CN111125710B - Information processing method and device, electronic equipment and storage medium - Google Patents

Information processing method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN111125710B
CN111125710B CN201911207152.8A CN201911207152A CN111125710B CN 111125710 B CN111125710 B CN 111125710B CN 201911207152 A CN201911207152 A CN 201911207152A CN 111125710 B CN111125710 B CN 111125710B
Authority
CN
China
Prior art keywords
target virtual
information
configuration information
equipment
bios
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911207152.8A
Other languages
Chinese (zh)
Other versions
CN111125710A (en
Inventor
王鹤来
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201911207152.8A priority Critical patent/CN111125710B/en
Publication of CN111125710A publication Critical patent/CN111125710A/en
Application granted granted Critical
Publication of CN111125710B publication Critical patent/CN111125710B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The embodiment of the application discloses an information processing method, which is used for acquiring configuration information; the configuration information represents the configuration of an operator aiming at the safety protection function of the electronic equipment; storing the configuration information into a configuration file of a Basic Input Output System (BIOS) corresponding to the target virtual equipment, so that the target virtual equipment can realize safety protection aiming at the electronic equipment based on the configuration information; wherein the target virtual device is created on the electronic device. The embodiment of the application also discloses an information processing device, electronic equipment and a computer storage medium.

Description

Information processing method and device, electronic equipment and storage medium
Technical Field
The present application relates to, but not limited to, the field of computer technologies, and in particular, to an information processing method, an information processing apparatus, an electronic device, and a storage medium.
Background
With the development of information technology, computer applications and network communications have penetrated into various fields of society, and people increasingly rely on timely and reliable information services for work and life. Most enterprises and public institutions deal with daily work through electronic technology. In the related art, in order to prevent technical disclosure, functions such as closing a Universal Serial Bus (USB) port and restricting access to a related network are generally implemented by using encryption software, so as to implement security management on an electronic device. However, the related art encryption software is vulnerable to malicious damage or uninstallation at the system layer or application layer operation, resulting in a reduction in security.
Disclosure of Invention
Embodiments of the present application are intended to provide an information processing method, an information processing apparatus, an electronic device, and a computer storage medium.
The technical scheme of the application is realized as follows:
in a first aspect, an information processing method is provided, and the method includes:
acquiring configuration information; the configuration information represents the configuration of an operator for the safety protection function of the electronic equipment;
storing the configuration information into a configuration file of a Basic Input Output System (BIOS) corresponding to the target virtual equipment, so that the target virtual equipment can realize safety protection aiming at the electronic equipment based on the configuration information; wherein the target virtual device is created on the electronic device.
In a second aspect, an information processing apparatus is provided, the apparatus comprising:
an acquisition unit configured to acquire configuration information; the configuration information represents the configuration of an operator for the safety protection function of the electronic equipment;
the processing unit is used for storing the configuration information into a configuration file of a Basic Input Output System (BIOS) corresponding to the target virtual equipment, so that the target virtual equipment can realize safety protection aiming at the electronic equipment based on the configuration information; wherein the target virtual device is created on the electronic device.
In a third aspect, an electronic device is provided, which includes: a processor, a memory, and a communication bus, wherein:
the communication bus is used for realizing communication connection between the processor and the memory;
the processor is configured to perform the steps of the information processing method of the first aspect when executing the computer program.
In a fourth aspect, there is provided a storage medium characterized in that the storage medium stores one or more programs executable by one or more processors to implement the steps of the information processing method according to the first aspect.
According to the information processing method, the information processing device, the electronic equipment and the storage medium, the target virtual equipment is established in the electronic equipment, and the acquired configuration information aiming at the safety protection function of the electronic equipment is stored in the configuration file of the BIOS corresponding to the target virtual equipment; therefore, the safety protection aiming at the electronic equipment is transferred to the virtualized hardware equipment, so that the defect that the electronic equipment is easy to be maliciously damaged and unloaded due to the protection of software is overcome; moreover, the electronic device can store the configuration information into the configuration file of the BIOS corresponding to the target virtual device, and the information stored in the BIOS cannot be directly deleted. Therefore, the configuration information is prevented from being maliciously tampered, and the safety performance of the electronic equipment is improved.
Drawings
Fig. 1 is a schematic flowchart 1 of an information processing method according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of an information processing method according to an embodiment of the present disclosure 2;
fig. 3 is a schematic view of a display interface of an electronic device 1 according to an embodiment of the present disclosure;
fig. 4 is a schematic display interface diagram 2 of an electronic device according to an embodiment of the present application;
fig. 5 is a schematic display interface diagram 3 of an electronic device according to an embodiment of the present application;
fig. 6 is a schematic display interface diagram 4 of an electronic device according to an embodiment of the present application;
fig. 7 is a schematic display interface diagram 5 of an electronic device according to an embodiment of the present application;
fig. 8 is a schematic display interface diagram 6 of an electronic device according to an embodiment of the present application;
fig. 9 is a schematic display interface diagram 7 of an electronic device according to an embodiment of the present application;
fig. 10 is a schematic flowchart of an information processing method according to an embodiment of the present application 3;
fig. 11 is a schematic functional architecture diagram of an information processing method according to an embodiment of the present application;
fig. 12 is a schematic flowchart of an information processing method according to an embodiment of the present application 4;
fig. 13 is a schematic flowchart of an information processing method according to an embodiment of the present application 5;
Fig. 14 is a schematic structural component diagram of an information processing apparatus according to an embodiment of the present application;
fig. 15 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It should be understood that the specific embodiments described herein are merely illustrative of and not restrictive on the broad application.
Example one
The embodiment of the application provides an information processing method, which is applied to electronic equipment; the electronic device includes, but is not limited to, an industrial computer, a notebook computer, a smart phone, a tablet computer, a wearable device, a Mobile Internet Device (MID), and the like. As shown in fig. 1, an information processing method provided in an embodiment of the present application includes the following steps:
step 110, obtaining configuration information.
The configuration information represents the configuration of an operator for the safety protection function of the electronic equipment.
In the embodiment provided by the application, the electronic device can acquire safety protection function configuration information input by an operator for the electronic device.
Specifically, the electronic device may obtain configuration information input by an operator through a preset interface; the preset interface may be a use interface provided by the electronic device to the operator through the target application in the operating system environment, or may be a configuration interface directly provided by the electronic device to the operator in the BIOS environment, which is not limited in this embodiment of the present application.
Further, the configuration information may be related information input by an operator when configuring the safety protection function in the electronic device; the security protection function mentioned in the embodiment of the present application may refer to functions of performing security management, network access, and preventing information leakage on hardware of the electronic device. For example, the security protection function may be a password protection function when setting configuration information, a USB management function, a watermarking function, and the like. Correspondingly, the configuration information mentioned in the embodiment of the present application may be identity authentication information input by an operator, control information of a USB port, watermark setting information, and the like.
Step 120, saving the configuration information to a configuration file of a Basic Input Output System (BIOS) corresponding to the target virtual device, so that the target virtual device can implement security protection for the electronic device based on the configuration information.
Wherein the target virtual device is created when the electronic device is powered on.
In the embodiment provided by the application, the target virtual device is a virtual hardware device created by the electronic device; hardware devices such as a mouse, a keyboard, a video card and the like in the target virtual device electronic device can be managed through a hardware device manager in the electronic device.
Specifically, the electronic device may create a target virtual device when powering on the device; specifically, the electronic device may execute a BIOS program solidified in a Read-Only Memory (ROM) chip of the electronic device by itself after being powered on, and create the target virtual device based on the BIOS program. The BOIS program may also be stored and solidified at an Embedded Controller (EC) end of the BOIS, that is, the relevant information of the target virtual device is designed in advance by a designer and stored in the BIOS program. Thus, the electronic device needs to create a target virtual device each time it is powered on.
Further, after the electronic device acquires the configuration information, the configuration information is stored in a configuration file of a BIOS corresponding to the target virtual device. Here, the configuration file of the BIOS is stored in the ROM chip; thus, the configuration file in the BIOS can be ensured not to be deleted randomly.
In addition, the configuration information saved to the configuration file of the BIOS corresponding to the target virtual device can be applied to the BIOS. Specifically, the electronic device may directly read a configuration file of the BIOS corresponding to the target virtual device in the BIOS starting process, and initialize the electronic device based on the configuration information in the configuration file, that is, apply the configuration information in the configuration file to the BIOS, thereby implementing security protection on the electronic device.
Illustratively, when an operator inputs configuration information of the disabled USB port, the electronic device synchronizes the configuration information of the disabled USB port to a configuration file of a BIOS corresponding to the target virtual device; and after the electronic equipment is started to enter the BIOS next time, the mode of the USB port is set to be forbidden according to the information in the configuration file.
It should be noted that, the configuration of the security protection function in the electronic device is completed under the operation of a legal operator, and the electronic device verifies the identity information of the legal operator, so that the security of the security protection configuration is ensured at the bottom layer of the electronic device, and the configuration information of the electronic device is prevented from being maliciously modified by an illegal operator.
In the embodiment provided by the application, the target virtual equipment is established in the electronic equipment, and the configuration information aiming at the safety protection function of the electronic equipment is stored in the configuration file of the BIOS corresponding to the target virtual equipment; therefore, the safety protection function is transferred to the virtualized hardware equipment, and the defect that electronic equipment is easy to be maliciously damaged and unloaded due to protection of software is avoided; moreover, the electronic device can store the configuration information into the storage block corresponding to the BIOS, and the configuration information cannot be directly deleted; therefore, the configuration information can be prevented from being maliciously tampered, and the safety performance of the electronic equipment is improved.
Example two
Based on the foregoing embodiments, an embodiment of the present application provides an information processing method, as shown in fig. 2, the method specifically includes the following steps:
step 210, obtaining configuration information through the target application.
Wherein the target application is used for providing a use interface of the target virtual device.
In the embodiment provided by the application, the electronic device can run the target application in the operating system environment, and the configuration information for the safety protection function of the electronic device, which is input by an operator, is acquired through the target application.
Here, the target application and the target virtual device have a corresponding association relationship. Specifically, the target virtual device is a hardware device virtualized by the electronic device, and in order to implement the operation on the hardware device, which is the target virtual device located at the bottom layer, in the operating system environment, the electronic device may provide a visual interface to the operator, where the visual interface is implemented by the target application; it is to be appreciated that the target application can be used to provide the operator with a usage interface for the target virtual appliance.
In the embodiments provided by the present application, the target application can provide a visualized interface, and specifically, the target application can provide different visualized configuration interfaces for different security protection functions. Illustratively, after the operator starts the target application, a password verification interface shown in fig. 3 is displayed for obtaining the password input by the operator to authenticate the identity of the operator. Further, after the password input by the operator is successfully verified, the user enters a main interface of the security protection function shown in fig. 4, and the main interface is used for providing version information of the target application for the operator, and providing a password modification interface and a default setting recovery interface. In this example, the target application may also provide a USB port control interface as shown in fig. 5, a watermark setting interface as shown in fig. 6. In this way, the operator can perform configuration operation on different interfaces, so that the electronic device can acquire the configuration information input by the operator through the target application.
And step 220, transmitting the configuration information to a device driver corresponding to the target virtual device through the target application.
Wherein the device driver is configured to establish communication between the target application and the target virtual device.
In practical applications, a target application in an operating system environment cannot directly communicate with a target virtual device, and therefore, in the embodiment of the present application, a device driver corresponding to the target virtual device needs to be installed, and communication between the target application and the target virtual device is established through the device driver.
Specifically, before step 201, the electronic device can create a target virtual device while in the BIOS environment; after the electronic device enters the operating system environment, the created target virtual device can be identified, and the device driver corresponding to the created target virtual device can be installed on the basis of the created target virtual device.
Further, after the device driver corresponding to the target virtual device is successfully installed, the configuration information transmitted by the target application can be acquired, the configuration information is stored in the configuration file of the BIOS of the target virtual device, and meanwhile, the device driver can synchronize the configuration information in the configuration file of the BIOS of the target virtual device to the target application; and realizing data interaction between the target virtual equipment and the target application.
Step 230, storing the configuration information into a configuration file of the BIOS corresponding to the target virtual device through the device driver, so that the target virtual device can implement security protection for the electronic device based on the configuration information.
In embodiments provided herein, a target virtual device may synchronize configuration information input by an operator in a target application via a device driver and apply the configuration information to a BIOS.
Specifically, after the device driver stores the configuration information in the BIOS configuration file corresponding to the target virtual device, when the electronic device performs the next power-on self-test, the electronic device may read the BIOS configuration file corresponding to the target virtual device, and initialize the security function associated with the configuration information.
For example, if the operator turns off the USB mass storage function in the USB port control interface provided by the target application shown in fig. 5, the electronic device is controlled to disable the USB mass storage function when the USB device is initialized in the next power-on self-test process of the BIOS of the electronic device.
It should be noted that steps 210 to 230 are all steps executed in an operating system environment.
In the embodiment provided by the present application, before step 210, a target virtual device needs to be established, and the specific steps are as follows:
Step 201, when the electronic device is powered on, entering a self-checking program to create a target virtual device;
step 202, acquiring a BIOS configuration file corresponding to target virtual equipment;
step 203, the control target virtual device initializes the security protection function associated with the configuration information based on the configuration information stored in the BIOS configuration file.
Specifically, the electronic device may automatically execute the BIOS program solidified in the ROM chip of the electronic device after entering the self-test program at power-on, and create the target virtual device based on the BIOS program. That is, the information related to the target virtual device is designed in advance by the designer and stored in the BIOS program. Thus, the electronic device needs to create the target virtual device each time the electronic device is powered on for self-test.
Further, the configuration file of the BIOS corresponding to the target virtual device may be directly read, and the electronic device may be initialized based on the configuration information in the configuration file, that is, the configuration information in the configuration file is applied to the BIOS, so as to implement security protection of the electronic device.
It should be noted that steps 201 to 203 are steps executed in the BIOS environment, and the execution sequence of step 201 and step 202 is not sequential.
Further, after step 203 and before step 210, the information processing method further includes the steps of:
step 204, entering an operating system, and acquiring a device driver corresponding to the target virtual device;
step 205, install device driver, and establish communication between target virtual device and target application.
In the embodiment provided by the application, the electronic device enters an operating system environment after creating the target virtual device, obtains a device driver corresponding to the target virtual device, and installs the device driver to establish the bidirectional communication between the target virtual device and the target application.
In the embodiments provided in the present application, the target virtual device created by the electronic device in the BIOS environment may be managed by the device manager. Further, after the electronic device successfully installs the target device driver, the operator may view the target virtual device in the device manager interface. For example, referring to the device manager interface diagram shown in fig. 7, the name of the target virtual device is "security device", and it can be seen that the target virtual device is displayed in the device manager interface simultaneously with hardware devices such as a processor, a keyboard, and a battery in the electronic device.
Further, after the target device driver is successfully installed on the electronic device, the software component library of the electronic device can display the software construction in the configuration file of the BIOS, so that the target application operates the relevant configuration in the target virtual device; for example, a software component library interface shown in fig. 8 can display a "Bios protection Usb software development kit" for controlling a Usb port in a target application, and the software component library also includes software constructs such as an "intel media software development kit" and an "intel protection extension software". In addition, after the electronic equipment successfully installs the target equipment driver, the currently executed safety protection function can be displayed in the task manager; for example, the relevant processes such as "BIOS security protection" and "BIOS watermark" appear between persons as shown in fig. 9.
Specifically, after entering the operating system, the electronic device first detects whether a device driver corresponding to the target virtual device is installed on the electronic device. If the electronic device does not have the device driver of the target virtual device, after the electronic device enters an operating system, obtaining the device driver corresponding to the target virtual device, and installing the device driver to establish the bidirectional communication between the target virtual device and the target application. If the electronic device is provided with the device driver of the target virtual device, the electronic device automatically starts the device driver and the target application corresponding to the target drive device after entering the operating system, so as to establish the bidirectional communication between the target virtual device and the target application.
In the embodiment provided by the application, when it is detected that the electronic device is not provided with the device driver of the target virtual device, the electronic device may push the device driver and the target application corresponding to the target virtual device to an operator according to the created target virtual device; specifically, the electronic device alerts an operator to download or the electronic device automatically downloads the device driver and the target application.
Therefore, if an illegal operator maliciously deletes the device driver in the operating system, the electronic device can remind the operator to download or automatically download the device driver and the target application after the electronic device is started to enter the operating system next time; therefore, as long as the target virtual device is created, even if the target application and the device driver are deleted, the target application and the driver device can be downloaded again after the electronic device is started every time, and the safety protection of the electronic device is maintained.
In addition, in the embodiment provided in the present application, in an operating system environment, the electronic device may further perform the following steps:
step 206, detecting the installation state of the equipment driver;
and step 207, if the device driver is not installed successfully within the preset time length, closing the electronic device.
Specifically, the electronic device may detect a current installation state of the device driver in real time during execution of a device driver instruction corresponding to the installation target virtual device; when the equipment is successfully installed within the preset time, establishing communication between the target virtual equipment and the target application; when the device driver is detected not to be normally installed within the preset time, the electronic device is automatically closed; prevent the inside information of electronic equipment from revealing, promote electronic equipment's security performance.
It should be noted that, for the description of the same steps and the same contents in this embodiment as those in other embodiments, reference may be made to the description in the other embodiments, which is not repeated herein.
In the embodiment provided by the application, the target virtual equipment is established in the electronic equipment, and the configuration information aiming at the safety protection function of the electronic equipment is stored in the configuration file of the BIOS corresponding to the target virtual equipment; therefore, the safety protection function is transferred to the virtualized hardware equipment, and the defect that electronic equipment is easy to be maliciously damaged and unloaded due to protection of software is avoided; moreover, the electronic device can store the configuration information into the storage block corresponding to the BIOS, and the configuration information cannot be directly deleted; therefore, the configuration information can be prevented from being maliciously tampered, and the safety performance of the electronic equipment is improved.
EXAMPLE III
Based on the foregoing embodiments, an embodiment of the present application provides an information processing method, including the following steps:
step 310, obtaining configuration information through the target application.
And 320, transmitting the configuration information to a device driver corresponding to the target virtual device through the target application.
Step 330, storing the configuration information to a configuration file of the BIOS corresponding to the target virtual device through the device driver, so that the target virtual device can implement security protection for the electronic device based on the configuration information.
In the embodiment provided by the present application, the target application further has a protection function of identity authentication, that is, the target application supports setting identity information of a legitimate operator. The identity information can be password information, fingerprint information, iris information and other information which can represent the legal identity of an operator; the identity information may be obtained by a device linked to the PIC bus, such as a fingerprint obtaining device, a camera, an input keyboard, and the like, which is not limited herein.
Specifically, when the operator starts the target application, the electronic device prompts the operator to input the identity authentication information, and the configuration interface provided by the target application can be accessed only after the identity authentication information passes the authentication.
In the embodiment provided by the present application, the operator may modify the preset identity information through the methods described in the above steps 310 to 330; the configuration information in step 310 may be preset identity information input by an operator.
Specifically, the operator modifies the preset identity information through an identity information modification interface provided by the target application, for example, the operator modifies the preset identity information through a "modify password" interface shown in fig. 4. Further, the target application may receive preset identity information input by an operator, and synchronize the preset identity information into a configuration file of a BIOS corresponding to the target virtual device through the device driver. Of course, to improve security, further encryption may be performed in the configuration file, with the key being held in the configuration file.
In an embodiment provided by the present application, the information processing method further includes:
step 340, acquiring identity authentication information when a deleting instruction for deleting the equipment driver and/or the target application is received;
and step 350, responding to the deleting instruction if the identity authentication information is matched with the preset identity information stored in the configuration file of the BIOS.
Specifically, when the electronic device receives an instruction to delete the device driver and/or the target application, it needs to perform identity authentication on the operator who sends the deletion instruction, and only after the identity authentication of the operator is successful, the electronic device may respond to the instruction to delete the device driver and/or the target application.
