CN103942074A - Algorithm loading method and device - Google Patents
Algorithm loading method and device Download PDFInfo
- Publication number
- CN103942074A CN103942074A CN201410140279.3A CN201410140279A CN103942074A CN 103942074 A CN103942074 A CN 103942074A CN 201410140279 A CN201410140279 A CN 201410140279A CN 103942074 A CN103942074 A CN 103942074A
- Authority
- CN
- China
- Prior art keywords
- algorithm
- tpm
- encryption
- decryption
- described algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses an algorithm loading method and device. The algorithm loading method and device are used for avoiding frequent replacement of TPM hardware and reducing cost for encryption and decryption through the TPM hardware. The method includes the steps that TPM encryption and decryption commands for encrypting and decrypting data are acquired, wherein the TPM encryption and decryption commands comprise ID of an algorithm needing to be used for encrypting and decrypting the data; whether the algorithm corresponding to the ID is supported or not is judged; if not, the algorithm is acquired from a preset memory address; the data are encrypted and decrypted according to the acquired algorithm.
Description
Technical field
The present invention relates to field of computer technology, relate in particular to a kind of algorithm loading method and device.
Background technology
Credible platform module (Trusted Platform Module, TPM) technology is proposed by believable computation organization (Trusted Computing Group, TCG), can effectively prevent the change of disabled user to sensitive data.In order to protect sensitive data, conventionally in the Design of Hardware Architecture of data management, can add TPM hardware, carry out some encryption and decryption operations by the algorithm providing in TPM hardware.
Conventionally in the TPM hardware of design, include two large generic modules, one is memory module, another kind is algoritic module, wherein, memory module is for storage key, the data such as random number, in algoritic module, include many algorithms, for example Secure Hash Algorithm (Secure Hash Algorithm, SHA) 1 algorithm, asymmetric cryptographic algorithm (Rivest-Shamir-Adleman, RSA) algorithm etc., because the algorithm that in TPM hardware, algoritic module comprises is all that hardware first designs, therefore the algorithm that TPM hardware can be supported is also fixing and limited, for example in algoritic module, be designed with SHA1 algorithm, RSA Algorithm, TPM hardware is just merely able to support SHA1 algorithm, RSA Algorithm.
More and more perfect along with TPM specification, need the algorithm of TPM hardware supported more and more, because TPM hardware can only be supported the algorithm being designed with at algoritic module, therefore in the time that TPM encryption and decryption order request uses new algorithm, if also use existing TPM hardware to enter encryption and decryption operation, must cause encryption and decryption operation failure, but according to existing TPM hardware design mode, in order to make TPM hardware supported new algorithm, be merely able to change existing TPM hardware, once therefore need to increase new algorithm in prior art, just must change TPM hardware, and this can significantly improve the cost that uses TPM hardware to carry out encryption and decryption operation.
Summary of the invention
The embodiment of the present invention provides a kind of algorithm loading method and device, for avoiding the frequent replacing to TPM hardware, reduces the cost that uses TPM hardware to carry out encryption and decryption operation.
For solving the problems of the technologies described above, the embodiment of the present invention provides following technical scheme:
First aspect, the embodiment of the present invention provides a kind of algorithm loading method, comprising:
Obtain the credible platform module TPM encryption and decryption order of data being carried out to encryption and decryption, the order of described TPM encryption and decryption comprises the mark ID of the algorithm that need to use described data encrypting and deciphering;
Judge whether the algorithm of supporting that described ID is corresponding;
If do not support described algorithm, obtain described algorithm from preset memory address;
According to the described algorithm getting, described data are carried out to encryption and decryption operation.
In conjunction with first aspect, in the possible implementation of the first of first aspect, the order of described TPM encryption and decryption also comprises: the version number of described algorithm;
Described judge whether to support algorithm that described ID is corresponding after, also comprise:
If support described algorithm, judge whether the algorithm versions of supporting that described version number is corresponding according to described version number;
If do not support described algorithm versions number corresponding algorithm versions, obtain algorithm content corresponding to described algorithm versions from preset memory address;
According to the algorithm content that described algorithm versions is corresponding, described data are carried out to encryption and decryption operation.
In conjunction with first aspect, in the possible implementation of the second of first aspect, described after preset memory address is obtained described algorithm, also comprise:
The described algorithm stores getting, in local storage space, is stored after described algorithm in described local storage space, supported described algorithm.
In conjunction with the first of first aspect or first aspect may or the possible implementation of the second, in the third possible implementation of first aspect, described in judge whether to comprise the algorithm of supporting that described ID is corresponding:
Judge the ID that whether records described algorithm in TPM allocation list, if record the ID of described algorithm in described TPM allocation list, determine and support described algorithm, if do not record the ID of described algorithm in described TPM allocation list, determine and do not support described algorithm.
In conjunction with the third possible implementation of first aspect, in the 4th kind of possible implementation of first aspect, described after preset memory address is obtained described algorithm, also comprise:
In the time not recording the ID of described algorithm in described TPM allocation list, the ID of described algorithm is added in described TPM allocation list.
In conjunction with first aspect, in the 5th kind of possible implementation of first aspect, described after preset memory address is obtained described algorithm, also comprise:
According to the secure ID of the described algorithm getting, described algorithm is decrypted to certification, if decrypted authentication passes through, triggers to carry out according to the described algorithm getting described data are carried out to encryption and decryption operation.
In conjunction with first aspect, in the 6th kind of possible implementation of first aspect, describedly obtain described algorithm from preset memory address, comprising:
Load described algorithm to memory headroom from described memory address.
Second aspect, the embodiment of the present invention also provides a kind of algorithm charger, comprising:
Order acquisition module, for obtaining the TPM encryption and decryption order of data being carried out to encryption and decryption, the order of described TPM encryption and decryption comprises the mark ID of the algorithm that need to use described data encrypting and deciphering;
Judge module, for the algorithm that judges whether to support that described ID is corresponding;
Algorithm acquisition module, if for not supporting described algorithm, obtain described algorithm from preset memory address;
Encryption and decryption module, for carrying out encryption and decryption operation according to the described algorithm getting to described data.
In conjunction with second aspect, in the possible implementation of the first of second aspect, the order of described TPM encryption and decryption also comprises: the version number of described algorithm;
Described judge module, also for after judging according to the ID of described algorithm whether native system supports described algorithm, in the time supporting described algorithm, judges whether the algorithm versions of supporting that described version number is corresponding according to described version number;
Described algorithm acquisition module, also, in the time not supporting number corresponding algorithm versions of described algorithm versions, obtains algorithm content corresponding to described algorithm versions from preset memory address;
Described encryption and decryption module, also for carrying out encryption and decryption operation according to algorithm content corresponding to described algorithm versions to described data.
In conjunction with second aspect, in the possible implementation of the second of second aspect, described algorithm charger, also comprise: memory module, be used for described algorithm acquisition module after preset memory address is obtained described algorithm, the described algorithm stores getting, in local storage space, is stored after described algorithm in described local storage space, supported described algorithm.
In conjunction with the first possibility or the possible implementation of the second of second aspect or second aspect, in the third possible implementation of second aspect, described judge module, specifically for judging the ID that whether records described algorithm in TPM allocation list, if record the ID of described algorithm in described TPM allocation list, determine and support described algorithm, if do not record the ID of described algorithm in described TPM allocation list, determine and do not support described algorithm.
In conjunction with the third possible implementation of second aspect, in the 4th kind of possible implementation of second aspect, described algorithm charger, also comprise: allocation list maintenance module, be used for described algorithm acquisition module after preset memory address is obtained described algorithm, in the time not recording the ID of described algorithm in described TPM allocation list, the ID of described algorithm is added in described TPM allocation list.
In conjunction with second aspect, in the 5th kind of possible implementation of second aspect, described algorithm charger, also comprise: safety control module, be used for described algorithm acquisition module after preset memory address is obtained described algorithm, according to the secure ID of the described algorithm getting, described algorithm is decrypted to certification, if decrypted authentication passes through, triggers to carry out according to the described algorithm getting described data are carried out to encryption and decryption operation.
In conjunction with second aspect, in the 6th kind of possible implementation of second aspect, described algorithm acquisition module, specifically for loading the memory headroom of described algorithm to native system from described memory address.
As can be seen from the above technical solutions, the embodiment of the present invention has the following advantages:
In embodiments of the present invention, first get the order of TPM encryption and decryption, this TPM encryption and decryption order is used to indicate carries out encryption and decryption to data, and comprise the ID of the algorithm that need to use this data encrypting and deciphering in the order of TPM encryption and decryption, then judge whether according to this ID the algorithm of supporting that this ID is corresponding, if do not support this algorithm, get this algorithm from preset memory address, this algorithm that last basis gets is carried out encryption and decryption operation to data.Owing to can get this algorithm from preset memory address according to ID in the time not supporting the algorithm of TPM encryption and decryption order instruction, thereby use this algorithm getting to carry out encryption and decryption operation to data, therefore the replacing to TPM hardware can avoid not designing this algorithm in the algoritic module of TPM hardware time, reduces the cost that uses TPM hardware to carry out encryption and decryption operation.
Brief description of the drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the present invention, below the accompanying drawing of required use during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, to those skilled in the art, can also obtain according to these accompanying drawings other accompanying drawing.
The process blocks schematic diagram of a kind of algorithm loading method that Fig. 1 provides for the embodiment of the present invention;
The process blocks schematic diagram of the another kind of algorithm loading method that Fig. 2 provides for the embodiment of the present invention;
The composition structural representation of a kind of algorithm charger that Fig. 3-a provides for the embodiment of the present invention;
The composition structural representation of the another kind of algorithm charger that Fig. 3-b provides for the embodiment of the present invention;
The composition structural representation of the another kind of algorithm charger that Fig. 3-c provides for the embodiment of the present invention;
The composition structural representation of the another kind of algorithm charger that Fig. 3-d provides for the embodiment of the present invention;
The composition structural representation of the another kind of algorithm charger that Fig. 4-a provides for the embodiment of the present invention;
The composition structural representation of a kind of TPM hardware that Fig. 4-b provides for the embodiment of the present invention;
The composition structural representation of the another kind of algorithm charger that Fig. 5 provides for the embodiment of the present invention.
Embodiment
The embodiment of the present invention provides a kind of algorithm loading method and device, for avoiding the frequent replacing to TPM hardware, reduces the cost that uses TPM hardware to carry out encryption and decryption operation.
For making goal of the invention of the present invention, feature, advantage can be more obvious and understandable, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, the embodiments described below are only the present invention's part embodiment, but not whole embodiment.Based on the embodiment in the present invention, the every other embodiment that those skilled in the art obtains, belongs to the scope of protection of the invention.
Term in instructions of the present invention and claims and above-mentioned accompanying drawing " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, so that the process that comprises a series of unit, method, system, product or equipment are not necessarily limited to those unit, but can comprise clearly do not list or for other intrinsic unit of these processes, method, product or equipment.
Below be elaborated respectively.
An embodiment of algorithm loading method of the present invention, can be applicable to carry out in encryption and decryption operation based on TPM hardware, the method can comprise: obtain (the Trusted Platform Module that data is carried out to encryption and decryption, TPM) encryption and decryption order, the order of TPM encryption and decryption comprises the mark (Identity, ID) of the algorithm that need to use above-mentioned data encrypting and deciphering; Judge whether the algorithm of supporting that above-mentioned ID is corresponding; If do not support above-mentioned algorithm, obtain above-mentioned algorithm from preset memory address; According to the above-mentioned algorithm getting, above-mentioned data are carried out to encryption and decryption operation.
Refer to shown in Fig. 1, the algorithm loading method that one embodiment of the invention provides, can comprise the steps:
101, obtain the TPM encryption and decryption order of data being carried out to encryption and decryption, wherein, the order of TPM encryption and decryption comprises the ID of the algorithm that need to use above-mentioned data encrypting and deciphering.
In embodiments of the present invention, the data that produce for upper level applications or upper level applications need the data that further use, especially sensitive data, changed by disabled user in order to prevent these data, can use TPM hardware to be encrypted operation to data, if the data that the data that application program produces need to have been used by TPM hardware encipher or application program, by TPM hardware encipher, need to use TPM hardware to carry out corresponding decryption oprerations.When algorithm charger no matter need to data be encrypted operation or decryption oprerations can first get the order of TPM encryption and decryption, this TPM encryption and decryption order can be used to indicate carries out encryption and decryption to data, be that the order of TPM encryption and decryption specifically can be indicated and need to data is encrypted or need to data be decrypted, and comprise the ID of the algorithm that need to use this data encrypting and deciphering in the order of TPM encryption and decryption, which kind of algorithm the ID instruction algorithm charger carrying by the order of TPM encryption and decryption should adopt carry out encryption and decryption to data, therefore algorithm charger is resolved by the TPM encryption and decryption order to getting, just can parse and use which kind of algorithm to carry out encryption and decryption operation to data.Illustrate, the order of TPM encryption and decryption can drive the caller of interface to generate by TPM, the order of TPM encryption and decryption can be specified and be adopted which kind of algorithm by upper level applications in addition, and wherein the ID of algorithm can be the title of algorithm, can be also the algorithm identifier that is different from other algorithms etc.For example, in TPM technology, the normal algorithm using has SHA1 algorithm, RSA Algorithm etc.
It should be noted that, in some embodiments of the invention, the TPM encryption and decryption order that algorithm charger gets can also comprise: the version number of the algorithm that need to use data encrypting and deciphering.Wherein, while also having plural version for same algorithm in TPM technology, in the order of TPM encryption and decryption, also need to carry concrete version number, should use which version of which kind of algorithm to carry out encryption and decryption to data with instruction algorithm charger, for example, for TPM1.2 and TPM2.0, its algorithm designing respectively may have multiple versions, for multiple versions of same algorithm, can be distinguished with different version numbers so.For example, for SHA1 algorithm, in the time having plural version, can use and use respectively Liang Ge version number to be distinguished, so in the order of TPM encryption and decryption except carrying the ID of the SHA1 algorithm that need to use data encrypting and deciphering, also need to carry certain version number of a SHA1 algorithm.
102, judge whether the algorithm of supporting that above-mentioned ID is corresponding.
In embodiments of the present invention, after algorithm charger goes out the ID of its algorithm carrying by TPM encryption and decryption command analysis, algorithm charger judges whether the algorithm of supporting that this ID is corresponding.Wherein, whether support the corresponding algorithm of ID to refer to the algorithm whether algorithm charger supports that this ID is corresponding, in some embodiments of the invention, whether algorithm charger supports algorithm that ID is corresponding refers in the local storage space of algorithm charger whether store the algorithm that this ID is corresponding, for example, when algorithm charger is realized by TPM hardware, in the algoritic module of TPM hardware, whether be designed with the algorithm that certain ID is corresponding.That is to say, in embodiments of the present invention, after algorithm charger gets the order of TPM encryption and decryption, be not directly as prior art according to this TPM encryption and decryption order, data to be carried out to encryption and decryption operation, but the algorithm ID that order is carried according to TPM encryption and decryption judges, judge whether this algorithm charger supports the algorithm that this ID is corresponding, can avoid like this algorithm that directly uses this TPM encryption and decryption order to carry out causing because not supporting certain some algorithm when encryption and decryption operates to data in prior art to load unsuccessfully, in embodiments of the present invention, if algorithm charger judges this algorithm charger and can support algorithm corresponding to ID that the order of TPM encryption and decryption comprises, can carry out encryption and decryption operation to data according to algorithm corresponding to this ID, do not support if judge this algorithm charger algorithm corresponding to ID that the order of TPM encryption and decryption comprises, triggering step 103 carries out.
It should be noted that, in some embodiments of the invention, when algorithm charger judges whether to support algorithm corresponding to above-mentioned ID, can there is other implementation, for example, algorithm charger is preserved a TPM allocation list in local storage space, and the ID of all algorithms that this algorithm charger can be supported is saved in TPM allocation list, step 102 judges whether the algorithm of supporting that above-mentioned ID is corresponding, specifically can comprise the steps:
Judge the ID that whether records above-mentioned algorithm in TPM allocation list, if record the ID of above-mentioned algorithm in TPM allocation list, determine and support above-mentioned algorithm, if do not record the ID of above-mentioned algorithm in TPM allocation list, determine and do not support above-mentioned algorithm.Wherein, in the time that algorithm charger gets the ID of the algorithm that need to use data encrypting and deciphering from the order of TPM encryption and decryption, algorithm charger is searched TPM allocation list according to this ID, after having traveled through TPM allocation list, if algorithm charger finds above-mentioned ID from this TPM allocation list, illustrate that this algorithm charger can support the algorithm that this ID is corresponding, if algorithm charger does not find above-mentioned ID from this TPM allocation list, illustrate that this algorithm charger do not support the algorithm that this ID is corresponding.By algorithm charger to whether supporting a certain algorithm to judge, both can obtain that in algorithm charger, whether store can be for carrying out the algorithm of encryption and decryption operation to data, if store, illustrate that algorithm charger can support this algorithm, if not storage illustrates that algorithm charger do not support this algorithm.In the embodiment of the present invention, algorithm charger can judge by TPM allocation list whether this algorithm charger supports a certain algorithm fast, can avoid the algorithm that directly uses this TPM encryption and decryption order to carry out causing because not supporting certain some algorithm when encryption and decryption operates to data in prior art to load unsuccessfully.
If 103 do not support above-mentioned algorithm, obtain above-mentioned algorithm from preset memory address.
In embodiments of the present invention, after whether algorithm charger supports that to this algorithm charger algorithm that above-mentioned ID is corresponding judges according to step 102, in the time that judged result is not supported above-mentioned algorithm for this algorithm charger, the ID that order is carried according to TPM encryption and decryption obtains the algorithm corresponding with this ID from preset memory address.That is to say, in embodiments of the present invention, all algorithms all can be saved in a memory address in advance, it can be for example the server with algorithm charger with communication connection, this server provides storage space, all algorithm stores of using during by TPM encryption and decryption are to this storage space, and memory address is sent to algorithm charger by communication connection, in the time that algorithm charger is not supported above-mentioned algorithm, can from the memory address setting in advance, get the algorithm that this ID is corresponding according to ID, for example, when algorithm charger is realized by TPM hardware, in the time that not supporting a certain algorithm, TPM hardware do not need to change TPM hardware as prior art, but get from memory address the algorithm that this ID is corresponding according to above-mentioned ID.
It should be noted that, in embodiments of the present invention, algorithm charger can be saved in memory address in the address list in algorithm charger in advance, in the time that algorithm charger is not supported a certain algorithm, algorithm charger can be searched address list by the ID of algorithm, thereby get the memory address of algorithm stores by the address list of algorithm charger, can get algorithm based on this memory address.
It should be noted that, in some embodiments of the invention, if the order of TPM encryption and decryption also comprises: the version number of algorithm, the TPM encryption and decryption order that algorithm charger gets can also comprise: the version number of the algorithm that need to use data encrypting and deciphering.After step 102 judges whether to support algorithm that above-mentioned ID is corresponding, can also comprise the steps:
If A1 supports algorithm, judge whether the algorithm versions of supporting that version number is corresponding according to version number;
If A2 does not support algorithm versions number corresponding algorithm versions, from algorithm content corresponding to preset memory address acquisition algorithm version;
A3, according to algorithm content corresponding to algorithm versions, data are carried out to encryption and decryption operation.
Wherein, in step 102, algorithm charger judges when this algorithm charger is supported algorithm corresponding to the ID that carries in the order of TPM encryption and decryption, if the order of TPM encryption and decryption also carries the version number of this algorithm, perform step A1, algorithm charger judges according to version number whether this algorithm charger supports the algorithm versions that this version number is corresponding, in the time that algorithm charger is not supported algorithm versions corresponding to this version number, obtain algorithm content corresponding to this algorithm versions from preset memory address, that is to say, in embodiments of the present invention, all versions of an algorithm all can be saved in a memory address in advance, it can be for example the server with algorithm charger with communication connection, this server provides storage space, the algorithm content corresponding to all versions of certain algorithm of using during by TPM encryption and decryption all stores this storage space into, and memory address is sent to algorithm charger by communication connection, in the time that algorithm charger is not supported certain version of above-mentioned algorithm, can from the memory address setting in advance, get according to version number algorithm content corresponding to this algorithm versions, for example, when algorithm charger is realized by TPM hardware, in the time that not supporting a certain algorithm versions, TPM hardware do not need to change TPM hardware as prior art, but get algorithm content corresponding to this algorithm versions according to above-mentioned algorithm versions from memory address.When algorithm charger gets algorithm content corresponding to above-mentioned algorithm versions from memory address after, execution step A3, carries out encryption and decryption operation according to this algorithm content to data.
In some embodiments of the invention, step 103, after preset memory address is obtained described algorithm, can also comprise the steps:
The above-mentioned algorithm stores getting, in local storage space, is stored after above-mentioned algorithm in local storage space, supported above-mentioned algorithm.
That is to say, algorithm charger is after preset memory address gets above-mentioned algorithm, load for the ease of follow-up algorithm, can be by the algorithm stores getting in local storage space,, after algorithm charger receives the order of TPM encryption and decryption next time again, algorithm charger just can support to store into the algorithm in local storage space.
In some embodiments of the invention, if algorithm charger is provided with TPM allocation list, step 103, after preset memory address is obtained described algorithm, can also comprise the steps:
In the time not recording the ID of algorithm in TPM allocation list, the ID of algorithm is added in TPM allocation list.
That is to say, algorithm charger need to carry out dynamic management to TPM allocation list, algorithm charger, after preset memory address gets algorithm, adds the ID of the algorithm getting in TPM allocation list to, therefore algorithm charger just can have been supported this algorithm.
In some embodiments of the invention, in order to detect the legitimacy of the algorithm getting,, step 103, after preset memory address is obtained described algorithm, can also comprise the steps:
According to the secure ID of the above-mentioned algorithm getting, above-mentioned algorithm is decrypted to certification, if decrypted authentication passes through, triggers execution step 104, according to the above-mentioned algorithm getting, above-mentioned data are carried out to encryption and decryption operation.
Concrete, after algorithm charger gets algorithm from preset memory address, the secure ID that algorithm charger can also carry according to the algorithm getting is decrypted certification to algorithm, after only having decrypted authentication to pass through, just can trigger step 104 carries out, otherwise illustrate that the algorithm that algorithm charger gets is illegal, can not be used for the encryption and decryption operation to data, to prevent disabled user's distorting data.Wherein, the secure ID that algorithm carries can have multiple implementation, for example md5-challenge (Message Digest Algorithm5, MD5), public key encryption, tagged word etc.
It should be noted that, in some embodiments of the invention, step 103 is obtained above-mentioned algorithm from preset memory address, specifically can comprise the steps:
Load above-mentioned algorithm to memory headroom from above-mentioned memory address.
That is to say, algorithm charger can be loaded into the algorithm of storing in memory address in the memory headroom of this algorithm charger according to memory address, in the time that needs use the algorithm loading, can directly read from memory headroom, improve and use the efficiency of algorithm to data encrypting and deciphering operation.
104, according to the above-mentioned algorithm getting, above-mentioned data are carried out to encryption and decryption operation.
In embodiments of the present invention, in the time that algorithm charger is not supported the ID of the algorithm that the order of TPM encryption and decryption carries, algorithm charger is after preset memory address gets the algorithm that this ID is corresponding, algorithm charger is carried out encryption and decryption operation according to the above-mentioned algorithm getting to above-mentioned data, use algorithm data to be carried out to the implementation of encryption and decryption operation for algorithm charger, can consult prior art, repeat no more herein.
Known by the aforementioned description to the embodiment of the present invention, first get the order of TPM encryption and decryption, this TPM encryption and decryption order is used to indicate carries out encryption and decryption to data, and comprise the ID of the algorithm that need to use this data encrypting and deciphering in the order of TPM encryption and decryption, then judge whether according to this ID the algorithm of supporting that this ID is corresponding, if do not support this algorithm, get this algorithm from preset memory address, this algorithm that last basis gets is carried out encryption and decryption operation to data.Owing to can get this algorithm from preset memory address according to ID in the time not supporting the algorithm of TPM encryption and decryption order instruction, thereby use this algorithm getting to carry out encryption and decryption operation to data, therefore the replacing to TPM hardware can avoid not designing this algorithm in the algoritic module of TPM hardware time, reduces the cost that uses TPM hardware to carry out encryption and decryption operation.
For ease of better understanding and implement the such scheme of the embodiment of the present invention, the corresponding application scenarios of giving an example is below specifically described.
Referring to as shown in Figure 2, is the schematic flow sheet of another kind of algorithm loading method in the embodiment of the present invention, can comprise:
S01, algorithm charger get the order of TPM encryption and decryption, then perform step S02.
Wherein, in this TPM encryption and decryption order, carry the ID of the algorithm that need to use data encrypting and deciphering.In addition, the version number that can also carry the algorithm that need to use data encrypting and deciphering in the order of TPM encryption and decryption.
For example, when upper level applications produces data or needs usage data, upper level applications need to be called TPM interface and carry out encryption and decryption operation, algorithm charger can get the order of TPM encryption and decryption, and parses and need to use which kind of algorithm (identifying by ID) to carry out encryption and decryption operation to data.
S02, algorithm charger inquiry TPM allocation list judge whether the algorithm of supporting that above-mentioned ID is corresponding, if this algorithm charger supports to carry in algorithm that this ID is corresponding and the order of PM encryption and decryption the version number of the algorithm that need to use data encrypting and deciphering, perform step S03, if this algorithm charger is not supported the algorithm that this ID is corresponding, execution step S04.
Wherein, algorithm charger is preserved a TPM allocation list in local storage space, a TPM allocation list also can be set in the memory headroom of this algorithm charger, in TPM allocation list, record the ID of all algorithms that this algorithm charger can support,, by inquiry TPM algorithm configuration table, just can determine whether this algorithm charger supports the algorithm that this ID is corresponding.
S03, algorithm charger inquiry TPM allocation list judge whether the algorithm versions of supporting that above-mentioned version number is corresponding, if this algorithm charger is supported the algorithm versions that above-mentioned version number is corresponding, execution step S07, if this algorithm charger is not supported the algorithm versions that above-mentioned version number is corresponding, perform step S04.
Concrete, a kind of conventional application scenarios is that what in the order of TPM encryption and decryption, to carry is senior algorithm versions, and the meeting of storing in algorithm charger is rudimentary algorithm versions, therefore step S03 is specifically as follows: algorithm charger inquiry TPM allocation list judges whether to upgrade to algorithm, be in algorithm charger, to store the algorithm ID that the order of TPM encryption and decryption is carried, when but the algorithm versions of storing in this algorithm charger is rudimentary, the judgement of algorithm charger need to be upgraded to the version of former algorithm.Judge need to upgrade to the version of former algorithm time when algorithm charger, algorithm charger can be deleted former algorithm from storage space, then triggers execution step S04.
S04, algorithm charger load algorithm ID that the order of TPM encryption and decryption carries and algorithm content corresponding to algorithm versions to memory headroom from preset memory address, then perform step S05.
Wherein, in the time not storing algorithm corresponding to ID that the order of TPM encryption and decryption carries in algorithm charger, algorithm charger need to load the algorithm that above-mentioned ID is corresponding from preset memory address, in the time not storing algorithm content corresponding to version number that the order of TPM encryption and decryption carries in algorithm charger, algorithm charger need to load algorithm content corresponding to above-mentioned version number from preset memory address.
For example, algorithm charger is according to memory address corresponding to algorithm ID recording in TPM allocation list, and algorithm versions number corresponding memory address is carried out loading algorithm content, wherein in TPM allocation list, record the information such as the length of ID, version number, memory address and the algorithm of algorithm, refer to TPM allocation list as shown in table 1 below:
| The ID of algorithm | Version number | Memory address | Length |
| 0000 | 0001 | 0xf000000 | 0x400 |
| 0001 | 0002 | 0xf0000400 | 0x600 |
| 0002 | 0001 | 0xf0001000 | 0x400 |
| ... | ... | ... | ... |
Wherein, in TPM allocation list, record the ID of all algorithms of algorithm charger support and the version number of the various algorithms of support, and can in TPM allocation list, record the data length of the algorithm content of each algorithm.Before update algorithm and after update algorithm, all need to access TPM allocation list.As above table 1, this TPM allocation list has recorded algorithm charger and has respectively supported the information such as unique ID of algorithm, version number, memory address.First, unique ID of algorithm with and memory address can complete the execution distribution to algorithm.Secondly, the record of version number can be for the upgrading judgement of algorithm.
S05, algorithm charger are decrypted certification to the algorithm content getting, if decrypted authentication passes through, perform step S06, if decrypted authentication does not pass through, finish whole data loading procedure.
Concrete, in each algorithm, an anti-tamper secure ID can be set in advance, for example can use cryptographic algorithm MD5, public key encryption, tagged words etc. arrange a secure ID, algorithm charger is decrypted certification to this secure ID, such as calculating Hash (HASH) value of some algorithm mirror images, judge whether to equal the HASH value with obtaining after authentication public key digital signature, wherein, this PKI can be stored in the storage space of algorithm charger in advance, digital signature can generate by corresponding private key, pass to algorithm charger with algorithm mirror image.
It should be noted that, in algorithm loading procedure, algorithm charger is from preset memory address loading algorithm, and this memory address can be determined by User Interface, also can determine by default address.Algorithm deposit with problem of management on, algorithm charger can distribute enough storage spaces, interpolation, amendment, the deletion of the mode management algorithm by two-way dynamic link table increase the dirigibility that algorithm loads.
S06, algorithm charger upgrade TPM allocation list, then perform step S07.
Wherein, algorithm charger is after memory address gets algorithm, the ID of this algorithm and version number information are updated in TPM allocation list, so that algorithm charger judges the version of the algorithm of supporting which algorithm and support next time by TPM allocation list, in addition, if TPM allocation list is also for the upgrading of algorithm versions, algorithm charger can also replace the rudimentary version of same algorithm with the Advanced Edition of an algorithm, with the upgrading of algorithm versions in implementation algorithm charger.
The algorithm that S07, algorithm charger call new loading carries out encryption and decryption operation to data.
In embodiments of the present invention, after the new algorithm getting is loaded into memory headroom by algorithm charger, the algorithm that algorithm charger can call new loading carries out encryption and decryption operation to data, after encryption and decryption has operated, just can finish whole algorithm loading procedure.It should be noted that, between step S06 and step S07, do not have sequencing point, perform step S07 after can first performing step S06, also can first perform step S07 and perform step again S06, can also perform step S06 and step S07 simultaneously, herein for illustrative purposes only, not limit.
Known by as above illustrating: in the embodiment of the present invention, by TPM allocation list evaluation algorithm charger, whether algorithm is supported, whether version needs upgrading, can ensure do not changing on the basis of TPM hardware, realize the support to various algorithms, cost.In the embodiment of the present invention, can get algorithm content from memory address for the various algorithms of TPM, can realize dynamic load, not revise TPM hardware, therefore can reduce hardware cost.In addition, in the embodiment of the present invention, by adding secure ID to the algorithm that will load, ensure the security of whole platform, if the TPM algorithm loading is rogue program, will damage existing program, therefore this measure can ensure security.
It should be noted that, for aforesaid each embodiment of the method, for simple description, therefore it is all expressed as to a series of combination of actions, but those skilled in the art should know, the present invention is not subject to the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and related action and module might not be that the present invention is necessary.
For ease of better implementing the such scheme of the embodiment of the present invention, be also provided for implementing the relevant apparatus of such scheme below.
Refer to shown in Fig. 3-a, a kind of algorithm charger 300 that the embodiment of the present invention provides, can comprise: order acquisition module 301, judge module 302, algorithm acquisition module 303, encryption and decryption module 304, wherein,
Order acquisition module 301, for obtaining the TPM encryption and decryption order of data being carried out to encryption and decryption, the order of described TPM encryption and decryption comprises the mark ID of the algorithm that need to use described data encrypting and deciphering;
Judge module 302, for the algorithm that judges whether to support that described ID is corresponding;
Algorithm acquisition module 303, if for not supporting described algorithm, obtain described algorithm from preset memory address;
Encryption and decryption module 304, for carrying out encryption and decryption operation according to the described algorithm getting to described data.
In some embodiments of the invention, the order of described TPM encryption and decryption also comprises: the version number of described algorithm;
Described judge module 302, also for after judging according to the ID of described algorithm whether native system supports described algorithm, in the time supporting described algorithm, judges whether the algorithm versions of supporting that described version number is corresponding according to described version number;
Described algorithm acquisition module 303, also, in the time not supporting number corresponding algorithm versions of described algorithm versions, obtains algorithm content corresponding to described algorithm versions from preset memory address;
Described encryption and decryption module 304, also for carrying out encryption and decryption operation according to algorithm content corresponding to described algorithm versions to described data.
In some embodiments of the invention, refer to as shown in Fig. 3-b, with respect to the algorithm charger as shown in Fig. 3-a, described algorithm charger 300, also comprise: memory module 305, for described algorithm acquisition module 303 after preset memory address is obtained described algorithm, by the described algorithm stores getting in local storage space, in described local storage space, store after described algorithm, supported described algorithm.
In some embodiments of the invention, described judge module 302, specifically for judging the ID that whether records described algorithm in TPM allocation list, if record the ID of described algorithm in described TPM allocation list, determine and support described algorithm, if do not record the ID of described algorithm in described TPM allocation list, determine and do not support described algorithm.
In some embodiments of the invention, refer to as shown in Fig. 3-c, with respect to the algorithm charger as shown in Fig. 3-a, described algorithm charger 300, also comprise: allocation list maintenance module 306,, after obtaining described algorithm, preset memory address in the time not recording the ID of described algorithm in described TPM allocation list, the ID of described algorithm is added in described TPM allocation list for described algorithm acquisition module 303.
In some embodiments of the invention, refer to as shown in Fig. 3-d, with respect to the algorithm charger as shown in Fig. 3-a, described algorithm charger 300, also comprise: safety control module 307, after preset memory address is obtained described algorithm, is decrypted certification according to the secure ID of the described algorithm getting to described algorithm for described algorithm acquisition module, if decrypted authentication passes through, trigger to carry out according to the described algorithm getting described data are carried out to encryption and decryption operation.
In some embodiments of the invention, described algorithm acquisition module, specifically for loading the memory headroom of described algorithm to native system from described memory address.
By above known to the description of the embodiment of the present invention, first get the order of TPM encryption and decryption, this TPM encryption and decryption order is used to indicate carries out encryption and decryption to data, and comprise the ID of the algorithm that need to use this data encrypting and deciphering in the order of TPM encryption and decryption, then judge whether according to this ID the algorithm of supporting that this ID is corresponding, if do not support this algorithm, get this algorithm from preset memory address, this algorithm that last basis gets is carried out encryption and decryption operation to data.Owing to can get this algorithm from preset memory address according to ID in the time not supporting the algorithm of TPM encryption and decryption order instruction, thereby use this algorithm getting to carry out encryption and decryption operation to data, therefore the replacing to TPM hardware can avoid not designing this algorithm in the algoritic module of TPM hardware time, reduces the cost that uses TPM hardware to carry out encryption and decryption operation.
Refer to as shown in Fig. 4-a, the composition structural representation of the another kind of algorithm charger providing for the embodiment of the present invention, wherein, algorithm charger, comprise: keyboard (Keyboard), storer (Flash), processor (Processor), display (Display), internal memory, TPM hardware, wherein connect by bus between each composition device.Wherein, processor can be accessed TPM hardware by versabus, processor specifically can ARM or X86, can be specifically low pin (Low Pin Count at x86 platform bus, LPC) bus, can be specifically bus on chip structure (Advanced Microcontroller Bus Architecture, the AMBA) bus towards high-performance, high bandwidth, low delay at ARM platform bus.
Wherein, for the composition structure of TPM hardware, refer to as shown in Fig. 4-b, for a kind of design diagram of TPM hardware, wherein, TPM hardware comprises: nonvolatile memory, platform configuration register, authentication key, code storage area, random number generator, SHA1 algorithm engine, key generator, RSA Algorithm engine, selectivity add device (Opt-in), function engine (Exec Engine) etc.Between each composition device, for example, couple together by bus (I/O bus).
Wherein, processor, for carrying out following steps:
Obtain the credible platform module TPM encryption and decryption order of data being carried out to encryption and decryption, the order of described TPM encryption and decryption comprises the mark ID of the algorithm that need to use described data encrypting and deciphering;
Judge whether the algorithm of supporting that described ID is corresponding;
If do not support described algorithm, obtain described algorithm from preset memory address;
According to the described algorithm getting, described data are carried out to encryption and decryption operation.
Concrete, the order of described TPM encryption and decryption also comprises: the version number of described algorithm;
Processor is also for carrying out following steps: after judging whether to support algorithm that described ID is corresponding,
If support described algorithm, judge whether the algorithm versions of supporting that described version number is corresponding according to described version number;
If do not support described algorithm versions number corresponding algorithm versions, obtain algorithm content corresponding to described algorithm versions from preset memory address;
According to the algorithm content that described algorithm versions is corresponding, described data are carried out to encryption and decryption operation.
Concrete, processor is also for carrying out following steps: after preset memory address is obtained described algorithm, the described algorithm stores getting, in local storage space, has been stored after described algorithm in described local storage space, supported described algorithm.
Concrete, processor is used for carrying out following steps:
Judge the ID that whether records described algorithm in TPM allocation list, if record the ID of described algorithm in described TPM allocation list, determine and support described algorithm, if do not record the ID of described algorithm in described TPM allocation list, determine and do not support described algorithm.
Concrete, processor is also for carrying out following steps: after preset memory address is obtained described algorithm,
In the time not recording the ID of described algorithm in described TPM allocation list, the ID of described algorithm is added in described TPM allocation list.
Concrete, processor is also for carrying out following steps: after preset memory address is obtained described algorithm,
According to the secure ID of the described algorithm getting, described algorithm is decrypted to certification, if decrypted authentication passes through, triggers to carry out according to the described algorithm getting described data are carried out to encryption and decryption operation.
Concrete, processor is also for carrying out following steps: load described algorithm to memory headroom from described memory address.
By above known to the description of the embodiment of the present invention, first get the order of TPM encryption and decryption, this TPM encryption and decryption order is used to indicate carries out encryption and decryption to data, and comprise the ID of the algorithm that need to use this data encrypting and deciphering in the order of TPM encryption and decryption, then judge whether according to this ID the algorithm of supporting that this ID is corresponding, if do not support this algorithm, get this algorithm from preset memory address, this algorithm that last basis gets is carried out encryption and decryption operation to data.Owing to can get this algorithm from preset memory address according to ID in the time not supporting the algorithm of TPM encryption and decryption order instruction, thereby use this algorithm getting to carry out encryption and decryption operation to data, therefore the replacing to TPM hardware can avoid not designing this algorithm in the algoritic module of TPM hardware time, reduces the cost that uses TPM hardware to carry out encryption and decryption operation.
The embodiment of the present invention also provides a kind of computer-readable storage medium, and wherein, this computer-readable storage medium has program stored therein, and this program is carried out and comprised the part or all of step of recording in said method embodiment.
Next introduce the another kind of algorithm charger that the embodiment of the present invention provides, refer to shown in Fig. 5, algorithm charger 500 comprises:
Input media 501, output unit 502, processor 503 and storer 504 (wherein the quantity of the processor 503 in algorithm charger 500 can be one or more, in Fig. 5 taking a processor as example).In some embodiments of the invention, input media 501, output unit 502, processor 503 and storer 504 can be connected by bus or alternate manner, wherein, in Fig. 5 to be connected to example by bus.
Wherein, processor 503, for carrying out following steps:
Obtain the credible platform module TPM encryption and decryption order of data being carried out to encryption and decryption, the order of described TPM encryption and decryption comprises the mark ID of the algorithm that need to use described data encrypting and deciphering;
Judge whether the algorithm of supporting that described ID is corresponding;
If do not support described algorithm, obtain described algorithm from preset memory address;
According to the described algorithm getting, described data are carried out to encryption and decryption operation.
In some embodiments of the invention, the order of described TPM encryption and decryption also comprises: the version number of described algorithm;
Processor 503, also for carrying out following steps: after judging whether to support algorithm that described ID is corresponding,
If support described algorithm, judge whether the algorithm versions of supporting that described version number is corresponding according to described version number;
If do not support described algorithm versions number corresponding algorithm versions, obtain algorithm content corresponding to described algorithm versions from preset memory address;
According to the algorithm content that described algorithm versions is corresponding, described data are carried out to encryption and decryption operation.
In some embodiments of the invention, processor 503, also for carrying out following steps: after preset memory address is obtained described algorithm,
The described algorithm stores getting, in local storage space, is stored after described algorithm in described local storage space, supported described algorithm.
In some embodiments of the invention, processor 503, specifically for carrying out following steps:
Judge the ID that whether records described algorithm in TPM allocation list, if record the ID of described algorithm in described TPM allocation list, determine and support described algorithm, if do not record the ID of described algorithm in described TPM allocation list, determine and do not support described algorithm.
In some embodiments of the invention, processor 503, also for carrying out following steps: after preset memory address is obtained described algorithm,
In the time not recording the ID of described algorithm in described TPM allocation list, the ID of described algorithm is added in described TPM allocation list.
In some embodiments of the invention, processor 503, also for carrying out following steps: after preset memory address is obtained described algorithm,
According to the secure ID of the described algorithm getting, described algorithm is decrypted to certification, if decrypted authentication passes through, triggers to carry out according to the described algorithm getting described data are carried out to encryption and decryption operation.
In some embodiments of the invention, processor 503, specifically for carrying out following steps: load described algorithm to memory headroom from described memory address.
By above known to the description of the embodiment of the present invention, first get the order of TPM encryption and decryption, this TPM encryption and decryption order is used to indicate carries out encryption and decryption to data, and comprise the ID of the algorithm that need to use this data encrypting and deciphering in the order of TPM encryption and decryption, then judge whether according to this ID the algorithm of supporting that this ID is corresponding, if do not support this algorithm, get this algorithm from preset memory address, this algorithm that last basis gets is carried out encryption and decryption operation to data.Owing to can get this algorithm from preset memory address according to ID in the time not supporting the algorithm of TPM encryption and decryption order instruction, thereby use this algorithm getting to carry out encryption and decryption operation to data, therefore the replacing to TPM hardware can avoid not designing this algorithm in the algoritic module of TPM hardware time, reduces the cost that uses TPM hardware to carry out encryption and decryption operation.
It should be noted that in addition, device embodiment described above is only schematic, the wherein said unit as separating component explanation can or can not be also physically to separate, the parts that show as unit can be or can not be also physical locations, can be positioned at a place, or also can be distributed in multiple network element.Can select according to the actual needs some or all of module wherein to realize the object of the present embodiment scheme.In addition, in device embodiment accompanying drawing provided by the invention, the annexation between module represents to have communication connection between them, specifically can be implemented as one or more communication bus or signal wire.Those of ordinary skill in the art, in the situation that not paying creative work, are appreciated that and implement.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that the present invention can add essential common hardware by software and realize, and can certainly comprise that special IC, dedicated cpu, private memory, special components and parts etc. realize by specialized hardware.Generally, all functions being completed by computer program can realize with corresponding hardware easily, and the particular hardware structure that is used for realizing same function can be also diversified, such as mimic channel, digital circuit or special circuit etc.But software program realization is better embodiment under more susceptible for the purpose of the present invention condition.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words can embody with the form of software product, this computer software product is stored in the storage medium can read, as the floppy disk of computing machine, USB flash disk, portable hard drive, ROM (read-only memory) (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disc or CD etc., comprise that some instructions (can be personal computers in order to make a computer equipment, server, or the network equipment etc.) carry out the method described in the present invention each embodiment.
In sum, above embodiment only, in order to technical scheme of the present invention to be described, is not intended to limit; Although the present invention is had been described in detail with reference to above-described embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record the various embodiments described above is modified, or part technical characterictic is wherein equal to replacement; And these amendments or replacement do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (14)
1. an algorithm loading method, is characterized in that, comprising:
Obtain the credible platform module TPM encryption and decryption order of data being carried out to encryption and decryption, the order of described TPM encryption and decryption comprises the mark ID of the algorithm that need to use described data encrypting and deciphering;
Judge whether the algorithm of supporting that described ID is corresponding;
If do not support described algorithm, obtain described algorithm from preset memory address;
According to the described algorithm getting, described data are carried out to encryption and decryption operation.
2. method according to claim 1, is characterized in that, the order of described TPM encryption and decryption also comprises: the version number of described algorithm;
Described judge whether to support algorithm that described ID is corresponding after, also comprise:
If support described algorithm, judge whether the algorithm versions of supporting that described version number is corresponding according to described version number;
If do not support described algorithm versions number corresponding algorithm versions, obtain algorithm content corresponding to described algorithm versions from preset memory address;
According to the algorithm content that described algorithm versions is corresponding, described data are carried out to encryption and decryption operation.
3. method according to claim 1, is characterized in that, described after preset memory address is obtained described algorithm, also comprises:
The described algorithm stores getting, in local storage space, is stored after described algorithm in described local storage space, supported described algorithm.
4. according to the method in any one of claims 1 to 3, it is characterized in that, described in judge whether to comprise the algorithm of supporting that described ID is corresponding:
Judge the ID that whether records described algorithm in TPM allocation list, if record the ID of described algorithm in described TPM allocation list, determine and support described algorithm, if do not record the ID of described algorithm in described TPM allocation list, determine and do not support described algorithm.
5. method according to claim 4, is characterized in that, described after preset memory address is obtained described algorithm, also comprises:
In the time not recording the ID of described algorithm in described TPM allocation list, the ID of described algorithm is added in described TPM allocation list.
6. method according to claim 1, is characterized in that, described after preset memory address is obtained described algorithm, also comprises:
According to the secure ID of the described algorithm getting, described algorithm is decrypted to certification, if decrypted authentication passes through, triggers to carry out according to the described algorithm getting described data are carried out to encryption and decryption operation.
7. method according to claim 1, is characterized in that, describedly obtains described algorithm from preset memory address, comprising:
Load described algorithm to memory headroom from described memory address.
8. an algorithm charger, is characterized in that, comprising:
Order acquisition module, for obtaining the TPM encryption and decryption order of data being carried out to encryption and decryption, the order of described TPM encryption and decryption comprises the mark ID of the algorithm that need to use described data encrypting and deciphering;
Judge module, for the algorithm that judges whether to support that described ID is corresponding;
Algorithm acquisition module, if for not supporting described algorithm, obtain described algorithm from preset memory address;
Encryption and decryption module, for carrying out encryption and decryption operation according to the described algorithm getting to described data.
9. device according to claim 8, is characterized in that, the order of described TPM encryption and decryption also comprises: the version number of described algorithm;
Described judge module, also for after judging according to the ID of described algorithm whether native system supports described algorithm, in the time supporting described algorithm, judges whether the algorithm versions of supporting that described version number is corresponding according to described version number;
Described algorithm acquisition module, also, in the time not supporting number corresponding algorithm versions of described algorithm versions, obtains algorithm content corresponding to described algorithm versions from preset memory address;
Described encryption and decryption module, also for carrying out encryption and decryption operation according to algorithm content corresponding to described algorithm versions to described data.
10. device according to claim 8, it is characterized in that, described algorithm charger, also comprise: memory module, be used for described algorithm acquisition module after preset memory address is obtained described algorithm, the described algorithm stores getting, in local storage space, is stored after described algorithm in described local storage space, supported described algorithm.
Device in 11. according to Claim 8 to 10 described in any one, it is characterized in that, described judge module, specifically for judging the ID that whether records described algorithm in TPM allocation list, if record the ID of described algorithm in described TPM allocation list, determine and support described algorithm, if do not record the ID of described algorithm in described TPM allocation list, determine and do not support described algorithm.
12. devices according to claim 11, it is characterized in that, described algorithm charger, also comprise: allocation list maintenance module, be used for described algorithm acquisition module after preset memory address is obtained described algorithm, in the time not recording the ID of described algorithm in described TPM allocation list, the ID of described algorithm is added in described TPM allocation list.
13. devices according to claim 8, it is characterized in that, described algorithm charger, also comprise: safety control module, be used for described algorithm acquisition module after preset memory address is obtained described algorithm, according to the secure ID of the described algorithm getting, described algorithm is decrypted to certification, if decrypted authentication passes through, triggers to carry out according to the described algorithm getting described data are carried out to encryption and decryption operation.
14. devices according to claim 7, is characterized in that, described algorithm acquisition module, specifically for loading the memory headroom of described algorithm to native system from described memory address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410140279.3A CN103942074A (en) | 2014-04-09 | 2014-04-09 | Algorithm loading method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410140279.3A CN103942074A (en) | 2014-04-09 | 2014-04-09 | Algorithm loading method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103942074A true CN103942074A (en) | 2014-07-23 |
Family
ID=51189750
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410140279.3A Pending CN103942074A (en) | 2014-04-09 | 2014-04-09 | Algorithm loading method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103942074A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112733092A (en) * | 2020-12-30 | 2021-04-30 | 五八有限公司 | Information processing method and device |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101526985A (en) * | 2008-03-04 | 2009-09-09 | 索尼(中国)有限公司 | Client system and method of digital rights management and digital rights management system |
| CN102693385A (en) * | 2012-05-28 | 2012-09-26 | 山东神思电子技术股份有限公司 | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof |
| CN103150514A (en) * | 2013-03-07 | 2013-06-12 | 中国科学院软件研究所 | Mobile equipment-based credible module and credible service method thereof |
-
2014
- 2014-04-09 CN CN201410140279.3A patent/CN103942074A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101526985A (en) * | 2008-03-04 | 2009-09-09 | 索尼(中国)有限公司 | Client system and method of digital rights management and digital rights management system |
| CN102693385A (en) * | 2012-05-28 | 2012-09-26 | 山东神思电子技术股份有限公司 | Embedded terminal based on SD (secure digital) trusted computing module and implementation method thereof |
| CN103150514A (en) * | 2013-03-07 | 2013-06-12 | 中国科学院软件研究所 | Mobile equipment-based credible module and credible service method thereof |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112733092A (en) * | 2020-12-30 | 2021-04-30 | 五八有限公司 | Information processing method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109214168B (en) | Firmware upgrading method and device | |
| CN107430670B (en) | Flexible counter system for memory protection | |
| CN106778283B (en) | Method and system for protecting key data of system partition | |
| EP2633468B1 (en) | Creating distinct user spaces through user identifiers | |
| EP2210174B1 (en) | Progressive boot for a wireless device | |
| US20110289294A1 (en) | Information processing apparatus | |
| US9596082B2 (en) | Secure debug trace messages for production authenticated code modules | |
| CN104462965A (en) | Method for verifying integrity of application program and network device | |
| US20210218562A1 (en) | System and method for trusted control flow enforcement using derived encryption keys | |
| CN111201553B (en) | Safety element and related equipment | |
| CN110580420A (en) | data processing method based on integrated chip, computer equipment and storage medium | |
| CN103279694B (en) | A kind of loading, guard method and device of file system | |
| US20160065375A1 (en) | Dynamic integrity validation of a high level operating system | |
| US20140173294A1 (en) | Techniques for emulating an eeprom device | |
| CN109117643A (en) | The method and relevant device of system processing | |
| CN117272286A (en) | TEE-based process dynamic integrity measurement method and system | |
| CN116894269A (en) | File system encryption method and device, storage medium and electronic equipment | |
| CN109583197B (en) | Trusted overlay file encryption and decryption method | |
| CN110569042A (en) | system, method, equipment and storage medium for supporting function of updating FPGA in virtual machine | |
| CN103942074A (en) | Algorithm loading method and device | |
| CN115688120A (en) | Secure chip firmware importing method, secure chip and computer readable storage medium | |
| KR102421318B1 (en) | A device for managing multiple accesses to a system-on-a-chip security module of an apparatus | |
| CN110334532B (en) | File encryption and decryption processing method and encryption and decryption system | |
| CN107634826B (en) | Encryption method and system based on ZYNQ device | |
| CN110677483A (en) | Information processing system and trusted security management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140723 |
|
| RJ01 | Rejection of invention patent application after publication |