Journal of Computer Applications ›› 2017, Vol. 37 ›› Issue (2): 417-421.DOI: 10.11772/j.issn.1001-9081.2017.02.0417

Previous Articles     Next Articles

Research and application for terminal location management system based on firmware

SUN Liang, CHEN Xiaochun, ZHENG Shujian, LIU Ying   

  1. ZD Technologies(Beijing) Company Limited, Beijing 100083, China
  • Received:2016-08-15 Revised:2016-09-21 Online:2017-02-10 Published:2017-02-11

基于固件的终端位置管理系统研究与应用

孙亮, 陈小春, 郑树剑, 刘赢   

  1. 中电科技(北京)有限公司, 北京 100083
  • 通讯作者: 孙亮,lsun@zd-tech.com.cn
  • 作者简介:孙亮(1980-),男,河北邯郸人,工程师,博士,主要研究方向:固件可信计算;陈小春(1980-),男,四川泸州人,高级工程师,硕士,CCF会员,主要研究方向:固件可信计算;郑树剑(1982-),天津人,工程师,硕士,主要研究方向:操作系统内核、射频识别;刘赢(1981-),北京人,工程师,主要研究方向:操作系统内核、射频识别。

Abstract: Pasting the Radio Frequency Identification (RFID) tag on the shell of computer so that to trace the location of computer in real time has been the most frequently used method for terminal location management. However, RFID tag would lose the direct control of the computer when it is out of the authorized area. Therefore, the terminal location management system based on the firmware and RFID was proposed. First of all, the authorized area was allocated by RFID radio signal. The computer was allowed to boot only if the firmware received the authorized signal of RFID on the boot stage via the interaction between the firmware and RFID tag. Secondly, the computer could function normally only if it received the signal of RFID when operation system is running. At last, the software Agent of location management would be protected by the firmware to prevent it from being altered and deleted. The scenario of the computer out of the RFID signal coverage would be caught by the software Agent of the terminal; and the terminal would then be locked and data would be destroyed. The terminal location management system prototype was deployed in the office area to control almost thirty computers so that they were used normally in authorized areas and locked immediately once out of authorized areas.

Key words: firmware, trusted computing, persistent protection, terminal location management system, Radio Frequency IDentification (RFID)

摘要: 现有的终端位置管控方法大多是在计算机外壳粘贴射频识别(RFID)标签进行实时定位。但是,一旦计算机被带离RFID信号覆盖区域,外贴的RFID标签缺乏对计算机的直接管控能力。因此,基于固件技术和RFID技术,提出和设计了基于固件的终端位置管理系统。首先,该系统通过RFID信号划定授权区域,在上电开机阶段,通过固件层实现与RFID标签的交互,仅允许终端在接收到RFID授权信号后才能开机使用;其次,在操作系统运行阶段,计算机需要得到RFID授权信号才能正常使用;再次,通过固件对操作系统中的位置管控软件进行保护,防止管控软件被篡改和删除。在计算机脱离RFID信号覆盖范围,终端中的软件代理将立即捕捉到这种情况,根据安全策略锁定终端或对数据进行销毁。目前已经研制原型系统,对办公区域内30台计算机终端进行位置管理,实现了终端仅在授权区域可正常开机使用,脱离授权区域将立即锁定。

关键词: 固件, 可信计算, 持久化守护, 终端位置管理系统, 射频识别

CLC Number: