CN105184188A - Asset certificate based method for managing trusted terminal device - Google Patents
Asset certificate based method for managing trusted terminal device Download PDFInfo
- Publication number
- CN105184188A CN105184188A CN201510493612.3A CN201510493612A CN105184188A CN 105184188 A CN105184188 A CN 105184188A CN 201510493612 A CN201510493612 A CN 201510493612A CN 105184188 A CN105184188 A CN 105184188A
- Authority
- CN
- China
- Prior art keywords
- terminal device
- information
- attribute information
- assets certificate
- untrusted terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The present invention provides an asset certificate based method for managing a trusted terminal device. The trusted terminal device is a terminal device comprising a trusted chip; the trusted chip is provided with a nonvolatile memory, and asset certificate information of the trusted terminal device is stored in the nonvolatile memory of the trusted chip of the trusted terminal device; the asset certificate information is attribute information of the trusted terminal device or encrypted attribute information after the attribute information is subjected to encryption; and the attribute information of the trusted terminal device comprises a unique device identification number, owner information, a start use time, user information, a use period, configuration information and the like. According to the asset certificate based method for managing the trusted terminal device provided by the present invention, the asset certificate information of the trusted terminal device is stored in the nonvolatile memory of the trusted chip, so that the asset certificate information is not liable to be lost; and even if an operating system of the terminal is reinstalled, a write operation can be performed on the asset certificate information only by inputting a correct operation password, so that completeness and reliability of the asset certificate information can be ensured.
Description
Technical field
The present invention relates to a kind of untrusted terminal device management method based on assets certificate, belong to field of information security technology.
Background technology
At present, the management method of terminal device is generally arrange a supervisory computer in a local network, management platform software for recording, managing all terminal device information in LAN (Local Area Network) is installed in this supervisory computer, by operational administrative platform software, can inquire about, add, revise, the attribute information of all terminal devices in delete database, as information such as equipment unique identifying number, equipment ownership people;
Above-mentioned terminal equipment managing method, although easy to operate, be convenient to management, but there is hidden danger in security of system, this is because: the attribute information of terminal device is only stored in the database of supervisory computer, once supervisory computer is subject to security violations, as virus, attack etc., information in its database is very likely stolen or distorts, and causes the attribute information of terminal device lose or be modified; Simultaneously, the attribute information of self is not backed up in terminal device, once terminal device refitting system, namely important information in its storer is wiped free of, attribute information is lost, and especially for the server apparatus in cloud computing platform, manages according to existing terminal equipment managing method, namely effective management of server is unfavorable for, also cannot the reliability of Deterministic service device information.
Summary of the invention
In view of above-mentioned purpose, the object of the present invention is to provide a kind of untrusted terminal device management method based on assets certificate, by storing assets certificate information in the credible chip of untrusted terminal device, confidentiality and the reliability of the attribute information of untrusted terminal device can be ensured, improve security of system.
For achieving the above object, the present invention is by the following technical solutions:
Based on a untrusted terminal device management method for assets certificate, this untrusted terminal device is the terminal device comprising credible chip, and this credible chip has nonvolatile memory,
Be stored in the nonvolatile memory of its credible chip by the assets certificate information of this untrusted terminal device, this assets certificate information is the attribute information of untrusted terminal device or the cryptographic attributes information after being encrypted attribute information.
Further,
The attribute information of described untrusted terminal device comprises equipment unique identifying number, ownership people information, brings into use time, user's information, life cycle, configuration information.
By inputting correct operator password, write operation is carried out to the assets certificate information in described credible chip.
Described untrusted terminal device, by network insertion one supervisory computer, preserves the attribute information of described untrusted terminal device in the database of this supervisory computer.
When described assets certificate information is described attribute information, attribute information in described database is consistent with the assets certificate information in described credible chip, when described assets certificate information is described cryptographic attributes information, the attribute information in described database is consistent with the assets certificate information in the credible chip after deciphering.
Assets certificate information in attribute information in described database and described credible chip is compared, judges whether the data in described supervisory computer are tampered.
The invention has the advantages that:
Untrusted terminal device management method based on assets certificate of the present invention, by the assets certificate information of untrusted terminal device is stored in the nonvolatile memory of credible chip, assets certificate information is not easily lost, just write operation can be carried out to assets certificate information by means of only the correct operator password of input, ensure that the complete reliability of assets certificate information, regularly utilize the attribute information preserved in assets certificate information inspection management computing machine whether to change, the Prevention-Security of system can be improved.
Accompanying drawing explanation
Fig. 1 is architecture principle figure of the present invention.
Fig. 2 is the composition structured flowchart of the untrusted terminal device of the present invention one specific embodiment.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.
Fig. 1 is architecture principle figure of the present invention, as shown in the figure, the untrusted terminal device of indication of the present invention can be the network equipment such as server, terminal, untrusted terminal device comprises credible chip (TPM:TrustedPlatformModule), this credible chip has nonvolatile memory, it is encrypted the information be stored in chip, the security of guarantee information;
Untrusted terminal device management method based on assets certificate disclosed by the invention, that the assets certificate information of untrusted terminal device is stored in the nonvolatile memory of credible chip, ensure that the assets certificate information of untrusted terminal device is not easily lost or is tampered, specifically
The assets certificate information of untrusted terminal device can be the attribute information of equipment, also can be the cryptographic attributes information that the attribute information of equipment is generated through encryption, the attribute information of equipment sets according to concrete business demand, includes but not limited to equipment unique identification (No. UUID), ownership people information, brings into use time, user's information, life cycle, configuration information etc.;
During first actuation credible chip, the ownership people of untrusted terminal device inputs the operator password (only having the correct operator password of input could perform write operation to credible chip) of credible chip, after input is correct, assets certificate information is preserved in the nonvolatile memory of credible chip, each untrusted terminal device is all by network insertion supervisory computer, keeper can read the assets certificate information in credible chip, and only have the ownership people of untrusted terminal device just can be added the assets certificate information in credible chip by the correct operator password of input, amendment, the write operations such as deletion, ensure that the complete reliability of attribute information,
Simultaneously, also the attribute information of untrusted terminal device can be preserved in the database of supervisory computer, for the situation that namely assets certificate information is attribute information, attribute information in database and the assets certificate information in credible chip are consistent, for the situation that assets certificate information is cryptographic attributes information, the attribute information in database with deciphering after credible chip in assets certificate information be consistent; Attribute information in database and the assets certificate information in credible chip can regularly be compared by keeper, judge whether the data in supervisory computer are tampered, to improve the Prevention-Security of system.
Described is encrypted attribute information to the attribute information of untrusted terminal device, and the attribute information after generating deciphering is decrypted to cryptographic attributes information, the encryption adopted, decipherment algorithm can be symmetric encipherment algorithms, or rivest, shamir, adelman, all belong to the common technology means of this area, the present invention is not described in detail to cryptographic algorithm.
Fig. 1 is the composition structured flowchart of the untrusted terminal device of the present invention one specific embodiment, as shown in the figure, untrusted terminal device comprises CPU processor, integrated South Bridge chip (PCH:PlatformControllerHub), credible chip, storer, Basic Input or Output System (BIOS) (BIOS), bus interface, SATA interface, USB interface etc., credible chip is connected with CPU processor by integrated South Bridge chip, CPU processor is connected with storer, integrated South Bridge chip and Basic Input or Output System (BIOS), bus interface, SATA interface is connected, in other embodiments, untrusted terminal device also can be other hardware structure forms comprising credible chip, the hardware configuration comprising credible chip belongs to prior art, the present invention is not described in detail its structure and principle.
Untrusted terminal device management method based on assets certificate of the present invention, that the assets certificate information of untrusted terminal device is stored in the nonvolatile memory of credible chip, even if untrusted terminal device is restarted or refitting system, assets certificate information also can not be lost, only people belonging to equipment has write operation authority, ensure that complete, the reliability of assets certificate information, regularly utilize the attribute information preserved in assets certificate information inspection management computing machine whether to change, the Prevention-Security of system can be improved.
The above know-why being preferred embodiment of the present invention and using; for a person skilled in the art; when not deviating from the spirit and scope of the present invention; any based on apparent changes such as the equivalent transformation on technical solution of the present invention basis, simple replacements, all belong within scope.
Claims (6)
1., based on the untrusted terminal device management method of assets certificate, this untrusted terminal device is the terminal device comprising credible chip, and this credible chip has nonvolatile memory, it is characterized in that,
Be stored in the nonvolatile memory of its credible chip by the assets certificate information of this untrusted terminal device, this assets certificate information is the attribute information of untrusted terminal device or the cryptographic attributes information after being encrypted attribute information.
2. as claimed in claim 1 based on the untrusted terminal device management method of assets certificate, it is characterized in that, the attribute information of described untrusted terminal device comprises equipment unique identifying number, ownership people information, brings into use time, user's information, life cycle, configuration information.
3., as claimed in claim 1 based on the untrusted terminal device management method of assets certificate, it is characterized in that, by inputting correct operator password, write operation being carried out to the assets certificate information in described credible chip.
4. as claimed in claim 1 based on the untrusted terminal device management method of assets certificate, it is characterized in that, described untrusted terminal device, by network insertion one supervisory computer, preserves the attribute information of described untrusted terminal device in the database of this supervisory computer.
5. as claimed in claim 4 based on the untrusted terminal device management method of assets certificate, it is characterized in that, when described assets certificate information is described attribute information, attribute information in described database is consistent with the assets certificate information in described credible chip, when described assets certificate information is described cryptographic attributes information, the attribute information in described database is consistent with the assets certificate information in the credible chip after deciphering.
6. as claimed in claim 5 based on the untrusted terminal device management method of assets certificate, it is characterized in that, assets certificate information in attribute information in described database and described credible chip is compared, judges whether the data in described supervisory computer are tampered.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510493612.3A CN105184188A (en) | 2015-08-12 | 2015-08-12 | Asset certificate based method for managing trusted terminal device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510493612.3A CN105184188A (en) | 2015-08-12 | 2015-08-12 | Asset certificate based method for managing trusted terminal device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105184188A true CN105184188A (en) | 2015-12-23 |
Family
ID=54906261
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510493612.3A Pending CN105184188A (en) | 2015-08-12 | 2015-08-12 | Asset certificate based method for managing trusted terminal device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105184188A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022151990A1 (en) * | 2021-01-16 | 2022-07-21 | 苏州浪潮智能科技有限公司 | Blockchain-based transparent supply chain authentication method and apparatus, and device and medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101004774A (en) * | 2006-01-18 | 2007-07-25 | 株式会社Pfu | Target device, method and system for managing device, and external device |
| CN102195991A (en) * | 2011-06-28 | 2011-09-21 | 辽宁国兴科技有限公司 | Terminal security management and authentication method and system |
| US20140101725A1 (en) * | 2012-10-05 | 2014-04-10 | Fuji Xerox Co., Ltd. | Communication system, client apparatus, relay apparatus, and computer-readable medium |
| CN103973456A (en) * | 2014-05-29 | 2014-08-06 | 深圳市密思科技有限公司 | Small district management system and method based on digital certificates |
-
2015
- 2015-08-12 CN CN201510493612.3A patent/CN105184188A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101004774A (en) * | 2006-01-18 | 2007-07-25 | 株式会社Pfu | Target device, method and system for managing device, and external device |
| CN102195991A (en) * | 2011-06-28 | 2011-09-21 | 辽宁国兴科技有限公司 | Terminal security management and authentication method and system |
| US20140101725A1 (en) * | 2012-10-05 | 2014-04-10 | Fuji Xerox Co., Ltd. | Communication system, client apparatus, relay apparatus, and computer-readable medium |
| CN103973456A (en) * | 2014-05-29 | 2014-08-06 | 深圳市密思科技有限公司 | Small district management system and method based on digital certificates |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022151990A1 (en) * | 2021-01-16 | 2022-07-21 | 苏州浪潮智能科技有限公司 | Blockchain-based transparent supply chain authentication method and apparatus, and device and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108900464B (en) | Electronic device, block chain-based data processing method, and computer storage medium | |
| CN102597960B (en) | Data protecting device | |
| CN106687980B (en) | Management program and virtual machine protection | |
| US11418499B2 (en) | Password security | |
| TW201215068A (en) | Optimizing use of hardware security modules | |
| CN102945355A (en) | Sector map-based rapid data encryption policy compliance | |
| CN102855452A (en) | Method for following quick data encryption strategy based on encryption piece | |
| CN102509046A (en) | Globally valid measured operating system launch with hibernation support | |
| US11799630B2 (en) | Method and device for blockchain nodes | |
| CN109034796A (en) | Transaction monitoring and managing method, electronic device and readable storage medium storing program for executing based on alliance's chain | |
| CN109190401A (en) | A kind of date storage method, device and the associated component of Qemu virtual credible root | |
| CN111695097A (en) | Login checking method and device and computer readable storage medium | |
| CN110992032A (en) | Method and device for evaluating credible users by combining multiple parties | |
| EP3729718A1 (en) | Re-encrypting data on a hash chain | |
| CN103745166A (en) | Method and device for inspecting file attribute value | |
| CN111932261A (en) | Asset data management method and device based on verifiable statement | |
| CN105184188A (en) | Asset certificate based method for managing trusted terminal device | |
| CN109922056A (en) | Data safety processing method and its terminal, server | |
| Noman et al. | Hardware-based DLAS: Achieving geo-location guarantees for cloud data using TPM and provable data possession | |
| JP6284301B2 (en) | Maintenance work determination apparatus and maintenance work determination method | |
| US9323951B2 (en) | Encrypted warranty verification and diagnostic tool | |
| JP6063317B2 (en) | Terminal device and determination method | |
| CN111079165B (en) | Data processing method, data processing device, equipment and storage medium | |
| CN114201761B (en) | Enhancing metric agent security in trusted computing systems | |
| CN101119204B (en) | Security electronic county annals system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160701 Address after: 550025, Guizhou province Guiyang city Huaxi District Lei flower intersection Applicant after: Datang Gaohong Data Network Technology Co., Ltd. Applicant after: BEIJING YINTE XIN'AN SOFTWARE SCIENCE & TECHNOLOGY CO., LTD. Address before: 100185, Beijing, Haidian District, North Village Road, 23 North Bay Innovation Park, building two, one layer Applicant before: BEIJING YINTE XIN'AN SOFTWARE SCIENCE & TECHNOLOGY CO., LTD. |
|
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151223 |