WO2021023173A1

WO2021023173A1 - Data processing method, apparatus and system, storage medium, and computer device

Info

Publication number: WO2021023173A1
Application number: PCT/CN2020/106712
Authority: WO
Inventors: 付颖芳; 肖鹏
Original assignee: 阿里巴巴集团控股有限公司
Priority date: 2019-08-06
Filing date: 2020-08-04
Publication date: 2021-02-11
Also published as: TW202107311A; CN112346785A

Abstract

A data processing method, apparatus and system, a storage medium, and a computer device. The data processing method comprises: a trusted chip verifying whether a BMC and a configuration strategy tool can be trusted (S402); when a verification result indicates that the BMC and the configuration strategy tool can be trusted, the trusted chip reporting, to a remote management and control center, the fact that the BMC and the configuration strategy tool can be trusted (S404); and the trusted chip acquiring a trusted strategy from the BMC, wherein the remote management and control center has issued the trusted strategy to the BMC by means of the configuration strategy tool (S406).

Description

Data processing method, device, system, storage medium and computer equipment

This application claims the priority of the Chinese patent application filed on August 6, 2019 with the application number 201910721546.9 and the title of the invention "data processing method, device, system, storage medium and computer equipment", the entire content of which is incorporated into this application by reference in.

Technical field

The present invention relates to the field of computers, and in particular to a data processing method, device, system, storage medium and computer equipment.

Background technique

With the popularization of computer applications, hardware attacks are becoming more and more rampant, and the integrity of business platforms and systems are getting more and more attention. Measurement is a relatively new technical means to protect the integrity of platforms and systems: at certain specific moments, The measurement object is measured according to the measurement strategy to obtain certain information of the object being measured (for example, the hash value of the file), and the value of this information is compared with the standard value obtained according to the verification strategy recorded in advance to determine the target's Whether the integrity has been destroyed.

It can be seen from the above, where are the measurement strategy and verification strategy configured, when, how to configure, and how to ensure the security of the policy configuration itself? These have a great impact on the timely detection of anomalies in the measured object, timely control when an anomaly is discovered, and the security of the policy configuration itself.

In related technologies, the generally adopted method is: before the basic input output system (Basic Input Output System, referred to as BIOS) runs, configure the above measurement strategy and verification strategy directly in the BIOS setup phase interface and write it into the TPCM Internally, during system startup (including BIOS), measurement verification is performed according to the configured strategy.

Another method is to configure the aforementioned measurement strategy and verification strategy after the device operating system (Operation System, referred to as OS) is started, and then restart the device to start measurement.

However, in the above two methods, configuring the policy before running the BIOS cannot guarantee the security of the policy; configuring the policy after the OS is started requires restarting the device, which cannot guarantee business continuity.

In view of the above-mentioned problems, no effective solutions have yet been proposed.

Summary of the invention

The embodiments of the present invention provide a data processing method, device, system, storage medium, and computer equipment to at least solve the problem that in related technologies, when a trusted policy is configured, the security of the trusted policy cannot be guaranteed, and business continuity cannot be guaranteed. Technical issues.

According to one aspect of the embodiments of the present invention, a data processing method is provided, including: a trusted chip verifies whether the BMC and the configuration policy tool are credible; when the result of the check is that the BMC and the configuration policy tool are credible The trusted chip reports that the BMC and the configuration policy tool are trusted to the remote management and control center; the trusted chip obtains the trusted policy from the BMC, wherein the remote management and control center has downloaded the trusted policy through the configuration policy tool Send to BMC.

According to another aspect of the embodiments of the present invention, there is provided a data processing method, including: a remote management and control center receives a report from a trusted chip, wherein the report is used to inform the BMC that the BMC is trustworthy; The BMC issues a configuration policy request; the remote management and control center issues a trusted policy to the BMC through a policy configuration tool, for the trusted chip to obtain the trusted policy from the BMC.

According to still another aspect of the embodiments of the present invention, a data processing method is provided, including: in a case where a trusted chip determines that the BMC and the configuration policy tool are trustworthy, the BMC receives a configuration policy issued by a remote control center Request; the BMC verifies whether the remote management control center and the configuration strategy tool are credible; in the case where the verification result is that the remote management control center and the configuration strategy tool are credible, the BMC receives the approval of the remote management control center The trusted policy issued by the configuration policy tool; the BMC provides the received trusted policy to the trusted chip.

According to another aspect of the embodiments of the present invention, a data processing method is provided, including: a trusted chip verifies whether the BMC and the configuration policy tool are credible; when the check result is that the BMC and the configuration policy tool are credible Next, the trusted chip reports to the remote management and control center that the BMC and the configuration policy tool are trusted; the remote management and control center issues a configuration policy request to the BMC; the BMC and the remote management and control center check each other The legitimacy of the other party, and the BMC verifies whether the configuration policy tool is credible; when the BMC and the remote management and control center are both legal, and the BMC verifies that the configuration policy tool is credible, the The remote management and control center issues a trusted policy to the BMC through the configuration policy tool; the trusted chip obtains the trusted policy from the BMC.

According to another aspect of the embodiments of the present invention, a data processing method is provided, including: a trusted chip verifies whether the BMC and the configuration policy tool are credible; if the result of the check is that the BMC and the configuration policy tool are credible, the credibility The chip reports to the edge computing server that the BMC and the configuration policy tool are trustworthy; the edge computing server issues a configuration policy request to the BMC; the BMC and the edge computing server mutually check the legitimacy of each other, and the BMC checks whether the configuration policy tool is trustworthy; in the BMC and When the edge computing servers are legal and the BMC verification configuration policy tool is credible, the edge computing server delivers the trusted policy to the BMC through the configuration policy tool; the trusted chip obtains the trusted policy from the BMC.

According to one aspect of the embodiments of the present invention, there is provided a data processing device, which is applied to a trusted chip, and includes: a first check module, used to check whether the BMC and configuration policy tool are authentic; a reporting module, used to check the result If the BMC and the configuration policy tool are trustworthy, report that the BMC and the configuration policy tool are trustworthy to the remote management and control center; the first obtaining module is configured to obtain the trustworthy policy from the BMC, where , The remote control center has issued the trusted policy to the BMC through the configuration policy tool.

According to another aspect of the embodiments of the present invention, there is provided a data processing device, which is applied to a remote management and control center, and includes: a first receiving module for receiving a report from a trusted chip, wherein the report is used for reporting The BMC is trusted; the first issuing module is used to issue a configuration policy request to the BMC; the second issuing module is used to issue a trusted policy to the BMC through the policy configuration tool for the available The trust chip obtains the trusted policy from the BMC.

According to still another aspect of the embodiments of the present invention, there is provided a trusted policy configuration device, applied to BMC, including: a second receiving module, configured to determine that the BMC and the configuration policy tool are trusted by the trusted chip , Receiving the configuration policy request issued by the remote management and control center; the second verification module, used to verify whether the remote management and control center and the configuration policy tool are credible; the third receiving module, used to verify that the remote management and control center and In the case that the configuration policy tool is trusted, the remote management and control center issues a trusted policy through the configuration policy tool; a providing module is used to provide the received trusted policy to the trusted chip.

According to still another aspect of the embodiments of the present invention, a data processing system is provided, including: a trusted chip, a remote management and control center, a configuration strategy tool, and a BMC, wherein the trusted chip is used to check the BMC and configure the strategy tool Whether the BMC and the configuration policy tool are credible, and if the result of the check is that the BMC and the configuration policy tool are credible, report the BMC and the configuration policy tool credibility to the remote control center; the remote control center is used to report The BMC issues a configuration policy request; the BMC is used to mutually verify the legitimacy of the other party with the remote management and control center, and to verify whether the configuration policy tool is credible; the remote management and control center is also used to If the BMC and the remote control center are both legal, and the BMC verifies that the configuration policy tool is trustworthy, the trusted policy is issued to the BMC through the configuration policy tool; the trusted chip, It is also used to obtain the trusted policy from the BMC.

According to another aspect of the embodiments of the present invention, a data processing system is provided, including: a trusted chip, an edge computing server, a configuration strategy tool, and a BMC, where the trusted chip is used to verify whether the BMC and the configuration strategy tool can be used If the verification result is that the BMC and the configuration policy tool are credible, report the BMC and the configuration policy tool credibility to the edge computing server; the edge computing server is used to issue configuration policy requests to the BMC; the BMC is used to communicate with Edge computing servers mutually verify the legitimacy of each other and whether the BMC verifies that the configuration strategy tool is trustworthy; the edge computing server is used to pass the configuration strategy when the BMC and the edge computing server are both legal, and the BMC verifies the configuration policy tool is credible The tool delivers the trusted policy to the BMC; the trusted chip is also used to obtain the trusted policy from the BMC.

According to one aspect of the embodiments of the present invention, there is provided a storage medium storing a program, wherein when the program is run by a processor, the processor is controlled to execute any of the above data processing methods.

According to another aspect of the embodiments of the present invention, a computer device is provided, including: a memory and a processor, the memory storing a computer program; the processor is configured to execute the computer program stored in the memory, so When the computer program is running, the processor executes any of the data processing methods described above.

In the embodiment of the present invention, the remote management and control center uses the configuration policy tool to issue the trusted policy to the BMC, so that the trusted chip can obtain the trusted policy from the BMC, so that the trusted remote The control center configures the trusted policy to the trusted chip, thereby ensuring the security of configuring the trusted policy; moreover, after the trusted policy is configured, the device can be started once, which can ensure the technical effect of business continuity, and then It solves the technical problems that the security of the trusted policy cannot be guaranteed and the business continuity cannot be guaranteed when the trusted policy is configured in related technologies.

Description of the drawings

The drawings described here are used to provide a further understanding of the present invention and constitute a part of this application. The exemplary embodiments and descriptions of the present invention are used to explain the present invention, and do not constitute an improper limitation of the present invention. In the attached picture:

Figure 1 shows a block diagram of the hardware structure of a computer terminal for implementing a data processing method;

FIG. 2 is a schematic diagram of starting a trust chain after a trusted policy is configured before the BIOS runs on the basis of an embodiment of the present invention;

FIG. 3 is a schematic diagram of configuring a trusted policy after the OS is started and starting a trust chain based on an embodiment of the present invention;

4 is a flowchart of a data processing method according to an embodiment of the present invention;

Figure 5 is a flowchart of a second data processing method according to an embodiment of the present invention;

Fig. 6 is a flowchart of a third data processing method according to an embodiment of the present invention;

Figure 7 is a flowchart of a fourth data processing method according to an embodiment of the present invention;

8 is a flowchart of a fifth data processing method according to an embodiment of the present invention;

FIG. 9 is a flowchart of a data processing method according to a preferred embodiment of the present invention;

FIG. 10 is a schematic diagram of a trusted policy being configured and applied to a boot device according to an embodiment of the present invention;

FIG. 11 is a structural block diagram of a data processing device 1 according to Embodiment 2 of the present invention;

12 is a structural block diagram of the second data processing device according to the third embodiment of the present invention;

Figure 13 is a structural block diagram of a third data processing device according to the fourth embodiment of the present invention;

Fig. 14 is a structural block diagram of a data processing system according to Embodiment 5 of the present invention;

Fig. 15 is a schematic diagram of a data processing system according to Embodiment 8 of the present invention applied to a security strategy for controlling household appliances.

detailed description

In order to enable those skilled in the art to better understand the solutions of the present invention, the technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only It is a part of the embodiments of the present invention, not all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of the present invention.

It should be noted that the terms "first" and "second" in the specification and claims of the present invention and the above-mentioned drawings are used to distinguish similar objects, and not necessarily used to describe a specific sequence or sequence. It should be understood that the data used in this way can be interchanged under appropriate circumstances so that the embodiments of the present invention described herein can be implemented in an order other than those illustrated or described herein. In addition, the terms "including" and "having" and any variations of them are intended to cover non-exclusive inclusions. For example, a process, method, system, product or device that includes a series of steps or units is not necessarily limited to the clearly listed Those steps or units may include other steps or units that are not clearly listed or are inherent to these processes, methods, products, or equipment.

First of all, some nouns or terms appearing in the process of describing the embodiments of this application are suitable for the following interpretations:

Trusted Computing (Trusted Computing): Technology developed and promoted by the International Trusted Computing Group (TCG), which uses a trusted computing platform supported by hardware security modules in computing and communication systems to improve the system Overall security. With trusted computing, the computer will always behave in the expected manner, and these behaviors will be guaranteed by the computer hardware and programs together, and this behavior is achieved by using hardware security modules that the rest of the system cannot access.

Trusted Platform Module (TPM, Trusted Platform Model): TPM is an international standard for a secure cryptographic processor. It is written by TCG and uses a dedicated microcontroller to integrate encryption keys into the device to protect the hardware. The TPM security chip refers to a security chip that complies with the TPM standard. It is generally strongly bound to the computing platform through a physical method. It can effectively protect the PC and prevent unauthorized users from accessing it.

Trusted Platform Control Module (TPCM, Trusted Platform Control Model): As an independent and controllable trusted node in China, TPCM is implanted with the root of trust, and the root of trust control function is added on the basis of TPM, which realizes the initiative based on password. Control and measurement: TPCM starts before the CPU and verifies the BIOS, which changes the traditional thinking of TPM as a passive device and realizes the active control of the entire platform by TPCM.

The measurement strategy, the process of measuring the measurement object by the measurement algorithm, is used to verify the integrity of the measurement object, that is, to verify whether the measurement object has been tampered with. Including: system integrity measurement strategy (system integrity-related algorithm/program) and hardware platform integrity measurement strategy (hardware firmware integrity measurement related measurement algorithm/measurement object).

The inspection strategy is the benchmark value corresponding to the measurement strategy. After the measurement object is measured to obtain the measurement result, the benchmark value used for comparison with the measurement result. When the two are consistent, the measurement is determined to pass. Including: system integrity verification strategy (reference value used to measure the integrity of operating system kernel and management configuration files, program files) and hardware platform integrity verification strategy (reference value used to verify the integrity of hardware platform firmware) .

Example 1

According to the embodiment of the present invention, a method embodiment of a data processing method is also provided. It should be noted that the steps shown in the flowchart of the accompanying drawings can be executed in a computer system such as a set of computer executable instructions, and Although the logical sequence is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than here.

The method embodiment provided in the first embodiment of the present application may be executed in a mobile terminal, a computer terminal or a similar computing device. Figure 1 shows a block diagram of the hardware structure of a computer terminal (or mobile device) for implementing a data processing method. As shown in FIG. 1, the computer terminal 10 (or mobile device 10) may include one or more (shown as 102a, 102b, ..., 102n in the figure) processors (the processors may include but are not limited to microprocessors) MCU or programmable logic device FPGA or other processing device), memory 104 for storing data. In addition, it can also include: transmission module, display, input/output interface (I/O interface), universal serial bus (USB) port (can be included as one of the ports of the I/O interface), network Interface, power supply and/or camera. Those of ordinary skill in the art can understand that the structure shown in FIG. 1 is only for illustration, and does not limit the structure of the above electronic device. For example, the computer terminal 10 may also include more or fewer components than those shown in FIG. 1, or have a different configuration from that shown in FIG.

It should be noted that the aforementioned one or more processors and/or other data processing circuits may generally be referred to as "data processing circuits" herein. The data processing circuit can be embodied in whole or in part as software, hardware, firmware or any other combination. In addition, the data processing circuit may be a single independent processing module, or be fully or partially integrated into any one of the other elements in the computer terminal 10 (or mobile device). As mentioned in the embodiments of the present application, the data processing circuit is used as a kind of processor control (for example, selection of a variable resistance terminal path connected to an interface).

The memory 104 can be used to store software programs and modules of application software, such as a program instruction/data storage device corresponding to the remote authentication method in the embodiment of the present invention. The processor executes the software programs and modules stored in the memory 104 by running the software programs and modules. A functional application and data processing, that is, the data processing method that implements the above-mentioned application program. The memory 104 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include a memory remotely provided with respect to the processor, and these remote memories may be connected to the computer terminal 10 via a network. Examples of the aforementioned networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

The above-mentioned transmission module is used to receive or send data via a network. The above-mentioned specific examples of the network may include a wireless network provided by the communication provider of the computer terminal 10. In an example, the transmission module includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices through a base station so as to communicate with the Internet. In an example, the transmission module may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner.

The display may be, for example, a touch screen liquid crystal display (LCD), which may enable a user to interact with the user interface of the computer terminal 10 (or mobile device).

As described above, in the related technology relative to the embodiments of the present invention, the generally adopted method is: before the basic input output system (Basic Input Output System, referred to as BIOS) runs, the above measurement strategy and verification strategy are directly Configure the interface in the BIOS setup phase and write it into the TPCM. Then, during the system startup process (including BIOS), the measurement verification is performed according to the configured policy. Fig. 2 is a schematic diagram of starting the trust chain after the trusted policy is configured before the BIOS runs on the basis of the embodiment of the present invention.

Another method is to configure the aforementioned measurement strategy and verification strategy after the device operating system (Operation System, referred to as OS) is started, and then restart the device to start measurement. FIG. 3 is a schematic diagram of configuring a trusted policy after the OS is started and starting the trust chain based on the embodiment of the present invention.

However, the above two solutions have the following shortcomings:

(1) In the above two methods, when the device is started for the first time, the metrics before the BIOS setup are protected by the manufacturer's strategy, and it is impossible to truly protect the user's strategy;

(2) In the first method, the operation and maintenance management personnel who are not in front of the device can not perform remote policy configuration operations, and when the BIOS setup policy is configured, the BIOS setup itself is not integrity protected and verified. ；

(3) After the above-mentioned second method is used to configure the policy, it needs to be restarted to make the policy take effect, which cannot guarantee the continuity of the business and leads to a bad user experience.

In order to overcome the above shortcomings, in the embodiment of the present invention, a trusted policy configuration scheme is proposed, in which the remote control function of the server's baseboard management controller (Baseboard Management Controller, referred to as BMC) is used to configure the BIOS , OS Loader, the measurement strategy of the OS kernel, to ensure that the measurement strategy and verification strategy can be configured remotely during the first startup process, and there is no need to start, which can ensure the continuity of the user's business, and can also find abnormalities in time. It should be noted that the above-mentioned BMC is inside the server device and can be integrated on the motherboard. Among them, the BMC can be independently powered and has an independent I/O interface, and can perform the remote control function of the server. The remote control function includes but Not limited to local and remote diagnosis, console support, configuration management, hardware management, and troubleshooting.

Fig. 4 is a flowchart of a data processing method 1 according to an embodiment of the present invention. As shown in Fig. 4, the process includes:

Step S402, the trusted chip checks whether the BMC and the configuration policy tool are trusted;

As an optional embodiment, the data processing method provided in the embodiment of the present invention is described from the trusted chip side. The trusted chip may include multiple types, for example, it may be a trusted platform module TPM, or a trusted platform control module TPCM, etc., which is not limited here. When configuring the trusted policy of the trusted chip, the objects involved in the configuration of the trusted policy can be checked first, that is, whether the involved objects are trusted or not, and when the involved objects are trusted, the The trusted object performs the configuration of the trusted policy. In addition, the data processing method provided by the embodiments of the present invention can also be described from the side of an untrusted chip, that is, chips other than the trusted chip, for example, an untrusted chip. It needs to be further explained that in the specific implementation process, whether it is a trusted chip or an untrusted chip, it should be determined according to the application scenario. For example, it can be considered from various aspects such as chip selectivity and compatibility.

As an optional embodiment, the trusted chip and BMC can be combined and deployed in a server or server array. It should be noted that during the implementation of the trusted chip and BMC, the deployment environment includes But not limited to virtual machine environment.

As an optional embodiment, when detecting objects involved in the process of configuring a trusted policy, since the involved objects may include multiple objects, different objects may use different strategies for inspection. For example, in the embodiment of the present invention, the objects involved in the process of configuring the trusted policy may include: the trusted chip itself, the BMC, and the configuration policy tool.

As an optional embodiment, when the trusted chip checks itself, a predetermined self-check strategy may be adopted. For example, a trusted chip adopts a self-test strategy to perform a self-test, and if the self-test passes, it is determined whether the BMC and configuration policy tools are trusted. It should be noted that the self-check strategy can be the default setting of the trusted chip when it leaves the factory, of course, it can also be a self-check strategy after the factory settings are subsequently modified according to user needs. The trusted chip first conducts self-inspection on itself, and after passing the self-inspection, it inspects other objects that subsequently interact with itself.

As an optional embodiment, after the trusted chip passes the verification of itself, it verifies objects related to the trusted policy configuration, for example, the trusted chip verifies whether the BMC and the configuration policy tool are trusted. When the trusted chip checks whether the BMC and the configuration policy tool are trusted, multiple methods can be used. For example, the trusted chip to verify whether the BMC and the configuration strategy tool are trustworthy can include: the trusted chip verifies the legitimacy of the BMC and the configuration strategy tool, and measures the integrity of the BMC and the configuration strategy tool; verifying the legitimacy of the BMC and the configuration strategy tool The trusted chip determines that the BMC and the configuration policy tool are trustworthy when the integrity of the BMC and the configuration policy tool is passed. Therefore, the trusted chip verifies that the BMC and configuration strategy tools are credible not only includes checking whether the BMC and configuration strategy tools are legal, but also includes checking whether the BMC and configuration strategy tools are complete, and checking that the BMC and configuration strategy tools are both legal and complete. In this case, make sure that the BMC and configuration policy tools are trustworthy.

As an optional embodiment, when the trusted chip checks whether the BMC and the configuration policy tool are legal and whether the BMC and the configuration policy tool are complete, the order may be in no particular order. For example, you can first check whether the BMC and the configuration strategy tool are legal, and then check whether the BMC and the configuration strategy tool are complete. Or, first check whether the BMC and the configuration strategy tool are complete, and then check whether the BMC and the configuration strategy tool are legal. Preferably, considering the importance of security, you can first check whether the BMC and the configuration strategy tool are legal, and if they are legal, check whether the BMC and the configuration strategy tool are complete.

Step S404, in the case where the verification result is that the BMC and the configuration policy tool are credible, the trusted chip reports to the remote control center that the BMC and the configuration policy tool are credible;

As an optional embodiment, after checking whether the BMC and the configuration policy tool are credible, if the result of the check is that the BMC and the configuration policy tool are not credible, the configuration process of the trusted policy can be directly ended. In the case where the inspection result is that the BMC and the configuration policy tool are credible, the trusted chip reports to the remote control center that the BMC and the configuration policy tool are credible. That is, the trust chip informs the remote control center that BMC and configuration strategy tools can be used to configure trusted strategies. It should be noted that here, the trusted chip can report the trustworthiness of the BMC and configuration policy tool to the remote management and control center in many ways. For example, the report message can be sent directly, or the identification can be sent. Identifies that the BMC and configuration policy tools are trustworthy. The reporting method can be flexibly selected according to needs, and is not limited here.

Step S406, the trusted chip obtains the trusted policy from the BMC, where the remote control center has issued the trusted policy to the BMC through the configuration policy tool.

As an optional embodiment, after the trusted chip reports to the remote management and control center that the BMC and the configuration policy tool are trustworthy, the remote management and control center will perform mutual verification with the BMC, and if the mutual verification is passed, the remote management and control center will The trusted policy is delivered to the BMC through the configuration policy tool, and then the trusted chip obtains the trusted policy from the BMC.

As an optional embodiment, the trusted policy described above includes: the measured object corresponding to the trusted policy, the measurement strategy for measuring the measured object, and the applied during the process of measuring the measured object. Verification strategy (that is, the benchmark value for judging whether the metric passes). The measured object referred to here may be a measurement object that needs to be measured during the startup process of the trusted chip, for example, the measurement object included in the trust chain during the startup process described above.

As an optional embodiment, the trusted chip may obtain the trusted policy from the BMC in multiple ways. For example, the trusted chip may directly obtain the trusted policy from the BMC. However, the method of directly obtaining the trusted policy may have security problems. Therefore, in the embodiment of the present invention, a safe obtaining method is provided. For example, the trusted chip can obtain the trusted policy from the BMC in the following manner: the trusted chip obtains the trusted policy package from the BMC, where the trusted policy package includes: the trusted chip signed by the private key of the remote control center The measured object, and the trusted policy with the measured object, where the trusted policy package is encrypted with the EK public key of the trusted chip; the trusted chip uses the signature to verify that the trusted policy package comes from the remote control center. The EK private key of the trusted chip decrypts the trusted policy package to obtain the trusted policy.

As an optional embodiment, the private key of the remote control center is used to sign the measured object in the trusted chip and the trusted policy corresponding to the measured object, indicating that the trusted policy comes from a trusted remote The control center is safe. The EK public key of the trusted chip is used to encrypt the trusted policy, so that when the remote control center transmits to the BMC, since the encrypted trusted policy package is transmitted, the transmission security of the trusted policy can be guaranteed. It should be noted that the use of the private key of the remote control center for signing and the EK public key encryption of the trusted chip are all optional embodiments. Of course, to ensure the reliability of the source of the trusted policy and the security of transmission , It is also possible to use other identifiers for signature or encryption processing, and no examples are given here.

As an optional embodiment, after the trusted chip obtains the trusted policy from the BMC, the method may further include: the trusted chip stores the trusted policy in a non-volatile storage space; the trusted chip stores the trusted policy according to the The trust policy, in turn, measures the trustworthiness of the measured objects in the trust chain of trust, and starts the device when all the measures pass. Therefore, after obtaining the trusted policy from the BMC, store the trusted policy in a non-volatile storage space. The non-volatile storage space has the characteristics of safe and reliable storage, so that the security of the trusted policy can be guaranteed without loss . After that, the trusted chip sequentially measures the credibility of the measured objects in the trusted chain of trust according to the stored credibility policy, and starts the device when the metrics pass. Using this remote trusted policy configuration can not only ensure the security of the trusted policy, but also only needs to be started once.

Through the above steps, the remote control center uses the configuration strategy tool to issue the trusted policy to the BMC, so that the trusted chip can obtain the trusted policy from the BMC, so that the trusted remote control center can send the trusted policy to the BMC before the device starts. The purpose of the trusted chip to configure the trusted policy is to ensure the security of the trusted policy; moreover, after the trusted policy is configured, the device can be started once, which can ensure the technical effect of business continuity, thereby solving the problem of In related technologies, when the trusted policy is configured, there are technical problems that the security of the trusted policy cannot be guaranteed and the business continuity cannot be guaranteed.

An embodiment of the present invention provides a data processing method. FIG. 5 is a flowchart of a second data processing method according to an embodiment of the present invention. As shown in FIG. 5, the process includes:

Step S502, the remote management and control center receives the report of the trusted chip, where the report is used to inform that the BMC is trusted;

As an optional embodiment, the data processing method provided in the embodiment of the present invention is described from the side of the remote control center. When the trusted chip starts the configuration process of the trusted policy, the trusted chip will check the objects involved in configuring the trusted policy to determine whether the involved objects are trusted. And the trusted chip will report the inspection results to the remote control center that issued the trusted policy. After receiving the BMC credibility report sent by the credible chip, the remote control center determines that the BMC used to configure the credible policy is credible, that is, it can issue the credible policy to the BMC.

As an optional embodiment, as described above, the remote management and control center can receive the report of the trusted chip in multiple ways. It can be a way of receiving a report message, or a predetermined identifier used to identify the trustworthiness of the BMC. The method is not limited here. In addition, in a specific implementation process, the above-mentioned remote control center may be virtual, for example, one or more virtual terminal devices will be used to construct a remote control center.

Step S504, the remote management and control center issues a configuration policy request to the BMC;

As an optional embodiment, after the remote management and control center determines that the BMC used to configure the trusted policy is credible, the remote management and control center can issue a configuration policy request to the BMC. Sending the trusted policy to the BMC can remind the BMC to be ready to receive the trusted policy; on the other hand, it informs that the configuration policy request comes from a trusted remote control center, so that the BMC can ensure that the source of the trusted policy is safe and reliable .

In step S506, the remote management and control center issues the trusted policy to the BMC through the policy configuration tool for the trusted chip to obtain the trusted policy from the BMC.

As an optional embodiment, in order to ensure the security of the trusted policy issued by the remote control center, before the remote control center issues the trusted policy to the BMC through the policy configuration tool, it may also include: the remote control center verifies the BMC As well as the legitimacy and integrity of the configuration policy tool; the remote management and control center determines to issue the trusted policy to the BMC through the policy configuration tool after verifying the legitimacy and integrity of the BMC and the configuration policy tool. That is, through the remote management and control center to verify the legitimacy and integrity of the BMC and the configuration strategy tool, the remote management and control center can determine the configuration strategy tool to be used for issuing the trusted policy, and the target BMC is trusted, that is, through the configuration The credible policy issued by the policy tool and to the BMC is credible and safe.

As an optional embodiment, the remote control center verifies the legitimacy and integrity of the BMC and the configuration policy tool in no particular order. For example, the legitimacy and integrity of the BMC can be verified first and then the configuration policy tool is verified. The legitimacy and integrity can also be verified by verifying the legitimacy and integrity of the configuration policy tool first and then verifying the legitimacy and integrity of the BMC. The remote control center can verify the legitimacy and integrity of the BMC and the configuration policy tool in no particular order. For example, the legitimacy of the BMC and the configuration policy tool can be verified first, and then the integrity of the BMC and the configuration policy tool can be verified; It first verifies the integrity of BMC and configuration strategy tools, and then verifies the legitimacy of BMC and configuration strategy tools. Of course, it is better to verify the legitimacy of the BMC and the configuration strategy tool first to ensure legality and security, and then verify the integrity of the BMC and the configuration strategy tool.

As an optional embodiment, the remote management and control center can use a policy configuration tool to issue the trusted policy to the BMC in a variety of ways. For example, it can be implemented in the following ways: the remote management and control center uses the remote management and control center's private key pair The measured object in the trusted chip and the trusted policy corresponding to the measured object are signed, and the EK public key of the trusted chip is used to encrypt the measured object and the trusted policy to obtain the trusted policy package; the remote control center will The trusted policy package is delivered to BMC. Using the private key of the remote control center to sign the measured object in the trusted chip and the trusted policy corresponding to the measured object can make it clear that the trusted policy comes from the trusted remote control center and is safe. In addition, the EK public key of the trusted chip is used to encrypt the measured object and the trusted policy to obtain the trusted policy package, so that when the remote control center issues the trusted policy to the BMC, it does not directly issue the trusted policy to the BMC. It is issued after encryption, which ensures the security of the transmission process issued by the remote control center to the BMC, and avoids interception and tampering during the transmission process, resulting in insecure trusted policies.

An embodiment of the present invention provides a data processing method. FIG. 6 is a flowchart of a third data processing method according to an embodiment of the present invention. As shown in FIG. 6, the process includes:

Step S602, in the case that the trusted chip determines that the BMC and the configuration policy tool are trustworthy, the BMC receives the configuration policy request issued by the remote control center;

As an optional embodiment, the data processing method provided in the embodiment of the present invention is described from the BMC side. BMC has built-in management functions on the motherboard. These functions include: local and remote diagnosis, console support, configuration management, hardware management, and troubleshooting.

Step S604, the BMC checks whether the remote control center and the configuration strategy tool are credible;

As an optional embodiment, the BMC verification of whether the remote control center and the configuration strategy tool are trustworthy includes: BMC verifies whether the remote control center is legitimate, and verifies the legitimacy and integrity of the configuration strategy tool; the verification result is the remote control center When the legality and the legality and integrity of the configuration policy tool are passed, BMC determines that the remote control center and the configuration policy tool are credible. By verifying whether the remote control center is credible, BMC can determine whether the source of the credible policy is secure, that is, whether the credible policy is credible. By verifying whether the configuration policy tool is credible, BMC can determine whether the method and method of the remote management and control center issuing credible policies to BMC is reliable.

Step S606: In the case where the verification result is that the remote control center and the configuration policy tool are credible, the BMC receives the trusted policy issued by the remote control center through the configuration policy tool;

In step S608, the BMC provides the received trusted policy to the trusted chip.

As an optional embodiment, the BMC may provide the received trusted policy to the trusted chip in various ways. For example, the trusted chip may actively obtain the trusted policy from the BMC, for example, the trusted policy may be received at the BMC. After the trusted policy issued by the remote management and control center, BMC sends a notification message to the trusted chip to inform that it has obtained the trusted policy of the trusted chip. After that, the trusted chip actively sends a request to obtain the trusted policy to request access to the trusted chip. Trust strategy; it can also be that the trusted chip and BMC actively transmit the trusted strategy to the trusted chip according to a pre-arranged method. For example, the trusted chip and BMC agree in advance. Once the BMC obtains the trusted strategy, it will go to the BMC Transmit the trusted policy to the trusted chip.

An embodiment of the present invention provides a data processing method. FIG. 7 is a flowchart of a data processing method 4 according to an embodiment of the present invention. As shown in FIG. 7, the process includes:

Step S702, the trusted chip checks whether the BMC and the configuration policy tool are trusted;

Step S704: In the case where the inspection result is that the BMC and the configuration policy tool are credible, the trusted chip reports that the BMC and the configuration policy tool are credible to the remote management and control center;

Step S706: The remote management and control center issues a configuration policy request to the BMC;

Step S708, the BMC and the remote control center mutually check the legitimacy of each other, and the BMC checks whether the configuration policy tool is credible;

Step S710, in the case that the BMC and the remote control center are both legal and the BMC verification configuration policy tool is credible, the remote control center issues the trusted policy to the BMC through the configuration policy tool;

Step S712, the trusted chip obtains the trusted policy from the BMC.

As an optional embodiment, the remote control center can use the configuration policy tool to issue the trusted policy to the BMC in the following manner: the remote control center uses the remote control center's private key to pair the measured object in the trusted chip, and The trusted policy corresponding to the measured object is signed, and the EK public key of the trusted chip is used to encrypt the measured object and the trusted policy to obtain the trusted policy package; the remote control center delivers the trusted policy package to the BMC.

It should be noted that, in this embodiment, the objects involved in the trusted policy configuration, for example, the trusted chip, the remote control center, the BMC, and the operations or functions performed by the configuration policy tool can all be those described in the above embodiments. , I will not explain them separately here.

An embodiment of the present invention provides a data processing method. FIG. 8 is a flowchart of a data processing method 5 according to an embodiment of the present invention. As shown in FIG. 8, the process includes:

Step S802, the trusted chip checks whether the BMC and the configuration policy tool are trusted;

Step S804, in the case where the verification result is that the BMC and the configuration policy tool are credible, the trusted chip reports to the edge computing server that the BMC and the configuration policy tool are credible;

Step S806: The edge computing server issues a configuration policy request to the BMC;

Step S808, the BMC and the edge computing server mutually check the legitimacy of each other, and the BMC checks whether the configuration policy tool is credible;

Step S810, when the BMC and the edge computing server are both legal and the BMC verifies that the configuration policy tool is credible, the edge computing server issues the trusted policy to the BMC through the configuration policy tool;

Step S812, the trusted chip obtains the trusted policy from the BMC.

As an optional embodiment, when the foregoing data processing method is applied in an edge computing scenario, the edge computing server may replace the remote control center in the foregoing embodiment to perform corresponding operations. For example, the edge computing server sends the trusted policy to the BMC through the configuration policy tool in the following manner: the edge computing server uses the edge computing server's private key to pair the measured object in the trusted chip and the corresponding The trusted policy is signed, and the EK public key of the trusted chip is used to encrypt the measured object and the trusted policy to obtain the trusted policy package; the edge computing server delivers the trusted policy package to the BMC.

It should be noted that, in this embodiment, the objects involved in the trusted policy configuration, for example, trusted chips, edge computing servers, BMC, and the operations or functions performed by the configuration policy tool can all be those described in the above embodiments. , I will not explain them separately here.

Through the above steps, the edge computing server is used to issue the trusted policy to the BMC through the configuration policy tool, so that the trusted chip can obtain the trusted policy from the BMC, so that before the device starts, the trusted edge computing server sends the trusted policy to the BMC. The purpose of the trusted chip to configure the trusted policy is to ensure the security of the trusted policy; moreover, after the trusted policy is configured, the device can be started once, which can ensure the technical effect of business continuity, thereby solving the problem of In related technologies, when the trusted policy is configured, there are technical problems that the security of the trusted policy cannot be guaranteed and the business continuity cannot be guaranteed.

Based on the above-mentioned embodiments and preferred embodiments, a preferred implementation mode is provided.

It should be noted that before executing the trusted configuration strategy method, the trusted chip (for example, TPM or TPCM) can be factory-initialized: including: when the device leaves the factory, the trusted chip has set a set of self-check policies by default, and The measurement and verification strategy of BMC. The trusted chip has EK public key and EK private key, EK certificate, BMC has corresponding AIK public and private key pair and AIK certificate.

Fig. 9 is a flowchart of a data processing method according to a preferred embodiment of the present invention. As shown in Fig. 9, the process includes the following steps:

(1) The device is in standby, TPCM self-test, if the self-test is passed, execute step (2), otherwise, step (11);

(2) Verify the legitimacy of the BMC, if the verification is passed, perform step (3), otherwise step (11);

(3) Measure the integrity of BMC and configuration strategy tools, if the integrity is passed, then step (4), otherwise, perform step (11);

(4) TPCM reports to the remote control center that BMC is credible;

(5) The remote control center issues a configuration policy request to BMC;

(6) BMC verifies the legitimacy of the configuration policy tool, and mutually verifies the legitimacy of the identity with the remote management and control center through their respective certificates, and the integrity of the configuration policy tool, legal and complete, then execute step (7), otherwise execute step ( 11) Step;

(7) The remote control center packages and distributes the corresponding policies to the BMC through the configuration strategy tool. The package contains the measured object signed by the remote control center, related measurement strategies and verification strategies, all signed by the remote control center private key , And at the same time encrypt with the EK public key in TPCM;

(8) TPCM takes the initiative to obtain the corresponding policy package from the BMC, decrypts the policy package with the EK private key, and at the same time verifies that it is indeed from the remote control center, then execute step (9), otherwise, execute step (11);

(9) TPCM saves the corresponding strategy package in the NV space of TPCM;

(10) The device starts normally, and the startup process is the same as the usual trusted chain of trust, from one level to one level. Figure 10 is a schematic diagram of the configuration of a trusted policy provided according to an embodiment of the present invention and applied to the startup device, as shown in Figure 10. As shown, after the trusted policy is configured, the device is normally started according to the configured trusted policy.

(11) Alarm, prohibit start/restricted start/authorize normal start.

It should be noted that the remote control center is a role that sends configuration requests to the BMC through a strategy tool, or it can be the application side.

Through the above-mentioned preferred embodiments, the BMC remote control function is used to configure the corresponding measurement strategy and verification strategy for the measured object started by the device through the strategy configuration tool; in addition, the measurement strategy and verification strategy are configured remotely without starting, This can ensure the continuity of the user's business, and can also detect abnormalities in time.

It should be noted that for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should know that the present invention is not limited by the described sequence of actions. Because according to the present invention, certain steps can be performed in other order or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the involved actions and modules are not necessarily required by the present invention.

Through the description of the above embodiments, those skilled in the art can clearly understand that the method according to the above embodiment can be implemented by means of software plus the necessary general hardware platform, of course, it can also be implemented by hardware, but in many cases the former is Better implementation. Based on this understanding, the technical solution of the present invention essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to make a terminal device (which can be a mobile phone, a computer, a server, or a network device, etc.) execute the method of each embodiment of the present invention.

Example 2

In an embodiment of the present invention, a data processing device is also provided. FIG. 11 is a structural block diagram of a data processing device 1 according to Embodiment 2 of the present invention. As shown in FIG. 11, the data processing device 1 is applied to trusted The chip includes: a first checking module 112, a reporting module 114, and a first obtaining module 116. The device will be described below.

The first check module 112 is used to check whether the BMC and the configuration policy tool are trustworthy; the reporting module 114 is connected to the first check module 112, and is used to send remote reports to the remote if the check result is that the BMC and the configuration policy tool are trustworthy. The control center reports that the BMC and the configuration policy tool are trustworthy; the first obtaining module 116 is connected to the above reporting module 114, and is used to obtain the trusted policy from the BMC after the remote control center issues the trusted policy to the BMC through the configuration policy tool .

Through this data processing device, the remote management and control center uses the configuration strategy tool to issue trusted policies to the BMC, so that the trusted chip can obtain the trusted policies from the BMC, and achieves that the trusted remote management and control before the device starts The center configures the trusted strategy for the trusted chip, thereby ensuring the security of configuring the trusted strategy; moreover, after the trusted strategy is configured, the device can be started once, which can ensure the technical effect of business continuity, and then solve the problem In related technologies, when configuring a trusted policy, there are technical problems that the security of the trusted policy cannot be guaranteed, and business continuity cannot be guaranteed.

It should be noted here that the data processing device corresponds to steps S402 to S406 included in FIG. 4 in the above-mentioned embodiment 1. The implementation examples and application scenarios of the aforementioned data processing device 1 and the corresponding steps are the same, but are not limited to the content disclosed in the aforementioned embodiment 1. It should be noted that, as a part of the device, the above-mentioned modules can run in the computer terminal 10 provided in the first embodiment.

Example 3

In the embodiment of the present invention, a data processing device is also provided. FIG. 12 is a structural block diagram of the second data processing device according to the third embodiment of the present invention. As shown in FIG. 12, the data processing device two is applied to remote management and control. The center includes: a first receiving module 122, a first issuing module 124, and a second issuing module 126. The device will be described below.

The first receiving module 122 is configured to receive the report of the trusted chip, where the report is used to inform the BMC that the BMC is trusted; the first issuing module 124, connected to the first receiving module 122, is used to issue the configuration to the BMC Policy request; the second issuance module 126, connected to the first issuance module 124, is used to issue the trusted policy to the BMC through the policy configuration tool, for the trusted chip to obtain the trusted policy from the BMC.

It should be noted here that the second data processing device corresponds to steps S502 to S506 included in FIG. 5 in the above-mentioned embodiment 1. The implementation examples and application scenarios of the above-mentioned data processing device 2 and the corresponding steps are the same, but are not limited to the content disclosed in the above-mentioned embodiment 1. It should be noted that, as a part of the device, the above-mentioned modules can run in the computer terminal 10 provided in the first embodiment.

Example 4

In the embodiment of the present invention, a data processing device is also provided. FIG. 13 is a structural block diagram of the third data processing device according to the fourth embodiment of the present invention. As shown in FIG. 13, the third data processing device is applied to BMC, It includes: a second receiving module 132, a second checking module 134, a third receiving module 136, and a providing module 138. The device will be described below.

The second receiving module 132 is configured to receive the configuration policy request issued by the remote management and control center when the trusted chip determines that the BMC and the configuration policy tool are credible; the second verification module 134 is connected to the second receiving module 132, It is used to verify whether the remote control center and the configuration strategy tool are credible; the third receiving module 136 is connected to the above-mentioned second verification module 134, and is used to remotely control and control the remote control center and the configuration strategy tool when the verification result is that the remote control center and the configuration strategy tool are credible. The center configures the trusted policy issued by the policy tool; the providing module 138 is connected to the third receiving module 136, and is used to provide the received trusted policy to the trusted chip.

It should be noted here that the third data processing device corresponds to step S602 to step S608 included in FIG. 6 in the foregoing embodiment 1. The implementation examples and application scenarios of the foregoing data processing device 3 and the corresponding steps are the same, but are not limited to the content disclosed in the foregoing embodiment 1. It should be noted that, as a part of the device, the above-mentioned modules can run in the computer terminal 10 provided in the first embodiment.

Example 5

In the embodiment of the present invention, a data processing system is also provided. FIG. 14 is a structural block diagram of the data processing system according to Embodiment 5 of the present invention. As shown in FIG. 14, the data processing system can be applied to server arrays and computers. For the interaction between devices, the server array may include one or more virtual machines. The computer device is located outside the server and is provided with a (remote) control center 144, and the server array is provided with a trusted chip 142 and BMC 146. Further, the data processing system includes: a trusted chip 142, a remote control center 144, a configuration strategy tool (not shown in the figure), and a BMC 146, which is a baseboard management controller 146. The system will be described below.

The trusted chip 142 is used to check whether the BMC and the configuration policy tool are credible, and if the result of the check is that the BMC and the configuration policy tool are credible, report to the remote control center that the BMC and the configuration policy tool are credible; the remote control center 144 , Connected to the trusted chip 142, used to issue configuration policy requests to the BMC; BMC146, connected to the remote control center 144 and trusted chip 142, used to mutually check the legitimacy of the other party with the remote control center and verify the configuration Whether the policy tool is credible; the remote control center 144 is also used to deliver the trusted policy to the BMC through the configuration policy tool when the BMC and the remote control center are both legal and the BMC verifies that the configuration policy tool is credible; The chip 142 is also used to obtain a trusted policy from the BMC.

It should be noted here that the data processing system corresponds to steps S702 to S712 included in FIG. 7 in the above-mentioned embodiment 1. The above-mentioned data processing system and the corresponding steps implement the same examples and application scenarios, but are not limited to the content disclosed in the above-mentioned embodiment 1. It should be noted that, as a part of the device, the above-mentioned modules can run in the computer terminal 10 provided in the first embodiment.

In addition, it should be pointed out that when this embodiment is applied in an edge computing scenario, the edge computing server can be used to replace the function of processing the remote control center 144, that is, in a preferred embodiment, a data is also provided A processing system, the data processing system includes: a trusted chip 142, an edge computing server, a configuration strategy tool and a BMC 146. The system will be described below.

The trusted chip 142 is used to check whether the BMC 146 and the configuration policy tool are trustworthy, and if the result of the check is that the BMC 146 and the configuration policy tool are trustworthy, report to the edge computing server that the BMC 146 and the configuration policy tool are trustworthy; The computing server is used to issue configuration policy requests to the BMC 146; the BMC 146 is used to verify the legitimacy of each other with the edge computing server, and the BMC 146 verifies whether the configuration policy tool is trustworthy; the edge computing server is used in the BMC 146 When both the edge computing server and the edge computing server are legal, and the BMC 146 verifies that the configuration policy tool is trusted, the trusted policy is issued to the BMC 146 through the configuration policy tool; the trusted chip 142 is also used to obtain the trusted policy from the BMC 146.

It should be noted here that the data processing system corresponds to step S802 to step S812 included in FIG. 8 in the foregoing embodiment 1. The above-mentioned data processing system and the corresponding steps implement the same examples and application scenarios, but are not limited to the content disclosed in the above-mentioned embodiment 1. It should be noted that, as a part of the device, the above-mentioned modules can run in the computer terminal 10 provided in the first embodiment.

Example 6

The embodiment of the present invention may provide a computer terminal (or called a computer device), and the computer terminal may be any computer terminal device in a computer terminal group. Optionally, in this embodiment, the above-mentioned computer terminal may also be replaced with a terminal device such as a mobile terminal.

Optionally, in this embodiment, the foregoing computer terminal may be located in at least one network device among multiple network devices in the computer network.

Optionally, in this embodiment, the computer device may include: a memory and a processor, the memory storing a computer program; the processor is used to execute the computer program stored in the memory, and the computer program is executed to make the processor execute any of the foregoing One method.

The memory can be used to store software programs and modules, such as program instructions/modules corresponding to the data processing method and device in the embodiments of the present invention. The processor executes various functional applications by running the software programs and modules stored in the memory. And data processing, that is, to realize the above-mentioned data processing method. The memory may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memories. In some examples, the memory may further include a memory remotely provided with respect to the processor, and these remote memories may be connected to the computer terminal through a network. Examples of the aforementioned networks include, but are not limited to, the Internet, corporate intranets, local area networks, mobile communication networks, and combinations thereof.

The processor can call the information and application programs stored in the memory through the transmission device to perform the following steps: the trusted chip checks whether the BMC and the configuration strategy tool are credible; if the result of the check is that the BMC and the configuration strategy tool are credible, The trust chip reports the trustworthiness of the BMC and the configuration strategy tool to the remote control center; the trust chip obtains the trustworthy policy from the BMC, and the remote control center has issued the trustworthy policy to the BMC through the configuration policy tool.

Optionally, the above-mentioned processor may also execute the program code of the following steps: the trusted chip verifies whether the BMC and the configuration policy tool are trustworthy, including: the trusted chip verifies the legitimacy of the BMC and the configuration policy tool, and measures the BMC and the configuration policy tool When verifying the legitimacy of the BMC and the configuration policy tool, and measuring the integrity of the BMC and the configuration policy tool, the trusted chip determines that the BMC and the configuration policy tool are trustworthy.

Optionally, the above-mentioned processor may also execute the program code of the following steps: the trusted chip adopts a self-check strategy to perform self-check, and if the self-check passes, it is determined whether the BMC and the configuration strategy tool are credible.

Optionally, the above-mentioned processor may also execute the program code of the following steps: the trusted chip obtaining the trusted policy from the BMC includes: the trusted chip obtains the trusted policy package from the BMC, where the trusted policy package includes: using a remote control center The measured object in the trusted chip signed by the private key and the trusted policy with the measured object. Among them, the trusted policy package is encrypted with the EK public key of the trusted chip; the trusted chip is verified by the signature After the trusted policy package comes from the remote control center, the trusted policy package is decrypted using the EK private key of the trusted chip to obtain the trusted policy.

Optionally, the above-mentioned processor may also execute the program code of the following steps: after the trusted chip obtains the trusted policy from the BMC, it further includes: the trusted chip stores the trusted policy in a non-volatile storage space; According to the stored credibility policy, the chip sequentially measures the credibility of the measured objects in the credible trust chain, and starts the device when all the measurements pass.

The processor can call the information and application programs stored in the memory through the transmission device to execute the following steps: the remote management and control center receives the report of the trusted chip, where the report is used to inform the BMC that the BMC is trusted; the remote management and control center issues to the BMC Configure the policy request; the remote management and control center issues the trusted policy to the BMC through the policy configuration tool for the trusted chip to obtain the trusted policy from the BMC.

Optionally, the above-mentioned processor may also execute the program code of the following steps: before the remote management and control center issues the trusted policy to the BMC through the policy configuration tool, it further includes: the remote management and control center verifies the legitimacy and validity of the BMC and the configuration policy tool Integrity: After verifying the legitimacy and integrity of the BMC and the configuration policy tool, the remote control center determines to issue the trusted policy to the BMC through the policy configuration tool.

Optionally, the above-mentioned processor may also execute the program code of the following steps: the remote control center sends the trusted policy to the BMC through the policy configuration tool, including: the remote control center uses the remote control center's private key to pair the trusted chip The measurement object and the trusted policy corresponding to the measured object are signed, and the EK public key of the trusted chip is used to encrypt the measured object and the trusted policy to obtain the trusted policy package; the remote control center will issue the trusted policy package To BMC.

The processor can call the information and application programs stored in the memory through the transmission device to perform the following steps: in the case that the trusted chip determines that the BMC and the configuration strategy tool are credible, the BMC receives the configuration strategy request issued by the remote control center; BMC Verify that the remote management and control center and the configuration strategy tool are credible; in the case where the verification result is that the remote management and control center and the configuration strategy tool are credible, BMC receives the trusted policy issued by the remote management and control center through the configuration strategy tool; BMC will receive the credibility Trust strategy is provided to trusted chips.

Optionally, the above-mentioned processor may also execute the program code of the following steps: BMC verifies whether the remote control center and the configuration strategy tool are trustworthy, including: BMC verifies whether the remote control center is legal, and verifies the legitimacy and integrity of the configuration strategy tool; In the case where the verification result is that the remote control center is legal and the legitimacy and integrity of the configuration policy tool are passed, BMC determines that the remote control center and the configuration policy tool are credible.

The processor can call the information and application programs stored in the memory through the transmission device to perform the following steps: the trusted chip checks whether the BMC and the configuration strategy tool are credible; if the result of the check is that the BMC and the configuration strategy tool are credible, The letter chip reports to the remote management and control center that the BMC and configuration policy tools are credible; the remote management and control center issues a configuration policy request to the BMC; the BMC and the remote management and control center mutually verify the legitimacy of each other, and the BMC verifies whether the configuration policy tool is credible; in BMC When the remote control center is legal and the BMC verification configuration strategy tool is credible, the remote control center issues the trusted strategy to the BMC through the configuration strategy tool; the trusted chip obtains the trusted strategy from the BMC.

Optionally, the above-mentioned processor may also execute the program code of the following steps: the remote management and control center sends the trusted policy to the BMC through the configuration policy tool, including: the remote management and control center uses the private key of the remote management and control center to pair the trusted chip in the trusted chip The measurement object and the trusted policy corresponding to the measured object are signed, and the EK public key of the trusted chip is used to encrypt the measured object and the trusted policy to obtain the trusted policy package; the remote control center will issue the trusted policy package To BMC.

The processor can call the information and application programs stored in the memory through the transmission device to perform the following steps: the trusted chip checks whether the BMC and the configuration strategy tool are credible; if the result of the check is that the BMC and the configuration strategy tool are credible, The letter chip reports to the edge computing server that the BMC and the configuration policy tool are trustworthy; the edge computing server issues a configuration policy request to the BMC; the BMC and the edge computing server mutually check the legitimacy of each other, and the BMC checks whether the configuration policy tool is trustworthy; in the BMC When both the edge computing server and the edge computing server are legal and the BMC verification configuration policy tool is credible, the edge computing server sends the trusted policy to the BMC through the configuration policy tool; the trusted chip obtains the trusted policy from the BMC.

Those of ordinary skill in the art can understand that the computer terminal may also be a smart phone (such as an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, and a mobile Internet device (MID), PAD and other terminal devices. The embodiment of the present invention does not limit the structure of the above electronic device. For example, the aforementioned computer equipment may also include more or fewer components (such as a network interface, a display device, etc.), or have different configurations.

Those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above-mentioned embodiments can be completed by instructing the relevant hardware of the terminal device through a program. The program can be stored in a computer-readable storage medium, which can be Including: flash disk, read-only memory (Read-Only Memory, ROM), random access device (Random Access Memory, RAM), magnetic disk or optical disk, etc.

Example 7

The embodiment of the present invention also provides a storage medium. Optionally, in this embodiment, the above-mentioned storage medium may be used to store the program code corresponding to any data processing method provided in the above-mentioned embodiment 1, and when the program code is run by the processor, the processor is controlled to execute any of the above items. Data processing method.

Optionally, in this embodiment, the foregoing storage medium may be located in any computer terminal in a computer terminal group in a computer network, or located in any mobile terminal in a mobile terminal group.

Optionally, in this embodiment, the storage medium is set to store the program code used to perform the following steps: the trusted chip checks whether the BMC and the configuration policy tool are trustworthy; when the check result is that the BMC and the configuration policy tool are trustworthy In this case, the trusted chip reports to the remote management and control center that the BMC and the configuration policy tool are trusted; the trusted chip obtains the trusted policy from the BMC, and the remote management and control center has issued the trusted policy to the BMC through the configuration policy tool.

Optionally, in this embodiment, the storage medium is also set to store the program code used to perform the following steps: the trusted chip verifies whether the BMC and the configuration policy tool are trusted, including: the trusted chip verifies the BMC and the configuration policy tool Legitimacy, as well as measuring the integrity of BMC and configuration strategy tools; when verifying the legitimacy of BMC and configuration strategy tools, and measuring the integrity of BMC and configuration strategy tools, the trusted chip determines BMC and configuration strategy tools Credible.

Optionally, in this embodiment, the storage medium is also set to store program code for executing the following steps: the trusted chip adopts a self-check strategy to perform self-check, and if the self-check passes, it is determined to check the BMC and configuration Whether the strategy tool is credible.

Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: the trusted chip obtains the trusted policy from the BMC includes: the trusted chip obtains the trusted policy package from the BMC, where: The trusted policy package includes: the measured object in the trusted chip signed by the private key of the remote control center, and the trusted policy with the measured object. The trusted policy package uses the EK public key of the trusted chip. Encrypted; the trusted chip uses the EK private key of the trusted chip to decrypt the trusted policy package after verifying that the trusted policy package comes from the remote control center through the signature to obtain the trusted policy.

Optionally, in this embodiment, the storage medium is further configured to store program code for executing the following steps: after the trusted chip obtains the trusted policy from the BMC, it further includes: the trusted chip stores the trusted policy in In a non-volatile storage space; the trusted chip sequentially measures the credibility of the measured object in the trusted trust chain according to the stored credibility policy, and starts the device when the metrics pass.

Optionally, in this embodiment, the storage medium is set to store the program code used to perform the following steps: the remote management and control center receives a report from the trusted chip, where the report is used to inform that the BMC is trusted; the remote management and control center A configuration policy request is issued to the BMC; the remote management and control center issues a trusted policy to the BMC through a policy configuration tool for the trusted chip to obtain the trusted policy from the BMC.

Optionally, in this embodiment, the storage medium is also set to store program code for executing the following steps: before the remote management and control center issues the trusted policy to the BMC through the policy configuration tool, it also includes: the remote management and control center Verify the legitimacy and integrity of the BMC and the configuration strategy tool; the remote management and control center determines to issue the trusted policy to the BMC through the strategy configuration tool after verifying the legitimacy and integrity of the BMC and the configuration strategy tool.

Optionally, in this embodiment, the storage medium is also set to store program code for executing the following steps: the remote control center sends the trusted policy to the BMC through the policy configuration tool, including: the remote control center adopts the remote control center The private key in the trusted chip signs the measured object in the trusted chip and the trusted policy corresponding to the measured object, and uses the EK public key of the trusted chip to encrypt the measured object and the trusted policy to obtain the trusted policy package; The remote control center delivers the trusted policy package to BMC.

Optionally, in this embodiment, the storage medium is set to store the program code used to perform the following steps: in the case where the trusted chip determines that the BMC and the configuration policy tool are trusted, the BMC receives the configuration issued by the remote control center Policy request; BMC checks whether the remote control center and the configuration strategy tool are credible; in the case where the test result is that the remote control center and the configuration strategy tool are credible, BMC receives the trusted policy issued by the remote control center through the configuration strategy tool; BMC Provide the received trusted policy to the trusted chip.

Optionally, in this embodiment, the storage medium is also set to store the program code used to perform the following steps: BMC verifies whether the remote control center and the configuration strategy tool are trustworthy, including: BMC verifies whether the remote control center is legal, and verifies The legitimacy and integrity of the configuration strategy tool; when the verification result is that the remote control center is legal and the legitimacy and integrity of the configuration strategy tool pass, BMC determines that the remote control center and the configuration strategy tool are credible.

Optionally, in this embodiment, the storage medium is set to store the program code used to perform the following steps: the trusted chip checks whether the BMC and the configuration policy tool are trustworthy; when the check result is that the BMC and the configuration policy tool are trustworthy In this case, the trusted chip reports to the remote control center that the BMC and configuration policy tools are credible; the remote control center issues a configuration policy request to the BMC; the BMC and the remote control center mutually check the legitimacy of each other, and the BMC verifies whether the configuration policy tool is available When the BMC and the remote control center are legal, and the BMC verification configuration strategy tool is credible, the remote control center sends the trusted strategy to the BMC through the configuration strategy tool; the trusted chip obtains the trusted strategy from the BMC.

Optionally, in this embodiment, the storage medium is also set to store the program code used to perform the following steps: the remote control center sends the trusted policy to the BMC through the configuration policy tool, including: the remote control center adopts the remote control center The private key of the trusted chip signs the measured object in the trusted chip and the trusted policy corresponding to the measured object, and uses the EK public key of the trusted chip to encrypt the measured object and the trusted policy to obtain the trusted policy package; The remote control center delivers the trusted policy package to BMC.

Optionally, in this embodiment, the storage medium is also set to store the program code used to perform the following steps: the trusted chip verifies whether the BMC and the configuration policy tool are trustworthy; the check result is that the BMC and the configuration policy tool are trustworthy In the case of, the trusted chip reports to the edge computing server that the BMC and the configuration policy tool are trustworthy; the edge computing server sends a configuration policy request to the BMC; the BMC and the edge computing server mutually check the legitimacy of each other, and the BMC checks whether the configuration policy tool is Trustworthy; when the BMC and the edge computing server are legal, and the BMC verification configuration policy tool is credible, the edge computing server sends the trusted policy to the BMC through the configuration policy tool; the trusted chip obtains the trusted policy from the BMC.

Example 8

In the embodiment of the present invention, a data processing system is also provided. The data processing system at least includes a trusted chip, a BMC, and a remote control center. The data processing system can be used to implement but is not limited to the content disclosed in the present invention. FIG. 15 is a schematic diagram of a data processing system according to Embodiment 8 of the present invention applied to a security strategy for controlling household appliances. As shown in FIG. 15, this application scenario includes mobile terminals and household appliances, and the household appliances are provided with The trusted chip and BMC, the mobile terminal is set as the remote control center, and the mobile terminal can be used as the remote control center to control the security policies of all household appliances. There can be one or more household appliances and mobile terminals. For example, one mobile terminal can control the security policy of at least one household appliance, or multiple mobile terminals can control the security policy of one household appliance. Of course, it can also be other combinations, which will not be repeated here. Through the above methods, the interaction between the mobile terminal and the household appliance can be realized, thereby ensuring the security of configuring the trusted policy. Moreover, after the trusted policy is configured, the device can be started only once, which can ensure business continuity. effect. It should be noted that household appliances can be air conditioners, refrigerators, TVs, etc., and mobile terminals can be mobile devices such as smart phones, tablet computers, etc. In the specific implementation process, the aforementioned household appliances and mobile terminals depend on the application scenario, and are not It is not limited to those listed above. In addition, the above-mentioned mobile terminal can also monitor the acquisition process of the trusted policy before the home appliance is started. For example, the mobile terminal can display the management and control execution process of the security policy of the household appliance and various information appearing in the process, and the security policy of the household appliance can be configured manually or automatically according to the display of the mobile terminal.

The sequence numbers of the foregoing embodiments of the present invention are only for description, and do not represent the superiority of the embodiments.

In the above-mentioned embodiments of the present invention, the description of each embodiment has its own focus. For parts that are not described in detail in an embodiment, reference may be made to related descriptions of other embodiments.

In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. Among them, the device embodiments described above are merely illustrative, for example, the division of units is only a logical function division, and there may be other divisions in actual implementation, for example, multiple units or components can be combined or integrated into Another system, or some features can be ignored, or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, units or modules, and may be in electrical or other forms.

The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.

In addition, the functional units in the various embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.

If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present invention essentially or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , Including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage media include: U disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk or optical disk and other media that can store program code .

The above are only the preferred embodiments of the present invention. It should be pointed out that for those of ordinary skill in the art, without departing from the principle of the present invention, several improvements and modifications can be made, and these improvements and modifications are also It should be regarded as the protection scope of the present invention.

Claims

A data processing method, characterized by comprising:

The trusted chip verifies whether the baseboard management controller BMC and configuration strategy tool are trusted;

In a case where the verification result is that the BMC and the configuration policy tool are credible, the trusted chip reports that the BMC and the configuration policy tool are credible to the remote management and control center;

The trusted chip obtains the trusted policy from the BMC, where the remote control center has issued the trusted policy to the BMC through the configuration policy tool.
The method according to claim 1, wherein the trusted chip checking whether the BMC and the configuration policy tool are trusted comprises:

The trusted chip verifies the legitimacy of the BMC and the configuration policy tool, and measures the integrity of the BMC and the configuration policy tool;

In the case of verifying the legitimacy of the BMC and the configuration policy tool, and measuring the integrity of the BMC and the configuration policy tool, the trusted chip determines the BMC and the configuration policy tool Credible.
The method according to claim 1, further comprising:

The trusted chip adopts a self-test strategy to perform self-test, and if the self-test passes, it is determined whether the BMC and the configuration strategy tool are trusted.
The method according to claim 1, wherein obtaining the trusted policy by the trusted chip from the BMC comprises:

The trusted chip obtains a trusted policy package from the BMC, where the trusted policy package includes: the measured object in the trusted chip signed with the private key of the remote control center, and the The trusted policy of the measurement object, wherein the trusted policy package is encrypted using the EK public key of the trusted chip;

The trusted chip uses the EK private key of the trusted chip to decrypt the trusted policy package to obtain the trusted policy after verifying that the trusted policy package comes from the remote control center through a signature.
The method according to any one of claims 1 to 4, wherein after the trusted chip obtains the trusted policy from the BMC, the method further comprises:

The trusted chip stores the trusted policy in a non-volatile storage space;

The trusted chip sequentially measures the credibility of the measured objects in the trusted trust chain according to the stored credibility policy, and starts the device when the metrics pass.
A data processing method, characterized by comprising:

The remote management and control center receives the report of the trusted chip, where the report is used to inform the BMC that the BMC is trusted;

The remote management and control center issues a configuration policy request to the BMC;

The remote management and control center issues a trusted policy to the BMC through a policy configuration tool for the trusted chip to obtain the trusted policy from the BMC.
The method according to claim 6, characterized in that, before the remote control center issues the trusted policy to the BMC through a policy configuration tool, the method further comprises:

The remote control center verifies the legitimacy and integrity of the BMC and the configuration policy tool;

The remote management and control center determines to issue a trusted policy to the BMC through the policy configuration tool after verifying the legitimacy and integrity of the BMC and the configuration policy tool.
The method according to claim 7, wherein the remote management and control center issuing a trusted policy to the BMC through a policy configuration tool comprises:

The remote control center uses the private key of the remote control center to sign the measured object in the trusted chip and the trusted policy corresponding to the measured object, and uses the EK public key of the trusted chip Encrypting the measured object and the trusted policy to obtain a trusted policy package;

The remote management and control center delivers the trusted policy package to the BMC.
A data processing method, characterized by comprising:

In the case where the trusted chip determines that the BMC and the configuration policy tool are trustworthy, the BMC receives the configuration policy request issued by the remote control center;

The BMC checks whether the remote control center and the configuration strategy tool are credible;

In the case where the verification result is that the remote management and control center and the configuration policy tool are credible, the BMC receives the trusted policy issued by the remote management and control center through the configuration policy tool;

The BMC provides the received trusted policy to the trusted chip.
The method according to claim 9, wherein the BMC checking whether the remote management control center and the configuration policy tool are trustworthy comprises:

The BMC verifies whether the remote management and control center is legal, and verifies the legality and integrity of the configuration policy tool;

In the case where the verification result is that the remote management control center is legal, and the legitimacy and integrity of the configuration policy tool are passed, the BMC determines that the remote management control center and the configuration policy tool are credible.
A data processing method, characterized by comprising:

The trusted chip checks whether the BMC and configuration strategy tools are trusted;

In a case where the verification result is that the BMC and the configuration policy tool are credible, the trusted chip reports that the BMC and the configuration policy tool are credible to the remote management and control center;

The remote management and control center issues a configuration policy request to the BMC;

The BMC and the remote control center mutually check the legitimacy of each other, and the BMC checks whether the configuration policy tool is credible;

In the case that the BMC and the remote control center are both legal, and the BMC verifies that the configuration policy tool is credible, the remote control center issues a trusted policy to the BMC through the configuration policy tool ；

The trusted chip obtains the trusted policy from the BMC.
The method according to claim 11, wherein the remote management and control center issuing a trusted policy to the BMC through the configuration policy tool comprises:

The remote control center uses the private key of the remote control center to sign the measured object in the trusted chip and the trusted policy corresponding to the measured object, and uses the EK public key of the trusted chip Encrypting the measured object and the trusted policy to obtain a trusted policy package;

The remote management and control center delivers the trusted policy package to the BMC.
A data processing method, characterized by comprising:

The trusted chip checks whether the BMC and configuration strategy tools are trusted;

In the case where the verification result is that the BMC and the configuration policy tool are credible, the trusted chip reports to the edge computing server that the BMC and the configuration policy tool are credible;

The edge computing server issues a configuration policy request to the BMC;

The BMC and the edge computing server mutually check the legitimacy of each other, and the BMC checks whether the configuration policy tool is credible;

In the case where the BMC and the edge computing server are both legal and the BMC verifies that the configuration policy tool is credible, the edge computing server delivers the trusted policy to the BMC through the configuration policy tool;

The trusted chip obtains a trusted policy from the BMC.
A data processing device, characterized in that it is applied to a trusted chip, and includes:

The first check module is used to check whether the BMC and configuration strategy tools are credible;

A reporting module, configured to report that the BMC and the configuration policy tool are trustworthy to the remote management and control center when the verification result is that the BMC and the configuration policy tool are trustworthy;

The first obtaining module is configured to obtain a trusted policy from the BMC, where the remote management and control center has issued the trusted policy to the BMC through a configuration policy tool.
A data processing device, characterized in that it is applied to a remote control center, and includes:

The first receiving module is configured to receive a report of the trusted chip, where the report is used to inform the BMC that the BMC is trusted;

The first issuing module is configured to issue a configuration policy request to the BMC;

The second issuing module is configured to issue a trusted policy to the BMC through a policy configuration tool, and is used for the trusted chip to obtain the trusted policy from the BMC.
A data processing device, characterized in that it is applied to BMC, and includes:

The second receiving module is used to receive the configuration policy request issued by the remote control center when the trusted chip determines that the BMC and the configuration policy tool are credible;

The second verification module is used to verify whether the remote control center and the configuration strategy tool are credible;

The third receiving module is used for the trusted policy issued by the remote management and control center through the configuration policy tool when the inspection result is that the remote management and control center and the configuration policy tool are credible;

A providing module is used to provide the received trusted policy to the trusted chip.
A data processing system, which is characterized by comprising: a trusted chip, a remote management and control center, a configuration strategy tool and a BMC, wherein,

The trusted chip is used to check whether the BMC and the configuration policy tool are credible, and report the BMC and the configuration to the remote management and control center if the check result is that the BMC and the configuration policy tool are credible Trustworthy strategic tools;

The remote management and control center is used to issue a configuration policy request to the BMC;

The BMC is used to mutually verify the legitimacy of the other party with the remote management and control center, and to verify whether the configuration policy tool is credible;

The remote control center is further configured to issue a trusted policy through the configuration policy tool when the BMC and the remote control center are both legal, and the BMC verifies that the configuration policy tool is trustworthy To the BMC;

The trusted chip is also used to obtain the trusted policy from the BMC.
A data processing system, which is characterized by comprising: a trusted chip, an edge computing server, a configuration strategy tool and a BMC, wherein,

The trusted chip is used to verify whether the BMC and the configuration policy tool are credible, and if the result of the check is that the BMC and the configuration policy tool are credible, report all data to the edge computing server. The BMC and the configuration strategy tool are credible;

The edge computing server is configured to issue a configuration policy request to the BMC;

The BMC is used to mutually check the legitimacy of the other party with the edge computing server, and the BMC checks whether the configuration policy tool is credible;

The edge computing server is configured to issue a trusted policy to the BMC through the configuration policy tool when the BMC and the edge computing server are both legal and the BMC verifies that the configuration policy tool is trusted;

The trusted chip is also used to obtain a trusted policy from the BMC.
A storage medium, wherein the storage medium stores a program, wherein when the program is run by a processor, the processor is controlled to execute the data processing method according to any one of claims 1 to 13.
A computer device characterized by comprising: a memory and a processor,

The memory stores a computer program;

The processor is configured to execute a computer program stored in the memory, and when the computer program is running, the processor executes the data processing method according to any one of claims 1 to 13.