CN116167060A - Trusted read-only memory system and trusted baseboard management controller system - Google Patents

Trusted read-only memory system and trusted baseboard management controller system Download PDF

Info

Publication number
CN116167060A
CN116167060A CN202211572143.0A CN202211572143A CN116167060A CN 116167060 A CN116167060 A CN 116167060A CN 202211572143 A CN202211572143 A CN 202211572143A CN 116167060 A CN116167060 A CN 116167060A
Authority
CN
China
Prior art keywords
read
trusted
memory
national
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211572143.0A
Other languages
Chinese (zh)
Inventor
安伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202211572143.0A priority Critical patent/CN116167060A/en
Publication of CN116167060A publication Critical patent/CN116167060A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/42Bus transfer protocol, e.g. handshake; Synchronisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11CSTATIC STORES
    • G11C17/00Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards
    • G11C17/14Read-only memories programmable only once; Semi-permanent stores, e.g. manually-replaceable information cards in which contents are determined by selectively establishing, breaking or modifying connecting links by permanently altering the state of coupling elements, e.g. PROM
    • G11C17/18Auxiliary circuits, e.g. for writing into memory
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The present specification embodiments describe a trusted read-only memory system and a trusted baseboard management controller system. The trusted read-only memory system comprises: a read-only memory unit for storing data, which only allows the data to be read out in the whole machine working process, and the data stored in the read-only memory unit is not changed after power failure; the national cipher credible safety unit is respectively connected to the read-only memory unit and an external bus interface, reads data from the read-only memory unit, encrypts the read data by adopting a national cipher algorithm, and then transmits the encrypted data to the main board through the bus interface. The embodiment of the specification can realize that the information stored in the read-only memory is transmitted by ciphertext based on a cryptographic algorithm when transmitted on an interface, thereby avoiding information leakage.

Description

Trusted read-only memory system and trusted baseboard management controller system
Technical Field
One or more embodiments of the present description relate to the field of computer technology, and more particularly, to a trusted read only memory system and a trusted baseboard management controller (Baseboard Management Controller, BMC) system.
Background
With the continuous development of computer technology, information interaction between devices is also more and more frequent. However, it is well known that information often contains a large amount of privacy and confidentiality, which is easily revealed when information is exchanged between devices.
In existing computer systems, the information transmitted in the clear over any interface may be a successful point of attack. In the current computer architecture, when some information stored in the rom is transmitted on the interface, plaintext is often adopted for transmission, so that information leakage is caused.
Therefore, a trusted read-only memory is required to avoid information leakage.
Disclosure of Invention
One or more embodiments of the present disclosure describe a trusted read-only memory system and a trusted BMC system that can implement ciphertext transmission after encryption by using a cryptographic algorithm when information stored in a read-only memory is transmitted on an interface, thereby avoiding information leakage.
According to a first aspect, there is provided a trusted memory system comprising:
a read-only memory unit for storing data, which only allows the data to be read out in the whole machine working process, and the data stored in the read-only memory unit is not changed after power failure;
the national cipher credible safety unit is respectively connected to the read-only memory unit and an external bus interface, reads data from the read-only memory unit, encrypts the read data by adopting a national cipher algorithm, and then transmits the encrypted data to the main board through the bus interface.
Wherein, the liquid crystal display device comprises a liquid crystal display device,
the read-only memory unit includes: ROM or EEPROM;
and/or the number of the groups of groups,
the read-only memory unit and the national cryptographic trusted security unit are integrated in one chip.
Wherein the read-only memory unit comprises: an EEPROM;
the national cipher trusted security unit reads FRU (Field Replace Unit, field replaceable component) information of the server component from the EEPROM, encrypts the FRU information by utilizing a national cipher algorithm and sends the FRU information to the main board through Pin5/Pin6 pins on the PCIE interface.
The interface of the read-only memory unit comprises an I2C interface and/or an SPI interface, and the national secret trusted security unit reads information from the read-only memory unit through the I2C interface and/or the SPI interface.
The national encryption and trust security unit encrypts information in different read-only memory units or different information in the same read-only memory unit by using different encryption keys based on a national encryption algorithm.
Wherein the FRU information includes: at least one of manufacturer information, product model number, product serial number, asset serial number, and version information.
According to a second aspect, there is provided a trusted baseboard management controller, BMC, system, wherein the BMC system comprises:
the system comprises a national encryption trusted security module, a bus interface, a BMC module and a public encryption algorithm, wherein the national encryption trusted security module is respectively connected to the external bus interface and the BMC module, receives encrypted data from a national encryption trusted security unit of a trusted read-only memory system from the bus interface, decrypts the encrypted data by utilizing the national encryption algorithm, and then transmits the decrypted data to the BMC module;
and the BMC module is used for providing a server remote management function and processing the data sent by the national cryptographic trusted security module.
The national secret trusted security module and the BMC module are integrated in one chip.
The trusted security module receives encrypted information from a trusted security unit of the trusted read-only memory system from Pin5/Pin6 pins on the PCIE interface.
According to a third aspect, a computer system is provided, including any of the trusted read-only memory systems of the embodiments of the present description and any of the trusted BMC systems of the embodiments of the present description.
The trusted read-only memory provided in the embodiments of the present disclosure modifies an architecture for implementing a read-only memory, where the modified architecture specifically includes: a read-only memory unit and a national cryptographic trusted security unit. Therefore, on the basis of the function of the read-only memory, an encryption function based on a national encryption algorithm is additionally added, so that the trusted read-only memory system can encrypt the data read from the read-only memory based on the national encryption algorithm. Because of the advantages of the cryptographic algorithm, the data read from the read-only memory is ensured to be encrypted by the cryptographic algorithm with higher security and different encryption modes when being transmitted on the bus interface of the computer system, thereby ensuring the security of the data.
The embodiment of the specification modifies the architecture for realizing the BMC, and the modified architecture specifically comprises: the system comprises a national cryptographic trusted security module and a BMC module. Therefore, on the basis of the existing function of the BMC, a decryption function based on a cryptographic algorithm is additionally added, so that the trusted BMC system can decrypt encrypted data read from the trusted ROM system based on the cryptographic algorithm. Because of the advantages of the cryptographic algorithm, the data read from the trusted read-only memory system is encrypted by the cryptographic algorithm with higher security and different encryption modes when transmitted on the bus interface of the computer system, so that the security of the data is ensured.
Drawings
In order to more clearly illustrate the embodiments of the present description or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present description, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a trusted read-only memory system in one embodiment of the present disclosure.
Fig. 2 is a schematic diagram of a trusted read-only memory system according to another embodiment of the present disclosure.
Fig. 3 is a schematic diagram of a trusted transmission system in one embodiment of the present description.
Fig. 4 is a schematic structural diagram of a trusted BMC in one embodiment of the present disclosure.
Detailed Description
The following describes the scheme provided in the present specification with reference to the drawings.
It is first noted that the terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
The embodiments of the present specification propose a trusted read-only memory system, so that data read from read-only memory can be encrypted with trust. FIG. 1 is a schematic diagram of a trusted read-only memory system in one embodiment of the present disclosure. Referring to fig. 1, the trusted read-only memory system includes:
a read-only memory unit 101 which holds data, only allows the data to be read out in the whole machine working process, and the data held in the read-only memory unit is not changed after power failure;
the national encryption trusted security unit 102 is respectively connected to the read-only memory unit 101 and an external bus interface, reads data from the read-only memory unit 101, encrypts the read data by adopting a national encryption algorithm, and then transmits the encrypted data to a main board in the computer system through the bus interface.
Currently, national cryptography and related regulations are emerging. The security of the national cryptographic algorithm specified by the national cryptographic method is higher. The international key system product does not meet the national cryptography, and the national cryptographic standard has at least the following advantages compared with the international key system:
1. safer: SM2 is higher than 2048 bit RSA as security for ECC algorithm (256 bits). Meanwhile, the SM3 abstract length is 256 bits, and the safety strength is higher than that of an MD5 algorithm and an SHA1 algorithm;
2. faster: in the communication process, compared with 2048 bit RSA algorithm, 256bit SM2 algorithm can transmit less data, which means less transmission time and signature process, and SM2 algorithm speed is about 10 times of RSA;
3. and the method is autonomously controllable: autonomous security is controllable, accords with the cryptographic rule, and is the most critical factor.
The national cryptographic trusted security unit 102 may conform to national cryptographic standards.
It can be seen that the architecture of the read-only memory is modified in the embodiment of the present disclosure, and the modified architecture is shown in fig. 1, and specifically includes: a read-only memory unit and a national cryptographic trusted security unit. Therefore, on the basis of the function of the read-only memory, an encryption function based on a national encryption algorithm is additionally added, so that the trusted read-only memory system can encrypt the data read from the read-only memory based on the national encryption algorithm. Because of the advantages of the national encryption algorithm, the data read from the read-only memory is ensured to be encrypted by the encryption algorithms with higher security and different encryption modes when being transmitted on the bus interface of the computer system, thereby ensuring the security of the data.
In the embodiment of the present specification, the read-only memory used for implementing the trusted read-only memory system may be a ROM (read-only memory) or an EEPROM (electrically erasable programmable read-only memory), that is, the embodiment of the present specification may implement a trusted ROM with a trusted structure or a trusted EEPROM with a trusted structure.
In one embodiment of the present disclosure, the rom unit and the trusted security unit may be separately provided in different chips, or may be integrated in one chip. If integrated in a chip, a trusted read-only memory system is a chip system with a trusted architecture.
In a computer system, a motherboard (Mother Board) reads out-of-band FRU information from an EEPROM through a PCIE bus interface. The FRU information is typically stored in an EEPROM on the replaceable component. The FRU information is key data information of the server component, such as key asset management information including manufacturer information, product model number, product serial number, asset serial number, version information, and the like, so privacy protection of the FRU information is critical to safe operation of the server. However, in the prior art, the FRU information is transmitted in the clear on the PCIE bus interface, which creates a great potential safety hazard for the operation of the server.
Thus, in one embodiment of the present description, the read-only memory cell 101 shown in FIG. 1 includes: an EEPROM;
accordingly, the national cipher trusted security unit 102 reads the FRU information of the server component from the EEPROM, encrypts the FRU information by using the national cipher algorithm, and sends the encrypted FRU information to the motherboard through Pin5/Pin6 pins on the PCIE interface, thereby implementing encryption of the national cipher algorithm on the FRU information in the EEPROM, and greatly improving the security and security level of the operation of the server.
The national cryptographic trusted security unit 102 is based on national cryptography and national cryptographic algorithms, supporting an I2C interface or an SPI interface. Thus, in one embodiment of the present description, the interface of the read-only memory unit includes an I2C interface and/or an SPI interface, thereby ensuring proper communication of the read-only memory unit with the national cryptographic trusted security unit. Thus, the national cryptographic trusted security unit 102 reads information, such as FRU information of the server component, from the read-only memory unit via the I2C interface and/or SPI interface.
In one embodiment of the present description, the national cryptographic security element encrypts with different encryption keys based on the national cryptographic algorithm for information in different read-only memory units or for different information in the same read-only memory unit.
In one embodiment of the present description, there are a number of flexible ways in which the key policy employed by the national cryptographic trusted security unit 102 may be: such as a one-machine key, or may be in a manner such that different information (e.g., FRU)/read-only memory unit 101 uses different keys. The link communication can adopt fixed block cipher, and also can adopt public key system to dynamically negotiate periodic rotation so as to ensure the protection of highest cipher safety level.
Fig. 2 is a schematic diagram of a trusted read-only memory system according to another embodiment of the present disclosure. Referring to fig. 2, in one embodiment of the present specification, the trusted read-only memory system may actually be a national cryptographic EEPROM/ROM, which includes: EEPROM/ROM and SE (SE represents the trusted safety unit of state secret), connect through SPI signal line and I2C signal line between EEPROM/ROM and the SE, and the SE passes through PCIE bus connection to the mainboard, of course, the SE still can be further through SPI signal line and other SE that the right side shows in figure 2. Referring to fig. 2, after the information stored in the EEPROM/ROM, such as the FRU information, is encrypted by the cryptographic algorithm of SE, the encrypted information is sent to the motherboard through the PCIE bus, so that the confidential transmission based on the cryptographic algorithm is implemented for the information stored in the EEPROM/ROM, such as the FRU.
Referring to fig. 2, in one embodiment of the present description, SE supports the following features:
1. the algorithm engines PKE and SKE support the following algorithms:
1) Key exchange algorithm: SM2
2) Digital signature algorithm: SM2 (SM 2 refers to signature and key exchange algorithm as SM2 algorithm, and corresponding ECC curve is also called SM 2)
3) Symmetric encryption algorithm: SM4
4) HASH algorithm: SM3
2. Providing rich interfaces, namely related interfaces such as I2C, SPI, QSPI, UART, GPIO and the like;
3. providing PUF-physically unclonable function, ensuring identity unique identity
4. A true random number generator TRNG;
5. internally integrated or externally connected OTP/EEPROM provides a selection space for a user
6. Support TLS national suite: and the TLS1.3 national cipher suite algorithm is realized through system software.
Typically, in a motherboard, information of a trusted read-only memory system is received by the BMC and processed. Thus, referring to fig. 3, in one embodiment of the present disclosure, a trusted system is provided, including an EEPROM/ROM as a read-only memory unit and a national cryptographic trusted security unit (shown as a national cryptographic trusted SE on the left side in fig. 3) in a trusted read-only memory system, and of course a BMC in a motherboard and a national cryptographic trusted security unit (shown as a national cryptographic trusted SE on the right side in fig. 3) connected to the BMC in the motherboard. In a trusted read-only memory system outside a main board, an EEPROM/ROM is connected with a national secret trusted SE through an I2C/SPI signal line, and the national secret trusted SE in the trusted read-only memory system is connected with the national secret trusted SE in the main board through an SMBus in a PCIE bus interface; in the main board, the national secret trusted SE is connected with the BMC through an out-of-band management signal line SMBus.
Referring to fig. 3, since the information transferred to the BMC through the bus is information encrypted through the cryptographic algorithm, the BMC has a trusted capability to enable trusted decryption of data encrypted based on the cryptographic algorithm read from the read-only memory.
Fig. 4 is a schematic structural diagram of a trusted BMC in one embodiment of the present disclosure. Referring to fig. 4, the trusted BMC includes:
the national encryption trusted security module 401 is respectively connected to an external bus interface and the BMC module 402, receives encrypted data from the national encryption trusted security unit of the trusted read-only memory system from the bus interface, decrypts the encrypted data by utilizing a national encryption algorithm, and then transmits the decrypted data to the BMC module 402;
the BMC module 402 is configured to provide a server remote management function, and process data sent by the cryptographic trusted security module 401.
In one embodiment of the present disclosure, the national cryptographic trusted security module may be integrated with the BMC module in one chip.
In one embodiment of the present disclosure, the Guo-Weather trusted secure module receives encrypted information, such as FRU information, from a Guo-Weather trusted secure element of a trusted read-only memory system from Pin5/Pin6 pins on a PCIE interface.
It can be seen that the architecture for implementing the BMC is modified in the embodiment of the present disclosure, and the modified architecture is shown in fig. 4, and specifically includes: the system comprises a national cryptographic trusted security module and a BMC module. Therefore, on the basis of the existing function of the BMC, a decryption function based on a cryptographic algorithm is additionally added, so that the trusted BMC system can decrypt encrypted data read from the trusted ROM system based on the cryptographic algorithm. Because of the advantages of the national encryption algorithm, the data read from the trusted read-only memory system is ensured to be encrypted by the encryption algorithms with higher security and different encryption modes when being transmitted on the bus interface of the computer system, thereby ensuring the security of the data.
An embodiment of the present specification further proposes a computer system, including any one of the trusted read-only memory systems of the embodiments of the present specification and any one of the trusted BMC systems of the embodiments of the present specification.
The above-described devices are usually implemented at the server side, and may be provided in separate servers, or a combination of some or all of the devices may be provided in the same server. The server can be a single server or a server cluster consisting of a plurality of servers, and the server can be a cloud server, also called a cloud computing server or a cloud host, is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in the traditional physical host and virtual special server (VPs, VI irtual Private Server) service. The above devices may also be implemented in a computer terminal having a relatively high computing power.
An embodiment of the present specification provides a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of the embodiments of the specification.
An embodiment of the present specification provides a computing device including a memory having executable code stored therein and a processor that, when executing the executable code, performs a method of any of the embodiments of the present specification.
It should be understood that the structures illustrated in the embodiments of the present specification do not constitute a particular limitation on the apparatus of the embodiments of the present specification. In other embodiments of the specification, the apparatus may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present invention may be implemented in hardware, software, a pendant, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention in further detail, and are not to be construed as limiting the scope of the invention, but are merely intended to cover any modifications, equivalents, improvements, etc. based on the teachings of the invention.

Claims (10)

1. A trusted read-only memory system, wherein the trusted read-only memory system comprises:
a read-only memory unit for storing data, which only allows the data to be read out in the whole machine working process, and the data stored in the read-only memory unit is not changed after power failure;
the national cipher credible safety unit is respectively connected to the read-only memory unit and an external bus interface, reads data from the read-only memory unit, encrypts the read data by adopting a national cipher algorithm, and then transmits the encrypted data to the main board through the bus interface.
2. The trusted read-only memory system of claim 1, wherein,
the read-only memory unit includes: a read only memory ROM or a charged erasable programmable read only memory EEPROM;
and/or the number of the groups of groups,
the read-only memory unit and the national cryptographic trusted security unit are integrated in one chip.
3. The trusted read-only memory system of claim 1 wherein said read-only memory unit comprises: an EEPROM;
the national cipher trusted security unit reads FRU information of a field replaceable part of the server part from the EEPROM, encrypts the FRU information by utilizing a national cipher algorithm, and sends the encrypted FRU information to the main board through Pin5/Pin6 pins on the PCIE interface.
4. The trusted read-only memory system of claim 3 wherein the FRU information comprises: at least one of manufacturer information, product model number, product serial number, asset serial number, and version information.
5. The trusted read-only memory system of claim 1, wherein the interface of the read-only memory unit comprises an I2C interface and/or an SPI interface, and the cryptographically trusted security unit reads information from the read-only memory unit via the I2C interface and/or the SPI interface.
6. The trusted read-only memory system of claim 1, wherein said national cryptographic security unit encrypts with different encryption keys based on a national cryptographic algorithm for information in different read-only memory units or for different information in the same read-only memory unit.
7. A trusted baseboard management controller, BMC, system, wherein the BMC system comprises:
the system comprises a national encryption trusted security module, a bus interface, a BMC module and a public encryption algorithm, wherein the national encryption trusted security module is respectively connected to the external bus interface and the BMC module, receives encrypted data from a national encryption trusted security unit of a trusted read-only memory system from the bus interface, decrypts the encrypted data by utilizing the national encryption algorithm, and then transmits the decrypted data to the BMC module;
and the BMC module is used for providing a server remote management function and processing the data sent by the national cryptographic trusted security module.
8. The system of claim 7, wherein,
the national secret trusted security module and the BMC module are integrated in one chip.
9. The system of claim 7 wherein the national cryptographic trusted security module receives encrypted information from a national cryptographic trusted security element of a trusted read-only memory system from Pin5/Pin6 pins on a PCIE interface.
10. A computer system comprising the trusted read-only memory system of any one of claims 1-6 and the trusted BMC system of any one of claims 7-9.
CN202211572143.0A 2022-12-08 2022-12-08 Trusted read-only memory system and trusted baseboard management controller system Pending CN116167060A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211572143.0A CN116167060A (en) 2022-12-08 2022-12-08 Trusted read-only memory system and trusted baseboard management controller system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211572143.0A CN116167060A (en) 2022-12-08 2022-12-08 Trusted read-only memory system and trusted baseboard management controller system

Publications (1)

Publication Number Publication Date
CN116167060A true CN116167060A (en) 2023-05-26

Family

ID=86417243

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211572143.0A Pending CN116167060A (en) 2022-12-08 2022-12-08 Trusted read-only memory system and trusted baseboard management controller system

Country Status (1)

Country Link
CN (1) CN116167060A (en)

Similar Documents

Publication Publication Date Title
CN106416121B (en) Common mode RSA key pair for signature generation and encryption/decryption
CN108345806B (en) Hardware encryption card and encryption method
US9043604B2 (en) Method and apparatus for key provisioning of hardware devices
CN100487715C (en) Date safety storing system, device and method
US10122713B2 (en) Method and device for the secure authentication and execution of programs
JP7454564B2 (en) Methods, user devices, management devices, storage media and computer program products for key management
US8281132B2 (en) Method and apparatus for security over multiple interfaces
US10680816B2 (en) Method and system for improving the data security during a communication process
US20200104528A1 (en) Data processing method, device and system
CN102123031A (en) Hardware attestation techniques
US20210258148A1 (en) Key management method, security chip, service server and information system
CN110874478A (en) Key processing method and device, storage medium and processor
CN111245597A (en) Key management method, system and equipment
US11411719B2 (en) Security system and method thereof using both KMS and HSM
CN110889123B (en) Authentication method, key pair processing method, device and readable storage medium
CN112400299B (en) Data interaction method and related equipment
CN111008094B (en) Data recovery method, device and system
CN115065472B (en) Security chip encryption and decryption method and device based on multi-key encryption and decryption
CN100334519C (en) Method for establishing credible input-output channels
CN114942729A (en) Data safety storage and reading method for computer system
CN111191217A (en) Password management method and related device
US20210126776A1 (en) Technologies for establishing device locality
CN111901109B (en) White-box-based communication method, device, equipment and storage medium
US9135449B2 (en) Apparatus and method for managing USIM data using mobile trusted module
CN115694922A (en) File transmission encryption method and equipment under domestic CPU and OS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination