CN101546365B - Hardware security unit logical switching method, system and hardware security unit - Google Patents
Hardware security unit logical switching method, system and hardware security unit Download PDFInfo
- Publication number
- CN101546365B CN101546365B CN2008101027025A CN200810102702A CN101546365B CN 101546365 B CN101546365 B CN 101546365B CN 2008101027025 A CN2008101027025 A CN 2008101027025A CN 200810102702 A CN200810102702 A CN 200810102702A CN 101546365 B CN101546365 B CN 101546365B
- Authority
- CN
- China
- Prior art keywords
- operating system
- hardware security
- security unit
- unit
- information record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Hardware Redundancy (AREA)
Abstract
The invention discloses a hardware security unit logical switching method which comprises the following steps: sending a switching information record of a first operating system to a fixed hardware security unit which is used for checking the switching information record of the first operating system; receiving existing state information of a second operating system corresponding to the fixed hardware security unit, which is fed back by the fixed hardware security unit and backed up according to a set strategy; updating the switching information record of the second operating system according to the received existing state information of the second operating system corresponding to the fixed hardware security unit; and entering a corresponding mode of the first operating system when the switching information record of the first operating system passes the check. The invention provides the hardware security unit logical switching method, the system and the hardware security unit, which can ensure that all OS can share complete security service.
Description
Technical field
The present invention relates to a kind of hardware security unit logical and switch, refer to a kind of logical switching method and system of hardware safe unit especially, and hardware safe unit.
Background technology
Because the consideration of security, all have CPU, internal memory, the storage space of oneself based on the hardware safe unit of computing machine, server, mobile phone or other equipment.This storage space and computational logic are not subjected to the control of equipment such as computing machine, server, mobile phone or other equipment of its service.The internal logic of hardware safe unit, program circuit, key and password management are enclosed environments, are not subjected to the management and the interference of the equipment of its service fully.Therefore, when the equipment of hardware safe unit service is destroyed by virus, wooden horse or other potential dangers and disturbs, therefore hardware safe unit can not be affected, and can provide correct security service, can be used as " root of trust " of entire equipment, and can be with this initial point as equipment recovery or safe operation.
But, just because of the interference-free characteristics of its internal logic of hardware safe unit in the switch application of VT (Virtualization Technology, Intel Virtualization Technology) or OS (operating system), can be brought many puzzlements.
For example: the user installs two OS simultaneously in a PC (computing machine), two OS wish that different safe hardware unit users is arranged (independently key, password and platform information), under present not changeable safe hardware unit pattern, this user's request can not be satisfied.
The user uses some OS simultaneously under the VT environment, each OS wishes that different safe hardware unit users is arranged (independently key, password and platform information), and under present not changeable safe hardware unit pattern, this user's request can not be satisfied.
Existing TPM (Trusted Platform Module, trusted root) Intel Virtualization Technology based on VT all has inevitable realization difficult point or shortcoming.
Existing many Owner and the TPM that deposits, safe hardware unit is supported a plurality of OS simultaneously, so just needs safe hardware unit to have n data area doubly simultaneously, OS activates corresponding data area by select command.This scheme has caused a difficult problem for the realization of safe hardware unit.One, because the deviser of safe hardware unit and do not know what OS the final user need use move simultaneously, so can't accurately customize the size of N, cause the uncertainty of design; Secondly, because the storage space of safe hardware unit inside costs an arm and a leg, data area N multiplication length can cause cost to soar, the through engineering approaches difficulty.
Existing shifty TPM, this scheme has only an Owner, only supports an OS to enjoy whole safe hardware unit services, and remaining OS only can be according to strategy, enjoys the safe hardware unit service that can not rewrite the data zone of part.Obviously, under this kind pattern, some OS is the security service that can not be finished.
The TPM that existing polygamy is put: this scheme be the unloading phase, by different strategies, TPM is carried out the configuration or the reduction of software and hardware, and then supports the different demands of a plurality of OS.This scheme not only has the shortcoming of " shifty TPM ", also requirement simultaneously, and TPM will reset and restart.
Summary of the invention
The purpose of this invention is to provide a kind of hardware security unit logical changing method, can guarantee that each OS can both the complete security of enjoying.
One aspect of the present invention provides a kind of hardware security unit logical changing method, and described logical switching method may further comprise the steps:
Send the switching information record of first operating system to fixed hardware security unit, described fixed hardware security unit is used for the switching information record of described first operating system is carried out verification;
Receive the standing state information according to the corresponding described fixed hardware security unit of second operating system of setting the strategy backup of described fixed hardware security unit feedback;
According to the standing state information of the corresponding described fixed hardware security unit of described second operating system that receives, upgrade the switching information record of described second operating system;
When the switching information record verification of described first operating system is passed through, enter the pattern of the described first operating system correspondence.
Preferably, when each operating system is worked first, create the switching information record corresponding with described operating system.
Preferably, described switching information record comprises: the label of each described operating system is used to represent described operating system;
The index of the state backup information of each the described operating system that obtains from described fixed hardware security unit;
The key state information of each the described operating system that obtains from described fixed hardware security unit.
Preferably, in described operating system use, described switching information record changes, and upgrades the information that changes in the described switching information record.
Preferably, described logical switching method also comprised step before the step of the switching information record that sends first operating system to fixed hardware security unit: confirm by the blocked operation authorization identifying in advance.
Preferably, the original password of described authorization identifying, information are preserved by described fixed hardware security unit.
Preferably, the information after described switching information record is encrypted by described fixed hardware security unit.
Preferably, before sending the switching information record of first operating system, fixed hardware security unit comprises:
Send the corresponding data information of second operating system, confirm that described fixed hardware security unit is being the described second operating system service.
Preferably, described fixed hardware security unit is preserved described switching information record by the mobile hardware safe unit that has binding relationship in advance with described fixed hardware security unit.
Another aspect of the present invention provides a kind of hardware security unit logical switched system, comprising:
The handover module transmitting element is used for sending to fixed hardware security unit the switching information record of first operating system, and described fixed hardware security unit is used for the switching information record of described first operating system is carried out verification;
The handover module receiving element is used to receive the standing state information according to the second operating system correspondence of setting the strategy backup that described fixed hardware security unit feeds back;
The handover module updating block is used for the standing state information according to the described second operating system correspondence that receives, and upgrades the switching information record of described second operating system;
The handover module switch unit when being used for switching information record when described first operating system by verification, switches to described switched system the pattern of the described first operating system correspondence.
Another aspect of the present invention provides a kind of hardware safe unit, comprising:
Receiving element is used to receive the switching information record of first operating system;
Storage unit links to each other with described receiving element, is used to store the state backup information of setting strategy and operating system; Described state backup information comprises the switching information record of described first operating system;
Verification unit, link to each other with described storage unit, the switching information record of described first operating system that receives according to described receiving element, call the state backup information of described first operating system corresponding in the described storage unit, check the switching information record of described first operating system whether complete;
The backup management unit, link to each other respectively with described storage unit with described receiving element, standing state information according to the described setting policy update second operating system correspondence of storing in the described storage unit, described second system is a current operation system, by the state backup information of described second operating system of described unit records;
Transmitting element links to each other with described storage unit and described verification unit, is used to feed back the standing state information according to the described second operating system correspondence after the renewal of described backup management unit;
Switching treatmenting unit links to each other with described backup management unit, is used for entering the pattern of the first operating system correspondence when the switching information record of described first operating system of described verification unit verification is passed through.
The described hardware security unit logical changing method of the embodiment of the invention, before second operating system is switched to first operating system, send the switching information record of first operating system to fixed hardware security unit, described fixed hardware security unit is used for the switching information record of described first operating system is carried out verification.Receive the standing state information according to the corresponding described fixed hardware security unit of second operating system of setting the strategy backup of described fixed hardware security unit feedback then.According to the standing state information of the corresponding described fixed hardware security unit of described second operating system that receives, upgrade the switching information record of second operating system again.At last, when the switching information record verification of described first operating system is passed through, enter the pattern of the described first operating system correspondence.
So just make each operating system all have and oneself one overlap independently operation logic, do not disturb mutually.Each operating system hardware safe unit right to use all plenipotentiary.
Description of drawings
Fig. 1 is first kind of embodiment process flow diagram of hardware security unit logical changing method of the present invention;
Fig. 2 is second kind of embodiment process flow diagram of hardware security unit logical changing method of the present invention;
Fig. 3 is the third embodiment process flow diagram of hardware security unit logical changing method of the present invention;
Fig. 4 is first kind of embodiment structural drawing of hardware security unit logical switched system of the present invention.
Embodiment
One aspect of the present invention provides a kind of hardware security unit logical changing method, can guarantee that each OS can both the complete security of enjoying.
Referring to Fig. 1, this figure is first kind of embodiment process flow diagram of hardware security unit logical changing method of the present invention.
The described hardware security unit logical changing method of first kind of embodiment of the present invention may further comprise the steps:
S100, send the switching information record of first operating system to fixed hardware security unit, described fixed hardware security unit is used for the switching information record of described first operating system is carried out verification.
When each operating system is worked first, need to create described switching information record.When operating system is switched, write down the switching information record of described operating system.
When an operating system was worked for the first time, described upper strata handover module was responsible for creating the switching information record of a described operating system correspondence, and control simultaneously starts described fixed hardware security unit and enters creation mode establishment Backup Data structure.
The switching information record that described upper strata handover module is created comprises: the label of each operating system is used to represent concrete operating system; Obtain the corresponding switching information record information index of each operating system from described fixed hardware security unit; The key state information under each operating system that described fixed hardware security unit is passed back.
When operating system is switched, need the switching information record of the described operating system of record, promptly upgrade the key state information under each operating system that described fixed hardware security unit is passed back.
In the use of operating system, if switching information record information changes, the upper strata handover module is to blame the renewal corresponding information.The upper strata handover module also should be responsible for the safe storage of above-mentioned corresponding information, and next time in the starting process, this corresponding information can be saved or reappear or rebuild or confirm by verification in this operating system.
The switching information record that described fixed hardware security unit is created under the control of described upper strata handover module comprises: the label of each operating system is used to represent concrete operating system; Obtain the corresponding switching information record information index of each operating system from described fixed hardware security unit; Status information under each operating system.Described status information comprises the key state information in the switching information record information.
When operating system was switched, described fixed hardware security unit need write down the switching information record of described operating system according to described Backup Data structural information.
The switching information record of described upper strata handover module record is corresponding one by one with the switching information record of described fixed hardware security unit record.
The switching information record that described fixed hardware security unit is created can also comprise the partial status backup information of safe hardware unit, and relevant check information.The state backup information can be position, tactful backup information.
The verification work of switching information record is finished jointly by the owner or the collaborative described fixed hardware security unit of founder's (BIOS, VMM core layer) of described upper strata handover module.
Fixedly safe hardware unit is based on the equipment that PC or other equipment are used to characterize PC or other equipment platform identity.Fixedly safe hardware unit is for example: TPM TCM MTM.
Under VT (Virtual Terminal, virtual terminal) environment, the embodiment of the invention has a upper strata handover module at VMM (VirtualMachine Monitor, virtual machine monitor) layer.
If under traditional mode, the embodiment of the invention has a upper strata handover module at the BIOS layer.
When needs carry out the operating system switching, second operating system need be switched to first operating system such as described upper strata handover module, then described upper strata handover module is at first according to the switching information record of first operating system, the switching information record of first operating system, send to described fixed hardware security unit.
Described fixed hardware security unit is according to the switching information record of described first operating system that receives, find the switching information record of first operating system of described fixed hardware security unit record of switching information record correspondence of described first operating system of upper strata handover module record, described fixed hardware security unit carries out verification to the switching information record of described first operating system.
The standing state information according to the described fixed hardware security unit of second operating system correspondence of setting the strategy backup of S200, the described fixed hardware security unit feedback of reception.
Described fixed hardware security unit is preserved on-the-spot, and the standing state of the corresponding described fixed hardware security unit of second operating system according to predefined strategy backup, is preserved the status information that comprises switching information record of second operating system.And the switching information record of described second operating system is sent to described upper strata handover module, described upper strata handover module upgrades the switching information record of described second operating system.
S300, according to the standing state information of the corresponding described fixed hardware security unit of described second operating system that receives, upgrade the switching information record of described second operating system.
Described upper strata handover module can upgrade the current described second operating system switching information record according to the standing state of the corresponding described fixed hardware security unit of described second operating system that receives.
S400, when the switching information record verification of described first operating system by the time, enter the pattern of the described first operating system correspondence.
Fixed hardware security unit can after by verification, according to original backup recovery policy, cover standing state according to original backup information record to new recovery request verification, enters first operating system schema.
The described fixed hardware security unit logical switching method of the embodiment of the invention, storage space at fixed hardware security unit can satisfy under the situation of storing the backup information that comprises switching information record, the setting of the switchover policy by described upper strata handover module uses fixed hardware security unit and described upper strata handover module to carry out the switching of operating system.
The described fixed hardware security unit logical switching method of the embodiment of the invention, can not satisfy under the situation of backup information that storage comprises switching information record at the storage space of fixed hardware security unit, described fixed hardware security unit can be preserved described second switching information record by the mobile hardware safe unit that has binding relationship in advance with described fixed hardware security unit.
The described hardware security unit logical changing method of the embodiment of the invention, before second operating system is switched to operating system, send the information of the switching information record of first operating system to fixed hardware security unit, described fixed hardware security unit is used for the switching information record of described first operating system is carried out verification; Receive the standing state information according to the second operating system correspondence of setting the strategy backup of described fixed hardware security unit feedback then; And, upgrade the information of the switching information record of described second operating system according to the standing state information of the described second operating system correspondence that receives; When the switching information record verification of described first operating system is passed through, enter the pattern of the described first operating system correspondence at last.So just make each operating system all have and oneself one overlap independently operation logic, do not disturb mutually.Each operating system hardware safe unit right to use all plenipotentiary.
Referring to Fig. 2, this figure is second kind of embodiment process flow diagram of hardware security unit logical changing method of the present invention.
The described hardware security unit logical changing method of second kind of embodiment of the present invention comprises step:
S10, affirmation in advance are by the blocked operation authorization identifying.
Set up handover management person's account,, obtain the authorization identifying of blocked operation by handover management person's inspection.The original password of described authorization identifying, information can be preserved by described fixed hardware security unit.
S100, before second operating system is switched to first operating system, send the switching information record of first operating system to described fixed hardware security unit, described fixed hardware security unit is used for the switching information record of described first operating system is carried out verification.
When each operating system is worked first, need to create described switching information record.When operating system is switched, need the switching information record of the described operating system of record.
When an operating system was worked for the first time, described upper strata handover module was responsible for creating the switching information record of a described operating system correspondence, and control simultaneously starts described fixed hardware security unit and enters creation mode establishment Backup Data structure.
The switching information record that described upper strata handover module is created comprises: the label of each operating system is used to represent concrete operating system; Obtain the corresponding switching information record information index of each operating system from described fixed hardware security unit; The key state information under each operating system that described fixed hardware security unit is passed back.
When operating system is switched, need the switching information record of the described operating system of record, promptly upgrade the key state information under each operating system that described fixed hardware security unit is passed back.
In the use of operating system, if switching information record information changes, the upper strata handover module is to blame the renewal corresponding information.The upper strata handover module also should be responsible for the safe storage of above-mentioned corresponding information, and next time in the starting process, this corresponding information can be saved or reappear or rebuild or confirm by verification in this operating system.
The switching information record that described fixed hardware security unit is created under the control of described upper strata handover module comprises: the label of each operating system is used to represent concrete operating system; Obtain the index of the corresponding switching information record of each operating system from described fixed hardware security unit; Status information under each operating system.Described status information comprises the key state information in the switching information record.
When operating system was switched, described fixed hardware security unit need write down the switching information record of described operating system.
The switching information record of described upper strata handover module record is corresponding one by one with the switching information record of described fixed hardware security unit record.
The switching information record that described fixed hardware security unit is created can also comprise the partial status backup information of hardware safe unit, and relevant check information.The state backup information can be position, tactful backup information.
The verification work of the switching information record of described fixed hardware security unit is finished jointly by the owner or the collaborative described fixed hardware security unit of founder's (BIOS, VMM core layer) of described upper strata handover module.
Described fixedly safe hardware unit is based on the equipment that PC or other equipment are used to characterize PC or other equipment platform identity.Described fixedly safe hardware unit is for example: TPM TCM MTM.
Under VT (Virtual Terminal, virtual terminal) environment, the embodiment of the invention has a upper strata handover module at VMM (VirtualMachine Monitor, virtual machine monitor) layer.
If under traditional mode, the embodiment of the invention has a upper strata handover module at the BIOS layer.
When needs carry out the operating system switching, in the time of second operating system need being switched to first operating system such as described upper strata handover module, described upper strata handover module is at first according to the switching information record of first operating system, the switching information record of first operating system, send to described fixed hardware security unit.
Described fixed hardware security unit is according to the switching information record of described first operating system that receives, and finds the switching information record of first operating system of described fixed hardware security unit record of switching information record correspondence of described first operating system of upper strata handover module record.Described fixed hardware security unit carries out verification to the switching information record of described first operating system.
The standing state information according to the described fixed hardware security unit of second operating system correspondence of setting the strategy backup of S200, the described fixed hardware security unit feedback of reception.
Described fixed hardware security unit is preserved on-the-spot, and the standing state of the corresponding described fixed hardware security unit of second operating system according to predefined strategy backup, is preserved the switching information record of second operating system.And the switching information record of described second operating system is sent to described upper strata handover module, described upper strata handover module upgrades the switching information record of described second operating system.
S300, according to the standing state information of the corresponding described fixed hardware security unit of described second operating system that receives, upgrade the switching information record of described second operating system.
Described upper strata handover module can upgrade the switching information record of current described second operating system according to the standing state information of the corresponding described fixed hardware security unit of described second operating system that receives.
S400, when the switching information record verification of described first operating system by the time, enter the pattern of the described first operating system correspondence.
Fixed hardware security unit can after by verification, according to original backup recovery policy, cover standing state according to original backup information record to new recovery request verification, enters first operating system schema.
The described fixed hardware security unit logical switching method of the embodiment of the invention, storage space at fixed hardware security unit can satisfy under the situation of storing the backup information that comprises switching information record, the setting of the switchover policy by described upper strata handover module uses fixed hardware security unit and described upper strata handover module to carry out the switching of operating system.
The described fixed hardware security unit logical switching method of the embodiment of the invention, can not satisfy under the situation of backup information that storage comprises switching information record at the storage space of fixed hardware security unit, described fixed hardware security unit can be preserved described switching information record by the mobile hardware safe unit that has binding relationship in advance with described fixed hardware security unit.
Information after described switching information record can be encrypted by described fixed hardware security unit.Switch data information can be selected to be encrypted the back storage by hardware safe unit, and hardware safe unit can have special key that this service is provided, and the destruction of this key is not subjected to the influence of Owner change.
Referring to Fig. 3, this figure is the third embodiment process flow diagram of hardware security unit logical changing method of the present invention.
The described hardware security unit logical changing method of the third embodiment of the present invention comprises:
The corresponding data information of S310, transmission second operating system confirms that fixed hardware security unit is being the second operating system service;
When fixed hardware security unit is confirmed be the service of second operating system, confirm that fixed hardware security unit is the second operating system duty.
S320, before second operating system is switched to first operating system, send the switching information record of first operating system to fixed hardware security unit, described fixed hardware security unit is used for the switching information record of described first operating system is carried out verification.
When each operating system is worked first, create described switching information record.
When an operating system was worked for the first time, described upper strata handover module was responsible for creating the switching information record of a described operating system correspondence, and control simultaneously starts described fixed hardware security unit and enters creation mode.
The switching information record that described upper strata handover module is created comprises: the label of each operating system is used to represent concrete operating system; Obtain the index of the corresponding switching information record of each operating system from described fixed hardware security unit; The key state information under each operating system that described fixed hardware security unit is passed back.
In the use of operating system, if switching information record information changes, the upper strata handover module is to blame renewal.The upper strata handover module also should be responsible for the safe storage of above-mentioned information, and in this operating system next time in the starting process, this information can be saved, reappears, reconstruction, verification.
The switching information record that described fixed hardware security unit is created comprises: the label of each operating system is used to represent concrete operating system; Obtain the index of the corresponding switching information record of each operating system from described fixed hardware security unit; Status information under each operating system.Described status information comprises the key state information in the switching information record information.
The switching information record that described fixed hardware security unit is created can also comprise the partial status backup information of safe hardware unit, and relevant check information.The state backup information can be position, tactful backup information.
The verification of the switching information record of described fixed hardware security unit is finished jointly by the owner or the collaborative described fixed hardware security unit of founder's (BIOS, VMM core layer) of described upper strata handover module.
Fixedly safe hardware unit is based on the equipment that PC or other equipment are used to characterize PC or other equipment platform identity.Fixedly safe hardware unit is for example: TPM TCM MTM.
Under VT (Virtual Terminal, virtual terminal) environment, the embodiment of the invention has a upper strata handover module at VMM (VirtualMachine Monitor, virtual machine monitor) layer.
If under traditional mode, the embodiment of the invention has a upper strata handover module at the BIOS layer.
When needs carry out the operating system switching, second operating system need be switched to first operating system such as described upper strata handover module, at first according to the switching information record of first operating system, the information relevant sends to fixed hardware security unit to then described upper strata handover module.
The standing state information according to the described fixed hardware security unit of second operating system correspondence of setting the strategy backup of S330, the described fixed hardware security unit feedback of reception.
Fixed hardware security unit is preserved on-the-spot, standing state is backed up according to the strategy of setting, and send to described upper strata handover module.
S340, according to the standing state information of the corresponding described fixed hardware security unit of described second operating system that receives, upgrade the switching information record of described second operating system.
Described upper strata handover module can upgrade the switching information record of current described second operating system according to the standing state of the described second operating system correspondence that receives.
S350, when the switching information record verification of described first operating system by the time, enter the pattern of the described first operating system correspondence.
Referring to Fig. 4, this figure is first kind of embodiment structural drawing of hardware security unit logical switched system of the present invention.
The described hardware security unit logical switched system of first kind of embodiment of the present invention comprises upper strata handover module 40.Upper strata handover module 40 comprises handover module transmitting element 41, handover module receiving element 42, handover module updating block 43 and handover module switch unit 44.
Handover module transmitting element 41 is used for sending the information of the switching information record of first operating system to fixed hardware security unit before second operating system is switched to first operating system.Described fixed hardware security unit is used for the switching information record of described first operating system is carried out verification.
Handover module receiving element 42 is used to receive the standing state according to the second operating system correspondence of setting the strategy backup that described fixed hardware security unit 10 feeds back.
Handover module updating block 43 is used for the standing state according to the described second operating system correspondence that receives, and upgrades the switching information record of second operating system.
Handover module switch unit 44 is used for entering the pattern of the described first operating system correspondence when the switching information record verification of described first operating system is passed through.
The described hardware security unit logical switched system of the embodiment of the invention, handover module transmitting element 41 sent the information of the switching information record of first operating system to fixed hardware security unit 10 before second operating system is switched to first operating system; Handover module receiving element 42 receives the standing state information according to the second operating system correspondence of setting the strategy backup of described fixed hardware security unit 10 feedbacks; Handover module updating block 43 upgrades the information of the switching information record of second operating system according to the standing state information of the described second operating system correspondence that receives; Handover module switch unit 44 enters the pattern of the described first operating system correspondence when the switching information record verification of described first operating system is passed through.So just make each operating system all have and oneself one overlap independently operation logic, do not disturb mutually.Each operating system hardware safe unit right to use all plenipotentiary.
The described fixed hardware security unit logic of embodiment of the invention switched system, can satisfy under the situation of backup information that bag deposit contains switching information record at the storage space of fixed hardware security unit 10, the setting of the switchover policy by described upper strata handover module 40 uses fixed hardware security unit 10 and described upper strata handover module 40 to carry out the switching of operating system.
The described fixed hardware security unit logic of embodiment of the invention switched system, can not satisfy under the situation of backup information that storage comprises switching information record at the storage space of fixed hardware security unit 10, described fixed hardware security unit 10 can be preserved described switching information record by the mobile hardware safe unit 20 that has binding relationship in advance with described fixed hardware security unit 10.
Another aspect of the present invention also provides a kind of hardware safe unit, can realize the hardware security unit logical switching.
The described hardware safe unit of the embodiment of the invention comprises receiving element, storage unit, verification unit, backup management unit, transmitting element and switching treatmenting unit.
Receiving element is used to receive the switching information record of first operating system.
Storage unit links to each other with described receiving element, is used to store the state backup information of setting strategy and operating system; Described state backup information comprises the switching information record of described first operating system.
Verification unit, link to each other with described storage unit, the switching information record of described first operating system that receives according to described receiving element, call the state backup information of described first operating system corresponding in the described storage unit, check the switching information record of described first operating system whether complete.
The backup management unit, link to each other respectively with described storage unit with described receiving element, standing state information according to the described setting policy update second operating system correspondence of storing in the described storage unit, described second system is a current operation system, by the state backup information of described second operating system of described unit records.
Transmitting element links to each other with described storage unit and described verification unit, is used to feed back the standing state information according to the described second operating system correspondence after the renewal of described backup management unit.
Switching treatmenting unit links to each other with described backup management unit, is used for entering the pattern of the first operating system correspondence when the switching information record of described first operating system of described verification unit verification is passed through.
The above only is a preferred implementation of the present invention, does not constitute the qualification to protection domain of the present invention.Any any modification of being done within the spirit and principles in the present invention, be equal to and replace and improvement etc., all should be included within the claim protection domain of the present invention.
Claims (11)
1. a hardware security unit logical changing method is characterized in that, described logical switching method may further comprise the steps:
Send the switching information record of first operating system to fixed hardware security unit, described fixed hardware security unit is used for the switching information record of described first operating system is carried out verification;
Receive the standing state information according to the corresponding described fixed hardware security unit of second operating system of setting the strategy backup of described fixed hardware security unit feedback;
According to the standing state information of the corresponding described fixed hardware security unit of described second operating system that receives, upgrade the switching information record of described second operating system;
When the switching information record verification of described first operating system is passed through, enter the pattern of the described first operating system correspondence.
2. hardware security unit logical changing method according to claim 1 is characterized in that, when each operating system is worked first, creates the switching information record corresponding with described operating system.
3. hardware security unit logical changing method according to claim 2 is characterized in that, described switching information record comprises:
The label of each described operating system is used to represent described operating system;
Obtain the corresponding switching information record information index of each operating system from described fixed hardware security unit;
The key state information of each the described operating system that obtains from described fixed hardware security unit.
4. hardware security unit logical changing method according to claim 3 is characterized in that,
In described operating system use, described switching information record changes, and upgrades the information that changes in the described switching information record.
5. hardware security unit logical changing method according to claim 1, it is characterized in that, described logical switching method also comprised step before the step of the switching information record that sends first operating system to fixed hardware security unit: confirm by the blocked operation authorization identifying in advance.
6. hardware security unit logical changing method according to claim 5 is characterized in that, the original password of described authorization identifying, information are preserved by described fixed hardware security unit.
7. hardware security unit logical changing method according to claim 1 is characterized in that, the information after described switching information record is encrypted by described fixed hardware security unit.
8. hardware security unit logical changing method according to claim 1 is characterized in that, the switching information record that sends first operating system to fixed hardware security unit comprises before:
Send the corresponding data information of second operating system, confirm that described fixed hardware security unit is being the described second operating system service.
9. hardware security unit logical changing method according to claim 1, it is characterized in that described fixed hardware security unit is preserved described switching information record by the mobile hardware safe unit that has binding relationship in advance with described fixed hardware security unit.
10. a hardware security unit logical switched system is characterized in that, described logic switched system comprises:
The handover module transmitting element is used for sending to fixed hardware security unit the switching information record of first operating system, and described fixed hardware security unit is used for the switching information record of described first operating system is carried out verification;
The handover module receiving element is used to receive the standing state information according to the second operating system correspondence of setting the strategy backup that described fixed hardware security unit feeds back;
The handover module updating block is used for the standing state information according to the described second operating system correspondence that receives, and upgrades the switching information record of described second operating system;
The handover module switch unit when being used for switching information record when described first operating system by verification, switches to described switched system the pattern of the described first operating system correspondence.
11. a hardware safe unit is characterized in that, comprising:
Receiving element is used to receive the switching information record of first operating system;
Storage unit links to each other with described receiving element, is used to store the state backup information of setting strategy and operating system; Described state backup information comprises the switching information record of described first operating system;
Verification unit, link to each other with described storage unit, the switching information record of described first operating system that receives according to described receiving element, call the state backup information of described first operating system corresponding in the described storage unit, check the switching information record of described first operating system whether complete;
The backup management unit, link to each other respectively with described storage unit with described receiving element, standing state information according to the described setting policy update second operating system correspondence of storing in the described storage unit, described second system is a current operation system, by the state backup information of described second operating system of described unit records;
Transmitting element links to each other with described storage unit and described verification unit, is used to feed back the standing state information according to the described second operating system correspondence after the renewal of described backup management unit;
Switching treatmenting unit links to each other with described backup management unit, is used for entering the pattern of the first operating system correspondence when the switching information record of described first operating system of described verification unit verification is passed through.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101027025A CN101546365B (en) | 2008-03-25 | 2008-03-25 | Hardware security unit logical switching method, system and hardware security unit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101027025A CN101546365B (en) | 2008-03-25 | 2008-03-25 | Hardware security unit logical switching method, system and hardware security unit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101546365A CN101546365A (en) | 2009-09-30 |
| CN101546365B true CN101546365B (en) | 2011-01-26 |
Family
ID=41193494
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101027025A Active CN101546365B (en) | 2008-03-25 | 2008-03-25 | Hardware security unit logical switching method, system and hardware security unit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101546365B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010018717A1 (en) * | 2000-02-29 | 2001-08-30 | International Business Machines Corporation | Computer system, operating system switching system, operating system mounting method, operating system switching method, storage medium, and program transmission apparatus |
| WO2004109512A1 (en) * | 2003-06-03 | 2004-12-16 | Sony Corporation | Information processing device, process control method, and computer program |
| CN1797351A (en) * | 2004-12-24 | 2006-07-05 | 联想(北京)有限公司 | Method for switching multiple operation systems of computer |
-
2008
- 2008-03-25 CN CN2008101027025A patent/CN101546365B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010018717A1 (en) * | 2000-02-29 | 2001-08-30 | International Business Machines Corporation | Computer system, operating system switching system, operating system mounting method, operating system switching method, storage medium, and program transmission apparatus |
| WO2004109512A1 (en) * | 2003-06-03 | 2004-12-16 | Sony Corporation | Information processing device, process control method, and computer program |
| CN1797351A (en) * | 2004-12-24 | 2006-07-05 | 联想(北京)有限公司 | Method for switching multiple operation systems of computer |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101546365A (en) | 2009-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102541987B (en) | Online database availability during upgrade | |
| JP6585072B2 (en) | Safe reading of data into non-volatile memory or secure elements | |
| CN107925871A (en) | Mobile operator profile managements are entrusted | |
| CN101132557A (en) | Method providing equipment and data safety service for mobile phone users | |
| CN106663174A (en) | Restricting system calls using protected storage | |
| CN1954297A (en) | Isolated multiplexed multi-dimensional processing in a virtual processing space having virus, spyware, and hacker protection features | |
| CN104246698A (en) | Computer with flexible operating system | |
| CN104598793A (en) | Fingerprint authentication method and fingerprint authentication device | |
| CN104885092A (en) | Security system and method for operating systems | |
| CN101263489A (en) | Secure machine counting | |
| CN107231490A (en) | Dynamic updates method, client and the server of IOS system applications | |
| JP2003198718A (en) | Communication terminal, method for limiting use of contents, and method for limiting execution of program | |
| CN106656455A (en) | Website access method and device | |
| JP2013503509A (en) | Smart card remote control method and system | |
| CN103765925A (en) | Method for accessing at least one service and corresponding system | |
| CN102542206A (en) | Method and device for adding authorized users to terminal | |
| CN107305608A (en) | The management method and device of terminal device | |
| CN101546365B (en) | Hardware security unit logical switching method, system and hardware security unit | |
| US9846790B2 (en) | Method for changing an operating mode of a mobile device | |
| US12022284B2 (en) | System and methods for over-the-air SIM profile transfer | |
| JP6643728B2 (en) | Terminal device, registration processing program and registration processing method | |
| CN102859512A (en) | Remotable project | |
| CN110968852B (en) | Virtual machine password management method, system, equipment and computer storage medium | |
| CN107330318A (en) | A kind of binding encryption method of digital signal panel card and its debugging system | |
| CN103052060A (en) | Method for improving information security of mobile terminal and mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |