TWI512535B - Encryption and decryption method for operating system kernel - Google Patents

作業系統核心加密及其解密方法Operating system core encryption and its decryption method

一種加密及其解密方法，尤其是指一種作業系統核心加密及其解密方法。A method for encrypting and decrypting, in particular, a method for core encryption and decryption of an operating system.

目前對於開機程式以及作業系統核心的驗證開機過程是分開進行的，亦即是需要分別進行開機程式的驗證流程以及作業系統核心的驗證流程，才能進行開機。At present, the startup process of the boot program and the core of the operating system are separately performed, that is, the verification process of the boot program and the verification process of the core of the operating system are separately required to boot.

對於開機程式的驗證流程，是先運算完的摘要（Digest）存入一次性可編程區域（OTP Area），之後每次開機皆會取出一次性寫入的空間中的摘要進行運算比對以驗證開機程式之正確性。For the verification process of the boot program, the first digest is stored in the one-time programmable area (OTP Area), and each time the boot is taken, the digest in the write-once space is taken for comparison and verification. The correctness of the boot program.

對於作業系統核心的驗證流程，則是需要簽章（signature）、 憑證（certificate）以及根公鑰（root public key）預先存在主要儲存區域（Main Area）中，並且利用作業系統核心自有的私金鑰（private key）進行數位簽章（digital signature）流程以進行層層驗證的動作。For the verification process of the core of the operating system, it is necessary to signature, certificate, and root public key pre-existing in the main storage area (Main Area), and use the operating system core's own private The private key performs a digital signature process for layer-by-layer verification.

在開機程式與作業系統核心的驗證流程中，皆需比對憑證以及簽章，以驗證其正確性與完整性，但是現有開機程式與其他作業系統核心的驗證流程在摘要、簽章、憑證以及根公鑰被偽造（偽造摘要、簽章、憑證以及根公鑰遠比破解開機程式以及作業系統核心來的簡單）時，則依然會通過現有的驗證流程，而造成開啟被竄改或是被替換作業系統核心的風險。In the verification process of the boot program and the core of the operating system, the credentials and signatures need to be compared to verify the correctness and completeness, but the verification process of the existing boot program and other operating system cores is summarized, signed, and vouchered. When the root public key is forged (forgery of abstracts, signatures, credentials, and root public keys is much simpler than cracking the boot program and the core of the operating system), it will still be tampered with or replaced by the existing verification process. The risk of the core of the operating system.

綜上所述，可知先前技術中長期以來一直存在現有開機程式以及作業系統核心需要個別驗證，將驗證運算結果預先寫入一次性可編程區域以進行比對，需多次比對驗證且需大量額外儲存空間，過程複雜，耗費時間且不安全的問題，因此有必要提出改進的技術手段，來解決此一問題。In summary, it can be seen that in the prior art, the existing booting program and the core of the operating system need to be individually verified for a long time, and the verification operation result is pre-written into the one-time programmable area for comparison, which requires multiple comparison verification and requires a large amount of Additional storage space, complicated process, time consuming and unsafe, it is necessary to propose improved technical means to solve this problem.

有鑒於先前技術存在現有開機程式以及作業系統核心需要個別驗證，將驗證運算結果預先寫入一次性可編程區域以進行比對，需多次比對驗證且需大量額外儲存空間，過程複雜，耗費時間且不安全的問題，本發明遂揭露一種作業系統核心加密及其解密方法，其中：In view of the prior art existing boot program and the core of the operating system require individual verification, the verification operation result is pre-written into the one-time programmable area for comparison, and multiple verifications are required and a large amount of additional storage space is required, which is complicated and expensive. The problem of time and insecurity, the present invention discloses a core encryption system and a decryption method thereof, wherein:

本發明所揭露第一實施態樣的作業系統核心加密方法，適用於儲存有開機程式以及作業系統核心的裝置，其包含下列步驟：The operating system core encryption method according to the first embodiment of the present invention is applicable to a device that stores a booting program and a core of the operating system, and includes the following steps:

首先，於開機程式內預先建立定義表，定義表儲存有複數個代碼；接著，當開機程式第一次被執行時，開機程式自定義表中隨機取出多個代碼，以及開機程式記錄被取出的多個代碼；接著，開機程式依據被取出的多個代碼分別自儲存空間中開機程式找出對應的至少一組開機位元值組，以及自儲存空間中作業系統核心找出對應的至少一組核心位元值組以及對應的核心位元位置，且每一組開機位元值組與每一組核心位元值組依序對應；接著，開機程式分別將對應的開機位元值組與核心位元值組進行可逆運算的雜湊演算法（Hash Function）以分別得到對應的雜湊值；最後，開機程式依據每一個核心位元位置將對應的雜湊值取代核心位元值並重新儲存作業系統核心，以提供作業系統核心加密，且加密後的作業系統核心無法被執行。First, a definition table is pre-established in the boot program, and the definition table stores a plurality of codes; then, when the boot program is executed for the first time, a plurality of codes are randomly fetched from the boot program customization table, and the boot program record is taken out. a plurality of codes; then, the booting program respectively finds at least one set of boot bit value groups from the boot program in the storage space according to the plurality of codes that are extracted, and finds at least one corresponding group from the operating system core in the storage space. The core bit value group and the corresponding core bit position, and each set of boot bit value groups sequentially corresponds to each set of core bit value groups; then, the boot program respectively sets the corresponding boot bit value group and the core The bit value group performs a hash function of the reversible operation to obtain the corresponding hash value. Finally, the boot program replaces the core bit value with the corresponding hash value according to each core bit position and re-stores the operating system core. To provide the operating system core encryption, and the encrypted operating system core cannot be executed.

本發明所揭露第一實施態樣的作業系統核心解密方法，適用於儲存有開機程式以及經過對應加密處理後的作業系統核心的裝置，其包含下列步驟：The operating system core decryption method according to the first embodiment of the present invention is applicable to a device that stores a booting program and a core of the operating system corresponding to the encrypted processing, and includes the following steps:

首先，開機程式取出被紀錄的多個代碼；接著，開機程式依據被取出的多個代碼分別自儲存空間中開機程式找出對應的至少一組開機位元值組，以及自儲存空間中作業系統核心找出對應的至少一組核心位元值組以及對應的核心位元位置，且每一組開機位元值組與每一組核心位元值組依序對應；接著，開機程式分別將對應的開機位元值組與核心位元值組進行可逆運算的雜湊演算法的逆運算以分別得到對應的逆運算雜湊值；最後，開機程式依據每一個核心位元位置將對應的逆運算雜湊值取代核心位元值，以提供作業系統核心解密，且執行解密後的作業系統核心。First, the boot program takes out a plurality of recorded codes; then, the boot program finds corresponding at least one set of boot bit value groups and the operating system in the self-storage space according to the plurality of codes that are extracted separately from the boot program in the storage space. The core finds corresponding at least one set of core bit value groups and corresponding core bit positions, and each set of boot bit value groups sequentially corresponds to each set of core bit value groups; then, the boot program respectively corresponds to The inverse operation of the hash algorithm of the reversible operation of the boot bit value group and the core bit value group respectively obtains the corresponding inverse operation hash value; finally, the boot program will corresponding the inverse operation hash value according to each core bit position. The core bit value is replaced to provide the operating system core decryption and the decrypted operating system core is executed.

本發明所揭露第二實施態樣的作業系統核心加密方法，適用於儲存有開機程式以及作業系統核心的裝置，其包含下列步驟：The operating system core encryption method according to the second embodiment of the present invention is applicable to a device that stores a booting program and a core of the operating system, and includes the following steps:

首先，於開機程式內預先建立定義表，定義表儲存有複數個代碼；接著，當開機程式第一次被執行時，開機程式自定義表中隨機取出多個代碼，以及開機程式記錄被取出的多個代碼；接著，開機程式依據被取出的多個代碼分別自儲存空間中開機程式找出對應的至少一組開機位元值組，以及自儲存空間中作業系統核心找出對應的至少一組核心位元值組以及對應的核心位元位置，且每一組開機位元值組與每一組核心位元值組依序對應；接著，開機程式分別將對應的開機位元值組與核心位元值組進行不可逆運算的雜湊演算法（Hash Function）以分別得到對應的二進位雜湊值，以及開機程式記錄經過運算的二進位雜湊值位元數；最後，開機程式依據每一個核心位元位置將對應的二進位雜湊值插入於作業系統核心並重新儲存作業系統核心，以提供作業系統核心加密，且加密後的作業系統核心無法被執行。First, a definition table is pre-established in the boot program, and the definition table stores a plurality of codes; then, when the boot program is executed for the first time, a plurality of codes are randomly fetched from the boot program customization table, and the boot program record is taken out. a plurality of codes; then, the booting program respectively finds at least one set of boot bit value groups from the boot program in the storage space according to the plurality of codes that are extracted, and finds at least one corresponding group from the operating system core in the storage space. The core bit value group and the corresponding core bit position, and each set of boot bit value groups sequentially corresponds to each set of core bit value groups; then, the boot program respectively sets the corresponding boot bit value group and the core The bit value group performs a hash function of the irreversible operation to obtain the corresponding binary hash value, and the boot program records the computed binary hash value bit number; finally, the boot program is based on each core bit. The location inserts the corresponding binary hash value into the operating system core and re-stores the operating system core to provide the operating system core plus Confidential, and the encrypted operating system core cannot be executed.

本發明所揭露第二實施態樣的作業系統核心解密方法，適用於儲存有開機程式以及經過對應加密處理後的作業系統核心的裝置，其包含下列步驟：The operating system core decryption method according to the second embodiment of the present invention is applicable to a device that stores a boot program and a core of the operating system corresponding to the encryption process, and includes the following steps:

首先，開機程式取出被紀錄的多個代碼以及被紀錄的二進位雜湊值位元數；接著，開機程式依據被取出的多個代碼以及被紀錄的二進位雜湊值位元數分別自儲存空間中開機程式找出對應的至少一組開機位元值組，以及自儲存空間中作業系統核心找出對應的至少一組核心位元值組以及對應的核心位元位置，且每一組開機位元值組與每一組核心位元值組依序對應；接著，開機程式分別將對應的開機位元值組與核心位元值組進行不可逆運算的雜湊演算法（Hash Function）以分別得到對應的二進位雜湊值；最後，開機程式依據每一個核心位元位置對應的核心位元值組與對應的二進位雜湊值比對一致時，將核心位元值組刪除，以提供作業系統核心解密，且執行解密後的作業系統核心。First, the boot program takes out the recorded plurality of codes and the number of recorded binary hash value bits; then, the boot program is separately from the storage space according to the plurality of codes that are extracted and the number of recorded binary hash value bits. The booting program finds at least one set of boot bit value groups, and finds at least one set of core bit value groups and corresponding core bit positions from the operating system core in the storage space, and each set of boot bits The value group is sequentially corresponding to each group of core bit value groups; then, the booting program respectively performs a hash function of the irreversible operation of the corresponding boot bit value group and the core bit value group to obtain corresponding corresponding The binary hash value; finally, the boot program deletes the core bit value group according to the core bit value group corresponding to each core bit position and the corresponding binary bit value comparison, to provide the operating system core decryption, And execute the decrypted operating system core.

本發明所揭露的加密與解密方法如上，與先前技術之間的差異在於本發明透過定義表將開機程式以及作業系統核心進行雜湊演算法的運算，並將運算結果與作業系統核心進行結合，以提供作業系統核心的加密，並當開機程式、作業系統核心或是開機程式與作業系統核心遭到竄改或是替換，則無法進行作業系統核心的解密以進行開機。The encryption and decryption method disclosed in the present invention is as above, and the difference from the prior art is that the present invention performs a hash algorithm operation on the boot program and the core of the operating system through a definition table, and combines the operation result with the core of the operating system to The encryption of the core of the operating system is provided, and when the booting program, the operating system core or the booting program and the operating system core are tampered with or replaced, the operating system core cannot be decrypted for booting.

透過上述的技術手段，本發明可以達成開機程式與作業系統核心雙向認證以進行安全開機的技術功效。Through the above technical means, the invention can achieve the technical effect of the two-way authentication of the boot program and the operating system core for safe booting.

以下將配合圖式及實施例來詳細說明本發明的實施方式，藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The embodiments of the present invention will be described in detail below with reference to the drawings and embodiments, so that the application of the technical means to solve the technical problems and achieve the technical effects can be fully understood and implemented.

本發明第一實施態樣的作業系統核心加密方法適用於儲存有開機程式以及作業系統核心的裝置，並以一個實施例來解說本發明第一實施態樣的運作方式及流程，以下的實施例說明將同步配合「第1圖」以及「第2圖」所示進行說明，「第1圖」繪示為本發明作業系統核心加密方法第一實施態樣的方法流程圖；「第2圖」繪示為本發明作業系統核心解密方法第一實施態樣的方法流程圖。The operating system core encryption method according to the first embodiment of the present invention is applicable to a device that stores a booting program and a core of the operating system, and illustrates an operation mode and a flow of the first embodiment of the present invention in one embodiment. The following embodiments The description will be described in conjunction with "Fig. 1" and "Fig. 2". Fig. 1 is a flow chart showing the first embodiment of the core encryption method of the operating system of the present invention; "Fig. 2" A flow chart of a method for the first embodiment of the core decryption method of the operating system of the present invention is shown.

請參考「第3圖」所示，「第3圖」繪示為本發明作業系統核心加密方法的定義表示意圖。Please refer to "Figure 3", and "Figure 3" is a schematic diagram showing the definition of the core encryption method of the operating system of the present invention.

於開機程式內預先建立定義表10，定義表10中儲存有複數個代碼11（步驟101），在「第2圖」中，代碼11為“!@#”所代表的意義為“選取4位元”，代碼11為“Shift”所代表的意義為“第10位元”，代碼11為“End”所代表的意義為“第50位元”，代碼11為“DDD”所代表的意義為“向前位移”，代碼11為“XYZ”所代表的意義為“向後位移”，代碼11為“135”所代表的意義為“位移20位元”，亦即定義表10中儲存的每一個代碼11所代表的意義至少由選取位元數、指定位元、向前位移、向後位移以及移動位元數選擇其中之一，在此僅為舉例說明之，並不以此侷限本發明的應用範疇。A definition table 10 is pre-established in the boot program, and a plurality of codes 11 are stored in the definition table 10 (step 101). In the "second graph", the code 11 is "!@#" and the meaning is "select 4 digits". "Yuan", code 11 for "Shift" means "10th bit", code 11 for "End" means "50th bit", code 11 for "DDD" means "Forward displacement", code 11 for "XYZ" represents the meaning of "backward displacement", code 11 for "135" represents the meaning of "displacement of 20 bits", that is, define each of the stored in Table 10. The meaning represented by code 11 is selected by at least one of the number of selected bits, the specified bit, the forward displacement, the backward displacement, and the number of moving bits, which are merely illustrative and are not intended to limit the application of the present invention. category.

當開機程式第一次被執行時，開機程式會先自定義表10中隨機取出第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”，依據上述代碼即表示“自第10位元選取4位元，並自第10位元起向後位移20位元再選取4位元”，在此僅為舉例說明之，並不以此侷限本發明的應用範疇，並且開機程式會記錄被選取的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”（步驟102）。When the boot program is executed for the first time, the boot program will first randomly select the first code in the table 10 as "!@#", the second code as "Shift", the third code as "XYZ", and the fourth code. For "135", according to the above code, it means "select 4 bits from the 10th bit, and shift 20 bits from the 10th bit and then select 4 bits", which is only an example, not This limits the scope of application of the present invention, and the boot program records the selected first code as "!@#", the second code as "Shift", the third code as "XYZ", and the fourth code as "135". (Step 102).

接著，假設儲存空間中原始的開機程式的第10位元至第13位元為“1010”以及第30位元至第33位元為“0110”，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中開機程式自第10位元選取4位元以找出第一組開機位元值組為“1010”（即開機程式的第10位元至第13位元的位元值）（步驟103）。Next, assume that the 10th to 13th bits of the original boot program in the storage space are "1010" and the 30th to 33rd bits are "0110", and the boot code is based on the selected first code. "!@#", the second code is "Shift", the third code is "XYZ", and the fourth code is "135". The boot program from the storage space selects 4 bits from the 10th bit to find the first. The group boot bit value group is "1010" (i.e., the bit value of the 10th bit to the 13th bit of the boot program) (step 103).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中開機程式自第10位元起向後位移20位元再選取4位元以找出第二組開機位元值組為“0110”（即開機程式的第30位元至第33位元的位元值）（步驟103）。Then, the boot program is based on the selected first code as "!@#", the second code is "Shift", the third code is "XYZ", and the fourth code is "135". The 10th bit is shifted backward by 20 bits and then 4 bits are selected to find the second set of boot bit value group is "0110" (ie the bit value of the 30th to 33rd bits of the boot program) ( Step 103).

接著，假設儲存空間中原始的作業系統核心的第10位元至第13位元為“1111”以及第30位元至第33位元為“0011”，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中作業系統核心自第10位元選取4位元以找出第一組核心位元值組為“1111”（即作業系統核心的第10位元至第13位元的位元值），以及找出第一組核心位元值組為“1111”對應的第一核心位元位置為“第10位元至第13位元”（步驟103）。Next, assume that the 10th to 13th bits of the original operating system core in the storage space are "1111" and the 30th to 33rd bits are "0011", and the boot code is based on the selected first code. "!@#", the second code is "Shift", the third code is "XYZ", and the fourth code is "135". The operating system core from the storage space selects 4 bits from the 10th bit to find out The first set of core bit value groups is "1111" (ie, the bit value of the 10th to 13th bits of the operating system core), and the first set of core bit value groups is found to correspond to "1111". The first core bit position is "10th bit to 13th bit" (step 103).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中作業系統核心自第10位元起向後位移20位元再選取4位元以找出第二組核心位元值組為“0011”（即作業系統核心的第30位元至第33位元的位元值），以及找出第二組核心位元值組為“0011”對應的第二核心位元位置為“第30位元至第33位元”（步驟103）。Then, the boot program according to the selected first code is "!@@", the second code is "Shift", the third code is "XYZ", and the fourth code is "135", which will be the core of the operating system in the storage space. From the 10th bit, shift 20 bits backward and then select 4 bits to find the second set of core bit value group is "0011" (that is, the bit value of the 30th to 33rd bits of the operating system core) And finding that the second core bit position corresponding to the second set of core bit value groups is "0011" is "30th bit to 33rd bit" (step 103).

並且第一組開機位元值組為“1010”會與第一組核心位元值組為“1111”相互對應（步驟103），以及第二組開機位元值組為“0110”會與第二組核心位元值組為“0011”相互對應（步驟103）。And the first group of boot bit value groups "1010" will correspond to the first group core bit value group "1111" (step 103), and the second group boot bit value group is "0110" and the first The two sets of core bit value groups correspond to "0011" (step 103).

接著，開機程式會將第一組開機位元值組為“1010”以及第一組核心位元值組為“1111”進行可逆運算的雜湊演算法（Hash Function）運算，在實施例中可逆運算的雜湊演算法為“XOR運算”，除此之外，可逆運算的雜湊演算法亦可為“位元運算（bitwise operation）”，在此僅為舉例說明之，並不以此侷限本發明的應用範疇，將第一組開機位元值組為“1010”以及第一組核心位元值組為“1111”進行XOR運算後的結果為“0101”，即得到的第一雜湊值為“0101”（步驟104）。Then, the booting program will perform the hash function of the first group of boot bit value groups as "1010" and the first group of core bit value groups as "1111" for reversible operations, and in the embodiment, the reversible operation The hash algorithm is an "XOR operation". In addition, the hash algorithm of the reversible operation may also be a "bitwise operation", which is merely illustrative and is not intended to limit the present invention. In the application category, the first set of boot bit value groups is "1010" and the first set of core bit value groups is "1111". The result of XOR operation is "0101", that is, the obtained first hash value is "0101". (Step 104).

開機程式會將第二組開機位元值組為“0110”以及第二組核心位元值組為“0011”進行可逆運算的雜湊演算法運算，在實施例中可逆運算的雜湊演算法為“XOR運算”，將第二組開機位元值組為“0110”以及第二組核心位元值組為“0011”進行XOR運算後的結果為“0101”，即得到的第二雜湊值為“0101”（步驟104）。The boot program will perform the hash algorithm operation of the second group of boot bit value group "0110" and the second group core bit value group "0011" for reversible operation. In the embodiment, the hash algorithm of the reversible operation is " "XOR operation", the second group of boot bit value groups are "0110" and the second group of core bit value groups is "0011". The result of XOR operation is "0101", that is, the obtained second hash value is " 0101" (step 104).

接著，開機程式依據第一核心位元位置為“第10位元至第13位元”的核心位元值為“1111”取代為對應的第一雜湊值為“0101”，開機程式依據第二核心位元位置為“第30位元至第33位元”的核心位元值為“0011”取代為對應的第一雜湊值為“0101”，並重新儲存作業系統核心（步驟105）。Then, the booting program replaces the core bit value of the "10th bit to the 13th bit" of the first core bit position with "1111" as the corresponding first hash value of "0101", and the booting program is based on the second The core bit value of the "30th bit to the 33rd bit" of the core bit position is "0011" instead of the corresponding first hash value "0101", and the operating system core is re-stored (step 105).

透過上述過程，即可提供作業系統核心加密，並且加密後的作業系統核心無法被執行。Through the above process, the operating system core encryption can be provided, and the encrypted operating system core cannot be executed.

接著，當開機程式第一次被執行且完成作業系統核心加密或是開機程式非第一次被執行時，開機程式會先取出被紀錄的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”（步驟201）。Then, when the boot program is executed for the first time and the operating system core encryption is completed or the boot program is not executed for the first time, the boot program first takes out the first code recorded as "!@#", and the second code is "Shift", the third code is "XYZ", and the fourth code is "135" (step 201).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中開機程式自第10位元選取4位元以找出第一組開機位元值組為“1010”（即開機程式的第10位元至第13位元的位元值）（步驟202）。Then, the boot program is based on the selected first code as "!@#", the second code is "Shift", the third code is "XYZ", and the fourth code is "135". The 10th bit selects 4 bits to find the first set of boot bit value groups as "1010" (ie, the bit values of the 10th to 13th bits of the boot program) (step 202).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中開機程式自第10位元起向後位移20位元再選取4位元以找出第二組開機位元值組為“0110”（即開機程式的第30位元至第33位元的位元值）（步驟202）。Then, the boot program is based on the selected first code as "!@#", the second code is "Shift", the third code is "XYZ", and the fourth code is "135". The 10th bit is shifted backward by 20 bits and then 4 bits are selected to find the second set of boot bit value group is "0110" (ie the bit value of the 30th to 33rd bits of the boot program) ( Step 202).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中作業系統核心自第10位元選取4位元以找出第一組核心位元值組為“0101”（即作業系統核心的第10位元至第13位元的位元值），以及找出第一組核心位元值組為“0101”對應的第一核心位元位置為“第10位元至第13位元”（步驟202）。Then, the boot program according to the selected first code is "!@@", the second code is "Shift", the third code is "XYZ", and the fourth code is "135", which will be the core of the operating system in the storage space. Select 4 bits from the 10th bit to find the first set of core bit values as "0101" (ie, the bit value of the 10th to 13th bits of the operating system core), and find the first The first core bit position corresponding to the group core bit value group of "0101" is "10th bit to 13th bit" (step 202).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中作業系統核心自第10位元起向後位移20位元再選取4位元以找出第二組核心位元值組為“0101”（即作業系統核心的第30位元至第33位元的位元值），以及找出第二組核心位元值組為“0101”對應的第二核心位元位置為“第30位元至第33位元”（步驟202）。Then, the boot program according to the selected first code is "!@@", the second code is "Shift", the third code is "XYZ", and the fourth code is "135", which will be the core of the operating system in the storage space. Shift 20 bits from the 10th bit and then select 4 bits to find the second set of core bit values as "0101" (ie the bit value of the 30th to 33rd bits of the operating system core) And finding that the second core bit position corresponding to the second group of core bit value groups is "0101" is "30th bit to 33rd bit" (step 202).

並且第一組開機位元值組為“1010”會與第一組核心位元值組為“0101”相互對應（步驟202），以及第二組開機位元值組為“0110”會與第二組核心位元值組為“0101”相互對應（步驟202）。And the first group of boot bit value groups of "1010" will correspond to the first group of core bit value groups of "0101" (step 202), and the second group of boot bit value groups of "0110" will be the same The two sets of core bit value groups correspond to "0101" (step 202).

接著，開機程式會將第一組開機位元值組為“1010”以及第一組核心位元值組為“0101”進行可逆運算的雜湊演算法的逆運算，在實施例中可逆運算的雜湊演算法為“XOR運算”，且可逆運算的雜湊演算法為“XOR運算”的逆運算亦為“XOR運算”，將第一組開機位元值組為“1010”以及第一組核心位元值組為“0101”進行XOR運算後的結果為“1111”，即得到的第一逆運算雜湊值為“1111”（步驟203）。Then, the booting program will inversely calculate the hashing algorithm of the first group of boot bit values as "1010" and the first set of core bit values of "0101" for reversible operations, and the hash of the reversible operation in the embodiment The algorithm is "XOR operation", and the inverse operation of the reversible operation is "XOR operation". The inverse operation is also "XOR operation", and the first group of boot bit values is set to "1010" and the first group of core bits. The result of the XOR operation after the value group is "0101" is "1111", that is, the obtained first inverse operation hash value is "1111" (step 203).

開機程式會將第二組開機位元值組為“0110”以及第二組核心位元值組為“0101”進行可逆運算的雜湊演算法運算，在實施例中可逆運算的雜湊演算法為“XOR運算”，且可逆運算的雜湊演算法為“XOR運算”的逆運算亦為“XOR運算”，將第二組開機位元值組為“0110”以及第二組核心位元值組為“0101”進行XOR運算後的結果為“0011”，即得到的第二逆運算雜湊值為“0011”（步驟203）。The boot program will perform the hash algorithm operation of the second group of boot bit value groups as "0110" and the second group core bit value group is "0101" for reversible operation. In the embodiment, the hash algorithm of the reversible operation is " "XOR operation", and the inverse operation of the reversible operation is "XOR operation", and the "XOR operation" is also "XOR operation". The second group of boot bit values is set to "0110" and the second set of core bit values is " The result of performing the XOR operation on 0101" is "0011", that is, the obtained second inverse operation hash value is "0011" (step 203).

接著，開機程式依據第一核心位元位置為“第10位元至第13位元”的核心位元值為“0101”取代為對應的第一逆運算雜湊值為“1111”，開機程式依據第二核心位元位置為“第30位元至第33位元”的核心位元值為“0101”取代為對應的第一逆運算雜湊值為“0011”，藉此可以還原回原始的作業系統核心（步驟204）。Then, the booting program replaces the core bit value of the "10th bit to the 13th bit" with the first core bit position as "0101" and the corresponding first inverse operation hash value of "1111". The core bit value of the second core bit position is "30th to 33rd", and the value of "0101" is replaced by the corresponding first inverse operation hash value of "0011", thereby returning to the original job. System core (step 204).

透過上述過程，即可提供作業系統核心解密，並且執行解密後的所述作業系統核心。Through the above process, the operating system core decryption can be provided, and the decrypted operating system core can be executed.

假設開機程式遭到竄改，此時開機程式的第10位元至第13位元被修改為“0000”以及第30位元至第33位元為“1111”，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中開機程式自第10位元選取4位元以找出第一組開機位元值組為“0000”（即遭到竄改的開機程式的第10位元至第13位元的位元值）。Assume that the boot program has been tampered with. At this time, the 10th to 13th bits of the boot program are modified to "0000" and the 30th to 33rd bits are "1111". The boot program is based on the selected A code is "!@#", the second code is "Shift", the third code is "XYZ", and the fourth code is "135". The boot program from the storage space selects 4 bits from the 10th bit to find The first set of boot bit value groups is "0000" (ie, the bit value of the 10th to 13th bit of the boot program that was tampered with).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中開機程式自第10位元起向後位移20位元再選取4位元以找出第二組開機位元值組為“1111”（即開機程式的第30位元至第33位元的位元值）。Then, the boot program is based on the selected first code as "!@#", the second code is "Shift", the third code is "XYZ", and the fourth code is "135". The 10th bit is shifted backward by 20 bits and then 4 bits are selected to find the second set of boot bit value groups as "1111" (ie, the bit value of the 30th to 33rd bits of the boot program).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中作業系統核心自第10位元選取4位元以找出第一組核心位元值組為“0101”（即作業系統核心的第10位元至第13位元的位元值），以及找出第一組核心位元值組為“0101”對應的第一核心位元位置為“第10位元至第13位元”。Then, the boot program according to the selected first code is "!@@", the second code is "Shift", the third code is "XYZ", and the fourth code is "135", which will be the core of the operating system in the storage space. Select 4 bits from the 10th bit to find the first set of core bit values as "0101" (ie, the bit value of the 10th to 13th bits of the operating system core), and find the first The first core bit position corresponding to the group core bit value group "0101" is "10th bit to 13th bit".

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中作業系統核心自第10位元起向後位移20位元再選取4位元以找出第二組核心位元值組為“0101”（即作業系統核心的第30位元至第33位元的位元值），以及找出第二組核心位元值組為“0101”對應的第二核心位元位置為“第30位元至第33位元”。Then, the boot program according to the selected first code is "!@@", the second code is "Shift", the third code is "XYZ", and the fourth code is "135", which will be the core of the operating system in the storage space. Shift 20 bits from the 10th bit and then select 4 bits to find the second set of core bit values as "0101" (ie the bit value of the 30th to 33rd bits of the operating system core) And finding that the second core bit position corresponding to the second set of core bit value groups is "0101" is "30th to 33rd".

並且第一組開機位元值組為“0000”會與第一組核心位元值組為“0101”相互對應，以及第二組開機位元值組為“1111”會與第二組核心位元值組為“0101”相互對應。And the first group of boot bit value groups of "0000" will correspond to the first group of core bit value groups of "0101", and the second group of boot bit value groups of "1111" and the second set of core bits The element value group corresponds to "0101".

接著，開機程式會將第一組開機位元值組為“0000”以及第一組核心位元值組為“0101”進行可逆運算的雜湊演算法的逆運算，在實施例中可逆運算的雜湊演算法為“XOR運算”，且可逆運算的雜湊演算法為“XOR運算”的逆運算亦為“XOR運算”，將第一組開機位元值組為“0000”以及第一組核心位元值組為“0101”進行XOR運算後的結果為“0101”，即得到的第一逆運算雜湊值為“0101”。Then, the boot program will perform the inverse operation of the hash algorithm of the reversible operation of the first group of boot bit values as "0000" and the first set of core bit values of "0101", and the hash of the reversible operation in the embodiment The algorithm is "XOR operation", and the inverse operation of the reversible operation is "XOR operation", and the inverse operation is also "XOR operation". The first group of boot bit values are set to "0000" and the first group of core bits. The result of the XOR operation after the value group is "0101" is "0101", that is, the obtained first inverse operation hash value is "0101".

開機程式會將第二組開機位元值組為“1111”以及第二組核心位元值組為“0101”進行可逆運算的雜湊演算法運算，在實施例中可逆運算的雜湊演算法為“XOR運算”，且可逆運算的雜湊演算法為“XOR運算”的逆運算亦為“XOR運算”，將第二組開機位元值組為“1111”以及第二組核心位元值組為“0101”進行XOR運算後的結果為“1010”，即得到的第二逆運算雜湊值為“1010”。The booting program will perform the hash algorithm operation of the second group of boot bit value group "1111" and the second group core bit value group of "0101" for reversible operation. In the embodiment, the hash algorithm of the reversible operation is " The XOR operation", and the inverse operation of the reversible operation is "XOR operation", the inverse operation is also "XOR operation", the second group of boot bit values are set to "1111" and the second set of core bit values is " The result of performing the XOR operation on 0101" is "1010", that is, the obtained second inverse operation hash value is "1010".

接著，開機程式依據第一核心位元位置為“第10位元至第13位元”的核心位元值為“0101”取代為對應的第一逆運算雜湊值為“0101”，開機程式依據第二核心位元位置為“第30位元至第33位元”的核心位元值為“0101”取代為對應的第一逆運算雜湊值為“1010”，即無法還原回原始的作業系統核心，此時的作業系統核心依然無法被執行。Then, the booting program replaces the core bit value of the "10th bit to the 13th bit" of the first core bit position with "0101" as the corresponding first inverse operation hash value of "0101", and the booting program is based on The core bit value of the second core bit position is "30th to 33rd", and the value of "0101" is replaced by the corresponding first inverse operation, the hash value is "1010", that is, the original operating system cannot be restored. At the core, the core of the operating system at this time cannot be executed.

假設作業系統核心遭到竄改，此時作業系統核心的第10位元至第13位元被修改為“0000”以及第30位元至第33位元為“1111”，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中開機程式自第10位元選取4位元以找出第一組開機位元值組為“1010”（即遭到竄改的開機程式的第10位元至第13位元的位元值）。Assume that the core of the operating system has been tampered with. At this time, the 10th to 13th bits of the core of the operating system are modified to "0000" and the 30th to 33rd bits are "1111". The booting program is selected according to the selection. The first code is "!@#", the second code is "Shift", the third code is "XYZ", and the fourth code is "135". The boot program from the storage space selects 4 bits from the 10th bit. To find out the first set of boot bit value group is "1010" (that is, the bit value of the 10th to 13th bit of the boot program that was tampered with).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中開機程式自第10位元起向後位移20位元再選取4位元以找出第二組開機位元值組為“0110”（即開機程式的第30位元至第33位元的位元值）。Then, the boot program is based on the selected first code as "!@#", the second code is "Shift", the third code is "XYZ", and the fourth code is "135". The 10th bit is shifted backward by 20 bits and then 4 bits are selected to find the second set of boot bit value group is "0110" (ie, the bit value of the 30th to 33rd bits of the boot program).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中作業系統核心自第10位元選取4位元以找出第一組核心位元值組為“0000”（即作業系統核心的第10位元至第13位元的位元值），以及找出第一組核心位元值組為“0000”對應的第一核心位元位置為“第10位元至第13位元”。Then, the boot program according to the selected first code is "!@@", the second code is "Shift", the third code is "XYZ", and the fourth code is "135", which will be the core of the operating system in the storage space. Select 4 bits from the 10th bit to find the first set of core bit values as "0000" (that is, the bit value of the 10th to 13th bits of the operating system core), and find the first The first core bit position corresponding to the group core bit value group of "0000" is "10th bit to 13th bit".

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“Shift”、第三代碼為“XYZ”以及第四代碼為“135”會自儲存空間中作業系統核心自第10位元起向後位移20位元再選取4位元以找出第二組核心位元值組為“1111”（即作業系統核心的第30位元至第33位元的位元值），以及找出第二組核心位元值組為“1111”對應的第二核心位元位置為“第30位元至第33位元”。Then, the boot program according to the selected first code is "!@@", the second code is "Shift", the third code is "XYZ", and the fourth code is "135", which will be the core of the operating system in the storage space. Shift 20 bits from the 10th bit and then select 4 bits to find the second set of core bit values as "1111" (ie the bit value of the 30th to 33rd bits of the core of the operating system) And finding that the second core bit position corresponding to the second set of core bit value groups is "1111" is "30th to 33rd".

並且第一組開機位元值組為“1010”會與第一組核心位元值組為“0000”相互對應，以及第二組開機位元值組為“0110”會與第二組核心位元值組為“1111”相互對應。And the first group of boot bit value group "1010" will correspond to the first group core bit value group "0000", and the second group boot bit value group is "0110" and the second group core bit The meta value group corresponds to "1111".

接著，開機程式會將第一組開機位元值組為“1010”以及第一組核心位元值組為“0000”進行可逆運算的雜湊演算法的逆運算，在實施例中可逆運算的雜湊演算法為“XOR運算”，且可逆運算的雜湊演算法為“XOR運算”的逆運算亦為“XOR運算”，將第一組開機位元值組為“1010”以及第一組核心位元值組為“0000”進行XOR運算後的結果為“1010”，即得到的第一逆運算雜湊值為“1010”。Then, the boot program will perform the inverse operation of the hash algorithm of the reversible operation of the first group of boot bit values as "1010" and the first set of core bit values of "0000", in the embodiment, the reversible operation of the hash The algorithm is "XOR operation", and the inverse operation of the reversible operation is "XOR operation". The inverse operation is also "XOR operation", and the first group of boot bit values is set to "1010" and the first group of core bits. The result of the XOR operation after the value group is "0000" is "1010", that is, the obtained first inverse operation hash value is "1010".

開機程式會將第二組開機位元值組為“0110”以及第二組核心位元值組為“1111”進行可逆運算的雜湊演算法運算，在實施例中可逆運算的雜湊演算法為“XOR運算”，且可逆運算的雜湊演算法為“XOR運算”的逆運算亦為“XOR運算”，將第二組開機位元值組為“0110”以及第二組核心位元值組為“1111”進行XOR運算後的結果為“1001”，即得到的第二逆運算雜湊值為“1001”。The boot program will perform the hash algorithm operation of the second group of boot bit value group "0110" and the second group core bit value group "1111" for reversible operation. In the embodiment, the hash algorithm of the reversible operation is " "XOR operation", and the inverse operation of the reversible operation is "XOR operation", and the "XOR operation" is also "XOR operation". The second group of boot bit values is set to "0110" and the second set of core bit values is " The result of performing the XOR operation on 1111" is "1001", that is, the obtained second inverse operation hash value is "1001".

接著，開機程式依據第一核心位元位置為“第10位元至第13位元”的核心位元值為“0000”取代為對應的第一逆運算雜湊值為“1010”，開機程式依據第二核心位元位置為“第30位元至第33位元”的核心位元值為“1111”取代為對應的第一逆運算雜湊值為“1001”，即無法還原回原始的作業系統核心，此時的作業系統核心依然無法被執行。Then, the booting program replaces the core bit value of the "10th bit to the 13th bit" with the first core bit position as "0000", and replaces the corresponding first inverse operation hash value with "1010". The core bit value of the second core bit position is "30th to 33rd", and the value of "1111" is replaced by the corresponding first inverse operation, the hash value is "1001", that is, the original operating system cannot be restored. At the core, the core of the operating system at this time cannot be executed.

藉此可以提供儲存有開機程式以及作業系統核心的裝置安全開機，並且透過同時使用開機程式以及作業系統核心進行運算，避免大量的運算驗證而導致系統開機時間拉長，以及一次運算即可相互認證開機程式以及作業系統核心，同時開機程式以及作業系統核心之間不會有資訊交換的過程，可以避免雜湊值得傳遞而遭到竊取，且不同的裝置可具有不同加密後的作業系統核心，以提供不同裝置具有相同作業系統核心時，不同加密後的作業系統核心無法進一步獲得加密後的作業系統核心的解密資訊或方式。In this way, the device that stores the boot program and the core of the operating system can be safely booted, and the operation can be performed by simultaneously using the boot program and the core of the operating system, thereby avoiding a large number of operation verifications, resulting in an extended boot time of the system, and mutual authentication by one operation. The boot program and the core of the operating system, at the same time there is no information exchange process between the boot program and the core of the operating system, which can avoid the miscellaneous worthy of being transmitted and stolen, and different devices can have different encrypted operating system cores to provide When different devices have the same operating system core, different encrypted operating system cores cannot further obtain the decrypted information or method of the encrypted operating system core.

除此之外，當觸發重新作業系統核心加密條件或是正常進行開機程式以及作業系統核心其中之一的更新時，先進行作業系統核心解密方法的步驟後，再進行作業系統核心加密方法的步驟，作業系統核心解密方法的步驟以及作業系統核心加密方法的步驟請參考上述說明，在此不再進行贅述，且上述重新作業系統核心加密條件包含多次開機失敗條件、時間條件以及命令條件，在此僅為舉例說明之，並不以此侷限本發明的應用範疇，當觸發多次開機失敗條件時，即可判斷出遭受到蠻力攻擊（brute-force attack），以避免裝置遭受蠻力攻擊而被破解，時間條件可以是定時提供更改加密的作業系統核心，命令條件可以是使用者直接進行更改加密的作業系統核心，藉此提供使用者無感且快速便利進行作業系統核心加密以及解密，且提供方便進行重新作業系統核心加密。In addition, when triggering the re-operation system core encryption condition or the normal startup program and the updating of one of the operating system cores, the steps of the operating system core decryption method are performed first, and then the steps of the operating system core encryption method are performed. For the steps of the core decryption method of the operating system and the steps of the core encryption method of the operating system, please refer to the above description, and no further description is made herein, and the core encryption condition of the re-operation system includes multiple startup failure conditions, time conditions, and command conditions. This is only an example, and is not limited to the application scope of the present invention. When multiple boot failure conditions are triggered, it can be judged that a brute-force attack is encountered to avoid the device being subjected to brute force attack. While being cracked, the time condition may be the core of the operating system that periodically provides the change encryption, and the command condition may be the core of the operating system in which the user directly changes the encryption, thereby providing the user with no sense and quick and convenient operation of the operating system core encryption and decryption. And provide convenient re-operation system core plus .

本發明第二實施態樣的作業系統核心加密方法適用於儲存有開機程式以及作業系統核心的裝置，並以一個實施例來解說本發明第二實施態樣的運作方式及流程，以下的實施例說明將同步配合「第3圖」、「第4圖」以及「第5圖」所示進行說明，「第4圖」繪示為本發明作業系統核心加密方法第二實施態樣的方法流程圖；「第5圖」繪示為本發明作業系統核心解密方法第二實施態樣的方法流程圖。The operating system core encryption method according to the second embodiment of the present invention is applicable to a device storing a booting program and a core of the operating system, and illustrates an operation mode and a flow of the second embodiment of the present invention in one embodiment. The following embodiments The description will be described in conjunction with "Fig. 3", "Fig. 4" and "Fig. 5", and Fig. 4 is a flow chart showing the second embodiment of the operating system core encryption method of the present invention. FIG. 5 is a flow chart showing a second embodiment of the core decryption method of the operating system of the present invention.

於開機程式內預先建立定義表10，定義表10中儲存有複數個代碼11（步驟301），且定義表10請參考「第2圖」所示，當開機程式第一次被執行時，開機程式會先自定義表10中隨機取出第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”，依據上述代碼即表示“自第50位元選取4位元，並自第50位元起向前位移20位元再選取4位元”，在此僅為舉例說明之，並不以此侷限本發明的應用範疇，並且開機程式會記錄被選取的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”（步驟302）。The definition table 10 is pre-established in the boot program, and a plurality of codes 11 are stored in the definition table 10 (step 301), and the definition table 10 is referred to as shown in the "second picture". When the boot program is executed for the first time, the boot is started. The program will first randomly select the first code in the table 10 as "!@#", the second code is "End", the third code is "DDD", and the fourth code is "135", which means "based on the above code" 4 bits are selected from the 50th bit, and 20 bits are shifted forward from the 50th bit and then 4 bits are selected", which is merely illustrative here, and is not limited to the application scope of the present invention, and The boot program records the selected first code as "!@#", the second code as "End", the third code as "DDD", and the fourth code as "135" (step 302).

接著，假設儲存空間中原始的開機程式的第50位元至第53位元為“1010”以及第30位元至第33位元為“0110”，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”會自儲存空間中開機程式自第50位元選取4位元以找出第一組開機位元值組為“1010”（即開機程式的第50位元至第53位元的位元值）（步驟303）。Next, assume that the 50th to 53rd bits of the original boot program in the storage space are "1010" and the 30th to 33rd bits are "0110", and the boot code is based on the selected first code. "!@#", the second code is "End", the third code is "DDD", and the fourth code is "135". The boot program from the storage space selects 4 bits from the 50th bit to find the first. The group boot bit value group is "1010" (ie, the bit value of the 50th bit to the 53rd bit of the boot program) (step 303).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”會自儲存空間中開機程式自第50位元起向前位移20位元再選取4位元以找出第二組開機位元值組為“0110”（即開機程式的第30位元至第33位元的位元值）（步驟303）。Then, the boot program is based on the selected first code is "!@@", the second code is "End", the third code is "DDD", and the fourth code is "135". The 50th bit is shifted forward by 20 bits and then 4 bits are selected to find the second set of boot bit value group is "0110" (ie the bit value from the 30th to the 33rd bit of the boot program) (Step 303).

接著，假設儲存空間中原始的作業系統核心的第50位元至第53位元為“1111”以及第30位元至第33位元為“0011”，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”會自儲存空間中作業系統核心自第50位元選取4位元以找出第一組核心位元值組為“1111”（即作業系統核心的第50位元至第53位元的位元值），以及找出第一組核心位元值組為“1111”對應的第一核心位元位置為“第50位元至第53位元”（步驟303）。Next, assume that the 50th to 53rd bits of the original operating system core in the storage space are "1111" and the 30th to 33rd bits are "0011", and the boot code is based on the selected first code. "!@#", the second code is "End", the third code is "DDD", and the fourth code is "135". The operating system core from the storage space selects 4 bits from the 50th bit to find out The first set of core bit value groups is "1111" (that is, the bit values of the 50th to 53rd bits of the operating system core), and the first set of core bit value groups is found to correspond to "1111". The first core bit position is "50th to 53rd" (step 303).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”會自儲存空間中作業系統核心自第50位元起向前位移20位元再選取4位元以找出第二組核心位元值組為“0011”（即作業系統核心的第30位元至第33位元的位元值），以及找出第二組核心位元值組為“0011”對應的第二核心位元位置為“第30位元至第33位元”（步驟303）。Then, the boot program is based on the first code selected as "!@#", the second code is "End", the third code is "DDD", and the fourth code is "135", which will be the core of the operating system in the storage space. From the 50th bit, shift 20 bits forward and then select 4 bits to find the second set of core bit values as "0011" (that is, the 30th to 33rd bits of the operating system core) Value), and finding that the second core bit position corresponding to the second set of core bit value groups is "0011" is "30th bit to 33rd bit" (step 303).

並且第一組開機位元值組為“1010”會與第一組核心位元值組為“1111”相互對應（步驟303），以及第二組開機位元值組為“0110”會與第二組核心位元值組為“0011”相互對應（步驟303）。And the first group of boot bit value group "1010" will correspond to the first group core bit value group "1111" (step 303), and the second group boot bit value group is "0110" and the first The two sets of core bit value groups correspond to "0011" (step 303).

接著，開機程式會將第一組開機位元值組為“1010”以及第一組核心位元值組為“1111”進行不可逆運算的雜湊演算法（Hash Function）運算，在實施例中可逆運算的雜湊演算法為“MD5運算”，除此之外，不可逆運算的雜湊演算法亦可為“SHA-1、SHA-224、SHA-256、SHA-384、SHA-512、MD2、MD3以及MD4”，在此僅為舉例說明之，並不以此侷限本發明的應用範疇，將第一組開機位元值組為“1010”以及第一組核心位元值組為“1111”進行MD5運算後並轉換為二進位的結果假設為“111100001010010100001111”，即得到的第一二進位雜湊值為“111100001010010100001111”，並且開機程式會記錄經過運算的第一二進位雜湊值位元數為“24”（步驟304）。Then, the booting program will perform the hash function of the first group of boot bit values as "1010" and the first set of core bit values of "1111" for irreversible operations, and in the embodiment, the reversible operation The hash algorithm is "MD5 operation". In addition, the hash algorithm of irreversible operation can also be "SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, MD2, MD3, and MD4. This is for illustrative purposes only, and is not limited to the application scope of the present invention. The first group of boot bit value groups is "1010" and the first group core bit value group is "1111" for MD5 operation. The result of the subsequent conversion to the binary is assumed to be "111100001010010100001111", that is, the obtained first binary hash value is "111100001010010100001111", and the boot program records the number of the first binary hash value bits of the operation to be "24" ( Step 304).

開機程式會將第二組開機位元值組為“0110”以及第二組核心位元值組為“0011”進行不可逆運算的雜湊演算法運算，在實施例中不可逆運算的雜湊演算法為“MD5運算”，將第二組開機位元值組為“0110”以及第二組核心位元值組為“0011”進行MD5運算後並轉換為二進位的結果假設為“101000001010010100000101”，即得到的第二二進位雜湊值為“101000001010010100000101”，並且開機程式會記錄經過運算的第二二進位雜湊值位元數為“24”（步驟304）。The boot program will perform the hash algorithm of the second group of boot bit values as "0110" and the second set of core bit values of "0011" for irreversible operations. In the embodiment, the hash algorithm of irreversible operation is " MD5 operation", the second group of boot bit value groups are "0110" and the second group of core bit value groups is "0011". The result of MD5 operation and conversion to binary is assumed to be "101000001010010100000101", that is, obtained The second binary hash value is "101000001010010100000101", and the boot program records the number of computed second binary hash value bits as "24" (step 304).

接著，開機程式依據第一核心位元位置為“第50位元”之前插入第一二進位雜湊值為“111100001010010100001111”（依據第三代碼為“DDD”），開機程式依據第二核心位元位置為“第30位元”之前插入第二二進位雜湊值為“101000001010010100000101”（依據第三代碼為“DDD”），並重新儲存作業系統核心（步驟305）。Then, the boot program inserts the first binary hash value "111100001010010100001111" (based on the third code "DDD") according to the first core bit position as "50th bit", and the boot program is based on the second core bit position. Insert the second binary hash value "101000001010010100000101" ("DDD" according to the third code) before the "30th bit" and re-save the operating system core (step 305).

透過上述過程，即可提供作業系統核心加密，並且加密後的作業系統核心無法被執行。Through the above process, the operating system core encryption can be provided, and the encrypted operating system core cannot be executed.

接著，當開機程式第一次被執行且完成作業系統核心加密或是開機程式非第一次被執行時，開機程式會先取出被紀錄的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”以及被紀錄的第一二進位雜湊值位元數為“24”以及第二二進位雜湊值位元數為“24”（步驟401）。Then, when the boot program is executed for the first time and the operating system core encryption is completed or the boot program is not executed for the first time, the boot program first takes out the first code recorded as "!@#", and the second code is "End", the third code is "DDD" and the fourth code is "135" and the number of recorded first binary hash value bits is "24" and the number of second binary hash value bits is "24" (Step 401).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”會自儲存空間中開機程式自第50位元選取4位元以找出第一組開機位元值組為“1010”（即開機程式的第50位元至第53位元的位元值）（步驟402）。Then, the boot program is based on the selected first code is "!@@", the second code is "End", the third code is "DDD", and the fourth code is "135". The 50th bit selects 4 bits to find the first set of boot bit value groups as "1010" (ie, the bit value of the 50th bit to the 53rd bit of the boot program) (step 402).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”會自儲存空間中開機程式自第50位元起向前位移20位元再選取4位元以找出第二組開機位元值組為“0110”（即開機程式的第30位元至第33位元的位元值）（步驟402）。Then, the boot program is based on the selected first code is "!@@", the second code is "End", the third code is "DDD", and the fourth code is "135". The 50th bit is shifted forward by 20 bits and then 4 bits are selected to find the second set of boot bit value group is "0110" (ie the bit value from the 30th to the 33rd bit of the boot program) (Step 402).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”、第四代碼為“135”、第一二進位雜湊值位元數為“24”以及第二二進位雜湊值位元數為“24”會自儲存空間中作業系統核心自第98位元（即第50位元+48位元）選取4位元以找出第一組核心位元值組為“0101”（即作業系統核心的第98位元至第102位元的位元值），以及找出對應的第一核心位元位置為“第74位元至第97位元”（即第98位元-24位元至98位元-1位元）（步驟402）。Then, the boot code is based on the selected first code as "!@#", the second code is "End", the third code is "DDD", the fourth code is "135", and the first binary hash value is The number of elements is "24" and the number of bits of the second binary hash value is "24". The operating system core from the storage space is selected from the 98th bit (ie, the 50th bit + 48 bits) to find 4 bits. The first set of core bit value groups is "0101" (ie, the bit value of the 98th bit to the 102th bit of the operating system core), and the corresponding first core bit position is found as "74th place" Yuan to the 97th bit" (ie, 98th to 24th to 98th to 1st) (step 402).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”、第四代碼為“135”、第一二進位雜湊值位元數為“24”以及第二二進位雜湊值位元數為“24”會自儲存空間中作業系統核心自第98位元（即第50位元+48位元）起向前位移44位元（即第98位元-44位元）再選取4位元以找出第二組核心位元值組為“0101”（即作業系統核心的第54位元至第57位元的位元值），以及找出對應的第二核心位元位置為“第30位元至第53位元”（即第54位元-24位元至54位元-1位元）（步驟402）。Then, the boot code is based on the selected first code as "!@#", the second code is "End", the third code is "DDD", the fourth code is "135", and the first binary hash value is The number of elements is "24" and the number of bits of the second binary hash value is "24". The operating system core shifts 44 bits from the 98th bit (ie, the 50th bit + 48 bits) from the storage space. The element (ie, the 98th bit - 44 bits) selects 4 bits to find the second set of core bit value groups as "0101" (ie, the 54th to 57th bit of the operating system core) Value), and find the corresponding second core bit position as "30th to 53rd" (ie, 54th to 24th to 54th to 1st) (step 402).

並且第一組開機位元值組為“1010”會與第一組核心位元值組為“0101”相互對應（步驟402），以及第二組開機位元值組為“0110”會與第二組核心位元值組為“0101”相互對應（步驟402）。And the first group of boot bit value groups of "1010" will correspond to the first group of core bit value groups of "0101" (step 402), and the second group of boot bit value groups of "0110" will be the same The two sets of core bit value groups correspond to "0101" (step 402).

接著，開機程式會將第一組開機位元值組為“1010”以及第一組核心位元值組為“0101”進行不可逆運算的雜湊演算法的逆運算，在實施例中不可逆運算的雜湊演算法為“MD5運算”，將第一組開機位元值組為“1010”以及第一組核心位元值組為“0101”進行MD5運算後並轉換為二進位的結果假設為“111100001010010100001111”，即得到的第一二進位雜湊值為“111100001010010100001111”（步驟403）。Then, the boot program will perform the inverse operation of the hash algorithm of the first group of boot bit value groups of "1010" and the first group of core bit value groups of "0101" for irreversible operation, in the embodiment, the irreversible operation of the hash The algorithm is "MD5 operation", the first set of boot bit value groups is "1010" and the first set of core bit value groups is "0101". The result of MD5 operation and conversion to binary is assumed to be "111100001010010100001111" That is, the obtained first binary hash value is "111100001010010100001111" (step 403).

開機程式會將第二組開機位元值組為“0110”以及第二組核心位元值組為“0101”進行不可逆運算的雜湊演算法運算，在實施例中不可逆運算的雜湊演算法為“MD5運算”，將第二組開機位元值組為“0110”以及第二組核心位元值組為“0101”進行MD5運算後並轉換為二進位的結果假設為“101000001010010100000101”，即得到的第二二進位雜湊值為“101000001010010100000101”（步驟403）。The booting program will perform the hash algorithm of the second group of boot bit value groups as "0110" and the second set of core bit value groups of "0101" for irreversible operations. In the embodiment, the hash algorithm of the irreversible operation is " MD5 operation", the result of the second group of boot bit value group is "0110" and the second group of core bit value group is "0101", and the result of MD5 operation and conversion to binary is assumed to be "101000001010010100000101", that is, obtained The second binary hash value is "101000001010010100000101" (step 403).

接著，開機程式即可比對出第一核心位元位置為“第74位元至第97位元”的核心位元值為“111100001010010100001111”與對應的第一二進位雜湊值為“111100001010010100001111”結果一致，即可刪除第一核心位元位置為“第74位元至第97位元”的核心位元值為“111100001010010100001111”。Then, the booting program can compare the core bit value of the first core bit position from "74th bit to the 97th bit" to "111100001010010100001111" and the corresponding first binary hash value is "111100001010010100001111". , the core value of the first core bit position "74th to 97th" can be deleted as "111100001010010100001111".

並且開機程式即可比對出第二核心位元位置為“第30位元至第53位元”的核心位元值為“101000001010010100000101”與對應的第二二進位雜湊值為“101000001010010100000101”結果一致，即可刪除第二核心位元位置為“第30位元至第53位元”的核心位元值為“101000001010010100000101”，藉此可以還原回原始的作業系統核心（步驟404）。And the booting program can compare the core bit value of the "30th bit to the 53rd bit" of the second core bit position to "101000001010010100000101" and the corresponding second binary hash value of "101000001010010100000101". The core bit value of the second core bit position "30th to 53rd" can be deleted as "101000001010010100000101", whereby the original operating system core can be restored (step 404).

透過上述過程，即可提供作業系統核心解密，並且執行解密後的所述作業系統核心。Through the above process, the operating system core decryption can be provided, and the decrypted operating system core can be executed.

假設開機程式遭到竄改，此時開機程式的第50位元至第53位元被修改為“0000”以及第30位元至第33位元為“1111”，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”會自儲存空間中開機程式自第10位元選取4位元以找出第一組開機位元值組為“0000”（即遭到竄改的開機程式的第10位元至第13位元的位元值）。Assume that the boot program has been tampered with. At this time, the 50th to 53rd bits of the boot program are modified to "0000" and the 30th to 33rd bits are "1111". The boot program is based on the selected A code is "!@#", the second code is "End", the third code is "DDD", and the fourth code is "135". The boot program from the storage space selects 4 bits from the 10th bit to find The first set of boot bit value groups is "0000" (ie, the bit value of the 10th to 13th bit of the boot program that was tampered with).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”會自儲存空間中開機程式自第50位元起向前位移20位元再選取4位元以找出第二組開機位元值組為“1111”（即開機程式的第30位元至第33位元的位元值）。Then, the boot program is based on the selected first code is "!@@", the second code is "End", the third code is "DDD", and the fourth code is "135". The 50th bit is shifted forward by 20 bits and then 4 bits are selected to find the second set of boot bit value group is "1111" (ie, the bit value of the 30th to 33rd bits of the boot program) .

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”、第四代碼為“135”、第一二進位雜湊值位元數為“24”以及第二二進位雜湊值位元數為“24”會自儲存空間中作業系統核心自第98位元（即第50位元+48位元）選取4位元以找出第一組核心位元值組為“0101”（即作業系統核心的第98位元至第102位元的位元值），以及找出對應的第一核心位元位置為“第74位元至第97位元”（即第98位元-24位元至98位元-1位元）。Then, the boot code is based on the selected first code as "!@#", the second code is "End", the third code is "DDD", the fourth code is "135", and the first binary hash value is The number of elements is "24" and the number of bits of the second binary hash value is "24". The operating system core from the storage space is selected from the 98th bit (ie, the 50th bit + 48 bits) to find 4 bits. The first set of core bit value groups is "0101" (ie, the bit value of the 98th bit to the 102th bit of the operating system core), and the corresponding first core bit position is found as "74th place" Yuan to the 97th dollar" (ie 98th to 24th to 98th to 1st).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”、第四代碼為“135”、第一二進位雜湊值位元數為“24”以及第二二進位雜湊值位元數為“24”會自儲存空間中作業系統核心自第98位元（即第50位元+48位元）起向前位移44位元（即第98位元-44位元）再選取4位元以找出第二組核心位元值組為“0101”（即作業系統核心的第54位元至第57位元的位元值），以及找出對應的第二核心位元位置為“第30位元至第53位元”（即第54位元-24位元至54位元-1位元）。Then, the boot code is based on the selected first code as "!@#", the second code is "End", the third code is "DDD", the fourth code is "135", and the first binary hash value is The number of elements is "24" and the number of bits of the second binary hash value is "24". The operating system core shifts 44 bits from the 98th bit (ie, the 50th bit + 48 bits) from the storage space. The element (ie, the 98th bit - 44 bits) selects 4 bits to find the second set of core bit value groups as "0101" (ie, the 54th to 57th bit of the operating system core) Value), and find the corresponding second core bit position as "30th to 53rd" (ie, 54th to 24th to 54th to 1st).

並且第一組開機位元值組為“0000”會與第一組核心位元值組為“0101”相互對應，以及第二組開機位元值組為“1111”會與第二組核心位元值組為“0101”相互對應。And the first group of boot bit value groups of "0000" will correspond to the first group of core bit value groups of "0101", and the second group of boot bit value groups of "1111" and the second set of core bits The element value group corresponds to "0101".

接著，開機程式會將第一組開機位元值組為“0000”以及第一組核心位元值組為“0101”進行不可逆運算的雜湊演算法的逆運算，在實施例中不可逆運算的雜湊演算法為“MD5運算”，將第一組開機位元值組為“0000”以及第一組核心位元值組為“0101”進行MD5運算後並轉換為二進位的結果假設為“000000001010010100000000”，即得到的第一二進位雜湊值為“000000001010010100000000”。Then, the boot program will perform the inverse operation of the hash algorithm of the first group of boot bit value groups of "0000" and the first group of core bit value groups of "0101" for irreversible operation, in the embodiment, the irreversible operation of the hash The algorithm is "MD5 operation", and the first group of boot bit value groups is "0000" and the first group of core bit value groups is "0101". The result of MD5 operation and conversion to binary is assumed to be "000000001010010100000000". That is, the obtained first binary hash value is "000000001010010100000000".

開機程式會將第二組開機位元值組為“1111”以及第二組核心位元值組為“0101”進行不可逆運算的雜湊演算法運算，在實施例中不可逆運算的雜湊演算法為“MD5運算”，將第二組開機位元值組為“1111”以及第二組核心位元值組為“0101”進行MD5運算後並轉換為二進位的結果假設為“101011111010010111110101”，即得到的第二二進位雜湊值為“101011111010010111110101”。The booting program will perform the hash algorithm of the second group of boot bit value groups as "1111" and the second group of core bit value groups of "0101" for irreversible operations. In the embodiment, the hash algorithm of irreversible operation is " MD5 operation", the second group of boot bit value groups are "1111" and the second group of core bit value groups is "0101", and the result of MD5 operation and conversion to binary is assumed to be "101011111010010111110101", that is, obtained The second binary hash value is "101011111010010111110101".

接著，開機程式即可比對出第一核心位元位置為“第74位元至第97位元”的核心位元值為“111100001010010100001111”與對應的第一二進位雜湊值為“000000001010010100000000”結果不一致，將不會刪除第一核心位元位置為“第74位元至第97位元”的核心位元值為“111100001010010100001111”。Then, the boot program can compare the core bit value of the first core bit position from "74th bit to the 97th bit" to "111100001010010100001111" and the corresponding first binary hash value is "000000001010010100000000". The core bit value of the first core bit position "74th bit to the 97th bit" will not be deleted as "111100001010010100001111".

並且開機程式即可比對出第二核心位元位置為“第30位元至第53位元”的核心位元值為“101000001010010100000101”與對應的第二二進位雜湊值為“101011111010010111110101”結果不一致，將不會刪除第二核心位元位置為“第30位元至第53位元”的核心位元值為“101000001010010100000101”，即無法還原回原始的作業系統核心，此時的作業系統核心依然無法被執行。And the booting program can compare the core bit value of the "30th bit to the 53rd bit" of the second core bit position to "101000001010010100000101" and the corresponding second binary hash value of "101011111010010111110101". The core bit value of the second core bit position "30th bit to 53rd bit" will not be deleted as "101000001010010100000101", that is, the original operating system core cannot be restored, and the operating system core cannot be restored at this time. Executed.

假設作業系統核心遭到竄改，此時作業系統核心的第98位元至第102位元被修改為“0000”以及第54位元至第57位元為“1111”，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”會自儲存空間中開機程式自第50位元選取4位元以找出第一組開機位元值組為“1010”（即遭到竄改的開機程式的第50位元至第53位元的位元值）。Assume that the core of the operating system has been tampered with. At this time, the 98th to 102nd bits of the operating system core are modified to "0000" and the 54th to 57th bits are "1111". The booting program is selected according to the selection. The first code is "!@#", the second code is "End", the third code is "DDD", and the fourth code is "135". The boot program from the storage space selects 4-bit from the 50th bit. To find out the first set of boot bit value group is "1010" (that is, the bit value of the 50th to 53rd bit of the boot program that was tampered with).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”以及第四代碼為“135”會自儲存空間中開機程式自第50位元起向前位移20位元再選取4位元以找出第二組開機位元值組為“0110”（即開機程式的第30位元至第33位元的位元值）。Then, the boot program is based on the selected first code is "!@@", the second code is "End", the third code is "DDD", and the fourth code is "135". The 50th bit is shifted forward by 20 bits and then 4 bits are selected to find the second set of boot bit value group is "0110" (ie the bit value from the 30th to the 33rd bit of the boot program) .

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”、第四代碼為“135”、第一二進位雜湊值位元數為“24”以及第二二進位雜湊值位元數為“24”會自儲存空間中作業系統核心自第98位元（即第50位元+48位元）選取4位元以找出第一組核心位元值組為“0000”（即作業系統核心的第98位元至第102位元的位元值），以及找出對應的第一核心位元位置為“第74位元至第97位元”（即第98位元-24位元至98位元-1位元）。Then, the boot code is based on the selected first code as "!@#", the second code is "End", the third code is "DDD", the fourth code is "135", and the first binary hash value is The number of elements is "24" and the number of bits of the second binary hash value is "24". The operating system core from the storage space is selected from the 98th bit (ie, the 50th bit + 48 bits) to find 4 bits. The first set of core bit value groups is "0000" (ie, the bit value of the 98th bit to the 102th bit of the operating system core), and the corresponding first core bit position is found as "74th place" Yuan to the 97th dollar" (ie 98th to 24th to 98th to 1st).

接著，開機程式依據被選取出的第一代碼為“!@#”、第二代碼為“End”、第三代碼為“DDD”、第四代碼為“135”、第一二進位雜湊值位元數為“24”以及第二二進位雜湊值位元數為“24”會自儲存空間中作業系統核心自第98位元（即第50位元+48位元）起向前位移44位元（即第98位元-44位元）再選取4位元以找出第二組核心位元值組為“1111”（即作業系統核心的第54位元至第57位元的位元值），以及找出對應的第二核心位元位置為“第30位元至第53位元”（即第54位元-24位元至54位元-1位元）。Then, the boot code is based on the selected first code as "!@#", the second code is "End", the third code is "DDD", the fourth code is "135", and the first binary hash value is The number of elements is "24" and the number of bits of the second binary hash value is "24". The operating system core shifts 44 bits from the 98th bit (ie, the 50th bit + 48 bits) from the storage space. The element (ie, the 98th bit - 44 bits) selects 4 bits to find the second set of core bit value groups as "1111" (that is, the 54th to 57th bit of the operating system core) Value), and find the corresponding second core bit position as "30th to 53rd" (ie, 54th to 24th to 54th to 1st).

並且第一組開機位元值組為“1010”會與第一組核心位元值組為“0000”相互對應，以及第二組開機位元值組為“0110”會與第二組核心位元值組為“1111”相互對應。And the first group of boot bit value group "1010" will correspond to the first group core bit value group "0000", and the second group boot bit value group is "0110" and the second group core bit The meta value group corresponds to "1111".

接著，開機程式會將第一組開機位元值組為“1010”以及第一組核心位元值組為“0000”進行不可逆運算的雜湊演算法的逆運算，在實施例中不可逆運算的雜湊演算法為“MD5運算”，將第一組開機位元值組為“1010”以及第一組核心位元值組為“0000”進行MD5運算後並轉換為二進位的結果假設為“000000001010010100000000”，即得到的第一二進位雜湊值為“000000001010010100000000”。Then, the boot program will perform the inverse operation of the hash algorithm of the first group of boot bit value groups of "1010" and the first group of core bit value groups of "0000" for irreversible operation, in the embodiment, the irreversible operation of the hash The algorithm is "MD5 operation", and the result of the first group of boot bit values is "1010" and the first set of core bit values is "0000" for MD5 operation and converted to binary. The result is assumed to be "000000001010010100000000". That is, the obtained first binary hash value is "000000001010010100000000".

開機程式會將第二組開機位元值組為“0110”以及第二組核心位元值組為“1111”進行不可逆運算的雜湊演算法運算，在實施例中不可逆運算的雜湊演算法為“MD5運算”，將第二組開機位元值組為“0110”以及第二組核心位元值組為“1111”進行MD5運算後並轉換為二進位的結果假設為“101011111010010111110101”，即得到的第二二進位雜湊值為“101011111010010111110101”。The booting program will perform the hash algorithm of the second group of boot bit values as "0110" and the second set of core bit values of "1111" for irreversible operations. In the embodiment, the hash algorithm of irreversible operation is " MD5 operation", the second group of boot bit value groups are "0110" and the second group of core bit value groups is "1111". The result of MD5 operation and conversion to binary is assumed to be "101011111010010111110101", that is, obtained The second binary hash value is "101011111010010111110101".

開機程式即可比對出第一核心位元位置為“第74位元至第97位元”的核心位元值為“111100001010010100001111”與對應的第一二進位雜湊值為“000000001010010100000000”結果不一致，將不會刪除第一核心位元位置為“第74位元至第97位元”的核心位元值為“111100001010010100001111”。The boot program can compare the core bit value of the first core bit position from "74th bit to the 97th bit" to "111100001010010100001111" and the corresponding first binary hash value is "000000001010010100000000". The core bit value whose first core bit position is "74th to 97th" is not deleted is "111100001010010100001111".

並且開機程式即可比對出第二核心位元位置為“第30位元至第53位元”的核心位元值為“101000001010010100000101”與對應的第二二進位雜湊值為“101011111010010111110101”結果不一致，將不會刪除第二核心位元位置為“第30位元至第53位元”的核心位元值為“101000001010010100000101”，即無法還原回原始的作業系統核心，此時的作業系統核心依然無法被執行。And the booting program can compare the core bit value of the "30th bit to the 53rd bit" of the second core bit position to "101000001010010100000101" and the corresponding second binary hash value of "101011111010010111110101". The core bit value of the second core bit position "30th bit to 53rd bit" will not be deleted as "101000001010010100000101", that is, the original operating system core cannot be restored, and the operating system core cannot be restored at this time. Executed.

藉此可以提供儲存有開機程式以及作業系統核心的裝置安全開機，並且透過同時使用開機程式以及作業系統核心進行運算，避免大量的運算驗證而導致系統開機時間拉長，以及一次運算即可相互認證開機程式以及作業系統核心，同時開機程式以及作業系統核心之間不會有資訊交換的過程，可以避免雜湊值得傳遞而遭到竊取，且不同的裝置可具有不同加密後的作業系統核心，以提供不同裝置具有相同作業系統核心時，不同加密後的作業系統核心無法進一步獲得加密後的作業系統核心的解密資訊或方式。In this way, the device that stores the boot program and the core of the operating system can be safely booted, and the operation can be performed by simultaneously using the boot program and the core of the operating system, thereby avoiding a large number of operation verifications, resulting in an extended boot time of the system, and mutual authentication by one operation. The boot program and the core of the operating system, at the same time there is no information exchange process between the boot program and the core of the operating system, which can avoid the miscellaneous worthy of being transmitted and stolen, and different devices can have different encrypted operating system cores to provide When different devices have the same operating system core, different encrypted operating system cores cannot further obtain the decrypted information or method of the encrypted operating system core.

除此之外，當觸發重新作業系統核心加密條件或是正常進行開機程式以及作業系統核心其中之一的更新時，先進行作業系統核心解密方法的步驟後，再進行作業系統核心加密方法的步驟，作業系統核心解密方法的步驟以及作業系統核心加密方法的步驟請參考上述說明，在此不再進行贅述，且上述重新作業系統核心加密條件包含多次開機失敗條件、時間條件以及命令條件，在此僅為舉例說明之，並不以此侷限本發明的應用範疇，當觸發多次開機失敗條件時，即可判斷出遭受到蠻力攻擊（brute-force attack），以避免裝置遭受蠻力攻擊而被破解，時間條件可以是定時提供更改加密的作業系統核心，命令條件可以是使用者直接進行更改加密的作業系統核心，藉此提供使用者無感且快速便利進行作業系統核心加密以及解密，且提供方便進行重新作業系統核心加密。In addition, when triggering the re-operation system core encryption condition or the normal startup program and the updating of one of the operating system cores, the steps of the operating system core decryption method are performed first, and then the steps of the operating system core encryption method are performed. For the steps of the core decryption method of the operating system and the steps of the core encryption method of the operating system, please refer to the above description, and no further description is made herein, and the core encryption condition of the re-operation system includes multiple startup failure conditions, time conditions, and command conditions. This is only an example, and is not limited to the application scope of the present invention. When multiple boot failure conditions are triggered, it can be judged that a brute-force attack is encountered to avoid the device being subjected to brute force attack. While being cracked, the time condition may be the core of the operating system that periodically provides the change encryption, and the command condition may be the core of the operating system in which the user directly changes the encryption, thereby providing the user with no sense and quick and convenient operation of the operating system core encryption and decryption. And provide convenient re-operation system core plus .

綜上所述，可知本發明與先前技術之間的差異在於本發明透過定義表將開機程式以及作業系統核心進行雜湊演算法的運算，並將運算結果與作業系統核心進行結合，以提供作業系統核心的加密，並當開機程式、作業系統核心或是開機程式與作業系統核心遭到竄改或是替換，則無法進行作業系統核心的解密以進行開機。In summary, it can be seen that the difference between the present invention and the prior art is that the present invention performs a hash algorithm operation on the boot program and the core of the operating system through a definition table, and combines the operation result with the core of the operating system to provide an operating system. The core encryption, and when the boot program, the operating system core or the boot program and the operating system core have been tampered with or replaced, the operating system core cannot be decrypted to boot.

藉由此一技術手段可以來解決先前技術所存在現有開機程式以及作業系統核心需要個別驗證，將驗證運算結果預先寫入一次性可編程區域以進行比對，需多次比對驗證且需大量額外儲存空間，過程複雜，耗費時間且不安全的問題，進而達成開機程式與作業系統核心雙向認證以進行安全開機的技術功效。The prior art can be used to solve the prior art startup program and the core of the operating system requires individual verification, and the verification operation result is pre-written into the one-time programmable area for comparison, which requires multiple comparison verification and requires a large amount of The extra storage space, the complicated process, the time-consuming and unsafe problem, and the technical effect of the two-way authentication of the boot program and the operating system core for safe booting.

雖然本發明所揭露的實施方式如上，惟所述的內容並非用以直接限定本發明的專利保護範圍。任何本發明所屬技術領域中具有通常知識者，在不脫離本發明所揭露的精神和範圍的前提下，可以在實施的形式上及細節上作些許的更動。本發明的專利保護範圍，仍須以所附的申請專利範圍所界定者為準。While the embodiments of the present invention have been described above, the above description is not intended to limit the scope of the invention. Any changes in the form and details of the embodiments may be made without departing from the spirit and scope of the invention. The scope of the invention is to be determined by the scope of the appended claims.

10‧‧‧定義表
11‧‧‧代碼
步驟 101‧‧‧於開機程式內預先建立定義表，定義表儲存有複數個代碼
步驟 102‧‧‧當開機程式第一次被執行時，開機程式自定義表中隨機取出多個代碼，以及開機程式記錄被取出的多個代碼
步驟 103‧‧‧開機程式依據被取出的多個代碼分別自儲存空間中開機程式找出對應的至少一組開機位元值組，以及自儲存空間中作業系統核心找出對應的至少一組核心位元值組以及對應的核心位元位置，且每一組開機位元值組與每一組核心位元值組依序對應
步驟 104‧‧‧開機程式分別將對應的開機位元值組與核心位元值組進行可逆運算的雜湊演算法以分別得到對應的雜湊值
步驟 105‧‧‧開機程式依據每一個核心位元位置將對應的雜湊值取代核心位元值並重新儲存作業系統核心，以提供作業系統核心加密，且加密後的作業系統核心無法被執行
步驟 201‧‧‧當開機程式第一次被執行且完成作業系統核心加密或是開機程式非第一次被執行時，開機程式取出被紀錄的多個代碼
步驟 202‧‧‧開機程式依據被取出的多個代碼分別自儲存空間中開機程式找出對應的至少一組開機位元值組，以及自儲存空間中作業系統核心找出對應的至少一組核心位元值組以及對應的核心位元位置，且每一組開機位元值組與每一組核心位元值組依序對應
步驟 203‧‧‧開機程式分別將對應的開機位元值組與核心位元值組進行可逆運算的雜湊演算法的逆運算以分別得到對應的逆運算雜湊值
步驟 204‧‧‧開機程式依據每一個核心位元位置將對應的逆運算雜湊值取代核心位元值，以提供作業系統核心解密，且執行解密後的作業系統核心
步驟 301‧‧‧於開機程式內預先建立定義表，定義表儲存有複數個代碼
步驟 302‧‧‧當開機程式第一次被執行時，開機程式自定義表中隨機取出多個代碼，以及開機程式記錄被取出的多個代碼
步驟 303‧‧‧開機程式依據被取出的多個代碼分別自儲存空間中開機程式找出對應的至少一組開機位元值組，以及自儲存空間中作業系統核心找出對應的至少一組核心位元值組以及對應的核心位元位置，且每一組開機位元值組與每一組核心位元值組依序對應
步驟 304‧‧‧開機程式分別將對應的開機位元值組與核心位元值組進行不可逆運算的雜湊演算法以分別得到對應的二進位雜湊值，以及開機程式記錄經過運算的二進位雜湊值位元數
步驟 305‧‧‧開機程式依據每一個核心位元位置將對應的二進位雜湊值插入於作業系統核心並重新儲存作業系統核心，以提供作業系統核心加密，且加密後的作業系統核心無法被執行
步驟 401‧‧‧當開機程式第一次被執行且完成作業系統核心加密或是開機程式非第一次被執行時，開機程式取出被紀錄的多個代碼以及被紀錄的二進位雜湊值位元數
步驟 402‧‧‧開機程式依據被取出的多個代碼以及被紀錄的二進位雜湊值位元數分別自儲存空間中開機程式找出對應的至少一組開機位元值組，以及自儲存空間中作業系統核心找出對應的至少一組核心位元值組以及對應的核心位元位置，且每一組開機位元值組與每一組核心位元值組依序對應
步驟 403‧‧‧開機程式分別將對應的開機位元值組與核心位元值組進行不可逆運算的雜湊演算法以分別得到對應的二進位雜湊值
步驟 404‧‧‧開機程式依據每一個核心位元位置對應的核心位元值組與對應的二進位雜湊值比對一致時，將核心位元值組刪除，以提供作業系統核心解密，且執行解密後的作業系統核心10‧‧‧Definition Table
11‧‧‧ Code Steps 101‧‧‧ Pre-established definition table in the boot program, the definition table stores a plurality of code steps. 102‧‧‧ When the boot program is executed for the first time, the boot program customization table randomly fetches more The code, and the boot code record is taken out of the plurality of code steps. 103‧‧‧ The boot program finds the corresponding at least one set of boot bit value groups and self-storage according to the plurality of codes that are taken out from the storage space The core of the operating system in the space finds corresponding at least one set of core bit value groups and corresponding core bit positions, and each set of boot bit value groups and each set of core bit value groups sequentially correspond to step 104‧ ‧The boot program separately performs the repetitive operation of the corresponding boot bit value group and the core bit value group to obtain the corresponding hash value. Step 105‧‧‧ The boot program will correspond to the corresponding hash according to each core bit position The value replaces the core bit value and re-stores the operating system core to provide the operating system core encryption, and the encrypted operating system core cannot be executed step 201 ‧ When the boot program is executed for the first time and the operating system core encryption is completed or the boot program is not executed for the first time, the boot program takes out the recorded multiple codes. Step 202‧‧‧ Startup program depends on the multiple The code respectively finds at least one set of boot bit value groups from the boot program in the storage space, and finds at least one set of core bit value groups and corresponding core bit positions corresponding to the operating system core in the storage space, and Each set of boot bit value groups and each set of core bit value groups are sequentially corresponding. Step 203‧‧‧ The boot program respectively performs reversible operation of the corresponding boot bit value group and the core bit value group. Inverse operation to obtain the corresponding inverse operation hash value step 204‧‧‧ The boot program replaces the core bit value with the corresponding inverse operation hash value according to each core bit position to provide the operating system core decryption and perform the decrypted The core steps of the operating system 301‧‧‧ pre-established a definition table in the boot program, the definition table stores a plurality of code steps 302‧‧‧ when the boot program is first When it is executed, the startup program customizes the table to randomly take out multiple codes, and the boot program records the multiple codes that are taken out. Steps 303‧‧‧ The boot program finds the boot code from the storage space according to the multiple codes that are extracted. Corresponding at least one set of boot bit value groups, and finding a corresponding at least one set of core bit value groups and corresponding core bit positions from the operating system core in the storage space, and each set of boot bit value groups and each A set of core bit value groups sequentially corresponds to step 304‧‧‧ boot program respectively, the corresponding boot bit value group and the core bit value group are irreversible hash algorithm respectively to obtain the corresponding binary hash value, and The boot program records the number of computed binary hash value bits. Step 305‧‧‧ The boot program inserts the corresponding binary hash value into the core of the operating system according to each core bit position and re-stores the operating system core to provide the operating system. Core encryption, and the encrypted operating system core cannot be executed step 401‧‧‧ When the boot program is executed for the first time and completed When the system core encryption or the boot program is not executed for the first time, the boot program takes out the recorded multiple codes and the recorded binary hash value bits. Step 402‧‧‧ The boot program depends on the multiple codes that are extracted and The recorded binary hash value bits are respectively found from the boot space in the storage space to find at least one set of boot bit value groups, and the working system core in the storage space is found to correspond to at least one set of core bit value groups. And corresponding core bit positions, and each set of boot bit value groups and each set of core bit value groups sequentially correspond to step 403‧‧‧ boot program respectively corresponding boot bit value group and core bit value The group performs the hash algorithm of the irreversible operation to obtain the corresponding binary hash value step 404‧‧‧ When the boot program is consistent with the corresponding binary hash value group according to the core bit value group corresponding to each core bit position, Delete the core bit value group to provide the operating system core decryption and execute the decrypted operating system core

第1圖繪示為本發明作業系統核心加密方法第一實施態樣的方法流程圖。 第2圖繪示為本發明作業系統核心解密方法第一實施態樣的方法流程圖。 第3圖繪示為本發明作業系統核心加密方法的定義表示意圖。 第4圖繪示為本發明作業系統核心加密方法第二實施態樣的方法流程圖。 第5圖繪示為本發明作業系統核心解密方法第二實施態樣的方法流程圖。FIG. 1 is a flow chart showing a method for implementing the first embodiment of the core encryption method of the operating system of the present invention. FIG. 2 is a flow chart showing a method for the first embodiment of the core decryption method of the operating system of the present invention. FIG. 3 is a schematic diagram showing a definition table of a core encryption method of the operating system of the present invention. FIG. 4 is a flow chart showing a method for the second embodiment of the core encryption method of the operating system of the present invention. FIG. 5 is a flow chart showing a method for the second embodiment of the core decryption method of the operating system of the present invention.

步驟101‧‧‧於開機程式內預先建立定義表，定義表儲存有複數個代碼Step 101‧‧‧ Pre-establish a definition table in the boot program, the definition table stores a plurality of codes

步驟102‧‧‧當開機程式第一次被執行時，開機程式自定義表中隨機取出多個代碼，以及開機程式記錄被取出的多個代碼Step 102‧‧‧ When the boot program is executed for the first time, the boot program customization table randomly fetches multiple codes, and the boot program records the removed multiple codes.

步驟103‧‧‧開機程式依據被取出的多個代碼分別自儲存空間中開機程式找出對應的至少一組開機位元值組，以及自儲存空間中作業系統核心找出對應的至少一組核心位元值組以及對應的核心位元位置，且每一組開機位元值組與每一組核心位元值組依序對應Step 103‧‧‧ The boot program finds at least one set of boot bit value groups from the boot code in the storage space according to the plurality of codes that are extracted, and finds at least one set of cores corresponding to the operating system core in the storage space a bit value group and a corresponding core bit position, and each set of boot bit value groups sequentially corresponds to each set of core bit value groups

步驟104‧‧‧開機程式分別將對應的開機位元值組與核心位元值組進行可逆運算的雜湊演算法以分別得到對應的雜湊值Step 104‧‧‧ The boot program respectively performs a hash algorithm of the reversible operation of the corresponding boot bit value group and the core bit value group to obtain corresponding hash values respectively

步驟105‧‧‧開機程式依據每一個核心位元位置將對應的雜湊值取代核心位元值並重新儲存作業系統核心，以提供作業系統核心加密，且加密後的作業系統核心無法被執行Step 105‧‧‧ The boot program replaces the core bit value with the corresponding hash value according to each core bit position and re-stores the operating system core to provide the operating system core encryption, and the encrypted operating system core cannot be executed.