CN101799852B - Hardware cryptographic module and method for protecting bank counter sensitive data - Google Patents
Hardware cryptographic module and method for protecting bank counter sensitive data Download PDFInfo
- Publication number
- CN101799852B CN101799852B CN201010107384.9A CN201010107384A CN101799852B CN 101799852 B CN101799852 B CN 101799852B CN 201010107384 A CN201010107384 A CN 201010107384A CN 101799852 B CN101799852 B CN 101799852B
- Authority
- CN
- China
- Prior art keywords
- key
- cryptographic module
- hardware cryptographic
- hardware
- tmk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention relates to a hardware cryptographic module and a method for protecting bank counter sensitive data. The hardware cryptographic module protects the bank counter sensitive data and comprises a safe storage area for storing the bank counter sensitive data, wherein the storage area comprises a static storage area and a temporary storage area. The method comprises the following steps: step1, initializing the hardware cryptographic module; step 2, registering through the hardware cryptographic module; and step 3: signing through the hardware cryptographic module. The method for protecting the bank counter sensitive data can provide message authentication, data encryption, and cryptographic service of generation and authentication of signature for a counter, and ensures the confidentiality, integrity and non-repudiation of data in the whole process of generation, transmission and receiving.
Description
Technical field
The present invention relates to a kind of hardware cryptographic module for protecting bank counter sensitive data and method, particularly relate to a kind of utilize hardware encryption technology to protect bank counter sensitive data hardware cryptographic module and method.
Background technology
Bank's cabinet face is the main channel of banking process, and a large amount of customer informations and Transaction Information sensitive data are transmitted in bank network by cabinet face.If do not have suitable safety practice, these information are just easily stolen when transmitting and storing, and are are easily intercepted and captured in transmitting procedure, thus cause information leakage to produce potential safety hazard.In addition, information also may be deleted, change or add by illegal between storage and transmission period, thus causes the illegally interference to bank's resource and network service, causes irremediable loss to bank and user.Generally speaking, the demand of bank's cabinet plane system to security has at least: the confidentiality 1. ensureing Transaction Information.Some Transaction Information needs to be keep secret, this just needs to be encrypted transaction message.2. the integrality of Transaction Information is ensured.Less demanding to privacy of the data that transaction message has, but very high to data integrity demands, as account, the amount of money etc. in encashment service, also exist by the possibility of illegally distorting.These important transaction message data, in transmitting procedure, must carry out completeness check.3. the non repudiation of trading activity is ensured.Bank's cabinet face safety practice major part was only secret in the past, seldom adopted digital signature, and this does not also meet the demand for security of modern finance system.Constructing bank counter sensitive data safeguard protection system is the powerful guarantee that financial company develops in a healthy way, Ye Shige financial company urgent problem.
Traditional bank's cabinet face security mechanism lays particular emphasis on the authentication of teller, to the protecting sensitive data such as customer information and transaction data is disappearance and incomplete.At present, bank generally adopts soft encryption technology to the protection of counter sensitive data, is encrypted and MAC verification to transaction data.Although this mode can reach the confidentiality and integrity ensureing data substantially, but still there is following very important defect: one is, the mode of soft encryption is leaked at subscriber computer inner cruelly, easily adopts routine analyzer to carry out following the tracks of to assailant, the means such as decompiling attack; Two are, the working key storage of soft encryption does not have safeguard protection, is easily stolen, and encryption system is performed practically no function; Three are, key management is very complicated, and actual use procedure is medium-term and long-term can not carry out key replacing; Four are, the Cipher Strength of soft encryption is not high, is easily cracked.Five are, lack digital signature encryption mode, and transaction non repudiation is without collateral security; Six are, soft encryption mode operational efficiency is lower, and reliability is also easily subject to the impact of extraneous factor.
Summary of the invention
For solving the above-mentioned problems in the prior art, devise the present invention.
The object of the invention is to overcome above-mentioned defect and a kind of protecting sensitive data method based on hardware encipher provided.Another object of the present invention is in the digital signature means of bank's cabinet plane system increase to Transaction Information, ensures the non repudiation of transaction.
For achieving the above object, the invention provides a kind of hardware cryptographic module for protecting bank counter sensitive data, described hardware cryptographic module adopts three layers of key management system, and wherein ground floor is tagged keys, and the second layer is TMK key, third layer comprises TAK key, TEK key and TDK key, further, described tagged keys is a unsymmetrical key, and it is for encrypting TMK key, producing signature, certifying signature, described tagged keys persistence, does not need to change; TMK key is the key of an encryption and decruption key, for being encrypted working key in cipher key agreement process and deciphering; TAK key is the key of a data encryption, described TAK double secret key message data generates and a verification message authentication codes, from carrying out authentification of message, TEK key is the key of a data encryption, for encrypting counter sensitive data, realize the safe transmission of transaction message, TDK key is used for the decrypt data to encryption.
Preferably, described hardware cryptographic module also comprises: processor; For completing by the hardware-initiated transition to os starting, thus provide the boot section of running environment for operating system; For the memory of deposit operation system kernel data, file system data, personal code work and user data; For connecting the communication interface of desktop computer terminal USB interface; Realize the algorithm chip of cryptographic algorithm, local bus interface, URAT and sequential control function; Produce the real random number generator that random number being undertaken by processor port gathers.
Preferably, described hardware cryptographic module comprises the secure storage areas for storing bank counter sensitive data, and described secure storage areas comprises static storage area and scratchpad area (SPA).
Preferably, the function that described boot section completes comprises: initialization CPU, storer; Activation instruction/data Cache; Set up stack pointer and start-up parameter district; Power-on self-test; Finally jump to kernel section start.
Preferably, all keys that described hardware cryptographic module is preserved do not read in mode expressly, and be merely able to obtain its proof test value, whole crypto-operation process is encapsulated in hardware cryptographic module inside and completes, and upper layer application can not obtain the key in calculating process.
Preferably, hardware cryptographic module has cipher key destruction function.
Preferably, when hardware cryptographic module carries out cipher key destruction, the key clear command that hardware cryptographic module self has is removed the key of specifying and can not be impacted other key.
Preferably, hardware cryptographic module is provided with key self-destruct circuit, all keys when cabin is opened in meeting auto-destruct hardware cryptographic module, thus ensures the safety of hardware cryptographic module key when suffering extraneous physical attacks.
In addition; the invention provides a kind of method for protecting bank counter sensitive data; described method uses the hardware cryptographic module being applicable to bank teller terminal to protect described bank counter sensitive data; wherein; described hardware cryptographic module comprises the secure storage areas for storing bank counter sensitive data; described secure storage areas comprises static storage area and scratchpad area (SPA), and described method comprises
Step 1: before hardware cryptographic module comes into operation, first initialization is carried out, this step 1 comprises: 1.1) distribute unique identification GUID by background management system to hardware cryptographic module, 1.2) identify GUID by ID authentication center, backstage according to hardware cryptographic module and produce this hardware cryptographic module tagged keys, described tagged keys comprises mark PKI and identity private key, 1.3) hardware cryptographic module is identified GUID and identity private key is handed down to hardware cryptographic module by background management system, is stored in background data base by mark PKI;
Step 2: hardware cryptographic module is registered, this step 2 comprises: 2.1) arrange master key TMK with background key administrative center, 2.2) KMC's stochastic generation TMK, and identify public key encryption with this hardware cryptographic module, be issued to teller terminal, 2.3) hardware cryptographic module identity private key deciphers TMK, and TMK is kept at hardware cryptographic module static storage area;
Step 3: hardware cryptographic module is registered, this step 3 comprises: 3.1) arrange working key with background key administrative center, described working key comprises TAK, TEK and TDK, 3.2) working key described in cipher key center stochastic generation, and use TMK secret key encryption, be issued to teller terminal, 3.3) hardware cryptographic module TMK decryption work key, and be kept at hardware cryptographic module scratchpad area (SPA).
The invention has the beneficial effects as follows: the entity adopting a physical security, peripherals as teller terminal uses, bear the effect of teller terminal security module, can in real time for cabinet face provide information authentication, data encryption, the generation of signature and the cryptographic service of checking, ensure that data are from producing, transmitting, receive the confidentiality of whole process, integrality and non repudiation.This mechanism is a kind of black box for processing mode to cabinet plane system completely, thus shields the interference of ambient systems.Adopt special key storage district and safety protecting mechanism, avoid the risk of Key Exposure.Adopt the key management means that safety is motor-driven, the object that special key is special, secret changes key can be reached.The motor-driven unified management safely and effectively of cabinet face working key can be realized.
Accompanying drawing explanation
Fig. 1 is according to hardware cryptographic module hardware composition schematic diagram of the present invention
Fig. 2 is according to hardware cryptographic module software composition schematic diagram of the present invention
Fig. 3 is according to key management system structural representation of the present invention
Embodiment
For enabling above-mentioned purpose of the present invention, feature and advantage become apparent more, and below in conjunction with the drawings and specific embodiments, the present invention is further detailed explanation.
The hardware block diagram of hardware cryptographic module as shown in Figure 1.Hardware cryptographic module adopts single board design, and all circuit are integrated on one piece of ARM9260 embedded main board.Circuit integrated on embedded main board and main devices as follows:
1. processor: ARM9 microcontroller
2. boot section: 2MB NOR FLASH is mainly used to deposit U-Boot code
3. internal memory: 64MB SDRAM data-bus width is 32bit, work clock is 100MHz
4. memory: 64MB NAND FLASH is used for deposit operation system kernel, file system, personal code work and user data
5. secure storage areas: for the sensitive data such as storage key, password
6. communication interface: USB2.0 interface, for connecting terminal console USB
7. algorithm chip: adopt FPGA to realize cryptographic algorithm, local bus interface, URAT and sequential control function
8. real random number generator: realize with WNG-5, its clock is obtained by 18.432MHz clock division, and random number is gathered by processor port
9. power supply: adopt+3.3V and+1.8V direct supply, these two kinds of power supplys all carry out from host+5V power supply, wherein derive+1.8V power supply by+3.3V power supply.The power consumption control of+5V power supply is within 5W, and maximum of the electric current that namely 5V power supply provides needs 1A
10. clock: work dominant frequency is 200MHz
The software of hardware cryptographic module primarily of compositions such as system bootstrap routine U-Boot, embedded Linux kernel, Linux root file system, device driver and application services, as shown in Figure 2.
That the U-Boot boot of hardware cryptographic module adopts is U-Boot, it be enter operating system after system reset before one section of code performing, be mainly used in by the hardware-initiated transition to os starting, thus provide basic running environment for operating system.Specifically, the major function that U-Boot completes has: initialization CPU, storer; Activation instruction/data Cache; Set up stack pointer and start-up parameter district; Power-on self-test; Finally jump to kernel section start.
What hardware cryptographic module adopted is built-in Linux operating system, and this operating system is become with set of device drivers by Linux2.6 kernel, Linux root file system.The wherein process scheduling of kernel primary responsibility, memory management, Virtual File System, network interface and interprocess communication; Root file system mainly comprises: system directory, system command, chained library, device entry and system initialization script etc.; Device driver is the software interface of application program access bottom hardware equipment, helps application program to use bottom hardware equipment easily.When using Linux source code, minimum feature set principle must be followed, for unwanted function and assembly, foreclose without exception.Do like this, can operating system be simplified on the one hand, reach raising operational efficiency, reduce the object taking storage space; On the other hand, the leak that operating system may exist can be reduced, prevent the attack utilizing Loopholes of OS to initiate.
Application services is an executable program of hardware cryptographic module inside, be hardware cryptographic module externally main frame the interface of cryptographic service function is provided.
Hardware cryptographic module adopts three layers of key management system, as shown in Figure 3.
Tagged keys is a unsymmetrical key, and its purposes is mainly encrypted TMK key, produced signature, certifying signature.Tagged keys writes when module initialization and is stored in hardware cryptographic module inside.Tagged keys can persistence, does not need to change.
TMK (Terminal Master Key) key is the key of an encryption, decruption key, for being encrypted working key in cipher key agreement process, deciphering.TMK passes through tagged keys cryptographic storage in hardware cryptographic module.TMK can preserve for a long time, does not need frequent replacing, within usual 2 years, changes once.
TAK (Terminal Authentication Key) key is the key of a data encryption, mainly to message data genaration and a verification message authentication codes (Message Authentication Code), thus reach the object of authentification of message.TAK is stored into hardware cryptographic module scratchpad area (SPA) after being encrypted by TMK.TAK needs regularly to change, and usual every day is changed once.
TEK (Terminal Encrypt Key) key is the key of a data encryption, for encrypting counter sensitive data, realizes the safe transmission of transaction message.TEK is stored into hardware cryptographic module scratchpad area (SPA) after being encrypted by TMK.TEK needs regularly to change, and usual every day is changed once.
TDK (Termina Decrypt Key) key is used for decrypt data.TDK is stored into hardware cryptographic module scratchpad area (SPA) after being encrypted by TMK.TDK needs regularly to change, and usual every day is changed once.
The key that hardware cryptographic module is preserved all can not read in mode expressly, is merely able to obtain its proof test value.Whole crypto-operation process is encapsulated in hardware cryptographic module inside and completes, and upper layer application can not obtain the key in calculating process.
Memory partitioning in hardware cryptographic module is two parts: a part is static storage area, can store data long term, even if device looses power, also can ensure that storing content does not lose; Another part is scratchpad area (SPA), can preserve key, but when device looses power or reset, key is automatically cleared.
Static storage area needs long-term content of preserving for storing, and has specifically:
| GUID | Equipment unique identification |
| CPK | Unsymmetrical key, 1 |
| TMK | Master key, 1 |
| Host ip | 1 |
| Main frame MAC | 1 |
| User profile | |
| Manufacturer's information |
Scratchpad area (SPA) does not need the long-term key preserved, mainly working key for preserving.When hardware cryptographic module resets, working key is automatically cleared.30 groups of symmetrical working keys can be deposited in hardware cryptographic module inside, and each group working key comprises a TAK, a TEK and TDK.Often organize the corresponding call number of working key, call number scope is 000-029.
In order to ensure key security under special circumstances, hardware cryptographic module design provides cipher key destruction function.Hardware cryptographic module has two kinds of cipher key destruction modes: one is that software mode destroys key.Hardware cryptographic module has key clear command, can remove the key of specifying with software mode by this order and can not impact other key; Two are, hardware cryptographic module hardware cryptographic module is provided with key self-destruct circuit, all keys when cabin is opened in meeting auto-destruct hardware cryptographic module, thus ensure the safety of hardware cryptographic module key when suffering extraneous physical attacks.
The application flow of hardware cryptographic module comprises following step---
Step 1: hardware cryptographic module initialization.Hardware cryptographic module before being taken into use, first carry out initialization, mainly complete following work and 1. 2. produce this hardware cryptographic module mark public affairs, private key by ID authentication center, backstage according to hardware cryptographic module mark GUID by background management system to hardware cryptographic module distribution unique identification GUID.3. hardware cryptographic module is identified GUID and identity private key is handed down to hardware cryptographic module by background management system; Mark PKI is stored in background data base.
Step 2: hardware cryptographic module is registered.This step follows initialization procedure closely and carries out, and also must complete in advance before hardware cryptographic module passes into use.Registration mainly completes following work and 1. arranges master key TMK with background key administrative center.2. KMC's stochastic generation TMK, and with this hardware cryptographic module mark public key encryption, be issued to teller terminal.3. hardware cryptographic module identity private key deciphers TMK, TMK is kept at hardware cryptographic module static storage area.
Step 3: hardware cryptographic module is registered.When hardware cryptographic module puts into production operation, teller terminal powers up startup at every turn again, or after work certain hour (being generally a working day), hardware cryptographic module needs first to register, and could normally start working.Register and mainly complete following work and 1. arrange working key (TAK, TEK, TDK) 2. cipher key center stochastic generation working key with background key administrative center, and use TMK secret key encryption, be issued to teller terminal 3. hardware cryptographic module TMK decryption work key, and be kept at hardware cryptographic module scratchpad area (SPA).
Hardware cryptographic module initialization and registration process are the agreements being completed tagged keys and TMK key by a set of WEB management platform.It is the agreement of key of being finished the work by teller terminal Agent that hardware cryptographic module is registered.
Claims (7)
1., for a hardware cryptographic module for protecting bank counter sensitive data, it is characterized in that:
Described hardware cryptographic module comprises one piece of embedded main board, integrated following circuit on described embedded main board:
Processor, adopts microcontroller;
Boot section, adopts FLASH memory, and for storage system boot, described system bootstrap routine for completing by the hardware-initiated transition to os starting, thus provides basic running environment for operating system;
Internal memory, adopts SDRAM storer;
Memory, adopts FLASH memory, for deposit operation system kernel, file system, personal code work and user data; Wherein, described operating system nucleus is linux kernel, and file system is Linux root file system;
Secure storage areas, for being stored as key and the password of bank counter sensitive data; Described secure storage areas comprises static storage area and scratchpad area (SPA), wherein static storage area is used for memory device unique identification, unsymmetrical key CPK, master key TMK, host ip, user profile and manufacturer's information, described scratchpad area (SPA) is for storing the symmetrical working key of predetermined quantity group, each group working key comprises a TAK key, a TEK key and a TDK key, the corresponding call number of each group working key;
Communication interface, adopts USB2.0 interface, for connecting terminal console;
Algorithm chip, adopts FPGA, for realizing cryptographic algorithm, local bus interface, URAT and sequential control function;
Real random number generator, for providing random number to processor port;
Direct supply; And
Clock;
Further, described hardware cryptographic module adopts three layers of key management system, and wherein ground floor is tagged keys, and the second layer is described master key TMK, and third layer comprises described TAK key, TEK key and TDK key, and,
Described tagged keys is described unsymmetrical key CPK, and it, for encrypting TMK key, producing signature, certifying signature, described tagged keys persistence, does not need to change;
Master key TMK is the key of an encryption and decruption key, for being encrypted working key in cipher key agreement process and deciphering;
Described TAK key is the key of a data encryption, described TAK double secret key message data generates and a verification message authentication codes, thus carry out authentification of message, TEK key is the key of a data encryption, for encrypting counter sensitive data, realize the safe transmission of transaction message, TDK key is used for the decrypt data to encryption.
2. hardware cryptographic module as claimed in claim 1, is characterized in that:
The function that described boot section completes comprises: initialization CPU, storer; Activation instruction/data Cache; Set up stack pointer and start-up parameter district; Power-on self-test; Finally jump to kernel section start.
3. hardware cryptographic module as claimed in claim 1, is characterized in that:
All keys that hardware cryptographic module is preserved do not read in mode expressly, and be merely able to obtain its proof test value, whole crypto-operation process is encapsulated in hardware cryptographic module inside and completes, and upper layer application can not obtain the key in calculating process.
4. hardware cryptographic module as claimed in claim 3, is characterized in that:
Hardware cryptographic module has cipher key destruction function.
5. hardware cryptographic module as claimed in claim 4, is characterized in that:
When hardware cryptographic module carries out cipher key destruction, the key clear command that hardware cryptographic module self has is removed the key of specifying and can not be impacted other key.
6. hardware cryptographic module as claimed in claim 5, is characterized in that:
Hardware cryptographic module is provided with key self-destruct circuit, all keys when cabin is opened in meeting auto-destruct hardware cryptographic module, thus ensures the safety of hardware cryptographic module key when suffering extraneous physical attacks.
7. the method for protecting bank counter sensitive data; described method use as the hardware cryptographic module in above claim 1-6 as described in any one to as described in bank counter sensitive data protect; wherein; described hardware cryptographic module comprises the secure storage areas for storing bank counter sensitive data; described secure storage areas comprises static storage area and scratchpad area (SPA), it is characterized in that:
Described method comprises,
Step 1: before hardware cryptographic module comes into operation, first initialization is carried out, this step 1 comprises: 1.1) distribute unique identification GUID by background management system to hardware cryptographic module, 1.2) identify GUID by ID authentication center, backstage according to hardware cryptographic module and produce this hardware cryptographic module tagged keys, described tagged keys comprises mark PKI and identity private key, 1.3) hardware cryptographic module is identified GUID and identity private key is handed down to hardware cryptographic module by background management system, is stored in background data base by mark PKI;
Step 2: hardware cryptographic module is registered, this step 2 comprises: 2.1) arrange master key TMK with background key administrative center, 2.2) background key administrative center stochastic generation TMK, and identify public key encryption with this hardware cryptographic module, be issued to teller terminal, 2.3) hardware cryptographic module identity private key deciphers TMK, and TMK is kept at hardware cryptographic module static storage area;
Step 3: hardware cryptographic module is registered, this step 3 comprises: 3.1) arrange working key with background key administrative center, described working key comprises TAK, TEK and TDK, 3.2) working key described in background key administrative center stochastic generation, and use TMK secret key encryption, be issued to teller terminal, 3.3) hardware cryptographic module TMK decryption work key, and be kept at hardware cryptographic module scratchpad area (SPA).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010107384.9A CN101799852B (en) | 2010-02-09 | 2010-02-09 | Hardware cryptographic module and method for protecting bank counter sensitive data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010107384.9A CN101799852B (en) | 2010-02-09 | 2010-02-09 | Hardware cryptographic module and method for protecting bank counter sensitive data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101799852A CN101799852A (en) | 2010-08-11 |
| CN101799852B true CN101799852B (en) | 2015-06-17 |
Family
ID=42595525
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010107384.9A Active CN101799852B (en) | 2010-02-09 | 2010-02-09 | Hardware cryptographic module and method for protecting bank counter sensitive data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101799852B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102957541B (en) * | 2012-11-21 | 2016-11-16 | 浪潮集团有限公司 | A kind of cipher encrypting method based on SAAS |
| CN104301118A (en) * | 2014-10-23 | 2015-01-21 | 成都双奥阳科技有限公司 | Protection device used for bank hardware code |
| CN105516083A (en) * | 2015-11-25 | 2016-04-20 | 上海华为技术有限公司 | Data security management method, apparatus, and system |
| CN108011716B (en) * | 2016-10-31 | 2021-04-16 | 航天信息股份有限公司 | Cipher device and implementation method |
| CN106411715B (en) * | 2016-11-02 | 2019-11-19 | 中国人民公安大学 | A kind of security instant communication method and system based on cloud |
| CN112968774B (en) * | 2021-02-01 | 2023-04-07 | 中国海洋石油集团有限公司 | Method, device storage medium and equipment for encrypting and decrypting configuration file |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588954A (en) * | 2004-07-27 | 2005-03-02 | 中国工商银行 | Intelligent terminal, system including said intelligent terminal and data exchanging method |
| CN101488850A (en) * | 2008-01-18 | 2009-07-22 | 中兴通讯股份有限公司 | Method for ciphering content of multimedia broadcast |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080181406A1 (en) * | 2007-01-30 | 2008-07-31 | Technology Properties Limited | System and Method of Storage Device Data Encryption and Data Access Via a Hardware Key |
-
2010
- 2010-02-09 CN CN201010107384.9A patent/CN101799852B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1588954A (en) * | 2004-07-27 | 2005-03-02 | 中国工商银行 | Intelligent terminal, system including said intelligent terminal and data exchanging method |
| CN101488850A (en) * | 2008-01-18 | 2009-07-22 | 中兴通讯股份有限公司 | Method for ciphering content of multimedia broadcast |
Non-Patent Citations (1)
| Title |
|---|
| 周亦等.HSM密钥管理方式.《银行卡机具与应用》.中国致公出版社,1999,第188-197页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101799852A (en) | 2010-08-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Dai et al. | SBLWT: A secure blockchain lightweight wallet based on trustzone | |
| CN102646077B (en) | A kind of method of the full disk encryption based on credible password module | |
| CN102624699B (en) | Method and system for protecting data | |
| CN103038745B (en) | Extension integrity measurement | |
| JP6053786B2 (en) | Firmware-based Trusted Platform Module (TPM) for ARM® Trust Zone implementation | |
| CN101576944B (en) | Computer secure startup system based on trusted platform module and method thereof | |
| US9898624B2 (en) | Multi-core processor based key protection method and system | |
| CN101176100B (en) | Methods and apparatus for generating endorsement credentials for software-based security coprocessors | |
| CN101799852B (en) | Hardware cryptographic module and method for protecting bank counter sensitive data | |
| CN109858265A (en) | A kind of encryption method, device and relevant device | |
| US20130086385A1 (en) | System and Method for Providing Hardware-Based Security | |
| CN102262599B (en) | Trusted root-based portable hard disk fingerprint identification method | |
| US20030196100A1 (en) | Protection against memory attacks following reset | |
| CN108629206B (en) | Secure encryption method, encryption machine and terminal equipment | |
| US9015454B2 (en) | Binding data to computers using cryptographic co-processor and machine-specific and platform-specific keys | |
| TW201633207A (en) | Device keys protection | |
| CN103530578B (en) | The construction method of a kind of soft structure credible platform module STPM of Android system | |
| CN110874726A (en) | TPM-based digital currency security protection method | |
| CN106228087A (en) | A kind of confidential information guard method based on safety chip and system | |
| CN102024115B (en) | Computer with user security subsystem | |
| CN104021335A (en) | Password service method based on extensible password service framework | |
| CN201498001U (en) | Credible calculation platform based on symmetrical key codes | |
| CN105447398A (en) | Data safety protection method and device | |
| Gross et al. | Enhancing the Security of FPGA-SoCs via the Usage of ARM TrustZone and a Hybrid-TPM | |
| CN201845340U (en) | Safety computer provided with user safety subsystem |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |