CN114817931A - Terminal security protection method, device, equipment and medium based on star trust chain - Google Patents

Terminal security protection method, device, equipment and medium based on star trust chain Download PDF

Info

Publication number
CN114817931A
CN114817931A CN202210436201.0A CN202210436201A CN114817931A CN 114817931 A CN114817931 A CN 114817931A CN 202210436201 A CN202210436201 A CN 202210436201A CN 114817931 A CN114817931 A CN 114817931A
Authority
CN
China
Prior art keywords
value
kernel
bits
algorithm
key information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210436201.0A
Other languages
Chinese (zh)
Inventor
朱朝阳
周亮
张晓娟
朱亚运
缪思薇
姜琳
蔺子卿
曹靖怡
王海翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
China Electric Power Research Institute Co Ltd CEPRI
Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, China Electric Power Research Institute Co Ltd CEPRI, Electric Power Research Institute of State Grid Fujian Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN202210436201.0A priority Critical patent/CN114817931A/en
Publication of CN114817931A publication Critical patent/CN114817931A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the field of embedded security, and discloses a terminal security protection method, a device, equipment and a medium based on a star trust chain; the method comprises the following steps: starting the embedded system, measuring the trusted root through a first algorithm in the trusted platform module, and obtaining a new PCR measurement value; comparing the decrypted standard value with the new PCR metric value: if the comparison is passed, continuing to start the kernel, and if the comparison is not passed, interrupting the starting process of the kernel; after the kernel is started, when the file system is loaded, measuring preset key information of the file system through a first algorithm in the trusted platform module to obtain a PCR value of new preset key information; and comparing the decrypted standard value of the preset key information with the PCR value of the new preset key information, if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel. The invention can greatly improve the security of the private key of the asymmetric cryptographic algorithm and has good application prospect.

Description

Terminal security protection method, device, equipment and medium based on star trust chain
Technical Field
The invention relates to the field of embedded security, in particular to a mobile terminal security protection method and system based on a star trust chain.
Background
The energy internet is formed by connecting hundreds of millions of devices, machines and systems of an energy production end, an energy transmission end and an energy consumption end, and the problems that an internet of things terminal is difficult to trust, the integrity of a large number of embedded terminals cannot be guaranteed and the like exist. At present, aiming at the security problem of a terminal embedded system, the existing solution is to introduce a trusted computing technology, and the main idea is to establish a trusted root and a trusted chain to ensure the completeness and security of the system. In a traditional trusted boot process, a Trusted Platform Module (TPM) provided by a Trusted Computing Group (TCG) is used to communicate with an embedded CPU. Taking the TPM as a trusted root, storing an initial expected metric value of a starting entity in the TPM, loading the entity into a memory during starting, and determining whether the starting process can be safely continued by comparing the consistency of the initial expected metric value and a current calculated value. However, because the TPM chip has low computational power and lacks active control capability, and the scheduling capability of the processor in the embedded system is often relatively weak, complex scheduling and allocation cannot be performed, and it is difficult to control the measurement and expansion process of the whole trust chain; in addition, the embedded device has strict cost control, and most of the embedded devices do not have a trusted platform module. Therefore, this type of method has great limitations for embedded systems.
Disclosure of Invention
The invention aims to provide a terminal security protection method, a terminal security protection device and a terminal security protection medium based on a star trust chain, so as to solve the technical problems. In the invention, the bootloader (uboot) is taken as a credible base on the premise of not changing the hardware architecture of the existing mobile terminal in consideration of huge quantity and remarkable reconstruction cost of the mobile terminal; taking a PUF (secure encryption key) realized based on an SRAM (static random access memory) as a trusted root key; SM3 and SM4 cryptographic algorithms realized based on FPGA are used as a credible measurement root of credible starting; the on-chip storage area is used as a trusted storage root of trusted start to comprehensively form the TPM module instead of directly using a commercialized TPM chip. The trusted starting process of the trusted mobile terminal of the star trust chain comprises the following steps: the bootstrap program loads an operating system; carrying out integrity measurement on important files of an operating system; comparing the integrity metric value with the encrypted and stored metric value, and starting an operating system if the integrity metric value is consistent with the encrypted and stored metric value; if not, the system start is aborted.
In order to solve the safety problem, the invention adopts the technical scheme that:
in a first aspect, the present invention provides a terminal security protection method based on a star trust chain, including:
the embedded system is started, and the credible root is measured through a first algorithm to obtain a new PCR measurement value; reading the encrypted standard value from the ROM, and decrypting by adopting a second algorithm by taking the secure encryption key as a kernel key; comparing the decrypted standard value with the new PCR metric value: if the comparison is passed, continuing to start the kernel, and if the comparison is not passed, interrupting the starting process of the kernel;
after the kernel is started, when a file system is loaded, measuring preset key information of the file system through a first algorithm to obtain a PCR value of new preset key information; reading a standard value of the encrypted preset key information from the ROM, and decrypting by using a second algorithm and taking the security encryption key as a kernel key; comparing the decrypted standard value of the preset key information with the PCR value of the new preset key information, if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel;
wherein the encrypted standard value and the secure encryption key are obtained from a component of the embedded system.
The invention further improves the following steps: the obtaining of the secure encryption key specifically comprises the steps of:
a registration stage: the embedded system reads the boot loader, loads the system program and initializes the peripheral hardware; the embedded system firstly reads a section of initial Value Seed-Value of a static random access memory with the size of k bits; generating n bits standard BCH code words by carrying out BCH coding on the initial Value Seed-Value of the static random access memory; the embedded system reads a section of initial Value Identified-Value of the static random access memory with the size of n bits; carrying out XOR processing on the n bits standard BCH code word and an initial Value Identified-Value of a static random access memory to generate n bits Data Helper-Data, encrypting the n bits Data Helper-Data and storing the n bits Data Helper-Data on a nonvolatile memory;
a verification stage: after the embedded system is powered on, reading an identification code NID with noise, which has the same address and the same length n bits as the initial Value of the Identified-Value of the static random access memory in the registration stage; reading n bits Data Helper-Data stored in the nonvolatile memory; performing exclusive or operation on the identification code NID with noise of n bits and n bits Data Helper-Data to obtain a BCH code with error of n bits; subjecting the BCH code with the error of n bits to BCH decoding operation, if the actual error is less than the designed error correction tolerance t, generating n-bit standard BCH code, and if the actual error is successful in system authentication, otherwise, failing to decode the BCH; if the decoding is successful, performing exclusive or operation on the n bits standard BCH code generated by decoding and n bits Data Helper-Data to recover the n bits initial Value Identified-Value used in the system registration stage; comparing the recovered n bits initial Value Identified-Value with the initial Value Identified-Value generated during system registration, and if the two are the same, successfully judging that the two are successful; after the verification stage is finished, starting normal operation of the system;
a hash processing stage: and after the verification is successful in the verification stage and the system normally runs, carrying out hash operation on the initial Value Identified-Value of the n bits recovered from the verification stage by using a first algorithm to generate a secure encryption key.
The invention further improves the following steps: the step of reading the encrypted standard value from the ROM and decrypting by using a second algorithm and using a secure encryption key as a kernel key is carried out, wherein the encrypted standard value is obtained by the following steps:
after the embedded system is powered on and the kernel is loaded, measuring the kernel through a first algorithm to obtain a PCR (polymerase chain reaction) measurement value of the kernel as a standard value for verification; and adopting a second algorithm, taking the secure encryption key as a kernel key, encrypting the verified standard value, storing the encrypted standard value in a nonvolatile memory, and obtaining the encrypted standard value.
The invention further improves the following steps: in the step of reading the standard value of the encrypted preset key information from the ROM and decrypting by using a second algorithm and taking the secure encryption key as the kernel key, the standard value of the encrypted preset key information is obtained by the following steps:
after the kernel is started, when a file system is loaded, measuring preset key information through a first algorithm, and using an obtained PCR (polymerase chain reaction) measurement value as a standard value for verifying the preset key information; and encrypting the standard value of the preset key information by adopting a second national cryptographic algorithm and taking the security encryption key as a kernel key, storing the standard value in a nonvolatile memory, and obtaining the standard value of the encrypted preset key information.
The invention further improves the following steps: the first algorithm is an SM3 algorithm; the second algorithm is the SM4 algorithm.
In a second aspect, the present invention provides a terminal security protection device based on a star trust chain, including:
the kernel checking module is used for measuring the kernel through a first algorithm after the embedded system is started to obtain a new PCR measurement value; reading the encrypted standard value from the ROM, and decrypting by adopting a second algorithm by taking the secure encryption key as a kernel key; comparing the decrypted standard value with the new PCR metric value: if the comparison is passed, continuing to start the kernel, and if the comparison is not passed, interrupting the starting process of the kernel;
the key information checking module is used for measuring the preset key information of the file system through a first algorithm when the file system is loaded after the kernel is started again, and acquiring a PCR value of new preset key information; reading a standard value of the encrypted preset key information from the ROM, and decrypting by using a second algorithm and taking the security encryption key as a kernel key; comparing the decrypted standard value of the preset key information with the PCR value of the new preset key information, if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel;
wherein the encrypted standard value and the secure encryption key are obtained from a component of the embedded system.
The invention further improves the following steps: the obtaining of the secure encryption key used in the kernel verification module and the key information verification module specifically comprises the following steps:
a registration stage: the embedded system reads the boot loader, loads the system program and initializes the peripheral hardware; the embedded system firstly reads a section of initial Value Seed-Value of a static random access memory with the size of k bits; generating n bits standard BCH code words by carrying out BCH coding on the initial Value Seed-Value of the static random access memory; the embedded system reads a section of initial Value Identified-Value of the static random access memory with the size of n bits; carrying out XOR processing on the n bits standard BCH code word and an initial Value Identified-Value of a static random access memory to generate n bits Data Helper-Data, encrypting the n bits Data Helper-Data and storing the n bits Data Helper-Data on a nonvolatile memory;
a verification stage: after the embedded system is powered on, reading an identification code NID with noise, which has the same address and the same length n bits as the initial Value of the Identified-Value of the static random access memory in the registration stage; reading n bits Data Helper-Data stored in the nonvolatile memory; performing exclusive or operation on the identification code NID with noise of n bits and n bits Data Helper-Data to obtain a BCH code with error of n bits; subjecting the BCH code with the error of n bits to BCH decoding operation, if the actual error is less than the designed error correction tolerance t, generating n-bit standard BCH code, and if the actual error is successful in system authentication, otherwise, failing to decode the BCH; if the decoding is successful, performing exclusive or operation on the n bits standard BCH code generated by decoding and n bits Data Helper-Data to recover the n bits initial Value Identified-Value used in the system registration stage; comparing the recovered n bits initial Value Identified-Value with the initial Value Identified-Value generated during system registration, and if the two are the same, successfully judging that the two are successful; after the verification stage is finished, starting normal operation of the system;
a hash processing stage: and after the verification is successful in the verification stage and the system normally runs, carrying out hash operation on the initial Value Identified-Value of the n bits recovered from the verification stage by using a first algorithm to generate a secure encryption key.
The invention further improves the following steps: the encrypted standard value in the kernel checking module is obtained through the following steps: after the embedded system is powered on and the kernel is loaded, measuring the kernel through a first algorithm to obtain a PCR (polymerase chain reaction) measurement value of the kernel as a standard value for verification; a second algorithm is adopted, the safety encryption key is used as a kernel key, the verified standard value is encrypted and stored in the nonvolatile memory, and the encrypted standard value is obtained;
the standard value of the preset key information after encryption in the key information verification module is obtained through the following steps: after the kernel is started, when a file system is loaded, measuring preset key information through a first algorithm, and using an obtained PCR (polymerase chain reaction) measurement value as a standard value for verifying the preset key information; encrypting the standard value of the preset key information by adopting a second national cryptographic algorithm and taking the security encryption key as a kernel key, storing the standard value in a nonvolatile memory, and obtaining the standard value of the encrypted preset key information;
wherein the encrypted standard value and the secure encryption key are obtained from a component of the embedded system.
In a third aspect, the present invention provides an electronic device, which includes a processor and a memory, where the processor is configured to execute a computer program stored in the memory to implement the method for protecting a terminal based on a star trust chain.
In a fourth aspect, the present invention provides a computer-readable storage medium, where at least one instruction is stored, and when executed by a processor, the at least one instruction implements the method for securing a terminal based on a star trust chain.
Compared with the prior art, the invention has the following beneficial effects:
the invention provides a terminal safety protection method, a device, equipment and a medium based on a star trust chain, which construct a standard value of the star trust chain based on trusted hardware, provide trusted protection for the start of a terminal under the condition of not changing the architecture of a mobile terminal, prevent files such as a kernel and the like from being tampered, and effectively ensure the safety of the start process under low cost and low complexity; the protection is gradually developed, the new PCR measurement of the kernel is firstly carried out in the starting process of the embedded system, and the new PCR measurement is compared with a standard value to judge whether the kernel is tampered; after the kernel is started, further measuring preset key information of the file system to obtain a PCR value of new preset key information, and comparing the PCR value of the new preset key information with a standard value to judge whether the file system is tampered; the safety protection of the embedded system is ensured doubly.
The method and the device generate the root key of the TPM of the trusted platform module by using the PUF technology, ensure the safety of the kernel of the trust chain, and encrypt and store the private key based on the PUF technology, thereby improving the safety of the private key, and effectively ensuring that the private key is difficult to be cracked and stolen by the outside to cause the leakage of the private key.
On the premise of not changing the hardware architecture of the existing mobile terminal, bootloader (uboot) is used as a credible base; taking a PUF key realized based on an SRAM as a kernel key; a cryptographic algorithm realized based on FPGA is used as a credible measurement root of credible startup; and taking the in-chip storage area as a trusted storage root of trusted start to comprehensively form a trusted platform module TPM.
The invention utilizes the related technology of trusted computing, firstly utilizes the kernel in the hardware layer to ensure the credibility of the basis of the internet of things in the energy internet, and then expands the trust chain to higher levels such as the kernel layer, the trusted component layer and the like, thereby realizing the credibility of the whole execution environment of the terminal. The method specifically adopts two technologies of trusted starting and safe storage to realize the construction of the trusted terminal execution environment. The trusted start refers to comparing the calculated hash value with a standard value layer by layer after the system is powered on every time so as to realize the safe start of the equipment. The safe storage is to the sensitive data stored in the secret-related terminal, the encryption and decryption algorithms such as the national secret algorithm are applied, and a corresponding key management mechanism is provided, so that the safety of the sensitive data in the secret-related terminal is effectively guaranteed.
According to the invention, under the condition that the embedded equipment is not modified by using a traditional commercialized external TPM chip, the existing components and technologies of the embedded system are utilized to form a trusted storage root, a trusted measurement root and a trusted root key, finally, a trusted platform module is formed under the condition that the architecture of the existing embedded system is not changed, and a star trust chain is constructed by utilizing the trusted platform module. The star trust chain takes a trust root key in a constructed trusted platform module as a trust root to ensure the trust of the trusted platform module, and then the trusted platform module respectively measures, stores a metric value and reports security operation on a bootstrap program, a kernel and preset key information, thereby completing the construction of the star trust chain.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the invention, and are incorporated in and constitute a part of this specification, illustrate exemplary embodiments of the invention and together with the description serve to explain the invention and not to limit the invention. In the drawings:
FIG. 1 is a diagram of the star chain of trust architecture in the present invention.
Fig. 2 is a diagram of a specific implementation of a terminal security protection method based on a star trust chain in embodiment 1 of the present invention.
FIG. 3 is a block diagram of the BCH algorithm of the present invention.
Fig. 4 is a flow chart of the present invention for generating an encryption key based on a PUF.
FIG. 5 is an overall framework diagram of the terminal security protection method based on the star trust chain.
Fig. 6 is a schematic flowchart of a terminal security protection method based on a star trust chain in embodiment 2 of the present invention;
FIG. 7 is a block diagram of a terminal security protection device based on a star trust chain according to the present invention;
fig. 8 is a block diagram of an electronic device according to the present invention.
Detailed Description
The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings. It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
The following detailed description is exemplary in nature and is intended to provide further details of the invention. Unless otherwise defined, all technical terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention.
The invention takes a PUF (physical unclonable function) key as a credible root, utilizes the electrification data of a random SRAM (static random access memory) area in an embedded device, and utilizes the PUF technology to encrypt the used key which only exists in a chip and is generated by a physical electronic fingerprint when in use, and the key is stored in a regression physical mode after in use. All initial PCR (program clock reference) values are encrypted through an SM4 algorithm and then stored in a ROM, a bootLoader (boot loader) verifies the integrity of the kernel through a TPM before loading the kernel, the SM3 algorithm is called to calculate the PCR values of the kernel, meanwhile, a standard value is taken out of the ROM, the standard value is decrypted through a PUF key and then compared with a measurement value, then, the result is reported to the bootLoader, if the verification is passed, the bootLoader loads the kernel, similarly, the kernel calculates the PCR values of key files in a file system through calling an SM3 algorithm before loading the file system, the standard value is taken out of the ROM and then compared, the TPM reports the result to the kernel, and if the verification is passed, the kernel loads the file system, and therefore a safe basic environment capable of being started in a trusted mode is formed.
The security key generated by the PUF technology has high correlation with the hardware of the embedded device, and can well resist physical attack. And the secure key generated by the PUF adopts SM4 cryptographic algorithm to encrypt the private key and store the private key in the nonvolatile memory.
After the system is powered on, when the bootloader loads the kernel, the kernel is measured through an SM3 algorithm in the TPM, SM3(input, len, output) is called, the output, namely a PCR value, is used as an abstract of the kernel, an initially generated module measurement value needing to be verified is used as a standard value for verification, a PUF key is used as a root key through an SM4 algorithm, and the encrypted module measurement value is stored in a ROM of the system. Then, comparing and checking the new measurement value with the standard value every time starting, reading the standard value from the ROM, decrypting and calling a cmp _ pcr function to verify the measurement value: if the integrity verification is passed, the kernel is continuously started, and if the integrity verification is not passed, the integrity is considered to be damaged, the code is possibly tampered, and a user needs to be prompted and the starting process of the kernel needs to be interrupted. After the kernel is started, when the file system is loaded, the key information of the file system is measured through an SM3 algorithm in the TPM, a standard value is read from the ROM, the standard value is decrypted through an SM4 algorithm, a cmp _ pcr function is called for measurement value verification, and if the verification is successful, the file system is loaded.
The root key is used as a root of trust and is the starting point of the star trust chain, the PUF is used as a tool for generating the root key, the general root key needs to be encrypted and stored in a safe area, and in order to save the expense and enhance the safety, a physical unclonable function PUF is selected to generate the root key.
The method for realizing the safe storage of the private key by the PUF technology specifically comprises the following steps: a group of SRAM data uniquely related to the embedded platform is extracted by utilizing the characteristic data of the powered SRAM on the embedded platform, Hash processing is carried out on the group of data to generate a group of secret keys, and then the secret keys are encrypted and stored by using a symmetric encryption algorithm through the secret keys.
The PUF technology based on the SRMA is divided into an enrollment phase and a verification phase, and a reliable symmetric decryption secret key can be generated only in the verification phase, so that a private key is decrypted.
The encryption key of the symmetric encryption algorithm is generated by collecting SRAM characteristic data after the embedded platform is powered on based on an SRAM PUF technology. The method mainly comprises three stages: a registration stage, a verification stage and a hash processing stage:
1. in the registration phase, the embedded system reads Bootloader, loads system programs, and starts the SRAM PUF registration phase after the peripheral hardware is initialized. In the registration phase:
(1) the embedded system firstly reads a section of SRAM initial Value Seed-Value with the size of k bits, which is used for generating standard BCH codes with fault-tolerant function and is called Seed Value S (Seed-Value);
(2) performing BCH coding on the SRAM seed value to generate an n bits standard BCH code word with error tolerance of t;
(3) reading an initial Value Identified-Value of a section of SRAM with the size of n bits, wherein the initial Value is used for generating a unique key Value of the piece of SRAM and is called as an identification code ID (Identified-Value);
(4) and carrying out XOR processing on the n bits standard BCH code word and the n bits identification code ID to generate n bits Data Helper-Data, and storing the n bits Data Helper-Data on a nonvolatile memory, wherein the n bits Data Helper-Data is used for key reconstruction to help the identification code NID (noise Identified-Value) with noise to recover the identification code ID, so that the n bits standard BCH code word is called as help Data HD (Helper-Data).
(5) And (5) completing the system registration phase and starting the normal operation of the system.
2. And in the verification stage, the embedded system reads the Bootloader, loads a system program, and starts the SRAM PUF verification stage after the initialization of peripheral hardware is completed. In the verification phase:
(1) reading the identification code NID with noise at the same address n bits as the identification code ID;
(2) reading n bits help data HD stored in the nonvolatile memory;
(3) performing exclusive or operation on the identification code NID with noise of n bits and the help data HD of the n bits to obtain a BCH code with error of the n bits;
(4) performing BCH decoding operation on the BCH code with the error of n bits, if the actual error is not more than the designed error correction tolerance t, generating n-bit standard BCH code, successfully authenticating the system, otherwise, failing the BCH decoding, and ending the program;
(5) if the decoding in the step (4) is successful, performing exclusive or operation on the n-bits standard BCH code generated in the step (4) and the n-bits help data HD, and recovering the n-bits identification code ID used in the system registration stage;
(6) comparing the recovered n bits identification code ID with the identification code ID generated during system registration, wherein the identification code ID is successful if the recovered n bits identification code ID is the same;
(7) and (5) finishing the verification stage and starting normal operation of the system.
3. And a hash processing stage, which is executed only when the verification stage is normally completed, wherein the n bits ID value generated by the verification stage is processed by using SM3 algorithm to generate a 256-bits secure encryption key.
And (3) private key encryption storage:
the private key is encrypted by the encryption key generated by the encryption key generation module by using the SM4 symmetric encryption algorithm and is stored in the nonvolatile memory.
Example 1
Referring to fig. 1 to 5, a mobile terminal security protection method based on a star trust chain according to the present invention includes the following steps:
s1, generating a security encryption key based on the SRAM PUF:
a registration stage:
1.1, an embedded system reads a Bootloader, loads a system program, and starts an SRAM PUF system registration stage after peripheral hardware is initialized;
1.2, the embedded system firstly reads a section of SRAM initial Value Seed-Value with the size of k bits; the SRAM initial Value Seed-Value is called as a Seed Value S;
1.3, carrying out BCH coding on the SRAM seed value S to generate n bits standard BCH code words (the BCH algorithm is shown in figure 3);
1.4, additionally reading a section of SRAM initial Identified-Value with the size of n bits by the embedded system, wherein the SRAM initial Identified-Value is called an identification code ID; the ID will be used to generate this slice SRAM unique key value;
1.5, carrying out XOR processing on n bits standard BCH code words and n bits identification code IDs to generate n bits Data Helper-Data, encrypting the Data Helper-Data and storing the Data Helper-Data in a nonvolatile memory, wherein the n bits Data Helper-Data is used for secret key reconstruction to help the identification code NID (noisy Identified-Value) with noise to recover the identification code IDs, so that the Data Helper-Data is called as help Data HD (Helper-Data);
a verification stage:
1.6, after the embedded system is powered on, reading an identification code NID with noise, which has the same address and the same length as the identification code ID in the registration stage and n bits; reading n bits help data HD stored in the nonvolatile memory; performing exclusive or operation on the identification code NID with noise of n bits and the help data HD of the n bits to obtain a BCH code with error of the n bits; subjecting the BCH code with the error of n bits to BCH decoding operation, if the actual error is less than the designed error correction tolerance t, generating n-bit standard BCH code, successfully authenticating the system, otherwise, failing BCH decoding, and ending the program; if the decoding is successful, carrying out XOR operation on the n-bits standard BCH code generated by decoding and the n-bits help data HD, and recovering the n-bits identification code ID used in the system registration stage; comparing the recovered n bits identification code ID with the identification code ID generated during system registration, wherein the identification code ID is successful if the recovered n bits identification code ID is the same; after the verification stage is finished, starting normal operation of the system;
a hash processing stage:
and 1.7, the stage is executed only when the verification stage is normally completed, and the n bits identification code ID value generated by the verification stage is subjected to hash operation by using an SM3 algorithm to generate a 256-bits secure encryption key.
S2, encrypting a private key based on the safety key generated by the PUF technology:
the safe encryption key generated by the PUF technology has high correlation with the hardware of the embedded device, and can well resist physical attack.
After the embedded system is powered on, when a bootloader loads a kernel, the kernel is measured through an SM3 algorithm in TPM, SM3(input, len, output) is called, the output, namely a PCR (polymerase chain reaction) measurement value is used as an abstract of the kernel, and an initially generated module measurement value needing to be verified is used as a standard value for verification; and adopting SM4 national cryptographic algorithm, adopting a secure encryption key generated by the PUF as a kernel key, carrying out encryption processing on the verified standard value, and storing the standard value in a nonvolatile memory.
After the kernel is started, when a file system is loaded, measuring preset key information through an SM3 algorithm in the TPM to obtain a standard value of PCR measurement value verification; and adopting an SM4 cryptographic algorithm, adopting a secure encryption key generated by the PUF as a kernel key, encrypting a standard value of the preset key information, and storing the standard value in a nonvolatile memory.
S3, safety protection authentication:
measuring the kernel through an SM3 algorithm in the TPM every time the embedded system is started to obtain a new PCR measurement value; the embedded system reads the encrypted standard value from the ROM, decrypts by using the SM4 algorithm and taking the secure encryption key as the kernel key, and then calls a cmp _ PCR function to compare the decrypted standard value with the new PCR metric value: if the comparison is passed, continuing to start the kernel, and if the comparison is not passed, considering that the integrity of the kernel is damaged and possibly the code is tampered, prompting a user and interrupting the starting process of the kernel;
after the kernel is started, when the file system is loaded, measuring preset key information of the file system through an SM3 algorithm in the TPM to obtain a PCR value of new preset key information; reading a standard value of the encrypted preset key information from a Read Only Memory (ROM), decrypting by taking a secure encryption key as a kernel key by using an SM4 algorithm, calling a cmp _ PCR function to compare the standard value of the decrypted preset key information with a Polymerase Chain Reaction (PCR) value of new preset key information, reporting a comparison result to a kernel by a Trusted Platform Module (TPM), and if the comparison is passed, loading a file system by the kernel so as to form a secure basic environment of trusted start; otherwise the kernel interrupt loads the file system.
Example 2
Referring to fig. 6, the present invention provides a terminal security protection method based on a star trust chain, including:
s1, starting the embedded system, measuring the kernel through SM3 algorithm in the trusted platform module, and obtaining a new PCR measurement value; reading the encrypted standard value from the ROM, and decrypting by adopting an SM4 algorithm and taking the secure encryption key as a kernel key; comparing the decrypted standard value with the new PCR metric value: if the comparison is passed, continuing to start the kernel, and if the comparison is not passed, interrupting the starting process of the kernel;
s2, after the kernel is started, when the file system is loaded, measuring preset key information of the file system through an SM3 algorithm in the trusted platform module to obtain a PCR value of new preset key information; reading a standard value of the encrypted preset key information from the ROM, and decrypting by using an SM4 algorithm and taking a secure encryption key as a kernel key; and comparing the decrypted standard value of the preset key information with the PCR value of the new preset key information, if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel.
In the embodiment of the present invention, the obtaining of the secure encryption key specifically includes the steps of:
a registration stage: the embedded system reads the Bootloader, loads a system program and completes initialization of peripheral hardware; the embedded system firstly reads a section of SRAM initial Value Seed-Value with the size of k bits; carrying out BCH coding on the SRAM initial Value Seed-Value to generate an n bits standard BCH code word; additionally reading an initial Value Identified-Value of a section of SRAM with the size of n bits by the embedded system; carrying out XOR processing on the n bits standard BCH code word and the SRAM initial Value Identified-Value to generate n bits Data Helper-Data, encrypting the n bits Data Helper-Data and storing the n bits Data Helper-Data on a nonvolatile memory;
a verification stage: after the embedded system is powered on, reading an identification code NID with noise of n bits with the same length and the same address as the initial Value Identified-Value of the SRAM in a registration stage; reading n bits Data Helper-Data stored in the nonvolatile memory; performing exclusive or operation on the identification code NID with noise of n bits and n bit Data Helper-Data to obtain a BCH code with error of n bits; subjecting the BCH code with the error of n bits to BCH decoding operation, if the actual error is less than the designed error correction tolerance t, generating n-bit standard BCH code, and if the actual error is successful in system authentication, otherwise, failing to decode the BCH; if the decoding is successful, performing exclusive or operation on the n bits standard BCH code generated by decoding and n bits Data Helper-Data to recover the n bits initial Value Identified-Value used in the system registration stage; comparing the recovered n bits initial Value Identified-Value with the initial Value Identified-Value generated during system registration, and if the two are the same, successfully judging that the two are successful; after the verification stage is finished, starting normal operation of the system;
a hash processing stage: after the verification is successful in the verification stage and the system normally runs, hash operation is carried out on the initial Value Identified-Value of the n bits recovered from the verification stage by using an SM3 algorithm to generate a secure encryption key;
the encrypted standard value is obtained by the following steps: after the embedded system is powered on and the kernel is loaded, measuring the kernel through an SM3 algorithm in the trusted platform module to obtain a PCR (polymerase chain reaction) measurement value of the kernel as a standard value for verification; and adopting an SM4 algorithm, taking the secure encryption key as a kernel key, encrypting the verified standard value, storing the encrypted standard value in a nonvolatile memory, and obtaining the encrypted standard value.
The standard value of the encrypted preset key information is obtained through the following steps: after the kernel is started, when a file system is loaded, measuring preset key information through an SM3 algorithm in a trusted platform module, and taking an obtained PCR measurement value as a standard value for verifying the preset key information; and encrypting the standard value of the preset key information by adopting an SM4 algorithm and taking the security encryption key as a kernel key, storing the standard value in a nonvolatile memory, and obtaining the standard value of the encrypted preset key information.
Example 3
Referring to fig. 7, the present invention provides a terminal security protection device based on a star trust chain, including:
the kernel checking module is used for measuring the kernel through an SM3 algorithm in the trusted platform module after the embedded system is started to obtain a new PCR measurement value; reading the encrypted standard value from the ROM, and decrypting by adopting an SM4 algorithm and taking the secure encryption key as a kernel key; comparing the decrypted standard value with the new PCR metric value: if the comparison is passed, continuing to start the kernel, and if the comparison is not passed, interrupting the starting process of the kernel;
the key information checking module is used for measuring the preset key information of the file system through an SM3 algorithm in the trusted platform module when the file system is loaded after the kernel is started again, and acquiring a PCR value of new preset key information; reading a standard value of the encrypted preset key information from the ROM, and decrypting by using an SM4 algorithm and taking a secure encryption key as a kernel key; and comparing the decrypted standard value of the preset key information with the PCR value of the new preset key information, if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel.
Example 4
Referring to fig. 8, the present invention further provides an electronic device 100; the electronic device 100 comprises a memory 101, at least one processor 102, a computer program 103 stored in the memory 101 and executable on the at least one processor 102, and at least one communication bus 104.
The memory 101 may be configured to store the computer program 103, and the processor 102 implements the star trust chain-based terminal security protection procedure described in embodiment 1 or 2 by running or executing the computer program stored in the memory 101 and calling the data stored in the memory 101. The memory 101 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data) created according to the use of the electronic apparatus 100, and the like. In addition, the memory 101 may include a non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other non-volatile solid state storage device.
The at least one Processor 102 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The processor 102 may be a microprocessor or the processor 102 may be any conventional processor or the like, and the processor 102 is a control center of the electronic device 100 and connects various parts of the whole electronic device 100 by various interfaces and lines.
The memory 101 in the electronic device 100 stores a plurality of instructions to implement star trust chain based terminal security protection, and the processor 102 may execute the plurality of instructions to implement:
starting the embedded system, measuring the kernel through a first algorithm in the trusted platform module, and obtaining a new PCR measurement value; reading the encrypted standard value from the ROM, and decrypting by adopting a second algorithm by taking the secure encryption key as a kernel key; comparing the decrypted standard value with the new PCR metric value: if the comparison is passed, continuing to start the kernel, and if the comparison is not passed, interrupting the starting process of the kernel;
after the kernel is started, when the file system is loaded, measuring preset key information of the file system through a first algorithm in the trusted platform module to obtain a PCR value of new preset key information; reading a standard value of the encrypted preset key information from the ROM, and decrypting by using a second algorithm and taking the security encryption key as a kernel key; and comparing the decrypted standard value of the preset key information with the PCR value of the new preset key information, if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel.
Example 5
The modules/units integrated by the electronic device 100 may be stored in a computer-readable storage medium if they are implemented in the form of software functional units and sold or used as separate products. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, and Read-Only Memory (ROM).
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the above embodiments, those of ordinary skill in the art should understand that: modifications and equivalents may be made to the embodiments of the invention without departing from the spirit and scope of the invention, which is to be covered by the claims.

Claims (10)

1. The terminal security protection method based on the star trust chain is characterized by comprising the following steps:
the embedded system is started, and the kernel is measured through a first algorithm to obtain a new PCR measurement value; reading the encrypted standard value from the ROM, and decrypting by adopting a second algorithm by taking the secure encryption key as a kernel key; comparing the decrypted standard value with the new PCR metric value: if the comparison is passed, continuing to start the kernel, and if the comparison is not passed, interrupting the starting process of the kernel;
after the kernel is started, when the file system is loaded, measuring the preset key information of the file system through a first algorithm to obtain a PCR value of new preset key information; reading a standard value of the encrypted preset key information from the ROM, and decrypting by using a second algorithm and taking the security encryption key as a kernel key; comparing the decrypted standard value of the preset key information with the PCR value of the new preset key information, if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel;
wherein the encrypted standard value and the secure encryption key are obtained from a component of the embedded system.
2. The terminal security protection method based on the star trust chain as claimed in claim 1, wherein the obtaining of the security encryption key specifically comprises the steps of:
a registration stage: the embedded system reads the boot loader, loads the system program and initializes the peripheral hardware; the embedded system firstly reads a section of initial Value of the static random access memory with the size of k bits, which is called as initial Value Seed-Value; carrying out BCH coding on the initial Value Seed-Value to generate an n bits standard BCH code word; the embedded system reads a section of initial Value of static random access memory with the size of n bits, which is called initial Value Identified-Value; carrying out XOR processing on the n bits standard BCH code word and the n bits initial Value Identified-Value to generate n bits Data Helper-Data, encrypting the n bits Data Helper-Data and storing the n bits Data Helper-Data on a nonvolatile memory;
a verification stage: after the embedded system is powered on, reading an identification code NID with noise, which has the same address and the same length n bits as the initial Value of the Identified-Value of the static random access memory in the registration stage; reading n bits Data Helper-Data stored in the nonvolatile memory; performing exclusive or operation on the identification code NID with noise of n bits and n bits Data Helper-Data to obtain a BCH code with error of n bits; subjecting the BCH code with the error of n bits to BCH decoding operation, if the actual error is less than the designed error correction tolerance t, generating n-bit standard BCH code, and if the actual error is successful in system authentication, otherwise, failing to decode the BCH; if the decoding is successful, performing exclusive or operation on the n bits standard BCH code generated by decoding and n bits Data Helper-Data to recover the n bits initial Value Identified-Value used in the system registration stage; comparing the recovered n bits initial Value Identified-Value with the initial Value Identified-Value generated during system registration, and if the two are the same, successfully judging that the two are successful; after the verification stage is finished, starting normal operation of the system;
a hash processing stage: and after the verification is successful in the verification stage and the system normally runs, carrying out hash operation on the initial Value Identified-Value of the n bits recovered from the verification stage by using a first algorithm to generate a secure encryption key.
3. The terminal security protection method based on the star trust chain as claimed in claim 2, wherein the step of reading the encrypted standard value from the ROM and decrypting with the secure encryption key as the kernel key by using the second algorithm is further characterized in that the encrypted standard value is obtained by the following steps:
after the embedded system is powered on and the kernel is loaded, measuring the kernel through a first algorithm to obtain a PCR (polymerase chain reaction) measurement value of the kernel as a standard value for verification; and adopting a second algorithm, taking the secure encryption key as a kernel key, encrypting the verified standard value, storing the encrypted standard value in a nonvolatile memory, and obtaining the encrypted standard value.
4. The terminal security protection method based on the star trust chain as claimed in claim 2, wherein the step of reading the standard value of the encrypted preset key information from the ROM and decrypting with the second algorithm using the secure encryption key as the kernel key, the standard value of the encrypted preset key information is obtained by the following steps:
after the kernel is started, when a file system is loaded, measuring preset key information through a first algorithm, and using an obtained PCR (polymerase chain reaction) measurement value as a standard value for verifying the preset key information; and encrypting the standard value of the preset key information by adopting a second national cryptographic algorithm and taking the security encryption key as a kernel key, storing the standard value in a nonvolatile memory, and obtaining the standard value of the encrypted preset key information.
5. The star trust chain-based terminal security protection method of claim 1, wherein the first algorithm is SM3 algorithm; the second algorithm is the SM4 algorithm.
6. Terminal safety device based on star chain of trust, its characterized in that includes:
the kernel checking module is used for measuring the kernel through a first algorithm after the embedded system is started to obtain a new PCR measurement value; reading the encrypted standard value from the ROM, and decrypting by adopting a second algorithm by taking the secure encryption key as a kernel key; comparing the decrypted standard value with the new PCR metric value: if the comparison is passed, continuing to start the kernel, and if the comparison is not passed, interrupting the starting process of the kernel;
the key information checking module is used for measuring the preset key information of the file system through a first algorithm when the file system is loaded after the kernel is started again, and acquiring a PCR value of new preset key information; reading a standard value of the encrypted preset key information from the ROM, and decrypting by using a second algorithm and taking the security encryption key as a kernel key; comparing the decrypted standard value of the preset key information with the PCR value of the new preset key information, if the comparison is passed, loading the file system by the kernel, otherwise, interrupting the loading of the file system by the kernel;
wherein the encrypted standard value and the secure encryption key are obtained from a component of the embedded system.
7. The terminal security protection device based on the star trust chain of claim 6, wherein the obtaining of the security encryption key used in the kernel verification module and the key information verification module specifically comprises the following steps:
a registration stage: the embedded system reads the boot loader, loads the system program and initializes the peripheral hardware; the embedded system firstly reads a section of initial Value Seed-Value of a static random access memory with the size of k bits; generating n bits standard BCH code words by carrying out BCH coding on the initial Value Seed-Value of the static random access memory; the embedded system reads a section of initial Value Identified-Value of the static random access memory with the size of n bits; carrying out XOR processing on the n bits standard BCH code word and an initial Value Identified-Value of a static random access memory to generate n bits Data Helper-Data, encrypting the n bits Data Helper-Data and storing the n bits Data Helper-Data on a nonvolatile memory;
a verification stage: after the embedded system is powered on, reading an identification code NID with noise, which has the same address and the same length n bits as the initial Value of the Identified-Value of the static random access memory in the registration stage; reading n bits Data Helper-Data stored in the nonvolatile memory; performing exclusive or operation on the identification code NID with noise of n bits and n bits Data Helper-Data to obtain a BCH code with error of n bits; subjecting the BCH code with the error of n bits to BCH decoding operation, if the actual error is less than the designed error correction tolerance t, generating n-bit standard BCH code, and if the actual error is successful in system authentication, otherwise, failing to decode the BCH; if the decoding is successful, performing exclusive or operation on the n bits standard BCH code generated by decoding and n bits Data Helper-Data to recover the n bits initial Value Identified-Value used in the system registration stage; comparing the recovered n bits initial Value Identified-Value with the initial Value Identified-Value generated during system registration, and if the two are the same, successfully judging that the two are successful; after the verification stage is finished, starting normal operation of the system;
a hash processing stage: and after the verification is successful in the verification stage and the system normally runs, carrying out hash operation on the initial Value Identified-Value of the n bits recovered from the verification stage by using a first algorithm to generate a secure encryption key.
8. The terminal security protection device based on the star trust chain as claimed in claim 7, wherein the encrypted standard value in the kernel check module is obtained by the following steps: after the embedded system is powered on and the kernel is loaded, measuring the kernel through a first algorithm to obtain a PCR (polymerase chain reaction) measurement value of the kernel as a standard value for verification; a second algorithm is adopted, the safety encryption key is used as a kernel key, the verified standard value is encrypted and stored in the nonvolatile memory, and the encrypted standard value is obtained;
the standard value of the preset key information after encryption in the key information verification module is obtained through the following steps: after the kernel is started, when a file system is loaded, measuring preset key information through a first algorithm, and using an obtained PCR (polymerase chain reaction) measurement value as a standard value for verifying the preset key information; and encrypting the standard value of the preset key information by adopting a second algorithm and taking the security encryption key as a kernel key, storing the standard value in a nonvolatile memory, and obtaining the encrypted standard value of the preset key information.
9. An electronic device comprising a processor and a memory, wherein the processor is configured to execute a computer program stored in the memory to implement the method for star trust chain based terminal security protection as claimed in any one of claims 1 to 5.
10. A computer-readable storage medium, wherein the computer-readable storage medium stores at least one instruction, and the at least one instruction when executed by a processor implements the method for protecting a terminal from security based on a star trust chain as claimed in any one of claims 1 to 5.
CN202210436201.0A 2022-04-22 2022-04-22 Terminal security protection method, device, equipment and medium based on star trust chain Pending CN114817931A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210436201.0A CN114817931A (en) 2022-04-22 2022-04-22 Terminal security protection method, device, equipment and medium based on star trust chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210436201.0A CN114817931A (en) 2022-04-22 2022-04-22 Terminal security protection method, device, equipment and medium based on star trust chain

Publications (1)

Publication Number Publication Date
CN114817931A true CN114817931A (en) 2022-07-29

Family

ID=82506648

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210436201.0A Pending CN114817931A (en) 2022-04-22 2022-04-22 Terminal security protection method, device, equipment and medium based on star trust chain

Country Status (1)

Country Link
CN (1) CN114817931A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117131519A (en) * 2023-02-27 2023-11-28 荣耀终端有限公司 Information protection method and equipment
WO2024061326A1 (en) * 2022-09-23 2024-03-28 华为技术有限公司 Data protection method, and electronic device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024061326A1 (en) * 2022-09-23 2024-03-28 华为技术有限公司 Data protection method, and electronic device
CN117131519A (en) * 2023-02-27 2023-11-28 荣耀终端有限公司 Information protection method and equipment

Similar Documents

Publication Publication Date Title
CN109313690B (en) Self-contained encrypted boot policy verification
Zhao et al. Providing root of trust for ARM TrustZone using on-chip SRAM
AU2012205457B2 (en) System and method for tamper-resistant booting
EP2965254B1 (en) Systems and methods for maintaining integrity and secrecy in untrusted computing platforms
EP2989741B1 (en) Generation of working security key based on security parameters
JP2010527219A (en) Method and system for electronically securing electronic device security using functions that cannot be physically copied
JP2022528641A (en) Identity verification using private key
CN110688660B (en) Method and device for safely starting terminal and storage medium
CN114817931A (en) Terminal security protection method, device, equipment and medium based on star trust chain
JP2011522469A (en) Integrated circuit having protected software image and method therefor
CN109586898B (en) Dual-system communication key generation method and computer-readable storage medium
US8311212B2 (en) Method of processing data protected against attacks by generating errors and associated device
US11874928B2 (en) Security device, electronic device, secure boot management system, method for generating boot image, and method for executing boot chain
CN114816549B (en) Method and system for protecting bootloader and environment variable thereof
US20240152620A1 (en) Owner revocation emulation container
US20230351056A1 (en) Sram physically unclonable function (puf) memory for generating keys based on device owner
US11784807B2 (en) Binding an ASIC to a trust anchor
US11816219B2 (en) Binding a trust anchor and an ASIC
US20220382867A1 (en) Using a trust anchor to control functionality of an asic
US20220382912A1 (en) Using a trust anchor to verify an identity of an asic
CN115941203A (en) Secure storage method and device of private key based on PUF technology
WO2024097428A1 (en) Owner revocation emulation container
WO2023212178A1 (en) Sram physically unclonable function (puf) memory for generating keys based on device owner

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination