Credible safety computer

[0019] A trusted and secure computer, including a monitor 1, a keyboard 2, a mouse 3, an IC card reader 4, and also includes a secure motherboard platform 5, a secure hard disk 7, a secure U disk 8, a secure electronic lock 9, and a dedicated self-destruct key 10 , Operating system security isolation module 12 and user management module 13, where the security motherboard platform 5 includes SOPC security chip 6 and security enhanced BIOS system 11, security enhanced BIOS system 11 includes a secure hard disk authentication unit 14, a BIOS-level user identity authentication unit 15. BIOS-level I/O interface control unit 16, SOPC security chip drive unit 17, BIOS-level hardware integrity measurement unit 18, and operating system security loading unit 19, operating system security isolation module 12 includes user identity authentication unit 20, hardware resources The control unit 21, the software resource control unit 22, the safety network communication unit 23, and the system quick recovery unit 25.

[0020] The display 1, keyboard 2, mouse 3, IC card reader 4, secure hard disk 7, secure U disk 8, and operating system security isolation module 12 are connected to the secure motherboard platform 5, and the secure electronic lock 9 and the dedicated self-destruct key 10 are respectively connected It is connected to the secure hard disk 7 through the USB interface, the user management module 13 is connected to the operating system security isolation module 12, the SOPC security chip 6 in the secure motherboard platform 5 is connected to the security enhanced BIOS system 11; in the security enhanced BIOS system 11, BIOS The output end of the user identity authentication unit 15 is connected to the BIOS-level I/O interface control unit 16, the BIOS-level hardware integrity measurement unit 18, and the operating system security loading unit 19, and the input ends of the BIOS-level user identity authentication unit 15 are respectively connected to The SOPC security chip drive unit 17 is connected to the secure hard disk authentication unit 14; in the operating system security isolation module 12, the output of the system security audit unit 24 is respectively connected to the hardware resource control unit 21, the software resource control unit 22, and the secure network communication unit 23 The output ends of the user identity authentication unit 20 are respectively connected to the hardware resource control unit 21, the software resource control unit 22, the secure network communication unit 23, and the system quick recovery unit 25.

[0021] When the SOPC security chip 6 works, it provides protected key generation, processing and storage based on a hardware encryption/decryption engine and a random number generator. The key length is 2048 bits; at the same time, it stores system security policies and audit logs.

[0022] When the secure hard disk 7 works, it needs to authenticate the secure electronic lock 9 connected to it and respond to specific commands of the secure BIOS. After the authentication is passed, the work key stored in the secure electronic lock 9 is transmitted to the encryption and transcoding storage module in the secure hard disk 7. After that, the plaintext data accessed by the host will be automatically stored in the 2.5-inch hard disk embedded in the secure hard disk 7 in the form of ciphertext. Once the secure hard disk 7 is powered on and the dedicated self-destruct key 10 is inserted, or the outer shell of the secure hard disk 7 is opened in an offline state, the embedded encryption algorithm and stored key data will be automatically destroyed.

[0023] When the secure U disk 8 is working, it first authenticates the TF card attached to its outside. After the authentication is passed, it automatically reads the work key stored in the TF card, and protects the data accessed by the host through the encryption and transcoding storage circuit , And stored in the secure U disk 8; in an emergency, press the destruction switch on the back of the secure U disk 8 through the small metal key attached to the secure U disk 8 to quickly destroy all the data and encryption algorithms stored in the secure U disk 8.

[0024]After the computer is powered on, the security-enhanced BIOS system 11 first calls the secure hard disk authentication unit 14 to perform legality authentication on the secure hard disk 7. The secure hard disk authentication unit 14 sends an authentication command to the secure hard disk 7; the secure hard disk 7 feeds back device information; the secure hard disk authentication unit 14 judges whether it is a legal secure hard disk 7 based on the feedback information. If the secure hard disk 7 is legal, the execution continues, otherwise the system hangs Up.

[0025] After the secure hard disk 7 is authenticated, the BIOS-level user identity authentication unit 15 will cooperate with the secure hard disk 7 to complete the identity authentication of the current user. The user’s identity authentication medium is an IC card, and the user authority is divided into two types: ordinary users and administrators. The BIOS-level user authentication unit 15 starts and waits for the user to insert the IC card; the BIOS-level user authentication unit 15 judges whether the inserted IC card is legal, and continues execution when the IC card is legal, otherwise the system hangs; prompts the user to enter the user name and PIN code; The user name and PIN code entered by the user are converted into data and sent to the secure hard disk 7. The secure hard disk 7 compares and authenticates the user information with the user information stored in the secure hard disk 7 to determine whether it is a legitimate user, and if so, based on the user name Query and feed back the user's I/O interface control information, otherwise the secure hard disk 7 feeds back the user's invalid information and prohibits data reading and writing operations.

[0026] After the identity authentication is passed, the BIOS-level hardware integrity measurement unit 18 measures the integrity of key hardware such as optical drives and network cards. The measurement is performed by comparing the device information of the current key hardware of the system with the device information pre-configured in the SOPC security chip 6. The key hardware After abnormality or replacement, the system automatically hangs, and the administrator needs to re-authenticate.

[0027] After the integrity measurement is passed, the BIOS-level I/O interface control unit 16 will enable or disable the corresponding network interface, USB interface, serial port, parallel port, optical drive, PCI device, PCI-E device and other I/O interfaces. The administrator All I/O interfaces can be used.

[0028] After the I/O interface control is completed, the operating system security loading unit 19 controls the loading and booting of the operating system; when the currently logged-in user is an ordinary user, it directly boots the operating system pre-installed in the secure hard disk 7, thereby shielding users from operating through WINDOWS PE Software such as the system destroys the trusted and secure computer or steals files and data on the system; when the current user is an administrator user, the operating system in the secure hard disk 7 or CD is loaded according to the boot sequence set in CMOS.

[0029] After the execution of each security control unit of the security-enhanced BIOS system 11 is completed, the operating system-level user identity authentication unit 20 is loaded, and the logged-in user identity is authenticated based on "IC card + user PIN". The authentication principle is the same as the BIOS-level user identity authentication unit 15 is the same.

[0030] Load the hardware resource control unit 21, and enable or disable printers and USB interface devices connected to the system according to the user's authority information.

[0031] Load the software resource control unit 22, intercept all software resource access commands, and control specific files and programs in the system according to user authority information. If it is read-only permission, it will only respond correctly to read commands, and return error status information for commands such as delete, write, and rename; if it is access permission, it will return error status information for all commands; by default , The user can perform any operations on files and programs.

[0032] Load the secure network communication unit 23, and implement network data packet filtering processing based on the IP address and host hardware platform information. For the sent data packet, if the destination address of the IP address field does not allow access, the data packet is discarded, otherwise the hardware platform information of the local system is added to the IP option field of the sent data packet and passed to the lower layer; for the received data packet, The source address of the IP address field of the data packet is extracted and the hardware platform information of the host is judged. If access is not allowed, the data packet is discarded, otherwise the received data packet is passed to the upper layer.

[0033] During the use of the operating system, when the user pulls out the IC card, the system automatically locks and closes all USB ports at the same time. When the user reinserts the IC card, he needs to enter the PIN code to log in again.

[0034] After the implementation of the above steps is completed, the trusted and safe computer system starts and runs successfully.