Data processing method and device for trusted security terminal

A technology of a data processing device and a security terminal, which is applied in the direction of electrical digital data processing, computer security device, digital data protection, etc. The effect of improving reliability and safety

Active Publication Date: 2021-01-01
百信信息技术有限公司
4 Cites 0 Cited by

AI-Extracted Technical Summary

Problems solved by technology

[0003] At present, most domestically-made trusted computers still use foreign chips for their underlying key chips and north-south bridges. In this way, all instructions issued by domestic...
View more

Method used

A kind of data processing method and device of credible security terminal of the present invention, during use: first, make the control unit of mainboard work before BIOS, carry out credible measurement to BIOS, when measurement result is normal, start after normal operation BIOS The operating system, otherwise, makes the motherboard enter the alarm mode or shutdown mode from the standby state; and then. Then read the data. By reading the data to be processed and the security key, according to the algorithm of the security key, the data to be processed is encrypted and decrypted, which improves the security of the data operation. The present invention can power on the terminal From user operation to user operation, a trusted connection is established, which greatly improves the security of user data operation.
In present embodiment three, store key data by TCM trustworthy chip U7, read the data to be processed by PCIE bus interface, carry out...
View more

Abstract

The invention provides a data processing method and device for a trusted security terminal. The data processing method comprises the steps that a control unit of a mainboard works before a BIOS; trusted measurement is carried out on the BIOS, when a measurement result is normal, the BIOS is normally operated and then the operating system is started, and otherwise, the mainboard enters an alarm mode or a shutdown mode from a standby state; the to-be-processed data and the security key are read, and the encryption and decryption operation is performed on the to-be-processed data according to analgorithm of the security key. according to the method and the device, trusted connection can be established from terminal electrification to user operation, so that the security of user data operation is greatly improved. The method and the device are suitable for the field of data security.

Application Domain

Digital data protectionInternal/peripheral component protection +2

Technology Topic

Embedded systemData security +6

Image

  • Data processing method and device for trusted security terminal
  • Data processing method and device for trusted security terminal
  • Data processing method and device for trusted security terminal

Examples

  • Experimental program(4)

Example Embodiment

[0037]Example one
[0038]figure 1 It is a schematic flowchart of a data processing method for a trusted and secure terminal provided in the first embodiment of the present invention;figure 1 As shown, the data processing method of a trusted and secure terminal provided in this embodiment may include:
[0039]Make the control unit of the motherboard work before the BIOS; perform trusted measurement of the BIOS. When the measurement result is normal, start the operating system after running the BIOS normally; otherwise, make the motherboard enter the alarm mode or shutdown mode from the standby state; read the data to be processed And the security key, according to the algorithm of the security key, the data to be processed is encrypted and decrypted.
[0040]figure 2 It is a schematic structural diagram of a data processing device for a trusted and secure terminal provided by Embodiment 1 of the present invention;figure 2 As shown, the data processing device for a trusted and secure terminal provided in this embodiment may include:
[0041]The setting unit 10 is used to make the control unit of the motherboard work before the BIOS; the credibility judging unit 20 is used to measure the credibility of the BIOS. When the measurement result is normal, the operating system is started after the BIOS runs normally, otherwise, the motherboard is switched from standby The state enters the alarm mode or shutdown mode; the trusted processing unit 30 is used to read the data to be processed and the security key, and perform encryption and decryption operations on the data to be processed according to the algorithm of the security key.
[0042]The present invention is a data processing method and device for a trusted and safe terminal. When used: firstly, make the control unit of the motherboard work before the BIOS, and perform a trusted measurement of the BIOS. When the measurement result is normal, the operating system is started after the BIOS is normally run. Otherwise, make the motherboard enter the alarm mode or shutdown mode from the standby state; then. Then read the data. By reading the data to be processed and the security key, the data to be processed is encrypted and decrypted according to the algorithm of the security key, which improves the security of data operations. The present invention can be powered on from the terminal To user operations, a trusted connection is established, which greatly improves the security of user data operations.

Example Embodiment

[0043]Example two
[0044]On the basis of the first embodiment, this embodiment provides a data processing method for a trusted and secure terminal, wherein the BIOS is trusted to be measured. When the measurement result is normal, the operating system is started after the BIOS is normally run; otherwise, the motherboard Entering the alarm mode or shutdown mode from the standby state specifically includes: performing a reliable measurement of the BIOS; receiving the measurement result and converting the measurement result into a signal for controlling the state of the motherboard; the signal controlling the state of the motherboard includes: making the motherboard enter the standby state BIOS system, or make the motherboard enter the shutdown mode from the standby state; or make the motherboard enter the alarm mode from the standby state.
[0045]image 3 This is a schematic structural diagram of a data processing device for a trusted and secure terminal provided in the second embodiment of the present invention, such asimage 3 As shown, this embodiment provides a data processing device for a trusted and secure terminal. On the basis of the first embodiment, the trusted judgment unit 20 includes: a measurement unit 201 for performing a trusted measurement on the BIOS; The unit 202 is used for receiving the measurement result and converting the measurement result into a signal for controlling the state of the motherboard; the signal for controlling the state of the motherboard includes: making the motherboard enter the BIOS system from the standby state, or making the motherboard enter the shutdown mode from the standby state; or Make the main board enter the alarm mode from standby.
[0046]Figure 4 It is a schematic diagram of the circuit connection between the measurement unit and the control unit in the second embodiment of the present invention,Figure 5 It is a schematic diagram of the circuit connection of the control unit in the second embodiment of the present invention;Figure 4 ,Figure 5 As shown, the measurement unit 201 includes a trusted measurement chip, and the control unit 202 includes a CPLD control circuit; the circuit connection structure of the trusted measurement chip and the CPLD control circuit is as follows:
[0047]The CPLD control circuit includes: a main control chip U62, the PA3 end of the main control chip U62 is connected in series with a resistor R1919 and a resistor R1898 in sequence and then connected to the RCP-GPIO1 end of the credibility measurement chip, and the PA5 of the main control chip U62 The terminal is connected in series with resistor R1921 and resistor R1899 and then connected to the RCP-GPIO3 terminal of the credible measurement chip. The PA7 terminal of the main control chip U62 is serially connected with resistor R1923 and resistor R1900 and then connected to the RCP-GPIO4 terminal of the credible measurement chip. Connected; the PA1 end of the main control chip U62 is connected in series with a resistor R1917 and then respectively connected to one end of the resistor R1897 and the drain of the field effect transistor PQ24, the source of the field effect transistor PQ24 is grounded, and the field effect transistor PQ24 The gate is respectively connected to one end of the resistor R1907 and the RCP-GPIO2_BIT end of the credible measurement chip. The other end of the resistor R1907 is connected in parallel with the other end of the resistor R1897 and then connected to the power supply terminal P3V3; the VBAT end of the main control chip U62 The resistor R1908 is connected in series and connected to the power supply terminal P3V3. The BOOT0 terminal of the main control chip U62 is respectively connected to one end of the resistor R1911 and one end of the resistor R1912, the other end of the resistor R1911 is grounded, and the other end of the resistor R1912 is connected to The power terminal P3V3 is connected, the BOOT1 terminal of the main control chip U62 is respectively connected to one end of the resistor R1913 and one end of the resistor R1910. The other end of the resistor R1910 is connected in parallel to the VSS_1 end of the main control chip U62 and then grounded. The resistor R1912 The other end of the main control chip U62 is connected to the power supply terminal P3V3, the VDD_2 end of the main control chip U62 is connected to the power supply terminal P3V3; the PB10 end of the main control chip U62 is connected in series with a resistor R1925 and then respectively connected to one end of the resistor R1904 and the field effect transistor PQ26 The gate is connected, the source of the field effect transistor PQ26 is grounded, and the drain of the field effect transistor PQ26 is respectively connected to one end of the resistor R1903 and the shutdown signal output end RCP-POWEROFF end of the CPLD control circuit (30). The other end of the resistor R1904 is connected in parallel with the other end of the resistor R1903 and then connected to the power terminal P3V3; the PB13 end of the main control chip U62 is connected in series with the resistor R1928 and then connected to the alarm signal output terminal STM_BUZZER of the CPLD control circuit (30).
[0048]Through the circuit connection between the measurement unit and the control unit provided in the second embodiment, after the credibility measurement chip of the measurement unit performs credibility measurement on the motherboard, the measurement result is sent to the CPLD control circuit of the control unit, and the CPLD control circuit measures the credibility The measurement result of the chip is transformed into a signal that controls the state of the motherboard. According to different situations, the state control signal is output to the signal input of the motherboard, so that when the measurement result is normal, the operating system can be started after the BIOS runs normally, otherwise, the motherboard enters the standby state Compared with traditional methods, alarm mode or shutdown mode can avoid entering the computer operating system directly.
[0049]Specifically, the peripheral circuit of the control unit includes: a program programming interface unit, a storage unit, and a crystal oscillator unit. The crystal oscillator unit includes a crystal oscillator Y18 and a crystal oscillator Y19; one end of the crystal oscillator Y18 is connected in parallel with a resistor R1931 and then connected to a capacitor respectively. One end of C1891 is connected to the OSC32_IN end of the main control chip U62. The other end of the crystal oscillator Y18 is connected in parallel with the other end of the resistor R1931 and then respectively connected to one end of the capacitor C1892 and the OSC32_OUT end of the main control chip U62; one end of the crystal oscillator Y19 Connect resistor R1909 in parallel to one end of capacitor C1894 and the OSC_IN end of the main control chip U62. The other end of the crystal oscillator Y19 is connected in parallel to the other end of resistor R1909 and then to one end of capacitor C1893 and the OSC_OUT end of main control chip U62. Connected; the other end of the capacitor C1891, the other end of the capacitor C1892, the other end of the capacitor C1893, and the other end of the capacitor C1894 are all grounded;
[0050]Further, the storage unit includes: a memory U63 with a model of AT24C04, the SCL end of the memory U63 is connected to the SCL end of the main control chip U62, and the SDA end of the memory U63 is connected to the SDA end of the main control chip U62, so The VCC terminal of the memory U63 is connected in parallel to one end of the capacitor C1900 and then connected to the power terminal P3V3, the other end of the capacitor C1900 is grounded, the WP terminal of the memory U63 is grounded, and the A0 terminal of the memory U63 is connected in parallel to A1 of the memory U63. The A2 terminal of the memory U63 and the VSS terminal of the memory U63 are grounded.
[0051]Further, the program burning interface unit includes: an interface J28, the B1 end of the interface J28 is connected to the A1 end of the interface J28 and then connected to the power supply terminal P3V3; the B2 end of the interface J28 is connected to the main control chip U62 The TRST end is connected, the B3 end of the interface J28 is connected to the TDI end of the main control chip U62, the B4 end of the interface J28 is connected to the TMS end of the main control chip U62, and the B5 end of the interface J28 is connected to the main control chip U62 The B7 end of the interface J28 is connected to the TDO end of the main control chip U62, the B8 end of the interface J28 is connected to the NRST end of the main control chip U62, and the B9 end of the interface J28 is connected to the main control chip The TX1 end of the U62 is connected, and the B10 end of the interface J28 is connected to the RX1 end of the main control chip U62; the A9 end of the interface J28 is connected to the DM end of the main control chip U62 in series after the resistance R1914 is connected. The A10 terminal is connected in series with the resistor R1915 and then connected to the DP terminal of the main control chip U62. The A3 terminal of the interface J28 is connected in parallel to the A4 terminal of the interface J28, the A5 terminal of the interface J28, the A6 terminal of the interface J28, the A7 terminal of the interface J28, The A8 terminal of the interface J28 is grounded.

Example Embodiment

[0052]Example three
[0053]On the basis of the first embodiment, this embodiment provides a trusted and secure terminal data processing method. The data to be processed and the security key are read, and the data to be processed is added according to the algorithm of the security key. Decryption operation, which can specifically include:
[0054]Obtain the data to be processed; cache and store the data to be processed after protocol conversion; read the security key; perform encryption and decryption operations on the data to be processed according to the encryption and decryption algorithm in the security key.
[0055]Figure 6 This is a schematic structural diagram of a data processing device for a trusted and secure terminal provided in the third embodiment of the present invention, such asFigure 6 As shown, this embodiment provides a data processing device for a trusted and secure terminal. Based on the first embodiment, the trusted processing unit 30 may include: an obtaining unit 301 for obtaining data to be processed; and a protocol The conversion unit 302, the processed data is cached and stored after protocol conversion; the arithmetic unit 303, is used to read the security key, and perform encryption and decryption operations on the processed data according to the encryption and decryption algorithm in the security key.
[0056]In the third embodiment, the acquisition unit 301 includes: a PCIE bus interface, the PCIE bus interface is connected to the terminal through the PCIE bus, and is used to acquire the data to be processed; the protocol conversion unit 302 includes: a two-way buffer interface, the The arithmetic unit 303 includes a trusted TCM chip U7 and an FPGA chip U11.
[0057]Figure 7 It is a schematic diagram of the circuit connection of the arithmetic unit in the third embodiment of the present invention, such asFigure 7 As shown, the FPGA chip U11 is composed of a chip U11A, a chip U11B, and a chip U11C; the CSO_B terminal of the chip U11A is connected to the SPIM_CS# terminal of the TCM trusted chip U7, and the CCLK terminal of the chip U11A is connected to the TCM trusted chip The SPIM_CLK terminal of U7 is connected, the MISO terminal of the chip U11A is connected to the SPIM_MISO terminal of the TCM trusted chip U7, and the CSI_B terminal of the chip U11A is connected to the SPIM_MOSI terminal of the TCM trusted chip U7; the TCM trusted chip U7 The VDD terminal is connected in parallel with one end of the capacitor C10 and then connected to the power supply terminal 3V3. The GND terminal of the trusted TCM chip U7 is grounded. The SPI_RST# of the trusted TCM chip U7 is connected in parallel to one end of the resistor R40 and then to one end of the resistor R36 respectively. One end of the capacitor C20 is connected, the other end of the resistor R40 is connected in parallel with the other end of the capacitor C20 and then grounded, the other end of the resistor R36 is connected to the power supply terminal 3V3; the SPIM_CS# terminal of the trusted TCM chip U7, SPIM_CLK terminal, SPIM_MISO terminal, SPIM_MOSI terminal, PP terminal, GPIO4 terminal, GPIO5 terminal, SPIS_PIRQ# terminal, SPIS_CLK terminal, SPIS_CS# terminal, SPIS_MOSI terminal, SPIS_MISO terminal, SDA terminal, SCL terminal correspond to PIN6 terminal of connector J7, PIN1 terminal, PIN15 terminal, PIN4 terminal, PIN14 terminal, PIN13 terminal, PIN12 terminal, PIN11 terminal, PIN10 terminal, PIN9 terminal, PIN8 terminal, PIN7 terminal, PIN5 terminal are connected, and the PIN1 terminal of the connector J7 is connected in parallel to one end of the capacitor C22 After grounding, the other end of the capacitor C22 is connected in parallel to the PIN2 end of the connector J7 and one end of the resistor R65 to the power supply terminal 3V3. The other end of the resistor R65 is connected in parallel to the anode of the light emitting diode D1 and then connected to one end of the capacitor C25 , The other end of the capacitor C25 is connected in parallel to the cathode of the light emitting diode D1 and then grounded.
[0058]Figure 8 It is a schematic diagram of the circuit connection between the acquisition unit and the protocol conversion unit in the third embodiment of the present invention, such asFigure 8 As shown, the acquiring unit 301 includes a PCIE bus interface, and the protocol conversion unit 302 includes a bidirectional buffer interface;
[0059]Specifically, the bidirectional buffer interface includes: a bidirectional data buffer interface chip U4, the PCIE bus interface includes a bus interface chip U6; the XD7 end, XD6 end, XD5 end, XD4 end, and XD3 end of the bidirectional data buffer interface chip U4 IO_LO5N_2, IO_LO6N_2, IO_LO7P_2, IO_LO7N_2, IO_L10N_2, IO_L11P, IO_LO5N_2, IO_LO6N_2, IO_LO7P_2, XD1, XD0, XA0, XRD#, XWR#, XCS#, respectively. IO_L12P_2 terminal, IO_L06P_2 terminal, IO_LO1N_2 terminal, IO_LO5P_2 terminal, IO_LO2N_3 terminal, IO_LO2P_3 terminal are connected; the VCC terminal of the bidirectional data buffer interface chip U4 is connected in parallel with one end of the capacitor C21 and then connected to the power supply terminal 3V3, and the other end of the capacitor C21 Ground, the YCS# terminal of the bidirectional data buffer interface chip U4 is connected in parallel to the GND terminal of the bidirectional data buffer interface chip U4 and then grounded; the YD7, YD6, YD5, YD4, YD3 of the bidirectional data buffer interface chip U4 Terminal, YD2 terminal, YD1 terminal, YD0 terminal, YA0 terminal, YRD# terminal, YWR# terminal respectively corresponding to the D7 terminal, D6 terminal, D5 terminal, D4 terminal, D3 terminal, D2 terminal, D1 terminal of the bus interface chip U6 , D0 terminal, A0 terminal, IORD terminal, IOWR terminal are connected; the A1 terminal and INT# terminal of the bus interface chip U6 are respectively connected to the INIT_B terminal and PUDC_B terminal of the chip U11A; the A2 terminal of the bus interface chip U6 The resistor R39 is connected in series to the XA2 terminal of the connector J8. The A3 terminal of the bus interface chip U6 is connected to the resistor R41 and then connected to the XA3 terminal of the connector J8. The A4 terminal of the bus interface chip U6 is connected to the resistor R43 in series. The XA4 end of the connector J8 is connected, the A5 end of the bus interface chip U6 is connected to the XA5 end of the connector J8 in series after a resistor R46, and the A6 end of the bus interface chip U6 is connected to the XA6 end of the connector J8 in series after a resistor R60 The A7 end of the bus interface chip U6 is connected in series with the resistor R52 and then connected to the XA7 end of the connector J8; the WAKIN# end of the bus interface chip U6 is connected in series with the resistor R63 and then connected to the WAKIN# end of the connector J8, the bus The GPO0 terminal of the interface chip U6 is connected to the XGPO0 terminal of the connector J8 in series with a resistor R67. The GPO1 terminal of the bus interface chip U6 is connected to the XGPO1 terminal of the connector J8 in series with a resistor R69. The GPO terminal of the bus interface chip U6 The resistor R70 is connected in series to the XGPO terminal of the connector J8, the RSTO terminal of the bus interface chip U6 is connected to the resistor R71 in series and then connected to the XRSTO terminal of the connector J8; the GPI1, GPI2, and FIXID# terminals of the bus interface chip U6 are connected in series. RSVD ends separately The pull-up resistor J4, the pull-up resistor J5, the pull-up resistor J1, and the pull-up resistor J3 should be connected in series and then grounded.
[0060]Picture 9 It is a schematic diagram of the peripheral circuit connection of the PCIE bus interface in the third embodiment of the present invention, such asPicture 9 As shown, the peripheral circuit storage module of the bus interface chip U6, the storage module includes: a storage chip U8 and a FLASH memory U9; the SDA end and the SCL end of the storage chip U8 respectively correspond to the SDA of the bus interface chip U6 The VCC terminal of the storage chip U8 is connected in parallel with one end of the capacitor C28 and then connected to the power supply terminal 3V3. The other end of the capacitor C28 is grounded to the GND terminal of the storage chip U8. A0 of the storage chip U8 The terminals are connected in parallel to the A1 terminal of the memory chip U8, the A2 terminal of the memory chip U8, and the WP terminal of the memory chip U8, and then ground; the SCK terminal and CS# terminal of the FLASH memory U9 correspond to the SCL terminal and the bus interface chip U6 respectively. SCS terminal is connected, the SDO terminal of the FLASH memory U9 is connected in parallel with the SDI terminal of the FLASH memory U9 and then connected to the SDX terminal of the bus interface chip U6, and the VCC terminal of the FLASH memory U9 is connected in parallel with one end of the capacitor C29 and then connected to the FLASH memory U9 The HD# end of the FLASH memory U9, the WP# end of the FLASH memory U9, and the power supply terminal 3V3 are connected, and the other end of the capacitor C29 is connected in parallel to the GND end of the FLASH memory U9 and then grounded.
[0061]The bus interface chip U6 in this embodiment is the bus interface chip of CH367, which supports I/O port mapping and expansion ROM and terminals. CH367 converts the high-speed PCIE bus into an easy-to-use 8-bit active parallel interface similar to the ISA bus. Compared with other mainstream buses, it has faster speed, better practicability and better controllability.
[0062]Picture 10 It is a circuit connection diagram of the PCIE bus interface and the PCIE bus in the third embodiment of the present invention, such asPicture 10 As shown, the bus interface chip U6 is connected to the PCIE bus P1 through its WAKE# end, PEREST# end, PECKP end, PECKN end, PERP end, PERN end, PETP end, and PETN end,Picture 11 It is a circuit connection diagram of the arithmetic unit and the universal connector in the third embodiment of the present invention, such asPicture 11 As shown, through the connector J9, the FPGA chip U11 can be connected with other external chips to realize the connection between the FPGA chip U11 and other application modules.
[0063]In the third embodiment, the key data is stored by the TCM trusted chip U7, the data to be processed is read through the PCIE bus interface, and the data is encrypted and decrypted by the FPGA chip U11. All key storage and algorithm operations are in the hardware It has a simple structure, can effectively improve the reliability and security of the entire trusted computer, and has strong practicability.
[0064]The invention can be applied to multiple platforms through the circuit connection between the acquisition unit, the protocol conversion unit and the arithmetic unit. Compared with the traditional method, the interface of the TCM trusted chip U7 is expanded and the universality is strong.
[0065]Further, in the third embodiment, the FPGA chip U11 is an FPGA chip of model XC3S50A, the memory chip U8 is a data memory of model 24C02, and the FLASH memory is a serial programmable memory of model AT25F512 .

PUM

no PUM

Description & Claims & Application Information

We can also present the details of the Description, Claims and Application information to help users get a comprehensive understanding of the technical details of the patent, such as background art, summary of invention, brief description of drawings, description of embodiments, and other original content. On the other hand, users can also determine the specific scope of protection of the technology through the list of claims; as well as understand the changes in the life cycle of the technology with the presentation of the patent timeline. Login to view more.

Similar technology patents

A layering and partially filling coal mining method of thick seams

InactiveCN104832178Aimprove securityLower filling costs
Owner:CHINA UNIV OF MINING & TECH

Nano metal silver antibiotic paint and its preparing method

InactiveCN1616559Aimprove security
Owner:RESEARCH INSTITUTE OF TSINGHUA UNIVERSITY IN SHENZHEN

Cloud data security protection method

InactiveCN104767745Aimprove securitySolve user privacy leakage
Owner:INSPUR GROUP CO LTD

Classification and recommendation of technical efficacy words

  • Simple structure
  • improve security

Sharing system for air-conditioning coat

InactiveCN107440179ASimple structureeasy to wear
Owner:QINGDAO HAIER AIR CONDITIONER GENERAL CORP LTD

Feeding device of sorter of batteries plate

InactiveCN101357717ASimple structurecooperate well
Owner:NANJING NORMAL UNIVERSITY

Emergency parachuting device and method for multiple-rotor unmanned aerial vehicle

InactiveCN103895870Aavoid aircraft crashSimple structure
Owner:SOUTH CHINA AGRI UNIV +1

Quick pipe connector

Owner:YANG RICHARD

Pesticide micro-capsule granules and preparation method thereof

InactiveCN102100229Alow toxicityimprove security
Owner:联合国南通农药剂型开发中心 +1

Method for achieving user authentication by utilizing camera

InactiveCN103678984Aimprove securityGuaranteed picture quality
Owner:湖北微模式科技发展有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products