CN105159847A - Disk change record method based on trusted chip - Google Patents
Disk change record method based on trusted chip Download PDFInfo
- Publication number
- CN105159847A CN105159847A CN201510493615.7A CN201510493615A CN105159847A CN 105159847 A CN105159847 A CN 105159847A CN 201510493615 A CN201510493615 A CN 201510493615A CN 105159847 A CN105159847 A CN 105159847A
- Authority
- CN
- China
- Prior art keywords
- disk
- information
- credible chip
- terminal device
- modification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a disk change record method based on a trusted chip. The disk change record method is applied to a trusted terminal device comprising the trusted chip. The method comprises: storing disk change information of the trusted terminal device into a nonvolatile memory of the trusted chip, wherein the disk change information comprises a disk identification number, a change operation and change time. The trusted terminal device comprises a device management module used for managing device files, an information recording module used for writing the disk change information into the trusted chip, and an information prompting module used for regularly reading the disk change information; the device management module is used for sending the detected disk change information to the information recording module; the information recording module is used for writing the disk change information into the trusted chip; the information prompting module is used for regularly reading the disk change information from the trusted chip and displaying the disk change information; and therefore, potential danger of data loss caused by stealing a disk in an unconscious state of a user is prevented and the security defensiveness of a system is improved.
Description
Technical field
The present invention relates to a kind of disk change record method based on credible chip, belong to field of information security technology.
Background technology
Along with disk array (RedundantArraysofIndependentDisks, RAID) development of technology, feature and the functions such as it is huge with capacity, message transmission rate is high, automaticdata recovery, be widely used in the terminal device such as server, data center, even if deleted the part disk in disk array by force by hot plug mode, terminal device still can keep normal operation, larger information security hidden danger is there is in this for the application scenario higher to data security requirement.
Summary of the invention
In view of above-mentioned purpose, the object of the present invention is to provide a kind of disk change record method based on credible chip, disk modification information is stored in credible chip by the method, ensures reliability and the non repudiation of disk modification information, improves the Prevention-Security of system.
For achieving the above object, the present invention is by the following technical solutions:
Based on a disk change record method for credible chip, be applied to and comprise in the untrusted terminal device of credible chip, this credible chip has nonvolatile memory,
Be stored in the nonvolatile memory of this credible chip by the disk modification information of this untrusted terminal device, this disk modification information is the information of the disk that state changes.
Further,
Described disk modification information comprises disk string number, alter operation, change time.
Described untrusted terminal device comprises the device management module for management equipment file, for described disk modification information being write the information logging modle of described credible chip, the disk modification information detected is sent to this information logging modle by this device management module, and this disk modification information writes in the nonvolatile memory of described credible chip by this information logging modle.
Described untrusted terminal device comprises information reminding module, and this information reminding module is used for the disk modification information regularly read in described credible chip, and is shown by the disk modification information of reading.
Described disk modification information, by input operation password, is write described credible chip by described information logging modle.
The invention has the advantages that:
Disk change record method based on credible chip of the present invention, by disk modification information is stored in credible chip, ensure reliability and the non repudiation of disk modification information, timing is read and shows disk modification information, user can be prevented to be stolen without disk when discovering, cause the hidden danger of loss of data, improve the Prevention-Security of system.
Accompanying drawing explanation
Fig. 1 is method flow diagram of the present invention.
Fig. 2 is the composition structured flowchart of the untrusted terminal device of the present invention one specific embodiment.
Embodiment
Below in conjunction with drawings and Examples, the present invention is described in further detail.
Fig. 1 is architecture principle figure of the present invention, as shown in the figure, disk change record method based on credible chip disclosed by the invention, be applied in untrusted terminal device, this untrusted terminal device can be the network equipment such as server, terminal, and untrusted terminal device comprises credible chip (TPM:TrustedPlatformModule), and this credible chip has nonvolatile memory, it is encrypted the information be stored in chip, the security of guarantee information;
Disk change record method based on credible chip disclosed by the invention is stored in the nonvolatile memory of credible chip by the disk modification information of untrusted terminal device, ensures reliability and the non repudiation of the disk modification information of untrusted terminal device.Wherein, the disk modification information of untrusted terminal device comprises disk string number, alter operation (add or delete), change time etc.
Untrusted terminal device comprises the device management module for management equipment file, for the information logging modle by disk modification information write credible chip, device management module detects the equipment state of untrusted terminal device, when detecting that equipment state changes, judge whether it is that Disk State changes, if Disk State changes, device management module determines the disk that state changes, disk modification information corresponding for this disk is sent to information logging modle, after this information logging modle receives this disk modification information, by inputting the operator password (only having the correct operator password of input could perform write operation to credible chip) of credible chip, by in the nonvolatile memory of disk modification information write credible chip.
Further, also comprise information reminding module in untrusted terminal device, this information reminding module is used for the disk modification information in timing reading credible chip, and is shown by the disk modification information of reading, prevent user to be stolen without disk when discovering, cause the loss of data.
Described device management module belongs to the conventional configuration module in operating system, such as, and the udevd module in (SuSE) Linux OS.
Fig. 1 is the composition structured flowchart of the untrusted terminal device of the present invention one specific embodiment, as shown in the figure, untrusted terminal device comprises CPU processor, integrated South Bridge chip (PCH:PlatformControllerHub), credible chip, storer, Basic Input or Output System (BIOS) (BIOS), bus interface, SATA interface, USB interface etc., credible chip is connected with CPU processor by integrated South Bridge chip, CPU processor is connected with storer, integrated South Bridge chip and Basic Input or Output System (BIOS), bus interface, SATA interface is connected, in other embodiments, untrusted terminal device also can be other hardware structure forms comprising credible chip, the hardware configuration comprising credible chip belongs to prior art, the present invention is not described in detail its structure and principle.
Disk change record method based on credible chip of the present invention, that the disk modification information of untrusted terminal device is stored in the nonvolatile memory of credible chip, even if untrusted terminal device is restarted or refitting system, disk modification information also can not change, can not lose, ensure that complete, the reliability of disk modification information, the Disk State of regular reading disk modification information inspection untrusted terminal device, preventing user when causing loss of data without disk when discovering is stolen, the Prevention-Security of system can be improved.
The above know-why being preferred embodiment of the present invention and using; for a person skilled in the art; when not deviating from the spirit and scope of the present invention; any based on apparent changes such as the equivalent transformation on technical solution of the present invention basis, simple replacements, all belong within scope.
Claims (5)
1., based on the disk change record method of credible chip, be applied to and comprise in the untrusted terminal device of credible chip, this credible chip has nonvolatile memory, it is characterized in that,
Be stored in the nonvolatile memory of this credible chip by the disk modification information of this untrusted terminal device, this disk modification information is the information of the disk that state changes.
2. as claimed in claim 1 based on the disk change record method of credible chip, it is characterized in that, described disk modification information comprises disk string number, alter operation, change time.
3. as claimed in claim 1 based on the disk change record method of credible chip, it is characterized in that, described untrusted terminal device comprises the device management module for management equipment file, for described disk modification information being write the information logging modle of described credible chip, the disk modification information detected is sent to this information logging modle by this device management module, and this disk modification information writes in the nonvolatile memory of described credible chip by this information logging modle.
4. as claimed in claim 1 based on the disk change record method of credible chip, it is characterized in that, described untrusted terminal device comprises information reminding module, this information reminding module is used for the disk modification information regularly read in described credible chip, and is shown by the disk modification information of reading.
5. as claimed in claim 3 based on the disk change record method of credible chip, it is characterized in that, described disk modification information, by input operation password, is write described credible chip by described information logging modle.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510493615.7A CN105159847A (en) | 2015-08-12 | 2015-08-12 | Disk change record method based on trusted chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510493615.7A CN105159847A (en) | 2015-08-12 | 2015-08-12 | Disk change record method based on trusted chip |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105159847A true CN105159847A (en) | 2015-12-16 |
Family
ID=54800708
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510493615.7A Pending CN105159847A (en) | 2015-08-12 | 2015-08-12 | Disk change record method based on trusted chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105159847A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108073351A (en) * | 2016-11-11 | 2018-05-25 | 阿里巴巴集团控股有限公司 | The date storage method and credible chip of nonvolatile storage space in chip |
| TWI748633B (en) * | 2020-09-07 | 2021-12-01 | 神雲科技股份有限公司 | Server device and server system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553349A (en) * | 2003-05-29 | 2004-12-08 | 联想(北京)有限公司 | Safety chip and information safety processor and processing method |
| US20080250501A1 (en) * | 2005-02-28 | 2008-10-09 | Beijing Lenovo Software Ltd. | Method for Monitoring Managed Device |
| EP2378434A1 (en) * | 2008-12-31 | 2011-10-19 | ZTE Corporation | Mehtod and device of multiple disks grouping hot standby in distributed file system |
| CN102722665A (en) * | 2012-05-22 | 2012-10-10 | 中国科学院计算技术研究所 | Method and system for generating trusted program list based on trusted platform module (TPM)/virtual trusted platform module (VTPM) |
| CN103139149A (en) * | 2011-11-25 | 2013-06-05 | 国民技术股份有限公司 | Method and system for accessing data in cloud storage |
-
2015
- 2015-08-12 CN CN201510493615.7A patent/CN105159847A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553349A (en) * | 2003-05-29 | 2004-12-08 | 联想(北京)有限公司 | Safety chip and information safety processor and processing method |
| US20080250501A1 (en) * | 2005-02-28 | 2008-10-09 | Beijing Lenovo Software Ltd. | Method for Monitoring Managed Device |
| EP2378434A1 (en) * | 2008-12-31 | 2011-10-19 | ZTE Corporation | Mehtod and device of multiple disks grouping hot standby in distributed file system |
| CN103139149A (en) * | 2011-11-25 | 2013-06-05 | 国民技术股份有限公司 | Method and system for accessing data in cloud storage |
| CN102722665A (en) * | 2012-05-22 | 2012-10-10 | 中国科学院计算技术研究所 | Method and system for generating trusted program list based on trusted platform module (TPM)/virtual trusted platform module (VTPM) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108073351A (en) * | 2016-11-11 | 2018-05-25 | 阿里巴巴集团控股有限公司 | The date storage method and credible chip of nonvolatile storage space in chip |
| TWI748633B (en) * | 2020-09-07 | 2021-12-01 | 神雲科技股份有限公司 | Server device and server system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9697375B2 (en) | Fast data protection using dual file systems | |
| TWI610182B (en) | Systems and methods for providing dynamic file system awareness on storage devices | |
| TWI451248B (en) | Data protecting method, memory controller and memory storage apparatus | |
| US10929251B2 (en) | Data loss prevention for integrated memory buffer of a self encrypting drive | |
| US8898807B2 (en) | Data protecting method, mobile communication device, and memory storage device | |
| US11501016B1 (en) | Digital password protection | |
| TWI446172B (en) | Memory storage device, memory controller thereof, and access method thereof | |
| CN105159847A (en) | Disk change record method based on trusted chip | |
| CN102722430B (en) | Method and device for detecting hot plug of secure digital card | |
| CN112558884B (en) | Data protection method and NVMe-based storage device | |
| US11354048B2 (en) | Storage device and data disposal method thereof | |
| US8776232B2 (en) | Controller capable of preventing spread of computer viruses and storage system and method thereof | |
| KR20240016884A (en) | Storage system, storage device and method for controlling the system | |
| CN110673863B (en) | Intelligent lock system supporting pluggable external storage and intelligent upgrading method | |
| US11216559B1 (en) | Systems and methods for automatically recovering from malware attacks | |
| CN102034040A (en) | Log implementation method in encryption card | |
| US8296275B2 (en) | Data processing method, data processing system, and storage device controller | |
| CN113835645A (en) | Data processing method, device, equipment and storage medium | |
| US20170344425A1 (en) | Error-laden data handling on a storage device | |
| US11295037B2 (en) | Data scanning and removal for removable storage device | |
| KR102019483B1 (en) | Removable storage device and security method thereof | |
| US20240078348A1 (en) | System for forensic tracing of memory device content erasure and tampering | |
| KR102597220B1 (en) | Method and system for sanitizing data | |
| CN106528458B (en) | Interface controller, substrate management controller and safety system | |
| US20230195308A1 (en) | Storage device, host system having the same, and operating method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160701 Address after: 550025, Guizhou province Guiyang city Huaxi District Lei flower intersection Applicant after: Datang Gaohong Data Network Technology Co., Ltd. Applicant after: BEIJING YINTE XIN'AN SOFTWARE SCIENCE & TECHNOLOGY CO., LTD. Address before: 100185, Beijing, Haidian District, North Village Road, 23 North Bay Innovation Park, building two, one layer Applicant before: BEIJING YINTE XIN'AN SOFTWARE SCIENCE & TECHNOLOGY CO., LTD. |
|
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151216 |
|
| WD01 | Invention patent application deemed withdrawn after publication |