CN102402657A - Apparatus and method for enabling applications on a secure processor - Google Patents
Apparatus and method for enabling applications on a secure processor Download PDFInfo
- Publication number
- CN102402657A CN102402657A CN2010102862832A CN201010286283A CN102402657A CN 102402657 A CN102402657 A CN 102402657A CN 2010102862832 A CN2010102862832 A CN 2010102862832A CN 201010286283 A CN201010286283 A CN 201010286283A CN 102402657 A CN102402657 A CN 102402657A
- Authority
- CN
- China
- Prior art keywords
- application
- processor
- safe
- different
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 57
- 238000011068 loading method Methods 0.000 claims description 24
- 238000003860 storage Methods 0.000 claims description 14
- 230000008878 coupling Effects 0.000 claims description 8
- 238000010168 coupling process Methods 0.000 claims description 8
- 238000005859 coupling reaction Methods 0.000 claims description 8
- 238000004321 preservation Methods 0.000 claims description 8
- 101150060512 SPATA6 gene Proteins 0.000 description 87
- 238000012545 processing Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 6
- 238000009434 installation Methods 0.000 description 4
- 238000004519 manufacturing process Methods 0.000 description 4
- 230000008859 change Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
A method and apparatus for enabling applications in a secure processor of a computer system. In one aspect, a secure processor apparatus includes a processor and a memory coupled to the processor and operable to maintain a secure table. The security table holds different approved endorsement keys and different values, each value associated with an endorsement key. Each saved value is obtained from a different application to be authorized by the associated endorsement key to be executed from the processor.
Description
Technical field
The present invention relates to protect safely computer data, relate in particular to the safe processor that is used to realize security feature that provides in the computer system.
Background technology
Very be concerned about the security of the information of preserving on the computer system.Implemented many different techniques guaranteeing these information, these technology relate to the required Secure Application software of from computer system, installing of visit information to hardware keys.
Another kind guarantees that the method for information security is known as credible platform module (TPM) standard from Trusted Computing group (TCG).In this standard; The standard chips collection that comprises microcontroller able to programme is provided on the circuit board of computing machine in manufacture process; And this standard chips collection is used to preserve the information of desired protected computer system and guarantees its safety, promptly enables effective Trusted Computing characteristic.The security framework that in microcontroller, moves (that is function and application routine interface (API)) can be called as TPM.TPM can provide various characteristics, the ability that comprises random number generator, is used for the facility that generates safely of cryptographic key and limits the use (for example, signature and checking and/or encryption and deciphering) of key.
When ecommerce, E-government and e-business were grown up along with the threat increase of the network crime, the counter-measure that technology safe in utilization is come protected data and authenticating identity and transaction had appearred.The information processed technology owner expectation that relates to these identity and transaction is used for they self environment and threatens the particular encryption algorithm that overview customized.The special characteristic group implementation that they expect to use the TPM that is associated with the AES of expecting is with the end-to-end system of supporting them and the required safe class of operation model.For example, the general TPM of standard can use special group the AES that comprises advanced encryption standard (AES).Yet special NGO can use other algorithms that are different from AES, such as the Chinese Government of Russian government that uses GOST (Gosudarstvennyi standard) to encrypt or use SMS4 encryption.The algorithm of themselves that uses then that they do not hope to disclose to the public such as its hetero-organizations such as American National security bureaus.
This different demands of different objects typically need each TPM chipset all distinguishingly to be customized according to the desired security architecture of his specific end user and algorithm.Therefore, the different security framework of implementing specific Hash and AES and other functions will be loaded on different TPM chipsets consigning to the terminal user before.This need make different TPM chips to each different user's standard, and this will greatly increase the manufacturing cost of TPM and the user that brings thus installs the cost aspect such security in their system.
In addition, the existing implementation of TPM chip does not allow the TPM framework from microcontroller, to be unloaded safely to allow to load at chip other application, and they do not allow the unloaded TPM framework of latest edition is re-loaded in the chip safely yet in addition.
Correspondingly, expect a kind of flexibly and the method for microcontroller able to programme safe in utilization safely, supporting various security architectures and their AES, and these are included in the middle of the emulation of different instances of TPM hardware.The invention solves the demand.
Summary of the invention
The application's invention relates to the application that the safe processor in computer system provides.In one aspect of the invention, a kind of method of safe processor that provides comprises a plurality of values of reception, and each value is used to discern the different application that can on said safe processor, carry out.Come the related different endorsement key of checking and approving and each value that receives through preserving endorsement key and said a plurality of values in the storer that can visit at said safe storage, wherein use the endorsement key of being preserved and in the relating value at least one to allow in the execution different application on said safe processor.
In another aspect of this invention, a kind of safe handling apparatus comprises: processor be connected in said processor and operationally preserve the storer of security table.Said security table has been preserved a plurality of different endorsement key of checking and approving and a plurality of different values, and each value is associated with an endorsement key, and wherein the value of each preservation is to obtain through the different application that the related endorsement key that will be carried out by processor is checked and approved.
In another aspect of this invention; A kind of method of application that in safe processor, provides safely comprises: be received in the request that loads the application of being asked in the said safe processor; Relatively through handling at least one in value that the application asked obtains and a plurality of save values of in the storer of said safe processor, the preserving, wherein the coupling between the value of save value and acquisition is represented that the application of being asked is checked and approved in said safe processor and is carried out.If discovery is mated then in safe processor, is carried out the application of being asked between value that obtains and save value.
In another aspect of this invention, a kind of computer system comprises: the input equipment to the input of computer system that receives from the user operationally is provided, and said input equipment comprises and is used to discern the user's security input equipment.Safe processor is connected in said input equipment, operationally receives input and moves the application of checking and approving for said processor from the user.Storer is connected in said safe processor, operationally preserves security table, and said security table is preserved a plurality of different endorsement key of checking and approving and a plurality of different Hash value.Each cryptographic hash is associated with an endorsement key, and wherein each cryptographic hash is to obtain from the different application that the related endorsement key that will be loaded into the processor is checked and approved.Different application comprises each all realizes different security architectures in safe processor different security architectures application.
The invention provides the safe processor of the dirigibility aspect various security architectures of checking and approving of support and their algorithm, and allow the user to be chosen in the application of carrying out in the processor.This permission provider produces a kind of processor of numerous requirements of different users of can meet the expectation different frameworks of use and algorithm.The present invention also allows to use and is unloaded and be loaded into the safe processor from safe processor, and installs and be used for safe processor, thereby has kept the security and the latest update of using.
Description of drawings
Fig. 1 shows the block scheme that is applicable to computer system 10 of the present invention;
Fig. 2 be can with nonvolatile memory that the safe processor of Fig. 1 links to each other in synoptic diagram that preserve, security table of the present invention;
Fig. 3 shows and is used to the process flow diagram that the user prepared and provided the method for the present invention of safe processor;
Fig. 4 shows the process flow diagram that is used for application is loaded into the method for the present invention of safe processor; And
Fig. 5 shows the process flow diagram of the method for the present invention that is used to install the employed new application of safe processor.
Embodiment
The present invention relates to protect safely computer data, relate in particular to the safe processor that is used to realize security feature that provides in the computer system.Following embodiment is provided so that those of ordinary skills can make and use the present invention, and considers that the context of patented claim and demand thereof provides embodiment.For preferred implementation described herein and total principle and the modification of characteristic will be tangible to those skilled in the art.Therefore, the present invention and should not be limited to shown in embodiment, but comprise and described principle and the corresponding to maximum magnitude of characteristic here.
Particular system and method to provide in the specific implementations come mainly to have described the present invention.Yet, one of ordinary skill in the art will appreciate that and operate these method and systems in other embodiments effectively.For example, computer system embodiment used in the present invention can adopt several kinds of different forms.
In order to describe characteristic of the present invention more especially, please combine Fig. 1 to Fig. 5 with reference to following discussion.
Fig. 1 shows the block scheme that is applicable to computer system 10 of the present invention.System 10 is any computer systems that have in the various ways.For example, computer system 10 can be mainframe computer, desk-top computer, workstation, portable computer or electronic equipment.System 10 comprises such as from the credible platform module security architectures such as (TPM) of Trusted Computing group (TCG) or be applicable to other security systems of the present invention, does not receive undelegated visit and manipulation with data and the functional safety of guaranteeing system 10.System 10 comprises importation 12, security 14 and standard part 16.
Importation 12 can comprise and allows the user to system's 10 input data and the authenticated multiple different input equipment to the identity of system.For example, in shown embodiment, comprise card reader 20, keyboard 22 and/or fingerprint reader 24 in the system 10.Card reader 20 can read such as processor cards such as smart cards, and it comprises the security information of the related information that is used to discern the user and preserve the user.Keyboard 22 can be used to input identification user's password.Fingerprint reader 24 can read unique fingerprint pattern of user with the identification user.Therefore these input equipments can be used to the authentification of user purposes, with the secure data in the user capture system 10 that allows to have authorized.Whether here, term " user " is meant any user of system 10, no matter authorize.Term in the TPM standard " owner " is meant the user who loads specific TPM framework and have the highest authentication of this framework of visit.
The security 14 of system 10 only is used for guaranteeing data and the application by user capture of having authorized and using system.In described embodiment, the programmable security processor 26 that comprises in the system is (also can be used for other functions in certain embodiments) that are exclusively used in security function.Processor can be carried out the various application that in processor, load.Processor 26 has typically been realized " security architecture ", and it here is called as by the security architecture that loads in the processor 26 uses special security feature and the function (for example, API function, algorithm) that realizes in determined, the system 10.Usually in the present invention can software mode emulation with the instance of hard-wired security architecture, so that processor 26 is supported different frameworks.
For example, processor 26 can be realized the TPM security architecture, and this is to be used to guarantee Computer Data Security and known standard.The TPM framework can on the mainboard that is included in computing machine by manufacturer or other circuit, safety, realize on the special chip collection.In other embodiments, the TPM framework can be realized on another existing chip of computer system 10.Other embodiment also can use different standards or entitlement security architecture to realize security feature.The exemplary secure function of TPM comprises that random number generates, the ability (such as signature and checking) of the use of the safe generation of encryption key, safety storing, restriction key and/or encrypt and deciphering.For example, in one embodiment, processor 26 can be the H8 processor of Java card open platform (JCOP) operating system of operation IBM Corporation, a kind of well-known operations system that realizes being applicable to many security features of the present invention.TPM use can be loaded in the middle of the processor 26 and by the enforcement of JCOP operating system to enable security architecture.
In addition, on processor 26, also can load and move other application that do not realize security architecture.The dependence of the application of the particular safety framework that reference is loading in processor 26, these application can be carried out " binding " with specific security architecture.This characteristic will be explained in more detail further below.
In the present invention; Will explain in further detail as following; Nonvolatile memory 28 is preserved the application security table of authentic cryptographic hash and endorsement key (endorsement key) whether that is used for confirming being loaded into processor 26, and enables to reach neatly various security architecture and the program of supporting safely in the processor 26.Storer 28 is also preserved other secure datas about the security function of the security architecture of carrying out processor.Nonvolatile memory among some embodiment also can be used for preserving the application that loads in the security architecture that loaded and/or the processor 26.
In other embodiments, extra storer (not shown) can be connected with processor 26, is used to preserve the security architecture that has loaded, the application that has loaded or other programs.For example, can connect safe random access storage device (RAM), extra nonvolatile memory etc.
The standard part 16 of system 10 can be connected and comprise the residue standardized component of system with processor 26.Such parts typically comprise the machine element of microprocessor or CPU 30, storer 32 (random access storage device (RAM), ROM (read-only memory) (ROM) etc.), output device 34 (video monitor, audio tweeter, printer etc.) and other types.Microprocessor can with the operation of memory devices and miscellaneous part interface with control system 10, comprise and carry out data manipulation, calculating, I/O and other typical functions.
Also can typically comprise such as memory devices such as hard disk drive 36, will be to preserve by the data and the application of system's 10 uses.In the present invention, utilize to encrypt and other safety methods, on memory device 36, preserve the Secure Application and the application such as other application of processor 26 that will be loaded in the middle of the processor 26 safely with microprocessor 30 uses.In other embodiments, place of hard disk drive also can be used different storage devices 36, such as storer, tape, optical memory (CD-ROM, DVD-ROM) etc.In said embodiment, the standard part 16 of system 10 is connected with processor 26, and importation 12 is connected with processor 26, thereby can at first be used for authentication and security by security 14 inspections to the input that part 16 provides.
Fig. 2 be about with nonvolatile memory 28 that safe processor 26 is connected in the synoptic diagram of the security table of the present invention 50 preserved.Table 50 can be preserved about allowing the approved information that is performed on the processor 26 and confirms to load and to carry out any security architecture that is applied in.
In said embodiment, table 50 comprises a large amount of endorsement key (EK) value 52.For example, in the TPM standard, endorsement key (for example, during manufacture in generate at random for the TPM framework) is used to allow the execution of Secure Transaction and is identified in the real TPM framework that will be loaded in the processor 26.Endorsement key is to comprise that the key of publicly-owned key and private cipher key is right; The privately owned part of endorsement key is stored in the table 50.Optional, the publicly-owned and privately owned part of endorsement key is stored in the table 50.Although term " endorsement key " is used in the TPM standard of using in the TPM framework, this term can generally be used for the similar use of any standard here and can use with any application.
After having generated the endorsement key of using, provider's (or entity of other authentications) issued certificate, this certificate comprises the publicly-owned part of endorsement key and is provided for discerning the information of the application that is associated with endorsement key.For example, this information can be the cryptographic hash of using, or also can describe application (for example, use about security architecture, specify employed algorithm etc.).Provider utilizes the privately owned part signing certificate of provider key, and whether this allows the publicly-owned part of provider key to be used to authentication certificate information is real whether reaching from provider.Therefore, for example, whether the TPM framework that the test of the associated group of certificate encryption and decryption algorithm capable of using has been discerned is the TPM framework of particular type.
In the present invention, a plurality of endorsement key values 52 of a plurality of endorsement key can be stored in the table 50, are loaded in the processor 26 to allow any one in a plurality of different security frameworks or the application.Each endorsement key in the table 50 all be unique and with the certificate of distribution in be appointed as application-specific use be associated.
Table 50 also can be preserved cryptographic hash 54, and wherein each cryptographic hash all is associated with the endorsement key value 52 of corresponding preservation.Cryptographic hash 54 is the results to the hash function of the encryption of certain applications and/or data application, and discerns the application/data behind the Hash uniquely.By provider the cryptographic hash expression applications/data that are associated with endorsement key value 52 have been authorized to and have checked and approved in processor 26 use.The specific hash algorithm that is used for generating the cryptographic hash of row 54 is associated with employed particular safety framework, and depends on this employed particular safety framework.
For example, the provider of processor 26 of the present invention can preserve the endorsement key value in table 50, wherein each in the endorsement key value all be used for authorizing and the certificate of the employed dissimilar security architecture of given processor 26 is associated.Provider also can preserve manufacturer authorized and check and approve be used for that processor 26 preserves the cryptographic hash of application of endorsement key.In addition, the user's new endorsement key that can in table 50, preserve new cryptographic hash and/or be associated with the certificate of user's signature.These characteristics will be explained in more detail further below.
Fig. 3 shows the process flow diagram that is used to prepare and provide the method for the present invention 70 of user's security processor 26.Method 70 is by the manufacturer of processor 26 or can provides the authorized entity of approved endorsement key in the processor 26 to use; Manufacturer that all are such or authorized entity are collectively referred to as processor 26 " provider ".
Method starts from 72, and in step 74, provider receives the user's (for example, client) who hopes use processor 26 cryptographic hash.Any associated data that on behalf of certain applications (using such as security architectures such as TPM application) and expectation, each cryptographic hash all be loaded in the safe processor 26 and move above that.Each cryptographic hash all utilizes hash algorithm unknown for provider to obtain; Therefore, the realization of using and using employed algorithm is unknown for provider, and certain user is desired just for this.Optional, the applications hash algorithm that provider also can be supported by processor 26 expectation is to obtain some or whole cryptographic hash.
In step 76, provider with each different Hash value with by processor 26 be this cryptographic hash (for example, can by processor 26 signature, be used to form the right random number of endorsement key) endorsement key that generates is associated, and preservation endorsement key and cryptographic hash.The publicly-owned part of endorsement key can be provided in the certificate of authentication agency issues.For each different Hash value, in the security table 50 of the secure non-volatile memory 28 that links to each other with processor 26, preserve endorsement key value and the cryptographic hash that is associated.The endorsement key value of being preserved can be the privately owned part (or optional, publicly-owned part or two parts) of endorsement key.Each endorsement key can be different for cryptographic hash; Or, in optional embodiment, can use identical endorsement key for a plurality of cryptographic hash list items.Each cryptographic hash of preserving is used to discern the desired different application of user; If two or more users provide identical cryptographic hash in step 74, then be applied in and only need preserve a cryptographic hash and endorsement key in the table 50 for that.In certain embodiments; The different instances of identical application (for example can provide the different Hash value; When having different settings, data etc.), thus each different instance can have that in security table 50, preserve, corresponding different cryptographic hash and endorsement key list item.The application of binding with the particular safety framework can be illustrated in through any one of several different methods has the sort of relation in security table 50; For example; Bind to use to have and comprise that security architecture uses the required link or the cryptographic hash of pointer, or other positioning indicator or pointer etc.In certain embodiments, in each list item of security table 50, preserve extra identifier, it is used to mate list item and the application of being asked, and this will be described below.
In step 78, provider provides processor 26 (or making processor 26 be provided for the user) to the user.Processor 26 can be included in and offer in the middle of the user's computer system 10.The user can be subsequently loads he or her desired application in processor 26, like what describe in further detail with reference to figure 4.In step 80, processing subsequent is accomplished.
In certain embodiments, provider also can preserve the extra endorsement key value of checking and approving in table 50, and it is not associated with any cryptographic hash as yet.This makes the user can load the cryptographic hash of he or herself and it is associated with the endorsement key of being preserved, check and approve.In certain embodiments, provider also can allow the user in table 50, to preserve the endorsement key and the cryptographic hash of he or herself.
Utilize the method for Fig. 3, the present invention allows provider that the safe processor in the computer system is provided, and does not make provider know the specific realization and/or the algorithm that are loaded into the application in the processor 26.The user need not to provide user expectation realizes in the security architecture of expectation or with the application or the algorithm of any reality of the security architecture that is used to expect, and only need provide cryptographic hash to provider.Through each application cryptographic hash and endorsement key are associated, this has realized that provider's authentication has licensed to the application that processor 26 uses.
The present invention allows provider saves provides different processor 26 in the security architecture for each desired type of the client of provider manufacturing cost.Provider can be the security architecture (or other application) of number of different types and preserves cryptographic hash and endorsement key; Wherein carry out Hash and make the user can select he or her desired framework, this correct cryptographic hash and endorsement key in will matching list 50 through when loading, security architecture being used.Provider can provide identical processor 26 to all users thus, and makes the special algorithm that the user selects desired security architecture or application and is associated with this application.
Fig. 4 shows the process flow diagram that is used for application is loaded into the method for the present invention 100 of safe processor 26.The application that moves in the operating system of processor 26 capable of using is through processor 26 implementation methods 100 (with following method 200).Optional, the hardware capable of using (circuit, logic gates etc.) or the combination of hardware and software come implementation method 100 and/or 200.On computer-readable medium, preserve and realize all or part of programmed instruction of the present invention; And can be to this computer-readable medium visit; This computer-readable medium is such as being electronics, magnetic, optics, electromagnetism, infrared or semiconductor medium, and such example comprises storer (random access storage device (RAM), ROM (read-only memory) (ROM) etc.), hard disk drive, CD (CD-ROM, DVD-ROM etc.).
Method starts from 102, and in step 104, processor 26 receives and is used for the request of load application in the middle of the processor 26.Typically, this is used and for example to be kept at such as in hard disk drive 36 memory devices such as grade or other equipment with encrypted form safely, or provides from the source such as the computer network that is connected etc. some other.This request can comprise the identifier of the application that expectation is loaded and the size of application.For example, the existing cryptographic hash of the application after the encryption can be provided as in the application file signature and/or one other identification symbol or to the reference of the specific file that keeps using.For example, request can be used TPM and is loaded in the middle of the processor 26 of the current TPM framework that has not loaded.In another example, request can be used TPM and is loaded in the middle of the processor 26, so that the framework of the TPM framework that will replace different current loadings to be installed.In an example again, request can be used non-TPM and is loaded in the middle of the processor 26.For example, when using load request and be sent to the memory device 36 (or other source) that provides the application that is loaded, can receive request; Can pass through this load request of wave filter driver parses of the operating system of processor 26.For example; Can be through the application of listing in the application of appointment in the load request and the security table 50 be compared the application of discerning appointment in the load request; For example; Cryptographic hash in the application file after can relatively encrypting and the cryptographic hash in the table 50, or the identifier of preserving in more different application identifier and the table 50.
At next procedure 106, whether the loading that processing and checking is asked needs processor to switch the application (under some situation, comprising the security architecture that has loaded) of current loading.Typically, if the application need of being asked than the more storer of processor 26 current utilizable storeies, then need unload the application of the current loading of borne processor 26.Or, use and exist the security architecture of different current loadings if the application of being asked is a security architecture, the security architecture that has then loaded need be removed, this be because in certain embodiments once only a security architecture can on processor 26, move.In other optional embodiment; Processor 26 can move two or more security architectures simultaneously; In this case, if exist sufficient storer to be utilized, then need not to unload the security architecture (only the user asks unloading) of different current loadings.In other embodiment, the security architecture that has loaded can be designated as " single use " and/or processor 26 and in hardware or software, be provided with and have " insurance " or flag, and this representes that the security architecture of current loading does not allow by unloading from processor 26.For example, checking of step 106 can comprise whether check the application of being asked binds (need under specific security architecture, move) (for example, through whether there being any such binding link in the checklist 50) with current that be not loaded, specific security architecture.Some application can not bound with any security architecture, and is performed concurrently with it.
If the application of current loading will be unloaded from processor, then handle and continue to optional step 108, wherein discern the user.For example, can ask the user to discern themselves with mode safety, authentication through the operating system of processor 26, such as in intellignet card fetch 20, inserting smart card, this smart card is preserved and is used to discern user's data; Or utilize finger contact fingerprint reader 24; Or utilize keyboard 22 input passwords; Or through another security identification technology (or through above-mentioned these combination in any).The loading of being asked can be dependent on user's identity; For example, have only the owner of TPM processor 26 to be allowed to switch TPM framework or load application.If in step 108, do not identify suitable user, then abandon method 100.In other embodiment, need not to carry out the User Recognition step.
Processing advances to step 110, wherein according to known cryptographic hash algorithm application and any data that are associated of current loading is carried out Hash, and utilizes the endorsement key that is associated of this application in security table, to preserve cryptographic hash.Utilize current cryptographic hash can override the cryptographic hash of the previous preservation of this application of preserving in the table.Current cryptographic hash can be different from the value of previous preservation, and this is to use or change that its data take place because preserved since previous cryptographic hash.For example, new password that existence is associated with the TPM application and/or new storage root key (SRK), it is different from password or the SRK that in the previous cryptographic hash of this application, comprises.Therefore, that the present invention can prevent in processor 26 to load and to carry out is undelegated, than the application of legacy version, and this is because only latest edition will be mated the cryptographic hash (the step 116-118 of face as follows) of when load application, preserving in the table 50.In certain embodiments, can be in security table 50 the original cryptographic hash of maintenance application; For example, if be authorized to, this allows the application of primitive form to be reinstalled.
At next procedure 112, the AES that processing and utilizing is associated with the security architecture of application is encrypted the application that has loaded.For example, can use symmetry algorithm for encrypting.In addition, for example, also can in the encrypt file of this application, preserve in the step 110 in table 50, preserve and use the cryptographic hash that generates from this, identification and using during with convenient load application.In memory device 36, preserve encrypted applications such as systems such as hard disk drive 10.Processing subsequent continues to step 114.
If the application of in step 106, confirming to need not from processor 106, to remove current loading then handles advancing to step 114 to load the application of being asked.As above step 108-112 is said, step 114 also can be unloaded in the application of current loading and in storer the filing after or be performed in the process.In step 114; Selected application is loaded in the middle of the storer (such as nonvolatile memory 28 or other available storeies) of processor 26; Utilize the appropriate algorithm that is associated with the security architecture of the application of being asked that it is deciphered; And utilize the suitable keyed hash function be associated with the security algorithm of the application of being asked that it is carried out Hash (for example, through searching recognition application, its deciphering and the hash algorithm of correspondence in the aforesaid security table 50).
Utilize hash algorithm to carry out Hash to obtain being used to discern the cryptographic hash of this application-specific and data.For example, the standard hash algorithm that is used for the TPM standard comprises SHA-1, SHA-256 or similar algorithm, and employed encryption/decryption algorithm is advanced encryption standard (AES).
According to condition of different, " the selected application " handled in the step 114 can be the application of being asked of step 104, or different application.For example, selected application can be the application that request is loaded in the step 104.Perhaps; If the application need of being asked is not the current security architecture that is loaded; Then selected application can be that required security architecture is used (using such as TPM), and in the successive iterations of step 114, selected application is exactly the application of being asked subsequently.
At next procedure 116, the cryptographic hash about one or more preservation in the cryptographic hash of obtaining of selected application and the security table 50 is compared in processing.In step 118, whether found coupling between the cryptographic hash of processing and checking in cryptographic hash of being obtained and table.If find coupling after the whole cryptographic hash in having compared table 50 yet, then handle advancing to step 120 refusing selected application (for example, do not activate and use and it is unloaded) from storer, and processing is finished 128.
If found the coupling of cryptographic hash, then selected application is considered to be associated with the endorsement key of checking and approving of preserving in the table, therefore check and approve and authorize use be loaded in the middle of this par-ticular processor 26 and use by its.As stated, each endorsement key all is associated with and is used to explain/the publicly-owned certificate (such as through the cryptographic hash of application is provided) of recognition application; Can the endorsement key from table 50 learn using standard (such as employed algorithm, only if this is secret) thus.
For example, if selected application is the application that had before been unloaded described in top step 108-112, then in table 50, preserve the cryptographic hash of renewal of the application of current version.Therefore when quilt is reloaded, the cryptographic hash of the application that is unloaded in will matching list 50, and will be not than the application of legacy version cryptographic hash in can matching list 50, this provides extra security.
In step 122, on processor 26, activate selected application, allow thus to carry out and use and make it can be by user capture.If selected application is to use such as security architectures such as TPM application, then activate new framework.For example, like what in table 50, preserve, the endorsement key (EK) that is associated with the Hash of coupling is set or is loaded into effectively endorsement key of processor 26 central conducts.In addition, also can generate and be used for initialization and use any other required data and it is loaded in the middle of the storer of processor 26; For example, when activating the TPM framework, can generate storage root key (SRK) and it is kept in the middle of the safe nonvolatile memory 28, and user-accessible TPM framework and become its " owner ".
In step 124, whether the application that processing and checking is asked still need be loaded.For example, this can to occur in the application of asking when step 104 be when needing the security architecture different security framework applications of (being bound to) and current loading; Under such situation, first application that activates in the step 122 is that needed security architecture is used.Therefore,, then handle and turn back to step 114-122,, determine whether to be authorized to load, and activate and use so that Hash is carried out in the application of being asked if the application of being asked still need be loaded in step 124.If the application of in step 124, being asked has been loaded and has been activated, then handle and end at 128.
Should it should be noted that many steps among Fig. 4 need not with shown in order carry out.For example; Before step 108-112 unloads the application of any current loading from processor; Processing can be at first in cryptographic hash that step 116-118 checks selected or the application of the being asked cryptographic hash in the matching list 50 whether, if having sufficient utilizable storage space for carrying out with this order.
Fig. 5 shows the process flow diagram of the method for the present invention 200 that is used for the employed new application of installation treatment device 26.Method starts from 202, and in step 204, processor 26 receives about the request of new application is installed.This can occur in as the user hopes to go up installation application and use at memory device (such as hard disk drive 36 etc.) can be loaded in the processor 26 and when moving above that.With the application that is mounted can be that the non-security architecture of enjoying the security feature of processor 26 and operating system thereof is used.For example, realize client identification module (SIM) card of cellular phone or with the application of its interface or realize the application of user's fingerprint matching, all expect to be mounted for operating system and memory storage use that processor 26 and safety thereof are strengthened.For example, write request when sending to the memory device 36 that to preserve new application, can detect request when application; This writes the filter driver interception that request can be processed the operating system of device 26.
In the request of installation application, the identification information and the size of application can be provided.In optional step 206, with reference to figure 4 described steps 108, can discern the user and the new application that is used for processor 26 is installed above being similar to determine whether authorized user.
In certain embodiments, execution in step 208, wherein whether processing and checking unloads the security architecture of current loading and uses the different security framework to substitute the security architecture of current loading.For example; Can ask to carry out above-mentioned checking through checking by the writing of filter driver interception of processor; And this is checked and for example can comprise that relatively application and security table 50 are with the coupling of discovery with the application of the security architecture that is bound to current loading, and this is similar to about Fig. 4 described.For example, the application of some binding can use for the particular safety framework specific key or other characteristics, only under this framework, can be mounted thus.Therefore, if new application is bound to the security architecture different security framework with current loading, then the security architecture of current loading should and load needed security architecture by unloading.But skips steps 208 in those embodiment that do not allow security architecture to be unloaded or change.Allowing two or more security architectures side by side on processor 26, among other optional embodiment of operation, possibly not need checking of execution in step 208, do not need security architecture to be unloaded yet.
If the security architecture that has loaded should then be handled and advance to step 210 by unloading (for example, new application is not bound to the security architecture of current loading), wherein the security architecture that has loaded is used and carried out Hash, encrypt and be offloaded to memory device 36.This step is similar to the step 108-112 among aforesaid Fig. 4.In step 212, needed (new application is bound) security architecture is loaded, deciphers, compare and activate with cryptographic hash in the table.This step is similar to the step 114-124 among aforesaid Fig. 4.In case new application is activated, then handles and advance to step 214.As shown in Figure 4, if the cryptographic hash in the cryptographic hash unmatch list 50 of new security architecture, then new framework applications will can not be loaded and processing finishes.
If (for example will not unload the security architecture that loaded in step 208; New application is bound to the security architecture of current loading), or loaded needed security architecture at step 210-212, then handle advancing to step 214; Wherein new application (for example is loaded in the storer of processor 26; From any source that links to each other with computer system 10, for example, disk, optical storage medium, network etc.).If new application is encrypted; Then utilize and be associated the algorithm of (or be associated with the security architecture of using binding) that it is deciphered with security architecture; And the hash algorithm that utilization is associated with this security architecture (for example; Through the algorithm of the identifier preserved in the application file or the identification of existing cryptographic hash, this is similar to Fig. 4) Hash is carried out in new application.Through in the security table that is associated with endorsement key 50, preserving resulting cryptographic hash, the resulting cryptographic hash of registration in processor 26.During can Already in showing, this endorsement key provides and dereferenced key of preserving and the application that will be associated to the up-to-date installation of user as processor provider.Perhaps, be kept in the table 50 through the privately owned part of generation endorsement key and with it, and generate the publicly-owned part of the key that will issue or offer the user, by the up-to-date generation endorsement key of the operating system of processor 26.For example, have their endorsement key such as operating systems such as JCOP, wherein operating system can generate new endorsement key and utilize the privately owned part of its endorsement key that the publicly-owned part of key is signed using.Optional, the user can sign new endorsement key publicly-owned part and certificate is provided.
After the new application of registration, in certain embodiments, the endorsement key of the operating system of the processor 26 capable of using whole security table 50 of signing again, this expression table is safe.
In step 216, utilize the AES be associated to encrypt new application, and in the memory device 36 of the storer of processor 26 or system 10, install or preserve new application.Processing subsequent ends at 218.
Although the embodiment shown in the basis has described the present invention, the ordinary skill technology it should be understood that, exists various variations and these variations all should comprise within the spirit and scope of the present invention for embodiment.Correspondingly, under the prerequisite of spirit that does not break away from appended claim and scope, those of ordinary skills can make many changes.
Claims (30)
1. method that safe processor is provided, said method comprises:
Receive a plurality of values, each value is used to discern the different application that can on said safe processor, carry out; With
Through preserving endorsement key and the related different endorsement key of checking and approving of the said a plurality of values that receive and each value that receives in the storer that can visit at said safe processor, wherein the use endorsement key of being preserved and at least one in the relating value allow in the execution different application on said safe processor.
2. method according to claim 1, wherein,
Said different application comprises the different security framework applications, and each security architecture is used can realize the different security framework on said safe processor, and wherein each security architecture is associated with at least one hash algorithm and at least one AES.
3. method according to claim 2, wherein,
Said security architecture is used and is comprised the credible platform module application, and each credible platform module is used can realize different TPM frameworks on said safe processor.
4. method according to claim 1, wherein,
Said different application comprises the application that does not realize security architecture.
5. method according to claim 1, wherein,
Each value is a cryptographic hash, and said cryptographic hash is to obtain through the application by said cryptographic hash identification is applied hash algorithm.
6. method according to claim 1, wherein,
In the security table of the nonvolatile memory that said safe processor is visited, preserve said endorsement key and relating value.
7. method according to claim 1 further comprises:
In said storer, preserve the extra endorsement key of checking and approving of at least one onrelevant value, wherein the user can be associated the said extra endorsement key of checking and approving with the value that said user provides.
8. safe handling apparatus comprises:
Processor; With
Storer; Be connected in said processor and operationally preserve security table; Said security table has been preserved a plurality of different endorsement key of checking and approving and a plurality of different values; Each value is associated with an endorsement key, and wherein the value of each preservation is to obtain through the different application that the related endorsement key that will be carried out by processor is checked and approved.
9. safe handling apparatus according to claim 8, wherein,
Said different application comprises the different security framework applications, and each security architecture is used can realize the different security framework on said processor, and each security architecture use is on the same group encryption and decryption algorithm not.
10. safe handling apparatus according to claim 9, wherein,
Said security architecture is used and is comprised the credible platform module application, and each credible platform module is used can realize different TPM frameworks on said safe processor.
11. safe handling apparatus according to claim 9, wherein,
Said different application comprises the application that does not realize security architecture.
12. safe handling apparatus according to claim 8, wherein,
Said different value is the different Hash value, and each cryptographic hash is used acquisition through application is applied hash algorithm from difference.
13. safe handling apparatus according to claim 12, wherein,
When the application of being asked will be loaded in the said processor; Said processor is the cryptographic hash through the application of being asked being carried out preserve in cryptographic hash that Hash obtains and the said safe storage relatively, carries out to confirm whether the application of being asked is checked and approved in said processor.
14. safe handling apparatus according to claim 13, wherein,
Said during when the application of being asked being loaded into request in the said processor from application that processor unloading has loaded based on the user; Processor operationally carries out to obtain new cryptographic hash the said application that has loaded; Preserve said new cryptographic hash for said being applied in the said security table of having loaded, and the application encipher that will load and store the memory device that is connected to said processor into.
15. safe handling apparatus according to claim 8, wherein,
Said storer is safe, nonvolatile memory.
16. said according to Claim 8 safe handling apparatus, wherein,
In said storer, preserved the extra endorsement key of checking and approving of at least one onrelevant value, wherein can the extra endorsement key of checking and approving be associated with the cryptographic hash that the user provides.
17. the method that application is provided in safe processor safely, said method comprises:
Be received in the request that loads the application of being asked in the said safe processor;
Relatively through handling at least one in value that the application asked obtains and a plurality of save values of in the storer of said safe processor, the preserving, wherein the coupling between the value of save value and acquisition is represented that the application of being asked is checked and approved in said safe processor and is carried out; And
If discovery is mated then in safe processor, is carried out the application of being asked between value that obtains and save value.
18. method according to claim 17, wherein,
Each value of preserving in the said safe storage is associated with the different endorsement key of checking and approving of preserving in the said safe storage.
19. method according to claim 18, wherein,
The value that obtains is through the application of being asked being carried out the cryptographic hash that Hash obtains, and save value is a cryptographic hash.
20. method according to claim 17 further comprises:
Before loading the application of being asked, the application that unloading has loaded in processor.
21. method according to claim 20, wherein,
When current available storer that the application of being asked is not suitable for being connected with said processor, the application that has loaded from said processor unloading.
22. method according to claim 20, wherein,
The said application that has loaded is to use from the security architecture of said processor unloading when working as the application need execution different security framework applications of being asked.
23. method according to claim 20, wherein,
Unloading the said application that has loaded comprises: through the said application that has loaded is carried out Hash and for said loaded be applied in the new cryptographic hash of preservation in the said security table, obtain said new cryptographic hash.
24. method according to claim 23, wherein,
Unloading the said application that has loaded comprises: with the said application encipher that has loaded and be saved in the memory device that is connected with said safe processor.
25. method according to claim 24, wherein,
The said application that has loaded is that security architecture is used, and uses the AES that is associated with said security architecture and encrypt.
26. method according to claim 19 further comprises:
Receive the request that the new application that is used for said safe processor is installed, wherein said new application is carried out Hash to obtain new cryptographic hash; With
In the said storer of said safe processor, preserve said new cryptographic hash, wherein said new cryptographic hash is associated with the endorsement key of preserving in the said storer.
27. a computer system comprises:
Input equipment operationally provides the input to computer system that receives from the user, and said input equipment comprises and is used to discern said user's security input equipment;
Safe processor is connected in said input equipment, operationally receives input and moves the application of checking and approving for said processor from the user; With
Storer; Be connected in said safe processor; Operationally preserve security table, said security table is preserved a plurality of different endorsement key of checking and approving and a plurality of different Hash value, and each cryptographic hash is associated with an endorsement key; Wherein each cryptographic hash is to obtain from the different application that the related endorsement key that will be loaded into the processor is checked and approved, and wherein said different application comprises each realizes different security architectures in said safe processor different security architectures application.
28. trusted computer system according to claim 27, wherein,
Said safe input equipment comprises at least one in fingerprint reader and the intellignet card fetch, and wherein said different application comprises the application that does not realize security architecture and is used for the application with said safe input equipment interface.
29. trusted computer system according to claim 27, wherein,
When the application of being asked will be loaded in the said processor; Said processor is the cryptographic hash through the application of being asked being carried out preserve in cryptographic hash that Hash obtains and the said safe storage relatively, is loaded in the said processor to confirm whether the application of being asked is checked and approved.
30. a computer-readable medium comprises by computer implemented programmed instruction and is used for being provided at safely the application that safe processor loads, said programmed instruction is used for:
Be received in the request that loads the application of being asked in the said safe processor;
Relatively through handling at least one in value that the application asked obtains and a plurality of save values of in the storer of said safe processor, the preserving, wherein the coupling between the value of save value and acquisition is represented that the application of being asked is checked and approved in said safe processor and is carried out; And
If discovery is mated then in safe processor, is carried out the application of being asked between value that obtains and save value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102862832A CN102402657A (en) | 2010-09-15 | 2010-09-15 | Apparatus and method for enabling applications on a secure processor |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102862832A CN102402657A (en) | 2010-09-15 | 2010-09-15 | Apparatus and method for enabling applications on a secure processor |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102402657A true CN102402657A (en) | 2012-04-04 |
Family
ID=45884855
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102862832A Pending CN102402657A (en) | 2010-09-15 | 2010-09-15 | Apparatus and method for enabling applications on a secure processor |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102402657A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647651A (en) * | 2013-12-20 | 2014-03-19 | 国家电网公司 | Security chip based power distribution terminal management method |
| CN109074466A (en) * | 2016-06-18 | 2018-12-21 | 英特尔公司 | Platform for server proves and registration |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1509546A (en) * | 2000-12-27 | 2004-06-30 | ض� | Platform and method for securely transmitting authorization data |
| US20080104416A1 (en) * | 2006-09-29 | 2008-05-01 | Challener David C | Apparatus and method for enabling applications on a security processor |
| CN101176100A (en) * | 2005-05-13 | 2008-05-07 | 英特尔公司 | Methods and apparatus for generating endorsement credentials for software-based security coprocessors |
-
2010
- 2010-09-15 CN CN2010102862832A patent/CN102402657A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1509546A (en) * | 2000-12-27 | 2004-06-30 | ض� | Platform and method for securely transmitting authorization data |
| CN101176100A (en) * | 2005-05-13 | 2008-05-07 | 英特尔公司 | Methods and apparatus for generating endorsement credentials for software-based security coprocessors |
| US20080104416A1 (en) * | 2006-09-29 | 2008-05-01 | Challener David C | Apparatus and method for enabling applications on a security processor |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103647651A (en) * | 2013-12-20 | 2014-03-19 | 国家电网公司 | Security chip based power distribution terminal management method |
| CN109074466A (en) * | 2016-06-18 | 2018-12-21 | 英特尔公司 | Platform for server proves and registration |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8099789B2 (en) | Apparatus and method for enabling applications on a security processor | |
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| TWI740409B (en) | Verification of identity using a secret key | |
| US9276753B2 (en) | System and method for data authentication among processors | |
| US10318765B2 (en) | Protecting critical data structures in an embedded hypervisor system | |
| US9734091B2 (en) | Remote load and update card emulation support | |
| CN109075976A (en) | Certificate depending on key authentication is issued | |
| CN113032763A (en) | Privacy and data protection on intelligent edge devices | |
| CN111680305A (en) | Data processing method, device and equipment based on block chain | |
| JP2016531508A (en) | Data secure storage | |
| CN109614769A (en) | Secure operating system boot according to reference platform manifest and data encapsulation | |
| US9256756B2 (en) | Method of encryption and decryption for shared library in open operating system | |
| GB2556638A (en) | Protecting usage of key store content | |
| CN114116059B (en) | Implementation method of multistage chained decompression structure cipher machine and cipher computing equipment | |
| KR20070059891A (en) | Application authentication security system and method thereof | |
| CN112446782B (en) | Method for downloading initial key, computer equipment and storage medium | |
| CN117708794A (en) | Equipment authorization method and equipment authorization device | |
| CN102402657A (en) | Apparatus and method for enabling applications on a secure processor | |
| US20080120510A1 (en) | System and method for permitting end user to decide what algorithm should be used to archive secure applications | |
| CN114070548A (en) | Software copyright encryption protection method based on soft dongle device | |
| KR101906484B1 (en) | Method for application security and system for executing the method | |
| EP2985724B1 (en) | Remote load and update card emulation support | |
| US11356271B2 (en) | Systems and methods for providing a trusted keystore | |
| CN115348030B (en) | File transmission method, system, terminal and medium based on multiple verification | |
| US20240004986A1 (en) | Cla certificateless authentication of executable programs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120404 |