Safety protection method of software integrity of cryptographic machine

Abstract

The invention discloses a safety protection method of the software integrity of a cryptographic machine, and relates to the technical field of information safety codes. The safety protection method of the software integrity of the cryptographic machine is characterized by comprising the first step of generating check codes of the software integrity, wherein production personnel send a generation instruction of the check codes of the software integrity to the cryptographic machine through an external management interface, the cryptographic machine transmits byte streams of all software codes, firmware and property files inside the cryptographic machine to a safety storage, and the safety storage carries out check code calculation on the input byte streams to obtain the check codes of the software integrity; the second step of checking the software integrity, wherein the cryptographic machine is started, the cryptographic machine transmits the byte streams of all software codes, the firmware and the property files inside the cryptographic machine to the safety storage for check code calculation, the safety storage judges whether the newly calculated check codes of the software integrity and the check codes, on the safety storage, of the software integrity are uniform or not, if yes, the cryptographic machine starts to work, and if not, the cryptographic machine stops starting.

Description

technical field [0001] The invention belongs to the technical field of information security cryptography, and relates to a method for enhancing the security of a cipher machine itself. A safe and reliable software integrity protection method is adopted to prevent malicious software such as Trojan horses and viruses from illegally tampering with the software inside the cipher machine. Firmware and attribute files, thereby enhancing the security of the cipher machine and ensuring the safety and reliability of the user's business system. Background technique [0002] Cryptography technology is the basic technology of information security, and cipher machine is the foundation of secure application of cryptography technology and the core of information security. With the rapid and comprehensive development of my country's information industry, cryptographic equipment, as the core of information security, has been providing safe cryptographic technology for the development of the ...

AI Technical Summary

Problems solved by technology

[0006] There are some shortcomings in the traditional software integrity verification method, which cannot effectively prevent malicious software from illegally modifying software files

The key point is that the pre-calculated integrity check code and the file or other forms are stored in the same storage medium, which cannot effectively avoid the attack of synchronous modification or replacement of the software file and the integrity check code; a better solution is The IC card or USB KEY is used to store the integrity verification code separately, but the IC card and USB KEY are usually not protected by sufficient physical security to ensure their safety, and there are also unreliable problems

In addition, the integrity check code calculation program usually does not have sufficient security protection, and illegal attackers can achieve the purpose of attack by modifying or replacing the integrity check code program

Images