In addition, in the embodiment provided by the application, if the identity authentication of the operator fails, the received deletion instruction is refused to be responded. In this way, only if the legal operator identity authentication is passed, the target application and the related device driver can be normally uninstalled.
In the embodiment provided by the application, when the electronic equipment receives a deleting instruction, an operator can be prompted to input identity authentication information; acquiring identity authentication information input by an operator; meanwhile, the electronic equipment acquires preset identity information from a configuration file of a BIOS corresponding to the target virtual equipment. Further, the electronic equipment compares the currently acquired identity authentication information with preset identity information stored in a configuration file of the BIOS, and if the identity authentication information and the preset identity information are consistent, the identity authentication of the operator is considered to be successful; and if the two are not consistent, the identity authentication of the operator is considered to be failed.
In an embodiment provided by the present application, the information processing method may further include the steps of:
step 360, when detecting an instruction for modifying the starting sequence of the electronic equipment or an instruction for forbidding the target virtual equipment, acquiring identity authentication information;
step 370, if the identity authentication information matches the preset identity information stored in the configuration file of the BIOS, responding to an instruction to modify the start sequence of the electronic device or to disable the target virtual device.
Here, when the electronic device receives an instruction to modify the start-up sequence or disable the target virtual device, it is also necessary to authenticate the identity of the operator who issued the instruction.
Specifically, the manner of authenticating the operator by the electronic device is similar to that in step 350, and is not described herein again.
Further, when the identity authentication is successful, responding to an instruction that the starting sequence of the electronic equipment should be modified or the instruction of the target virtual equipment should be forbidden; and when the identity authentication fails, refusing to respond to the instruction for modifying the starting sequence of the electronic equipment or the instruction for forbidding the target virtual equipment.
Therefore, the preset identity information input by the operator is synchronously set in the configuration file of the BIOS through the target application, when the starting sequence is changed or the target virtual equipment is forbidden, the identity authentication function of the operator is activated, and the relevant safety protection function is prevented from being maliciously damaged.
Exemplary, referring to the flow chart shown in fig. 10, the synchronization and detection of the identity information will be described in detail:
step 1, receiving preset password information set by an operator through a target application, and sending the preset password information to an equipment driver;
step 2, the device driver receives preset password information;
step 3, performing special encryption on the preset password information;
step 4, transmitting the encrypted preset password information through a Unified Extensible Firmware Interface (UEFI) variable;
step 5, storing the encrypted preset password information into a BIOS configuration file of the target virtual equipment;
step 6, after restarting/starting up, judging whether the starting sequence is changed; if not, executing step 7; if the change occurs, executing step 8;
step 7, starting normally;
step 8, acquiring encrypted preset password information from the BIOS configuration file, and acquiring password information currently input by an operator;
step 9, decrypting the encrypted preset password information to obtain preset password information;
step 10, determining whether the preset password information is consistent with the password currently input by the operator; if yes, executing step 11; if not, executing step 12;
Step 11, permitting a starting sequence;
and step 12, refusing to start.
In the embodiment provided by the application, the target virtual equipment is established in the electronic equipment, and the configuration information aiming at the safety protection function of the electronic equipment is stored in the configuration file of the BIOS corresponding to the target virtual equipment; therefore, the safety protection function is transferred to the virtualized hardware equipment, and the defect that electronic equipment is easy to be maliciously damaged and unloaded due to protection of software is avoided; moreover, the electronic device can store the configuration information into the storage block corresponding to the BIOS, and the configuration information cannot be directly deleted; therefore, the configuration information can be prevented from being maliciously tampered, and the safety performance of the electronic equipment is improved.
Example four
Based on the foregoing embodiments, the present application provides an information processing method, which may be applied to the functional architecture shown in fig. 11, as shown in fig. 11, where the functional architecture includes a target application, a device driver, and a target virtual device.
Specifically, the target application can provide a visualized interface; in particular, the target application can provide different visualized configuration interfaces for different security protection functions. The target application receives preset identity information and/or configuration information of related functions set by an operator through a provided visual configuration interface, and synchronizes the preset identity information and/or the configuration information of the related functions into a BIOS configuration file corresponding to the target virtual device through a device driver.
And the device driver is used as an interface for communication between the target virtual device and the target application, synchronizes the relevant configuration information of the safety protection function to the configuration file of the BIOS of the target virtual device, and reports the relevant configuration in the BIOS to the target application.
And the target virtual device creates a 'target virtual device forbidden' option for closing or opening the whole safety protection function. In the embodiment of the application, when the power-on self-test is carried out, the target virtual device is created and used for installing the corresponding device driver. The target virtual device may synchronize configuration information input by an operator in the target application via the device driver and apply the configuration information to the BIOS. In addition, the target virtual device can synchronize preset identity information transmitted by the target application and is used for identity authentication.
As shown in fig. 12, the functional flow of the target application to the target virtual device is described in detail;
the electronic equipment starts a target application; the identity of the operator is authenticated through the target application, and whether the identity authentication is successful is confirmed; if the identity authentication fails, the process is ended; if the identity authentication is successful, configuring the safety protection function to acquire configuration information; and transmitting the configuration information to the configuration file of the BIOS of the target virtual device through the device driver.
Thus, since the electronic device can store the configuration information in the storage block corresponding to the BIOS, the configuration information cannot be directly deleted in the os layer.
As shown in fig. 13, the functional flow of the target virtual device is described in detail:
starting up the electronic equipment; judging whether the target virtual equipment is forbidden or not; if the target virtual equipment is not forbidden, creating target virtual equipment; the slave device drives the synchronous configuration information, namely reads the configuration information stored in the configuration file of the BIOS corresponding to the target virtual device, and initializes the safety protection function associated with the configuration information; and after the initialization is completed, entering an operating system.
Therefore, the target virtual equipment is established in the electronic equipment, and the safety protection function is transferred to the virtualized hardware equipment, so that the defect that the electronic equipment is easy to be maliciously damaged and unloaded due to the protection of software is avoided; the configuration information can be prevented from being maliciously tampered, and the safety performance of the electronic equipment is improved.
EXAMPLE five
Based on the foregoing embodiments, an embodiment of the present application provides an information processing apparatus, which is applied to an electronic device in the foregoing embodiments, and as shown in fig. 14, the information processing apparatus includes:
An acquisition unit 1401 configured to acquire configuration information; the configuration information represents the configuration of an operator aiming at the safety protection function of the electronic equipment;
the processing unit 1402 is configured to store the configuration information into a configuration file of a basic input output system BIOS corresponding to the target virtual device, so that the target virtual device can implement security protection for the electronic device based on the configuration information; wherein the target virtual device is created on the electronic device.
In the embodiment provided in the present application, the obtaining unit 1401 is specifically configured to obtain configuration information through a target application; and transmitting the configuration information to the device driver corresponding to the target virtual device through the target application.
The processing unit 1402 is configured to store, by the device driver, the configuration information into a configuration file of the BIOS corresponding to the target virtual device, so that the target virtual device can implement security protection for the electronic device based on the configuration information.
In the embodiment provided in this application, the processing unit 1402 is configured to enter a self-test program to create a target virtual device when the electronic device is powered on;
an obtaining unit 1401, configured to obtain a BIOS configuration file corresponding to a target virtual device;
the processing unit 1402 is further configured to control the target virtual device to initialize a security protection function associated with the configuration information based on the configuration information stored in the BIOS configuration file.
In the embodiment provided by the present application, an obtaining unit 1401, configured to enter an operating system and obtain a device driver corresponding to a target virtual device;
the processing unit 1402 is further configured to install the device driver and establish communication between the target virtual device and the target application.
In the embodiments provided herein, the processing unit 1402 is configured to detect an installation state of the device driver; and if the equipment driver is not successfully installed within the preset time, closing the electronic equipment.
In the embodiment provided by the present application, the obtaining unit 1401 is configured to obtain identity authentication information when receiving a deletion instruction for deleting a device driver and/or a target application;
the processing unit 1402 is further configured to respond to the delete instruction if the identity authentication information matches preset identity information stored in the configuration file of the BIOS.
In the embodiment provided in the present application, the obtaining unit 1401 is configured to obtain the identity authentication information when detecting an instruction to modify a starting sequence of the electronic device or disable a target virtual device;
the processing unit 1402 is further configured to respond to a command for modifying a start-up sequence of the electronic device or a command for disabling the target virtual device if the identity authentication information matches preset identity information stored in the configuration file of the BIOS.
In the information processing apparatus provided by the application, a target virtual device is established in an electronic device, and configuration information for a security protection function of the electronic device is stored in a configuration file of a BIOS corresponding to the target virtual device; therefore, the safety protection function is transferred to the virtualized hardware equipment, and the defect that the electronic equipment is easy to be maliciously damaged and unloaded due to the protection of the electronic equipment by software is overcome; moreover, the electronic device can store the configuration information into a storage block corresponding to the BIOS, and the configuration information cannot be directly deleted; therefore, the configuration information can be prevented from being maliciously tampered, and the safety performance of the electronic equipment is improved.
EXAMPLE five
Based on the implementation of each unit in the information processing apparatus, in order to implement the information processing method provided in the embodiment of the present application, an embodiment of the present application further provides an electronic device, as shown in fig. 15, where the electronic device 150 includes: a processor 1501 and a memory 1502 configured to store computer programs capable of running on the processor,
wherein the processor 1501 is configured to perform the method steps of the previous embodiments when running the computer program.
In practice, of course, the various components of the electronic device 150 are coupled together by a bus system 1503, as shown in FIG. 15. It is understood that the bus system 1503 is used to enable communications among the components by connections. The bus system 1503 includes a power bus, a control bus, and a status signal bus in addition to the data bus. For clarity of illustration, the various buses are designated in fig. 15 as the bus system 1503.
In an exemplary embodiment, the present application further provides a computer readable storage medium, for example, the memory 1502 including a computer program, which can be executed by the processor 1501 of the electronic device 150 to complete the steps of the foregoing method. The computer-readable storage medium may be a Memory such as a magnetic random access Memory (FRAM), a Read Only Memory (ROM), a Programmable Read Only Memory (PROM), an Erasable Programmable Read-Only Memory (EPROM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Flash Memory (Flash Memory), a magnetic surface Memory, an optical Disc, or a Compact Disc Read-Only Memory (CD-ROM).
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present application, and is not intended to limit the scope of the present application.

Claims (10)

1. An information processing method, the method comprising:
acquiring configuration information through a target application; the target application is used for providing a use interface of the target virtual equipment; the configuration information represents the configuration of an operator for the safety protection function of the electronic equipment;
Storing the configuration information into a configuration file of a Basic Input Output System (BIOS) corresponding to the target virtual equipment, so that the target virtual equipment can realize safety protection aiming at the electronic equipment based on the configuration information; wherein the target virtual device is created on the electronic device.
2. The method of claim 1, wherein saving the configuration information to a Basic Input Output System (BIOS) configuration file corresponding to the target virtual device comprises:
transmitting the configuration information to a device driver corresponding to the target virtual device through the target application; wherein the device driver is to establish communication between the target application and the target virtual device;
and storing the configuration information into a BIOS configuration file corresponding to the target virtual device through the device driver.
3. The method of claim 1, further comprising:
when the electronic equipment is powered on, entering a self-checking program to create the target virtual equipment;
acquiring a BIOS configuration file corresponding to the target virtual equipment;
controlling the target virtual device to initialize a security protection function associated with the configuration information based on the configuration information stored in the BIOS configuration file.
4. The method of claim 3, further comprising:
entering an operating system, and acquiring a device driver corresponding to the target virtual device;
installing the device driver and establishing communication between the target virtual device and a target application; wherein the target application is configured to provide a usage interface of the target virtual device.
5. The method of claim 4, further comprising:
detecting an installation state of the device driver;
and if the equipment driver is not successfully installed within the preset time, closing the electronic equipment.
6. The method according to any one of claims 2-5, further comprising:
when a deleting instruction for deleting the equipment driver and/or the target application is received, acquiring identity authentication information;
and responding to the deleting instruction if the identity authentication information is matched with preset identity information stored in the configuration file of the BIOS.
7. The method according to any one of claims 2-5, further comprising:
when detecting an instruction for modifying the starting sequence of the electronic equipment or an instruction for forbidding the target virtual equipment, acquiring identity authentication information;
and if the identity authentication information is matched with the preset identity information stored in the configuration file of the BIOS, responding to the instruction for modifying the starting sequence of the electronic equipment or forbidding the instruction of the target virtual equipment.
8. An information processing apparatus, characterized in that the apparatus comprises:
an acquisition unit configured to acquire configuration information through a target application; the target application is used for providing a use interface of the target virtual equipment; the configuration information represents the configuration of an operator for the safety protection function of the electronic equipment;
the processing unit is used for storing the configuration information into a configuration file of a Basic Input Output System (BIOS) corresponding to the target virtual equipment, so that the target virtual equipment can realize safety protection aiming at the electronic equipment based on the configuration information; the target virtual device is created when the electronic device is powered on for self-test.
9. An electronic device, the electronic device comprising: a processor, a memory, and a communication bus, wherein:
the communication bus is used for realizing communication connection between the processor and the memory;
the processor is configured to perform the steps of the information processing method of any one of claims 1 to 7 when running the computer program.
10. A storage medium characterized by storing one or more programs which are executable by one or more processors to implement the steps of the information processing method as claimed in claims 1 to 7.
CN201911207152.8A 2019-11-29 2019-11-29 Information processing method and device, electronic equipment and storage medium Active CN111125710B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911207152.8A CN111125710B (en) 2019-11-29 2019-11-29 Information processing method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911207152.8A CN111125710B (en) 2019-11-29 2019-11-29 Information processing method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111125710A CN111125710A (en) 2020-05-08
CN111125710B true CN111125710B (en) 2022-06-28

Family

ID=70496359

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911207152.8A Active CN111125710B (en) 2019-11-29 2019-11-29 Information processing method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111125710B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113676368B (en) * 2021-07-12 2022-07-19 交控科技股份有限公司 Method and device applied to ATS network performance test

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477600A (en) * 2009-01-20 2009-07-08 中国人民解放军保密委员会技术安全研究所 Software automatic protection system and security card based on firmware
CN104008342A (en) * 2014-06-06 2014-08-27 山东超越数控电子有限公司 Method for achieving safe and trusted authentication through BIOS and kernel
CN104516749A (en) * 2013-09-27 2015-04-15 联想(北京)有限公司 Information processing method and electronic device
CN105373727A (en) * 2015-12-15 2016-03-02 福建实达电脑设备有限公司 Virtual device redirection based device isolation method
CN106778275A (en) * 2016-12-29 2017-05-31 北京瑞星信息技术股份有限公司 Based on safety protecting method and system and physical host under virtualized environment
US10095527B2 (en) * 2015-07-27 2018-10-09 Samsung Electronics Co., Ltd. Method for managing device and electronic device supporting the same

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100428196C (en) * 2006-12-22 2008-10-22 清华大学 Fast restore method for computer system
US10296419B1 (en) * 2015-03-27 2019-05-21 EMC IP Holding Company LLC Accessing a virtual device using a kernel
CN108427649B (en) * 2018-01-16 2020-09-15 广州杰赛科技股份有限公司 Access management method, terminal device, system and storage medium of USB interface

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477600A (en) * 2009-01-20 2009-07-08 中国人民解放军保密委员会技术安全研究所 Software automatic protection system and security card based on firmware
CN104516749A (en) * 2013-09-27 2015-04-15 联想(北京)有限公司 Information processing method and electronic device
CN104008342A (en) * 2014-06-06 2014-08-27 山东超越数控电子有限公司 Method for achieving safe and trusted authentication through BIOS and kernel
US10095527B2 (en) * 2015-07-27 2018-10-09 Samsung Electronics Co., Ltd. Method for managing device and electronic device supporting the same
CN105373727A (en) * 2015-12-15 2016-03-02 福建实达电脑设备有限公司 Virtual device redirection based device isolation method
CN106778275A (en) * 2016-12-29 2017-05-31 北京瑞星信息技术股份有限公司 Based on safety protecting method and system and physical host under virtualized environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于虚拟化的***安全增强及显卡透传研究;侯建宁;《计算机工程》;20120430;第38卷(第8期);第224-227页 *

Also Published As

Publication number Publication date
CN111125710A (en) 2020-05-08

Similar Documents

Publication Publication Date Title
US8868898B1 (en) Bootable covert communications module
US8239688B2 (en) Securely recovering a computing device
US20170061128A1 (en) Secure creation of encrypted virtual machines from encrypted templates
CN109657448B (en) Method and device for acquiring Root authority, electronic equipment and storage medium
CN107408172B (en) Securely booting a computer from a user-trusted device
CN107430669B (en) Computing system and method
KR101281678B1 (en) Method and Apparatus for authorizing host in portable storage device and providing information for authorizing host, and computer readable medium thereof
US20070180509A1 (en) Practical platform for high risk applications
US20120011354A1 (en) Boot loading of secure operating system from external device
TW201333747A (en) Secure boot administration in a unified extensible firmware interface (UEFI)-compliant computing device
US11269984B2 (en) Method and apparatus for securing user operation of and access to a computer system
EP2590100A1 (en) Method and apparatus for securing a computer
JP2004531004A (en) Security system and method for computer
WO2008085367A1 (en) Trusting an unverified code image in a computing device
CN104572093A (en) Method for realizing bi-operation system starting of terminal equipment by using USB (universal serial bus) controller
US11625480B2 (en) Mobile device with secure private memory
CN112181513B (en) Trusted measurement method based on control host system guidance of hardware board card
US10783088B2 (en) Systems and methods for providing connected anti-malware backup storage
CN111125710B (en) Information processing method and device, electronic equipment and storage medium
CN112613011A (en) USB flash disk system authentication method and device, electronic equipment and storage medium
CN108170482B (en) Information processing method and computer equipment
CN115964725A (en) Data protection method and device
US10219156B2 (en) Apparatus and method for protecting data in flash memory based on unauthorized activity on smart device
RU2748575C1 (en) Method and device for trusted computer booting with control of peripheral interfaces
RU2581552C2 (en) Method of trusted download in virtualised media

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant