CN106161024A - A kind of USB device authentic authentication method of USB control chip level and system thereof - Google Patents
A kind of USB device authentic authentication method of USB control chip level and system thereof Download PDFInfo
- Publication number
- CN106161024A CN106161024A CN201510156573.8A CN201510156573A CN106161024A CN 106161024 A CN106161024 A CN 106161024A CN 201510156573 A CN201510156573 A CN 201510156573A CN 106161024 A CN106161024 A CN 106161024A
- Authority
- CN
- China
- Prior art keywords
- usb
- control chip
- main control
- authentication
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
A kind of USB device authentic authentication method of USB control chip level and system thereof, relate to field of information security technology.USB device authentic authentication system of the present invention is generated management system, USB main control chip safety management system and USB device authentic authentication system by Third Party Authentication authentication management system, USB main control chip device certificate and forms.Compared with the existing technology, integrated use asymmetric cryptographic technique of the present invention and authentic authentication technology, the master controller of usb host and the main control chip of USB device are carried out safety and strengthens transformation, and by third party testing agency, USB main control chip is authenticated empowerment management, realize the usb host authentic authentication to USB device, reach to stop the purpose of all assault patterns attempted with USB control chip firmware as intermediary, thus build computer system and the trust computing of USB device system and communication environment.
Description
Technical field
The present invention relates to field of information security technology, the USB device authentic authentication method of particularly USB control chip level and system thereof.
Background technology
The bus that USB (Universal Serial Bus) is for connection between computer and peripheral unit, the function of its plug and play (Plug and Play) so that it is be not necessary to through complicated installation arbitrarily ancillary equipment to be linked, configure, uses and be removed.And due to the elasticity of USB and easily use so that support that the peripheral unit of USB includes that the various different products such as mouse, keyboard, loudspeaker, modem, scanner unit increase year by year.Even to this day, USB interface has become from COM port(serial port) after, most successful peripheral connection interface on computer, relevant product also comes into the market with the amplification per year over 30%.
Mobile memory medium (abbreviation USB flash disk), as most widely used USB device, has the advantages that volume is little, capacity is big, easy to carry, is the convenient medium of one of information exchange.For the ease of producing and after-sales service, USB flash disk main control chip all provides production tool to affiliate, is used for defining product function and technical parameter, and repairs product institute's produced problem after sale by software.But, it is secret that the firmware of USB flash disk main control chip itself then belongs to chip producer, does not open, and similar method uses in other ancillary equipment products of USB too.
By to the principle analysis of USB main control chip firmware and reverse-engineering, hacker's tissue is found that the safety defect being referred to as " BADUSB ", make computer can revise the firmware of USB flash disk main control chip voluntarily, such that it is able to its computer system inserted is attacked by main control chip;Main control chip firmware can also active attack computer system, become and attack the chain propagated, define the index diffusive infection model of " computer > multiple USB flash disks > more multicomputer ", thus cause the thinking that how mobile memory medium is carried out safety management.
In prior art, due to computer, operating system system and the design defect of usb protocol, cause by software approach, above-mentioned attack method to be on the defensive at present, computer system to the whole world, including industry and the robot control system(RCS) of national basis facility, all constitute extremely urgent serious threat.
Summary of the invention
For above-mentioned problems of the prior art, it is an object of the invention to provide USB device authentic authentication method and the system thereof of a kind of USB control chip level.Its integrated use asymmetric cryptographic technique and authentic authentication technology, the master controller of usb host and the main control chip of USB device are carried out safety and strengthens transformation, and by third party testing agency, USB main control chip is authenticated empowerment management, realize the usb host authentic authentication to USB device, reach to stop the purpose of all assault patterns attempted with USB control chip firmware as intermediary, thus build computer system and the trust computing of USB device system and communication environment.
In order to realize foregoing invention purpose, technical scheme realizes as follows:
A kind of USB device authentic authentication method of USB control chip level, it uses and includes being generated, by Third Party Authentication authentication management system, USB main control chip device certificate, the authentic authentication system that management system, USB main control chip safety management system and USB device authentic authentication system form.The Third Party Authentication authentication management system that wherein third-party chip testing agency uses is signed and issued manager formed by Authorization Manager, licencing key algoritic module and USB main control chip device certificate, comprises hash algorithm, Digital Signature Algorithm and numeral sign test algorithm in licencing key algoritic module.The USB main control chip device certificate that USB main control chip production firm uses generates management system and is made up of system password algoritic module and chipset certificate generator, comprises hash algorithm and Digital Signature Algorithm in system password algoritic module.The USB main control chip safety management system being built in USB device USB main control chip is made up of chip secure memory element, chip cryptographic algorithm hardware module, safe self-inspection read-only memory bootstrap and safety verification managed firmware program, and chip cryptographic algorithm hardware module comprises hash algorithm and numeral sign test algorithm.The USB device authentic authentication system of usb host end is made up of USB main control chip certificate manager, key secure storage unit and authentication password algoritic module, comprises numeral sign test algorithm in authentication password algoritic module.It mainly implements step:
1
) system authorization:
1. the Authorization Manager in Third Party Authentication authentication management system provides Third Party Authentication PKI for USB device authentic authentication system, and stores in the key secure storage unit being cured to USB device authentic authentication system.
2. the Authorization Manager in Third Party Authentication authentication management system provides Third Party Authentication PKI for USB main control chip safety management system, and stores in the chip secure memory element being cured to USB main control chip safety management system.
)
USB
Main control chip device certificate generates, signs and issues and store solidification:
1. the hash algorithm during USB main control chip device certificate generates the chipset certificate generator use system password algoritic module of management system carries out Hash process to the USB all or part of data of main control chip firmware in USB main control chip, generate USB main control chip firmware digital digest, and use the Digital Signature Algorithm in chipset private key and system password algoritic module to generate the digital signature of USB main control chip firmware digital digest.The digital signature information of USB main control chip mark, USB device type declaration, chipset PKI, USB main control chip firmware digital digest and USB main control chip firmware digital digest being packed and generate the chipset certificate body corresponding with USB master control safety chip, chipset certificate body will be provided to Third Party Authentication authentication management system.
2. the USB main control chip device certificate in Third Party Authentication authentication management system is signed and issued manager and is used the chipset PKI in chipset certificate body and the digital signature of the USB main control chip firmware digital digest in the digital sign test proof of algorithm chipset certificate body in licencing key algoritic module, confirms legitimacy and the integrity of USB main control chip firmware digital digest;As by digital signature authentication, use the hash algorithm in licencing key algoritic module that the USB all or part of data of main control chip firmware carry out Hash process, generate USB main control chip firmware digital digest.This USB main control chip firmware digital digest is compared with the USB main control chip firmware digital digest in chipset certificate body, if data consistent, the Digital Signature Algorithm in third party's signature private key and licencing key algoritic module is then used to generate the digital signature of chipset certificate body, and generation USB main control chip device certificate of the digital signature of chipset certificate body and chipset certificate body being packed.
3. USB main control chip device certificate will be solidificated in the chip secure memory element of USB main control chip safety management system by storage.
)
USB
The safe self-inspection of main control chip:
1. USB device is connected to usb host through usb bus, it is achieved after USB device powers on, and USB main control chip starts to perform the safe self-inspection read-only memory bootstrap of USB main control chip safety management system.
The safest self-inspection read-only memory bootstrap uses the Third Party Authentication PKI in chip secure memory element and the digital signature of the USB main control chip device certificate in the digital sign test proof of algorithm chip secure memory element in chip cryptographic algorithm hardware module, confirms legitimacy and the integrity of USB main control chip device certificate.As not by digital signature authentication, USB device will be prevented from being communicatively coupled with usb host.
The safest self-inspection read-only memory bootstrap uses the chipset PKI in USB main control chip device certificate and the digital signature of the USB main control chip firmware digital digest in the digital sign test proof of algorithm USB main control chip device certificate in chip cryptographic algorithm hardware module, confirms legitimacy and the integrity of USB main control chip firmware digital digest.As not by digital signature authentication, prevention is communicatively coupled by USB device with usb host.
The safest self-inspection read-only memory bootstrap uses the hash algorithm in chip cryptographic algorithm hardware module that the USB all or part of data of main control chip firmware are carried out Hash process, obtains USB main control chip firmware digital digest.This digital digest is compared with the USB main control chip firmware digital digest in USB main control chip device certificate, if data consistent, confirms that USB main control chip firmware data is not tampered with.If data are inconsistent, USB device will be prevented from being communicatively coupled with usb host.
5., after USB device sets up communication connection with usb host, USB main control chip will perform the safety verification managed firmware program of USB main control chip safety management system, coordinates the usb host authentic authentication to USB device.
)
USB
The authentic authentication of main control chip:
1. after usb host detects USB device, set up communication connection, the USB main control chip certificate manager of USB device authentic authentication system and the safety verification managed firmware program of USB main control chip safety management system conversate communication, obtain USB main control chip device certificate, and the digital signature of the digital sign test proof of algorithm USB main control chip device certificate used in key secure storage unit in Third Party Authentication PKI and authentication password algoritic module, confirm legitimacy and the integrity of USB main control chip device certificate.As not by digital signature authentication, directly disconnected the communication connection of usb host and USB device.
2. the USB main control chip certificate manager of USB device authentic authentication system starts USB device enumeration process, obtain USB device type declarations from USB main control chip, illustrate to compare by this USB device type declarations and the device type in USB main control chip device certificate.If device type is consistent, then continue the enumeration process of USB device;Such as Type-Inconsistencies, directly disconnect the communication connection of usb host and USB device.
In the USB device authentic authentication method of above-mentioned USB control chip level, the key secure storage unit of described USB device authentic authentication system and the chip secure memory element of USB main control chip safety management system each mean that chip is interior by the anti-tamper memory element protected by chip after burning chip instrument one-time write data.
In the USB device authentic authentication method of above-mentioned USB control chip level, described Third Party Authentication PKI and third party's signature private key are to be managed, for digital signature and the sign test of USB main control chip device certificate by Third Party Authentication authentication management system A;Described chipset private key and chipset PKI are all by USB main control chip production firm and management, for being digitally signed USB main control chip firmware and sign test, do not have one-to-one relationship with USB main control chip.
In the USB device authentic authentication method of above-mentioned USB control chip level, the mark that described USB main control chip mark is the model by USB main control chip and USB main control chip firmware version number is constituted, with USB main control chip device certificate one_to_one corresponding.
A kind of USB device authentic authentication system of USB control chip level, it is structurally characterized in that, it is generated management system, USB main control chip safety management system and USB device authentic authentication system by Third Party Authentication authentication management system, USB main control chip device certificate and forms.Described Third Party Authentication authentication management system is signed and issued manager formed by Authorization Manager, licencing key algoritic module and USB main control chip device certificate, comprises hash algorithm, Digital Signature Algorithm and numeral sign test algorithm in licencing key algoritic module.Described USB main control chip device certificate generates management system and is made up of system password algoritic module and chipset certificate generator, comprises hash algorithm and Digital Signature Algorithm in system password algoritic module.Described USB main control chip safety management system is made up of chip secure memory element, chip cryptographic algorithm hardware module, safe self-inspection read-only memory bootstrap and safety verification managed firmware program, and chip cryptographic algorithm hardware module comprises hard-wired hash algorithm and numeral sign test algorithm.Described USB device authentic authentication system is made up of USB main control chip certificate manager, key secure storage unit and authentication password algoritic module, comprises numeral sign test algorithm in authentication password algoritic module.Third Party Authentication authentication management system is the system that third-party chip testing agency uses, and completes the Certificate Authority function to USB main control chip safety management system and USB device authentic authentication system.It is the system that USB main control chip production firm uses that USB main control chip device certificate generates management system, completes generation and the management work of USB main control chip certificate.USB main control chip safety management system is built in the USB main control chip of USB device, completes main control chip level security self-inspection and the safety verification function of USB device.USB device authentic authentication system is built in usb host controller or is realized by individual chips, completes usb host to the authentic authentication of USB device and safe handling authentication function.
Due to the fact that and have employed above-mentioned method and structure, on the one hand the main control chip to USB device carries out the Safe Transformation of chip-scale, increases the safe self-checking function of USB main control chip, it is ensured that USB main control chip inherently safe before setting up communication connection with usb host;On the other hand, the master controller of usb host is carried out Safe Transformation or increases individual chips, before usb host enumerates USB device, increases the usb host authentic authentication function to USB device, it is ensured that the USB device of access host is safe and reliable.Meanwhile, by third party testing agency, USB main control chip being carried out authentic authentication management, it is achieved the usb host authentic authentication to USB device, the unsanctioned USB device of certification is rejected and is connected with main frame.The present invention is the USB device authentic authentication technology that information and the network system defence attack with USB as medium provide a kind of USB control chip level, thus solves cause cannot defend the attack problem with USB as medium by software approach because of computer, operating system system and usb protocol design defect.The present invention uses asymmetric cryptographic technique to achieve the empowerment management to USB main control chip and authentic authentication, and by increasing the safe self-inspection of USB main control chip, achieve the inherently safe of USB device from chip layer, the authentic authentication for USB device provides the guarantee of reliable technology.
The invention will be further described with detailed description of the invention below in conjunction with the accompanying drawings.
Accompanying drawing explanation
Fig. 1 is the principle assumption diagram of present system;
Fig. 2 is that the system authorization of usb host and USB device in the inventive method processes schematic diagram;
Fig. 3 is that in the inventive method, USB main control chip device certificate generates, signs and issues and store cured schematic diagram;
Fig. 4 is that in Fig. 3, USB main control chip device certificate generates system flow chart;
Fig. 5 is the safe self-inspection processing system flow chart of USB main control chip in the inventive method;
Fig. 6 is the usb host authentic authentication processing system flow chart to USB main control chip in the inventive method.
Detailed description of the invention
Referring to Fig. 1 to Fig. 3, it is achieved the system of the USB device authentic authentication method of USB control chip level is generated management system B by Third Party Authentication authentication management system A, USB main control chip device certificate, USB main control chip safety management system C and USB device authentic authentication system D forms.
Third Party Authentication authentication management system A is the system that third-party chip testing agency uses, it is signed and issued manager 3 formed by Authorization Manager 1, licencing key algoritic module 2 and USB main control chip device certificate, licencing key algoritic module 2 comprises hash algorithm, Digital Signature Algorithm and numeral sign test algorithm, completes system USB main control chip safety management system C and the Certificate Authority function of USB device authentic authentication system D.Third Party Authentication authentication management system A mono-aspect is licensed by Third Party Authentication PKI 13, realize usb host and the empowerment management of USB device, on the other hand, by USB main control chip being carried out safety detection and treating the chipset certificate body 14 of label and be digitally signed, generate USB main control chip device certificate 15, it is achieved signing and issuing of USB main control chip device certificate 15.
It is the system that USB main control chip production firm uses that USB main control chip device certificate generates management system B, it is made up of system password algoritic module 4 and chipset certificate generator 5, system password algoritic module 4 comprises hash algorithm and Digital Signature Algorithm, completes generation and the management work of USB main control chip device certificate.
USB main control chip safety management system C is built in the USB main control chip of USB device, it is made up of chip secure memory element 6, chip cryptographic algorithm hardware module 7, safe self-inspection read-only memory bootstrap 8 and safety verification managed firmware program 9, chip cryptographic algorithm hardware module 7 comprises hard-wired hash algorithm and numeral sign test algorithm, completes safe self-inspection and the safety verification function of USB device main control chip.
USB device authentic authentication system D is built in usb host controller or is realized by individual chips, it is made up of USB main control chip certificate manager 10, key secure storage unit 11 and authentication password algoritic module 12, authentication password algoritic module 12 comprises numeral sign test algorithm, completes usb host to the authentic authentication of USB device and safe handling authentication function.
Include USB main control chip firmware digital digest and digital signature thereof on the USB main control chip device certificate 15 of the present invention, provide important support for realizing the authentic authentication of whole system.
Referring to Fig. 1 to Fig. 6, step when the inventive method uses is:
1
) system authorization:
1. the Authorization Manager 1 in Third Party Authentication authentication management system A provides Third Party Authentication PKI 13 for USB device authentic authentication system D, and store in the key secure storage unit 11 being cured to USB device authentic authentication system D, it is achieved the Certificate Authority of USB device authentic authentication system D.
2. the Authorization Manager 1 in Third Party Authentication authentication management system A provides Third Party Authentication PKI 13 for USB main control chip safety management system C, and store in the chip secure memory element 6 being cured to USB main control chip safety management system C, it is achieved the Certificate Authority of USB device.
)
USB
Main control chip device certificate generates, signs and issues and store solidification:
1. the chipset certificate generator 5 of USB main control chip device certificate generation management system B uses the hash algorithm in system password algoritic module 4 that the USB all or part of data of main control chip firmware in USB main control chip are carried out Hash process, generate USB main control chip firmware digital digest, and use the Digital Signature Algorithm in chipset private key and system password algoritic module 4 to generate the digital signature of USB main control chip firmware digital digest.The digital signature information of USB main control chip mark, USB device type declaration, chipset PKI, USB main control chip firmware digital digest and firmware digital digest is packed and generates the chipset certificate body 14 corresponding with USB master control safety chip.Chipset certificate body 14 will be provided to Third Party Authentication authentication management system A.
2. the USB main control chip device certificate in Third Party Authentication authentication management system A is signed and issued manager 3 and is used the digital signature of the USB main control chip firmware digital digest in the digital sign test proof of algorithm chipset certificate body 14 in the chipset PKI in chipset certificate body 14 and licencing key algoritic module 2, confirms legitimacy and the integrity of USB main control chip firmware digital digest;As passed through digital signature authentication, use the hash algorithm in licencing key algoritic module 2 that the USB all or part of data of main control chip firmware are carried out Hash process, generate USB main control chip firmware digital digest, this digital digest is compared with the USB main control chip firmware digital digest in chipset certificate body 14, if data consistent, the Digital Signature Algorithm in third party's signature private key and licencing key algoritic module 2 is then used to generate the digital signature of chipset certificate body 14, and generation USB main control chip device certificate 15 that chipset certificate body 14 and digital signature are packed.
3. USB main control chip device certificate 15 will be solidificated in the chip secure memory element 6 of USB main control chip safety management system D by storage.
)
USB
The safe self-inspection of main control chip:
1. USB device connects usb host through usb bus, it is achieved after USB device powers on, and USB main control chip starts to perform the safe self-inspection read-only memory bootstrap 8 of USB main control chip safety management system C;
The digital signature of USB main control chip device certificate 15 in the digital sign test proof of algorithm chip secure memory element 6 that the safest self-inspection read-only memory bootstrap 8 uses in chip secure memory element 6 in Third Party Authentication PKI 13 and chip cryptographic algorithm hardware module 7, confirms legitimacy and the integrity of chipset certificate;As not by digital signature authentication, USB device will be prevented from being communicatively coupled with usb host;
The safest self-inspection read-only memory bootstrap 8 uses the digital signature of the USB main control chip firmware digital digest in the digital sign test proof of algorithm USB main control chip device certificate 15 in the chipset PKI in USB main control chip device certificate 15 and chip cryptographic algorithm hardware module 7, confirms legitimacy and the integrity of USB main control chip firmware digital digest;As not by digital signature authentication, USB device will be prevented from being communicatively coupled with usb host;
The safest self-inspection read-only memory bootstrap 8 uses the hash algorithm in chip cryptographic algorithm hardware module 7 that the USB all or part of data of main control chip firmware are carried out Hash process, obtains USB main control chip firmware digital digest;This digital digest is compared with the USB main control chip firmware digital digest in USB main control chip device certificate 15, if data consistent, confirms that USB main control chip firmware data is not tampered with;If data are inconsistent, USB device will be prevented from being communicatively coupled with usb host;
5., after USB device sets up communication connection with usb host, USB main control chip will perform the safety verification managed firmware program 9 of USB main control chip safety management system C, coordinates the usb host authentic authentication to USB device.
)
USB
The authentic authentication of main control chip:
1. after usb host detects USB device, set up communication connection, the USB main control chip certificate manager 10 of USB device authentic authentication system D and the safety verification managed firmware program 9 of USB main control chip safety management system C conversate communication, obtain USB main control chip device certificate 15;And use the digital signature of digital sign test proof of algorithm USB main control chip device certificate 15 in the Third Party Authentication PKI 13 in key secure storage unit 11 and authentication password algoritic module 12, confirm legitimacy and the integrity of chipset certificate 15;As not by digital signature authentication, directly disconnected the communication connection of usb host and USB device.
2. the USB main control chip certificate manager 10 of USB device authentic authentication system D starts USB device enumeration process, obtain USB device type declarations from USB main control chip, illustrate to compare by this USB device type declarations and the device type in USB main control chip device certificate 15;If device type is consistent, then continue the normal enumeration process of USB device;As device type is inconsistent, directly disconnect the communication connection of usb host and USB device.
Claims (5)
1. a USB device authentic authentication method for USB control chip level, it uses and includes being generated, by Third Party Authentication authentication management system (A), USB main control chip device certificate, the authentic authentication system that management system (B), USB main control chip safety management system (C) and USB device authentic authentication system (D) form;The Third Party Authentication authentication management system (A) that wherein third-party chip testing agency uses is signed and issued manager (3) by Authorization Manager (1), licencing key algoritic module (2) and USB main control chip device certificate and is formed, and comprises hash algorithm, Digital Signature Algorithm and numeral sign test algorithm in licencing key algoritic module (2);The USB main control chip device certificate used by USB main control chip production firm generates management system (B) and is made up of system password algoritic module (4) and chipset certificate generator (5), and system password algoritic module comprises hash algorithm and Digital Signature Algorithm in (4);USB main control chip safety management system (C) being built in USB device USB main control chip is made up of chip secure memory element (6), chip cryptographic algorithm hardware module (7), safe self-inspection read-only memory bootstrap (8) and safety verification managed firmware program (9), and chip cryptographic algorithm hardware module (7) comprises hard-wired hash algorithm and numeral sign test algorithm;The USB device authentic authentication system (D) of usb host end is made up of USB main control chip certificate manager (10), key secure storage unit (11) and authentication password algoritic module (12), comprises numeral sign test algorithm in authentication password algoritic module (12);It mainly implements step:
1
) system authorization:
1. the Authorization Manager (1) in Third Party Authentication authentication management system (A) is that USB device authentic authentication system (D) provides Third Party Authentication PKI (13), and stores in the key secure storage unit (11) being cured to USB device authentic authentication system (D);
2. the Authorization Manager (1) in Third Party Authentication authentication management system (A) is that USB main control chip safety management system (C) provides Third Party Authentication PKI (13), and stores in the chip secure memory element (6) being cured to USB main control chip safety management system (C);
2
) USB main control chip device certificate generates, signs and issues and store solidification:
1. the hash algorithm during USB main control chip device certificate generates the chipset certificate generator (5) use system password algoritic module (4) of management system (B) carries out Hash process to the USB all or part of data of main control chip firmware in USB main control chip, generate USB main control chip firmware digital digest, and use the Digital Signature Algorithm in chipset private key and system password algoritic module (4) to generate the digital signature of USB main control chip firmware digital digest;The digital signature information of USB main control chip mark, USB device type declaration, chipset PKI, USB main control chip firmware digital digest and firmware digital digest is packed and generates chipset certificate body (14) corresponding with USB main control chip;Chipset certificate body (14) will be provided to Third Party Authentication authentication management system (A);
2. the USB main control chip device certificate in Third Party Authentication authentication management system (A) is signed and issued manager (3) and is used the chipset PKI in chipset certificate body (14) and the digital signature of the USB main control chip firmware digital digest in digital sign test proof of algorithm chipset certificate body (14) in licencing key algoritic module (2), confirms legitimacy and the integrity of USB main control chip firmware digital digest;As passed through digital signature authentication, use the hash algorithm in licencing key algoritic module (2) that the USB all or part of data of main control chip firmware are carried out Hash process, generate USB main control chip firmware digital digest, this digital digest is compared with the USB main control chip firmware digital digest in chipset certificate body (14), if data consistent, the Digital Signature Algorithm in third party's signature private key and licencing key algoritic module (2) is then used to generate the digital signature of chipset certificate body (14), and generation USB main control chip device certificate (15) that chipset certificate body (14) and digital signature are packed;
3. USB main control chip device certificate (15) will be solidificated in the chip secure memory element (6) of USB main control chip safety management system (C) by storage;
3
) the safe self-inspection of USB main control chip:
1. USB device connects usb host through usb bus, it is achieved after USB device powers on, and USB main control chip starts to perform the safe self-inspection read-only memory bootstrap (8) of USB main control chip safety management system (C);
The digital signature of USB main control chip device certificate (15), the legitimacy of confirmation chipset certificate and integrity in digital sign test proof of algorithm chip secure memory element (6) that the safest self-inspection read-only memory bootstrap (8) uses in chip secure memory element (6) in Third Party Authentication PKI (13) and chip cryptographic algorithm hardware module (7);As not by digital signature authentication, USB device will be prevented from being communicatively coupled with usb host;
The safest self-inspection read-only memory bootstrap (8) uses the chipset PKI in USB main control chip device certificate (15) and the digital signature of the USB main control chip firmware digital digest in digital sign test proof of algorithm USB main control chip device certificate (15) in chip cryptographic algorithm hardware module (7), confirms legitimacy and the integrity of USB main control chip firmware digital digest;As not by digital signature authentication, USB device will be prevented from being communicatively coupled with usb host;
The safest self-inspection read-only memory bootstrap (8) uses the hash algorithm in chip cryptographic algorithm hardware module (7) that the USB all or part of data of main control chip firmware are carried out Hash process, obtains USB main control chip firmware digital digest;This digital digest is compared with the USB main control chip firmware digital digest in USB main control chip device certificate (15), if data consistent, confirms that USB main control chip firmware data is not tampered with;If data are inconsistent, USB device will be prevented from being communicatively coupled with usb host;
5., after USB device sets up communication connection with usb host, USB main control chip will perform safety verification managed firmware program (9) of USB main control chip safety management system (C), coordinate the usb host authentic authentication to USB device;
4
) authentic authentication of USB main control chip:
1. after usb host detects USB device, set up communication connection, safety verification managed firmware program (9) of USB main control chip certificate manager (10) and USB main control chip safety management system (C) of USB device authentic authentication system (D) conversates communication, obtains USB main control chip device certificate (15);And use the digital signature of digital sign test proof of algorithm USB main control chip device certificate (15) in the Third Party Authentication PKI (13) in key secure storage unit (11) and authentication password algoritic module (12), confirm legitimacy and the integrity of chipset certificate (15);As not by digital signature authentication, directly disconnected the communication connection of usb host and USB device;
2. USB main control chip certificate manager (10) of USB device authentic authentication system (D) starts USB device enumeration process, obtain USB device type declarations from USB main control chip, illustrate to compare by this USB device type declarations and the device type in USB main control chip device certificate (15);If device type is consistent, then continue the normal enumeration process of USB device;As device type is inconsistent, directly disconnect the communication connection of usb host and USB device.
2. the USB device authentic authentication method of USB control chip level as claimed in claim 1; it is characterized in that, the key secure storage unit (11) of described USB device authentic authentication system (D) and the chip secure memory element (6) of USB main control chip safety management system (C) each mean that chip is interior by the anti-tamper memory element protected by chip after burning chip instrument one-time write data.
3. the USB device authentic authentication method of USB control chip level as claimed in claim 1 or 2, it is characterized in that, described Third Party Authentication PKI (13) and third party's signature private key are to be managed, for digital signature and the sign test of USB main control chip device certificate (15) by Third Party Authentication authentication management system (A);Described chipset private key and chipset PKI are all by USB main control chip production firm and management, for being digitally signed USB main control chip firmware and sign test, do not have one-to-one relationship with USB main control chip.
4. the USB device authentic authentication method of USB control chip level as claimed in claim 3, it is characterized in that, the mark that described USB main control chip mark is the model by USB main control chip and USB main control chip firmware version number is constituted, with USB main control chip device certificate (15) one_to_one corresponding.
5. the USB device authentic authentication system of a USB control chip level, it is characterized in that, it is generated management system (B), USB main control chip safety management system (C) and USB device authentic authentication system (D) by Third Party Authentication authentication management system (A), USB main control chip device certificate and forms;Described Third Party Authentication authentication management system (A) is signed and issued manager (3) by Authorization Manager (1), licencing key algoritic module (2) and USB main control chip device certificate and is formed, and comprises hash algorithm, Digital Signature Algorithm and numeral sign test algorithm in licencing key algoritic module (2);Described USB main control chip device certificate generates management system (B) and is made up of system password algoritic module (4) and chipset certificate generator (5), and system password algoritic module comprises hash algorithm and Digital Signature Algorithm in (4);Described USB main control chip safety management system (C) is made up of chip secure memory element (6), chip cryptographic algorithm hardware module (7), safe self-inspection read-only memory bootstrap (8) and safety verification managed firmware program (9), and chip cryptographic algorithm hardware module (7) comprises hard-wired hash algorithm and numeral sign test algorithm;Described USB device authentic authentication system (D) is made up of USB main control chip certificate manager (10), key secure storage unit (11) and authentication password algoritic module (12), comprises numeral sign test algorithm in authentication password algoritic module (12);Third Party Authentication authentication management system (A) is the system that third-party chip testing agency uses, and completes system USB main control chip safety management system (C) and the Certificate Authority function of USB device authentic authentication system (D);It is the system that USB main control chip production firm uses that USB main control chip device certificate generates management system (B), completes generation and the management work of USB main control chip device certificate (15);USB main control chip safety management system (C) is built in the USB main control chip of USB device, completes safe self-inspection and the safety verification function of USB device main control chip;USB device authentic authentication system (D) is built in usb host controller or is realized by individual chips, completes usb host to the authentic authentication of USB device and safe handling authentication function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510156573.8A CN106161024B (en) | 2015-04-03 | 2015-04-03 | USB control chip-level USB equipment credibility authentication method and system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510156573.8A CN106161024B (en) | 2015-04-03 | 2015-04-03 | USB control chip-level USB equipment credibility authentication method and system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106161024A true CN106161024A (en) | 2016-11-23 |
| CN106161024B CN106161024B (en) | 2023-05-12 |
Family
ID=57338008
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510156573.8A Active CN106161024B (en) | 2015-04-03 | 2015-04-03 | USB control chip-level USB equipment credibility authentication method and system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106161024B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107358109A (en) * | 2017-07-17 | 2017-11-17 | 山东超越数控电子有限公司 | A kind of safety enhancing intelligent terminal encryption storage system |
| CN108199849A (en) * | 2018-01-04 | 2018-06-22 | 北京中电华大电子设计有限责任公司 | The USBkey equipment safeties attacking system and method for a kind of real time data acquisition |
| CN108345805A (en) * | 2017-05-05 | 2018-07-31 | 清华大学 | Verify the method and device of firmware |
| CN109063470A (en) * | 2018-07-26 | 2018-12-21 | 郑州云海信息技术有限公司 | A kind of safe verification method and system of BMC firmware |
| CN110532777A (en) * | 2018-05-24 | 2019-12-03 | 霍尼韦尔环境自控产品(天津)有限公司 | Secure startup system and method, terminal device and its core system |
| CN111181724A (en) * | 2018-11-09 | 2020-05-19 | 紫光同芯微电子有限公司 | SIM chip security credibility authentication system and authentication method thereof |
| CN112385198A (en) * | 2018-07-12 | 2021-02-19 | 西门子交通有限责任公司 | Method for setting up an authorization credential for a first device |
| CN112579374A (en) * | 2020-12-16 | 2021-03-30 | 惠州市德赛西威智能交通技术研究院有限公司 | System and method for safety debugging of embedded equipment |
| CN115630377A (en) * | 2022-10-10 | 2023-01-20 | 广州市金其利信息科技有限公司 | External device access method and device, computer device and external device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553349A (en) * | 2003-05-29 | 2004-12-08 | 联想(北京)有限公司 | Safety chip and information safety processor and processing method |
| US20100023777A1 (en) * | 2007-11-12 | 2010-01-28 | Gemalto Inc | System and method for secure firmware update of a secure token having a flash memory controller and a smart card |
| CN102427449A (en) * | 2011-11-04 | 2012-04-25 | 北京工业大学 | Trusted mobile storage method based on security chips |
-
2015
- 2015-04-03 CN CN201510156573.8A patent/CN106161024B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553349A (en) * | 2003-05-29 | 2004-12-08 | 联想(北京)有限公司 | Safety chip and information safety processor and processing method |
| US20100023777A1 (en) * | 2007-11-12 | 2010-01-28 | Gemalto Inc | System and method for secure firmware update of a secure token having a flash memory controller and a smart card |
| CN102427449A (en) * | 2011-11-04 | 2012-04-25 | 北京工业大学 | Trusted mobile storage method based on security chips |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108345805B (en) * | 2017-05-05 | 2022-09-02 | 清华大学 | Method and device for verifying firmware |
| CN108345805A (en) * | 2017-05-05 | 2018-07-31 | 清华大学 | Verify the method and device of firmware |
| CN107358109A (en) * | 2017-07-17 | 2017-11-17 | 山东超越数控电子有限公司 | A kind of safety enhancing intelligent terminal encryption storage system |
| CN108199849B (en) * | 2018-01-04 | 2021-01-05 | 北京中电华大电子设计有限责任公司 | USBKey equipment security attack system and method for real-time data acquisition |
| CN108199849A (en) * | 2018-01-04 | 2018-06-22 | 北京中电华大电子设计有限责任公司 | The USBkey equipment safeties attacking system and method for a kind of real time data acquisition |
| CN110532777A (en) * | 2018-05-24 | 2019-12-03 | 霍尼韦尔环境自控产品(天津)有限公司 | Secure startup system and method, terminal device and its core system |
| CN112385198A (en) * | 2018-07-12 | 2021-02-19 | 西门子交通有限责任公司 | Method for setting up an authorization credential for a first device |
| US11916903B2 (en) | 2018-07-12 | 2024-02-27 | Siemens Mobility GmbH | Method for setting up authorization verification for a first device |
| CN112385198B (en) * | 2018-07-12 | 2024-05-28 | 西门子交通有限责任公司 | Method for setting up an authorization proof for a first device |
| CN109063470A (en) * | 2018-07-26 | 2018-12-21 | 郑州云海信息技术有限公司 | A kind of safe verification method and system of BMC firmware |
| CN111181724A (en) * | 2018-11-09 | 2020-05-19 | 紫光同芯微电子有限公司 | SIM chip security credibility authentication system and authentication method thereof |
| CN112579374A (en) * | 2020-12-16 | 2021-03-30 | 惠州市德赛西威智能交通技术研究院有限公司 | System and method for safety debugging of embedded equipment |
| CN112579374B (en) * | 2020-12-16 | 2024-03-08 | 惠州市德赛西威智能交通技术研究院有限公司 | System and method for secure debugging of embedded device |
| CN115630377A (en) * | 2022-10-10 | 2023-01-20 | 广州市金其利信息科技有限公司 | External device access method and device, computer device and external device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106161024B (en) | 2023-05-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106161024A (en) | A kind of USB device authentic authentication method of USB control chip level and system thereof | |
| TWI514187B (en) | Systems and methods for providing anti-malware protection on storage devices | |
| CN103946806B (en) | Devices, systems and methods for providing memory access control | |
| CN109858265A (en) | A kind of encryption method, device and relevant device | |
| US10771264B2 (en) | Securing firmware | |
| TW202036347A (en) | Method and apparatus for data storage and verification | |
| CN106687985A (en) | Method for privileged mode based secure input mechanism | |
| CN108629206B (en) | Secure encryption method, encryption machine and terminal equipment | |
| CN105447390A (en) | Digital certificate system based software version trusted management method | |
| CN104537282B (en) | It is a kind of that method is licensed based on encryption flash memory disk and big data computing | |
| US7921270B2 (en) | Methods and systems for controlling access to a storage device | |
| CN111177693B (en) | Method, device, equipment and medium for verifying terminal root certificate | |
| CN109190401A (en) | A kind of date storage method, device and the associated component of Qemu virtual credible root | |
| CN101739622A (en) | Trusted payment computer system | |
| WO2021128988A1 (en) | Authentication method and device | |
| CN113632084A (en) | Runtime code execution verification | |
| CN104361280B (en) | A kind of method realizing carrying out authentic authentication to USB storage device by SMI interrupt | |
| CN204578548U (en) | A kind of USB device authentic authentication device of USB control chip level | |
| CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
| WO2023160705A1 (en) | Component authentication method and apparatus | |
| CN201498001U (en) | Credible calculation platform based on symmetrical key codes | |
| TWI789291B (en) | Module and method for authenticating data transfer between a storage device and a host device | |
| CN111310173A (en) | Terminal virtual machine identity authentication method and system of trusted chip | |
| CN116346415A (en) | Multi-factor login authentication method and device for industrial control PLC system and PLC system | |
| CN112968774B (en) | Method, device storage medium and equipment for encrypting and decrypting configuration file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |