CN101183413B - Architecture of trusted platform module and method for providing service thereof - Google Patents
Architecture of trusted platform module and method for providing service thereof Download PDFInfo
- Publication number
- CN101183413B CN101183413B CN2007101992305A CN200710199230A CN101183413B CN 101183413 B CN101183413 B CN 101183413B CN 2007101992305 A CN2007101992305 A CN 2007101992305A CN 200710199230 A CN200710199230 A CN 200710199230A CN 101183413 B CN101183413 B CN 101183413B
- Authority
- CN
- China
- Prior art keywords
- information
- tpm
- module
- key
- order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention provides a trusted platform module TPM system structure and a method of providing service. The structure comprises an I/O bus interface module, a password coprocessor module, an HMAC engine module, an SHA-1 engine module, an Opt-In module, a nonvolatile memory module, a volatile memory module, an execution engine module, a power-detecting module, a random number generator, a key generator module and an I/O interface module for special information; wherein, interaction operation is performed internally for the I/O interface module for special information and the execution engine module; preset, backup and recovery of internal information for trusted platform module are performed through the connection with each parallel or serial trusted equipment and the function of pin PP isreplaced. The trusted platform module provides the following services: reading identification information of connected equipment for I/O interface module for special information; testing status of I/O interface module for special information; presetting initial information, moving information, backing up or recovering TPM sensitive data. The invention can be used for enabling safe operation of internal sensitive information of TPM module.
Description
Technical field
The invention belongs to computer security, network communications technology field, particularly relate to the architecture system of credible platform module and service method is provided.
Background technology
Since the eighties in last century, the personal computer industry has realized separating of computer software and hardware design manufacturer with compatible, open theory develop rapidly, and the product of each manufacturer can compatible and operation when differing from one another.Internet is a computer interconnected network largest in the world today, that covering is the widest, and the fast development of Internet makes world economy, social development and human lives produce huge variation, has changed people's study, work and life style.Thereby computing machine is widely used in every profession and trade, family, and these are the motive power that promotes the computer industry high speed development, reduces cost.But compatible and open system must standardization, and this also is the root that computing machine and Internet face safety problem.In order to solve computer security issue, " Trusted Computing tissue T CG " set up in 190 companies such as Microsoft, Intel, IBM.TCG has further increased the concern to software security when emphasizing the secure hardware platform construction, be intended to from cross-platform and hardware/software interface two aspects operating environment, and promotion does not rely on the formulation of the credible calculating platform working stamndard of particular vendor.
Credible platform module TPM according to the TCG norm-setting is the information security module that presents with the hardware module form, and this module is placed in computer motherboard etc. usually and contains on the integrated circuit board of master controller.The solution of TPM1.2 version standard as shown in Figure 1.This module comprises: I/O bus interface module, password coprocessor module, HMAC engine modules, SHA-1 engine modules, Opt-In module, non-volatile memory module, volatile, execution engine modules, power supply detection module, randomizer module, key generator module and PP pin.Wherein, the I/O bus module is by the information flow on the channel C O supervisory communications bus; The password coprocessor module realizes the Password Operations of TPM inside, and it links to each other with other module by channel C 1; The key generator module produce RSA key to and symmetric key, it links to each other with other module by channel C 2; The HMAC engine modules provides two kinds of functions for TPM: prove verify data and solicited message mandate, it links to each other with other module by channel C 3; The randomizer module produces random number for the TPM internal module, and it links to each other with other module by channel C 4; The SHA-1 engine modules is the main modular of TPM, and it has been realized hash algorithm and has linked to each other with other module by channel C 5; The power supply status of power supply detection module management TPM, it links to each other with other module by channel C 6; The Opt-In module provides method and the mechanism that makes TPM be in on/off, enabled/disabled, activated/deactivated state, and it links to each other with other module by channel C 7; Carry out the TPM order that engine modules is accepted and execution arrives from the I/O port, it links to each other with other module by channel C 8; Non-volatile memory module be used for storing nonvolatil identity information with in the relevant status information of TPM, it links to each other with other module by channel C 9; Volatile is used for storing impermanency information, and it links to each other with other module by channel C 10; At the scene whether PP pin indication operator; Application software provides Secure Application for the user, is used for user data is handled, and it is in the upper strata of operating system; Operating system provides hardware, calls and the necessary function of application program as the control of mainboard, CPU, internal memory, hard disk and TPM etc.; The control of operating system security resume module hardware call with the application program required function in security-related part, it is the part of operating system; Mainboard is the carrier of other hardware facility, and TPM links to each other with mainboard with other hardware; CPU mainly is the data in interpretive machine instruction and the process computer software; BIOS is the most basic software program code that is carried on the computer hardware system; Internal memory is used for temporarily preserving data, can read and write at any time, and speed is very fast; Hard disk is the memory device of storage system and user data; The systems/platforms bus transmits and steering logic for each assembly provides data with a kind of universal mode.
In the TPM standard; the I/O bus interface links to each other with the master controller such as the CPU of computer motherboard or other system; by meeting the mutual of TSS standard communications command with platform such as computer system; realize the various defencive functions of TCG regulation and stipulation; as user's authentication, the integrality of completeness of platform, application program and the verifiability between the platform etc.Yet according to the TCG standard, there are following point in fail-safe computer or other system that TPM is installed on computer motherboard:
(1) TPM preset information problem.The initial information of depositing in the nonvolatile memory in the TPM is by the TPM factory pre-set at present, and when carrying out the Clear operation, because security, these information can return to preset condition.But concerning TPMOwner, for the convenience of using, usually TPM can also keep some essential informations in the past after wishing the Clear operation, as SRK, tpmProof, TPM Owner identity and PCR initial value etc., be that nonvolatile memory returns to the preset condition that TPMOwner wishes, and these states and TPM and platform manufacturer are irrelevant.Simultaneously, for TCG standard compatibility, the preset information restoration methods of TPM Owner can not influence the working specification of TPM.
(2) backup of TPM internal information and recovery problem.For computing machine and TPM user, upgrade reasons such as upgrading, damage replacing because of computing machine, usually need the transfer of content of a computing machine or be cloned on another computing machine, the model of this computing machine and original computing machine can be identical or different, even can be the product of different vendor.For information such as key of storing among the TPM and certificates, also face similar problem: if key passes through the I/O bus backup of system platform, then computing machine wooden horse/Virus just can be intercepted and captured backup information; If backup and recovery that can not safety then may be owing to encrypted information and related credentials that the damage of TPM cause storing in the hard disc of computer can't decipher and verify.
(3) Physical Presence mechanism can not guarantee the safety management problem that presets, backs up and recover to the TPM internal information.Master controller among the TPM 1.2, all control informations as mainboard CPU are all transmitted by the I/O interface bus of systems/platforms bus and TPM module, when TPM being carried out Clear, Deactivate and Disable order, need TPM Owner scene to confirm, as the PP pin of TPM chip by selector switch.Yet, when TPM Owner carries out presetting, backing up of TPM information and recovers, also do not have method to pass through the security that Physical Presence mechanism guarantees these operations at present.
The credible security of emphasizing in the Trusted Computing standard 1.2 that these problems make TCG announce may be brought a lot of restrictions to the user, makes the user to system's ability out of hand.As: 1) as long as the user's computer system is distrusted the TPM supplier or platform itself thinks that already present entity is insincere, may make the owner of computing machine can't open the file on its disk, some equipment refusal starts, or some program refusal is carried out, therefore, this mechanism makes the user have controlled possibility.2) under believable computing platform, the user will be forced to install the credibility that the hardware of being signed and software come maintenance platform.The user will not have more right to select to use which kind of hardware or software, reduce the ease for use and the autonomous controllability of user of computing platform.3) some wrong or error inevitably can appear in the user in using the process of TPM, as the PKI of EK is lost, the TPM chip burns etc., existing TPM1.2 standard is not considered these problems.In a single day this makes these situations that occurs, TPM user just can not recover secret information that oneself exists among the TPM and the hard disc data of encrypting with these secret informations.This makes the use of existing TPM seriously hinder the rule of ease for use.
Summary of the invention
The objective of the invention is deficiency, a kind of architecture of credible platform module is provided and service method is provided, to solve the problem that presets, backs up and recover of the inner key message of TPM at present TPM1.2 and TSS standard.
For achieving the above object, the architecture system of credible platform module provided by the invention comprises the following module according to the credible platform module TPM of TCG norm-setting:
The I/O bus interface module is by the information flow on the channel C O supervisory communications bus;
The password coprocessor module realizes the Password Operations of TPM inside;
The HMAC engine modules proves verify data and solicited message mandate;
The SHA-1 engine modules realizes hash algorithm;
The Opt-In module provides the method and the mechanism that make TPM be in different conditions;
Non-volatile memory module is in order to store nonvolatil identity information and the status information relevant with TPM;
Volatile is in order to storage impermanency information;
Carry out engine modules, in order to accept and to carry out the TPM order that arrives from the I/O port;
The power supply detection module is in order to the power supply status of management TPM;
The randomizer module is for the TPM internal module produces random number;
The key generator module, in order to produce RSA key to and symmetric key;
It is characterized in that: on the basis of described each hardware module, have additional specific information I/O interface module, this specific information I/O interface module is carried out interactive operation inner with the execution engine modules, by the presetting, backing up and recovering of realization credible platform module internal information that link to each other with the various parallel or serial credible equipments in the external world, and alternative function according to pin PP among the credible platform module TPM of TCG norm-setting, at the scene whether pin PP indication operator.
Described credible platform module presets, the internal information of back up or restore comprises: proof of identification key A IK; Storage root key SRK; Platform configuration register PCR value; Signature key Signing Key; Storage key Storage Key; Binding key Bind Key; Derivative key Legacy Key; Authorize and change key A uthChangeKey; Write comments on a document certificate Endorsement Cert; Authentication certificate Conformance Cert; Platform credential platform Cert; Confirm certificate Validation Cert and AIK certificate.
Described control command comprises: read identity information order TPM_ReadSpecialIOID, specific information I/O interface module activation command TPM_SetSpecialIOActived, specific information I/O interface module deactivation order TPM_SetSpecialIODeactivated, initial information presets order TPM_InitConfigSpecialIOContext, migration information presets order TPM_MigConfigSpecialIOContext, backup command TPM_BackupSpecialIOContext, recover order TPM_RestoreSpecialIOContext.
For realizing the object of the invention, credible platform module TPM of the present invention provides service method, be. on the basis of each hardware module of the credible platform module TPM of foundation TCG norm-setting and pin configuration, set up specific information I/O interface module, make each hardware module of credible platform module TPM and pin on the basis of original function, by the specific information I/O interface module of setting up realize to the content erotic information of credible platform module TPM preset, backup and recovery, and alternative function according to pin PP among the credible platform module TPM of TCG norm-setting, its process comprises:
1) reads the identity information of specific information I/O interface module connection device;
2) state of credible platform module is tested;
3) respectively initial information, the migration information of credible platform module preset or the credible platform module internal information is carried out carrying out safety backup or recovery, finish service.
Described initial information to credible platform module, migration information preset or the credible platform module internal information are carried out carrying out safety backup or recovery, preset order, migration information by initial information respectively and preset order, backup command, recovery order and carry out, these orders include input information and output information.The input information that this initial information presets order comprises: the byte length of command request, all inputs, command sequence number, indicate the sign whether handle must be retained, the byte length of import information, the ID set of import information; Output information comprises: the handle that points to preset information after the byte length of command response, all outputs, the return code of operation, the initial prefabricated success.The input information that this migration information presets order comprises: the byte length of command request, all inputs, command sequence number, indicate the sign whether handle must be retained, the byte length of import information, the ID set of import information; Output information comprises: the handle that points to preset information after the byte length of command response, all outputs, the return code of operation, the prefabricated success of migration.The input information of this backup command comprises: the handle of the byte length of command request, all inputs, command sequence number, backup information, the ID of backup information set; Output information comprises: the length of the byte length of command response, all outputs, the return code of operation, backup information.The input information of this recovery order comprises: the byte length of command request, all inputs, command sequence number, indicate whether handle must be retained, the ID set of the byte length of recovering information, recovering information; Output information comprises: the byte length of command response, all outputs, the return code of operation, point to the handle of recovering information after recovering successfully.
The present invention has following advantage:
1. owing to adopt specific information I/O interface module to realize the transmission of TPM module contents sensitive information, and this specific information I/O interface module is not communicated by letter with computer motherboard CPU, has guaranteed that all kinds of potential wooden horse or the virus in the computing machine can not intercept and capture, distort, cover TPM inside modules sensitive information;
2. owing to adopt specific information I/O interface module, carry out carrying out safety backup, taken into account the credibility and the ease of use of local information as key, certificate and PCR value etc. to the information that TPM inside produces;
3. owing to adopt specific information I/O interface module that the TPM internal information is moved to preset, realize the credible transfer of TPM inside modules sensitive information on the fail-safe computer of different TPM manufacturer, various computing machine manufacturer;
4. owing to adopt specific information I/O interface module initially presetting to the customized information of TPM Owner, TPM Owner can customize the relevant information of TPM after purchasing computing machine, realize the open industrialization of credible platform module, fail-safe computer or other application TPM security terminal, can guarantee final user's credible personalization again.
5. the present invention can use same TPM hardware facility for the multi-user, when guaranteeing that simultaneously a certain user uses TPM, only comprises this user's secret information among the TPM, and promptly each user can carry out initialization to TPM according to the secret information of oneself.
6. control strategy of the present invention can be by customization, final control should be grasped in user's hand, perhaps make the user on the basis of the control authority of accepting to determine, can further expand at least, break of the monopolization of TPM manufacturer to Trusted Computing, promote the use of Trusted Computing, satisfy the demand of user Trusted Computing.
Description of drawings
Fig. 1 is the system assumption diagram that uses the trusted computer of existing TPM module in the TPM1.2 standard;
Fig. 2 is the system assumption diagram of TPM module of the present invention;
Fig. 3 is to use the system assumption diagram of the trusted computer of TPM module of the present invention;
The explosion command of Fig. 4 specific information I/O interface module inside;
Fig. 5 is the synoptic diagram that TPM module of the present invention provides service;
Fig. 6 is an example of using the trusted computer of TPM module of the present invention.
Embodiment
With reference to Fig. 2 and Fig. 3, TPM module system structure of the present invention comprises: I/O bus interface module, password coprocessor module, HMAC engine modules, SHA-1 engine modules, Opt-In module, non-volatile memory module, volatile, execution engine modules, power supply detection module, randomizer module, key generator module and specific information I/O interface module.Wherein, I/O bus interface module, password coprocessor module, HMAC engine modules, SHA-1 engine modules, Opt-In module, non-volatile memory module, volatile, execution engine modules, power supply detection module, randomizer module and key generator module meet the TPM1.2 code requirement.Application software, operating system, operating system security module, mainboard, CPU, BIOS, internal memory, hard disk, systems/platforms bus satisfy the computer industry standard.
Described specific information I/O interface module is to link to each other with extraneous trusted terminal or equipment to carry out the sophisticated interface module of message exchange, link to each other with other module by channel C 11, and do not link to each other with computer motherboard or the CPU that uses on the mainboard of this TPM module, promptly the mainboard CPU software of going up operation can not be visited this specific information I/O interface module.This interface can be a parallel or serial control interface such as USB, smart card, UART, PS/2, RS232, RS422, RS485 and various card reader, but is not limited only to these interfaces.As long as with the direct communication of TPM module and with the interface of not direct communication of mainboard CPU, all are specific information I/O interface modules of patent indication of the present invention.This specific information I/O interface module can realize the PP functions of pins, when external unit inserts TPM by specific information I/O interface module, is equivalent to PP pin state and is changed to TRUE.
TPM Owner need specify by specific information I/O interface module information transmitted, and these information can be AIK, SRK, tpmProof, PCR value, signature key Signing Key, storage key Storage Keys, Binding key BindKeys, derivative key Legacy Keys, authorize change key A uthChangeKey, write comments on a document certificate Endorsement Cert, authentication certificate Conformance Cert, platform credential platform Cert, confirm certificate Validation Cert and AIK certificate etc.
The described specific information I/O interface module information transmitted of passing through perhaps leaves in the trusted terminal that is connected into the TPM module with other storage mode with file mode, and wherein the type of file has three kinds:
(1) identification document: user profile Inf and cryptographic hash SHA_ID by message length N_ID, the N_ID byte of the identity information ID of 2 bytes, 2 bytes form.
(2) key file: as key, deposit after encrypting by the TPM password coprocessor by user password.This key file is that the ashed information authentication code HMAC_KEY of N_KEY byte key ciphertext C_KEY and key file forms by key file ID, the message length N_KEY of 2 bytes, the length of 2 bytes.
(3) TPM message file: with the secret key encryption of depositing in the key file, by forming with the lower part:
(a) the secret information identity IDC of the quantity NC of the secret information ID of 2 bytes, 2 bytes
1, 2 bytes IDC
1Length L C
1, IDC
1Corresponding LC
1The enciphered message C of individual byte
1, IDC
1The ashed information authentication code HMAC_C of relevant information
1..., 2 bytes the identity IDC of secret information
NC, 2 bytes IDC
NCLength L C
NC, IDC
NCCorresponding LC
NCThe enciphered message C of individual byte
NC, IDC
NCThe ashed information authentication code HMAC_C of relevant information
NC
(b) the public information identity IDM of the quantity NM of the public information ID of 2 bytes, 2 bytes
1, 2 bytes the length L M of IDM1
1, IDM
1Corresponding LM
1The public information M of individual byte
1, IDM
1The ashed information authentication code HMAC_M of relevant information
1..., 2 bytes public information identity IDM
NM, 2 bytes IDM
NMLength L M
NM, IDM
NMCorresponding LM
NMThe public information M of individual byte
NM, IDM
NMThe ashed information authentication code HMAC_M of relevant information
NM
Wherein, whether TPM Owner user can specify key file to need to utilize user password to encrypt.If security requirement is higher, then key file need utilize user password to encrypt; If the ease for use demand is higher, then key file does not need to utilize user password to encrypt, but the user must protect the trusted terminal of storage TPM sensitive information.
When TPM Owner user carried out presetting, backing up of TPM sensitive information and recovers, corresponding operating was carried out in the ID value back that only needs to search various information correspondences in the TPM message file.This can reduce the information processing time, and that conveniently presets, backs up and recover carries out fast.
Described as shown in table 1 by specific information I/O interface module information transmitted format sample.
The data structure signal table of table 1. specific information I/O of the present invention interface module information transmitted
Definition
typedef struct tdTPM_TRANSPORT_ID{
TPM_STRUCTURE_TAG tag;
UNIT32 lengthENCID;
TPM_TRANSPORT_ENC[]transENCID;
UNIT32 lengthPUBID;
TPM_TRANSPORT_PUBLIC[]transPUBID;
}TPM_TRANSPORT_ID;
Parameter
| Type | Title | Describe |
| TPM_STRUCTURE_TAG | tag | TPM_TAG_TRANSPORT_ID |
| UNIT32 | lengthENCID | The array length of the ID value of the enciphered message correspondence that transmits |
| TPM_TRANSPORT_ENC | transENCID | The ID value array of the enciphered message correspondence that transmits |
| UNIT32 | lengthPUBID | The array length of the ID value of the public information correspondence that transmits |
| TPM_TRANSPORT_PUBLIC | transPUBID | The ID value array of the public information correspondence that transmits |
Information format comprises in the table 1: the ID value array of the array length of the ID value of the ID value array of the array length of the ID value of the enciphered message correspondence of information labels TPM_TAG_TRANSPORT_ID, transmission, the enciphered message correspondence of transmission, the public information correspondence of transmission, the public information correspondence of transmission.
With reference to Fig. 4, be provided with six kinds of explosion commands in the specific information I/O interface module of the present invention, to realize that initial information, migration information to credible platform module presets or the credible platform module internal information is carried out carrying out safety backup or recovery, preset order, migration information by initial information respectively and preset order, backup command, recovery order and carry out, these orders include input information and output information.Specific instructions and form thereof are as follows:
(1) TPM Owner utilizes the TPM_ReadSpecialIOID order to read the identity information of the equipment that is connected to TPM, and this explosion command and form thereof are as shown in table 2.
The parameter signal table of table 2. explosion command TPM_ReadSpecialIOID
TPM_ReadSpecialIOID
Input value and parameter thereof
Output valve and parameter thereof
Input information in the table 2 comprises: the byte length of command request, all inputs, command sequence number; Output information comprises: the byte length of command response, all outputs, the return code of operation, be connected into the information of equipment.The information that wherein is connected into equipment is freely defined by manufacturer, can be the identity information of equipment user, the date of manufacture of equipment; The STRING form is to be the character string of unit with 0 ending with the byte, and is identical with the character string implication of higher level lanquage, by User Defined.
(2) the systems/platforms operator is by sending TPM_SetSpecialIOActived order, and the information that allows TPM and trusted terminal to carry out TPM presets, information back-up or information recovery operation.Forbid by sending TPM_SetSpecialIODeactivated order that the systems/platforms operator information of carrying out presets, information back-up or information recovery operation, this order and form thereof are as shown in table 3.
The parameter signal table of table 3. explosion command TPM_SetSpecialIOActived and TPM_SetSpecialIODeactivated
TPM_SetSpecialIOActived
Input value and parameter thereof
Output valve and parameter thereof
TPM_SetSpecialIODeactivated
Input value and parameter thereof
Output valve and parameter thereof
The input information of TPM_SetSpecialIOActived order comprises in the table 3: the byte length of command request, all inputs, command sequence number, the indication of activation tag state; Output information comprises: the byte length of command response, all outputs, the return code of operation.The input information of TPM_SetSpecialIODeactivated order comprises: the byte length of command request, all inputs, command sequence number, the indication of activation tag state; Output information comprises: the byte length of command response, all outputs, the return code of operation.
(3) the systems/platforms operator utilizes the TPM_InitConfigSpecialIOContext order, carries out the initial initialize operation of information by trusted terminal, and its command format is as shown in table 4.
The parameter signal table of table 4. explosion command TPM_InitConfigSpecialIOContext
TPM_InitConfigSpecialIOContext
Input value and parameter thereof
Output valve and parameter thereof
The input information of table 4 comprises: the byte length of command request, all inputs, command sequence number, indicate the sign whether handle must be retained, the byte length of import information, the ID set of import information; Output information comprises: the handle that points to preset information after the byte length of command response, all outputs, the return code of operation, the initial prefabricated success.
(4) the systems/platforms operator utilizes the TPM_MigConfigSpecialIOContext order, carries out the information transfer initialize operation by trusted terminal, and its command format is as shown in table 5.
The parameter signal table of table 5. explosion command TPM_MigConfigSpecialIOContext
TPM_MigConfigSpecialIOContext
Input value and parameter thereof
Output valve and parameter thereof
The input information of table 5 comprises: the byte length of command request, all inputs, command sequence number, indicate the sign whether handle must be retained, the byte length of import information, the ID set of import information; Output information comprises: the handle that points to preset information after the byte length of command response, all outputs, the return code of operation, the prefabricated success of migration.
(5) the systems/platforms operator utilizes the TPM_BackupSpecialIOContext order, carries out the information back-up operation by trusted terminal, and its command format is as shown in table 6.
The parameter signal table TPM_BackupSpecialIOContext of the explosion command TPM BackupSpecialIOContext of table 6. the present invention design
Input value and parameter thereof
Output valve and parameter thereof
The input information of table 6 comprises: the handle of the byte length of command request, all inputs, command sequence number, backup information, the ID of backup information set; Output information comprises: the length of the byte length of command response, all outputs, the return code of operation, backup information.
(6) the systems/platforms operator utilizes the TPM_RestoreSpecialIOContext order, carries out the information recovery operation by trusted terminal, and its command format is as shown in table 7.
The parameter signal table TPM_RestoreSpecialIOContext of the explosion command TPM_RestoreSpecialIOContext of table 7. the present invention design
Input value and length thereof
Output valve and parameter thereof
The input information of table 7 comprises: the byte length of command request, all inputs, command sequence number, indicate whether handle must be retained, the ID of the byte length of recovering information, recovering information set; Output information comprises: the byte length of command response, all outputs, the return code of operation, point to the handle of recovering information after recovering successfully.
Table 1~7 are the principle example of explosion command, but are not limited only to described these forms.
With reference to Fig. 5, TPM of the present invention provides service method, comprises following concrete steps:
1. read the identity information of specific information I/O interface module connection device
When external unit was connected into specific information I/O interface module, TPM Owner at first utilized application software to read the identity information of the equipment that is connected to TPM from specific information I/O interface module, and the TPM module is carried out the TPM_ReadSpecialIOID order.The correctness that identity information ID that TPM Owner returns according to application software and cryptographic hash SHA_ID thereof verify this access device, and by TPM Owner judge whether access device mates, available.If TPM Owner approval, then the SpecilIO state is TURF, otherwise is FALSE.
2.TPM thermodynamic state verification
When trusted terminal linked to each other with specific information I/O interface module, TPM at first checked the SpecilIO state, if the SpecilIO state is TURE, then continued subsequent operation; Otherwise TPM is left intact to the trusted terminal that is connected into.If the SpecilIO state is TURE, TPM reexamines specific information I/O interface module and whether is in state of activation, if specific information I/O interface module is in state of activation, then continues subsequent operation; Otherwise TPM is left intact to the trusted terminal that is connected into.Wherein, whether specific information I/O interface module is in state of activation and can be specified by TPM_SetSpecialIOActived order or TPM_SetSpecialIODeactivated order by TPM Owner.
3.TPM the module initial information presets
TPM carries out the TPM_InitConfigSpecialIOContext order and carries out presetting of initial information.The TPM_InitConfigSpecialIOContext order imports to the public information of user's appointment in the trusted terminal in the nonvolatile memory of TPM, and generates key information according to these public informations.By this operation, the user can customize the initial information of TPM, avoids the control user's of TPM manufacturer key information.Before the import information, the data layout of TPM module check import information is if data formatting error is returned error message TPM_InitConfig_Error.If data layout is correct, then carry out the import information operation.After the success TPM state is changed to user's preset condition, returns success information TPM_InitConfig_Success.
4.TPM the module migration information presets
TPM Owner at first enters password, and TPM checks back execution TPM_MigConfigSpecialIOContext order to password.TPM_MigConfigSpecialIOContext order migration preconfigured information user's appointment from trusted terminal imports in the nonvolatile memory of TPM.These information are secret informations that the user uses in other TPM, and promptly the user can use different TPM that identical key information and enciphered data are carried out associative operation.Before the import information, the data layout of TPM module check import information is if data formatting error is returned error message TPM_MigConfig_Error.If data layout is correct, then carry out the import information operation, and be decrypted importing data by the password encrypted secret key, the deciphering after preconfigured information import to the nonvolatile memory of TPM after, the TPM state is changed to the preset condition of user's appointment, returns success information TPM_MigConfig_Success.
5.TPM the carrying out safety backup of internal information
TPM Owner at first enters password, and TPM checks back execution TPM_BackupSpecialIOContext order to password.This order exports to backup information in the trusted terminal from the nonvolatile memory of TPM module according to the given content of TPM Owner.Before the derived information, the data layout of TPM module check derived information is if data formatting error is returned error message TPM_Backup_Error.If data layout is correct, then the TPM module utilizes the key of password encryption that derived information is encrypted, and the backup information after encrypting is exported in the trusted terminal, returns success information TPM_Backup_Success then.
6.TPM the security recovery of internal information
TPM Owner at first enters password, and TPM checks back execution TPM_RestoreSpecialIOContext order to password.This order imports to recovering information in the nonvolatile memory of TPM from trusted terminal according to the given content of TPM Owner.Before the import information, the data layout of TPM module check import information is if data formatting error is returned error message TPM_Restore_Error.If data layout is correct, then carry out the import information operation, and utilize the key of password encryption to be decrypted, the recovering information after the deciphering is imported in the nonvolatile memory of TPM, return success information TPM_Restore_Success then.
TPM module application example of the present invention such as Fig. 6.This example be with the TPM module application in trusted computer, wherein specific information I/O interface module is example with the USB interface.Among Fig. 6, the computer operation person with TPM Owner authority at first links to each other credible USB DISK equipment with the specific information I/O interface module of TPM module; Utilize application software to read identity information the USB DISK equipment that is connected to TPM from specific information I/O interface module then, the identity information that computer operation person returns according to application software verifies whether this access device is the terminal device that own needs are operated; Then activate specific information I/O interface module by the TPM_SetSpecialIOActived order by computer operation person; Specify by application program at last and preset/backup/restoration information, and carry out corresponding information and preset/information back-up/information recovery operation.TPM is according to services request, presets/information back-up/information recovery operation according to the concrete implementation step information of carrying out of described services request, and is wrong if TPM detects operation, then returns error message to computer operation person.If information presets/information back-up/information recovery operation success, TPM returns success information to computer operation person.
From above-mentioned example as seen, the present invention has realized presetting, back up and recovering of TPM module contents sensitive information by specific information I/O interface module, has guaranteed that all kinds of potential virus in the computing machine can not attack TPM inside modules sensitive information; The credibility and the ease of use of local information have been taken into account; Realized the credible transfer of TPM inside modules sensitive information; Make the customized information preparatory function of TPM Owner be achieved; Finally reach the open industrialization of credible platform module, fail-safe computer and the personalization of user profile.
Symbol description
TCG: international Trusted Computing tissue (Trusted Computing Group);
TPM: credible platform module (Trusted Platform Module);
I/O: input and output (Input and Output);
HMAC: the ashed information identifying code (Hash MAC) that band is encrypted;
SHA-1: Secure Hash Algorithm version 1 (Seeure Hash Algorithm Version 1);
AIK: proof of identification key (Attestation Identity Key);
PCR: platform configuration register (Platform Configuration Register);
SRK: storage root key (Storage Root Key);
PS/2: ps (Personal System);
EK: write comments on a document key (Endorsement Key);
RS-232: the interface standard of serial data communication (Recommended Standard 232)
TSS:TCG Software Stack (TCG software protocol stack);
Internet: the Internet;
USB: USB (universal serial bus) (Universal Serial Bus);
UART: Asynchronous Serial Interface (Universal Asynchronous Receiver/Transmitter);
BIOS: basic input/output system (Basic Input Output System).
Claims (10)
1. the architecture system of a credible platform module TPM comprises the following module according to the credible platform module TPM of TCG norm-setting:
The I/O bus interface module is by the information flow on the channel C 0 supervisory communications bus;
The password coprocessor module realizes the Password Operations of TPM inside;
The HMAC engine modules proves verify data and solicited message mandate;
The SHA-1 engine modules realizes hash algorithm;
The Opt-In module provides the method and the mechanism that make TPM be in different conditions;
Non-volatile memory module is in order to store nonvolatil identity information and the status information relevant with TPM;
Volatile is in order to storage impermanency information;
Carry out engine modules, in order to accept and to carry out the TPM order that arrives from the I/O port;
The power supply detection module is in order to the power supply status of management TPM;
The randomizer module is for the TPM internal module produces random number;
The key generator module, in order to produce RSA key to and symmetric key;
It is characterized in that: on the basis of described each hardware module, have additional specific information I/O interface module, this specific information I/O interface module is carried out interactive operation inner with the execution engine modules, by the presetting, backing up and recovering of realization credible platform module internal information that link to each other with the various parallel or serial credible equipments in the external world, and alternative function according to pin PP among the credible platform module TPM of TCG norm-setting, at the scene whether pin PP indication operator.
2. the architecture system of credible platform module TPM according to claim 1, it is characterized in that specific information I/O interface module includes information format and control command, presets, backs up and recover the credible platform module internal information by information format and control command.
3. the architecture system of credible platform module TPM according to claim 2 is characterized in that: by information format and control command to credible platform module preset, the internal information of back up or restore comprises:
Proof of identification key A IK; Storage root key SRK; Platform configuration register PCR value; Signature key SigningKey; Storage key Storage Key; Binding key Bind Key; Derivative key Legacy Key; Authorize and change key A uthChangeKey; Write comments on a document certificate Endorsement Cert; Authentication certificate Conformance Cert; Platform credential platform Cert; Confirm certificate Validation Cert and AIK certificate.
4. the architecture system of credible platform module TPM according to claim 2 is characterized in that described control command comprises:
Read identity information order TPM_ReadSpecialIOID
Specific information I/O interface activation command TPM_SetSpecialIOActived;
Specific information I/O interface deactivation order TPM_SetSpecialIODeactivated;
Initial information presets order TPM_InitConfigSpecialIOContext;
Migration information presets order TPM_MigConfigSpecialIOContext;
Backup command TPM_BackupSpecialIOContext;
Recover order TPM_RestoreSpecialIOContext.
5. a credible platform module TPM provides service method, be. on the basis of each hardware module of the credible platform module TPM of foundation TCG norm-setting and pin configuration, set up specific information I/O interface module, make each hardware module of credible platform module TPM and pin on the basis of original function, realize presetting, backing up and recovering by the specific information I/O interface module of setting up to the content erotic information of credible platform module TPM, and alternative function according to pin PP among the credible platform module TPM of TCG norm-setting, its process comprises:
1) reads the identity information of specific information I/O interface module connection device;
2) state of credible platform module TPM is tested;
3) respectively initial information, the migration information of credible platform module TPM preset or credible platform module TPM internal information is carried out carrying out safety backup or recovery, finish service.
6. the service method that provides according to claim 5, it is characterized in that: described initial information to credible platform module, migration information preset or the credible platform module internal information are carried out carrying out safety backup or recovery, preset order, migration information by initial information respectively and preset order, backup command, recovery order and carry out, these orders include input information and output information.
7. the service method that provides according to claim 6, it is characterized in that: the input information that initial information presets order comprises: the byte length of command request, all inputs, command sequence number, indicate the sign whether handle must be retained, the byte length of import information, the ID set of import information; Output information comprises: the handle that points to preset information after the byte length of command response, all outputs, the return code of operation, the initial prefabricated success.
8. the service method that provides according to claim 6, it is characterized in that: the input information that migration information presets order comprises: the byte length of command request, all inputs, command sequence number, indicate the sign whether handle must be retained, the byte length of import information, the ID set of import information; Output information comprises: the handle that points to preset information after the byte length of command response, all outputs, the return code of operation, the prefabricated success of migration.
9. the service method that provides according to claim 6, it is characterized in that: the input information of backup command comprises: the handle of the byte length of command request, all inputs, command sequence number, backup information, the ID of backup information set; Output information comprises: the length of the byte length of command response, all outputs, the return code of operation, backup information.
10. the service method that provides according to claim 6 is characterized in that: the input information that recovers order comprises: the byte length of command request, all inputs, command sequence number, indicate whether handle must be retained, the ID set of the byte length of recovering information, recovering information; Output information comprises: the byte length of command response, all outputs, the return code of operation, point to the handle of recovering information after recovering successfully.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101992305A CN101183413B (en) | 2007-12-14 | 2007-12-14 | Architecture of trusted platform module and method for providing service thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101992305A CN101183413B (en) | 2007-12-14 | 2007-12-14 | Architecture of trusted platform module and method for providing service thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101183413A CN101183413A (en) | 2008-05-21 |
| CN101183413B true CN101183413B (en) | 2010-06-02 |
Family
ID=39448684
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101992305A Active CN101183413B (en) | 2007-12-14 | 2007-12-14 | Architecture of trusted platform module and method for providing service thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101183413B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU200051U1 (en) * | 2020-07-07 | 2020-10-06 | Общество с ограниченной ответственностью Фирма "Анкад" | Rugged, modular, versatile hardware platform |
Families Citing this family (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101488911B (en) * | 2008-11-28 | 2011-11-30 | 华南农业大学 | Priority variant communication apparatus for trusted module and control method thereof |
| US9361347B2 (en) * | 2008-12-31 | 2016-06-07 | Nokia Technologies Oy | Method, apparatus, and computer program product for determining data signatures in a dynamic distributed device network |
| CN101651543B (en) * | 2009-09-04 | 2012-02-01 | 瑞达信息安全产业股份有限公司 | Creditable calculation platform key migration system and key migration method thereof |
| CN102567666B (en) * | 2011-11-24 | 2015-08-12 | 中国船舶重工集团公司第七0九研究所 | The implementation method of credible platform module virtual construct and driving thereof in a kind of VxWorks |
| CN103390138B (en) * | 2013-07-30 | 2016-05-04 | 东莞宇龙通信科技有限公司 | A kind of terminal |
| CN103400084B (en) * | 2013-07-30 | 2016-12-28 | 东莞宇龙通信科技有限公司 | A kind of terminal |
| CN103400088B (en) * | 2013-07-30 | 2016-04-06 | 东莞宇龙通信科技有限公司 | A kind of terminal |
| CN103440437B (en) * | 2013-07-30 | 2017-02-15 | 东莞宇龙通信科技有限公司 | Terminal and display control method of user interface |
| CN103390137B (en) * | 2013-07-30 | 2016-09-21 | 东莞宇龙通信科技有限公司 | A kind of terminal |
| CN103400085A (en) * | 2013-07-30 | 2013-11-20 | 东莞宇龙通信科技有限公司 | Terminal |
| CN103390142B (en) * | 2013-07-30 | 2016-09-21 | 东莞宇龙通信科技有限公司 | A kind of terminal |
| CN103390136B (en) * | 2013-07-30 | 2017-03-01 | 东莞宇龙通信科技有限公司 | A kind of terminal |
| CN106155856A (en) * | 2015-04-21 | 2016-11-23 | 神讯电脑(昆山)有限公司 | TPM safety chip automatization test system and method |
| US9934412B2 (en) | 2015-06-23 | 2018-04-03 | Microsoft Technology Licensing, Llc | Implementing replay protected storage |
| US10277407B2 (en) * | 2016-04-19 | 2019-04-30 | Microsoft Technology Licensing, Llc | Key-attestation-contingent certificate issuance |
| CN111967010A (en) * | 2019-05-20 | 2020-11-20 | 阿里巴巴集团控股有限公司 | Trusted service method, device, equipment and storage medium |
| CN115047750B (en) * | 2022-08-15 | 2022-11-01 | 中国电子科技集团公司第十五研究所 | Non-inductive backup circuit board |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2914500Y (en) * | 2006-02-24 | 2007-06-20 | 上海方正信息安全技术有限公司 | Portable and reliable platform module |
| CN1988534A (en) * | 2005-12-23 | 2007-06-27 | 联想(北京)有限公司 | Credible computing platform and method for access TPM service under kernel state |
-
2007
- 2007-12-14 CN CN2007101992305A patent/CN101183413B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1988534A (en) * | 2005-12-23 | 2007-06-27 | 联想(北京)有限公司 | Credible computing platform and method for access TPM service under kernel state |
| CN2914500Y (en) * | 2006-02-24 | 2007-06-20 | 上海方正信息安全技术有限公司 | Portable and reliable platform module |
Non-Patent Citations (1)
| Title |
|---|
| 孔维广.TPM的工作模型.武汉科技学院学报18 1.2005,18(1),45-47. * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| RU200051U1 (en) * | 2020-07-07 | 2020-10-06 | Общество с ограниченной ответственностью Фирма "Анкад" | Rugged, modular, versatile hardware platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101183413A (en) | 2008-05-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101183413B (en) | Architecture of trusted platform module and method for providing service thereof | |
| CN101042736B (en) | Smart card and method for accessing objects in smart card | |
| CN105957276B (en) | Based on android system intelligence POS security systems and startup, data management-control method | |
| CN101256608B (en) | Safe operation method and system | |
| CN101042738B (en) | Method for implementing smart card multi-application and data processing apparatus | |
| CN100533459C (en) | Data safety reading method and safety storage apparatus thereof | |
| CN101470783B (en) | Identity recognition method and device based on trusted platform module | |
| CN101042737B (en) | Smart card and method for creating application and insertion objects in smart card | |
| CN103415855A (en) | Mass storage device memory encryption methods, systems, and apparatus | |
| CN102523095B (en) | User digital certificate remote update method with intelligent card protection function | |
| CN103778374A (en) | Trusted terminal, double-channel card, anti-cloning chip, chip fingerprint and channel attack resistance method | |
| CN100566253C (en) | A kind of method and system of using intelligent key apparatus safely | |
| CN101419557A (en) | Program downloading control method | |
| US11880823B2 (en) | Server-side contactless card activation | |
| CN102024115B (en) | Computer with user security subsystem | |
| CN111160879A (en) | Hardware wallet and security improving method and device thereof | |
| CN105303093A (en) | Token verification method for cryptographic smart token | |
| US10204228B2 (en) | Device and method for safely operating the device | |
| CN107197025A (en) | A kind of intelligent POS long-distance management system and method | |
| CN101807237A (en) | Signature method and device | |
| CN100550735C (en) | The method of multifunction intelligent key equipment and security control thereof | |
| CN105357005A (en) | Electric power trusted computing cryptographic module for PCI/PCI-E interface | |
| CN105871840A (en) | Certificate management method and system | |
| CN201845340U (en) | Safety computer provided with user safety subsystem | |
| CN101217366A (en) | A digital signature device with write protection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |