CN111143887A - Safety control method, processor, integrated device and computer equipment - Google Patents

Safety control method, processor, integrated device and computer equipment Download PDF

Info

Publication number
CN111143887A
CN111143887A CN201911342360.9A CN201911342360A CN111143887A CN 111143887 A CN111143887 A CN 111143887A CN 201911342360 A CN201911342360 A CN 201911342360A CN 111143887 A CN111143887 A CN 111143887A
Authority
CN
China
Prior art keywords
signature
current
value
unit
signature unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911342360.9A
Other languages
Chinese (zh)
Other versions
CN111143887B (en
Inventor
陈善
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Haiguang Information Technology Co Ltd
Original Assignee
Haiguang Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Haiguang Information Technology Co Ltd filed Critical Haiguang Information Technology Co Ltd
Priority to CN201911342360.9A priority Critical patent/CN111143887B/en
Publication of CN111143887A publication Critical patent/CN111143887A/en
Application granted granted Critical
Publication of CN111143887B publication Critical patent/CN111143887B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The application relates to a safety control method, a processor, an integrated device and computer equipment, and belongs to the technical field of computers. The method comprises the following steps: receiving a measurement request generated aiming at a current measurement target, wherein the measurement request is generated based on a signature chain, the signature chain comprises a plurality of signature units which are in one-to-one correspondence with the measurement targets and are arranged according to a set sequence of the measurement targets, and the measurement request comprises a current signature unit corresponding to the current measurement target; verifying the measurement request according to the current signature unit and a locally stored local signature unit; when the verification is passed, updating the local signature unit by using the current signature unit; and outputting a verification result. According to the method and the device, the measurement targets are organically connected in series through the signature chain, so that the integrity and the dependency of the measurement targets are sequentially measured strictly according to the sequence on the signature chain, the measurement targets cannot be bypassed or replaced, the overall integrity and consistency of the system are guaranteed, and the system starting safety is further enhanced.

Description

Safety control method, processor, integrated device and computer equipment
Technical Field
The application belongs to the technical field of computers, and particularly relates to a safety control method, a processor, an integrated device and computer equipment.
Background
The main task of a computer system is to execute a program, and under normal conditions, the program code and its configuration parameters should remain unchanged, and the behavior of each execution of the program should be identical. However, due to design or implementation defects, the program may be changed, and once the program is changed, the behavior of the computer system is easily out of control. In order to avoid the above situation, the computer adopts a static measurement method to perform integrity check on the program file at the time of starting, so as to ensure that the file executed by the program is not tampered. In the prior art, it is common to verify whether the signature of each metrology target is valid in an isolated manner, and whether the metrology target is successfully verified depends on the target itself. The method has the following defects in the measurement and protection of the overall integrity and consistency of the system: some metric targets are easily replaced if the signature is legitimate; even if some metric targets, such as configuration files of some devices, are bypassed at system startup, the system cannot know and take action.
Disclosure of Invention
In view of the above, an object of the present application is to provide a security control method, a processor, an integrated device, and a computer apparatus, so as to enhance the start-up security of a system.
The embodiment of the application is realized as follows:
in a first aspect, an embodiment of the present application provides a safety control method, including: receiving a metric request generated aiming at a current metric target, wherein the metric request is generated based on a signature chain, the signature chain comprises a plurality of signature units which are in one-to-one correspondence with a plurality of metric targets and are arranged according to a set sequence of the plurality of metric targets, the current metric target is one of the plurality of metric targets, and the metric request comprises a current signature unit which is in the signature chain and corresponds to the current metric target; verifying the measurement request according to the current signature unit and a locally stored local signature unit, wherein the local signature unit is a signature unit which is previous to the current signature unit in the signature chain; when the verification is passed, updating the local signature unit by using the current signature unit; and outputting a verification result. According to the method and the device, the measurement targets are organically connected in series through the signature chain, so that the integrity and the dependency of the measurement targets are sequentially measured strictly according to the sequence on the signature chain, the measurement targets cannot be bypassed or replaced, the overall integrity and consistency of the system are guaranteed, and the system starting safety is further enhanced.
With reference to one possible implementation manner of the embodiment of the first aspect, each signature unit in the signature chain includes: a signature chain identification number; validating the measurement request, including: verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when yes, the characterization verification passes. In the embodiment of the application, the verification result can be quickly obtained by verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit.
With reference to one possible implementation manner of the embodiment of the first aspect, each signature unit in the signature chain includes: the signature value and the Hash value of the measurement target corresponding to the signature unit are obtained, wherein the signature value of the ith signature unit in the signature chain is a value generated by carrying out encryption signature on an expanded value obtained by calculation according to the Hash value of the measurement target corresponding to the ith and (i-1) th signature units, and i is a positive integer greater than or equal to 1; validating the measurement request, including: calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether the value generated by the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit; and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by carrying out the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed. In the embodiment of the application, the signature value of the ith signature unit is used as a value generated by carrying out encryption signature on an expansion value obtained by calculating the Hash value of the measurement target according to the ith and (i-1) th signature units, the relevance among the measurement targets is fully considered, and the change of any signature can cause the damage of a signature chain, so that the integral integrity and consistency of the signature chain are ensured, and the absolute control and safety of the starting process are further ensured.
With reference to one possible implementation manner of the embodiment of the first aspect, each signature unit in the signature chain further includes: a signature chain identification number; before calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit, the method further comprises: and determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit. In the embodiment of the application, before the extended value to be verified is calculated according to the Hash value in the current signature unit and the Hash value in the local signature unit, whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit is verified, only after the signature chain identification number in the current signature unit is determined to be consistent with the signature chain identification number in the local signature unit, the subsequent verification is carried out, and on the premise of ensuring the integral integrity and consistency of the signature chain, unnecessary verification processes can be avoided.
With reference to one possible implementation manner of the embodiment of the first aspect, the metric request further includes the current metric target; prior to verifying the metric request, the method further comprises: calculating a Hash value of the current measurement target; and determining that the Hash value in the current signature unit is consistent with the calculated Hash value. In the embodiment of the application, before the measurement request is verified, the calculated Hash value of the current measurement target is required to be consistent with the Hash value in the current signature unit, and when the calculated Hash value is inconsistent with the Hash value in the current signature unit, the conclusion of verification failure can be directly obtained, so that a subsequent verification process is not required.
With reference to one possible implementation manner of the embodiment of the first aspect, the method further includes: receiving a query request, wherein the query request comprises a request type, and the request type is used for indicating that a local signature unit stored locally is queried; and responding to the query request and returning the locally stored local signature unit. In the embodiment of the application, the local signature unit stored locally is inquired, and the stage to which the system is started is judged by combining the signature chain, so that whether the measurement of all preset targets is completed or not is judged, and a basis is provided for judging the overall health condition of the system.
With reference to a possible implementation manner of the embodiment of the first aspect, the plurality of signature units in the signature chain are a plurality of signature units corresponding to a plurality of metric targets arranged according to a starting sequence of the metric targets at system start. In the embodiment of the application, the plurality of signature units in the signature chain are a plurality of signature units which are in one-to-one correspondence with the plurality of measurement targets arranged according to the starting sequence of the measurement targets when the system is started, so that when the system is started, the integrity and dependency of each measurement target are sequentially measured strictly according to the sequence on the signature chain, the measurement targets cannot be bypassed or replaced, the integral integrity and consistency of the system are ensured, and the system starting safety is further enhanced.
In a second aspect, an embodiment of the present application further provides a security control method, which calculates a Hash value of a current measurement target; searching a current signature unit matched with the Hash value from a signature chain, wherein the signature chain comprises a plurality of signature units which are in one-to-one correspondence with a plurality of measurement targets and are arranged according to a set sequence of the measurement targets, and the current measurement target is one of the measurement targets; generating and sending a metric request, the metric request comprising: the current metric target and the current signature unit. In the embodiment of the application, the measurement targets are organically connected in series through the signature chain, so that when the current measurement target is verified, the current signature unit matched with the Hash value of the current measurement target obtained through calculation is searched from the signature chain to generate a measurement request, the integrity and the dependency of the current measurement target are strictly measured according to the sequence on the signature chain, the measurement target cannot be bypassed or replaced, the overall integrity and the consistency of a system are ensured, and the starting safety of the system is further enhanced.
In a third aspect, an embodiment of the present application further provides a processor, including: a processor core and a secure processor; a processor core, configured to generate a metric request for a current metric target, and send the metric request, where the metric request is generated based on a signature chain, where the signature chain includes a plurality of signature units that are in one-to-one correspondence with a plurality of metric targets and are arranged in a set order of the plurality of metric targets, the current metric target is one of the plurality of metric targets, and the metric request includes a current signature unit in the signature chain that corresponds to the current metric target; a security processor for receiving the metric request and verifying the metric request based on the current signature unit and a locally stored local signature unit, and updating the local signature unit with the current signature unit if verification passes; and the local signature unit is used for sending a verification result, wherein the local signature unit is a signature unit which is previous to the current signature unit in the signature chain.
With reference to one possible implementation manner of the embodiment of the third aspect, each signature unit in the signature chain includes: a signature chain identification number; the security processor is used for verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when yes, the characterization verification passes.
With reference to one possible implementation manner of the embodiment of the third aspect, each signature unit in the signature chain includes: the signature value and the Hash value of the measurement target corresponding to the signature unit are obtained, wherein the signature value of the ith signature unit in the signature chain is a value generated by carrying out encryption signature on an expanded value obtained by calculation according to the Hash value of the measurement target corresponding to the ith and (i-1) th signature units, and i is a positive integer greater than or equal to 1; the secure processor is to: calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether the value generated by the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit; and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by carrying out the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
With reference to one possible implementation manner of the embodiment of the third aspect, each signature unit in the signature chain further includes: a signature chain identification number; and the safety processor is also used for determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit before calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit.
With reference to a possible implementation manner of the embodiment of the third aspect, the measurement request further includes the current measurement target, and the security processor is further configured to, before verifying the measurement request, calculate a Hash value of the current measurement target, and determine that the Hash value in the current signature unit is consistent with the calculated Hash value.
With reference to one possible implementation manner of the embodiment of the third aspect, the processor core is further configured to send a query request to the secure processor, where the query request includes a request type, and the request type is used to indicate that a local signature unit stored locally is queried; and the security processor is also used for responding to the query request and returning the locally stored local signature unit.
In a fourth aspect, an embodiment of the present application further provides an integrated device, including: a general purpose processor and a secure processor; the general processor is used for generating a measurement request aiming at a current measurement target and sending the measurement request, wherein the measurement request is generated based on a signature chain, the signature chain comprises a plurality of signature units which are in one-to-one correspondence with a plurality of measurement targets and are arranged according to a set sequence of the plurality of measurement targets, the current measurement target is one of the plurality of measurement targets, and the measurement request comprises a current signature unit which is in the signature chain and corresponds to the current measurement target; a security processor for receiving the metric request and verifying the metric request based on the current signature unit and a locally stored local signature unit, and updating the local signature unit with the current signature unit if verification passes; and the local signature unit is used for sending a verification result, wherein the local signature unit is a signature unit which is previous to the current signature unit in the signature chain.
In combination with one possible implementation manner of the embodiment of the fourth aspect, each signature unit in the signature chain includes: a signature chain identification number; the security processor is used for verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when yes, the characterization verification passes.
In combination with one possible implementation manner of the embodiment of the fourth aspect, each signature unit in the signature chain includes: the signature value and the Hash value of the measurement target corresponding to the signature unit are obtained, wherein the signature value of the ith signature unit in the signature chain is a value generated by carrying out encryption signature on an expanded value obtained by calculation according to the Hash value of the measurement target corresponding to the ith and (i-1) th signature units, and i is a positive integer greater than or equal to 1; the secure processor is to: calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether the value generated by the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit; and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by carrying out the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
In combination with one possible implementation manner of the embodiment of the fourth aspect, each signature unit in the signature chain further includes: a signature chain identification number; and the safety processor is also used for determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit before calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit.
With reference to a possible implementation manner of the embodiment of the fourth aspect, the measurement request further includes the current measurement target, and the security processor is further configured to calculate a Hash value of the current measurement target before verifying the measurement request, and determine that the Hash value in the current signature unit is consistent with the calculated Hash value.
With reference to one possible implementation manner of the embodiment of the fourth aspect, the general-purpose processor is further configured to send a query request to the secure processor, where the query request includes a request type, and the request type is used to indicate that a local signature unit stored locally is queried; and the security processor is also used for responding to the query request and returning the locally stored local signature unit.
In a fifth aspect, an embodiment of the present application further provides a computer device, including: a processor as described in the third aspect embodiment and/or as provided in connection with any of the possible implementations of the third aspect embodiment, or an integrated device as described in the fourth aspect embodiment and/or as provided in connection with any of the possible implementations of the fourth aspect embodiment.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the embodiments of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and drawings.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts. The foregoing and other objects, features and advantages of the application will be apparent from the accompanying drawings. Like reference numerals refer to like parts throughout the drawings. The drawings are not intended to be to scale as practical, emphasis instead being placed upon illustrating the subject matter of the present application.
Fig. 1 shows a block diagram of a computer device according to an embodiment of the present application.
Fig. 2 shows a schematic structural diagram of a signature chain provided in an embodiment of the present application.
Fig. 3 shows an interaction diagram of a safety control method provided in an embodiment of the present application.
Fig. 4 shows an interaction diagram of another safety control method provided in the embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, relational terms such as "first," "second," and the like may be used solely in the description herein to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Further, the term "and/or" in the present application is only one kind of association relationship describing the associated object, and means that three kinds of relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone.
When a computer is started, in order to ensure the safety of system startup, security measures need to be performed on program files to ensure that files executed by a program are not tampered. During the research process of the present application, the inventor finds that, in the prior art, it is common to verify whether the signature of a single measurement target is valid in an isolated manner, while the measurement targets are independent of each other and have no correlation, and whether the measurement target is successfully verified depends on the target itself and is not related to other measurement targets. The existing verification mode has the defects in the measurement and protection of the overall integrity and consistency of the system: a single metric target is easily replaced if the signature is legitimate; even if some metric targets, such as configuration files of some devices, are bypassed at system startup, the system cannot know and take action. It should be noted that the defects existing in the above solutions are the results obtained after the inventors have practiced and studied carefully, and therefore, the discovery process of the above problems and the solutions proposed by the following embodiments of the present application to the above problems should be the contribution of the inventors to the present application in the process of the present application.
In view of this, the present application provides a computer security control method, which performs integrity and dependency dual measurement on each measurement target according to a fixed sequence based on a signature chain configured in a system, and the measurement target cannot be bypassed or replaced, thereby ensuring the overall integrity and consistency of the system and further enhancing the start security of the system. Wherein, each measurement target can be an image file, a configuration file or device firmware, etc.
Fig. 1 shows a block diagram of a computer device 100 according to an embodiment of the present application. The computer device 100 includes: general purpose processor 110, secure processor 120, and memory 130. The secure processor 120 and the general processor 110 may be two independent integrated chips, both of which are integrated on the motherboard to form an integrated device (e.g., an SOC chip), that is, the integrated device includes: a general purpose processor 110 and a secure processor 120. Here, soc (system on chip) refers to a system on chip, which is also called a system on chip. In one embodiment, the secure processor 120 may also be integrated into the general purpose processor 110, such as a Dhyana-family processor.
The secure processor 120 has dedicated hardware resources, such as operating memory, non-volatile memory, etc., which are isolated from the general purpose processor 110 and are not accessible to the general purpose processor 110. The secure processor 120 communicates with the general-purpose processor 110 through a fixed communication interface, and the secure processor 120 can receive data from the general-purpose processor 110 through a high-speed bus or directly access a memory address in the memory 130 designated by the general-purpose processor 110. The secure processor 120 can receive the command sent by the general-purpose processor 110 through the fixed communication interface in time, and return the execution result to the general-purpose processor 110 after executing the command.
The general-purpose Processor 110 may be a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), an accelerated Processing Unit (accelerated Processing Unit), or other types of processors, such as a Network Processor (NP) and an application Processor, and certainly in some products, the application Processor is the CPU.
The Memory 130 is used for temporarily storing operation Data required by the processors (the general purpose processor 110 and the secure processor 120) and Data exchanged with an external Memory such as a hard disk, and may be a Double Data Rate (DDR) Memory, or other memories such as a Random Access Memory (RAM), a Dynamic Random Access Memory (DRAM), and the like.
The measurement targets are organically connected in series through the signature chain, the purpose is to establish the sequence and the irredifiable sequence between the signatures corresponding to the measurement targets in the starting process, the measurement targets are sequentially verified in sequence according to the sequence on the signature chain strictly by using the safety processor 120 during starting, and the change of any signature can cause the damage of the signature chain, so that the integral integrity and the consistency of the signature chain are ensured, and the absolute control and the safety of the starting process are further ensured.
Fig. 2 shows a schematic structural diagram of a signature chain provided in an embodiment of the present application. The implementation form of the signature chain is flexible, in this embodiment, the signature chain may include a plurality of signature units, each signature unit has a number, where the number may be 0, 1, 2.. n, the plurality of signature units respectively correspond to the plurality of measurement targets one to one, and the plurality of signature units are arranged according to a set sequence, that is, the plurality of signature units in the signature chain are a plurality of signature units corresponding to the plurality of measurement targets one to one, which are arranged according to the start sequence of the measurement targets when the system is started. Each Signature unit has the same data structure and may include information such as a Signature Chain Identifier (SCID), a Signature value, and a Hash value of a metric target. The SCID may be used to mark that the signature unit belongs to the signature chain, and the SCID may be generated using an identifier generation tool uuid (universal Unique identifier). The Hash value of the metric target may be generated using a Hash algorithm (SM3 algorithm). The signature value of the ith signature unit may be a value generated by performing an encryption signature on an extended value calculated from a Hash value of the measurement target of the ith signature unit and a Hash value of the measurement target of the (i-1) th signature unit, where i is a positive integer greater than or equal to 1. Here, the encrypted signature may use an asymmetric cryptographic algorithm, and may be, for example, an SM2 algorithm. It should be noted that, for the first signature unit in the signature chain, the signature value of the signature unit may be obtained by performing an encrypted signature on the Hash value of the metric target of the signature unit by using an asymmetric cryptographic algorithm. The signature chain of the present application may be located in a non-volatile memory of the general processor 110, such as a hard disk or a Flash memory, so as to facilitate the overall update of the signature chain when the system is updated, and the signature chain may also be stored in other storage modules, and the general processor 110 may access the module to obtain the signature chain. In particular, each signature unit may also include other information, such as a Hash algorithm, a signature algorithm, public key information, and the like.
The private key used for generating the signature value in the embodiment of the present application may be safely kept by the trusted software provider, and the public key used for verifying the signature value may be located inside the secure processor 120, and may be modified through a secure command interface provided by the secure processor 120. In addition, when the system is initially installed, an installation package provided by a trusted software provider is used, and the installation package comprises all image files and a signature chain consisting of signature units of a measurement target; when a system is updated, such as an Operating System (OS) is upgraded, a trusted software provider must generate an entire signature chain according to a new metric target, all signature units use the new signature chain identification SCID, and then install the updated image and signature chain on the system to be updated.
At system startup, the general purpose processor 110 generates a metric request for the current metric target and sends the metric request to the security processor 120. Here, the measurement request may be generated based on a signature chain, specifically, the general processor 110 calculates a Hash value of the current measurement target, searches for a signature unit in which the Hash value is consistent with the calculated Hash value in the signature chain, that is, the current signature unit, and generates the measurement request based on the found current signature unit. Wherein the measurement request includes the current signature unit. It should be noted that, when the secure processor 120 is integrated in the general-purpose processor 110, the action of generating the metric request is performed by a processor core in the general-purpose processor 110, that is, the processor core generates the metric request for the current metric target and sends the metric request.
The security processor 120 receives a metric request corresponding to the current metric target and verifies the metric request. During verification, the security processor 120 verifies the measurement request according to the current signature unit and the locally stored local signature unit, and updates the local signature unit with the current signature unit after the verification is passed; and also for sending the verification result to the general-purpose processor 110. The security processor 120 may have a Signature Unit Buffer (SUB), and when the measurement target passes verification, the Signature Unit corresponding to the measurement target is stored in the Signature Unit Buffer, and the Signature Unit stored in the Signature Unit Buffer is the local Signature Unit. The signature unit buffer SUB always holds the signature unit of the last success metric before the system is restarted. If the measurement request is verified as the first verification of the security processor 120, that is, when there is no local signature unit in the signature unit cache, the security processor 120 directly verifies the Hash value and the signature value of the current measurement target based on the current signature unit, for example, calculates the Hash value of the current measurement target, and verifies whether the Hash value in the current signature unit is consistent with the calculated Hash value. At this time, the metric request includes a current metric target and a current signature unit corresponding to the current metric target.
As an embodiment, when each signature unit in the signature chain includes: when signing the chain identification number, the security processor 120 verifies whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when it is (consistent), the characterization passes verification.
As another embodiment, when each signature unit in the signature chain includes: the secure processor 120 is configured to calculate an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit when the signature value and the Hash value of the measurement target corresponding to the signature unit are used and when the measurement request is verified; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; and when the extended value to be verified is consistent with the decrypted signature value, the representation verification is passed. Or, the secure processor 120 is configured to calculate an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; verifying whether a value generated by carrying out encryption signature on an extended value to be verified is consistent with a signature value in a current signature unit; and when the value generated by carrying out encryption signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
As another embodiment, when each signature unit in the signature chain includes: when the signature chain identification number, the signature value and the Hash value of the measurement target corresponding to the signature unit are determined, at this time, the security processor 120 verifies whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit before calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit, and only when the signature chain identification number in the current signature unit is determined to be consistent with the signature chain identification number in the local signature unit (otherwise, a verification failure conclusion is directly obtained), the subsequent verification is performed, for example, the actions of calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit are performed.
As another embodiment, the measurement request further includes a current measurement target, that is, the measurement request includes the current measurement target and a current signature unit corresponding to the current measurement target, in this case, the security processor 120 calculates a Hash value of the current measurement target before verifying the measurement request, verifies whether the Hash value in the current signature unit is consistent with the calculated Hash value, verifies the measurement request only when it is determined that the Hash value in the current signature unit is consistent with the calculated Hash value, and otherwise, directly obtains a result of verification failure.
As can be seen from the above embodiments, different verification methods, different information contained in each signature unit in the corresponding signature chain, and different content contained in the measurement request may also be used. Thus, the above example signature chains should not be construed as limiting the application.
To facilitate determining which phase the system has been booted up to, the general purpose processor 110 may also send a query request to the secure processor 120, the query request including a request type indicating to query the locally stored local signature units. After receiving the query request, the security processor 120, when recognizing that the query request is a request for querying a locally stored local signature unit, responds to the query request, and returns the locally stored local signature unit to the general processor 110, so that the general processor 110 determines, based on the local signature unit in combination with the signature chain, which stage the system is started to, whether the measurement of all preset targets is completed, and provides a basis for the upper-layer application to determine the overall health condition of the system. It should be noted that, when the secure processor 120 is integrated in the general-purpose processor 110, the sending of the query request is performed by a processor core in the general-purpose processor 110, that is, the processor core sends the query request to the secure processor 120.
Referring to fig. 3, steps included in a safety control method according to an embodiment of the present application will be described with reference to fig. 3.
Step S101: and sending a measurement request generated aiming at the current measurement target.
Calculating a Hash value of a current measurement target, searching a current signature unit matched with the Hash value from a signature chain, and generating and sending a measurement request, wherein in one implementation mode, the measurement request comprises: and the current signature unit corresponding to the current measurement target.
The signature chain comprises a plurality of signature units which are in one-to-one correspondence with the plurality of measurement targets and are arranged according to the set sequence of the plurality of measurement targets, and optionally, the plurality of signature units in the signature chain are a plurality of signature units which are in one-to-one correspondence with the plurality of measurement targets arranged according to the starting sequence of the measurement targets when the system is started. The current metrology target is one of the plurality of metrology targets.
Step S102: the metric request is validated.
The security processor receives a measurement request generated for a current measurement target, verifies the measurement request according to a current signature unit and a locally stored local signature unit, and if the current verification is the first verification, the locally stored local signature unit is empty, which is equivalent to verifying the measurement request only according to the current signature unit, and the process may be as follows: decrypting the signature value of the current signature unit by using a public key, and verifying whether the decrypted value is consistent with the Hash value of the measurement target of the current signature unit; if the verification result is consistent with the verification result, the verification is successful, otherwise, the verification fails; or, verifying whether a value generated by carrying out encryption signature on the Hash value of the measurement target of the current signature unit is consistent with the signature value of the current signature unit; if the two are consistent, the verification is successful, otherwise, the verification fails. Upon successful verification, the local signature unit is also updated based on the current signature unit. It should be noted that the criterion for determining whether the current verification is the first verification may be that the current verification is determined according to whether the system is restarted, when the system is restarted, the measurement request is received, and the current verification is the first verification, otherwise, the current verification is not the first verification.
And if the current verification is not the first verification and the local signature unit stored locally is not empty, verifying the measurement request according to the current signature unit and the local signature unit stored locally to obtain a verification result of passing (success) or failing verification.
Under one embodiment, each signature unit in the signature chain includes: when signing the chain identification number; at this time, the process of verifying the metric request may be: verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when yes, the characterization verification passes.
Under yet another embodiment, each signature unit in the signature chain includes: the signature value and the Hash value of the measurement target corresponding to the signature unit; the process of verifying the metric request may be: calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether a value generated by encrypting and signing the extended value to be verified is consistent with a signature value in the current signature unit; and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by encrypting and signing the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
Under yet another embodiment, each signature unit in the signature chain includes: the signature chain identification number, the signature value and the Hash value of the measurement target corresponding to the signature unit; the process of verifying the metric request may be: judging whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit, and if so, calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit; decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether a value generated by encrypting and signing the extended value to be verified is consistent with a signature value in the current signature unit; and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by encrypting and signing the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed. That is, in this embodiment, before calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit, it is verified whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit, and only when determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit (otherwise, a verification failure conclusion is directly obtained), the subsequent verification is performed, for example, the to-be-verified extended value is calculated according to the Hash value in the current signature unit and the Hash value in the local signature unit.
As another embodiment, the measurement request further includes a current measurement target, that is, the measurement request includes the current measurement target and a current signature unit corresponding to the current measurement target, at this time, before the measurement request is verified, a Hash value of the current measurement target is calculated, and it is verified whether the Hash value in the current signature unit is consistent with the calculated Hash value, the measurement request is verified only when it is determined that the Hash value in the current signature unit is consistent with the calculated Hash value, otherwise, a conclusion of verification failure is directly drawn.
Step S103: and returning a verification result.
And returning a verification result of passing (success) verification or failing verification, and further determining whether to suspend starting or continue starting according to the verification result.
To facilitate understanding of the verification process of the measurement request, the interaction diagram shown in fig. 4 is used as an example for the following description. It should be noted that the schematic verification process shown in fig. 4 is only one of many embodiments of the present application, and therefore, it should not be construed as limiting the present application.
When the Hash value and the signature value of the current measurement target are verified according to the current signature unit, the process may be as follows: the security processor calculates the Hash value of the current measurement target by using an SM3 algorithm, decrypts the signature value of the current signature unit by using a public key to obtain a decrypted value, and verifies whether the calculated Hash value and the decrypted value are consistent with the Hash value of the measurement target of the current signature unit; if the two are consistent, the verification is successful, otherwise, the verification fails.
When the hash value and the signature value of the current measurement target are verified according to the current signature unit and the local signature unit, the process may be as follows: calculating the Hash value of the current measurement target by using an SM3 algorithm, and verifying whether the calculated Hash value is consistent with the Hash value in the current signature unit; and when the calculated Hash value is determined to be consistent with the Hash value in the current signature unit, calculating to obtain an extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit, decrypting the signature value in the current signature unit by using the public key, and verifying whether the calculated extended value is consistent with the decrypted signature value or not, wherein if the two verifications are consistent, the verification is successful, and otherwise, the verification is failed.
According to the method and the system, all the measurement targets are organically connected in series through the signature chain, the safety processor is utilized to sequentially measure the integrity and the dependency of all the measurement targets in sequence strictly according to the sequence on the signature chain during starting, the measurement targets cannot be bypassed or replaced, the overall integrity and the consistency of the system are guaranteed, and the system starting safety is further enhanced.
The embodiment of the present application further provides a non-volatile readable storage medium (hereinafter, referred to as a storage medium), where the storage medium stores an executable program, and the executable program is executed by a computer, such as the computer device 100, to perform the above-mentioned security control method. The storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (21)

1. A safety control method, comprising:
receiving a metric request generated aiming at a current metric target, wherein the metric request is generated based on a signature chain, the signature chain comprises a plurality of signature units which are in one-to-one correspondence with a plurality of metric targets and are arranged according to a set sequence of the plurality of metric targets, the current metric target is one of the plurality of metric targets, and the metric request comprises a current signature unit which is in the signature chain and corresponds to the current metric target;
verifying the measurement request according to the current signature unit and a locally stored local signature unit, wherein the local signature unit is a signature unit which is previous to the current signature unit in the signature chain;
when the verification is passed, updating the local signature unit by using the current signature unit;
and outputting a verification result.
2. The method of claim 1, wherein each signature unit in the signature chain comprises: a signature chain identification number; validating the measurement request, including:
verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit;
when yes, the characterization verification passes.
3. The method of claim 1, wherein each signature unit in the signature chain comprises: the signature value and the Hash value of the measurement target corresponding to the signature unit are obtained, wherein the signature value of the ith signature unit in the signature chain is a value generated by carrying out encryption signature on an expanded value obtained by calculation according to the Hash value of the measurement target corresponding to the ith and (i-1) th signature units, and i is a positive integer greater than or equal to 1; validating the measurement request, including:
calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit;
decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether the value generated by the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit;
and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by carrying out the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
4. The method of claim 3, wherein each signature unit in the signature chain further comprises: a signature chain identification number; before calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit, the method further comprises:
and determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit.
5. The method of any of claims 1-4, wherein the metric request further comprises the current metric target; prior to verifying the metric request, the method further comprises:
calculating a Hash value of the current measurement target;
and determining that the Hash value in the current signature unit is consistent with the calculated Hash value.
6. The method of claim 1, further comprising:
receiving a query request, wherein the query request comprises a request type, and the request type is used for indicating that a local signature unit stored locally is queried;
and responding to the query request and returning the locally stored local signature unit.
7. The method of claim 1, wherein the plurality of signature units in the signature chain are a plurality of signature units corresponding to a plurality of metrology targets arranged in an order of starting the metrology targets at system start-up.
8. A safety control method is characterized in that,
calculating a Hash value of the current measurement target;
searching a current signature unit matched with the Hash value from a signature chain, wherein the signature chain comprises a plurality of signature units which are in one-to-one correspondence with a plurality of measurement targets and are arranged according to a set sequence of the measurement targets, and the current measurement target is one of the measurement targets;
generating and sending a metric request, the metric request comprising: the current metric target and the current signature unit.
9. A processor, comprising:
a processor core, configured to generate a metric request for a current metric target, and send the metric request, where the metric request is generated based on a signature chain, where the signature chain includes a plurality of signature units that are in one-to-one correspondence with a plurality of metric targets and are arranged in a set order of the plurality of metric targets, the current metric target is one of the plurality of metric targets, and the metric request includes a current signature unit in the signature chain that corresponds to the current metric target;
a security processor for receiving the metric request and verifying the metric request based on the current signature unit and a locally stored local signature unit, and updating the local signature unit with the current signature unit if verification passes; and the local signature unit is used for sending a verification result, wherein the local signature unit is a signature unit which is previous to the current signature unit in the signature chain.
10. The processor of claim 9, wherein each signature unit in the signature chain comprises: a signature chain identification number; the security processor is used for verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when yes, the characterization verification passes.
11. The processor of claim 9, wherein each signature unit in the signature chain comprises: the signature value and the Hash value of the measurement target corresponding to the signature unit are obtained, wherein the signature value of the ith signature unit in the signature chain is a value generated by carrying out encryption signature on an expanded value obtained by calculation according to the Hash value of the measurement target corresponding to the ith and (i-1) th signature units, and i is a positive integer greater than or equal to 1; the secure processor is to:
calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit;
decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether the value generated by the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit;
and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by carrying out the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
12. The processor of claim 11, wherein each signature unit in the signature chain further comprises: a signature chain identification number; and the safety processor is also used for determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit before calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit.
13. The processor of any one of claims 9 to 12, wherein the metric request further includes the current metric target, and wherein the security processor is further configured to calculate a Hash value of the current metric target and determine that the Hash value in the current signature unit is consistent with the calculated Hash value before verifying the metric request.
14. The processor of claim 9, wherein the processor core is further configured to send a query request to the secure processor, the query request including a request type, the request type indicating to query a locally stored local signature unit;
and the security processor is also used for responding to the query request and returning the locally stored local signature unit.
15. An integrated device, comprising:
the general processor is used for generating a measurement request aiming at a current measurement target and sending the measurement request, wherein the measurement request is generated based on a signature chain, the signature chain comprises a plurality of signature units which are in one-to-one correspondence with a plurality of measurement targets and are arranged according to a set sequence of the plurality of measurement targets, the current measurement target is one of the plurality of measurement targets, and the measurement request comprises a current signature unit which is in the signature chain and corresponds to the current measurement target;
a security processor for receiving the metric request and verifying the metric request based on the current signature unit and a locally stored local signature unit, and updating the local signature unit with the current signature unit if verification passes; and the local signature unit is used for sending a verification result, wherein the local signature unit is a signature unit which is previous to the current signature unit in the signature chain.
16. The integrated device of claim 15, wherein each signature unit in the signature chain comprises: a signature chain identification number; the security processor is used for verifying whether the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit; when yes, the characterization verification passes.
17. The integrated device of claim 15, wherein each signature unit in the signature chain comprises: the signature value and the Hash value of the measurement target corresponding to the signature unit are obtained, wherein the signature value of the ith signature unit in the signature chain is a value generated by carrying out encryption signature on an expanded value obtained by calculation according to the Hash value of the measurement target corresponding to the ith and (i-1) th signature units, and i is a positive integer greater than or equal to 1; the secure processor is to:
calculating an extended value to be verified according to the Hash value in the current signature unit and the Hash value in the local signature unit;
decrypting the signature value in the current signature unit and verifying whether the extended value to be verified is consistent with the decrypted signature value; or, verifying whether the value generated by the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit;
and when the extended value to be verified is consistent with the decrypted signature value, or when the value generated by carrying out the encrypted signature on the extended value to be verified is consistent with the signature value in the current signature unit, the representation verification is passed.
18. The integrated device of claim 17, wherein each signature unit in the signature chain further comprises: a signature chain identification number; and the safety processor is also used for determining that the signature chain identification number in the current signature unit is consistent with the signature chain identification number in the local signature unit before calculating the to-be-verified extended value according to the Hash value in the current signature unit and the Hash value in the local signature unit.
19. The integrated device of any of claims 15-18, wherein the metrology request further comprises the current metrology target, and wherein the security processor is further configured to calculate a Hash value of the current metrology target and determine that the Hash value in the current signature unit is consistent with the calculated Hash value prior to verifying the metrology request.
20. The integrated device of claim 15, wherein the general purpose processor is further configured to send a query request to the secure processor, the query request including a request type, the request type being used to indicate to query a locally stored local signature unit;
and the security processor is also used for responding to the query request and returning the locally stored local signature unit.
21. A computer device, comprising: a processor as claimed in any one of claims 9 to 14, or an integrated device as claimed in any one of claims 15 to 20.
CN201911342360.9A 2019-12-26 2019-12-26 Safety control method, processor, integrated device and computer equipment Active CN111143887B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911342360.9A CN111143887B (en) 2019-12-26 2019-12-26 Safety control method, processor, integrated device and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911342360.9A CN111143887B (en) 2019-12-26 2019-12-26 Safety control method, processor, integrated device and computer equipment

Publications (2)

Publication Number Publication Date
CN111143887A true CN111143887A (en) 2020-05-12
CN111143887B CN111143887B (en) 2022-05-24

Family

ID=70519508

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911342360.9A Active CN111143887B (en) 2019-12-26 2019-12-26 Safety control method, processor, integrated device and computer equipment

Country Status (1)

Country Link
CN (1) CN111143887B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111881467A (en) * 2020-06-12 2020-11-03 海光信息技术有限公司 Method and device for protecting file by using security processor, CPU and computer equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105227319A (en) * 2015-10-23 2016-01-06 浪潮电子信息产业股份有限公司 A kind of method of authentication server and device
CN107908977A (en) * 2017-09-28 2018-04-13 中国船舶重工集团公司第七0九研究所 Intelligent mobile terminal trust chain safety transmitting method and system based on TrustZone
CN109245899A (en) * 2018-09-06 2019-01-18 成都三零嘉微电子有限公司 One kind being based on the novel trust chain design method of SM9 cryptographic algorithm
CN109951416A (en) * 2017-12-20 2019-06-28 北京可信华泰信息技术有限公司 A kind of trust authentication method and terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105227319A (en) * 2015-10-23 2016-01-06 浪潮电子信息产业股份有限公司 A kind of method of authentication server and device
CN107908977A (en) * 2017-09-28 2018-04-13 中国船舶重工集团公司第七0九研究所 Intelligent mobile terminal trust chain safety transmitting method and system based on TrustZone
CN109951416A (en) * 2017-12-20 2019-06-28 北京可信华泰信息技术有限公司 A kind of trust authentication method and terminal
CN109245899A (en) * 2018-09-06 2019-01-18 成都三零嘉微电子有限公司 One kind being based on the novel trust chain design method of SM9 cryptographic algorithm

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111881467A (en) * 2020-06-12 2020-11-03 海光信息技术有限公司 Method and device for protecting file by using security processor, CPU and computer equipment
CN111881467B (en) * 2020-06-12 2022-10-28 海光信息技术股份有限公司 Method and device for protecting file by using security processor, CPU and computer equipment

Also Published As

Publication number Publication date
CN111143887B (en) 2022-05-24

Similar Documents

Publication Publication Date Title
CN109710315B (en) BIOS (basic input output System) flash writing method and BIOS mirror image file processing method
US8161285B2 (en) Protocol-Independent remote attestation and sealing
KR101687277B1 (en) Key revocation in system on chip devices
JP6044362B2 (en) How to build a trust chain in a virtual machine
JP5530460B2 (en) Secure boot method and secure boot device
CN109714303B (en) BIOS starting method and data processing method
US20110113181A1 (en) System and method for updating a basic input/output system (bios)
JP6391439B2 (en) Information processing apparatus, server apparatus, information processing system, control method, and computer program
TWI582632B (en) Method and system of entering a secured computing environment using multiple authenticated code modules,and processor
CN110069316B (en) Integrity verification of entities
US11886593B2 (en) Verification of a provisioned state of a platform
TW201145069A (en) Providing integrity verification and attestation in a hidden execution environment
JP2015022521A (en) Secure boot method, built-in apparatus, secure boot device and secure boot program
CN113468535A (en) Credibility measuring method and related device
US9928367B2 (en) Runtime verification
CN104899524B (en) The method of central processing unit and verifying motherboard data
CN112835628A (en) Server operating system booting method, device, equipment and medium
CN107924440B (en) Method, system, and computer readable medium for managing containers
CN111143887B (en) Safety control method, processor, integrated device and computer equipment
WO2016041419A1 (en) Trusted metric method and device
CN114021106B (en) Remote authentication method, device and system for credibility measurement
CN112099909B (en) Virtual machine memory measurement method, device, processor chip and system
KR20170066231A (en) Computer system and operating method therefor
CN108595981B (en) Method for encrypting android system
JP7171339B2 (en) Information processing device, control method for information processing device, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 300450 Tianjin Binhai New Area Huayuan Industrial Zone Haitai West Road 18 North 2-204 Industrial Incubation-3-8

Applicant after: Haiguang Information Technology Co., Ltd

Address before: 300450 Tianjin Binhai New Area Huayuan Industrial Zone Haitai West Road 18 North 2-204 Industrial Incubation-3-8

Applicant before: HAIGUANG INFORMATION TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant