, transmission, downloads after generating.Then, the permission control module realizes the mandate to system through the decryption verification license file.Further comprise following steps:
Step 106: authorization control is under the correct situation of detection state in step 105, and linux kernel loads the init process, starts the permission control module of application layer;
Step 107: the key that the kernel spacing obtaining step 103 that the permission control module of application layer is opened up through permission control selftest module in the inner nuclear layer generates;
Step 108: use the key that reads in the step 107 that the authority of depositing in the system is deciphered and verification.Then, system is authorized according to assay, or the service time of restriction system, or the hardware environment of restriction system operation etc., thereby the permission control function accomplished.The step and the flow process of concrete decryption verification license file are as shown in Figure 3.
As shown in Figure 2, encrypt the method that generates license file and realize through license file is carried out multi-enciphering, may further comprise the steps:
Step 201: the plaintext to license file is encrypted, and forms the ciphertext of license file;
Step 202: to the license file cryptogram computation hash value of step 201 generation;
Step 203: use to be different from the key that step 201 is used, the hash value of the license file ciphertext that step 202 is generated is encrypted;
Step 204: the new authority of ciphertext composition of the hash value that the ciphertext of the license file that step 201 is generated and step 203 generate.
As shown in Figure 3, the decryption verification license file may further comprise the steps:
Step 301: license file is divided into hash value ciphertext part and remainder;
Step 302: step 301 kind of a hash value ciphertext that obtains is partly deciphered the hash value of the license file ciphertext after obtaining deciphering;
Step 303: calculate the hash value of remainder, obtain the hash value of former license file ciphertext;
Step 304: the hash value of the license file ciphertext after the deciphering that step 302 is obtained and the hash value of the former license file ciphertext that step 303 obtains compare, if unequal, judge that then license file is invalid; Otherwise remainder is deciphered the plaintext that can obtain license file.
The present invention also provides a kind of system of (SuSE) Linux OS permission control, and it comprises:
Be positioned at the permission control selftest module of inner nuclear layer, it is to run on kernel, and the permission control function of system is carried out integrity check, to guarantee the integrality of permission control module, is distorted or replaces to prevent the permission control module;
Be positioned at application layer permission communication module, it is to set up communicating by letter between permission control selftest module and the permission control module, carries out the transmission of grant message;
Be positioned at layer permission control module, it realizes the mandate to system through the decryption verification license file, and realizes the different authorisation management function according to different user's requests.
It also can comprise the license distribution module in addition.
Need to prove; The permission control selftest module that the present invention relates to, permission communication module and permission control module are to realize requisite three modules of (SuSE) Linux OS permission control; And the license distribution module is just to need when separately upgrading the file of authorizing, and this license distribution module does not just need if authority is integrated in the (SuSE) Linux OS.
The self-protective mechanism that the present invention relates to is that the method through a kind of linux system permission control functional completeness self-checking realizes.That is: after computing machine powers up; Boot via the BIOS start-up system; Load the linux system kernel, accomplish by the permission control selftest module in this mechanism again the permission control function of system is carried out integrity check, and handle accordingly according to assay.
The empowerment management mechanism that the present invention relates to, this mechanism is realized by the permission control module.The permission control module realizes through a kind of linux system permission control method, that is: after the linux system kernel starts, the init process through system is with the function on of authorization control module.The init process is as the characteristics of all subsequent processes parent processes of system; Just guaranteed that the permission control function can start before all other process initiations; Guaranteed the operability of permission control function; Make it define different permissionses, promptly allow which program run, do not allow those operations according to different demands; Permission control need be carried out multi-enciphering to license file, when carrying out the license file check, just need carry out decryption work.The complexity of key and the time overhead of deciphering are the problems that need take all factors into consideration.This method leaves decruption key in user program unreadable core position, has only the permission control module can read the content of key, thereby improves its safe reliability as much as possible, and take into account operational efficiency.
Description of drawings
Fig. 1 is the process flow diagram of permission control under the linux system;
Fig. 2 is the ciphering process process flow diagram of license file;
Fig. 3 is a license file decrypting process process flow diagram.
Embodiment
In order to make the object of the invention, technical scheme and beneficial effect clearer,, the present invention is further elaborated below in conjunction with accompanying drawing and embodiment.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Common self check process realizes that in the application space like this, be easy to the authorization process of above-mentioned software or system is replaced, replacing with one does not have functional programs, has so just destroyed the function of whole authorization control easily.
Self check process of the present invention realizes at kernel spacing, because the program of kernel spacing can not be replaced easily, thereby got rid of the possibility of destroying whole authorization control function easily.
Self check process generally is exactly to the init program of system self and is stored in the process that the authenticating documents in the file system is compared, if the two is consistent, then the init program of system is not just distorted; Otherwise, distorted.If but the init program of system self is directly compared with the authenticating documents that is stored in the file system; Also there is following problem; Even that is: the init program of system self has been distorted and has been A ',, can be easy to forge an authenticating documents key (A ') because A ' is that system is known; Completion is to the checking of the init program A ' after distorting, do not reach to prevent the purpose of being distorted.
For fear of this problem, the present invention obtains AX after the init program A encryption with system self, and the authenticating documents key (AX) that is stored in the file system verifies the init program AX after encrypting.Be A ' if the init program A of this system has distorted, because that X is a system is unknown, so system can't forge an authenticating documents key (A ' X) and accomplish the checking to A ' X, thereby prevented effectively to be distorted.
General plotting of the present invention is: obtain AX after the init program A encryption to system self, the authenticating documents key (AX) that is stored in the file system verifies the init program AX after encrypting; The permission control selftest module is opened up a kernel spacing in advance and is obtained AX in system.Then, the permission communication module is delivered to AX in the kernel spacing of opening up in advance.At this moment, just there are AX and authenticating documents key (AX) in the kernel spacing.If AX is not distorted, then authenticating documents key (AX) just can accomplish the checking to AX, accomplishes the self check process, and further system is authorized; Otherwise if AX has been distorted to A ' X, then authenticating documents key (AX) can't accomplish the checking to A ' X, thereby can't further authorize system.
Preferred scheme is, the AX after the init program encryption is carried out obtaining its MD5 value MD5 (AX) after the MD5 Hash computing, and the authenticating documents key (MD5 (AX)) that is stored in the file system also verifies MD5 (AX); The permission control selftest module is opened up a kernel spacing in advance and is obtained MD5 (AX) in system.Then, the permission communication module is delivered to MD5 (AX) in the kernel spacing of opening up in advance.At this moment, just there are MD5 (AX) and authenticating documents key (MD5 (AX)) in the kernel spacing.If MD5 (AX) is not distorted, then authenticating documents key (MD5 (AX)) just can accomplish the checking to MD5 (AX), accomplishes the self check process, and further system is authorized; Otherwise if MD5 (AX) has been distorted for MD5 (A ' X), then authenticating documents key (MD5 (AX)) can't accomplish the checking to MD5 (AX), thereby can't further authorize system.
As shown in Figure 1, permission control process flow diagram of the present invention has been described.This process flow diagram relates to permission control selftest module necessary in the permission control process, permission communication module and these three modules of permission control module.
Step 101: after computing machine powered up, system was via the boot of BIOS startup (SuSE) Linux OS, and the (SuSE) Linux OS boot can load linux kernel;
Step 102:Linux kernel can load corresponding driving and other modules; And with the loading of permission control selftest module, as a kernel level thread operation;
Step 103: the permission control selftest module generates key, and this key will be used for step 108 to be deciphered the authorization file, and it leaves the unreadable core position of user program in, has only the permission control module can read the content of this key;
Step 104: load the permission communication module, this permission communication module is opened up a kernel spacing, and this kernel spacing is used for communicating with the permission control module; The key that simultaneously step 103 is generated is deposited in this kernel spacing;
Step 105: the value AX after the init program X that the permission control selftest module obtains the permission control module encrypts is used for comparing with the authenticating documents key (AX) that is stored in file system; The permission communication module is delivered to AX in the kernel spacing that step 104 opens up; At this moment, just there are AX and authenticating documents key (AX) in this kernel spacing; If authenticating documents key (AX) accomplishes the checking to AX, explain that then the init program of permission control module is not distorted, authorization control is correct from the detection state, can further authorize system; Otherwise the init program X of permission control module is distorted, and authorization control detects status error certainly, thereby can't authorize system.
For step 105; Preferred scheme is; The permission control selftest module is asked the MD5 hash value to obtain MD5 (AX) to it, and is asked the MD5 hash value to obtain key (MD5 (AX)) to the authenticating documents key (AX) that is stored in the file system after obtaining the value AX after the init program encryption of permission control module; The permission communication module is delivered to MD5 (AX) in the kernel spacing that step 104 opens up, and then MD5 (AX) and key (MD5 (AX)) is compared.
So far, this system has promptly realized self-protective mechanism through the permission control self check, and empowerment management mechanism is then realized by the permission communication module by application layer permission control module and application layer license distribution module.At first, the license distribution module generates license file through specific encryption method, and is as shown in Figure 2, and it is relatively independent generating the process of license file and the process of the described permission control self check of preceding text; License file is written to it in system through methods such as issue, transmission, downloads after generating.Then, the permission control module realizes the mandate to system through the decryption verification license file.Further comprise following steps:
Step 106: authorization control is under the correct situation of detection state in step 105, and linux kernel loads the init process, starts the permission control module of application layer;
Step 107: the key that the kernel spacing obtaining step 103 that the permission control module of application layer is opened up through permission control selftest module in the inner nuclear layer generates;
Step 108: use the key that reads in the step 107 that the authority of depositing in the system is deciphered and verification.Then, system is authorized according to assay, or the service time of restriction system, or the hardware environment of restriction system operation etc., thereby the permission control function accomplished.The step and the flow process of concrete decryption verification license file are as shown in Figure 3.
Fig. 2 has described and has encrypted the flow process that generates license file, and concrete steps are following:
Step 201: the plaintext to license file is encrypted, and forms the ciphertext of license file;
Step 202: to the license file cryptogram computation hash value of step 201 generation;
Step 203: use to be different from the key that step 201 is used, the hash value of the license file ciphertext that step 202 is generated is encrypted;
Step 204: the new authority of ciphertext composition of the hash value that the ciphertext of the license file that step 201 is generated and step 203 generate.
Fig. 3 has described decryption verification license file flow process, and concrete steps are following:
Step 301: license file is divided into hash value ciphertext part and remainder;
Step 302: step 301 kind of a hash value ciphertext that obtains is partly deciphered the hash value of the license file ciphertext after obtaining deciphering;
Step 303: calculate the hash value of remainder, obtain the hash value of former license file ciphertext;
Step 304: the hash value of the license file ciphertext after the deciphering that step 302 is obtained and the hash value of the former license file ciphertext that step 303 obtains compare, if unequal, judge that then license file is invalid; Otherwise remainder is deciphered the plaintext that can obtain license file.
The explanation of common technology noun:
MD5:Message Digest Algorithm MD5 (Message Digest Algorithm 5) is the widely used a kind of hash function of computer safety field, its usefulness be hash function, in order to the integrity protection that gives information.The typical application of MD5 is the information of one section random-length (Message) to be produced one 128 informative abstract (Message-Digest), is distorted preventing.MD5 is used as whole file as a big text message, through its irreversible character string mapping algorithm, has produced this unique MD5 informative abstract.MD5 can produce a same unique MD5 informative abstract for any file (regardless of its size, form, quantity), if anyone has done any change to file, the just corresponding MD5 informative abstract of its MD5 value all can change.
The above is merely preferred embodiment of the present invention, not in order to restriction the present invention, all any modifications of within spirit of the present invention and principle, being made, is equal to and replaces and improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the method for a (SuSE) Linux OS permission control is characterized in that, it comprises:
Permission control self check step; This step is to guarantee the integrality of permission control module, is distorted or replaces to prevent the permission control module, and it is after computing machine powers up; During via the boot of BIOS start-up system; Utilize the loading of linux system kernel that the permission control selftest module is loaded into kernel spacing, accomplish by module again the permission control function of system is carried out integrity check, and handle accordingly according to assay.
2. the method for claim 1; It is characterized in that; The permission control function realizes through a kind of linux system permission control method, and this method is after the linux system kernel starts, and the init process through system is with the function on of authorization control module.
3. the method for claim 1 is characterized in that, this permission control self check step comprises:
Step 101: after computing machine powered up, system was via the boot of BIOS startup (SuSE) Linux OS, and the (SuSE) Linux OS boot can load linux kernel;
Step 102:Linux kernel can load corresponding driving and other modules; And with the loading of permission control selftest module, as a kernel level thread operation;
Step 103: the permission control selftest module generates key, and this key will be used for step 108 to be deciphered the authorization file, and it leaves the unreadable core position of user program in, has only the permission control module can read the content of this key;
Step 104: load the permission communication module, this permission communication module is opened up a kernel spacing, and this kernel spacing is used for communicating with the permission control module; The key that simultaneously step 103 is generated is deposited in this kernel spacing;
Step 105: the value AX after the init program X that the permission control selftest module obtains the permission control module encrypts is used for comparing with the authenticating documents key (AX) that is stored in file system; The permission communication module is delivered to AX in the kernel spacing that step 104 opens up; At this moment, just there are AX and authenticating documents key (AX) in this kernel spacing; If authenticating documents key (AX) accomplishes the checking to AX, explain that then the init program of permission control module is not distorted, authorization control is correct from the detection state, can further authorize system; Otherwise the init program X of permission control module is distorted, and authorization control detects status error certainly, thereby can't authorize system.
4. method as claimed in claim 3; It is characterized in that; After permission control selftest module in the step 105 obtains the value AX after the init program encryption of permission control module; Ask the MD5 hash value to obtain MD5 (AX) to it, and ask the MD5 hash value to obtain key (MD5 (AX)) the authenticating documents key (AX) that is stored in the file system; The permission communication module is delivered to MD5 (AX) in the kernel spacing that step 104 opens up, and then MD5 (AX) and key (MD5 (AX)) is compared.
5. method as claimed in claim 3 is characterized in that it further comprises:
Step 106: authorization control is under the correct situation of detection state in step 105, and linux kernel loads the init process, starts the permission control module of application layer;
Step 107: the key that the kernel spacing obtaining step 103 that the permission control module of application layer is opened up through permission control selftest module in the inner nuclear layer generates;
Step 108: use the key that reads in the step 107 that the authority of depositing in the system is deciphered and verification; Then, system is authorized according to assay, or the service time of restriction system; Or the hardware environment of restriction system operation etc., thereby accomplish the permission control function.
6. method as claimed in claim 3 is characterized in that, the key of its deciphering leaves the unreadable core position of user program in, has only the permission control module can read the content of key.
7. method as claimed in claim 3 is characterized in that, the decryption verification license file may further comprise the steps:
Step 301: license file is divided into hash value ciphertext part and remainder;
Step 302: the hash value ciphertext to obtaining in the step 301 is partly deciphered, the hash value of the license file ciphertext after obtaining deciphering;
Step 303: calculate the hash value of remainder, obtain the hash value of former license file ciphertext;
Step 304: the hash value of the license file ciphertext after the deciphering that step 302 is obtained and the hash value of the former license file ciphertext that step 303 obtains compare, if unequal, judge that then license file is invalid; Otherwise remainder is deciphered the plaintext that can obtain license file.
8. the method for claim 1; It is characterized in that; It further comprises the license distribution step, and this license distribution step is that the method through a kind of authorization file distributing realizes, the method for this authorization file distributing generates license file and realizes by encrypting.
9. method as claimed in claim 5 is characterized in that, encrypts the generation license file and may further comprise the steps:
Step 201: the plaintext to license file is encrypted, and forms the ciphertext of license file;
Step 202: to the license file cryptogram computation hash value of step 201 generation;
Step 203: use to be different from the key that step 201 is used, the hash value of the license file ciphertext that step 202 is generated is encrypted;
Step 204: the new authority of ciphertext composition of the hash value that the ciphertext of the license file that step 201 is generated and step 203 generate.
10. the system of a (SuSE) Linux OS permission control is characterized in that it comprises:
Be positioned at the permission control selftest module of inner nuclear layer, it is to run on kernel, and the permission control function of system is carried out integrity check, to guarantee the integrality of permission control module, is distorted or replaces to prevent the permission control module;
Be positioned at application layer permission communication module, it is to set up communicating by letter between permission control selftest module and the permission control module, carries out the transmission of grant message;
Be positioned at the permission control module of application layer, it realizes the mandate to system through the decryption verification license file, and realizes the different authorisation management function according to different user's requests.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110194517.5A CN102456111B (en) | 2011-07-12 | 2011-07-12 | Method and system for license control of Linux operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110194517.5A CN102456111B (en) | 2011-07-12 | 2011-07-12 | Method and system for license control of Linux operating system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102456111A true CN102456111A (en) | 2012-05-16 |
| CN102456111B CN102456111B (en) | 2014-04-09 |
Family
ID=46039292
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110194517.5A Active CN102456111B (en) | 2011-07-12 | 2011-07-12 | Method and system for license control of Linux operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102456111B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102982260A (en) * | 2012-11-12 | 2013-03-20 | 中标软件有限公司 | Linux operation system and verification method for installing serial number thereof |
| CN104217166A (en) * | 2013-05-30 | 2014-12-17 | 鈊象电子股份有限公司 | System execution environment verification method |
| CN105426749A (en) * | 2015-11-03 | 2016-03-23 | 浪潮电子信息产业股份有限公司 | Method for controlling running of ELF files on basis of signature mechanism |
| CN106203002A (en) * | 2015-05-06 | 2016-12-07 | 朗新科技股份有限公司 | Software product guard method |
| CN108073792A (en) * | 2016-11-10 | 2018-05-25 | 中标软件有限公司 | A kind of version authorization control system and method under (SuSE) Linux OS |
| CN108229144A (en) * | 2018-01-12 | 2018-06-29 | 百富计算机技术(深圳)有限公司 | A kind of verification method of application program, terminal device and storage medium |
| CN110296407A (en) * | 2019-05-10 | 2019-10-01 | 金字号(福建)燃烧设备有限公司 | A kind of Different Boiler Burner Control System |
| CN111523154A (en) * | 2020-03-20 | 2020-08-11 | 北京元心科技有限公司 | Method and system for obtaining hardware unique identifier and corresponding computer equipment |
| CN112364306A (en) * | 2020-11-18 | 2021-02-12 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Method and system for authorizing software use license of embedded operating system |
| CN113821775A (en) * | 2021-09-29 | 2021-12-21 | 北京珞安科技有限责任公司 | Software copyright protection system and method based on Ubuntu operating system |
| CN116502186A (en) * | 2023-06-26 | 2023-07-28 | 明阳时创(北京)科技有限公司 | System application tpm license generation method, system, medium and device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7191327B2 (en) * | 2002-04-04 | 2007-03-13 | Intrinsyc Software International, Inc. | Internet-enabled device provisioning, upgrade and recovery mechanism |
| CN101419654A (en) * | 2008-12-05 | 2009-04-29 | 北京交通大学 | Boot file credible verify based on mobile TPM |
| US20090199048A1 (en) * | 2008-02-04 | 2009-08-06 | Honeywell International Inc. | System and method for detection and prevention of flash corruption |
| CN101645127A (en) * | 2009-06-17 | 2010-02-10 | 北京交通大学 | Method for establishing trusted booting system based on EFI |
-
2011
- 2011-07-12 CN CN201110194517.5A patent/CN102456111B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7191327B2 (en) * | 2002-04-04 | 2007-03-13 | Intrinsyc Software International, Inc. | Internet-enabled device provisioning, upgrade and recovery mechanism |
| US20090199048A1 (en) * | 2008-02-04 | 2009-08-06 | Honeywell International Inc. | System and method for detection and prevention of flash corruption |
| CN101419654A (en) * | 2008-12-05 | 2009-04-29 | 北京交通大学 | Boot file credible verify based on mobile TPM |
| CN101645127A (en) * | 2009-06-17 | 2010-02-10 | 北京交通大学 | Method for establishing trusted booting system based on EFI |
Non-Patent Citations (1)
| Title |
|---|
| YU CHAO 等: "Security Bootstrap Based on Trusted Computing", 《2010 SECOND INTERNATIONAL CONFERENCE ON NETWORKS SECURITY, WIRELESS COMMUNICATIONS AND TRUSTED COMPUTING》, 25 April 2010 (2010-04-25), pages 456 - 489 * |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102982260A (en) * | 2012-11-12 | 2013-03-20 | 中标软件有限公司 | Linux operation system and verification method for installing serial number thereof |
| CN102982260B (en) * | 2012-11-12 | 2015-09-02 | 中标软件有限公司 | A kind of (SuSE) Linux OS and installation series number verification method thereof |
| CN104217166A (en) * | 2013-05-30 | 2014-12-17 | 鈊象电子股份有限公司 | System execution environment verification method |
| CN106203002B (en) * | 2015-05-06 | 2019-09-03 | 朗新科技股份有限公司 | Software product guard method |
| CN106203002A (en) * | 2015-05-06 | 2016-12-07 | 朗新科技股份有限公司 | Software product guard method |
| CN105426749B (en) * | 2015-11-03 | 2018-08-14 | 浪潮电子信息产业股份有限公司 | A method of ELF running papers are controlled based on signature mechanism |
| CN105426749A (en) * | 2015-11-03 | 2016-03-23 | 浪潮电子信息产业股份有限公司 | Method for controlling running of ELF files on basis of signature mechanism |
| CN108073792B (en) * | 2016-11-10 | 2021-05-28 | 中标软件有限公司 | Version authorization control system and method under Linux operating system |
| CN108073792A (en) * | 2016-11-10 | 2018-05-25 | 中标软件有限公司 | A kind of version authorization control system and method under (SuSE) Linux OS |
| CN108229144A (en) * | 2018-01-12 | 2018-06-29 | 百富计算机技术(深圳)有限公司 | A kind of verification method of application program, terminal device and storage medium |
| CN110296407A (en) * | 2019-05-10 | 2019-10-01 | 金字号(福建)燃烧设备有限公司 | A kind of Different Boiler Burner Control System |
| CN111523154A (en) * | 2020-03-20 | 2020-08-11 | 北京元心科技有限公司 | Method and system for obtaining hardware unique identifier and corresponding computer equipment |
| CN111523154B (en) * | 2020-03-20 | 2021-03-02 | 北京元心科技有限公司 | Method and system for obtaining hardware unique identifier and corresponding computer equipment |
| CN112364306A (en) * | 2020-11-18 | 2021-02-12 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Method and system for authorizing software use license of embedded operating system |
| CN112364306B (en) * | 2020-11-18 | 2022-11-11 | 华东计算技术研究所(中国电子科技集团公司第三十二研究所) | Method and system for authorizing software use license of embedded operating system |
| CN113821775A (en) * | 2021-09-29 | 2021-12-21 | 北京珞安科技有限责任公司 | Software copyright protection system and method based on Ubuntu operating system |
| CN113821775B (en) * | 2021-09-29 | 2022-04-08 | 北京珞安科技有限责任公司 | Software copyright protection system and method based on Ubuntu operating system |
| CN116502186A (en) * | 2023-06-26 | 2023-07-28 | 明阳时创(北京)科技有限公司 | System application tpm license generation method, system, medium and device |
| CN116502186B (en) * | 2023-06-26 | 2023-09-15 | 明阳时创(北京)科技有限公司 | System application tpm license generation method, system, medium and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102456111B (en) | 2014-04-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102456111B (en) | Method and system for license control of Linux operating system | |
| EP3458999B1 (en) | Self-contained cryptographic boot policy validation | |
| US7986786B2 (en) | Methods and systems for utilizing cryptographic functions of a cryptographic co-processor | |
| US11132468B2 (en) | Security processing unit of PLC and bus arbitration method thereof | |
| KR101712784B1 (en) | System and method for key management for issuer security domain using global platform specifications | |
| WO2021073170A1 (en) | Method and apparatus for data provision and fusion | |
| US8775784B2 (en) | Secure boot up of a computer based on a hardware based root of trust | |
| JP4615601B2 (en) | Computer security system and computer security method | |
| CN102508791B (en) | Method and device for encrypting hard disk partition | |
| CN107438849B (en) | System and method for verifying integrity of electronic device | |
| CN103221957B (en) | Utilize fail-safe software license and the supply of hardware based security engine | |
| US8281115B2 (en) | Security method using self-generated encryption key, and security apparatus using the same | |
| AU2020244511B2 (en) | Balancing public and personal security needs | |
| WO2020107104A1 (en) | Personalized and cryptographically secure access control in operating systems | |
| EP2264639B1 (en) | Securing executable code integrity using auto-derivative key | |
| US20180131677A1 (en) | Balancing public and personal security needs | |
| CN103460195A (en) | System and method for secure software update | |
| CN106936588B (en) | Hosting method, device and system of hardware control lock | |
| CN101983375A (en) | Binding a cryptographic module to a platform | |
| CN111651748A (en) | Safety access processing system and method for ECU in vehicle | |
| CN104715208A (en) | Platform integrity checking method based on TPM chip | |
| CN104794394A (en) | Virtual machine starting verification method and device | |
| CN106156607B (en) | SElinux secure access method and POS terminal | |
| US11516194B2 (en) | Apparatus and method for in-vehicle network communication | |
| JP2017011491A (en) | Authentication system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |