CN102063593B - Credible device with active control function and authentication method thereof - Google Patents
Credible device with active control function and authentication method thereof Download PDFInfo
- Publication number
- CN102063593B CN102063593B CN2011100031881A CN201110003188A CN102063593B CN 102063593 B CN102063593 B CN 102063593B CN 2011100031881 A CN2011100031881 A CN 2011100031881A CN 201110003188 A CN201110003188 A CN 201110003188A CN 102063593 B CN102063593 B CN 102063593B
- Authority
- CN
- China
- Prior art keywords
- credible
- credible platform
- control module
- hardware
- engine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a credible device with an active control function and an authentication method thereof, relating to the field of information security. A credible platform control module with the active control function and a hardware device are connected to a credible platform of the credible device with the active control function, wherein the hardware device are separated into a credible hardware device and an incredible hardware device by the credible platform control module through the active control function, and the credible platform control module is internally provided with hardware units such as an active measurement engine, a control judgment engine, a work mode customizing engine, a credible control policy configuration engine and the like to realize active check on the working condition configuration information of the hardware device, control policy configuration information, a firmware code and the working condition of a circuit. Mutual binding between the credible platform and the credible hardware is realized through combing the credible platform control module and a credible pipeline technology, the binding process of the credible platform control module and the credible hardware is completely transparent to an operating system and an application program, and the operating system cannot bypass or intervene the process of binding the credible hardware by the credible platform.
Description
Technical field
The present invention relates to information security field, relate in particular to a kind of credible equipment and authentication method thereof of active control function.
Background technology
Along with to the deepening continuously of reliable computing technology research, credible calculating standard to the functional requirement of credible chip also in continuous increase.From TCG1.1 version 1.2 versions up till now the earliest, from the application of terminal, to aspects such as server, embedded device, virtual machine, networks, can say that (the credible chip of TCG definition is called credible platform module to credible chip.) functional requirement in continuous raising, design complexities is in continuous increase, and then also caused the hardware size of credible chip and the continuous increase of internal firmware scale.
At field terminal computer, existing credible calculating standard is not carried out confidence level definition and detailed functional requirement to the hardware device on the mainboard platform.And think when trusted terminal is dispatched from the factory, the hardware device on the mainboard is defaulted as believable exactly.In use simultaneously, the hardware device on the credible platform is not replaced by artificial malice, can be normally by the tolerance to equipment read-only register information, and then this thinks that this hardware device is believable.
The credible platform control module is a kind of safety chip with crypto-operation function, and integrity measurement function, integrity report function, trusted storage, encryption and decryption operation, digital signature operation etc. mainly are provided.With reference to Patents " a kind of credible platform module and active measure thereof the " (patent No.: ZL200810115280.5)
Hardware device comprises trusted hardware equipment and untrusted hardware device.Legal hardware device namely is trusted hardware equipment after the authentication of process credible platform, otherwise is non-trusted hardware equipment.Trusted hardware equipment is the hardware device that comprises credible chip on a kind of hardware circuit, and its characteristics comprise: to self circuit working state inspection, self firmware code is carried out integrity checking, carries out believable two-way authentication etc. with trusted computer.With reference to related invention patent " a kind of trusted hardware equipment and using method thereof " (application number: 201010237511.7)
The RSA public key encryption algorithm is to be developed in (Massachusetts Institute Technology) by Ron Rivest, Adi Shamirh and LenAdleman in 1977.RSA is present the most influential public key encryption algorithm, is recommended as the public key data encryption standard by ISO.RSA Algorithm is true based on a foolproof number theory: two large prime numbers are multiplied each other very easy, but it is extremely difficult to want that its product is carried out factorization, and therefore can product is open as encryption key.
Summary of the invention
Existing computer platform in use can't be guaranteed the credibility of hardware.After hardware device was replaced, computing machine oneself can not be found the change on the hardware, and computer user has been consisted of great potential safety hazard especially in secret department.The credible platform of a kind of active control function that the present invention proposes and the authentication method of trusted hardware equipment provide a kind of method that effectively addresses this problem.
1, the authentication method of a kind of credible platform of active control function and trusted hardware equipment, wherein a kind of trusted hardware equipment of credible platform of active control function comprises CPU, video card, internal memory, BOOT ROM, credible platform control module, peripheral controls and other hardware devices:
Other hardware devices comprise: hard disk, PCI integrated circuit board, SCSI integrated circuit board and PCI-E integrated circuit board;
There is trusted module each reliable hardware inside; Trusted module comprises: symmetric cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells, volatile memory cell, credible interface unit;
The credible platform control module is except comprising: carry out engine, communication bus, non-volatile memory cells, volatile memory cell, counter and the input/output bus interface, also comprise: control ruling engine, control strategy configuration information customization engine, work mode configuration information customization engine, state switching controls engine, active check engine and credible password module;
Credible password module is except comprising: symmetric cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells, volatile memory cell, credible interface unit and the communication bus, also comprise the input and output isolated location;
Input and output isolated location: comprise two ports, one of them port is by communication bus connected symmetrical dendrimer cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells and volatile memory cell, and another port connects the communication bus of credible platform control module;
Trusted hardware equipment comprises basic hardware circuit, bus controller, platform bus interface, peripheral bus, firmware stores unit, Policy storage unit, configuration memory cell and trusted module, and has passed through the authentication of credible platform control module to described hardware device;
Bus controller interconnects by communication bus and basic hardware circuit, platform bus interface, peripheral interface, firmware stores unit, Policy storage unit, configuration memory cell and trusted module;
The control signal input port of peripheral controls is connected to processor and the credible platform control module of credible platform; The input/output bus port of peripheral controls is connected to credible platform control module and other hardware devices of credible platform;
Inner in the credible platform control module, by communication bus will control the ruling engine, carry out engine, non-volatile memory cells, volatile memory cell, counter, input/output bus interface, control strategy configuration information customization engine, work mode configuration information customization engine, state switching controls engine, initiatively check engine, credible password module, interconnect;
BOOT ROM is the hardware carrier of storage bios code.
2, the authentication method of described credible platform and trusted hardware equipment is characterized in that by carrying out realizing the authentication of credible platform control module and trusted hardware equipment alternately between the credible platform control module on the credible platform and the trusted hardware equipment;
The credible platform control module has higher security, because it has initiatively tolerance and authentication function, therefore is that credible platform is to the instrument of trusted hardware equipment authentication.Credible platform is trusted all operations of credible platform safety control module.The authentication that is credible platform and reliable hardware is exactly the authentication between credible platform control module and the trusted hardware equipment.The authentication method of credible platform control module and reliable hardware comprises: credible platform initial method, credible platform hardware update method and credible platform authentication method; Wherein, the prerequisite of execution trusted hardware equipment update method and credible platform authentication method is to have carried out the credible platform initial method on described credible platform; When described credible platform is carried out the renewal hardware device, need to carry out the trusted hardware equipment update method; Each credible platform that starts need to be carried out authentication method.
Device code, vendor code refer to the device code of hardware device and the code of manufacturer, these two codes be by the hardware manufacturer when producing hardware, be solidificated in the hardware device.The general user can't change.The binding procedure of credible platform control module and reliable hardware all is fully transparent to operating system and application program.Operating system can't bypass or is intervened the process of credible platform binding reliable hardware.
1 credible platform initial method:
1.1 behind the electrifying startup, credible platform control module and peripheral controls carry out mutual first trusted computer first, if peripheral controls exist, then continue to start; Otherwise stop starting;
Referring to alternately first of credible platform control module and peripheral controls: credible platform control module to the periphery device controller sends initializing signal, if peripheral controls response initializing signal is also finished initialization operation, then credible platform control module and peripheral controls assert that mutually the other side exists.
1.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls access credible platform whether trusted hardware equipment exists; If existing, trusted hardware equipment continues to start; Otherwise stop starting;
The existence that checks trusted hardware equipment refers to that the credible platform control module sends initializing signal to trusted hardware equipment successively by the peripheral unit control module, after trusted hardware equipment responded successively initializing signal and finishes initialization operation, the credible platform control module confirmed that trusted hardware equipment exists.
1.3 the credible platform control module reads vendor code and the device code of trusted hardware equipment, and generates the volatile storage unit that digest value is stored to the credible platform control module.The trusted module of trusted hardware equipment inside begins to measure self firmware code, and generates the volatile memory cell that digest value is stored to the trusted module of trusted hardware equipment;
1.4 the credible platform control module at first configures peripheral controls, video card, then the credible platform control module reads supervisor control program from non-volatile memory cells, and provides the platform management key by peripheral controls prompting user on screen; After the user provides managing keys; The credible platform control module is crossed video card with the hardware device information exchange that collects and is presented on the display, after the manual confirmation hardware information is correct,, otherwise stops starting with reliable hardware if information is errorless.
1.5 credible platform control module and the trusted hardware equipment trusted module by device interior generates the key pair of self; Simultaneously private key is deposited in the trusted module of device interior; The credible platform control module is distributed to outer trusted hardware equipment with PKI, and trusted hardware equipment is stored in the PKI of credible platform control module in the non-volatile memory cells of trusted module separately; Trusted hardware equipment will be separately PKI and separately the tolerance digest value of firmware code send to the credible platform control module; The credible platform control module deposits the public key information of receiving in the non-volatile memory cells of credible platform control module inside in order, in the volatile memory cell with the tolerance digest value of trusted hardware equipment self firmware code received and credible platform control module the corresponding digest value that is generated by vendor code and device code mutually with after be stored in the non-volatile memory cells of credible platform control module;
Restart order 1.6 the credible platform control module sends to credible platform, credible platform is carried out reboot operation.
The authentication method of 2 credible platforms and trusted hardware equipment:
2.1 behind the credible platform electrifying startup, the credible platform control module is carried out alternately with peripheral controls first, if peripheral controls exist, then continues to start; Otherwise stop starting;
2.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls access credible platform whether trusted hardware equipment exists; If existing, trusted hardware equipment continues to start; Otherwise stop starting;
2.3 credible platform control module tolerance reliable hardware, if measure successfully then continues to start, otherwise the termination startup, entrance management program prompts user;
Illustrate unsuccessfully that in this step vacuum metrics hardware changed by the people, if because of the reason of hardware damage, the hardware replacement that carries out, then the entrance management program carry out credible platform the hardware device update method; If malice is changed hardware, can stop start-up course after the entrance management program.
2.4 the trusted module of credible platform control module and reliable hardware carries out the password interactive authentication, continues to start if authentication is passed through; Otherwise stop starting;
The credible platform control module at first generates initial random number, and with the public key encryption of peripheral controls; After using the private key signature of credible platform control module, enciphered data is sent to peripheral controls.After peripheral controls are received enciphered data, use the public key verifications signature of credible platform control module, if authentication failed then stop starting; Otherwise continue operation.Peripheral controls use the private key data decryption of peripheral controls, if Decryption failures then stop starting; Otherwise continue operation.The firmware code of the trusted hardware equipment of storage is measured digest value in the volatile memory cell of the data after then peripheral controls will be deciphered and the trusted module of peripheral controls self, together passes through the public key encryption of credible platform control module.Peripheral controls will use the data after the peripheral controls private key signature to send to the credible platform control module.After the credible platform control module is received the enciphered data that peripheral controls send, through the public key verifications signature of peripheral controls, if authentication failed then stop starting; Otherwise continue operation, if credible platform control module encrypted private key data are Decryption failures then stop starting; Otherwise continue operation.Data and initial random number after the deciphering are compared.If the same continue to start; Otherwise stop starting.
The credible platform control module authenticates CPU, internal memory, video card and other hardware devices by peripheral controls successively, identifying procedure is as follows: the credible platform control module adds 1 with the random number in the upper verification process, then be encrypted by current PKI that will authentic hardware device, the private key of credible platform control module is signed, and send to current will authentic hardware device.Current will authentic hardware device receive the data that credible platform control sends by peripheral controls after, the public key verifications signature by the credible platform control module at first is if authentication failed then stop starting otherwise continues operation; Then use the private key data decryption of current authentic hardware device, if Decryption failures then stop starting, otherwise continue operation, after the firmware code of the reliable hardware of storage tolerance digest value splices in the data that obtain after current authentic hardware device will be deciphered and the volatile memory cell of the trusted module of self, public key encryption through the credible platform control module, data after the private key signature of current authentic hardware device send to the credible platform control module, the credible platform control module is received the public key verifications signature that uses current certified equipment after the enciphered data that peripheral controls send, if authentication failed then stop starting then continues operation; If credible platform control module private key data decryption is Decryption failures then stop starting; Otherwise continue operation, the firmware code tolerance digest value of the reliable hardware of the random number that the data after the deciphering and credible platform safety control module send and the storage of credible platform control module compares.If the same continue to start; Otherwise stop starting.Behind all devices authentication success, enter next step.
2.5 the credible platform control module sends the order that starts BOOT ROM by peripheral controls to CPU, then CPU begins to carry out BIOS bootload program, and completion system starts.
The hardware device update method of 3 credible platforms:
3.1 behind the first electrifying startup of credible platform after the user changes hardware, credible platform control module and peripheral controls carry out alternately, if peripheral controls exist, then continue to start; Otherwise stop starting;
Credible platform control module and peripheral controls refer to alternately: credible platform control module to the periphery device controller sends initializing signal, if peripheral controls response initializing signal is also finished initialization operation, think that then peripheral controls exist.
3.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls access credible platform whether the trusted hardware equipment except the peripherals controller exists; If existing, the trusted hardware equipment except the peripherals controller continues to start; Otherwise stop starting;
The existence that checks trusted hardware equipment refers to, the credible platform control module sends initializing signal to trusted hardware equipment successively by the peripheral unit control module, after trusted hardware equipment responded successively initializing signal and finishes initialization operation, the credible platform control module confirmed that trusted hardware equipment exists.
3.3 the credible platform control module at first configures peripheral controls, video card, then the credible platform control module reads supervisor control program from non-volatile memory cells, and provides the platform management key by peripheral controls prompting user on screen; After the user provides managing keys; The credible platform control module will collect new hardware device information exchange and cross video card and be presented on the display, if the user provides correct managing keys, and agree to change hardware, and system continues to start, otherwise stops starting.
3.4 after confirming that the user information of the hardware device replaced is correct, the digest value that the vendor code of the hardware device after the credible platform control module will be replaced and device code generate, and the tolerance digest value of the firmware code of the rear hardware device of replacement deposits the volatile memory cell of credible platform control module inside in;
3.5 the hardware device after replacing generates key pair; And private key is deposited in the trusted module of the hardware device inside after the replacement.The PKI of the hardware device after the replacement sends to the credible platform control module; The credible platform control module deposits the public key information of receiving in the non-volatile memory cells of credible platform control module inside, with the corresponding digest value that is generated by device code and vendor code in the tolerance digest value of reliable hardware self firmware code received and the credible platform control module volatile memory cell want with after be stored in the non-volatile memory cells of credible platform control module;
3.6 the credible platform control module sends the order that starts BOOT ROM by peripheral controls to CPU, then CPU begins to carry out BIOS bootload program, and completion system starts.
Implementation result:
1. the credible platform of a kind of active control function of the present invention design and the authentication method of trusted hardware equipment, it has realized the authentication between credible platform inside reliable hardware and the credible and secure control module.The security of reliable hardware self is guaranteed by trusted module in each inside by trusted module.Guaranteed the security of credible platform integral body by the authentication between credible platform safety control module and the reliable hardware.
2. compare with the traditional calculations machine platform, trusted module has been added in the hardware inside on the credible platform.Guarantee primitiveness and the credibility of reliable hardware by the tolerance means.Add the credible platform safety control module at credible platform, credible and secure control module storage inside the information of reliable hardware, mutual by with reliable hardware of credible platform control module when at every turn starting confirmed the credibility of hardware.Guarantee the security of credible platform integral body by the authentication method of credible platform described in the invention and reliable hardware.This is that traditional calculations machine platform institute is irrealizable.
3. the present invention in use for the user provides succinct efficiently interface, reduces burden for users.Verification process between credible platform and the reliable hardware by the credible platform safety control module by and reliable hardware between finish alternately, need not manual intervention.Only when credible platform is set up or credible platform need the credibility of manual confirmation hardware device need to carry out hardware replacement the time.Can guarantee in this way the credibility of credible platform.
4. the binding of above-mentioned trusted hardware equipment and credible platform is fully transparent to operating system and application software.Operating system and application software can't be to the binding procedure bypasses of credible platform and trusted hardware equipment.
Description of drawings:
Fig. 1 credible platform control module and credible platform connected mode
Fig. 2 trusted module and credible platform control module connected mode
Fig. 3 credible password module hardware structure diagram
Fig. 4 credible platform control module hardware structure diagram
Embodiment:
The credible platform control module that the selected trusted module of the present invention and credible platform control module all adopt domestic JETWAY Information Security Industry Co., Ltd. to provide exploitation plate able to programme.
Credible platform control module and trusted module are developed in basis at credible platform control module exploitation plate able to programme.The credible platform control module links to each other with peripheral controls by signal wire.Trusted module links to each other with trusted hardware equipment by signal wire.
Rui Da company is domestic supplier and the information security solution provider that specializes on a large scale research and development, production information safety product.Its equipment that provides can be thought believable.
The authentication method of credible platform and credible platform control module comprises: credible platform initial method, credible platform hardware update method and credible platform authentication method; Wherein, the prerequisite of execution trusted hardware equipment update method and credible platform authentication method is to have carried out the credible platform initial method on described credible platform; When described credible platform is carried out the renewal hardware device, need to carry out the trusted hardware equipment update method; Each credible platform that starts need to be carried out credible platform and reliable hardware authentication method.Described public and private key algorithm adopts RSA 1024 cryptographic algorithm.
1 credible platform initial method:
1.1 behind the electrifying startup, credible platform control module and peripheral controls carry out mutual first trusted computer first, if peripheral controls exist, then continue to start; Otherwise stop starting;
Referring to alternately first of credible platform control module and peripheral controls: credible platform control module to the periphery device controller sends initializing signal, if peripheral controls response initializing signal is also finished initialization operation, then credible platform control module and peripheral controls assert that mutually the other side exists.
1.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls access credible platform whether trusted hardware equipment exists; If existing, trusted hardware equipment continues to start; Otherwise stop starting;
The existence that checks trusted hardware equipment refers to that the credible platform control module sends initializing signal to trusted hardware equipment successively by the peripheral unit control module, after trusted hardware equipment responded successively initializing signal and finishes initialization operation, the credible platform control module confirmed that trusted hardware equipment exists.
1.3 the credible platform control module reads vendor code and the device code of trusted hardware equipment, and generates the volatile storage unit that digest value is stored to the credible platform control module.The trusted module of trusted hardware equipment inside begins to measure self firmware code, and generates the volatile memory cell that digest value is stored to the trusted module of trusted hardware equipment;
1.4 the credible platform control module at first configures peripheral controls, video card, then the credible platform control module reads supervisor control program from non-volatile memory cells, and provides the platform management key by peripheral controls prompting user on screen; After the user provides managing keys; The credible platform control module is crossed video card with the hardware device information exchange that collects and is presented on the display, after the manual confirmation hardware information is correct,, otherwise stops starting with reliable hardware if information is errorless.
1.5 credible platform control module and the trusted hardware equipment trusted module by device interior generates the key pair of self; Simultaneously private key is deposited in the trusted module of device interior; The credible platform control module is distributed to outer trusted hardware equipment with PKI, and trusted hardware equipment is stored in the PKI of credible platform control module in the non-volatile memory cells of trusted module separately; Trusted hardware equipment will be separately PKI and separately the tolerance digest value of firmware code send to the credible platform control module; The credible platform control module deposits the public key information of receiving in the non-volatile memory cells of credible platform control module inside in order, in the volatile memory cell with the tolerance digest value of trusted hardware equipment self firmware code received and credible platform control module the corresponding digest value that is generated by vendor code and device code mutually with after be stored in the non-volatile memory cells of credible platform control module;
Restart order 1.6 the credible platform control module sends to credible platform, credible platform is carried out reboot operation.
The authentication method of 2 credible platforms and trusted hardware equipment:
2.1 behind the credible platform electrifying startup, the credible platform control module is carried out alternately with peripheral controls first, if peripheral controls exist, then continues to start; Otherwise stop starting;
2.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls access credible platform whether trusted hardware equipment exists; If existing, trusted hardware equipment continues to start; Otherwise stop starting;
2.3 credible platform control module tolerance reliable hardware, if measure successfully then continues to start, otherwise the termination startup, entrance management program prompts user;
Illustrate unsuccessfully that in this step vacuum metrics hardware changed by the people, if because of the reason of hardware damage, the hardware replacement that carries out, then the entrance management program carry out credible platform the hardware device update method; If malice is changed hardware, can stop start-up course after the entrance management program.
2.4 the trusted module of credible platform control module and reliable hardware carries out the password interactive authentication, continues to start if authentication is passed through; Otherwise stop starting;
The credible platform control module at first generates initial random number, and with the public key encryption of peripheral controls; After using the private key signature of credible platform control module, enciphered data is sent to peripheral controls.After peripheral controls are received enciphered data, use the public key verifications signature of credible platform control module, if authentication failed then stop starting; Otherwise continue operation.Peripheral controls use the private key data decryption of peripheral controls, if Decryption failures then stop starting; Otherwise continue operation.The firmware code of the trusted hardware equipment of storage is measured digest value in the volatile memory cell of the data after then peripheral controls will be deciphered and the trusted module of peripheral controls self, together passes through the public key encryption of credible platform control module.Peripheral controls will use the data after the peripheral controls private key signature to send to the credible platform control module.After the credible platform control module is received the enciphered data that peripheral controls send, through the public key verifications signature of peripheral controls, if authentication failed then stop starting; Otherwise continue operation, if credible platform control module encrypted private key data are Decryption failures then stop starting; Otherwise continue operation.Data and initial random number after the deciphering are compared.If the same continue to start; Otherwise stop starting.
The credible platform control module authenticates CPU, internal memory, video card and other hardware devices by peripheral controls successively, identifying procedure is as follows: the credible platform control module adds 1 with the random number in the upper verification process, then be encrypted by current PKI that will authentic hardware device, the private key of credible platform control module is signed, and send to current will authentic hardware device.Current will authentic hardware device receive the data that credible platform control sends by peripheral controls after, the public key verifications signature by the credible platform control module at first is if authentication failed then stop starting otherwise continues operation; Then use the private key data decryption of current authentic hardware device, if Decryption failures then stop starting, otherwise continue operation, after the firmware code of the reliable hardware of storage tolerance digest value splices in the data that obtain after current authentic hardware device will be deciphered and the volatile memory cell of the trusted module of self, public key encryption through the credible platform control module, data after the private key signature of current authentic hardware device send to the credible platform control module, the credible platform control module is received the public key verifications signature that uses current certified equipment after the enciphered data that peripheral controls send, if authentication failed then stop starting then continues operation; If credible platform control module private key data decryption is Decryption failures then stop starting; Otherwise continue operation, the firmware code tolerance digest value of the reliable hardware of the random number that the data after the deciphering and credible platform safety control module send and the storage of credible platform control module compares.If the same continue to start; Otherwise stop starting.Behind all devices authentication success, enter next step.
2.5 the credible platform control module sends the order that starts BOOT ROM by peripheral controls to CPU, then CPU begins to carry out BIOS bootload program, and completion system starts.
The hardware device update method of 3 credible platforms:
3.1 behind the first electrifying startup of credible platform after the user changes hardware, credible platform control module and peripheral controls carry out alternately, if peripheral controls exist, then continue to start; Otherwise stop starting;
Credible platform control module and peripheral controls refer to alternately: credible platform control module to the periphery device controller sends initializing signal, if peripheral controls response initializing signal is also finished initialization operation, think that then peripheral controls exist.
3.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls access credible platform whether the trusted hardware equipment except the peripherals controller exists; If existing, the trusted hardware equipment except the peripherals controller continues to start; Otherwise stop starting;
The existence that checks trusted hardware equipment refers to, the credible platform control module sends initializing signal to trusted hardware equipment successively by the peripheral unit control module, after trusted hardware equipment responded successively initializing signal and finishes initialization operation, the credible platform control module confirmed that trusted hardware equipment exists.
3.3 the credible platform control module at first configures peripheral controls, video card, then the credible platform control module reads supervisor control program from non-volatile memory cells, and provides the platform management key by peripheral controls prompting user on screen; After the user provides managing keys; The credible platform control module will collect new hardware device information exchange and cross video card and be presented on the display, if the user provides correct managing keys, and agree to change hardware, and system continues to start, otherwise stops starting.
3.4 after confirming that the user information of the hardware device replaced is correct, the digest value that the vendor code of the hardware device after the credible platform control module will be replaced and device code generate, and the tolerance digest value of the firmware code of the rear hardware device of replacement deposits the volatile memory cell of credible platform control module inside in;
3.5 the hardware device after replacing generates key pair; And private key is deposited in the trusted module of the hardware device inside after the replacement.The PKI of the hardware device after the replacement sends to the credible platform control module; The credible platform control module deposits the public key information of receiving in the non-volatile memory cells of credible platform control module inside, with the corresponding digest value that is generated by device code and vendor code in the tolerance digest value of reliable hardware self firmware code received and the credible platform control module volatile memory cell want with after be stored in the non-volatile memory cells of credible platform control module;
3.6 the credible platform control module sends the order that starts BOOT ROM by peripheral controls to CPU, then CPU begins to carry out BIOS bootload program, and completion system starts.
Claims (1)
1. the credible equipment of an active control function is characterized in that: comprise CPU, video card, internal memory, BOOT ROM, credible platform control module, peripheral controls and other hardware devices:
Other hardware devices comprise: hard disk, PCI integrated circuit board, SCSI integrated circuit board and PCI-E integrated circuit board;
There is trusted module each reliable hardware inside; Trusted module comprises: symmetric cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells, volatile memory cell, credible interface unit;
The credible platform control module is except comprising: carry out engine, communication bus, non-volatile memory cells, volatile memory cell, counter and the input/output bus interface, also comprise: control ruling engine, control strategy configuration information customization engine, work mode configuration information customization engine, state switching controls engine, active check engine and credible password module;
Credible password module is except comprising: symmetric cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells, volatile memory cell, credible interface unit and the communication bus, also comprise the input and output isolated location;
Input and output isolated location: comprise two ports, one of them port is by communication bus connected symmetrical dendrimer cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells and volatile memory cell, and another port connects the communication bus of credible platform control module;
Trusted hardware equipment comprises basic hardware circuit, bus controller, platform bus interface, peripheral bus, firmware stores unit, Policy storage unit, configuration memory cell and trusted module, and has passed through the authentication of credible platform control module to described hardware device;
Bus controller interconnects by communication bus and basic hardware circuit, platform bus interface, peripheral interface, firmware stores unit, Policy storage unit, configuration memory cell and trusted module;
The control signal input port of peripheral controls is connected to processor and the credible platform control module of credible platform; The input/output bus port of peripheral controls is connected to credible platform control module and other hardware devices of credible platform;
Inner in the credible platform control module, by communication bus will control the ruling engine, carry out engine, non-volatile memory cells, volatile memory cell, counter, input/output bus interface, control strategy configuration information customization engine, work mode configuration information customization engine, state switching controls engine, initiatively check engine, credible password module, interconnect.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100031881A CN102063593B (en) | 2011-01-07 | 2011-01-07 | Credible device with active control function and authentication method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100031881A CN102063593B (en) | 2011-01-07 | 2011-01-07 | Credible device with active control function and authentication method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102063593A CN102063593A (en) | 2011-05-18 |
| CN102063593B true CN102063593B (en) | 2013-01-09 |
Family
ID=43998864
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100031881A Active CN102063593B (en) | 2011-01-07 | 2011-01-07 | Credible device with active control function and authentication method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102063593B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102331941B (en) * | 2011-07-07 | 2014-07-02 | 曙光信息产业股份有限公司 | Method for managing hard disk switching of loongson mainboard |
| CN104639503B (en) | 2013-11-11 | 2017-12-19 | 国际商业机器公司 | A kind of methods, devices and systems for being used to protect sensitive information |
| US9785801B2 (en) * | 2014-06-27 | 2017-10-10 | Intel Corporation | Management of authenticated variables |
| CN104268477B (en) * | 2014-09-26 | 2017-09-26 | 华为技术有限公司 | A kind of method of controlling security and the network equipment |
| CN104598827B (en) * | 2015-01-12 | 2017-05-17 | 中国人民解放军信息工程大学 | Design method of restarting counter of hardware assisted operating system |
| CN106127016B (en) * | 2016-07-18 | 2018-08-17 | 浪潮集团有限公司 | A kind of operating system user logs in the system and implementation method of authentic authentication |
| CN106529271A (en) * | 2016-10-08 | 2017-03-22 | 深圳市金立通信设备有限公司 | Terminal and binding check method thereof |
| CN107403098A (en) * | 2017-06-13 | 2017-11-28 | 北京溢思得瑞智能科技研究院有限公司 | The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage |
| CN107317703A (en) * | 2017-06-20 | 2017-11-03 | 郑州云海信息技术有限公司 | It is a kind of to realize that change confirms method, management end and the credible management platform of function |
| CN108830111A (en) * | 2018-05-03 | 2018-11-16 | 深圳市中微信息技术有限公司 | A kind of credible design method based on domestic Godson CPU |
| CN111435394B (en) | 2019-01-15 | 2021-05-14 | 创新先进技术有限公司 | Safety calculation method and device based on FPGA hardware |
| CN110096887B (en) | 2019-03-22 | 2020-06-30 | 阿里巴巴集团控股有限公司 | Trusted computing method and server |
| CN112311718B (en) * | 2019-07-24 | 2023-08-22 | 华为技术有限公司 | Method, device, equipment and storage medium for detecting hardware |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7360253B2 (en) * | 2004-12-23 | 2008-04-15 | Microsoft Corporation | System and method to lock TPM always ‘on’ using a monitor |
| CN101901318A (en) * | 2010-07-23 | 2010-12-01 | 北京工业大学 | Trusted hardware equipment and using method thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI506966B (en) * | 2006-05-09 | 2015-11-01 | 內數位科技公司 | Secure time functionality for a wireless device |
-
2011
- 2011-01-07 CN CN2011100031881A patent/CN102063593B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7360253B2 (en) * | 2004-12-23 | 2008-04-15 | Microsoft Corporation | System and method to lock TPM always ‘on’ using a monitor |
| CN101901318A (en) * | 2010-07-23 | 2010-12-01 | 北京工业大学 | Trusted hardware equipment and using method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102063593A (en) | 2011-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102063593B (en) | Credible device with active control function and authentication method thereof | |
| US10057221B2 (en) | Field replaceable unit authentication system | |
| EP3805968B1 (en) | Technologies for secure hardware and software attestation for trusted i/o | |
| KR101662618B1 (en) | Measuring platform components with a single trusted platform module | |
| US8966657B2 (en) | Provisioning, upgrading, and/or changing of hardware | |
| CN110737897B (en) | Method and system for starting measurement based on trusted card | |
| KR101768583B1 (en) | Secure battery authentication | |
| CN107003866A (en) | The safety establishment of encrypted virtual machine from encrypted template | |
| CN103530548B (en) | Startup method that built-in terminal based on mobile trustable computation module is credible | |
| CN107133520B (en) | Credibility measuring method and device for cloud computing platform | |
| US8769312B2 (en) | Tampering monitoring system, protection control module, and detection module | |
| EP3044661A1 (en) | Mobile communication device and method of operating thereof | |
| CN110874478A (en) | Key processing method and device, storage medium and processor | |
| CN109657448A (en) | A kind of method, apparatus, electronic equipment and storage medium obtaining Root authority | |
| WO2018166163A1 (en) | Pos terminal control method, pos terminal, server and storage medium | |
| CN113626803A (en) | BMC firmware protection method, system and device and readable storage medium | |
| CN112955888A (en) | Protecting a group of nodes | |
| CN108345805A (en) | Verify the method and device of firmware | |
| WO2021023173A1 (en) | Data processing method, apparatus and system, storage medium, and computer device | |
| CN101582765A (en) | User bound portable trusted mobile device | |
| US20220237333A1 (en) | Secure coprocessor enforced system firmware feature enablement | |
| CN201974813U (en) | Trusted equipment with active control function | |
| CN111258598B (en) | Metric updating method, device, system, storage medium and computer equipment | |
| CN117494232B (en) | Method, device, system, storage medium and electronic equipment for executing firmware | |
| CN109951418B (en) | Security verification method and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Shen Changxiang Inventor after: Wang Yubo Inventor after: Mao Junjie Inventor after: Fang Juan Inventor after: Liu Yi Inventor after: Zhang Ning Inventor before: Wang Yubo Inventor before: Mao Junjie Inventor before: Fang Juan Inventor before: Liu Yi Inventor before: Zhang Ning |