CN102063593A - Credible device with active control function and authentication method thereof - Google Patents
Credible device with active control function and authentication method thereof Download PDFInfo
- Publication number
- CN102063593A CN102063593A CN2011100031881A CN201110003188A CN102063593A CN 102063593 A CN102063593 A CN 102063593A CN 2011100031881 A CN2011100031881 A CN 2011100031881A CN 201110003188 A CN201110003188 A CN 201110003188A CN 102063593 A CN102063593 A CN 102063593A
- Authority
- CN
- China
- Prior art keywords
- credible platform
- control module
- credible
- hardware
- platform control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a credible device with an active control function and an authentication method thereof, relating to the field of information security. A credible platform control module with the active control function and a hardware device are connected to a credible platform of the credible device with the active control function, wherein the hardware device are separated into a credible hardware device and an incredible hardware device by the credible platform control module through the active control function, and the credible platform control module is internally provided with hardware units such as an active measurement engine, a control judgment engine, a work mode customizing engine, a credible control policy configuration engine and the like to realize active check on the working condition configuration information of the hardware device, control policy configuration information, a firmware code and the working condition of a circuit. Mutual binding between the credible platform and the credible hardware is realized through combing the credible platform control module and a credible pipeline technology, the binding process of the credible platform control module and the credible hardware is completely transparent to an operating system and an application program, and the operating system cannot bypass or intervene the process of binding the credible hardware by the credible platform.
Description
Technical field
The present invention relates to information security field, relate in particular to a kind of credible equipment and authentication method thereof of active control function.
Background technology
Along with to the deepening continuously of reliable computing technology research, the Trusted Computing standard to the functional requirement of credible chip also in continuous increase.From TCG1.1 version 1.2 versions up till now the earliest,,, we can say that (the credible chip of TCG definition is called credible platform module to credible chip to aspects such as server, embedded device, virtual machine, networks from the application of terminal.) functional requirement in continuous raising, design complexities is in continuous increase, and then also caused the hardware size of credible chip and the continuous increase of internal firmware scale.
At field terminal computer, existing Trusted Computing standard is not carried out confidence level definition and detailed functional requirement to the hardware device on the mainboard platform.And think when trusted terminal is dispatched from the factory that the hardware device on the mainboard is defaulted as believable exactly.In use simultaneously, the hardware device on the credible platform is not replaced by artificial malice, can be normally by tolerance to equipment read-only register information, and then this thinks that this hardware device is believable.
The credible platform control module is a kind of safety chip with crypto-operation function, and integrity measurement function, integrity report function, trusted storage, encryption and decryption operation, digital signature operation etc. mainly are provided.With reference to relevant patent " a kind of credible platform module and active measure thereof the " (patent No.: ZL200810115280.5)
Hardware device comprises trusted hardware equipment and untrusted hardware device.Through the legal hardware device in credible platform authentication back promptly is trusted hardware equipment, otherwise is non-trusted hardware equipment.Trusted hardware equipment is the hardware device that comprises credible chip on a kind of hardware circuit, and its characteristics comprise: to self circuit working state inspection, self firmware code is carried out integrity checking, carries out believable two-way authentication etc. with trusted computer.With reference to related invention patent " a kind of trusted hardware equipment and using method thereof " (application number: 201010237511.7)
The RSA public key encryption algorithm is to be developed in (Massachusetts Institute Technology) by Ron Rivest, Adi Shamirh and LenAdleman in 1977.RSA is the most influential public key encryption algorithm at present, is recommended as the public key data encryption standard by ISO.RSA Algorithm is based on a foolproof number theory fact: it is very easy that two big prime numbers are multiplied each other, but it is extremely difficult to want that its product is carried out factorization, therefore can product is open as encryption key.
Summary of the invention
Existing computer platform in use can't be guaranteed the credibility of hardware.After hardware device was replaced, computing machine oneself can not be found the change on the hardware, and the computing machine user has been constituted great potential safety hazard especially in secret department.The credible platform of a kind of active control function that the present invention proposes and the authentication method of trusted hardware equipment provide a kind of effective solution to this problem.
1, the authentication method of a kind of credible platform of active control function and trusted hardware equipment, wherein a kind of trusted hardware equipment of credible platform of active control function comprises CPU, video card, internal memory, BOOT ROM, credible platform control module, peripheral controls and other hardware devices:
Other hardware devices comprise: hard disk, PCI integrated circuit board, SCSI integrated circuit board and PCI-E integrated circuit board;
All there is trusted module each reliable hardware inside; Trusted module comprises: symmetric cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells, volatile memory cell, credible interface unit;
The credible platform control module is except that comprising: carry out engine, communication bus, non-volatile memory cells, volatile memory cell, counter and the input/output bus interface, also comprise: control ruling engine, control strategy configuration information customization engine, work mode configuration information customization engine, state switching controls engine, active check engine and credible password module;
Credible password module is except that comprising: symmetric cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells, volatile memory cell, credible interface unit and the communication bus, also comprise the input and output isolated location;
Input and output isolated location: comprise two ports, one of them port connects symmetric cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells and volatile memory cell by communication bus, and another port connects the communication bus of credible platform control module;
Trusted hardware equipment comprises basic hardware circuit, bus controller, platform bus interface, peripheral bus, firmware stores unit, Policy storage unit, configuration memory cell and trusted module, and has passed through the authentication of credible platform control module to described hardware device;
Bus controller interconnects by communication bus and basic hardware circuit, platform bus interface, peripheral interface, firmware stores unit, Policy storage unit, configuration memory cell and trusted module;
The signal input end mouth of peripheral controls is connected to the processor and the credible platform control module of credible platform; The input/output bus port of peripheral controls is connected to credible platform control module and other hardware devices of credible platform;
In credible platform control module inside, by communication bus will control the ruling engine, carry out engine, non-volatile memory cells, volatile memory cell, counter, input/output bus interface, control strategy configuration information customization engine, work mode configuration information customization engine, state switching controls engine, initiatively check engine, credible password module, interconnect;
BOOT ROM is the hardware carrier of storage bios code.
2, the authentication method of described credible platform and trusted hardware equipment is characterized in that by carrying out realizing the authentication of credible platform control module and trusted hardware equipment alternately between credible platform control module on the credible platform and the trusted hardware equipment;
The credible platform control module has higher security, because it has initiatively tolerance and authentication function, therefore is the instrument of credible platform to the trusted hardware equipment authentication.Credible platform is trusted all operations of credible platform safety control module.The authentication that is credible platform and reliable hardware is exactly the authentication between credible platform control module and the trusted hardware equipment.The authentication method of credible platform control module and reliable hardware comprises: credible platform initial method, credible platform hardware update method and credible platform authentication method; Wherein, the prerequisite of execution trusted hardware equipment update method and credible platform authentication method is to have carried out the credible platform initial method on described credible platform; On described credible platform, carry out when upgrading hardware device, need to carry out the trusted hardware equipment update method; Each credible platform that starts need be carried out authentication method.
Device code, vendor code are meant the device code of hardware device and the code of manufacturer, these two codes be by the hardware manufacturer when producing hardware, be solidificated in the hardware device.The general user can't change.The binding procedure of credible platform control module and reliable hardware all is fully transparent to operating system and application program.Operating system can't bypass or is intervened the process of credible platform binding reliable hardware.
1 credible platform initial method:
1.1 behind the electrifying startup, credible platform control module and peripheral controls carry out mutual first trusted computer first, if peripheral controls exist, then continue to start; Otherwise stop starting;
Being meant alternately first of credible platform control module and peripheral controls: credible platform control module device controller to the periphery sends initializing signal, if peripheral controls response initializing signal is also finished initialization operation, then credible platform control module and peripheral controls assert that mutually the other side exists.
1.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls visit credible platform whether trusted hardware equipment exists; If existing, trusted hardware equipment continues to start; Otherwise stop starting;
The existence of checking trusted hardware equipment is meant that the credible platform control module sends initializing signal to trusted hardware equipment successively by the peripheral unit control module, after treating that trusted hardware equipment responds initializing signal successively and finishes initialization operation, the credible platform control module confirms that trusted hardware equipment exists.
1.3 the credible platform control module reads the vendor code and the device code of trusted hardware equipment, and generates the easy mistake storage unit that digest value is stored to the credible platform control module.The trusted module of trusted hardware equipment inside begins to measure self firmware code, and generates the volatile memory cell that digest value is stored to the trusted module of trusted hardware equipment;
1.4 the credible platform control module at first disposes peripheral controls, video card, the credible platform control module reads supervisor control program from non-volatile memory cells then, and points out the user that the platform management key is provided on screen by peripheral controls; After the user provides managing keys; The credible platform control module is presented at the hardware device information that collects on the display by video card, artificial confirm that hardware information is correct after,, otherwise stop starting with reliable hardware if information is errorless.
1.5 credible platform control module and trusted hardware equipment are right by the key of the trusted module generation self of device interior; Simultaneously private key is deposited in the trusted module of device interior; The credible platform control module is distributed to outer trusted hardware equipment with PKI, and trusted hardware equipment is stored in the PKI of credible platform control module in the non-volatile memory cells of trusted module separately; Trusted hardware equipment will be separately PKI and separately the tolerance digest value of firmware code send to the credible platform control module; The credible platform control module deposits the public key information of receiving the non-volatile memory cells of credible platform control module inside in order, in the volatile memory cell with the tolerance digest value of trusted hardware equipment self firmware code received and credible platform control module the corresponding digest value that generates by vendor code and device code with after be stored in the non-volatile memory cells of credible platform control module;
Restart order 1.6 the credible platform control module sends to credible platform, credible platform is carried out reboot operation.
The authentication method of 2 credible platforms and trusted hardware equipment:
2.1 behind the credible platform electrifying startup, the credible platform control module is carried out alternately with peripheral controls earlier, if peripheral controls exist, then continues to start; Otherwise stop starting;
2.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls visit credible platform whether trusted hardware equipment exists; If existing, trusted hardware equipment continues to start; Otherwise stop starting;
2.3 credible platform control module tolerance reliable hardware, if measure successfully then continues to start, otherwise the termination startup, entrance management program prompts user;
Changed by the people at this vacuum metrics failure explanation hardware, if because of the reason of hardware damage, the hardware that carries out is changed in step, then the entrance management program carry out credible platform the hardware device update method; If malice is changed hardware, can stop start-up course after the entrance management program.
2.4 the trusted module of credible platform control module and reliable hardware carries out the password interactive authentication, continues to start if authentication is passed through; Otherwise stop starting;
The credible platform control module at first generates initial random number, and with the public key encryption of peripheral controls; After using the private key signature of credible platform control module, enciphered data is sent to peripheral controls.After peripheral controls are received enciphered data, use the public key verifications signature of credible platform control module, if authentication failed then stop starting; Otherwise continue operation.Peripheral controls use the private key data decryption of peripheral controls, stop starting if deciphering is failed; Otherwise continue operation.The firmware code of the trusted hardware equipment of the volatile memory cell stored of the data after then peripheral controls will be deciphered and the trusted module of peripheral controls self is measured digest value, together passes through the public key encryption of credible platform control module.Peripheral controls will use the data after the peripheral controls private key signature to send to the credible platform control module.After the credible platform control module is received the enciphered data that peripheral controls send, through the public key verifications signature of peripheral controls, if authentication failed then stop starting; Otherwise continue operation, credible platform control module encrypted private key data stop starting if deciphering is failed; Otherwise continue operation.Data and initial random number after the deciphering are compared.If identical then continuation starts; Otherwise stop starting.
The credible platform control module authenticates CPU, internal memory, video card and other hardware devices by peripheral controls successively, identifying procedure is as follows: the random number that the credible platform control module will go up in the verification process adds 1, then encrypt by current PKI that will authentic hardware device, the private key of credible platform control module is signed, and send to current will authentic hardware device.Current will authentic hardware device receive the data that credible platform control sends by peripheral controls after, the public key verifications signature by the credible platform control module at first is if authentication failed then stop starting otherwise continues operation; Use the private key data decryption of current authentic hardware device then, if failing, deciphering stops starting, otherwise continue operation, after the firmware code tolerance digest value splicing of the reliable hardware of the data that obtain after current authentic hardware device will be deciphered and the volatile memory cell stored of the trusted module of self, public key encryption through the credible platform control module, data after the private key signature of current authentic hardware device send to the credible platform control module, the credible platform control module is received the public key verifications signature that uses current certified equipment after the enciphered data that peripheral controls send, if authentication failed then stop starting then continues operation; Credible platform control module private key data decryption stops starting if deciphering is failed; Otherwise continue operation, the firmware code tolerance digest value of the reliable hardware of random number that data after the deciphering and credible platform safety control module send and the storage of credible platform control module compares.If identical then continuation starts; Otherwise stop starting.Behind all devices authentication success, enter next step.
2.5 the credible platform control module sends the order that starts BOOT ROM by peripheral controls to CPU, then CPU begins to carry out BIOS loading boot, finishes system start-up.
The hardware device update method of 3 credible platforms:
3.1 behind the electrifying startup first of credible platform after the user changes hardware, credible platform control module and peripheral controls carry out alternately, if peripheral controls exist, then continue to start; Otherwise stop starting;
Credible platform control module and peripheral controls are meant alternately: credible platform control module device controller to the periphery sends initializing signal, if peripheral controls response initializing signal is also finished initialization operation, think that then peripheral controls exist.
3.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls visit credible platform whether the trusted hardware equipment except that the peripherals controller exists; If existing, the trusted hardware equipment except that the peripherals controller continues to start; Otherwise stop starting;
The existence of checking trusted hardware equipment is meant, the credible platform control module sends initializing signal to trusted hardware equipment successively by the peripheral unit control module, after treating that trusted hardware equipment responds initializing signal successively and finishes initialization operation, the credible platform control module confirms that trusted hardware equipment exists.
3.3 the credible platform control module at first disposes peripheral controls, video card, the credible platform control module reads supervisor control program from non-volatile memory cells then, and points out the user that the platform management key is provided on screen by peripheral controls; After the user provides managing keys; The credible platform control module will collect new hardware device information and be presented on the display by video card, if the user provides correct managing keys, and agree to change hardware, and system continues to start, otherwise stops starting.
3.4 after confirming that the user information of the hardware device replaced is correct, the digest value that the vendor code of the hardware device after the credible platform control module will be replaced and device code generate, and the tolerance digest value of the firmware code of replacement back hardware device deposits the volatile memory cell of credible platform control module inside in;
3.5 it is right that the hardware device after replacing generates key; And private key is deposited in the trusted module of the hardware device inside after the replacement.The PKI of the hardware device after the replacement sends to the credible platform control module; The credible platform control module deposits the public key information of receiving the non-volatile memory cells of credible platform control module inside in, with the corresponding digest value that generates by device code and vendor code in the tolerance digest value of reliable hardware self firmware code received and the credible platform control module volatile memory cell want with after be stored in the non-volatile memory cells of credible platform control module;
3.6 the credible platform control module sends the order that starts BOOT ROM by peripheral controls to CPU, then CPU begins to carry out BIOS loading boot, finishes system start-up.
Implementation result:
1. the credible platform of a kind of active control function of the present invention design and the authentication method of trusted hardware equipment, it has realized the authentication between credible platform inside reliable hardware and the credible and secure control module.The security of reliable hardware self is guaranteed by trusted module in each inside by trusted module.Guaranteed the security of credible platform integral body by the authentication between credible platform safety control module and the reliable hardware.
2. compare with the traditional calculations machine platform, trusted module has been added in the hardware inside on the credible platform.Guarantee the primitiveness and the credibility of reliable hardware by the tolerance means.On credible platform, add the credible platform safety control module, credible and secure control module storage inside the information of reliable hardware, credible platform control module mutual by with reliable hardware when at every turn starting confirmed the credibility of hardware.Guarantee the security of credible platform integral body by the authentication method of credible platform described in the invention and reliable hardware.This is that traditional calculations machine platform institute is irrealizable.
3. the present invention reduces burden for users in use for the user provides the simple and high-efficient interface.Verification process between credible platform and the reliable hardware by the credible platform safety control module by and reliable hardware between finish alternately, need not manual intervention.Only when credible platform is set up or credible platform needing when hardware is changed need carry out the artificial credibility of confirming hardware device.Can guarantee the credibility of credible platform in this way.
4. the above-mentioned trusted hardware equipment and the binding of credible platform are fully transparent to operating system and application software.Operating system and application software can't be to the binding procedure bypasses of credible platform and trusted hardware equipment.
Description of drawings:
Fig. 1 credible platform control module and credible platform connected mode
Fig. 2 trusted module and credible platform control module connected mode
Fig. 3 credible password module hardware structure diagram
Fig. 4 credible platform control module hardware structure diagram
Embodiment:
The credible platform control module that selected trusted module of the present invention and credible platform control module all adopt domestic JETWAY Information Security Industry Co., Ltd. to provide exploitation plate able to programme.
On the basis of credible platform control module exploitation plate able to programme, develop credible platform control module and trusted module.The credible platform control module links to each other with peripheral controls by signal wire.Trusted module links to each other with trusted hardware equipment by signal wire.
Rui Da company is domestic supplier and the information security solution provider that specializes in research and development, production information safety product on a large scale.Its equipment that provides can be thought believable.
The authentication method of credible platform and credible platform control module comprises: credible platform initial method, credible platform hardware update method and credible platform authentication method; Wherein, the prerequisite of execution trusted hardware equipment update method and credible platform authentication method is to have carried out the credible platform initial method on described credible platform; On described credible platform, carry out when upgrading hardware device, need to carry out the trusted hardware equipment update method; Each credible platform that starts need be carried out credible platform and reliable hardware authentication method.Described public and private key algorithm adopts RSA 1024 cryptographic algorithm.
1 credible platform initial method:
1.1 behind the electrifying startup, credible platform control module and peripheral controls carry out mutual first trusted computer first, if peripheral controls exist, then continue to start; Otherwise stop starting;
Being meant alternately first of credible platform control module and peripheral controls: credible platform control module device controller to the periphery sends initializing signal, if peripheral controls response initializing signal is also finished initialization operation, then credible platform control module and peripheral controls assert that mutually the other side exists.
1.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls visit credible platform whether trusted hardware equipment exists; If existing, trusted hardware equipment continues to start; Otherwise stop starting;
The existence of checking trusted hardware equipment is meant that the credible platform control module sends initializing signal to trusted hardware equipment successively by the peripheral unit control module, after treating that trusted hardware equipment responds initializing signal successively and finishes initialization operation, the credible platform control module confirms that trusted hardware equipment exists.
1.3 the credible platform control module reads the vendor code and the device code of trusted hardware equipment, and generates the easy mistake storage unit that digest value is stored to the credible platform control module.The trusted module of trusted hardware equipment inside begins to measure self firmware code, and generates the volatile memory cell that digest value is stored to the trusted module of trusted hardware equipment;
1.4 the credible platform control module at first disposes peripheral controls, video card, the credible platform control module reads supervisor control program from non-volatile memory cells then, and points out the user that the platform management key is provided on screen by peripheral controls; After the user provides managing keys; The credible platform control module is presented at the hardware device information that collects on the display by video card, artificial confirm that hardware information is correct after,, otherwise stop starting with reliable hardware if information is errorless.
1.5 credible platform control module and trusted hardware equipment are right by the key of the trusted module generation self of device interior; Simultaneously private key is deposited in the trusted module of device interior; The credible platform control module is distributed to outer trusted hardware equipment with PKI, and trusted hardware equipment is stored in the PKI of credible platform control module in the non-volatile memory cells of trusted module separately; Trusted hardware equipment will be separately PKI and separately the tolerance digest value of firmware code send to the credible platform control module; The credible platform control module deposits the public key information of receiving the non-volatile memory cells of credible platform control module inside in order, in the volatile memory cell with the tolerance digest value of trusted hardware equipment self firmware code received and credible platform control module the corresponding digest value that generates by vendor code and device code with after be stored in the non-volatile memory cells of credible platform control module;
Restart order 1.6 the credible platform control module sends to credible platform, credible platform is carried out reboot operation.
The authentication method of 2 credible platforms and trusted hardware equipment:
2.1 behind the credible platform electrifying startup, the credible platform control module is carried out alternately with peripheral controls earlier, if peripheral controls exist, then continues to start; Otherwise stop starting;
2.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls visit credible platform whether trusted hardware equipment exists; If existing, trusted hardware equipment continues to start; Otherwise stop starting;
2.3 credible platform control module tolerance reliable hardware, if measure successfully then continues to start, otherwise the termination startup, entrance management program prompts user;
Changed by the people at this vacuum metrics failure explanation hardware, if because of the reason of hardware damage, the hardware that carries out is changed in step, then the entrance management program carry out credible platform the hardware device update method; If malice is changed hardware, can stop start-up course after the entrance management program.
2.4 the trusted module of credible platform control module and reliable hardware carries out the password interactive authentication, continues to start if authentication is passed through; Otherwise stop starting;
The credible platform control module at first generates initial random number, and with the public key encryption of peripheral controls; After using the private key signature of credible platform control module, enciphered data is sent to peripheral controls.After peripheral controls are received enciphered data, use the public key verifications signature of credible platform control module, if authentication failed then stop starting; Otherwise continue operation.Peripheral controls use the private key data decryption of peripheral controls, stop starting if deciphering is failed; Otherwise continue operation.The firmware code of the trusted hardware equipment of the volatile memory cell stored of the data after then peripheral controls will be deciphered and the trusted module of peripheral controls self is measured digest value, together passes through the public key encryption of credible platform control module.Peripheral controls will use the data after the peripheral controls private key signature to send to the credible platform control module.After the credible platform control module is received the enciphered data that peripheral controls send, through the public key verifications signature of peripheral controls, if authentication failed then stop starting; Otherwise continue operation, credible platform control module encrypted private key data stop starting if deciphering is failed; Otherwise continue operation.Data and initial random number after the deciphering are compared.If identical then continuation starts; Otherwise stop starting.
The credible platform control module authenticates CPU, internal memory, video card and other hardware devices by peripheral controls successively, identifying procedure is as follows: the random number that the credible platform control module will go up in the verification process adds 1, then encrypt by current PKI that will authentic hardware device, the private key of credible platform control module is signed, and send to current will authentic hardware device.Current will authentic hardware device receive the data that credible platform control sends by peripheral controls after, the public key verifications signature by the credible platform control module at first is if authentication failed then stop starting otherwise continues operation; Use the private key data decryption of current authentic hardware device then, if failing, deciphering stops starting, otherwise continue operation, after the firmware code tolerance digest value splicing of the reliable hardware of the data that obtain after current authentic hardware device will be deciphered and the volatile memory cell stored of the trusted module of self, public key encryption through the credible platform control module, data after the private key signature of current authentic hardware device send to the credible platform control module, the credible platform control module is received the public key verifications signature that uses current certified equipment after the enciphered data that peripheral controls send, if authentication failed then stop starting then continues operation; Credible platform control module private key data decryption stops starting if deciphering is failed; Otherwise continue operation, the firmware code tolerance digest value of the reliable hardware of random number that data after the deciphering and credible platform safety control module send and the storage of credible platform control module compares.If identical then continuation starts; Otherwise stop starting.Behind all devices authentication success, enter next step.
2.5 the credible platform control module sends the order that starts BOOT ROM by peripheral controls to CPU, then CPU begins to carry out BIOS loading boot, finishes system start-up.
The hardware device update method of 3 credible platforms:
3.1 behind the electrifying startup first of credible platform after the user changes hardware, credible platform control module and peripheral controls carry out alternately, if peripheral controls exist, then continue to start; Otherwise stop starting;
Credible platform control module and peripheral controls are meant alternately: credible platform control module device controller to the periphery sends initializing signal, if peripheral controls response initializing signal is also finished initialization operation, think that then peripheral controls exist.
3.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls visit credible platform whether the trusted hardware equipment except that the peripherals controller exists; If existing, the trusted hardware equipment except that the peripherals controller continues to start; Otherwise stop starting;
The existence of checking trusted hardware equipment is meant, the credible platform control module sends initializing signal to trusted hardware equipment successively by the peripheral unit control module, after treating that trusted hardware equipment responds initializing signal successively and finishes initialization operation, the credible platform control module confirms that trusted hardware equipment exists.
3.3 the credible platform control module at first disposes peripheral controls, video card, the credible platform control module reads supervisor control program from non-volatile memory cells then, and points out the user that the platform management key is provided on screen by peripheral controls; After the user provides managing keys; The credible platform control module will collect new hardware device information and be presented on the display by video card, if the user provides correct managing keys, and agree to change hardware, and system continues to start, otherwise stops starting.
3.4 after confirming that the user information of the hardware device replaced is correct, the digest value that the vendor code of the hardware device after the credible platform control module will be replaced and device code generate, and the tolerance digest value of the firmware code of replacement back hardware device deposits the volatile memory cell of credible platform control module inside in;
3.5 it is right that the hardware device after replacing generates key; And private key is deposited in the trusted module of the hardware device inside after the replacement.The PKI of the hardware device after the replacement sends to the credible platform control module; The credible platform control module deposits the public key information of receiving the non-volatile memory cells of credible platform control module inside in, with the corresponding digest value that generates by device code and vendor code in the tolerance digest value of reliable hardware self firmware code received and the credible platform control module volatile memory cell want with after be stored in the non-volatile memory cells of credible platform control module;
3.6 the credible platform control module sends the order that starts BOOT ROM by peripheral controls to CPU, then CPU begins to carry out BIOS loading boot, finishes system start-up.
Claims (2)
1. the credible equipment of an active control function is characterized in that: comprise CPU, video card, internal memory, BOOT ROM, credible platform control module, peripheral controls and other hardware devices:
Other hardware devices comprise: hard disk, PCI integrated circuit board, SCSI integrated circuit board and PCI-E integrated circuit board;
All there is trusted module each reliable hardware inside; Trusted module comprises: symmetric cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells, volatile memory cell, credible interface unit;
The credible platform control module is except that comprising: carry out engine, communication bus, non-volatile memory cells, volatile memory cell, counter and the input/output bus interface, also comprise: control ruling engine, control strategy configuration information customization engine, work mode configuration information customization engine, state switching controls engine, active check engine and credible password module;
Credible password module is except that comprising: symmetric cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells, volatile memory cell, credible interface unit and the communication bus, also comprise the input and output isolated location;
Input and output isolated location: comprise two ports, one of them port connects symmetric cryptographic algorithm engine, asymmetric cryptographic algorithm engine, randomizer, metric algorithm engine, execution unit, non-volatile memory cells and volatile memory cell by communication bus, and another port connects the communication bus of credible platform control module;
Trusted hardware equipment comprises basic hardware circuit, bus controller, platform bus interface, peripheral bus, firmware stores unit, Policy storage unit, configuration memory cell and trusted module, and has passed through the authentication of credible platform control module to described hardware device;
Bus controller interconnects by communication bus and basic hardware circuit, platform bus interface, peripheral interface, firmware stores unit, Policy storage unit, configuration memory cell and trusted module;
The signal input end mouth of peripheral controls is connected to the processor and the credible platform control module of credible platform; The input/output bus port of peripheral controls is connected to credible platform control module and other hardware devices of credible platform;
In credible platform control module inside, by communication bus will control the ruling engine, carry out engine, non-volatile memory cells, volatile memory cell, counter, input/output bus interface, control strategy configuration information customization engine, work mode configuration information customization engine, state switching controls engine, initiatively check engine, credible password module, interconnect.
2. the authentication method of the credible equipment of a kind of active control function according to claim 1, it is characterized in that by carrying out realizing the binding of credible platform control module and credible platform alternately between credible platform control module on the credible platform and the trusted hardware equipment;
First during electrifying startup, carry out 1.1 credible platform initial methods in trusted computer; When starting, carry out the authentication method of 1.2 credible platforms and trusted hardware equipment: when the user need upgrade hardware, carry out the hardware device update method of 1.3 credible platforms in the future at every turn;
1.1 credible platform initial method:
1.1.1 behind the electrifying startup, credible platform control module and peripheral controls carry out mutual first trusted computer first, if peripheral controls exist, then continue to start; Otherwise stop starting;
1.1.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls visit credible platform whether trusted hardware equipment exists; If existing, trusted hardware equipment continues to start; Otherwise stop starting;
1.1.3 the credible platform control module reads the vendor code and the device code of trusted hardware equipment, and generates the easy mistake storage unit that digest value is stored to the credible platform control module; The trusted module of trusted hardware equipment inside begins to measure self firmware code, and generates the volatile memory cell that digest value is stored to the trusted module of trusted hardware equipment;
1.1.4 the credible platform control module at first disposes peripheral controls, video card, the credible platform control module reads supervisor control program from non-volatile memory cells then, and points out the user that the platform management key is provided on screen by peripheral controls; After the user provides managing keys; The credible platform control module is presented at the hardware device information that collects on the display by video card, artificial confirm that hardware information is correct after,, otherwise stop starting with reliable hardware if information is errorless;
1.1.5 credible platform control module and trusted hardware equipment are right by the key of the trusted module generation self of device interior; Simultaneously private key is deposited in the trusted module of device interior; The credible platform control module is distributed to outer trusted hardware equipment with PKI, and trusted hardware equipment is stored in the PKI of credible platform control module in the non-volatile memory cells of trusted module separately; Trusted hardware equipment will be separately PKI and separately the tolerance digest value of firmware code send to the credible platform control module; The credible platform control module deposits the public key information of receiving the non-volatile memory cells of credible platform control module inside in order, in the volatile memory cell with the tolerance digest value of trusted hardware equipment self firmware code received and credible platform control module the corresponding digest value that generates by vendor code and device code with after be stored in the non-volatile memory cells of credible platform control module;
Restart order 1.1.6 the credible platform control module sends to credible platform, credible platform is carried out reboot operation;
1.2 the authentication method of credible platform and trusted hardware equipment:
1.2.1 behind the credible platform electrifying startup, the credible platform control module is carried out alternately with peripheral controls earlier, if peripheral controls exist, then continues to start; Otherwise stop starting;
1.2.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls visit credible platform whether trusted hardware equipment exists; If existing, trusted hardware equipment continues to start; Otherwise stop starting;
1.2.3 credible platform control module tolerance reliable hardware, if measure successfully then continues to start, otherwise the termination startup, entrance management program prompts user;
1.2.4 the trusted module of credible platform control module and reliable hardware carries out the password interactive authentication, continues to start if authentication is passed through; Otherwise stop starting;
1.2.5 the credible platform control module sends the order that starts BOOT ROM by peripheral controls to CPU, then CPU begins to carry out BIOS loading boot, finishes system start-up;
1.3 the hardware device update method of credible platform:
1.3.1 behind the electrifying startup first of credible platform after the user changes hardware, credible platform control module and peripheral controls carry out alternately, if peripheral controls exist, then continue to start; Otherwise stop starting;
1.3.2 after the peripheral controls initialization finished, the credible platform control module checked by the hardware device on the peripheral controls visit credible platform whether the trusted hardware equipment except that the peripherals controller exists; If existing, the trusted hardware equipment except that the peripherals controller continues to start; Otherwise stop starting;
1.3.3 the credible platform control module at first disposes peripheral controls, video card, the credible platform control module reads supervisor control program from non-volatile memory cells then, and points out the user that the platform management key is provided on screen by peripheral controls; After the user provides managing keys; The credible platform control module will collect new hardware device information and be presented on the display by video card, if the user provides correct managing keys, and agree to change hardware, and system continues to start, otherwise stops starting;
1.3.4 after confirming that the user information of the hardware device replaced is correct, the digest value that the vendor code of the hardware device after the credible platform control module will be replaced and device code generate, and the tolerance digest value of the firmware code of replacement back hardware device deposits the volatile memory cell of credible platform control module inside in;
1.3.5 it is right that the hardware device after replacing generates key; And private key is deposited in the trusted module of the hardware device inside after the replacement; The PKI of the hardware device after the replacement sends to the credible platform control module; The credible platform control module deposits the public key information of receiving the non-volatile memory cells of credible platform control module inside in, with the corresponding digest value that generates by device code and vendor code in the tolerance digest value of reliable hardware self firmware code received and the credible platform control module volatile memory cell want with after be stored in the non-volatile memory cells of credible platform control module;
1.3.6 the credible platform control module sends the order that starts BOOT ROM by peripheral controls to CPU, then CPU begins to carry out BIOS loading boot, finishes system start-up.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100031881A CN102063593B (en) | 2011-01-07 | 2011-01-07 | Credible device with active control function and authentication method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011100031881A CN102063593B (en) | 2011-01-07 | 2011-01-07 | Credible device with active control function and authentication method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102063593A true CN102063593A (en) | 2011-05-18 |
| CN102063593B CN102063593B (en) | 2013-01-09 |
Family
ID=43998864
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011100031881A Active CN102063593B (en) | 2011-01-07 | 2011-01-07 | Credible device with active control function and authentication method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102063593B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102331941A (en) * | 2011-07-07 | 2012-01-25 | 曙光信息产业股份有限公司 | Method for managing hard disk switching of Loongson mainboard |
| CN104268477A (en) * | 2014-09-26 | 2015-01-07 | 华为技术有限公司 | Safety control method and network device |
| CN104598827A (en) * | 2015-01-12 | 2015-05-06 | 中国人民解放军信息工程大学 | Design method of restarting counter of hardware assisted operating system |
| CN104639503A (en) * | 2013-11-11 | 2015-05-20 | 国际商业机器公司 | Method, devices and system for protecting sensitive information |
| CN106127016A (en) * | 2016-07-18 | 2016-11-16 | 浪潮集团有限公司 | System and implementation method for trusted authentication of user login of operating system |
| CN106462708A (en) * | 2014-06-27 | 2017-02-22 | 英特尔公司 | Management of authenticated variables |
| CN106529271A (en) * | 2016-10-08 | 2017-03-22 | 深圳市金立通信设备有限公司 | Terminal and binding check method thereof |
| CN107317703A (en) * | 2017-06-20 | 2017-11-03 | 郑州云海信息技术有限公司 | It is a kind of to realize that change confirms method, management end and the credible management platform of function |
| CN107403098A (en) * | 2017-06-13 | 2017-11-28 | 北京溢思得瑞智能科技研究院有限公司 | The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage |
| CN108830111A (en) * | 2018-05-03 | 2018-11-16 | 深圳市中微信息技术有限公司 | A kind of credible design method based on domestic Godson CPU |
| CN110096887A (en) * | 2019-03-22 | 2019-08-06 | 阿里巴巴集团控股有限公司 | A kind of trusted computing method and server |
| CN111435394A (en) * | 2019-01-15 | 2020-07-21 | 阿里巴巴集团控股有限公司 | Safety calculation method and device based on FPGA hardware |
| US20220150260A1 (en) * | 2019-07-24 | 2022-05-12 | Huawei Technologies Co., Ltd. | Hardware Detection Method and Apparatus, Device, and Storage Medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070266256A1 (en) * | 2006-05-09 | 2007-11-15 | Interdigital Technology Corporation | Secure time functionality for a wireless device |
| US7360253B2 (en) * | 2004-12-23 | 2008-04-15 | Microsoft Corporation | System and method to lock TPM always ‘on’ using a monitor |
| CN101901318A (en) * | 2010-07-23 | 2010-12-01 | 北京工业大学 | Trusted hardware equipment and using method thereof |
-
2011
- 2011-01-07 CN CN2011100031881A patent/CN102063593B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7360253B2 (en) * | 2004-12-23 | 2008-04-15 | Microsoft Corporation | System and method to lock TPM always ‘on’ using a monitor |
| US20070266256A1 (en) * | 2006-05-09 | 2007-11-15 | Interdigital Technology Corporation | Secure time functionality for a wireless device |
| CN101901318A (en) * | 2010-07-23 | 2010-12-01 | 北京工业大学 | Trusted hardware equipment and using method thereof |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102331941A (en) * | 2011-07-07 | 2012-01-25 | 曙光信息产业股份有限公司 | Method for managing hard disk switching of Loongson mainboard |
| CN102331941B (en) * | 2011-07-07 | 2014-07-02 | 曙光信息产业股份有限公司 | Method for managing hard disk switching of loongson mainboard |
| US9853954B2 (en) | 2013-11-11 | 2017-12-26 | International Business Machines Corporation | Protecting sensitive information using an untrusted device |
| CN104639503B (en) * | 2013-11-11 | 2017-12-19 | 国际商业机器公司 | A kind of methods, devices and systems for being used to protect sensitive information |
| CN104639503A (en) * | 2013-11-11 | 2015-05-20 | 国际商业机器公司 | Method, devices and system for protecting sensitive information |
| CN106462708A (en) * | 2014-06-27 | 2017-02-22 | 英特尔公司 | Management of authenticated variables |
| CN106462708B (en) * | 2014-06-27 | 2019-05-14 | 英特尔公司 | Authenticate the management method and device of variable |
| US10831934B2 (en) | 2014-06-27 | 2020-11-10 | Intel Corporation | Management of authenticated variables |
| WO2016045458A1 (en) * | 2014-09-26 | 2016-03-31 | 华为技术有限公司 | Security control method and network device |
| CN104268477B (en) * | 2014-09-26 | 2017-09-26 | 华为技术有限公司 | A kind of method of controlling security and the network equipment |
| CN104268477A (en) * | 2014-09-26 | 2015-01-07 | 华为技术有限公司 | Safety control method and network device |
| CN104598827B (en) * | 2015-01-12 | 2017-05-17 | 中国人民解放军信息工程大学 | Design method of restarting counter of hardware assisted operating system |
| CN104598827A (en) * | 2015-01-12 | 2015-05-06 | 中国人民解放军信息工程大学 | Design method of restarting counter of hardware assisted operating system |
| CN106127016A (en) * | 2016-07-18 | 2016-11-16 | 浪潮集团有限公司 | System and implementation method for trusted authentication of user login of operating system |
| CN106127016B (en) * | 2016-07-18 | 2018-08-17 | 浪潮集团有限公司 | System and implementation method for trusted authentication of user login of operating system |
| CN106529271A (en) * | 2016-10-08 | 2017-03-22 | 深圳市金立通信设备有限公司 | Terminal and binding check method thereof |
| CN107403098A (en) * | 2017-06-13 | 2017-11-28 | 北京溢思得瑞智能科技研究院有限公司 | The active safety means of defence and credible industrial control computer of credible industrial control computer startup stage |
| CN107317703A (en) * | 2017-06-20 | 2017-11-03 | 郑州云海信息技术有限公司 | It is a kind of to realize that change confirms method, management end and the credible management platform of function |
| CN108830111A (en) * | 2018-05-03 | 2018-11-16 | 深圳市中微信息技术有限公司 | A kind of credible design method based on domestic Godson CPU |
| CN111435394A (en) * | 2019-01-15 | 2020-07-21 | 阿里巴巴集团控股有限公司 | Safety calculation method and device based on FPGA hardware |
| US10929571B2 (en) | 2019-01-15 | 2021-02-23 | Advanced New Technologies Co., Ltd. | FPGA hardware-based secure computing method and apparatus |
| CN111435394B (en) * | 2019-01-15 | 2021-05-14 | 创新先进技术有限公司 | Safety calculation method and device based on FPGA hardware |
| TWI729462B (en) * | 2019-01-15 | 2021-06-01 | 開曼群島商創新先進技術有限公司 | Safe calculation method and device based on FPGA hardware |
| US11113423B2 (en) | 2019-01-15 | 2021-09-07 | Advanced New Technologies Co., Ltd. | FPGA hardware-based secure computing method and apparatus |
| CN110096887A (en) * | 2019-03-22 | 2019-08-06 | 阿里巴巴集团控股有限公司 | A kind of trusted computing method and server |
| CN110096887B (en) * | 2019-03-22 | 2020-06-30 | 阿里巴巴集团控股有限公司 | Trusted computing method and server |
| US11163865B2 (en) | 2019-03-22 | 2021-11-02 | Advanced New Technologies Co., Ltd. | Trusted computing method, and server |
| US20220150260A1 (en) * | 2019-07-24 | 2022-05-12 | Huawei Technologies Co., Ltd. | Hardware Detection Method and Apparatus, Device, and Storage Medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102063593B (en) | 2013-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102063593B (en) | Credible device with active control function and authentication method thereof | |
| US11741230B2 (en) | Technologies for secure hardware and software attestation for trusted I/O | |
| US10057221B2 (en) | Field replaceable unit authentication system | |
| KR101662618B1 (en) | Measuring platform components with a single trusted platform module | |
| KR101768583B1 (en) | Secure battery authentication | |
| CN110737897B (en) | Method and system for starting measurement based on trusted card | |
| CN103955648B (en) | Method and device for verifying legality of system image | |
| CN103186434A (en) | Method and system for recovering basic input/output system | |
| CN102063591A (en) | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform | |
| CN109657448A (en) | A kind of method, apparatus, electronic equipment and storage medium obtaining Root authority | |
| CN108345805B (en) | Method and device for verifying firmware | |
| CN110688660A (en) | Method and device for safely starting terminal and storage medium | |
| US20130036467A1 (en) | Method and process for pin entry in a consistent software stack in cash machines | |
| CN112955888A (en) | Protecting a group of nodes | |
| CN113626803A (en) | BMC firmware protection method, system and device and readable storage medium | |
| CN111125707A (en) | BMC (baseboard management controller) safe starting method, system and equipment based on trusted password module | |
| CN112346785B (en) | Data processing method, device, system, storage medium and computer equipment | |
| CN201974813U (en) | Trusted equipment with active control function | |
| CN116049824A (en) | Firmware image checking system, firmware image checking method and computer system | |
| CN111258598B (en) | Metric updating method, device, system, storage medium and computer equipment | |
| CN117494232B (en) | Method, device, system, storage medium and electronic equipment for executing firmware | |
| CN115618366B (en) | Authentication method and device for server | |
| CN116405316A (en) | Method, device, equipment, medium and special machine management system for starting special machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Shen Changxiang Inventor after: Wang Yubo Inventor after: Mao Junjie Inventor after: Fang Juan Inventor after: Liu Yi Inventor after: Zhang Ning Inventor before: Wang Yubo Inventor before: Mao Junjie Inventor before: Fang Juan Inventor before: Liu Yi Inventor before: Zhang Ning |