CN112966254B - Secure communication method and system for host and trusted cryptographic module - Google Patents
Secure communication method and system for host and trusted cryptographic module Download PDFInfo
- Publication number
- CN112966254B CN112966254B CN202110221367.6A CN202110221367A CN112966254B CN 112966254 B CN112966254 B CN 112966254B CN 202110221367 A CN202110221367 A CN 202110221367A CN 112966254 B CN112966254 B CN 112966254B
- Authority
- CN
- China
- Prior art keywords
- module
- trusted
- host
- data
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000004891 communication Methods 0.000 title claims abstract description 76
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000012360 testing method Methods 0.000 claims abstract description 91
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 45
- 230000004044 response Effects 0.000 claims description 18
- 230000007246 mechanism Effects 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 9
- 238000012795 verification Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 230000007123 defense Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000005259 measurement Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008275 binding mechanism Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 239000003990 capacitor Substances 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2213/00—Indexing scheme relating to interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F2213/0042—Universal serial bus [USB]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of information security, in particular to a secure communication method and a system for a host and a trusted cryptographic module, wherein a USB interface for data communication with the host is arranged on the trusted cryptographic module; aiming at an interface calling request sent by a host, a trusted password module firstly performs binding authentication on the host, and after the authentication is passed, the trusted password module responds to password request information sent by the host through a USB interface. According to the invention, the USB communication interface is arranged on the trusted password module in the trusted password module, so that the trusted password module can be plugged into the host, and the trusted password module and the plugged host have a binding authentication mechanism, so that the trusted password module can be prevented from being inserted into a wrong host; the trusted cryptographic module can be used for carrying out firmware integrity test, key integrity test, data integrity test and cryptographic algorithm self-test on the trusted cryptographic module, so that the firmware, the key and the data in the trusted cryptographic module are not damaged, and the method has a good application prospect.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a secure communication method and a secure communication system for a host and a trusted cryptographic module.
Background
At present, the trusted computing technology has become one of the main development trends in the field of computer security, and as an information security technology accepted in the industry, IT has also become the development direction of the IT industry. Compared with the traditional security solution which focuses on passive defense of firstly defending outside and then defending inside, and firstly defending the service facility and then defending the terminal facility, the trusted computing realizes active defense, firstly ensures the security of the terminal, and constructs a stronger security system through ensuring safe components. The TCM is a hardware Module of a Trusted computing platform, provides cryptographic operation function for the Trusted computing platform, and has protected storage space.
The trusted cryptographic module on the market supports a standard SPI interface, is embedded in a host mainboard in a buckle plate mode, cannot be removed when the mainboard works with electricity, and does not have pluggable property, and the standard SPI interface used by the trusted cryptographic module is not reserved on the existing mainboard on the market; however, the problem that the trusted password module is inserted into the wrong host exists in the trusted password module supporting plugging and unplugging of the host; and how to realize the safe communication of data and instructions between the host and the trusted cryptographic module. Therefore, how to design a secure communication method between a host and a trusted cryptographic module can support pluggable attributes, and the trusted cryptographic module and the host have a binding authentication mechanism, so that the secure communication of data and instructions is a problem which needs to be solved urgently at present.
Disclosure of Invention
Therefore, the invention provides a secure communication method and a secure communication system for a host and a trusted cryptographic module, which can support pluggable property of communication with the host, and the trusted cryptographic module and the host have a binding authentication mechanism to realize secure communication of data and instructions.
According to the design scheme provided by the invention, a secure communication method for a host and a trusted cryptographic module is provided, which comprises the following steps:
a USB interface used for data communication with a host is arranged on the trusted password module;
aiming at an interface calling request sent by a host, the trusted password module acquires the equipment information in the host and calculates the hash value of the equipment information, the hash value is compared with the hash value of the equipment information stored in the trusted password module for authentication, and after the authentication is passed, the trusted password module responds to the password request information sent by the host through the USB interface.
As the secure communication method for the host and the trusted cryptographic module, further, the trusted cryptographic module comprises a secure chip and an electrical component connected with the secure chip; a firmware program for testing the integrity of the trusted cryptographic module is arranged on the security chip; and a storage unit is arranged in the security chip and is divided into a firmware area, a key area, a data area and a message authentication area for integrity test.
As the safe communication method for the host and the trusted cryptography module, the trusted cryptography module firstly performs firmware integrity test, key integrity test, data integrity test and cryptography algorithm self-test before calling request authentication on the host interface, and executes subsequent binding authentication on the condition that the test is passed, otherwise, the trusted cryptography module enters an error state and outputs a failure state code.
As the safe communication method for the host and the trusted cryptographic module, further, in the integrity test of the trusted cryptographic module firmware, the integrity verification key is acquired from the key area to operate the firmware program of the firmware area, and a new message authentication code is acquired; and comparing the new message authentication code with the message authentication code stored in the message authentication area, and if the new message authentication code is consistent with the message authentication code stored in the message authentication area, the firmware integrity test is passed.
As the safe communication method for the host and the trusted cryptographic module, the invention further comprises the steps of obtaining a new key message authentication code by operating the data of the key area in the key integrity test of the trusted cryptographic module, comparing the new key message authentication code with the last updated key message authentication code in the message authentication area, if the new key message authentication code is consistent with the last updated key message authentication code, passing the key integrity test, and updating the key message authentication code corresponding to the message authentication area when the data of the key area is modified each time.
As the safe communication method for the host and the trusted cryptographic module, the invention further comprises the steps of obtaining a new data message authentication code by operating the user data in the data area in the data integrity test of the trusted cryptographic module, comparing the new data message authentication code with the data message authentication code updated last time in the message authentication area, if the new data message authentication code is consistent with the data message authentication code updated last time in the message authentication area, passing the data integrity test, and updating the data message authentication code corresponding to the message authentication area when the data in the data area is modified each time.
As the safe communication method for the host and the trusted cryptographic module, further, a cryptographic algorithm unit for cryptographic self-test is arranged in the trusted cryptographic module, and the cryptographic algorithm unit at least comprises an SM2 algorithm submodule, an SM3 algorithm submodule, an SM4 algorithm submodule and an HMAC algorithm submodule; in the password self-test of each submodule, whether the password self-test is passed or not is judged by comparing whether the input and output data are consistent with a preset result or not.
As the secure communication method for the host and the trusted cryptography module of the present invention, further, the trusted cryptography module is pre-provided with a USB driver, a package format, and a communication protocol, and pre-calculates and stores therein a hash value of host device information having a binding relationship; and performing binding authentication by using the hash value, if the authentication is consistent, allowing the host to call the USB interface and return successful response information, and if the authentication is inconsistent, subsequently returning error response information when the host calls the USB interface.
As the safe communication method for the host and the trusted cryptographic module, the trusted cryptographic module firstly judges whether the cryptographic request information conforms to the defined format when responding to the cryptographic request information of the host, if not, returns the corresponding error code, if so, executes the corresponding operation by using the cryptographic algorithm on the cryptographic request information, and returns the execution result as the response information to the host through the USB interface; the password request information format comprises a command head and input data, wherein the command head comprises an identifier, a total length, a command code and an input data length; the format of the response information includes a command header and output data, the command header including an identification, a total length, and a return code.
Further, based on the above method, the present invention further provides a secure communication system for a host and a trusted cryptographic module, comprising: a configuration module and a communication module, wherein,
the configuration module is used for setting a USB interface for data communication with the host on the trusted password module;
and the communication module is used for calling a request aiming at an interface sent by the host, the trusted password module acquires the equipment information in the host and calculates the hash value of the equipment information, the hash value is compared with the hash value of the equipment information stored in the trusted password module for authentication, and after the authentication is passed, the trusted password module responds to the password request information sent by the host through the USB interface.
The invention has the beneficial effects that:
according to the invention, the USB communication interface is arranged on the trusted password module in the trusted password module, so that the trusted password module can be plugged into the host, and the trusted password module and the plugged host have a binding authentication mechanism, so that the trusted password module can be prevented from being inserted into a wrong host; the trusted cryptographic module can be used for carrying out firmware integrity test, key integrity test, data integrity test and cryptographic algorithm self-test on the trusted cryptographic module, so that the condition that the firmware, the key and the data in the trusted cryptographic module are not damaged is ensured, and the cryptographic algorithm module can work normally; the trusted cryptographic module consists of a hardware security chip, an electrical element and a firmware program running on the security chip, wherein the trusted cryptographic module firmware is stored and executed in the security chip to complete the functions of trusted cryptographic module management, identity trust, data protection, integrity measurement and calling of a bottom hardware module, and finally a protected security environment is established in the security chip and the function of the trusted cryptographic module is realized; compared with the common ARM chip, the method has the advantages of safe protection of sensitive resources and efficient realization of a key algorithm, and has a good application prospect.
Description of the drawings:
FIG. 1 is a schematic flow chart of a secure communication method in an embodiment;
FIG. 2 is a second schematic flow chart of the secure communication method in the embodiment;
fig. 3 is a schematic diagram of a secure communication system in an embodiment.
The specific implementation mode is as follows:
in order to make the objects, technical solutions and advantages of the present invention clearer and more obvious, the present invention is further described in detail below with reference to the accompanying drawings and technical solutions.
An embodiment of the present invention, as shown in fig. 1, provides a secure communication method for a host and a trusted cryptographic module, including:
s101, setting a USB interface for data communication with a host on the trusted password module;
s102, aiming at an interface calling request sent by the host, the trusted password module acquires the equipment information in the host and calculates the hash value of the equipment information, the hash value of the equipment information is compared with the hash value of the equipment information stored in the trusted password module for authentication, and after the authentication is passed, the trusted password module responds to the password request information sent by the host through the USB interface.
The USB communication interface is arranged on the trusted password module in the trusted password module, the trusted password module can be plugged into the host, and the trusted password module and the plugged host have a binding authentication mechanism, so that the trusted password module can be prevented from being inserted into a wrong host, and the trusted password module and the host and other devices can be conveniently applied to data communication.
Further, referring to fig. 2, the trusted cryptography module is powered on and performs a firmware integrity test, a key integrity test, a data integrity test, and a self-test of the cryptography algorithm module, respectively; after the test is passed, the trusted password module receives communication interface calling request information sent by the host, obtains the hash values of the equipment information and the computing equipment information in the host, and compares the hash values with the hash values of the equipment information stored in the trusted password module for authentication; after the authentication is passed, the host sends password request information to the trusted password module through the USB communication interface, and the trusted password module processes the password request information and returns response information.
Furthermore, the trusted cryptography module consists of a hardware security chip, an electrical element and a firmware program running on the security chip, wherein a storage unit is arranged in the security chip and is divided into a firmware area, a key area, a data area and a message authentication area; wherein,
in the secure communication method S1, the firmware integrity test may include:
when the firmware program is issued, performing SM4 MAC operation on the firmware program by using the integrity check key in a secure environment, and issuing the obtained message authentication code and the firmware program together; when downloading the firmware program, the message authentication code and the integrity check key to the inside of the trusted cryptography module and storing the trusted cryptography module in a storage unit; when the integrity of the firmware program is tested, acquiring an integrity check key from the key area to perform SM4 MAC operation on the firmware program in the firmware area to obtain a new message authentication code, comparing the new message authentication code with the firmware message authentication code stored in the message authentication area, and if the new message authentication code is consistent with the firmware message authentication code stored in the message authentication area, the firmware integrity test is passed; otherwise, the integrity test of the firmware fails, the trusted password module enters an error state, and a failure state code is output. The key integrity test may include: after the firmware program is started, SM4 MAC operation is carried out on the key area data to obtain a new key message authentication code, the new key message authentication code is compared with the key message authentication code updated at the last time in the message authentication area, and if the new key message authentication code is consistent with the last updated key message authentication code, the key integrity test is passed; otherwise, the integrity test of the secret key fails, the credible password module enters an error state, and a failure state code is output; in the subsequent normal operation process, the key message authentication code corresponding to the message authentication area is updated each time the data of the key area is modified. The data integrity test may include: after the firmware program is started, carrying out SM4 MAC operation on the user data in the data area to obtain a new data message identification code, comparing the new data message identification code with the data message identification code updated last time in the message identification area, and if the new data message identification code is consistent with the data message identification code updated last time in the message identification area, the data integrity test is passed; otherwise, the data integrity test fails, the trusted password module enters an error state, and a failure state code is output; in the subsequent normal operation process, the data message authentication code corresponding to the message authentication area is updated every time the data in the data area is modified.
Furthermore, a cryptographic algorithm unit is also arranged in the trusted cryptographic module, and the cryptographic algorithm unit at least comprises an SM2 algorithm module, an SM3 algorithm module, an SM4 algorithm module and an HMAC algorithm module; in the secure communication method S1, the self-test of the cryptographic algorithm module may include: after the trusted cryptographic module is powered on each time, the corresponding cryptographic algorithm is tested before the cryptographic algorithm is used for the first time. The self-test of the cryptographic algorithm module uses a known answer test, and a correct result of corresponding cryptographic algorithm operation is preset in the trusted cryptographic module;
SM2 encryption and decryption, and SM2 signature and verification adopt fixed parameters to carry out self-verification;
comparing whether the output data of the SM3 abstract is consistent with the preset result through fixed input;
SM4 judges whether the output data is consistent with the preset result through fixed input comparison;
HMAC operation compares whether output data is consistent with a preset result through fixed input;
and when the calculation output is inconsistent with the known answer, the test failure state is entered, the trusted password module enters an error state, and an error prompt is output.
In practical applications, the SM2 algorithm module self-test specifically includes: the trusted password module is preset with standard SM2 encrypted data, including preset plain text, preset cipher text, preset public key and preset private key. And carrying out SM2 decryption operation on the preset ciphertext by using a preset private key to obtain a decryption result, comparing the decryption result with the preset plaintext, judging that the SM2 decryption self-test is successful if the decryption result is consistent with the preset plaintext, otherwise, judging that the SM2 decryption self-test is failed, and enabling the trusted cryptography module to enter an error state.
The SM2 encryption self-test relies on the SM2 decryption module, the preset public key is used for carrying out SM2 encryption operation on the preset plaintext to obtain an operation result, the preset private key is used for carrying out SM2 decryption operation on the encryption result to obtain a decryption result, the decryption result is compared with the preset plaintext, if the decryption result is consistent with the preset plaintext, the SM2 encryption self-test is judged to be passed, otherwise, the SM2 encryption self-test is failed, and the trusted cryptography module enters an error state.
Standard SM2 signature data including signature data to be preset, a preset public key, a preset private key and a preset signature value are also preset in the trusted cryptography module. Carrying out SM2 signature verification on the preset signature value by using the preset signature public key, and if the signature verification passes, judging that SM2 signature verification self-test is successful; if not, the SM2 signature verification self-test fails, and the trusted cryptography module enters an error state.
The SM2 signature self-test depends on an SM2 signature module, the SM2 algorithm signature must be tested after the signature passes, a preset SM2 signature private key is used for signing preset plaintext data to obtain a signature result, then the signature result is tested, if the signature passes, the SM2 signature self-test is successful, otherwise, the SM2 signature self-test is failed, and the trusted cryptography module enters an error state.
The SM3 algorithm module self-test specifically comprises the following steps: the correct SM3 operation data, 32 bytes of plaintext and 32 bytes of digest value are preset in the trusted cryptography module. And during self-test, an SM3 algorithm module is called to carry out SM3 digest operation on the preset 32-byte plaintext, the operation result is compared with the preset 32-byte digest value, if the operation result is consistent with the preset 32-byte digest value, the test is passed, and otherwise, the test fails.
The SM4 algorithm module self-test specifically comprises the following steps: the trusted cryptography module is preset with correct SM4 reference data, a 16-byte SM4 key, a 16-byte IV, 32-byte plain text, a 32-byte SM4 ECB encrypted ciphertext and a 32-byte SM4 CBC encrypted ciphertext. And when the SM4 is encrypted and tested, an SM4 algorithm module is called to carry out encryption test, SM4 ECB encryption operation and SM4 CBC encryption operation are carried out by using preset plain texts, keys and IV, an ECB ciphertext and a CBC ciphertext obtained by the operation result are respectively compared with the preset ECB ciphertext and the preset CBC ciphertext, if the ECB ciphertext and the CBC ciphertext pass the test in a consistent manner, the test fails, otherwise, the test fails.
And when the SM4 is decrypted in the self-testing process, an SM4 algorithm module is called to carry out decryption testing, SM4 ECB decryption operation and SM4 CBC decryption operation are carried out by using a preset ciphertext, a key and an IV, the ECB plaintext and the CBC plaintext obtained by the operation result are respectively compared with the preset ECB plaintext and the preset CBC plaintext, and if the ECB plaintext and the CBC plaintext pass the testing consistently, the testing fails.
The HMAC algorithm module self-test specifically comprises the following steps: the trusted cryptography module is preset with correct data after HMAC operation, 32 bytes of plaintext and 32 bytes of key. And in self-test of the HMAC algorithm, an HMAC algorithm module is called to carry out HMAC operation on a preset 32-byte plaintext, the operation result is compared with a preset 32-byte MAC value, if the operation result is consistent with the preset 32-byte MAC value, the test is passed, and otherwise, the test fails.
Specifically, the secure communication method S2 further includes: the trusted cryptography module is pre-provided with a USB special driver, a package format and a communication protocol; pre-calculating and storing a hash value of the device information in the host with the binding relationship in the trusted cryptography module; if the comparison authentication is consistent, the USB communication interface is allowed to be called and successful response information is returned; and if the authentication is inconsistent, returning error response information when the USB communication interface is called subsequently.
In practical application, in order to avoid a situation that the TCM trusted cryptographic module is inserted into the host computer through the USB interface in a wrong way, firstly, the TCM trusted cryptographic module needs to be installed and used with a special USB driver, a packaging format and a communication protocol; secondly, a binding mechanism is designed for the TCM trusted cryptographic module, when the host calls a TCM interface, the SDK of the trusted cryptographic module obtains a mainboard serial number and sends the mainboard serial number to the TCM trusted cryptographic module, the HASH value of the host serial number is calculated in the module, the internally stored HASH value is read, and if the mainboard serial number is not stored in the module (namely, the mainboard serial number is considered to be logged in for the first time), the HASH value of the mainboard serial number is recorded in an internal storage area of the trusted cryptographic module, so that a binding effect is achieved; if the internally stored HASH value is read (i.e. not considered to be the first login), the TCM trusted cryptography module internally compares the two HASH values to determine whether the two HASH values are consistent. If the comparison is consistent, executing the subsequent flow of calling the interface, and returning to success, wherein the host can call the subsequent interface; if the comparison fails, an error is returned, and all subsequent interfaces return errors.
It should be noted that, because the USB interface has a pluggable attribute, when the trusted cryptographic module is unplugged from the USB interface and powered off, the data cached in the storage areas such as the identity authentication information, the random number intermediate state, the session key, etc. may be lost. In addition, the trusted cryptography module of the present invention has two modes, namely, an SPI interface and a USB interface in practice.
Specifically, S3 in the secure communication method includes:
the host sends password request information to the trusted password module through the USB communication interface, and the trusted password module receives the password request information and transmits the password request information to the firmware program for processing;
the firmware program judges whether the password request information conforms to a defined format, if not, corresponding error codes are returned, if yes, the password request information is transmitted into the password algorithm unit to execute different operations, and response information is returned to the host through the USB communication interface;
the format of the password request information comprises a command header and input data, wherein the command header comprises an identifier, a total length, a command code and an input data length; the format of the response information includes a command header and output data, the command header including an identification, a total length, and a return code.
Further, based on the foregoing method, an embodiment of the present invention further provides a secure communication system for a host and a trusted cryptographic module, including: a configuration module and a communication module, wherein,
the configuration module is used for setting a USB interface for data communication with the host on the trusted password module;
and the communication module is used for calling a request aiming at an interface sent by the host, the trusted password module acquires the equipment information in the host and calculates the hash value of the equipment information, the hash value is compared with the hash value of the equipment information stored in the trusted password module for authentication, and after the authentication is passed, the trusted password module responds to the password request information sent by the host through the USB interface.
Referring to fig. 3, in the system, a host and a trusted cryptographic module are provided, the trusted cryptographic module is provided with a USB communication interface, and the host and the trusted cryptographic module are in communication connection through the USB communication interface; the trusted cryptography module is used for carrying out power-on operation and respectively carrying out firmware integrity test, key integrity test, data integrity test and self test of the cryptography algorithm module; the trusted cryptography module is also used for acquiring the hash value of the equipment information and the computing equipment information in the host after the test is passed and after the communication interface calling request information sent by the host is received, and comparing and authenticating the hash value with the hash value of the equipment information stored in the trusted cryptography module; the host is used for sending password request information to the trusted password module through the USB communication interface after the authentication is passed; and the trusted password module is also used for processing the password request information and then returning response information through the USB communication interface.
It should be noted that, the hardware entity of the trusted cryptographic module is composed of a security chip, a resistor, a capacitor, a power supply replacement chip, a circuit printed board, a USB and a metal protective shell; the trusted cryptographic module firmware is stored and executed in the security chip, the functions of trusted cryptographic module management, identity trust, data protection, integrity measurement and calling of the bottom hardware module are completed, a protected security environment is finally established in the security chip, and the function of the trusted cryptographic module is realized.
Unless specifically stated otherwise, the relative steps, numerical expressions, and values of the components and steps set forth in these embodiments do not limit the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the system and the apparatus described above may refer to the corresponding processes in the foregoing system embodiments, and are not described herein again.
In all examples shown and described herein, any particular value should be construed as merely exemplary, and not as a limitation, and thus other examples of example embodiments may have different values.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus, and system may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the system according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (8)
1. A method for secure communication between a host and a trusted cryptographic module, the method for data communication between the trusted cryptographic module and the host, the method comprising:
a USB interface used for data communication with a host is arranged on the trusted password module;
aiming at an interface calling request sent by a host, a trusted password module acquires equipment information in the host and calculates a hash value of the equipment information, the hash value is compared with the hash value of the equipment information stored in the trusted password module for authentication, and after the authentication is passed, the trusted password module responds to password request information sent by the host through a USB interface;
specifically, the trusted cryptography module is preset with a USB driver, a package format, and a communication protocol, and calculates and stores a hash value of host device information having a binding relationship in advance therein; binding authentication is carried out by utilizing the hash value, if the authentication is consistent, the host is allowed to call the USB interface and return successful response information, and if the authentication is inconsistent, the subsequent host returns error response information when calling the USB interface;
when the trusted password module responds to the password request message of the host, firstly, whether the password request message conforms to a defined format is judged, if not, a corresponding error code is returned, if so, the password request message executes corresponding operation by using a password algorithm, and an execution result is taken as response information and returned to the host through a USB interface; the password request information format comprises a command head and input data, wherein the command head comprises an identifier, a total length, a command code and an input data length; the format of the response information includes a command header and output data, the command header including an identification, a total length, and a return code.
2. The method of claim 1, wherein the trusted cryptographic module comprises a security chip and an electrical component connected to the security chip; a firmware program for testing the integrity of the trusted cryptographic module is arranged on the security chip; and a storage unit is arranged in the security chip and is divided into a firmware area, a key area, a data area and a message authentication area for integrity test.
3. The secure communication method for a host and a trusted cryptographic module according to claim 1 or 2, wherein before the authentication of the host interface call request, the trusted cryptographic module first performs a firmware integrity test, a key integrity test, a data integrity test, and a cryptographic algorithm self-test, and performs a subsequent binding authentication for the case that the test is passed, otherwise, the trusted cryptographic module enters an error state and outputs a failure state code.
4. The secure communication method for the host and the trusted cryptography module of claim 2, wherein in the trusted cryptography module firmware integrity test, the integrity check key is obtained from the key area to operate the firmware program of the firmware area, and a new message authentication code is obtained; and comparing the new message authentication code with the message authentication code stored in the message authentication area, and if the new message authentication code is consistent with the message authentication code stored in the message authentication area, the firmware integrity test is passed.
5. The secure communication method of claim 2, wherein in the key integrity test of the trusted cryptographic module, a new key message authentication code is obtained by performing an operation on the data in the key region, the new key message authentication code is compared with the last updated key message authentication code in the message authentication region, if the new key message authentication code is consistent with the last updated key message authentication code, the key integrity test is passed, and the key message authentication code corresponding to the message authentication region is updated each time the data in the key region is modified.
6. The secure communication method according to claim 2, wherein in the data integrity test of the trusted cryptographic module, a new data message authentication code is obtained by performing an operation on the user data in the data area, the new data message authentication code is compared with the data message authentication code updated last in the message authentication area, and if the new data message authentication code is consistent with the data message authentication code updated last in the message authentication area, the data integrity test is passed, and the data message authentication code corresponding to the message authentication area is updated each time the data in the data area is modified.
7. The secure communication method for the host and the trusted cryptography module according to claim 1, wherein the trusted cryptography module is provided with a cryptographic algorithm unit for cryptographic self-test, the cryptographic algorithm unit at least comprises an SM2 algorithm sub-module, an SM3 algorithm sub-module, an SM4 algorithm sub-module and an HMAC algorithm sub-module; in the password self-test of each submodule, whether the password self-test is passed or not is judged by comparing whether the input and output data are consistent with a preset result or not.
8. A secure communication system for a host and a trusted cryptographic module, comprising: a configuration module and a communication module, wherein,
the configuration module is used for setting a USB interface for data communication with the host on the trusted password module;
the communication module is used for acquiring equipment information in the host and calculating a hash value of the equipment information aiming at an interface calling request sent by the host, comparing the hash value with the hash value of the equipment information stored in the trusted password module and authenticating, and after the authentication is passed, the trusted password module responds to the password request information sent by the host through the USB interface;
the trusted cryptography module is provided with a USB driver, a package format and a communication protocol in advance, and calculates and stores a hash value of host equipment information with a binding relationship in advance; binding authentication is carried out by utilizing the hash value, if the authentication is consistent, the host is allowed to call the USB interface and return successful response information, and if the authentication is inconsistent, the subsequent host returns error response information when calling the USB interface;
when the trusted password module responds to the password request message of the host, firstly, whether the password request message conforms to a defined format is judged, if not, a corresponding error code is returned, if so, the password request message executes corresponding operation by using a password algorithm, and an execution result is taken as response information and returned to the host through a USB interface; the password request information format comprises a command head and input data, wherein the command head comprises an identifier, a total length, a command code and an input data length; the format of the response information includes a command header and output data, the command header including an identification, a total length, and a return code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110221367.6A CN112966254B (en) | 2021-02-27 | 2021-02-27 | Secure communication method and system for host and trusted cryptographic module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110221367.6A CN112966254B (en) | 2021-02-27 | 2021-02-27 | Secure communication method and system for host and trusted cryptographic module |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112966254A CN112966254A (en) | 2021-06-15 |
| CN112966254B true CN112966254B (en) | 2022-04-05 |
Family
ID=76275875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110221367.6A Active CN112966254B (en) | 2021-02-27 | 2021-02-27 | Secure communication method and system for host and trusted cryptographic module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112966254B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114139163B (en) * | 2021-11-26 | 2024-09-27 | 苏州浪潮智能科技有限公司 | Security monitoring system and server system |
| CN115828250B (en) * | 2022-01-07 | 2024-01-26 | 宁德时代新能源科技股份有限公司 | Method for producing battery management system and method for starting battery management system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553349A (en) * | 2003-05-29 | 2004-12-08 | 联想(北京)有限公司 | Safety chip and information safety processor and processing method |
| WO2007121641A1 (en) * | 2006-04-24 | 2007-11-01 | Beijing E-Henxen Authentication Technologies Co., Ltd. | A cpk credibility authentication system using chip |
| CN101650764A (en) * | 2009-09-04 | 2010-02-17 | 瑞达信息安全产业股份有限公司 | Creditable calculation password platform and realization method thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9705859B2 (en) * | 2015-12-11 | 2017-07-11 | Amazon Technologies, Inc. | Key exchange through partially trusted third party |
-
2021
- 2021-02-27 CN CN202110221367.6A patent/CN112966254B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1553349A (en) * | 2003-05-29 | 2004-12-08 | 联想(北京)有限公司 | Safety chip and information safety processor and processing method |
| WO2007121641A1 (en) * | 2006-04-24 | 2007-11-01 | Beijing E-Henxen Authentication Technologies Co., Ltd. | A cpk credibility authentication system using chip |
| CN101650764A (en) * | 2009-09-04 | 2010-02-17 | 瑞达信息安全产业股份有限公司 | Creditable calculation password platform and realization method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112966254A (en) | 2021-06-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3346415A2 (en) | Event attestation for an electronic device | |
| JP4501349B2 (en) | System module execution device | |
| CN110688660B (en) | Method and device for safely starting terminal and storage medium | |
| CN111723383A (en) | Data storage and verification method and device | |
| CN112966254B (en) | Secure communication method and system for host and trusted cryptographic module | |
| CN111475815A (en) | Code protection method for chip | |
| CN111294203B (en) | Information transmission method | |
| CN113138775B (en) | Firmware protection method and system for vehicle-mounted diagnosis system | |
| CN111901304B (en) | Registration method and device of mobile security equipment, storage medium and electronic device | |
| CN113553572A (en) | Resource information acquisition method and device, computer equipment and storage medium | |
| CN113572743A (en) | Data encryption and decryption method and device, computer equipment and storage medium | |
| CN112632573A (en) | Intelligent contract execution method, device and system, storage medium and electronic equipment | |
| CN111177709A (en) | Execution method and device of terminal trusted component and computer equipment | |
| CN111062059B (en) | Method and device for service processing | |
| CN114338091B (en) | Data transmission method, device, electronic equipment and storage medium | |
| WO2022052665A1 (en) | Wireless terminal and interface access authentication method for wireless terminal in uboot mode | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN110858246B (en) | Authentication method and system of security code space, and registration method thereof | |
| CN116527261A (en) | Key recovery method, electronic device and storage medium | |
| CN112000935B (en) | Remote authentication method, device, system, storage medium and computer equipment | |
| CN117063174A (en) | Security module and method for inter-app trust through app-based identity | |
| CN114239006A (en) | Social security card PIN resetting method, system and medium based on standard interface | |
| CN108228219B (en) | Method and device for verifying BIOS validity during in-band refreshing of BIOS | |
| CN118260774B (en) | Server starting method and device, storage medium and electronic equipment | |
| CN113508380A (en) | Method for terminal entity authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |