CN105184190B - Embedded trusted computing development device - Google Patents
Embedded trusted computing development device Download PDFInfo
- Publication number
- CN105184190B CN105184190B CN201510594895.0A CN201510594895A CN105184190B CN 105184190 B CN105184190 B CN 105184190B CN 201510594895 A CN201510594895 A CN 201510594895A CN 105184190 B CN105184190 B CN 105184190B
- Authority
- CN
- China
- Prior art keywords
- central processing
- processing unit
- user instruction
- differentiation
- carries out
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000011161 development Methods 0.000 title claims abstract description 36
- 238000012545 processing Methods 0.000 claims abstract description 45
- 230000004044 response Effects 0.000 claims abstract description 13
- 238000004891 communication Methods 0.000 claims abstract description 12
- 230000004069 differentiation Effects 0.000 claims description 34
- 238000013475 authorization Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 6
- 238000005516 engineering process Methods 0.000 description 5
- 238000000034 method Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012827 research and development Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000001629 sign test Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an embedded trusted computing development device, which comprises: the USB interface module is in communication connection with an external computer and used for receiving control data sent by the computer according to a communication protocol and supplying power to the device; and the central processing unit is connected with the USB interface module and used for analyzing the control data, acquiring a user instruction, sequentially carrying out distinguishing operation on the user instruction, returning corresponding response data to the USB interface module after carrying out corresponding file operation according to a distinguishing result, and sending the response data to the computer by the USB interface module. By adopting the embodiment of the invention, the development and debugging of the trusted computing security module and the firmware can be conveniently guided.
Description
Technical field
The present invention relates to information security and reliable computing technology fields more particularly to a kind of embedded credible to calculate exploitation dress
It sets.
Background technology
The fast development of computer and the communication technology is so that the status of information security increasingly seems important.Current information peace
Full technology relies primarily on confidentiality, integrality and entity body that strong cryptographic algorithm is combined to ensure information with key
The non-repudiation of the uniqueness and operation and process of part.But various cryptographic algorithms are all not perfectly safe, and much use
Do not know how these password protection mechanisms are arranged in family, it is often more important that, although these technologies can hinder to a certain extent
Keep off the attack of hacker and virus, but can not take precautions against internal staff to the leakage of key message, steal, distort and destroy.
In order to improve the security protection ability of computer, there has been proposed the concept of " trust computing ", main thought is
Ensure the credible of communication object by cryptographic technique, and by this transitive trust, builds the credible and safe of whole system.
Credible accounting system is exactly to be developed according to the concept of " trust computing " comprising trust computing safety chip,
Firmware, operating system, application and network etc. are extended trusted relationships by establishing trust chain layer by layer, and ensure system action can
Letter.Currently, during developing trusted products, the mode that people mostly use greatly software simulation is developed, it is difficult to comprehensively complete
Whole emulates trust computing safety chip and its platform, and the development board for being currently used for research and development often uses credible core
Piece.Rather than discrete component, it is not easy to measure the signal that each component mutually transmits on development board, influences efficiency of research and development.
Invention content
The embodiment of the present invention provides a kind of embedded credible and calculates development device, convenient for instruct trust computing security module and
The exploitation and debugging of firmware.
The embodiment of the present invention provides a kind of embedded credible calculating development device, including:Usb interface module, central processing
Device, cryptographic algorithm module and randomizer;
The usb interface module is communicated to connect with outer computer, for according to communication protocol, receiving the computer hair
The control data sent, and power for device;
The central processing unit is connect with the usb interface module, for parsing the control data, is obtained user and is referred to
It enables, and differentiation operation is carried out successively to the user instruction, after differentiating that result carries out corresponding file operation, return corresponding
Response data give the usb interface module, make the usb interface module that the response data is sent to the computer;
The cryptographic algorithm module is connect by bus with the central processing unit, and the cryptographic algorithm module is preset with pair
Claim cryptographic algorithm, asymmetric cryptographic algorithm and Hash cryptographic algorithms;
The randomizer is connected with the central processing unit, the cryptographic algorithm module respectively by the bus
It connects, for generating random number, is used for the cryptographic algorithm module and the central processing unit;
The central processing unit carries out differentiation operation to the user instruction, including:
The central processing unit carries out mandate differentiation to the user instruction, specially:
The central processing unit judges whether the user instruction needs to authorize according to the format of the user instruction, such as
Fruit needs, then controls the first hash value of the authorization by instruction parameter that the cryptographic algorithm module calculates in the user instruction;It is no
Then, service condition is executed to differentiate;
The central processing unit compares first hash value with the second hash value being pre-stored in Hash databases
It is right, if comparison is completely the same, it is determined as that mandate passes through, otherwise, it is determined that for authorization fails.
Further, the central processing unit carries out differentiation operation to the user instruction, further includes:
The central processing unit carries out mandate differentiation to the user instruction, and be determined as authorize pass through after, to the use
Family instruction carries out safe condition differentiation, specially:
According to the value in safe state data library, judge whether have the safe prerequisite for executing the user instruction;
If it is, being determined as that safe condition passes through;Otherwise, it is determined that not passing through for safe condition.
Further, the central processing unit carries out differentiation operation to the user instruction, further includes:
The central processing unit carries out safe differentiation to the user instruction, and after being determined as that safe condition passes through, to institute
It states user instruction and carries out service condition differentiation, specially:
According to the value in service condition database, judge whether have the business prerequisite for executing the user instruction;
If it is, being determined as that service condition passes through;Otherwise, it is determined that not passing through for service condition.
Further, which further includes:Nonvolatile memory passes through the bus and the central processing unit
Connection, for storing the Hash databases, the safe state data library and the service condition database.
Further, which further includes:Volatile memory is connected by the bus and the central processing unit
It connects..
Further, described according to the corresponding file operation of result progress is differentiated, specially:
The service condition differentiate differentiation result be service condition by when, according to the user instruction, to correlation
File is written and read operation.
Implement the embodiment of the present invention, has the advantages that:
Embedded credible provided in an embodiment of the present invention calculates development device, including usb interface module and central processing unit.
Usb interface module is communicated to connect with outer computer, for according to communication protocol, receiving the control data that computer is sent;In
Central processor is linked with usb interface module, for parsing the control data, obtains user instruction, and successively to user instruction
Differentiation operation is carried out, after differentiating that result carries out corresponding file operation, corresponding response data is returned and gives USB interface mould
Block makes usb interface module that response data is sent to computer.Development board compared with the prior art uses trust computing core
Piece, rather than discrete component are not easy to measure the internal signal on development board between each component, and of the invention is embedded
The signal of its internal each component can be passed to usb interface module by trust computing development device, then be sent by usb interface module
To outer computer, convenient for instructing the exploitation and debugging of trust computing security module and firmware.
Description of the drawings
Fig. 1 is a kind of structural schematic diagram for embodiment that embedded credible provided by the invention calculates development device;
Fig. 2 is the system structure diagram that embedded credible provided by the invention calculates development device;
Fig. 3 is the structural schematic diagram for another embodiment that embedded credible provided by the invention calculates development device;
Fig. 4 is a kind of workflow signal of embodiment of the COS systems of trust computing development device provided by the invention
Figure.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts
Embodiment shall fall within the protection scope of the present invention.
It is a kind of structural representation for embodiment that embedded credible provided by the invention calculates development device referring to Fig. 1, Fig. 1
Figure.As shown in Figure 1, the trust computing development device includes:Usb interface module 101 and central processing unit 102.
Wherein, usb interface module 101 is communicated to connect with outer computer, for according to communication protocol, receiving computer hair
The control data sent, and power for device.Central processing unit 102 is connect with usb interface module 101, for parsing the control number
According to, acquisition user instruction, and differentiation operation is carried out successively to user instruction, corresponding file operation is carried out according to differentiation result
Afterwards, corresponding response data is returned to the usb interface module, makes usb interface module that response data is sent to computer.
In the present embodiment, it is the system knot of embedded credible calculating development device provided by the invention referring to Fig. 2, Fig. 2
Structure schematic diagram.Development device in Fig. 2 is communicated to connect with computer, realizes exploitation and the tune of trust computing security module and firmware
Examination.
In the present embodiment, computer need to obtain the internal information of development device, by usb interface module to development device
Control data are sent, then the corresponding user instruction of control signal acquisition is parsed by central processing unit, are executing relevant operation
After return response data to computer, computer carries out the operation of next step according to the response data of return, credible convenient for instructing
Calculate the exploitation and debugging of security module and firmware.
In the present embodiment, usb interface module 101 is additionally operable to the functions such as the download of realization system, debugging and input and output.In
Central processor 102 is additionally operable to receive and parse through the instruction that computer is sent, and requires to interact with other modules according to instruction, complete
At command function.
It is that embedded credible provided by the invention calculates exploitation dress referring to Fig. 3, Fig. 3 as a kind of citing of the present embodiment
The structural schematic diagram for another embodiment set.Difference lies in the trust computing development device further includes password to Fig. 3 and Fig. 1
Algoritic module 203, randomizer 204, nonvolatile memory 205 and volatile memory 206.Wherein, central processing
Device 102 by bus respectively with cryptographic algorithm module 203, randomizer 204, nonvolatile memory 205 and volatibility
Memory 206 connects, and communication mode is flexible.Central processing unit 102 carries out differentiation operation to user instruction, including:Central processing
Device 102 carries out mandate differentiation to user instruction.The step is specially:Central processing unit 102 judges according to the format of user instruction
Whether user instruction, which needs, authorizes, if it is desired, then control cryptographic algorithm module 203 calculate the user instruction in authorization by instruction
First hash value of parameter;Otherwise, service condition is executed to differentiate;Central processing unit 102 is by the first hash value and is pre-stored in Hash
The second hash value in database is compared, if comparison is completely the same, is determined as that mandate passes through, otherwise, it is determined that award
Power does not pass through.
In this citing, central processing unit 102 carries out differentiation operation to user instruction, further includes:Central processing unit 102 is right
User instruction carries out mandate differentiation, and be determined as authorize pass through after, to user instruction carry out safe condition differentiation.Safe condition is sentenced
It is not specially:According to the value in safe state data library, judge whether have the safe prerequisite for executing user instruction;If
It is then to be determined as that safe condition passes through;Otherwise, it is determined that not passing through for safe condition.
In this citing, central processing unit 102 carries out differentiation operation to user instruction, further includes:Central processing unit 102 is right
User instruction carries out safe differentiation, and after being determined as that safe condition passes through, and service condition differentiation is carried out to user instruction.Business shape
State differentiates:According to the value in service condition database, judge whether have the business prerequisite for executing user instruction;
If it is, being determined as that service condition passes through;Otherwise, it is determined that not passing through for service condition.
In this citing, code algoritic module 203 is preset with symmetric cryptographic algorithm, asymmetric cryptographic algorithm and Hash passwords and calculates
Method, all algorithms meet the relevant regulations of national Password Management office.Nonvolatile memory 205 is for storing the Hash
Database, the safe state data library and the service condition database.In this citing, carried out according to differentiation result corresponding
File operation, specially:Service condition differentiate differentiation result be service condition by when, according to user instruction, to phase
It closes file and is written and read operation.
In this citing, cryptographic algorithm module 203 includes SM1 modules, SM2 modules, SM3 modules and SM4 modules, Ke Yishi
The functions such as the now function of corresponding cryptographic algorithm, such as encryption, decryption, calculating hash value, signature, sign test.Randomizer 204
For generating random number, used for cryptographic algorithm.Nonvolatile memory 205 is additionally operable to storage system software, COS (Chip
Operating System) power down such as file, authorization code need data to be saved.Volatile memory 205 is for storing COS systems
Temporary variable in system operational process, the loss of data after power down in volatile memory 205.
It is this referring to Fig. 4, Fig. 4 to better illustrate the operation principle that embedded credible of the present invention calculates development device
A kind of workflow schematic diagram of embodiment of the COS systems of the trust computing development device provided is provided.As shown in figure 4, should
Flow includes:Communication protocol parsing, instruction parsing, mandate differentiates, safe condition judges, service condition judges, file operation six
A key step.COS receives the extraneous data sent in communication protocol resolving, and instruction is extracted according to protocol format;Refer to
It enables in resolving, according to instruction head decision instruction, extracts the parameters in instruction format;It authorizes in discrimination process, according to
Instruction format, judges whether the instruction needs could execute after authorizing, if necessary mandate, then computations authorization parameters
Hash value is compared with the result being stored in non-volatile memory module, if identical, discriminating passes through, and otherwise, is differentiated
Do not pass through;During safe condition differentiates, according to the value for the safe condition register being stored in volatile memory, judgement is
It is no to have the safe prerequisite for executing the instruction, for example instruct and need that operation is encrypted, then it needs to judge that association key is
It is no to have;During service condition differentiates, according to the value for the service condition register being stored in volatile memory, judgement is
It is no to have the business prerequisite for executing the instruction, for example instruct and carry out operation of deducting fees, then it needs to judge that wallet file is
No presence;During file operation, since each application data are existed with document form, need to be required according to instruction, to phase
It closes file and is written and read operation;After instruction, corresponding data are returned, show instruction execution situation.
Therefore embedded credible provided in an embodiment of the present invention calculates development device, including usb interface module is in
Central processor.Usb interface module is communicated to connect with outer computer, for according to communication protocol, receiving the control that computer is sent
Data processed;Central processing unit is linked with usb interface module, for parsing the control data, obtains user instruction, and to
Family instruction carries out differentiation operation successively, after differentiating that result carries out corresponding file operation, return corresponding response data to
Usb interface module makes usb interface module that response data is sent to computer.Development board use compared with the prior art can
Letter computing chip, rather than discrete component are not easy to measure the internal signal on development board between each component, the present invention
Embedded credible calculate development device and the signal of its internal each component can be passed to usb interface module, then by USB interface
Module is sent to outer computer, convenient for instructing the exploitation and debugging of trust computing security module and firmware.
The above is the preferred embodiment of the present invention, it is noted that for those skilled in the art
For, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also considered as
Protection scope of the present invention.
Claims (6)
1. a kind of embedded credible calculates development device, which is characterized in that including:Usb interface module, central processing unit, password
Algoritic module and randomizer;
The usb interface module is communicated to connect with outer computer, for according to communication protocol, receiving what the computer was sent
Data are controlled, and are powered for device;
The central processing unit is connect with the usb interface module, for parsing the control data, obtains user instruction, and
Differentiation operation is carried out successively to the user instruction, after differentiating that result carries out corresponding file operation, returns to corresponding ring
It answers data to the usb interface module, makes the usb interface module that the response data is sent to the computer;
The cryptographic algorithm module is connect by bus with the central processing unit, and the cryptographic algorithm module is preset with symmetrical close
Code algorithm, asymmetric cryptographic algorithm and Hash cryptographic algorithms;
The randomizer is connect with the central processing unit, the cryptographic algorithm module respectively by the bus, is used
In generating random number, used for the cryptographic algorithm module and the central processing unit;
The central processing unit carries out differentiation operation to the user instruction, including:
The central processing unit carries out mandate differentiation to the user instruction, specially:The central processing unit is according to the use
The format of family instruction, judges whether the user instruction needs to authorize, if it is desired, then controls the cryptographic algorithm module and calculates
First hash value of the authorization by instruction parameter in the user instruction;Otherwise, service condition is executed to differentiate;The central processing unit
First hash value is compared with the second hash value being pre-stored in Hash databases, if comparison is completely the same,
It is judged to authorizing and passes through, otherwise, it is determined that for authorization fails.
2. embedded credible according to claim 1 calculates development device, which is characterized in that the central processing unit is to institute
It states user instruction and carries out differentiation operation, further include:
The central processing unit carries out mandate differentiation to the user instruction, and be determined as authorize pass through after, the user is referred to
It enables and carries out safe condition differentiation, specially:
According to the value in safe state data library, judge whether have the safe prerequisite for executing the user instruction;
If it is, being determined as that safe condition passes through;Otherwise, it is determined that not passing through for safe condition.
3. embedded credible according to claim 2 calculates development device, which is characterized in that the central processing unit is to institute
It states user instruction and carries out differentiation operation, further include:
The central processing unit carries out safe differentiation to the user instruction, and after being determined as that safe condition passes through, to the use
Family instruction carries out service condition differentiation, specially:
According to the value in service condition database, judge whether have the business prerequisite for executing the user instruction;
If it is, being determined as that service condition passes through;Otherwise, it is determined that not passing through for service condition.
4. embedded credible according to claim 3 calculates development device, which is characterized in that further include:It is non-volatile to deposit
Reservoir is connect by the bus with the central processing unit, for storing the Hash databases, the safe state data
Library and the service condition database.
5. embedded credible according to claim 4 calculates development device, which is characterized in that further include:Volatile storage
Device is connect by the bus with the central processing unit.
6. embedded credible according to claim 3 calculates development device, which is characterized in that it is described according to differentiate result into
The corresponding file operation of row, specially:
The service condition differentiate differentiation result be service condition by when, according to the user instruction, to associated documents
It is written and read operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510594895.0A CN105184190B (en) | 2015-09-16 | 2015-09-16 | Embedded trusted computing development device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510594895.0A CN105184190B (en) | 2015-09-16 | 2015-09-16 | Embedded trusted computing development device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105184190A CN105184190A (en) | 2015-12-23 |
| CN105184190B true CN105184190B (en) | 2018-09-18 |
Family
ID=54906263
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510594895.0A Active CN105184190B (en) | 2015-09-16 | 2015-09-16 | Embedded trusted computing development device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105184190B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553349A (en) * | 2003-05-29 | 2004-12-08 | 联想(北京)有限公司 | Safety chip and information safety processor and processing method |
| EP1944712A2 (en) * | 2006-12-29 | 2008-07-16 | Intel Corporation | Methods and apparatus for protecting data |
| CN101894087A (en) * | 2010-07-08 | 2010-11-24 | 东南大学 | Mobile trustable computation module with USB interface |
| CN102831357A (en) * | 2012-08-24 | 2012-12-19 | 深圳市民德电子科技有限公司 | Encryption and authentication protection method and system of secondary development embedded type application program |
-
2015
- 2015-09-16 CN CN201510594895.0A patent/CN105184190B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553349A (en) * | 2003-05-29 | 2004-12-08 | 联想(北京)有限公司 | Safety chip and information safety processor and processing method |
| EP1944712A2 (en) * | 2006-12-29 | 2008-07-16 | Intel Corporation | Methods and apparatus for protecting data |
| CN101894087A (en) * | 2010-07-08 | 2010-11-24 | 东南大学 | Mobile trustable computation module with USB interface |
| CN102831357A (en) * | 2012-08-24 | 2012-12-19 | 深圳市民德电子科技有限公司 | Encryption and authentication protection method and system of secondary development embedded type application program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105184190A (en) | 2015-12-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6239788B2 (en) | Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium | |
| ES2818199T3 (en) | Security verification method based on a biometric characteristic, a client terminal and a server | |
| CN113014539B (en) | Internet of things equipment safety protection system and method | |
| EP2894810A1 (en) | Searchable Code Processing System and Method | |
| CN102576397B (en) | The checking of token and data integrity protection | |
| CN107799163A (en) | Prescription circulation methods, devices and systems based on block chain | |
| CN113014444B (en) | Internet of things equipment production test system and safety protection method | |
| KR102448333B1 (en) | Method and System for OTP authentication based on Bio-Information | |
| CN106991298A (en) | Access method, the authorization requests method and device of application program docking port | |
| KR101739203B1 (en) | Password-based user authentication method using one-time private key-based digital signature and homomorphic encryption | |
| CN112528257A (en) | Security debugging method and device, electronic equipment and storage medium | |
| US11809540B2 (en) | System and method for facilitating authentication via a short-range wireless token | |
| CN116980230B (en) | Information security protection method and device | |
| US11657899B2 (en) | Computing device | |
| CN109886662A (en) | Block chain wallet application method and system, terminal and computer readable storage medium | |
| Zhang et al. | Trusttokenf: A generic security framework for mobile two-factor authentication using trustzone | |
| CN103686711B (en) | Method for connecting network and electronic equipment | |
| CN104751042B (en) | Creditability detection method based on cryptographic hash and living things feature recognition | |
| CN109286501A (en) | Authentication method and encryption equipment for encryption equipment | |
| KR101659226B1 (en) | Method and system for remote biometric verification using fully homomorphic encryption | |
| CN105184190B (en) | Embedded trusted computing development device | |
| CN104579690B (en) | High in the clouds KEY systems and application method | |
| CN114338052A (en) | Method and device for realizing identity authentication | |
| CN112825093B (en) | Security baseline checking method, host, server, electronic device and storage medium | |
| Edwards et al. | FFDA: A novel four-factor distributed authentication mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210603 Address after: 510670 3rd, 4th and 5th floors of building J1 and 3rd floor of building J3, No.11 Kexiang Road, Science City, Luogang District, Guangzhou City, Guangdong Province Patentee after: China South Power Grid International Co.,Ltd. Address before: 510080 Guangzhou, Yuexiu District, Guangdong Province Dongfeng East Road, 6 water tower, Guangdong tower. Patentee before: POWER GRID TECHNOLOGY RESEARCH CENTER. CHINA SOUTHERN POWER GRID Patentee before: China South Power Grid International Co.,Ltd. |
|
| TR01 | Transfer of patent right |