Encryption module and process trusted measurement method

Abstract

The invention relates to a trusted computing technology, in particular to an encryption module and a process trusted measurement method. The encryption module includes interfaces, an algorithm module, a protocol verification module, a process verification module, and a storage module. The encryption module is mainly arranged on a terminal main board of a host machine such as a PC terminal or a mobile terminal, and is used for performing trusted measurement on an application process of a host system, and monitoring the integrity of the application process by verification and comparison of the a process user measurement value, a process image measurement value, and a process feature measurement value. The host machine uses the verification and comparison result of the process measurement value as a basis so as to determine whether a process is loaded or operated, virus processes and virus infection processes cannot pass trusted measurement and will not be loaded, processes which are infected by a virus will be stopped, and virus spread and attacks can be avoided.

Description

technical field [0001] The patent of the present invention relates to the field of trusted computing, in particular, the present invention relates to an encryption module and a method for measuring process trustworthiness. Background technique [0002] The Trusted Computing Group TCG proposed the process of computer trusted startup and the method of credibility measurement. The basic idea is: first build a trust root, and then build a trust chain, starting from the trust root to the hardware platform, to the operating system, and then to To the application, one level of authentication, one level of trust, so as to extend this trust to the entire computer system. [0003] In the actual establishment and dissemination of the chain of trust, the root of trust first measures the integrity of the hardware boot system BIOS, saves the measurement results, and then passes the control right to the BIOS; the BIOS performs initialization operations, measures the integrity of the master...

AI Technical Summary

Problems solved by technology

[0011] In order to ensure the credibility of the program, the system will frequently update the trust root and trust chain, which not only affects the processing efficiency of the system, but also increases the uncertainty in the process of trust expansion

[0012] Second, the measurement process is very time-consuming and has become a technical bottleneck for the widespread application of trusted computing

For example: based on a 10MB process, it takes about 40 minutes to transmit using a 1Mbps UART. From the perspective of use, this method is unacceptable

[0015] Third, simply static measurement of software files cannot solve the trust chain damage caused by software upgrades

However, software must be upgraded and updated inevitably, and this will inevitably cause the trust chain of the software to be destroyed. It can only provide guarantees at loading time, but cannot provide guarantees at runtime

Images