WO2023147744A1 - Key state inspection method and apparatus, and device and medium - Google Patents

Key state inspection method and apparatus, and device and medium Download PDF

Info

Publication number
WO2023147744A1
WO2023147744A1 PCT/CN2022/139391 CN2022139391W WO2023147744A1 WO 2023147744 A1 WO2023147744 A1 WO 2023147744A1 CN 2022139391 W CN2022139391 W CN 2022139391W WO 2023147744 A1 WO2023147744 A1 WO 2023147744A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
characteristic value
state detection
target
detection method
Prior art date
Application number
PCT/CN2022/139391
Other languages
French (fr)
Chinese (zh)
Inventor
王治大
Original Assignee
浪潮(山东)计算机科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 浪潮(山东)计算机科技有限公司 filed Critical 浪潮(山东)计算机科技有限公司
Publication of WO2023147744A1 publication Critical patent/WO2023147744A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Definitions

  • the present application relates to the field of hardware maintenance, in particular to a key state detection method, device, equipment and medium.
  • the current key transfer method of the computing device is that the security card generates the key after the system is turned on for the first time, and passes the key to the BIOS (Basic Input Output System, that is, the basic input and output system), and the BIOS passes the key to the encryption chip, so that The encryption chip stores the key and uses the key to perform corresponding data encryption and decryption processing after the system is turned on.
  • BIOS Basic Input Output System
  • the encryption chip uses the invalid key to encrypt and decrypt the data and the data cannot be recovered; when the security card After the generated key is abnormal, the invalid key is transmitted to the encryption chip, causing the encryption chip to use the invalid key to encrypt and decrypt the corresponding data, resulting in data loss.
  • the purpose of this application is to provide a key state detection method, device, equipment and medium, which can detect the key state, improve the reliability of the encryption chip to obtain a legal key, and avoid data loss due to key failure. Lost situation.
  • the specific plan is as follows:
  • the present application discloses a key state detection method applied to a basic input and output system, including:
  • the third key is re-read from the security card, and the third key characteristic corresponding to the third key is calculated using a preset security encryption algorithm value;
  • the method before reading the first key stored in the encryption chip and calculating the first key characteristic value corresponding to the first key using a preset security encryption algorithm, the method further includes:
  • the first key and the second key are obtained from the security card, and then the characteristic value of the second key corresponding to the second key is calculated by using a preset security encryption algorithm;
  • the characteristic values of the first key and the second key are respectively stored in the encryption chip and the charged erasable programmable read-only memory.
  • calculating the characteristic value of the first key corresponding to the first key using a preset security encryption algorithm includes:
  • a first key feature value corresponding to the first key is calculated by using a message digest algorithm.
  • the characteristic value of the first key after judging whether the characteristic value of the first key is consistent with the characteristic value of the second key, it further includes:
  • the operating system is started, and the first key is determined as the target key, so that the encryption chip uses the target key to perform corresponding operations after the system is turned on. data encryption and decryption processing.
  • determining the legitimate target key based on a comparison result between the first key characteristic value, the second key characteristic value, and the third key characteristic value includes:
  • the characteristic value of the second key is the same as the characteristic value of the third key but different from the characteristic value of the first key, it is determined that the first key stored in the encryption chip is invalid, and the third key is determined as the target key;
  • the characteristic value of the first key is the same as the characteristic value of the third key but different from the characteristic value of the second key, it is determined that the characteristic value of the second key stored in the charged erasable programmable read-only memory is invalid, and the first The key is identified as the target key.
  • the method further includes:
  • the legal target key is determined based on the comparison result between the first key feature value, the second key feature value, and the third key feature value, so that the encryption chip can use the target key key after the system is powered on.
  • the corresponding data encryption and decryption processing is performed on the key, it also includes:
  • the first key characteristic value stored in the encryption chip, the second key characteristic value stored in the charged erasable programmable read-only memory, and the third key characteristic value read from the security card Perform periodic detection to detect whether the first key characteristic value, the second key characteristic value and the third key characteristic value are consistent;
  • the present application discloses a key state detection device, which is applied to a basic input and output system, including:
  • the first key calculation module is used to read the first key stored in the encryption chip, and calculate the first key characteristic value corresponding to the first key by using a preset security encryption algorithm;
  • the second key calculation module is used to obtain the second key characteristic value stored in the charged erasable programmable read-only memory
  • the first judging module is used to judge whether the characteristic value of the first key is consistent with the characteristic value of the second key
  • the third key calculation module is used to re-read the third key from the safety card if it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, and use a preset security encryption algorithm to calculate the third key and the third key.
  • the key state determination module is used to compare the first key characteristic value, the second key characteristic value and the third key characteristic value, determine the key state and the target key based on the comparison result, and compare the The system starts up so that the encryption chip can use the target key to process data on the mechanical hard disk.
  • an electronic device comprising:
  • a processor configured to execute a computer program to implement the steps of the aforementioned public key state detection method.
  • the present application discloses a computer-readable storage medium for storing a computer program; wherein, when the computer program is executed by a processor, the steps of the aforementioned public key state detection method are implemented.
  • the application first reads the first key stored in the encryption chip, and uses the preset security encryption algorithm to calculate the first key characteristic value corresponding to the first key; The second key characteristic value, and judge whether the first key characteristic value is consistent with the second key characteristic value; if it is judged that the first key characteristic value is inconsistent with the second key characteristic value, then read from the security card again Take the third key, and use the preset security encryption algorithm to calculate the third key characteristic value corresponding to the third key; based on the first key characteristic value, the second key characteristic value and the third key characteristic value The result of the comparison between them determines the legal target key, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing after the system is turned on.
  • the present application obtains the second key characteristic value stored in the charged erasable programmable read-only memory every time the application is turned on, and uses the second key characteristic value as a reference point to compare with the first key characteristic value. Contrast, to detect the state of the first key stored in the encryption chip, to prevent the encryption chip from directly using the invalid first key to encrypt and decrypt the corresponding data, and improve reliability; when the first key characteristic value and the second encryption key When the characteristic values of the key are inconsistent, the third key re-read from the security card is calculated using the preset security encryption algorithm to obtain the third key characteristic value, and based on the ratio of the first, second and third key characteristic values As a result, it is possible to determine the legal target key, reduce the probability of the encryption chip using an invalid key, and greatly avoid data loss caused by key invalidation.
  • Fig. 1 is a flow chart of a key state detection method disclosed in the present application
  • Fig. 2 is a flow chart of a specific key state detection method disclosed in the present application.
  • FIG. 3 is a flow chart of a specific key state detection method disclosed in the present application.
  • FIG. 4 is a flow chart of a specific key state detection method disclosed in the present application.
  • FIG. 5 is a schematic structural diagram of a key state detection device disclosed in the present application.
  • FIG. 6 is a schematic structural diagram of an electronic device disclosed in the present application.
  • the current key transfer method is that after the system is turned on for the first time, the security card generates a key and passes the key to the BIOS, and the BIOS passes the key to the encryption chip so that the encryption chip can store the key and use the key after the system is turned on Perform corresponding data encryption and decryption processing.
  • the security card transmits an invalid key to the encryption chip, or an abnormality in the encryption chip causes the stored key to become invalid, and finally leads to the use of the invalid key to encrypt and decrypt data. data loss scenarios.
  • the present application provides a corresponding key state detection scheme, which can detect the key state, improve the reliability of the encryption chip to obtain a legal key, and avoid data loss caused by key failure.
  • the embodiment of the present application discloses a key state detection method, which is applied to the basic input and output system, including:
  • Step S11 Read the first key stored in the encryption chip, and use the preset security encryption algorithm to calculate the first key characteristic value corresponding to the first key.
  • the encryption chip before reading the first key stored in the encryption chip, and calculating the first key characteristic value corresponding to the first key by using the preset security encryption algorithm, it also specifically includes: if the system is the first first boot, obtain the first key and the second key from the security card, and then use the preset security encryption algorithm to calculate the second key characteristic value corresponding to the second key; combine the first key and the second key The characteristic value of the key is saved to the encrypted chip and the electrically erasable programmable read-only memory (Electrically Erasable Programmable Read-Only Memory, namely EEPROM).
  • the electrically erasable programmable read-only memory Electrically erasable programmable read-only memory (Electrically Erasable Programmable Read-Only Memory, namely EEPROM).
  • Step S12 Obtain the characteristic value of the second key stored in the charged erasable programmable read-only memory, and judge whether the characteristic value of the first key is consistent with the characteristic value of the second key.
  • the encryption chip after determining whether the characteristic value of the first key is consistent with the characteristic value of the second key, it specifically further includes: if it is determined that the characteristic value of the first key is consistent with the characteristic value of the second key, Then start the operating system, and determine the first key as the target key, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing after the system is powered on.
  • Step S13 If it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, read the third key from the security card again, and use the preset security encryption algorithm to calculate the third key corresponding to the third key. Key characteristic value.
  • the characteristic value of the third key corresponding to the third key can be calculated using a preset security encryption algorithm, wherein the preset security encryption algorithm can be a symmetric encryption algorithm, an asymmetric encryption algorithm, a digest algorithm, a digital signature and any algorithm in the digital certificate.
  • the preset security encryption algorithm can be a symmetric encryption algorithm, an asymmetric encryption algorithm, a digest algorithm, a digital signature and any algorithm in the digital certificate.
  • Step S14 Determine the legitimate target key based on the comparison result between the first key characteristic value, the second key characteristic value and the third key characteristic value, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing.
  • the legal target key is determined according to the comparison result. If the comparison result shows that the characteristic value of the first key in the encryption chip is inconsistent with the characteristic value of the second key and the characteristic value of the third key, then Determine that the first key is invalid, and determine the third key as the target key and save it in the encryption chip, prompting that hardware maintenance is required; if the comparison result shows that the second key stored in the charged erasable programmable read-only memory If the eigenvalue is inconsistent with the eigenvalue of the first key and the eigenvalue of the third key, it is determined that the second key corresponding to the eigenvalue of the second key is invalid, and the first key is determined as the target key, and the third key is determined as the target key. The characteristic value of the key replaces the characteristic value of the invalid second key, and then prompts that hardware maintenance is required.
  • the application first reads the first key stored in the encryption chip, and uses the preset security encryption algorithm to calculate the first key characteristic value corresponding to the first key; The second key characteristic value, and judge whether the first key characteristic value is consistent with the second key characteristic value; if it is judged that the first key characteristic value is inconsistent with the second key characteristic value, then read from the security card again Take the third key, and use the preset security encryption algorithm to calculate the third key characteristic value corresponding to the third key; based on the first key characteristic value, the second key characteristic value and the third key characteristic value The result of the comparison between them determines the legal target key, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing after the system is turned on.
  • the present application obtains the second key characteristic value stored in the charged erasable programmable read-only memory every time the application is turned on, and uses the second key characteristic value as a reference point to compare with the first key characteristic value. Contrast, to detect the state of the first key stored in the encryption chip, to prevent the encryption chip from directly using the invalid first key to encrypt and decrypt the corresponding data, and improve reliability; when the first key characteristic value and the second encryption key When the characteristic values of the key are inconsistent, the third key re-read from the security card is calculated using the preset security encryption algorithm to obtain the third key characteristic value, and based on the ratio of the first, second and third key characteristic values As a result, it is possible to determine the legal target key, reduce the probability of the encryption chip using an invalid key, and greatly avoid data loss caused by key invalidation.
  • the embodiment of the present application discloses a specific key state detection method. Compared with the previous embodiment, this embodiment further explains and optimizes the technical solution. specific:
  • Step S21 Read the first key stored in the encryption chip, and calculate the first key feature value corresponding to the first key by using a preset security encryption algorithm.
  • Step S22 Obtain the characteristic value of the second key stored in the charged erasable programmable read-only memory, and judge whether the characteristic value of the first key is consistent with the characteristic value of the second key.
  • Step S23 If it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, read the third key from the security card again, and use the preset security encryption algorithm to calculate the third key corresponding to the third key. Key characteristic value.
  • Step S24 Based on the comparison results between the first key characteristic value, the second key characteristic value and the third key characteristic value, determine the invalid key and the legitimate target key, and replace the invalid key with the target key , so that the encryption chip uses the target key to perform corresponding data encryption and decryption processing after the system is turned on.
  • determining the legal target key based on a comparison result between the first key characteristic value, the second key characteristic value, and the third key characteristic value includes: determining the first key characteristic value, The characteristic value of the second key and the characteristic value of the third key are compared; if the characteristic value of the second key is the same as the characteristic value of the third key and different from the characteristic value of the first key, then it is determined that the value stored in the encryption chip is The first key is invalid, and the third key is determined as the target key; if the characteristic value of the first key is the same as the characteristic value of the third key, but different from the characteristic value of the second key, it is determined that the electrified erasable programmable The characteristic value of the second key stored in the read-only memory becomes invalid, and the first key is determined as the target key.
  • determining the first key as the target key it also includes: determining the key feature value corresponding to the target key as a new second key feature value and saving it to the charged Erasing the programmable read-only memory to replace the expired second key characteristic value in the charged erasable programmable read-only memory.
  • the present application determines that the characteristic value of the first key is inconsistent with the characteristic value of the second key, it detects the characteristic value of the first key and the characteristic value of the second key through the third key reacquired from the security card.
  • the state of the value is used to determine the key with the problem, which can effectively avoid the problem of abnormal data encryption and decryption due to the failure of the key, ensure data security to the maximum extent, and improve the design stability of the system.
  • the embodiment of the present application discloses a key state detection method, which is applied to the basic input and output system, including:
  • Step S31 Read the first key stored in the encryption chip, and use the message digest algorithm to calculate the first key characteristic value corresponding to the first key.
  • the message digest algorithm can be MD5 (Message-Digest Algorithm 5, message digest algorithm version 5), or a more secure algorithm.
  • Step S32 Obtain the characteristic value of the second key stored in the charged erasable programmable read-only memory, and judge whether the characteristic value of the first key is consistent with the characteristic value of the second key.
  • Step S33 If it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, read the third key from the security card again, and use the message digest algorithm to calculate the third key corresponding to the third key Eigenvalues.
  • Step S34 Determine the legal target key based on the comparison result between the first key characteristic value, the second key characteristic value and the third key characteristic value, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing.
  • the legal target key is determined based on the comparison result between the first key feature value, the second key feature value, and the third key feature value, so that the encryption chip can use the target key key after the system is powered on.
  • the encryption chip After performing the corresponding data encryption and decryption processing on the key, it also includes: based on the preset time interval, the feature value of the first key stored in the encryption chip, the feature value of the second key stored in the charged erasable programmable read-only memory, and from The third key characteristic value read in the security card is periodically detected to detect whether the first key characteristic value, the second key characteristic value and the third key characteristic value are consistent; if they are not consistent, the operating system The interface generates warning messages.
  • the BIOS For example, check whether the first key feature value, the second key feature value, and the third key feature value are consistent every 10 minutes.
  • the first key feature value is the same as the second key feature value, the third key feature value When they are all inconsistent, it is determined that the first key in the encryption chip is invalid, and the BIOS generates a warning message through the OS (Operating System Operating System) interface and sends it to the operating system to prompt the user that the encryption chip is abnormal, so that the user can replace the abnormal one in time. motherboard.
  • OS Operating System Operating System
  • the basic input and output system periodically checks whether the characteristic value of the first key, the characteristic value of the second key, and the characteristic value of the third key are consistent, so that the first and second , The abnormal state of the third key, and then prompts to replace the abnormal security card, encryption chip and charged erasable programmable read-only memory, effectively avoiding the situation that the data cannot be recovered due to key failure.
  • the BIOS obtains the first key and the second key from the security card, and then uses the MD5 algorithm to calculate the second key characteristic value corresponding to the second key; and the characteristic value of the second key are stored in the encrypted chip and the charged erasable programmable read-only memory (EEPROM) respectively.
  • the BIOS first reads the first key stored in the encryption chip, and uses the MD5 algorithm to calculate the first key characteristic value corresponding to the first key; The characteristic value of the second key, and judge whether the characteristic value of the first key is consistent with the characteristic value of the second key.
  • the operating system is booted, and the first key is determined as the target key, so that the encryption chip uses the target key to pair the machine with the target key after the system is powered on.
  • the corresponding data on the disk is encrypted and decrypted.
  • the third key is re-read from the security card, and the third key characteristic corresponding to the third key is calculated using a preset security encryption algorithm value; compare the characteristic value of the first key, the characteristic value of the second key and the characteristic value of the third key; if the characteristic value of the second key is the same as the characteristic value of the third key, the If the values are different, it is determined that the first key stored in the encryption chip is invalid, and the third key is determined as the target key; if the characteristic value of the first key is the same as the characteristic value of the third key, the characteristic If the values are different, it is determined that the second key characteristic value stored in the EEPROM is invalid, and the first key is determined as the target key, and then the key characteristic value corresponding to the target key is determined as the new second key characteristic value The value is saved to the EEPROM to replace the expired second key characteristic value in the EEPROM.
  • BIOS After the system is running normally, BIOS based on the preset time interval, the first key characteristic value stored in the encryption chip, the second key characteristic value stored in EEPROM and the third key characteristic value read from the security card Perform periodic detection to detect whether the first key characteristic value, the second key characteristic value and the third key characteristic value are consistent; if the third key characteristic value in the security card is consistent with the first key characteristic value, If the characteristic values of the second keys are inconsistent, a warning message is generated through the operating system interface to inform the user to replace the security card in time.
  • a key state detection device including:
  • the first key calculation module 11 is used to read the first key stored in the encryption chip, and calculate the first key characteristic value corresponding to the first key by using a preset security encryption algorithm;
  • the second key calculation module 12 is used to obtain the second key characteristic value stored in the charged erasable programmable read-only memory
  • the first judging module 13 is used to judge whether the characteristic value of the first key is consistent with the characteristic value of the second key;
  • the third key calculation module 14 is used to read the third key from the safety card again if it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, and use a preset security encryption algorithm to calculate the same key as the second key.
  • the characteristic value of the third key corresponding to the three keys;
  • the key state determination module 15 is used to compare the first key characteristic value, the second key characteristic value and the third key characteristic value, and determine the key state and the target key based on the comparison result, and Start the system so that the encryption chip can use the target key to process data on the mechanical hard disk.
  • the application first reads the first key stored in the encryption chip, and uses the preset security encryption algorithm to calculate the first key characteristic value corresponding to the first key; The second key characteristic value, and judge whether the first key characteristic value is consistent with the second key characteristic value; if it is judged that the first key characteristic value is inconsistent with the second key characteristic value, then read from the security card again Take the third key, and use the preset security encryption algorithm to calculate the third key characteristic value corresponding to the third key; based on the first key characteristic value, the second key characteristic value and the third key characteristic value The result of the comparison between them determines the legal target key, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing after the system is turned on.
  • the present application obtains the second key characteristic value stored in the charged erasable programmable read-only memory every time the application is turned on, and uses the second key characteristic value as a reference point to compare with the first key characteristic value. Contrast, to detect the state of the first key stored in the encryption chip, to prevent the encryption chip from directly using the invalid first key to encrypt and decrypt the corresponding data, and improve reliability; when the first key characteristic value and the second encryption key When the characteristic values of the key are inconsistent, the third key re-read from the security card is calculated using the preset security encryption algorithm to obtain the third key characteristic value, and based on the ratio of the first, second and third key characteristic values As a result, it is possible to determine the legal target key, reduce the probability of the encryption chip using an invalid key, and greatly avoid data loss caused by key invalidation.
  • the first key calculation module 11 includes:
  • the first key characteristic value calculation unit is configured to calculate the first key characteristic value corresponding to the first key by using a message digest algorithm.
  • the second key characteristic value calculation unit is used to obtain the first key and the second key from the safety card if the system is turned on for the first time, and then use the preset security encryption algorithm to calculate the value corresponding to the second key The second key characteristic value.
  • the saving unit is used to save the characteristic values of the first key and the second key in the encryption chip and the charged erasable programmable read-only memory respectively.
  • the first judging module 13 includes:
  • the judging result consistent processing unit is used to start the operating system if it is determined that the characteristic value of the first key is consistent with the characteristic value of the second key, and determine the first key as the target key, so that the encryption chip can be used in the system After starting up, use the target key to perform corresponding data encryption and decryption processing.
  • the key state determination module 15 includes:
  • the comparing unit is used for comparing the characteristic value of the first key, the characteristic value of the second key and the characteristic value of the third key.
  • the first comparison processing unit is used to determine that the first key stored in the encryption chip is invalid if the characteristic value of the second key is the same as the characteristic value of the third key and different from the characteristic value of the first key, and the second key is stored in the encryption chip. Three keys are determined as target keys.
  • the second comparison processing unit is used to determine if the characteristic value of the first key and the characteristic value of the third key are the same and different from the characteristic value of the second key, then determine whether the second key stored in the charged erasable programmable read-only memory The characteristic value of the key is invalid, and the first key is determined as the target key.
  • the key characteristic value replacement unit is used to determine the key characteristic value corresponding to the target key as a new second key characteristic value and save it to the charged erasable programmable read-only memory to replace the charged erasable programmable read-only The expired second key characteristic value in memory.
  • the period detection unit is used to check the characteristic value of the first key stored in the encryption chip, the characteristic value of the second key stored in the charged erasable programmable read-only memory, and the characteristic value of the key read from the security card based on the preset time interval.
  • the characteristic value of the third key is checked periodically to detect whether the characteristic value of the first key, the characteristic value of the second key and the characteristic value of the third key are consistent.
  • the warning generating unit is configured to generate warning information through the operating system interface if inconsistent.
  • FIG. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the present application. Specifically, it may include: at least one processor 21 , at least one memory 22 , a power supply 23 , a communication interface 24 , an input/output interface 25 and a communication bus 26 .
  • the memory 22 is used to store a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the key state detection method performed by the computer device disclosed in any of the foregoing embodiments.
  • the power supply 23 is used to provide operating voltage for each hardware device on the computer device 20;
  • the communication interface 24 can create a data transmission channel between the computer device 20 and external devices, and the communication protocol it follows can be Any communication protocol applicable to the technical solution of the present application is not specifically limited here;
  • the input and output interface 25 is used to obtain external input data or output data to the external, and its specific interface type can be selected according to specific application needs. This is not specifically limited.
  • the processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like.
  • Processor 21 can adopt at least one hardware form in DSP (Digital Signal Processing, digital signal processing), FPGA (Field-Programmable Gate Array, field programmable gate array), PLA (Programmable Logic Array, programmable logic array) accomplish.
  • Processor 21 may also include a main processor and a coprocessor, the main processor is a processor for processing data in a wake-up state, also called CPU (Central Processing Unit, central processing unit); the coprocessor is Low-power processor for processing data in standby state.
  • CPU Central Processing Unit
  • the coprocessor Low-power processor for processing data in standby state.
  • the processor 21 may be integrated with a GPU (Graphics Processing Unit, image processor), and the GPU is used for rendering and drawing the content that needs to be displayed on the display screen.
  • the processor 21 may also include an AI (Artificial Intelligence, artificial intelligence) processor, and the AI processor is used to process computing operations related to machine learning.
  • AI Artificial Intelligence, artificial intelligence
  • the memory 22, as a resource storage carrier can be a read-only memory, random access memory, magnetic disk or optical disk, etc., and the resources stored thereon include the operating system 221, computer program 222 and data 223, etc., and the storage method can be short-term storage or permanent storage.
  • the operating system 221 is used to manage and control each hardware device and computer program 222 on the computer device 20, so as to realize the operation and processing of the massive data 223 in the memory 22 by the processor 21, which can be Windows, Unix, Linux, etc.
  • the computer program 222 can further include computer programs that can be used to complete other specific tasks.
  • the data 223 may not only include data received by the computer device and transmitted from an external device, but may also include data collected by its own input and output interface 25 and the like.
  • the embodiment of the present application also discloses a storage medium, in which a computer program is stored, and when the computer program is loaded and executed by a processor, it can realize the key state detection process disclosed in any of the foregoing embodiments. Method steps.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed in the present application are a key state inspection method and apparatus, and a device and a medium, which are applied to the field of hardware maintenance. The method comprises: reading a first key, which is stored in an encryption chip, and calculating, by using a preset secure encryption algorithm, a first key feature value corresponding to the first key; acquiring a second key feature value, which is stored in an electrically erasable programmable read only memory, and determining whether the first key feature value is consistent with the second key feature value; if it is determined that the first key feature value is not consistent with the second key feature value, reading a third key from a secure card again, and calculating, by using the preset secure encryption algorithm, a third key feature value corresponding to the third key; determining a legitimate target key on the basis of a comparison result between the first key feature value, the second key feature value and the third key feature value, such that the encryption chip performs corresponding data encryption and decryption processing using the target key after a system is powered on. By means of the solution, key state inspection is realized, thereby greatly avoiding data loss caused by a key failure.

Description

密钥状态检测方法、装置、设备及介质Key state detection method, device, equipment and medium
相关申请的交叉引用Cross References to Related Applications
本申请要求于2022年02月07日提交中国专利局,申请号为202210115395.4,申请名称为“密钥状态检测方法、装置、设备及介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 202210115395.4 and the application name "key state detection method, device, equipment and medium" submitted to the China Patent Office on February 07, 2022, the entire contents of which are incorporated by reference in this application.
技术领域technical field
本申请涉及硬件维护领域,特别涉及密钥状态检测方法、装置、设备及介质。The present application relates to the field of hardware maintenance, in particular to a key state detection method, device, equipment and medium.
背景技术Background technique
计算设备当前密钥的传递方式是系统第一次开机后安全卡生成密钥,将密钥传递给BIOS(Basic Input Output System,即基本输入输出系统),BIOS将密钥传递给加密芯片,以便加密芯片将密钥存储并在系统开机后利用密钥进行相应的数据加解密处理。但在用户实际使用的过程中,往往有些意外情况出现,当加密芯片存储的密钥发生了变化,导致加密芯片使用失效的密钥对数据加解密处理而出现数据无法恢复的情况;当安全卡生成的密钥出现异常后,传递失效的密钥至加密芯片,导致加密芯片使用失效的密钥对相应的数据进行加解密处理而出现数据丢失的情况。The current key transfer method of the computing device is that the security card generates the key after the system is turned on for the first time, and passes the key to the BIOS (Basic Input Output System, that is, the basic input and output system), and the BIOS passes the key to the encryption chip, so that The encryption chip stores the key and uses the key to perform corresponding data encryption and decryption processing after the system is turned on. However, in the process of actual use by users, some accidents often occur. When the key stored in the encryption chip changes, the encryption chip uses the invalid key to encrypt and decrypt the data and the data cannot be recovered; when the security card After the generated key is abnormal, the invalid key is transmitted to the encryption chip, causing the encryption chip to use the invalid key to encrypt and decrypt the corresponding data, resulting in data loss.
发明内容Contents of the invention
有鉴于此,本申请的目的在于提供一种密钥状态检测方法、装置、设备及介质,能够检测密钥状态,提高加密芯片获取到合法密钥的可靠性,避免因密钥失效而引发数据丢失的情况。其具体方案如下:In view of this, the purpose of this application is to provide a key state detection method, device, equipment and medium, which can detect the key state, improve the reliability of the encryption chip to obtain a legal key, and avoid data loss due to key failure. Lost situation. The specific plan is as follows:
第一方面,本申请公开了一种密钥状态检测方法,应用于基本输入输出系统,包括:In the first aspect, the present application discloses a key state detection method applied to a basic input and output system, including:
读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出第一密钥对应的第一密钥特征值;Read the first key stored in the encryption chip, and calculate the first key characteristic value corresponding to the first key by using a preset security encryption algorithm;
获取带电可擦可编程只读存储器中存储的第二密钥特征值,并判断第一密钥特征值与第二密钥特征值是否一致;Obtaining the characteristic value of the second key stored in the charged erasable programmable read-only memory, and judging whether the characteristic value of the first key is consistent with the characteristic value of the second key;
如果判定第一密钥特征值与第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用预设安全加密算法计算与第三密钥对应的第三密钥特征值;If it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, the third key is re-read from the security card, and the third key characteristic corresponding to the third key is calculated using a preset security encryption algorithm value;
基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定合法的目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理。Determine the legitimate target key based on the comparison results between the first key feature value, the second key feature value, and the third key feature value, so that the encryption chip can use the target key to perform corresponding data encryption after the system is powered on. Decryption processing.
在一些实施例中,读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出第一密钥对应的第一密钥特征值之前,还包括:In some embodiments, before reading the first key stored in the encryption chip and calculating the first key characteristic value corresponding to the first key using a preset security encryption algorithm, the method further includes:
若系统为第一次开机,则从安全卡中获取第一密钥和第二密钥,然后利用预设安全加密算法算出与第二密钥对应的第二密钥特征值;If the system is turned on for the first time, the first key and the second key are obtained from the security card, and then the characteristic value of the second key corresponding to the second key is calculated by using a preset security encryption algorithm;
将第一密钥和第二密钥特征值分别保存至加密芯片和带电可擦可编程只读存储器。The characteristic values of the first key and the second key are respectively stored in the encryption chip and the charged erasable programmable read-only memory.
在一些实施例中,利用预设安全加密算法计算出第一密钥对应的第一密钥特征值,包括:In some embodiments, calculating the characteristic value of the first key corresponding to the first key using a preset security encryption algorithm includes:
利用消息摘要算法计算出第一密钥对应的第一密钥特征值。A first key feature value corresponding to the first key is calculated by using a message digest algorithm.
在一些实施例中,判断第一密钥特征值与第二密钥特征值是否一致之后,还包括:In some embodiments, after judging whether the characteristic value of the first key is consistent with the characteristic value of the second key, it further includes:
如果判定第一密钥特征值与第二密钥特征值一致,则对操作系统进行开机操作,并将第一密钥确定为目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理。If it is determined that the characteristic value of the first key is consistent with the characteristic value of the second key, then the operating system is started, and the first key is determined as the target key, so that the encryption chip uses the target key to perform corresponding operations after the system is turned on. data encryption and decryption processing.
在一些实施例中,基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定合法的目标密钥,包括:In some embodiments, determining the legitimate target key based on a comparison result between the first key characteristic value, the second key characteristic value, and the third key characteristic value includes:
对第一密钥特征值、第二密钥特征值以及第三密钥特征值的进行比对;Comparing the first key characteristic value, the second key characteristic value and the third key characteristic value;
若第二密钥特征值和第三密钥特征值相同,与第一密钥特征值不同,则判定加密芯片内存储的第一密钥失效,并将第三密钥确定为目标密钥;If the characteristic value of the second key is the same as the characteristic value of the third key but different from the characteristic value of the first key, it is determined that the first key stored in the encryption chip is invalid, and the third key is determined as the target key;
若第一密钥特征值和第三密钥特征值相同,与第二密钥特征值不同,则判定带电可擦可编程只读存储器内存储的第二密钥特征值失效,并将第一密钥确定为目标密钥。If the characteristic value of the first key is the same as the characteristic value of the third key but different from the characteristic value of the second key, it is determined that the characteristic value of the second key stored in the charged erasable programmable read-only memory is invalid, and the first The key is identified as the target key.
在一些实施例中,将第一密钥确定为目标密钥之后,还包括:In some embodiments, after determining the first key as the target key, the method further includes:
将与目标密钥对应的密钥特征值确定为新的第二密钥特征值保存至带电可擦可编程只读存储器,以替换带电可擦可编程只读存储器中已失效的第二密钥特征值。Determining the key characteristic value corresponding to the target key as a new second key characteristic value and saving it to the charged erasable programmable read-only memory to replace the expired second key in the charged erasable programmable read-only memory Eigenvalues.
在一些实施例中,基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定合法的目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理之后还包括:In some embodiments, the legal target key is determined based on the comparison result between the first key feature value, the second key feature value, and the third key feature value, so that the encryption chip can use the target key key after the system is powered on. After the corresponding data encryption and decryption processing is performed on the key, it also includes:
基于预设时间间隔,对加密芯片中存储的第一密钥特征值、带电可擦可编程只读存储器中存储的第二密钥特征值以及从安全卡中读取的第三密钥特征值进行周期性的检测,以检测第一密钥特征值、第二密钥特征值以及第三密钥特征值是否一致;Based on the preset time interval, the first key characteristic value stored in the encryption chip, the second key characteristic value stored in the charged erasable programmable read-only memory, and the third key characteristic value read from the security card Perform periodic detection to detect whether the first key characteristic value, the second key characteristic value and the third key characteristic value are consistent;
如果不一致,则通过操作系统接口生成警告信息。If not, a warning message is generated via the operating system interface.
第二方面,本申请公开了一种密钥状态检测装置,应用于基本输入输出系统,包括:In the second aspect, the present application discloses a key state detection device, which is applied to a basic input and output system, including:
第一密钥计算模块,用于读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出第一密钥对应的第一密钥特征值;The first key calculation module is used to read the first key stored in the encryption chip, and calculate the first key characteristic value corresponding to the first key by using a preset security encryption algorithm;
第二密钥计算模块,用于获取带电可擦可编程只读存储器中存储的第二密钥特征值;The second key calculation module is used to obtain the second key characteristic value stored in the charged erasable programmable read-only memory;
第一判断模块,用于判断第一密钥特征值与第二密钥特征值是否一致;The first judging module is used to judge whether the characteristic value of the first key is consistent with the characteristic value of the second key;
第三密钥计算模块,用于如果判定第一密钥特征值与第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用预设安全加密算法计算与第三密钥对应的第三密钥特征值;The third key calculation module is used to re-read the third key from the safety card if it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, and use a preset security encryption algorithm to calculate the third key and the third key. The third key characteristic value corresponding to the key;
密钥状态确定模块,用于对第一密钥特征值、第二密钥特征值以及第三密钥特征值的进行比对,基于比对结果,确定密钥状态和目标密钥,并对系统进行开机,以便加密芯片利用目标密钥对机械硬盘进行数据处理。The key state determination module is used to compare the first key characteristic value, the second key characteristic value and the third key characteristic value, determine the key state and the target key based on the comparison result, and compare the The system starts up so that the encryption chip can use the target key to process data on the mechanical hard disk.
第三方面,本申请公开了一种电子设备,包括:In a third aspect, the present application discloses an electronic device, comprising:
存储器,用于保存计算机程序;memory for storing computer programs;
处理器,用于执行计算机程序,以实现前述公开的密钥状态检测方法的步骤。A processor, configured to execute a computer program to implement the steps of the aforementioned public key state detection method.
第四方面,本申请公开了一种计算机可读存储介质,用于存储计算机程序;其中,计算机程序被处理器执行时实现前述公开的密钥状态检测方法的步骤。In a fourth aspect, the present application discloses a computer-readable storage medium for storing a computer program; wherein, when the computer program is executed by a processor, the steps of the aforementioned public key state detection method are implemented.
可见,本申请首先读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出第一密钥对应的第一密钥特征值;获取带电可擦可编程只读存储器中存储的第二密钥特征值,并判断第一密钥特征值与第二密钥特征值是否一致;如果判定第一密钥特征值与第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用预设安全加密算法计算与第三密钥对应的第三密钥特征值;基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定合法的目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理。由此可见,本申请在每次开机时,获取带电可擦可编程只读存储器中存储的第二密钥特征值,并将第二密钥特征值作为参考点与第一密钥特征值进行对比,以检测加密芯片存储的第一密钥的状态,避免加密芯片直接使用失效的第一密钥对相应的数据进行加解密处理,提高可靠性;当第一密钥特征值与第二密钥特征值不一致时,则利用预设安全加密算法计算从安全卡中重新读取的第三密钥得到第三密钥特征值,并基于第一、第二、第三密钥特征值的比对结果,能够实现确定出合法的目标密钥,降低加密芯片使用失效密钥的几率,极大的避免了因密钥失效而引发的数据丢失的情况。It can be seen that the application first reads the first key stored in the encryption chip, and uses the preset security encryption algorithm to calculate the first key characteristic value corresponding to the first key; The second key characteristic value, and judge whether the first key characteristic value is consistent with the second key characteristic value; if it is judged that the first key characteristic value is inconsistent with the second key characteristic value, then read from the security card again Take the third key, and use the preset security encryption algorithm to calculate the third key characteristic value corresponding to the third key; based on the first key characteristic value, the second key characteristic value and the third key characteristic value The result of the comparison between them determines the legal target key, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing after the system is turned on. It can be seen that the present application obtains the second key characteristic value stored in the charged erasable programmable read-only memory every time the application is turned on, and uses the second key characteristic value as a reference point to compare with the first key characteristic value. Contrast, to detect the state of the first key stored in the encryption chip, to prevent the encryption chip from directly using the invalid first key to encrypt and decrypt the corresponding data, and improve reliability; when the first key characteristic value and the second encryption key When the characteristic values of the key are inconsistent, the third key re-read from the security card is calculated using the preset security encryption algorithm to obtain the third key characteristic value, and based on the ratio of the first, second and third key characteristic values As a result, it is possible to determine the legal target key, reduce the probability of the encryption chip using an invalid key, and greatly avoid data loss caused by key invalidation.
附图说明Description of drawings
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only It is an embodiment of the present application, and those skilled in the art can also obtain other drawings according to the provided drawings without creative work.
图1为本申请公开的一种密钥状态检测方法流程图;Fig. 1 is a flow chart of a key state detection method disclosed in the present application;
图2为本申请公开的一种具体的密钥状态检测方法流程图;Fig. 2 is a flow chart of a specific key state detection method disclosed in the present application;
图3为本申请公开的一种具体的密钥状态检测方法流程图;FIG. 3 is a flow chart of a specific key state detection method disclosed in the present application;
图4为本申请公开的一种具体的密钥状态检测方法流程图;FIG. 4 is a flow chart of a specific key state detection method disclosed in the present application;
图5为本申请公开的一种密钥状态检测装置结构示意图;FIG. 5 is a schematic structural diagram of a key state detection device disclosed in the present application;
图6为本申请公开的一种电子设备的结构示意图。FIG. 6 is a schematic structural diagram of an electronic device disclosed in the present application.
具体实施方式Detailed ways
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.
当前密钥的传递方式是系统第一次开机后安全卡生成密钥,将密钥传递给BIOS,BIOS将密钥传递给加密芯片,以便加密芯片将密钥存储并在系统开机后利用密钥进行相应的数据加解密处理。但在用户实际使用的过程中,可能会出现安全卡传递失效的密钥给加密芯片,或加密芯片出现异常导致存储的密钥失效,最后导致使用失效的密钥对数据进行加解密处理而出现数据丢失的情况。The current key transfer method is that after the system is turned on for the first time, the security card generates a key and passes the key to the BIOS, and the BIOS passes the key to the encryption chip so that the encryption chip can store the key and use the key after the system is turned on Perform corresponding data encryption and decryption processing. However, in the process of actual use by the user, it may happen that the security card transmits an invalid key to the encryption chip, or an abnormality in the encryption chip causes the stored key to become invalid, and finally leads to the use of the invalid key to encrypt and decrypt data. data loss scenarios.
为此,本申请相应地提供了一种密钥状态检测方案,能够检测密钥状态,提高加密芯片获取到合法密钥的可靠性,避免因密钥失效而引发数据丢失的情况。For this reason, the present application provides a corresponding key state detection scheme, which can detect the key state, improve the reliability of the encryption chip to obtain a legal key, and avoid data loss caused by key failure.
参见图1所示,本申请实施例公开了一种密钥状态检测方法,应用于基本输入输出系统,包括:Referring to Figure 1, the embodiment of the present application discloses a key state detection method, which is applied to the basic input and output system, including:
步骤S11:读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出第一密钥对应的第一密钥特征值。Step S11: Read the first key stored in the encryption chip, and use the preset security encryption algorithm to calculate the first key characteristic value corresponding to the first key.
在一些实施例中,读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出第一密钥对应的第一密钥特征值之前,具体还包括:若系统为第一次开机,则从安全卡中获取第一密钥和第二密钥,然后利用预设安全加密算法算出与第二密钥对应的第二密钥特征值;将第一密钥和第二密钥特征值分别保存至加密芯片和带电可擦可编程只读存储器(Electrically Erasable Programmable Read-Only Memory,即EEPROM)。In some embodiments, before reading the first key stored in the encryption chip, and calculating the first key characteristic value corresponding to the first key by using the preset security encryption algorithm, it also specifically includes: if the system is the first first boot, obtain the first key and the second key from the security card, and then use the preset security encryption algorithm to calculate the second key characteristic value corresponding to the second key; combine the first key and the second key The characteristic value of the key is saved to the encrypted chip and the electrically erasable programmable read-only memory (Electrically Erasable Programmable Read-Only Memory, namely EEPROM).
步骤S12:获取带电可擦可编程只读存储器中存储的第二密钥特征值,并判断第一密钥特征值与第二密钥特征值是否一致。Step S12: Obtain the characteristic value of the second key stored in the charged erasable programmable read-only memory, and judge whether the characteristic value of the first key is consistent with the characteristic value of the second key.
可以理解的是,在一些实施例中,判断第一密钥特征值与第二密钥特征值是否一致之后,具体还包括:如果判定第一密钥特征值与第二密钥特征值一致,则对操作系统进行开机操作,并将第一密钥确定为目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理。It can be understood that, in some embodiments, after determining whether the characteristic value of the first key is consistent with the characteristic value of the second key, it specifically further includes: if it is determined that the characteristic value of the first key is consistent with the characteristic value of the second key, Then start the operating system, and determine the first key as the target key, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing after the system is powered on.
步骤S13:如果判定第一密钥特征值与第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用预设安全加密算法计算与第三密钥对应的第三密钥特征值。Step S13: If it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, read the third key from the security card again, and use the preset security encryption algorithm to calculate the third key corresponding to the third key. Key characteristic value.
在一些实施例中,可以利用预设安全加密算法计算与第三密钥对应的第三密钥特征值,其中预设安全加密算法可为对称加密算法、非对称加密算法、摘要算法、数字签名和数字证书中任意一种算法。In some embodiments, the characteristic value of the third key corresponding to the third key can be calculated using a preset security encryption algorithm, wherein the preset security encryption algorithm can be a symmetric encryption algorithm, an asymmetric encryption algorithm, a digest algorithm, a digital signature and any algorithm in the digital certificate.
步骤S14:基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定合法的目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理。Step S14: Determine the legitimate target key based on the comparison result between the first key characteristic value, the second key characteristic value and the third key characteristic value, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing.
在一些实施例中,根据比对结果确定合法的目标密钥,如果比对结果显示为加密芯片中的第一密钥特征值与第二密钥特征值、第三密钥特征值不一致,则判定第一密钥失效,并将第三密钥确定为目标密钥保存至加密芯片中,提示需要进行硬件维护;如果比对结果显示带电可擦可编程只读存储器中存储的第二密钥特征值与第一密钥特征值、第三密钥特征值不一致,则判定与第二密钥特征值对应的第二密钥失效,并将第一密钥确定为目标密钥,将第三密钥特征值替换失效的第二密钥特征值,然后提示需要进行硬件维护。In some embodiments, the legal target key is determined according to the comparison result. If the comparison result shows that the characteristic value of the first key in the encryption chip is inconsistent with the characteristic value of the second key and the characteristic value of the third key, then Determine that the first key is invalid, and determine the third key as the target key and save it in the encryption chip, prompting that hardware maintenance is required; if the comparison result shows that the second key stored in the charged erasable programmable read-only memory If the eigenvalue is inconsistent with the eigenvalue of the first key and the eigenvalue of the third key, it is determined that the second key corresponding to the eigenvalue of the second key is invalid, and the first key is determined as the target key, and the third key is determined as the target key. The characteristic value of the key replaces the characteristic value of the invalid second key, and then prompts that hardware maintenance is required.
可见,本申请首先读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出第一密钥对应的第一密钥特征值;获取带电可擦可编程只读存储器中存储的第二密钥特征值,并判断第一密钥特征值与第二密钥特征值是否一致;如果判定第一密钥特征值与第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用预设安全加密算法计算与第三密钥对应的第三密钥特征值;基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定合法的目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理。由此可见,本申请在每次开机时,获取带电可擦可编程只读存储器中存储的第二密钥特征值,并将第二密钥特征值作为参考点与第一密钥特征值进行对比,以检测加密芯片存储的第一密钥的状态,避免加密芯片直接使用失效的第一密钥对相应的数据进行加解密处理,提高可靠性;当第一密钥特征值与第二密钥特征值不一致时,则利用预设安全加密算法 计算从安全卡中重新读取的第三密钥得到第三密钥特征值,并基于第一、第二、第三密钥特征值的比对结果,能够实现确定出合法的目标密钥,降低加密芯片使用失效密钥的几率,极大的避免了因密钥失效而引发的数据丢失的情况。It can be seen that the application first reads the first key stored in the encryption chip, and uses the preset security encryption algorithm to calculate the first key characteristic value corresponding to the first key; The second key characteristic value, and judge whether the first key characteristic value is consistent with the second key characteristic value; if it is judged that the first key characteristic value is inconsistent with the second key characteristic value, then read from the security card again Take the third key, and use the preset security encryption algorithm to calculate the third key characteristic value corresponding to the third key; based on the first key characteristic value, the second key characteristic value and the third key characteristic value The result of the comparison between them determines the legal target key, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing after the system is turned on. It can be seen that the present application obtains the second key characteristic value stored in the charged erasable programmable read-only memory every time the application is turned on, and uses the second key characteristic value as a reference point to compare with the first key characteristic value. Contrast, to detect the state of the first key stored in the encryption chip, to prevent the encryption chip from directly using the invalid first key to encrypt and decrypt the corresponding data, and improve reliability; when the first key characteristic value and the second encryption key When the characteristic values of the key are inconsistent, the third key re-read from the security card is calculated using the preset security encryption algorithm to obtain the third key characteristic value, and based on the ratio of the first, second and third key characteristic values As a result, it is possible to determine the legal target key, reduce the probability of the encryption chip using an invalid key, and greatly avoid data loss caused by key invalidation.
参见图2所示,本申请实施例公开了一种具体的密钥状态检测方法,相对于上一实施例,本实施例对技术方案作了进一步的说明和优化。具体的:Referring to FIG. 2 , the embodiment of the present application discloses a specific key state detection method. Compared with the previous embodiment, this embodiment further explains and optimizes the technical solution. specific:
步骤S21:读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出第一密钥对应的第一密钥特征值。Step S21: Read the first key stored in the encryption chip, and calculate the first key feature value corresponding to the first key by using a preset security encryption algorithm.
步骤S22:获取带电可擦可编程只读存储器中存储的第二密钥特征值,并判断第一密钥特征值与第二密钥特征值是否一致。Step S22: Obtain the characteristic value of the second key stored in the charged erasable programmable read-only memory, and judge whether the characteristic value of the first key is consistent with the characteristic value of the second key.
步骤S23:如果判定第一密钥特征值与第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用预设安全加密算法计算与第三密钥对应的第三密钥特征值。Step S23: If it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, read the third key from the security card again, and use the preset security encryption algorithm to calculate the third key corresponding to the third key. Key characteristic value.
步骤S24:基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定失效密钥以及合法的目标密钥,并将目标密钥替换失效密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理。Step S24: Based on the comparison results between the first key characteristic value, the second key characteristic value and the third key characteristic value, determine the invalid key and the legitimate target key, and replace the invalid key with the target key , so that the encryption chip uses the target key to perform corresponding data encryption and decryption processing after the system is turned on.
在一些实施例中,基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定合法的目标密钥,包括:对第一密钥特征值、第二密钥特征值以及第三密钥特征值的进行比对;若第二密钥特征值和第三密钥特征值相同,与第一密钥特征值不同,则判定加密芯片内存储的第一密钥失效,并将第三密钥确定为目标密钥;若第一密钥特征值和第三密钥特征值相同,与第二密钥特征值不同,则判定带电可擦可编程只读存储器内存储的第二密钥特征值失效,并将第一密钥确定为目标密钥。In some embodiments, determining the legal target key based on a comparison result between the first key characteristic value, the second key characteristic value, and the third key characteristic value includes: determining the first key characteristic value, The characteristic value of the second key and the characteristic value of the third key are compared; if the characteristic value of the second key is the same as the characteristic value of the third key and different from the characteristic value of the first key, then it is determined that the value stored in the encryption chip is The first key is invalid, and the third key is determined as the target key; if the characteristic value of the first key is the same as the characteristic value of the third key, but different from the characteristic value of the second key, it is determined that the electrified erasable programmable The characteristic value of the second key stored in the read-only memory becomes invalid, and the first key is determined as the target key.
可以理解的是,在一些实施例中将第一密钥确定为目标密钥之后,还包括:将与目标密钥对应的密钥特征值确定为新的第二密钥特征值保存至带电可擦可编程只读存储器,以替换带电可擦可编程只读存储器中已失效的第二密钥特征值。It can be understood that, in some embodiments, after determining the first key as the target key, it also includes: determining the key feature value corresponding to the target key as a new second key feature value and saving it to the charged Erasing the programmable read-only memory to replace the expired second key characteristic value in the charged erasable programmable read-only memory.
其中,关于上述步骤S21、S22以及S23更加具体的工作过程可以参考前述实施例中公开的相应内容,在此不再进行赘述。For the more specific working process of the above steps S21 , S22 and S23 , reference may be made to the corresponding content disclosed in the foregoing embodiments, which will not be repeated here.
由此可见,本申请在判定第一密钥特征值与第二密钥特征值不一致之后,通过从安全卡中重新获取的第三密钥,检测第一密钥特征值与第二密钥特征值的状态,以确定出存在问题的密钥,能够有效避免因为密钥出现失效情况导致对数据加解密异常的问题,最大限度的保证数据安全性,提升系统的设计稳定性。It can be seen that after the present application determines that the characteristic value of the first key is inconsistent with the characteristic value of the second key, it detects the characteristic value of the first key and the characteristic value of the second key through the third key reacquired from the security card. The state of the value is used to determine the key with the problem, which can effectively avoid the problem of abnormal data encryption and decryption due to the failure of the key, ensure data security to the maximum extent, and improve the design stability of the system.
参见图3所示,本申请实施例公开了一种密钥状态检测方法,应用于基本输入输出系统,包括:Referring to Figure 3, the embodiment of the present application discloses a key state detection method, which is applied to the basic input and output system, including:
步骤S31:读取加密芯片中存储的第一密钥,并利用消息摘要算法计算出第一密钥对应的第一密钥特征值。Step S31: Read the first key stored in the encryption chip, and use the message digest algorithm to calculate the first key characteristic value corresponding to the first key.
在一些实施例中,可以理解的是,消息摘要算法可以为MD5(Message-Digest Algorithm 5,消息摘要算法版本5),也可以为更加安全的算法。In some embodiments, it can be understood that the message digest algorithm can be MD5 (Message-Digest Algorithm 5, message digest algorithm version 5), or a more secure algorithm.
步骤S32:获取带电可擦可编程只读存储器中存储的第二密钥特征值,并判断第一密钥特征值与第二密钥特征值是否一致。Step S32: Obtain the characteristic value of the second key stored in the charged erasable programmable read-only memory, and judge whether the characteristic value of the first key is consistent with the characteristic value of the second key.
步骤S33:如果判定第一密钥特征值与第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用消息摘要算法计算与第三密钥对应的第三密钥特征值。Step S33: If it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, read the third key from the security card again, and use the message digest algorithm to calculate the third key corresponding to the third key Eigenvalues.
步骤S34:基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定合法的目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理。Step S34: Determine the legal target key based on the comparison result between the first key characteristic value, the second key characteristic value and the third key characteristic value, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing.
在一些实施例中,基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定合法的目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理之后还包括:基于预设时间间隔,对加密芯片中存储的第一密钥特征值、带电可擦可编程只读存储器中存储的第二密钥特征值以及从安全卡中读取的第三密钥特征值进行周期性的检测,以检测第一密钥特征值、第二密钥特征值以及第三密钥特征值是否一致;如果不一致,则通过操作系统接口生成警告信息。例如每隔10分钟检测第一密钥特征值、第二密钥特征值以及第三密钥特征值是否一致,当第一密钥特征值与第二密钥特征值、第三密钥特征值均不一致时,则判定加密芯片中的第一密钥为失效状态,BIOS通过OS(Operating System操作系统)接口生成警告信息,发送给操作系统,提示用户加密芯片发生异常,以便用户及时更换异常的主板。In some embodiments, the legal target key is determined based on the comparison result between the first key feature value, the second key feature value, and the third key feature value, so that the encryption chip can use the target key key after the system is powered on. After performing the corresponding data encryption and decryption processing on the key, it also includes: based on the preset time interval, the feature value of the first key stored in the encryption chip, the feature value of the second key stored in the charged erasable programmable read-only memory, and from The third key characteristic value read in the security card is periodically detected to detect whether the first key characteristic value, the second key characteristic value and the third key characteristic value are consistent; if they are not consistent, the operating system The interface generates warning messages. For example, check whether the first key feature value, the second key feature value, and the third key feature value are consistent every 10 minutes. When the first key feature value is the same as the second key feature value, the third key feature value When they are all inconsistent, it is determined that the first key in the encryption chip is invalid, and the BIOS generates a warning message through the OS (Operating System Operating System) interface and sends it to the operating system to prompt the user that the encryption chip is abnormal, so that the user can replace the abnormal one in time. motherboard.
其中,关于上述步骤S32、S33更加具体的工作过程可以参考前述实施例中公开的相应内容,在此不再进行赘述。Wherein, for the more specific working process of the above steps S32 and S33, reference may be made to the corresponding content disclosed in the foregoing embodiments, which will not be repeated here.
由此可见,本申请在系统正常运行后,基本输入输出系统周期性检测第一密钥特征值、第二密钥特征值以及第三密钥特征值是否一致,能够及时发现第一、第二、第三密钥异常状态,进而提示更换异常的安全卡、加密芯片以及带电可擦可编程只读存储器,有效避免因密钥失效而导致数据无法恢复的情况。It can be seen that, after the normal operation of the system in this application, the basic input and output system periodically checks whether the characteristic value of the first key, the characteristic value of the second key, and the characteristic value of the third key are consistent, so that the first and second , The abnormal state of the third key, and then prompts to replace the abnormal security card, encryption chip and charged erasable programmable read-only memory, effectively avoiding the situation that the data cannot be recovered due to key failure.
下面以图4为例,对本申请中的技术方案进行详细说明。若系统为第一次开机,则BIOS从安全卡中获取第一密钥和第二密钥,然后利用MD5算法计算出与第二密钥对应的第二密钥特征值;将第一密钥和第二密钥特征值分别保存至加密芯片和带电可擦可编程只读存储器(EEPROM)。在第二次开机及以后的每次开机时,BIOS首先读取加密芯片中存储的第一密钥,并利用MD5算法计算出第一密钥对应的第一密钥特征值;获取EEPROM中存储的第二密钥特征值,并判断第一密钥特征值与第二密钥特征值是否一致。如果判定第一密钥特征值与第二密钥特征值一致,则对操作系统进行开机操作,并将第一密钥确定为目标密钥,以便加密芯片在系统开机后利用目标密钥对机械盘中相应的数据进行加解密处理。如果判定第一密钥特征值与第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用预设安全加密算法计算与第三密钥对应的第三密钥特征值;对第一密钥特征值、第二密钥特征值以及第三密钥特征值的进行比对;若第二密钥特征值和第三密钥特征值相同,与第一密钥特征值不同,则判定加密芯片内存储的第一密钥失效,并将第三密钥确定为目标密钥;若第一密钥特征值和第三密钥特征值相同,与第二密钥特征值不同,则判定EEPROM内存储的第二密钥特征值失效,并将第一密钥确定为目标密钥,然后将与目标密钥对应的密钥特征值确定为新的第二密钥特征值保存至EEPROM,以替换EEPROM中已失效的第二密钥特征值。在系统正常运行之后,BIOS基于预设时间间隔,对加密芯片中存储的第一密钥特征值、EEPROM中存储的第二密钥特征值以及从安全卡中读取的第三密钥特征值进行周期性的检测,以检测第一密钥特征值、第二密钥特征值以及第三密钥特征值是否一致;如果安全卡中的第三密钥特征值与第一密钥特征值、第二密钥特征值均不一致,则通过操作系统接口生成警告信息,告知用户及时更换安全卡。The technical solution in the present application will be described in detail below by taking FIG. 4 as an example. If the system is turned on for the first time, the BIOS obtains the first key and the second key from the security card, and then uses the MD5 algorithm to calculate the second key characteristic value corresponding to the second key; and the characteristic value of the second key are stored in the encrypted chip and the charged erasable programmable read-only memory (EEPROM) respectively. When starting up for the second time and every subsequent time, the BIOS first reads the first key stored in the encryption chip, and uses the MD5 algorithm to calculate the first key characteristic value corresponding to the first key; The characteristic value of the second key, and judge whether the characteristic value of the first key is consistent with the characteristic value of the second key. If it is determined that the characteristic value of the first key is consistent with the characteristic value of the second key, then the operating system is booted, and the first key is determined as the target key, so that the encryption chip uses the target key to pair the machine with the target key after the system is powered on. The corresponding data on the disk is encrypted and decrypted. If it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, the third key is re-read from the security card, and the third key characteristic corresponding to the third key is calculated using a preset security encryption algorithm value; compare the characteristic value of the first key, the characteristic value of the second key and the characteristic value of the third key; if the characteristic value of the second key is the same as the characteristic value of the third key, the If the values are different, it is determined that the first key stored in the encryption chip is invalid, and the third key is determined as the target key; if the characteristic value of the first key is the same as the characteristic value of the third key, the characteristic If the values are different, it is determined that the second key characteristic value stored in the EEPROM is invalid, and the first key is determined as the target key, and then the key characteristic value corresponding to the target key is determined as the new second key characteristic value The value is saved to the EEPROM to replace the expired second key characteristic value in the EEPROM. After the system is running normally, BIOS based on the preset time interval, the first key characteristic value stored in the encryption chip, the second key characteristic value stored in EEPROM and the third key characteristic value read from the security card Perform periodic detection to detect whether the first key characteristic value, the second key characteristic value and the third key characteristic value are consistent; if the third key characteristic value in the security card is consistent with the first key characteristic value, If the characteristic values of the second keys are inconsistent, a warning message is generated through the operating system interface to inform the user to replace the security card in time.
参见图5所示,本申请实施例公开了一种密钥状态检测装置,包括:Referring to Figure 5, the embodiment of the present application discloses a key state detection device, including:
第一密钥计算模块11,用于读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出第一密钥对应的第一密钥特征值;The first key calculation module 11 is used to read the first key stored in the encryption chip, and calculate the first key characteristic value corresponding to the first key by using a preset security encryption algorithm;
第二密钥计算模块12,用于获取带电可擦可编程只读存储器中存储的第二密钥特征值;The second key calculation module 12 is used to obtain the second key characteristic value stored in the charged erasable programmable read-only memory;
第一判断模块13,用于判断第一密钥特征值与第二密钥特征值是否一致;The first judging module 13 is used to judge whether the characteristic value of the first key is consistent with the characteristic value of the second key;
第三密钥计算模块14,用于如果判定第一密钥特征值与第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用预设安全加密算法计算与第三密钥对应的第三密钥特征值;The third key calculation module 14 is used to read the third key from the safety card again if it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, and use a preset security encryption algorithm to calculate the same key as the second key. The characteristic value of the third key corresponding to the three keys;
密钥状态确定模块15,用于对第一密钥特征值、第二密钥特征值以及第三密钥特征值的进行比对,基于比对结果,确定密钥状态和目标密钥,并对系统进行开机,以便加密芯片利用目标密钥对机械硬盘进行数据处理。The key state determination module 15 is used to compare the first key characteristic value, the second key characteristic value and the third key characteristic value, and determine the key state and the target key based on the comparison result, and Start the system so that the encryption chip can use the target key to process data on the mechanical hard disk.
可见,本申请首先读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出第一密钥对应的第一密钥特征值;获取带电可擦可编程只读存储器中存储的第二密钥特征值,并判断第一密钥特征值与第二密钥特征值是否一致;如果判定第一密钥特征值与第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用预设安全加密算法计算与第三密钥对应的第三密钥特征值;基于第一密钥特征值、第二密钥特征值以及第三密钥特征值之间的比对结果确定合法的目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理。由此可见,本申请在每次开机时,获取带电可擦可编程只读存储器中存储的第二密钥特征值,并将第二密钥特征值作为参考点与第一密钥特征值进行对比,以检测加密芯片存储的第一密钥的状态,避免加密芯片直接使用失效的第一密钥对相应的数据进行加解密处理,提高可靠性;当第一密钥特征值与第二密钥特征值不一致时,则利用预设安全加密算法计算从安全卡中重新读取的第三密钥得到第三密钥特征值,并基于第一、第二、第三密钥特征值的比对结果,能够实现确定出合法的目标密钥,降低加密芯片使用失效密钥的几率,极大的避免了因密钥失效而引发的数据丢失的情况。It can be seen that the application first reads the first key stored in the encryption chip, and uses the preset security encryption algorithm to calculate the first key characteristic value corresponding to the first key; The second key characteristic value, and judge whether the first key characteristic value is consistent with the second key characteristic value; if it is judged that the first key characteristic value is inconsistent with the second key characteristic value, then read from the security card again Take the third key, and use the preset security encryption algorithm to calculate the third key characteristic value corresponding to the third key; based on the first key characteristic value, the second key characteristic value and the third key characteristic value The result of the comparison between them determines the legal target key, so that the encryption chip can use the target key to perform corresponding data encryption and decryption processing after the system is turned on. It can be seen that the present application obtains the second key characteristic value stored in the charged erasable programmable read-only memory every time the application is turned on, and uses the second key characteristic value as a reference point to compare with the first key characteristic value. Contrast, to detect the state of the first key stored in the encryption chip, to prevent the encryption chip from directly using the invalid first key to encrypt and decrypt the corresponding data, and improve reliability; when the first key characteristic value and the second encryption key When the characteristic values of the key are inconsistent, the third key re-read from the security card is calculated using the preset security encryption algorithm to obtain the third key characteristic value, and based on the ratio of the first, second and third key characteristic values As a result, it is possible to determine the legal target key, reduce the probability of the encryption chip using an invalid key, and greatly avoid data loss caused by key invalidation.
在一些具体实施例中,第一密钥计算模块11,包括:In some specific embodiments, the first key calculation module 11 includes:
第一密钥特征值计算单元,用于利用消息摘要算法计算出第一密钥对应的第一密钥特征值。The first key characteristic value calculation unit is configured to calculate the first key characteristic value corresponding to the first key by using a message digest algorithm.
第二密钥特征值计算单元,用于若系统为第一次开机,则从安全卡中获取第一密钥和第二密钥,然后利用预设安全加密算法算出与第二密钥对应的第二密钥特征值。The second key characteristic value calculation unit is used to obtain the first key and the second key from the safety card if the system is turned on for the first time, and then use the preset security encryption algorithm to calculate the value corresponding to the second key The second key characteristic value.
保存单元,用于将第一密钥和第二密钥特征值分别保存至加密芯片和带电可擦可编程只读存储器。The saving unit is used to save the characteristic values of the first key and the second key in the encryption chip and the charged erasable programmable read-only memory respectively.
在一些具体实施例中,第一判断模块13,包括:In some specific embodiments, the first judging module 13 includes:
判断结果一致处理单元,用于如果判定第一密钥特征值与第二密钥特征值一致,则对操作系统进行开机操作,并将第一密钥确定为目标密钥,以便加密芯片在系统开机后利用目标密钥进行相应的数据加解密处理。The judging result consistent processing unit is used to start the operating system if it is determined that the characteristic value of the first key is consistent with the characteristic value of the second key, and determine the first key as the target key, so that the encryption chip can be used in the system After starting up, use the target key to perform corresponding data encryption and decryption processing.
在一些具体实施例中,密钥状态确定模块15,包括:In some specific embodiments, the key state determination module 15 includes:
比对单元,用于对第一密钥特征值、第二密钥特征值以及第三密钥特征值的进行比对。The comparing unit is used for comparing the characteristic value of the first key, the characteristic value of the second key and the characteristic value of the third key.
第一比对处理单元,用于若第二密钥特征值和第三密钥特征值相同,与第一密钥特征值不同,则判定加密芯片内存储的第一密钥失效,并将第三密钥确定为目标密钥。The first comparison processing unit is used to determine that the first key stored in the encryption chip is invalid if the characteristic value of the second key is the same as the characteristic value of the third key and different from the characteristic value of the first key, and the second key is stored in the encryption chip. Three keys are determined as target keys.
第二比对处理单元,用于若第一密钥特征值和第三密钥特征值相同,与第二密钥特征值不同,则判定带电可擦可编程只读存储器内存储的第二密钥特征值失效,并将第一密钥确定为目标密钥。The second comparison processing unit is used to determine if the characteristic value of the first key and the characteristic value of the third key are the same and different from the characteristic value of the second key, then determine whether the second key stored in the charged erasable programmable read-only memory The characteristic value of the key is invalid, and the first key is determined as the target key.
密钥特征值替换单元,用于将与目标密钥对应的密钥特征值确定为新的第二密钥特征值保存至带电可擦可编程只读存储器,以替换带电可擦可编程只读存储器中已失效的第二密钥特征值。The key characteristic value replacement unit is used to determine the key characteristic value corresponding to the target key as a new second key characteristic value and save it to the charged erasable programmable read-only memory to replace the charged erasable programmable read-only The expired second key characteristic value in memory.
周期检测单元,用于基于预设时间间隔,对加密芯片中存储的第一密钥特征值、带电可擦可编程只读存储器中存储的第二密钥特征值以及从安全卡中读取的第三密钥特征值进行周期性的检测,以检测第一密钥特征值、第二密钥特征值以及第三密钥特征值是否一致。The period detection unit is used to check the characteristic value of the first key stored in the encryption chip, the characteristic value of the second key stored in the charged erasable programmable read-only memory, and the characteristic value of the key read from the security card based on the preset time interval. The characteristic value of the third key is checked periodically to detect whether the characteristic value of the first key, the characteristic value of the second key and the characteristic value of the third key are consistent.
警告生成单元,用于如果不一致,则通过操作系统接口生成警告信息。The warning generating unit is configured to generate warning information through the operating system interface if inconsistent.
图6为本申请实施例提供的一种电子设备的结构示意图。具体可以包括:至少一个处理器21、至少一个存储器22、电源23、通信接口24、输入输出接口25和通信总线26。其中,存储器22用于存储计算机程序,计算机程序由处理器21加载并执行,以实现前述任一实施例公开的由计算机设备执行的密钥状态检测方法中的相关步骤。FIG. 6 is a schematic structural diagram of an electronic device provided by an embodiment of the present application. Specifically, it may include: at least one processor 21 , at least one memory 22 , a power supply 23 , a communication interface 24 , an input/output interface 25 and a communication bus 26 . Wherein, the memory 22 is used to store a computer program, and the computer program is loaded and executed by the processor 21 to implement relevant steps in the key state detection method performed by the computer device disclosed in any of the foregoing embodiments.
在一些实施例中,电源23用于为计算机设备20上的各硬件设备提供工作电压;通信接口24能够为计算机设备20创建与外界设备之间的数据传输通道,其所遵循的通信协议是能够适用于本申请技术方案的任意通信协议,在此不对其进行具体限定;输入输出接口25,用于获取外界输入数据或向外界输出数据,其具体的接口类型可以根据具体应用需要进行选取,在此不进行具体限定。In some embodiments, the power supply 23 is used to provide operating voltage for each hardware device on the computer device 20; the communication interface 24 can create a data transmission channel between the computer device 20 and external devices, and the communication protocol it follows can be Any communication protocol applicable to the technical solution of the present application is not specifically limited here; the input and output interface 25 is used to obtain external input data or output data to the external, and its specific interface type can be selected according to specific application needs. This is not specifically limited.
其中,处理器21可以包括一个或多个处理核心,比如4核心处理器、8核心处理器等。处理器21可以采用DSP(Digital Signal Processing,数字信号处理)、FPGA(Field-Programmable Gate Array,现场可编程门阵列)、PLA(Programmable Logic Array,可编程逻辑阵列)中的至少一种硬件形式来实现。处理器21也可以包括主处理器和协处理器,主处理器是用于对在唤醒状态下的数据进行处理的处理器,也称CPU(Central Processing Unit,中央处理器);协处理器是用于对在待机状态下的数据进行处理的低功耗处理器。在一些实施例中,处理器21可以在集成有GPU(Graphics Processing Unit,图像处理器),GPU用于负责显示屏所需要显示的内容的渲染和绘制。一些实施例中,处理器21还可以包括AI(Artificial Intelligence,人工智能)处理器,该AI处理器用于处理有关机器学习的计算操作。Wherein, the processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. Processor 21 can adopt at least one hardware form in DSP (Digital Signal Processing, digital signal processing), FPGA (Field-Programmable Gate Array, field programmable gate array), PLA (Programmable Logic Array, programmable logic array) accomplish. Processor 21 may also include a main processor and a coprocessor, the main processor is a processor for processing data in a wake-up state, also called CPU (Central Processing Unit, central processing unit); the coprocessor is Low-power processor for processing data in standby state. In some embodiments, the processor 21 may be integrated with a GPU (Graphics Processing Unit, image processor), and the GPU is used for rendering and drawing the content that needs to be displayed on the display screen. In some embodiments, the processor 21 may also include an AI (Artificial Intelligence, artificial intelligence) processor, and the AI processor is used to process computing operations related to machine learning.
另外,存储器22作为资源存储的载体,可以是只读存储器、随机存储器、磁盘或者光盘等,其上所存储的资源包括操作系统221、计算机程序222及数据223等,存储方式可以是短暂存储或者永久存储。In addition, the memory 22, as a resource storage carrier, can be a read-only memory, random access memory, magnetic disk or optical disk, etc., and the resources stored thereon include the operating system 221, computer program 222 and data 223, etc., and the storage method can be short-term storage or permanent storage.
其中,操作系统221用于管理与控制计算机设备20上的各硬件设备以及计算机程序222,以实现处理器21对存储器22中海量数据223的运算与处理,其可以是Windows、Unix、Linux等。计算机程序222除了包括能够用于完成前述任一实施例公开的由计算机设备20执行的密钥状态检测方法的计算机程序之外,还可以进一步包括能够用于完成其他特 定工作的计算机程序。数据223除了可以包括计算机设备接收到的由外部设备传输进来的数据,也可以包括由自身输入输出接口25采集到的数据等。Among them, the operating system 221 is used to manage and control each hardware device and computer program 222 on the computer device 20, so as to realize the operation and processing of the massive data 223 in the memory 22 by the processor 21, which can be Windows, Unix, Linux, etc. In addition to computer programs 222 that can be used to complete the key state detection method performed by the computer device 20 disclosed in any of the foregoing embodiments, the computer program 222 can further include computer programs that can be used to complete other specific tasks. The data 223 may not only include data received by the computer device and transmitted from an external device, but may also include data collected by its own input and output interface 25 and the like.
进一步的,本申请实施例还公开了一种存储介质,存储介质中存储有计算机程序,计算机程序被处理器加载并执行时,实现前述任一实施例公开的由密钥状态检测过程中执行的方法步骤。Further, the embodiment of the present application also discloses a storage medium, in which a computer program is stored, and when the computer program is loaded and executed by a processor, it can realize the key state detection process disclosed in any of the foregoing embodiments. Method steps.
最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括要素的过程、方法、物品或者设备中还存在另外的相同要素。Finally, it should also be noted that in this text, relational terms such as first and second etc. are only used to distinguish one entity or operation from another, and do not necessarily require or imply that these entities or operations, any such actual relationship or order exists. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements of or also include elements inherent in such a process, method, article, or device. Without further limitations, an element defined by the phrase "comprising a ..." does not preclude the presence of additional identical elements in the process, method, article, or apparatus that includes the element.
以上对本申请所提供的一种密钥状态检测方法、装置、设备及介质进行了详细介绍,本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上,本说明书内容不应理解为对本申请的限制。A key state detection method, device, equipment, and medium provided by the application have been introduced in detail above. In this paper, specific examples have been used to illustrate the principle and implementation of the application. The description of the above embodiments is only for To help understand the method and its core idea of this application; at the same time, for those of ordinary skill in the art, according to the idea of this application, there will be changes in the specific implementation and scope of application. In summary, the content of this specification should not understood as a limitation of the application.

Claims (20)

  1. 一种密钥状态检测方法,其特征在于,应用于基本输入输出系统,包括:A key state detection method, characterized in that it is applied to a basic input and output system, comprising:
    读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出所述第一密钥对应的第一密钥特征值;Read the first key stored in the encryption chip, and use a preset security encryption algorithm to calculate the first key characteristic value corresponding to the first key;
    获取带电可擦可编程只读存储器中存储的第二密钥特征值,并判断所述第一密钥特征值与所述第二密钥特征值是否一致;Obtaining the second key characteristic value stored in the charged erasable programmable read-only memory, and judging whether the first key characteristic value is consistent with the second key characteristic value;
    如果判定所述第一密钥特征值与所述第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用所述预设安全加密算法计算与所述第三密钥对应的第三密钥特征值;If it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, then re-read the third key from the security card, and use the preset security encryption algorithm to calculate the third key. The third key characteristic value corresponding to the key;
    基于所述第一密钥特征值、所述第二密钥特征值以及所述第三密钥特征值之间的比对结果确定合法的目标密钥,以便所述加密芯片在系统开机后利用所述目标密钥进行相应的数据加解密处理。Based on the comparison result between the first key feature value, the second key feature value, and the third key feature value, determine the legal target key, so that the encryption chip can use the The target key performs corresponding data encryption and decryption processing.
  2. 根据权利要求1所述的密钥状态检测方法,其特征在于,所述读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出所述第一密钥对应的第一密钥特征值之前,还包括:The key state detection method according to claim 1, wherein the first key stored in the encryption chip is read, and the first key corresponding to the first key is calculated by using a preset security encryption algorithm. Before the key characteristic value, also include:
    若系统为第一次开机,则从安全卡中获取第一密钥和第二密钥,然后利用所述预设安全加密算法算出与所述第二密钥对应的第二密钥特征值;If the system is turned on for the first time, obtain the first key and the second key from the security card, and then use the preset security encryption algorithm to calculate the second key characteristic value corresponding to the second key;
    将所述第一密钥和所述第二密钥特征值分别保存至所述加密芯片和带电可擦可编程只读存储器。The feature values of the first key and the second key are respectively stored in the encryption chip and the charged erasable programmable read-only memory.
  3. 根据权利要求1所述的密钥状态检测方法,其特征在于,所述利用预设安全加密算法计算出所述第一密钥对应的第一密钥特征值,包括:The key state detection method according to claim 1, wherein the calculating the first key characteristic value corresponding to the first key by using a preset security encryption algorithm comprises:
    利用消息摘要算法计算出所述第一密钥对应的第一密钥特征值。A first key feature value corresponding to the first key is calculated by using a message digest algorithm.
  4. 根据权利要求3所述的密钥状态检测方法,其特征在于,所述消息摘要算法为MD5。The key state detection method according to claim 3, wherein the message digest algorithm is MD5.
  5. 根据权利要求1所述的密钥状态检测方法,其特征在于,所述判断所述第一密钥特征值与所述第二密钥特征值是否一致之后,还包括:The key state detection method according to claim 1, wherein after the judging whether the first key characteristic value is consistent with the second key characteristic value, further comprising:
    如果判定所述第一密钥特征值与所述第二密钥特征值一致,则对操作系统进行开机操作,并将所述第一密钥确定为目标密钥,以便所述加密芯片在系统开机后利用所述目标密钥进行相应的数据加解密处理。If it is determined that the characteristic value of the first key is consistent with the characteristic value of the second key, the operating system is started, and the first key is determined as the target key, so that the encryption chip can be used in the system After starting up, use the target key to perform corresponding data encryption and decryption processing.
  6. 根据权利要求1所述的密钥状态检测方法,其特征在于,所述基于所述第一密钥特征值、所述第二密钥特征值以及所述第三密钥特征值之间的比对结果确定合法的目标密钥,包括:The key state detection method according to claim 1, wherein the method based on the ratio between the first key characteristic value, the second key characteristic value and the third key characteristic value Identify legitimate target keys for the results, including:
    如果所述比对结果显示不一致,则判定所述第一密钥失效,并将所述第三密钥确定为所述目标密钥保存至所述加密芯片中,并提示需要进行硬件维护。If the comparison result shows inconsistency, it is determined that the first key is invalid, and the third key is determined as the target key and stored in the encryption chip, and a reminder is required for hardware maintenance.
  7. 根据权利要求1所述的密钥状态检测方法,其特征在于,所述基于所述第一密钥特征值、所述第二密钥特征值以及所述第三密钥特征值之间的比对结果确定合法的目标密钥,包括:The key state detection method according to claim 1, wherein the method based on the ratio between the first key characteristic value, the second key characteristic value and the third key characteristic value Identify legitimate target keys for the results, including:
    对所述第一密钥特征值、所述第二密钥特征值以及所述第三密钥特征值的进行比对;comparing the characteristic value of the first key, the characteristic value of the second key and the characteristic value of the third key;
    若所述第二密钥特征值和所述第三密钥特征值相同,与所述第一密钥特征值不同,则判定所述加密芯片内存储的所述第一密钥失效,并将所述第三密钥确定为目标密钥。If the characteristic value of the second key is the same as the characteristic value of the third key but different from the characteristic value of the first key, it is determined that the first key stored in the encryption chip is invalid, and The third key is determined as the target key.
  8. 根据权利要求7所述的密钥状态检测方法,其特征在于,所述对所述第一密钥特征值、所述第二密钥特征值以及所述第三密钥特征值的进行比对之后,还包括:The key state detection method according to claim 7, wherein said comparing said first key characteristic value, said second key characteristic value and said third key characteristic value After that, also include:
    若所述第一密钥特征值和所述第三密钥特征值相同,与所述第二密钥特征值不同,则判定所述带电可擦可编程只读存储器内存储的所述第二密钥特征值失效,并将所述第一密钥确定为所述目标密钥。If the characteristic value of the first key is the same as the characteristic value of the third key but different from the characteristic value of the second key, it is determined that the second key stored in the charged erasable programmable read-only memory The characteristic value of the key becomes invalid, and the first key is determined as the target key.
  9. 根据权利要求8所述的密钥状态检测方法,其特征在于,所述将所述第一密钥确定为所述目标密钥之后,还包括:The key state detection method according to claim 8, wherein after said determining the first key as the target key, further comprising:
    将所述第三密钥特征值替换失效的所述第二密钥特征值。replacing the invalid second key characteristic value with the third key characteristic value.
  10. 根据权利要求8所述的密钥状态检测方法,其特征在于,所述将所述第一密钥确定为所述目标密钥之后,还包括:The key state detection method according to claim 8, wherein after said determining the first key as the target key, further comprising:
    提示需要进行硬件维护。Indicates that hardware maintenance is required.
  11. 根据权利要求8所述的密钥状态检测方法,其特征在于,所述将所述第一密钥确定为所述目标密钥之后,还包括:The key state detection method according to claim 8, wherein after said determining the first key as the target key, further comprising:
    将与所述目标密钥对应的密钥特征值确定为新的所述第二密钥特征值保存至所述带电可擦可编程只读存储器,以替换所述带电可擦可编程只读存储器中已失效的所述第二密钥特征值。determining the key characteristic value corresponding to the target key as the new second key characteristic value and storing it in the charged erasable programmable read-only memory to replace the charged erasable programmable read-only memory The characteristic value of the second key that has expired in .
  12. 根据权利要求1至11任一项所述的密钥状态检测方法,其特征在于,所述基于所述第一密钥特征值、所述第二密钥特征值以及所述第三密钥特征值之间的比对结果确定合法的目标密钥,以便所述加密芯片在系统开机后利用所述目标密钥进行相应的数据加解密处理之后还包括:The key state detection method according to any one of claims 1 to 11, wherein the method based on the first key feature value, the second key feature value and the third key feature The comparison result between the values determines the legal target key, so that after the system is turned on, the encryption chip uses the target key to perform corresponding data encryption and decryption processing and further includes:
    基于预设时间间隔,对所述加密芯片中存储的所述第一密钥特征值、所述带电可擦可编程只读存储器中存储的所述第二密钥特征值以及从所述安全卡中读取的所述第三密钥特征值进行周期性的检测,以检测所述第一密钥特征值、所述第二密钥特征值以及所述第三密钥特征值是否一致;Based on a preset time interval, the first key feature value stored in the encryption chip, the second key feature value stored in the charged erasable programmable read-only memory, and the security card The characteristic value of the third key read in is periodically detected to detect whether the characteristic value of the first key, the characteristic value of the second key, and the characteristic value of the third key are consistent;
    如果不一致,则通过操作系统接口生成警告信息。If not, a warning message is generated via the operating system interface.
  13. 根据权利要求1至11任一项所述的密钥状态检测方法,其特征在于,所述利用预设安全加密算法计算出所述第一密钥对应的第一密钥特征值,包括:The key state detection method according to any one of claims 1 to 11, wherein the calculating the first key characteristic value corresponding to the first key using a preset security encryption algorithm includes:
    利用对称加密算法计算出所述第一密钥对应的第一密钥特征值。A symmetric encryption algorithm is used to calculate the first key characteristic value corresponding to the first key.
  14. 根据权利要求1至11任一项所述的密钥状态检测方法,其特征在于,所述利用预设安全加密算法计算出所述第一密钥对应的第一密钥特征值,包括:The key state detection method according to any one of claims 1 to 11, wherein the calculating the first key characteristic value corresponding to the first key using a preset security encryption algorithm includes:
    利用非对称加密算法计算出所述第一密钥对应的第一密钥特征值。A first key characteristic value corresponding to the first key is calculated by using an asymmetric encryption algorithm.
  15. 根据权利要求1至11任一项所述的密钥状态检测方法,其特征在于,所述利用预设安全加密算法计算出所述第一密钥对应的第一密钥特征值,包括:The key state detection method according to any one of claims 1 to 11, wherein the calculating the first key characteristic value corresponding to the first key using a preset security encryption algorithm includes:
    利用数字签名计算出所述第一密钥对应的第一密钥特征值。A first key feature value corresponding to the first key is calculated by using the digital signature.
  16. 根据权利要求1至11任一项所述的密钥状态检测方法,其特征在于,所述利用预设安全加密算法计算出所述第一密钥对应的第一密钥特征值,包括:The key state detection method according to any one of claims 1 to 11, wherein the calculating the first key characteristic value corresponding to the first key using a preset security encryption algorithm includes:
    利用数字证书计算出所述第一密钥对应的第一密钥特征值。A first key characteristic value corresponding to the first key is calculated by using the digital certificate.
  17. 一种密钥状态检测装置,其特征在于,应用于基本输入输出系统,包括:A key state detection device is characterized in that it is applied to a basic input and output system, comprising:
    第一密钥计算模块,用于读取加密芯片中存储的第一密钥,并利用预设安全加密算法计算出所述第一密钥对应的第一密钥特征值;The first key calculation module is used to read the first key stored in the encryption chip, and calculate the first key characteristic value corresponding to the first key by using a preset security encryption algorithm;
    第二密钥计算模块,用于获取带电可擦可编程只读存储器中存储的第二密钥特征值;The second key calculation module is used to obtain the second key characteristic value stored in the charged erasable programmable read-only memory;
    第一判断模块,用于判断所述第一密钥特征值与所述第二密钥特征值是否一致;A first judging module, configured to judge whether the characteristic value of the first key is consistent with the characteristic value of the second key;
    第三密钥计算模块,用于如果判定所述第一密钥特征值与所述第二密钥特征值不一致,则重新从安全卡中读取第三密钥,并利用所述预设安全加密算法计算与所述第三密钥对应的第三密钥特征值;The third key calculation module is configured to read the third key from the security card again if it is determined that the characteristic value of the first key is inconsistent with the characteristic value of the second key, and use the preset security An encryption algorithm calculates a third key characteristic value corresponding to the third key;
    密钥状态确定模块,用于对所述第一密钥特征值、所述第二密钥特征值以及所述第三密钥特征值的进行比对,基于比对结果,确定密钥状态和目标密钥,并对系统进行开机,以便所述加密芯片利用所述目标密钥对机械硬盘进行数据处理。A key state determination module, configured to compare the first key characteristic value, the second key characteristic value, and the third key characteristic value, and determine the key state and target key, and start the system, so that the encryption chip uses the target key to process data on the mechanical hard disk.
  18. 根据权利要求17所述的密钥状态检测装置,其特征在于,所述第一密钥计算模块,包括:The key state detection device according to claim 17, wherein the first key calculation module includes:
    第二密钥特征值计算单元,用于若系统为第一次开机,则从安全卡中获取第一密钥和第二密钥,然后利用所述预设安全加密算法算出与所述第二密钥对应的第二密钥特征值;The second key characteristic value calculation unit is used to obtain the first key and the second key from the security card if the system is turned on for the first time, and then use the preset security encryption algorithm to calculate the a second key characteristic value corresponding to the key;
    保存单元,用于将所述第一密钥和所述第二密钥特征值分别保存至所述加密芯片和带电可擦可编程只读存储器。A saving unit is configured to save the characteristic values of the first key and the second key in the encryption chip and the chargeable erasable programmable read-only memory, respectively.
  19. 一种电子设备,其特征在于,包括:An electronic device, characterized in that it comprises:
    存储器,用于保存计算机程序;memory for storing computer programs;
    处理器,用于执行所述计算机程序,以实现如权利要求1至16任一项所述的密钥状态检测方法的步骤。A processor, configured to execute the computer program, so as to realize the steps of the key state detection method according to any one of claims 1 to 16.
  20. 一种计算机可读存储介质,其特征在于,用于存储计算机程序;其中,所述计算机程序被处理器执行时实现如权利要求1至16任一项所述的密钥状态检测方法的步骤。A computer-readable storage medium, characterized by being used to store a computer program; wherein, when the computer program is executed by a processor, the steps of the key state detection method according to any one of claims 1 to 16 are realized.
PCT/CN2022/139391 2022-02-07 2022-12-15 Key state inspection method and apparatus, and device and medium WO2023147744A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210115395.4 2022-02-07
CN202210115395.4A CN114139221B (en) 2022-02-07 2022-02-07 Key state detection method, device, equipment and medium

Publications (1)

Publication Number Publication Date
WO2023147744A1 true WO2023147744A1 (en) 2023-08-10

Family

ID=80381858

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/139391 WO2023147744A1 (en) 2022-02-07 2022-12-15 Key state inspection method and apparatus, and device and medium

Country Status (2)

Country Link
CN (1) CN114139221B (en)
WO (1) WO2023147744A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114139221B (en) * 2022-02-07 2022-04-29 浪潮(山东)计算机科技有限公司 Key state detection method, device, equipment and medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109992981A (en) * 2019-04-10 2019-07-09 山东渔翁信息技术股份有限公司 A kind of key access method, device and system
CN113890728A (en) * 2021-08-27 2022-01-04 苏州浪潮智能科技有限公司 Key processing method, system, equipment and medium based on FPGA encryption card
US11223489B1 (en) * 2021-02-23 2022-01-11 Garantir LLC Advanced security control implementation of proxied cryptographic keys
CN114139221A (en) * 2022-02-07 2022-03-04 浪潮(山东)计算机科技有限公司 Key state detection method, device, equipment and medium

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000330783A (en) * 1999-05-20 2000-11-30 Nec Corp Software illegal copy prevention system and recording medium with software illegal copy prevention program recorded thereon
CN100490372C (en) * 2005-03-15 2009-05-20 联想(北京)有限公司 A method for backup and recovery of encryption key
US8811223B2 (en) * 2009-06-22 2014-08-19 Citrix Systems, Inc. Systems and methods for distributing crypto cards to multiple cores
CN110086607B (en) * 2019-03-13 2021-08-17 深圳壹账通智能科技有限公司 Method and device for rapidly switching deployment key, computer equipment and storage medium
CN111523129A (en) * 2020-04-09 2020-08-11 太原理工大学 TPM-based data leakage protection method
CN112000975B (en) * 2020-10-28 2021-02-09 湖南天琛信息科技有限公司 Key management system
CN113204775B (en) * 2021-04-29 2021-12-14 北京连山科技股份有限公司 Data security protection method and system
CN113434885B (en) * 2021-06-30 2022-12-09 湖南国科微电子股份有限公司 Key derivation method, device, equipment and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109992981A (en) * 2019-04-10 2019-07-09 山东渔翁信息技术股份有限公司 A kind of key access method, device and system
US11223489B1 (en) * 2021-02-23 2022-01-11 Garantir LLC Advanced security control implementation of proxied cryptographic keys
CN113890728A (en) * 2021-08-27 2022-01-04 苏州浪潮智能科技有限公司 Key processing method, system, equipment and medium based on FPGA encryption card
CN114139221A (en) * 2022-02-07 2022-03-04 浪潮(山东)计算机科技有限公司 Key state detection method, device, equipment and medium

Also Published As

Publication number Publication date
CN114139221B (en) 2022-04-29
CN114139221A (en) 2022-03-04

Similar Documents

Publication Publication Date Title
KR100692348B1 (en) Sleep protection
EP3098712B1 (en) Credible kernel starting method and device
US8375440B2 (en) Secure bait and switch resume
CN102509046B (en) The operating system effectively measured with the overall situation of dormancy support is started
US20030221114A1 (en) Authentication system and method
US20130081144A1 (en) Storage device and writing device
CN106022136B (en) The control method of information processing unit and the device
JP6391439B2 (en) Information processing apparatus, server apparatus, information processing system, control method, and computer program
Ling et al. Secure boot, trusted boot and remote attestation for ARM TrustZone-based IoT Nodes
CN103649964A (en) Secure hosted execution architecture
US11797715B2 (en) Erasing a cryptographic hem in a memory of a device in response to a change of an operating mode of the device
WO2023147744A1 (en) Key state inspection method and apparatus, and device and medium
JP2016144040A (en) Terminal, method and system for information processing
JP2015524128A (en) Network-based management of protected data sets
CN112835628A (en) Server operating system booting method, device, equipment and medium
KR20190033930A (en) Electronic device for encrypting security information and method for controlling thereof
CN111104363B (en) FPGA cloud platform using method, device, equipment and medium
US20200244461A1 (en) Data Processing Method and Apparatus
CN110362983B (en) Method and device for ensuring consistency of dual-domain system and electronic equipment
CN108228219B (en) Method and device for verifying BIOS validity during in-band refreshing of BIOS
CN112131612B (en) CF card data tamper-proof method, device, equipment and medium
US11971991B2 (en) Information processing apparatus, control method for controlling the same and storage medium
CN115086023B (en) Internet of things firmware protection method, device, equipment and medium
WO2023077610A1 (en) Data check method and apparatus, electronic device and computer readable storage medium
CN106528458B (en) Interface controller, substrate management controller and safety system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22924671

Country of ref document: EP

Kind code of ref document: A1