FT-processor based trust management system and method

A management system and management method technology, applied in electrical digital data processing, instruments, digital data authentication, etc., can solve the problem of no operating system file verification, and achieve the effect of avoiding attacks, ensuring security, reliability, and flexible management

Inactive Publication Date: 2015-11-11
SHANDONG CHAOYUE DATA CONTROL ELECTRONICS CO LTD
View PDF6 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Traditional computer BIOS does not verify the integrity of operating system files. If the o

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • FT-processor based trust management system and method
  • FT-processor based trust management system and method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] A trusted management system based on Feiteng processor, said system comprising:

[0044] 1) Terminal management module: used to manage terminals and terminal security and trusted policies;

[0045] 2) TCM initialization module: used for TCM initialization and program whitelist initialization after the terminal deploys the trusted management system for the first time;

[0046] 3) Terminal trusted module: used for terminal program installation and operation control, and communicates with the terminal management module to update security and trusted policies;

[0047] 4) BIOS measurement module: used to measure the integrity of the operating system kernel and system key files;

[0048] 5) USBKey: used for operating system identity authentication and storing TCM keys;

[0049] 6) TCM module: Trusted cryptographic module, used to store keys, built-in cryptographic algorithms to provide cryptographic services such as hash calculations.

Embodiment 2

[0051] On the basis of embodiment 1, the BIOS measurement module operation steps described in the present embodiment are as follows:

[0052] Step I1: turn on the power, the BIOS calls the TCM cryptographic algorithm to calculate the hash value of the operating system kernel and system key files, and obtain the hash value;

[0053] Step 12: The BIOS compares the hash value with the expected value stored inside the BIOS, and if they are the same, proceed to the next step, otherwise prohibit the system from starting.

Embodiment 3

[0055] On the basis of Embodiment 1, the operation steps of the TCM initialization module described in this embodiment are as follows:

[0056] Step S1: Connect the user's USBKey device to the computer, and the USBKey stores the key;

[0057] Step S2: Log in to the operating system through the USBKey, the TCM initial module starts automatically, prompts to input basic user information, then calls the USBKey interface function to read the key from the USBkey, and imports the key into the TCM module through the TCM interface;

[0058] Step S3: Scan the operating system file, call the TCM cryptographic algorithm to generate a program operation control white list, and the program operation control white list is used for the terminal trusted module.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an FT-processor based trust management system and method. The system comprises: 1) a terminal management module; 2) a TCM (Trusted Cryptography Module) initialization module; 3) a terminal trust module; 4) a BIOS (Basic Input Output System) measurement module; 5) a USBKey; and 6) a TCM. According to the system and the method, the integrity measurement of a BIOS and an operating system is realized through the TCM, the BIOS and the operating system are ensured to be legal, and the attack caused by destruction of the BIOS or the operating system is avoided; the operational control of a terminal program is realized through the terminal trust module, and the operational environment of the operating system is ensured to be secure and trusted; and flexible management of a trust policy is realized through the terminal management module and the terminal trust module.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a trusted management system and method based on a Feiteng processor. Background technique [0002] With the improvement of the performance of domestic processors, the country's support for localization, research and breakthroughs in safe and reliable technologies under domestic platforms are becoming more and more important. Domestic processors provide security at the underlying instruction set level, which can effectively solve problems such as processor backdoors, but for the processor instruction set, there are still security vulnerabilities at the operating system level. [0003] The localized trusted computing technology is becoming more and more mature in the localized environment. Based on the domestic trusted cryptographic chip, combined with the trusted software stack, the security and trustworthiness of the operating system level can be realized, and the se...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/34G06F21/57G06F21/64
CPCG06F21/34G06F21/575G06F21/64G06F2221/2141
Inventor 郭猛善冯磊
Owner SHANDONG CHAOYUE DATA CONTROL ELECTRONICS CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap