Search Images Maps Play YouTube News Gmail Drive More »
Sign in

Patents

  1. Advanced Patent Search
Publication numberCN104335548 A
Publication typeApplication
Application numberCN 201380029463
PCT numberPCT/EP2013/001603
Publication dateFeb 4, 2015
Filing dateMay 31, 2013
Priority dateJun 7, 2012
Also published asEP2672673A1, EP2672673B1, US9674153, US20150089589, WO2013182286A1
Publication number201380029463.4, CN 104335548 A, CN 104335548A, CN 201380029463, CN-A-104335548, CN104335548 A, CN104335548A, CN201380029463, CN201380029463.4, PCT/2013/1603, PCT/EP/13/001603, PCT/EP/13/01603, PCT/EP/2013/001603, PCT/EP/2013/01603, PCT/EP13/001603, PCT/EP13/01603, PCT/EP13001603, PCT/EP1301603, PCT/EP2013/001603, PCT/EP2013/01603, PCT/EP2013001603, PCT/EP201301603
InventorsT库奇诺塔, D凯鲁比尼, EB尤尔
Applicant阿尔卡特朗讯公司
Export CitationBiBTeX, EndNote, RefMan
External Links: SIPO, Espacenet
安全数据处理 Secure Data Processing translated from Chinese
CN 104335548 A
Abstract
A secure data processing apparatus and a method are disclosed. The secure data processing apparatus is operable to securely process user data provided by a user, the secure data processing apparatus comprising: a trusted domain comprising a trusted bus coupled with a trusted data processing apparatus operable to process incoming user data received over the trusted bus and to generate outgoing user data; a trusted domain controller coupling the trusted bus with an untrusted bus of an untrusted domain, the trusted domain controller being operable to ensure that encrypted incoming user data received over the untrusted bus is decrypted and provided over the trusted bus as the incoming user data and to ensure that outgoing user data is encrypted and provided over the untrusted bus as encrypted outgoing data. By providing a trusted domain controller which couples the trusted bus with an untrusted bus and ensures that incoming user data is decrypted whilst outgoing user data is encrypted, encrypted data is only ever provided in the untrusted domain which reduces the chance of the data being compromised and ensures that only decrypted data is processed within the trusted domain which improves the performance of the processing within the trusted domain. By providing the trusted domain controller as the conduit between the trusted and untrusted domain, access to the unencrypted data within the trusted domain can be avoided. Accordingly, the confidentiality of the data can be assured without any associated processing performance shortfalls.
Claims(14)  translated from Chinese
1.一种安全的数据处理装置,可被操作以安全地处理由用户提供的用户数据,所述安全数据处理装置包括: 受信任域(20),包括与受信任的数据处理装置(50)耦合的受信任的总线,所述受信任的数据处理装置(50)可操作以处理在所述受信任的总线上接收到的输入用户数据并生成输出用户数据; 受信任域控制器(40),耦合所述受信任的总线与非受信任的域(80)中不受信任的总线,所述受信任域控制器可操作以确保在所述不受信任的总线上接收到的加密的输入用户数据被解密并在所述受信任的总线上将其作为所述输入数据提供,并且确保输出用户数据被加密并在所述不受信任的总线上将其作为加密的输出数据提供,其中,响应于重新配置所述受信任域的请求,所述受信域控制器可操作用以删除所述受信任域中的用户数据。 A secure data processing apparatus is operable to secure user data is located in the grounds provided by the user, the secure data processing apparatus comprising: a trusted domain (20), including a data processing apparatus trusted (50) data processing means (50) coupled to the bus trusted the trusted operable to process received on the bus trusted user input data and generating output user data; a trusted domain controller (40) , coupled to the trusted and non-trusted domains bus (80) in untrusted bus, the trusted domain controller is operable to ensure that the input received on the untrusted bus encryption user data is decrypted and trusted in the bus will be provided as the input data, and to ensure that user data is encrypted and output in the untrusted bus will be used as an encrypted output data, wherein in response to a reconfiguration request by the trusting domain, the trusted domain controller is operable to delete the user data to a trusted domain.
2.如权利要求1所述的装置,其中所述受信任域控制器提供所述受信任域与所述非受信任域之间的唯一接口。 2. The apparatus of claim 1, wherein the trusted domain controller provides the trusted domain and the non-unique interface between trusted domains by.
3.如权利要求1或2所述的装置,其中所述受信任域与所述非受信任之间的所有数据传输通过所述受信任的域控制器发生。 3. The apparatus according to claim 1 or claim 2, wherein the non-trusted domain and the trust that all data transfers occur between domain controllers through the trusted.
4.如前述任意权利要求之一所述的装置,其中所述受信任域与所述非受信任域之间的数据传输由所述受信任的域控制器强制加密和解密。 4. The device of one of any of the preceding claims, wherein the trusted domain and the data transmission by the non-trusted domains forced by the domain controller of the trusted encryption and decryption.
5.如前述任意权利要求之一所述的装置,其中所述受信任的域控制器包括不可再编程的密码硬件(40a、40b),所述不可再编程的密码硬件可操作以对所述受信任域与所述非受信任域之间的所述数据传输执行加密和解密。 5. The apparatus as claimed in any one of the preceding the preceding claims, wherein said controller is trusted domain comprises a non-reprogrammable cryptographic hardware (40a, 40b), the password can not reprogram the hardware operable to trusted domain and the non-trusted domains by the data transmission between the implementation of encryption and decryption.
6.如前述任意权利要求之一所述的装置,其中所述受信任的域控制器可操作以使用相应的不可再编程的加密和解密逻辑对所述受信任域与所述非受信任域之间的数据传输执行加密和解密。 6. The apparatus as claimed in any one of the preceding, wherein the trusted domain controller is operable to no longer using the corresponding encryption and decryption logic programming for the trusted domain trust domain and the non-affected by the data transmission between the implementation of encryption and decryption.
7.如前述任意权利要求之一所述的装置,其中所述输入用户数据包括数据和可执行代码。 7. The apparatus of any one of the preceding claims, wherein the input data includes user data and executable code.
8.如前述任意权利要求之一所述的装置,其中所述受信任的数据处理装置可操作以通过执行非加密的可执行代码来处理非加密的数据。 8. The apparatus according to one of any of the preceding claims, wherein said data processing means is operable to trusted to handle unencrypted data by performing non-encrypted executable code.
9.如前述任意权利要求之一所述的装置,其中所述受信任的域控制器可操作以在重新配置所述受信任域之前删除所述受信任域中的用户数据。 9. The apparatus according to one of any preceding claims, wherein the trusted domain controller operable to users before reconfiguring the trusted domain to delete the trusted domain data.
10.如前述任意权利要求之一所述的装置,其中所述受信任域控制器包括不可再编程的复位硬件,所述不可再编程的复位硬件可操作以提供所述受信任域的硬件控制的复位以响应重新配置所述受信任域的所述请求。 10. The apparatus as claimed in any one of the preceding, wherein the non-trusted domain controller includes reprogrammable hardware reset, the program no longer reset the hardware is operable to provide the trusted domain hardware control reset in response to the request to reconfigure the trusted domain.
11.如前述任意权利要求之一所述的装置,其中所述加密和解密逻辑利用与所述用户交换的会话密钥。 11. The apparatus of any one of the preceding claims, wherein a session key for said encryption and decryption logic with the use of a user exchange.
12.如权利要求11所述的装置,其中重新配置所述受信任域的所述请求包括所述会话密钥的改变。 12. The apparatus of claim 11, wherein the reconfiguration request by the trusted domain comprises changing the session key.
13.如权利要求11或12所述的装置,其中重新配置所述受信任域的所述请求包括可禁用加密和解密的所述会话密钥的改变。 13. The apparatus according to claim 11 or claim 12, wherein the reconfiguration of the trusted domain that includes a request to change to disable the encryption and decryption of the session key.
14.一种安全地处理由用户提供的用户数据的方法,所述方法包括: 处理在受信任总线上接收到的输入用户数据并生成输出用户数据; 使用受信任的域控制器(40)将所述受信任总线与非受信任域中不受信任的总线(40)耦合,以确保在所述不受信任的总线上接收到的加密的输入用户数据被解密并在所述受信任的总线上将其作为所述输入数据提供,并且确保所述输出用户数据被加密并在所述不受信任的总线上将其作为加密的输出数据提供;并且响应于重新配置受信任域的请求,删除受信任域中的用户数据。 14. A secure user data is located in the grounds provided by the user, the method comprising: processing on a trusted bus input received user data and generating output user data; use a trusted domain controller (40) trust bus with non-trusted domain untrusted bus (40) coupled to said subject, in order to ensure that the received on the untrusted user input bus encrypted data is decrypted and trusted in the bus It will be provided as the input data, and to ensure that the user data is encrypted and output in the untrusted bus will be used as an encrypted output data; and in response to a request to reconfigure the trusted domain, delete trusted by the user data field.
Description  translated from Chinese
安全数据处理 Secure Data Processing

技术领域 TECHNICAL FIELD

[0001] 本发明涉及一种安全的数据处理装置和方法。 [0001] The present invention relates to a secure data processing apparatus and method.

背景技术 Background technique

[0002] 安全的数据处理是众所周知的。 [0002] secure data processing is well known. 安全的数据处理在例如云计算中使用的那些分散式计算体系结构中尤为重要。 Secure data processing such as those distributed computing architecture used in the cloud is particularly important. 当进行这样的云计算时,在云中被发送至远程计算机中的任意代码和被发送以进行远程处理的任意用户数据,以及从远程数据处理操作输出的数据通常需要保密。 When such cloud computing, is sent to the remote computer in the cloud of arbitrary code and is transmitted to the remote processing of any user data, and the data output from the remote data processing operations typically require confidentiality.

[0003] 尽管存在各种技术以试图保护这些数据的保密性,他们中的每一个都有其各自的不足之处。 [0003] Although there are a variety of techniques in an attempt to protect the confidentiality of these data, they each have their own shortcomings.

[0004] 因此,需要提供一种改进的技术用于执行安全数据处理。 [0004] Therefore, a need to provide an improved technique for performing a secure data processing.

发明内容 SUMMARY

[0005] 根据第一方面,提供了一种安全的数据处理装置,其可操作以安全地处理用户提供的用户数据,该安全数据处理设备包括:受信任的域,包括与受信任的数据处理装置耦合的受信任的总线,所述受信任的数据处理装置可操作以处理在该受信任的总线上接收到的输入用户数据,并生成输出的用户数据;受信任域控制器,将受信任的总线与非受信任的域中不受信任的总线耦合,所述受信任域控制器能够操作以确保对在该不受信任的总线上接收到的已加密的输入用户数据进行解密并在受信任的总线上将其作为输入数据提供,并且确保对输出用户数据进行加密并在不受信任的总线上将其作为加密的输出数据提供。 [0005] According to a first aspect, there is provided a secure data processing device operable to securely handle user data provided by the user, the security data processing apparatus comprising: a trusted domain, including trusted data processing trusted data processing device coupled to the bus means, said trusted operable to process received on the bus trusted user input data, and generate an output of user data; a trusted domain controller trusted the bus and the bus coupling domain untrusted untrusted, the trusted domain controller can operate to ensure that received on the untrusted user input bus encrypted data to decrypt and trusted any bus will be provided as input data, and to ensure that the output user data is encrypted and untrusted bus will be used as an encrypted output data.

[0006] 所述第一方面认识到,存储器保护硬件机制的传统目标是执行环境和信任之间的隔离,从安全角度来看,该机制允许操作系统隔离不同用户的执行环境。 [0006] The first aspect recognized that traditional target hardware memory protection mechanism is isolated execution environment and trust between, from a security standpoint, this mechanism allows the operating system to isolate different user's execution environment. 其试图确保无特权的用户不能访问彼此的数据,也不能压倒系统管理员所做的决策和配置。 Its attempt to ensure that non-privileged users can not access each other's data, do not overwhelm the system administrator and configuration decisions. 这通常由执行适当的存储器管理单元配置的操作系统内核在切换一个用户进程时实现,所述进程仅可访问系统中可用物理存储器的一个子集,并且如果需要的话以适当的只读限制的方式。 This is usually when the switching process is implemented by a user to perform appropriate memory management unit configured operating system kernel, the process can only access the system in a subset of the available physical memory, and if necessary in an appropriate manner the read-only restriction . 然而,第一方面认识到,该机制依然允许处理器有特殊的操作模式(即所谓的“Ring O”),在该操作模式中,对运行的代码可以做什么没有限制。 However, the first aspect recognizes that this mechanism still allows the processor has a special mode of operation (the so-called "Ring O"), in this mode of operation, there is no restriction on what can be done to run the code. 该Ring O被用于设置和管理各个进程执行的隔离,并且因此在Ring O中运行的软件必须是受信任的。 The Ring O is used to set up and manage the implementation of each process isolation, and thus running in Ring O software it must be trusted. 可惜的是,在传统的操作系统中,恶意攻击者对操作系统内核和系统调用实现中的缺陷(bug)进行的利用已经获得成功,因此允许例如非特权进程在操作系统上获得管理员权限,并最后能够破坏系统中的任何安全策略。 Unfortunately, the traditional operating system, malicious attackers to the operating system kernel and system calls to achieve a defect (bug) utilization has been successful, thus allowing for example, non-privileged process to obtain administrator privileges on the operating system, and finally be able to destroy the system of any security policy. 同时,作为操作系统中的特权进程,系统进程和服务中的缺陷可以用来执行可破坏操作系统安全策略配置的恶意代码。 Meanwhile, as the operating system of privileged process, system processes and services that can be used to perform the defect can damage the operating system security policy configuration malicious code. 此外,恶意系统管理员可以控制在Ring O中执行的软件,并且因此可以注入绕过正常的操作系统安全的恶意软件。 In addition, the system administrator can control malicious software executing in Ring O, and therefore may be injected bypass the normal operating system security malware.

[0007] 类似地,在虚拟化环境中,如建立在云计算基础设施上的那些环境,可利用传统的存储器保护来为不同虚拟机的执行彼此进行隔离。 [0007] Similarly, in a virtual environment, such as those established in the cloud computing environment infrastructure, available conventional memory protection to the implementation of different virtual machines can be isolated from each other. 虚拟机监视器或管理程序嵌入代码利用可用处理器的特殊操作模式以执行系统管理操作。 Virtual machine monitor or hypervisor embed code available processors use a special mode of operation in order to perform system management operations. 然而,所述第一方面认识到,攻击者可以利用管理程序和超级调用实现中的缺陷以便打破这样的系统的隔离性能(跨不同的虚拟机)。 However, the first aspect recognizes that an attacker can use to call the hypervisor and implementation of super defects in order to break the isolation of such a system (across different virtual machines). 通常管理在物理节点上的访问的基础设施拥有者事实上可以访问由托管虚拟机管理的任意数据。 Typically manages access on the physical nodes of the infrastructure owner can access virtually any data from the host virtual machine management. 因此云提供商的用户被迫信任该提供商一如果他们想将任何一种计算移交到云中。 Therefore, cloud providers are forced to trust the provider of a user if they want to transfer to any of the computing cloud.

[0008] 加密机制,如同态加密,通过允许云提供商在已加密并且无法理解数据内容的数据上执行计算来努力消除该约束。 [0008] encryption, as the encrypted state, by allowing cloud providers to perform calculations on encrypted data and can not understand the contents of the data to try to eliminate the constraint. 然而,这样的技术被限制在数据上有限的操作集范围中。 However, this technique is limited data on a limited set of operations that range. 此外,该技术还只是初步的并且它们的有效性和可用性尚未被证实。 In addition, the technology still preliminary and their effectiveness and availability have not yet been confirmed.

[0009] 另一种方法使用受信任的平台模块技术。 [0009] Another method uses a Trusted Platform Module technology. 然而受信任的平台模块仅仅通过例如确保引导链涉及的软件组件没有被修改来确保远程系统不能被篡改。 However, the Trusted Platform Module only by software components such as ensuring that the guide strand involved has not been modified to ensure that the remote system can not be tampered with. 然而,在所述软件中存在缺陷的情况下,其同样不能提供任何保证。 However, in the case of defective software, which also can not provide any guarantee.

[0010] 另一种方法是使用与加密存储器管理单元相关联的处理器,使得安全处理器可以在保持加密形式的数据上操作。 [0010] Another approach is to use encryption and memory management unit associated with the processor, such that the processor can operate in safe keeping data in encrypted form. 但是,由于对每次高速缓存缺失均需利用加密和解密的功能,与执行实时加密和解密相关的开销可很高。 However, since each cache misses are required to use encryption and decryption functions, and perform real-time encryption and decryption overhead associated can be very high.

[0011] 因此,提供了一种安全的数据处理装置。 [0011] Accordingly, there is provided a secure data processing device. 所述安全数据处理装置可可操作地安全地处理用户提供的数据。 The data processing means may be operable to secure safe handling of user-supplied data. 所述安全数据处理装置可包括受信任域。 The secure data processing apparatus may include a trusted domain. 所述受信任域可包括可与受信任的数据处理装置耦合的受信任的总线。 The trusted domain may include a bus with a data processing unit coupled trusted trusted. 所述受信任的处理装置可能够处理在所述受信任的总线上接收到的输入用户数据并可生成输出用户数据。 The trusted processing apparatus may be prepared to receive on said bus trusted user input data and generates output user data. 所述安全数据处理装置还可包括受信任域控制器。 The secure data processing apparatus may further include a trusted domain controller. 所述受信任域控制器可将受信任的总线与其以及非受信任的域中受信任的总线相耦合。 Trusting domain controller can be trusted with their bus and non-bus coupled trusted by the trusted domain. 所述受信任域控制器可确保对在不受信任的总线上接收到的加密的输入用户数据解密。 The trusted domain controller ensures on untrusted bus received encrypted user input data decryption. 所述受信任域控制器可在受信任的总线上提供所述解密的输入用户数据作为输入数据。 The trusted domain controllers can provide user input data as input data of the decrypted on trusted bus. 所述受信任域控制器也可确保加密输出用户数据并在非受信任的总线上将其作为加密的输出数据提供。 The trusted domain controller also ensures that user data is encrypted and output in the non-trusted bus will be used as an encrypted output data.

[0012] 通过提供将所述受信任的总线与一个不受信任的总线耦合的受信任域控制器,并且所述受信任域控制器确保输入用户数据被解密同时输出用户数据被加密,仅在不受信任的域中提供降低数据受到损害机会的加密的数据,并且确保了仅在受信任域中处理解密的数据,这提高了受信任域中的处理性能。 [0012] By providing the trusted bus and a bus coupling untrusted trusted domain controllers, and trusted domain controller ensures the user input while the output data is decrypted user data is encrypted, only providing an untrusted domain data compromised reduce the chance of data encryption, and ensures only trusted domain processing decrypted data, which improves the processing performance of the trusted domain. 通过提供受信任域控制器作为受信任域和非受信任域之间的导管,可以避免访问受信任域中非加密的数据。 By providing a domain controller that is trusted as a trusted domain and non-domain trusted by the conduit between the non-encrypted data Access trusted domain can be avoided. 因此,可在保证数据的保密性的同时不损失任何相关的处理性能的。 Thus, without any loss related to the processing performance to ensure the confidentiality of the data at the same time.

[0013] 在一个实施例中,受信任的域控制器提供受信任域和非受信任域之间的唯一接口。 [0013] In one embodiment, the domain controller in the trusted domain and the trust to provide non-unique interface between trusted domains by subject. 通过提供作为受信任域和非受信任域之间唯一接口的受信任域控制器,可以保证数据的加密和解密并且可避免通过任何其它途径访问受信任域内的数据,从而避免对受信任域中非加密数据的访问。 By providing a non-trusted domain and the trusted domain controller that is a unique interface between the trusted domain, it can ensure data encryption and decryption of data and may prevent access to the trusted domain by any other means, thereby avoiding a trusted domain access to non-encrypted data. 应当认识到,在实施例中,所述受信任域控制器提供至受信任域的唯一物理通道(access)。 It should be appreciated that in an embodiment, the trusted domain to the trusted domain controller provides the only physical channel (access).

[0014] 在一个实施例中,受信任域和非受信任域之间的所有数据传输均通过受信任域控制器发生。 [0014] In one embodiment, the non-trusted domain and trust that all data transfers between domains are trusted by the domain controller. 因此,所有的数据传输仅可通过受信任域控制器发生,从而保证存在适当的加密和解密以防止任何非加密的数据离开受信任域。 Therefore, all data can be transmitted only by trusted domain controller in order to ensure the existence of appropriate encryption and decryption to prevent any non-encrypted data leaves the trusted domain.

[0015] 在一个实施例中,由受信任域控制器强制加密和解密受信任域和非受信任域之间的数据传输。 [0015] In one embodiment, the trusted domain controllers enforce encryption and decryption and non-trusted domains trusted by the data transfer between domains. 因此,所有的传输都必须被加密或解密以保护用户数据的完整性。 Therefore, all transfers must be encrypted or decrypted to protect the integrity of user data.

[0016] 在一个实施例中,受信任域控制器包括不可再编程密码硬件,其可操作以在受信任域和非受信任域之间的数据传输上进行加密和解密。 [0016] In one embodiment, the non-trusted domain controller includes reprogrammable cryptographic hardware, which is operable to perform a non-trusted domain and the trusted domain that the data transmission between the encryption and decryption. 因此,所述加密和解密过程可被硬连线(hardwired)到受信任域控制器以致没有软件可覆盖或重新编程这些功能,以避免对离开信任域的数据需被加密的要求被任何恶意代码重写。 Thus, the encryption and decryption processes can be hard-wired (hardwired) to the trusted domain controller so that no software can be reprogrammed or cover these features in order to avoid leaving the trusting domain data needs to be encrypted request by any malicious code rewriting.

[0017] 在一个实施例中,受信任域控制器可操作以使用相应的不可再编程加密和解密逻辑对受信任域和非受信任域之间的数据传输执行加密和解密。 [0017] In one embodiment, the trusted domain controller is operable to use the appropriate non-reprogrammable logic for encryption and decryption and non-trusted domains by the data transmission between the trusted domain to perform encryption and decryption.

[0018] 在一个实施例中,加密和解密逻辑利用与用户交换的会话密钥。 [0018] In one embodiment, the encryption and decryption logic utilization and users to exchange session keys. 通过与用户交换会话密钥,只有该用户和受信任域控制器会话密钥能够解密或加密安全数据处理装置与用户之间传输的数据。 By exchanging the session key with the user, only the user and the trusted domain controller session key to decrypt the encrypted secure data processing or data transmission between the device and the user. 应当认识到,所述密钥的建立不应该依赖任何受信任的软件片段,并且除重新配置会话密钥外,受信任域控制器的行为不应该是可变的或可重新配置的。 It should be appreciated, the key is to establish should not rely on any piece of software trusted, and in addition to reconfigure the session key, the behavior of the trusted domain controllers should not be changeable or reconfigurable.

[0019] 在一个实施例中,用户将会话密钥秘密发送到受信任域控制器,利用该密钥,所述受信任域控制器通过硬件机制对自身进行重新配置。 [0019] In one embodiment, a user secret session key is sent to the trusted domain controller, use this key, the trusted domain controller hardware mechanisms to reconfigure itself.

[0020] 在一个实施例中,通过对来自架构(fabric)的受信任域控制器印记(imprinting)私有加密密钥,所述秘密发送操作远程地发生,所述私有加密密钥与由用户信任的认证机构发布、认证和/或通过的公共加密密钥对应。 [0020] In one embodiment, by the trusted domain controller imprint from architecture (fabric) of (imprinting) private encryption key, the secret remotely transmit operation occurs, the private encryption key and trusted by the user the certificate issued, certification and / or public encryption key through correspondence.

[0021] 在一个实施例中,用户使用公共密钥加密消息,所述消息包括将在受信任域控制器进行重新配置的会话密钥。 [0021] In one embodiment, the user uses the public key to encrypt the message, the message includes the trusted domain controller reconfiguration session key.

[0022] 在一个实施例中,受信任域控制器在接收到加密的消息时,使用已印记的私有加密密钥对其解密,并以用户提供的已解密的会话密钥对该受信任域控制器进行重新配置。 [0022] In one embodiment, the trusted domain controller upon receiving an encrypted message, use the stamp has a private encryption key to decrypt it, and to provide users with the decrypted session key to the trusted domain The controller reconfiguration.

[0023] 在一个实施例中,受信任的数据处理装置包括至少一个处理单元和非高速缓冲存储器(non-cache memory)。 [0023] In one embodiment, the data processing apparatus comprising at least one of the trusted and non-cache memory unit (non-cache memory) processing. 因此,受信任域可提供完整的数据处理设备,而不仅仅是特定处理器的子集部分。 Thus, the trusted domain can provide a complete data-processing equipment, rather than just a subset of some specific processor.

[0024] 在一个实施例中,输入用户数据包括数据和可执行代码。 [0024] In one embodiment, the input data including user data and executable code. 因此,可执行的代码和数据两者都可在用户和安全的数据处理装置之间传输。 Thus, both data and executable code can be between users and secure data transmission processing means. 这使得用户能够利用安全的数据处理装置的资源代表用户执行数据处理任务。 This enables the user to use resources on behalf of a user of a secure processing apparatus performing data processing tasks.

[0025] 在一个实施例中,受信任的数据处理器可操作以通过非加密的可执行代码的执行来处理非加密的数据。 [0025] In one embodiment, the trusted data processor is operable to pass a non-encrypted executable code executed to process non-encrypted data. 因此,所述受信任的处理器可通过在非加密的代码和数据上进行数据处理以进行正常的操作。 Thus, the processor can be trusted by the data processing carried out on non-encrypted code and data for normal operation. 应当认识到,这使得受信任的数据处理器发挥其正常的最大性能水平。 It should be appreciated, which makes the Trusted data processor play its normal maximum level of performance.

[0026] 在一个实施例中,响应于重新配置受信任域的请求,受信任的域控制器可操作以删除受信任域中的用户数据。 [0026] In one embodiment, in response to a request to reconfigure the trusted domain, the domain controller is operable to remove a trusted user data that is trusted domain. 因此,每当受信任域的重新配置将要发生,该受信任域的内容被清除或刷新。 Therefore, whenever that is trusted domain reconfiguration to occur, the contents of the trusted domain is cleared or refreshed.

[0027] 在一个实施例中,受信任的域控制器可操作以在重新配置受信任域之前删除该受信任域中的用户数据。 [0027] In one embodiment, the trusted domain controller is operable to reconfigure the trusted domain before deleting the user data in the trusted domain. 因此,在受信任域被重新配置以便被另一个用户或另一用户会话使用之前,该受信任的域内的信息被删除。 Therefore, before the trusted domain is reconfigured so as to be another user or another user session, information about the trusted domain is deleted.

[0028] 在一个实施例中,受信任域控制器包括不可再编程复位硬件,其可操作以提供该受信任域硬件控制的复位以响应重新配置该受信任域的请求。 [0028] In one embodiment, the non-trusted domain controller includes reprogrammable hardware reset, which is operable to provide a reset of the trusted domain hardware control in response to a request to reconfigure the trusted domain. 因此,该复位功能可被硬连线至硬件以防止任何恶意软件操作,否则所述恶意软件操作可阻止该受信任域中这样的内容清除或刷新的发生。 Thus, the reset function can be hardwired to the hardware in order to prevent any malicious software, otherwise the operation can prevent the malicious software such content in a trusted domain that is clear or refresh occurs.

[0029] 在一个实施例中,重新配置受信任域的请求包括会话密钥的改变。 [0029] In one embodiment, reconfigure the trusted domain change request includes the session key.

[0030] 在一个实施例中,重新配置受信任域的请求包括可禁用加密及解密的会话密钥的改变。 [0030] In one embodiment, the reconfiguration request includes changing the trusted domain can disable encryption and decryption of the session key.

[0031] 根据第二方面,提供了一种安全地处理由用户提供的用户数据的方法,所述方法包括:处理在受信任总线上接收到的输入用户数据并生成输出用户数据;使用受信任域控制器耦合受信任总线与非受信任的域中不受信任的总线,以确保所述不受信任总线上接收到的加密的输入用户数据被解密并在所述受信任的总线上将其作为输入数据提供,同时确保输出用户数据的加密的并在不受信任总线上将其作为加密的输出数据提供。 [0031] According to a second aspect, there is provided a secure user data is located in the grounds provided by the user, the method comprising: processing on a trusted bus input received user data and generating output user data; use a trusted domain controller is coupled with the bus trusted domain untrusted untrusted bus, in order to ensure that the received on the untrusted user input bus encrypted data is decrypted and the bus will be their trusted provided as input data, while ensuring that the encryption of user data and output in untrusted bus will be provided as an encrypted output data.

[0032] 在一个实施例中,受信任域控制器提供受信任域和非受信任域之间的唯一接口。 [0032] In one embodiment, the controller provides the trusted domain trust domain trust and a unique interface between the domains by unmanaged.

[0033] 在一个实施例中,受信任域和非受信任域之间的所有数据传输均通过受信任域控制器发生。 [0033] In one embodiment, the non-trusted domain and trust that all data transfers between domains are trusted by the domain controller.

[0034] 在一个实施例中,所述方法包括使用受信任域控制器强制加密和解密受信任域和非受信任域之间的数据传输。 [0034] In one embodiment, the method includes the use of the trusted domain controllers enforce encryption and decryption and non-trusted domains trusted by the data transfer between domains.

[0035] 在一个实施例中,所述方法包括使用受信任域控制器的不可再编程密码硬件对受信任域和非受信任域之间的数据传输进行加密和解密。 [0035] In one embodiment, the method includes the use of the trusted domain controllers can not reprogram the hardware password for trusted domains and non-trusted domains by data transmission between encryption and decryption.

[0036] 在一个实施例中,所述方法包括使用受信任域控制器的相应的不可再编程加密和解密逻辑对受信任域和非受信任域之间的数据传输进行加密和解密。 [0036] In one embodiment, the method includes using the corresponding encryption and decryption can not be re-programmed logic controller for the trusted domain and the trusted domain by non-trusted domain data transfer between encryption and decryption.

[0037] 在一个实施例中,所述方法包括利用与用户交换的会话密钥。 [0037] In one embodiment, the method includes using the session key exchanged with the user.

[0038] 在一个实施例中,所述方法包括用户将会话密钥秘密发送到受信任域控制器,通过所述会话密钥所述受信任域控制器通过硬件机制进行对自身进行重新配置。 [0038] In one embodiment, the method includes a user secret session key is sent to the domain controller that is trusted by the session key of the trusted domain controller hardware mechanisms to reconfigure itself.

[0039] 在一个实施例中,通过对来自架构的受信任域控制器印记私有加密密钥,所述秘密发送操作远程地发生,所述私有加密密钥与由用户信任的认证机构发布、认证和/或通过的公共加密密钥对应。 [0039] In one embodiment, by the trusted domain controller imprint private encryption key from the architecture, the secret remotely transmit operation occurs, the private encryption key is trusted by the user certificate issued certification and / or public encryption key through correspondence.

[0040] 在一个实施例中,用户使用公共密钥加密消息,所述消息包括将在受信任域控制器中重新配置的会话密钥。 [0040] In one embodiment, the user uses the public key to encrypt the message, the message includes the trusted domain controller reconfiguration session key.

[0041] 在一个实施例中,在接收到加密的消息时,受信任域控制器使用已印记的私有加密密钥将其解密,并以用户提供的已解密的会话密钥重新配置该受信任域控制器。 [0041] In one embodiment, upon receiving the encrypted message, the trusted domain controller has the imprint of the private encryption key to decrypt, and to provide users with the decrypted session key reconfigure the trusted domain controller.

[0042] 在一个实施例中,受信任的数据处理装置包括至少一个处理单元和非高速缓冲存储器。 [0042] In one embodiment, the data processing apparatus comprising at least a trusted unit and a non-cache processing.

[0043] 在一个实施例中,输入用户数据包括数据和可执行的代码。 [0043] In one embodiment, the input data including user data and executable code.

[0044] 在一个实施例中,所述方法包括通过非加密的可执行代码的执行来处理非加密的数据。 [0044] In one embodiment, the method includes processing non-encrypted data by performing non-encrypted executable code.

[0045] 在一个实施例中,所述方法包括,响应于重新配置受信任域的请求,删除受信任域中的用户数据。 [0045] In one embodiment, the method includes, in response to a request to reconfigure the trusted domain, delete user data in a trusted domain.

[0046] 在一个实施例中,所述方法包括在重新配置受信任域之前,删除受信任域中的用户数据。 [0046] In one embodiment, the method comprises before reconfiguring the trusted domain, delete the user data in the trusted domain.

[0047] 在一个实施例中,所述方法包括提供该受信任域硬件控制的复位以响应重新配置该受ί目任域的请求。 [0047] In one embodiment, the method includes providing the trusted domain that is reset in response to the control hardware reconfiguration request by the Head ί any domain.

[0048] 在一个实施例中,重新配置受信任域的请求包括该会话密钥的改变。 [0048] In one embodiment, the reconfiguration request from the trusted domain includes changing the session key.

[0049] 在一个实施例中,重新配置受信任域的请求包括可禁用加密和解密的会话密钥的改变。 [0049] In one embodiment, the reconfiguration request includes changing the trusted domain can disable encryption and decryption of the session key.

[0050] 进一步具体和优选的方面将在所附的独立和从属权利要求中阐述。 [0050] Further particular and preferred aspects will be set forth in the accompanying independent and dependent claims. 从属权利要求的特征可与独立权利要求的特征适当地结合,并且可与权利要求中明确指出之外的特征进行结合。 Characterized in the dependent claims may be appropriately combined with the characteristics of the independent claims and with features clearly pointed out in the claims other than binding.

[0051] 装置的特性被描述为可操作以提供功能,其应被理解为包括装置的特性,所述特性提供该功能或者适于或被配置以提供该功能。 [0051] The characteristics of the device described is operable to provide functionality, which should be understood to include the device characteristics, the characteristic feature, or the offer is adapted or configured to provide this function.

附图说明 BRIEF DESCRIPTION

[0052] 现将参考附图进一步描述本发明的实施例,其中: [0052] Reference will now be further described in the accompanying drawings embodiments of the present invention, wherein:

[0053] 图1示出了依照一个实施例的有防火墙的执行架构的域的主要元素;并且 [0053] Figure 1 shows the main elements are performed in accordance with an embodiment of the firewall architecture of the region; and

[0054] 图2示出了依照一个实施例的云计算的部署。 [0054] Figure 2 illustrates an embodiment in accordance with the calculated cloud deployments.

具体实施方式 detailed description

[0055] 概沭 [0055] Almost Shu

[0056] 在讨论所述实施例的任何更多的细节之前,首先将提供概述。 [0056] Before discussing in any more detail the embodiment, first provide an overview. 如上所述,需要供改进的保密数据的保护,特别是在云计算应用或其它分散式计算部署中。 As described above, the need for improved protection of confidential data, particularly in the cloud computing applications, or other distributed computing deployment. 对于许多应用来说,发送到远程计算机(例如云中)的代码和将被远程处理的数据,以及所述远程处理操作生成的输出数据都需要保密。 For many applications, sent to a remote computer (such as clouds) code and data will be handled remotely, and the output data generated by the remote processing operation will be kept confidential. 发送到和来自远程计算机的数据和代码能够很容易地被加密,从而保持安全性和保密性。 And to send data and code from a remote computer can easily be encrypted to maintain security and confidentiality. 然而,通常有必要的是,用户需要信任远程计算机及其系统管理员来维护保密性。 Generally, however, it is necessary that, users need to trust the remote computer and the system administrator to maintain confidentiality.

[0057] 系统管理员可以访问发送到远程计算机数据和代码,并且不受信任的并且潜在的恶意软件可在这样的远程计算机上运行并取得访问所述数据的机会。 [0057] The system administrator can access and send data to a remote computer code, and untrusted and potentially malicious software can run and get the opportunity to access the data in such a remote computer. 即使所述数据是加密的,在许多情况下可以在远程计算机里访问解密版本,所述解密版本是所有密钥在加密时均会使用的。 Even if the data is encrypted, in many cases, can be accessed in a decrypted version of the remote computer, the version of the decryption key when encrypting all will be used. 因此,如果有可能访问远程计算机中任何非加密的数据的处理或者以非加密形式的输出那些数据,保密性的损失会发生。 Therefore, if it is possible to access remote machines in any non-encrypted data or unencrypted form of output that data, loss of confidentiality occur.

[0058] 因此,实施例提供了一种硬件机制,其被硬连线(hardwired)以创建一个受信任的环境,虽然运行在其它不受信任的环境中,在该环境中能够确保代码的秘密执行以及数据的秘密处理。 [0058] Thus, the embodiment provides a hardware mechanism that is hard-wired (hardwired) to create a trusted environment, while the other runs in an untrusted environment, in this environment can ensure that the code secret secret execution and data processing. 实施例在物理计算机上提供了一个或多个受保护的或受信任的计算域(被称为有防火墙的执行域(FDE))。 Embodiments provide one or more protected or trusted domain calculation on the physical computer (referred to as a firewall implementation domain (FDE)). 在FDE中,保密数据以非加密的、明文的形式在物理平台上可达到的原生计算速度上进行处理。 In FDE, the processing of confidential data on unencrypted, clear text across the physical platform can reach native computing speed. 保密代码同样以非加密的,明文的形式在物理平台上可达到的原生计算速度上进行执行。 Secure code to the same non-encrypted, clear text across the physical platform can reach native computing speed execution. 从FDE至外部(并且潜在的非受信任的世界或域)的任何数据流均被强制加密,从而仅有授权用户才能访问它。 From FDE to an external (and potentially non-trusted domain or the world) are mandatory for any data stream encryption, so only authorized users can access it. 任何FDE的重新配置均允许不同的用户利用其计算能力,包括复位后的初始化,所述初始化导致FDE的全部内容——包括任意存储器和硬件状态——被强制清除,以使该FDE的新用户无法找到先前用户处理的数据或代码的任何残留痕迹。 Reconfigure any FDE are allow different users to use their computing capabilities, including the initialization after reset, causing the entire contents of the initialization FDE - including arbitrary memory and hardware status - is forced to clear, so that new users of the FDE Unable to find any residual traces of previously processed user data or code.

[0059] 因此,可以看出,数据(其可为代码和/或用户数据)在FDE或受信任域内为非加密的形式,使之能够通过使用数据处理装置,如一个或多个处理器核心、相关的存储器以及必需的设备或外围设备,在该受信任域内发生正常的处理。 [0059] Thus, it can be seen, the data (which may be code and / or user data) in the FDE or trust domain by non-encrypted form, so that it can by using the data processing device, such as one or more processor cores , associated memory, and the necessary equipment or peripherals, the trusted domain occurs normal processing. 受信任域和外部世界(非受信任域)之间的信息传递仅能够通过受信任的密码硬件单元(TCU)发生,每当数据移入或移出Π)Ε,所述TCU强制进行加密和解密。 Transmission of information from the trusted domain and the outside world (non-trusted domain) between only through trusted cryptographic hardware unit (TCU) occurs whenever the data into or out Π) Ε, the TCU forced encryption and decryption. 所述FDE和TCU由使用软件无法损害的硬件构建(例如,单个芯片是一个可能的实现)。 The FDE and TCU from the use of the software can not damage hardware build (for example, a single chip is one possible implementation).

[0060] 敏感数据(或代码)以加密的形式被运送到FDE,并在数据被移动进FDE时由T⑶进行一次解密。 [0060] sensitive data (or code) are transported in encrypted form to the FDE, and when the data is moved into the once decrypted by the FDE T⑶. 该非加密的数据或代码随后被存储进FDE随机存取存储器(RAM),并以非加密的形式在FDE中被处理或执行。 The non-encrypted data or code is then stored into the FDE random access memory (RAM), and non-encrypted form to be processed or executed in the FDE. 由于当任何数据离开FDE时TCU强制进行加密,任何得到的数据随后以加密的形式被发送回给终端用户(或存储在磁盘用于后续处理)。 Because when any data left FDE TCU forced to encrypt any data obtained subsequently in encrypted form is sent back to the end user (or stored on disk for subsequent processing). 因此,FDE与外界或非受信任域之间所有数据交换只能通过TCU发生,所述TCU在所有的输入数据上解密并在所有的输出数据上加密。 Therefore, FDE or with the outside world by the trust between the domains of all data exchange occurs only through the TCU, the TCU decryption and encryption on all output data on all input data. 所述TCU提供与FDE唯一或专有接口,使得不能从FDE内以任何其它方式访问数据。 The TCU provides unique or proprietary interface FDE, making it impossible to access the data from FDE in any other way. 此外,由于所述TCU以硬件实现,所以不可能阻止所述TCU执行加密与解密以便在FDE内破坏数据。 In addition, since the TCU implemented in hardware, it is impossible to prevent the TCU performs encryption and decryption of data in order to destroy the FDE.

[0061] FDE内进行的所有处理以原生的计算能力速度运行,每次访问RAM时不需要进行加密或解密。 [0061] all of the processing performed within the FDE natively speed computing power to run, you do not need to encrypt or decrypt each time you access RAM. 如上文所述,从FDE内输出数据的任何尝试均引发硬件的强制加密,使得不可能向非受信任域或环境公开信息,即使FDE内运行的软件存在缺陷或者尝试将恶意可插拔硬件插入物理计算机。 As described above, any attempt to FDE in the output data from the hardware encryption are mandatory triggered, making it impossible to trust domain or the environment that is non-public information, even when operating in the FDE software defect or try to insert malicious hardware pluggable physical computer. 此外,当切换使用FDE的用户时,所有的FDE内容被强制清除并复位到初始状态。 In addition, when switching users using FDE, all FDE content is forced to clear and reset to the initial state. 这确保了切换访问FDE的用户时不可能存在信息泄露。 This ensures that there can be no disclosure of information access to the user to switch when the FDE.

[0062] 有防火墙的执行域 [0062] firewall execution domain

[0063] 图1示出了FDE架构的主要元素。 [0063] Figure 1 shows the main elements of FDE architecture. 有防火墙的执行域20是受信任域,其为标准计算机系统的一部分,所述标准计算机系统例如被安装在个人电脑主板上。 Firewall execution domain 20 is the trusted domain, which is a standard part of a computer system, such as a standard computer system is installed on a PC motherboard. 标准计算机系统控制与外界或非受信任域80的通信,并支持FDE20的操作及初始化。 Standard computer control system to communicate with the outside world or non-trusted domains by 80, and supports FDE20 operation and initialization. 在一个实施例中,FDE20被完全包含在独立的硬件单元中,例如是独立的芯片的一部分,并且进出FDE20的唯一访问线路30通过T⑶40。 In one embodiment, FDE20 is completely contained in a separate hardware unit, for example, it is part of the individual chips, and the only access in and out of FDE20 line 30 through T⑶40.

[0064] T⑶40提供内置的通常存储在芯片防干扰部分中密码材料,这使得潜在用户能够与其进行保密和受信任的通信。 [0064] T⑶40 provides built-in anti-interference is usually stored in the chip section cryptographic material, which allows the user to potential confidentiality and trusted communication therewith. 该TCU40被设计并且被硬连线以致绝不会向FDE20之外公开该内置的加密材料。 The TCU40 and is designed to be hard-wired so that will not be disclosed to outside FDE20 the built-in encryption material. 这使得潜在用户能够秘密地发送代码和/或数据至特定的FDE以进行处理。 This allows potential users to send secret code and / or data to a specific FDE for processing. 并且,用户可利用该内置材料向FDE20秘密发送进一步的密码材料,所述密码材料可用于加密自身拥有的代码与数据。 Also, the user can take advantage of the built-in material to send further FDE20 secret cryptographic material, the material can be used to encrypt the password itself has a code and data. 例如,可提供非对称加密密钥,使得能够快速加密/解密大量数据和/或代码。 For example, asymmetric encryption keys may be provided, enables rapid encryption / decryption large amount of data and / or code. 此外,通过用户使用如数字签名这样的按照密码的校验,TCU40可以可选地支持接收到的数据与内容的校验,下文将对密码校验进行更详细地说明。 Further, according to the passcode, TCU 40 may optionally support checksum received content data by the user to provide such a digital signature, a cryptographic check will be described in more detail below.

[0065] 所有输入通信经过解密硬件40A,其被硬连线解密从非受信任域80接收到的数据并将所述非加密的数据提供给FDE20内受信任的数据处理装置,所述FDE20包括一个或多个处理器50,相关的RAM60和设备70。 [0065] All incoming communications decrypted hardware 40A, which is hardwired to decrypt the encrypted data and the non-non-trusted domain 80 receives data from the provider to the data processing apparatus FDE20 trusted, including the FDE20 one or more processors 50 and associated equipment 70 RAM60. FDE20内的所有数据和代码以非加密的形式被处理,这避免了否则可能在试图以加密形式执行代码和/或数据的安全处理时发生的任何延迟。 All data and code FDE20 within a non-encrypted form to be processed, which might otherwise avoid any delay occurred while trying to execute security processing code and / or data in encrypted form. 因此,可以看出,所述FDE20可提供完整的数据处理装置或系统,包括支持用户所要求的处理可能需要的任何资源。 Therefore, it can be seen that the FDE20 can provide a complete data processing apparatus or system, including support for any resource processing required by the user may be required. 本例中,FDE20被包含在独立的芯片上,所述芯片安装在现有的标准的主板上,所述主板运行着一个完整的标准操作系统,如Windows,Linux或其他操作系统。 In this example, FDE20 be contained on a separate chip, the chip is mounted on the existing motherboards, the motherboard running a complete standard operating systems such as Windows, Linux or other operating systems.

[0066] 所有流出FDE20的数据必须经过加密硬件40B,40B被硬连线以在数据被提供给非受信任域80之前将其强制加密。 [0066] FDE20 all outgoing data must be encrypted hardware 40B, 40B is hardwired to the data that is provided to the non-trusted domains before 80 to force encryption. 这确保了在非受信任域80中数据仅以其加密形式存在。 This ensures that the data in the non-trusted domain only 80 in its encrypted form. 通过硬连线T⑶40执行加密和解密,以及仅有T⑶插在信任和非受信任域之间专有唯一接口上,消除了以非加密的形式访问或输出数据的能力。 Hardwired T⑶40 perform encryption and decryption, and only T⑶ interposed between trusted and non-trusted domain that is the only proprietary interfaces, eliminating the ability to access non-encrypted form or output data.

[0067] 云部署 [0067] cloud deployment

[0068] 图2示出了一个可能的使用场景,其中用户110移交保密代码和数据以在远程且受信任的服务器100上进行处理,所述服务器100可通过云服务提供商得到。 [0068] FIG. 2 shows a possible usage scenario in which the user 110 and the transfer of confidential data to the code on the remote server and trusted 100 for processing, the server 100 can be obtained by a cloud service provider. 特别是,多个FDE可以安装在同一物理系统上,并且如果需要的话可由同一操作系统进行管理。 In particular, the plurality of FDE can be installed on the same physical system, and then, if required by the operating system to manage the same. 尽管穿越了非受信任的网络,如驻留在FDE20A、20B的同一个物理机器上的因特网120和非受信任的计算元素(如非受信任的公共执行域130),由于内置密码材料的使用,远程用户110可以安全并且保密地与目标FDE20A、20B进行通信。 Although the network through non-trusted, such as residing on FDE20A, 20B of the same physical machine Internet 120 and non-trusted computing elements (such as public domain implementation of the non-trusted 130), due to the use of the built-in cryptographic material , 110 remote users can securely and confidentially with the target FDE20A, 20B communicate. 该安全通信通过与受信任服务器100安全交换一个或多个密钥以及保密代码和数据的加密而实现。 The secure communication with the trusted server 100 security exchange one or more keys and secret codes and data encryption implementation.

[0069] 在图2所示的安排中,同一物理服务器100中提供多个FDE20A、20B。 [0069] In the arrangement shown in Figure 2, the same physical server 100 to provide a plurality of FDE20A, 20B. 这样的实施可适合于想给客户提供大量独立FDE的云服务提供商。 Such embodiments may be adapted to want to provide customers with a large number of independent FDE cloud service provider.

[0070] 应当认识到,该方法不能保护硬件不受复杂的物理攻击,如试图使用电子显微镜或类似物访问芯片。 [0070] It should be appreciated that the method does not protect against hardware complex physical attacks, such as trying to use an electron microscope or the like access to the chip. 然而,如果FDE完全包含在独立的芯片上,这样的攻击是极其困难的,并且通过防干扰制造的使用——例如在智能卡或受信任的平台模块设备中所使用的,可使得这样的攻击几乎不可能成功。 However, if the FDE completely contained on a separate chip, such an attack is extremely difficult, and through the use of anti-interference produced - for example, a smart card or platform module device trusted used, can make such attacks almost You can not succeed. 此外,该方法可与第三方的认证过程耦合以进一步提高安全性,所述第三方的认证过程周期性地校验云提供商的计算设备未改变也未与可疑或恶意的硬件元素结合使用。 Furthermore, the method can be used with third-party certification process coupled to further enhance security, the third party certification process to periodically check the cloud provider's computing devices has not changed nor use in combination with suspicious or malicious hardware elements.

[0071] 在实施例中,云提供商具有认证用户身份,并对他们使用的资源进行计费的方法;因此,上述方法应不排除增加更多复杂性至所述消息的可能性,这样提供商可在用户向受信任域发送他们的会话密钥以及数据/软件以进行处理时可适当地对其进行认证。 [0071] In an embodiment, the cloud provider has to authenticate users, and the resources they use a billing method; therefore, the above method does not exclude the possibility of adding more complexity to the message, thus providing Suppliers may be appropriate for its users to a trusted domain session key and send their data / software for processing for authentication.

[0072]滅 [0072] Off

[0073] 制造商为每个T⑶40预置唯一的内置非对称密钥对,在制造过程中私有密钥PrivK-FDE被注入至TCU40并被存储在防篡改硬件中,例如受信任的平台模块,同时通过公共密钥证书,对应的公共密钥PubK-FDE对应用程序开发人员和/或用户是可用的。 [0073] T⑶40 preset for each manufacturer only built asymmetric key pair, the private key PrivK-FDE is injected to TCU40 and stored in the tamper-resistant hardware, such as the trusted platform module during the manufacturing process, At the same time by the public key certificate corresponding to the public key PubK-FDE for application developers and / or users are available.

[0074] 在接收由FDE20的公共密钥PubK-FDE加密的对称用户密钥K-User后,FDE20被初始化。 [0074] Upon receiving the public key FDEs 20 PubK-FDE user encrypted symmetric key K-User, FDE20 is initialized. 这确保了只有预期的(intended)FDE可以接收并使用用户密钥。 This ensures that only the intended (intended) FDE can receive and use the user key. 所述对称用户密钥K-User对于FDE20内的处理器50、RAM60或设备70来说不可用。 User the symmetric key K-User FDE20 within the processor 50, RAM60, or the device 70 is not available. 这样的初始化使用硬件机制清除、刷新或复位FDE20内的所有数据和代码,以便移除FDE20内先前可能存在的任何数据或代码的任何残留痕迹。 This initial clearance mechanism using hardware refresh or reset all data and code FDE20 within previously possible in order to remove any residual traces within FDE20 any data or code. 这确保了另一个用户不能访问以前的数据或代码。 This ensures that other users can not access previous data or code.

[0075] 在初始化之后,用户随后使用用户的对称密钥K-User加密数据和/或代码,并将其发送到FDE20进行保密处理。 [0075] After initialization, the user can then use the user's symmetric key K-User encrypted data and / or code, and send it to FDE20 treated confidentially. T⑶40使用用户的对称密钥K-User解密数据和/或代码,并将所述解密的数据和/或代码存储在FDE20之中用于进一步处理。 T⑶40 user K-User symmetric key to decrypt the data and / or code and the decrypted data and / or code stored for further processing in FDE20 being. 这样的处理可以以非加密的形式发生,以加快FDE20的操作。 Such a process can take place in a non-encrypted form, in order to speed up FDE20 operation.

[0076] 每当FDE20试图向FDE20中受信任域之外提供任何数据,该数据被加密硬件40B使用用户的对称密钥K-User强制加密。 [0076] Whenever FDE20 tried to FDE20 in a Trusted Domain to provide any data that is encrypted using the user's hardware 40B symmetric key K-User enforce encryption. 这样的加密数据随后可经由非受信任域80被发送回用户,或存储在例如硬盘上以供以后检索。 Such data can then be encrypted via a non-trusted domain 80 is sent back to the user, for example, or stored on the hard disk for later retrieval. 只有能够访问该用户的对称密钥K-User的某人(someone)可以解密并理解该输出数据,所述某人可以是用户自身或被配置为代表该用户保密执行的任何其他FDE。 Only able to access the user's symmetric key K-User someone (someone) can decrypt and understand the output data, the person may be a user to configure itself or any other FDE is performed on behalf of the user confidentiality. 合法用户接收FDE20输出的数据,然后可使用用户的对称密钥K-Use解密该数据。 FDE20 legitimate user receives the output data, then the user can use a symmetric key K-Use decrypt the data.

[0077] 每当FDE20代表给定的用户完成计算时,例如当操作系统希望向另一个用户提供所述FDE的资源时,需要重新配置T⑶40。 [0077] Whenever FDE20 given on behalf of the user to complete the calculation, for example, when the operating system is another user wishes to provide the FDE resources, we need to reconfigure T⑶40. 但是,所述T⑶40的配置触发对FDE20内的所有资源强制和不可避免的复位。 However, the configuration of the T⑶40 trigger all resources within FDE20 mandatory and unavoidable reset. 该硬件触发清除、复位或刷新全部RAM60、处理器50和设备70。 The hardware trigger clear, reset or refresh all RAM60, the processor 50 and the device 70. 此后,FDE20没有先前操作所残留的代码或数据。 Thereafter, FDE20 no previous operations remaining code or data. FDE20随后从操作系统接收新代码和/或数据,其为加密的并且可选地被签名,如上文所述。 FDE20 subsequently from the operating system to receive the new code and / or data, which is encrypted and optionally be signed, as described above.

[0078] 如上文所述,用于FDE的公共和私有密钥由FDE制造商硬连线(hardwired)至TCU40,并且所述公共密钥是公开的且可选地被制造商签名,因此任何用户都能够确定FDE的来源并校验其确实是期望的FDE。 [0078] As described above, for FDE public and private key by the manufacturer FDE hard-wired (hardwired) to TCU40, and the public key is published and is optionally manufacturers signature, so any users are able to determine the source of FDE and check it is indeed desirable FDE. FDE的制造商必须是受信任的,以生产符合规范的FDE。 Manufacturer FDE must be trusted to produce compliant FDE.

[0079] 认证 [0079] Certification

[0080] 如上文所述,用户与一个或多个FDE之间能够发生数据和/或代码的保密交换。 [0080] As described above, between the user and the one or more data FDE can occur and / or confidential exchange code. 为提供增强的安全性,可以增加数据交换的认证并引入额外的密码材料供TCU40使用以执行交换的数据和/或代码的认证,以使所述数据和/或代码能够进入FDE20的受信任域。 To provide enhanced security, you can increase the authentication data exchange and the introduction of additional cryptographic material for TCU40 use to perform data exchange and / or authentication code, so that the data and / or code to enter the trusted domain FDE20 .

[0081] 这可以通过允许用户在初始化时还向T⑶40提供签名校验密钥VerK-User (其使用FDE公共加密密钥PubK-FDE加密)实现,所述VerK-User对应于所述用户持有的私有签名密钥SigK-User。 [0081] This can allow the user to provide a signature verification key VerK-User (FDE using a public encryption key PubK-FDE encryption) initialization T⑶40 Shihai to achieve the VerK-User holders corresponds to the user private signature key SigK-User. 使用这样的配置,对于TCU40接收的任何后续数据和/或代码,在其在FDE20内被接受和复制以用于处理之前,必须预先验证完整性。 Using such a configuration, for any subsequent data TCU40 received and / or code before it is accepted for processing and replication within FDE20, must be pre-verify the integrity.

[0082] 在这种情况下,用户通过使用其签名密钥SigK-User对需要在FDE上被远程执行的数据和/或代码进行签名并且使用先前配置的对称密钥K-User加密任何消息来发送需要在FDE上被远程执行的数据和/或代码。 [0082] In this case, the user by using its signature key SigK-User need to be signed by the FDE remote execution of data and / or code and use the previously configured symmetric key K-User encrypt any message need to be sent in the FDE data and / or remote execution of code. 在FDE20之中,由于T⑶40知道PrivK-FDE,其解密用户数据和/或代码,并且在除去用于在FDE20内执行的数据和/或代码之前,TCU40使用用户的签名校验密钥VerK-User校验附加的数字签名,以确保将被执行的数据和/或代码来自预期的用户。 Among the FDE20 due T⑶40 know PrivK-FDE, decrypt user data and / or code, and removed before the data is used in FDE20 execution and / or code, TCU40 user signature verification key VerK-User additional digital signature verification to ensure that the data will be performed and / or code from the user's expectations.

[0083] 额外的密码材料可在初始化T⑶40时配置,以便通过对其施加数字签名使其能够认证任意发送回用户的数据。 [0083] Additional materials can be initialized T⑶40 password when configured so that by applying a digital signature so that it can be sent back to the authentication of any user data.

[0084] 如上文所述,FDE20可嵌入受信任平台模块(TPM)芯片,所述芯片负责安全存储并使用长期的密码材料如私有加密密钥PrivK-FDE。 [0084] As described above, FDE20 can be embedded Trusted Platform Module (TPM) chip, the chip is responsible for long-term safe storage and use of cryptographic material such as a private encryption key PrivK-FDE.

[0085] 受信任的密码单元 [0085] trusted cryptographic unit

[0086] TCU40具有特殊的寄存器,操作系统可以在任何时候将新用户的密码信息写入其中,例如用户的对称密钥K-User。 [0086] TCU40 has a special register, the operating system can at any time a new user password information written therein, such as the user's symmetric key K-User. 如上文所述,这导致FDE20内容的复位。 As described above, which results in the reset FDE20 content. 新提供的密码材料必须用FDE的公共加密密钥、PubK-FD加密,并由T⑶40自动地解密(如通过使用相关的TPM功能)。 New cryptographic material must be provided with FDE public encryption key, PubK-FD encryption, decryption by T⑶40 automatically (such as by using the associated TPM function).

[0087] T⑶40可以将数据从非受信任域80的公共RAM85移入FDE20。 [0087] T⑶40 data can be from a non-trusted domain 80 public RAM85 moved FDE20. 在这种情况下,所传送的数据被解密并可选地被验证,如上文所述。 In this case, the transmitted data is decrypted and optionally authenticated, as described above.

[0088] TCU40可以与非受信任域80的公共CUP87执行多个明确定义的交互。 [0088] TCU40 can interact with more than one well-defined non-trusted domain 80 public CUP87. 例如可执行适当寄存器的读/写和/或直接存储器访问(DMA)传递以允许启用或禁用FDE20。 For example, to execute the proper register read / write and / or direct memory access (DMA) transfer to allow enable or disable FDE20. 同样,TCU40能够改写当前配置的用户的密码材料(例如用户的对称密钥K-User以及用户的签名校验密钥VerK-User)。 Similarly, TCU40 user can override the current configuration of the cryptographic material (such as the user's symmetric key K-User and the user's signature verification key VerK-User). T⑶40可以将将从处理器50处执行的二进制代码块载入RAM60,在其中使用已配置的公共密钥PubK-FDE解密所述代码,并且可选地使用该用户的签名校验密钥VerK-User校验代码块的签名。 T⑶40 may be binary code block from the processor 50 to perform load RAM60, the public key to decrypt the codes PubK-FDE which already configured, and optionally use the user signature verification key VerK- User signature verification code block. T⑶40可以启动或开始FDE20内的已载入代码的执行。 T⑶40 can start or begin loaded code execution within FDE20. T⑶40可以将加密的数据从公共RAM85传送至RAM60,并且在传送过程中T⑶使用已配置的FDE公共密钥PubK-FDE强制解密数据,并可选地使用该用户的签名校验密钥VerK-User校验所述代码块的签名。 T⑶40 encrypted data can be transferred from the public RAM85 to RAM60, and during the transfer T⑶ configured to use public key PubK-FDE FDE forced to decrypt the data, and optionally use the user signature verification key VerK-User signature verification of the code block. T⑶40可以将数据从RAM60传送至公共存储器85,并且在传送过程中T⑶使用PubK-FDE密钥强制加密数据。 T⑶40 can transfer data from RAM60 to the common memory 85, and during the transfer T⑶ use PubK-FDE enforce encryption key data.

[0089] 当系统上电时,FDE20使用无效的公开密钥重置,从而将其有效地禁用直至其被以实际用户的密码材料使用。 [0089] When the system is powered up, FDE20 invalid public key reset, thereby effectively disabling it until it is actually the user's password to use materials. 每当已禁用的FDE20被启用时,处理器50、存储器60和任意设备70被复位到已知的状态,并且他们的执行被挂起直到该FDE接收到指示执行开始的指令。 FDE20 disabled whenever enabled, the processor 50, a memory 60, and any device 70 is reset to a known state, and their execution is suspended until the execution instruction is received FDE first instructions.

[0090] 分散式计算 [0090] distributed computing

[0091] 图1和图2示出的方法使得用户能够将复杂和重量级计算移交给云提供商,并且这些计算可以在多个彼此协作的FDE中以分散的方式执行从而实现保密的分散的计算算法。 [0091] FIG. 1 and the method shown in FIG. 2 enables the user to be transferred to the complex and heavyweight cloud computing providers, and these calculations can be executed in a decentralized manner in a plurality of FDE cooperate with each other in order to achieve dispersion of secrecy calculation algorithm. 用户能够通过使用相同的对称密钥K-Use初始化代表同一用户行事的FDE,从而所述FDE能够在计算中相互交换数据,使得分散式客户端应用能够安全实现。 Users to use the same symmetric key K-Use initialization acting on behalf of the same user FDE, so that data exchange between the FDE in the calculation, so that client applications can be distributed security implementation.

[0092] MS [0092] MS

[0093] FDE20提供严格(tight)的隔离特性。 [0093] FDE20 provide rigorous (tight) isolation characteristics. 例如,将RAM60中的内容转储到磁盘——例如作为“休眠”进程的一部分一是不可能的。 For example, the RAM60 dumps the contents to disk - for example, as part of the "sleep" process first, impossible. 此外,在TCU40内配置的密码材料不能以任何方式从TCU40的外部读取。 Further, in the configuration of the cryptographic material TCU40 not in any way be read from the outside TCU40. 这样的材料以最高的安全性标准被保护(例如通过利用防干扰和防篡改的制造过程)。 Such materials to the highest safety standards are protected (for example, through the use of anti-interference and anti-tampering manufacturing process).

[0094] 因此,可以看出,让用户知道给定的云提供商的硬件使用上述实施例允许他们建立强烈的信任,即相信提供商无法暗中监视移交给云提供商用于远程处理的数据和/或代码。 [0094] Thus, it can be seen, to let the user know that a given cloud provider's hardware using the above embodiments allow them to build a strong trust that the provider can not believe spying handed over to the remote cloud provider for data processing and / or code. 数据与在其上执行的计算以及任何产生的数据的保密性的保证由成熟的加密算法及制造商保证的硬件芯片担保。 Data on which to perform the calculation and guarantees the confidentiality of any data generated by the guaranteed maturity encryption algorithm and hardware chip manufacturer warranty. 这使得能够在全新的域的集合中使用云计算,否则其中的安全考量可能会阻碍潜在的云计算应用。 This enables the use of cloud computing in a new set of domain, or the safety considerations which may hinder the potential of cloud computing applications. 先前的机制,如受信任的计算,仅旨在使用户对云提供商的远程主机中运行准确的软件栈具有信任。 Previous mechanisms, such as trusted computing, only designed to enable users to cloud providers running on the remote host software stack having accurate trust. 然而,这使得用户暴露在可能的攻击下,所述攻击可能会损坏主机软件栈操作(例如,由于软件缺陷),危及他们的数据和代码的保密性。 However, this allows the user to expose a possible attack, the attack could damage the host software stack operations (for example, due to a software defect), endangering their data and code of confidentiality. 上文所述的实施例提供了强大的硬件级的保密性保证。 Example embodiments described above provides a powerful hardware-level security guarantees. 如果发生攻击者从外部侵入,或者发生主机中运行恶意虚拟机的情况,攻击者所能做的所有事情就是窃取加密数据,所述加密数据由于缺少必要的解密密钥或密钥从而不能被解密。 If an attacker from outside intrusion, or the occurrence of malicious hosts running virtual machines, all the things an attacker can do is steal the encrypted data, the encrypted data due to the lack of the necessary decryption key or key and thus can not be decrypted . 这是相较现有系统的一个主要变化,在现有系统中用户不仅需要信任云提供商,还需要信任云服务提供商的所有员工以及云上运行的所有软件。 This is a major change compared to the existing system, the existing system is not only user you can trust cloud providers, cloud service providers also need to trust all the staff and all the software running on the cloud. 现在,用户只需要信任芯片制造商并相信公共密钥加密是安全的。 Now, users only need to trust and believe that the chip maker public key encryption is secure.

[0095] 本领域技术人员将容易地认识到,上述各种方法的步骤可以通过编程的计算机来执行。 [0095] Those skilled in the art will readily recognize that the methods of the above-described various steps may be performed by a programmed computer. 在此,一些实施例也旨在覆盖程序存储设备,例如,数字数据存储介质,其可为机器或计算机可读并编码的机器可执行或计算机可执行的指令的程序,其中所述指令执行上述方法所述的多个或全部步骤。 Here, some embodiments are also intended to cover program storage devices, e.g., digital data storage medium, which is a machine-readable and encode machine-executable or computer-executable instructions or computer program, wherein the instructions perform the above more or all of the steps of the method. 程序存储设备可以是,例如,数字存储器、磁存储介质如磁盘和磁带、硬盘驱动器或光学可读数字数据存储介质。 The program storage device may be, e.g., digital memories, magnetic storage media such as disks and tapes, hard drives, or optically readable digital data storage medium. 该实施例还旨在覆盖被编程以执行上述方法所述步骤的计算机。 This embodiment is also intended to cover computers programmed to execute the above-described method steps.

[0096] 图中示出的多种元素的功能,包括标记为“处理器”或“逻辑”的任何功能块,可以通过使用专用硬件以及具有执行软件能力的硬件结合适当的软件提供。 [0096] FIG function shown in a variety of elements, including any functional blocks labeled as "processors" or "logic" can be combined with the appropriate software through the use of dedicated hardware and software have the ability to perform hardware available. 当由处理器提供时,所述功能可以由单个专用处理器、单个共享处理器或其中一些被共享的多个独立处理器提供。 When provided by a processor, the functions may, by a single shared processor, or some of which are shared by a plurality of individual processors provided by a single dedicated processor. 此外,术语“处理器”或“控制器”或“逻辑”的明确使用不应被解释为专指具有执行软件能力的硬件,并且可隐含地包括但不限于,数字信号处理器(DSP)硬件、网络处理器、专用集成电路(ASIC)、现场可编程门阵列(FPGA)、用于存储软件的只读存储器(ROM)、随机存取存储器(RAM)及非易失性存储器。 In addition, the term "processor" or "controller" or "logic" clearly should not be construed to refer exclusively to hardware software has the ability to perform, and may implicitly include, without limitation, digital signal processor (DSP) hardware, network processor, application specific integrated circuit (ASIC), a field programmable gate array (the FPGA), read-only memory for storing software (ROM), a random access memory (RAM) and nonvolatile memory. 其他硬件,常规和/或定制的,也可被包括在内。 Other hardware, conventional and / or custom, may also be included. 同样,图中所示的任何交换仅仅是概念性的。 Similarly, any exchange shown in the figures are conceptual only. 他们的功能可以通过程序逻辑操作、通过专用逻辑、通过程序控制和专用逻辑的交互,或甚至手动来进行执行,具体实现方式可以由实施者依照其个人对上下文的理解来进行选择。 Their function can be programmed logic operations, through dedicated logic, through the program control and dedicated logic interaction, or even manually to perform, specific implementations may be made in accordance with its individual implementers context of understanding to choose.

[0097] 本领域技术人员需认识到此处任意方框图描绘的是体现本发明原理的示意性电路的概念性视图。 [0097] The skilled person need to understand that any block diagram is depicted here embodying the principles of the present invention, a circuit schematic conceptual view. 类似地,需要指出所有流程图表、流程图、状态转移图、伪码及类似物均表述了实质上位于计算机可读媒体中上并可以被计算机或处理器执行的各种处理,不论此类计算机或处理器是否明确地被表露。 Similarly, it is noted that all flow charts, flow diagrams, state transition diagrams, pseudocode, and the like are expressed in a substantially located on a computer-readable medium and executed by a computer or processor may be various processes, whether or not such computer whether or processor is explicitly revealed.

[0098] 以上叙述和描绘仅仅示出了本发明的原理部分。 [0098] The above description and depicted shows only part of the principles of the present invention. 因此需要指出本领域技术人员能够遵循本发明的原理设计出多种本文中没有明确描述或展示的实施例,但其仍然包括在本发明的精神和范围之中。 Therefore it is noted that the skilled person can follow the principles of the present invention to design a variety herein not explicitly described or illustrated embodiments, but are still included within the spirit and scope of the invention. 此外,所有在此列举的例子主要为了教导和帮助读者理解本发明的原理以及发明人提出的概念以推动本领域技术的发展,并且所举示例还应被理解为不限于本文这些特别列举的例子和条件。 In addition, all of the examples cited in this mainly to teach and help the reader understand the concepts and principles of the invention proposed by the inventors in order to promote development in the areas of technology, and cited examples should be construed as limited to these particular examples recited herein and conditions. 此外,所有对本发明原理、整体情况、实施例以及具体示例的陈述均包括其等同物。 In addition, all of the principles of the present invention, the overall situation, and forth embodiments are specific examples including equivalents thereof.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
CN1656432A *Mar 20, 2003Aug 17, 2005英特尔公司System and method for resetting a platform configuration register
US5915025 *Jan 15, 1997Jun 22, 1999Fuji Xerox Co., Ltd.Data processing apparatus with software protecting functions
US6836847 *Mar 6, 2000Dec 28, 2004The Johns Hokins UniversitySoftware protection for single and multiple microprocessor systems
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
CN104751072A *Mar 17, 2015Jul 1, 2015山东维固信息科技股份有限公司Secrete-related control system providing completely transparent user experience based on real-time encryption and decryption technology
Classifications
International ClassificationG06F21/60, G06F21/74, H04L29/06
Cooperative ClassificationH04L63/0428, G06F21/74, H04L63/0281, G06F21/602, H04L63/04
Legal Events
DateCodeEventDescription
Feb 4, 2015C06Publication
Mar 11, 2015C10Entry into substantive examination