TW201117040A - Method of password management and identification adapted for trusted platform module - Google Patents

Method of password management and identification adapted for trusted platform module Download PDF

Info

Publication number
TW201117040A
TW201117040A TW98137158A TW98137158A TW201117040A TW 201117040 A TW201117040 A TW 201117040A TW 98137158 A TW98137158 A TW 98137158A TW 98137158 A TW98137158 A TW 98137158A TW 201117040 A TW201117040 A TW 201117040A
Authority
TW
Taiwan
Prior art keywords
verification
code
password
electronic device
user
Prior art date
Application number
TW98137158A
Other languages
Chinese (zh)
Other versions
TWI502401B (en
Inventor
Yi-Ming Teng
Shih-Pin Chang
Hsiang-Chien Tu
Original Assignee
Giga Byte Tech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Giga Byte Tech Co Ltd filed Critical Giga Byte Tech Co Ltd
Priority to TW098137158A priority Critical patent/TWI502401B/en
Publication of TW201117040A publication Critical patent/TW201117040A/en
Application granted granted Critical
Publication of TWI502401B publication Critical patent/TWI502401B/en

Links

Abstract

A method of password management and identification adapted for TPM is provided. An identification code can be automatically generated according to a TPM password and saves the identification code to an identifying device selected by a user. The identifying device having the identification code can directly used to be an electronic key for the TPM. The user can open a data or hard disk encrypted by the TPM on condition that the user connects the storage device to an electronic device directly and therefore it is very convenient for the user.

Description

201117040 TW98023GB 32297twf.doc/n 六、發明說明: 【發明所屬之技術領域】 本發明是有關於-種密碼管理與驗證方法, 有關於-種適用具有可信任安全平台模組(Τ’·: Platform Moduie,簡稱TPM)之電子裝置的密碼管理與驗 • 【先前技術】 隨著電腦與網路的普及,各種電腦系統 常生活中不可或缺的工具’同時也是工作時主要的 理工具。在資料儲存上,硬碟(HardDisk,HD)為目前儲 存裝置中具有最大容量的儲存裳置,同時也是最主要的資 料儲存裂置。因此,資料安全對於電腦的㈣者而言日趨 重要,隨著越來越多的駭客入侵、木馬程式,電腦資料外洩 風險也越來越高’且筆記型電腦攜帶容易、單價高、容易變現, • 也常是竊賊最好的下手目標。一旦資料外流,造成的損失往往 無法估&十且無法挽回。 目前最主要的資訊防護技術規格為信賴運算集團 CTrusted Computing Group,簡稱 TCG)所推廣的 TPM,包括201117040 TW98023GB 32297twf.doc/n VI. Description of the Invention: [Technical Field of the Invention] The present invention relates to a method for managing and verifying passwords, and relates to a module having a trusted security platform (Τ'·: Platform) Moduie (TPM) is the password management and verification of electronic devices. [Prior Art] With the popularity of computers and networks, tools that are indispensable in the life of various computer systems are also the main tools at work. In data storage, HardDisk (HD) is the storage device with the largest capacity in the current storage device, and it is also the most important storage storage. Therefore, data security is becoming more and more important for computer users. As more and more hackers invade and Trojan horse programs, the risk of computer data leakage is getting higher and higher, and notebook computers are easy to carry, high unit price, and easy. Realizing, • It is also often the best target for thieves to get started. Once the data is outflowed, the damage is often unpredictable and unrecoverable. At present, the most important information protection technology specification is TPM promoted by Trusted Computing Group (TCG), including TCG.

Intel、Acer、LBM、HP、AMD、Sony、Sun Micro 及微軟等資 訊大廠全球一線資訊大廠都支持這個協定^ TpM可直接對硬 碟或育料夾加密,被加密過的檔案除了需要密碼以外還需要 TPM晶片才能進行解密’因此就算使用者的密碼被駭客竊 取’由於骇客的電腦並沒有對應的TPM晶片,因此也無法竊 201117040 TW98023GB 32297twf.doc/n 取被加密的資料。 士二3 ™晶片加密的槽案會要求使用者手動輸入密碼後 2對公料職以供使用者使用,以及達到操作權限及使用 =、㈣等魏。然而’料料遺失也不料記,一旦遺 後碼,讀變無法挽回,會對使用者造成相當大的困擾。 【發明内容】 本發供-_碼管轉驗 =之電子裝置’此方法可自動根據麗料產生-組 隨身碟或莊芽穿置所Μ的裝置’如 孤牙衣置中,4隨身碟成為Tm的電匙。 ==憶密碼’只要將隨身碟或藍芽裳置連接至電 子裝=可開啟ΤΡΜ所加密之資料夹或硬碟,相當方便。 f ^ ^ ^ ^ W 'i ^ ^ ^式產,可將隨身碟等儲存裝 : ; = =證裝置’將其設定為的電子錄 加密之資料夾或硬碟藍芽裝置來開啟麗所 於具= 與驗證方法’適用 列牛驟,营本, 述密碼管理與驗證方法包括下 4:取It:上述電子裝置所連接的-驗證褒置; 別碼與,者密碼產生為—驗=硬體二 於上述驗證裝置或電子^ a私證碼儲存 ^于裝置中,使上边驗證裝置成為一電 201117040 TW98023GB 32297twf.doc/n 子鑰匙;當上述驗證裝置連接至上述電子裝置時,自動驗 證上述驗證碼是否正確,若上述驗證碼正確則自動解密上 述電子裝置所加密之一資料夾或一硬碟供使用者使用。 在本發明一實施例中,上述驗證裝置包括通用序列匯 流排(UniVersal SeriaI Bus,簡稱USB)隨身碟或該 tooth)裝置或行動硬碟。上述硬體識別碼包括產品序號或媒Information vendors such as Intel, Acer, LBM, HP, AMD, Sony, Sun Micro, and Microsoft all support this agreement. TpM can directly encrypt hard drives or educational clips. In addition to passwords, encrypted files are required. In addition, the TPM chip is required for decryption 'so that even if the user's password is stolen by the hacker', since the hacker's computer does not have a corresponding TPM chip, it is impossible to steal the encrypted data from 201117040 TW98023GB 32297twf.doc/n. The slot 2 encryption of the TM 2 TM chip will require the user to manually enter the password after 2 pairs of public jobs for the user to use, and to achieve operational authority and use =, (four) and so on. However, the loss of the material is not remembered. Once the code is left, the reading cannot be recovered, which will cause considerable trouble to the user. [Summary of the Invention] This is an electronic device for the - code tube test = this method can be automatically generated according to the material - the set of flash drive or the device that the Zhuang bud wears, such as a toothless garment, 4 flash drive Become the key of Tm. ==Recall passwords. Just connect the flash drive or Bluetooth to the electronic device = you can open the encrypted folder or hard drive, which is quite convenient. f ^ ^ ^ ^ W 'i ^ ^ ^, which can be used to store the flash drive, etc.: = = = The device is set to the e-mail encrypted folder or the hard disk Bluetooth device to open With = and verification method 'applicable column, the business, the password management and verification methods include the following 4: Take It: the above-mentioned electronic device connected - verification device; other code and password generated - test = hard The second verification device or the electronic verification code is stored in the device, so that the upper verification device becomes a 201117040 TW98023GB 32297twf.doc/n subkey; when the verification device is connected to the electronic device, the above verification is automatically verified. If the verification code is correct, if the verification code is correct, one of the folders or a hard disk encrypted by the electronic device is automatically decrypted for use by the user. In an embodiment of the invention, the verification device comprises a Universal Serial Bus (USB) flash drive or a Bluetooth device or a mobile hard disk. The above hardware identification code includes product serial number or media

體存取控制位址(Media Access Control address,簡稱 MAC • addreSS)。上述電子裝置包括筆記型電腦或桌上型電腦或行 動電話。 在本發明一實施例中,其中在偵測上述電子裝置所連 接的上迷驗澄裝置之步驟後,更包括詢問使用者是否將上 述驗證裝置設定為上述電子鑰匙。 、在本發明一實施例中,其中在將上述硬體識別碼與上 述使用者密碼編碼為上述驗證碼之步驟更包括要求使用者 輪入上述使用者密碼。 擊 在本發明—實施例中,其中在自動驗證上述驗證碼是 f正ί之步驟更包括驗證上述驗證裝置之硬體 與驗證碼相符》 本發明一實施例中,上述密碼管理與驗證方法更包 當上述驗證裝置自上述電子裝置移除時,關閉上述電 子裝置所加密之資料夾或硬碟。 牛在本發明一實施例中,其中在自動驗證上述驗證碼之 ^更包括當上述電子裝置自—休眠餘恢復至一正常狀 恝枯,重新驗證上述驗證碼。 201117040 TW98023GB 32297twf.doc/n 在本發明-實補t,射在自驗證上述驗證碼是 否正確之步驟中更包括谓測TPM是否開啟,若τρΜ未開 啟則忽略上述驗證碼。 '•在本發mm,其中在根據上述硬體識別碼與 上述使用者密碼產生為上述驗證碼之步驟更包括對上述驗 證碼加密。 在本發明-實施例中,其中上述電子聚置係利用τρΜ 對上述資料线上述硬麵行喊或驗。上述使用者密 碼為一 TPM密碼。 山 个七β另抆出一種密碼驗證方法,適用於I有可俨任 安全平台餘(TfUSted Platf_ M_ie> _ τρΜ)“ ,子裝置’上述密碼驗證方法包括下列步驟:首先,檢 查TPM是否開啟;若TPM開啟則偵 =上述電子裝置;自動檢查所連接之二^ 裝置中之-驗證碼是否正確4上述驗證碼正 自動觸而所加密之—資做或—硬碟供使用 八,月又提{£{種電腦程式產品,包括至少一程式指 L迷程式指令用以载人—電子裝置以執行下列步驟: 置裝置所連接的—驗證裝置;讀取上述驗證裝 «識別碼,根據上述硬體識別顺—使用者密碼 述電述驗證碼儲存於上述驗證裝置或上 驗述驗證裝置成為-電子鑰匙;當上述 立、連接至上逑電子裝置時,自動驗證上述驗證碼是 201117040 TW98023GB 32297twf.doc/n f正確,若上述驗證碼正確則自動解密上述電子裝置所加 密之一資料夾或一硬碟供使用者使用。 _本發明又提出一種電腦程式產品,包括至少一程式指 々上述私式指令用以載入一電子裝置以執行下列步驟: 铋查TPM是否開啟;若TPM開啟則偵測是否有一驗證裝 置連接至上述電子裝置;自動檢查所連狀上述驗證裝置 或電子裝置中之一驗證碼是否正確;若上述驗證碼正確, 則自動解密TPM所加密之L域—硬碟供使用者使 用。 基於上述,本發明利用隨身碟或藍芽裝置來作為 的電子鑰匙,使用者可自行決所喜歡的驗證裝置來作為電 子鑰匙,在設定完成後,使用者可直接利用設定好的隨身 碟或藍芽裝置來開啟TPM加密的資料赌,不需記憶密 碼,相當方便。此外,本發明會根據隨身碟或藍芽裝^的 硬體辨識碼來判斷使用者所使用的電子鑰匙是否正確,以 防止隨身碟或藍芽裝置中的驗證碼失竊,進—步详 的安全性。 a 十 為讓本發明之上述特徵和優點能更明顯易懂,下文特 舉實施例,並配合所附圖式作詳細說明如下。 , 【實施方式】 第一實施例 本實施例提供-種密碼管理與驗證方法,其可依照使 用者的喜㈣驗證裝置設定為TPM的電子騎,讓<吏用 201117040 TW98023GB 32297twf.doc/nMedia Access Control address (MAC • addreSS). The above electronic device includes a notebook computer or a desktop computer or a mobile phone. In an embodiment of the invention, after detecting the step of the above-mentioned electronic device connected to the authentication device, the method further includes asking the user whether to set the verification device as the electronic key. In an embodiment of the invention, the step of encoding the hardware identification code and the user password into the verification code further comprises requiring the user to enter the user password. In the embodiment of the present invention, wherein the step of automatically verifying that the verification code is f positively includes verifying that the hardware of the verification device matches the verification code. In an embodiment of the present invention, the password management and verification method is further When the verification device is removed from the electronic device, the folder or hard disk encrypted by the electronic device is turned off. In an embodiment of the invention, the automatic verification of the verification code further includes re-verifying the verification code when the electronic device recovers from a sleep state to a normal state. 201117040 TW98023GB 32297twf.doc/n In the present invention - the real complement t, the step of self-verification whether the above-mentioned verification code is correct includes whether the TPM is turned on or not, and if the τρΜ is not turned on, the above verification code is ignored. In the present invention, the step of generating the verification code according to the hardware identification code and the user password described above further includes encrypting the verification code. In an embodiment of the invention, wherein the electron concentrating system utilizes τρΜ to scream or test the hard surface of the data line. The above user password is a TPM password. A seven-beta method is also used to verify the security of the platform (TfUSted Platf_M_ie> _ τρΜ), and the sub-device's password verification method includes the following steps: First, check whether the TPM is turned on; If the TPM is turned on, the above-mentioned electronic device is detected; automatically check whether the verification code in the connected device is correct. 4 The verification code is automatically encrypted and encrypted - the resource is used or the hard disk is used for eight months. {£{ kinds of computer program products, including at least one program refers to the L program command for manned - electronic device to perform the following steps: setting the device connected to the verification device; reading the above verification device «identification code, according to the above hard The physical identification verification code is stored in the above verification device or the above verification verification device becomes an electronic key; when the above-mentioned vertical connection is connected to the upper electronic device, the verification code is automatically verified as 201117040 TW98023GB 32297twf.doc /nf is correct, if the verification code is correct, one of the folders or a hard disk encrypted by the electronic device is automatically decrypted for the user to use. A computer program product, comprising at least one program for loading the electronic device to load an electronic device to perform the following steps: checking whether the TPM is enabled; and detecting whether a verification device is connected to the electronic device if the TPM is enabled; Automatically checking whether the verification code of one of the above verification devices or electronic devices is correct; if the verification code is correct, the L domain encrypted by the TPM is automatically decrypted for use by the user. Based on the above, the present invention utilizes the flash drive. Or the blue key device as the electronic key, the user can decide the favorite verification device as the electronic key. After the setting is completed, the user can directly open the TPM encrypted data by using the set flash drive or the Bluetooth device. It is quite convenient to gamble without remembering the password. In addition, the present invention determines whether the electronic key used by the user is correct according to the hardware identification code of the flash drive or the Bluetooth device to prevent the flash drive or the Bluetooth device. The verification code is stolen, and the safety of the step-by-step is detailed. a. To make the above features and advantages of the present invention more obvious, the following The embodiment is described in detail below with reference to the accompanying drawings. [Embodiment] The first embodiment provides a password management and verification method, which can be set as a TPM according to the user's favorite (4) verification device. Electronic riding, let <201117040 TW98023GB 32297twf.doc/n

者可直接以驗證裝置來開啟TPM加密的資料夾或硬碟。 使用者不需記憶所設定的TPM密碼,僅需將驗證裝置連 接至電子裝置’如筆記型電腦或桌上型電腦或行動電話, 電子裝置即會自動辨識所連接的驗證裝置是否正確,然後 自動開啟TPM加密的資料夾或硬碟給使用者使用,相當 便利。換句話說,本發明可取代人工輸入密碼的方式,讓 系統自動驗證並自動輸入TPM密碼以對加密的資料進行 解密。其中,可以設定為電子鑰匙的驗證装置則例如USB 身碟' 藍芽裝置或行動硬碟或具有儲存功能之手機等, 但本實施例並不受限於此。 舉例來說,請參照圖1,圖1為根據本發明第一實施 例之密碼管理與驗證方法流程圖,首先,偵測電子裝1所 連接的驗證裝置(步驟sll0),其連接方式包括有線或無 線,本實施例並不受限。此外,在步驟S110中也可詢^ 使用者是否將驗證裝置設定為電子鑰匙。然後,讀取驗證 裝置的—硬體識別碼(步驟sl2〇)。在步驟S120中,更可 提供所有可設定為電子鑰匙的驗證裝置列表讓使用者挑選 以及要求使用者設定一使用者密碼,例如TPM密碼。然 後,接下來,根據硬體識別碼與使用者密碼產生—驗證碼 Y步驟S130),然後自動將驗證碼儲存於所連接之驗證裴置 =電子裝;置中,使驗證裝置成為一電子錄匙(步驟Si^o)。 其中,驗證碼也可以經由加密後再儲存至驗證裝置中’其 加解始、的演算法並不受限。然後,當驗證裝置連接至電子 置時,自動驗5_s_驗證裝置或電子裝置中之驗證碼是否正 201117040The TPM-encrypted folder or hard drive can be opened directly by the verification device. The user does not need to memorize the set TPM password, and only needs to connect the verification device to the electronic device such as a notebook computer or a desktop computer or a mobile phone, and the electronic device automatically recognizes whether the connected verification device is correct, and then automatically It is quite convenient to open the TPM encrypted folder or hard disk for the user. In other words, the present invention replaces the manual entry of a password, allowing the system to automatically verify and automatically enter the TPM password to decrypt the encrypted material. The verification device that can be set as an electronic key is, for example, a USB flash drive, a Bluetooth device or a mobile hard disk, or a mobile phone having a storage function, but the embodiment is not limited thereto. For example, please refer to FIG. 1. FIG. 1 is a flowchart of a password management and verification method according to a first embodiment of the present invention. First, a verification device connected to an electronic device 1 is detected (step s110), and the connection manner includes wired. Or wireless, this embodiment is not limited. Further, in step S110, it is also possible to check whether the user sets the verification device as an electronic key. Then, the hardware identification code of the verification device is read (step sl2). In step S120, a list of all verification devices that can be set as an electronic key can be provided for the user to select and ask the user to set a user password, such as a TPM password. Then, according to the hardware identification code and the user password, the verification code Y is step S130), and then the verification code is automatically stored in the connected verification device=electronic device; the middle is made, so that the verification device becomes an electronic record. Spoon (step Si^o). The verification code can also be stored in the verification device after being encrypted. The algorithm for the start of the addition is not limited. Then, when the verification device is connected to the electronic device, it is automatically verified whether the verification code in the 5_s_ verification device or the electronic device is positive 201117040

解密的演算法或裝置。 丁展罝所加密之資料夾或 '。電子裝置可利用TPM對 但本實施例並不受限其加Decrypted algorithm or device. Ding Zhan's encrypted folder or '. The electronic device can utilize the TPM pair, but the embodiment is not limited to

一致,若不一致就不會解密資 這樣的驗證方式可以預防驗證Consistent, if it is inconsistent, it will not be decrypted. This verification method can prevent verification.

# 碼失斜,料躲證賴存知的驗裝置·來開啟 加雄棺案的情況發生。即使驗證碼失竊,只要所使用的驗 證裝置不-致,同樣無法開啟加密的標案,為加密的標幸 提供雙重的保障。值得注意的是,硬體辨識碼例如為產品 序號身分編碼或是媒體存取控制位址(Media a⑶娜 Ccmtroladdress ,簡稱MACaddress)等電子產品中獨有的 由上述說明可知,本發明可依據使用者所選擇的驗證 裝置與其使用者密碼來產生電子输匙,這樣的方式可以讓 使用者更簡便的使用TPM的加密機制,也不用擔心遺忘 密碼。此外,本實施例也可適用於一般的加密系統,使^ 者可以簡單的以隨身碟或藍芽裝置來製作個人化的電子鑰 沾,相當方便。此外,值得注意的是,驗證碼可依照使用 者設定將其儲存於所連接之驗證裝置或電子裝置即可達到 自動驗證的功能,當然也可同時存放於驗證裝置或電子裝 置中,本實施例並不受限。 本發明另提供一種電腦程式產品,其係包含程式指令 201117040 TW98023GB 32297twf.doc/n 用以執行上述圖l之密碼管理與驗證方法 程式產品基本上是由多數個程式碼片段所;= Ξ 立組織圖程式碼片段、簽核表單程式碼片 』= 片段、以及部署程式碼片段),並且這些 =:r之後’即可完成上述電子= 第一'實施例 上述圖1之步驟S150主要說明驗證驗縣置是否為 正確的電子鑰匙的過程,若將其應用於TPM之電子裝置 中’其實施方法可進-步說明如下。請參照圖2,圖^為 根據本發明第二實施例之密碼驗證方法流程圖。首先,檢 ΐ TfM是否開啟’若否則結束流程,不需進行密碼的^ a。右TEV[有開啟則進一步偵測是否有驗證裝置連接至 電子裝置(步驟S220)。若有,則自動檢查驗證裝置或電子 裝,中的驗證碼是否正確,包括檢查其TpM密碼(即使用 者,碼)與硬體辨識碼是否正確(步驟S23〇广然後,檢查系 ,疋,正從休眠狀態(suspend state,即S3)中恢復正常狀 態,若是則重新掃描,即重新執行步騾S21〇〜S23〇以避免 系統誤判(步驟S240)。若系統處於正常狀態則 自動解密 PM所加密的資料夾或硬碟供使用者使用(步驟 S250)。 值得注意的是’上述步驟S240主要是用來防止當系 、’-先自休眠狀態回復時,系統尚未穩定可能產生誤判而設 置。此一步驟S240可依照使用者設計需求增添或移除, 本實施例並不受限,同時也不會影響本實施例的功效。 201117040 TW98023GB 32297twf.doc/n 依照上述圖2的說明,本發明另提供—種 品,其係包含程式指令用以執行上述圖2 的步驟,此電腦程式產品基本上是由多數個 ί成:二織圖程式碼片段、簽核表單程式二 段5又疋私式碼片段、以及部署程式碼片段) 程式碼片段在载人電子裝置中並執行之後,即可 ^ 電子鑰匙的建立與密碼驗證功能。 疋成上述 第三實施例 在設定電子論匙的過程中,可藉由視覺化的使用者介 面協助❹者奴,其介面設定本實_並不^用= 來’以流程圖為㈣明本發财設定f切匙的方法,言主 參照圖3 ’圖3為根據本發明第三實施例之電子餘匙的^ 定^程圖。技’侧所有連接的驗證裝置(步驟削)°, 為電子錄匙之驗證裝置供使用者選擇(步驟 瑪驗用者所選擇的驗難㈣硬體識別 牌’、:技给说德碼產生一驗證碼(步驟S33〇),然後加密驗證 ‘’·、亚:、立碼儲存於使用者所選定的驗證裝置戋電子穿置 (步驟S3,此一儲存有驗證碼之難裝置即可作為τ;Μ 之電子錄匙,只要連接至電子裝置即可讓τρΜ解密,藉 此取代人卫輸出ΤΡΜ密碼的方絲進行密碼管理與驗 a增加使用者的方便性。關於本實施例中之驗證碼與其 餘細節請參照上述實施_說明,在此不加贅述。 第四實施例 、 請參照圖4,圖4為根據本發明第四實施例之硬體裝 201117040 TW98023GB 32297twf.doc/n 置圖。如圖4所示,筆記型電腦410中具有TPM,當USB 隨身碟420插入筆記型電腦410的USB槽時,筆記型電腦 410會自動驗證隨身碟420中是否有正確的驗證碼,若驗 證碼正確則自動開啟TPM加密的檔案供使用者使用。若 USB隨身碟420中不具有驗證碼,則使用者可透過使用者 介面來設定電子鑰匙,其設定方式如上述第三實施例所 述,在此不加贅述。 此外,值得注意的是,雖然上述實施例以ΤΙ>Μ為例 說明,但本發明並不限定於ΤΡΜ之系統,也可以將其應 用於其他資料加密方式的技術。同樣可藉由隨身碟或藍^ 裝置來取代人工輸入密碼的方式以增加使用者的便利=。 經由上述實施例之說明’本技術領域具有通常知識者應可 輕易推知其他應用方式,在此不加贅逑。 綜上所述’本發明利用隨身碟或藍芽裝置來作為電子 输匙以取代人工輸人密碼的方式,讓制者可以更 開^^加密㈣案。同時,本發明提供使用者設 定電子錄拍賊手段,祕用者可吻定個人 錄起二並且結合硬體辨_與使用者糾來作為電子^ 的驗證碼,讓使用者的賢料可以獲得雙重保产] ^ 雖然本發明已以實施例揭露如上,铁並】° 本發明,任何所屬技術領域中具有通常^者,,定 本發明之精神和範圍内,當可作些 在不脫離 發明之保護範圍當視後附之申本 201117040 TW98023GB 32297twf.doc/n 【圖式簡單說明】 圖1為根據本發明第一實施例之密媽管理與驗證方法 流程圖。 圖2為根據本發明第二實施例之密碼驗證方法流程 圖。 »/j 圖3為根據本發明第三實施例之電子鑰聲^ 圖0 〇#码失斜, the material to avoid the test of Lai Cunzhi · to open the situation of the Kaohsiung case. Even if the verification code is stolen, as long as the authentication device used is not correct, the encrypted standard cannot be opened, which provides a double guarantee for the encryption. It should be noted that the hardware identification code is unique to an electronic product such as a product serial number encoding or a media access control address (Media a (3) Ccmtrol address, abbreviated as MAC address), and the present invention can be based on the user. The selected verification device and its user password are used to generate an electronic key. This way, the user can more easily use the TPM encryption mechanism without worrying about forgetting the password. In addition, the embodiment can also be applied to a general encryption system, so that the user can easily create a personalized electronic key with a flash drive or a Bluetooth device, which is quite convenient. In addition, it is worth noting that the verification code can be automatically verified by being stored in the connected verification device or the electronic device according to the user setting, and can also be stored in the verification device or the electronic device at the same time. Not limited. The invention further provides a computer program product, which comprises a program instruction 201117040 TW98023GB 32297twf.doc/n for executing the password management and verification method of the above figure 1. The program product is basically composed of a plurality of code segments; = Ξ organization Figure code segment, sign-off form program chip 』 = segment, and deployment code segment), and these =: r after 'can complete the above electronic = first' embodiment Step S150 of Figure 1 above mainly describes the verification test The process of whether the county is the correct electronic key, if it is applied to the electronic device of the TPM, the implementation method can be further explained as follows. Referring to FIG. 2, FIG. 2 is a flowchart of a password verification method according to a second embodiment of the present invention. First, check if TfM is turned on. ‘If the process ends otherwise, no password is required. Right TEV [When turned on, it is further detected whether or not a verification device is connected to the electronic device (step S220). If yes, it will automatically check whether the verification code in the verification device or the electronic device is correct, including checking whether the TpM password (ie, user, code) and the hardware identification code are correct (step S23 is wide and then, check system, 疋, The normal state is being restored from the suspend state (S3), and if so, the scan is re-scanned, that is, steps S21〇 to S23 are re-executed to avoid system misjudgment (step S240). If the system is in a normal state, the PM is automatically decrypted. The encrypted folder or hard disk is used by the user (step S250). It is worth noting that the above step S240 is mainly used to prevent the system from being set up when the system is not stable after the system is not stable. This step S240 can be added or removed according to user design requirements, and the embodiment is not limited, and does not affect the efficacy of the embodiment. 201117040 TW98023GB 32297twf.doc/n According to the description of FIG. 2 above, the present invention Further provided is a product, which comprises program instructions for performing the steps of FIG. 2 above, and the computer program product is basically composed of a plurality of pieces: a two-text code segment Sign-form programming II, paragraph 5 and Piece Goods private type code fragments, as well as the deployment of a code snippet) snippet and after the implementation of the manned electronic device, the electronic key to ^ establish and password authentication. In the third embodiment, in the process of setting the electronic key, the user interface can be assisted by the visual user interface, and the interface is set to be _not ^ with = to 'flow chart (4) The method of setting the f-cut key is described with reference to Fig. 3, which is a diagram of the electronic spare key according to the third embodiment of the present invention. All the connected verification devices (steps) °, for the electronic key registration device for the user to choose (steps the tester selected by the tester (four) hardware identification card',: technology to say the code generation a verification code (step S33〇), and then the encryption verification ''·, sub:: the code is stored in the verification device selected by the user, and the electronic device is placed (step S3, the hard device storing the verification code can be used as τ; Μ The electronic key, as long as connected to the electronic device, can be decrypted by τρΜ, thereby replacing the square wire of the human ΤΡΜ output ΤΡΜ password for password management and verification a to increase user convenience. About the verification in this embodiment For the details of the code and the rest of the details, please refer to the above-mentioned implementations. The description will not be repeated here. The fourth embodiment, please refer to FIG. 4, and FIG. 4 is a diagram of the hardware installation 201117040 TW98023GB 32297twf.doc/n according to the fourth embodiment of the present invention. As shown in FIG. 4, the notebook computer 410 has a TPM. When the USB flash drive 420 is inserted into the USB slot of the notebook computer 410, the notebook computer 410 automatically verifies whether the correct verification code is present in the flash drive 420. The code is correct and it will open automatically. The TPM encrypted file is used by the user. If the USB flash drive 420 does not have a verification code, the user can set the electronic key through the user interface, and the setting manner is as described in the third embodiment above, and is not added here. In addition, it should be noted that although the above embodiment is described by way of example, the present invention is not limited to the system of ΤΡΜ, and can also be applied to other data encryption methods. The disc or the blue device replaces the manual input of the password to increase the user's convenience. According to the description of the above embodiment, those skilled in the art should be able to easily infer other application modes without any ambiguity. As described above, the present invention utilizes a flash drive or a Bluetooth device as an electronic input key to replace the manual input password, so that the system can open the encrypted (4) case. At the same time, the present invention provides the user to set the electronic record. The thief means that the secret user can kiss the personal record and combine it with the hardware to solve the problem with the user as the verification code of the electronic ^, so that the user's sage can get double PRODUCTION OF PRODUCTION] While the present invention has been disclosed in the above embodiments, the present invention, which is generally within the spirit and scope of the present invention, may be protected without departing from the invention. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a flow chart of a method for managing and verifying a mom according to a first embodiment of the present invention. FIG. 2 is a second embodiment of the present invention. Example of a password verification method flowchart. / / j Figure 3 is an electronic key sound according to a third embodiment of the present invention.

圖4為根據本發明第四實施例之硬體装I 【主要元件符號說明】 S110〜S150 :流程圖步驟 S210〜S250 :流程圖步驟 8310〜8340:流程圖步驟 410:筆記型電腦 420 :隨身碟4 is a hardware package according to a fourth embodiment of the present invention. [Main component symbol description] S110 to S150: flowchart steps S210 to S250: flowchart steps 8310 to 8340: flowchart step 410: notebook computer 420: portable dish

Claims (1)

201117040 TW98023GB 32297twf.doc/n 七、申請專利範圍: 1· 一種密碼管理與驗證方法’適用於具有可信任安全 平台模組(Trusted Platform Module,簡稱 TPM)之一電子 裝置,該自動驗證方法包括: ’ 偵測該電子裝置所連接的一驗證裝置; 讀取該驗證裝置的一硬體識別碼; 根據該硬體識別碼與一使用者密碼產生為一驗證碼; 將該驗證瑪儲存於該驗證裝置或該電子裝置之中,使 該驗證裝置成為一電子錄匙;以及 β當該驗#裝置連接至該電子裝置時,自動驗證該驗證 碼疋否正確,若該驗證碼正確則自動解密該電子裝置所加 密之一資料夾或一硬碟供使用者使用。 2. 如申請專利範圍第i項所述之密碼管理與驗證方 法,其中該驗證裝置為通用序列匯流排(Universal SerW Bus,簡稱USB )隨身碟或藍芽(blue t〇〇th)裝置或行動硬碟^ 3. 如申請專利範圍第1項所述之密碼管理與驗證方 法,其中該硬體識別碼為產品序號或媒體存取控制位址 (Media Access Control address,簡稱 MAC address)。 4. 如申請專利範圍第1項所述之密碼管理與驗證方 法,其中在偵測該電子裝置所連接的該驗證裝置之步驟 後,更包括: 洶問使用者是否將該驗證裝置設定為該電子鑰匙。 5. 如申請專利範圍第1項所述之密碼管理與驗證方 法,其中在將該硬體識別碼與該使用者密碼編碼為該驗證 201117040 TW98023GB 32297twf.doc/n 碼之步驟更包括要求使用者輸域❹者密碼。 6.如申請專利範㈣丨項所述之 法,其中在自動驗證該驗證碼是否正確之步驟更包 該驗證裝置找硬體酬碼衫触驗證碼相^括^ 法,^包如括申請專利範圍第1項所述之密碼管理與驗證方 =驗賴置自該電子裝置移除時,_ 所加岔之貧料夾或硬碟。 电亍袈罝 法,圍第1項所述之密瑪管理與驗證方 電話了 μ子織包括纽型電腦或桌上型電腦或行動 申請專利範圍第i項所述之 法’其中在自動驗證該驗證碼之步驟更包括·,U 新驗置自—休眠麵復至—增態時,重 法,Γ中ΐΓί專利範圍第1項所述之密碼管理與驗證方 =洲是否2驗證該驗證碼是否正叙步驟中更包括偵 Τ疋印啟’若ΤΡΜ未開啟聽略魏證碼。 法,中請專利範圍第1項所述之密码管理與驗證方 證碼使用者密碼產生為該驗 又L枯對該驗證碼加密。 沐,甘Α如申δ月專利域第1項所述之密石馬管理與驗證方 ―’中該電子裝置係利用ΤΡΜ對該資料夾或該硬 仃加密或解密。 15 201117040 TW98023GB 32297twf.doc/n 13.如申请專利範圍第i項所述之密碼管理與驗證方 法’其中該使用者密碼為一 TPM密碼。 —種密碼驗證方法,適用於具有可信任安全平台 模組(Trusted Platform Module,簡稱 TPM)之一電子裝 置’該密碼驗證方法包括: 檢查TPM是否開啟; 若TPM開啟則偵測是否有一驗證裝置連接至該電子 裝置; 自動檢查所連接之該驗證裝置或該電子裝置中之一 馨 驗證碼是否正確;以及 若該驗證碼正確,則自動解密TPM所加密之一資料 夾或一硬碟供使用者使用。 15. 如申請專利範圍第14項之密碼驗證方法,其中該 私迅裝置為通用序列匯流排(Universy Se丨1 bus,约簇 腦m身碟或藍芽⑽et00th)裝置或行動硬碟。間% 16. 如申請專利範圍第14項之密碼驗證方法,其中在 ^動檢查練證碼衫玉叙步財更包括檢查嫌證碼 鲁 疋否與该驗證裴置之一硬體辨識碼以及一 τρΜ密碼相符。 17. 如申請專利範圍第16項之密碼驗證方法,其中該 硬體識別碼為產序號或媒齡取㈣位址(Media Access Control address,簡稱 MAC address)。 18. 如申請專利範圍第14項之密碼驗證方法,更包 括: 當該驗證裝置自該電子裝置移除時,義該電子裝置 16 201117040 TW98023GB 32297twf.doc/n 所加密之資科夾或硬碟。 雷子二=專利範圍第14項之密碼驗證方法,… 括·.。月利乾圍第14項之密碼驗證方法,更包 新驗證當I電=置自—休眠裝態恢復至-正常狀態時,重 程二2腦程式產品’包括至少一程式指令’該- 私式才"用以载入-電子裳置以執行下列步驟: - 偵測該电子裝置所連接的一驗證裝置; 讀取該驗證裝置的一硬體識別碼; 根據該硬體識別瑪與一使用者密碼產生為—驗 將該驗證碼儲存於該驗證裝置或該電子 該驗證裝置成為一電子鑰匙;以及 證裝置連接至該電子袭置時,自動驗證該驗證 f疋否士確’若該驗證碼正確則自動解密該電子裝置所加 密之一資料夾或一硬碟供使用者使用。 二2.如_請專利範圍第21項所述之電腦程式產品,其 中該驗證裝置為通用序列匯流排(Universal Bus,簡 稱USB)隨身碟或藍芽(blue tooth)裝置或行動硬碟。 23. 如_請專利範圍第1項所述之電腦程式產品,其 十該硬體削碼為產品序號或媒體存取控制位址(編^ Access Control address ,簡稱 MAC address)。 24. 如_請專利範圍第21項所述之電腦程式產品,其 17 201117040 TW98023GB 32297twf.doc/n 中該些程式指令在執行偵測該電子裝置所連接的該驗證裝 置之步驟後,更包括·· 詢問使用者是否將該驗證裝置設定為該電子錄匙。 25.如申請專利範圍第21項所述之電腦程式產品,其 中該些程式指令在執行將該硬體識別碼與該使用者密碼編 碼為該驗證碼之步驟更包括要求使用者輸入該使用者密 碼0 上26.如申請專利範圍第21項所述之電腦程式產品,其 中戎些程式指令在執行自動驗證該驗證碼是否正 ^包括驗縣驗證裝置找硬體制礙讀該驗證= 些程式指令更包所遠之電腦程式產品,該 所加刪,_電子裝置 中該電子果乾圍第21項所述之電腦程式產品,其 中:子腦或桌上型電腦或行動電話。 中該些程式指令錢行動項所述之電難式產品,其 當該電子裳置自證該驗證碼之步驟更包括: 新驗證該驗證碼。 轉態恢復至—正常狀態時,重 30.如申請專利範 令該些程式齡在執彳亍自,其 中更包括偵測TPM是否n D該驗6且碼疋否正確之步驟 崎啟,若TPM未開啟則忽略該驗 201117040 TW98023GB 32297twf.doc/n 中該些程奸八在^ 項所述之電腦程式產品,其 產生i物二仃根據該硬體識別碼與該使用者密碼 產生為錢„碼之步驟更包括對該驗證碼加密。 子==利範圍第21項所述之電難式產品,其 或i密。 M對該資料线該硬碟進行加密201117040 TW98023GB 32297twf.doc/n VII. Patent application scope: 1. A password management and verification method is applicable to an electronic device having a Trusted Platform Module (TPM). The automatic verification method includes: Detecting a verification device connected to the electronic device; reading a hardware identification code of the verification device; generating a verification code according to the hardware identification code and a user password; storing the verification horse in the verification In the device or the electronic device, the verification device is made an electronic key; and when the device is connected to the electronic device, the verification code is automatically verified to be correct, and if the verification code is correct, the verification is automatically performed. One of the folders or a hard disk encrypted by the electronic device is used by the user. 2. The method for managing and verifying a password as described in claim i, wherein the verification device is a Universal SerW Bus (USB) flash drive or a blue t〇〇th device or action The method for managing and verifying a password according to the first aspect of the patent application, wherein the hardware identification code is a product serial number or a media access control address (MAC address). 4. The password management and verification method of claim 1, wherein after detecting the step of connecting the verification device to the electronic device, the method further comprises: asking the user whether the verification device is set to the Electronic key. 5. The method of password management and verification according to claim 1, wherein the step of encoding the hardware identification code and the user password into the verification 201117040 TW98023GB 32297twf.doc/n code further comprises requiring the user The domain password. 6. For the method described in the application patent (4), in which the step of automatically verifying whether the verification code is correct or not is further included in the verification device, and the hardware verification code is used to check the verification code. The password management and verification party described in item 1 of the patent scope = the quarantine clip or hard disk that is added when the electronic device is removed. The eMule method, the Mimar management and verification party mentioned in the first item, calls the muzi weaving including the type of computer or desktop computer or the method described in item i of the mobile application patent. The step of the verification code further includes, the U new check is set from the sleep surface to the - state, the heavy method, the key management and verification side of the patent range of the patent range = the state of the 2 verification of the verification Whether the code is in the positive step or not includes the detective seal and the enrollment. In the law, the password management and verification certificate user password described in item 1 of the patent scope is generated for the test and the verification code is encrypted. Mu, Ganzi, as described in the first paragraph of the patent field, said the electronic device is used to encrypt or decrypt the folder or the hard disk. 15 201117040 TW98023GB 32297twf.doc/n 13. The password management and verification method described in the scope of claim i wherein the user password is a TPM password. A method for verifying a password, which is applicable to an electronic device having a Trusted Platform Module (TPM). The password verification method includes: checking whether the TPM is enabled; and detecting whether a verification device is connected if the TPM is enabled. To the electronic device; automatically checking whether the authentication device connected to the verification device or the electronic device is correct; and if the verification code is correct, automatically decrypting one of the folders or a hard disk encrypted by the TPM for the user use. 15. The method for verifying a password according to claim 14 wherein the private device is a Universal Se丨1 bus or a Bluetooth device or a mobile hard disk. % 16. For example, the password verification method of claim 14 of the patent application scope, wherein the verification of the code version of the shirt, the jade, and the step of checking the suspect code is not related to the hardware identification code of the verification device and A τρΜ password matches. 17. The method for verifying a password according to claim 16 of the patent scope, wherein the hardware identification code is a production serial number or a media access control address (MAC address). 18. The method for verifying a password according to claim 14 of the patent scope further includes: when the verification device is removed from the electronic device, the electronic device 16 201117040 TW98023GB 32297twf.doc/n encrypted folder or hard disk . Lei Zi 2 = password verification method for item 14 of the patent scope, ... The password verification method of the 14th item of Yueliwei, and the new verification method. When the power is restored to the normal state, the heavy-duty 2 brain program product includes at least one program instruction. a method for loading-electronics to perform the following steps: - detecting a verification device to which the electronic device is connected; reading a hardware identification code of the verification device; determining a horse and a The user password is generated as: the verification code is stored in the verification device or the electronic device is an electronic key; and when the device is connected to the electronic device, the verification is automatically verified. If the verification code is correct, one of the folders or a hard disk encrypted by the electronic device is automatically decrypted for use by the user. 2. The computer program product of claim 21, wherein the verification device is a Universal Bus (USB) flash drive or a blue tooth device or a mobile hard disk. 23. If the computer program product mentioned in item 1 of the patent scope, the hardware code is 10 or the access control address (MAC address). 24. The computer program product of claim 21, wherein the program instructions in the method of detecting the verification device connected to the electronic device are further included in the program of 2011 2011040 TW98023GB 32297 twf.doc/n · Ask the user if the verification device is set to the electronic key. 25. The computer program product of claim 21, wherein the program instructions further comprise the step of requiring the user to input the user code to perform the step of encoding the hardware identification code and the user password into the verification code. The computer program product described in claim 21, wherein the program instructions are automatically verified to verify whether the verification code is positive or not, and the verification device is inspected to find the hard system to hinder the verification = some program instructions In addition to the computer program products, the computer program products mentioned in Item 21 of the electronic device are: the daughter brain or the desktop computer or the mobile phone. In the program, the electronic difficulty product described in the action item, the step of verifying the verification code by the electronic device further includes: newly verifying the verification code. When the transition state is restored to the normal state, the weight is 30. If the application for the patent is ordered, the program age is in the process of self-administration, and the step of detecting whether the TPM is n or not and the code is correct is If the TPM is not turned on, then ignore the computer program product described in the paragraph 201117040 TW98023GB 32297twf.doc/n, which generates the object 2 according to the hardware identification code and the user password. The step of the code further includes encrypting the verification code. Sub == the power-difficult product described in item 21 of the profit range, or i. The M is encrypted on the data line. ㈣Γ田t請專利範圍第21項所述之電腦程式產品,其 中k使用者岔碼為一 Tpm密碼。 人—種電腦程式產品’包括至少—程式指令,該些 私式心令Μ載人-電子裝置以執行下列步驟: — 檢查ΤΡΜ是否開啟; 拉罢若™開啟_測是否有一驗證裝置連接至該電子 哀置, 自動k查所連接之該驗證裝置或該電子— 驗證竭是否正確;以及 若該驗證碼正確,則自動解密TPM所加密之一資 夹或一硬碟供使用者使用。 <35.如申請專利範圍第34項之電腦程式產品,其中該 驗证裝置為通用序列匯流排(Universai seriai Bus,簡稱 USB)隨身碟或藍芽(blue tooth)裝置或行動硬碟。 冉 此36·如申請專利範圍第34項之電腦程式產品,其中該 :二私式指令在執行自動檢查所連接之該驗證裝置中之診驗 證碼是否正確之步驟中更包括檢查該驗證碼是否與該^證 19 201117040 TW98023GB 32297twf.doc/n 裝置之一硬體辨識碼以及一TPM密碼相符。 37.如申請專利範圍第36項之電腦程式產品,其中該 硬體識別碼為產品序號或媒體存取控制位址(Media Access Control address ’ 簡稱]MAC address)。 3 8.如申請專利範㈣3 4項之電腦程式產品,其中該 些程式指令在更包括執行下列步驟: 當該驗證裝置自該電子裝置移除時,關閉該電子裝置 所加密之資料夾或硬碟。 39·如申請專利範圍第34項之 電子裝„電腦或桌上 二中該 40如申請專利範圍第34項 些程式指令在更包括執行下列步驟:。㈤’其中該 當該電子裝置自一休眠裝態恢 新驗證該驗證碼。 “、 正_狀態時,重 20(4) Putian t invites the computer program product described in item 21 of the patent scope, wherein the k user code is a Tpm password. A human computer program product 'includes at least a program command, the private heart locks the human-electronic device to perform the following steps: - check if the ΤΡΜ is turned on; pull if the TM is turned on _ check if a verification device is connected to the Electronic stagnation, automatically check the connected verification device or the electronic - whether the verification is correct; and if the verification code is correct, automatically decrypt one of the folders or a hard disk encrypted by the TPM for the user to use. <35. The computer program product of claim 34, wherein the verification device is a Universal seriai Bus (USB) flash drive or a blue tooth device or a mobile hard disk. In the computer program product of claim 34, wherein: the second private instruction further comprises checking whether the verification code is correct in the step of performing the automatic verification of the diagnostic verification code in the verification device connected to the verification device. It corresponds to one hardware identification code and one TPM password of the device 19 201117040 TW98023GB 32297twf.doc/n device. 37. The computer program product of claim 36, wherein the hardware identification code is a product serial number or a media access control address (Media Access Control address apos; MAC address). 3 8. The computer program product of claim 4 (4), wherein the program instructions further comprise the following steps: when the verification device is removed from the electronic device, the folder encrypted by the electronic device is turned off or hard. dish. 39. If the electronic device of the 34th item of the patent application scope is applied to the computer or the table 2, the program instructions of the 34th application of the patent scope are further included in the following steps: (5) 'When the electronic device is self-sleeping The state restores the verification code. ", positive _ state, weight 20
TW098137158A 2009-11-02 2009-11-02 Method of password management and identification adapted for trusted platform module TWI502401B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW098137158A TWI502401B (en) 2009-11-02 2009-11-02 Method of password management and identification adapted for trusted platform module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW098137158A TWI502401B (en) 2009-11-02 2009-11-02 Method of password management and identification adapted for trusted platform module

Publications (2)

Publication Number Publication Date
TW201117040A true TW201117040A (en) 2011-05-16
TWI502401B TWI502401B (en) 2015-10-01

Family

ID=44935089

Family Applications (1)

Application Number Title Priority Date Filing Date
TW098137158A TWI502401B (en) 2009-11-02 2009-11-02 Method of password management and identification adapted for trusted platform module

Country Status (1)

Country Link
TW (1) TWI502401B (en)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW420796B (en) * 1999-01-13 2001-02-01 Primax Electronics Ltd Computer system equipped with portable electronic key
US8118214B2 (en) * 2006-03-24 2012-02-21 Atmel Corporation Method and system for generating electronic keys

Also Published As

Publication number Publication date
TWI502401B (en) 2015-10-01

Similar Documents

Publication Publication Date Title
US11263020B2 (en) System and method for wiping encrypted data on a device having file-level content protection
TWI462558B (en) System and method for storing a password recovery secret
CN102508791B (en) Method and device for encrypting hard disk partition
US8589680B2 (en) System and method for synchronizing encrypted data on a device having file-level content protection
US8412934B2 (en) System and method for backing up and restoring files encrypted with file-level content protection
US9507964B2 (en) Regulating access using information regarding a host machine of a portable storage drive
JP4861423B2 (en) Information processing apparatus and information management method
US20110252232A1 (en) System and method for wiping encrypted data on a device having file-level content protection
EP1953670A2 (en) System and method of storage device data encryption and data access
US20110131418A1 (en) Method of password management and authentication suitable for trusted platform module
US8181028B1 (en) Method for secure system shutdown
TWI436235B (en) Data encryption method and system, data decryption method
EP2628133B1 (en) Authenticate a fingerprint image
KR100443621B1 (en) Method of authenticating an application for personal digital assistant using a unique ID based a person computer and system using thereof
US20130019110A1 (en) Apparatus and method for preventing copying of terminal unique information in portable terminal
JP6231504B2 (en) Method, apparatus and mobile terminal for information security management of mobile terminal
TW201211759A (en) Method of clearing data in a computer and computer
JP2007094879A (en) Authentication system for basic program of operating system, computer used for the same, and computer program
US20060059363A1 (en) Method for controlling access to a computerized device
TWI428752B (en) Electronic file delivering system, portable communication apparatus with decryption functionality, and related computer program product
TW201117040A (en) Method of password management and identification adapted for trusted platform module
JP4600021B2 (en) Encrypted data access control method
CN110659522B (en) Storage medium security authentication method and device, computer equipment and storage medium
CN103020509A (en) Terminal equipment encryption and decryption method, device and terminal equipment
CN102087683A (en) Password management and verification method suitable for trusted platform module (TPM)