CN100449451C - Computer encryption device and its encryption method - Google Patents

Computer encryption device and its encryption method Download PDF

Info

Publication number
CN100449451C
CN100449451C CNB2005100368264A CN200510036826A CN100449451C CN 100449451 C CN100449451 C CN 100449451C CN B2005100368264 A CNB2005100368264 A CN B2005100368264A CN 200510036826 A CN200510036826 A CN 200510036826A CN 100449451 C CN100449451 C CN 100449451C
Authority
CN
China
Prior art keywords
system management
management interrupt
computer
encryption
handling procedure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CNB2005100368264A
Other languages
Chinese (zh)
Other versions
CN1752884A (en
Inventor
刘志永
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yanxiang Smart Technology Co ltd
Original Assignee
SHENZHEN EVOC INTELLIGENT TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN EVOC INTELLIGENT TECHNOLOGY Co Ltd filed Critical SHENZHEN EVOC INTELLIGENT TECHNOLOGY Co Ltd
Priority to CNB2005100368264A priority Critical patent/CN100449451C/en
Publication of CN1752884A publication Critical patent/CN1752884A/en
Application granted granted Critical
Publication of CN100449451C publication Critical patent/CN100449451C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The present invention relates to a computer encryption device and an encryption method, wherein the encryption device comprises a central processor, a generation circuit of system management interrupt signals and a BIOS memory, wherein the BIOS memory and the generation circuit of system management interrupt signals are both connected with the central processor through a bus. The BIOS memory comprises a system management interrupt service routine and an encryption interface processing routine. The encryption method has the steps that when a computer is started and powered on, a basic input-output routine sets the system management interrupt service routine and the encryption interface processing routine, and then, a user invokes the encryption interface processing routine to transfer self-defined encryption algorithm or data which need enciphering of the user. The encryption interface processing routine controls the generation circuit of system management interrupt signals to trigger system management to be interrupted, and then the central processor enters a system management mode to execute the system management interrupt service routine and store or run the predefined encryption algorithm of the user.

Description

Computer encryption device and encryption method thereof
Technical field
The present invention relates to a kind of computer encryption device and encryption method thereof, relate in particular to and realize the device and the encryption method thereof of encrypting under a kind of central processing unit (CPU) System Management Mode that is used for computing machine.
Background technology
Along with science and technology development, computing machine has been widely used in people's routine work, study, various fields in life, becomes one of indispensable instrument of modern humans society.
The central processing unit of computing machine (CPU) System Management Mode be a kind of can only be by system management interrupt (SMI) signal triggering, use the special operational mode of particular memory section (being the system management ram section).The data of system management ram section and program only are in the system management formula at CPU and could visit, the SMI interrupt service routine is in the system management ram section, and it can only be on computers set and in case set and can't revise by Basic Input or Output System (BIOS) (BIOS) during electricity.
Yet, at present the encryption device of computing machine or method (as China's a kind of generation computer system password that utilizes external encryption algorithm safety that No. 97108794 patented claim disclosed) mostly are to realize under other nonsystematic management mode of CPU, cause its cryptographic algorithm easily tracked and be reversed analysis.
Summary of the invention
Easily tracked and be reversed the deficiency of analysis in order to overcome cryptographic algorithm in the above-mentioned active computer encryption device; and provide a kind of computer encryption device and encryption method thereof; its cryptographic algorithm can not be by other softward interview, duplicate, tracking and analyzed, thereby reaches the purpose of protection cryptographic algorithm.
The technical solution adopted in the present invention is: a kind of computer encryption device is provided, it comprises central processing unit, system management interrupt signal produces circuit and basic input/output system memory, wherein basic input/output system memory all is connected with central processing unit by bus with system management interrupt signal generation circuit, described system management interrupt signal produces circuit and is connected with the system management interrupt pin of central processing unit, described basic input/output system memory internal memory contains the system management interrupt service routine, also store the encipher interface handling procedure in the described basic input/output system memory, described encipher interface handling procedure is used to control described system management interrupt signal and produces circuit and produce system management interrupt signal and enter System Management Mode to trigger central processing unit, preserves cryptographic algorithm and data are encrypted under described System Management Mode.
Described system management interrupt service routine, encipher interface handling procedure are to be added in the Basic Input or Output System (BIOS) program.
The user defines one or more cryptographic algorithm by described encipher interface handling procedure, and is stored in the memory device.
The user defines one or more decipherment algorithms, identifying algorithm by described encipher interface handling procedure, and is stored in the memory device.
Described cryptographic algorithm, decipherment algorithm, the identifying algorithm compressed and/or encryption before preserving that is stored in the memory device.
Described memory device is a basic input/output system memory.
Described memory device is computer system memory or computer system management application heap.
Described memory device is the computing machine External memory equipment.
A kind of encryption method of aforesaid computer encryption device is characterized in that may further comprise the steps:
When A) computer booting powers on, central processing unit extracts instruction and begins to carry out the Basic Input or Output System (BIOS) program from basic input/output system memory, the Basic Input or Output System (BIOS) program is carried out initialization to computer hardware, for central processing unit is provided with the system management interrupt service routine, and provide the encipher interface handling procedure;
B) user program or software transfer encipher interface handling procedure, the cryptographic algorithm of user oneself definition is imported into, encipher interface handling procedure control system management interrupt signal generating circuit triggering system management interrupt, central manager enters System Management Mode, executive system management interrupt service routine, preserve user-defined cryptographic algorithm, the central processing unit management mode that logs off;
C) user program or software call the encipher interface handling procedure when encrypting, to need ciphered data to import into, encipher interface handling procedure control system management interrupt signal generating circuit triggering system management interrupt, central processing unit enters System Management Mode, executive system management interrupt service routine, the predefined cryptographic algorithm of run user is encrypted the data that user program or software transmit, the central processing unit management mode that logs off.
Beneficial effect of the present invention is: the scheme that computer encryption device of the present invention and method thereof are combined closely by hardware circuit and bios program; thereby the realization cryptographic algorithm is only preserved and is moved under System Management Mode; the protection cryptographic algorithm is not tracked, be copied and analyzed; and cryptographic algorithm can reset at any time, realizes the different different cryptographic algorithm that constantly adopt.
Description of drawings
Fig. 1 is the principle block diagram of computer encryption device of the present invention and encryption method thereof.
Embodiment
See also Fig. 1, computer encryption device of the present invention comprises central processing unit (CPU) 1, system management interrupt (SMI) signal generating circuit 2 and Basic Input or Output System (BIOS) (BIOS) storer 3.Wherein, BIOS storer 3 and smi signal produce circuit 2 and all are connected with CPU1 by bus, and smi signal generation circuit 2 output signals are connected to the SMI pin of CPU1, can trigger CPU1 and enter System Management Mode.
Be appreciated that in computing machine, bios program be stored in the special-purpose BIOS storer, software that computing machine powers on and is performed the earliest, each computing machine all has the bios program corresponding with it.Computer encryption device of the present invention utilizes this characteristic, by the customization bios program, add SMI interrupt service routine and encipher interface handling procedure therein, the encipher interface handling procedure produces circuit 2 by the control smi signal and exports smi signal to CPU1, CPU1 enters System Management Mode again, operation SMI interrupt service routine.
The principle of work of the encryption method of computer encryption device of the present invention is: when computer booting powers on, CPU1 at first extracts instruction and begins to carry out bios program from BIOS storer 3, bios program carries out initialization to computer hardware, for CPU1 is provided with the SMI interrupt service routine, and provide the encipher interface handling procedure; User program or software at first call the encipher interface handling procedure, the cryptographic algorithm of user oneself definition is passed to the encipher interface handling procedure, encipher interface handling procedure control smi signal produces circuit 2 and triggers the SMI interruption, CPU1 enters System Management Mode, preserves user-defined cryptographic algorithm under System Management Mode; User program or software call the encipher interface handling procedure when encrypting, to need ciphered data to pass to the encipher interface handling procedure, encipher interface handling procedure control smi signal produces circuit 2 and triggers the SMI interruption, CPU1 enters System Management Mode, the predefined cryptographic algorithm of run user under System Management Mode is encrypted the data that user program or software transmit.
It specifically may further comprise the steps:
When A) start of calculation machine powers on, central processing unit extracts instruction and begins to carry out the Basic Input or Output System (BIOS) program from basic input/output system memory, the Basic Input or Output System (BIOS) program is carried out initialization to computer hardware, for central processing unit is provided with the system management interrupt service routine, and provide the encipher interface handling procedure;
B) program or software transfer encipher interface handling procedure, the cryptographic algorithm of user oneself definition is imported into, encipher interface handling procedure control system management interrupt signal generating circuit triggering system management interrupt, central manager enters System Management Mode, executive system management interrupt service routine, preserve user-defined cryptographic algorithm, the central processing unit management mode that logs off;
C) user program or software call the encipher interface handling procedure when encrypting, to need ciphered data to import into, encipher interface handling procedure control system management interrupt signal generating circuit triggering system management interrupt, central processing unit enters System Management Mode, executive system management interrupt service routine, the predefined cryptographic algorithm of run user is encrypted the data that user program or software transmit, the central processing unit management mode that logs off.
What be appreciated that the BIOS storer 3 of computer encryption device of the present invention and encryption method thereof preserves is but is not limited to bios program, in this program or code, provides SMI interrupt service routine and encipher interface handling procedure; The cryptographic algorithm that CPU1 preserves under System Management Mode and moves can be one or more; The user-defined cryptographic algorithm that is saved in the BIOS storer 3 also can be stored in other storeies (as computer system memory, computer system management application heap or External memory equipment), and can compress earlier and/or encrypt cryptographic algorithm before preserving, also can cryptographic algorithm not handled; CPU1 preserves or being but being not limited to cryptographic algorithm of operation in System Management Mode, also can be the code and the data of decipherment algorithm, identifying algorithm or other function.

Claims (10)

1. computer encryption device, it comprises central processing unit, system management interrupt signal produces circuit and basic input/output system memory, wherein basic input/output system memory all is connected with central processing unit by bus with system management interrupt signal generation circuit, described system management interrupt signal produces circuit and is connected with the system management interrupt pin of central processing unit, it is characterized in that: described basic input/output system memory internal memory contains the system management interrupt service routine, also store the encipher interface handling procedure in the described basic input/output system memory, described encipher interface handling procedure is used to control described system management interrupt signal and produces circuit and produce system management interrupt signal and enter System Management Mode to trigger central processing unit, preserves cryptographic algorithm and data are encrypted under described System Management Mode.
2. computer encryption device as claimed in claim 1 is characterized in that: described system management interrupt service routine, encipher interface handling procedure are to be added in the Basic Input or Output System (BIOS) program.
3. computer encryption device as claimed in claim 1 is characterized in that: the user defines one or more cryptographic algorithm by described encipher interface handling procedure, and is stored in the memory device.
4. computer encryption device as claimed in claim 3 is characterized in that: described the cryptographic algorithm compressed and/or encryption before preserving that is stored in the memory device.
5. computer encryption device as claimed in claim 1 is characterized in that: the user defines one or more decipherment algorithms, identifying algorithm by described encipher interface handling procedure, and is stored in the memory device.
6. computer encryption device as claimed in claim 5 is characterized in that: described decipherment algorithm, the identifying algorithm compressed and/or encryption before preserving that is stored in the memory device.
7. as claim 3 or 5 described computer encryption devices, it is characterized in that: described memory device is a basic input/output system memory.
8. as claim 3 or 5 described computer encryption devices, it is characterized in that: described memory device is computer system memory or computer system management application heap.
9. as claim 3 or 5 described computer encryption devices, it is characterized in that: described memory device is the computing machine External memory equipment.
10. the encryption method of a computer encryption device as claimed in claim 1 is characterized in that may further comprise the steps:
When A) computer booting powers on, central processing unit extracts instruction and begins to carry out the Basic Input or Output System (BIOS) program from basic input/output system memory, the Basic Input or Output System (BIOS) program is carried out initialization to computer hardware, for central processing unit is provided with the system management interrupt service routine, and provide the encipher interface handling procedure;
B) user program or software transfer encipher interface handling procedure, the cryptographic algorithm of user oneself definition is imported into, encipher interface handling procedure control system management interrupt signal generating circuit triggering system management interrupt, central manager enters System Management Mode, executive system management interrupt service routine, preserve user-defined cryptographic algorithm, the central processing unit management mode that logs off;
C) user program or software call the encipher interface handling procedure when encrypting, to need ciphered data to import into, encipher interface handling procedure control system management interrupt signal generating circuit triggering system management interrupt, central processing unit enters System Management Mode, executive system management interrupt service routine, the predefined cryptographic algorithm of run user is encrypted the data that user program or software transmit, the central processing unit management mode that logs off.
CNB2005100368264A 2005-08-25 2005-08-25 Computer encryption device and its encryption method Active CN100449451C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2005100368264A CN100449451C (en) 2005-08-25 2005-08-25 Computer encryption device and its encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005100368264A CN100449451C (en) 2005-08-25 2005-08-25 Computer encryption device and its encryption method

Publications (2)

Publication Number Publication Date
CN1752884A CN1752884A (en) 2006-03-29
CN100449451C true CN100449451C (en) 2009-01-07

Family

ID=36679764

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100368264A Active CN100449451C (en) 2005-08-25 2005-08-25 Computer encryption device and its encryption method

Country Status (1)

Country Link
CN (1) CN100449451C (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101308537B (en) * 2007-05-18 2011-05-11 华硕电脑股份有限公司 Method for generating key for encryption and decryption in computer apparatus and using the same
CN107332655A (en) * 2017-06-29 2017-11-07 商丘医学高等专科学校 Computer control system and computer

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5007082A (en) * 1988-08-03 1991-04-09 Kelly Services, Inc. Computer software encryption apparatus
CN1305157A (en) * 2000-12-12 2001-07-25 林学优 Fingerprint computer
CN1357840A (en) * 2000-12-08 2002-07-10 英业达股份有限公司 Computer security system
EP1357454A1 (en) * 2002-04-23 2003-10-29 Hewlett-Packard Company Data processing system and method with protected BIOS
CN1641513A (en) * 2004-01-13 2005-07-20 英业达股份有限公司 Interrupt programme software protection method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5007082A (en) * 1988-08-03 1991-04-09 Kelly Services, Inc. Computer software encryption apparatus
CN1357840A (en) * 2000-12-08 2002-07-10 英业达股份有限公司 Computer security system
CN1305157A (en) * 2000-12-12 2001-07-25 林学优 Fingerprint computer
EP1357454A1 (en) * 2002-04-23 2003-10-29 Hewlett-Packard Company Data processing system and method with protected BIOS
CN1641513A (en) * 2004-01-13 2005-07-20 英业达股份有限公司 Interrupt programme software protection method

Also Published As

Publication number Publication date
CN1752884A (en) 2006-03-29

Similar Documents

Publication Publication Date Title
CN100487715C (en) Date safety storing system, device and method
CN104012030B (en) For protecting the system and method for symmetric cryptographic key
EP2795829B1 (en) Cryptographic system and methodology for securing software cryptography
CN102324006B (en) Processor program safety protection device and method
CN104520873A (en) Systems and methods for securing and restoring virtual machines
CN105144189A (en) Secure cloud database platform
CN103150514A (en) Mobile equipment-based credible module and credible service method thereof
US20150019875A1 (en) Portable device for data encryption/decryption and/or compression/decompression
CN109684030B (en) Virtual machine memory key generation device and method, encryption method and SoC system
Ling et al. Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes
CN106127059A (en) The realization of credible password module and method of servicing on a kind of ARM platform
CN105184196A (en) Electronic system information security protection system and method
CN113722683A (en) Model protection method, device, equipment, system and storage medium
US10185633B2 (en) Processor state integrity protection using hash verification
CN100334519C (en) Method for establishing credible input-output channels
TW200708985A (en) Security message authentication control instruction
CN100449451C (en) Computer encryption device and its encryption method
CN108959129B (en) Embedded system confidentiality protection method based on hardware
CN101950345B (en) Hardware decryption-based high-reliability terminal equipment and working method thereof
US11115210B2 (en) Systems and methods for masking RSA operations
CN114254335A (en) Encryption method and device based on GPU, encryption equipment and storage medium
CN111538988A (en) Anti-attack program running method and device, storage medium and electronic device
CN114424166A (en) Encryption table signature
Atkinson et al. Reporting personal and corporate data for secure storage in cloud
US20230013844A1 (en) System and method for securing keyboard input to a computing device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: YANXIANG INTELLIGENT TECHNOLOGY CO., LTD.

Free format text: FORMER NAME: SHENGZHEN EVOC INTELLIGENT TECHNOLOGY CO., LTD.

CP03 Change of name, title or address

Address after: Guangdong province Shenzhen city Nanshan District high in the four EVOC Technology Building No. 31

Patentee after: EVOC INTELLIGENT TECHNOLOGY Co.,Ltd.

Address before: Guangdong city in Shenzhen Province, Che Kung Temple Tian An Digital City Tienhsiang building 10B

Patentee before: SHENZHEN EVOC INTELLIGENT TECHNOLOGY Co.,Ltd.

C53 Correction of patent of invention or patent application
CB03 Change of inventor or designer information

Inventor after: Chen Zhilie

Inventor after: Liu Zhiyong

Inventor before: Liu Zhiyong

COR Change of bibliographic data

Free format text: CORRECT: INVENTOR; FROM: LIU ZHIYONG TO: CHEN ZHILIE LIU ZHIYONG

TR01 Transfer of patent right

Effective date of registration: 20230821

Address after: 518000 1701, Yanxiang Science and Technology Building, No. 31, High-tech Middle 4th Road, Maling Community, Yuehai Street, Nanshan District, Shenzhen, Guangdong Province

Patentee after: Shenzhen Yanxiang Smart Technology Co.,Ltd.

Address before: 518057 Guangdong city of Shenzhen province Nanshan District high in the four EVOC Technology Building No. 31

Patentee before: EVOC INTELLIGENT TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right
DD01 Delivery of document by public notice

Addressee: Li Qin

Document name: Notification of Qualified Procedures

DD01 Delivery of document by public notice