[go: up one dir, main page]

CN100447763C - A security chip and an information security processing device and method based on the chip - Google Patents

A security chip and an information security processing device and method based on the chip Download PDF

Info

Publication number
CN100447763C
CN100447763C CNB031383807A CN03138380A CN100447763C CN 100447763 C CN100447763 C CN 100447763C CN B031383807 A CNB031383807 A CN B031383807A CN 03138380 A CN03138380 A CN 03138380A CN 100447763 C CN100447763 C CN 100447763C
Authority
CN
China
Prior art keywords
module
security
information
chip
operating system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB031383807A
Other languages
Chinese (zh)
Other versions
CN1553349A (en
Inventor
韦卫
王一平
吴秋新
刘鸿京
李明柱
王晚丁
李亚辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CNB031383807A priority Critical patent/CN100447763C/en
Publication of CN1553349A publication Critical patent/CN1553349A/en
Application granted granted Critical
Publication of CN100447763C publication Critical patent/CN100447763C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention provides a safety chip which comprises a I/O interface module, a main processor module, a storage module and a cipher processor module. Meanwhile, the present invention also provides an information safety processing device and a method using the safety chip. The safety chip is used for checking the integrality of the current bottom layer firmware, the bottom layer firmware is used for checking the integrality of the current operating system, and the operating system is used for checking the integrality of an application module so as to ensure the safety of the information of the application module; thus, the information safety processing device has the functions of attack resistance, virus prevention, etc., and meanwhile, the present invention uses the unique identity cipher certificate information set in the safety chip, and realizes the functions of access control, identity identification, etc. The present invention can ensure the safety of the information of the information safety processing device.

Description

一种安全芯片及基于该芯片的信息安全处理设备和方法 A security chip and an information security processing device and method based on the chip

技术领域 technical field

本发明涉及信息安全技术领域,特别是指一种安全芯片及基于该芯片的信息安全处理设备和方法。The invention relates to the technical field of information security, in particular to a security chip and an information security processing device and method based on the chip.

背景技术 Background technique

目前,信息处理设备已被广泛应用在人们的日常生活中。信息处理设备主要是指个人电脑(PC),笔记本电脑,掌上电脑,手机等设备,如何保证信息处理设备中信息的安全已经成为人们十分关注的问题,通常的解决方案有以下两种:Currently, information processing devices have been widely used in people's daily life. Information processing equipment mainly refers to personal computers (PCs), notebook computers, handheld computers, mobile phones and other equipment. How to ensure the security of information in information processing equipment has become a matter of great concern to people. There are usually two solutions:

1)基于安全软件对信息处理设备进行保护。1) Protect information processing equipment based on security software.

应用该方法通常是利用防病毒软件以防止病毒攻击,如设置杀毒软件和防火墙软件并启动其实时监控程序以防止病毒对信息处理设备的入侵,并应用杀毒软件和防火墙软件对系统进行杀毒操作以保证信息处理设备中信息的安全;或利用文件加密软件实现对文件的保护,如应用散列算法、哈希(HASH)算法、椭圆曲线密码算法,RSA算法,离散对数算法等对待保护文件进行加密计算或完整性验证等运算以保证信息处理设备中信息的安全;或利用安全浏览器软件和数字证书等进行电子商务。Applying this method usually uses anti-virus software to prevent virus attacks, such as setting up anti-virus software and firewall software and starting its real-time monitoring program to prevent viruses from invading information processing equipment, and applying anti-virus software and firewall software to perform anti-virus operations on the system. Ensure the security of information in information processing equipment; or use file encryption software to protect files, such as applying hash algorithm, hash (HASH) algorithm, elliptic curve cryptographic algorithm, RSA algorithm, discrete logarithm algorithm, etc. to protect files Operations such as encryption calculation or integrity verification to ensure the security of information in information processing equipment; or use secure browser software and digital certificates to conduct e-commerce.

该方法的缺陷在于:由于安全软件和操作系统本身也可能受到攻击,从而导致终端上的所有信息受到威胁。所以,安全软件不能保证计算机终端本身信息的安全。The defect of this method is that: since the security software and the operating system itself may also be attacked, all information on the terminal is threatened. Therefore, security software cannot guarantee the security of information on the computer terminal itself.

2)基于硬件对信息处理设备进行保护。一般采用以下两种方法:2) Protect information processing equipment based on hardware. Generally, the following two methods are used:

a、在信息处理设备上附加一个由多个模块单元构造成的电路板,以保证信息处理设备中信息的安全。该附加的电路板包括身份信息输入设备接口,信息安全管理单元或安全模块(ESM),安全控制执行单元,开机电路单元,外设开关电路单元以及主板单元。该方法主要用于开机身份鉴别,同时提供高速的密码运算功能。a. Attaching a circuit board composed of multiple modular units to the information processing device to ensure the safety of information in the information processing device. The additional circuit board includes an identity information input device interface, an information security management unit or a security module (ESM), a security control execution unit, a power-on circuit unit, a peripheral switch circuit unit and a main board unit. The method is mainly used for identity authentication at startup, and at the same time provides a high-speed cryptographic operation function.

上述方法的缺陷是:无法验证信息处理设备中的底层固件、操作系统和应用软件是否受到攻击,从而不能保证信息处理设备中信息的绝对安全。The disadvantage of the above method is that it is impossible to verify whether the underlying firmware, operating system and application software in the information processing device are attacked, so that the absolute security of information in the information processing device cannot be guaranteed.

b、在信息处理设备上设置专门用于外网的硬盘和网络接口部件,从而使该信息处理设备工作于内网和外网时,在同一主板的控制下,分别采用不同的硬盘和网络接口部件以实现内外网的隔离。该信息处理设备从硬件上对于应用于内网的状态和应用于外网的状态进行分隔,从而防止信息处理设备受到攻击。b. The hard disk and network interface components specially used for the external network are installed on the information processing equipment, so that when the information processing equipment works on the internal network and the external network, under the control of the same main board, different hard disks and network interfaces are used respectively components to achieve isolation between internal and external networks. The information processing device separates the state applied to the internal network and the state applied to the external network from the hardware, thereby preventing the information processing device from being attacked.

上述方法的缺陷是:同样无法验证信息处理设备的底层固件、操作系统和应用软件是否受到攻击,因而,无论信息处理设备工作在外网还是内网的模式,都不能保证信息处理设备本身信息的安全。同时,由于配备两套硬盘和网络接口部件,还增加了信息处理设备的成本。The disadvantage of the above method is that it is also impossible to verify whether the underlying firmware, operating system, and application software of the information processing device are under attack. Therefore, no matter whether the information processing device works in the external network or the internal network mode, the information security of the information processing device itself cannot be guaranteed. . At the same time, the cost of the information processing equipment is also increased due to the configuration of two sets of hard disks and network interface components.

发明内容 Contents of the invention

有鉴于此,本发明的目的在于提供一种安全芯片及基于该芯片的信息安全处理设备和方法,使信息安全处理设备在启动的过程中,验证系统的完整性,以保证信息安全处理设备中信息的安全。In view of this, the purpose of the present invention is to provide a security chip and an information security processing device and method based on the chip, so that the information security processing device can verify the integrity of the system during the startup process, so as to ensure that the information security processing device Information Security.

为达到上述目的本发明的技术方案是这样实现的:For achieving the above object, technical scheme of the present invention is achieved in that way:

一种安全芯片,该芯片包括I/O接口模块、主处理器模块、存储器模块和密码处理器模块,上述各模块通过内部总线相互连接,其中,A security chip, the chip includes an I/O interface module, a main processor module, a memory module and a cryptographic processor module, and the above-mentioned modules are connected to each other through an internal bus, wherein,

I/O接口模块与外部设备相连,I/O接口模块由主处理器模块控制接收外部设备的指令,并将外部要求的运算结果返回给外部设备;The I/O interface module is connected to the external device, and the I/O interface module is controlled by the main processor module to receive the instructions of the external device, and return the operation result required by the external device to the external device;

主处理器模块,至少包括CPU及外围电路,其根据从I/O接口模块收到的指令对密码处理器模块进行控制,将处理后的结果保存在存储器模块中,或根据指令将处理后的结果与存储器模块中已保存的秘密信息进行比较,并将指令的执行结果传送给I/O接口模块;或者,直接从存储器模块中取出秘密信息,传送给I/O接口模块;The main processor module includes at least a CPU and peripheral circuits, which controls the cryptographic processor module according to the instructions received from the I/O interface module, stores the processed results in the memory module, or stores the processed results in the memory module according to the instructions. The result is compared with the secret information stored in the memory module, and the execution result of the instruction is transmitted to the I/O interface module; or, the secret information is directly taken out from the memory module and transmitted to the I/O interface module;

密码处理器模块,在主处理器模块控制下生成密钥,并对I/O接口模块接收到的信息进行加解密处理,并将处理后的结果返回给主处理器模块;The cryptographic processor module generates a key under the control of the main processor module, and encrypts and decrypts the information received by the I/O interface module, and returns the processed result to the main processor module;

存储器模块,存储包括底层固件的完整性值的安全芯片自身的秘密信息、外部设备应用模块的秘密信息和密码处理器模块生成的秘密信息。The memory module stores the secret information of the security chip itself including the integrity value of the underlying firmware, the secret information of the external device application module and the secret information generated by the cryptographic processor module.

所述安全芯片具有芯片操作系统COS,位于一信息安全处理设备中,在该信息安全处理设备启动时,所述安全芯片验证计算信息安全处理设备底层固件的完整性值,在计算得到的底层固件的完整性值与存储的底层固件的完整性值一致时,启动底层固件然后参与验证信息安全处理设备的操作系统的完整性。The security chip has a chip operating system COS and is located in an information security processing device. When the information security processing device is started, the security chip verifies and calculates the integrity value of the bottom layer firmware of the information security processing device. When the integrity value of is consistent with the stored integrity value of the underlying firmware, the underlying firmware is started and then participates in verifying the integrity of the operating system of the information security processing device.

较佳地,所述秘密信息为由密码处理器模块生成的密钥、身份验证的信息和包括底层固件的完整性值的完整性验证信息。Preferably, the secret information is a key generated by the cryptographic processor module, identity verification information and integrity verification information including the integrity value of the underlying firmware.

较佳地,所述密码处理器模块至少包括公钥密码处理器模块,哈希处理器模块和随机数发生器模块,其中,Preferably, the cryptographic processor module includes at least a public key cryptographic processor module, a hash processor module and a random number generator module, wherein,

随机数发生器模块,由主处理器模块控制生成随机数,该随机数作送给主处理器模块;The random number generator module is controlled by the main processor module to generate random numbers, and the random numbers are sent to the main processor module;

哈希处理器模块,在主处理器模块控制下对待加密信息进行哈希运算,并将运算结果传送给公钥密码处理器模块或对称密码处理器模块或主处理器模块;The hash processor module performs hash operations on the information to be encrypted under the control of the main processor module, and transmits the operation results to the public key cryptographic processor module or the symmetric cryptographic processor module or the main processor module;

公钥密码处理器模块,在主处理器模块控制下,利用随机数生成公私密钥对,并将结果返回给主处理器模块;应用所生成的公私钥,对哈希处理器模块传送来的结果进行加密计算,生成数据签名,或应用公钥对收到的需要解密的信息进行解密,并将所得的结果返回给主处理器模块;The public key cryptographic processor module, under the control of the main processor module, uses random numbers to generate a public-private key pair, and returns the result to the main processor module; applies the generated public-private key to the hash processor module. The result is encrypted and calculated to generate a data signature, or the received information to be decrypted is decrypted by using the public key, and the result is returned to the main processor module;

对称密码处理器模块,在主处理器模块的控制下,将随机数作为对称密钥应用对称密钥对需要加密的信息进行加密或解密,将结果送给主处理器模块。The symmetric cryptographic processor module, under the control of the main processor module, uses the random number as the symmetric key to encrypt or decrypt the information to be encrypted, and sends the result to the main processor module.

较佳地,所述公钥密码处理器模块至少包括椭圆曲线公钥密码算法处理模块,RSA公钥密码算法处理模块,离散对数密码算法处理模块。Preferably, the public key cryptographic processor module at least includes an elliptic curve public key cryptographic algorithm processing module, an RSA public key cryptographic algorithm processing module, and a discrete logarithmic cryptographic algorithm processing module.

较佳地,该芯片的主处理器模块进一步包括:总线接口模块和总线控制器模块,其中,总线接口模块与主处理器内部高速总线和总线控制器模块相连,该总线控制器模块将主处理器内部高速总线处理为主处理器外围总线,且Preferably, the main processor module of the chip further includes: a bus interface module and a bus controller module, wherein the bus interface module is connected to the internal high-speed bus of the main processor and the bus controller module, and the bus controller module connects the main processing The internal high-speed bus of the processor is handled as the main processor peripheral bus, and

I/O接口模块、主处理器模块和存储器模块与内部高速总线相连;The I/O interface module, the main processor module and the memory module are connected to the internal high-speed bus;

公钥密码处理器模块、对称密码处理器模块、随机数发生器模块和哈希处理器模块与主处理器外围总线相连。The public key cryptographic processor module, the symmetric cryptographic processor module, the random number generator module and the hash processor module are connected with the peripheral bus of the main processor.

较佳地,所述存储器模块为随机存储器(RAM)、可擦除只读存储器(EEPROM)或闪存(FLASH)。Preferably, the memory module is random access memory (RAM), erasable read-only memory (EEPROM) or flash memory (FLASH).

较佳地,所述I/O接口模块至少包括与LPC(Low Pin Count Bus)总线或USB(Universal Serial Bus)总线相连的接口,或同步串口,或异步串口,或ISO7816接口。Preferably, the I/O interface module at least includes an interface connected to an LPC (Low Pin Count Bus) bus or a USB (Universal Serial Bus) bus, or a synchronous serial port, or an asynchronous serial port, or an ISO7816 interface.

一种信息安全处理设备,至少包含主板,底层固件和操作系统,该设备至少还包括所述的安全芯片,该安全芯片与所述的主板相连,接收主板中嵌入的底层固件或该设备操作系统所发送的信息,且根据底层固件发送信息,计算信息安全处理设备底层固件的完整性值,在计算得到的底层固件的完整性值与存储的底层固件的完整性值一致时,启动底层固件对操作系统进行完整性验证;或该安全芯片根据操作系统发送的信息产生相应的运算结果返回给操作系统,参与对操作系统进行完整性验证。An information security processing device, at least including a motherboard, bottom firmware and an operating system, the device also includes at least the security chip, the security chip is connected to the motherboard, and receives the bottom firmware embedded in the motherboard or the device operating system The information sent, and according to the information sent by the underlying firmware, the integrity value of the underlying firmware of the information security processing device is calculated, and when the calculated integrity value of the underlying firmware is consistent with the stored integrity value of the underlying firmware, the underlying firmware is started. The operating system performs integrity verification; or the security chip generates corresponding calculation results according to the information sent by the operating system and returns them to the operating system, participating in the integrity verification of the operating system.

较佳地,所述安全芯片通过LPC(Low Pin Count Bus)总线接口,或USB(Universal Serial Bus)总线接,或同步串口,或异步串口,或ISO7816接口与主板相连。Preferably, the security chip is connected to the motherboard through an LPC (Low Pin Count Bus) bus interface, or a USB (Universal Serial Bus) bus interface, or a synchronous serial port, or an asynchronous serial port, or an ISO7816 interface.

一种信息安全处理设备的验证方法,该方法包括以下步骤:A method for verifying information security processing equipment, the method comprising the following steps:

a、在主板上设置安全芯片;a. Install a security chip on the motherboard;

b、启动信息安全处理设备时,由安全芯片计算当前系统底层固件的完整性验证码的值,并判断当前系统底层固件的完整性验证码的值与已保存的底层固件的完整性验证码的值是否相等,如果是,则完成正常的系统初始化后执行步骤c,否则停止启动该信息安全处理设备;b. When the information security processing device is started, the security chip calculates the value of the integrity verification code of the current system bottom firmware, and judges the value of the integrity verification code of the current system bottom firmware and the integrity verification code of the saved bottom firmware Whether the values are equal, if yes, perform step c after completing normal system initialization, otherwise stop starting the information security processing device;

c、由安全芯片启动底层固件验证当前操作系统的完整性,如正确则正常运行操作系统,否则停止装入操作系统。c. The security chip starts the underlying firmware to verify the integrity of the current operating system. If it is correct, the operating system will run normally; otherwise, the operating system will stop loading.

较佳地,该方法进一步包括:在操作系统中设置操作系统安全模块,该模块由操作系统启动,在启动该设备已有的应用模块前,由操作系统安全模块验证当前应用模块的完整性,如正确则正常运行该应用模块,否则停止运行该应用模块。Preferably, the method further includes: setting an operating system security module in the operating system, the module is started by the operating system, and before starting an existing application module of the device, the operating system security module verifies the integrity of the current application module, If correct, run the application module normally, otherwise stop running the application module.

较佳地,所述步骤a进一步包括:在安全环境下,将底层固件的完整性验证码的值保存在安全芯片中;将操作系统完整性验证码的值保存在安全芯片或底层固件安全模块中;将应用模块的完整性验证码的值保存在安全芯片或操作系统安全模块中。Preferably, the step a further includes: in a safe environment, storing the value of the integrity verification code of the underlying firmware in the security chip; storing the value of the integrity verification code of the operating system in the security chip or the security module of the underlying firmware In; save the value of the integrity verification code of the application module in the security chip or the security module of the operating system.

较佳地,该方法进一步包含在底层固件中设置底层固件安全模块;Preferably, the method further comprises setting a bottom layer firmware security module in the bottom layer firmware;

步骤c所述验证当前操作系统的完整性进一步包括以下步骤:Verifying the integrity of the current operating system described in step c further includes the following steps:

底层固件安全模块计算当前操作系统的完整性验证码的值,并判断当前操作系统的完整性验证码的值与已保存的操作系统的完整性验证码的值是否相等,如果是,则继续执行后续步骤,否则停止装入操作系统。The underlying firmware security module calculates the value of the integrity verification code of the current operating system, and judges whether the value of the integrity verification code of the current operating system is equal to the value of the saved integrity verification code of the operating system, and if so, continues to execute Next steps, otherwise stop loading the OS.

较佳地,所述操作系统安全模块由安全芯片驱动模块、安全服务模块和安全接口模块组成。Preferably, the operating system security module is composed of a security chip driver module, a security service module and a security interface module.

较佳地,所述安全芯片驱动模块将安全芯片设置为操作系统的一个设备,并设置每个应用模块和底层安全芯片共享一对认证密钥,该安全芯片驱动模块至少包括以下驱动步骤:Preferably, the security chip driver module sets the security chip as a device of the operating system, and sets each application module and the underlying security chip to share a pair of authentication keys, and the security chip driver module at least includes the following driving steps:

d、安全芯片利用共享认证密钥对应用模块进行身份验证;如认证成功,则执行步骤e,否则拒绝应用模块所请求的服务;d. The security chip uses the shared authentication key to authenticate the application module; if the authentication is successful, execute step e, otherwise reject the service requested by the application module;

e、建立应用模块与安全芯片之间的数据通信的通道和控制命令通信的通道;e. Establish a data communication channel and a control command communication channel between the application module and the security chip;

f、安全芯片驱动模块将上层应用模块的所发的指令转换为安全芯片可以识别的芯片指令,并将步骤d的认证结果、共享的认证密钥和芯片指令进行哈希运算以生成本次芯片指令的授权信息,之后,将芯片指令和该授权信息一起发送给安全芯片;f. The security chip driver module converts the instructions issued by the upper application module into chip instructions that can be recognized by the security chip, and performs hash operations on the authentication result of step d, the shared authentication key and the chip instructions to generate this chip The authorization information of the instruction, and then send the chip instruction and the authorization information to the security chip;

g、安全芯片每次收到芯片指令时,将步骤d的认证结果、共享的认证密钥和当前收到的芯片指令进行哈希运算以生成当前芯片指令的授权验证信息,对当前的授权验证信息和所收到的芯片指令所带的授权信息进行一致性比较,如果一致,则执行当前芯片指令的操作;否则,拒绝执行当前收到的芯片指令。g. Each time the security chip receives a chip instruction, it performs a hash operation on the authentication result of step d, the shared authentication key, and the currently received chip instruction to generate the authorization verification information of the current chip instruction, and verify the current authorization The information is compared with the authorization information carried by the received chip instruction. If they are consistent, the operation of the current chip instruction is executed; otherwise, the currently received chip instruction is refused to be executed.

较佳地,所述安全服务模块验证应用模块的完整性包括以下步骤:Preferably, the verification of the integrity of the application module by the security service module includes the following steps:

j、安全服务模块首先计算出该待保护的应用模块当前的完整性验证码的值,并判断当前的完整性验证码的值与已保存的完整性验证码的值是否相等,如相等,则启动该待保护应用模块后,执行步骤k,否则禁止启用该应用模块。j. The security service module first calculates the value of the current integrity verification code of the application module to be protected, and judges whether the value of the current integrity verification code is equal to the value of the saved integrity verification code. If they are equal, then After the application module to be protected is started, step k is executed; otherwise, the application module is prohibited from being enabled.

k、安全服务模块定时验证待保护应用模块的完整性。k. The security service module regularly verifies the integrity of the application module to be protected.

较佳地,所述安全服务模块保存任何一个对安全芯片进行操作的记录,并将该记录作为日志记录保存在本地的日志数据库中。Preferably, the security service module stores any record of operations on the security chip, and stores the record as a log record in a local log database.

较佳地,该方法进一步包括,在每一个安全芯片上,设置唯一身份标识密码证书。Preferably, the method further includes setting a unique identity code certificate on each security chip.

较佳地,所述的设置方法为:由第三方为每台计算机终端设置一个公钥证书和私钥证书,并在公私钥证书上进行数字签名后,将私钥证书信息设置为每台计算机终端的唯一身份标识的密码证书。Preferably, the setting method is as follows: a third party sets a public key certificate and a private key certificate for each computer terminal, and after digitally signing the public and private key certificates, sets the private key certificate information as each computer terminal A cryptographic certificate that uniquely identifies the terminal.

较佳地,所述私钥证书存储在安全芯片中,公钥证书提供给用于计算机终端身份验证的验证方。Preferably, the private key certificate is stored in the security chip, and the public key certificate is provided to a verifier for computer terminal identity verification.

较佳地,对信息安全处理设备进行身份验证的方法进一步包括以下步骤:Preferably, the method for authenticating information security processing equipment further includes the following steps:

l、应用模块将需要验证的信息传送给安全芯片,安全芯片根据唯一身份标识密码证书的私钥证书调用其相应的公钥算法机制,对需要验证的信息进行数字签名后,将签名后的结果返回给应用模块,该应用模块再将上述数字签名信息发送给验证方;l. The application module transmits the information to be verified to the security chip, and the security chip calls its corresponding public key algorithm mechanism according to the private key certificate of the unique identity password certificate, digitally signs the information to be verified, and sends the signed result Return to the application module, and the application module sends the above-mentioned digital signature information to the verifier;

m、验证方首先验证该唯一身份标识密码证书的公钥证书上的第三方的签名是否正确,如正确则执行步骤n,否则验证失败;m. The verifier first verifies whether the signature of the third party on the public key certificate of the unique identity password certificate is correct, and if it is correct, execute step n, otherwise the verification fails;

n、应用该公钥证书验证应用模块发送来的经数字签名的信息是否正确,如正确则确定该信息处理设备的安全身份,否则验证失败。n. Use the public key certificate to verify whether the digitally signed information sent by the application module is correct, and if it is correct, determine the security identity of the information processing device; otherwise, the verification fails.

较佳地,所述的设置方法为:由第三方为每台计算机终端生成一个由随机数组成的序列号,将经第三方确认并进行数字签名的后序列号设置为每台计算机终端的唯一身份标识的密码证书。Preferably, the setting method is as follows: a third party generates a serial number composed of random numbers for each computer terminal, and sets the serial number confirmed by the third party and digitally signed as the unique number of each computer terminal The cryptographic certificate for the identity.

较佳地,对信息安全处理设备进行身份验证的方法进一步包括以下步骤:Preferably, the method for authenticating information security processing equipment further includes the following steps:

p、应用模块将信息安全处理设备本身的唯一身份标识密码证书发送给验证方;p. The application module sends the unique identity password certificate of the information security processing device itself to the verifier;

q、验证方验证唯一身份标识密码证书上第三方的签名信息是否正确,如正确则确定该信息安全处理设备的安全身份,否则验证失败。q. The verifier verifies whether the signature information of the third party on the unique identity password certificate is correct, and if it is correct, then determines the security identity of the information security processing device; otherwise, the verification fails.

较佳地,所述验证底层固件至少包括验证用于完成主板硬件系统初始化的模块、主板上CPU的微码程序、主板上存储配置信息的存储器、配置信息扩展系统(ESCD:Extended System Configuration Data)、CMOS(Complementary Metal-Oxide-Semiconductor Transistor)、断电保留数据的随机存储器(NVRAM:non-volatile RAM)和主引导扇区(MBR:Master BootRecord)。Preferably, the verification of the underlying firmware at least includes verification of modules used to complete the initialization of the mainboard hardware system, the microcode program of the CPU on the mainboard, the memory for storing configuration information on the mainboard, and the configuration information extension system (ESCD: Extended System Configuration Data) , CMOS (Complementary Metal-Oxide-Semiconductor Transistor), random access memory (NVRAM: non-volatile RAM) that retains data when power is off, and master boot sector (MBR: Master BootRecord).

应用本发明,通过安全芯片在信息安全处理设备启动的过程中验证系统底层固件的完整性,底层固件安全模块验证操作系统的完整性,保证了信息安全处理设备启动时系统信息的安全;操作系统安全模块验证启动时的应用模块的完整性以及定时验证运行中的应用模块的完整性,保证了应用模块信息的安全,因而使得该信息安全处理设备具有抗攻击、防病毒等功能。同时,由于安全芯片中还设置有唯一身份标识密码证书信息,因此,该信息处理设备可利用唯一身份标识密码证书信息,进行访问控制和身份认证等功能。By applying the present invention, the security chip is used to verify the integrity of the bottom firmware of the system during the startup process of the information security processing equipment, and the security module of the bottom firmware verifies the integrity of the operating system, thereby ensuring the security of the system information when the information security processing equipment starts; the operating system The security module verifies the integrity of the application module at startup and periodically verifies the integrity of the application module in operation, which ensures the security of the information of the application module, thus enabling the information security processing device to have functions such as anti-attack and anti-virus. At the same time, since the security chip is also provided with unique identity code certificate information, the information processing device can use the unique identity code certificate information to perform functions such as access control and identity authentication.

附图说明 Description of drawings

图1所示应用本发明的为安全芯片内部的原理图;Application of the present invention shown in Figure 1 is a schematic diagram inside the security chip;

图2所示为应用本发明安全芯片的计算机终端进行验证的总体框图;Fig. 2 shows the general block diagram that the computer terminal that applies safety chip of the present invention carries out verification;

图3所示为应用本发明的计算机终端启动时的流程图;Fig. 3 shows the flow chart when applying the computer terminal of the present invention to start;

图4所示为应用本发明的操作系统安全模块的示意图;FIG. 4 is a schematic diagram of an operating system security module applying the present invention;

图5所示为应用本发明的底层安全芯片驱动模块的流程图;Fig. 5 shows the flowchart of applying the bottom security chip driver module of the present invention;

图6所示为应用本发明的保证应用模块完整性的流程图。Fig. 6 is a flow chart showing the application of the present invention to ensure the integrity of the application module.

具体实施方式 Detailed ways

为使本发明的目的、技术方案和效果更加清楚,以下结合附图及实施例对本发明再做进一步详细的说明。In order to make the purpose, technical solution and effect of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

本发明的思路是:在信息安全处理设备的主板上预先设置一块安全芯片,该安全芯片具有芯片操作系统(COS),每次启动应用该信息安全处理设备时,安全芯片验证信息安全处理设备底层固件的完整性,进而验证操作系统的完整性,最后验证待应用的应用模块的完整性,从而达到保证信息安全处理设备本身信息安全的目的。同时,由于该安全芯片为每个信息安全处理设备终端提供了唯一的身份标识信息,信息安全处理设备还可利用安全芯片进行身份认证、信息加密以及数字签名等安全服务。The idea of the present invention is: a security chip is pre-installed on the motherboard of the information security processing device, and the security chip has a chip operating system (COS). The integrity of the firmware, and then verify the integrity of the operating system, and finally verify the integrity of the application module to be applied, so as to achieve the purpose of ensuring the information security of the information security processing device itself. At the same time, since the security chip provides unique identification information for each information security processing device terminal, the information security processing device can also use the security chip to perform security services such as identity authentication, information encryption, and digital signature.

图1所示应用本发明的为安全芯片内部的原理图。该芯片包括I/O接口模块101、主处理器模块102、存储器模块103和密码处理器模块110,上述模块通过内部总线相互连接,其中,I/O接口模块101与外部设备相连,I/O接口模块101由主处理器模块102控制接收外部设备的指令,并将外部要求的运算结果返回给外部设备;主处理器模块102中至少包括CPU及外围电路,运行在主处理器模块102上的COS完成对片内所有模块的控制,其根据从I/O接口模块101收到的指令对密码处理器模块110进行控制,将处理后的结果保存在存储器模块103中,或根据指令将处理后的结果与存储器模块103中已保存的秘密信息进行比较,并将指令的执行结果传送给I/O接口模块101;或者,直接从存储器模块103中取出秘密信息,传送给I/O接口模块101;密码处理器模块110在主处理器模块102的控制下生成密钥,并对I/O接口模块101接收到的信息进行加解密处理,并将处理后的结果返回给主处理器模块102;存储器模块103用于存储COS、安全芯片自身的秘密信息、外部设备应用模块的秘密信息和密码处理器模块生成的秘密信息,所述秘密信息是指安全芯片自身生成的密钥、用于身份验证的信息和用于完整性验证的完整性验证码。The application of the present invention shown in Fig. 1 is a schematic diagram inside the security chip. The chip includes an I/O interface module 101, a main processor module 102, a memory module 103 and a cryptographic processor module 110, and the above-mentioned modules are connected to each other through an internal bus, wherein the I/O interface module 101 is connected with external devices, and the I/O The interface module 101 is controlled by the main processor module 102 to receive instructions from the external device, and returns the operation result required by the outside to the external device; the main processor module 102 includes at least a CPU and peripheral circuits, and the COS completes the control of all modules in the chip. It controls the cryptographic processor module 110 according to the instructions received from the I/O interface module 101, and stores the processed results in the memory module 103, or stores the processed The result of the instruction is compared with the stored secret information in the memory module 103, and the execution result of the instruction is sent to the I/O interface module 101; or, the secret information is directly taken out from the memory module 103 and sent to the I/O interface module 101 The cryptographic processor module 110 generates a key under the control of the main processor module 102, and the information received by the I/O interface module 101 is encrypted and decrypted, and the processed result is returned to the main processor module 102; The memory module 103 is used to store the secret information of the COS, the security chip itself, the secret information of the external device application module, and the secret information generated by the cryptographic processor module. The secret information refers to the key generated by the security chip itself, which is used for identity verification information and an integrity verification code for integrity verification.

