CN100464339C - Multiple compatibility credible accounting system and method - Google Patents
Multiple compatibility credible accounting system and method Download PDFInfo
- Publication number
- CN100464339C CN100464339C CNB200710098716XA CN200710098716A CN100464339C CN 100464339 C CN100464339 C CN 100464339C CN B200710098716X A CNB200710098716X A CN B200710098716XA CN 200710098716 A CN200710098716 A CN 200710098716A CN 100464339 C CN100464339 C CN 100464339C
- Authority
- CN
- China
- Prior art keywords
- trusted computing
- unit
- functional unit
- functional
- standard
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a dependable computing system and method with multi-compatibility. The system comprises at least one first dependable computing functional unit and at least one second dependable computing functional unit, and also comprises a dependable interface control unit for receiving the data flow of protocol order from the bus to transmit the same to the first dependable computing functional unit and/or the second, and carrying out different treatment for the data flow of protocol order dased on different protocol order word. The invention has the advantages of good compatibility and applicability, little resource and low cost.
Description
Technical field
The present invention relates to information security field, particularly, relate to the Trusted Computing field, particularly relate to a kind of credible accounting system and method with multiple compatibility.
Background technology
Have now and in the Trusted Computing field, have multiple Trusted Computing standard, most typical is international standard, be that (at present up-to-date is 1.2 editions (in October, 2003) for Trusted Computing Group, TCG) the standard implementation standard of the credible computing of Zhi Dinging by trusting the computing tissue.Simultaneously, also exist as China respectively serves Trusted Computing standard that manufacturer formulates etc.These standards had both existed similarity, also existed otherness simultaneously.
Existing TCG Trusted Computing standard is the open ISO of being organized to set up by TCG, this standard has a lot of othernesses with the Trusted Computing standard that China respectively serves manufacturer's formulation, algorithm difference such as the Trusted Computing standard, use RSA (R.Rirest, A.Sllalnlr and L.Adlemand three people exploitation) rivest, shamir, adelman in the TCG standard, AES (Advanced Encryption Standard) symmetric encipherment algorithm, SHA1 (Secure Hash Algorithm 1) HASH algorithm; And China respectively serves Trusted Computing standard use elliptic curve encryption algorithm (Elliptic Curves Cryptography, ECC) rivest, shamir, adelman, SMS4 symmetric encipherment algorithm, SCH HASH algorithm that manufacturer formulates.Simultaneously, communications protocol between the multiple standards is also different, causes this multiple standards can not be compatible, if promptly on certain security system, a plurality of credible accounting systems are installed, can only calculate by independent operating between then a plurality of trusted systems, each other can not be compatible, like this, a plurality of credible accounting systems occupy a lot of resources, can not well be adapted to different commercial applied environments, adaptability is very poor, and use cost is very high.
Summary of the invention
Problem to be solved of the present invention is to provide a kind of how compatible credible accounting system and method, and it has good compatibility and adaptability, and it is few to take resource, and cost is low.
Be a kind of how compatible credible accounting system of realizing that the object of the invention provides, comprise at least one first Trusted Computing functional unit and at least one second Trusted Computing functional unit, it is characterized in that, also comprise a credible interface control unit, be used for receiving the protocol command data stream that passes to the first Trusted Computing functional unit and/or the second Trusted Computing functional unit from bus interface, protocol command word according to different carries out different processing to the protocol command data stream.
Described credible interface control unit can comprise the reception transmitting element, and resolution unit is judged packaged unit, wherein:
Described reception transmitting element is used for receiving the protocol command data stream from bus, and the protocol command data stream is sent to the first Trusted Computing functional unit or the second Trusted Computing functional unit; Receive the result of the first Trusted Computing functional unit or the second Trusted Computing functional unit, and result is returned to bus;
Described resolution unit is used for obtaining different protocol data bags according to receiving the protocol command data stream that transmitting element receives, resolving, and obtains different command words according to different packets, and resolution data is sent to the judgement packaged unit;
Described judgement packaged unit, be used for according to resolution data, judge that this protocol command data stream sends to the first Trusted Computing functional unit or the second Trusted Computing functional unit, and according to judged result, resolution data is packed according to the first Trusted Computing functional unit standard or the second Trusted Computing functional unit standard format again, and send to the function corresponding unit by receiving transmitting element.
Described credible interface control unit can also comprise the functional configuration unit, is used for the functional mode of set handling protocol command data stream.
The functional mode of described functional configuration unit set handling protocol command data stream is the functional mode of the first Trusted Computing functional unit standard and/or the functional mode of the second Trusted Computing functional unit standard;
When the functional configuration unit was set to only move the functional mode of the first Trusted Computing functional unit standard, credible interface control unit will be not respond the request of the second Trusted Computing functional unit standard;
When the functional configuration unit was set to only move the functional mode of the second Trusted Computing functional unit standard, credible interface control unit will be not respond the request of the first Trusted Computing functional unit standard;
When the functional configuration unit is set to the functional mode of the functional mode of the first Trusted Computing functional unit standard of moving and the second Trusted Computing functional unit standard, both can the standard of the first Trusted Computing functional unit be responded, also can the standard of the second Trusted Computing functional unit be responded.
When the functional mode of described functional configuration unit set handling protocol command data stream is the functional mode of the functional mode of the first Trusted Computing functional unit standard and/or the second Trusted Computing functional unit standard, control by outer setting command, the functional configuration unit can be according to the request of outer setting command, return current functional configuration, and accept the outer setting command request, reset functional mode.
Described credible interface control unit, can further include data verification units, be used to receive transmitting element after bus reception protocol command data stream, verify whether this protocol command data stream is the data stream that sends to the first Trusted Computing functional unit or the second Trusted Computing functional unit, and after checking is passed through, give resolution unit the protocol command stream data transmission.
Described how compatible credible accounting system also comprises storage unit, is used for the data with the described first Trusted Computing functional unit and/or the second Trusted Computing functional unit, is stored in different storage areas respectively.
For realizing that the object of the invention also provides a kind of how compatible trusted computing method, comprise the following steps:
Steps A receives the protocol command data stream from external bus interface;
Step B resolves from the protocol command data stream and obtains the protocol data bag, obtains the command word of protocol command data stream from the protocol data bag;
Step C according to the command word of resolving, judges that this protocol command data stream sends to the first Trusted Computing functional unit or the second Trusted Computing functional unit, and according to judged result, carries out data processing;
Step D, the first Trusted Computing functional unit or the second Trusted Computing functional unit are handled the protocol command data flow data, and result is returned to bus by credible interface control unit, and credible interface control unit prepares to receive data again.
Also comprise the following steps: before the described steps A
Steps A ', the functional mode of set handling protocol command data stream.
Described how compatible trusted computing method also comprises the following steps:
By outer setting command control, the functional configuration unit can return current functional configuration according to the request of outer setting command, and accepts the outer setting command request, resets functional mode.
Also comprise the following steps: between described steps A and the step B
Whether authentication data flow is complete correct, if not, shows that then packet is incorrect, abandons and prepares to receive new data, forwards steps A to; Otherwise, forward step B to.
According to judged result, carry out data processing among the described step C, comprise the following steps:
Step C1, if be set to only move the functional mode of the first Trusted Computing functional unit standard, be the request of the second Trusted Computing profile in judgement after, then no longer packing is sent to the first Trusted Computing functional unit, directly Interrupt Process is also returned end; Otherwise, again according to the packing of the first Trusted Computing profile form, change resolution data over to step D;
Step C2, if be set to only move the functional mode of the second Trusted Computing functional unit standard, be the request of the first Trusted Computing profile in judgement after, then no longer packing is sent to the second Trusted Computing functional unit, directly Interrupt Process is also returned end; Otherwise, again according to the packing of the second Trusted Computing profile form, change resolution data over to step D;
Step C3, if be set to the functional mode of the first Trusted Computing functional unit standard of moving and the functional mode of the second Trusted Computing functional unit standard, after judging this protocol command request, according to different protocol command words, resolution data is packed according to the first Trusted Computing profile or the second Trusted Computing profile form again, send to different functional units and handle, change step D over to.
Described how compatible trusted computing method, the described first different Trusted Computing functional unit is stored in different storage areas with the second Trusted Computing functional unit, unrelated between two kinds of storage areas, visit the instruction of one of them storage area and can not visit another storage area.
The described first Trusted Computing functional unit is the TPM functional unit; The described second Trusted Computing functional unit is the cTPM functional unit.
Described bus is a lpc bus; Described credible interface control unit is the credible interface control unit of LPC.
The invention has the beneficial effects as follows: of the present invention how compatible credible accounting system and computing method, can well support the standard of multiple Trusted Computing, make credible accounting system on commerce is used, have better adaptability, can be applied to different commercial applied environments, have great dirigibility, and for the final user, also will reduce greatly the use cost of multiple Trusted Computing standard.
Description of drawings
The how compatible credible accounting system structural representation of Fig. 1 the present invention;
Fig. 2 is the how compatible trusted computing method process flow diagram of the present invention;
Fig. 3 is for carrying out processing flow chart according to configuration and protocol command judged result to the protocol command data stream.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, a kind of how compatible credible accounting system of the present invention and method are further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Of the present invention how compatible credible accounting system is the support that realizes in same phy chip multiple Trusted Computing standard.
Fig. 1 is the structural representation of a kind of how compatible credible accounting system of the present invention, comprise at least one TPM (Trusted Platform Module, reliable platform module) functional unit and at least one cTPM (China Trusted Platform Module, Chinese credible platform module) functional unit.
TPM functional unit 131; claim the TPM safety chip again, be meant the safety chip that meets the TPM standard, it can be protected PC effectively, prevent that the disabled user from visiting; be the modular unit of carrying out TCG Trusted Computing standard, the standard criterion operation that this unit is organized to set up according to TCG.
The TPM standard is meant in October, 1999, many tame IT company unites and initiates to set up believable calculate platform (the Trusted Computing Platform Alliance of alliance, TCPA) the Trusted Computing standard of Zhi Dinging, the initial stage entrant has companies such as Compaq, HP, IBM, Intel, Microsoft.This alliance is devoted to facilitate a new generation to have safe and reliable hardware calculate platform.In March, 2003, TCPA has increased the adding of companies such as Nokia, Sony, and be reorganized as believable computation organization (Trusted Computing Group, TCG), hope is formulated believable computer relevant criterion and standard from cross-platform and hardware and software two aspects operating environment.And and the TPM standard proposed, latest edition is 1.2 at present.
CTPM functional unit 132 claims the cTPM safety chip again, is meant the safety chip that meets Chinese T PM standard, and it has the function of existing TPM, adopts interface and the algorithm that is different from the TPM safety chip simultaneously.The Trusted Computing standard criterion operation that this safety chip is formulated according to China." permanent intelligence " the cTPM safety chip of state-owned association and the cTPM safety chip of company on the million at present.
The operation course of work of TPM functional unit 131 and cTPM functional unit 132 all is a kind of prior art of standard, therefore, describes in detail no longer one by one in embodiments of the present invention.
Of the present invention how compatible credible accounting system also comprises a credible interface control unit 12 (TrustedInformation Systems Interface, TIS Interface).
Described credible interface control unit 12 is used for receiving the protocol command data stream that passes to TPM functional unit 131 and/or cTPM functional unit 132 from bus 11 (BUS), and the protocol command word according to different carries out different processing to the protocol command data stream.
Wherein, usually, described bus 11 for low pin number (Low Pin Count, LPC) bus 11, correspondingly, described credible interface control unit 12 is low pin number-credible interface control unit 12 (LPC-TISInterface).
Described credible interface control unit 12 comprises receiving transmitting element 122 that resolution unit 124 is judged packaged unit 125, wherein:
Described reception transmitting element 122 is used for receiving the protocol command data stream from bus 11, and the protocol command data stream is sent to TPM functional unit 131 or cTPM functional unit 132; Receive the result of TPM functional unit 131 or cTPM functional unit 132, and result is returned to bus 11;
Described resolution unit 124 is used for obtaining different protocol data bags according to receiving the protocol command data stream that transmitting element 122 receives, resolving, and obtains different command words according to different packets, and resolution data is sent to judgement packaged unit 125;
Described judgement packaged unit 125, be used for according to resolution data, judge that this protocol command data stream sends to TPM functional unit 131 or cTPM functional unit 132, and according to judged result, resolution data is packed according to TPM standard or cTPM standard format again, and send to the function corresponding unit by receiving transmitting element 122.
Preferably, described credible interface control unit 12 also comprises data verification units 123, functional configuration unit 121, wherein:
Described data verification units 123, be used to receive transmitting element 122 after bus 11 reception protocol command data stream, verify whether this protocol command data stream is the data stream that sends to TPM functional unit 131 or cTPM functional unit 132, and after checking is passed through, give resolution unit 124 the protocol command stream data transmission;
When receiving transmitting element 122 after bus 11 reception protocol command data stream, at first according to the check bit in the protocol command data stream, whether the judgment data bag is complete correct, if not, shows that then packet is incorrect, abandons and prepare to receive new data; Otherwise, after checking is passed through, give resolution unit 124 with the protocol command stream data transmission.
Described functional configuration unit 121 is used for the functional mode of set handling protocol command data stream.
The functional mode of functional configuration unit 121 set handling protocol command data stream is TPM functional mode and/or cTPM functional mode.When functional configuration unit 121 was set to only move the TPM functional mode, credible interface control unit 12 will be not respond the request of cTPM standard; When functional configuration unit 121 was set to only move the cTPM mode standard, credible interface control unit 12 will be not respond the request of TPM standard; When functional configuration unit 121 is set to move TPM functional mode and cTPM functional mode, both can respond the TPM standard, also can respond the cTPM standard.
More preferably, when the functional mode of functional configuration unit 121 set handling protocol command data stream is TPM functional mode and/or cTPM functional mode, can control by outer setting command, functional configuration unit 121 can be according to the request of outer setting command, return current functional configuration, and accept the outer setting command request, reset functional mode.
Further, of the present invention how compatible credible accounting system comprises storage unit 13, is used for the data with described TPM functional unit 131 and/or cTPM functional unit 132, is stored in different storage areas respectively.
As a kind of enforceable mode, there is the storage area of 0x0000 to the 0xFFFF size storage unit 13 inside, then storage area are forced to be divided into two storage area: 0x0000~0x7FFF and 0x8000~0xFFFF.Wherein, 0x0000~0x7FFF is the address data memory of TPM functional unit 131; 0x8000~0xFFFF is the data storage areas of cTPM functional unit 132.Unrelated between two kinds of storage areas, visit the instruction of one of them storage area and can not visit another storage area.
The protocol command that sends to TPM or cTPM functional unit 132 from bus 11 all is the data stream of standard format, that is to say, communications protocol between bus 11 and the safety chip, different safety chips, different standard agreement command formats is arranged, it all is some data stream that standard format is arranged, therefore, after the reception transmitting element 122 of credible interface control unit 12 receives the protocol command data stream, at first whether the data stream that is received by data verification units 123 verifications is complete correct, and the checking by after be transferred to resolution unit 124, parsing obtains different packets, obtain different command words according to different packets, send to then and judge packaged unit 125, judge that this protocol command of decision sends to TPM functional unit 131 or cTPM functional unit 132, the protocol command packing is distributed to TPM functional unit 131 or cTPM functional unit 132 is handled, and result is returned to bus 11.
As a kind of enforceable mode, the functional mode that functional configuration unit 121 can set handling protocol command data stream.
If functional configuration unit 121 is set to only move the TPM functional mode, after judging that packaged unit 125 is the request of cTPM standard in judgement, then no longer packing is sent to functional unit, and direct Interrupt Process is also returned end, and credible interface control unit 12 does not respond the request of cTPM standard;
If functional configuration unit 121 is set to only move the cTPM mode standard, after judging that then packaged unit 125 is the request of TPM standard in judgement, then no longer packing is sent to functional unit, directly Interrupt Process is also returned end, and credible interface control unit 12 will be not respond the request of TPM standard;
If functional configuration unit 121 is set to move TPM functional mode and cTPM functional mode, judge that then packaged unit 125 is after judging this protocol command request, according to different protocol command words the protocol command data stream being sent to different functional units handles, and result returned to bus 11, like this, credible interface control unit 12 both can respond the TPM functional unit 131 of TPM standard, also can the cTPM functional unit 132 of cTPM standard be responded.
Of the present invention how compatible credible accounting system has been realized the function of multiple Trusted Computing prescribed by standard on same kernel.It is controlled different external request respectively, with the support of final realization to multiple Trusted Computing standard.And the functional unit of a plurality of Trusted Computing standards can use same physical equipment, common storage space and address.Thereby realized support to multiple Trusted Computing standard logic with different forms, its form support comprises: 1) only support the cTPM standard; 2) only support the TPM standard.3) support multiple Trusted Computing standard simultaneously.Simultaneously, on such framework, also can support different Trusted Computing standards,, read and change the Trusted Computing standard of being supported promptly by outer setting command so that how compatible of the present invention credible accounting system be dynamic.
Below in conjunction with of the present invention how compatible credible accounting system, further describe a kind of how compatible trusted computing method of the present invention, as shown in the figure, it comprises the steps:
Step S100, the functional mode of set handling protocol command data stream;
The functional mode of set handling protocol command data stream is TPM functional mode and/or cTPM functional mode.When being set to only move the TCG functional mode, the request to the cTPM standard is not responded; When being set to state only in service mode standard, the request to the TPM standard is not responded; When being set to move TPM functional mode and cTPM functional mode, both can respond the TPM standard, also can respond the cTPM standard.
Preferably, described how compatible trusted computing method also comprises the following steps
By outer setting command control, can return current functional configuration according to the request of outer setting command, and accept the outer setting command request, reset functional mode.
Step S200 receives the protocol command data stream from external bus 11 interfaces;
When system's operation that begins to power on, auto-initiation TPM functional unit 131 and cTPM functional unit 132, and credible interface control unit 12, wait for from external bus 11 receiving the protocol command data stream that is transferred to TPM functional unit 131 or cTPM functional unit 132.
Preferably, described credible interface control unit 12 is the credible interface control unit 12 of LPC, and described bus 11 is a lpc bus 11.
Step S300, whether authentication data flow is complete correct, if not, shows that then packet is incorrect, abandons and prepares to receive new data, forwards step S200 to; Otherwise, forward next step to;
After credible interface control unit 12 receives the protocol command data stream from bus 11, at first according to the check bit in the protocol command data stream, whether the judgment data bag is complete correct, if not, show that then packet is incorrect, abandon and return step S200 and prepare to receive new data; Otherwise, the checking by after enter next step, the protocol command data stream is resolved.
Step S400 resolves from the protocol command data stream and obtains the protocol data bag, obtains the command word of protocol command data stream from the protocol data bag;
After the protocol command data stream that credible interface control unit 12 receives, resolve standard, from the protocol command data stream, resolve and obtain the protocol data bag, from the protocol data bag, obtain the command word of protocol command data stream according to existing TPM and cTPM standard.
From the protocol command parsing of the data stream and obtain the process of command word, those of ordinary skills just can resolve according to existing TPM and cTPM standard and obtain, and therefore, in the present invention, describe in detail no longer one by one.
Step S500 according to the command word of resolving, judges that this protocol command data stream sends to TPM functional unit 131 or cTPM functional unit 132, and according to judged result, carries out data processing;
Because the definition space of the TPM standard and the command word of the different agreement of cTPM standard is different, we can judge partly this agreement request is that expectation is with what standard operation by the command word of distinguishing the order bag.
Credible interface control unit 12 is after the functional mode of set handling protocol command data stream is TPM functional mode and/or cTPM functional mode.When being set to only move the TPM functional mode, credible interface control unit 12 will be not respond the request of cTPM standard; When being set to only move the cTPM mode standard, credible interface control unit 12 will be not respond the request of TPM standard; When being set to move TPM functional mode and cTPM functional mode, both can respond the TPM standard, also can respond the cTPM standard.
Particularly, described according to judged result, carry out data processing, comprise the following steps:
Step S510, if be set to only move the TPM functional mode, be the request of cTPM standard in judgement after, then no longer packing is sent to TPM functional unit 131, direct Interrupt Process is also returned step S200 and is waited for new data, and credible interface control unit 12 does not respond the request of cTPM standard; Otherwise, again according to the packing of TPM standard format, change resolution data over to step S600;
Step S520, if be set to only move the cTPM mode standard, after being the request of TPM standard in judgement, then no longer packing is sent to cTPM functional unit 132, directly Interrupt Process is also returned step S200 and is waited for new data, and credible interface control unit 12 will be not respond the request of TPM standard; Otherwise, again according to the packing of cTPM standard format, change resolution data over to step S600;
Step S530, if be set to move TPM functional mode and cTPM functional mode, after judging this protocol command request, according to different protocol command words, resolution data again according to TPM standard or the packing of cTPM standard format, is sent to different functional units and handles, change step S600 over to, like this, credible interface control unit 12 both can respond the TPM functional unit 131 of TPM standard, also can the cTPM functional unit 132 of cTPM standard be responded.
Preferably, different TPM functional units 131 is stored in different storage areas with cTPM functional unit 132, and is unrelated between two kinds of storage areas, visits the instruction of one of them storage area and can not visit another storage area.Like this, credible interface control unit 12 just can be handled the protocol command stream data transmission after judging different protocol commands to different addresses, and makes and the data processing physical isolation can not cause the data processing mistake.
Step S600,132 pairs of protocol command data flow data of TPM functional unit 131 or cTPM functional unit are handled, and result is returned to bus 11 by credible interface control unit 12, and credible interface control unit 12 prepares to receive data again.
TPM functional unit 131 or cTPM functional unit 132 receive from credible interface control unit 12 and meet own standard to the protocol command data stream, and handle according to stream, and result is returned to bus 11 by credible interface control unit 12 according to existing TPM standard or cTPM standard logarithmic.
According to TPM standard or cTPM standard the data stream that receives being handled, is the state of the art, therefore, describes in detail no longer one by one in the present invention.
Of the present invention how compatible credible accounting system and method, under the control of credible interface control unit, according to different protocol command data stream, decision sends to TPM functional unit or cTPM functional unit with request, and the result of each unit is returned to bus.It shows as the hardware capability of having realized multiple Trusted Computing prescribed by standard on same kernel from physics realization, respectively different external request is controlled, with the support of final realization to multiple Trusted Computing standard.Realized support with different forms to multiple Trusted Computing standard logic.And, comprising: 1) only support the cTPM standard by utilizing external command to realize forcing to specify the Trusted Computing standard of its required support.2) only support the TPM standard.3) support multiple Trusted Computing standard simultaneously.
In conjunction with the accompanying drawings to the description of the specific embodiment of the invention, others of the present invention and feature are conspicuous to those skilled in the art by above.
How compatible credible accounting system of the present invention and method can well be supported multiple Trusted Computing standard, and this will can better be adapted to different commercial applied environments on commerce is used, have great dirigibility.And for the final user, also will reduce greatly the use cost of multiple Trusted Computing standard.
More than specific embodiments of the invention are described and illustrate it is exemplary that these embodiment should be considered to it, and be not used in and limit the invention, the present invention should make an explanation according to appended claim.
Claims (15)
1. compatible credible accounting system more than a kind, comprise at least one first Trusted Computing functional unit and at least one second Trusted Computing functional unit, it is characterized in that, also comprise a credible interface control unit, be used for receiving the protocol command data stream that passes to the first Trusted Computing functional unit and/or the second Trusted Computing functional unit from bus interface, protocol command word according to different carries out different processing to the protocol command data stream; Described bus is a lpc bus;
Described credible interface control unit comprises the reception transmitting element, and resolution unit is judged packaged unit, wherein:
Described reception transmitting element is used for receiving the protocol command data stream from bus, and the protocol command data stream is sent to the first Trusted Computing functional unit or the second Trusted Computing functional unit; Receive the result of the first Trusted Computing functional unit or the second Trusted Computing functional unit, and result is returned to bus;
Described resolution unit is used for obtaining different protocol data bags according to receiving the protocol command data stream that transmitting element receives, resolving, and obtains different command words according to different packets, and resolution data is sent to the judgement packaged unit;
Described judgement packaged unit, be used for according to resolution data, judge that this protocol command data stream sends to the first Trusted Computing functional unit or the second Trusted Computing functional unit, and according to judged result, resolution data is packed according to the first Trusted Computing functional unit standard or the second Trusted Computing functional unit standard format again, and send to the function corresponding unit by receiving transmitting element.
2. according to claim 1 how compatible credible accounting system is characterized in that, described credible interface control unit also comprises the functional configuration unit, is used for the functional mode of set handling protocol command data stream.
3. according to claim 2 how compatible credible accounting system, it is characterized in that the functional mode of described functional configuration unit set handling protocol command data stream is the functional mode of the first Trusted Computing functional unit standard and/or the functional mode of the second Trusted Computing functional unit standard;
When the functional configuration unit was set to only move the functional mode of the first Trusted Computing functional unit standard, credible interface control unit will be not respond the request of the second Trusted Computing functional unit standard;
When the functional configuration unit was set to only move the functional mode of the second Trusted Computing functional unit standard, credible interface control unit will be not respond the request of the first Trusted Computing functional unit standard;
When the functional configuration unit is set to the functional mode of the functional mode of the first Trusted Computing functional unit standard of moving and the second Trusted Computing functional unit standard, both can the standard of the first Trusted Computing functional unit be responded, also can the standard of the second Trusted Computing functional unit be responded.
4. according to claim 3 how compatible credible accounting system, it is characterized in that, when the functional mode of described functional configuration unit set handling protocol command data stream is the functional mode of the functional mode of the first Trusted Computing functional unit standard and/or the second Trusted Computing functional unit standard, control by outer setting command, the functional configuration unit can be according to the request of outer setting command, return current functional configuration, and accept the outer setting command request, reset functional mode.
5. according to each described how compatible credible accounting system of claim 1 to 4, it is characterized in that, described credible interface control unit, also comprise data verification units, be used to receive transmitting element after bus reception protocol command data stream, verify whether this protocol command data stream is the data stream that sends to the first Trusted Computing functional unit or the second Trusted Computing functional unit, and after checking is passed through, give resolution unit the protocol command stream data transmission.
6. according to each described how compatible credible accounting system of claim 1 to 4, it is characterized in that, also comprise storage unit, be used for data, be stored in different storage areas respectively the described first Trusted Computing functional unit and/or the second Trusted Computing functional unit.
7. according to each described how compatible credible accounting system of claim 1 to 4, it is characterized in that the described first Trusted Computing functional unit is the TPM functional unit; The described second Trusted Computing functional unit is the cTPM functional unit.
8. according to claim 7 how compatible credible accounting system is characterized in that, described credible interface control unit is the credible interface control unit of LPC.
9. compatible trusted computing method more than a kind is characterized in that, comprises the following steps:
Steps A receives the protocol command data stream from external bus interface;
Step B resolves from the protocol command data stream and obtains the protocol data bag, obtains the command word of protocol command data stream from the protocol data bag;
Step C according to the command word of resolving, judges that this protocol command data stream sends to the first Trusted Computing functional unit or the second Trusted Computing functional unit, and according to judged result, carries out data processing;
Step D, the first Trusted Computing functional unit or the second Trusted Computing functional unit are handled the protocol command data flow data, and result is returned to bus by credible interface control unit, and credible interface control unit prepares to receive data again; Described bus is a lpc bus;
According to judged result, carry out data processing among the described step C, comprise the following steps:
Step C1, if be set to only move the functional mode of the first Trusted Computing functional unit standard, be the request of the second Trusted Computing profile in judgement after, then no longer packing is sent to the first Trusted Computing functional unit, directly Interrupt Process is also returned end; Otherwise, again according to the packing of the first Trusted Computing profile form, change resolution data over to step D;
Step C2, if be set to only move the functional mode of the second Trusted Computing functional unit standard, be the request of the first Trusted Computing profile in judgement after, then no longer packing is sent to the second Trusted Computing functional unit, directly Interrupt Process is also returned end; Otherwise, again according to the packing of the second Trusted Computing profile form, change resolution data over to step D;
Step C3, if be set to the functional mode of the first Trusted Computing functional unit standard of moving and the functional mode of the second Trusted Computing functional unit standard, after judging this protocol command request, according to different protocol command words, resolution data is packed according to the first Trusted Computing profile or the second Trusted Computing profile form again, send to different functional units and handle, change step D over to.
10. according to claim 9 how compatible trusted computing method is characterized in that, also comprises the following steps: before the described steps A
Steps A ', the functional mode of set handling protocol command data stream.
11. according to claim 10 how compatible trusted computing method is characterized in that, also comprises the following steps:
By outer setting command control, the functional configuration unit can return current functional configuration according to the request of outer setting command, and accepts the outer setting command request, resets functional mode.
12. according to each described how compatible trusted computing method of claim 9 to 11, it is characterized in that, also comprise the following steps: between described steps A and the step B
Whether authentication data flow is complete correct, if not, shows that then packet is incorrect, abandons and prepares to receive new data, forwards steps A to; Otherwise, forward step B to.
13. according to claim 11 how compatible trusted computing method, it is characterized in that, the described first different Trusted Computing functional unit is stored in different storage areas with the second Trusted Computing functional unit, unrelated between two kinds of storage areas, visit the instruction of one of them storage area and can not visit another storage area.
14. according to claim 9 how compatible trusted computing method is characterized in that, the described first Trusted Computing functional unit is the TPM functional unit; The described second Trusted Computing functional unit is the cTPM functional unit.
15. according to claim 14 how compatible trusted computing method is characterized in that, described credible interface control unit is the credible interface control unit of LPC.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200710098716XA CN100464339C (en) | 2007-04-25 | 2007-04-25 | Multiple compatibility credible accounting system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200710098716XA CN100464339C (en) | 2007-04-25 | 2007-04-25 | Multiple compatibility credible accounting system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101055612A CN101055612A (en) | 2007-10-17 |
| CN100464339C true CN100464339C (en) | 2009-02-25 |
Family
ID=38795446
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200710098716XA Active CN100464339C (en) | 2007-04-25 | 2007-04-25 | Multiple compatibility credible accounting system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100464339C (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040210760A1 (en) * | 2002-04-18 | 2004-10-21 | Advanced Micro Devices, Inc. | Computer system including a secure execution mode-capable CPU and a security services processor connected via a secure communication path |
| CN1694032A (en) * | 2004-04-29 | 2005-11-09 | 国际商业机器公司 | Method and system for bootstrapping a trusted server having redundant trusted platform modules |
| CN1808457A (en) * | 2006-02-24 | 2006-07-26 | 上海方正信息安全技术有限公司 | Portable trusted platform module supporting remote dynamic management |
| CN1311315C (en) * | 2003-08-18 | 2007-04-18 | 英特尔公司 | Low pin count docking architecture for a trusted platform |
-
2007
- 2007-04-25 CN CNB200710098716XA patent/CN100464339C/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040210760A1 (en) * | 2002-04-18 | 2004-10-21 | Advanced Micro Devices, Inc. | Computer system including a secure execution mode-capable CPU and a security services processor connected via a secure communication path |
| CN1311315C (en) * | 2003-08-18 | 2007-04-18 | 英特尔公司 | Low pin count docking architecture for a trusted platform |
| CN1694032A (en) * | 2004-04-29 | 2005-11-09 | 国际商业机器公司 | Method and system for bootstrapping a trusted server having redundant trusted platform modules |
| CN1808457A (en) * | 2006-02-24 | 2006-07-26 | 上海方正信息安全技术有限公司 | Portable trusted platform module supporting remote dynamic management |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101055612A (en) | 2007-10-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101019369B (en) | Method of delivering direct proof private keys to devices using an on-line service | |
| EP2735182B1 (en) | Security gateway communication | |
| CN101901318B (en) | Trusted hardware equipment and using method thereof | |
| CN104408003A (en) | Enhanced wireless usb protocol and hub | |
| CN102057615A (en) | A system and method of reducing encryption overhead by concatenating multiple connection packets associated with a security association | |
| CN112822177A (en) | Data transmission method, device, equipment and storage medium | |
| US10862675B2 (en) | Method for exchanging messages between security-relevant devices | |
| RU2602336C2 (en) | Establishing physical locality between secure execution environments | |
| CN101420299B (en) | Method for enhancing stability of intelligent cipher key equipment and intelligent cipher key equipment | |
| US9882737B2 (en) | Network system | |
| US20210126776A1 (en) | Technologies for establishing device locality | |
| CN100464339C (en) | Multiple compatibility credible accounting system and method | |
| EP4333360A1 (en) | Securing network communications using dynamically and locally generated secret keys | |
| CN105207747A (en) | Data transmission method based on HID protocol | |
| CN107317925A (en) | Mobile terminal | |
| CN102822840B (en) | Use management system and use management method | |
| KR101380895B1 (en) | Apparatus for providing security service and method of security service using the same | |
| CN101489227B (en) | Host device, mobile terminal, method for processing mobile communication service and system thereof | |
| CN100517290C (en) | Method for realizing universal series bus key compound equipment | |
| CN113407910B (en) | Program running method, program shell adding method and device | |
| CN113037696A (en) | Data transmission method, system server, storage medium and computer equipment | |
| EP4184865A1 (en) | Data transmission method and apparatus, system, computer device and storage medium | |
| US20230030805A1 (en) | Vehicle control apparatus and control method thereof | |
| US20230269311A1 (en) | Method and device for data transmission and storage medium | |
| KR101368772B1 (en) | Method and Device for Protecting Key Input |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Assignee: Zhaori Science & Technology (Shenzhen) Co., Ltd. Assignor: Zhaori Tech Co., Ltd., Shenzhen Contract fulfillment period: 2009.2.28 to 2027.9.11 contract change Contract record no.: 2009990000224 Denomination of invention: Multiple compatibility credible accounting system and method Granted publication date: 20090225 License type: Exclusive license Record date: 2009.3.26 |
|
| LIC | Patent licence contract for exploitation submitted for record |
Free format text: EXCLUSIVE LICENSE; TIME LIMIT OF IMPLEMENTING CONTACT: 2009.2.28 TO 2027.9.11; CHANGE OF CONTRACT Name of requester: ZHAORI SCIENCE + TECHNOLOGY (SHENZHEN) CO., LTD. Effective date: 20090326 |
|
| ASS | Succession or assignment of patent right |
Owner name: SINOSUN TECHNOLOGY (SHENZHEN) CO., LTD. Free format text: FORMER OWNER: SHENZHEN SINOSUN TECH CO., LTD. Effective date: 20100622 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518040 BLOCK C-3, 6/F, BUILDING 213, TAIRAN 9TH ROAD, FUSHAN DISTRICT, SHENZHEN CITY, GUANGDONG PROVINCE TO: 518040 TOWER C, 6/F, BUILDING 213, TAIRAN INDUSTRY DISTRICT, CHEGONGMIAO, FUTIAN DISTRICT, SHENZHEN CITY |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20100622 Address after: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee after: Sinosun Technology (Shenzhen) Co., Ltd. Address before: 518040 Guangdong province Fushan District of Shenzhen City Tairan nine Road 213 building 6 floor C-3 block Patentee before: Zhaori Tech Co., Ltd., Shenzhen |
|
| C56 | Change in the name or address of the patentee |
Owner name: SHENZHEN ZHAORI TECHNOLOGY CO., LTD. Free format text: FORMER NAME: ZHAORI SCIENCE + TECHNOLOGY (SHENZHEN) CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee after: Shenzhen Sinosun Technology Co., Ltd. Address before: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee before: Sinosun Technology (Shenzhen) Co., Ltd. |