WO2016127516A1 - File signature method for operating system, file check method, and apparatus - Google Patents
File signature method for operating system, file check method, and apparatus Download PDFInfo
- Publication number
- WO2016127516A1 WO2016127516A1 PCT/CN2015/078902 CN2015078902W WO2016127516A1 WO 2016127516 A1 WO2016127516 A1 WO 2016127516A1 CN 2015078902 W CN2015078902 W CN 2015078902W WO 2016127516 A1 WO2016127516 A1 WO 2016127516A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file
- hash value
- signature
- operating system
- policy
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Definitions
- the present invention relates to the field of smart device security technologies, and in particular, to a file signature method, a file verification method, and an apparatus of an operating system.
- the existing disk image tamper-resistant patent literature includes: "A method and apparatus for data tamper resistance” refers to determining whether the modification operation of the determined protected data by the first application program is determined by the operating system kernel according to a pre-saved security policy. For legal operation.
- the shortcoming of this method is that it is impossible to verify that the file mirror on the disk or FLASH is falsified in the non-operational state of the device.
- the implementation principle of "system startup verification method, system startup verification device and terminal”, “OPTIMIZED STARTUP VERIFICATION OF FILE SYSTEM INTEGRITY” and "system for system file integrity verification in system boot area” determines their verification method. In this case, the verification behavior can only occur during the boot start period of the device.
- the software tamper-proof verification method and apparatus refers to a verification method for comparing a file check value with a server-side check value.
- the shortcoming of this method is that there is a dependence on the network speed. When the network conditions are not good, or when the number of files to be verified is huge and the verification is frequent, the verification efficiency of the method will be very low. .
- Methods for Image File Validation in Run mentions that a file image is digitally signed to form a new file image, which can be started or started at device startup. After the timing to verify the digital signature of the file image, to achieve tamper-proof effect.
- the insufficiency of the invention is that the file mirror can only be verified as a whole, and the content of the image file cannot be selectively verified, and the current file mirror is generally large, such as several hundred megabytes, so that the verification efficiency is Very problematic.
- the technical problem to be solved at least in the embodiments of the present invention is to provide a file signature method, a file verification method, and an apparatus for an operating system, and complete verification of key files by using a signature policy file and a verification policy file to avoid all The verification of the file improves the verification efficiency.
- the embodiment of the present invention adopts the following technical solutions:
- a method for file signature of an operating system includes: acquiring an image file of an operating system; acquiring a signature policy file and a private key file; and according to the signature policy file and the private key file, The qualified files in the image file are digitally signed and encrypted to obtain a security image file.
- the obtaining an image file of the operating system includes: acquiring an operating system source file; compiling the operating system source file to generate the image file.
- the private key file is an asymmetric password private key file.
- the digitally signing and encrypting the qualified file in the image file according to the signature policy file and the private key file, and obtaining the security image file includes: obtaining a directory in the signature policy file; determining An image file corresponding to the directory in the signature policy file in the image file; the image file is signed and encrypted to obtain the security image file.
- the step of performing the signing and encryption processing on the image file includes: acquiring a first hash value corresponding to the file content of the image file corresponding to the directory in the signature policy file; Encrypting the first hash value according to the private key file, and saving the encrypted first hash value to a first attribute entry of a file attribute of the image file; acquiring the signature policy a second hash value corresponding to the file attribute of the image file corresponding to the directory in the file; encrypting the second hash value according to the private key file, and saving the encrypted second hash value
- the security image file is obtained in a second attribute entry of a file attribute of the image file.
- the file signing method further includes: obtaining an update file corresponding to the file that needs to be upgraded in the operating system; and digitally signing the update file to obtain an upgrade package.
- the digitally signing the update file to obtain an upgrade package includes: acquiring a first hash value corresponding to the file content of the update file and a second hash corresponding to the file attribute of the update file And storing the first hash value, the second hash value, the file name and the file path of the file that needs to be upgraded corresponding to the update file into the upgrade information file; and acquiring the file of the upgrade information file a hash value corresponding to the content, and encrypting the hash value according to the private key file, saving the encryption result to the upgrade information file; and packaging the update file and the upgrade information file to obtain the upgrade package.
- a file verification method of an operating system including: acquiring an image file of an operating system; acquiring a signature policy file and a private key file; and according to the signature policy file and the private key a file, digitally signing and encrypting the qualified file in the image file to obtain a security image file; obtaining a calibration policy file and a public key file; and performing the security image according to the calibration policy file and the public key file The file is verified. If the verification condition is met, the file of the operating system is considered to be secure.
- the digitally signing and encrypting the qualified file in the image file according to the signature policy file and the private key file, and obtaining the security image file includes: obtaining a directory in the signature policy file; determining An image file corresponding to the directory in the signature policy file in the image file; the image file is signed and encrypted to obtain the security image file.
- the step of performing the signing and encryption processing on the image file includes: acquiring a first hash value corresponding to the file content of the image file corresponding to the directory in the signature policy file; Encrypting the first hash value according to the private key file, and saving the encrypted first hash value to a first attribute entry of a file attribute of the image file; acquiring the signature policy a second hash value corresponding to the file attribute of the image file corresponding to the directory in the file; encrypting the second hash value according to the private key file, and saving the encrypted second hash value to the
- the security image file is obtained from the second attribute entry of the file attribute of the image file.
- the step of verifying the security image file according to the calibration policy file and the public key file, and if the verification condition is met, determining that the file security of the operating system is: acquiring the Querying a directory in the policy file; determining a security image file corresponding to the directory in the verification policy file in the security image file; and obtaining a file attribute of the security image file corresponding to the directory in the verification policy file Corresponding second hash value; decrypting, according to the public key file, a second hash value in a second attribute entry of the security image file corresponding to the directory in the calibration policy file; And the second hash value corresponding to the file attribute of the security image file corresponding to the directory in the calibration policy file is the same, according to the public key file, Decrypting the first hash value in the first attribute entry of the security image file corresponding to the directory in the policy file; obtaining a security image corresponding to the directory in the calibration policy file File File content corresponding to a first hash value; comparing by the first decrypting the key
- the file verification method further includes: obtaining an update file corresponding to the file that needs to be upgraded in the operating system; performing digital signature on the update file to obtain an upgrade package; and verifying the upgrade package, If the verification condition is met, replace the files that need to be upgraded with the files in the upgrade package.
- the digitally signing the update file to obtain an upgrade package includes: acquiring a first hash value corresponding to the file content of the update file and a second hash corresponding to the file attribute of the update file And storing the first hash value, the second hash value, the file name and the file path of the file that needs to be upgraded corresponding to the update file into the upgrade information file; and acquiring the file of the upgrade information file a hash value corresponding to the content, and encrypting the hash value according to the private key file, saving the encryption result to the upgrade information file; and packaging the update file and the upgrade information file to obtain the upgrade package.
- the verifying the upgrade package, if the verification condition is met, replacing the file to be upgraded with the file in the upgrade package includes: obtaining an upgrade information file in the upgrade package a hash value corresponding to the file content; decrypting a hash value corresponding to the file content of the upgrade information file in the upgrade package according to the public key file; comparing the hash value after decryption by the public key file Obtaining a hash value corresponding to the file content of the upgrade information file, if the same, according to the upgrade package, replacing the file corresponding to the update file in the operating system by using the update file in the upgrade package, and The first hash value and the second hash value of the update file in the upgrade information file are respectively saved into the first attribute entry and the second attribute entry of the update file.
- the obtaining an image file of the operating system includes: acquiring an operating system source file; compiling the operating system source file to generate the image file.
- a file signing apparatus of an operating system including: a first obtaining module configured to acquire an image file of an operating system; and a second obtaining module configured to obtain a signature policy file and The private key file is configured to digitally sign and encrypt the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file.
- a file verification apparatus for an operating system, including: a third acquisition module configured to acquire an image file of an operating system; and a fourth acquisition module configured to acquire a signature policy file And a private key file; the second signature module is configured to digitally sign and encrypt the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file; and the fifth obtaining module, setting To obtain the calibration policy file and the public key file, the calibration module is configured to verify the security image file according to the calibration policy file and the public key file, and if the verification condition is met, the operation is considered as System file security.
- the beneficial effects of the embodiments of the present invention include at least: the embodiment of the present invention signs the key files in the image file by using the signature policy file, avoids checking all the files, and improves the verification efficiency; in addition, directly storing the digital signature of the file In the file attribute entry of the verified file, it is very convenient to read the signature information while accessing the file after the system is started, which saves the CPU expenditure of reading the extra signature file during the verification in the general method, and the verification efficiency is greatly improved.
- the embodiment of the invention can prevent the system file from being tampered with, and can also upgrade a single file or multiple files. The upgrade mode is also verified to ensure the security problem of the system upgrade, and the security is improved under the premise of ensuring security. The user experience reduces the maintenance cost of the system upgrade.
- FIG. 1 is a schematic diagram of a file signature method of an operating system according to an embodiment of the present invention
- FIG. 2 is a schematic diagram of a file verification method of an operating system according to an embodiment of the present invention.
- FIG. 3 is a flowchart showing a practical application of a file signature method of an operating system according to an embodiment of the present invention
- FIG. 4 is a flowchart showing a practical application of a file verification method of an operating system according to an embodiment of the present invention
- FIG. 5 is a flowchart showing an actual application process of a file verification method of an operating system according to an embodiment of the present invention
- FIG. 6 is a schematic diagram of a file signature device of an operating system according to an embodiment of the present invention.
- FIG. 7 is a schematic diagram of a file verification apparatus of an operating system according to an embodiment of the present invention.
- a schematic diagram of a file signature method of an operating system includes the following steps:
- Step S100 Obtain an image file of the operating system.
- the image file of the operating system is generated by compiling the server to compile the source file.
- Step S200 Obtain a signature policy file and a private key file.
- the signature policy file is written by the user according to the specified syntax, including the name or feature of a series of files to be verified, and the file matching the file name or feature in the signature policy file is signed, and the private key file is an asymmetric password.
- the private key file is obtained by the prior art, for example, by using the RSA 1024 algorithm in a cryptographic algorithm such as openSSL, where the directory of the signature policy file contains its own file name.
- Step S300 Perform digital signature and encryption on the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file.
- the directory in the signature policy file has a file that needs to be digitally signed, and the image file is digitally signed according to the directory, and the signature is obtained by calculating a hash value corresponding to the file content of the image file, and the hash value is
- the hash value is encrypted by the private key file, and the encrypted hash value is saved to the file attribute of the image file, wherein the file attribute further includes an extended attribute.
- the first attribute item is created in the file attribute to save the encryption.
- the hash values in the first attribute entry and the second attribute entry are encrypted using different private key files.
- FIG. 2 is a schematic diagram of a file verification method of an operating system according to an embodiment of the present invention, including the following steps:
- Step S400 Obtain an image file of the operating system.
- the image file of the operating system is generated by compiling the server to compile the source file.
- Step S500 Obtain a signature policy file and a private key file.
- the signature policy file is written by the user according to the specified syntax, including the name or feature of a series of files to be verified, and the file matching the file name or feature in the signature policy file is signed, and the private key file is an asymmetric password.
- the private key file is obtained by the prior art, for example, by using the RSA 1024 algorithm in a cryptographic algorithm such as openSSL, where the directory of the signature policy file contains its own file name.
- Step S600 Perform digital signature and encryption on the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file.
- the directory in the signature policy file has a file that needs to be digitally signed, and the image file is digitally signed according to the directory, and the signature is obtained by calculating a hash value corresponding to the file content of the image file, and the hash value is
- the hash value is encrypted by the private key file, and the encrypted hash value is saved to the file attribute of the image file, wherein the file attribute further includes an extended attribute.
- the first attribute item is created in the file attribute to save the encryption.
- the hash values in the first attribute entry and the second attribute entry are encrypted using different private key files.
- Step S700 Obtain a calibration policy file and a public key file.
- the directory in the verification policy file is the same as the directory in the signature policy file, and the public key file corresponds to the private key file, and the hash value encrypted by the private key file may be decrypted.
- step S800 the security image file is verified according to the verification policy file and the public key file, and if the verification condition is met, the file of the operating system is considered to be secure.
- the directory in the verification policy file has a file to be verified, and the image file is digitally signed according to the directory, wherein the directory of the verification policy file contains its own file name, and the verification is performed by the following steps: :
- Step S810 Obtain a directory in the calibration policy file.
- Step S820 Determine a security image file corresponding to the directory in the verification policy file in the security image file.
- Step S830 Acquire a second hash value corresponding to the file attribute of the security image file corresponding to the directory in the calibration policy file.
- Step S840 Decrypt the second hash value in the second attribute entry of the security image file corresponding to the directory in the verification policy file according to the public key file.
- Step S850 Comparing the second hash value after decrypting the public key file with the second hash value corresponding to the file attribute of the security image file corresponding to the directory in the verification policy file, if the same, according to the public key file, The first hash value in the first attribute entry of the security image file corresponding to the directory in the policy file is decrypted.
- Step S860 Acquire a first hash value corresponding to the file content of the security image file corresponding to the directory in the calibration policy file.
- Step S870 Comparing the first hash value after the decryption of the public key file with the first hash value corresponding to the file content of the security image file corresponding to the directory in the verification policy file, if the same, the security image file is considered to be secure.
- the operating system in order to avoid errors during file verification, first determine the files that are changed before and after the upgrade, digitally sign the update files corresponding to the files that need to be upgraded in the operating system, and name the signature information and update files. And the path is saved to the upgrade information file, and then the hash value corresponding to the file content of the upgrade information file is calculated, the hash value is encrypted, and the encryption result is also saved to the upgrade information file. Whether the information file exists and has been tampered with. If the file is upgraded after verification, the signature information of the update file is queried according to the file name and path of the update file, and the signature information obtained by the query is saved to the file attribute of the update file.
- the embodiment of the invention can prevent the system file from being tampered with, and can also upgrade a single file or multiple files.
- the upgrade mode is also verified to ensure the security problem of the system upgrade.
- the user experience is improved under the premise of ensuring security, and the maintenance cost of the system upgrade is reduced.
- the key file in the image file is signed by the signature policy file to avoid verification of all the files, and the verification efficiency is improved; further, the digital signature of the file is directly stored in the file attribute entry of the verified file. It is very convenient to read the signature information while accessing the file after the system is started, which saves the CPU expenditure of reading the extra signature file in the general method during the verification, and the verification efficiency is greatly improved.
- a practical application flowchart of a file signature method of an operating system includes the following steps:
- Step 301 The compiled operating system image file is delivered to the file signature and injection tool.
- the compile server completes the source code compilation, and the system file partition generates the system.img image file in the ext4 format.
- the file signature and injection tool is an executable program, which is responsible for scanning all file names and attributes in the operating system image file, and comparing signatures.
- the signature condition in the policy file digitally sign the eligible file.
- Step 302 The file signature and the injection tool mount the image file, and the user creates a signature policy file and a private key file of the asymmetric password according to the requirements of the user, and submits the file to the file signature and injection tool.
- the signature policy file includes all files whose username is root.
- the private key file of the asymmetric password is a public-private key pair that generates a set of asymmetric passwords by running the openssl public method on the compile server.
- the encryption algorithm uses RSA 1024.
- Step 303 the file signature and the injection tool sequentially scan and analyze the contents of the file in the image file that is hung.
- Step 304 Whether the file name or attribute meets the conditions described in the signature policy file.
- Step 305 ignoring no processing to continue scanning the next file.
- Step 306 Calculate a hash value of the file content and encrypt it with a private key, and the encryption result is written into the first attribute entry of the attribute node corresponding to the file.
- Step 307 Calculate a hash value of all attributes including the first attribute item, encrypt it with a private key, and write the encrypted result into the second attribute item of the corresponding attribute node of the file.
- Step 308 After the file is scanned, the signature policy file is also digitally signed and saved in the file attribute entry.
- Step 309 Unmount the image file, and the image file of the original operating system has been injected and converted into a security image file.
- a flowchart of a practical application of a file verification method of an operating system includes the following steps:
- Step 401 The system is powered on, the firmware of the device, and the boot initiator are first started, and the booting of the operating system kernel is started.
- Step 402 After the kernel is started, the calibration execution tool is first run, and the calibration execution tool obtains a public key or a digital certificate file and a signature policy file from the read-only root partition of the kernel, and performs signature verification of the signature policy file.
- the proof execution tool is an executable program that can be run independently and stored in a secure read-only partition of the system. By modifying the system's init.rc file, the proof execution tool can be executed first when the system is booted. .
- Step 403 Whether the signature of the signature policy file itself is passed.
- Step 404 the verification fails, the kernel stops booting, and performs a predefined security protection behavior, such as popping a security warning on the user interface.
- Step 405 The operating system kernel runs normally, and the signed system image file and the user image file are mounted, and the system file partition of the signed operating system and the user data partition of the signed operating system are generated.
- Step 406 The calibration execution tool scans the mounted system files and all file names and file attributes in the user data partition.
- Step 407 whether the file name or file attribute meets the conditions in the proof policy file.
- Step 408 The file does not belong to the verification range, and ignores, and continues to scan the next file.
- Step 409 The digital signature saved by the second attribute entry is used to check whether the file information is falsified; the specific calibration execution tool queries the file attribute entry of the file to be checked, including the extended attribute item that may exist, if the existing The second attribute entry calculates the total hash value of the file attributes other than the second attribute entry. Compared with the hash value of the second attribute entry after the digital signature is decrypted by the public key or the digital certificate file, if the inconsistency, the file is considered to be less than the signature; if yes, the process proceeds to step 410.
- Step 410 The digital signature saved by the first attribute entry is used to check whether the file information is falsified; the specific calibration execution tool queries the file attribute entry of the file to be checked, including the extended attribute item that may exist, and whether the query exists.
- the first attribute entry if present, calculates a total hash value of the file content of the file, and compares the hash value after the digital signature in the first attribute entry is decrypted by the public key or the digital certificate file, and if not, the file is considered as a file The signing failed; if it is consistent, the file attribute information is not falsified.
- Step 411 The file verification fails at startup, and refuses to continue to execute the predefined security protection behavior, for example, a security warning pops up on the user interface.
- Step 412 the file verification is passed, the system continues to boot, and the kernel driver needs to perform real-time verification every time after opening or running the file.
- step 413 the real-time verification of the file is passed.
- Step 414 Perform a predefined security protection behavior, and the kernel may refuse to open or execute the file, or may choose to record the verification failure in the log.
- Step 415 the file is normally opened or executed.
- the flowchart of the actual application of the file verification method of the operating system provided by the embodiment of the present invention includes the following steps:
- Step 501 Compare the file list with differences before and after the upgrade to the file signature and injection tool, and sequentially scan all the files in the upgrade package.
- Step 502 Whether it belongs to a file that needs to be upgraded and signed.
- step 503 the file is ignored and the next file is scanned. Specifically, if the user re-compiles the source code of the system as needed, the files A and B in the re-compiled image are modified, and the files A and B can be detected through steps 501-503.
- Step 504 file signature and injection tool, digitally sign the file by referring to step 306 and step 307 in FIG. Specifically, the files A and B in the upgrade package are digitally signed instead of the files A and B in the original system.
- Step 505 The file signature and injection tool calculates a digital digest for the upgrade information file and encrypts the digital signature information by using a private key file of the asymmetric password, saves the signature information at the end of the upgrade information file, and then merges the upgrade information file into the system upgrade package. Repackaged in.
- Step 506 The device to be upgraded is powered on, and the firmware and the boot initiator of the device are first started, and the kernel that carries the operating system upgrade function is booted.
- Step 507 The kernel reads the system upgrade package, verifies the integrity of the upgrade package, and then searches for the upgrade information file, and verifies the digital signature of the file with the public key.
- the specific kernel with upgrade function reads the system upgrade package, verifies the integrity of the system upgrade package, and then extracts the upgrade information file from the file, obtains the digital signature information from the content of the upgrade information file, and upgrades with the public key or digital certificate file. The digital signature at the end of the information file is compared. If the upgrade information file does not exist or the license is not passed, the kernel should terminate the upgrade process, alert the user with the alarm screen, or adopt other customized security protection actions.
- Step 508 Whether the upgrade information file exists and if the verification is passed.
- Step 509 The kernel terminates the upgrade process and performs a predefined security protection behavior, such as popping a security warning on the user interface.
- Step 510 The kernel with the upgrade function expands the system upgrade package, and the file in the upgrade package is replaced with the copy of the source file on the device to be upgraded, and the upgrade operation is completed.
- the embodiment of the invention can prevent the system file from being tampered with, and can also upgrade a single file or multiple files.
- the upgrade mode is also verified to ensure the security problem of the system upgrade, and the user is improved under the premise of ensuring security.
- the experience reduces the maintenance cost of the system upgrade.
- the embodiment of the present invention further provides a schematic diagram of a file signing device of an operating system, including: a first obtaining module 61 configured to acquire an image file of an operating system; and a second obtaining module 62 configured to obtain a signature The policy file and the private key file; the first signature module 63 is configured to digitally sign and encrypt the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file.
- the device is a device corresponding to the file signature method of the operating system. All the implementation manners in the foregoing method embodiments are applicable to the device embodiment, and the same technical effects can be achieved.
- an embodiment of the present invention further provides a file verification device of an operating system, including: a third obtaining module 71 configured to acquire an image file of an operating system; and a fourth obtaining module 72 configured to acquire a signature policy file and a private key file; the second signature module 73 is configured to digitally sign and encrypt the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file; and the fifth obtaining module 74.
- the calibration module 75 is configured to verify the security image file according to the verification policy file and the public key file, and if the verification condition is met, the operating system is considered File security.
- the device is a device corresponding to the file signature method of the operating system. All the implementation manners in the foregoing method embodiments are applicable to the device embodiment, and the same technical effects can be achieved.
- the file signature method, the file verification method, and the device of the operating system have the following beneficial effects: the embodiment of the present invention signs a key file in the image file by using a signature policy file to avoid The verification of all files improves the verification efficiency; in addition, the digital signature of the file is directly stored in the file attribute entry of the verified file, and it is convenient to read the signature information while accessing the file after the system is started, saving the general In the method, the CPU cost of the extra signature file is read during the verification, and the verification efficiency is greatly improved.
- the embodiment of the invention can prevent the system file from being tampered with, and can also upgrade the single or multiple files. After verification, the security of the system upgrade is guaranteed, and the user experience is improved under the premise of ensuring security, and the maintenance cost of the system upgrade is reduced.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
A file signature method for an operating system, a file check method, and an apparatus. The file check method comprises: acquiring mirror files of an operating system (S400); acquiring a signature policy file and a private key file (S500); performing digital signature and encryption on a file matching a condition in the mirror files according to the signature policy file and the private key file, so as to obtain a secure mirror file (S600); acquiring a check signature policy file and a public key file (S700); and checking the secure mirror file according to the check signature policy file and the public key file, and if a check condition is satisfied, considering a file of the operating system secure (S800). Only a file recorded in a check signature policy file is checked, and accordingly the check efficiency is improved; a file digital signature is directly placed in a file attribute entry of a checked file, and the file is accessed and signature information is read after a system is started, and accordingly convenience is brought; a system file can be prevented being tampered with, and a single file or multiple files can be upgraded.
Description
本发明涉及智能设备安全技术领域,尤其涉及一种操作系统的文件签名方法、文件校验方法及装置。The present invention relates to the field of smart device security technologies, and in particular, to a file signature method, a file verification method, and an apparatus of an operating system.
目前的智能设置操作系统,例如安卓系统,安全事件层出不穷,其中主要的一个原因就是系统的关键文件的内容或者属性发生了被篡改。篡改的手段有两种,一种是运行时篡改,即在运行的操作系统上执行破解工具,强行修改内存或者磁盘上的指定文件。另一种是设备的操作系统在非运行的情况下进行刷机篡改,直接修改磁盘文件,此时由于设备的操作系统并没有正常运行,安全防护能力相对薄弱,给了破解者可乘之机。The current intelligent setting of operating systems, such as Android, security events emerge one after another, one of the main reasons is that the contents or attributes of the system's key files have been tampered with. There are two ways to tamper with, one is runtime tampering, that is, executing a crack tool on the running operating system, forcibly modifying the specified file in memory or on disk. The other is that the operating system of the device performs tampering in the case of non-operation, and directly modifies the disk file. At this time, since the operating system of the device is not operating normally, the security protection capability is relatively weak, which gives the cracker a chance to take advantage of it.
现有的磁盘镜像防篡改专利文献包括:《一种数据防篡改的方法及装置》提到了通过操作系统内核根据预先保存的安全策略,判断第一应用程序对确定的受保护数据的修改操作是否为合法操作。但是该方法的不足在于,无法校验设备非运行情况下,磁盘或FLASH上的文件镜像被刷写的方式进行篡改。《系统启动校验方法、系统启动校验装置和终端》、《OPTIMIZED STARTUP VERIFICATION OF FILE SYSTEM INTEGRITY》及《在系统引导区实现系统文件完整性验证的系统》的实现原理决定了他们的校验方法中,校验行为只能发生在设备启动引导时期。《软件的防篡改验证方法及装置》提到了将文件校验值和服务端校验值相比较的校验方法。但是,该方法的不足在于,对网络速度存在依赖,当网络条件不好的情况下,或者当被校验的文件数目巨大,且校验频繁的场景下,该方法的校验效率将十分低下。The existing disk image tamper-resistant patent literature includes: "A method and apparatus for data tamper resistance" refers to determining whether the modification operation of the determined protected data by the first application program is determined by the operating system kernel according to a pre-saved security policy. For legal operation. However, the shortcoming of this method is that it is impossible to verify that the file mirror on the disk or FLASH is falsified in the non-operational state of the device. The implementation principle of "system startup verification method, system startup verification device and terminal", "OPTIMIZED STARTUP VERIFICATION OF FILE SYSTEM INTEGRITY" and "system for system file integrity verification in system boot area" determines their verification method. In this case, the verification behavior can only occur during the boot start period of the device. The software tamper-proof verification method and apparatus refers to a verification method for comparing a file check value with a server-side check value. However, the shortcoming of this method is that there is a dependence on the network speed. When the network conditions are not good, or when the number of files to be verified is huge and the verification is frequent, the verification efficiency of the method will be very low. .
《INTELLIGENT MOBILE TERMINAL AND DATA PROCESSING METHOD THEREFOR》引入了签名库和过滤模块,对所有处理器访问的文件,都用签名库进行签名核对,签名库存放在隐藏分区内,一旦被访问文件签名不存在或者签名不正确,都通过过滤模块先做CPU对该文件的访问。该发明的不足之处在于存在明显的性能的问题,一般操作系统的文件系统文件数量非常巨大,如果每个都有一个签名存放在签名库中,将额外消耗较大的空间,而且,对系统的每个文件都进行签名校验,会严重拖慢操作系统引导启动的速度,降低用户体验。《运行中映像文件验证的方法》提到了将文件镜像通过数字签名后形成一个新的文件镜像,从而可以在设备启动时或者启动
后定时去校验文件镜像的数字签名,从而达到防篡改的效果。该发明的不足之处在于,只能对文件镜像整体进行校验,无法对镜像文件的内容有选择的校验,而目前的文件镜像一般都较大,比如几百兆,这样校验效率就很成问题。"INTELLIGENT MOBILE TERMINAL AND DATA PROCESSING METHOD THEREFOR" introduces a signature library and a filtering module. The files accessed by all processors are signed and signed by the signature library. The signature inventory is placed in the hidden partition, and the signature of the accessed file does not exist or If the signature is incorrect, the CPU will first access the file through the filter module. The insufficiency of the invention lies in the obvious performance problem. Generally, the number of file system files of the operating system is very large, and if each has a signature stored in the signature library, it will consume a large space, and the system is Each file is verified by signature, which will seriously slow down the booting of the operating system and reduce the user experience. "Methods for Image File Validation in Run" mentions that a file image is digitally signed to form a new file image, which can be started or started at device startup.
After the timing to verify the digital signature of the file image, to achieve tamper-proof effect. The insufficiency of the invention is that the file mirror can only be verified as a whole, and the content of the image file cannot be selectively verified, and the current file mirror is generally large, such as several hundred megabytes, so that the verification efficiency is Very problematic.
发明内容Summary of the invention
本发明实施例至少所要解决的技术问题在于,提供了一种操作系统的文件签名方法、文件校验方法及装置,通过签名策略文件和校签策略文件,完成对关键文件校验,避免对全部文件的校验,提高了校验效率。The technical problem to be solved at least in the embodiments of the present invention is to provide a file signature method, a file verification method, and an apparatus for an operating system, and complete verification of key files by using a signature policy file and a verification policy file to avoid all The verification of the file improves the verification efficiency.
为了至少解决上述技术问题,本发明实施例采用如下技术方案:In order to solve at least the above technical problem, the embodiment of the present invention adopts the following technical solutions:
依据本发明实施例的一个实施例,提供了一种操作系统的文件签名方法包括:获取操作系统的镜像文件;获取签名策略文件和私钥文件;根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件。According to an embodiment of the present invention, a method for file signature of an operating system includes: acquiring an image file of an operating system; acquiring a signature policy file and a private key file; and according to the signature policy file and the private key file, The qualified files in the image file are digitally signed and encrypted to obtain a security image file.
可选的,所述获取操作系统的镜像文件包括:获取操作系统源文件;对操作系统源文件进行编译,生成所述镜像文件。Optionally, the obtaining an image file of the operating system includes: acquiring an operating system source file; compiling the operating system source file to generate the image file.
可选的,所述私钥文件为非对称密码私钥文件。Optionally, the private key file is an asymmetric password private key file.
可选的,所述根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件包括:获取所述签名策略文件中的目录;确定所述镜像文件中与所述签名策略文件中的目录对应的镜像文件;对所述镜像文件进行签名和加密处理,得到所述安全镜像文件。Optionally, the digitally signing and encrypting the qualified file in the image file according to the signature policy file and the private key file, and obtaining the security image file includes: obtaining a directory in the signature policy file; determining An image file corresponding to the directory in the signature policy file in the image file; the image file is signed and encrypted to obtain the security image file.
可选的,对所述镜像文件进行签名和加密处理,得到所述安全镜像文件的步骤包括:获取与所述签名策略文件中的目录对应的镜像文件的文件内容对应的第一哈希值;根据所述私钥文件,对所述第一哈希值进行加密,并将加密后的第一哈希值保存至所述镜像文件的文件属性的第一属性条目中;获取与所述签名策略文件中的目录对应的镜像文件的文件属性对应的第二哈希值;根据所述私钥文件,对所述第二哈希值进行加密,并将加密后的所述第二哈希值保存至所述镜像文件的文件属性的第二属性条目中,得到所述安全镜像文件。Optionally, the step of performing the signing and encryption processing on the image file, the step of obtaining the security image file includes: acquiring a first hash value corresponding to the file content of the image file corresponding to the directory in the signature policy file; Encrypting the first hash value according to the private key file, and saving the encrypted first hash value to a first attribute entry of a file attribute of the image file; acquiring the signature policy a second hash value corresponding to the file attribute of the image file corresponding to the directory in the file; encrypting the second hash value according to the private key file, and saving the encrypted second hash value The security image file is obtained in a second attribute entry of a file attribute of the image file.
可选的,所述文件签名方法还包括:获取与操作系统中需要升级的文件对应的更新文件;对所述更新文件进行数字签名,得到一升级包。
Optionally, the file signing method further includes: obtaining an update file corresponding to the file that needs to be upgraded in the operating system; and digitally signing the update file to obtain an upgrade package.
可选的,所述对所述更新文件进行数字签名,得到一升级包包括:获取与所述更新文件的文件内容对应的第一哈希值和所述更新文件的文件属性对应的第二哈希值;将所述第一哈希值、第二哈希值、与所述更新文件对应的需要升级的文件的文件名称和文件路径保存至升级信息文件中;获取所述升级信息文件的文件内容对应的哈希值,并根据所述私钥文件将该哈希值加密,将加密结果保存至所述升级信息文件中;将所述更新文件和升级信息文件打包,得到所述升级包。Optionally, the digitally signing the update file to obtain an upgrade package includes: acquiring a first hash value corresponding to the file content of the update file and a second hash corresponding to the file attribute of the update file And storing the first hash value, the second hash value, the file name and the file path of the file that needs to be upgraded corresponding to the update file into the upgrade information file; and acquiring the file of the upgrade information file a hash value corresponding to the content, and encrypting the hash value according to the private key file, saving the encryption result to the upgrade information file; and packaging the update file and the upgrade information file to obtain the upgrade package.
依据本发明实施例的又一个实施例,提供了一种操作系统的文件校验方法,包括:获取操作系统的镜像文件;获取签名策略文件和私钥文件;根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件;获取校签策略文件和公钥文件;根据所述校签策略文件和公钥文件,对所述安全镜像文件进行校验,若符合校验条件,则认为所述操作系统的文件安全。According to still another embodiment of the present invention, a file verification method of an operating system is provided, including: acquiring an image file of an operating system; acquiring a signature policy file and a private key file; and according to the signature policy file and the private key a file, digitally signing and encrypting the qualified file in the image file to obtain a security image file; obtaining a calibration policy file and a public key file; and performing the security image according to the calibration policy file and the public key file The file is verified. If the verification condition is met, the file of the operating system is considered to be secure.
可选的,所述根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件包括:获取所述签名策略文件中的目录;确定所述镜像文件中与所述签名策略文件中的目录对应的镜像文件;对所述镜像文件进行签名和加密处理,得到所述安全镜像文件。Optionally, the digitally signing and encrypting the qualified file in the image file according to the signature policy file and the private key file, and obtaining the security image file includes: obtaining a directory in the signature policy file; determining An image file corresponding to the directory in the signature policy file in the image file; the image file is signed and encrypted to obtain the security image file.
可选的,对所述镜像文件进行签名和加密处理,得到所述安全镜像文件的步骤包括:获取与所述签名策略文件中的目录对应的镜像文件的文件内容对应的第一哈希值;根据所述私钥文件,对所述第一哈希值进行加密,并将加密后的第一哈希值保存至所述镜像文件的文件属性的第一属性条目中;获取与所述签名策略文件中的目录对应的镜像文件的文件属性对应的第二哈希值;根据所述私钥文件,对所述第二哈希值进行加密,并将加密后的第二哈希值保存至所述镜像文件的文件属性的第二属性条目中,得到所述安全镜像文件。Optionally, the step of performing the signing and encryption processing on the image file, the step of obtaining the security image file includes: acquiring a first hash value corresponding to the file content of the image file corresponding to the directory in the signature policy file; Encrypting the first hash value according to the private key file, and saving the encrypted first hash value to a first attribute entry of a file attribute of the image file; acquiring the signature policy a second hash value corresponding to the file attribute of the image file corresponding to the directory in the file; encrypting the second hash value according to the private key file, and saving the encrypted second hash value to the The security image file is obtained from the second attribute entry of the file attribute of the image file.
可选的,所述根据所述校签策略文件和公钥文件,对所述安全镜像文件进行校验,若符合校验条件,则认为所述操作系统的文件安全的步骤包括:获取所述校签策略文件中的目录;确定所述安全镜像文件中与所述校签策略文件中的目录对应的安全镜像文件;获取与所述校签策略文件中的目录对应的安全镜像文件的文件属性对应的第二哈希值;根据所述公钥文件,对所述校签策略文件中的目录对应的安全镜像文件的第二属性条目中的第二哈希值进行解密;比较经所述公钥文件解密后的第二哈希值与所述校签策略文件中的目录对应的安全镜像文件的文件属性对应的第二哈希值,若相同,则根据所述公钥文件,对所述校签策略文件中的目录对应的安全镜像文件的第一属性条目中的第一哈希值进行解密;获取与所述校签策略文件中的目录对应的安全镜像文件的文件内容对应的第一哈希值;比较经所述公钥文件解密后的第一哈希值与所述校
签策略文件中的目录对应的安全镜像文件的文件内容对应的第一哈希值,若相同,则认为所述操作系统的文件安全。Optionally, the step of verifying the security image file according to the calibration policy file and the public key file, and if the verification condition is met, determining that the file security of the operating system is: acquiring the Querying a directory in the policy file; determining a security image file corresponding to the directory in the verification policy file in the security image file; and obtaining a file attribute of the security image file corresponding to the directory in the verification policy file Corresponding second hash value; decrypting, according to the public key file, a second hash value in a second attribute entry of the security image file corresponding to the directory in the calibration policy file; And the second hash value corresponding to the file attribute of the security image file corresponding to the directory in the calibration policy file is the same, according to the public key file, Decrypting the first hash value in the first attribute entry of the security image file corresponding to the directory in the policy file; obtaining a security image corresponding to the directory in the calibration policy file File content corresponding to a first hash value; comparing by the first decrypting the key file with the hash value correction
If the first hash value corresponding to the file content of the security image file corresponding to the directory in the policy file is the same, the file of the operating system is considered to be secure.
可选的,所述文件校验方法还包括:获取与操作系统中需要升级的文件对应的更新文件;对所述更新文件进行数字签名,得到一升级包;对所述升级包进行校验,若符合校验条件,则将需要升级的文件替换为所述升级包中的文件。Optionally, the file verification method further includes: obtaining an update file corresponding to the file that needs to be upgraded in the operating system; performing digital signature on the update file to obtain an upgrade package; and verifying the upgrade package, If the verification condition is met, replace the files that need to be upgraded with the files in the upgrade package.
可选的,所述对所述更新文件进行数字签名,得到一升级包包括:获取与所述更新文件的文件内容对应的第一哈希值和所述更新文件的文件属性对应的第二哈希值;将所述第一哈希值、第二哈希值、与所述更新文件对应的需要升级的文件的文件名称和文件路径保存至升级信息文件中;获取所述升级信息文件的文件内容对应的哈希值,并根据所述私钥文件将该哈希值加密,将加密结果保存至所述升级信息文件中;将所述更新文件和升级信息文件打包,得到所述升级包。Optionally, the digitally signing the update file to obtain an upgrade package includes: acquiring a first hash value corresponding to the file content of the update file and a second hash corresponding to the file attribute of the update file And storing the first hash value, the second hash value, the file name and the file path of the file that needs to be upgraded corresponding to the update file into the upgrade information file; and acquiring the file of the upgrade information file a hash value corresponding to the content, and encrypting the hash value according to the private key file, saving the encryption result to the upgrade information file; and packaging the update file and the upgrade information file to obtain the upgrade package.
可选的,所述对所述升级包进行校验,若符合校验条件,则将需要升级的文件替换为所述升级包中的文件包括:获取与所述升级包中的升级信息文件的文件内容对应的哈希值;根据所述公钥文件,对所述升级包中的升级信息文件的文件内容对应的哈希值进行解密;比较经所述公钥文件解密后的哈希值与获取的所述升级信息文件的文件内容对应的哈希值,若相同,根据所述升级包,利用所述升级包中的更新文件替换操作系统中与所述更新文件对应的文件,并将所述升级信息文件中的该更新文件的第一哈希值和第二哈希值分别保存至该更新文件的第一属性条目和第二属性条目中。Optionally, the verifying the upgrade package, if the verification condition is met, replacing the file to be upgraded with the file in the upgrade package includes: obtaining an upgrade information file in the upgrade package a hash value corresponding to the file content; decrypting a hash value corresponding to the file content of the upgrade information file in the upgrade package according to the public key file; comparing the hash value after decryption by the public key file Obtaining a hash value corresponding to the file content of the upgrade information file, if the same, according to the upgrade package, replacing the file corresponding to the update file in the operating system by using the update file in the upgrade package, and The first hash value and the second hash value of the update file in the upgrade information file are respectively saved into the first attribute entry and the second attribute entry of the update file.
可选的,所述获取操作系统的镜像文件包括:获取操作系统源文件;对操作系统源文件进行编译,生成所述镜像文件。Optionally, the obtaining an image file of the operating system includes: acquiring an operating system source file; compiling the operating system source file to generate the image file.
依据本发明实施例的又一个实施例,提供了一种操作系统的文件签名装置,包括:第一获取模块,设置为获取操作系统的镜像文件;第二获取模块,设置为获取签名策略文件和私钥文件;第一签名模块,设置为根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件。According to still another embodiment of the present invention, a file signing apparatus of an operating system is provided, including: a first obtaining module configured to acquire an image file of an operating system; and a second obtaining module configured to obtain a signature policy file and The private key file is configured to digitally sign and encrypt the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file.
依据本发明实施例的又一个实施例,提供了一种操作系统的文件校验装置,包括:第三获取模块,设置为获取操作系统的镜像文件;第四获取模块,设置为获取签名策略文件和私钥文件;第二签名模块,设置为根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件;第五获取模块,设置为获取校签策略文件和公钥文件;校签模块,设置为根据所述校签策略文件和公钥文件,对所述安全镜像文件进行校验,若符合校验条件,则认为所述操作系统的文件安全。
According to still another embodiment of the present invention, a file verification apparatus for an operating system is provided, including: a third acquisition module configured to acquire an image file of an operating system; and a fourth acquisition module configured to acquire a signature policy file And a private key file; the second signature module is configured to digitally sign and encrypt the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file; and the fifth obtaining module, setting To obtain the calibration policy file and the public key file, the calibration module is configured to verify the security image file according to the calibration policy file and the public key file, and if the verification condition is met, the operation is considered as System file security.
本发明实施例的有益效果至少包括:本发明实施例通过签名策略文件对镜像文件中的关键文件进行签名,避免对全部文件的校验,提高了校验效率;此外,将文件数字签名直接存放在被校验文件的文件属性条目内,系统启动后访问文件的同时去读取签名信息十分方便,节省了一般方法里在校签时去读取额外签名文件的CPU开支,校验效率大大提升;本发明实施例既能防止系统文件被篡改,同时也可以对单个或者多个文件进行升级,该升级方式同样经过校验,保证了系统升级的安全问题,而且在保证安全的前提下提高了用户的体验,降低了系统升级的维护成本。The beneficial effects of the embodiments of the present invention include at least: the embodiment of the present invention signs the key files in the image file by using the signature policy file, avoids checking all the files, and improves the verification efficiency; in addition, directly storing the digital signature of the file In the file attribute entry of the verified file, it is very convenient to read the signature information while accessing the file after the system is started, which saves the CPU expenditure of reading the extra signature file during the verification in the general method, and the verification efficiency is greatly improved. The embodiment of the invention can prevent the system file from being tampered with, and can also upgrade a single file or multiple files. The upgrade mode is also verified to ensure the security problem of the system upgrade, and the security is improved under the premise of ensuring security. The user experience reduces the maintenance cost of the system upgrade.
图1表示本发明实施例提供的操作系统的文件签名方法示意图;1 is a schematic diagram of a file signature method of an operating system according to an embodiment of the present invention;
图2表示本发明实施例提供的操作系统的文件校验方法示意图;2 is a schematic diagram of a file verification method of an operating system according to an embodiment of the present invention;
图3表示本发明实施例提供的操作系统的文件签名方法的实际应用流程图;FIG. 3 is a flowchart showing a practical application of a file signature method of an operating system according to an embodiment of the present invention;
图4表示本发明实施例提供的操作系统的文件校验方法实际应用流程图;4 is a flowchart showing a practical application of a file verification method of an operating system according to an embodiment of the present invention;
图5表示本发明实施例提供的操作系统的文件校验方法在系统升级时的实际应用流程图;FIG. 5 is a flowchart showing an actual application process of a file verification method of an operating system according to an embodiment of the present invention;
图6表示本发明实施例提供的操作系统的文件签名装置示意图;FIG. 6 is a schematic diagram of a file signature device of an operating system according to an embodiment of the present invention;
图7表示本发明实施例提供的操作系统的文件校验装置示意图。FIG. 7 is a schematic diagram of a file verification apparatus of an operating system according to an embodiment of the present invention.
为使本发明的目的、技术方案和优点更加清楚,下面将结合附图及具体实施例对本发明进行详细描述。The present invention will be described in detail below with reference to the drawings and specific embodiments.
如图1所示,为本发明实施例提供的操作系统的文件签名方法示意图,包括以下步骤:As shown in FIG. 1 , a schematic diagram of a file signature method of an operating system according to an embodiment of the present invention includes the following steps:
步骤S100、获取操作系统的镜像文件。Step S100: Obtain an image file of the operating system.
这里,操作系统的镜像文件通过编译服务器编译源文件生成。Here, the image file of the operating system is generated by compiling the server to compile the source file.
步骤S200、获取签名策略文件和私钥文件。
Step S200: Obtain a signature policy file and a private key file.
这里,签名策略文件由用户按照指定语法编写,其中,包括需要校验的一系列文件的名称或者特征,对符合签名策略文件中的文件名称或者特征的文件进行签名,私钥文件为非对称密码私钥文件,通过现有技术得到,例如利用openSSL等密码学算法中的RSA 1024算法产生,其中,签名策略文件的目录中包含有自身的文件名。Here, the signature policy file is written by the user according to the specified syntax, including the name or feature of a series of files to be verified, and the file matching the file name or feature in the signature policy file is signed, and the private key file is an asymmetric password. The private key file is obtained by the prior art, for example, by using the RSA 1024 algorithm in a cryptographic algorithm such as openSSL, where the directory of the signature policy file contains its own file name.
步骤S300、根据签名策略文件和私钥文件,对镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件。Step S300: Perform digital signature and encryption on the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file.
这里,签名策略文件中的目录中有需要进行数字签名的文件,按该目录对镜像文件进行数字签名,签名的方式是通过计算将该镜像文件的文件内容对应的哈希值,并将该哈希值通过私钥文件加密,将加密后的哈希值保存至该镜像文件的文件属性中,其中,文件属性还包括扩展属性,具体的,在文件属性中创建第一属性条目,来保存加密后的哈希值;计算该镜像文件的所有文件属性对应的哈希值,并将该哈希值通过私钥文件加密,将加密后的哈希值保存至该镜像文件的第二属性条目中,较佳的,第一属性条目和第二属性条目中的哈希值采用不同的私钥文件进行加密。Here, the directory in the signature policy file has a file that needs to be digitally signed, and the image file is digitally signed according to the directory, and the signature is obtained by calculating a hash value corresponding to the file content of the image file, and the hash value is The hash value is encrypted by the private key file, and the encrypted hash value is saved to the file attribute of the image file, wherein the file attribute further includes an extended attribute. Specifically, the first attribute item is created in the file attribute to save the encryption. After the hash value; calculate the hash value corresponding to all the file attributes of the image file, and encrypt the hash value through the private key file, and save the encrypted hash value to the second attribute entry of the image file. Preferably, the hash values in the first attribute entry and the second attribute entry are encrypted using different private key files.
操作系统升级时,为避免文件校验时发生错误,先确定升级前后变化的文件,对与操作系统中需要升级的文件对应的更新文件进行数字签名,其中,数字签名的方法与签名策略文件的目录中的文件进行数字签名的方法相同,在此不再赘述。When the operating system is upgraded, in order to avoid errors during file verification, first determine the files that are changed before and after the upgrade, and digitally sign the update files corresponding to the files that need to be upgraded in the operating system, where the digital signature method and the signature policy file are The methods for digitally signing files in the directory are the same and will not be described here.
如图2所示,为本发明实施例提供的操作系统的文件校验方法的示意图,包括以下步骤:FIG. 2 is a schematic diagram of a file verification method of an operating system according to an embodiment of the present invention, including the following steps:
步骤S400、获取操作系统的镜像文件。Step S400: Obtain an image file of the operating system.
这里,操作系统的镜像文件通过编译服务器编译源文件生成。Here, the image file of the operating system is generated by compiling the server to compile the source file.
步骤S500、获取签名策略文件和私钥文件。Step S500: Obtain a signature policy file and a private key file.
这里,签名策略文件由用户按照指定语法编写,其中,包括需要校验的一系列文件的名称或者特征,对符合签名策略文件中的文件名称或者特征的文件进行签名,私钥文件为非对称密码私钥文件,通过现有技术得到,例如利用openSSL等密码学算法中的RSA 1024算法产生,其中,签名策略文件的目录中包含有自身的文件名。Here, the signature policy file is written by the user according to the specified syntax, including the name or feature of a series of files to be verified, and the file matching the file name or feature in the signature policy file is signed, and the private key file is an asymmetric password. The private key file is obtained by the prior art, for example, by using the RSA 1024 algorithm in a cryptographic algorithm such as openSSL, where the directory of the signature policy file contains its own file name.
步骤S600、根据签名策略文件和私钥文件,对镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件。
Step S600: Perform digital signature and encryption on the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file.
这里,签名策略文件中的目录中有需要进行数字签名的文件,按该目录对镜像文件进行数字签名,签名的方式是通过计算将该镜像文件的文件内容对应的哈希值,并将该哈希值通过私钥文件加密,将加密后的哈希值保存至该镜像文件的文件属性中,其中,文件属性还包括扩展属性,具体的,在文件属性中创建第一属性条目,来保存加密后的哈希值;计算该镜像文件的所有文件属性对应的哈希值,并将该哈希值通过私钥文件加密,将加密后的哈希值保存至该镜像文件的第二属性条目中,较佳的,第一属性条目和第二属性条目中的哈希值采用不同的私钥文件进行加密。Here, the directory in the signature policy file has a file that needs to be digitally signed, and the image file is digitally signed according to the directory, and the signature is obtained by calculating a hash value corresponding to the file content of the image file, and the hash value is The hash value is encrypted by the private key file, and the encrypted hash value is saved to the file attribute of the image file, wherein the file attribute further includes an extended attribute. Specifically, the first attribute item is created in the file attribute to save the encryption. After the hash value; calculate the hash value corresponding to all the file attributes of the image file, and encrypt the hash value through the private key file, and save the encrypted hash value to the second attribute entry of the image file. Preferably, the hash values in the first attribute entry and the second attribute entry are encrypted using different private key files.
步骤S700、获取校签策略文件和公钥文件。Step S700: Obtain a calibration policy file and a public key file.
这里,校签策略文件中的目录与签名策略文件中的目录相同,该公钥文件与上述私钥文件相对应,可以对上述私钥文件加密的哈希值进行解密。Here, the directory in the verification policy file is the same as the directory in the signature policy file, and the public key file corresponds to the private key file, and the hash value encrypted by the private key file may be decrypted.
步骤S800、根据校签策略文件和公钥文件,对安全镜像文件进行校验,若符合校验条件,则认为操作系统的文件安全。In step S800, the security image file is verified according to the verification policy file and the public key file, and if the verification condition is met, the file of the operating system is considered to be secure.
这里,校签策略文件中的目录中有需要进行校验的文件,按该目录对镜像文件进行数字签名,其中,校签策略文件的目录中包含有自身的文件名,通过以下步骤进行校验:Here, the directory in the verification policy file has a file to be verified, and the image file is digitally signed according to the directory, wherein the directory of the verification policy file contains its own file name, and the verification is performed by the following steps: :
步骤S810、获取校签策略文件中的目录。Step S810: Obtain a directory in the calibration policy file.
步骤S820、确定安全镜像文件中与校签策略文件中的目录对应的安全镜像文件。Step S820: Determine a security image file corresponding to the directory in the verification policy file in the security image file.
步骤S830、获取与校签策略文件中的目录对应的安全镜像文件的文件属性对应的第二哈希值。Step S830: Acquire a second hash value corresponding to the file attribute of the security image file corresponding to the directory in the calibration policy file.
步骤S840、根据公钥文件,对校签策略文件中的目录对应的安全镜像文件的第二属性条目中的第二哈希值进行解密。Step S840: Decrypt the second hash value in the second attribute entry of the security image file corresponding to the directory in the verification policy file according to the public key file.
步骤S850、比较经公钥文件解密后的第二哈希值与校签策略文件中的目录对应的安全镜像文件的文件属性对应的第二哈希值,若相同,则根据公钥文件,对校签策略文件中的目录对应的安全镜像文件的第一属性条目中的第一哈希值进行解密。Step S850: Comparing the second hash value after decrypting the public key file with the second hash value corresponding to the file attribute of the security image file corresponding to the directory in the verification policy file, if the same, according to the public key file, The first hash value in the first attribute entry of the security image file corresponding to the directory in the policy file is decrypted.
步骤S860、获取与校签策略文件中的目录对应的安全镜像文件的文件内容对应的第一哈希值。Step S860: Acquire a first hash value corresponding to the file content of the security image file corresponding to the directory in the calibration policy file.
步骤S870、比较经公钥文件解密后的第一哈希值与校签策略文件中的目录对应的安全镜像文件的文件内容对应的第一哈希值,若相同,则认为安全镜像文件安全。
Step S870: Comparing the first hash value after the decryption of the public key file with the first hash value corresponding to the file content of the security image file corresponding to the directory in the verification policy file, if the same, the security image file is considered to be secure.
这里,操作系统升级时,为避免文件校验时发生错误,先确定升级前后变化的文件,对与操作系统中需要升级的文件对应的更新文件进行数字签名,并将签名信息、更新文件的名称和路径保存至升级信息文件中,然后计算升级信息文件的文件内容对应的哈希值,将该哈希值加密并将加密结果同样保存至升级信息文件中,校验时,只需校验升级信息文件是否存在并且是否被篡改,若通过校验,将文件升级以后,根据更新文件的文件名称和路径查询该更新文件的签名信息,将查询得到的签名信息保存至更新文件的文件属性中。本发明实施例既能防止系统文件被篡改,同时也可以对单个或者多个文件进行升级,该升级方式同样经过校验,保证了系统升级的安全问题。而且在保证安全的前提下提高了用户的体验,降低了系统升级的维护成本。Here, when the operating system is upgraded, in order to avoid errors during file verification, first determine the files that are changed before and after the upgrade, digitally sign the update files corresponding to the files that need to be upgraded in the operating system, and name the signature information and update files. And the path is saved to the upgrade information file, and then the hash value corresponding to the file content of the upgrade information file is calculated, the hash value is encrypted, and the encryption result is also saved to the upgrade information file. Whether the information file exists and has been tampered with. If the file is upgraded after verification, the signature information of the update file is queried according to the file name and path of the update file, and the signature information obtained by the query is saved to the file attribute of the update file. The embodiment of the invention can prevent the system file from being tampered with, and can also upgrade a single file or multiple files. The upgrade mode is also verified to ensure the security problem of the system upgrade. Moreover, the user experience is improved under the premise of ensuring security, and the maintenance cost of the system upgrade is reduced.
本发明实施例通过签名策略文件对镜像文件中的关键文件进行签名,避免对全部文件的校验,提高了校验效率;进一步,将文件数字签名直接存放在被校验文件的文件属性条目内,系统启动后访问文件的同时去读取签名信息十分方便,节省了一般方法里在校签时去读取额外签名文件的CPU开支,校验效率大大提升。In the embodiment of the present invention, the key file in the image file is signed by the signature policy file to avoid verification of all the files, and the verification efficiency is improved; further, the digital signature of the file is directly stored in the file attribute entry of the verified file. It is very convenient to read the signature information while accessing the file after the system is started, which saves the CPU expenditure of reading the extra signature file in the general method during the verification, and the verification efficiency is greatly improved.
如图3所示,为本发明实施例提供的操作系统的文件签名方法的实际应用流程图,包括以下步骤:As shown in FIG. 3, a practical application flowchart of a file signature method of an operating system according to an embodiment of the present invention includes the following steps:
步骤301、编译完成的操作系统镜像文件交给文件签名及注入工具。具体的,编译服务器完成源码编译,将系统文件分区生成ext4格式的system.img镜像文件,文件签名及注入工具是一个可执行程序,负责扫描操作系统镜像文件里的所有文件名和属性,同时对比签名策略文件里的签名条件,将符合条件的文件进行数字签名。Step 301: The compiled operating system image file is delivered to the file signature and injection tool. Specifically, the compile server completes the source code compilation, and the system file partition generates the system.img image file in the ext4 format. The file signature and injection tool is an executable program, which is responsible for scanning all file names and attributes in the operating system image file, and comparing signatures. The signature condition in the policy file, digitally sign the eligible file.
步骤302、文件签名及注入工具挂载该镜像文件,用户按照自身的要求,创建签名策略文件和非对称密码的私钥文件,并交给文件签名及注入工具。具体的,签名策略文件包括用户名为root的所有文件,非对称密码的私钥文件是运行编译服务器上的openssl公共方法生成一组非对称密码的公私钥对,加密算法采用RSA 1024。Step 302: The file signature and the injection tool mount the image file, and the user creates a signature policy file and a private key file of the asymmetric password according to the requirements of the user, and submits the file to the file signature and injection tool. Specifically, the signature policy file includes all files whose username is root. The private key file of the asymmetric password is a public-private key pair that generates a set of asymmetric passwords by running the openssl public method on the compile server. The encryption algorithm uses RSA 1024.
步骤303、文件签名及注入工具依次扫描分析挂在后的镜像文件里的文件内容。Step 303, the file signature and the injection tool sequentially scan and analyze the contents of the file in the image file that is hung.
步骤304、文件名或者属性是否符合签名策略文件描述的条件。Step 304: Whether the file name or attribute meets the conditions described in the signature policy file.
步骤305、忽略不做处理继续扫描下一个文件。Step 305, ignoring no processing to continue scanning the next file.
步骤306、计算文件内容的哈希值并用私钥加密,加密结果写入文件对应属性节点的第一属性条目内。
Step 306: Calculate a hash value of the file content and encrypt it with a private key, and the encryption result is written into the first attribute entry of the attribute node corresponding to the file.
步骤307、计算包括第一属性条目在内的所有属性的哈希值,用私钥加密,加密结果写入文件对应属性节点的第二属性条目内。Step 307: Calculate a hash value of all attributes including the first attribute item, encrypt it with a private key, and write the encrypted result into the second attribute item of the corresponding attribute node of the file.
步骤308、文件扫描完毕后,对签名策略文件也进行数字签名并保存在文件属性条目中。Step 308: After the file is scanned, the signature policy file is also digitally signed and saved in the file attribute entry.
步骤309、撤销镜像文件的挂载,原操作系统的镜像文件已被签名注入转换为安全镜像文件。Step 309: Unmount the image file, and the image file of the original operating system has been injected and converted into a security image file.
如图4所示,为本发明实施例提供的操作系统的文件校验方法实际应用流程图,包括以下步骤:As shown in FIG. 4, a flowchart of a practical application of a file verification method of an operating system according to an embodiment of the present invention includes the following steps:
步骤401、系统上电,设备的固件及引导启动器首先启动,开始引导操作系统内核启动。Step 401: The system is powered on, the firmware of the device, and the boot initiator are first started, and the booting of the operating system kernel is started.
步骤402、内核启动后首先运行校签执行工具,校签执行工具从内核的只读根分区里获取公钥或数字证书文件和签名策略文件,进行签名策略文件的签名检查。具体的,校签执行工具是一个可执行程序,可以独立运行,存储于系统的安全只读分区,通过修改系统的init.rc文件,让校签执行工具能在系统启动时第一个被执行。Step 402: After the kernel is started, the calibration execution tool is first run, and the calibration execution tool obtains a public key or a digital certificate file and a signature policy file from the read-only root partition of the kernel, and performs signature verification of the signature policy file. Specifically, the proof execution tool is an executable program that can be run independently and stored in a secure read-only partition of the system. By modifying the system's init.rc file, the proof execution tool can be executed first when the system is booted. .
步骤403、签名策略文件自身的签名是否通过。Step 403: Whether the signature of the signature policy file itself is passed.
步骤404、校验失败,内核停止引导,执行事先定义的安全保护行为,例如在用户界面弹出安全警告。Step 404, the verification fails, the kernel stops booting, and performs a predefined security protection behavior, such as popping a security warning on the user interface.
步骤405、操作系统内核正常引导运行,挂载签名过的系统镜像文件和用户镜像文件,产生经过签名的操作系统的系统文件分区和经过签名的操作系统的用户数据分区。Step 405: The operating system kernel runs normally, and the signed system image file and the user image file are mounted, and the system file partition of the signed operating system and the user data partition of the signed operating system are generated.
步骤406、校签执行工具扫描挂载后的系统文件和用户数据分区里的所有文件名和文件属性。Step 406: The calibration execution tool scans the mounted system files and all file names and file attributes in the user data partition.
步骤407、文件名或者文件属性是否符合校签策略文件里的条件。 Step 407, whether the file name or file attribute meets the conditions in the proof policy file.
步骤408、文件不属于校验范围,忽略,继续扫描下一个文件。Step 408: The file does not belong to the verification range, and ignores, and continues to scan the next file.
步骤409、采用的第二属性条目保存的数字签名校验其文件信息是否发生篡改;具体的校签执行工具查询待较签文件的文件属性条目,包括可能存在的扩展属性条目,若存在的第二属性条目,则计算除了第二属性条目以外的其他文件属性的总哈希值,
与第二属性条目里数字签名经过公钥或数字证书文件解密后的哈希值进行对比,如果不一致则认为文件较签失败;如果一致则继续步骤410。Step 409: The digital signature saved by the second attribute entry is used to check whether the file information is falsified; the specific calibration execution tool queries the file attribute entry of the file to be checked, including the extended attribute item that may exist, if the existing The second attribute entry calculates the total hash value of the file attributes other than the second attribute entry.
Compared with the hash value of the second attribute entry after the digital signature is decrypted by the public key or the digital certificate file, if the inconsistency, the file is considered to be less than the signature; if yes, the process proceeds to step 410.
步骤410、采用的第一属性条目保存的数字签名校验其文件信息是否发生篡改;具体的校签执行工具查询待较签文件的文件属性条目,包括可能存在的扩展属性条目,查询是否存在的第一属性条目,如果存在,则计算该文件的文件内容的总哈希值,与第一属性条目里数字签名经过公钥或数字证书文件解密后的哈希值进行对比,如果不一致则认为文件较签失败;如果一致则认为文件属性信息没有被篡改。Step 410: The digital signature saved by the first attribute entry is used to check whether the file information is falsified; the specific calibration execution tool queries the file attribute entry of the file to be checked, including the extended attribute item that may exist, and whether the query exists. The first attribute entry, if present, calculates a total hash value of the file content of the file, and compares the hash value after the digital signature in the first attribute entry is decrypted by the public key or the digital certificate file, and if not, the file is considered as a file The signing failed; if it is consistent, the file attribute information is not falsified.
步骤411、启动时文件校验失败,拒绝继续启动执行事先定义的安全保护行为,例如在用户界面弹出安全警告。Step 411: The file verification fails at startup, and refuses to continue to execute the predefined security protection behavior, for example, a security warning pops up on the user interface.
步骤412、文件校验通过,系统继续引导运行,内核驱动后续每次打开或者运行文件之前,都需进行实时校验。 Step 412, the file verification is passed, the system continues to boot, and the kernel driver needs to perform real-time verification every time after opening or running the file.
步骤413、文件实时校验是否通过。In step 413, the real-time verification of the file is passed.
步骤414、执行事先定义的安全保护行为,内核可以拒绝该文件被打开或者执行,也可以选择将校验失败记录在日志中。Step 414: Perform a predefined security protection behavior, and the kernel may refuse to open or execute the file, or may choose to record the verification failure in the log.
步骤415、文件被正常打开或者执行。 Step 415, the file is normally opened or executed.
如图5所示,为本发明实施例提供的操作系统的文件校验方法在系统升级时的实际应用流程图,包括以下步骤:As shown in FIG. 5, the flowchart of the actual application of the file verification method of the operating system provided by the embodiment of the present invention includes the following steps:
步骤501、对比升级前后存在差异的文件列表交给文件签名及注入工具,依次扫描升级包内所有文件。Step 501: Compare the file list with differences before and after the upgrade to the file signature and injection tool, and sequentially scan all the files in the upgrade package.
步骤502、是否属于需升级和签名的文件。Step 502: Whether it belongs to a file that needs to be upgraded and signed.
步骤503、忽略该文件,继续扫描下一个文件。具体的,若用户按需修改系统的源代码重新编译,重新编译后的镜像中文件A和文件B都发生了修改,通过步骤501-503可检测出文件A和文件B。In step 503, the file is ignored and the next file is scanned. Specifically, if the user re-compiles the source code of the system as needed, the files A and B in the re-compiled image are modified, and the files A and B can be detected through steps 501-503.
步骤504、文件签名及注入工具参照图3中步骤306和步骤307,对该文件进行数字签名。具体的,对升级包中的文件A和文件B进行数字签名,而非原系统中的文件A和文件B。
Step 504, file signature and injection tool, digitally sign the file by referring to step 306 and step 307 in FIG. Specifically, the files A and B in the upgrade package are digitally signed instead of the files A and B in the original system.
步骤505、文件签名及注入工具对升级信息文件计算数字摘要并用非对称密码的私钥文件加密生成数字签名信息,将签名信息保存在升级信息文件的末尾,之后将升级信息文件合并到系统升级包中重新打包。Step 505: The file signature and injection tool calculates a digital digest for the upgrade information file and encrypts the digital signature information by using a private key file of the asymmetric password, saves the signature information at the end of the upgrade information file, and then merges the upgrade information file into the system upgrade package. Repackaged in.
步骤506、待升级设备上电,设备的固件及引导启动器首先启动,引导携带操作系统升级功能的内核启动。Step 506: The device to be upgraded is powered on, and the firmware and the boot initiator of the device are first started, and the kernel that carries the operating system upgrade function is booted.
步骤507、内核读取系统升级包,验证升级包完整性,之后从中查找提取升级信息文件,用公钥校验该文件的数字签名。具体的具有升级功能的内核读取系统升级包,验证系统升级包的完整性,之后从中查找提取升级信息文件,并从升级信息文件内容中获取数字签名信息,采用公钥或数字证书文件对升级信息文件末尾的数字签名进行较签。如果升级信息文件不存在,或者较签不通过,内核都应当终止升级过程,用告警画面提示用户、或采用其他自定义的安全保护行为。Step 507: The kernel reads the system upgrade package, verifies the integrity of the upgrade package, and then searches for the upgrade information file, and verifies the digital signature of the file with the public key. The specific kernel with upgrade function reads the system upgrade package, verifies the integrity of the system upgrade package, and then extracts the upgrade information file from the file, obtains the digital signature information from the content of the upgrade information file, and upgrades with the public key or digital certificate file. The digital signature at the end of the information file is compared. If the upgrade information file does not exist or the license is not passed, the kernel should terminate the upgrade process, alert the user with the alarm screen, or adopt other customized security protection actions.
步骤508、升级信息文件是否存在和若存在校验是否通过。Step 508: Whether the upgrade information file exists and if the verification is passed.
步骤509、内核终止升级过程,执行事先定义的安全保护行为,例如在用户界面弹出安全警告。Step 509: The kernel terminates the upgrade process and performs a predefined security protection behavior, such as popping a security warning on the user interface.
步骤510、具有升级功能的内核展开系统升级包,实施升级包内文件在待升级设备上的拷贝替换源文件,完成升级操作。Step 510: The kernel with the upgrade function expands the system upgrade package, and the file in the upgrade package is replaced with the copy of the source file on the device to be upgraded, and the upgrade operation is completed.
本发明实施例既能防止系统文件被篡改,同时也可以对单个或者多个文件进行升级,该升级方式同样经过校验,保证了系统升级的安全问题,而且在保证安全的前提下提高了用户的体验,降低了系统升级的维护成本。The embodiment of the invention can prevent the system file from being tampered with, and can also upgrade a single file or multiple files. The upgrade mode is also verified to ensure the security problem of the system upgrade, and the user is improved under the premise of ensuring security. The experience reduces the maintenance cost of the system upgrade.
如图6所示,本发明实施例还提供了一种操作系统的文件签名装置示意图,包括:第一获取模块61,设置为获取操作系统的镜像文件;第二获取模块62,设置为获取签名策略文件和私钥文件;第一签名模块63,设置为根据签名策略文件和私钥文件,对镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件。As shown in FIG. 6, the embodiment of the present invention further provides a schematic diagram of a file signing device of an operating system, including: a first obtaining module 61 configured to acquire an image file of an operating system; and a second obtaining module 62 configured to obtain a signature The policy file and the private key file; the first signature module 63 is configured to digitally sign and encrypt the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file.
需要说明的是,该装置是与上述操作系统的文件签名方法对应的装置,上述方法实施例中所有实现方式均适用于该装置的实施例中,也能达到相同的技术效果。It should be noted that the device is a device corresponding to the file signature method of the operating system. All the implementation manners in the foregoing method embodiments are applicable to the device embodiment, and the same technical effects can be achieved.
如图7所示,本发明实施例还提供了一种操作系统的文件校验装置示意图,包括:第三获取模块71,设置为获取操作系统的镜像文件;第四获取模块72,设置为获取签名策略文件和私钥文件;第二签名模块73,设置为根据签名策略文件和私钥文件,对镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件;第五获取模块
74,设置为获取校签策略文件和公钥文件;校签模块75,设置为根据校签策略文件和公钥文件,对安全镜像文件进行校验,若符合校验条件,则认为操作系统的文件安全。As shown in FIG. 7 , an embodiment of the present invention further provides a file verification device of an operating system, including: a third obtaining module 71 configured to acquire an image file of an operating system; and a fourth obtaining module 72 configured to acquire a signature policy file and a private key file; the second signature module 73 is configured to digitally sign and encrypt the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file; and the fifth obtaining module
74. Set to obtain the calibration policy file and the public key file; the calibration module 75 is configured to verify the security image file according to the verification policy file and the public key file, and if the verification condition is met, the operating system is considered File security.
需要说明的是,该装置是与上述操作系统的文件签名方法对应的装置,上述方法实施例中所有实现方式均适用于该装置的实施例中,也能达到相同的技术效果。It should be noted that the device is a device corresponding to the file signature method of the operating system. All the implementation manners in the foregoing method embodiments are applicable to the device embodiment, and the same technical effects can be achieved.
以上的是本发明的优选实施方式,应当指出对于本技术领域的普通人员来说,在不脱离本发明的原理前提下还可以作出若干改进和润饰,这些改进和润饰也在本发明的保护范围内。The above is a preferred embodiment of the present invention, and it should be noted that those skilled in the art can also make several improvements and refinements without departing from the principles of the present invention. These improvements and refinements are also within the scope of the present invention. Inside.
如上所述,本发明实施例提供的一种操作系统的文件签名方法、文件校验方法及装置,具有以下有益效果:本发明实施例通过签名策略文件对镜像文件中的关键文件进行签名,避免对全部文件的校验,提高了校验效率;此外,将文件数字签名直接存放在被校验文件的文件属性条目内,系统启动后访问文件的同时去读取签名信息十分方便,节省了一般方法里在校签时去读取额外签名文件的CPU开支,校验效率大大提升;本发明实施例既能防止系统文件被篡改,同时也可以对单个或者多个文件进行升级,该升级方式同样经过校验,保证了系统升级的安全问题,而且在保证安全的前提下提高了用户的体验,降低了系统升级的维护成本。
As described above, the file signature method, the file verification method, and the device of the operating system provided by the embodiments of the present invention have the following beneficial effects: the embodiment of the present invention signs a key file in the image file by using a signature policy file to avoid The verification of all files improves the verification efficiency; in addition, the digital signature of the file is directly stored in the file attribute entry of the verified file, and it is convenient to read the signature information while accessing the file after the system is started, saving the general In the method, the CPU cost of the extra signature file is read during the verification, and the verification efficiency is greatly improved. The embodiment of the invention can prevent the system file from being tampered with, and can also upgrade the single or multiple files. After verification, the security of the system upgrade is guaranteed, and the user experience is improved under the premise of ensuring security, and the maintenance cost of the system upgrade is reduced.
Claims (17)
- 一种操作系统的文件签名方法,包括:A file signing method for an operating system, including:获取操作系统的镜像文件;Obtain an image file of the operating system;获取签名策略文件和私钥文件;Obtain a signature policy file and a private key file;根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件。And performing, according to the signature policy file and the private key file, digitally signing and encrypting the qualified file in the image file to obtain a security image file.
- 如权利要求1所述的文件签名方法,其中,所述获取操作系统的镜像文件包括:The file signing method of claim 1, wherein the obtaining an image file of the operating system comprises:获取操作系统源文件;Obtain the operating system source file;对操作系统源文件进行编译,生成所述镜像文件。The operating system source file is compiled to generate the image file.
- 如权利要求1所述的文件签名方法,其中,所述私钥文件为非对称密码私钥文件。The file signing method of claim 1, wherein the private key file is an asymmetric cipher private key file.
- 如权利要求1所述的文件签名方法,其中,所述根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件包括:The file signing method according to claim 1, wherein the digitally signing and encrypting the qualified file in the image file according to the signature policy file and the private key file, and obtaining the security image file includes:获取所述签名策略文件中的目录;Obtaining a directory in the signature policy file;确定所述镜像文件中与所述签名策略文件中的目录对应的镜像文件;Determining, in the image file, an image file corresponding to the directory in the signature policy file;对所述镜像文件进行签名和加密处理,得到所述安全镜像文件。The image file is signed and encrypted to obtain the security image file.
- 如权利要求4所述的文件签名方法,其中,对所述镜像文件进行签名和加密处理,得到所述安全镜像文件的步骤包括:The file signing method according to claim 4, wherein the step of signing and encrypting the image file to obtain the security image file comprises:获取与所述签名策略文件中的目录对应的镜像文件的文件内容对应的第一哈希值;Obtaining a first hash value corresponding to the file content of the image file corresponding to the directory in the signature policy file;根据所述私钥文件,对所述第一哈希值进行加密,并将加密后的第一哈希值保存至所述镜像文件的文件属性的第一属性条目中;Encrypting the first hash value according to the private key file, and saving the encrypted first hash value to a first attribute entry of a file attribute of the image file;获取与所述签名策略文件中的目录对应的镜像文件的文件属性对应的第二哈希值; Obtaining a second hash value corresponding to a file attribute of the image file corresponding to the directory in the signature policy file;根据所述私钥文件,对所述第二哈希值进行加密,并将加密后的所述第二哈希值保存至所述镜像文件的文件属性的第二属性条目中,得到所述安全镜像文件。Encrypting the second hash value according to the private key file, and saving the encrypted second hash value to a second attribute entry of a file attribute of the image file to obtain the security Image file.
- 如权利要求1所述的文件签名方法,其中,所述文件签名方法还包括:The file signing method according to claim 1, wherein the file signing method further comprises:获取与操作系统中需要升级的文件对应的更新文件;Obtain an update file corresponding to the file that needs to be upgraded in the operating system;对所述更新文件进行数字签名,得到一升级包。The update file is digitally signed to obtain an upgrade package.
- 如权利要求6所述的文件签名方法,其中,所述对所述更新文件进行数字签名,得到一升级包包括:The file signing method according to claim 6, wherein the digitally signing the update file to obtain an upgrade package comprises:获取与所述更新文件的文件内容对应的第一哈希值和所述更新文件的文件属性对应的第二哈希值;Obtaining a first hash value corresponding to the file content of the update file and a second hash value corresponding to the file attribute of the update file;将所述第一哈希值、第二哈希值、与所述更新文件对应的需要升级的文件的文件名称和文件路径保存至升级信息文件中;Saving the first hash value, the second hash value, the file name and the file path of the file to be upgraded corresponding to the update file into the upgrade information file;获取所述升级信息文件的文件内容对应的哈希值,并根据所述私钥文件将该哈希值加密,将加密结果保存至所述升级信息文件中;Obtaining a hash value corresponding to the file content of the upgrade information file, and encrypting the hash value according to the private key file, and saving the encryption result to the upgrade information file;将所述更新文件和升级信息文件打包,得到所述升级包。The update file and the upgrade information file are packaged to obtain the upgrade package.
- 一种操作系统的文件校验方法,包括:An operating system file verification method includes:获取操作系统的镜像文件;Obtain an image file of the operating system;获取签名策略文件和私钥文件;Obtain a signature policy file and a private key file;根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件;Performing a digital signature and encryption on the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file;获取校签策略文件和公钥文件;Obtain the proofing strategy file and the public key file;根据所述校签策略文件和公钥文件,对所述安全镜像文件进行校验,若符合校验条件,则认为所述操作系统的文件安全。The security image file is verified according to the verification policy file and the public key file, and if the verification condition is met, the file of the operating system is considered to be secure.
- 如权利要求8所述的文件校验方法,其中,所述根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件包括:The file verification method according to claim 8, wherein the digitally signing and encrypting the qualified file in the image file according to the signature policy file and the private key file, and obtaining the security image file includes:获取所述签名策略文件中的目录;Obtaining a directory in the signature policy file;确定所述镜像文件中与所述签名策略文件中的目录对应的镜像文件; Determining, in the image file, an image file corresponding to the directory in the signature policy file;对所述镜像文件进行签名和加密处理,得到所述安全镜像文件。The image file is signed and encrypted to obtain the security image file.
- 如权利要求9所述的文件校验方法,其中,对所述镜像文件进行签名和加密处理,得到所述安全镜像文件的步骤包括:The file verification method according to claim 9, wherein the step of signing and encrypting the image file to obtain the security image file comprises:获取与所述签名策略文件中的目录对应的镜像文件的文件内容对应的第一哈希值;Obtaining a first hash value corresponding to the file content of the image file corresponding to the directory in the signature policy file;根据所述私钥文件,对所述第一哈希值进行加密,并将加密后的第一哈希值保存至所述镜像文件的文件属性的第一属性条目中;Encrypting the first hash value according to the private key file, and saving the encrypted first hash value to a first attribute entry of a file attribute of the image file;获取与所述签名策略文件中的目录对应的镜像文件的文件属性对应的第二哈希值;Obtaining a second hash value corresponding to a file attribute of the image file corresponding to the directory in the signature policy file;根据所述私钥文件,对所述第二哈希值进行加密,并将加密后的第二哈希值保存至所述镜像文件的文件属性的第二属性条目中,得到所述安全镜像文件。Encrypting the second hash value according to the private key file, and saving the encrypted second hash value to a second attribute entry of a file attribute of the image file to obtain the security image file .
- 如权利要求10所述的文件校验方法,其中,所述根据所述校签策略文件和公钥文件,对所述安全镜像文件进行校验,若符合校验条件,则认为所述操作系统的文件安全的步骤包括:The file verification method according to claim 10, wherein the security image file is verified according to the calibration policy file and the public key file, and if the verification condition is met, the operating system is considered The steps for file security include:获取所述校签策略文件中的目录;Obtaining a directory in the proof policy file;确定所述安全镜像文件中与所述校签策略文件中的目录对应的安全镜像文件;Determining, in the security image file, a security image file corresponding to the directory in the calibration policy file;获取与所述校签策略文件中的目录对应的安全镜像文件的文件属性对应的第二哈希值;Obtaining a second hash value corresponding to a file attribute of the security image file corresponding to the directory in the calibration policy file;根据所述公钥文件,对所述校签策略文件中的目录对应的安全镜像文件的第二属性条目中的第二哈希值进行解密;Decrypting the second hash value in the second attribute entry of the security image file corresponding to the directory in the calibration policy file according to the public key file;比较经所述公钥文件解密后的第二哈希值与所述校签策略文件中的目录对应的安全镜像文件的文件属性对应的第二哈希值,若相同,则根据所述公钥文件,对所述校签策略文件中的目录对应的安全镜像文件的第一属性条目中的第一哈希值进行解密;And comparing, according to the second hash value that is decrypted by the public key file, a second hash value corresponding to a file attribute of the security image file corresponding to the directory in the calibration policy file, if the same, according to the public key a file, where the first hash value in the first attribute entry of the security image file corresponding to the directory in the calibration policy file is decrypted;获取与所述校签策略文件中的目录对应的安全镜像文件的文件内容对应的第一哈希值;Obtaining a first hash value corresponding to the file content of the security image file corresponding to the directory in the calibration policy file;比较经所述公钥文件解密后的第一哈希值与所述校签策略文件中的目录对应的安全镜像文件的文件内容对应的第一哈希值,若相同,则认为所述操作系统的文件安全。 Comparing, by the first hash value after the decryption of the public key file, the first hash value corresponding to the file content of the security image file corresponding to the directory in the calibration policy file, if the same, the operating system is considered File security.
- 如权利要求8所述的文件校验方法,其中,所述文件校验方法还包括:The file verification method according to claim 8, wherein the file verification method further comprises:获取与操作系统中需要升级的文件对应的更新文件;Obtain an update file corresponding to the file that needs to be upgraded in the operating system;对所述更新文件进行数字签名,得到一升级包;Digitally signing the update file to obtain an upgrade package;对所述升级包进行校验,若符合校验条件,则将需要升级的文件替换为所述升级包中的文件。The upgrade package is verified. If the verification condition is met, the file to be upgraded is replaced with the file in the upgrade package.
- 如权利要求12所述的文件校验方法,其中,所述对所述更新文件进行数字签名,得到一升级包包括:The file verification method according to claim 12, wherein said digitally signing said update file to obtain an upgrade package comprises:获取与所述更新文件的文件内容对应的第一哈希值和所述更新文件的文件属性对应的第二哈希值;Obtaining a first hash value corresponding to the file content of the update file and a second hash value corresponding to the file attribute of the update file;将所述第一哈希值、第二哈希值、与所述更新文件对应的需要升级的文件的文件名称和文件路径保存至升级信息文件中;Saving the first hash value, the second hash value, the file name and the file path of the file to be upgraded corresponding to the update file into the upgrade information file;获取所述升级信息文件的文件内容对应的哈希值,并根据所述私钥文件将该哈希值加密,将加密结果保存至所述升级信息文件中;Obtaining a hash value corresponding to the file content of the upgrade information file, and encrypting the hash value according to the private key file, and saving the encryption result to the upgrade information file;将所述更新文件和升级信息文件打包,得到所述升级包。The update file and the upgrade information file are packaged to obtain the upgrade package.
- 如权利要求13所述的文件校验方法,其中,所述对所述升级包进行校验,若符合校验条件,则将需要升级的文件替换为所述升级包中的文件包括:The file verification method according to claim 13, wherein the verifying the upgrade package, if the verification condition is met, replacing the file to be upgraded with the file in the upgrade package includes:获取与所述升级包中的升级信息文件的文件内容对应的哈希值;Obtaining a hash value corresponding to the file content of the upgrade information file in the upgrade package;根据所述公钥文件,对所述升级包中的升级信息文件的文件内容对应的哈希值进行解密;Decrypting a hash value corresponding to the file content of the upgrade information file in the upgrade package according to the public key file;比较经所述公钥文件解密后的哈希值与获取的所述升级信息文件的文件内容对应的哈希值,若相同,根据所述升级包,利用所述升级包中的更新文件替换操作系统中与所述更新文件对应的文件,并将所述升级信息文件中的该更新文件的第一哈希值和第二哈希值分别保存至该更新文件的第一属性条目和第二属性条目中。Comparing the hash value after the decrypted by the public key file with the obtained hash value of the file content of the upgrade information file, if the same, according to the upgrade package, replacing the operation by using the update file in the upgrade package a file corresponding to the update file in the system, and saving the first hash value and the second hash value of the update file in the upgrade information file to the first attribute item and the second attribute of the update file, respectively In the entry.
- 如权利要求8所述的文件校验方法,其中,所述获取操作系统的镜像文件包括:The file verification method according to claim 8, wherein the obtaining an image file of the operating system comprises:获取操作系统源文件;Obtain the operating system source file;对操作系统源文件进行编译,生成所述镜像文件。The operating system source file is compiled to generate the image file.
- 一种操作系统的文件签名装置,包括: A file signing device for an operating system, comprising:第一获取模块,设置为获取操作系统的镜像文件;The first obtaining module is configured to obtain an image file of the operating system;第二获取模块,设置为获取签名策略文件和私钥文件;a second obtaining module, configured to obtain a signature policy file and a private key file;第一签名模块,设置为根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件。The first signature module is configured to digitally sign and encrypt the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file.
- 一种操作系统的文件校验装置,包括:A file verification device for an operating system, comprising:第三获取模块,设置为获取操作系统的镜像文件;The third obtaining module is configured to obtain an image file of the operating system;第四获取模块,设置为获取签名策略文件和私钥文件;a fourth obtaining module, configured to obtain a signature policy file and a private key file;第二签名模块,设置为根据所述签名策略文件和私钥文件,对所述镜像文件中符合条件的文件进行数字签名和加密,得到安全镜像文件;The second signature module is configured to digitally sign and encrypt the qualified file in the image file according to the signature policy file and the private key file to obtain a security image file;第五获取模块,设置为获取校签策略文件和公钥文件;The fifth obtaining module is configured to obtain the calibration policy file and the public key file;校签模块,设置为根据所述校签策略文件和公钥文件,对所述安全镜像文件进行校验,若符合校验条件,则认为所述操作系统的文件安全。 The verification module is configured to verify the security image file according to the verification policy file and the public key file, and if the verification condition is met, the file of the operating system is considered to be secure.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510079120.X | 2015-02-13 | ||
CN201510079120.XA CN105989306B (en) | 2015-02-13 | 2015-02-13 | File signature method and device and file verification method and device for operating system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016127516A1 true WO2016127516A1 (en) | 2016-08-18 |
Family
ID=56615403
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/078902 WO2016127516A1 (en) | 2015-02-13 | 2015-05-13 | File signature method for operating system, file check method, and apparatus |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105989306B (en) |
WO (1) | WO2016127516A1 (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106548092A (en) * | 2016-10-31 | 2017-03-29 | 杭州嘉楠耘智信息科技有限公司 | File processing method and device |
CN110704852A (en) * | 2019-09-26 | 2020-01-17 | 江苏方天电力技术有限公司 | Encryption system for RTOS system program image file |
CN111045704A (en) * | 2019-11-22 | 2020-04-21 | 林洋能源科技(上海)有限公司 | Method and equipment for safely upgrading high-end AMI (advanced metering infrastructure) acquisition and analysis equipment of smart grid |
CN111245616A (en) * | 2020-03-10 | 2020-06-05 | 北京百度网讯科技有限公司 | Authentication method, device, equipment and storage medium for network communication |
CN112257058A (en) * | 2020-10-12 | 2021-01-22 | 麒麟软件有限公司 | Trusted computing verification method and system for operating system |
CN112328279A (en) * | 2020-11-02 | 2021-02-05 | 宁波和利时信息安全研究院有限公司 | System firmware file upgrading method, device and system |
CN112817621A (en) * | 2021-01-22 | 2021-05-18 | 浪潮电子信息产业股份有限公司 | BIOS firmware refreshing method and device and related components |
CN113037494A (en) * | 2021-03-02 | 2021-06-25 | 福州汇思博信息技术有限公司 | Burning image file signature method and terminal |
CN113296873A (en) * | 2020-05-15 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Mirror image construction method and device, terminal equipment and computer storage medium |
CN113391880A (en) * | 2021-06-21 | 2021-09-14 | 西安超越申泰信息科技有限公司 | Trusted mirror image transmission method for layered double hash verification |
CN114547620A (en) * | 2022-01-11 | 2022-05-27 | 瑞芯微电子股份有限公司 | Signature firmware upgrading method, device and computer readable medium |
CN115941208A (en) * | 2022-12-28 | 2023-04-07 | 广州文远知行科技有限公司 | Method, system, equipment and medium for transmitting vehicle-end file |
CN117390702A (en) * | 2023-12-11 | 2024-01-12 | 厦门天锐科技股份有限公司 | Split type driving and shell adding method and device, electronic equipment and storage medium |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106569865B (en) * | 2016-11-14 | 2020-04-10 | 青岛海信移动通信技术股份有限公司 | Method and device for manufacturing system upgrade file of terminal |
CN108427888A (en) * | 2017-02-15 | 2018-08-21 | 阿里巴巴集团控股有限公司 | File signature method, file verification method and corresponding intrument and equipment |
WO2019075622A1 (en) | 2017-10-16 | 2019-04-25 | 华为技术有限公司 | Security element and related device |
CN108762788B (en) * | 2018-05-31 | 2023-07-28 | 杭州吉吉知识产权运营有限公司 | Method and system for encrypting firmware of embedded equipment based on server |
CN109766134A (en) * | 2019-01-08 | 2019-05-17 | 四川虹微技术有限公司 | System start method, device, electronic equipment and storage medium |
CN111158728B (en) * | 2019-12-31 | 2024-02-02 | 深圳市潮流网络技术有限公司 | Firmware upgrading method, firmware starting method and device |
CN111241536A (en) * | 2020-01-10 | 2020-06-05 | 杭州涂鸦信息技术有限公司 | Method and system for loading production test image and preventing illegal swiping |
CN111680298B (en) * | 2020-04-29 | 2023-10-27 | 杭州涂鸦信息技术有限公司 | Safe starting method of embedded system and device with storage function |
CN112817644A (en) * | 2021-01-20 | 2021-05-18 | 浪潮电子信息产业股份有限公司 | Virtual CD driver generation method, device and computer readable storage medium |
CN113157286A (en) * | 2021-04-20 | 2021-07-23 | 深圳市优必选科技股份有限公司 | System upgrading method and device |
CN114594912A (en) * | 2022-03-14 | 2022-06-07 | 中国第一汽车股份有限公司 | Information protection method, device, equipment and medium for vehicle instrument system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6189100B1 (en) * | 1998-06-30 | 2001-02-13 | Microsoft Corporation | Ensuring the integrity of remote boot client data |
CN102025744A (en) * | 2010-12-20 | 2011-04-20 | 北京世纪互联工程技术服务有限公司 | Import and export system of virtual machine image in cloud computing |
CN103250163A (en) * | 2010-12-09 | 2013-08-14 | 国际商业机器公司 | Computer-readable storage mediums for encrypting and decrypting a virtual disc |
CN103761329A (en) * | 2014-02-08 | 2014-04-30 | 广东欧珀移动通信有限公司 | Method and device for flashing mobile device |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7802110B2 (en) * | 2004-08-25 | 2010-09-21 | Microsoft Corporation | System and method for secure execution of program code |
US8254568B2 (en) * | 2007-01-07 | 2012-08-28 | Apple Inc. | Secure booting a computing device |
CN101149773A (en) * | 2007-08-27 | 2008-03-26 | 中国人民解放军空军电子技术研究所 | Software real name authentication system and its safe checking method |
CN102572595A (en) * | 2012-02-03 | 2012-07-11 | 深圳市同洲电子股份有限公司 | IPTV upgrade package structure, upgrading method and startup calibration method |
CN104156659B (en) * | 2014-08-14 | 2017-02-01 | 电子科技大学 | Embedded system secure start method |
-
2015
- 2015-02-13 CN CN201510079120.XA patent/CN105989306B/en active Active
- 2015-05-13 WO PCT/CN2015/078902 patent/WO2016127516A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6189100B1 (en) * | 1998-06-30 | 2001-02-13 | Microsoft Corporation | Ensuring the integrity of remote boot client data |
CN103250163A (en) * | 2010-12-09 | 2013-08-14 | 国际商业机器公司 | Computer-readable storage mediums for encrypting and decrypting a virtual disc |
CN102025744A (en) * | 2010-12-20 | 2011-04-20 | 北京世纪互联工程技术服务有限公司 | Import and export system of virtual machine image in cloud computing |
CN103761329A (en) * | 2014-02-08 | 2014-04-30 | 广东欧珀移动通信有限公司 | Method and device for flashing mobile device |
Cited By (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106548092B (en) * | 2016-10-31 | 2019-07-16 | 杭州嘉楠耘智信息科技有限公司 | File processing method and device |
CN106548092A (en) * | 2016-10-31 | 2017-03-29 | 杭州嘉楠耘智信息科技有限公司 | File processing method and device |
CN110704852B (en) * | 2019-09-26 | 2021-06-08 | 江苏方天电力技术有限公司 | Encryption system for RTOS system program image file |
CN110704852A (en) * | 2019-09-26 | 2020-01-17 | 江苏方天电力技术有限公司 | Encryption system for RTOS system program image file |
CN111045704A (en) * | 2019-11-22 | 2020-04-21 | 林洋能源科技(上海)有限公司 | Method and equipment for safely upgrading high-end AMI (advanced metering infrastructure) acquisition and analysis equipment of smart grid |
CN111045704B (en) * | 2019-11-22 | 2024-05-24 | 林洋能源科技(上海)有限公司 | Method and equipment for safety upgrading of intelligent power network high-end AMI acquisition and analysis equipment |
CN111245616A (en) * | 2020-03-10 | 2020-06-05 | 北京百度网讯科技有限公司 | Authentication method, device, equipment and storage medium for network communication |
CN113296873A (en) * | 2020-05-15 | 2021-08-24 | 阿里巴巴集团控股有限公司 | Mirror image construction method and device, terminal equipment and computer storage medium |
CN112257058A (en) * | 2020-10-12 | 2021-01-22 | 麒麟软件有限公司 | Trusted computing verification method and system for operating system |
CN112328279B (en) * | 2020-11-02 | 2023-04-14 | 宁波和利时信息安全研究院有限公司 | System firmware file upgrading method, device and system |
CN112328279A (en) * | 2020-11-02 | 2021-02-05 | 宁波和利时信息安全研究院有限公司 | System firmware file upgrading method, device and system |
CN112817621A (en) * | 2021-01-22 | 2021-05-18 | 浪潮电子信息产业股份有限公司 | BIOS firmware refreshing method and device and related components |
CN113037494A (en) * | 2021-03-02 | 2021-06-25 | 福州汇思博信息技术有限公司 | Burning image file signature method and terminal |
CN113037494B (en) * | 2021-03-02 | 2023-05-23 | 福州汇思博信息技术有限公司 | Burning piece mirror image file signature method and terminal |
CN113391880A (en) * | 2021-06-21 | 2021-09-14 | 西安超越申泰信息科技有限公司 | Trusted mirror image transmission method for layered double hash verification |
CN114547620A (en) * | 2022-01-11 | 2022-05-27 | 瑞芯微电子股份有限公司 | Signature firmware upgrading method, device and computer readable medium |
CN115941208A (en) * | 2022-12-28 | 2023-04-07 | 广州文远知行科技有限公司 | Method, system, equipment and medium for transmitting vehicle-end file |
CN115941208B (en) * | 2022-12-28 | 2024-04-02 | 广州文远知行科技有限公司 | Method, system, equipment and medium for transmitting vehicle-end file |
CN117390702A (en) * | 2023-12-11 | 2024-01-12 | 厦门天锐科技股份有限公司 | Split type driving and shell adding method and device, electronic equipment and storage medium |
CN117390702B (en) * | 2023-12-11 | 2024-03-15 | 厦门天锐科技股份有限公司 | Split type driving and shell adding method and device, electronic equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN105989306B (en) | 2020-04-28 |
CN105989306A (en) | 2016-10-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2016127516A1 (en) | File signature method for operating system, file check method, and apparatus | |
US20200272739A1 (en) | Performing an action based on a pre-boot measurement of a firmware image | |
US8127146B2 (en) | Transparent trust validation of an unknown platform | |
US10685122B2 (en) | Portable executable and non-portable executable boot file security | |
JP6595822B2 (en) | Information processing apparatus and control method thereof | |
CN109710315B (en) | BIOS (basic input output System) flash writing method and BIOS mirror image file processing method | |
US7257707B2 (en) | Manifest-based trusted agent management in a trusted operating system environment | |
US20050021968A1 (en) | Method for performing a trusted firmware/bios update | |
US7159240B2 (en) | Operating system upgrades in a trusted operating system environment | |
US20140150096A1 (en) | Method for assuring integrity of mobile applications and apparatus using the method | |
US20110246778A1 (en) | Providing security mechanisms for virtual machine images | |
US20110167503A1 (en) | Tpm-based license activation and validation | |
US7962952B2 (en) | Information processing apparatus that executes program and program control method for executing program | |
US20140245450A1 (en) | System and method for patching a device through exploitation | |
CN112800429B (en) | Method for protecting driver in UEFI BIOS firmware system based on basicity | |
TW201500960A (en) | Detection of secure variable alteration in a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware | |
JP2023512428A (en) | Using hardware enclaves to protect commercial off-the-shelf program binaries from theft | |
US11966461B2 (en) | Virtual environment type validation for policy enforcement | |
CN105718807A (en) | Android system based on software TCM and trusted software stack and trusted authentication system and method thereof | |
JP2017538217A (en) | Method and device for providing application integrity verification | |
CN108345805B (en) | Method and device for verifying firmware | |
CN114661540A (en) | Measuring container | |
US9665711B1 (en) | Managing and classifying states | |
CN114816549A (en) | Method and system for protecting bootloader and environment variable thereof | |
RU2812867C1 (en) | Protecting binary files of typical commercial programs from piracy using hardware enclaves |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15881677 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15881677 Country of ref document: EP Kind code of ref document: A1 |