其中,密码处理器模块110中包括公钥密码处理器模块106,对称密码处理器模块107,哈希处理器模块108和随机数发生器模块109。Wherein, the cryptographic processor module 110 includes a public key cryptographic processor module 106 , a symmetric cryptographic processor module 107 , a hash processor module 108 and a random number generator module 109 .

随机数发生器模块109,由主处理器模块102控制生成随机数,该随机数送给主处理器模块102。The random number generator module 109 is controlled by the main processor module 102 to generate a random number, and the random number is sent to the main processor module 102 .

哈希处理器模块108,在主处理器模块102控制下对待处理信息进行哈希运算,并将运算结果传送给公钥密码处理器模块106或对称密码处理器模块107或主处理器模块102。The hash processor module 108 performs a hash operation on the information to be processed under the control of the main processor module 102 , and transmits the operation result to the public key cryptographic processor module 106 or the symmetric cryptographic processor module 107 or the main processor module 102 .

公钥密码处理器模块106,在主处理器模块102控制下,利用随机数生成公私密钥对,并将结果返回给主处理器模块102;应用所生成的私钥,对哈希处理器模块108传送来的结果进行加密计算,生成数据签名,或应用公钥对收到的需要解密的信息进行解密,并将所得的结果返回给主处理器模块102。The public key cryptographic processor module 106, under the control of the main processor module 102, utilizes random numbers to generate public-private key pairs, and returns the result to the main processor module 102; The result transmitted from 108 is encrypted and calculated to generate a data signature, or the received information to be decrypted is decrypted by using the public key, and the obtained result is returned to the main processor module 102 .

对称密码处理器模块107,在主处理器模块102的控制下,将随机数作为对称密钥对需要加密的信息进行加密或解密,将结果送给主处理器模块102。The symmetric cryptographic processor module 107 , under the control of the main processor module 102 , uses the random number as a symmetric key to encrypt or decrypt the information to be encrypted, and sends the result to the main processor module 102 .

以上所有模块可直接与安全芯片内的总线相连,或者由与总线接口模块104直接相连的总线控制器模块105将主处理器高速总线处理为主处理器外围总线,使I/O接口模块101、主处理器模块102和存储器模块103与内部高速总线相连;使公钥密码处理器模块106、对称密码处理器模块107、随机数发生器模块109和哈希处理器模块108与主处理器外围总线相连。All of the above modules can be directly connected to the bus in the security chip, or the bus controller module 105 directly connected to the bus interface module 104 handles the main processor high-speed bus as the main processor peripheral bus, so that the I/O interface module 101, Main processor module 102 and memory module 103 are connected with internal high-speed bus; Make public key cryptographic processor module 106, symmetric cryptographic processor module 107, random number generator module 109 and hash processor module 108 and main processor peripheral bus connected.

秘密信息的存储器模块103包括随机存储器(RAM)、可擦除只读存储器(EEPROM)或闪存(FLASH)。I/O接口模块101中至少包含了与LPC(Low Pin Count Bus)总线或USB(Universal Serial Bus)总线相连的接口,或同步串口,或异步串口,或ISO7816接口。The memory module 103 for secret information includes random access memory (RAM), erasable read-only memory (EEPROM) or flash memory (FLASH). The I/O interface module 101 at least includes an interface connected to an LPC (Low Pin Count Bus) bus or a USB (Universal Serial Bus) bus, or a synchronous serial port, or an asynchronous serial port, or an ISO7816 interface.

公钥密码处理器模块中可以包括椭圆曲线公钥密码算法处理模块,RSA公钥算法处理模块,离散对数算法处理模块等。The public key cryptographic processor module may include an elliptic curve public key cryptographic algorithm processing module, an RSA public key algorithm processing module, a discrete logarithm algorithm processing module, and the like.

安全芯片有以下两种方法生成完整性验证码:The security chip has the following two methods to generate an integrity verification code:

1)主处理器模块102控制哈希处理器模块108对待加密信息进行哈希运算,并将得到的文摘传送给公钥密码处理器模块106;同时,主处理器模块102控制随机数发生器模块109生成随机数,公钥密码处理器模块106利用随机数生成公私钥,并应用所生成的私钥,对哈希处理器模块108传送来的结果进行加密计算,生成数据签名,或应用公钥对收到的需要解密的信息进行解密,并将所得的结果返回给主处理器模块102。1) The main processor module 102 controls the hash processor module 108 to perform a hash operation on the information to be encrypted, and transmits the obtained digest to the public key cryptographic processor module 106; meanwhile, the main processor module 102 controls the random number generator module 109 generates a random number, and the public key cryptographic processor module 106 uses the random number to generate a public and private key, and applies the generated private key to encrypt and calculate the result transmitted by the hash processor module 108 to generate a data signature, or apply the public key The received information to be decrypted is decrypted, and the obtained result is returned to the main processor module 102 .

2)主处理器模块102控制哈希处理器模块108下对待加密信息进行哈希运算,并将得到的文摘传送给对称密码处理器模块107;同时,主处理器模块102控制随机数发生器模块109生成随机数,主处理器模块102将随机数作为对称密钥传送给对称密码处理器模块107;对称密码处理器模块107在主处理器模块102控制下,应用所生成的对称密钥对需要加密的信息进行加密或解密,并将所得的结果返回给主处理器模块102。2) The main processor module 102 controls the hash processor module 108 to carry out hash operation on the information to be encrypted, and transmits the digest obtained to the symmetric cryptographic processor module 107; meanwhile, the main processor module 102 controls the random number generator module 109 generates a random number, and the main processor module 102 transmits the random number as a symmetric key to the symmetric cipher processor module 107; The encrypted information is encrypted or decrypted, and the result is returned to the main processor module 102 .

下面以计算机终端为例,具体说明安全芯片的应用。The following uses a computer terminal as an example to describe the application of the security chip in detail.

安全芯片通过LPC总线与芯片组的ICH(I/O Controller Hub)模块相连,或者,安全芯片通过USB总线与计算机终端内的主板相连,或安全芯片采用同步串口连接方式,或异步串口连接方式,或ISO7816接口方式与计算机终端内的主板相连。The security chip is connected to the ICH (I/O Controller Hub) module of the chipset through the LPC bus, or the security chip is connected to the motherboard in the computer terminal through the USB bus, or the security chip is connected by a synchronous serial port or an asynchronous serial port connection. Or the ISO7816 interface is connected with the motherboard in the computer terminal.

图2所示为应用本发明安全芯片的计算机终端进行验证的总体框图。安全芯片211与底层固件212位于计算机的主板210上,安全芯片211与底层固件安全模块213和操作系统安全模块221之间进行信息交互,应用模块230通过操作系统安全模块221与安全芯片211进行信息交互。其中,底层固件中还包括用于完成主板硬件系统初始化的模块、主板上CPU的微码程序、主板上存储配置信息的存储器、配置信息扩展系统(ESCD:ExtendedSystem Configuration Data)、CMOS(ComplementaryMetal-Oxide-Semiconductor Transistor)、断电保留数据的随机存储器(NVRAM:non-volatile RAM)和主引导扇区(MBR:Master Boot Record)。Fig. 2 is a general block diagram of verifying by a computer terminal applying the security chip of the present invention. The security chip 211 and the bottom layer firmware 212 are located on the motherboard 210 of the computer. The security chip 211 performs information interaction with the bottom layer firmware security module 213 and the operating system security module 221. The application module 230 performs information exchange with the security chip 211 through the operating system security module 221. interact. Among them, the underlying firmware also includes modules for completing the initialization of the motherboard hardware system, the microcode program of the CPU on the motherboard, the memory for storing configuration information on the motherboard, the configuration information extension system (ESCD: Extended System Configuration Data), CMOS (Complementary Metal-Oxide -Semiconductor Transistor), random access memory (NVRAM: non-volatile RAM) and master boot sector (MBR: Master Boot Record) that retain data when power is off.

图3所示为应用本发明的计算机终端启动时的流程图。Fig. 3 is a flow chart when the computer terminal applying the present invention is started.

步骤301,在确保计算机系统安全的环境下,如:生产线上,或用户第一次使用时,预先生成的底层固件的完整性验证码和操作系统的完整性验证码,并将底层固件的完整性验证码的值存储在安全芯片的存储器中,将操作系统的完整性验证码的值存储在底层固件安全模块内或安全芯片的存储器中;Step 301, in an environment that ensures the security of the computer system, such as: on the production line, or when the user uses it for the first time, pre-generate the integrity verification code of the underlying firmware and the integrity verification code of the operating system, and convert the integrity verification code of the underlying firmware to The value of the integrity verification code is stored in the memory of the security chip, and the value of the integrity verification code of the operating system is stored in the underlying firmware security module or in the memory of the security chip;

步骤302,每次应用计算机时,计算机终端上的主板首先启动安全芯片,并应用安全芯片所提供的完整性验证码算法,计算出当前系统底层固件的完整性值;Step 302, each time the computer is used, the motherboard on the computer terminal first activates the security chip, and applies the integrity verification code algorithm provided by the security chip to calculate the integrity value of the current system underlying firmware;

步骤303,判断当前底层固件的完整性值与已保存的底层固件的完整性值是否相等,如果是,则执行步骤305,否则执行步骤304;Step 303, judging whether the integrity value of the current bottom layer firmware is equal to the integrity value of the saved bottom layer firmware, if yes, then execute step 305, otherwise execute step 304;

步骤304,停止启动计算机终端;Step 304, stop starting the computer terminal;

步骤305,底层固件完成正常的系统初始化后,执行步骤306;Step 305, after the underlying firmware completes normal system initialization, execute step 306;

步骤306,启动底层固件安全模块,并应用启动底层固件安全模块所提供的完整性验证码算法,计算出当前操作系统的完整性值;Step 306, start the underlying firmware security module, and apply the integrity verification code algorithm provided by starting the underlying firmware security module to calculate the integrity value of the current operating system;

步骤307,判断当前操作系统的完整性值与已保存的操作系统的完整性值是否相等,如果是,则执行步骤309,否则执行步骤308;Step 307, judging whether the integrity value of the current operating system is equal to the integrity value of the saved operating system, if yes, then execute step 309, otherwise execute step 308;

步骤308,停止装入操作系统;Step 308, stop loading the operating system;

步骤309,正常运行操作系统后,执行步骤310;Step 309, after operating the operating system normally, execute step 310;

步骤310,启动操作系统中的安全模块,监视受保护的应用模块。Step 310, start the security module in the operating system, and monitor the protected application module.

每个计算机终端在正常启动并运行计算机终端后,需通过其自身的身份验证后,才能正常运行应用模块,并要求安全芯片为应用模块提供信息加密和数字签名等安全服务。After each computer terminal starts and runs normally, it needs to pass its own identity verification before it can run the application module normally, and the security chip is required to provide security services such as information encryption and digital signature for the application module.

安全芯片为每个计算机终端提供一个唯一身份标识的密码证书,该唯一身份标识的密码证书由以下两种方法生成:The security chip provides a uniquely identified password certificate for each computer terminal, and the uniquely identified password certificate is generated by the following two methods:

方法一:由可信的第三方(生厂商或用户)为每台计算机终端设置一个公钥证书和私钥证书,并在公私钥证书上进行数字签名,签名后的私钥证书形成每台计算机终端的唯一身份标识的密码证书,其中,私钥证书存储在安全芯片的存储器中,公钥证书提供给用于计算机终端身份验证的验证方。Method 1: A trusted third party (manufacturer or user) sets up a public key certificate and a private key certificate for each computer terminal, and digitally signs the public and private key certificates, and the signed private key certificates form the A cryptographic certificate for the unique identity of the terminal, wherein the private key certificate is stored in the memory of the security chip, and the public key certificate is provided to the verifying party for computer terminal identity verification.

对于方法一的验证方法如下:应用模块首先将需要验证的信息传送给安全芯片,安全芯片根据唯一身份标识密码证书的私钥证书调用其相应的公钥算法机制,公钥密码处理器模块应用该公钥算法机制对需要验证的信息进行数字签名后,将签名后的结果返回给应用模块,该应用模块再将上述数字签名信息发送给验证方;验证方首先验证该唯一身份标识密码证书的公钥证书上的第三方的签名是否正确,如正确再用该公钥证书验证身份验证应用模块发送来的信息是否正确,从而确定该终端的安全身份。The verification method for method 1 is as follows: the application module first transmits the information to be verified to the security chip, and the security chip invokes its corresponding public key algorithm mechanism according to the private key certificate of the unique identity password certificate, and the public key cryptographic processor module applies the After the public key algorithm mechanism digitally signs the information that needs to be verified, it returns the signed result to the application module, and the application module sends the above digital signature information to the verifier; Whether the signature of the third party on the public key certificate is correct, if correct, then use the public key certificate to verify whether the information sent by the identity verification application module is correct, so as to determine the security identity of the terminal.

方法二:由可信的第三方(生厂商或用户)为每台计算机终端生成一个由随机数组成的序列号,并保证不同计算机终端的随机序列号不同,该序列号经可信的第三方(生厂商或用户)确认并进行数字签名后,形成每台计算机终端的唯一身份标识的密码证书。Method 2: A trusted third party (manufacturer or user) generates a serial number composed of random numbers for each computer terminal, and ensures that the random serial numbers of different computer terminals are different, and the serial number is verified by a trusted third party. (manufacturer or user) confirmation and digital signature to form a password certificate for the unique identity of each computer terminal.

对于方法二的验证方法如下:应用模块将该终端本身的唯一身份标识密码证书信息通过身份认证协议发送给验证方;验证方通过验证唯一身份标识密码证书上第三方的签名信息是否正确,从而确定该终端的安全身份。The verification method for method 2 is as follows: the application module sends the terminal’s unique identity password certificate information to the verifier through the identity authentication protocol; The security identity of this endpoint.

计算机终端经过唯一身份认证后,该终端上的应用模块即可通过操作系统安全模块要求底层安全芯片提供信息加密和数字签名等安全服务。After the computer terminal is uniquely authenticated, the application module on the terminal can request the underlying security chip to provide security services such as information encryption and digital signature through the security module of the operating system.

图4所示为应用本发明的操作系统安全模块的示意图。操作系统安全模块包括安全芯片的驱动模块,安全服务模块和安全接口模块三部分。FIG. 4 is a schematic diagram of an operating system security module applying the present invention. The security module of the operating system includes three parts: the driver module of the security chip, the security service module and the security interface module.

安全芯片驱动模块负责将应用模块的指令传送给底层的安全芯片,此时,安全芯片驱动模块将安全芯片作为操作系统的一个设备,并使应用模块和底层安全芯片共享一对认证密钥。每个应用模块与安全芯片进行信息交互之前,其也必须通过身份认证授权协议,即通过了安全芯片的认证后,才能使用安全芯片所提供的信息加密以及数字签名等安全服务,具体的传送过程如图5所示:The security chip driver module is responsible for transmitting the instructions of the application module to the underlying security chip. At this time, the security chip driver module uses the security chip as a device of the operating system, and makes the application module and the underlying security chip share a pair of authentication keys. Before each application module interacts with the security chip, it must also pass the identity authentication and authorization agreement, that is, after passing the authentication of the security chip, it can use security services such as information encryption and digital signature provided by the security chip. The specific transmission process As shown in Figure 5:

步骤501,安全芯片利用共享认证密钥对要求其提供安全服务的上层应用模块进行身份验证;如认证成功,则执行步骤502,否则执行步骤505,拒绝应用模块所请求的应用服务;Step 501, the security chip uses the shared authentication key to authenticate the upper layer application module that requires it to provide security services; if the authentication is successful, execute step 502, otherwise execute step 505, rejecting the application service requested by the application module;

步骤502,建立应用模块与安全芯片之间的数据通信的通道和控制命令通信的通道;Step 502, establishing a data communication channel and a control command communication channel between the application module and the security chip;

步骤503,将应用模块的所发的指令转换为安全芯片可以识别的芯片指令,并将步骤501的认证结果、共享的认证密钥和芯片指令进行HASH运算以生成本次芯片指令的授权信息,之后,将芯片指令和该授权信息一起发送给安全芯片;Step 503, converting the instruction issued by the application module into a chip instruction that can be recognized by the security chip, and performing a HASH operation on the authentication result in step 501, the shared authentication key, and the chip instruction to generate authorization information for this chip instruction, After that, send the chip instruction and the authorization information to the security chip;

步骤504,安全芯片每次收到芯片指令时,首先验证芯片指令的授权信息,即将步骤501的认证结果、共享的认证密钥和当前收到的芯片指令进行HASH运算以生成当前芯片指令的授权验证信息,对当前的授权验证信息和所收到的芯片指令所带的授权信息进行一致性比较,如果一致,则执行当前芯片指令的操作;否则,拒绝执行当前收到的芯片指令。Step 504: Each time the security chip receives a chip command, it first verifies the authorization information of the chip command, that is, performs a HASH operation on the authentication result of step 501, the shared authentication key and the currently received chip command to generate the authorization of the current chip command Verify the information, compare the current authorization verification information with the authorization information carried by the received chip instruction, if they are consistent, execute the operation of the current chip instruction; otherwise, refuse to execute the currently received chip instruction.

参见图4,图4中的操作系统安全模块包括应用模块保护模块402e,该模块主要用于验证被保护模块405的完整性,其具体步骤如图6所示:Referring to Figure 4, the operating system security module in Figure 4 includes an application module protection module 402e, which is mainly used to verify the integrity of the protected module 405, and its specific steps are as shown in Figure 6:

步骤601,在确保计算机终端安全的环境下,预先生成待保护应用模块的完整性验证码;Step 601, under the environment of ensuring the security of the computer terminal, pre-generate the integrity verification code of the application module to be protected;

步骤602,将预先生成的待保护应用模块的完整性验证码保存在安全芯片的存储器中或操作系统的安全模块中;Step 602, saving the pre-generated integrity verification code of the application module to be protected in the memory of the security chip or in the security module of the operating system;

步骤603,当系统即将应用待保护应用模块时,安全服务模块首先计算出当前待保护应用模块的完整性验证码的值;Step 603, when the system is about to apply the application module to be protected, the security service module first calculates the value of the integrity verification code of the current application module to be protected;

步骤604,判断当前计算出的完整性验证码的值与已保存的完整性验证码的值是否相等,如相等,则执行步骤605,否则执行步骤606;Step 604, judging whether the value of the currently calculated integrity verification code is equal to the value of the saved integrity verification code, if they are equal, then execute step 605, otherwise execute step 606;

步骤605,启动该待保护应用模块,并定时验证待保护应用模块的完整性;Step 605, start the application module to be protected, and periodically verify the integrity of the application module to be protected;

步骤606,禁止启用该应用模块。In step 606, the application module is prohibited from being enabled.

参见图4,图4中的操作系统安全模块还包括事件审计模块402a、日志/事件管理模块402b、和安全策略管理模块402d。Referring to FIG. 4, the operating system security module in FIG. 4 further includes an event audit module 402a, a log/event management module 402b, and a security policy management module 402d.

事件审计模块402a和日志/事件管理模块402b主要用于对任何一个使用安全芯片的操作做日志记录,并该将日志写入本地的日志数据库中,从而完成日志事件管理;并对日志数据库进行审计,为系统用户或管理员提供安全报告,对异常事件进行报警。The event audit module 402a and the log/event management module 402b are mainly used to log any operation using a security chip, and write the log into a local log database, thereby completing log event management; and auditing the log database , providing security reports for system users or administrators, and alarming for abnormal events.

密钥管理模块402c主要用于对计算机终端上的各种密钥进行管理,并为应用模块提供信息加密和数字签名安全服务。当操作系统或应用模块使用信息加密和数字签名安全服务时,首先将需要加密或签名的信息传送给安全芯片;安全芯片在芯片内部完成信息加密和数字签名的工作后,将加密或签名后的结果传送给调用安全芯片服务的应用模块。The key management module 402c is mainly used to manage various keys on the computer terminal, and provide information encryption and digital signature security services for application modules. When the operating system or application module uses information encryption and digital signature security services, it first transmits the information that needs to be encrypted or signed to the security chip; The result is sent to the application module that calls the security chip service.

安全策略管理模块402d主要用于完成对计算机终端的安全策略管理,如生成或改变用户口令,或设置对系统文件资源和用户文件资源的访问控制策略等。The security policy management module 402d is mainly used to complete security policy management on computer terminals, such as generating or changing user passwords, or setting access control policies for system file resources and user file resources.

图4中的安全接口模块为操作系统和应用模块提供应用安全服务的接口,如应用软件开发接口API,动态连接库等。The security interface module in Fig. 4 provides interfaces of application security services for the operating system and application modules, such as application software development interface API, dynamic link library and so on.

本发明同样适用于掌上电脑或手机等其它信息处理设备。The present invention is equally applicable to other information processing devices such as palmtop computers or mobile phones.

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements, improvements, etc. made within the spirit and principles of the present invention shall be included in the scope of the present invention. within the scope of protection.

Claims (24)

1、一种安全芯片,其特征在于,该芯片包括I/O接口模块、主处理器模块、存储器模块和密码处理器模块,上述各模块通过内部总线相互连接,其中,1. A security chip, characterized in that the chip includes an I/O interface module, a main processor module, a memory module and a cryptographic processor module, and each of the above-mentioned modules is connected to each other by an internal bus, wherein, I/O接口模块与外部设备相连,I/O接口模块由主处理器模块控制接收外部设备的指令,并将外部要求的运算结果返回给外部设备;The I/O interface module is connected to the external device, and the I/O interface module is controlled by the main processor module to receive the instructions of the external device, and return the operation result required by the external device to the external device; 主处理器模块,至少包括CPU及外围电路,其根据从I/O接口模块收到的指令对密码处理器模块进行控制,将处理后的结果保存在存储器模块中,或根据指令将处理后的结果与存储器模块中已保存的秘密信息进行比较,并将指令的执行结果传送给I/O接口模块;或者,直接从存储器模块中取出秘密信息,传送给I/O接口模块;The main processor module includes at least a CPU and peripheral circuits, which controls the cryptographic processor module according to the instructions received from the I/O interface module, stores the processed results in the memory module, or stores the processed results in the memory module according to the instructions. The result is compared with the secret information stored in the memory module, and the execution result of the instruction is transmitted to the I/O interface module; or, the secret information is directly taken out from the memory module and transmitted to the I/O interface module; 密码处理器模块,在主处理器模块控制下生成密钥,并对I/O接口模块接收到的信息进行加解密处理,并将处理后的结果返回给主处理器模块;The cryptographic processor module generates a key under the control of the main processor module, and encrypts and decrypts the information received by the I/O interface module, and returns the processed result to the main processor module; 存储器模块,存储包括底层固件的完整性值的安全芯片自身的秘密信息、外部设备应用模块的秘密信息和密码处理器模块生成的秘密信息;The memory module stores the secret information of the security chip itself including the integrity value of the underlying firmware, the secret information of the external device application module, and the secret information generated by the cryptographic processor module; 所述安全芯片具有芯片操作系统COS,位于一信息安全处理设备中,在该信息安全处理设备启动时,所述安全芯片计算信息安全处理设备底层固件的完整性值,在计算得到的底层固件的完整性值与存储的底层固件的完整性值一致时,启动底层固件验证信息安全处理设备的操作系统的完整性。The security chip has a chip operating system COS, which is located in an information security processing device. When the information security processing device is started, the security chip calculates the integrity value of the bottom layer firmware of the information security processing device, and the calculated value of the bottom layer firmware When the integrity value is consistent with the stored integrity value of the underlying firmware, the underlying firmware is started to verify the integrity of the operating system of the information security processing device. 2、根据权利要求1所述的安全芯片,其特征在于所述秘密信息为由密码处理器模块生成的密钥、身份验证的信息和包括底层固件的完整性值的完整性验证信息。2. The security chip according to claim 1, wherein the secret information is a key generated by the cryptographic processor module, identity verification information and integrity verification information including the integrity value of the underlying firmware. 3、根据权利要求1所述的安全芯片,其特征在于所述密码处理器模块至少包括公钥密码处理器模块,哈希处理器模块,对称密码处理器模块和随机数发生器模块,其中,3. The security chip according to claim 1, wherein the cryptographic processor module at least includes a public key cryptographic processor module, a hash processor module, a symmetric cryptographic processor module and a random number generator module, wherein, 随机数发生器模块,由主处理器模块控制生成随机数,该随机数送给主处理器模块;The random number generator module is controlled by the main processor module to generate random numbers, and the random numbers are sent to the main processor module; 哈希处理器模块,在主处理器模块控制下对待处理信息进行哈希运算,并将运算结果传送给公钥密码处理器模块或对称密码处理器模块或主处理器模块;The hash processor module performs hash operations on the information to be processed under the control of the main processor module, and transmits the operation results to the public key cryptographic processor module or the symmetric cryptographic processor module or the main processor module; 公钥密码处理器模块,在主处理器模块控制下,利用随机数生成公私密钥对,并将结果返回给主处理器模块;应用所生成的私钥,对哈希处理器模块传送来的结果进行加密计算,生成数据签名,或应用公钥对收到的需要解密的信息进行解密,并将所得的结果返回给主处理器模块;The public key cryptographic processor module, under the control of the main processor module, uses random numbers to generate public-private key pairs, and returns the result to the main processor module; applies the generated private key to the hash processor module transmitted The result is encrypted and calculated to generate a data signature, or the received information to be decrypted is decrypted by using the public key, and the result is returned to the main processor module; 对称密码处理器模块,在主处理器模块的控制下,将随机数作为对称密钥对需要加密的信息进行加密或解密,将结果送给主处理器模块。The symmetric cryptographic processor module, under the control of the main processor module, uses the random number as a symmetric key to encrypt or decrypt the information to be encrypted, and sends the result to the main processor module. 4、根据权利要求3所述的安全芯片,其特征在于所述公钥密码处理器模块至少包括椭圆曲线公钥密码算法处理模块,RSA公钥密码算法处理模块,离散对数密码算法处理模块。4. The security chip according to claim 3, wherein the public key cryptographic processor module at least includes an elliptic curve public key cryptographic algorithm processing module, an RSA public key cryptographic algorithm processing module, and a discrete logarithmic cryptographic algorithm processing module. 5、根据权利要求1所述的安全芯片,其特征在于该芯片的主处理器模块进一步包括:总线接口模块和总线控制器模块,其中,总线接口模块与主处理器内部高速总线和总线控制器模块相连,该总线控制器模块将主处理器内部高速总线处理为主处理器外围总线,且5. The security chip according to claim 1, characterized in that the main processor module of the chip further includes: a bus interface module and a bus controller module, wherein the bus interface module is connected to the internal high-speed bus of the main processor and the bus controller The module is connected, and the bus controller module handles the internal high-speed bus of the main processor as the peripheral bus of the main processor, and I/O接口模块、主处理器模块和存储器模块与内部高速总线相连;The I/O interface module, the main processor module and the memory module are connected to the internal high-speed bus; 公钥密码处理器模块、对称密码处理器模块、随机数发生器模块和哈希处理器模块与主处理器外围总线相连。The public key cryptographic processor module, the symmetric cryptographic processor module, the random number generator module and the hash processor module are connected with the peripheral bus of the main processor. 6、根据权利要求1所述的安全芯片,其特征在于,所述存储器模块为随机存储器RAM、电可擦除只读存储器EEPROM或闪存FLASH。6. The security chip according to claim 1, wherein the memory module is a random access memory (RAM), an electrically erasable read-only memory (EEPROM) or a flash memory (FLASH). 7、根据权利要求1所述的安全芯片,其特征在于,所述I/O接口模块至少包括与LPC总线或USB总线相连的接口,或同步串口,或异步串口,或ISO7816接口。7. The security chip according to claim 1, wherein the I/O interface module at least includes an interface connected to an LPC bus or a USB bus, or a synchronous serial port, or an asynchronous serial port, or an ISO7816 interface. 8、一种信息安全处理设备,至少包含主板,底层固件和操作系统,其特征在于,该设备至少还包括如权利要求1所述的安全芯片,该安全芯片与所述的主板相连,接收主板中嵌入的底层固件或该设备操作系统所发送的信息,且根据底层固件发送信息,计算信息安全处理设备底层固件的完整性值,在计算得到的底层固件的完整性值与存储的底层固件的完整性值一致时,启动底层固件对操作系统进行完整性验证;或该安全芯片根据操作系统发送的信息产生相应的运算结果返回给操作系统,参与对操作系统进行完整性验证。8. An information security processing device, comprising at least a main board, underlying firmware and an operating system, characterized in that the device at least further includes a security chip as claimed in claim 1, the security chip is connected to the main board, and receives the main board The underlying firmware embedded in the device or the information sent by the operating system of the device, and according to the information sent by the underlying firmware, the integrity value of the underlying firmware of the information security processing device is calculated, and the calculated integrity value of the underlying firmware is compared with the stored underlying firmware. When the integrity values are consistent, start the underlying firmware to verify the integrity of the operating system; or the security chip generates corresponding calculation results according to the information sent by the operating system and returns them to the operating system to participate in the integrity verification of the operating system. 9、根据权利要求8所述的设备,其特征在于,所述安全芯片通过LPC总线接口,或USB总线接口,或同步串口,或异步串口,或ISO7816接口与主板相连。9. The device according to claim 8, wherein the security chip is connected to the main board through an LPC bus interface, or a USB bus interface, or a synchronous serial port, or an asynchronous serial port, or an ISO7816 interface. 10、一种信息安全处理设备的验证方法,其特征在于,该方法包括以下步骤:10. A verification method for information security processing equipment, characterized in that the method comprises the following steps: a、在信息安全处理设备的主板上设置安全芯片,该安全芯片具有控制安全芯片进行完整性验证的芯片操作系统COS;a. Install a security chip on the motherboard of the information security processing device, and the security chip has a chip operating system COS that controls the security chip for integrity verification; b、启动信息安全处理设备时,由安全芯片计算当前系统底层固件的完整性验证码的值,并判断当前系统底层固件的完整性验证码的值与已保存的底层固件的完整性验证码的值是否相等,如果是,则完成正常的系统初始化后执行步骤c,否则停止启动该信息安全处理设备;b. When the information security processing device is started, the security chip calculates the value of the integrity verification code of the current system bottom firmware, and judges the value of the integrity verification code of the current system bottom firmware and the integrity verification code of the saved bottom firmware Whether the values are equal, if yes, perform step c after completing normal system initialization, otherwise stop starting the information security processing device; c、由安全芯片启动底层固件验证当前操作系统的完整性,如正确则正常运行操作系统,否则停止装入操作系统。c. The security chip starts the underlying firmware to verify the integrity of the current operating system. If it is correct, the operating system will run normally; otherwise, the operating system will stop loading. 11、根据权利要求10所述的方法,其特征在于该方法进一步包括:在操作系统中设置操作系统安全模块,该模块由操作系统启动,在启动该设备已有的应用模块前,由操作系统安全模块验证当前应用模块的完整性,如正确则正常运行该应用模块,否则停止运行该应用模块。11. The method according to claim 10, characterized in that the method further comprises: setting an operating system security module in the operating system, the module is started by the operating system, and before starting the existing application modules of the device, the operating system The security module verifies the integrity of the current application module, and if it is correct, the application module will run normally, otherwise, the application module will stop running. 12、根据权利要求10或11所述的方法,其特征在于,所述步骤a进一步包括:在安全环境下,将底层固件的完整性验证码的值保存在安全芯片中;将操作系统完整性验证码的值保存在安全芯片或底层固件中;将应用模块的完整性验证码的值保存在安全芯片或操作系统安全模块中。12. The method according to claim 10 or 11, characterized in that step a further comprises: in a secure environment, saving the value of the integrity verification code of the underlying firmware in the security chip; The value of the verification code is stored in the security chip or the underlying firmware; the value of the integrity verification code of the application module is stored in the security chip or the security module of the operating system. 13、根据权利要求12所述的方法,其特征在于,该方法进一步包含在底层固件中设置底层固件安全模块;13. The method according to claim 12, further comprising setting a security module of the underlying firmware in the underlying firmware; 步骤c所述验证当前操作系统的完整性进一步包括以下步骤:Verifying the integrity of the current operating system described in step c further includes the following steps: 底层固件安全模块计算当前操作系统的完整性验证码的值,并判断当前操作系统的完整性验证码的值与已保存的操作系统的完整性验证码的值是否相等,如果是,则继续执行后续步骤,否则停止装入操作系统。The underlying firmware security module calculates the value of the integrity verification code of the current operating system, and judges whether the value of the integrity verification code of the current operating system is equal to the value of the saved integrity verification code of the operating system, and if so, continues to execute Next steps, otherwise stop loading the OS. 14、根据权利要求11所述的方法,其特征在于,所述操作系统安全模块由安全芯片驱动模块、安全服务模块和安全接口模块组成。14. The method according to claim 11, wherein the operating system security module is composed of a security chip driver module, a security service module and a security interface module. 15、根据权利要求14所述的方法,其特征在于,所述安全芯片驱动模块将安全芯片设置为操作系统的一个设备,并设置每个应用模块和底层安全芯片共享一对认证密钥,该安全芯片驱动模块至少包括以下驱动步骤:15. The method according to claim 14, wherein the security chip driver module sets the security chip as a device of the operating system, and sets each application module and the underlying security chip to share a pair of authentication keys, the The security chip driver module includes at least the following driving steps: d、安全芯片利用共享认证密钥对应用模块进行身份验证;如认证成功,则执行步骤e,否则拒绝应用模块所请求的服务;d. The security chip uses the shared authentication key to authenticate the application module; if the authentication is successful, execute step e, otherwise reject the service requested by the application module; e、建立应用模块与安全芯片之间的数据通信的通道和控制命令通信的通道;e. Establish a data communication channel and a control command communication channel between the application module and the security chip; f、安全芯片驱动模块将上层应用模块的所发的指令转换为安全芯片可以识别的芯片指令,并将步骤d的认证结果、共享的认证密钥和芯片指令进行哈希运算以生成本次芯片指令的授权信息,之后,将芯片指令和该授权信息一起发送给安全芯片;f. The security chip driver module converts the instructions issued by the upper application module into chip instructions that can be recognized by the security chip, and performs hash operations on the authentication result of step d, the shared authentication key and the chip instructions to generate this chip The authorization information of the instruction, and then send the chip instruction and the authorization information to the security chip; g、安全芯片每次收到芯片指令时,将步骤d的认证结果、共享的认证密钥和当前收到的芯片指令进行哈希运算以生成当前芯片指令的授权验证信息,对当前的授权验证信息和所收到的芯片指令所带的授权信息进行一致性比较,如果一致,则执行当前芯片指令的操作;否则,拒绝执行当前收到的芯片指令。g. Each time the security chip receives a chip instruction, it performs a hash operation on the authentication result of step d, the shared authentication key, and the currently received chip instruction to generate the authorization verification information of the current chip instruction, and verify the current authorization The information is compared with the authorization information carried by the received chip instruction. If they are consistent, the operation of the current chip instruction is executed; otherwise, the currently received chip instruction is refused to be executed. 16、根据权利要求14所述的方法,其特征在于,所述安全服务模块验证应用模块的完整性包括以下步骤:16. The method according to claim 14, wherein the verification of the integrity of the application module by the security service module comprises the following steps: j、安全服务模块首先计算出该待保护的应用模块当前的完整性验证码的值,并判断当前的完整性验证码的值与已保存的完整性验证码的值是否相等,如相等,则启动该待保护应用模块后,执行步骤k,否则禁止启用该应用模块。j. The security service module first calculates the value of the current integrity verification code of the application module to be protected, and judges whether the value of the current integrity verification code is equal to the value of the saved integrity verification code. If they are equal, then After the application module to be protected is started, step k is executed; otherwise, the application module is prohibited from being activated. k、安全服务模块定时验证待保护应用模块的完整性。k. The security service module regularly verifies the integrity of the application module to be protected. 17、根据权利要求14或16所述的方法,其特征在于,所述安全服务模块保存任何一个对安全芯片进行操作的记录,并将该记录作为日志记录保存在本地的日志数据库中。17. The method according to claim 14 or 16, wherein the security service module saves any record of operations on the security chip, and saves the record as a log record in a local log database. 18、根据权利要求10所述的方法,其特征在于该方法进一步包括,在每一个安全芯片上,设置唯一身份标识密码证书。18. The method according to claim 10, characterized in that the method further comprises setting a unique identity code certificate on each security chip. 19、根据权利要求18所述的方法,其特征在于,所述的设置方法为:由第三方为每台计算机终端设置一个公钥证书和私钥证书,并在公私钥证书上进行数字签名后,将私钥证书信息设置为每台计算机终端的唯一身份标识的密码证书。19. The method according to claim 18, characterized in that, the setting method is: a third party sets a public key certificate and a private key certificate for each computer terminal, and digitally signs the public and private key certificates , and set the private key certificate information as the password certificate for the unique identification of each computer terminal. 20、根据权利要求19所述的方法,其特征在于,所述私钥证书存储在安全芯片中,公钥证书提供给用于计算机终端身份验证的验证方。20. The method according to claim 19, wherein the private key certificate is stored in the security chip, and the public key certificate is provided to a verifier for computer terminal identity verification. 21、根据权利要求20所述的方法,其特征在于,对信息安全处理设备进行身份验证的方法进一步包括以下步骤:21. The method according to claim 20, characterized in that the method for authenticating the information security processing device further comprises the following steps: l、应用模块将需要验证的信息传送给安全芯片,安全芯片根据唯一身份标识密码证书的私钥证书调用其相应的公钥算法机制,对需要验证的信息进行数字签名后,将签名后的结果返回给应用模块,该应用模块再将上述数字签名信息发送给验证方;l. The application module transmits the information to be verified to the security chip, and the security chip calls its corresponding public key algorithm mechanism according to the private key certificate of the unique identity password certificate, digitally signs the information to be verified, and sends the signed result Return to the application module, and the application module sends the above-mentioned digital signature information to the verifier; m、验证方首先验证该唯一身份标识密码证书的公钥证书上的第三方的签名是否正确,如正确则执行步骤n,否则验证失败;m. The verifier first verifies whether the signature of the third party on the public key certificate of the unique identity password certificate is correct, and if it is correct, execute step n, otherwise the verification fails; n、应用该公钥证书验证应用模块发送来的经数字签名的信息是否正确,如正确则确定该信息安全处理设备的安全身份,否则验证失败。n. Use the public key certificate to verify whether the digitally signed information sent by the application module is correct, and if it is correct, determine the security identity of the information security processing device; otherwise, the verification fails. 22、根据权利要求18所述的方法,其特征在于,所述的设置方法为:由第三方为每台计算机终端生成一个由随机数组成的序列号,将经第三方确认并进行数字签名的后序列号设置为每台计算机终端的唯一身份标识的密码证书。22. The method according to claim 18, characterized in that the setting method is: a third party generates a serial number composed of random numbers for each computer terminal, and the third party confirms and digitally signs the serial number The post serial number is set as a password certificate for the unique identification of each computer terminal. 23、根据权利要求22所述的方法,其特征在于,对信息安全处理设备进行身份验证的方法进一步包括以下步骤:23. The method according to claim 22, characterized in that the method for authenticating the information security processing device further comprises the following steps: p、应用模块将信息安全处理设备本身的唯一身份标识密码证书发送给验证方;p. The application module sends the unique identity password certificate of the information security processing device itself to the verifier; q、验证方验证唯一身份标识密码证书上第三方的签名信息是否正确,如正确则确定该信息安全处理设备的安全身份,否则验证失败。q. The verifier verifies whether the signature information of the third party on the unique identity password certificate is correct, and if it is correct, then determines the security identity of the information security processing device; otherwise, the verification fails. 24、根据权利要求10所述的方法,其特征在于,所述验证底层固件至少包括验证用于完成主板硬件系统初始化的模块、主板上CPU的微码程序、主板上存储配置信息的存储器、配置信息扩展系统ESCD、CMOS、断电保留数据的随机存储器NVRAM和主引导扇区MBR。24. The method according to claim 10, wherein the verification of the underlying firmware includes at least verifying the modules used to complete the initialization of the mainboard hardware system, the microcode program of the CPU on the mainboard, the memory for storing configuration information on the mainboard, the configuration Information expansion system ESCD, CMOS, random access memory NVRAM and master boot sector MBR that retain data when power off.
CNB031383807A 2003-05-29 2003-05-29 A security chip and an information security processing device and method based on the chip Expired - Lifetime CN100447763C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB031383807A CN100447763C (en) 2003-05-29 2003-05-29 A security chip and an information security processing device and method based on the chip

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB031383807A CN100447763C (en) 2003-05-29 2003-05-29 A security chip and an information security processing device and method based on the chip

Publications (2)

Publication Number Publication Date
CN1553349A CN1553349A (en) 2004-12-08
CN100447763C true CN100447763C (en) 2008-12-31

Family

ID=34323718

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB031383807A Expired - Lifetime CN100447763C (en) 2003-05-29 2003-05-29 A security chip and an information security processing device and method based on the chip

Country Status (1)

Country Link
CN (1) CN100447763C (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546149A (en) * 2012-01-16 2012-07-04 华南理工大学 Crypto chip system and secret key extraction method

Families Citing this family (53)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1331017C (en) * 2005-03-23 2007-08-08 联想(北京)有限公司 Safety chip
CN1848722B (en) * 2005-04-14 2010-08-25 联想(北京)有限公司 Method and system for establishing credible virtual special network connection
US7602655B2 (en) * 2006-01-12 2009-10-13 Mediatek Inc. Embedded system
CN100419776C (en) * 2006-12-04 2008-09-17 中国科学院计算技术研究所 A Programmable Security Processor
CN101196877B (en) * 2007-12-29 2012-01-04 大唐微电子技术有限公司 Multiple memory cell operation isolated smart card and its implementing method
CN101562040B (en) * 2008-04-15 2012-01-04 航天信息股份有限公司 Data processing method of high-security mobile memory
CN101894242B (en) * 2010-06-22 2012-07-18 上海华御信息技术有限公司 System and method for protecting information safety of mobile electronic equipment
US20120303974A1 (en) * 2011-05-25 2012-11-29 Condel International Technologies Inc. Secure Removable Media and Method for Managing the Same
CN102325023B (en) * 2011-07-04 2014-03-26 飞天诚信科技股份有限公司 Data generation method and device capable of prolonging service life of chip
CN102508728B (en) * 2011-11-29 2014-10-29 中国航空工业集团公司第六三一研究所 Error detection and read method of goal document solidified on FLASH carrier
CN104734850A (en) * 2013-12-20 2015-06-24 中节能六合天融环保科技有限公司 Data transmission chip oriented to energy saving and emission reduction monitoring
TWI484337B (en) * 2014-01-06 2015-05-11 威盛電子股份有限公司 Memory chips and data protection methods
CN114710351B (en) * 2014-03-26 2025-05-20 大陆汽车科技有限公司 Method and system for improving data security during communication
CN103870745B (en) * 2014-04-01 2017-08-29 联想(北京)有限公司 The method of electronic equipment and clean boot electronic equipment
CN103996001A (en) * 2014-05-21 2014-08-20 浪潮电子信息产业股份有限公司 Authorization encryption method for main board start authority control
CN106161024B (en) * 2015-04-03 2023-05-12 同方股份有限公司 USB control chip-level USB equipment credibility authentication method and system thereof
EP3082290A1 (en) * 2015-04-17 2016-10-19 Gemalto Sa Device for managing multiple accesses to a secure module of a system on chip of an apparatus
CN106156618A (en) * 2015-04-17 2016-11-23 国民技术股份有限公司 A kind of safety chip, mobile terminal and the method realizing mobile terminal system safety
CN106161028A (en) * 2015-04-17 2016-11-23 国民技术股份有限公司 Safety chip, communication terminal and the method improving communication security
US11265312B2 (en) * 2015-05-26 2022-03-01 Areawfi, Integrated System S.R.L. Telecommunication system for the secure transmission of data therein and device associated therewith
CN105159847A (en) * 2015-08-12 2015-12-16 北京因特信安软件科技有限公司 Disk change record method based on trusted chip
CN105718813A (en) * 2015-08-25 2016-06-29 深圳市证通电子股份有限公司 Financial intelligent terminal and security mechanism thereof
CN105184190B (en) * 2015-09-16 2018-09-18 中国南方电网有限责任公司电网技术研究中心 Embedded trusted computing development device
CN105676724B (en) * 2015-12-31 2018-11-30 西安诺瓦电子科技有限公司 The authorization management method and control card and license lock of oil price board system
CN106973056B (en) * 2017-03-30 2020-11-17 中国电力科学研究院 Object-oriented security chip and encryption method thereof
CN108153554A (en) * 2017-12-18 2018-06-12 江苏方天电力技术有限公司 A kind of RTOS trusted systems and implementation method based on credible chip
CN108449249B (en) * 2018-02-26 2021-06-11 深圳市元征科技股份有限公司 Bus control system and method
CN110677250B (en) * 2018-07-02 2022-09-02 阿里巴巴集团控股有限公司 Key and certificate distribution method, identity information processing method, device and medium
CN110795742B (en) 2018-08-02 2023-05-02 阿里巴巴集团控股有限公司 Metric processing method, device, storage medium and processor for high-speed cryptographic operation
CN110795774B (en) 2018-08-02 2023-04-11 阿里巴巴集团控股有限公司 Measurement method, device and system based on trusted high-speed encryption card
CN110874478B (en) 2018-08-29 2023-05-02 阿里巴巴集团控股有限公司 Key processing method and device, storage medium and processor
CN109313678B (en) * 2018-09-05 2021-11-09 福建联迪商用设备有限公司 API calling method and terminal
CN108958779A (en) * 2018-09-20 2018-12-07 广东美的暖通设备有限公司 Firmware upgrade management method, device and computer readable storage medium
CN111264044B (en) 2018-10-09 2021-11-19 华为技术有限公司 Chip, method for generating private key and method for trustable certification
CN109543415A (en) * 2018-11-20 2019-03-29 南方电网科学研究院有限责任公司 Safe operating system architecture
CN109840409B (en) * 2018-12-29 2021-09-17 北京深思数盾科技股份有限公司 Core board and core board starting method
CN109995956B (en) * 2019-03-13 2022-12-20 珠海奔图电子有限公司 Start-up control method and device
CN112861137A (en) * 2019-11-27 2021-05-28 量子芯云(北京)微电子科技有限公司 Secure firmware
CN110929300B (en) * 2019-12-11 2022-02-08 中国人民解放军国防科技大学 Trusted computing security chip construction method based on identification password
CN111047849B (en) * 2019-12-30 2021-05-18 江苏大周基业智能科技有限公司 Networking remote control password module and safe remote control system
CN111209560A (en) * 2020-01-06 2020-05-29 杭州涂鸦信息技术有限公司 Firmware protection method and device and electronic equipment
CN111695111A (en) * 2020-06-15 2020-09-22 浙江中控技术股份有限公司 Secure startup method and device of firmware program
CN111783078A (en) * 2020-07-14 2020-10-16 大唐终端技术有限公司 Android platform security chip control system
CN112733208B (en) * 2020-12-31 2021-10-19 宸芯科技有限公司 Secure boot method and device of chip, secure chip and computer equipment
CN112966254B (en) * 2021-02-27 2022-04-05 郑州信大捷安信息技术股份有限公司 Secure communication method and system for host and trusted cryptographic module
CN115130143A (en) * 2021-03-25 2022-09-30 华为技术有限公司 A method and device for safe booting
CN112906416A (en) * 2021-03-25 2021-06-04 紫光国芯微电子股份有限公司 Safe communication module and safe communication method
CN113065140B (en) * 2021-06-02 2021-09-24 南方电网数字电网研究院有限公司 Embedded safety protection system and method for chip control protection device
CN113656229B (en) * 2021-08-17 2024-02-20 中金金融认证中心有限公司 Method, device and storage medium for detecting cryptographic module of computer system
CN116167040A (en) * 2021-11-24 2023-05-26 珠海全志科技股份有限公司 Debugging authority control method and security chip based on security certificate
CN116415289A (en) * 2021-12-31 2023-07-11 科大国盾量子技术股份有限公司 QKD device firmware integrity checking method and system based on SM 3-HMAC algorithm
CN114398626A (en) * 2022-01-19 2022-04-26 中电华瑞技术有限公司 An embedded security module system
CN116561734B (en) * 2023-05-08 2025-07-11 海光信息技术股份有限公司 Verification method, verification device, computer and computer configuration system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1204432A (en) * 1995-10-25 1999-01-06 西门子公司 security chip
WO2000048063A1 (en) * 1999-02-15 2000-08-17 Hewlett-Packard Company Trusted computing platform
CN1264974A (en) * 1999-12-01 2000-08-30 陈永川 Digital signature method using elliptic curve encryption algorithm
CN1360692A (en) * 1999-07-15 2002-07-24 格姆普拉斯公司 Method for improving random number generators to make them more resistant to attacks on current measurements
WO2002060121A1 (en) * 2000-12-27 2002-08-01 Intel Corporation A platform and method for securely transmitting authorization data
CN1365053A (en) * 2001-01-09 2002-08-21 深圳市中兴集成电路设计有限责任公司 Method for preventing attack on alteration of applied system operating in computer

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1204432A (en) * 1995-10-25 1999-01-06 西门子公司 security chip
WO2000048063A1 (en) * 1999-02-15 2000-08-17 Hewlett-Packard Company Trusted computing platform
CN1360692A (en) * 1999-07-15 2002-07-24 格姆普拉斯公司 Method for improving random number generators to make them more resistant to attacks on current measurements
CN1264974A (en) * 1999-12-01 2000-08-30 陈永川 Digital signature method using elliptic curve encryption algorithm
WO2002060121A1 (en) * 2000-12-27 2002-08-01 Intel Corporation A platform and method for securely transmitting authorization data
CN1365053A (en) * 2001-01-09 2002-08-21 深圳市中兴集成电路设计有限责任公司 Method for preventing attack on alteration of applied system operating in computer

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DAVID PLAQUINAND GRAEME PROUDLER PRENTICE HALL. BORIS BALACHEFF LIQUNCHEN,SIANIPEARSON.TRUSTED COMPOTING PLATFORMS TCPA TECHNOLOGY IN CONTEXT ISBN0-13-0099220-7. 2002 *
Trusted Computing Platforms: TCPA Technology in Context,. Boris Balacheff, Liqun Chen, Siani Pearson, DavidPlaquinandGraeme Proudler,72-77,Prentice Hall. 2002 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102546149A (en) * 2012-01-16 2012-07-04 华南理工大学 Crypto chip system and secret key extraction method
CN102546149B (en) * 2012-01-16 2014-12-03 华南理工大学 Crypto chip system and secret key extraction method

Also Published As

Publication number Publication date
CN1553349A (en) 2004-12-08

Similar Documents

Publication Publication Date Title
CN100447763C (en) A security chip and an information security processing device and method based on the chip
JP6151402B2 (en) Inclusive verification of platform to data center
EP2372597B1 (en) Methods and systems for secure remote wake, boot, and login to a computer from a mobile device
JP6114832B2 (en) Management control method, apparatus and system for virtual machine
US8560857B2 (en) Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, and an apparatus executable program
TWI489315B (en) System and method for temporary secure boot of an electronic device
CN110874478B (en) Key processing method and device, storage medium and processor
CN110688660B (en) Method and device for safely starting terminal and storage medium
US20090319793A1 (en) Portable device for use in establishing trust
JP2004508619A (en) Trusted device
US20200026882A1 (en) Methods and systems for activating measurement based on a trusted card
US20040010686A1 (en) Apparatus for remote working
JPWO2004053664A1 (en) Program execution control device, OS, client terminal, server, program execution control system, program execution control method, program execution control program
US8533829B2 (en) Method for monitoring managed device
CN100334519C (en) Method for establishing credible input-output channels
HK40025743A (en) Key processing method and device, storage medium and processor
Wiseman Trusted Computing Group

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CX01 Expiry of patent term

Granted publication date: 20081231

CX01 Expiry of patent term