CN115237843B - Trusted computing system and method - Google Patents
Trusted computing system and method Download PDFInfo
- Publication number
- CN115237843B CN115237843B CN202211161482.XA CN202211161482A CN115237843B CN 115237843 B CN115237843 B CN 115237843B CN 202211161482 A CN202211161482 A CN 202211161482A CN 115237843 B CN115237843 B CN 115237843B
- Authority
- CN
- China
- Prior art keywords
- unit
- computing
- key
- resources
- host machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000004364 calculation method Methods 0.000 claims description 58
- 238000007726 management method Methods 0.000 claims description 15
- 238000013500 data storage Methods 0.000 claims description 13
- 238000004891 communication Methods 0.000 description 17
- 230000015654 memory Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000002955 isolation Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/40—Bus structure
- G06F13/4063—Device-to-bus coupling
- G06F13/4068—Electrical coupling
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/40—Bus structure
- G06F13/4004—Coupling between buses
- G06F13/4027—Coupling between buses using bus bridges
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/38—Information transfer, e.g. on bus
- G06F13/42—Bus transfer protocol, e.g. handshake; Synchronisation
- G06F13/4282—Bus transfer protocol, e.g. handshake; Synchronisation on a serial bus, e.g. I2C bus, SPI bus
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention provides a trusted computing system and a method, wherein the trusted computing system is connected with a host machine in a pluggable manner through a PCIe interface and is communicated with the host machine; the security bridge unit receives a task instruction sent by the host machine through a PCIe interface, and performs key exchange with the host machine through the PCIe interface based on the task instruction; the secure bridge unit receives encrypted resources sent by the host machine through the PCIe interface, decrypts the encrypted resources through a first key after key exchange to obtain corresponding decrypted resources, and stores the decrypted resources in the storage unit; the computing unit computes the decryption resources in the storage unit to obtain computing resources, and stores the computing resources in the storage unit; and the security bridge unit encrypts the computing resource through the second key after key exchange to obtain an encrypted computing resource, and sends the encrypted computing resource to the host through the PCIe interface. By the scheme, the trusted computing system and the host machine can communicate at a high rate and with low delay under the condition of ensuring the safety of data and codes.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a trusted computing system and a trusted computing method.
Background
With the rapid development of internet technology, a hardware Trusted computing Environment (TEE) has attracted much attention as a Trusted computing capable of realizing data computing protection.
Currently, the mainstream technologies for TEE mainly include: the Intel SGX and the ARM TrustZone extend the architecture of the CPU, divide a 'safe area' (other areas are called as 'normal areas') ensured by the CPU, and ensure that codes and programs in the safe area are not allowed to be accessed and used by other programs (even software with operating system level authority cannot be accessed and used), thereby ensuring the confidentiality and integrity of important data and important codes. The security area and the normal area share memory and computing resources, and security risks such as side channel attack still exist.
In the prior art, a system on chip independent of a CPU is used as a secure area (a host is used as a normal area), so that the secure area is separated from the normal area on a physical layer, and the security of data and codes in the secure area is further improved by using respective independent memories and computing resources. However, the system on chip and the host often use upper layer protocols (e.g., network, USB) for communication, and cannot meet the requirements of high-rate and low-delay communication.
Based on this, how to enable trusted computing to realize high-rate and low-delay communication under the condition of ensuring data and code security becomes an urgent technical problem to be solved.
Disclosure of Invention
The invention mainly aims to provide a trusted computing system and a trusted computing method, and aims to solve the problem that the trusted computing technology in the prior art cannot realize high-speed and low-delay communication while ensuring the safety of data and codes.
In order to achieve the above object, an embodiment of the present invention provides a trusted computing system, where the trusted computing system includes: the system comprises a security bridge unit, a storage unit, a computing unit and a PCIe interface; the trusted computing system is connected to a host machine in a pluggable mode through the PCIe interface and communicates with the host machine;
the secure bridge unit is used for receiving a task instruction sent by the host machine through the PCIe interface and exchanging a key with the host machine through the PCIe interface based on the task instruction; wherein the task instruction is generated for the host machine based on a confidential calculation task;
the secure bridge unit is further configured to receive encrypted resources sent by the host through the PCIe interface after performing key exchange, decrypt the encrypted resources through the first key after the key exchange to obtain corresponding decrypted resources, and send the decrypted resources to the storage unit for storage;
the computing unit is used for computing the decryption resource in the storage unit to obtain a computing resource and sending the computing resource to the storage unit for storage;
the secure bridge unit is used for encrypting the computing resource through the second key after the key exchange to obtain an encrypted computing resource, and sending the encrypted computing resource to the host machine through the PCIe interface.
Optionally, the secure bridge unit is further configured to send a storage instruction to the computing unit after receiving a shutdown instruction of the host through the PCIe interface;
the computing unit is also used for carrying out corresponding data storage according to the storage instruction and sending a storage completion notification to the security bridge unit after the data storage is completed;
the secure bridge unit is further configured to generate a power down notification based on the storage completion notification, and send the power down notification to the host through the PCIe interface, so that the host starts shutdown based on the power down notification to complete power down.
Optionally, the security bridge unit is further configured to:
after the confidential calculation task corresponding to the task instruction is completed, disconnecting the confidential calculation task from the host machine; and
and no longer responding to the task instruction sent by the host machine through the PCIe interface before the next connection is established.
Optionally, the storage unit is further configured to:
deleting the stored decryption resources and computing resources after the confidential computing task is completed.
Optionally, the trusted computing system further comprises: a key management unit;
the key management unit is used for exchanging keys between the security bridge unit and the host machine to obtain a first key and a second key and storing the first key and the second key; and
for providing a corresponding key when the secure bridge unit decrypts the encrypted resource or encrypts the computing resource.
Optionally, the key management unit is further configured to:
deleting the stored first and second keys after the secret computing task is completed.
Optionally, the system further comprises: a power interface;
the power interface is used for being connected to the host machine to achieve power taking.
Optionally, the computing unit is further configured to:
for each confidential computation task to be executed, a corresponding process is assigned to each confidential computation task.
In order to achieve the above object, an embodiment of the present invention further provides a trusted computing method based on any one of the above trusted computing systems, including:
controlling the security bridge unit to perform key exchange with the host machine based on a task instruction from the host machine received through the PCIe interface; the task instruction is generated by the host machine according to a confidential calculation task to be executed;
acquiring encrypted resources so that the host machine sends the encrypted resources to the secure bridge unit through the PCIe interface;
the encrypted resources pass through the security bridge unit and are decrypted by using the first key after the key exchange, so that decrypted resources are obtained and stored in the storage unit;
calculating the decryption resources in the storage unit through the calculation unit to obtain calculation resources, and storing the calculation resources in the storage unit;
encrypting the computing resources in the storage unit by the secure bridge unit and by using the second key after the key exchange to obtain encrypted computing resources;
and controlling the security bridge unit to send the encrypted computing resource to the host machine through the PCIe interface.
Optionally, the trusted computing method based on the trusted computing system further includes:
controlling the secure bridge unit to send a storage instruction to the computing unit based on a shutdown instruction from the host machine received through the PCIe interface;
controlling the computing unit to perform corresponding data storage based on the storage instruction, and sending a storage completion notification to the security bridge unit after the data storage is completed;
and controlling the security bridge unit to generate a power failure notification based on the storage completion notification, and sending the power failure notification to the host through the PCIe interface, so that the host starts shutdown based on the power failure notification to complete power failure.
The invention realizes pluggable communication between a trusted computing system and a host machine through a PCIe interface, a security bridge unit exchanges a key with the host machine through the PCIe interface, the security bridge unit decrypts an encrypted resource sent by the host machine through the PCIe interface through a first key after the key exchange and stores the decrypted resource in a storage unit, the computing unit computes through the decrypted resource in the storage unit and stores the computing resource in the storage unit, and the security bridge unit encrypts the computing resource in the storage unit and sends the encrypted computing resource to the host machine through the PCIe interface. If the host-host communication between the trusted computing system and the host is realized by using the special bridge chip, the security of the bridge chip is low, and the bridge chip is easily subjected to security risks, thereby causing the security risks of trusted computing. Therefore, the trusted computing system and the method provided by the embodiment of the invention realize the host-host communication between the trusted computing system and the host machine through the PCIe interface without using a special bridge chip, thereby realizing the high-speed and low-delay communication between the trusted computing system and the host machine under the condition of ensuring the safety of data and codes.
Drawings
FIG. 1 is a schematic diagram of a trusted computing system according to an embodiment of the present invention;
FIG. 2 is a diagram of an application of a trusted computing system according to an embodiment of the present invention;
FIG. 3 is a flowchart of a trusted computing method according to an embodiment of the present invention;
fig. 4 is another flowchart of a trusted computing method according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Fig. 1 is a schematic structural diagram of a trusted computing system according to an embodiment of the present invention, and as shown in fig. 1, a trusted computing system 100 according to an embodiment of the present invention includes: secure bridge unit 110, storage unit 120, computing unit 130, PCIe interface 140, and key management unit 150, power interface. The power interface (not shown in the figures) may include a first power interface 161 and a second power interface 162.
As shown in fig. 2, trusted computing system 100 communicates with host 200 via a PCIe interface 140 pluggable to host 200. Specifically, the host 200 may be provided with a plurality of PCIe slots 210, and the PCIe interface 140 of each trusted computing system 100 may be detachably plugged into the PCIe slot 210 of the host 200, so as to implement communication between the trusted computing system 100 and the host 200. Moreover, the trusted computing system 100 and the host 200 are connected in a pluggable manner through the PCIe interface 140 and the PCIe slot 210, that is, the host 200 can replace different trusted computing systems 100. Second, as shown in FIG. 2, host 200 may have multiple PCIe slots 210, so that each host 200 may be connected to multiple trusted computing systems 100 simultaneously, and each trusted computing system 100 may perform different confidential computing tasks. Namely, the trusted computing system is replaced and expanded through the pluggable connection of the PCIe interface and the PCIe slot, and the user experience is improved.
The first power interface 161 may be connected to the power interface 220 of the host 200 to supply power to the power source of the host 200. The second power interface 162 directly draws power through the host PCIe slot 210. Different power interfaces may be used in embodiments of the present invention to adapt to trusted computing systems 110 of different power consumption.
The security bridge unit 100 may be composed of an FPGA chip. The memory unit may be a DDR chip, and supports memory capacities of 8GB, 16GB, 32GB, and the like, and the DDR chip may have a higher data transmission rate, thereby increasing the processing rate of the trusted computing system 110. The computing unit 130 may be a CPU chip, which can select signals of the CPU chip according to user requirements to obtain different computing performances, or may be replaced with other chips such as a GPU to provide computing and processing capabilities. PCIe interface 140 may support PCIe3.0 and PCIe4.0 transmission rates, supporting x4, x8, x16 Lane interface communications.
In the embodiment of the present invention, the secure bridge unit 110 is configured to receive a task instruction sent by the host 200 through the PCIe interface 140, and perform key exchange with the host 200 through the PCIe interface 140 based on the task instruction. The secure bridge unit 100 is further configured to receive, after performing key exchange, the encrypted resource sent by the host 200 through the PCIe interface, decrypt the encrypted resource through the first key after the key exchange to obtain a corresponding decrypted resource, and send the decrypted resource to the storage unit 120 for storage. The calculating unit 130 is configured to calculate the decryption resource stored in the storage unit 120 to obtain a calculation resource, and send the calculation resource to the storage unit 120 for storage. The secure bridge unit 110 encrypts the computing resource through the second key after the key exchange to obtain an encrypted computing resource, and sends the encrypted computing resource to the host 200 through the PCIe interface 140. The key management unit 150 is configured to store a first key and a second key obtained after performing key exchange between the secure bridge unit 110 and the host 200; and for providing a corresponding key when the secure bridge unit 110 decrypts the encrypted resource or encrypts the computing resource.
The encrypted resource is encrypted data or encrypted code, and one or more encrypted resources may be input. The decryption resource refers to data or code obtained by decrypting the encryption resource.
The task instruction may be generated by the host 200 according to the confidential calculation task to be executed. The host 200 may start a secret computing task to be executed according to the request, generate a corresponding task instruction according to the secret computing task, and send the task instruction to the secure bridge unit 110 of the trusted computing system 100 through the PCIe interface, and after receiving the task instruction, the secure bridge unit 110 performs key exchange with the host 200 through the PCIe interface, so that the secure bridge unit 110 and the host 200 can obtain the first key and the second key for encryption and decryption.
Wherein the user request may include: encryption resources and specified key exchange protocols. Confidential computing tasks include: an encryption program A provided by a user and request processing encryption data B; or the user provides the encrypted data B and requests the encryption program A to process the data.
In the embodiment of the present invention, after receiving the task instruction, the secure bridge unit 110 performs key exchange with the host 200 through the PCIe interface according to the key exchange protocol specified in the user request, so as to obtain the first key and the second key for encryption and decryption. The secure bridge unit 1110 stores the first key and the second key obtained by performing the key exchange to the key management unit 120 for management, thereby completing establishment of a secure connection between the trusted computing system 100 and the host 200.
Further, for each to-be-executed confidential calculation task, the secure bridge unit 110 of the trusted calculation system 100 performs key exchange with the host 200 through the PCIe interface once, so as to ensure that each to-be-executed confidential calculation task has the first and second keys for encryption and decryption that are uniquely corresponding to the confidential calculation task, that is, the keys for encryption and decryption are different between the confidential calculation tasks, and the security of trusted calculation can be further improved to ensure data and code security compared with the case where different confidential calculation tasks use the same key.
In addition, to further avoid the occurrence of the security risk, the computing unit 130 is further configured to assign a process (i.e., an execution procedure of a piece of program) to each confidential computing task to be executed. The mutual isolation of the resources processed by each confidential calculation task is realized by allocating a corresponding process to each confidential calculation task, namely, the isolation on the memory address space of the storage unit, so that the independent memory address space is realized, and the occurrence of potential safety hazards is avoided.
It should be noted that the first key and the second key may be different or the same, and are not specifically limited in the embodiment of the present invention.
Second, as shown in fig. 1, the secure bridge unit 110 and the storage unit 120 of the trusted computing system 100 may also be connected by a PCIe bus to improve communication efficiency.
Further, the storage unit 120 is also configured to delete the stored decryption resource and the computing resource after the cryptographic computing task is completed.
After the confidential calculation task is completed, the storage unit 120 deletes the stored decryption resources and calculation resources, so as to further ensure the security of trusted calculation.
The key management unit 150 is further configured to delete the stored first key and second key after the cryptographic calculation task is completed.
After the confidential computing task is completed, the key management unit 150 deletes the stored first and second keys for the confidential computing task, thereby further securing the security of the trusted computing system.
Where the completion of the confidential computation task may refer to the host receiving the encrypted computation resource from the secure bridge unit 110 through the PCIe interface. Specifically, after receiving the encrypted computing resource from the secure bridge unit 110 through the PCIe interface, the host 200 generates feedback information of the confidential computing task and sends the feedback information to the secure bridge unit 110 through the PCIe interface, the secure bridge unit 110 sends the feedback information to the storage unit 120 and the key management unit 150, and the storage unit 120 and the key management unit 150 can determine that the confidential computing task is completed when receiving the feedback information. The feedback information of the confidential calculation task is used to indicate that the confidential calculation task is completed.
In addition, after the confidential computing task corresponding to the task instruction is completed, the trusted computing system 100 is disconnected from the host computer 200. Specifically, the secure bridge unit 110 of the trusted computing system 100 disconnects the connection with the host 200, such as logging off the legal ID of the host 200, and does not respond to the task instruction sent by the host 200 through the PCIe interface until the next connection is established.
In the embodiment of the present invention, when the trusted computing system 100 is no longer required to perform secret computing, the trusted computing system 100 may be pulled out from the PCIe slot 210 of the host 200, and when the host 200 needs to use the trusted computing system 100 again or needs to replace the trusted computing system 100 with a different configuration, the trusted computing system 100 plugged in the host 200 may be re-driven to perform a corresponding secret computing task.
It should be noted that the host 200 drives the trusted computing system 100 to start up when it detects that its PCIe slot 210 is inserted into the PCIe interface 140 of the trusted computing system 100. If the trusted computing system 100 is plugged in with the host 200 powered on, the host 200 needs to be able to support hot-plug of PCIe devices.
In some embodiments of the present invention, when the host 200 is to start shutdown, a corresponding shutdown instruction may be generated and sent to the secure bridge unit 110 of the trusted computing system 100 through the PCIe interface, and the secure bridge unit 110 is configured to send a storage instruction to the computing unit 130 after receiving the shutdown instruction of the host 200 through the PCIe interface. In particular, secure bridge unit 110 may send a store instruction to computing unit 130 through storage unit 120. The computing unit 130 is configured to perform corresponding data storage according to the storage instruction, and send a storage completion notification to the secure bridge unit 110 after the data storage is completed. The secure bridge unit 110 is further configured to generate a power down notification based on the storage completion notification, and send the power down notification to the host 200 through the PCIe interface, so that the host deletes relevant data based on the power down notification and starts shutdown to complete power down. That is to say, in this way, when the host 200 needs to be shut down, the host 200 needs to interact with the secure bridge unit 110 through the PCIe interface 140, and the trusted computing system 100 performs corresponding data storage before the host 200 is shut down, so as to avoid data loss of the trusted computing system 100 and influence on next normal use of the trusted computing system 100.
According to the trusted computing system provided by the embodiment of the invention, the secure area and the normal area for trusted computing are completely isolated on hardware through the trusted computing system constructed by the independent secure bridge unit, the storage unit, the computing unit and the PCIe interface, so that a reliable hardware execution environment is provided for secure computing.
In addition, since the PCIe protocol is a master-slave protocol and the trusted computing system and the host machine communicate with each other in a master-slave manner, the PCIe interface cannot be directly used for communication between the trusted computing system and the host machine, and there is a possibility of data loss. In order to implement host-host communication between the trusted computing system and the host machine through the PCIe interface, a dedicated bridge chip may be used to implement host-host communication between the trusted computing system and the host machine, but the bridge chip has no security, may cause a certain security risk, and is not suitable for the requirements of secure connection and secure communication between the trusted computing system and the host machine. The trusted computing system provided by the invention communicates with the host machine through the PCIe interface, the security bridge unit exchanges a key with the host machine through the PCIe interface, the security bridge unit decrypts the encrypted resource sent by the host machine through the PCIe interface through the first key after the key exchange and stores the decrypted resource in the storage unit, the computing unit computes through the decrypted resource in the storage unit and stores the computing resource in the storage unit, the security bridge unit encrypts the computing resource in the storage unit and sends the encrypted computing resource to the host machine through the PCIe interface, namely, the security bridge unit of the trusted computing system can actively write the encrypted computing resource into the host machine through the PCIe interface, namely, the host-host communication between the trusted computing system and the host machine is realized without an external bridge chip, so that the high-rate and low-delay communication between the trusted computing system and the host machine is realized under the condition of security isolation.
Based on the trusted computing system provided in the above embodiment, an embodiment of the present invention further provides a trusted computing method based on any one of the above trusted computing systems, as shown in fig. 3, the trusted computing method based on the above trusted computing system at least includes the following steps:
s301, the security bridge unit is controlled to receive a task instruction from the host machine through the PCIe interface and exchange a secret key with the host machine.
The task instruction is generated according to a confidential calculation task to be executed.
S302, the encrypted resources are obtained, so that the host machine sends the encrypted resources to the secure bridge unit through the PCIe interface.
S303, the encrypted resource passes through the security bridge unit and is decrypted by using the first key after key exchange, so that the decrypted resource is obtained and stored in the storage unit.
S304, calculating the decryption resources in the storage unit through the calculation unit to obtain calculation resources, and storing the calculation resources in the storage unit.
S305, the computing resources in the storage unit are encrypted by the second secret key after the secret key exchange through the security bridge unit, and encrypted computing resources are obtained.
And S306, controlling the security bridge unit to send the encrypted computing resource to the host machine through a PCIe interface.
As shown in fig. 4, the trusted computing method provided in the embodiment of the present invention may further include the following steps:
s401, the safety bridge unit is controlled to send a storage instruction to the computing unit based on a shutdown instruction received from the host machine through the PCIe interface.
S402, the control calculation unit performs corresponding data storage based on the storage instruction, and sends a storage completion notification to the security bridge unit after the data storage is completed.
And S403, controlling the secure bridge unit to generate a power failure notification based on the storage completion notification, and sending the power failure notification to the host through the PCIe interface, so that the host starts shutdown based on the power failure notification to complete power failure.
In some embodiments of the present invention, after the confidential computation task corresponding to the task instruction is completed, the security bridge unit is controlled to disconnect from the host, and the host is not responded to the task instruction sent through the PCIe interface before the next connection is established.
In some embodiments of the invention, the control storage unit deletes the stored decryption resources and the computing resources after the cryptographic computing task is completed.
In some embodiments of the invention, the control key management unit deletes the stored first key and second key after the cryptographic calculation task is completed.
In some embodiments of the present invention, for each confidential calculation task to be executed corresponding to the task instruction, the control calculation unit assigns a corresponding process to each confidential calculation task.
The trusted computing system provided by the embodiment of the invention can be known that at least one host can be connected with at least one trusted computing system in a pluggable manner. When the host is connected to only one trusted computing system and has a plurality of confidential computing tasks, before step S301 is executed in the trusted computing method provided in the embodiment of the present invention, the confidential computing tasks may be sequentially processed according to a predefined priority of each confidential computing task and in an order from high priority to low priority, that is, steps S301 to S306 are executed. When confidential calculation tasks with the same priority exist, the confidential calculation tasks with the same priority can be processed in sequence according to the arrival sequence of the confidential calculation tasks.
Before the host is connected with a plurality of trusted computing systems, and step S301 is executed in the trusted computing method provided in the embodiment of the present invention, the working state of each trusted computing system corresponding to the host may be obtained first, and the confidential computation task is allocated to the trusted computing system whose working state is the idle state for processing; and when the working states are busy states, determining the busy level of each trusted computing system in the busy state, and distributing the confidential computing task to the trusted computing system with the lowest busy level for processing.
The embodiments of the present invention are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the method embodiment, since it is substantially similar to the system embodiment, the description is simple, and the relevant points can be referred to the partial description of the system embodiment.
In addition, the system and the method provided by the embodiment of the invention are in one-to-one correspondence, so the method also has the beneficial technical effects similar to the corresponding system. Since the beneficial effects of the system have been described in detail above, the beneficial technical effects of the method are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a component of' 8230; \8230;" does not exclude the presence of another like element in a process, method, article, or apparatus that comprises the element.
Of course, it will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by instructing relevant hardware (such as a processor, a controller, etc.) through a computer program, and the program can be stored in a computer readable storage medium, and when executed, the program can include the processes of the embodiments of the methods described above. The computer readable storage medium may be a memory, a magnetic disk, an optical disk, etc.
It is to be understood that the invention is not limited to the examples described above, but that modifications and variations may be effected thereto by those of ordinary skill in the art in light of the foregoing description, and that all such modifications and variations are intended to be within the scope of the invention as defined by the appended claims.
Claims (8)
1. A trusted computing system, the trusted computing system comprising: the system comprises a security bridge unit, a storage unit, a computing unit and a PCIe interface; the trusted computing system is connected to a host machine in a pluggable mode through the PCIe interface and communicates with the host machine;
the secure bridge unit is used for receiving a task instruction sent by the host machine through the PCIe interface and exchanging a key with the host machine through the PCIe interface based on the task instruction; wherein the task instruction is generated for the host machine based on a confidential calculation task;
the secure bridge unit is further configured to receive encrypted resources sent by the host through the PCIe interface after performing key exchange, decrypt the encrypted resources through the first key after the key exchange to obtain corresponding decrypted resources, and send the decrypted resources to the storage unit for storage;
the computing unit is used for computing the decryption resource in the storage unit to obtain a computing resource and sending the computing resource to the storage unit for storage;
the secure bridge unit is further configured to encrypt the computing resource through the second key after the key exchange to obtain an encrypted computing resource, and send the encrypted computing resource to the host through the PCIe interface;
the secure bridge unit is further configured to send a storage instruction to the computing unit after receiving a shutdown instruction of the host through the PCIe interface;
the computing unit is also used for carrying out corresponding data storage according to the storage instruction and sending a storage completion notification to the security bridge unit after the data storage is completed;
the security bridge unit is further used for generating a power failure notification based on the storage completion notification and sending the power failure notification to the host through the PCIe interface, so that the host starts shutdown based on the power failure notification to complete power failure.
2. The trusted computing system of claim 1, wherein the secure bridge unit is further to:
after the confidential calculation task corresponding to the task instruction is completed, disconnecting the confidential calculation task from the host machine; and
and no longer responding to the task instruction sent by the host machine through the PCIe interface before the next connection is established.
3. The system of claim 1, wherein the storage unit is further configured to:
deleting the stored decrypted resources and the computing resources after the confidential computing task is completed.
4. The trusted computing system of claim 1, further comprising: a key management unit;
the key management unit is used for exchanging keys between the security bridge unit and the host machine to obtain the first key and the second key and storing the first key and the second key; and
for providing a corresponding key when the secure bridge unit decrypts the encrypted resource or encrypts the computing resource.
5. The trusted computing system of claim 4, wherein the key management unit is further configured to:
deleting the stored first key and the second key after the secret computing task is completed.
6. The trusted computing system of claim 1, wherein the system further comprises: a power interface;
the power interface is used for being connected to the host machine to achieve power taking.
7. The trusted computing system of claim 1, wherein the computing unit is further to:
for each confidential computation task to be executed, a corresponding process is assigned to each confidential computation task.
8. A trusted computing method based on the trusted computing system according to any one of claims 1 to 7, wherein the trusted computing method based on the trusted computing system comprises:
controlling the security bridge unit to perform key exchange with the host machine based on a task instruction from the host machine received through the PCIe interface; the task instruction is generated by the host machine according to a confidential calculation task to be executed;
acquiring encrypted resources so that the host machine sends the encrypted resources to the secure bridge unit through the PCIe interface;
the encrypted resources pass through the security bridge unit and are decrypted by using the first key after the key exchange, so that decrypted resources are obtained and stored in the storage unit;
calculating the decryption resources in the storage unit through the calculation unit to obtain calculation resources, and storing the calculation resources in the storage unit;
encrypting the computing resources in the storage unit by the secure bridge unit and by using the second key after the key exchange to obtain encrypted computing resources;
controlling the secure bridge unit to send the encrypted computing resource to the host machine through the PCIe interface;
the trusted computing method further comprises:
controlling the secure bridge unit to send a storage instruction to the computing unit based on a shutdown instruction from the host machine received through the PCIe interface;
controlling a computing unit of the trusted computing system to perform corresponding data storage based on the storage instruction, and sending a storage completion notification to the security bridge unit after the data storage is completed;
and controlling the security bridge unit to generate a power failure notification based on the storage completion notification, and sending the power failure notification to the host machine through the PCIe interface so that the host machine starts shutdown based on the power failure notification to complete power failure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211161482.XA CN115237843B (en) | 2022-09-23 | 2022-09-23 | Trusted computing system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211161482.XA CN115237843B (en) | 2022-09-23 | 2022-09-23 | Trusted computing system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115237843A CN115237843A (en) | 2022-10-25 |
| CN115237843B true CN115237843B (en) | 2023-02-14 |
Family
ID=83667290
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211161482.XA Active CN115237843B (en) | 2022-09-23 | 2022-09-23 | Trusted computing system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115237843B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116527257B (en) * | 2023-06-27 | 2023-10-31 | 粤港澳大湾区数字经济研究院(福田) | Heterogeneous computing system and resource processing method based on same |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859088A (en) * | 2005-05-08 | 2006-11-08 | 联想(北京)有限公司 | Method for providing enciphering service and system using said method |
| CN110321715A (en) * | 2019-07-08 | 2019-10-11 | 北京可信华泰信息技术有限公司 | Credible measurement method, apparatus and processor |
| CN113886862A (en) * | 2021-12-06 | 2022-01-04 | 粤港澳大湾区数字经济研究院(福田) | Trusted computing system and resource processing method based on trusted computing system |
| CN113890728A (en) * | 2021-08-27 | 2022-01-04 | 苏州浪潮智能科技有限公司 | Key processing method, system, equipment and medium based on FPGA encryption card |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090185559A1 (en) * | 2008-01-18 | 2009-07-23 | Evan Chen | Integration module for universal serial bus |
| US20220100835A1 (en) * | 2020-02-05 | 2022-03-31 | Quantum Digital Solutions Corporation | Systems and methods for controlling a digital ecosystem using digital genomic data sets |
| CN114611163A (en) * | 2022-03-16 | 2022-06-10 | 中电(海南)联合创新研究院有限公司 | Virtual machine migration method, device, equipment and storage medium |
-
2022
- 2022-09-23 CN CN202211161482.XA patent/CN115237843B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859088A (en) * | 2005-05-08 | 2006-11-08 | 联想(北京)有限公司 | Method for providing enciphering service and system using said method |
| CN110321715A (en) * | 2019-07-08 | 2019-10-11 | 北京可信华泰信息技术有限公司 | Credible measurement method, apparatus and processor |
| CN113890728A (en) * | 2021-08-27 | 2022-01-04 | 苏州浪潮智能科技有限公司 | Key processing method, system, equipment and medium based on FPGA encryption card |
| CN113886862A (en) * | 2021-12-06 | 2022-01-04 | 粤港澳大湾区数字经济研究院(福田) | Trusted computing system and resource processing method based on trusted computing system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115237843A (en) | 2022-10-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8165301B1 (en) | Input-output device and storage controller handshake protocol using key exchange for data security | |
| JP6414863B2 (en) | Encryption and decryption method and apparatus and system in virtualization system | |
| EP2947811A1 (en) | Method, server, host and system for protecting data security | |
| US20100153749A1 (en) | Device-access control program, device-access control process, and information processing apparatus for controlling access to device | |
| KR102295960B1 (en) | Apparatus and method for security service based virtualization | |
| EP3306509B1 (en) | Vtpm-based method and system for virtual machine security and protection | |
| WO2021164166A1 (en) | Service data protection method, apparatus and device, and readable storage medium | |
| CN104252375A (en) | Method and system for sharing USB (Universal Serial Bus) Key by multiple virtual machines positioned in different host computers | |
| US11641271B2 (en) | Control method, non-transitory computer-readable storage medium, and information processing apparatus | |
| CN109104275A (en) | A kind of HSM equipment | |
| CN115237843B (en) | Trusted computing system and method | |
| TW201712589A (en) | Secure input/output device management | |
| EP4064084A1 (en) | Password management method and related device | |
| JP2008171076A (en) | Job execution device and its control method | |
| JP2003337736A (en) | Computer, hard disk device, disk device sharing system constructed of a plurality of computers and shared hard disk device, and sharing method for disk device used in the system | |
| EP4332810A1 (en) | Method for realizing virtualized trusted platform module, and secure processor and storage medium | |
| TWI253586B (en) | Control system for controlling a plurality of computers | |
| JP2016189527A (en) | Information processing unit and information processing system and information processing method and information processing program | |
| US20190230067A1 (en) | Technologies for establishing secure channel between i/o subsystem and trusted application for secure i/o data transfer | |
| WO2023169271A1 (en) | Data storage method and data processing device | |
| TWI789291B (en) | Module and method for authenticating data transfer between a storage device and a host device | |
| JP2021521552A (en) | Information processing methods and information processing systems applied to encryption machines | |
| WO2022001842A1 (en) | Method, host and apparatus for processing data | |
| JP2008269179A (en) | Computer system, management terminal, storage device, and cipher management method | |
| JP2013255161A (en) | Encryption key update system and key update program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20221025 Assignee: Shenzhen Qiangji Computing Technology Co.,Ltd. Assignor: Guangdong Hong Kong Macao Dawan District Digital Economy Research Institute (Futian) Contract record no.: X2023980045750 Denomination of invention: A Trusted Computing System and Method Granted publication date: 20230214 License type: Exclusive License Record date: 20231103 |
|
| EE01 | Entry into force of recordation of patent licensing contract |