CN106125627A - Trusted Internet of things implementation method based on TPM chip - Google Patents
Trusted Internet of things implementation method based on TPM chip Download PDFInfo
- Publication number
- CN106125627A CN106125627A CN201610722017.7A CN201610722017A CN106125627A CN 106125627 A CN106125627 A CN 106125627A CN 201610722017 A CN201610722017 A CN 201610722017A CN 106125627 A CN106125627 A CN 106125627A
- Authority
- CN
- China
- Prior art keywords
- information
- information acquisition
- acquisition terminal
- tpm chip
- integrity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000005516 engineering process Methods 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 5
- 230000011664 signaling Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 claims description 4
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 claims description 3
- 238000012546 transfer Methods 0.000 claims description 2
- 230000010365 information processing Effects 0.000 abstract description 2
- 238000012795 verification Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005286 illumination Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B19/00—Programme-control systems
- G05B19/02—Programme-control systems electric
- G05B19/04—Programme control other than numerical control, i.e. in sequence controllers or logic controllers
- G05B19/042—Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
- G05B19/0423—Input/output
-
- G—PHYSICS
- G05—CONTROLLING; REGULATING
- G05B—CONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
- G05B2219/00—Program-control systems
- G05B2219/20—Pc systems
- G05B2219/24—Pc safety
- G05B2219/24215—Scada supervisory control and data acquisition
Landscapes
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a trusted Internet of things realization method based on a TPM chip, which comprises the following realization processes: setting an information acquisition terminal and a management terminal, wherein the information acquisition terminal is an information acquisition device provided with a TPM chip, and the management terminal is used for receiving information acquired by the information acquisition terminal and completing information processing analysis; the integrity information of the information acquisition terminal is collected through the TPM chip, the integrity information is reported to the management terminal, and the management terminal verifies the integrity of the information acquisition terminal to judge whether the information acquisition terminal is credible or not. Compared with the prior art, the trusted Internet of things implementation method based on the TPM chip collects the integrity information of the information acquisition terminal firmware, the operating system and the running program by using the physical characteristics of the TPM chip, increases the trusted attribute for the information acquisition terminal, ensures the safety and the reliability of the information acquisition terminal of the Internet of things, and is high in practicability and easy to popularize.
Description
Technical field
The present invention relates to field of computer technology, a kind of credible Internet of Things practical, based on TPM chip
Net implementation method.
Background technology
Internet of Things is the important component part of generation information technology, is also the important development stage in " information-based " epoch,
A series of Internet of Things such as Smart Home, intelligent transportation implement the life also having come into people, the most gradually change people
Life style.
Thing thing be connected bring innovation while also bring potential safety hazard.Internet of Things with sensor technology, RFID label tag with
And embedded system technology is core, completes the collection of information, transmit and process.Once the terminal of information gathering is subject to attack
With distort, that information passing to manage end is also faced with the risk being tampered, and Internet of things system is just brought unknown by this
Risk.
The present invention proposes a kind of credible Internet of Things implementation method based on TPM chip, utilizes TPM ardware feature, collects
The complete fresh information of information acquisition terminal start-up course and the integrity information of signal handler run on it, timing to
Management end reports integrity information, management end to judge the trusted status of information acquisition terminal according to the white list safeguarded.
Summary of the invention
The technical assignment of the present invention is for above weak point, it is provided that a kind of practical, based on TPM chip credible
Internet of Things implementation method.
A kind of credible Internet of Things implementation method based on TPM chip, it realizes process and is:
First configuration information acquisition terminal and management end, wherein information acquisition terminal is the information collecting device installing TPM chip,
Management end is then for receiving the information that information acquisition terminal gathers, and completes information process analysis;
By the integrity information of TPM chip gather information acquisition terminal, and integrity information is reported management end, by managing
End verifies its integrity to judge that information acquisition terminal is the most credible.
Described information acquisition terminal built-in sensors and embedded device complete collection and the conversion of signal, and in this information
The embedded device of acquisition terminal adds TPM chip driver program so that it is with TPM chip proper communication, thus can utilize
The ardware feature of TPM chip completes the collecting function of appliance integrality information.
Described management end is for safeguarding the integrity information white list of coupled each information acquisition terminal, when information is adopted
When collection terminal sends integrity information, complete the completeness check to information acquisition terminal according to corresponding white list information.
The process that implements of described credible Internet of Things is:
Information acquisition terminal utilize sensor technology gather needed for physical signalling, physical signalling here include temperature, humidity,
Luminance signal;
Sensor device is connected in embedded device, by the signal handler completion logic control run in embedded device
System, signal processing and information transfer capability;
Embedded device adds TPM chip and TPM driver, utilizes the physical characteristic of TPM chip, calculate embedded setting
Standby firmware, bootstrap and the integrity information of signal handler, i.e. cryptographic Hash, and it is stored in the flat of TPM chip
In platform configuration register;
When uploading information, the integrity information in the platform configuration register of TPM chip is sent to together management every time
End, first judges this according to the white list of the integrity information uploaded and maintenance before management end information needed for processing system
Signals collecting terminal is the most credible, is further processed according to trusted status.
A kind of based on TPM chip the credible Internet of Things implementation method of the present invention, has the advantage that
A kind of based on TPM chip the credible Internet of Things implementation method of the present invention, adopts the information that TPM chip is dissolved into Internet of Things
Collection terminal, utilizes the physical characteristic gather information acquisition terminal firmware of TPM chip, operating system and the integrity of the program of operation
Information, increases credible attribute for information acquisition terminal, it is ensured that the secure and trusted of information acquisition of Internet of things terminal, practical, easily
In popularization.
Accompanying drawing explanation
Accompanying drawing 1 is the system construction drawing of the present invention.
Detailed description of the invention
Below in conjunction with the accompanying drawings and specific embodiment the invention will be further described.
As shown in Figure 1, the present invention provides a kind of credible Internet of Things implementation method based on TPM chip, and it realizes process
For:
First configuration information acquisition terminal and management end, wherein information acquisition terminal is the information collecting device installing TPM chip,
Management end is then for receiving the information that information acquisition terminal gathers, and completes information process analysis;By TPM chip gather information
The integrity information of acquisition terminal, and integrity information is reported management end, management end verify its integrity to judge letter
Breath acquisition terminal is the most credible.
For information acquisition terminal and management end, it is described in detail below:
Information acquisition terminal: install the information collecting device of TPM chip.Internet of Things completes letter by sensor and embedded device
Number collection and conversion, therefore, in the embedded device of information acquisition terminal add TPM chip driver program so that it is can
With TPM chip proper communication, the ardware feature of TPM chip is utilized to complete the collecting function of appliance integrality information.
Management end: the core end of credible Internet of Things information processing, accepts the information that information acquisition terminal gathers, completes information
Treatment Analysis, it is achieved service logic.Meanwhile, safeguard the integrity information white list of each information acquisition terminal being connected with oneself,
When information acquisition terminal sends integrity information, complete the integrity to information acquisition terminal according to corresponding white list information
Verification.
Based on said structure, TPM chip is dissolved into the information acquisition terminal of Internet of Things, utilizes the physical characteristic of TPM chip
Gather information acquisition terminal firmware, Bootloader and the integrity information of the program of operation, increase for information acquisition terminal
Credible attribute, it is ensured that the secure and trusted of information acquisition of Internet of things terminal.Information acquisition terminal can be by firmware in start-up course
And the integrity information of Bootloader extends to (Platform Configuration in the PCR of TPM chip
Register, platform configuration register) in, the most also can the integrity information of message handling program be extended in PCR timing,
When the management end of terminal Yu Internet of Things carry out information mutual time, the integrity information collected rises with information one to be sent
Deliver to manage end, management end verify this information acquisition terminal according to white list information table the most credible.
Further, the present invention utilizes the integrity information of TPM chip gather information acquisition terminal, and by integrity information
Report management end program, by management its integrity of end program ver-ify to judge that information acquisition terminal is the most credible.
Information acquisition terminal utilizes the physical signalling needed for sensor technology collection, such as signals such as temperature, humidity, illumination.
Sensor device is connected in embedded device, the signal handler completion logic run in embedded device control, believe
Number process and the function such as information transmission.Embedded device adds TPM chip and TPM driver, utilizes the thing of TPM chip
Reason characteristic, calculates the integrity information (cryptographic Hash) of embedded device firmware, bootstrap and signal handler, and will
It is stored in the PCR of TPM chip.When uploading information, the integrity information in TPM PCR is sent to together pipe every time
Reason end.First judge according to the white list of the integrity information uploaded and maintenance before management end information needed for processing system
This signals collecting terminal is the most credible, is further processed according to trusted status.
In the embedded device of information acquisition terminal, TPM driver to be added completes and the communication of TPM chip, the most real
Existing TPM_PCR_Extend order, the cryptographic Hash calculated can be extended in the PCR specified by this order.Meanwhile, information is sent out
Sending module must realize TPM_PCR_Read order, this order can read the content specifying PCR, by it after reading integrity information
Pass to manage end together with system information, management end complete the credible verification of information acquisition terminal.
Before above-mentioned steps is disposed, management end must calculate the trusted status value of information acquisition terminal all parts, i.e. believes
The breath firmware of acquisition terminal, bootstrap, the cryptographic Hash of signal handler, be stored in integrity information white list work
Reference value for credible verification.
So, the embedded device of information acquisition terminal, when starting every time, can calculate consolidating used in this startup
Part, the integrity information of Bootloader are also stored in TPM chip.After signal handler runs, embedded set
The standby cryptographic Hash that can regularly calculate signal handler, is stored in PCR.Information acquisition module is carried out with management end every time
When information is mutual, information acquisition module, in addition to uploading system signal, must also upload the integrity information left in TPM PCR,
After management termination receives integrity information, from white list, obtain reference value and this integrity information uploaded ratio of verification
Right, obtain the trusted status of information acquisition terminal.
Above-mentioned detailed description of the invention is only the concrete case of the present invention, and the scope of patent protection of the present invention includes but not limited to
Above-mentioned detailed description of the invention, the right of any a kind of based on TPM chip credible Internet of Things implementation method meeting the present invention is wanted
Suitably change that it is done by ask book and any described technical field those of ordinary skill or replace, all should fall into the present invention
Scope of patent protection.
Claims (4)
1. a credible Internet of Things implementation method based on TPM chip, it is characterised in that it realizes process and is:
First configuration information acquisition terminal and management end, wherein information acquisition terminal is the information collecting device installing TPM chip,
Management end is then for receiving the information that information acquisition terminal gathers, and completes information process analysis;
By the integrity information of TPM chip gather information acquisition terminal, and integrity information is reported management end, by managing
End verifies its integrity to judge that information acquisition terminal is the most credible.
A kind of credible Internet of Things implementation method based on TPM chip the most according to claim 1, it is characterised in that described
Information acquisition terminal built-in sensors and embedded device complete collection and the conversion of signal, and embedding at this information acquisition terminal
Enter addition TPM chip driver program in formula equipment so that it is with TPM chip proper communication, thus the hardware of TPM chip can be utilized
Characteristic completes the collecting function of appliance integrality information.
A kind of credible Internet of Things implementation method based on TPM chip the most according to claim 1, it is characterised in that described
Management end is for safeguarding the integrity information white list of coupled each information acquisition terminal, when information acquisition terminal has sent
During whole property information, complete the completeness check to information acquisition terminal according to corresponding white list information.
4. according to a kind of based on TPM chip the credible Internet of Things implementation method described in Claims 2 or 3, it is characterised in that institute
The process that implements stating credible Internet of Things is:
Information acquisition terminal utilize sensor technology gather needed for physical signalling, physical signalling here include temperature, humidity,
Luminance signal;
Sensor device is connected in embedded device, by the signal handler completion logic control run in embedded device
System, signal processing and information transfer capability;
Embedded device adds TPM chip and TPM driver, utilizes the physical characteristic of TPM chip, calculate embedded setting
Standby firmware, bootstrap and the integrity information of signal handler, i.e. cryptographic Hash, and it is stored in the flat of TPM chip
In platform configuration register;
When uploading information, the integrity information in the platform configuration register of TPM chip is sent to together management every time
End, first judges this according to the white list of the integrity information uploaded and maintenance before management end information needed for processing system
Signals collecting terminal is the most credible, is further processed according to trusted status.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610722017.7A CN106125627A (en) | 2016-08-25 | 2016-08-25 | Trusted Internet of things implementation method based on TPM chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610722017.7A CN106125627A (en) | 2016-08-25 | 2016-08-25 | Trusted Internet of things implementation method based on TPM chip |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106125627A true CN106125627A (en) | 2016-11-16 |
Family
ID=57274488
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610722017.7A Pending CN106125627A (en) | 2016-08-25 | 2016-08-25 | Trusted Internet of things implementation method based on TPM chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106125627A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020052202A1 (en) * | 2018-09-10 | 2020-03-19 | Shenzhen GOODIX Technology Co., Ltd. | Low power embedded device using a write-once register to speed up the secure boot from sleep states of the device |
| CN110933058A (en) * | 2019-11-21 | 2020-03-27 | 深圳渊联技术有限公司 | Internet of things system and safety control method thereof |
| CN110933057A (en) * | 2019-11-21 | 2020-03-27 | 深圳渊联技术有限公司 | Internet of things security terminal and security control method thereof |
| CN113722768A (en) * | 2021-09-06 | 2021-11-30 | 安徽人和智能制造有限公司 | File security storage equipment RFID middleware system based on 5g Internet of things |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1554551A (en) * | 2003-12-29 | 2004-12-15 | 成都广成电子技术有限公司 | Safety device for railway crossing construction |
| WO2011073899A1 (en) * | 2009-12-16 | 2011-06-23 | Nxp Bv | Data processing apparatus |
| CN102355467A (en) * | 2011-10-18 | 2012-02-15 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN202160185U (en) * | 2011-07-04 | 2012-03-07 | 广东宏景科技有限公司 | Credible electronic signature terminal of machine room |
| CN102497647A (en) * | 2011-12-14 | 2012-06-13 | 华南理工大学 | Integrity verifying and evaluating method for monitoring system of internet of things |
| CN103166952A (en) * | 2012-11-16 | 2013-06-19 | 太原科技大学 | Embedded type vehicle-mounted data collection terminal |
| US20150012748A1 (en) * | 2012-01-19 | 2015-01-08 | Goertek, Inc. | Method And System For Protecting Data |
| CN105242659A (en) * | 2014-06-05 | 2016-01-13 | 北车大连电力牵引研发中心有限公司 | Locomotive running data recording method, TCU (traction control unit) terminal and locomotive running data recording system |
-
2016
- 2016-08-25 CN CN201610722017.7A patent/CN106125627A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1554551A (en) * | 2003-12-29 | 2004-12-15 | 成都广成电子技术有限公司 | Safety device for railway crossing construction |
| WO2011073899A1 (en) * | 2009-12-16 | 2011-06-23 | Nxp Bv | Data processing apparatus |
| CN202160185U (en) * | 2011-07-04 | 2012-03-07 | 广东宏景科技有限公司 | Credible electronic signature terminal of machine room |
| CN102355467A (en) * | 2011-10-18 | 2012-02-15 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN102497647A (en) * | 2011-12-14 | 2012-06-13 | 华南理工大学 | Integrity verifying and evaluating method for monitoring system of internet of things |
| US20150012748A1 (en) * | 2012-01-19 | 2015-01-08 | Goertek, Inc. | Method And System For Protecting Data |
| CN103166952A (en) * | 2012-11-16 | 2013-06-19 | 太原科技大学 | Embedded type vehicle-mounted data collection terminal |
| CN105242659A (en) * | 2014-06-05 | 2016-01-13 | 北车大连电力牵引研发中心有限公司 | Locomotive running data recording method, TCU (traction control unit) terminal and locomotive running data recording system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020052202A1 (en) * | 2018-09-10 | 2020-03-19 | Shenzhen GOODIX Technology Co., Ltd. | Low power embedded device using a write-once register to speed up the secure boot from sleep states of the device |
| CN110933058A (en) * | 2019-11-21 | 2020-03-27 | 深圳渊联技术有限公司 | Internet of things system and safety control method thereof |
| CN110933057A (en) * | 2019-11-21 | 2020-03-27 | 深圳渊联技术有限公司 | Internet of things security terminal and security control method thereof |
| CN110933057B (en) * | 2019-11-21 | 2021-11-23 | 深圳渊联技术有限公司 | Internet of things security terminal and security control method thereof |
| CN113722768A (en) * | 2021-09-06 | 2021-11-30 | 安徽人和智能制造有限公司 | File security storage equipment RFID middleware system based on 5g Internet of things |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106125627A (en) | Trusted Internet of things implementation method based on TPM chip | |
| CN105938450B (en) | The method and system that automatic debugging information is collected | |
| KR101327680B1 (en) | Apparatus, system and method for upgrading firmware of energy device | |
| CN103501304A (en) | Method and device for controlling unauthorized access of web system | |
| CN103200395B (en) | A kind of intelligent newspapers barrier optical transmitter and receiver and network management client end system thereof | |
| CN109492406A (en) | Monitor the methods, devices and systems of kernel loophole attack | |
| CN105005474B (en) | A kind of pair of Android phone information carries out the micromodule equipment and extracting method of secret extraction | |
| US11341842B2 (en) | Metering data management system and computer readable recording medium | |
| CN106055361A (en) | Integrated firmware implementation method and system based on various different models of BMC (baseboard management controller) | |
| CN105425065A (en) | Intelligent household electrical appliance automatic production test system and method | |
| CN103714501A (en) | Method and system for medical equipment information acquisition, integration, configuration and detection maintenance | |
| CN106485140A (en) | A kind of upgrade method of electric energy meter and upgrade-system | |
| CN106818581A (en) | A kind of many breed in stew intelligence control systems | |
| CN113038084B (en) | State identification method, device and system | |
| CN105335316A (en) | Motor assembling line serial port server based on cloud computation | |
| CN101777003A (en) | Method for remotely updating program of industrial fuel gas meter data reader | |
| CN108615062B (en) | Method for storing and verifying information of field culture position | |
| CN107040532B (en) | Data evaluation device using verification code for verification | |
| CN104702598B (en) | A kind of intelligent grid distributed networking protocol safety detecting method | |
| CN204331878U (en) | Control circuit in a kind of managing system of car parking | |
| CN103425580A (en) | Method for automatically and rapidly obtaining and calibrating configuration information of cloud computing device | |
| CN111680104A (en) | Data synchronization method and device, computer equipment and readable storage medium | |
| CN102799804A (en) | Comprehensive identification method and system for security of unknown file | |
| CN106612215A (en) | Integrated remote detection device and method based on Ethernet | |
| CN104063910A (en) | Intelligent patrol system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20161116 |
|
| WD01 | Invention patent application deemed withdrawn after publication |