CN109145627A - A kind of method and relevant apparatus of data processing - Google Patents
A kind of method and relevant apparatus of data processing Download PDFInfo
- Publication number
- CN109145627A CN109145627A CN201811033141.8A CN201811033141A CN109145627A CN 109145627 A CN109145627 A CN 109145627A CN 201811033141 A CN201811033141 A CN 201811033141A CN 109145627 A CN109145627 A CN 109145627A
- Authority
- CN
- China
- Prior art keywords
- tpcm
- password
- data
- reading
- matched
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The embodiment of the invention discloses a kind of method of data processing, the method is applied to credible platform control module TPCM, comprising: when receiving reading and writing data instruction, obtains password to be matched;Judge whether the password to be matched and preset password are consistent according to reading and writing data instruction;If the password to be matched is consistent with the preset password, is instructed according to the reading and writing data and target data is written and read in the TPCM.The embodiment of the invention also discloses a kind of data processing equipments.It is provided a method in the embodiment of the present invention, realizes the encipherment protection to data, improve the safety of data.
Description
Technical field
The present invention relates to data security arts more particularly to the methods and relevant apparatus of a kind of data processing.
Background technique
Credible platform control module (trusted platform control module, TPCM) can also be referred to as credible
Chip is a branch in Research on Trusted Computing field, is proposed by the auspicious academician of Shen Chang.TPCM has been in step in China at present
Section, there are no large-scale applications.TPCM is the kernel control module of credible calculating platform, it is physically mentioned for trusted application
Three root of trust are supplied: credible measurement root, trusted storage root and credible report root.Based on this, it is flat to expand trust computing
Credible metric function, trusted storage function and the credible function of reporting of platform.TPCM thought is based on cryptographic algorithm, in system
Data encrypted, authentication carried out to the user of access system, and the thought based on trust computing establishes system platform
Trust chain, to establish to the safety protection mechanism of system.
Nonvolatile memory (non-volatile memory, NVM) refers to the data stored after electric current is turned off
The data storage that will not be disappeared., whether can be when system uses at any time with the data in memory in nonvolatile memory
It is rewritten as standard, two major class products, i.e. read-only memory (read-only memory, ROM) and flash memory can be divided into
(flash memory)。
In the prior art, when carrying out the write-in and reading of data using nonvolatile memory, usually without any
Encryption, such write-in and reading do not have any protective effect to data, and the safety of data is very low.
Summary of the invention
The embodiment of the invention provides a kind of method of data processing and relevant apparatus, data are stored to can encrypt
In TPCM, the encipherment protection to data is realized, improves the safety of data.
In view of this, first aspect present invention provides a kind of method of data processing, the method is applied to credible flat
Platform control module TPCM, comprising:
When receiving reading and writing data instruction, password to be matched is obtained;
Judge whether the password to be matched and preset password are consistent according to reading and writing data instruction;
If the password to be matched is consistent with the preset password, instructed according to the reading and writing data in the TPCM
Target data is written and read.
In conjunction with the embodiment of the present invention in a first aspect, in the first possible implementation of the first aspect, when described
When read-write operation is write operation, the method also includes:
According to the available quantity of the memory space in TPCM described in the reading and writing data command detection;
If the available quantity that testing result is the memory space is greater than or equal to target data size, according to the data
The target data is written in read write command in the TPCM;
If the available quantity that the testing result is the memory space is less than the target data size, it is dynamic to trigger alarm
Make.
In conjunction with the embodiment of the present invention in a first aspect, in the second possible implementation of the first aspect, when described
When read-write operation is read operation, the method also includes:
The target data in the TPCM is read according to reading and writing data instruction.
In conjunction with any one of second of possible implementation of first aspect to first aspect of the embodiment of the present invention
Implementation, it is described according to the reading and writing data in the third possible implementation of the first aspect of the embodiment of the present invention
After instruction judges whether the password to be matched and the preset password are consistent, the method also includes:
If the password to be matched and the preset password are inconsistent, export prompt information and terminate the read-write behaviour
Make.
In the third possible implementation in conjunction with the first aspect of the embodiment of the present invention, first party of the embodiment of the present invention
In the 4th kind of possible implementation in face, before the acquisition password to be matched, the method also includes:
The TPCM is powered on, and authentication behaviour is carried out to BIOS chip BIOS chip using the TPCM
Make;
If the TPCM authenticates successfully the BIOS chip, the BIOS chip is powered on.
Second aspect of the present invention provides a kind of data processing equipment, and the data processing equipment includes:
Module is obtained, for obtaining password to be matched when receiving reading and writing data instruction;
Judgment module, the reading and writing data instruction for being received according to the acquisition module judge described to be matched
Whether password is consistent with preset password;
Module for reading and writing, if judging that the password to be matched is consistent with the preset password for the judgment module,
It is instructed according to the reading and writing data and target data is written and read in TPCM.
In conjunction with the second aspect of the embodiment of the present invention, in the first possible implementation of the second aspect, provide
A kind of data processing equipment, comprising:
The detection module, for the available of the memory space in the TPCM according to the reading and writing data command detection
Amount;
The module for reading and writing, if the testing result for being also used to the detection module detection is the available quantity of the memory space
More than or equal to the target data size, then the number of targets is written in the TPCM according to reading and writing data instruction
According to;
Alarm module, if the testing result for detection module detection is less than institute for the available quantity of the memory space
Target data size is stated, then triggers actuation of an alarm.
In conjunction with the second aspect of the embodiment of the present invention, in a second possible implementation of the second aspect, provide
A kind of data processing equipment, comprising:
The module for reading and writing is also used to instruct the target data read in the TPCM according to the reading and writing data.
In conjunction with any one of second of possible implementation of second aspect to second aspect of the embodiment of the present invention
Implementation in the third possible implementation of the second aspect of the embodiment of the present invention, provides a kind of data processing dress
It sets, comprising:
The warning device, if being also used to the judgment module judges the password to be matched and the preset password not
Unanimously, then it exports prompt information and terminates the read-write operation.
In the third possible implementation in conjunction with the second aspect of the embodiment of the present invention, second party of the embodiment of the present invention
In the 4th kind of possible implementation in face, a kind of data processing equipment is provided, comprising:
Authentication module, for being powered on to the TPCM, and using the TPCM to BIOS chip BIOS
Chip carries out authentication operations;
If the TPCM authenticates successfully the BIOS chip, the BIOS chip is powered on.
As can be seen from the above technical solutions, the embodiment of the present invention has the advantage that
In the embodiment of the present invention, the method and relevant apparatus of a kind of data processing are provided, data are stored to can add
In close TPCM, the encipherment protection to data is realized, improves the safety of data.
Detailed description of the invention
Fig. 1 is the structure composition schematic diagram of TPCM in the embodiment of the present invention;
Fig. 2 is one embodiment schematic diagram of the method for data processing in the embodiment of the present invention;
Fig. 3 is one embodiment schematic diagram of data processing equipment in the embodiment of the present invention;
Fig. 4 is another embodiment schematic diagram of data processing equipment in the embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those skilled in the art's every other implementation obtained without creative efforts
Example, shall fall within the protection scope of the present invention.
Description and claims of this specification and term " first ", " second ", " third ", " in above-mentioned attached drawing
The (if present)s such as four " are to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should manage
The data that solution uses in this way are interchangeable under appropriate circumstances, so that the embodiments described herein can be in addition to illustrating herein
Or the sequence other than the content of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that
Cover it is non-exclusive include, for example, containing the process, method, system, product or equipment of a series of steps or units need not limit
In step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, produce
The other step or units of product or equipment inherently.
In the embodiment of the present invention, the method and relevant apparatus of a kind of data processing are provided, data are stored to can add
In close TPCM, the encipherment protection to data is realized, improves the safety of data.
It should be understood that present invention is mainly applied in TPCM, in order to make it easy to understand, referring to Fig. 1, Fig. 1 is that the present invention is implemented
The structure composition schematic diagram of TPCM in example.
As shown in Figure 1, TPCM credible platform control module can be roughly divided into enforcement engine, non-volatile memory cells,
Key generator, cryptographic algorithm engine, volatile memory cell, randomizer, timer and input-output unit, respectively
It is connected between a functional unit by communication bus.Wherein, enforcement engine is operation execution unit, the nonvolatile memory of TPCM
For the storage unit for storing permanent data, in the embodiment of the present invention, the region of target data storage be nonvolatile memory, its
Details are not described herein again for the effect of its functional unit.
TPCM is a kind of hardware module being integrated in credible platform, it is mainly used for establishing and ensureing trusting source point, is mentioned
For a series of function of trust computings such as integrity measurement, secure storage, credible report and cryptographic service, TPCM is most important
Innovation is to be combined using symmetric cryptography with asymmetric cryptography, improves safety and efficiency, using double certificate structure, simplifies card
Book management, improves availability and pipe, and TPCM is as autonomous controllable credible with trusted sources root being implanted into, in trusted cryptography
It is subject to root of trust control function on the basis of module (trusted cryptography module, TCM), realizes password and control
System is combined using TPCM as the active control of root and metric function, and TPCM starts prior to central processor CPU, is tested BIOS
Card, changes conventional thought of the credible platform module as passive equipment, credible platform module is designed as active control section
Point realizes TPCM to the active control of entire platform, inherits the cryptographic algorithm for meeting credible password module specification in TPCM
Module, active metric element and bus control arbiter, structure can be found in Fig. 1.
Wherein, asymmetric cryptographic algorithm is using elliptic curve cryptography, including three subalgorithms: elliptic curve
Word signature algorithm (SM2-1), Elliptic Curve Key-Exchange Protocol (SM2-2) and elliptic curve public key cryptographic algorithm (SM2-3).
For symmetry algorithm using SM-4 algorithm, which is a grouping algorithm, and block length is 128 bits, and key length 128 compares
It is special.Encryption Algorithm and key schedule are all using 32 wheel nonlinear iteration structures, the knot of decipherment algorithm and Encryption Algorithm
Structure is identical, and only the use sequence of round key is on the contrary, decryption round key is the backward of encryption round key.It, can using cipher mechanism
The data that also can protect the computer where TPCM operation with the data inside TPCM and the calculating where with TPCM operation
Machine establishes the data of other computers of communication connection, is not construed as limiting herein.Above-mentioned cipher mechanism is packaged in TPCM,
TPCM is the set of hardware and firmware, can use independent packing forms, can also be using for specific integrated circuit
(application specific integrated circuits, ASIC) or field programmable gate array (field
Programmable gate array, FPGA) etc. modes together with other types integrated chip, realize function.
The method of data processing in the present invention is explained below, referring to Fig. 2, in the embodiment of the present invention, at data
One embodiment schematic diagram of the method for reason, comprising:
101, when receiving reading and writing data instruction, password to be matched is obtained;
In the present embodiment, reading and writing data instruction may include the Data Identification of target data, which includes target
The title and destination data storage location information of data, TPCM are a kind of credible chip run in computer, when TPCM is received
To when reading and writing data instruction, the password to be matched of reading and writing data instruction sender's input is carried in reading and writing data instruction,
TPCM obtains the password.
Wherein, the input mode of the code characters of the password to be matched of sender's input may include: to pass through order line
Password input instruction inputs in interface, can also be inputted by Password Input frame in graphical interfaces, is not construed as limiting herein.
102, judge whether password and preset password to be matched are consistent according to reading and writing data instruction;
In the present embodiment, after TPCM obtains password to be matched according to the reading and writing data instruction received, and it is stored in
Preset password in TPCM is compared, and whether the password and preset password to judge to be matched are consistent.Preset password is pre-
The password for the TPCM being first arranged, TPCM are located at the memory space of nonvolatile memory in TPCM using preset password protection.
Preset password is made of at least one character, when character is two or more, word in the password string of preset password
Sequence between symbol can be arbitrary, the character in the embodiment of the present invention, can be Arabic numerals, capitalization, small letter
One or more compositions in other symbols such as letter and underscore are generally at least the character string of 8 character compositions, such as
Preset password can be abcd1234, can also be AbcD1234, can also be bAcd1 # etc..
Wherein, judge password to be matched and the whether consistent method of preset password includes: TPCM by password to be matched
It is compared with preset password, when whether the password string of password to be matched and the password string of preset password are one a pair of
It answers.The method of judgement further include: the password string for the password to be matched that will acquire is advised by the preset encryption of TPCM
Then handle, be compared using treated password string with the password string of preset password, judge whether it is consistent, herein
It is not construed as limiting.
If 103, password to be matched is consistent with preset password, according to reading and writing data instruction TPCM to target data into
Row read-write operation;
In the present embodiment, password to be matched is compared TPCM with preset password, when the password of password to be matched
When the password string of character string and preset password corresponds, such as the password string of password to be matched are as follows:
ABcd1234, the password string of preset password are as follows: ABcd1234 judges that password to be matched is consistent with preset password, according to
Reading and writing data instruction is written and read target data in TPCM, and wherein target data is reading and writing data instruction
Data.
In the embodiment of the present invention, firstly, TPCM receive reading and writing data instruction, and obtain carried in the instruction it is to be matched
Password, secondly, the password to be matched that TPCM will acquire is compared with the preset password being stored in inside TPCM, judgement
Whether the two is consistent, if password to be matched is consistent with preset password, according to reading and writing data instruction to target in TPCM
Data are written and read.By the above-mentioned means, when needing that target data is written into TPCM to or is read out from TPCM mesh
When marking data, be required to input password just can successfully complete only under the password of input and the correct situation of preset password
Read-write operation improves the safety of data.
Optionally, on the basis of the method for the first data processing provided in the corresponding embodiment of the present invention of Fig. 2, this
In the embodiment of the method for second of data processing that inventive embodiments provide, when read-write operation is write operation, method is also wrapped
It includes:
According to the available quantity of the memory space in reading and writing data command detection TPCM;
If the available quantity that testing result is memory space is greater than or equal to target data size, instructed according to reading and writing data
Target data is written in TPCM;
If the available quantity that testing result is memory space is less than target data size, actuation of an alarm is triggered.
In the present embodiment, when read-write operation is write operation, according to memory space in reading and writing data command detection TPCM
Available quantity instructs if the available quantity that testing result is memory space is greater than or equal to target data size according to reading and writing data
Target data is written in TPCM, if the available quantity that testing result is memory space is less than target data size, triggers alarm
Movement.In order to avoid the usage amount of the memory space in TPCM in nonvolatile memory is more than target data size, needing
When the memory space that related target data is written to, TPCM can be instructed according to reading and writing data and be judged automatically current memory space
Available quantity whether be more than the target data to be written size, it is available if it does, TPCM will trigger actuation of an alarm
Buzzer and/or indicator light alarm prompt, facilitate related staff that can make corresponding processing according to the prompt, if do not had
It is more than that can be instructed according to reading and writing data and memory space is written into target data.It is understood that selecting buzzer and/or referring to
Show lamp warning note, the type of warning device is not construed as limiting herein.
It may include: target data in the Data Identification according to target data that the specific method of target data, which is wherein written,
Storage location information finds the storage address of the target data in other memories, using in the Data Identification of target data
Including the title of target data read the target data in the storage address of the target data in other memories, TPCM points
The available storage address of nonvolatile memory in TPCM is coordinated in store the target data and complete write operation.
In the embodiment of the present invention, before target data is written, according to read write command detect TPCM in memory space can
Dosage, in the case where available quantity is greater than or equal to presently written target data size, just writable target data, can be used
In the case that amount is less than presently written target data size, TPCM triggers actuation of an alarm.By the above method, in target data
In the case that size is greater than TPCM memory space available quantity, write-in target data failure at this time is prompted, ensure that knowing for write-in side
Feelings power, to make counter-measure, improves the feasibility of scheme.
Optionally, on the basis of the method for the first data processing provided in the corresponding embodiment of the present invention of Fig. 2, this
In the embodiment of the method for the third data processing that inventive embodiments provide, when read-write operation is read operation, method is also wrapped
It includes:
The target data read in TPCM is instructed according to reading and writing data.
In the present embodiment, when read-write operation is read operation, TPCM according to reading and writing data instruct in the target data that carries
Data Identification search TPCM nonvolatile memory in target data and read the target data, read method can wrap
It includes: according to the storage location information of target data in the Data Identification of target data, finding the non-volatile memories in TPCM
The storage address of target data in device, using the title for the target data for including in the Data Identification of target data in the non-of TPCM
The target data is read in the storage address of target data in volatile memory.
In the embodiment of the present invention, when password to be matched is consistent with preset password, TPCM is instructed according to reading and writing data and is read
The target data in TPCM is taken, by the above-mentioned means, encrypt to the target data being stored in TPCM, when reading is needed
Inputting just can successfully read with the consistent password of preset password, improve the safety of data.
Optionally, the method for the first data processing provided in the corresponding embodiment of the present invention of Fig. 2 to the third number
On the basis of any method in the method for processing, the implementation of the method for the 4th kind of data processing provided in an embodiment of the present invention
In example, after judging whether password and preset password to be matched are consistent according to reading and writing data instruction, method further include:
If password to be matched is inconsistent with preset password, exports prompt information and terminate read-write operation.
In the present embodiment, password to be matched is compared TPCM with preset password, when the password of password to be matched
Character string and the password string of preset password not to it is corresponding when password for example to be matched password string are as follows: ABcc1234,
The password string of preset password are as follows: ABcd1234 judges that password and preset password to be matched are inconsistent, if TPCM judge to
Matched password and preset password are inconsistent, then export prompt information and terminate read-write operation.
Wherein, output prompt information for prompt reading and writing data instruct sender, password to be matched currently entered with
Preset password is inconsistent, needs to re-enter password if to continue to execute data read-write operation, exports the mode of prompt information
It may include triggering actuation of an alarm, prompted using buzzer and/or indicator light alarm, it can also be by the display that is connected with TPCM
Device shows the prompting frame or prompt command of current password input error, is not construed as limiting herein.
In the embodiment of the present invention, if TPCM judges that password to be matched is inconsistent with preset password, prompt information is exported
And terminate read-write operation, read-write operation, data are terminated when the password and preset password of input are inconsistent by the above method
It is only supplied to the trusted party operation that can input proper password, improves the safety of data.
Optionally, on the basis of the method for the 4th kind of data processing provided in the corresponding embodiment of the present invention of Fig. 2, this
In the embodiment of the method for the 5th kind of data processing that inventive embodiments provide, before obtaining password to be matched, method is also wrapped
It includes:
TPCM is powered on, and authentication operations are carried out to BIOS chip BIOS chip using TPCM;
If TPCM authenticates successfully BIOS chip, BIOS chip is powered on.
It is before obtaining password to be matched, i.e., right first when the computer for running TPCM powers in the present embodiment
TPCM is powered on, TPCM after the power-up, TPCM actively to BIOS chip carry out authentication operations, authentication operations include to BIOS chip into
Row measurement after authenticating successfully, acts on behalf of (extension using more measurements to judge whether BIOS chip is credible
Measurement mode, EMM) trust chain is established, TPCM powers on BIOS chip, and BIOS chip starts to each of computer
Hardware is powered up self-test (power on self test, POST) and each external equipment being connected with computer of initialization simultaneously
The starting of operating system program in computer is guided, to complete the start-up operation of computer.
In the embodiment of the present invention, since TPCM has the function of measuring first, before obtaining password to be matched, that is, exist
The computer of operation TPCM first powers on TPCM when powering on, and is measured using TPCM to BIOS chip, to judge that BIOS is
It is no credible, trust chain is established, after ensuring that BIOS chip is credible, is allowing BIOS chip electrifying startup.By the above method,
Since TPCM, first executed after computer booting instructs in TPCM the starting point of measurement, and due to the trust of TPCM
In TPCM, external hardware and software cannot all intervene root, ensured that TPCM is run in safe computer environment, mentioned
The safety for having risen data improves the feasibility of scheme.
Data processing equipment in the present invention is described in detail below, referring to Fig. 3, Fig. 3 is in the embodiment of the present invention
One embodiment schematic diagram of data processing equipment, the first optional reality of data processing equipment 20 provided in an embodiment of the present invention
It applies in example, data processing equipment 20 includes:
Module 201 is obtained, for obtaining password to be matched when receiving reading and writing data instruction;
Judgment module 202, for according to obtain the reading and writing data instruction that module 201 receives judge password to be matched and
Whether preset password is consistent;
Module for reading and writing 203, if judging that password to be matched is consistent with preset password for judgment module 202, according to number
Target data is written and read in TPCM according to read write command.
In the present embodiment, module 201 is obtained, for obtaining password to be matched when receiving reading and writing data instruction;Sentence
Disconnected module 202, the reading and writing data instruction for being received according to acquisition module 201 judge that password to be matched is with preset password
It is no consistent;Module for reading and writing 203, if judging that password to be matched is consistent with preset password for judgment module 202, according to data
Read write command is written and read target data in TPCM.
In the embodiment of the present invention, firstly, TPCM receive reading and writing data instruction, and obtain carried in the instruction it is to be matched
Password, secondly, the password to be matched that TPCM will acquire is compared with the preset password being stored in inside TPCM, judgement
Whether the two is consistent, if password to be matched is consistent with preset password, according to reading and writing data instruction to target in TPCM
Data are written and read.By the above-mentioned means, when needing that target data is written into TPCM to or is read out from TPCM mesh
When marking data, be required to input password just can successfully complete only under the password of input and the correct situation of preset password
Read-write operation improves the safety of data.
Optionally, on the basis of the first alternative embodiment of the corresponding data processing equipment 20 of above-mentioned Fig. 3, such as Fig. 4
Shown, in second of alternative embodiment of data processing equipment 20 provided in an embodiment of the present invention, data processing equipment 20 is also wrapped
Detection module 204 and alarm module 205 are included,
Detection module 204, for the available quantity according to the memory space in reading and writing data command detection TPCM;
Module for reading and writing 203, if be also used to detection module 204 detection testing result be memory space available quantity be greater than or
Equal to target data size, then target data is written in TPCM according to reading and writing data instruction;
Alarm module 205, if the available quantity for the testing result that detection module 204 detects to be memory space is less than target
Size of data then triggers actuation of an alarm.
In the embodiment of the present invention, before target data is written, according to read write command detect TPCM in memory space can
Dosage, in the case where available quantity is greater than or equal to presently written target data size, just writable target data, can be used
In the case that amount is less than presently written target data size, TPCM triggers actuation of an alarm.By the above method, in target data
In the case that size is greater than TPCM memory space available quantity, write-in target data failure at this time is prompted, ensure that knowing for write-in side
Feelings power, to make counter-measure, improves the feasibility of scheme.
Optionally, the first optional implementation of the data processing equipment 20 provided in the corresponding embodiment of the present invention of Fig. 3
On the basis of example, in the third alternative embodiment of the third data processing equipment 20 provided in an embodiment of the present invention,
Module for reading and writing 203 is also used to instruct the target data read in TPCM according to reading and writing data.
In the embodiment of the present invention, when password to be matched is consistent with preset password, TPCM is instructed according to reading and writing data and is read
The target data in TPCM is taken, by the above-mentioned means, encrypt to the target data being stored in TPCM, when reading is needed
Inputting just can successfully read with the consistent password of preset password, improve the safety of data.
Optionally, provided in the corresponding embodiment of the present invention of Fig. 3 and Fig. 4 data processing equipment 20 the first is optional
Embodiment is into the third alternative embodiment on the basis of any embodiment, as shown in figure 4, number provided in an embodiment of the present invention
According in the 4th kind of alternative embodiment of processing unit 20,
Warning device 205, it is defeated if being also used to detection module 204 judges that password and preset password to be matched are inconsistent
Prompt information and terminate read-write operation out.
In the embodiment of the present invention, if TPCM judges that password to be matched is inconsistent with preset password, prompt information is exported
And terminate read-write operation, read-write operation, data are terminated when the password and preset password of input are inconsistent by the above method
It is only supplied to the trusted party operation that can input proper password, improves the safety of data.
Optionally, the 4th kind of optional implementation of the data processing equipment 20 provided in the corresponding embodiment of the present invention of Fig. 4
On the basis of example, as shown in figure 4, in the 5th alternative embodiment of data processing equipment provided in an embodiment of the present invention 20, data
Processing unit 20 further includes authentication module 206,
Authentication module 206, for being powered on to TPCM, and using TPCM to BIOS chip BIOS chip into
Row authentication operations;
If TPCM authenticates successfully BIOS chip, BIOS chip is powered on.
In the embodiment of the present invention, since TPCM has the function of measuring first, before obtaining password to be matched, that is, exist
The computer of operation TPCM first powers on TPCM when powering on, and is measured using TPCM to BIOS chip, to judge that BIOS is
It is no credible, trust chain is established, after ensuring that BIOS chip is credible, is allowing BIOS chip electrifying startup.By the above method,
Since TPCM, first executed after computer booting instructs in TPCM the starting point of measurement, and due to the trust of TPCM
In TPCM, external hardware and software cannot all intervene root, ensured that TPCM is run in safe computer environment, mentioned
The safety for having risen data improves the feasibility of scheme.
It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description,
The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In several embodiments provided by the present invention, it should be understood that disclosed system, device and method can be with
It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit
It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components
It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or
The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit
It closes or communicates to connect, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product
When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially
The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words
It embodies, which is stored in a storage medium, including some instructions are used so that a computer
Equipment (can be personal computer, server or the network equipment etc.) executes the complete of each embodiment the method for the present invention
Portion or part steps.And storage medium above-mentioned include: USB flash disk, mobile hard disk, read-only memory (read-only memory,
ROM), random access memory (random access memory, RAM), magnetic or disk etc. are various can store program
The medium of code.
The above, the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although referring to before
Stating embodiment, invention is explained in detail, those skilled in the art should understand that: it still can be to preceding
Technical solution documented by each embodiment is stated to modify or equivalent replacement of some of the technical features;And these
It modifies or replaces, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution.
Claims (10)
1. a kind of method of data processing, which is characterized in that the method is applied to credible platform control module TPCM, comprising:
When receiving reading and writing data instruction, password to be matched is obtained;
Judge whether the password to be matched and preset password are consistent according to reading and writing data instruction;
If the password to be matched is consistent with the preset password, instructed in the TPCM according to the reading and writing data to mesh
Mark data are written and read.
2. the method according to claim 1, wherein the method is also when the read-write operation is write operation
Include:
According to the available quantity of the memory space in TPCM described in the reading and writing data command detection;
If the available quantity that testing result is the memory space is greater than or equal to the target data size, according to the data
The target data is written in read write command in the TPCM;
If the available quantity that the testing result is the memory space is less than the target data size, actuation of an alarm is triggered.
3. the method according to claim 1, wherein the method is also when the read-write operation is read operation
Include:
The target data in the TPCM is read according to reading and writing data instruction.
4. according to the method in any one of claims 1 to 3, which is characterized in that described to be instructed according to the reading and writing data
After judging whether the password to be matched and the preset password are consistent, the method also includes:
If the password to be matched and the preset password are inconsistent, export prompt information and terminate the read-write operation.
5. according to the method described in claim 4, it is characterized in that, it is described obtain the password to be matched before, the side
Method further include:
The TPCM is powered on, and authentication operations are carried out to BIOS chip BIOS chip using the TPCM;
If the TPCM authenticates successfully the BIOS chip, the BIOS chip is powered on.
6. a kind of data processing equipment, which is characterized in that
Module is obtained, for obtaining password to be matched when receiving reading and writing data instruction;
Judgment module, the reading and writing data instruction for being received according to the acquisition module judge the password to be matched
It is whether consistent with preset password;
Module for reading and writing, if judging that the password to be matched is consistent with the preset password for the judgment module, basis
The reading and writing data instruction is written and read target data in TPCM.
7. data processing equipment according to claim 6, which is characterized in that the data processing equipment further includes detection mould
Block and alarm module,
The detection module, the available quantity for the memory space in the TPCM according to the reading and writing data command detection;
The module for reading and writing, if the available quantity that the testing result for being also used to the detection module detection is the memory space is greater than
Or be equal to the target data size, then the target data is written in the TPCM according to reading and writing data instruction;
Alarm module, if the available quantity that the testing result for detection module detection is the memory space is less than the mesh
Size of data is marked, then triggers actuation of an alarm.
8. data processing equipment according to claim 6, which is characterized in that
The module for reading and writing is also used to instruct the target data read in the TPCM according to the reading and writing data.
9. the data processing equipment according to any one of claim 6 to 8, which is characterized in that
The warning device, if being also used to the judgment module judges that the password to be matched and the preset password are different
It causes, then exports prompt information and terminate the read-write operation.
10. data processing equipment according to claim 9, which is characterized in that
Authentication module, for being powered on to the TPCM, and using the TPCM to BIOS chip BIOS chip
Carry out authentication operations;
If the TPCM authenticates successfully the BIOS chip, the BIOS chip is powered on.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811033141.8A CN109145627A (en) | 2018-09-05 | 2018-09-05 | A kind of method and relevant apparatus of data processing |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811033141.8A CN109145627A (en) | 2018-09-05 | 2018-09-05 | A kind of method and relevant apparatus of data processing |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109145627A true CN109145627A (en) | 2019-01-04 |
Family
ID=64827114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811033141.8A Pending CN109145627A (en) | 2018-09-05 | 2018-09-05 | A kind of method and relevant apparatus of data processing |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109145627A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114025032A (en) * | 2022-01-06 | 2022-02-08 | 深圳市聚能优电科技有限公司 | Transmission protocol method, system, equipment and storage medium of EMS and BMS |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN107704402A (en) * | 2017-10-13 | 2018-02-16 | 浪潮(北京)电子信息产业有限公司 | A kind of method, apparatus for protecting data, computer-readable recording medium |
| US20180109378A1 (en) * | 2016-10-14 | 2018-04-19 | Alibaba Group Holding Limited | Method and system for secure data storage and retrieval |
| CN207731274U (en) * | 2018-01-29 | 2018-08-14 | 北京可信华泰信息技术有限公司 | A kind of credible platform control device |
-
2018
- 2018-09-05 CN CN201811033141.8A patent/CN109145627A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| US20180109378A1 (en) * | 2016-10-14 | 2018-04-19 | Alibaba Group Holding Limited | Method and system for secure data storage and retrieval |
| CN107704402A (en) * | 2017-10-13 | 2018-02-16 | 浪潮(北京)电子信息产业有限公司 | A kind of method, apparatus for protecting data, computer-readable recording medium |
| CN207731274U (en) * | 2018-01-29 | 2018-08-14 | 北京可信华泰信息技术有限公司 | A kind of credible platform control device |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114025032A (en) * | 2022-01-06 | 2022-02-08 | 深圳市聚能优电科技有限公司 | Transmission protocol method, system, equipment and storage medium of EMS and BMS |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11361660B2 (en) | Verifying identity of an emergency vehicle during operation | |
| Zhao et al. | Providing root of trust for ARM TrustZone using on-chip SRAM | |
| CN105765897B (en) | A kind of security information preparation method, safe verification method and related chip | |
| CN103038745B (en) | Extension integrity measurement | |
| CN101951316B (en) | Protected network boot of operating system | |
| US11574061B2 (en) | Rollback resistant security | |
| CN110795774B (en) | Measurement method, device and system based on trusted high-speed encryption card | |
| CN108108631A (en) | A kind of root key processing method and relevant apparatus | |
| CN108133144A (en) | A kind of virtual disk files guard method, device, equipment and readable storage medium storing program for executing | |
| EP3949265A1 (en) | Verification of identity using a secret key | |
| CN101983375A (en) | Binding a cryptographic module to a platform | |
| CN107169379A (en) | A kind of method and server that integrity measurement is carried out based on BMC and TCM | |
| EP2172866A1 (en) | Information processor and tampering verification method | |
| CN108154025A (en) | Method, the method and device of application program mirror image processing of embedded device startup | |
| CN105930733A (en) | Trust chain construction method and apparatus | |
| CN107609410A (en) | Android system data guard method, terminal device and storage medium based on HOOK | |
| US11803644B2 (en) | Security hardened processing device | |
| CN104899524B (en) | The method of central processing unit and verifying motherboard data | |
| CN112491887A (en) | Method and device for realizing operation of virtual machine based on FPGA | |
| CN109117643A (en) | The method and relevant device of system processing | |
| CN112989362B (en) | CPU trusted starting system and method based on safety chip monitoring | |
| CN107315945A (en) | The disk decryption method and device of a kind of electronic equipment | |
| CN105404470B (en) | Date storage method and safety device, data-storage system | |
| CN109145627A (en) | A kind of method and relevant apparatus of data processing | |
| CN103346883A (en) | Method and device for initializing electronic signature tool |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190104 |
|
| RJ01 | Rejection of invention patent application after publication |