CN109583196A - A kind of key generation method - Google Patents
A kind of key generation method Download PDFInfo
- Publication number
- CN109583196A CN109583196A CN201811435862.1A CN201811435862A CN109583196A CN 109583196 A CN109583196 A CN 109583196A CN 201811435862 A CN201811435862 A CN 201811435862A CN 109583196 A CN109583196 A CN 109583196A
- Authority
- CN
- China
- Prior art keywords
- hard disk
- credible
- tpcm
- key
- chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention relates to a kind of key generation methods, for the key for that may be used in TPCM safety chip allocating computer system secure launch process, to realize the safety certification of user identity, clear text key is generated in storage region in piece, and it is sent to after being encrypted outside piece and is stored in SDRAM, compared to outside piece SDRAM directly generate clear text key method, the safety in utilization of key can be promoted.
Description
Technical field
The present invention relates to computer safety fields, and in particular to a kind of key generation method.
Background technique
Reliable computing technology development came into for 3.0 epoch, reliable computing technology from Passive Defence technical change at
Active immunity, compared to the reliable computing technology of Passive Defence, the credible 3.0 dual system architectures formed can utilize TPCM
(Trusted Platform Control Module) carries out actively measurement to system and actively monitors, and avoids Passive Defence
TPM (Trusted Platform Module) trusted mechanism by system bypass.Actively monitoring can be by each quasi-controller
The access control policy of middle deployment and carry out, and to access control policy carry out any modification then need through credible tolerance mechanism
After confirming its credibility, can just it be deployed in controller.In this way, even there are back door, attackers for CPU or operating system
Also these loopholes are difficult to be utilized to distort access control policy, is changed into active immunity from by Passive Defence, enhances system
Safety.
Active safety metric operations in reliable computing technology are realized by TPCM chip, and TPCM chip is realizing master
Often authentication procedures through excessively taking turns during dynamic security measure, however in the prior art for real in TPCM chip
There is the risk point that stolen and information is distorted there are many security risks in existing key storage and the method used.
Summary of the invention
The invention proposes a kind of key generation methods, suitable for carrying out active safety metrics process to computer system
Key generate and storage, key information can be effectively prevent stolen and distorted.
A kind of key generation method proposed by the present invention characterized by comprising
Step 1:TPCM safety chip is prior to computer system electrifying startup;
Step 2: in TPCM key generation phase, generating clear text key and be sent into storage region in the piece of TPCM;
Step 3: the clear text key is transmitted to outside piece in SDRAM by described interior storage region;
Step 4: restarting the computer system, realize that active safety measurement and user identity are recognized by the TPCM
Card.
Preferably, further includes:
The TPCM chip is based on that national secret algorithm chip development is supported to form.
Preferably, storage region includes: in the piece for generating clear text key feeding TPCM
Clear text key is generated by cryptographic algorithm engine, storage region in piece is sent by SDMA.
Preferably, the step 2 further include:
The clear text key being sent in piece in storage region is encrypted.
Preferably, the step 3 further include:
The clear text key after encryption is transmitted to outside piece in SDRAM, the outer NandFlash of piece is finally saved in
On.
Preferably, further includes:
The step 1-3 is the preparation configuration step before computer system life's work, the department of computer science after step 4
System enters normal work stage.
The invention also provides a kind of credible control methods based on credible hard disk, which is characterized in that the described method includes:
Step 1. powers on credible hard disk, using the TPCM module being embedded on the hard disk chip in credible hard disk to where it
Other hardware are measured in system, if the measurement results of other hardware be it is normal, enter step 2, if it is described other
The measurement results of hardware are exception, then alarm;
Step 2. powers on other described hardware, after system where starting the credible hard disk, to the credible hard disk institute
Software is measured in systems, if the measurement results of the software be it is normal, 3 are entered step, if the measurement of the software
As a result it is exception, then alarms;
System operates normally where credible hard disk described in step 3., and system is to described credible hard where the credible hard disk
Disk carries out read/write operation, described credible to being buffered in using the TPCM module being embedded on the hard disk chip in the credible hard disk
Hard disk the credible hard disk in systems need the data of read/write to carry out that the credible hard disk is needed read/write after solving/encrypting
Data read/write is to the credible hard disk.
Preferably, other hardware include: BMC chip and BIOS chip in systems for the credible hard disk institute;
Software includes: MBR, OS LOADER and OS KERNEL in systems for the credible hard disk institute.
Preferably, the TPCM module being embedded on the hard disk chip using in the credible hard disk to be buffered in it is described can
Letter hard disk the credible hard disk in systems need the data of read/write solve/encrypt, comprising:
System where the credible hard disk calls the TCM for the TPCM module being embedded on the hard disk chip in the credible hard disk
Module solution/encryption be buffered in the credible hard disk the credible hard disk in systems need the data of read/write.
Preferably, the credible hard disk is IDE hard disk, PIDE hard disk, SCSI hard disk, SATA hard disc, SAS hard disk or SSD
Hard disk.
Preferably, the SSD hard disk supports M.2 interface, SAS interface, SATA interface and/or M.P interface.
Preferably, it is described alarm include: light indicator light, the alarm that pipes, printing interface prompt print error message or
Shutdown.
The invention proposes a kind of key generation methods, for being the system clean boot of TPCM safety chip allocating computer
The key that may be used in the process, to realize the safety certification of user identity, generation is close in plain text in storage region in piece
Key, and be sent to outside piece after being encrypted and stored in SDRAM, compared to outside piece SDRAM directly generate clear text key method,
The safety in utilization of key can be promoted.
Detailed description of the invention
Present invention will be further explained below with reference to the attached drawings and examples, in attached drawing:
Fig. 1 is a kind of flow chart of key application method in the embodiment of the present invention one;
Fig. 2 is the procedure chart of key transmitting in the embodiment of the present invention one and two;
Fig. 3 is a kind of flow chart of key generation method in the embodiment of the present invention two.
Specific embodiment
Now in conjunction with attached drawing, elaborate to presently preferred embodiments of the present invention.
A kind of key application method of the present invention is applied among computer system, and the computer system has master
The function of dynamic security measure, the active safety metric function by increase in the computer system TPCM safety chip come
It realizes.
Wherein, to each Main firmware of computer system during the TPCM is used to electrically activate on the computer systems
And component part carries out active safety measurement, the Main firmware and component part include BIOS/firmware, BMC firmware and refer to
Determine fdisk etc., if active measurement results be it is normal, allow computer system normally to start, otherwise forbid the computer
System normally starts.
Embodiment one
Based on above-mentioned computer system, the present embodiment proposes a kind of key application method, and flow chart is as shown in Figure 1, institute
The method of stating includes the following steps:
Step 1:TPCM safety chip is prior to computer system electrifying startup.
Specifically, the TPCM chip is based on that national secret algorithm chip development is supported to form, it is internal that there is storage abundant
Resource and efficient memory access ability.
Specifically, the TPCM safety chip is in order to the meter prior to the purpose of the computer system electrifying startup
The key component of calculation machine system carries out active safety and measures to guarantee safety.
Step 2: will be used by the decryption of the key of TPCM key management mechanism encipherment protection into storage region in piece.
Specifically, the key in the TPCM uses and transmittance process is as shown in Fig. 2, when needing to utilize the TPCM safety
When chip carries out the operation such as authentication, key raw information is obtained on NandFlash outside piece, it will be described by DDR-SDRAM
The decryption of key raw information is used to storage region in piece (On-Chip-Memory).
Specifically, the clean boot in order to guarantee computer system, can start in BIOS and the stages such as hard disk startup add
Enter user's identification step, corresponding config option can be increased on BIOS and hard disk startup interface specifically to realize and use
Person's authentication.
Specifically, needing if the startup stage in computer system adds above-mentioned identification step using described
TPCM safety chip realizes the identification step, will be described original when checking the authentication information of user's input
Key information is used by NandFlash decryption outside piece into storage region in piece, so as to prevent key in the process of verification
In be tampered.
Specifically, being carried out data transmission between described interior storage region and crypto-engine by SDMA, wherein described
Crypto-engine is connected with described interior storage region.
Step 3: after active safety metric operations and safety certification pass through, the computer system enters normal use shape
State.
Specifically, making the number generated in user's use process after the computer system enters normal operating condition
It is stored and is verified according to being transmitted in the TPCM safety chip, to guarantee the safety in the computer system use process
Property.
The present embodiment proposes a kind of key application method, for increasing peace for the TPCM safety chip in computer system
Full key management functions, when needing to realize that user identity authentication operates using the TPCM in computer systems, by key
Raw information carries out user identity authentication to storage region in piece by NandFlash decryption outside piece, compared to bright in SRAM outside piece
Text uses key, and use will be safer in storage region in piece for clear text key.
Embodiment two
Corresponding with the key application method in embodiment one, the present embodiment proposes that a kind of key generation method, key pass
Process is passed as shown in Fig. 2, the flow chart of the key generation method is as shown in Figure 3:
Step 1:TPCM safety chip is prior to computer system electrifying startup.
Specifically, the TPCM chip is based on that national secret algorithm chip development is supported to form, it is internal that there is storage abundant
Resource and efficient memory access ability.
Specifically, the TPCM safety chip is in order to the meter prior to the purpose of the computer system electrifying startup
The key component of calculation machine system carries out active safety and measures to guarantee safety.
Step 2: in TPCM key generation phase, generating clear text key and be sent into storage region in the piece of TPCM.
Specifically, the process for being used to measure in computer security active safety in the key that the key generation phase generates
In to the key components such as BIOS and hard disk carry out active safety measurement, thus guarantee computer system operation safety.
Specifically, storage region includes: to be generated by cryptographic algorithm engine in the piece for generating clear text key feeding TPCM
Clear text key is sent into storage region in piece by SDMA (data encrypting and deciphering conversion DMA).
Specifically, the clear text key being sent in piece in storage region is encrypted.
Step 3: the clear text key is transmitted to outside piece in SDRAM by described interior storage region.
Specifically, the clear text key after encryption is transmitted to outside piece in SDRAM, finally it is saved in outside piece
On NandFlash.
Step 4: restarting the computer system, realize that active safety measurement and user identity are recognized by the TPCM
Card.
Specifically, the step 1-3 is the preparation configuration step before computer system life's work, after step 4
Computer system enters normal work stage.
The present embodiment proposes a kind of key generation method, for opening for TPCM safety chip allocating computer system safety
The key that may be used during dynamic generates in plain text in storage region in piece to realize the safety certification of user identity
Key, and be sent to outside piece after being encrypted and stored in SDRAM, compared to outside piece SDRAM directly generate clear text key side
Method can promote the safety in utilization of key.
Embodiment three
The invention also provides a kind of credible control methods based on credible hard disk, which is characterized in that the described method includes:
Step 1. powers on credible hard disk, using the TPCM module being embedded on the hard disk chip in credible hard disk to where it
Other hardware are measured in system, if the measurement results of other hardware be it is normal, enter step 2, if it is described other
The measurement results of hardware are exception, then alarm;
Step 2. powers on other described hardware, after system where starting the credible hard disk, to the credible hard disk institute
Software is measured in systems, if the measurement results of the software be it is normal, 3 are entered step, if the measurement of the software
As a result it is exception, then alarms;
System operates normally where credible hard disk described in step 3., and system is to described credible hard where the credible hard disk
Disk carries out read/write operation, described credible to being buffered in using the TPCM module being embedded on the hard disk chip in the credible hard disk
Hard disk the credible hard disk in systems need the data of read/write to carry out that the credible hard disk is needed read/write after solving/encrypting
Data read/write is to the credible hard disk.
Preferably, other hardware include: BMC chip and BIOS chip in systems for the credible hard disk institute;
Software includes: MBR, OS LOADER and OS KERNEL in systems for the credible hard disk institute.
Preferably, the TPCM module being embedded on the hard disk chip using in the credible hard disk to be buffered in it is described can
Letter hard disk the credible hard disk in systems need the data of read/write solve/encrypt, comprising:
System where the credible hard disk calls the TCM for the TPCM module being embedded on the hard disk chip in the credible hard disk
Module solution/encryption be buffered in the credible hard disk the credible hard disk in systems need the data of read/write.
Preferably, IDE hard disk, PIDE hard disk, SCSI hard disk, SATA hard disc, SAS hard disk can be selected in the credible hard disk
And/or SSD hard disk.
Preferably, the credible hard disk supports M.2 interface, SAS interface, SATA interface and/or M.P interface.
Preferably, it is described alarm include: light indicator light, the alarm that pipes, printing interface prompt print error message or
Shutdown.
Technical solution in through this embodiment can use the TPCM module in insertion credible hard disk to other in system
Hardware and credible hard disk software in systems measured, and the mistake that the system where credible hard disk operates normally
Cheng Zhong can use credible read-write of the TPCM module control data of insertion credible hard disk into credible hard disk.
In several embodiments provided by the present invention, it should be understood that disclosed method and terminal can pass through it
Its mode is realized.For example, the apparatus embodiments described above are merely exemplary, for example, the division of the module, only
Only a kind of logical function partition, there may be another division manner in actual implementation.
In addition, the technical solution in above-mentioned several embodiments can be combined with each other and replace in the case where not conflicting
It changes.
The module as illustrated by the separation member may or may not be physically separated, aobvious as module
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.Some or all of the modules therein can be selected to realize the mesh of this embodiment scheme according to the actual needs
's.
It, can also be in addition, each functional module in each embodiment of the present invention can integrate in one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of hardware adds software function module.
It is obvious to a person skilled in the art that invention is not limited to the details of the above exemplary embodiments, Er Qie
In the case where without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, the present embodiments are to be considered as illustrative and not restrictive, and the scope of the present invention is by appended power
Benefit requires rather than above description limits, it is intended that all by what is fallen within the meaning and scope of the equivalent elements of the claims
Variation is included in the present invention.Any attached associated diagram label in claim should not be considered as right involved in limitation to want
It asks.Furthermore, it is to be understood that one word of " comprising " does not exclude other units or steps, odd number is not excluded for plural number.It is stated in system claims
Multiple modules or device can also be implemented through software or hardware by a module or device.The first, the second equal words
It is used to indicate names, and does not indicate any particular order.
Finally it should be noted that the above examples are only used to illustrate the technical scheme of the present invention and are not limiting, although reference
Preferred embodiment describes the invention in detail, those skilled in the art should understand that, it can be to of the invention
Technical solution is modified or equivalent replacement, without departing from the spirit and scope of the technical solution of the present invention.
Claims (12)
1. a kind of key generation method characterized by comprising
Step 1:TPCM safety chip is prior to computer system electrifying startup;
Step 2: in TPCM key generation phase, generating clear text key and be sent into storage region in the piece of TPCM;
Step 3: the clear text key is transmitted to outside piece in SDRAM by described interior storage region;
Step 4: restarting the computer system, active safety measurement and user identity authentication are realized by the TPCM.
2. a kind of key generation method as described in claim 1, which is characterized in that further include:
The TPCM chip is based on that national secret algorithm chip development is supported to form.
3. a kind of key generation method as described in claim 1, which is characterized in that the generation clear text key is sent into TPCM
Piece in storage region include:
Clear text key is generated by cryptographic algorithm engine, storage region in piece is sent by SDMA.
4. a kind of key generation method as described in claim 1, which is characterized in that the step 2 further include:
The clear text key being sent in piece in storage region is encrypted.
5. a kind of key generation method as described in claim 1, which is characterized in that the step 3 further include:
The clear text key after encryption is transmitted to outside piece in SDRAM, is finally saved on the outer NandFlash of piece.
6. a kind of key generation method as described in claim 1, which is characterized in that further include:
The step 1-3 be computer system life's work before preparation configuration step, after step 4 computer system into
Enter normal work stage.
7. a kind of credible control method based on credible hard disk, which is characterized in that the described method includes:
Step 1. powers on credible hard disk, using the TPCM module being embedded on the hard disk chip in credible hard disk to system where it
In other hardware measured, if the measurement results of other hardware be it is normal, 2 are entered step, if other described hardware
Measurement results be it is abnormal, then alarm;
Step 2. powers on other described hardware, after system where starting the credible hard disk, to system where the credible hard disk
Software is measured in system, if the measurement results of the software be it is normal, 3 are entered step, if the measurement results of the software
For exception, then alarm;
System where credible hard disk described in step 3. operates normally, where the credible hard disk system to the credible hard disk into
Row read/write operation, using the TPCM module being embedded on the hard disk chip in the credible hard disk to being buffered in the credible hard disk
The credible hard disk in systems need the data of read/write to carry out the data that the credible hard disk is needed to read/write after solving/encrypting
Read/write is to the credible hard disk.
8. the method for claim 7, which is characterized in that other hardware include: BMC in systems for the credible hard disk institute
Chip and BIOS chip;
Software includes: MBR, OS LOADER and OS KERNEL in systems for the credible hard disk institute.
9. the method for claim 7, which is characterized in that be embedded on the hard disk chip using in the credible hard disk
TPCM module to be buffered in the credible hard disk the credible hard disk in systems need the data of read/write solve/add
It is close, comprising:
System where the credible hard disk calls the TCM module for the TPCM module being embedded on the hard disk chip in the credible hard disk
Solution/encryption be buffered in the credible hard disk the credible hard disk in systems need the data of read/write.
10. the method for claim 7, which is characterized in that the credible hard disk is IDE hard disk, PIDE hard disk, SCSI hard
Disk, SATA hard disc, SAS hard disk or SSD hard disk.
11. method as claimed in claim 10, which is characterized in that the credible hard disk supports M.2 interface, SAS interface, SATA
Interface and/or M.P interface.
12. the method for claim 7, which is characterized in that the alarm includes: to light indicator light, the alarm that pipes, beat
Print interface prompt print error message or shutdown.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811435862.1A CN109583196B (en) | 2018-11-28 | 2018-11-28 | Key generation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811435862.1A CN109583196B (en) | 2018-11-28 | 2018-11-28 | Key generation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109583196A true CN109583196A (en) | 2019-04-05 |
| CN109583196B CN109583196B (en) | 2021-01-08 |
Family
ID=65925253
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811435862.1A Active CN109583196B (en) | 2018-11-28 | 2018-11-28 | Key generation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109583196B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116028958A (en) * | 2023-02-21 | 2023-04-28 | 广州万协通信息技术有限公司 | Key encryption and decryption method and device, security machine and medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN201408535Y (en) * | 2009-05-11 | 2010-02-17 | 方正科技集团苏州制造有限公司 | Trusted hard disk facing to trusted computation cryptograph supporting platform |
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN103534976A (en) * | 2013-06-05 | 2014-01-22 | 华为技术有限公司 | Data security protection method, server, host, and system |
| CN106295352A (en) * | 2016-07-29 | 2017-01-04 | 北京三未信安科技发展有限公司 | The method of credible tolerance, main frame and system under basic input output system environment |
| JP2017157018A (en) * | 2016-03-02 | 2017-09-07 | 株式会社リコー | Information processing device, information processing method, information processing program, and trusted platform module |
| CN107733590A (en) * | 2017-11-28 | 2018-02-23 | 成都蓉威电子技术有限公司 | The data transmission device and method of a kind of high-speed bus |
-
2018
- 2018-11-28 CN CN201811435862.1A patent/CN109583196B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101515316A (en) * | 2008-02-19 | 2009-08-26 | 北京工业大学 | Trusted computing terminal and trusted computing method |
| CN201408535Y (en) * | 2009-05-11 | 2010-02-17 | 方正科技集团苏州制造有限公司 | Trusted hard disk facing to trusted computation cryptograph supporting platform |
| CN102279914A (en) * | 2011-07-13 | 2011-12-14 | 中国人民解放军海军计算技术研究所 | Unified extensible firmware interface (UEFI) trusted supporting system and method for controlling same |
| CN103534976A (en) * | 2013-06-05 | 2014-01-22 | 华为技术有限公司 | Data security protection method, server, host, and system |
| JP2017157018A (en) * | 2016-03-02 | 2017-09-07 | 株式会社リコー | Information processing device, information processing method, information processing program, and trusted platform module |
| CN106295352A (en) * | 2016-07-29 | 2017-01-04 | 北京三未信安科技发展有限公司 | The method of credible tolerance, main frame and system under basic input output system environment |
| CN107733590A (en) * | 2017-11-28 | 2018-02-23 | 成都蓉威电子技术有限公司 | The data transmission device and method of a kind of high-speed bus |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116028958A (en) * | 2023-02-21 | 2023-04-28 | 广州万协通信息技术有限公司 | Key encryption and decryption method and device, security machine and medium |
| CN116028958B (en) * | 2023-02-21 | 2024-04-12 | 广州万协通信息技术有限公司 | Key encryption and decryption method and device, security machine and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109583196B (en) | 2021-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10516533B2 (en) | Password triggered trusted encryption key deletion | |
| EP3582129B1 (en) | Technologies for secure hardware and software attestation for trusted i/o | |
| EP1754126B1 (en) | Enhancing trusted platform module performance | |
| JP5551130B2 (en) | Encapsulation of reliable platform module functions by TCPA inside server management coprocessor subsystem | |
| CN109614799B (en) | Information authentication method | |
| EP3125149A1 (en) | Systems and methods for securely booting a computer with a trusted processing module | |
| US20150317495A1 (en) | Protecting Critical Data Structures in an Embedded Hypervisor System | |
| CN102270288A (en) | Method for performing trusted boot on operation system based on reverse integrity verification | |
| CN109614154A (en) | A kind of computer safety start method | |
| CN112930659A (en) | Method and apparatus for secure key generation | |
| CN109583214A (en) | A kind of method of controlling security | |
| CN109753804A (en) | A kind of trusted system | |
| CN109583196A (en) | A kind of key generation method | |
| US8429423B1 (en) | Trusted platform modules | |
| CN109583169B (en) | Security authentication method | |
| CN109583197B (en) | Trusted overlay file encryption and decryption method | |
| US11853464B2 (en) | Storage device and data tampering detection method | |
| CN109598150A (en) | A kind of key application method | |
| CN109598125B (en) | Safe starting method | |
| CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
| CN108345803B (en) | Data access method and device of trusted storage equipment | |
| CN110020562A (en) | The full encryption method of hard disk and device based on UEFI | |
| CN110909357B (en) | Electronic book and control method thereof | |
| CN109598154B (en) | Credible full-disk encryption and decryption method | |
| Zhao | Authentication and Data Protection under Strong Adversarial Model |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |