Summary of the invention
In view of above-mentioned purpose, the object of the present invention is to provide a kind of disk change record method based on credible chip, disk modification information is stored in credible chip by the method, ensures reliability and the non repudiation of disk modification information, improves the Prevention-Security of system.
For achieving the above object, the present invention is by the following technical solutions:
Based on a disk change record method for credible chip, be applied to and comprise in the untrusted terminal device of credible chip, this credible chip has nonvolatile memory,
Be stored in the nonvolatile memory of this credible chip by the disk modification information of this untrusted terminal device, this disk modification information is the information of the disk that state changes.
Further,
Described disk modification information comprises disk string number, alter operation, change time.
Described untrusted terminal device comprises the device management module for management equipment file, for described disk modification information being write the information logging modle of described credible chip, the disk modification information detected is sent to this information logging modle by this device management module, and this disk modification information writes in the nonvolatile memory of described credible chip by this information logging modle.
Described untrusted terminal device comprises information reminding module, and this information reminding module is used for the disk modification information regularly read in described credible chip, and is shown by the disk modification information of reading.
Described disk modification information, by input operation password, is write described credible chip by described information logging modle.
The invention has the advantages that:
Disk change record method based on credible chip of the present invention, by disk modification information is stored in credible chip, ensure reliability and the non repudiation of disk modification information, timing is read and shows disk modification information, user can be prevented to be stolen without disk when discovering, cause the hidden danger of loss of data, improve the Prevention-Security of system.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.
Fig. 1 is architecture principle figure of the present invention, as shown in the figure, disk change record method based on credible chip disclosed by the invention, be applied in untrusted terminal device, this untrusted terminal device can be the network equipment such as server, terminal, and untrusted terminal device comprises credible chip (TPM:TrustedPlatformModule), and this credible chip has nonvolatile memory, it is encrypted the information be stored in chip, the security of guarantee information;
Disk change record method based on credible chip disclosed by the invention is stored in the nonvolatile memory of credible chip by the disk modification information of untrusted terminal device, ensures reliability and the non repudiation of the disk modification information of untrusted terminal device.Wherein, the disk modification information of untrusted terminal device comprises disk string number, alter operation (add or delete), change time etc.
Untrusted terminal device comprises the device management module for management equipment file, for the information logging modle by disk modification information write credible chip, device management module detects the equipment state of untrusted terminal device, when detecting that equipment state changes, judge whether it is that Disk State changes, if Disk State changes, device management module determines the disk that state changes, disk modification information corresponding for this disk is sent to information logging modle, after this information logging modle receives this disk modification information, by inputting the operator password (only having the correct operator password of input could perform write operation to credible chip) of credible chip, by in the nonvolatile memory of disk modification information write credible chip.
Further, also comprise information reminding module in untrusted terminal device, this information reminding module is used for the disk modification information in timing reading credible chip, and is shown by the disk modification information of reading, prevent user to be stolen without disk when discovering, cause the loss of data.
Described device management module belongs to the conventional configuration module in operating system, such as, and the udevd module in (SuSE) Linux OS.
Fig. 1 is the composition structured flowchart of the untrusted terminal device of the present invention one specific embodiment, as shown in the figure, untrusted terminal device comprises CPU processor, integrated South Bridge chip (PCH:PlatformControllerHub), credible chip, storer, Basic Input or Output System (BIOS) (BIOS), bus interface, SATA interface, USB interface etc., credible chip is connected with CPU processor by integrated South Bridge chip, CPU processor is connected with storer, integrated South Bridge chip and Basic Input or Output System (BIOS), bus interface, SATA interface is connected, in other embodiments, untrusted terminal device also can be other hardware structure forms comprising credible chip, the hardware configuration comprising credible chip belongs to prior art, the present invention is not described in detail its structure and principle.
Disk change record method based on credible chip of the present invention, that the disk modification information of untrusted terminal device is stored in the nonvolatile memory of credible chip, even if untrusted terminal device is restarted or refitting system, disk modification information also can not change, can not lose, ensure that complete, the reliability of disk modification information, the Disk State of regular reading disk modification information inspection untrusted terminal device, preventing user when causing loss of data without disk when discovering is stolen, the Prevention-Security of system can be improved.
The above know-why being preferred embodiment of the present invention and using; for a person skilled in the art; when not deviating from the spirit and scope of the present invention; any based on apparent changes such as the equivalent transformation on technical solution of the present invention basis, simple replacements, all belong within scope.