CN111901305A - Memory operation method and device, storage medium and electronic device - Google Patents
Memory operation method and device, storage medium and electronic device Download PDFInfo
- Publication number
- CN111901305A CN111901305A CN202010600324.4A CN202010600324A CN111901305A CN 111901305 A CN111901305 A CN 111901305A CN 202010600324 A CN202010600324 A CN 202010600324A CN 111901305 A CN111901305 A CN 111901305A
- Authority
- CN
- China
- Prior art keywords
- terminal
- target mobile
- mobile memory
- trusted
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Multimedia (AREA)
- General Business, Economics & Management (AREA)
- Business, Economics & Management (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses an operation method and device of a memory, a storage medium and an electronic device. Wherein, the method comprises the following steps: under the condition that a target mobile memory is connected to a first terminal, measuring the running environment of the first terminal and the target mobile memory through a Trusted Platform Control Module (TPCM) on the first terminal, wherein the first terminal is a trusted terminal managed by a trusted management center; under the condition that the running environment of the first terminal and the target mobile memory pass the measurement, the target mobile memory is authenticated through the TPCM on the first terminal; and in the case that the target mobile memory is authenticated, performing data operation on the target mobile memory on the first terminal according to the operation authority configured for the target mobile memory. The method and the device solve the technical problem that the computer system has potential safety hazards in the related technology.
Description
Technical Field
The present application relates to the field of trusted computing, and in particular, to an operating method and apparatus of a memory, a storage medium, and an electronic apparatus.
Background
In the related art, with the rapid development of informatization construction, people need more safe and reliable safety products, and in the process, a trusted platform control module begins to appear, and the current trusted platform control module can perform trusted safety measurement on a computer system to guarantee the safe operation of the computer system.
The computer system has strong expansibility, and data transmission between the computer device and other devices is often required for convenient use, although the computer system is safe and credible, the safety of the other devices cannot be guaranteed, so that the computer system may have safety problems after being in communication connection with the other devices.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the application provides an operation method and device of a memory, a storage medium and an electronic device, and aims to at least solve the technical problem that a computer system in the related art has potential safety hazards.
According to an aspect of an embodiment of the present application, there is provided an operating method of a memory, including: under the condition that a target mobile memory is connected to a first terminal, measuring the running environment of the first terminal and the target mobile memory through a Trusted Platform Control Module (TPCM) on the first terminal, wherein the first terminal is a trusted terminal managed by a trusted management center; under the condition that the running environment of the first terminal and the target mobile memory pass the measurement, the target mobile memory is authenticated through the TPCM on the first terminal; and in the case that the target mobile memory is authenticated, performing data operation on the target mobile memory on the first terminal according to the operation authority configured for the target mobile memory.
According to another aspect of the embodiments of the present application, there is also provided an operating device of a memory, including: the measurement unit is used for measuring the running environment of the first terminal and the target mobile memory through a Trusted Platform Control Module (TPCM) on the first terminal under the condition that the first terminal is connected with the target mobile memory, wherein the first terminal is a trusted terminal managed by a trusted management center; the authentication unit is used for authenticating the target mobile memory through the TPCM on the first terminal under the condition that the running environment of the first terminal and the target mobile memory pass the measurement; and the operation unit is used for executing data operation on the target mobile memory on the first terminal according to the operation authority configured for the target mobile memory in the case that the target mobile memory is authenticated.
According to another aspect of the embodiments of the present application, there is also provided a storage medium including a stored program which, when executed, performs the above-described method.
According to another aspect of the embodiments of the present application, there is also provided an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the above method through the computer program.
In the embodiment of the application, the operation environment and the target mobile memory of the first terminal are measured through the Trusted Platform Control Module (TPCM) on the first terminal, the target mobile memory is authenticated through the TPCM on the first terminal, and the accessed target mobile memory can be guaranteed to be trusted by using two mechanisms of measurement and authentication, so that the technical problem that a computer system has potential safety hazards in the related technology can be solved, and the technical effect of improving the safety of the computer system is further achieved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic diagram of a hardware environment for a method of operating a memory according to an embodiment of the present application;
FIG. 2 is a flow chart of an alternative method of operation of a memory according to an embodiment of the present application;
fig. 3 is a schematic diagram of an alternative terminal registration according to an embodiment of the application;
FIG. 4 is a schematic diagram of an alternative memory registration in accordance with embodiments of the present application;
FIG. 5 is a schematic diagram of an alternative memory registration in accordance with embodiments of the present application;
FIG. 6 is a schematic diagram of an alternative memory registration in accordance with embodiments of the present application;
FIG. 7 is a schematic diagram of an alternative memory usage in accordance with embodiments of the present application;
FIG. 8 is a schematic diagram of an alternative privilege configuration according to an embodiment of the present application;
FIG. 9 is a schematic diagram of an alternative privilege configuration according to an embodiment of the present application;
FIG. 10 is a schematic diagram of an alternative memory operating device according to an embodiment of the present application;
and
fig. 11 is a block diagram of a terminal according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an aspect of embodiments of the present application, there is provided a method embodiment of a method of operating a memory.
Optionally, in this embodiment, the operation method of the memory may be applied to a hardware environment composed of the trusted terminal set 101 and the trusted management center 103 (which may be composed of one or more trusted servers) as shown in fig. 1. As shown in fig. 1, the trusted management center 103 is connected to the set of trusted terminals 101 through a network, which may be used to manage each trusted terminal, and the network includes but is not limited to: the trusted terminal set 101 is not limited to a set of terminals such as a PC, a mobile phone, and a tablet computer.
The operation method of the memory according to the embodiment of the present application may be executed by the trusted management center 103 and the trusted terminal set 101 together. Fig. 2 is a flow chart of an alternative method of operating a memory according to an embodiment of the present application, which may include the following steps, as shown in fig. 2:
step S202, under the condition that the first terminal is connected with the target mobile memory, the running environment of the first terminal and the target mobile memory are measured through a Trusted Platform Control Module (TPCM) on the first terminal, and the first terminal is a trusted terminal managed by a trusted management center.
The target mobile memory is a device capable of storing data, such as a U disk, a mobile hard disk, an intelligent device (such as a mobile phone and a tablet), and the like; the trusted management center is used for managing all trusted terminals; the trusted terminal adopts an active trusted mechanism, and a tpcm (trusted Platform Control module) actively accesses and measures a host information system, and is allowed to be used only after measurement passes, and the information used for measurement may be environment information of the first terminal and device information of the target mobile memory, or information obtained by extracting characteristics of the environment information of the first terminal and the device information of the target mobile memory.
And step S204, under the condition that the running environment of the first terminal and the target mobile memory pass the measurement, authenticating the target mobile memory through the TPCM on the first terminal.
And step S206, in the case that the target mobile memory is authenticated, performing data operation on the target mobile memory on the first terminal according to the operation authority configured for the target mobile memory.
Through the steps S202 to S206, the operation environment and the target mobile memory of the first terminal are measured by the trusted platform control module TPCM on the first terminal, and the target mobile memory is authenticated by the TPCM on the first terminal, and the two mechanisms of measurement and authentication are used to ensure that the accessed target mobile memory is trusted, so that the technical problem of potential safety hazard of the computer system in the related art can be solved, and the technical effect of improving the safety of the computer system is achieved. The technical solution of the present application is further detailed below with reference to the steps shown in fig. 2.
In the technical solution provided in step S202, when the target mobile storage is connected to the first terminal, the operation environment of the first terminal and the target mobile storage are measured by the trusted platform control module TPCM on the first terminal.
Optionally, the target mobile storage needs to be registered with a trusted device before the target mobile storage is connected to the first terminal, and the trusted device is a device that has been registered with the trusted management center.
The registration process of the trusted device is as follows:
And 2, under the condition that the running environment of the second terminal passes the measurement, registering the second terminal in the trusted management center through the TPCM on the second terminal, and judging whether the second terminal passes the measurement or not by the trusted management center if the terminal information of the second terminal is sent to the trusted management center.
The registration process of the mobile memory is as follows:
And 2, registering the target mobile memory through the TPCM on the second terminal under the condition that the running environment of the second terminal and the target mobile memory pass through measurement (the measurement mode is similar to that in the foregoing and is not described in detail).
Optionally, registering the target mobile storage through the TPCM on the second terminal includes:
and step 21, the second terminal acquires the device information of the target mobile memory, such as owner, manufacturer, name, identification and the like.
And step 22, sending the registration request carrying the device information to the trusted management center through the TPCM on the second terminal, completing registration by the trusted management center, and recording the device information.
In the above scheme, sending the registration request carrying the device information to the trusted management center through the TPCM on the second terminal may be implemented in two ways: under the condition that an administrator key (indicating that the administrator agrees to register) is received before the registration request is sent, the registration request is sent to the trusted management center through the TPCM on the second terminal; and the TPCM on the second terminal sends the registration request encrypted by the administrator key to the trusted management center, and the trusted management center decrypts the request by using the public key to obtain a plaintext request.
Optionally, after registering the target mobile storage through the TPCM on the second terminal, in case that the target mobile storage passes the registration, the trusted management center sends the device information of the target mobile storage to a plurality of trusted terminals, including the first terminal, so that the mobile storage can be used on the trusted terminals.
Optionally, after the target mobile storage is registered through the TPCM on the second terminal, in a case that the target mobile storage passes the registration, the trusted management center sends at least one operation right of the target mobile storage to the plurality of trusted terminals, where the operation right received by any one of the plurality of trusted terminals is one of the at least one operation right.
The operation authorities of the plurality of trusted terminals to the target mobile storage can be completely the same (for example, all the trusted terminals can only read), partially the same (for example, the authorities of at least two trusted terminals are the same), and completely different (that is, the authorities of any two trusted terminals are different).
In the case that there is a terminal having an operation authority different from that of the first terminal, performing a data operation on the target mobile storage on the first terminal according to the operation authority configured for the target mobile storage includes: and performing data operation on the target mobile memory on the first terminal according to a first operation authority, wherein the first operation authority is different from a second operation authority, the first operation authority is an operation authority configured for the first terminal, the second operation authority is an operation authority configured for a third terminal, and the third terminal is a trusted terminal which is managed by a trusted management center and is different from the first terminal.
In the technical solution provided in step S204, in the case that the operating environment of the first terminal and the target mobile memory pass the measurement, the TPCM on the first terminal authenticates the target mobile memory, for example, the TPCM extracts the device information of the target mobile memory, and then compares the device information with the pre-stored information, and if there is a match, the pre-stored information indicates that the authentication passes.
In the technical solution provided in step S206, when the target mobile storage is authenticated, data operation, such as data reading, data deleting, data writing, etc., is performed on the target mobile storage on the first terminal according to the operation authority configured for the target mobile storage.
As an alternative example, the following further details the technical solution of the present application by taking a usb disk as an example in combination with a specific implementation manner.
Step 2, as shown in fig. 4, the usb disk is registered, and the registration process may encrypt the registration request (or registration information) using the administrator key, and then upload the information to the management center, as shown in fig. 5.
And 3, configuring the USB flash disk information to all terminals in the management domain.
As shown in fig. 6, the management center configures an automatic distribution switch or a manual distribution switch to control whether the terminal receiving the policy information is full network or designated, configures the terminal as read-only permission by default, and issues the registered usb disk information to other trusted terminals.
And step 4, as shown in fig. 7, the trusted terminal can use the usb disk.
Step 5, as shown in fig. 8, the management center configures the write right to the designated terminal, and the configuration right item may be configured when the usb disk is registered, or may be configured in real time when the usb disk is inserted into the target device.
As shown in fig. 9, the authority of the same usb disk at different terminals may be different.
By adopting the technical scheme, the mobile memory can be registered and authenticated through the TPCM, and the TPCM completes the registration and authentication through the interaction with the trusted management center, so that the safety problem caused by the insertion of the memory which is not authenticated can be solved, and the safety of the whole system is improved.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method of the embodiments of the present application.
According to another aspect of the embodiments of the present application, there is also provided an operating device of a memory for implementing the operating method of the memory. Fig. 10 is a schematic diagram of an alternative memory operating apparatus according to an embodiment of the present application, and as shown in fig. 10, the apparatus may include:
a measurement unit 1001, configured to measure, by using a trusted platform control module TPCM on a first terminal, a running environment of the first terminal and a target mobile memory when the first terminal is connected to the target mobile memory, where the first terminal is a trusted terminal managed by a trusted management center.
An authenticating unit 1003, configured to authenticate the target mobile storage through the TPCM on the first terminal if the operating environment of the first terminal and the target mobile storage pass metric.
An operation unit 1005, configured to perform a data operation on the target mobile memory on the first terminal according to the operation authority configured for the target mobile memory, in case that the target mobile memory is authenticated.
It should be noted that the measurement unit 1001 in this embodiment may be configured to execute step S202 in this embodiment, the authentication unit 1003 in this embodiment may be configured to execute step S204 in this embodiment, and the operation unit 1005 in this embodiment may be configured to execute step S206 in this embodiment.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. It should be noted that the modules described above as a part of the apparatus may operate in a hardware environment as shown in fig. 1, and may be implemented by software or hardware.
Through the modules, the operation environment and the target mobile memory of the first terminal are measured through the trusted platform control module TPCM on the first terminal, the target mobile memory is authenticated through the TPCM on the first terminal, the accessed target mobile memory can be guaranteed to be trusted by utilizing two mechanisms of measurement and authentication, the technical problem that a computer system has potential safety hazards in the related technology can be solved, and the technical effect of improving the safety of the computer system is achieved.
Optionally, the apparatus of the present application may further include a memory registration unit for indicating: before the target mobile memory is connected with the first terminal, under the condition that the target mobile memory is connected with the second terminal, measuring the running environment of the second terminal and the target mobile memory through a TPCM (trusted platform manager) on the second terminal, wherein the second terminal is a trusted terminal managed by a trusted management center; and registering the target mobile memory through the TPCM on the second terminal under the condition that the running environment of the second terminal and the target mobile memory pass measurement.
Optionally, the memory registration unit of the present application may be further configured to indicate: the second terminal acquires the equipment information of the target mobile storage; and sending the registration request carrying the equipment information to a trusted management center through the TPCM on the second terminal.
Optionally, the memory registration unit of the present application may be further configured to indicate: under the condition of receiving the administrator key before sending the registration request, sending the registration request to a trusted management center through a TPCM (trusted platform manager) on a second terminal; the registration request encrypted via the administrator key is sent to the trusted management center by the TPCM on the second terminal.
Optionally, the memory registration unit of the present application may be further configured to indicate: after registering the target mobile memory through the TPCM on the second terminal, the trusted management center sends the device information of the target mobile memory to a plurality of trusted terminals under the condition that the target mobile memory passes the registration, wherein the plurality of trusted terminals comprise the first terminal.
Optionally, the memory registration unit of the present application may be further configured to indicate: after the target mobile memory is registered through the TPCM on the second terminal, under the condition that the target mobile memory is registered, the trusted management center sends at least one operation authority of the target mobile memory to the plurality of trusted terminals, wherein the operation authority received by any one of the plurality of trusted terminals is one of the at least one operation authority.
Optionally, the apparatus of the present application may further include a terminal registration unit, configured to instruct: before the target mobile memory is connected with the second terminal, measuring the operating environment of the second terminal through the TPCM on the second terminal; and registering the second terminal in the trusted management center through the TPCM on the second terminal under the condition that the running environment of the second terminal passes the measurement.
Optionally, the operation unit of the present application may be further configured to indicate: and performing data operation on the target mobile memory on the first terminal according to a first operation authority, wherein the first operation authority is different from a second operation authority, the first operation authority is an operation authority configured for the first terminal, the second operation authority is an operation authority configured for a third terminal, and the third terminal is a trusted terminal which is managed by a trusted management center and is different from the first terminal.
It should be noted here that the modules described above are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure of the above embodiments. It should be noted that the modules described above as a part of the apparatus may be operated in a hardware environment as shown in fig. 1, and may be implemented by software, or may be implemented by hardware, where the hardware environment includes a network environment.
According to another aspect of the embodiments of the present application, there is also provided a server or a terminal for implementing the operation method of the memory.
Fig. 11 is a block diagram of a terminal according to an embodiment of the present application, and as shown in fig. 11, the terminal may include: one or more processors 1101 (only one shown in fig. 11), a memory 1103, and a transmitting means 1105, as shown in fig. 11, the terminal may further include an input-output device 1107.
The memory 1103 may be configured to store software programs and modules, such as program instructions/modules corresponding to the operating method and apparatus of the memory in the embodiment of the present application, and the processor 1101 executes various functional applications and data processing by running the software programs and modules stored in the memory 1103, that is, implements the operating method of the memory. The memory 1103 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 1103 can further include memory located remotely from the processor 1101, which can be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmitting device 1105 is used for receiving or sending data via a network, and can also be used for data transmission between the processor and the memory. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 1105 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmitting device 1105 is a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.
The memory 1103 is used for storing, among other things, application programs.
The processor 1101 may call an application stored in the memory 1103 through the transmission device 1105 to perform the following steps:
under the condition that a target mobile memory is connected to a first terminal, measuring the running environment of the first terminal and the target mobile memory through a Trusted Platform Control Module (TPCM) on the first terminal, wherein the first terminal is a trusted terminal managed by a trusted management center;
under the condition that the running environment of the first terminal and the target mobile memory pass the measurement, the target mobile memory is authenticated through the TPCM on the first terminal;
and in the case that the target mobile memory is authenticated, performing data operation on the target mobile memory on the first terminal according to the operation authority configured for the target mobile memory.
The processor 1101 is further configured to perform the following steps:
under the condition that the target mobile memory is connected to the second terminal, measuring the running environment of the second terminal and the target mobile memory through a TPCM (trusted platform manager) on the second terminal, wherein the second terminal is a trusted terminal managed by a trusted management center;
and registering the target mobile memory through the TPCM on the second terminal under the condition that the running environment of the second terminal and the target mobile memory pass measurement.
By adopting the embodiment of the application, the operation environment and the target mobile memory of the first terminal are measured through the trusted platform control module TPCM on the first terminal, the target mobile memory is authenticated through the TPCM on the first terminal, the accessed target mobile memory can be guaranteed to be trusted by utilizing two mechanisms of measurement and authentication, the technical problem that a computer system has potential safety hazards in the related technology can be solved, and the technical effect of improving the safety of the computer system is further achieved.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments, and this embodiment is not described herein again.
It can be understood by those skilled in the art that the structure shown in fig. 11 is only an illustration, and the terminal may be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, and a Mobile Internet Device (MID), a PAD, etc. Fig. 11 is a diagram illustrating a structure of the electronic device. For example, the terminal may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 11, or have a different configuration than shown in FIG. 11.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
Embodiments of the present application also provide a storage medium. Alternatively, in the present embodiment, the storage medium may be used to execute a program code of an operation method of the memory.
Optionally, in this embodiment, the storage medium may be located on at least one of a plurality of network devices in a network shown in the above embodiment.
Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps:
under the condition that a target mobile memory is connected to a first terminal, measuring the running environment of the first terminal and the target mobile memory through a Trusted Platform Control Module (TPCM) on the first terminal, wherein the first terminal is a trusted terminal managed by a trusted management center;
under the condition that the running environment of the first terminal and the target mobile memory pass the measurement, the target mobile memory is authenticated through the TPCM on the first terminal;
and in the case that the target mobile memory is authenticated, performing data operation on the target mobile memory on the first terminal according to the operation authority configured for the target mobile memory.
Optionally, the storage medium is further arranged to store program code for performing the steps of:
under the condition that the target mobile memory is connected to the second terminal, measuring the running environment of the second terminal and the target mobile memory through a TPCM (trusted platform manager) on the second terminal, wherein the second terminal is a trusted terminal managed by a trusted management center;
and registering the target mobile memory through the TPCM on the second terminal under the condition that the running environment of the second terminal and the target mobile memory pass measurement.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments, and this embodiment is not described herein again.
Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
The integrated unit in the above embodiments, if implemented in the form of a software functional unit and sold or used as a separate product, may be stored in the above computer-readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or a part of or all or part of the technical solution contributing to the prior art may be embodied in the form of a software product stored in a storage medium, and including instructions for causing one or more computer devices (which may be personal computers, servers, network devices, or the like) to execute all or part of the steps of the method described in the embodiments of the present application.
In the above embodiments of the present application, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The foregoing is only a preferred embodiment of the present application and it should be noted that those skilled in the art can make several improvements and modifications without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.
Claims (11)
1. A method of operating a memory, comprising:
under the condition that a target mobile memory is connected to a first terminal, measuring the running environment of the first terminal and the target mobile memory through a Trusted Platform Control Module (TPCM) on the first terminal, wherein the first terminal is a trusted terminal managed by a trusted management center;
authenticating the target mobile memory through the TPCM on the first terminal under the condition that the running environment of the first terminal and the target mobile memory pass the measurement;
and under the condition that the target mobile memory is authenticated, performing data operation on the target mobile memory on the first terminal according to the operation authority configured for the target mobile memory.
2. The method of claim 1, wherein before the target mobile storage is connected to the first terminal, the method further comprises:
under the condition that the target mobile memory is connected to a second terminal, measuring the running environment of the second terminal and the target mobile memory through a TPCM (trusted platform manager) on the second terminal, wherein the second terminal is a trusted terminal managed by the trusted management center;
and registering the target mobile memory through the TPCM on the second terminal under the condition that the running environment of the second terminal and the target mobile memory pass measurement.
3. The method of claim 2, wherein registering the target mobile memory with the TPCM on the second terminal comprises:
the second terminal acquires the equipment information of the target mobile memory;
and sending the registration request carrying the equipment information to the trusted management center through the TPCM on the second terminal.
4. The method of claim 3, wherein sending, by the TPCM on the second terminal, the registration request carrying the device information to the trusted management center comprises:
under the condition of receiving an administrator key before sending the registration request, sending the registration request to the trusted management center through the TPCM on the second terminal; or the like, or, alternatively,
sending, by the TPCM on the second terminal, the registration request encrypted via the administrator key to the trusted management center.
5. The method of claim 2, wherein after registering the target mobile memory with the TPCM on the second terminal, the method further comprises:
and under the condition that the target mobile memory passes the registration, the trusted management center sends the device information of the target mobile memory to a plurality of trusted terminals, wherein the plurality of trusted terminals comprise the first terminal.
6. The method of claim 2, wherein after registering the target mobile memory with the TPCM on the second terminal, the method further comprises:
and under the condition that the target mobile memory is registered, the trusted management center sends at least one operation authority of the target mobile memory to a plurality of trusted terminals, wherein the operation authority received by any one of the plurality of trusted terminals is one of the at least one operation authority.
7. The method of claim 2, wherein before the target mobile storage is connected to the second terminal, the method further comprises:
measuring the operation environment of the second terminal through the TPCM on the second terminal;
and registering the second terminal in the trusted management center through the TPCM on the second terminal under the condition that the running environment of the second terminal passes the measurement.
8. The method according to any one of claims 1 to 7, wherein performing data operations on the target mobile storage on the first terminal according to the operation authority configured for the target mobile storage comprises:
and performing data operation on the target mobile memory on the first terminal according to a first operation right, wherein the first operation right is different from a second operation right, the first operation right is an operation right configured for the first terminal, the second operation right is an operation right configured for a third terminal, and the third terminal is a trusted terminal which is managed by the trusted management center and is different from the first terminal.
9. An operating device of a memory, comprising:
the measurement unit is used for measuring the running environment of the first terminal and the target mobile memory through a Trusted Platform Control Module (TPCM) on the first terminal under the condition that the first terminal is connected with the target mobile memory, wherein the first terminal is a trusted terminal managed by a trusted management center;
the authentication unit is used for authenticating the target mobile memory through the TPCM on the first terminal under the condition that the running environment of the first terminal and the target mobile memory pass the measurement;
and the operation unit is used for executing data operation on the target mobile memory on the first terminal according to the operation authority configured for the target mobile memory under the condition that the target mobile memory is authenticated.
10. A storage medium, characterized in that the storage medium comprises a stored program, wherein the program when executed performs the method of any of the preceding claims 1 to 8.
11. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the method of any of the preceding claims 1 to 8 by means of the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010600324.4A CN111901305B (en) | 2020-06-28 | 2020-06-28 | Memory operation method and device, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010600324.4A CN111901305B (en) | 2020-06-28 | 2020-06-28 | Memory operation method and device, storage medium and electronic device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111901305A true CN111901305A (en) | 2020-11-06 |
| CN111901305B CN111901305B (en) | 2022-12-02 |
Family
ID=73207431
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010600324.4A Active CN111901305B (en) | 2020-06-28 | 2020-06-28 | Memory operation method and device, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111901305B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117768118A (en) * | 2023-12-31 | 2024-03-26 | 长江量子(武汉)科技有限公司 | Key filling method and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102316449A (en) * | 2010-07-07 | 2012-01-11 | 国民技术股份有限公司 | Security terminal system and authentication and interruption method thereof |
| CN104331666A (en) * | 2014-11-10 | 2015-02-04 | 成都卫士通信息产业股份有限公司 | Trusted measurement method for computer systems |
| US20170132160A1 (en) * | 2015-02-18 | 2017-05-11 | Synopsys, Inc. | Memory tamper detection |
| CN109614154A (en) * | 2018-11-28 | 2019-04-12 | 北京可信华泰信息技术有限公司 | A kind of computer safety start method |
| CN111008395A (en) * | 2019-10-31 | 2020-04-14 | 苏州浪潮智能科技有限公司 | Method and device for protecting USB flash disk |
-
2020
- 2020-06-28 CN CN202010600324.4A patent/CN111901305B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102316449A (en) * | 2010-07-07 | 2012-01-11 | 国民技术股份有限公司 | Security terminal system and authentication and interruption method thereof |
| CN104331666A (en) * | 2014-11-10 | 2015-02-04 | 成都卫士通信息产业股份有限公司 | Trusted measurement method for computer systems |
| US20170132160A1 (en) * | 2015-02-18 | 2017-05-11 | Synopsys, Inc. | Memory tamper detection |
| CN109614154A (en) * | 2018-11-28 | 2019-04-12 | 北京可信华泰信息技术有限公司 | A kind of computer safety start method |
| CN111008395A (en) * | 2019-10-31 | 2020-04-14 | 苏州浪潮智能科技有限公司 | Method and device for protecting USB flash disk |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117768118A (en) * | 2023-12-31 | 2024-03-26 | 长江量子(武汉)科技有限公司 | Key filling method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111901305B (en) | 2022-12-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109510849B (en) | Cloud-storage account authentication method and device | |
| US20200234274A1 (en) | Methods for locating an antenna within an electronic device | |
| CN102110210B (en) | Trusted graphics rendering for safer browsing on mobile devices | |
| CN110414258B (en) | File processing method and system and data processing method | |
| US11539399B2 (en) | System and method for smart card based hardware root of trust on mobile platforms using near field communications | |
| CN103607385A (en) | Method and apparatus for security detection based on browser | |
| CN110691085B (en) | Login method, login device, password management system and computer readable medium | |
| CN106341381A (en) | Method and system of key management for rack server system | |
| US20190230086A1 (en) | Authority management method and device in distributed environment, and server | |
| CN109729535B (en) | Base station opening method and device, computer storage medium and equipment | |
| CN110598429B (en) | Data encryption storage and reading method, terminal equipment and storage medium | |
| CN104751105A (en) | Fingerprint data verification method, fingerprint data verification device, related equipment and system | |
| CN108322310A (en) | It is a kind of to utilize safety equipment Card Reader login method and Security Login System | |
| CN110958239A (en) | Method and device for verifying access request, storage medium and electronic device | |
| CN110266653B (en) | Authentication method, system and terminal equipment | |
| CN111901305B (en) | Memory operation method and device, storage medium and electronic device | |
| CN111404706B (en) | Application downloading method, secure element, client device and service management device | |
| CN109582238B (en) | Hard disk binding and matching method and system, electronic equipment and storage medium | |
| CN110798835A (en) | Public wifi access method, mobile terminal and readable storage medium | |
| CN112636914B (en) | Identity verification method, identity verification device and smart card | |
| CN112422281B (en) | Method and system for changing secret key in security module | |
| CN101790724A (en) | System and method of tamper-resistant control | |
| CN113709849A (en) | Network access method and device of equipment to be accessed to network, storage medium and electronic device | |
| CN113645054A (en) | Wireless network equipment configuration method and system | |
| CN109522708B (en) | Method and device for safely controlling running environment of application program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |