NOVOTS KMS 词汇表 Glossary    联系我们 Contact Us
查询 Search  
   
按类别浏览 Browse by Category
NOVOTS KMS .: 病毒安全 .: PBA(Pre-boot authentication)启动前验证

PBA(Pre-boot authentication)启动前验证

英文版摘自wiki维基百科,中文译文by liyq。

Pre-boot authentication

Pre-Boot Authentication (PBA) or Power-On Authentication (POA)[1] serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents anything being read from the hard disk such as the operating system until the

user has confirmed he/she has the correct password or other credentials.[2]

Benefits of Pre-Boot Authentication

Full disk encryption outside of the operating system level [2]

Encryption of temporary files

Data-at-rest protection

How Pre-Boot Authentication Works

Generic Boot Sequence

1. Basic Input/Output System (BIOS)

2. Master boot record (MBR) partition table

3. Pre-boot authentication (PBA)

4. Operating system (OS) boots

A PBA environment serves as an extension of the BIOS or boot firmware and guarantees a secure, tamper-proof environment external to the operating system as a trusted authentication layer. The PBA prevents Windows or any other operating system from loading until the user has confirmed he/she has the correct password to unlock the door.

That trusted layer eliminates the possibility that one of the millions of lines of OS code can compromise the privacy of personal or company data.

Pre-Boot Authentication Technologies

Combinations with Full Disk Encryption

Pre-Boot Authentication is generally provided by a variety of full disk encryption vendors, but can be installed separately. Some FDE solutions can function without Pre-Boot Authentication, such as hardware-based full disk encryption. However, without some form of authentication, encryption provides little protection.

Authentication Methods

The standard complement of authentication methods exist for Pre-Boot Authentication including:

1. Something you know (i.e. username / password)

2. Something you have (i.e. smart card or other token)

3. Something you are (i.e. biometric data)

================================================================

启动前验证

启动前验证 (PBA) or 开机验证 (POA)作为BIOS或者启动固件的扩展,可以在操作系统之外确保数据安全,防止篡改。只有用户提供正确的密码或者其他身份验证,PBA才会允许对硬盘的读取操作(例如操作系统的载入)。

PBA的好处

• 在操作系统级别之外进行全盘加密。

• 加密保护临时文件

• 保护静态数据(data at rest

PBA工作的原理

一般启动顺序

1. 基本输入输出系统 (BIOS)

2. 主引导记录(MBR)分区表

3. 启动前验证 (PBA)

4. 操作系统(OS)启动

PBA技术

与全盘加密技术(FDE)相结合

很多全盘加密技术提供商都会提供PBA技术,PBA也可以独立安装。一些 FDE解决方案可能并不包含PBA技术,例如硬件级别的全盘加密。然而如果没有某种形式的验证,加密提供的保护不够全面。

验证方法

PBA实施的标准验证方法有以下几种:

1. 信息验证 (例如 用户名/密码)

2. 实物验证 (例如 智能卡或其他实物)

3. 身份验证 (例如 生物信息-指纹 虹膜等)

==================================================================

SafeGuard Easy软件用的就是PBA技术。

商务笔记本的开机指纹验证也是PBA技术。


这篇文章对你多有用?

相关文章

article UEFI boot和Legacy boot区别
       ...

(No rating)  6-26-2014    Views: 1459   
article boot.ini故障引起WINDOWS不能启动的解决方法
文件BOOT.INI非法从WINDOW启动解决方法原因:C盘文...

  9-25-2009    Views: 1646   
article SSH提示“Password authentication failed
今天使用SecureCRT ssh登陆...

(No rating)  10-16-2018    Views: 258   

用户评语

添加评语
当前还没有评语.


.: .: .: .: .:
[ 登陆 ]
北京护航科技有限公司 2006

Novots Technologies Limited