CN110601843A - Internet of things terminal security protection system based on trusted computing - Google Patents

Internet of things terminal security protection system based on trusted computing Download PDF

Info

Publication number
CN110601843A
CN110601843A CN201910637627.0A CN201910637627A CN110601843A CN 110601843 A CN110601843 A CN 110601843A CN 201910637627 A CN201910637627 A CN 201910637627A CN 110601843 A CN110601843 A CN 110601843A
Authority
CN
China
Prior art keywords
pin
trusted
internet
module
root
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910637627.0A
Other languages
Chinese (zh)
Inventor
唐道光
杜伟
张川川
侯飞
郭书清
王宪朝
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanxi Baixin Information Technology Co Ltd
Original Assignee
Shanxi Baixin Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanxi Baixin Information Technology Co Ltd filed Critical Shanxi Baixin Information Technology Co Ltd
Priority to CN201910637627.0A priority Critical patent/CN110601843A/en
Publication of CN110601843A publication Critical patent/CN110601843A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of information security, and particularly relates to an Internet of things terminal security protection system based on trusted computing; the technical problem to be solved is as follows: the internet of things terminal security protection system based on trusted computing and high in data transmission security is provided; the technical scheme is as follows: the system comprises a TCM trusted computing module, a trusted root module and a trusted computing module, wherein the TCM trusted computing module is arranged in a terminal hardware platform of the Internet of things and is used as a trusted root of the terminal of the Internet of things; wherein, the TCM root of trust contains: a credibility measurement root, a credibility storage root and a credibility report root; the platform integrity measurement module is used for measuring the platform integrity of the Internet of things terminal hardware platform; the platform integrity measurement module comprises: the reference value measurement module is used for measuring each module of the platform under the credible state of the platform and taking a measurement result as a measurement reference value; and the credibility measurement module is used for sequentially measuring the files through the TCM credible root, comparing the measurement value with the reference value, and if the comparison is consistent, the measurement is passed.

Description

Internet of things terminal security protection system based on trusted computing
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a trusted computing-based internet of things terminal security protection system.
Background
The internet of things uses a sensor technology, an RFID tag and an embedded system technology as cores to complete information acquisition, transmission and processing, and large-scale 'object-object' connected networks and a large number of sensing nodes (internet of things terminals) inevitably bring information security problems and are easy to become attack objects for stealing information and privacy.
The credibility of the computing sensing nodes is the basis, the dependence on network communication is more sensitive when huge nodes are connected in a cluster mode, and the requirements on the safety and the credibility of a management platform of a distributed internet of things core network are higher; meanwhile, the internet of things puts higher requirements on the security of data transmission and the credibility of identity authentication.
Disclosure of Invention
The invention overcomes the defects of the prior art, and solves the technical problems that: the internet of things terminal security protection system based on trusted computing and high in data transmission security is provided.
In order to solve the technical problems, the invention adopts the technical scheme that:
a terminal security protection system of the Internet of things based on trusted computing comprises: the TCM trusted computing module is arranged in the Internet of things terminal hardware platform and is used as a trusted root of the Internet of things terminal; wherein, the TCM root of trust contains: a credibility measurement root, a credibility storage root and a credibility report root; the platform integrity measurement module is used for measuring the platform integrity of the Internet of things terminal hardware platform; the platform integrity measurement module comprises: a reference value measurement module, configured to measure each module of the platform in a state that the platform is trusted, and use a measurement result as a reference value for measurement, where: the various modules of the platform include: the system comprises a trusted PMON, a Linux kernel and a core configuration file; and the credibility measurement module is used for sequentially measuring the files through the TCM credible root, comparing the measurement value with the reference value, and if the comparison is consistent, the measurement is passed.
Preferably, the method further comprises the following steps: the creating module is used for creating a platform identity key; wherein: the platform identity key is generated by combining an endorsement key EK and a certificate authentication center, the endorsement key EK is stored in a trusted report root, and a public key certificate corresponding to the endorsement key EK is public; and the identity authentication module is used for performing identity authentication on the platform through the platform identity key.
Preferably, the method further comprises the following steps: and the encryption module is used for encrypting the information to be sent by the platform through the TCM trusted root.
Preferably, the method further comprises the following steps: and the decryption module is used for decrypting the information received by the platform through the TCM trusted root.
Preferably, the trusted metrics module comprises: the credible PMON measuring module is used for measuring the credible PMON, and the PMON is started when the measurement is passed; the operating system measurement module is used for measuring the Linux kernel and the core configuration file, and the Linux system is started when the measurement is passed; the trusted application measurement module is used for measuring the trusted application and starting the trusted application program after the measurement is passed; and the storage module is used for recording that the current platform state is credible and storing the state into a credible storage root of a TCM credible root, wherein the credible storage root is a PCR register.
Preferably, the encryption module includes: sending the data to be encrypted and the authorization information of the storage key to the TCM trusted root; the TCM trusted root stores a PCR value to be used in the decryption process; the TCM trusted root encrypts data to be encrypted and encapsulates the data into data blocks; and storing the encrypted data block in an external storage space.
Preferably, the decryption module comprises: the TCM trusted root receives the encrypted data block and the authorization information of the storage key; the TCM trusted root decrypts the encrypted data block using the storage key, wherein: the decrypted data block contains a PCR value; and checking whether the decrypted PCR value is the same as that of the current platform, if so, returning the decrypted data, and if not, returning failure.
Preferably, the TCM trusted computing module includes a chip with a model Z32H 330.
Preferably, an SPI driver of the TCM trusted computing module is arranged in the embedded hardware platform of the terminal of the internet of things, and the TCM trusted computing module is in communication connection with the terminal of the internet of things through an SPI interface.
Compared with the prior art, the invention has the following beneficial effects:
1. the internet of things terminal security protection system based on trusted computing can comprehensively measure the integrity of the internet of things terminal hardware platform, prevent the information, content and the like of the hardware platform from being tampered, and greatly protect the security and the credibility of the internet of things terminal.
2. In the invention, because the TCM trusted root has a unique identity (endorsement key EK), the identity authentication of the platform by the invention has higher credibility and accuracy compared with the traditional identity authentication mode through an IP address or an MAC address.
3. The invention provides a hardware-level cryptographic service, greatly facilitates the development of upper-layer application programs through data encryption and decryption, and reduces the burden caused by limited resources of the terminal platform of the Internet of things.
Drawings
The present invention will be described in further detail with reference to the accompanying drawings;
fig. 1 is a schematic structural diagram of a security protection system of an internet of things terminal based on trusted computing according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of an internet of things terminal hardware platform in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a terminal security protection system of the internet of things based on trusted computing according to a second embodiment of the present invention;
fig. 4 is a schematic structural diagram of a security protection system of an internet of things terminal based on trusted computing according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of identity authentication in an internet of things terminal security protection system based on trusted computing according to a third embodiment of the present invention;
fig. 6 is a schematic structural diagram of a security protection system of an internet of things terminal based on trusted computing according to a fourth embodiment of the present invention;
fig. 7 is a schematic structural diagram of data encryption in an internet of things terminal security protection system based on trusted computing according to a fourth embodiment of the present invention;
fig. 8 is a schematic structural diagram of a security protection system of an internet of things terminal based on trusted computing according to a fifth embodiment of the present invention;
fig. 9 is a schematic structural diagram of data decryption in an internet of things terminal security protection system based on trusted computing according to a fifth embodiment of the present invention;
fig. 10 is a schematic circuit diagram of a TCM trusted computing module in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 11 is a schematic circuit diagram of a CPU main control chip of an internet of things terminal hardware platform in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 12 is a schematic circuit diagram of a power module in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 13 is a schematic circuit diagram of a USB interface circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 14 is a schematic circuit diagram of an RPIGPIO interface circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 15 is a schematic circuit diagram of an LCD interface circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 16 is a schematic circuit diagram of a TF card interface circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 17 is a schematic circuit diagram of an ethernet interface circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 18 is a schematic circuit diagram of an SD-RAM storage circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 19 is a circuit schematic diagram of a NANDFLASH storage circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 20 is a schematic circuit diagram of an SPI-FLASH storage circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 21 is a schematic circuit diagram of a crystal oscillator circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 22 is a schematic circuit diagram of an indicator light circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 23 is a schematic circuit diagram of a battery circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
fig. 24 is a schematic circuit diagram of a debug circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention;
in the figure: 10 is a TCM trusted computing module, 20 is a platform integrity measuring module, 30 is a creating module, 40 is an identity authentication module, 50 is an encryption module, and 60 is a decryption module;
201 is a reference value measurement module, and 202 is a credible measurement module;
2021 is a trusted PMON metric module, 2022 is an operating system metric module, 2023 is a trusted application metric module, and 2024 is a storage module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments, but not all embodiments, of the present invention; all other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic structural diagram of an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 1, the internet of things terminal security protection system based on trusted computing includes: the TCM trusted computing module 10 is arranged in a terminal hardware platform of the Internet of things and is used as a trusted root of the terminal of the Internet of things; wherein, the TCM root of trust contains: a credibility measurement root, a credibility storage root and a credibility report root; the platform integrity measurement module 20 is used for measuring the platform integrity of the terminal hardware platform of the internet of things; the platform integrity measurement module 20 includes: a reference value measurement module 201, configured to measure each module of the platform in a trusted state of the platform, and use a measurement result as a reference value of measurement, where: the various modules of the platform include: the system comprises a trusted PMON, a Linux kernel and a core configuration file; and the trusted measurement module 202 is configured to sequentially measure the files through the TCM trusted root, compare the measurement value with a reference value, and if the comparison is consistent, the measurement is passed.
Fig. 2 is a schematic structural diagram of an internet of things terminal hardware platform in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 2, after a TCM trusted root is embedded in the present invention, the TCM trusted root, a conventional embedded hardware configuration, and an upper-layer software system jointly establish a trusted computing domain of an internet of things sensing node; the TCM trusted root, the trusted firmware, the trusted embedded operating system and the trusted application program form a trusted chain of the terminal of the Internet of things; the trusted TCM and the TSS software stack on the operating system level together provide hardware-level cryptographic services for trusted applications on the upper layers.
Fig. 3 is a schematic structural diagram of a security protection system of an internet of things based on trusted computing according to a second embodiment of the present invention, and as shown in fig. 3, the trusted metric module 202 includes: the trusted PMON measurement module 2021 is configured to measure a trusted PMON, and if the measurement is passed, the PMON is started; the operating system measurement module 2022 is configured to measure the Linux kernel and the core configuration file, and if the measurement is passed, the Linux system is started; the trusted application measurement module 2023 is configured to measure a trusted application, and start the trusted application after the measurement is passed; the storage module 2024 is configured to record that the current platform state is trusted, and store the state in a trusted storage root of a TCM trusted root, where the trusted storage root is a PCR register.
The internet of things terminal security protection system based on trusted computing can comprehensively measure the integrity of the internet of things terminal hardware platform, prevent the information, content and the like of the hardware platform from being tampered, and greatly protect the security and the credibility of the internet of things terminal.
Fig. 4 is a schematic structural diagram of a security protection system of an internet of things terminal based on trusted computing according to a third embodiment of the present invention; fig. 5 is a schematic structural diagram of identity authentication in an internet of things terminal security protection system based on trusted computing according to a third embodiment of the present invention; as shown in fig. 4 and 5, on the basis of the first embodiment, the system for protecting the security of the internet of things based on trusted computing further includes: a creating module 30, configured to create a platform identity key; wherein: the platform identity key is generated by combining an endorsement key EK and a certificate authentication center, the endorsement key EK is stored in a trusted report root, and a public key certificate corresponding to the endorsement key EK is public; and the identity authentication module 40 is configured to authenticate the platform by using the platform identity key.
In the invention, because the TCM trusted root has a unique identity, namely an endorsement key EK, the private key of the endorsement key is stored in the trusted report root, and the public key certificate is disclosed; jointly generating a platform identity key by an endorsement key and a certificate authentication center, wherein the platform identity key is used for authenticating the platform identity; in the invention, because the TCM trusted root has the unique identity endorsement key EK, the identity authentication of the platform by the invention has higher credibility and accuracy compared with the traditional identity authentication mode through an IP address or an MAC address.
Fig. 6 is a schematic structural diagram of a security protection system of an internet of things terminal based on trusted computing according to a fourth embodiment of the present invention; as shown in fig. 6, on the basis of the first embodiment, a system for protecting a terminal of an internet of things based on trusted computing further includes: and the encryption module 50 is used for encrypting the information to be sent by the platform through the TCM trusted root.
Fig. 7 is a schematic structural diagram of data encryption in an internet of things terminal security protection system based on trusted computing according to a fourth embodiment of the present invention, and as shown in fig. 7, encrypting information to be sent by a platform through a TCM trusted root specifically includes: sending the data to be encrypted and the authorization information of the storage key to the TCM trusted root; the TCM trusted root stores a PCR value to be used in the decryption process; the TCM trusted root encrypts data to be encrypted and encapsulates the data into data blocks; and storing the encrypted data block in an external storage space.
Fig. 8 is a schematic structural diagram of data encryption in an internet of things terminal security protection system based on trusted computing according to a fifth embodiment of the present invention, as shown in fig. 8, on the basis of the first embodiment, the internet of things terminal security protection system based on trusted computing further includes: and the decryption module 60 is used for decrypting the platform received information through the TCM trusted root.
Fig. 9 is a schematic structural diagram of data decryption in an internet of things terminal security protection system based on trusted computing according to a fifth embodiment of the present invention, and as shown in fig. 9, the decrypting information received by a platform through a TCM trusted root specifically includes: the TCM trusted root receives the encrypted data block and the authorization information of the storage key; the TCM trusted root decrypts the encrypted data block using the storage key, wherein: the decrypted data block contains a PCR value; and checking whether the decrypted PCR value is the same as that of the current platform, if so, returning the decrypted data, and if not, returning failure.
Furthermore, the TCM trusted computing module 10 includes a chip with a model Z32H 330.
An SPI drive of the TCM trusted computing module 10 is arranged in the terminal hardware platform of the Internet of things, and the TCM trusted computing module 10 is in communication connection with the terminal of the Internet of things through an SPI interface.
The invention provides a hardware-level cryptographic service, greatly facilitates the development of upper-layer application programs through data encryption and decryption, and reduces the burden caused by limited resources of the terminal platform of the Internet of things.
Fig. 10 is a schematic circuit diagram of a TCM trusted computing module in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, as shown in fig. 10, the TCM trusted module includes a chip U1 with a model Z32H330, a pin VCC of the chip U1, a pin VCC1, a pin VCC2, and a pin VCC3 are all connected to a voltage input connector VA, and a pin VSS of the chip U1, a pin VSS1, a pin GND, and a pin GND1 are all grounded;
the voltage input joint VA is respectively connected with one end of a capacitor C4, one end of a capacitor C5, one end of a capacitor C6 and one end of a capacitor C7, and the other end of the capacitor C4 is respectively connected with the other end of a capacitor C5, the other end of a capacitor C6 and the other end of a capacitor C7 and then grounded;
the voltage input joint VA is connected with a resistor R2 and a light emitting diode D1 in series in sequence and then is connected with a pin CS of a chip U1;
a pin TPMRST of the chip U1 is respectively connected with one end of a switch SW1 and one end of a capacitor C3, the other end of the switch SW1 is connected with one end of a resistor R1, and the other end of the resistor R1 is connected with the other end of the capacitor C3 and then grounded;
the pin PP, the pin GPIO4 and the pin GPIO5 of the chip U1 are respectively connected with the connecting terminal J2; a pin MISO, a pin MOSI, a pin CLK and a pin CS of the chip U1 are respectively connected with a pin 21, a pin 19, a pin 23 and a pin 24 of a wiring terminal J1 of the SPI interface;
pin 6, pin 9, pin 14, pin 20, pin 25 pin of binding post J1 of SPI interface all ground connection, binding post J1's of SPI interface pin 17 links to each other with voltage input joint VA, binding post J1's of SPI interface pin 1 links to each other with electric capacity C1's one end, electric capacity C2's one end, voltage input joint VA respectively, electric capacity C1's the other end, electric capacity C2's the other end all ground connection.
The hardware components adopted by the Internet of things terminal hardware platform comprise: the CPU main control chip, SDRAM, NANDFLASH and the like CAN externally provide common interfaces such as 10/100M self-adaptive network port, USB2.0, UART, I2S, I2C, SPI, CAN and the like, and CAN expand and support sensor equipment such as temperature and humidity sensors, gas sensors, GPS and the like through the interfaces; specifically, a schematic circuit diagram of the CPU main control chip in the present invention is shown in fig. 11.
Fig. 12 is a schematic circuit diagram of a power module in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, where the power module provides a 3V voltage and a 1.2V voltage for an internet of things terminal hardware platform; as shown in fig. 12, the power supply module includes: a voltage stabilizing chip U9 and a voltage stabilizing chip U11; an input end VIN of the voltage stabilizing chip U9 is connected with an external 5V power output end VCC5V, one end of a capacitor C51 and an enable end EN of the voltage stabilizing chip U9, an output end LX of the voltage stabilizing chip U9 is connected with an inductor L1 in series and then connected with one end of a resistor R56 and one end of a fuse F1, the other end of the resistor R56 is connected with a feedback end FB of the voltage stabilizing chip U9 and one end of the resistor R57 respectively, the other end of the fuse F1 is connected with one end of the capacitor C50 and a 3V voltage output end VDD3V3 of the power module respectively, and a ground end GND of the voltage stabilizing chip U9, the other end of the resistor R57, the other end of the capacitor C50 and the other end of the capacitor C51 are grounded; an input end VIN of the voltage stabilizing chip U11 is connected with an external 5V power output end VCC5V, one end of a capacitor C57 and an enable end EN of the voltage stabilizing chip U9, an output end LX of the voltage stabilizing chip U11 is connected with one end of a resistor R58 and one end of a fuse F2 after being connected with an inductor L2 in series, the other end of the resistor R58 is connected with a feedback end FB of the voltage stabilizing chip U11 and one end of the resistor R63 respectively, the other end of the fuse F2 is connected with one end of the capacitor C58 and a 1.2V voltage output end VDD1.2V of the power module respectively, and a ground end GND of the voltage stabilizing chip U11, the other end of the resistor R63, the other end of the capacitor C58 and the other end of the capacitor C57 are grounded.
Fig. 13 is a schematic circuit diagram of a USB interface circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 13, the USB interface circuit includes: MICRO _ USB interface chip U10, USB switching chip U12, USB interface chip U13;
a pin GND-1 of the MICRO _ USB interface chip U10 is grounded, a pin 5V of the MICRO _ USB interface chip U10 is respectively connected with one end of a capacitor C52 and an external 5V power output end VCC5V, the other end of the capacitor C52 is grounded, a pin UD-and a pin UD + of the MICRO _ USB interface chip U10 are respectively connected with a pin UD-and a pin UD + of a USB adapter chip U12, and a pin GND-2 of the MICRO _ USB interface chip U10 is connected with a pin GND of the MICRO _ USB interface chip U10 and then grounded;
a pin GND of the USB switching chip U12 is grounded, a pin TXD and a pin RXD of the USB switching chip U12 are respectively connected with a pin MAC _ RXC and a pin MAC _ CRS of a CPU main control chip U111, a pin V3 of the USB switching chip U12 is respectively connected with one end of a capacitor C60 and a 3V voltage output end VDD3V3 of the power module, a pin VCC of the USB switching chip U12 is respectively connected with one ends of the 3V voltage output end VDD3V3 and the capacitor C59 of the power module, and the other end of the capacitor C59 is grounded; a pin XI of the USB switching chip U12 is respectively connected with one end of a pin 1 of a crystal oscillator Y4 and one end of a capacitor C63, a pin X0 of the USB switching chip U12 is respectively connected with one end of a pin 3 of a crystal oscillator Y4 and one end of a capacitor C64, and the other end of the capacitor C63 is connected with the other end of the capacitor C64 and then grounded;
a pin D + of the USB interface chip U13 is connected with a resistor R66 in series and then connected with a pin USB _ DP of the CPU main control chip U111 and one end of a resistor R66, a pin D-of the USB interface chip U13 is connected with a resistor R67 in series and then connected with a pin USB _ DM of the CPU main control chip U111 and one end of a resistor R68, and the other end of the resistor R66 and the other end of the resistor R67 are both grounded;
a pin VCC of the USB interface chip U13 is respectively connected with one end of an external 5V power output terminal VCC5V and one end of a capacitor C52, and the other end of the capacitor C52 is grounded; the pin GND of the USB interface chip U13 is grounded, the pin M2 of the USB interface chip U13 is grounded after being connected with the pin M4 of the USB interface chip U13, and the pin M1 of the USB interface chip U13 is grounded after being connected with the pin M3 of the USB interface chip U13.
Fig. 14 is a schematic circuit diagram of an RPIGPIO interface circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 14, the RPIGPIO interface circuit includes: a terminal J3, a pin 1 of the terminal J3 is connected to a pin 17 of the terminal J3, one end of a 3V voltage output terminal VDD3V3 of the power module, and one end of a capacitor C54, the other end of the capacitor C54 is grounded, a pin 3 of the terminal J3 is connected to one end of a pin I2C _ SDA0 and one end of a resistor R60 of the CPU main control chip U111, the other end of the resistor R60 is connected to one end of a resistor R61 and one end of a resistor R62, the other end of the resistor R61 is connected to a pin I2C _ SDL0 and a pin 5 of the terminal J3 of the CPU main control chip U111, the other end of the resistor R62 is connected to a PWM pin 1 and a pin 7 of the terminal J3 of the CPU main control chip U111, and a pin 9 of the terminal J3 is connected to a pin 25 and a pin 39 of the terminal J3 and then grounded; a pin 13 of the wiring terminal J3 is respectively connected with a pin I2S _ DO of the CPU main control chip U111 and one end of a resistor R59, and the other end of the resistor R59 is grounded;
pin 11, pin 15, pin 19, pin 21, pin 23, pin 27, pin 29, pin 31, pin 33, pin 35, and pin 37 of the terminal J3 are connected to pin I2S _ DI, pin I2S _ LRCK, pin SPIO _ MOSI, pin SPIO _ MIOS, pin SPIO _ CLK, pin CAMDATA6, pin CAMDATA4, pin CAMDATA3, pin CAMDATA1, pin CAM _ HSYNC, and pin CAM _ CLKOUT of the CPU main control chip U111, respectively;
a pin 2 of the connecting terminal J3 is respectively connected with a pin 4 of the connecting terminal J3, an external 5V power output terminal VCC5V and one end of a capacitor C55, and the other end of the capacitor C55 is grounded; the pin 6 of the connecting terminal J3 is connected with the pin 14, the pin 20, the pin 30 and the pin 34 of the connecting terminal J3 respectively and then grounded; the pin 8 and the pin 10 of the wiring terminal J3 are respectively connected with the pin 2 and the pin 3 of the debugging wiring terminal J2; the pin 12, the pin 16, the pin 18, the pin 22, the pin 24, the pin 26, the pin 28, the pin 32, the pin 36, the pin 38, and the pin 40 of the terminal J3 are respectively connected to the pin PWM0, the pin I2S _ BCLK, the pin I2S _ MCLK, the pin CAMDATA7, the pin SPIO _ CS1, the pin SPIO _ CS3, the pin CAMDATA5, the pin CAMDATA2, the pin CAMDATA0, the pin CAM _ VSYNC, and the pin CAM _ OCLKI of the CPU main control chip U111.
Fig. 15 is a schematic circuit diagram of an LCD interface circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 15, the LCD interface circuit includes: a pin 1 of the terminal J5 is connected to one end of a capacitor C66 and an external 5V power output terminal VCC5V, a pin 2 of the terminal J5 is connected to one end of a capacitor C67 and a 3V voltage output terminal VDD3V3 of the power module, and the other end of the capacitor C66 and the other end of the capacitor C67 are both grounded;
pin 3, pin 4, pin 5, pin 6, pin 7, pin 8, pin 9, pin 10, pin 11, pin 12, pin 13, pin 14, pin 15, pin 16, pin 17, pin 18, pin 19, pin 20, pin 21, and pin 22 of the connection terminal J5 are connected to pin LCD _ CLK, pin LCD _ HSYNC, pin LCD _ VSYNC, pin LCD _ EN, pin LCD _ DAT0, pin LCD _ DAT1, pin LCD _ DAT2, pin LCD _ DAT3, pin LCD _ DAT4, pin LCD _ DAT5, pin LCD _ DAT6, pin LCD _ DAT7, pin LCD _ DAT8, pin LCD _ DAT9, pin LCD _ DAT10, pin LCD _ DAT11, pin LCD _ DAT12, pin LCD _ DAT13, pin LCD _ DAT14, and pin LCD _ DAT15 of the CPU master chip U111, respectively; and the pin 23 of the connecting terminal J5 is connected with the pin 24 of the connecting terminal J5 and then grounded.
Fig. 16 is a schematic circuit diagram of a TF card interface circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 16, the TF card interface circuit includes: a pin M1 of the memory card U14 is connected with a pin M2, a pin M3, and a pin M4 of the memory card U14 and then grounded, a pin DAT3 of the memory card U14 is connected with a pin SPIO _ CS2 of the CPU main control chip U111, one end of a resistor R64, and a 3V voltage output terminal VDD3V3 of the power module respectively, the other end of the resistor R64 is grounded, and a 3V voltage output terminal VDD3V3 of the power module is connected in series with a capacitor C65 and then grounded;
a pin CMD of the memory card U14 is connected with a pin SPIO _ MOSI of the CPU main control chip U111, a pin VDD of the memory card U14 is connected with one end of a capacitor C61 and a 3V voltage output terminal VDD3V3 of the power module, a pin CLK and a pin DAT0 of the memory card U14 are connected with a pin SPIO _ CLK and a pin SPIO _ MISO of the CPU main control chip U111, a pin VSS of the memory card U14 is grounded, a pin Cd of the memory card U14 is connected with one ends of a pin CAMDATA6 and a resistor R69 of the CPU main control chip U111, and the other end of the resistor R69 is connected with a 3V voltage output terminal VDD3V3 of the power module.
Fig. 17 is a schematic circuit diagram of an ethernet interface circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 17, the ethernet interface circuit includes: an RJ45 connector U8, a data transceiver U6 with the model number DM 9161;
the terminal of the RJ45 connector U8 is characterized in that a pin TD +, a pin TD-, a pin RD + and a pin RD-are respectively connected with one end of a resistor R47, one end of a resistor R48, one end of a resistor R49 and one end of a resistor R50, the other end of a resistor R47 is respectively connected with the other end of a resistor R48 and one end of a capacitor C45, the other end of a resistor R49 is respectively connected with the other end of the resistor R50 and one end of a capacitor C46, and the other end of the capacitor C45 and the other end of the capacitor C46 are both grounded; pin 4 of the RJ45 connector U8 is connected to pin 5 of the RJ45 connector U8, one end of a capacitor C47, pin AVDD18 of the data transceiver U6, pin AVDD18_1 of the data transceiver U6, one end of a capacitor C26, pin AVDD18_2 of the data transceiver U6, and one end of a capacitor C31, respectively, and the other end of the capacitor C47, the other end of the capacitor C26, and the other end of the capacitor C31 are all grounded; pin LED (G) K, pin LED (G) A, pin LED (Y) K and pin LED (Y) A of the RJ45 connector U8 are respectively connected with one end of a resistor R55, one end of a resistor R54, one end of a resistor R53 and one end of a resistor R51, and the other end of the resistor R55 is connected with the other end of the resistor R54, the other end of the resistor R53 and the other end of the resistor R51 and then grounded; the pin GND of the RJ45 connector U8 is connected with the pin GND1 of the RJ45 connector U8 and then is grounded;
the pins RX +, RX-, TX +, TX-, LED0 and LED2 of the data transceiver U6 are respectively connected with the pins TD +, TD-, RD +, RD-, LED (G) A and LED (Y) K of the RJ45 connector U8;
a pin LED1 of the data transceiver U6 is connected with a capacitor C30 in series and then is connected with a 3V voltage output end VDD3V3 of the power module, and a pin CABLETS of the data transceiver U6 is connected with a capacitor C34 in series and then is connected with a 3V voltage output end VDD3V3 of the power module; a pin DGND of the data transceiver U6 is connected to one end of a resistor R28 and then grounded, the other end of the resistor R28 is connected to a pin TXER of the data transceiver U6, a pin TXCLK of the data transceiver U6 is connected to one end of a resistor R35, the other end of the resistor R35 is connected to one end of a capacitor C38 and then grounded, and the other end of the capacitor C38 is connected to a pin DVDD3V of the data transceiver U6;
the pin TXD1, the pin TXD0, the pin TXEN and the pin MDC of the data transceiver U6 are respectively connected with the pin MAC _ TXD1, the pin MAC _ TXD0, the pin MAC _ TXEN and the pin MAC _ MDC of the CPU main control chip U111;
the pin BGRES of the data transceiver U6 is connected with the resistor R13 in series and then grounded, and the pin BGRESG of the data transceiver U6 is connected with the pin AGND _2 of the data transceiver U6 and then grounded; the pin DGND _2 of the data transceiver U6 is grounded, the pin XT2 of the data transceiver U6 is respectively connected with the pin MAC _ TXC of the CPU main control chip U111 and the pin 3 of the crystal oscillator Y1, the pin 4 of the crystal oscillator Y1 is respectively connected with the 3V voltage output end VDD3V3 of the power supply module and one end of a capacitor C43, the other end of the capacitor C43 is grounded, and the pin 2 of the crystal oscillator Y1 is grounded;
a pin VDD33_2 of the data transceiver U6 is respectively connected with one end of a capacitor C28 and a 3V voltage output terminal VDD3V3 of the power module, the other end of the capacitor C28 is grounded, a pin RESET # of the data transceiver U6 is connected with one end of a resistor R2, the other end of the resistor R2 is connected with a pin RESET of a RESET chip U3 and a pin SYS _ RESET of a CPU main control chip U111, a pin MR of the RESET chip U3 is grounded after being connected in series with a switch SW1, a pin VCC of the RESET chip U3 is respectively connected with one ends of a 3V voltage output terminal VDD3V3 and a capacitor C3 of the power module, and the other end of the capacitor C3 is grounded;
a pin DISMDIX of the data transceiver U6 is connected with one end of a resistor R15, the other end of the resistor R15 is connected with one end of a resistor R16 and one end of a resistor R17 and then grounded, the other end of the resistor R16 is connected with a pin RXER of the data transceiver U6 and a pin MAC _ RXER of the CPU main control chip U111, and the other end of the resistor R18 is connected with a pin RXDV of the data transceiver U6 and a pin MAC _ RXDV of the CPU main control chip U111;
the pin COL of the data transceiver U6 is connected to one end of a resistor R25, the other end of the resistor R25 is connected to the 3V voltage output terminal VDD3V3 of the power module, one end of a resistor R26, one end of a resistor R27, one end of a resistor R29, one end of a resistor R33, and one end of a resistor R36, the other end of the resistor R26 is connected to the pin CRS of the data transceiver U6 and the pin MAC _ CRS of the CPU main control chip U111, the other end of the resistor R27 is connected to the pin RXCLK of the data transceiver U6, the other end of the resistor R63269 is connected to the pin intr # of the data transceiver U6, the other end of the resistor R33 is connected to the pin RXD0 of the data transceiver U6 and the pin MAC _ RXD0 of the CPU main control chip U111, the other end of the resistor R36 is connected to the pin RXD0 of the data transceiver U6, the pin of the CPU main control chip U6, the pin RXD 599, and the pin RXD 599 of the CPU main control chip U599, the pin LEDMODE of the data transceiver U6 is connected to one end of a 3V voltage output terminal VDD3V3 and one end of a capacitor C35 of the power module, respectively, the other end of the capacitor C35 is grounded, and the 3V voltage output terminal VDD3V3 of the power module is grounded after being connected in series with a capacitor C42.
Fig. 18 is a schematic circuit diagram of an SD-RAM storage circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, as shown in fig. 18, the SD-RAM storage circuit includes a random access memory U2, a pin VCC of the random access memory U2 is respectively connected to one end of a capacitor C1 and a 3V voltage output terminal VDD3V3 of a power module, a pin VCCQ of the random access memory U2 is respectively connected to one end of a capacitor C2 and the 3V voltage output terminal VDD3V3 of the power module, a pin VCCQ1 of the random access memory U2 is respectively connected to one end of a capacitor C14 and the 3V voltage output terminal VDD3V3 of the power module, a pin VCC1 of the random access memory U2 is respectively connected to one end of a capacitor C9 and the 3V voltage output terminal VDD3V3 of the power module, a pin VCC2 of the random access memory U2 is respectively connected to one end of a capacitor C20 and the 3V voltage output terminal VDD3 of the power module, a pin VCCQ3 of the random access memory U2 is connected to one end of a capacitor C13 and a 3V voltage output terminal VDD3V3 of the power module, a pin VCCQ2 of the random access memory U2 is connected to one end of a capacitor C6 and a 3V voltage output terminal VDD3V3 of the power module, and the other end of the capacitor C1, the other end of a capacitor C2, the other end of the capacitor C14, the other end of a capacitor C9, the other end of the capacitor C20, the other end of a capacitor C13 and the other end of a capacitor C6 are all grounded;
pin I/O2, pin DQM 2, pin WE, pin CAS, pin RAS, pin CS, pin BA 2, pin a2 are respectively connected with pin SD _ D2, pin SD _ D2, pin SD _ DQM 2, pin SD _ WE, pin _ CAS, pin _ RAS, pin SD _ CS, pin SD _2, pin SD _ D2, pin SD _ BA _2, pin a _2, pin DQM 2, pin SD _ a2, pin SD _ BA _ 2;
the pin I/O16, the pin I/O15, the pin I/O14, the pin I/O13, the pin I/O12, the pin I/O11, the pin I/O10, the pin I/O9, the pin DQM1, the pin CLK, the pin CKE, the pin a12, the pin a11, the pin a9, the pin a8, the pin a7, the pin a6, the pin A5, the pin A4 of the random access memory U2 are respectively connected with the pin SD _ D15, the pin SD _ D14, the pin SD _ D13, the pin SD _ D12, the pin SD _ D11, the pin SD _ D10, the pin SD _ D9, the pin SD _ D8, the pin SD _ DQM1, the pin SD _ CLK, the pin SD _ CKE, the pin _ a12, the pin SD _ a12, the pin 12 a 12;
the pin SD _ WE of the CPU main control chip U111 is connected with the resistor R6 in series and then is connected with the 3V voltage output end VDD3V3 of the power module, the other end of the resistor R6 is connected with one end of the resistor R8, one end of the resistor R10 and one end of the resistor R11 respectively, the other end of the resistor R8 is connected with the pin SD _ RAS of the CPU main control chip U111, the other end of the resistor R10 is connected with the pin SD _ CAS of the PU main control chip U111, and the other end of the resistor R11 is connected with the pin SD _ CS of the CPU main control chip U111; and a 3V voltage output end VDD3V3 of the power supply module is connected with the capacitor C23 in series and then is grounded.
Fig. 19 is a circuit schematic diagram of a NANDFLASH storage circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 19, the NANDFLASH storage circuit includes: a memory U7, a pin R/B1 of the memory U7 is respectively connected to one end of a resistor R20 and a pin NAND _ RDY of the CPU main control chip U111, the other end of the resistor R20 is respectively connected to a 3V voltage output terminal VDD3V3 of the power module, one end of a resistor R22, one end of a resistor R24, one end of a resistor R30, one end of a resistor R31, one end of a resistor R32, and one end of a resistor R34, the other end of the resistor R22 is respectively connected to a pin NAND _ RD of the CPU main control chip U111 and a pin RE of the memory U7, the other end of the resistor R24 is respectively connected to a pin NAND _ CE of the CPU main control chip U111 and a pin CE1 of the memory U7, the other end of the resistor R30 is respectively connected to a pin NAND _ CLE of the CPU main control chip U111 and a pin CLE of the memory U7, and the other end of the resistor R31 is respectively connected to a pin ALE _ CE and an alu 7 of the CPU main control chip U111, the other end of the resistor R32 is respectively connected with a pin NAND _ WR of the CPU main control chip U111 and a pin WE of the memory U7, and the other end of the resistor R34 is respectively connected with a pin NAND _ WP of the CPU main control chip U111 and a pin WP of the memory U7;
a pin VCC of the memory U7 is respectively connected with a 3V voltage output end VDD3V3 of the power module and one end of a capacitor C32, and the other end of the capacitor C32 is grounded after being connected with a pin VSS of the memory U7;
a pin I/O7 of the memory U7 is respectively connected with a pin NAND _ D7 of a CPU main control chip U111 and one end of a resistor R17, and the other end of the resistor R17 is connected with a 3V voltage output end VDD3V3 of the power supply module; a pin I/O6 of the memory U7 is respectively connected with a pin NAND _ D6 of the CPU main control chip U111 and one end of a resistor R19, and the other end of the resistor R19 is grounded; a pin I/O5 of the memory U7 is respectively connected with a pin NAND _ D5 of the CPU main control chip U111 and one end of a resistor R21, and the other end of the resistor R21 is grounded; a pin I/O4 of the memory U7 is respectively connected with a pin NAND _ D4 of a CPU main control chip U111 and one end of a resistor R23, and the other end of the resistor R23 is connected with a 3V voltage output end VDD3V3 of the power supply module;
a pin VCC _1 of the memory U7 is connected with one end of a capacitor C32 and a 3V voltage output end VDD3V3 of the power supply module, and the other end of the capacitor C32 is grounded after being connected with a pin VSS of the memory U7;
the pin I/O3, the pin I/O2, the pin I/O1 and the pin I/O0 of the memory U7 are respectively connected with a pin NAND _ D3, a pin NAND _ D2, a pin NAND _ D1 and a pin NAND _ D0 of the CPU main control chip U111; and a 3V voltage output end VDD3V3 of the power supply module is connected with the capacitor C39 in series and then is grounded.
Fig. 20 is a schematic circuit diagram of an SPI-FLASH storage circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 20, the SPI-FLASH storage circuit includes: a pin CE, a pin SO, and a pin SCK of the memory U4 are respectively connected to a pin SPIO _ CS0, a pin SPIO _ MIS0, and a pin SPIO _ MOSI of the CPU main control chip U111, a pin VCC of the memory U4 is respectively connected to a 3V voltage output terminal VDD3V3 of the power module and one end of a capacitor C18, and the other end of the capacitor C18 is grounded; the pin HOLD, the pin SI, the pin SO, and the pin WP of the memory U4 are respectively connected to one end of a resistor R4, one end of a resistor R5, one end of a resistor R7, and one end of a resistor R9, the other end of the resistor R4 is respectively connected to the other end of a resistor R5, the other end of a resistor R7, the other end of a resistor R9, and a 3V voltage output terminal VDD3V3 of the power module, and the 3V voltage output terminal VDD3V3 of the power module is grounded after being connected in series with a capacitor C24.
Fig. 21 is a schematic circuit diagram of a crystal oscillator circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, as shown in fig. 21, the crystal oscillator circuit includes a crystal oscillator Y2 and a crystal oscillator Y3, a pin 1 of the crystal oscillator Y2 is respectively connected to one end of a capacitor C48, one end of a resistor R52, and a pin XTAL1 of a CPU main control chip U111, a pin 3 of the crystal oscillator Y2 is respectively connected to one end of a capacitor C49, the other end of the resistor R52, and the pin XTAL0 of the CPU main control chip U111, and the other end of the capacitor C48 is connected to the other end of the capacitor C49 and then grounded; one end of the crystal oscillator Y3 is connected with one end of a capacitor C58 and a pin RTC _ CLKI of the CPU main control chip U111, the other end of the crystal oscillator Y3 is connected with one end of a capacitor C56 and a pin RTC _ CLKO of the CPU main control chip U111, and the other end of the capacitor C58 is connected with the other end of the capacitor C56 and then grounded.
Fig. 22 is a schematic circuit diagram of an indicator light circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 22, the indicator light circuit includes a light emitting diode D4 and a light emitting diode D3, one end of the light emitting diode D4 is connected in series with a resistor R14 and then connected to a 3V voltage output terminal VDD3V3 of a power module, the other end of the light emitting diode D4 is connected to a pin GPIO _32 of a CPU main control chip U111, one end of the light emitting diode D3 is connected in series with a resistor R12 and then connected to a 3V voltage output terminal VDD3V3 of the power module, and the other end of the light emitting diode D3 is grounded.
Fig. 23 is a schematic circuit diagram of a battery circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, and as shown in fig. 23, the battery circuit includes a battery U5, one end of the battery U5 is grounded, the other end of the battery U5 is connected in series with a diode D2 and then connected to a negative electrode of the diode D1, one end of a capacitor C16, and a pin RTC _ BAT of the CPU main control chip U111, the other end of the capacitor C16 is grounded, an anode of the diode D1 is connected to a 3V voltage output terminal VDD3V3 of a power module and one end of a capacitor C15, and the other end of the capacitor C15 is grounded.
Fig. 24 is a schematic circuit diagram of a debug circuit in an internet of things terminal security protection system based on trusted computing according to an embodiment of the present invention, where the debug circuit includes a debug connection terminal J2 and a debug connection terminal J3, and a pin 1 ~ 6 of the debug connection terminal J2 is connected to a pin EJTAG _ RST, a pin EJTAG _ IDI, a pin EJTAG _ IDO, a pin EJTAG _ TMS, a pin EJTAG _ TCK, and a pin EJTAG _ SEL of a CPU main control chip U111, respectively;
a pin 4 of the debugging connecting terminal J2 is connected in series with the resistor R37 and then connected with one end of the resistor R38, one end of the resistor R39, one end of the resistor R40 and a 3V voltage output end VDD3V3 of the power module, the other end of the resistor R38 is connected with a pin 2 of the debugging connecting terminal J2, the other end of the resistor R39 is connected with a pin 3 of the debugging connecting terminal J2, and the other end of the resistor R40 is connected with a pin 5 of the debugging connecting terminal J2; a pin 6 of the debugging connection terminal J2 is connected to one end of a resistor R43 and one end of a resistor R44, the other end of the resistor R43 is grounded, the other end of the resistor R44 is connected to one end of a resistor R45 and a 3V voltage output end VDD3V3 of the power module, one end of a weather resistor R46 at the other end of the resistor R45 is connected to a pin 1 of the debugging connection terminal J2, and the other end of the resistor R46 is grounded;
the pin 1 ~ 2 of the debugging connecting terminal J3 is respectively connected with the 3V voltage output end VDD3V3 of the power module and the pin JTAG _ SEL of the CPU main control chip, and the pin 3 of the debugging connecting terminal J3 is grounded.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (9)

1. The utility model provides a thing networking terminal security protection system based on trusted computing which characterized in that: the method comprises the following steps:
the TCM trusted computing module (10) is arranged in a terminal hardware platform of the Internet of things and is used as a trusted root of the terminal of the Internet of things; wherein, the TCM root of trust contains: a credibility measurement root, a credibility storage root and a credibility report root;
the platform integrity measurement module (20) is used for carrying out platform integrity measurement on the terminal hardware platform of the Internet of things;
the platform integrity measurement module (20) comprises:
a reference value measurement module (201) for measuring each module of the platform in a trusted state of the platform, and taking the measurement result as a reference value of the measurement, wherein: the various modules of the platform include: the system comprises a trusted PMON, a Linux kernel and a core configuration file;
and the credibility measurement module (202) is used for sequentially measuring the files through the TCM credible roots, comparing the measurement values with the reference values, and if the comparison is consistent, the measurement is passed.
2. The system for securing the terminal of the internet of things based on the trusted computing as claimed in claim 1, wherein: further comprising:
a creation module (30) for creating a platform identity key; wherein: the platform identity key is generated by combining an endorsement key EK and a certificate authentication center, the endorsement key EK is stored in a trusted report root, and a public key certificate corresponding to the endorsement key EK is public;
and the identity authentication module (40) is used for authenticating the identity of the platform through the platform identity key.
3. The system for securing the terminal of the internet of things based on the trusted computing as claimed in claim 1, wherein: further comprising:
and the encryption module (50) is used for encrypting the information to be sent by the platform through the TCM trusted root.
4. The system for securing the terminal of the internet of things based on the trusted computing as claimed in claim 1, wherein: further comprising:
and the decryption module (60) is used for decrypting the information received by the platform through the TCM trusted root.
5. The system for securing the terminal of the internet of things based on the trusted computing as claimed in claim 1, wherein: the trusted metrics module (202) comprises:
the credible PMON measurement module (2021) is used for measuring the credible PMON, and the PMON is started when the measurement is passed;
the operating system measurement module (2022) is used for measuring the Linux kernel and the core configuration file, and the Linux system is started when the measurement is passed;
a trusted application measurement module (2023) for measuring the trusted application, and starting the trusted application program after the measurement is passed;
and the storage module (2024) is used for recording that the current platform state is trusted and storing the state into a trusted storage root of a TCM trusted root, wherein the trusted storage root is a PCR register.
6. The system for securing the terminal of the internet of things based on the trusted computing as claimed in claim 3, wherein: the encryption module (50) comprises:
sending the data to be encrypted and the authorization information of the storage key to the TCM trusted root;
the TCM trusted root stores a PCR value to be used in the decryption process;
the TCM trusted root encrypts data to be encrypted and encapsulates the data into data blocks;
and storing the encrypted data block in an external storage space.
7. The system for securing the terminal of the internet of things based on the trusted computing as claimed in claim 3, wherein: the decryption module (60) comprises:
the TCM trusted root receives the encrypted data block and the authorization information of the storage key;
the TCM trusted root decrypts the encrypted data block using the storage key, wherein: the decrypted data block contains a PCR value;
and checking whether the decrypted PCR value is the same as that of the current platform, if so, returning the decrypted data, and if not, returning failure.
8. The system for securing the terminal of the internet of things based on the trusted computing as claimed in claim 1, wherein: the TCM trusted computing module (10) comprises a chip with the model number Z32H 330.
9. The system for securing the terminal of the internet of things based on the trusted computing as claimed in claim 1, wherein: an SPI drive of a TCM trusted computing module (10) is arranged in an embedded hardware platform of the terminal of the Internet of things, and the TCM trusted computing module (10) is in communication connection with the terminal of the Internet of things through an SPI interface.
CN201910637627.0A 2019-07-15 2019-07-15 Internet of things terminal security protection system based on trusted computing Pending CN110601843A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910637627.0A CN110601843A (en) 2019-07-15 2019-07-15 Internet of things terminal security protection system based on trusted computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910637627.0A CN110601843A (en) 2019-07-15 2019-07-15 Internet of things terminal security protection system based on trusted computing

Publications (1)

Publication Number Publication Date
CN110601843A true CN110601843A (en) 2019-12-20

Family

ID=68852787

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910637627.0A Pending CN110601843A (en) 2019-07-15 2019-07-15 Internet of things terminal security protection system based on trusted computing

Country Status (1)

Country Link
CN (1) CN110601843A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111400223A (en) * 2020-03-20 2020-07-10 北京可信华泰信息技术有限公司 M.2 interface with trusted computing function
CN112099909A (en) * 2020-08-27 2020-12-18 海光信息技术有限公司 Virtual machine memory measurement method, device, processor chip and system
CN112163223A (en) * 2020-05-13 2021-01-01 山西百信信息技术有限公司 Data processing method and device of trusted security terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477602A (en) * 2009-02-10 2009-07-08 浪潮电子信息产业股份有限公司 Remote proving method in trusted computation environment
CN102207999A (en) * 2010-03-29 2011-10-05 国民技术股份有限公司 Data protection method based on trusted computing cryptography support platform
CN105227319A (en) * 2015-10-23 2016-01-06 浪潮电子信息产业股份有限公司 A kind of method of authentication server and device
CN106407816A (en) * 2016-11-15 2017-02-15 华胜信泰信息产业发展有限公司 Trusted measurement system, method and device based on BMC platform
EP3193485A1 (en) * 2016-01-18 2017-07-19 Huawei Technologies Co., Ltd. Device, server, system and method for data attestation
CN107133520A (en) * 2016-02-26 2017-09-05 华为技术有限公司 The credible measurement method and apparatus of cloud computing platform

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101477602A (en) * 2009-02-10 2009-07-08 浪潮电子信息产业股份有限公司 Remote proving method in trusted computation environment
CN102207999A (en) * 2010-03-29 2011-10-05 国民技术股份有限公司 Data protection method based on trusted computing cryptography support platform
CN105227319A (en) * 2015-10-23 2016-01-06 浪潮电子信息产业股份有限公司 A kind of method of authentication server and device
EP3193485A1 (en) * 2016-01-18 2017-07-19 Huawei Technologies Co., Ltd. Device, server, system and method for data attestation
CN107133520A (en) * 2016-02-26 2017-09-05 华为技术有限公司 The credible measurement method and apparatus of cloud computing platform
CN106407816A (en) * 2016-11-15 2017-02-15 华胜信泰信息产业发展有限公司 Trusted measurement system, method and device based on BMC platform

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111400223A (en) * 2020-03-20 2020-07-10 北京可信华泰信息技术有限公司 M.2 interface with trusted computing function
CN112163223A (en) * 2020-05-13 2021-01-01 山西百信信息技术有限公司 Data processing method and device of trusted security terminal
CN112099909A (en) * 2020-08-27 2020-12-18 海光信息技术有限公司 Virtual machine memory measurement method, device, processor chip and system
CN112099909B (en) * 2020-08-27 2021-06-11 海光信息技术股份有限公司 Virtual machine memory measurement method, device, processor chip and system

Similar Documents

Publication Publication Date Title
CN110601843A (en) Internet of things terminal security protection system based on trusted computing
US9158939B2 (en) Security chip, program, information processing apparatus, and information processing system
CN105099711B (en) A kind of small cipher machine and data ciphering method based on ZYNQ
US11171774B2 (en) System for synchronizing a cryptographic key state through a blockchain
CN201054140Y (en) Information security control chip
CN109993008A (en) Method and arrangement for implicit integrality
CN104252881A (en) Semiconductor integrated circuit and system
CN106063182A (en) Electronic signing methods, systems and apparatus
TW200945211A (en) RFID tag, operating method of RFID tag, and operating method between RFID tag and RFID reader
CN105117658B (en) A kind of cryptosecurity management method and equipment based on finger print identifying
CN103927462B (en) The remote calibration method of real-time time in software protecting equipment
US10897705B2 (en) Secure communication between a contact lens and an accessory device
WO2020199028A1 (en) Security chip, security processing method and related device
US11921645B2 (en) Securing data direct I/O for a secure accelerator interface
US20230281604A1 (en) Technologies for creating and transferring non-fungible token based identities
CN102737270A (en) Security co-processor of bank smart card chip based on domestic algorithms
CN114357492A (en) Medical data privacy fusion method and device based on block chain
US20130002398A1 (en) Apparatus, System, and Method for Providing Attribute Identity Control Associated with a Processor
CN205232389U (en) Frequency encoding and decoding SOC chip is looked to safe sound
CN204948361U (en) A kind of information safety protection terminal
Cui et al. Power system real time data encryption system based on DES algorithm
CN109598132A (en) Electric energy meter and its date storage method
CN203232424U (en) Universal serial bus (USB) external device
US9053325B2 (en) Decryption key management system
CN210119690U (en) Internet of things terminal security protection circuit based on trusted computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191220