CN106156632A - Safety device and within it provide security service to the method for main frame, safety equipment - Google Patents
Safety device and within it provide security service to the method for main frame, safety equipment Download PDFInfo
- Publication number
- CN106156632A CN106156632A CN201610326247.1A CN201610326247A CN106156632A CN 106156632 A CN106156632 A CN 106156632A CN 201610326247 A CN201610326247 A CN 201610326247A CN 106156632 A CN106156632 A CN 106156632A
- Authority
- CN
- China
- Prior art keywords
- safety
- special purpose
- safety device
- device driver
- driver
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of safety device and within it provides security service to the method for main frame, safety equipment.Security service is provided to comprise the safety command of the application program of execution on the next comfortable main frame of reception to the method for main frame in safety device.Safety command is performed by access nonvolatile memory (NVM) device, wherein non-volatile memory device by the external safety device of special purpose device driver with penetrating to application program, and special purpose device driver performs on main frame and in the catch cropping conciliation of NVM device and safety device.
Description
The mutual reference of related application
The application advocates in the U.S. Provisional Application No.62/028 that on July 24th, 2014 files an application, the rights and interests of 345,
The disclosure of which is incorporated by reference to herein.
Technical field
The present invention is to generally relate to a kind of secured computing environment, and in particular to a kind of safety device and within it carries
Method, safety equipment and computer software product for security service to main frame.
Background technology
In computing systems, believable calculating (Trusted Computing) is for such as by believable computation organization
The safe practice that (Trusted Computing Group, TCG) researched and developed and advocated.By believable calculating, by adopting
Computer behavior is realized with encryption and other safe practices.For example, it is exposed in this U.S. being incorporated by reference
State's patent publication No. 2005/0021968 elaborates a kind of method providing secure firmware to update.First checking authority is
Utilize key (key) produced by security credence (secure token) to be securely stored in platform in an encrypted form, such as may be used
Trusted platform module (Trusted Platform Module, TPM).The configuration of platform is " impressing (imprinted) ", makes
Must similarly configure and need to be used in the key of deciphering the first checking authority with access by the deblocking key to platform configuration.
During firmware renewal process subsequently, the firmware comprising the second checking authority updates image and receives on platform.If it is flat
Platform is configured to identical, when key is sealed up, can unseal key and is used in deciphering the first checking authority.?
PKI (public key) in first checking authority can be then used by being updated with checking firmware by the second checking authority
Image.
As another example, it is exposed in this U.S. Patent Publication No. 2003/0061494 being incorporated by reference and illustrates
A kind of method and system protecting computer data.Computer provides to have and is preloaded into operating system (pre-operating
System, pre-OS) space and be now loaded into operating system (operating system-present, OS-present) space.
Protection bin (protected storage) is from pre-OS spatial access by reliable platform module (TPM).Similar
Ground, protection bin is to be accessed from OS-present space by TPM.Therefore, computer can be avoided without awarding
The data that the user of power is stored in access protection bin in pre-OS space and OS-present space.
Summary of the invention
The embodiment of invention as described herein is to provide and a kind of provides security service to the side of main frame in safety device
Method, it comprises the safety command receiving the application program performed on comfortable main frame.Safety command is by access safety dress
Put outer nonvolatile memory (Non-Volatile Memory, NVM) device and be performed, the most non-volatile deposit
Reservoir is held to application program, special purpose device driver by special purpose device driver penetrating (transparently) on main frame
Row is also reconciled between NVM device and safety device.
In certain embodiments, safety device, special purpose device driver and NVM device all meet believable calculating
The respective safety criterion of tissue (Trusting Computing Group, TCG).In other embodiments, safety device with
Special purpose device driver and at least one of NVM device storage area are that the regulation enforcement according to TCG is credible
Rely console module (TPM).
In an embodiment, execution safety command is included between application program and special purpose device driver and communicates,
And safety device is in main frame as master control (master) on the safety device interface as subordinate (slave).At another
In embodiment, execution safety command is comprised and is led between special purpose device driver and NVM device by interface
Letter.In still another embodiment, perform safety command and comprise and write data into by safety device claimed apparatus driver
NVM device or from NVM device read data.
In certain embodiments, it is desirable to device driver is included in safety device internal preparation requirement, and is sent out by interface
The number of delivering letters to device driver to obtain requirement.In other embodiments, it is desirable to device driver is included in safety device
Buffer in preparation requirement, and waiting device driver is by obtaining requirement so that device driver carrys out poll buffer.
In other embodiments other, perform preparation in safety command is included in safety device and complete the execution of safety command
Time instruction respond, and indicate application program wherein to instruct response to be ready for being employed program and read.
Additionally, provide a kind of safety device according to embodiments of the invention, it comprises HPI and circuit.Main frame
Interface is to configure to receive the safety command of the application program performed on comfortable main frame.Circuit is to configure with by access
Nonvolatile memory (NVM) device is to perform safety command, and wherein non-volatile memory device is outside safety device
By special purpose device driver with penetrating to application program, and special purpose device driver performs and at NVM on main frame
Reconcile between device and safety device.
Additionally, provide a kind of safety equipment according to embodiments of the invention, it comprises the peace providing security service to main frame
Full device and the special purpose device driver performed on main frame.Device driver is that configuration is with in safety device and peace
Reconcile between nonvolatile memory (NVM) device outside full device.Safety device is to configure to receive comfortable main frame
The safety command of the application program of upper execution, and by special purpose device driver access NVM device with penetrating extremely application
Program and perform safety command.
Additionally, provide a kind of computer software product according to embodiments of the invention, it comprises and wherein stores programmed instruction
Tangible non-transitory embodied on computer readable media (tangible non-transitory computer-readable medium),
The instruction when being read by the processor of main frame, causes processor to run special purpose device driver, to pass through special purpose device
Driver is mediated between safety device and non-volatile memory device, and wherein safety device is at main frame
The application program of upper execution provides security service and nonvolatile memory (NVM) device outside safety device is penetrating extremely
Application program.
Accompanying drawing explanation
The present invention understands in the detailed description of the following embodiment of the present invention more fully by graphic for collocation:
Fig. 1 schematically illustrates the block chart of the calculating system according to embodiment as herein described;And
Fig. 2 schematically illustrates the stream of the method providing security service according to embodiment as herein described in calculating system
Cheng Tu.
Reference
20: system
24: main frame
28: safety device
32,40: interface
36: non-volatile memory device
44:CPU
48: security application
52: device driver
60: microcontroller
62: internal bus-bar
64: HPI
66: system management module
68: random access memory
72: read only memory
76: disposably can program storage
80: crypto engine
100,104,106,108,112,114,116,120,124,126,128,132: step
Detailed description of the invention
The embodiment of invention as described herein provides the method and system of a kind of safety improving calculating system.At this
In embodiment disclosed by literary composition, safety device is as the crypto-coprocessor (cryptographic for main frame
co-processor).The auxiliary of host computer safety device perform provide security service security application, its
Also referred to herein as " application program ".Security application transmits safety command to safety device, and from safety device
Receive and each instruct response.
When providing the service of security application, safety device needs to access external non-volatile memory (NVM) sometimes
Device.In the context and claim of present disclosure, word " NVM device " is even if referring to do not have merit
Also storage stored repeatedly programmable storage device (multi-time programmable storage is retained during rate
device).Exemplary NVM device comprises flash device (Flash device) and electronics can be erased, and programmable is read-only
Memorizer (Electrically Erasable Programmable Read-Only Memory, EEPROM) device.
In public technology, main frame operates in penetrating (transparently) to the safety device of security application and outer
The special purpose device driver mediated between portion's NVM device, it is also known as " device driver " in this article.
Device driver allows safety device by device driver with the outside NVM of indirect access.
Special purpose device driver passes through interface communication connecting safety device, and wherein main frame is used as master control and safety device is used
As subordinate.As subordinate, safety device directly cannot start exchange (transaction), such as outside access on interface
Portion NVM.As described herein, several mechanism are for overcoming this difficulty, although that is be under slave mode, still may be used
Exchange is started by safety device.
In exemplary embodiments, safety device receives the safety command of the security application from main frame.Work as execution
Instruction needs to be written into external NVM device or when external NVM device reads access, safety device is correspondingly wanted
Device driver is asked to access external NVM device.In certain embodiments, safety device internal preparation requirement, and lead to
Cross generation interrupt signal and be ready for requirement with notice device driver.In other embodiments, device driver passes through
Poll buffer in safety device or memory location are to obtain requirement.Device driver passes through first interface from peace
Full device reading requirement, and write data into outside NVM as requested or read data from outside NVM.Device
Driver provides from the data of outside NVM acquisition to safety device.
To external NVM device, safety device can require that multiple storage cycles are to perform safety command by device driver.
Such as, safety device can ask to perform one or more reading operations of single safety command and/or one or many
Individual write operation.Following instructions performs, and instruction response is back to security application by safety device.Instruction response can
Comprise encryption the result of operation, error reporting with and the like.
In certain embodiments, outside NVM can comprise the known NVM dress of the additional use being used in calculating system
Put.At least one of existing (typically cost is low) NVM device of safe storage, safety it is applicable to by utilization
Device could be designed without to be had internal NVM or only has miniature NVM device, uses reduction cost.
Owing to main frame is communicatively coupled with safety device by interface, wherein main frame is used as master control and safety device is used
As subordinate, interface is no longer necessary to bus-bar master control (bus mastering) and arbitration (arbitration) function, thus drops
The low complexity of interface.In addition, the interface not having bus-bar master control support can be used as.
System description
Fig. 1 schematically illustrates the block chart of the calculating system 20 according to embodiment as herein described.System 20 comprises master
Machine 24, it communicates to connect safety device 28 by first interface 32, and by the second interface 40 communicate to connect non-easily
The property lost memorizer (NVM) device 36.Safety device 28 is as the crypto-coprocessor for main frame.
Main frame 24 comprises execution security application 48 and the CPU44 of special purpose device driver 52, and it is and peace
Full device 28 provides the main frame 24 believable calculating of required execution and the function of other security strategies together.Safety applications
Program 48 is used for the operating system (OS) of execution on main frame and the common of other application programs to safety device 28 offer
Application programming interface (common application programming interface, API).
In certain embodiments, system 20 is to hold according to the standard developed by believable computation organization (TCG)
The believable calculating system of row.In this embodiment, safety device 28 can be with special purpose device driver 52 and at least
The storage area of the NVM device 36 of part jointly comprises reliable platform module (TPM).Additionally, safety applications journey
Sequence 48 can comprise TCG software and stack (TCG Software Stack, TSS).For example, it is incorporated to as ginseng at this
The three part TPM master ga(u)ge models the examined TPM that has been specification, version 1.2, the second level, revision number 116,2011 3
The moon 1.Three parts of TPM master ga(u)ge model comprise: " TPM the first major part: design principle ", " TPM
Two major parts: TPM structure " and " TPM the 3rd major part: instruction ".For example, TSS is described
In on March 7th, 2007 distribution " TCG software stack (TCG Software Stack, TSS) specification version 1.2,
The first order, errata A, Part I: instruction and structure " in, it is as with reference to citation to this paper.
In certain embodiments, believable calculating is carried out in personal computer (PC) system.It is applicable to pc user
TCG standard be described on February 24th, 1, version 1.21, errata revision number 1.00 (for
TPM family 1.2;The second level) " be applicable to TCG pc user's special implementing specification of known BIOS ", with
And on March 21st, 2013, " TCG pc user special TPM interface specification (the TPM Interface of version 1.3
Specification, TIS) " in, it is as with reference to citation to this paper.
For example, security application 48 provides safe storage service, and such as control system resource is in order to store letter
The access of breath.In certain embodiments, safety stores is pre-at some by defining one or more safe storage districts
Can access and realize under fixed condition.For example, these conditions can comprise address space, system mode, access right,
Object authority and read/write protection.
In following narration, it is assumed that security application 48 is designed to directly into interface security device 28, as above-mentioned
The regulation of the TCG specification quoted.
In certain embodiments, security application 48 is to transmit respective safety command to safety device by interface 32
28, to provide security service (such as the OS of main frame).When receiving safety command, safety device 28 decodes
Instruction also thus performs instruction.
The execution of at least some safety command relates to accessing NVM device, such as, store and capture confidential information.One
In a little embodiments, safety device comprises inside (the most small-sized) NVM.In other embodiments, replace or except
Beyond internal NVM, safety device access can be used in the system outside NVM for additional use, such as NVM
Device 36.As it has been described above, in addition to security application 48, CPU44 performs special purpose device driver 52 in peace
The catch cropping of full device 28 and NVM device 36 is reconciled.Penetrating to security application 48, device driver 52
Safety device 28 indirect access external NVM device 36 is provided.
Safety device 28 can require to access NVM device 36 from device driver 52 in every way.In an embodiment
In, safety device 28 is internal, such as, in pre-defined buffer, prepare requirement, and produce interrupt signal with logical
Know that device driver passes through interface 32 reading requirement.In another embodiment, device driver poll is at safety device
Interior buffer, to have recognized whether requirement co-pending.In still another embodiment, device driver 52 is to have ready conditions
Ground checks the buffer numerical value in safety device, such as in response to transmitting the safety command safety applications to safety device
Program.
When device driver 52 receive the write from safety device require time, device driver is stored by interface 40
Respective data in outside NVM.In certain embodiments, before issuing write requirement, safety device adds
Close and/or flag data.When device driver 52 receives the reading requirement from safety device, device driver leads to
Cross interface 40 and from outside NVM reading requirement data and transmit acquisition data to safety device by interface 32.When picking
Fetch data encrypted and labelling time, safety device can verify that and solve ciphertext data.
Interface 32 and 40 can comprise the interface being arbitrarily suitable for.For example, interface 32 can comprise low pin number and confluxes
Arrange (Low Pin Count bus, LPC), serial peripheral interface (Serial peripheral Interface, SPI) or be internally integrated
Circuit (Inter-Integrated Circuit, I2C) bus-bar.For example, interface 40 can comprise serial peripheral interface (SPI).
In certain embodiments, interface 32 and 40 comprises respective (identical or different) interface.In other embodiments,
Interface 32 and 40 can comprise same-interface, or shares one or more interface signals.
The lower half of Fig. 1 is the block chart illustrating safety device 28.In this example, safety device 28 comprises and passes through
The microcontroller 60 of multiple element interconnections of internal bus-bar 62 and safety device.Microcontroller 60 is used as
The main control unit of safety device.Safety device 28 comprises the HPI 64 being communicated to connect main frame by interface 32
Module.
Microcontroller 60 receives the safety command received by HPI 64, and may use in due course in peace
Other elements in full device perform these instructions.System management module 66 provide device element running needed for various
Signal, such as, seem power distribution, clock signal and interrupt signal.In certain embodiments, system management module
66 comprise one or more timer, and it can such as be used in time stamp (time-stamping) data.
Safety device 28 comprises random access memory (Random Access Memory, RAM) 68, and it stores temporarily
Data and the coded command of possible microcontroller 60.Read only memory (Read Only Memory, ROM) 72
Module store for the coded command of microcontroller 60.Additionally, ROM72 can store various constant value.Disposably
Can configure and depend on generating (at by program (One Time Programmable, OTP) memorizer 76 safe storage device
Production) and for the unique key of each safety device.In certain embodiments, substitute or except OTP store
Beyond device 76, safety device comprises the EEPROM that can be used with storing internal confidential and/or entity is the most reproducible
Function (Physical Unclonable Function, PUF).
Safety device 28 further includes the various encryption functions of support and the crypto engine (cryptographic of algorithm
engine)80.In certain embodiments, crypto engine 80 supports encryption primitive (crypto primitive) and algorithm,
Such as random number production method (Random Number Generation, RNG), encryption/deciphering algorithm, such as advanced
Encryption standard (Advanced Encryption Standard, AES)), for the asymmetric password algorithm of public key encryption
(Rivest-Shamir-Adleman, RSA) encryption system, error corrected code/decoding (Error Correction
Coding/Decoding) and cryptographic Hash function method (cryptographic hash function), such as secure hash is drilled
Algorithm (Secure Hash Algorithm) (SHA-256).Crypto engine 80 provides core encryption function, such as encrypt/
Deciphering and labelling and checking.
The believable calculating of pc user
In certain embodiments, the system 20 of Fig. 1 comprises PC system.Table 1 below is the TCG quoted according to top
Specification, converges the relation between various elements and the element of corresponding pc user of whole system 20.
Table 1
The configuration of the system 20 shown in Fig. 1 and safety device 28 is for purely illustrating to clearly show that concept
Exemplary arrangement.Additionally, be used as other calculating systems being arbitrarily suitable for and safety device configuration.In order to understand
The unwanted element of principle of the present invention, can be for clarity and from graphic deletion, the most various interfaces, control
Circuit, addressing circuit, sequence circuit and debugging circuit.
In the illustrative system shown in Fig. 1 configures, CPU44, safety device 28 and NVM device 36 conduct
Respective integrated circuit (ICs) performs.But, in alternative embodiments, the CPU of at least two, safety device with
And NVM device can be integrated in single multi-chip package (Multi-Chip Package, MCP) or embedded system
On respective semiconductor grain in chip (System on Chip, SoC), and can be interconnected by internal bus-bar.
The different elements of safety device 28 can use the hardware being arbitrarily suitable for perform, such as ASIC
(Application-Specific Integrated Circuit, ASIC) or field effect can plan grid array
(Field-Programmable Gate Array,FPGA).In certain embodiments, some elements of safety device can make
Perform with the combination of software or use hardware and software element.For example, in the present embodiment, crypto engine
80 and system management module 66 can perform as application specific hardware modules.As another example, stamped signature calculates (signature
And encryption/decryption function can be on the hardware being positioned at crypto engine 80, by microcontroller 60 calculation)
Perform on the software performed or according in the combination of hardware and software.
In the described and claimed of lower section, the various elements of the safety device not comprising HPI 64 are led to
It is referred to as circuit.
Typically, the CPU44 in main frame 24 comprises general processor (general-purpose processor), its
Software is programmed execution function as herein described.Software Electronically can be downloaded in processor by network,
Such as or can be provided alternatively or additionally and/or store to non-transitory tangible medium (non-transitory tangible
Media), such as magnetic storage, optical memory or electronic memory.
By the exemplary methods performed by safety device
Fig. 2 schematically illustrates the stream of the method providing security service according to embodiment as herein described in computing systems
Cheng Tu.For example, method can be performed by the safety device 28 of Fig. 1.In the described method, it is assumed that peace
Full device is the calculating system of part, such as the system 20 of (or similar in appearance to) Fig. 1.
It is (logical that method receives safety command by safety device 28 by the module of HPI 64 in receiving step 100
Cross interface 32 and connect main frame) start.Safety command is derived from security application 48, and identification is provided by safety device
One or more cryptographic services.In decoding step 104, the instruction of safety device decoding security is as the stage to be performed.
Decoded result generally comprises and requires service and the kenel of possible one or more parameters, such as, seem that identification is respective
Encryption primitive, the parameter of addressing and the dimension information relevant to the data of application service and the like.
In order to perform instruction, safety device must can access outside NVM.Safety device can determine based on order parameter
The outside NVM of access.Alternatively or additionally, this determines to can be depending on the inside flag being saved in outside NVM
(flags), parameter and other data, if necessary, also can be reduced by safety device (restored).
In write checks step 106, safety device inspection performs whether instruction requires to access outside NVM.Work as peace
When full device needs to write data into outside NVM, method gets down to encryption and markers step 108.In this example,
Order parameter comprises original plaintext data (plaintext data), and safety device such as uses crypto engine 80 to add
Close and/or labelling original plaintext data, such as safety command institute specification.The following step 108, is ready to be stored to outside
The encryption of NVM and flag data.
Requiring step 112 in write, safety device requires the data result from device driver 52 storing step 108
At outside NVM.As it has been described above, the subordinate that safety device is interface 32, it is possible to various methods require to store
Operation, as it was previously stated, such as by producing interrupt signal to main frame.In response to requiring, device driver passes through interface
32 read and the data of labelling encrypted in step 108 from safety device, and store data in outside by interface 40
In NVM.
When in step 106, when safety device need not write outside NVM, method sets about reading inspection step 114,
Wherein safety device inspection performs whether instruction requires to read the outside NVM of access.If so, method sets about reading requirement
Step 116, wherein safety device requires to read the data from outside NVM from device driver 52.In response to reading
Taking requirement, device driver 52 is read from the data required by external NVM device 36 by interface 40, and
Acquisition data is transmitted to safety device by interface 32.In deciphering and verification step 120, safety device checking and solution
Close reading data, such as, use crypto engine 80.
At subsequent step 112 or 120, or when when the inspection result of step 114 is for negative, method gets down to continue
Instruction perform step 124.In step 124, safety device performs safety command or one part, and it may use
The data captured from outside NVM.Terminate step 126 in loop, safety device checks whether and additionally accesses outside
NVM is necessary to complete to perform instruction.When needs additionally access, method loops back step 106.Otherwise,
Method gets down to respond preliminary step 128.
In step 128, safety device reserved instruction is responded, and such as it can comprise the result of encryption function, error report
And the like.In response notification step 132, safety device notice security application is ready for instruction and responds.
Similar in appearance to the above-mentioned method for claimed apparatus driver, safety device such as by producing interrupt signal, or can be pacified
Full application program can the poll pre-defined buffer in safety device, to notify security application.Safety applications
Program then passes through interface 32 and reads the instruction response from safety device, and ending method.
The method of Fig. 2 is to give by way of example, and is used as other methods being suitable for.For example, one
In a little embodiments, safety command may indicate that outside for original plaintext write NVM or reads original bright from outside NVM
Literary composition.In such embodiments, may skip step 108 and 120.
Although above-described embodiment calculates system referring especially to such as PC etc., but similar embodiment also can perform to count at other
In calculation system, such as mobile device, Internet of Things, intelligent electric meter (smart metering), automobile-used and industrial system/environment.
Disclosed technology can be used in the application of various safe storage, such as, seem clean boot (secured booting)
Or believable startup (trusted booting).For example, believable computation organization (TCG) specified in more detail is contained in
Unification extensible firmware interface (the Unified Extensible of the support clean boot function of Windows 8 operating system
Firmware Interface,UEFI).As another example, Chromium operating system comprises as believable startup
The checking of scheme starts function.These functions may utilize method described herein and system performs.
It will be appreciated that being only for example property of above-described embodiment illustrates, and the present invention is not limited to being particularly shown of this paper
And explanation.But, scope of the invention comprises combination and sub-portfolio and the affiliated skill of various features described herein
Art skilled person can carry out at reading foregoing and not be exposed in change of the prior art and amendment.As ginseng
Examine document citation and should regard as the integrated part of subject application to the file of the present patent application, unless whole and file at these
Defined in any word scope have when conflicting with definition explicitly or implicitly in this specification, then should only consider this Shen
Definition in please.
Claims (19)
1. one kind provides security service to the method for main frame in safety device, it is characterised in that described side
Method comprises:
One security service a to main frame is provided in a safety device, and receives from performing on the host
One safety command of one application program;And
By accessing a non-volatile memory device to perform described safety command, described nonvolatile memory
Device by an external described safety device of special purpose device driver with penetrating to described application program, described special
Device driver performs and on the host at described non-volatile memory device and described safety device
Catch cropping reconcile.
Method the most according to claim 1, it is characterised in that described safety device, described special dress
Set driver and described non-volatile memory device all meet the respective safety post of believable computation organization
Accurate.
Method the most according to claim 1, it is characterised in that described safety device and described special dress
Set driver and at least one of described non-volatile memory device storage area are together according to believable
The regulation enforcement reliable platform module of computation organization.
Method the most according to claim 1, it is characterised in that perform the step bag of described safety command
It is contained between described application program and described special purpose device driver foundation communication connection, and described safety device
The most described main frame is used as master control and described safety device is used as on an interface of subordinate.
Method the most according to claim 4, it is characterised in that perform the step bag of described safety command
Containing logical to set up between described special purpose device driver and described non-volatile memory device by described interface
Letter connects.
Method the most according to claim 4, it is characterised in that perform the step bag of described safety command
Require that described special purpose device driver writes data into described nonvolatile memory containing by described safety device
Device, or read data from described non-volatile memory device.
Method the most according to claim 6, it is characterised in that require described special purpose device driver
Step is included in internal preparation one requirement of described safety device, and is sent a signal to described special by described interface
Device driver is to obtain described requirement.
Method the most according to claim 6, it is characterised in that require described special purpose device driver
Step is included in preparation one requirement in a buffer of described safety device, and waits described special purpose device driver
By with buffer described in described special purpose device driver poll to obtain described requirement.
Method the most according to claim 1, it is characterised in that perform the step bag of described safety command
In being contained in described safety device, a preparation instruction when completing the execution of described safety command is responded, and indicates institute
State application program to be ready to treat that the described instruction that described application program reads is responded.
10. a safety device, it is characterised in that described safety device comprises:
One HPI, described HPI is to configure to receive the application program performed on a comfortable main frame
A safety command;And
One circuit, described circuit is that configuration is with by accessing a non-volatile memory device to perform described safety
Instruction, described non-volatile memory device is with logical by an external described safety device of special purpose device driver
Thoroughly to described application program, described special purpose device driver is to perform on the host and described non-volatile
The catch cropping of storage arrangement and described safety device is reconciled.
11. safety devices according to claim 10, it is characterised in that described safety device is with described
Special purpose device driver and at least one of described non-volatile memory device storage area basis together
The regulation enforcement reliable platform module of believable computation organization.
12. safety devices according to claim 10, it is characterised in that described circuit is to configure with logical
Cross and between described application program and described special purpose device driver, set up communication connection to perform described safety
Instruction, and the most described main frame of described safety device is used as master control and described safety device is used as subordinate
On one interface.
13. safety devices according to claim 12, it is characterised in that described circuit is to configure with logical
Cross by described interface logical to set up between described special purpose device driver and described non-volatile memory device
Letter connection performs described safety command.
14. safety devices according to claim 12, it is characterised in that described circuit is to configure to want
Described special purpose device driver is asked to write data into described non-volatile memory device or from described non-volatile
Storage arrangement reads data.
15. safety devices according to claim 14, it is characterised in that described circuit is that configuration is with pin
Described safety device is prepared in inside a requirement, and sends a signal to described special purpose device by described interface and drive
Dynamic device is to obtain described requirement.
16. safety devices according to claim 10, it is characterised in that described circuit is that configuration is with in advance
A standby instruction when completing the execution of described safety command is responded, and indicates described application program to be ready to treat institute
State the described instruction response that application program reads.
17. 1 kinds of safety equipment, it is characterised in that described safety equipment comprise:
One safety device, described safety device provides a security service to a main frame;And
One special purpose device driver, described special purpose device driver performs on the host,
Wherein said special purpose device driver is that configuration is with at described safety device and external described safety device
A non-volatile memory device catch cropping reconcile, and wherein said safety device be configure with receive come comfortable
One safety command of the application program performed on described main frame, and access institute by described special purpose device driver
State penetrating to the described application program of non-volatile memory device to perform described safety command.
18. safety equipment according to claim 17, it is characterised in that described safety device, described
Special purpose device driver and described non-volatile memory device all meet the respective of believable computation organization
Safety criterion.
19. safety equipment according to claim 17, it is characterised in that described application program and institute
Stating safety device is to configure to be communicatively coupled with described special purpose device driver by an interface, wherein said
Main frame is used as master control and described safety device is used as subordinate.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US14/714,298 | 2015-05-17 | ||
| US14/714,298 US10303880B2 (en) | 2014-07-24 | 2015-05-17 | Security device having indirect access to external non-volatile memory |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106156632A true CN106156632A (en) | 2016-11-23 |
| CN106156632B CN106156632B (en) | 2019-10-29 |
Family
ID=57354017
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610326247.1A Active CN106156632B (en) | 2015-05-17 | 2016-05-17 | Safety device and method of the security service to host, safety equipment are provided in it |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106156632B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111797440A (en) * | 2019-04-07 | 2020-10-20 | 新唐科技股份有限公司 | Security device, method and system thereof |
| CN112468300A (en) * | 2019-09-09 | 2021-03-09 | 新唐科技股份有限公司 | Key management device with bypass channel and processor chip |
| CN112487509A (en) * | 2019-09-12 | 2021-03-12 | 新唐科技股份有限公司 | Security device and security method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060107032A1 (en) * | 2004-11-17 | 2006-05-18 | Paaske Timothy R | Secure code execution using external memory |
| CN202067280U (en) * | 2010-08-25 | 2011-12-07 | 深圳中泽明芯科技有限公司 | Protective device for embedded software |
| CN102819699A (en) * | 2012-06-04 | 2012-12-12 | 珠海欧比特控制工程股份有限公司 | Processor system |
| CN104376277A (en) * | 2013-08-13 | 2015-02-25 | 华邦电子股份有限公司 | Computing device, method and system |
-
2016
- 2016-05-17 CN CN201610326247.1A patent/CN106156632B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060107032A1 (en) * | 2004-11-17 | 2006-05-18 | Paaske Timothy R | Secure code execution using external memory |
| CN202067280U (en) * | 2010-08-25 | 2011-12-07 | 深圳中泽明芯科技有限公司 | Protective device for embedded software |
| CN102819699A (en) * | 2012-06-04 | 2012-12-12 | 珠海欧比特控制工程股份有限公司 | Processor system |
| CN104376277A (en) * | 2013-08-13 | 2015-02-25 | 华邦电子股份有限公司 | Computing device, method and system |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111797440A (en) * | 2019-04-07 | 2020-10-20 | 新唐科技股份有限公司 | Security device, method and system thereof |
| CN111797440B (en) * | 2019-04-07 | 2023-05-19 | 新唐科技股份有限公司 | Security device, method and system |
| CN112468300A (en) * | 2019-09-09 | 2021-03-09 | 新唐科技股份有限公司 | Key management device with bypass channel and processor chip |
| CN112468300B (en) * | 2019-09-09 | 2023-07-04 | 新唐科技股份有限公司 | Key management device with bypass channel and processor chip |
| CN112487509A (en) * | 2019-09-12 | 2021-03-12 | 新唐科技股份有限公司 | Security device and security method |
| CN112487509B (en) * | 2019-09-12 | 2024-04-09 | 新唐科技股份有限公司 | Safety device and safety method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106156632B (en) | 2019-10-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10303880B2 (en) | Security device having indirect access to external non-volatile memory | |
| US11843705B2 (en) | Dynamic certificate management as part of a distributed authentication system | |
| US10503892B2 (en) | Remote attestation for multi-core processor | |
| US8572410B1 (en) | Virtualized protected storage | |
| EP3582129B1 (en) | Technologies for secure hardware and software attestation for trusted i/o | |
| US10536274B2 (en) | Cryptographic protection for trusted operating systems | |
| US10402567B2 (en) | Secure boot for multi-core processor | |
| JP2022528070A (en) | Verification of the ID of an emergency vehicle while driving | |
| CN106682518A (en) | Method for guaranteeing firmware security of management controller and computer apparatus | |
| US20180285600A1 (en) | Connected secure iot processor | |
| US10708061B2 (en) | Secure key storage for multi-core processor | |
| US9152576B2 (en) | Mode-based secure microcontroller | |
| CN106716435B (en) | Interface between a device and a secure processing environment | |
| Buhren et al. | Fault attacks on encrypted general purpose compute platforms | |
| CN106156632A (en) | Safety device and within it provide security service to the method for main frame, safety equipment | |
| CN103427989A (en) | Data encryption and identity authentication method oriented in environment of internet of things | |
| CN113343245B (en) | Chip secure starting method, secure chip and receiver thereof | |
| CN109684126A (en) | For the Memory Checkout method of ARM equipment and the ARM equipment of execution Memory Checkout | |
| US10169616B1 (en) | Cryptographic processing of data and instructions stored off-chip | |
| US8429423B1 (en) | Trusted platform modules | |
| US20230078138A1 (en) | Computing systems employing measurement of boot components, such as prior to trusted platform module (tpm) availability, for enhanced boot security, and related methods | |
| JP6318868B2 (en) | Authentication system and portable communication terminal | |
| CN109753453A (en) | A kind of trusted system of storage isolation | |
| CN105844147A (en) | Application attestation method and apparatus | |
| US20230015334A1 (en) | Deriving dependent symmetric encryption keys based upon a type of secure boot using a security processor |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |