Summary of the invention
Problem to be solved of the present invention is to provide a kind of how compatible credible accounting system and method, and it has good compatibility and adaptability, and it is few to take resource, and cost is low.
Be a kind of how compatible credible accounting system of realizing that the object of the invention provides, comprise at least one first Trusted Computing functional unit and at least one second Trusted Computing functional unit, it is characterized in that, also comprise a credible interface control unit, be used for receiving the protocol command data stream that passes to the first Trusted Computing functional unit and/or the second Trusted Computing functional unit from bus interface, protocol command word according to different carries out different processing to the protocol command data stream.
Described credible interface control unit can comprise the reception transmitting element, and resolution unit is judged packaged unit, wherein:
Described reception transmitting element is used for receiving the protocol command data stream from bus, and the protocol command data stream is sent to the first Trusted Computing functional unit or the second Trusted Computing functional unit; Receive the result of the first Trusted Computing functional unit or the second Trusted Computing functional unit, and result is returned to bus;
Described resolution unit is used for obtaining different protocol data bags according to receiving the protocol command data stream that transmitting element receives, resolving, and obtains different command words according to different packets, and resolution data is sent to the judgement packaged unit;
Described judgement packaged unit, be used for according to resolution data, judge that this protocol command data stream sends to the first Trusted Computing functional unit or the second Trusted Computing functional unit, and according to judged result, resolution data is packed according to the first Trusted Computing functional unit standard or the second Trusted Computing functional unit standard format again, and send to the function corresponding unit by receiving transmitting element.
Described credible interface control unit can also comprise the functional configuration unit, is used for the functional mode of set handling protocol command data stream.
The functional mode of described functional configuration unit set handling protocol command data stream is the functional mode of the first Trusted Computing functional unit standard and/or the functional mode of the second Trusted Computing functional unit standard;
When the functional configuration unit was set to only move the functional mode of the first Trusted Computing functional unit standard, credible interface control unit will be not respond the request of the second Trusted Computing functional unit standard;
When the functional configuration unit was set to only move the functional mode of the second Trusted Computing functional unit standard, credible interface control unit will be not respond the request of the first Trusted Computing functional unit standard;
When the functional configuration unit is set to the functional mode of the functional mode of the first Trusted Computing functional unit standard of moving and the second Trusted Computing functional unit standard, both can the standard of the first Trusted Computing functional unit be responded, also can the standard of the second Trusted Computing functional unit be responded.
When the functional mode of described functional configuration unit set handling protocol command data stream is the functional mode of the functional mode of the first Trusted Computing functional unit standard and/or the second Trusted Computing functional unit standard, control by outer setting command, the functional configuration unit can be according to the request of outer setting command, return current functional configuration, and accept the outer setting command request, reset functional mode.
Described credible interface control unit, can further include data verification units, be used to receive transmitting element after bus reception protocol command data stream, verify whether this protocol command data stream is the data stream that sends to the first Trusted Computing functional unit or the second Trusted Computing functional unit, and after checking is passed through, give resolution unit the protocol command stream data transmission.
Described how compatible credible accounting system also comprises storage unit, is used for the data with the described first Trusted Computing functional unit and/or the second Trusted Computing functional unit, is stored in different storage areas respectively.
For realizing that the object of the invention also provides a kind of how compatible trusted computing method, comprise the following steps:
Steps A receives the protocol command data stream from external bus interface;
Step B resolves from the protocol command data stream and obtains the protocol data bag, obtains the command word of protocol command data stream from the protocol data bag;
Step C according to the command word of resolving, judges that this protocol command data stream sends to the first Trusted Computing functional unit or the second Trusted Computing functional unit, and according to judged result, carries out data processing;
Step D, the first Trusted Computing functional unit or the second Trusted Computing functional unit are handled the protocol command data flow data, and result is returned to bus by credible interface control unit, and credible interface control unit prepares to receive data again.
Also comprise the following steps: before the described steps A
Steps A ', the functional mode of set handling protocol command data stream.
Described how compatible trusted computing method also comprises the following steps:
By outer setting command control, the functional configuration unit can return current functional configuration according to the request of outer setting command, and accepts the outer setting command request, resets functional mode.
Also comprise the following steps: between described steps A and the step B
Whether authentication data flow is complete correct, if not, shows that then packet is incorrect, abandons and prepares to receive new data, forwards steps A to; Otherwise, forward step B to.
According to judged result, carry out data processing among the described step C, comprise the following steps:
Step C1, if be set to only move the functional mode of the first Trusted Computing functional unit standard, be the request of the second Trusted Computing profile in judgement after, then no longer packing is sent to the first Trusted Computing functional unit, directly Interrupt Process is also returned end; Otherwise, again according to the packing of the first Trusted Computing profile form, change resolution data over to step D;
Step C2, if be set to only move the functional mode of the second Trusted Computing functional unit standard, be the request of the first Trusted Computing profile in judgement after, then no longer packing is sent to the second Trusted Computing functional unit, directly Interrupt Process is also returned end; Otherwise, again according to the packing of the second Trusted Computing profile form, change resolution data over to step D;
Step C3, if be set to the functional mode of the first Trusted Computing functional unit standard of moving and the functional mode of the second Trusted Computing functional unit standard, after judging this protocol command request, according to different protocol command words, resolution data is packed according to the first Trusted Computing profile or the second Trusted Computing profile form again, send to different functional units and handle, change step D over to.
Described how compatible trusted computing method, the described first different Trusted Computing functional unit is stored in different storage areas with the second Trusted Computing functional unit, unrelated between two kinds of storage areas, visit the instruction of one of them storage area and can not visit another storage area.
The described first Trusted Computing functional unit is the TPM functional unit; The described second Trusted Computing functional unit is the cTPM functional unit.
Described bus is a lpc bus; Described credible interface control unit is the credible interface control unit of LPC.
The invention has the beneficial effects as follows: of the present invention how compatible credible accounting system and computing method, can well support the standard of multiple Trusted Computing, make credible accounting system on commerce is used, have better adaptability, can be applied to different commercial applied environments, have great dirigibility, and for the final user, also will reduce greatly the use cost of multiple Trusted Computing standard.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer,, a kind of how compatible credible accounting system of the present invention and method are further elaborated below in conjunction with drawings and Examples.Should be appreciated that specific embodiment described herein only in order to explanation the present invention, and be not used in qualification the present invention.
Of the present invention how compatible credible accounting system is the support that realizes in same phy chip multiple Trusted Computing standard.
Fig. 1 is the structural representation of a kind of how compatible credible accounting system of the present invention, comprise at least one TPM (Trusted Platform Module, reliable platform module) functional unit and at least one cTPM (China Trusted Platform Module, Chinese credible platform module) functional unit.
TPM functional unit 131; claim the TPM safety chip again, be meant the safety chip that meets the TPM standard, it can be protected PC effectively, prevent that the disabled user from visiting; be the modular unit of carrying out TCG Trusted Computing standard, the standard criterion operation that this unit is organized to set up according to TCG.
The TPM standard is meant in October, 1999, many tame IT company unites and initiates to set up believable calculate platform (the Trusted Computing Platform Alliance of alliance, TCPA) the Trusted Computing standard of Zhi Dinging, the initial stage entrant has companies such as Compaq, HP, IBM, Intel, Microsoft.This alliance is devoted to facilitate a new generation to have safe and reliable hardware calculate platform.In March, 2003, TCPA has increased the adding of companies such as Nokia, Sony, and be reorganized as believable computation organization (Trusted Computing Group, TCG), hope is formulated believable computer relevant criterion and standard from cross-platform and hardware and software two aspects operating environment.And and the TPM standard proposed, latest edition is 1.2 at present.
CTPM functional unit 132 claims the cTPM safety chip again, is meant the safety chip that meets Chinese T PM standard, and it has the function of existing TPM, adopts interface and the algorithm that is different from the TPM safety chip simultaneously.The Trusted Computing standard criterion operation that this safety chip is formulated according to China." permanent intelligence " the cTPM safety chip of state-owned association and the cTPM safety chip of company on the million at present.
The operation course of work of TPM functional unit 131 and cTPM functional unit 132 all is a kind of prior art of standard, therefore, describes in detail no longer one by one in embodiments of the present invention.
Of the present invention how compatible credible accounting system also comprises a credible interface control unit 12 (TrustedInformation Systems Interface, TIS Interface).
Described credible interface control unit 12 is used for receiving the protocol command data stream that passes to TPM functional unit 131 and/or cTPM functional unit 132 from bus 11 (BUS), and the protocol command word according to different carries out different processing to the protocol command data stream.
Wherein, usually, described bus 11 for low pin number (Low Pin Count, LPC) bus 11, correspondingly, described credible interface control unit 12 is low pin number-credible interface control unit 12 (LPC-TISInterface).
Described credible interface control unit 12 comprises receiving transmitting element 122 that resolution unit 124 is judged packaged unit 125, wherein:
Described reception transmitting element 122 is used for receiving the protocol command data stream from bus 11, and the protocol command data stream is sent to TPM functional unit 131 or cTPM functional unit 132; Receive the result of TPM functional unit 131 or cTPM functional unit 132, and result is returned to bus 11;
Described resolution unit 124 is used for obtaining different protocol data bags according to receiving the protocol command data stream that transmitting element 122 receives, resolving, and obtains different command words according to different packets, and resolution data is sent to judgement packaged unit 125;
Described judgement packaged unit 125, be used for according to resolution data, judge that this protocol command data stream sends to TPM functional unit 131 or cTPM functional unit 132, and according to judged result, resolution data is packed according to TPM standard or cTPM standard format again, and send to the function corresponding unit by receiving transmitting element 122.
Preferably, described credible interface control unit 12 also comprises data verification units 123, functional configuration unit 121, wherein:
Described data verification units 123, be used to receive transmitting element 122 after bus 11 reception protocol command data stream, verify whether this protocol command data stream is the data stream that sends to TPM functional unit 131 or cTPM functional unit 132, and after checking is passed through, give resolution unit 124 the protocol command stream data transmission;
When receiving transmitting element 122 after bus 11 reception protocol command data stream, at first according to the check bit in the protocol command data stream, whether the judgment data bag is complete correct, if not, shows that then packet is incorrect, abandons and prepare to receive new data; Otherwise, after checking is passed through, give resolution unit 124 with the protocol command stream data transmission.
Described functional configuration unit 121 is used for the functional mode of set handling protocol command data stream.
The functional mode of functional configuration unit 121 set handling protocol command data stream is TPM functional mode and/or cTPM functional mode.When functional configuration unit 121 was set to only move the TPM functional mode, credible interface control unit 12 will be not respond the request of cTPM standard; When functional configuration unit 121 was set to only move the cTPM mode standard, credible interface control unit 12 will be not respond the request of TPM standard; When functional configuration unit 121 is set to move TPM functional mode and cTPM functional mode, both can respond the TPM standard, also can respond the cTPM standard.
More preferably, when the functional mode of functional configuration unit 121 set handling protocol command data stream is TPM functional mode and/or cTPM functional mode, can control by outer setting command, functional configuration unit 121 can be according to the request of outer setting command, return current functional configuration, and accept the outer setting command request, reset functional mode.
Further, of the present invention how compatible credible accounting system comprises storage unit 13, is used for the data with described TPM functional unit 131 and/or cTPM functional unit 132, is stored in different storage areas respectively.
As a kind of enforceable mode, there is the storage area of 0x0000 to the 0xFFFF size storage unit 13 inside, then storage area are forced to be divided into two storage area: 0x0000~0x7FFF and 0x8000~0xFFFF.Wherein, 0x0000~0x7FFF is the address data memory of TPM functional unit 131; 0x8000~0xFFFF is the data storage areas of cTPM functional unit 132.Unrelated between two kinds of storage areas, visit the instruction of one of them storage area and can not visit another storage area.
The protocol command that sends to TPM or cTPM functional unit 132 from bus 11 all is the data stream of standard format, that is to say, communications protocol between bus 11 and the safety chip, different safety chips, different standard agreement command formats is arranged, it all is some data stream that standard format is arranged, therefore, after the reception transmitting element 122 of credible interface control unit 12 receives the protocol command data stream, at first whether the data stream that is received by data verification units 123 verifications is complete correct, and the checking by after be transferred to resolution unit 124, parsing obtains different packets, obtain different command words according to different packets, send to then and judge packaged unit 125, judge that this protocol command of decision sends to TPM functional unit 131 or cTPM functional unit 132, the protocol command packing is distributed to TPM functional unit 131 or cTPM functional unit 132 is handled, and result is returned to bus 11.
As a kind of enforceable mode, the functional mode that functional configuration unit 121 can set handling protocol command data stream.
If functional configuration unit 121 is set to only move the TPM functional mode, after judging that packaged unit 125 is the request of cTPM standard in judgement, then no longer packing is sent to functional unit, and direct Interrupt Process is also returned end, and credible interface control unit 12 does not respond the request of cTPM standard;
If functional configuration unit 121 is set to only move the cTPM mode standard, after judging that then packaged unit 125 is the request of TPM standard in judgement, then no longer packing is sent to functional unit, directly Interrupt Process is also returned end, and credible interface control unit 12 will be not respond the request of TPM standard;
If functional configuration unit 121 is set to move TPM functional mode and cTPM functional mode, judge that then packaged unit 125 is after judging this protocol command request, according to different protocol command words the protocol command data stream being sent to different functional units handles, and result returned to bus 11, like this, credible interface control unit 12 both can respond the TPM functional unit 131 of TPM standard, also can the cTPM functional unit 132 of cTPM standard be responded.
Of the present invention how compatible credible accounting system has been realized the function of multiple Trusted Computing prescribed by standard on same kernel.It is controlled different external request respectively, with the support of final realization to multiple Trusted Computing standard.And the functional unit of a plurality of Trusted Computing standards can use same physical equipment, common storage space and address.Thereby realized support to multiple Trusted Computing standard logic with different forms, its form support comprises: 1) only support the cTPM standard; 2) only support the TPM standard.3) support multiple Trusted Computing standard simultaneously.Simultaneously, on such framework, also can support different Trusted Computing standards,, read and change the Trusted Computing standard of being supported promptly by outer setting command so that how compatible of the present invention credible accounting system be dynamic.
Below in conjunction with of the present invention how compatible credible accounting system, further describe a kind of how compatible trusted computing method of the present invention, as shown in the figure, it comprises the steps:
Step S100, the functional mode of set handling protocol command data stream;
The functional mode of set handling protocol command data stream is TPM functional mode and/or cTPM functional mode.When being set to only move the TCG functional mode, the request to the cTPM standard is not responded; When being set to state only in service mode standard, the request to the TPM standard is not responded; When being set to move TPM functional mode and cTPM functional mode, both can respond the TPM standard, also can respond the cTPM standard.
Preferably, described how compatible trusted computing method also comprises the following steps
By outer setting command control, can return current functional configuration according to the request of outer setting command, and accept the outer setting command request, reset functional mode.
Step S200 receives the protocol command data stream from external bus 11 interfaces;
When system's operation that begins to power on, auto-initiation TPM functional unit 131 and cTPM functional unit 132, and credible interface control unit 12, wait for from external bus 11 receiving the protocol command data stream that is transferred to TPM functional unit 131 or cTPM functional unit 132.
Preferably, described credible interface control unit 12 is the credible interface control unit 12 of LPC, and described bus 11 is a lpc bus 11.
Step S300, whether authentication data flow is complete correct, if not, shows that then packet is incorrect, abandons and prepares to receive new data, forwards step S200 to; Otherwise, forward next step to;
After credible interface control unit 12 receives the protocol command data stream from bus 11, at first according to the check bit in the protocol command data stream, whether the judgment data bag is complete correct, if not, show that then packet is incorrect, abandon and return step S200 and prepare to receive new data; Otherwise, the checking by after enter next step, the protocol command data stream is resolved.
Step S400 resolves from the protocol command data stream and obtains the protocol data bag, obtains the command word of protocol command data stream from the protocol data bag;
After the protocol command data stream that credible interface control unit 12 receives, resolve standard, from the protocol command data stream, resolve and obtain the protocol data bag, from the protocol data bag, obtain the command word of protocol command data stream according to existing TPM and cTPM standard.
From the protocol command parsing of the data stream and obtain the process of command word, those of ordinary skills just can resolve according to existing TPM and cTPM standard and obtain, and therefore, in the present invention, describe in detail no longer one by one.
Step S500 according to the command word of resolving, judges that this protocol command data stream sends to TPM functional unit 131 or cTPM functional unit 132, and according to judged result, carries out data processing;
Because the definition space of the TPM standard and the command word of the different agreement of cTPM standard is different, we can judge partly this agreement request is that expectation is with what standard operation by the command word of distinguishing the order bag.
Credible interface control unit 12 is after the functional mode of set handling protocol command data stream is TPM functional mode and/or cTPM functional mode.When being set to only move the TPM functional mode, credible interface control unit 12 will be not respond the request of cTPM standard; When being set to only move the cTPM mode standard, credible interface control unit 12 will be not respond the request of TPM standard; When being set to move TPM functional mode and cTPM functional mode, both can respond the TPM standard, also can respond the cTPM standard.
Particularly, described according to judged result, carry out data processing, comprise the following steps:
Step S510, if be set to only move the TPM functional mode, be the request of cTPM standard in judgement after, then no longer packing is sent to TPM functional unit 131, direct Interrupt Process is also returned step S200 and is waited for new data, and credible interface control unit 12 does not respond the request of cTPM standard; Otherwise, again according to the packing of TPM standard format, change resolution data over to step S600;
Step S520, if be set to only move the cTPM mode standard, after being the request of TPM standard in judgement, then no longer packing is sent to cTPM functional unit 132, directly Interrupt Process is also returned step S200 and is waited for new data, and credible interface control unit 12 will be not respond the request of TPM standard; Otherwise, again according to the packing of cTPM standard format, change resolution data over to step S600;
Step S530, if be set to move TPM functional mode and cTPM functional mode, after judging this protocol command request, according to different protocol command words, resolution data again according to TPM standard or the packing of cTPM standard format, is sent to different functional units and handles, change step S600 over to, like this, credible interface control unit 12 both can respond the TPM functional unit 131 of TPM standard, also can the cTPM functional unit 132 of cTPM standard be responded.
Preferably, different TPM functional units 131 is stored in different storage areas with cTPM functional unit 132, and is unrelated between two kinds of storage areas, visits the instruction of one of them storage area and can not visit another storage area.Like this, credible interface control unit 12 just can be handled the protocol command stream data transmission after judging different protocol commands to different addresses, and makes and the data processing physical isolation can not cause the data processing mistake.
Step S600,132 pairs of protocol command data flow data of TPM functional unit 131 or cTPM functional unit are handled, and result is returned to bus 11 by credible interface control unit 12, and credible interface control unit 12 prepares to receive data again.
TPM functional unit 131 or cTPM functional unit 132 receive from credible interface control unit 12 and meet own standard to the protocol command data stream, and handle according to stream, and result is returned to bus 11 by credible interface control unit 12 according to existing TPM standard or cTPM standard logarithmic.
According to TPM standard or cTPM standard the data stream that receives being handled, is the state of the art, therefore, describes in detail no longer one by one in the present invention.
Of the present invention how compatible credible accounting system and method, under the control of credible interface control unit, according to different protocol command data stream, decision sends to TPM functional unit or cTPM functional unit with request, and the result of each unit is returned to bus.It shows as the hardware capability of having realized multiple Trusted Computing prescribed by standard on same kernel from physics realization, respectively different external request is controlled, with the support of final realization to multiple Trusted Computing standard.Realized support with different forms to multiple Trusted Computing standard logic.And, comprising: 1) only support the cTPM standard by utilizing external command to realize forcing to specify the Trusted Computing standard of its required support.2) only support the TPM standard.3) support multiple Trusted Computing standard simultaneously.
In conjunction with the accompanying drawings to the description of the specific embodiment of the invention, others of the present invention and feature are conspicuous to those skilled in the art by above.
How compatible credible accounting system of the present invention and method can well be supported multiple Trusted Computing standard, and this will can better be adapted to different commercial applied environments on commerce is used, have great dirigibility.And for the final user, also will reduce greatly the use cost of multiple Trusted Computing standard.
More than specific embodiments of the invention are described and illustrate it is exemplary that these embodiment should be considered to it, and be not used in and limit the invention, the present invention should make an explanation according to appended claim.