CN114282224A - Two-way rack-mounted server based on trusted architecture - Google Patents
Two-way rack-mounted server based on trusted architecture Download PDFInfo
- Publication number
- CN114282224A CN114282224A CN202111594368.1A CN202111594368A CN114282224A CN 114282224 A CN114282224 A CN 114282224A CN 202111594368 A CN202111594368 A CN 202111594368A CN 114282224 A CN114282224 A CN 114282224A
- Authority
- CN
- China
- Prior art keywords
- trusted
- terminal
- processor
- data
- management module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention relates to a two-way rack server based on a trusted architecture, which comprises a first processor and a second processor, wherein the first processor and the second processor are respectively arranged on a mainboard; a trusted framework is arranged in the two-way rack-mounted server, and a trusted management module and a trusted storage module are arranged in the trusted framework. According to the invention, the double processors and the double databases are arranged to separate the data of common grades from the key data, when the equipment terminal requests to access, the credibility scoring is carried out through the terminal, different access authorities are given to the equipment terminal requesting to access according to different scoring grades, so that when personnel apply for the terminal to access the server, not only can key resources be protected, and data loss caused by unsafe environment be prevented, but also the server access requirements of the staff can be met, and enterprise data can be conveniently called.
Description
Technical Field
The invention relates to the technical field of servers, in particular to a two-way rack-mounted server based on a trusted architecture.
Background
A server is one of computers that runs faster, is more heavily loaded, and is more expensive than a regular computer. The server provides calculation or application services for other clients (such as terminals like PC, smart phone, ATM and the like and even large equipment like train systems and the like) in the network. The server has high-speed CPU computing capability, long-time reliable operation, strong I/O external data throughput capability and better expansibility.
In order to accelerate the working efficiency, more and more enterprises begin to build enterprise-level servers, enterprise staff can perform data interaction and data operation through the access server, the enterprise server is often connected with a database in the enterprise, the database contains business secrets of the enterprise, research and development progress and other information, so the environment where the terminal is located needs to be judged when the server is accessed, access is forbidden for the terminal which does not meet the access requirement, however, the enterprise staff often need to log in the enterprise server outside, the work efficiency is often influenced by directly forbidding the terminal access, and the risk of revealing the secret of the enterprise is caused by falsely allowing the terminal access.
Disclosure of Invention
Therefore, the invention provides a two-way rack server based on a trusted architecture, which is used for overcoming the problems that in the prior art, when external enterprise personnel access an internal server of a company, the work efficiency is often influenced by directly forbidding terminal access, and the risk of secret leakage of the enterprise exists when access is allowed.
To achieve the above object, the present invention provides a two-way rack server based on trusted architecture, comprising,
a machine shell, a first cover plate and a second cover plate,
a main board disposed inside the main board;
the processor group comprises a first processor and a second processor, the first processor and the second processor are respectively arranged on the mainboard, the first processor can work independently and can also work together with the second processor, and different processors are connected with different databases;
the storage module is arranged on the mainboard and is respectively connected with the first processor and the second processor;
a trusted framework is arranged in the two-way rack-mounted server, and a trusted management module and a trusted storage module are arranged in the trusted framework;
a trusted framework is arranged in the two-way rack-mounted server, and a trusted management module and a trusted storage module are arranged in the trusted framework; when the server receives an access request of a terminal X, the credibility framework carries out credibility authentication on the terminal X, the processors of corresponding grades are started for credibility of different grades, and database data connected with the started processors are called.
Furthermore, a trusted address collection Z0 and Z0(Z1, Z2, … zn) are stored in the trusted storage module, Z1 is a first preset trusted address, Z2 is a second preset trusted address, … zn is an nth preset trusted address, n is a positive integer, the trusted management module acquires an address code zx of the terminal X, the trusted management module compares zx with addresses in the trusted address collection Z0,
when the stored address z i is the same as the address code zx, the trusted management module records that the address score of the terminal X is Fz1, i is 1,2, … n;
when the same address as the address code zx does not exist in Z0, the trusted management module records the address score of terminal X as Fz 2.
Further, a first preset network type W1, a second preset network type W2 are arranged in the trusted management module,
the trusted management module acquires the network type of the environment where the terminal X is located, analyzes the network type,
when the type of the environment network where the terminal X is located is a first type network W1, the trusted management module records that the network score of the terminal X is Fw 1;
when the type of the environment network in which the terminal X is located is the second type network W2, the trusted management module records the network score Fw2 of the terminal X.
Furthermore, a first preset data processing level evaluation score F1, a second preset data processing level evaluation score F2, a first data interaction level and a second data interaction level are arranged in the trusted management module;
the credibility management module calculates credibility scores F of the terminal X, wherein F is Fzj + Fwk, j is 1,2, and k is 1, 2;
the credible management module compares the calculated score F with a first preset data processing level evaluation score F1 and a second preset data processing level evaluation score F2,
when F is less than F1, the trusted management module judges that the terminal X is not suitable for data access;
when F1 is larger than F and is not larger than F2, the trusted management module judges that the terminal X meets the requirement of a first data interaction level;
and when F is more than F2, the trusted management module judges that the terminal X meets the requirement of the second data interaction level.
Furthermore, the first processor is connected with a first database, and the second processor is respectively connected with the first database and a second database;
the first data interaction level refers to that only the first processor can be operated and only data information in a first database can be called;
the second data interaction level refers to the condition that the first processor and the second processor can be operated simultaneously, and data information in the first database and the second database is called.
When the terminal X meets the requirement of a second data interaction level, the data interaction level can be selected, only the first processor is selected to operate and only the data information in the first database can be retrieved, or the first processor and the second processor are selected to operate simultaneously and the data information in the first database and the second database can be retrieved;
and after the terminal X is determined to be capable of performing data interaction, performing personnel login verification, and after the personnel login succeeds, performing data interaction grade selection on the terminal X meeting the requirement of the second data interaction grade.
Further, when the terminal X only operates the first processor and can only call data information in the first database, data interaction traceability is conducted on the interacted data, and when the interacted data need to call the data information in the second database, the trusted management module judges the processing direction according to the data interaction level met by the terminal X.
Further, when the terminal X meets the requirement of the first data interaction level, the trusted management module stores the calling requirement, sends the requirement to an administrator, and allows information to be called once after the administrator approves the requirement.
Further, when the terminal X meets the requirement of a second data interaction level, the trusted management module temporarily starts the second processor to call the data information in the second database, and after the call is completed, the trusted management module disconnects the connection relationship between the second processor and the terminal X.
Further, when the first processor and the second processor are operated simultaneously and data information in the first database and the second database is called, the second processor can assist the first processor to perform data operation on data in the first database, and the data interaction speed between the terminal X and the first database is increased.
Compared with the prior art, the method has the advantages that the double processors and the double databases are arranged to separate the data of common levels from the key data, when the equipment terminal requests to access, the credibility scoring is carried out through the terminal, different access authorities are given to the equipment terminal requesting to access according to different scoring levels, so that when personnel apply for the terminal to access the server, key resources can be protected, data loss caused by unsafe environment can be prevented, the server access requirements of the personnel can be met, and the enterprise data can be conveniently called.
Furthermore, a trusted address collection Z0 is stored in the trusted storage module, the trusted management module acquires an address code zx of the terminal X, and the trusted management module compares zx with an address in the trusted address collection Z0; when the codes of the equipment are not in the credible address set, the server does not authenticate the terminal X in the earlier stage, a lower trust score is given to the terminal X at the moment, and the score of the terminal X is judged according to whether the terminal X is authenticated or not, so that the credibility score of the terminal is more accurate.
Furthermore, a first preset network type W1 and a second preset network type W2 are arranged in the trusted management module, the trusted management module acquires the network type of the environment where the terminal X is located and analyzes the network type, the first type of network is a local area network approved by a server, the second type of network is a common wide area network, and the terminal X is scored and judged according to the network type, so that the credibility scoring of the terminal is more accurate.
Further, a first preset data processing level evaluation score F1, a second preset data processing level evaluation score F2, a first data interaction level and a second data interaction level are arranged in the trusted management module, the trusted management module calculates a trusted score F of the terminal X, the trusted management module compares the calculated score F with the first preset data processing level evaluation score F1 and the second preset data processing level evaluation score F2, when the trusted score is too low, the environment where the terminal X is located is severe and has a risk of data loss, so that the access of the terminal X is rejected, when the score is medium and the like, the environment where the terminal X is located meets the minimum requirement of server access, but a certain risk of data loss is considered, so that only the terminal X is allowed to access a part of the database, and only when the trusted score is high enough, the terminal X is allowed to access all data, the credibility scoring is carried out through the terminal, different access authorities are given to the equipment terminal requesting access according to different scoring levels, so that when personnel apply for the terminal to access the server outside, key resources can be protected, data loss caused by unsafe environment can be prevented, the server access requirements of the personnel can be met, and enterprise data can be conveniently called.
Furthermore, the first processor is connected with a first database, and the second processor is respectively connected with the first database and a second database; the first data interaction level refers to that only the first processor can be operated and only data information in a first database can be called; the second data interaction level refers to the condition that the first processor and the second processor can be operated simultaneously, and data information in the first database and the second database is called. When the first processor and the second processor are operated simultaneously and data information in the first database and the second database is called, the second processor can assist the first processor to perform data operation on data in the first database, and the data interaction speed between the terminal X and the first database is increased. Through setting up dual processor, dual database separates the data of ordinary grade and key data, when equipment terminal request access, carries out credibility score through the terminal, gives different access authorities to the equipment terminal that requests access to different grade of grading, simultaneously, the quantity that ordinary data occupied in the enterprise will be unnecessary key data, consequently, when the second treater inserts, it can enough handle data information in the second database, can assist first treater to handle again the data of first database, reasonable planning calculation power for data processing is more rapid.
Furthermore, the terminal which meets the high-level data interaction condition can be selected to reduce one level for data interaction, and the terminal which meets the requirement of the second data interaction level can be set to only carry out data interaction of the first data interaction level, so that the terminal is prevented from accessing data information in the second database, the confidentiality is enhanced, and the loss of key data is prevented.
Further, when the terminal X only carries out data interaction at a first data interaction level but needs to transfer data information of a second database, the processing direction is judged according to the data interaction level met by the terminal X, when the terminal X meets the requirement of the second data interaction level, the trusted management module temporarily starts the second processor to transfer the data information in the second database, after the data information is transferred, the trusted management module disconnects the connection relation between the second processor and the terminal X, when the terminal X meets the requirement of the first data interaction level, the trusted management module stores the transfer requirement and sends the requirement to an administrator, and when the administrator approves, the information transfer is allowed once, so that the loss of key data is further prevented.
Drawings
FIG. 1 is a schematic structural diagram of a two-way rack server based on a trusted architecture according to the present invention;
fig. 2 is a flowchart of determining a terminal connection database according to the present invention.
Detailed Description
In order that the objects and advantages of the invention will be more clearly understood, the invention is further described below with reference to examples; it should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Preferred embodiments of the present invention are described below with reference to the accompanying drawings. It should be understood by those skilled in the art that these embodiments are only for explaining the technical principle of the present invention, and do not limit the scope of the present invention.
It should be noted that in the description of the present invention, the terms of direction or positional relationship indicated by the terms "upper", "lower", "left", "right", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, which are only for convenience of description, and do not indicate or imply that the device or element must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present invention.
Furthermore, it should be noted that, in the description of the present invention, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.
Fig. 1 is a schematic structural diagram of a two-way rack server based on a trusted architecture according to the present invention;
the invention discloses a two-way rack server based on a trusted architecture, which comprises,
a machine shell, a first cover plate and a second cover plate,
a main board 1 disposed inside the main board;
the processor group comprises a first processor 2 and a second processor 3, wherein the first processor 2 and the second processor 3 are respectively arranged on the mainboard 1, the first processor 2 can work independently and can also work together with the second processor 3, and different processors are connected with different databases;
a storage module 4 disposed on the motherboard 1 and connected to the first processor 2 and the second processor 3, respectively;
a trusted framework is arranged in the two-way rack-mounted server, and a trusted management module and a trusted storage module are arranged in the trusted framework; when the server receives an access request of a terminal X, the credibility framework carries out credibility authentication on the terminal X, the processors of corresponding grades are started for credibility of different grades, and database data connected with the started processors are called.
According to the invention, the double processors and the double databases are arranged to separate the data of common grades from the key data, when the equipment terminal requests to access, the credibility scoring is carried out through the terminal, different access authorities are given to the equipment terminal requesting to access according to different scoring grades, so that when personnel apply for the terminal to access the server, not only can key resources be protected, and data loss caused by unsafe environment be prevented, but also the server access requirements of the staff can be met, and enterprise data can be conveniently called.
Referring to fig. 2, fig. 2 is a flowchart illustrating a method for determining a terminal connection database according to the present invention.
Specifically, a trusted address collection Z0, Z0(Z1, Z2, … zn) is stored in the trusted storage module, Z1 is a first preset trusted address, Z2 is a second preset trusted address, … zn is an nth preset trusted address, n is a positive integer, the trusted management module acquires an address code zx of the terminal X, the trusted management module compares zx with addresses in the trusted address collection Z0,
when the stored address z i is the same as the address code zx, the trusted management module records that the address score of the terminal X is Fz1, i is 1,2, … n;
when the same address as the address code zx does not exist in Z0, the trusted management module records the address score of terminal X as Fz 2.
The trusted address is the equipment code of the remote terminal, when the equipment code is in a trusted address set, the server is indicated to authenticate the terminal X in the early stage, and a higher trust score is given to the terminal X at the moment; when the codes of the equipment are not in the credible address set, the server does not authenticate the terminal X in the earlier stage, a lower trust score is given to the terminal X at the moment, and the score of the terminal X is judged according to whether the terminal X is authenticated or not, so that the credibility score of the terminal is more accurate.
Specifically, a first preset network type W1, a second preset network type W2 are arranged in the trusted management module,
the trusted management module acquires the network type of the environment where the terminal X is located, analyzes the network type,
when the type of the environment network where the terminal X is located is a first type network W1, the trusted management module records that the network score of the terminal X is Fw 1;
when the type of the environment network in which the terminal X is located is the second type network W2, the trusted management module records the network score Fw2 of the terminal X.
In the invention, the first type of network is a local area network approved by the server, the second type of network is a common wide area network, and the terminal X is scored and judged according to the network type, so that the credibility score of the terminal is more accurate.
Specifically, a first preset data processing level evaluation score F1, a second preset data processing level evaluation score F2, a first data interaction level and a second data interaction level are arranged in the trusted management module;
the credibility management module calculates credibility scores F of the terminal X, wherein F is Fzj + Fwk, j is 1,2, and k is 1, 2;
the credible management module compares the calculated score F with a first preset data processing level evaluation score F1 and a second preset data processing level evaluation score F2,
when F is less than F1, the trusted management module judges that the terminal X is not suitable for data access;
when F1 is larger than F and is not larger than F2, the trusted management module judges that the terminal X meets the requirement of a first data interaction level;
and when F is more than F2, the trusted management module judges that the terminal X meets the requirement of the second data interaction level.
When the credibility score is too low, the situation that the environment where the terminal X is located is severe and risks of data loss exist, access of the terminal X is refused, when the score is medium and the like, the situation that the environment where the terminal X is located meets the lowest requirement of server access is shown, but certain risks of data loss are considered, only the terminal X is allowed to access a part of database, only when the credibility score is high enough, the terminal X is allowed to access all data, credibility score is carried out through the terminal, different access authorities are given to equipment terminals requesting access according to different score grades, when personnel apply for the terminal to access the server outside, key resources can be protected, data loss caused by unsafe environment can be prevented, server access requirements of staff can be met, and enterprise data can be conveniently retrieved.
Specifically, the first processor is connected with a first database, and the second processor is respectively connected with the first database and a second database;
the first data interaction level refers to that only the first processor can be operated and only data information in a first database can be called;
the second data interaction level refers to the condition that the first processor and the second processor can be operated simultaneously, and data information in the first database and the second database is called.
Through setting up dual processor, dual database separates the data of ordinary grade and key data, when equipment terminal request access, carries out credibility score through the terminal, gives different access authorities to the equipment terminal that requests access to different grade of grading, simultaneously, the quantity that ordinary data occupied in the enterprise will be unnecessary key data, consequently, when the second treater inserts, it can enough handle data information in the second database, can assist first treater to handle again the data of first database, reasonable planning calculation power for data processing is more rapid.
Specifically, when the terminal X meets the requirement of the second data interaction level, the data interaction level selection can be performed, and only the first processor is selected to operate and only the data information in the first database is selected, or the first processor and the second processor are selected to operate simultaneously and the data information in the first database and the second database is selected;
and after the terminal X is determined to be capable of performing data interaction, performing personnel login verification, and after the personnel login succeeds, performing data interaction grade selection on the terminal X meeting the requirement of the second data interaction grade.
The terminal which meets the high-level data interaction condition can be selected to reduce one level for data interaction, the terminal which meets the requirement of the second data interaction level can be set to only carry out data interaction of the first data interaction level, so that the terminal is prevented from accessing data information in the second database, the confidentiality is enhanced, and the loss of key data is prevented.
Specifically, when the terminal X only operates the first processor and can only retrieve data information in the first database, the data interaction tracing is performed on the interacted data, and when the interacted data needs to retrieve the data information in the second database, the trusted management module determines the processing direction according to the data interaction level that the terminal X conforms to.
Specifically, when the terminal X meets the first data interaction level requirement, the trusted management module stores the retrieval requirement, sends the requirement to the administrator, and allows information retrieval once after the administrator approves the requirement.
Specifically, when the terminal X meets the requirement of the second data interaction level, the trusted management module temporarily starts the second processor, retrieves the data information in the second database, and after retrieval, the trusted management module disconnects the connection relationship between the second processor and the terminal X.
When the terminal X only carries out data interaction at a first data interaction level but needs to transfer data information of a second database, the processing direction is judged according to the data interaction level met by the terminal X, when the terminal X meets the requirement of the second data interaction level, the trusted management module temporarily starts the second processor to transfer the data information in the second database, after the transfer is completed, the trusted management module disconnects the connection relation between the second processor and the terminal X, when the terminal X meets the requirement of the first data interaction level, the trusted management module stores the transfer requirement and sends the requirement to an administrator, and after the administrator approves the data exchange, the information transfer is allowed once, so that the loss of key data is further prevented.
Specifically, when the first processor and the second processor are operated simultaneously and data information in the first database and the second database is called, the second processor can assist the first processor in performing data operation on data in the first database, so that the data interaction speed between the terminal X and the first database is increased.
Before the system of the server butt joint is started, the TPCM measures codes, configuration and environment of each starting stage of the computing node, namely the starting measurement is carried out before the starting. The main process is as follows:
1) the TPCM controls the power supply of the CPU of the computing node when the system is started. The TPCM measures the BIOS.
2) If the BIOS measurement is in accordance with the expectation, the TPCM powers on the CPU of the computing node, and the CPU of the computing node is loaded and executed
BIOS code. The BIOS metric is not as expected, and the TPCM may or may not allow the compute node CPU to power up depending on the policy.
3) Before the BIOS code executes any third-party driver code, a TSB agent inserted in the BIOS code intercepts the behavior and informs the TPCM to measure the third-party driver code. And the BIOS determines whether to continue starting the system or not according to the measurement control result.
4) Before the BIOS code executes BootLoader (such as GRUB) code, a TSB agent program inserted in the BIOS code intercepts behaviors and informs a TPCM to measure the BootLoader.
5) The TPCM measures BootLoader according to the parameters.
6) The TPCM determines whether to allow the BIOS to load the BootLoader according to the strategy and the measurement result. And returns the results to the agent in the BIOS. In the event of a metric failure, the TPCM may or may not allow BootLoader to be executed.
7) And the TSB agent program in the BIOS determines whether to execute BootLoader according to the returned result.
8) Before the BootLoader code executes the kernel of the operating system, a TSB agent program inserted into the BootLoader intercepts behaviors. The TPCM is notified to perform metrics on the operating system kernel and the OS boot environment.
9) The TPCM measures the operating system kernel and OS boot environment according to the parameters.
10) And the TPCM determines whether to allow the BootLoader to execute the kernel of the operating system according to the strategy and the measurement result. And returns the result to the agent in BootLoader. In the event of a metric failure, the TPCM may or may not allow the operating system kernel to execute.
11) A similar BootLoader may further check in itramfs, operating system boot script (/ etc/rc), and programs through the TPCM. The metrics of the boot script and program are further refined later.
12) And the TSB agent program in the BootLoader determines whether to execute the kernel of the operating system according to the return result.
A start metric interface to send a start metric request to the TPCM by a metric agent (BIOS/GRUB/UBOOT); and the TPCM actively acquires the measured data calculation metric value after receiving the request, compares the metric value with the measurement reference value, records the measurement state and returns the measurement result and the control code. Refer to table 1.
TABLE 1
The measurement phase sent in BIOS is now specified as 1000-. The measurement phase sent in GRUB is 2000-2999, and is sequentially increased.
In some special scenarios a simplified version of the start-up metrology interface is used, see table 2.
TABLE 2
The request and return are encapsulated in a format, and the communication mechanism will transmit these encapsulated request messages and response messages, the request message format referring to table 3 and the response message format referring to table 4,. B represents bytes.
TABLE 3
-identification: fixed value of 0xC1
-message length: request message length
-a command code: encoding of each message (starting metric fixed value 1001)
-inputting parameters: determined by each command
TABLE 4
-identification: fixed value of 0xC1
-message length: response message length
-return code/output data: a return code of the message. The start-up metric output is simply this return code,
other interfaces may have more return data.
So far, the technical solutions of the present invention have been described in connection with the preferred embodiments shown in the drawings, but it is easily understood by those skilled in the art that the scope of the present invention is obviously not limited to these specific embodiments. Equivalent changes or substitutions of related technical features can be made by those skilled in the art without departing from the principle of the invention, and the technical scheme after the changes or substitutions can fall into the protection scope of the invention.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention; various modifications and alterations to this invention will become apparent to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (10)
1. A two-way rack-mounted server based on a trusted architecture is characterized by comprising,
a machine shell, a first cover plate and a second cover plate,
a main board disposed inside the main board;
the processor group comprises a first processor and a second processor, the first processor and the second processor are respectively arranged on the mainboard, the first processor can work independently and can also work together with the second processor, and different processors are connected with different databases;
the storage module is arranged on the mainboard and is respectively connected with the first processor and the second processor;
a trusted framework is arranged in the two-way rack-mounted server, and a trusted management module and a trusted storage module are arranged in the trusted framework; when the server receives an access request of a terminal X, the credibility framework carries out credibility authentication on the terminal X, the processors of corresponding grades are started for credibility of different grades, and database data connected with the started processors are called.
2. The two-way rack server based on trusted architecture as claimed in claim 1, wherein there are stored in the trusted storage module a set of trusted addresses Z0, Z0(Z1, Z2, … zn), Z1 is a first preset trusted address, Z2 is a second preset trusted address, … zn is an nth preset trusted address, n is a positive integer, the trusted management module obtains an address code zx of terminal X, the trusted management module compares zx with addresses in the set of trusted addresses Z0,
when the address zi and the address code zx are the same, the trusted management module records that the address score of the terminal X is Fz1, i is 1,2, … n;
when the same address as the address code zx does not exist in Z0, the trusted management module records the address score of terminal X as Fz 2.
3. The two-way rack server based on trusted architecture of claim 2, wherein a first preset network type W1, a second preset network type W2 are disposed in the trusted management module,
the trusted management module acquires the network type of the environment where the terminal X is located, analyzes the network type,
when the type of the environment network where the terminal X is located is a first type network W1, the trusted management module records that the network score of the terminal X is Fw 1;
when the type of the environment network in which the terminal X is located is the second type network W2, the trusted management module records the network score Fw2 of the terminal X.
4. The two-way rack-mounted server based on trusted architecture of claim 3, wherein a first preset data processing level evaluation score F1, a second preset data processing level evaluation score F2, a first data interaction level, and a second data interaction level are set in the trusted management module;
the credibility management module calculates credibility scores F of the terminal X, wherein F is Fzj + Fwk, j is 1,2, and k is 1, 2;
the credible management module compares the calculated score F with a first preset data processing level evaluation score F1 and a second preset data processing level evaluation score F2,
when F is less than F1, the trusted management module judges that the terminal X is not suitable for data access;
when F1 is larger than F and is not larger than F2, the trusted management module judges that the terminal X meets the requirement of a first data interaction level;
and when F is more than F2, the trusted management module judges that the terminal X meets the requirement of the second data interaction level.
5. The two-way rack server based on the trusted architecture of claim 4, wherein the first processor is connected to a first database, and the second processor is connected to the first database and a second database respectively;
the first data interaction level refers to that only the first processor can be operated and only data information in a first database can be called;
the second data interaction level refers to the condition that the first processor and the second processor can be operated simultaneously, and data information in the first database and the second database is called.
6. The two-way rack server based on the trusted architecture as claimed in claim 5, wherein when the terminal X meets the requirement of the second data interaction level, the selection of the data interaction level can be performed by only operating the first processor and only retrieving data information in the first database, or by simultaneously operating the first processor and the second processor and retrieving data information in the first database and the second database;
and after the terminal X is determined to be capable of performing data interaction, performing personnel login verification, and after the personnel login succeeds, performing data interaction grade selection on the terminal X meeting the requirement of the second data interaction grade.
7. The two-way rack server based on the trusted architecture as claimed in claim 6, wherein when terminal X only runs the first processor and can only retrieve data information in a first database, the trusted management module performs data interaction tracing on the interacted data, and when the interacted data needs to retrieve data information in the second database, the trusted management module determines the processing direction according to the data interaction level that terminal X conforms to.
8. The two-way rack server based on the trusted architecture as claimed in claim 7, wherein when the terminal X meets the first data interaction level requirement, the trusted management module stores the invocation requirement, sends the requirement to the administrator, and allows one-time information invocation after the administrator approves.
9. The two-way rack server based on the trusted architecture as claimed in claim 8, wherein when the terminal X meets the requirement of the second data interaction level, the trusted management module temporarily starts the second processor to retrieve the data information in the second database, and after retrieval, the trusted management module disconnects the second processor from the terminal X.
10. The two-way rack-mounted server based on the trusted architecture of claim 9, wherein when the first processor and the second processor are simultaneously operated and data information in the first database and the second database is called, the second processor is capable of assisting the first processor to perform data operation on data in the first database, so as to increase a data interaction speed between terminal X and the first database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111594368.1A CN114282224B (en) | 2021-12-23 | 2021-12-23 | Double-channel rack-mounted server based on trusted architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111594368.1A CN114282224B (en) | 2021-12-23 | 2021-12-23 | Double-channel rack-mounted server based on trusted architecture |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114282224A true CN114282224A (en) | 2022-04-05 |
| CN114282224B CN114282224B (en) | 2023-06-23 |
Family
ID=80875252
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111594368.1A Active CN114282224B (en) | 2021-12-23 | 2021-12-23 | Double-channel rack-mounted server based on trusted architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114282224B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115166646A (en) * | 2022-09-02 | 2022-10-11 | 深圳朗驰科技有限公司 | Radar identification control system based on credible system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103491072A (en) * | 2013-09-06 | 2014-01-01 | 北京信息控制研究所 | Boundary access control method based on double one-way separation gatekeepers |
| US20150341351A1 (en) * | 2012-11-26 | 2015-11-26 | Beijing Qihoo Technology Company Limited | Secure data processing method and system |
| US9240988B1 (en) * | 2013-09-27 | 2016-01-19 | Emc Corporation | Computer system employing dual-band authentication |
| CN107168829A (en) * | 2017-05-15 | 2017-09-15 | 郑州云海信息技术有限公司 | It is a kind of to ensure the method and system of the double BIOS secure and trusteds operations of server system |
| CN107480535A (en) * | 2017-08-18 | 2017-12-15 | 郑州云海信息技术有限公司 | The reliable hardware layer design method and device of a kind of two-way server |
| CN110061987A (en) * | 2019-04-19 | 2019-07-26 | 武汉大学 | A kind of access control method and device of based role and trusted end-user |
| CN111177692A (en) * | 2019-11-29 | 2020-05-19 | 云深互联(北京)科技有限公司 | Terminal credibility level evaluation method, device, equipment and storage medium |
-
2021
- 2021-12-23 CN CN202111594368.1A patent/CN114282224B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150341351A1 (en) * | 2012-11-26 | 2015-11-26 | Beijing Qihoo Technology Company Limited | Secure data processing method and system |
| CN103491072A (en) * | 2013-09-06 | 2014-01-01 | 北京信息控制研究所 | Boundary access control method based on double one-way separation gatekeepers |
| US9240988B1 (en) * | 2013-09-27 | 2016-01-19 | Emc Corporation | Computer system employing dual-band authentication |
| CN107168829A (en) * | 2017-05-15 | 2017-09-15 | 郑州云海信息技术有限公司 | It is a kind of to ensure the method and system of the double BIOS secure and trusteds operations of server system |
| CN107480535A (en) * | 2017-08-18 | 2017-12-15 | 郑州云海信息技术有限公司 | The reliable hardware layer design method and device of a kind of two-way server |
| CN110061987A (en) * | 2019-04-19 | 2019-07-26 | 武汉大学 | A kind of access control method and device of based role and trusted end-user |
| CN111177692A (en) * | 2019-11-29 | 2020-05-19 | 云深互联(北京)科技有限公司 | Terminal credibility level evaluation method, device, equipment and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115166646A (en) * | 2022-09-02 | 2022-10-11 | 深圳朗驰科技有限公司 | Radar identification control system based on credible system |
| CN115166646B (en) * | 2022-09-02 | 2022-11-11 | 深圳朗驰科技有限公司 | Radar identification control system based on credible system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114282224B (en) | 2023-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7996834B2 (en) | Virtual machine self-service restrictions | |
| CN111258725B (en) | Data processing method, device, equipment and medium based on block chain | |
| CN101937357B (en) | Virtual machine migration decision-making method, device and system | |
| US10244001B2 (en) | System, apparatus and method for access control list processing in a constrained environment | |
| US8713646B2 (en) | Controlling access to resources on a network | |
| EP2501100A1 (en) | Quarantine network system and quarantine client | |
| US9043872B2 (en) | Selective management controller authenticated access control to host mapped resources | |
| US20070106776A1 (en) | Information processing system and method of assigning information processing device | |
| WO2008094369A2 (en) | Cryptographic key containers on a usb token | |
| CN112866348B (en) | Database access method and device, computer equipment and storage medium | |
| CN111767269B (en) | Health detection method, device and equipment of database instance and storage medium | |
| CN113761552A (en) | Access control method, device, system, server and storage medium | |
| CN114282224A (en) | Two-way rack-mounted server based on trusted architecture | |
| CN114138590A (en) | Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment | |
| US20230342494A1 (en) | Data anonymization method and apparatus, and storage system | |
| CN111885184A (en) | Method and device for processing hot spot access keywords in high concurrency scene | |
| JP2002342144A (en) | File sharing system, program and file transferring method | |
| CN102916952A (en) | Discretionary access control method and system capable of supporting cross-platform unified management | |
| US20180069859A1 (en) | Mobile terminal and control method thereof | |
| US20090055840A1 (en) | Access right checking system, access right checking method, and access right checking program | |
| US20220255970A1 (en) | Deploying And Maintaining A Trust Store To Dynamically Manage Web Browser Extensions On End User Computing Devices | |
| US20220123920A1 (en) | Distributed key management system | |
| CN113468579A (en) | Data access method, device, equipment and storage medium | |
| KR20120018717A (en) | Method and apparatus for file transfer | |
| CN112182788B (en) | Resource allocation method based on virtual simulation test platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |