178 results about "Integrity measurement" patented technology

According to one embodiment of the invention, a method comprises conducting a first integrity measurement to produce a first integrity measurement event. Thereafter, an integrity time stamp associated with the first integrity measurement event is created. The integrity time stamp is used to identify the actual time when the first integrity measurement event was produced.

The invention discloses an embedded platform guide on a creditable mechanism, i. e.: placing the embedded platform and a TPM together, and using the TPM to support safety and creditability of the embedded platform; In accordance with the creditability completeness measuring roots and prior to running of the CPU of the embedded platform, the TPM carries out completeness verification for the Bootloader and the operation system which are stored in the embedded platform to ensure that the software executable codes in the platform startup chain is not modified, and then permits the CPU of the embedded platform to read the Bootloader for startup; and the TPM controls the startup process and measures completeness and reliability of the appointed external devices as well as initializes the external devices. The invention is used for completeness measuring of the Bootloader executed at the platform in accordance with the creditability chain structure, ensuring good completeness of the Bootloader, and realizing a reporting mechanism in a creditable environment with a TPM monitoring.

A method and system for verifying authenticity of an application in a computing-platform operating in a Trusted Computing Group (TCG) domain is provided. The method includes computing one or more integrity measurements corresponding to one or more of the application, a plurality of precedent-applications, and an output file. The output file includes an output of the application, the application is executing on the computing-platform. Each precedent-application is executed before the application. The method further includes comparing one or more integrity measurements with re-computed integrity measurements. The re-computed integrity measurements are determined corresponding to one or more of the application, the plurality of precedent-applications, and the computing-platform.

A platform for verifying the validity of changes to dynamic data modifiable during the runtime execution of an agent. In one embodiment, a management mode of a processor uses key information to generate a signature for a set of dynamic data, the signature to verify the validity of the state of the dynamic data to an integrity measurement agent.

The invention discloses a method for designing trusted firmware of a domestic BMC chip. The method adds a trusted function module to the guide layer, kernel layer, middleware and software layer of the BMC firmware, and updates the kernel program during the BMC power-on and start-up process. , application program and BIOS key code to measure the integrity to ensure the integrity of the program, thus establishing a trusted execution environment for the system platform. The method of the present invention measures the integrity of each functional component during the start-up operation of the BMC, ensures the integrity of the program and does not have malicious codes implanted, establishes a complete chain of trust in the BMC start-up process, and ensures the reliability of the system platform execution environment. This will help improve the core competitiveness of domestic BMC chips.

The invention discloses a digital content trusted usage control method based on cloud computing. The system framework comprises a multimedia server, a mobile terminal, a verification agent server, a certificate and license server, an integrity measurement reference and security policy database and a trust measurement log, wherein the mobile terminal uses the multimedia digital content on the multimedia server through a graphical user interface of a DRM (digital rights management) controller; a multimedia server platform runs the DRM controller and performs usage control on the DRM controller through a DRM license; the mobile terminal and the multimedia server determine a verification agent through negotiation; and by adopting a remote proof method and a bidirectional integrity verification security protocol, which support the verification agent, the bidirectional trust relationship between the multimedia content provider and the terminal user is guaranteed, and the secrete privacy data on the terminal equipment of the user is protected as well. In the invention, as the DRM controller is configured on the multimedia server, the possibility of malicious attack such as breaking, tampering and the like, performed by an illegal user, is avoided.

Techniques are described for providing processor-based dedicated fixed function hardware to perform runtime integrity measurements for detecting attacks on system supervisory software, such as a hypervisor or native Operating System (OS). The dedicated fixed function hardware is provided with memory addresses of the system supervisory software for monitoring. After obtaining the memory addresses and other information required to facilitate integrity monitoring, the dedicated fixed function hardware activates a lock-out to prevent reception of any additional information, such as information from a corrupted version of the system supervisory software. The dedicated fixed function hardware then automatically performs periodic integrity measurements of the system supervisory software. Upon detection of an integrity failure, the dedicated fixed function hardware uses out-of-band signaling to report that an integrity failure has occurred.

The dedicated fixed function hardware provides for runtime integrity verification of a platform in a secure manner without impacting the performance of the platform.

A wireless local area network trusted security access method includes five steps of an access activation stage, an access request stage, a certificate authentication request stage, a certificate authentication response stage and an access response stage. Integrality measurement of terminals is achieved by using an integrality measuring chip, identity authentication is achieved by using a digital certificate technology, and negotiation of session keys is achieved by using a certificateless public key system. According to the wireless local area network trusted security access method, integrality authentication, identity authentication and key negotiation processes are fully integrated, only five times of interactions are required for achieving access processes, and the method is high in security and simultaneously capable of saving system overhead.

The invention relates to a security terminal reinforcing model and reinforcing method of a tolerable non-trusted component, which can ensure the security of the computing environment of the terminal equipment in an access network. A universal serial bus (USB) integrated embedded trusted system is used as a trusted root of a terminal; the behavior control of the non-trusted component is realized based on a virtual machine; the trusted computing software supporting a white list mechanism ensures that services and applications listed in the white list mechanism can be started without integrity measurement to tolerate the loading and the running of the non-trusted component; and especially, under the condition that the component running on the terminal is not trusted, the predictability and the controllability of the final result are ensured, the confidentiality of the related information when the access terminal accesses the network is ensured, and the confidentiality and the integrity of the local information of the terminal are ensured. The invention is matched with the existing trusted computing and other information security technologies to construct a terminal computing environment with a predictable security result.

The invention discloses a space information network roaming and trusted security access method. The space information network roaming and trusted security access method includes a node registration stage, a request access stage, an identity authentication stage, an integrity verification stage and a key generation stage. Session key negotiation among terminal access nodes MN and a non-local security domain authentication server FA is completed, procedures of the integral space information network roaming and trusted security access method are completely completed at the moment, mutual identity authentication and integrity measurement among the terminal access nodes MN and the non-local security domain authentication server FA are implemented, and the terminal access nodes MN, the non-local security domain authentication server FA and a local security domain authentication server HA participate in the session key negotiation among the terminal access nodes MN and the non-local security domain authentication server FA. The space information network roaming and trusted security access method has the advantages that the interaction round number is low, session keys are high in security, a trusted computing related technology is utilized, the integrity of the terminal access nodes can be measured, and the problem of easy network attack due to poor integrity and trustworthiness of terminals can be solved.

The invention discloses an application program integrity verification method for an embedded platform supported by a star trust chain. The embedded platform is provided with a TPM realized by an independent hardware which is taken as a trusted measurement of the whole platform, and the TPM uses a hardwire to control the operation of the embedded platform; the inside of the TPM is integrated with a trusted computing root, a trusted storage root and a trusted report root by adopting a physical mode so as to have physical protection on the TPM and a connecting circuit; and the TPM forms star trust relationship with the embedded platform Bootloader, an operating system kernel and a root file system. The method is characterized in that an integral application program which needs trust expansion in the root file system is subjected to trusted measurement by the trusted computing root of the TPM, and an obtained trusted measurement value is saved in the trusted storage root of the TPM; and the application program is subjected to integrity measurement during the starting of an operating system, then an obtained measurement value is compared with the trusted measurement value, and the integrity verification of the application program passes if the obtained measurement value is consisted with the trusted measurement value, otherwise, the integrity verification fails.

The invention discloses a trusted network access method and a trusted network access system for a mobile terminal, and belongs to the technical field of trusted network access. The method comprises the following steps that: 1) the mobile terminal loads an integrity measurement collector and detects the integrity of the integrity measurement collector, and a policy decision point loads an integrity measurement verifier and detects the integrity of the integrity measurement verifier; 2) the mobile terminal transmits a network access request to a policy enforcement point; 3) after receiving the network access request, the policy enforcement point transmits a network access judgment request to the policy decision point, and authenticates the user identity of the mobile terminal; 4) after the user identity passes authentication, platform identity authentication is performed between the policy decision point and the mobile terminal, the policy decision point and the mobile terminal mutually authenticate system integrity, and a platform trust relationship between the policy decision point and the mobile terminal is established; and 7) the policy decision point transmits a suggestion indicating whether to access the policy enforcement point according to the platform trust relationship, and the policy enforcement point authorizes network access permission to the mobile terminal according to the suggestion. By the method and the system, network resources can be well protected.

The invention relates to a method for supporting the integrity measurement of boot files in trusted virtual domain of a zero-downtime machine. Management tool and boot manager of the virtual domain in privilege domain are modified to realize that the integrity measurement of the system boot files in the trusted virtual domain is just carried out when the system boot files are loaded, therefore, the safety and extensible problems for carrying out the integrity measurement of the system boot files in the trusted virtual domain when booting computer are overcome and the system flexibility are improved, and the arrangement of the trusted virtual domain including re-customizing or updating kernel system of virtual domain can be carried out dynamically during running process of computer, and data service of other virtual domain in the same hardware platform is not interrupted when booting trusted virtual domain. The measurable boot files comprise configuration files of virtual domain, boot configuration files of virtual domain and the files that are needed to be measured are designated by the boot configuration files of virtual domain. The method can cooperate with other trusted computing technology in virtual environment to build a complete virtual domain boot trusted chain.

The invention provides a dependable computing based process control method. The process control method includes that a system is powered and a BIOS (basic input/output system) is started; the BIOS drives an operating system bootstrap program to start; the bootstrap program drives an integrity measurement module in an inner nuclear layer to start; the integrity measurement module drives a process control module in an operating system layer to start; the process control module is used for judging ordinary files, critical files and dynamic resources in process; the process control module and the integrity measurement module are used for controlling the ordinary files, the critical files and the dynamic resources to realize protection of the program. By the method, the files related to process operation are subjected to protection based on the dependable computing platform hardware algorithm, static files and the dynamic files are protected, permission of accessed files and mapping relation label pages are defended, and protective means are stereo and include the aspects of direct encryption storage, and inputting credibility quantity into a dependable computing platform register and the like, so that the process can be effectively controlled.

The invention provides a method and server for integrity measurement based on BMC and TCM. The method comprises: building connection between baseboard management controller BMC and BIOS through the SPI bus, building connection between BMC and trusted cryptography module TCM through the LPC bus and storing SM3 hash algorithms and reference values in the TCM; the BMC collects key codes in the BIOS through the SPI bus; the SM3 hash algorithms stored in the TCM are called through the LPC bus for measuring the key codes to obtain measurement values; determining whether the measurement values are consistent with the reference values stored in the TCM; if the measurement values are consistent with the reference values, sending control signals to the CPU to control the power-on of the CPU and transmitting a trust chain to the key codes in the BIOS; otherwise, forbidding the start of the CPU. The technical scheme of the invention realizes trust deliver.

The invention relates to a power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission, which carries out credible transformation to a power transmission and transformation equipment state monitoring system through identity authentication, platform authentication, integrity measurement, trust chain transmission and other methods. A credible authentication service, an access actuation server and a centralized regulation server are deployed in a main station, and a monitoring terminal, a state information access controller, a state information access gateway machine and a state monitoring proxy are transformed into a credible monitoring terminal, a credible state information access controller, a credible state information access gateway machine and a credible state monitoring proxy, so that the whole monitoring system is constructed into a credible system. The system can effectively prevent malicious program attack, malicious code injection attack, physical data theft, network tapping, sniffing attack and the like, and protect the security of the monitoring system and an internal power grid system; and the invention also provides a trust chain transmission model which is used for proving that under trust chain transmission, as long as each level of a trust chain is credible, the whole system is credible.

The invention relates to a creditability detection method of a computer. The method comprises the following steps of: building an annular trust chain, wherein the annular trust chain has end points which sequentially are a trusted cryptography module (TCM), a boot block of a basic input output system (BIOS), a main block, an operating system (OS) loader and an OS kernel; initializing integrity measurement from any one of the end points on the annular trust chain, and sequentially carrying out the integrity measurement along a clockwise direction or an anticlockwise direction of the annular trust chain until the measurement of all end points on the annular trust chain is finished; and after the measurement of the last end point which is subjected to the integrity measurement is finished, transmitting trust to the TCM, and finishing a final creditability report of a computer platform by the TCM. By the creditability detection method of the computer, the safety and validation flexibilityof the computer platform are improved, the maintenance updating cost of a computer system is reduced, and the expansion of the computer system can be facilitated.

The invention discloses a credible embedded system on the basis of a safety module and aims to solve the technical problem of improving the safety of the existing embedded equipment. The credible embedded system disclosed by the invention comprises embedded equipment and the safety module. The embedded equipment is physically connected with the safety module by a serial bus, wherein the embedded equipment is an embedded system platform for implementing specific functions; and the safety module uses a FPGA (Field Programmable Gate Array) SOC (System On Chip) as a core and is used for providing functions of encryption and decryption operation of data, integrity measurement and the like for the embedded equipment and improving the safety of the embedded equipment in the process from start to operation. Compared with the prior art, an additional program storage is not added for the embedded equipment; an original hardware structure of the embedded equipment does not need to be changed; the safety module has simple circuit composition; and the credible embedded system has strong flexibility and simple application mode, is easy to implement and has general applicability.

The invention provides a method for establishing a trusted environment in a power distribution terminal. A trusted chip is added in the power distribution terminal to be used as a hardware trust root, pre-configured integrity reference values are stored inside, and then a secure startup module is added in a system to be used as an initial operation module of the system. During startup of the system, integrity measurements are performed on a system state and a critical system image, so that the integrity of the operation system on the power distribution terminal is protected, trust is established, the trusted operation environment can be established finally, the ability of malicious software to destroy the integrity of the system is restrained from the source, and the security level of the system of the power distribution terminal is increased.

The invention discloses a system for dynamic cross-domain access control based on trusted network connection. The system comprises a trusted network access requester, a network access decision-maker and a network access controller, wherein the network access decision-maker moves the requester into different safety trusted domains according to the state of the network access requester, so as to achieve dynamic cross-domain access control. The invention further discloses a method for dynamic cross-domain access control based on trusted network connection, and according to the method, platform identity authentication and integrity measurement are carried out by using a domestic TCM chip to rank the network according to safety trusted levels, and the access of the network by a terminal is limited according to the terminal identity authentication and integrity measurement results. According to the invention, dynamic cross-domain access control is set up on the basis of trusted network connection, and the terminal is put in the network domains of different safety levels in a dynamic manner according to the safety trusted status of the terminal in time, so that the safe and trusted access of the network is guaranteed.

The invention discloses a safe remote loading method of an operating system. The safe remote loading method comprises the following steps: (1) a legality verification step of a computer to be subjected to loading; (2) a remote loading step of the operating system; (3) an integrity measurement step of the operating system in a loading process. Aiming at the problem that current security software cannot process operating system-level malicious programs, the integrity of the operating system can be measured before the operating system is started up, so that the environment security before startup is guaranteed.

An apparatus and methods that use trusted platform modules (TPM) to perform integrity measurements of multiple subsystems are disclosed. The state of platform configuration registers (PCRs) after boot up are stored as the base state of the system. In another embodiment, an application that is to be verified requests that its state be extended from the base state of the system. When such a requestis received, the state of the system is extended directly from the base state PCR contents and not from the system state. In another embodiment, a virtual PCR is used, where such a virtual PCR uses alarger memory space than a conventional TPM provides for a physical PCR, by use of encrypted storage on external, protected memory.

The invention provides a method for BMC reliable configuration with an access control function. A reliable function module is added in a BMC Web management interface; the reliable function module is started; a standard value is configured; a reliable state of BMC firmware is presented; and a BIOS reliable state is presented. During electric starting of BMC, integrity measurement is conducted on the BMC firmware and BIOS key codes, so that program integrity can be ensured, and thus a reliable execution environment of a system platform can be established. In this way, the BMC can be consolidated; the integrity measurement is conducted on the BMC firmware and the BIOS during the BMC start running, so that program integrity can be ensured, and implantation of malicious codes can be avoided; a complete trust chain of the BMC start course is established; and reliability of the execution environment of the system platform is ensured.