CN101226572B - Information safety computer for protecting basic input/output system safety - Google Patents
Information safety computer for protecting basic input/output system safety Download PDFInfo
- Publication number
- CN101226572B CN101226572B CN200710051271A CN200710051271A CN101226572B CN 101226572 B CN101226572 B CN 101226572B CN 200710051271 A CN200710051271 A CN 200710051271A CN 200710051271 A CN200710051271 A CN 200710051271A CN 101226572 B CN101226572 B CN 101226572B
- Authority
- CN
- China
- Prior art keywords
- chip
- bios
- safety
- interface
- basic input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000012545 processing Methods 0.000 claims abstract description 4
- 125000006239 protecting group Chemical group 0.000 claims description 6
- 238000004519 manufacturing process Methods 0.000 abstract 1
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000002155 anti-virotic effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to an information safety computer which protects the safety of basic input output systems, which belongs to the technical field of computer safety. The invention comprises a mainboard, a central processing unit, a south bridge chip, a basic input output system chip, a super input output chip and a safety chip. The invention is characterized in that the safety chip is an integrated circuit chip, one end of the integrated circuit chip is used to connect with an LPC interface connected with the south bridge chip, the other end of the integrated circuit chip is provided with an interface correspondingly connected with the LPC interface or an SPI interface of a chip of the basic input output chip system (BIOS), the safety chip is responsible for the safety management function of the chip of the basic input output chip system (BIOS), and the chip of the basic input output chip system (BIOS) and the safety chip are separated components. The invention realizes safety control by pure hardware, thereby the computer safety is more effectively protected, and simultaneously the integral performance of the system is increased. Further, the invention has the advantages of convenient elements changing, and low cost for manufacturing, maintaining and updating.
Description
Technical field
The present invention relates to a kind of information safety computer of protecting group basic input/output system safety, is with safety chip protecting group basic input/output system safety, belongs to the computer security technique field, is particularly suitable for the strict occasion of computer information safe and uses.
Background technology
In the universal computer architecture (see figure 2), visit to any standard device etc. all is wide-open, resemble the equipment under Basic Input or Output System (BIOS) (BIOS) and the super I/O chip (SuperI/O), as mouse, keyboard, floppy drive and be connected on equipment of printer on the parallel or serial port and so on etc.The read-write mode of these equipment and communications protocol all are disclosed, and it allows Any user directly to visit these equipment.Because this open structure makes some malicious attacks become possibility, therefore, has very big computer security hidden danger.The vitals that Basic Input or Output System (BIOS) (BIOS) starts as guidance system usually is the object of virus and assault, they or its content made an amendment, perhaps destroy fully, system just can't normally start like this.Utilize the mode of pure softwares such as antivirus software fundamentally to address these problems; because antivirus softwares etc. are a passive role forever; only after occurring and produce harm, virus just can react; antivirus software also only just can operate after system start-up in addition; and Basic Input or Output System (BIOS) (BIOS) is if will cause machine undesired before being modified in machine startup; so; if can accomplish real-time monitoring on before the accident happened the hardware to any operation of Basic Input or Output System (BIOS) (BIOS); that just can more effectively guarantee the security of computing machine, and this point is extremely important for the protection computer security.
The solution of more existing hardware is to improve this situation by add security module in the system for computer structure.Having plenty of links to each other with South Bridge chip by GPIO pin or LPC interface finishes function (seeing Fig. 3 and Fig. 4) to the security control of Basic Input or Output System (BIOS) (BIOS), these ways have played the function of safeguard protection to a certain extent to Basic Input or Output System (BIOS) (BIOS), but their to be security modules pass through South Bridge chip realizes indirectly to Basic Input or Output System (BIOS) (BIOS) safety protection functions, a shortcoming that exists is that efficient is lower, because be indirect control, need soft in a large number, combination of hardware is mutual, the another one shortcoming is that security is not enough, because security module herein is connected on the south bridge as a branch, exist by soft, the hidden danger that hardware shield or other means mask this security module had just lost efficacy to the safeguard protection effect of Basic Input or Output System (BIOS) (BIOS) like this; Also having a kind of way is that Basic Input or Output System (BIOS) (BIOS) chip is integrated among the safety chip, becomes one-piece construction (seeing accompanying drawing 5), still, still exists following weak point:
1, versatility is relatively poor;
2, the change to existing structure is bigger;
3, Basic Input or Output System (BIOS) (BIOS) is a carrier with flash memory non-volatile memory mediums such as (FLASH) normally, and this storage unit shared space in safety chip is very big, can increase the cost of safety chip so to a great extent, these will make the enforcement of this scheme reach to popularize and be affected;
4, no matter this one-piece construction is Basic Input or Output System (BIOS) (BIOS), or the damage or the update of safety chip itself, all integral body will be scrapped, so the corresponding maintenance cost that improved has strengthened the input of social resources.
Summary of the invention
The objective of the invention is to overcome the prior art shortcoming; provide a kind of safety chip of the LPC of use interface to protect Basic Input or Output System (BIOS) (BIOS) safe structure; realize of the security control of pure hardware to Basic Input or Output System (BIOS) (BIOS); thereby more effectively protect the safety of computing machine; improve the overall performance of system simultaneously; and safety chip and Basic Input or Output System (BIOS) (BIOS) are members independently separately; thereby it is convenient with Basic Input or Output System (BIOS) (BIOS) to change safety chip, makes, safeguard and the renewal cost low.
Technical scheme of the present invention is: the information safety computer of described a kind of protecting group basic input/output system safety, it comprises mainboard, central processing unit, South Bridge chip, Basic Input or Output System (BIOS) (BIOS) chip, super I/O chip (Super I/O), and safety chip, it is characterized in that: described safety chip is an integrated circuit (IC) chip, one end has the LPC interface that is connected with South Bridge chip, an other end has LPC interface or the corresponding interface that is connected of SPI interface with Basic Input or Output System (BIOS) (BIOS) chip, and this safety chip is responsible for the safety management function to Basic Input or Output System (BIOS) (BIOS) chip; Described Basic Input or Output System (BIOS) (BIOS) chip and safety chip are members independently separately.
The further technical scheme of the present invention is:
Above-mentioned Basic Input or Output System (BIOS) (BIOS) chip is to be connected with safety chip by the LPC interface.
Above-mentioned Basic Input or Output System (BIOS) (BIOS) chip is to be connected with safety chip by the SPI interface.
Above-mentioned safety chip is a risc processor that has security coprocessor and basic storage; The LPC interface is arranged on this risc processor or have the SPI interface simultaneously.
Interface on the above-mentioned risc processor, a LPC interface above it links to each other with the LPC interface of south bridge, uses as the LPC equipment interface, and the SPI interface of a following same Basic Input or Output System (BIOS) of SPI interface (BIOS) chip connects.
Interface on the above-mentioned risc processor, a LPC interface above it links to each other with the LPC interface of south bridge, use as the LPC equipment interface, a following LPC interface links to each other with the LPC interface of Basic Input or Output System (BIOS) (BIOS) chip, uses as the LPC host interface.
Obvious technical effects of the present invention:
1, owing between the descending lpc bus of South Bridge chip and its Basic Input or Output System (BIOS) (BIOS) that is connect down, inserted safety chip, all operation and information to Basic Input or Output System (BIOS) (BIOS) must make the safety of total system obtain guaranteeing completely through the monitoring of safety chip;
2, because the present invention utilizes original interface of South Bridge chip and Basic Input or Output System (BIOS) (BIOS), so in original system, do not need to make too many change, and the safety chip that adds is an integrated circuit (IC) chip, promptly can effectively control cost and convenient the use from these 2;
3, be placed directly between the descending lpc bus and Basic Input or Output System (BIOS) (BIOS) of South Bridge chip owing to safety chip, safety chip can directly be monitored Basic Input or Output System (BIOS) (BIOS), do not need to realize by south bridge indirectly that institute is so that communication efficiency is higher;
4, because safety chip and Basic Input or Output System (BIOS) (BIOS) are members independently separately, thereby it is convenient to have parts of replacing, makes, safeguards and the low advantage of renewal cost.
Description of drawings
Be in conjunction with the accompanying drawings embodiments of the present invention to be described further below:
Fig. 1 is an information safety computer part-structure synoptic diagram of the present invention;
Fig. 2 is the structural representation that relates to input-output system of existing multi-purpose computer;
Fig. 3 finishes the system architecture synoptic diagram of security control for the safety chip of prior art links to each other with South Bridge chip by the GPIO pin;
Fig. 4 is that the safety chip of prior art is directly as the system architecture synoptic diagram of LPC hanging equipment on lpc bus;
Fig. 5 is the security module of prior art and the synoptic diagram that Basic Input or Output System (BIOS) (BIOS) is formed an integral module structure;
Fig. 6 is the structural representation that the safety chip of information safety computer of the present invention is connected with Basic Input or Output System (BIOS) (BIOS).
Embodiment
Embodiment 1: as Fig. 1, shown in Figure 6, it is a kind of information safety computer of the present invention with safety chip protecting group basic input/output system safety, it wherein has mainboard, central processing unit, South Bridge chip, north bridge chips, storer, Basic Input or Output System (BIOS) (BIOS) chip, super I/O chip (SuperI/O) and safety chip; Described safety chip is an integrated circuit (IC) chip, one end has the LPC interface that is connected with South Bridge chip, an other end has LPC interface or the corresponding interface that is connected of SPI interface with Basic Input or Output System (BIOS) (BIOS) chip, and this safety chip is responsible for the safety management function to Basic Input or Output System (BIOS) (BIOS) chip; Described Basic Input or Output System (BIOS) (BIOS) chip and safety chip are members independently separately.
Embodiment 2: different with the foregoing description is: described Basic Input or Output System (BIOS) (BIOS) chip is to be connected with safety chip by the LPC interface.
Embodiment 3: different with the foregoing description 1 is: described safety chip is a risc processor that has security coprocessor and basic storage; Interface on this risc processor: a LPC interface above it links to each other with the LPC interface of south bridge, uses as the LPC equipment interface, and the SPI interface of a following same Basic Input or Output System (BIOS) of SPI interface (BIOS) chip connects.
Embodiment 4: different with the foregoing description 3 is: the interface on the described risc processor: a LPC interface above it links to each other with the LPC interface of south bridge, use as the LPC equipment interface, the LPC interface of a following same Basic Input or Output System (BIOS) of LPC interface (BIOS) chip connects.
Protection scope of the present invention is not limited to the foregoing description.
Be described further as follows to principle of the present invention and effect:
From the foregoing description as can be known: all to pass through safety chip for all information mutual between south bridge and Basic Input or Output System (BIOS) (BIOS), for meet the requirements, in other words can normal transmission through the data of checking; If all can not controlled by safety chip through the data of checking, do not allow to transfer out, the data that so just can guarantee to arrive Basic Input or Output System (BIOS) (BIOS) all are legal.If want to revise the content of Basic Input or Output System (BIOS) (BIOS), must only have the content that the user who revises authority just can revise Basic Input or Output System (BIOS) (BIOS) earlier through the checking of the inner encryption/decryption element of safety chip.In addition, also be impossible if want to get around the checking of safety chip, because all have accomplished to take what measure all can't get around the monitoring of safety chip through safety chip to the operation of Basic Input or Output System (BIOS) (BIOS) on hardware.
Claims (6)
1. the information safety computer of a protecting group basic input/output system safety, it comprises mainboard, central processing unit, South Bridge chip, Basic Input or Output System (BIOS) (BIOS) chip, super I/O chip (Super I/O), and safety chip, it is characterized in that: described safety chip is an integrated circuit (IC) chip, one end has the LPC interface that is connected with South Bridge chip, an other end has LPC interface or the corresponding interface that is connected of SPI interface with Basic Input or Output System (BIOS) (BIOS) chip, and this safety chip is responsible for the safety management function to Basic Input or Output System (BIOS) (BIOS) chip; Described Basic Input or Output System (BIOS) (BIOS) chip and safety chip are members independently separately.
2. according to the described information safety computer of claim 1, it is characterized in that described Basic Input or Output System (BIOS) (BIOS) chip is to be connected with safety chip by the LPC interface.
3. according to the described information safety computer of claim 1, it is characterized in that described Basic Input or Output System (BIOS) (BIOS) chip is to be connected with safety chip by the SPI interface.
4. according to the described information safety computer of claim 1, it is characterized in that described safety chip is a risc processor that has security coprocessor and basic storage; The LPC interface is arranged on this risc processor or have the SPI interface simultaneously.
5. want 4 described information safety computers according to right, it is characterized in that, interface on the described risc processor, a LPC interface above it links to each other with the LPC interface of south bridge, use as the LPC equipment interface, the SPI interface of a following same Basic Input or Output System (BIOS) of SPI interface (BIOS) chip connects.
6. according to the described information safety computer of claim 4, it is characterized in that, interface on the described risc processor, a LPC interface above it links to each other with the LPC interface of south bridge, use as the LPC equipment interface, a following LPC interface links to each other with the LPC interface of Basic Input or Output System (BIOS) (BIOS) chip, uses as the LPC host interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710051271A CN101226572B (en) | 2007-01-16 | 2007-01-16 | Information safety computer for protecting basic input/output system safety |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710051271A CN101226572B (en) | 2007-01-16 | 2007-01-16 | Information safety computer for protecting basic input/output system safety |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101226572A CN101226572A (en) | 2008-07-23 |
| CN101226572B true CN101226572B (en) | 2010-05-19 |
Family
ID=39858562
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710051271A Expired - Fee Related CN101226572B (en) | 2007-01-16 | 2007-01-16 | Information safety computer for protecting basic input/output system safety |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101226572B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104077245B (en) * | 2013-03-27 | 2018-05-29 | 南通研祥智能科技有限公司 | A kind of NVRAM control methods and system |
| CN103401811B (en) * | 2013-08-08 | 2016-08-17 | 上海瑞达安全集成电路有限公司 | The commercial PC used in network |
| CN109542518B (en) * | 2018-10-09 | 2020-12-22 | 华为技术有限公司 | Chip and method for starting chip |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1752887A (en) * | 2004-09-23 | 2006-03-29 | 惠普开发有限公司 | Computer security system and method |
| CN1282092C (en) * | 2003-08-25 | 2006-10-25 | 联想(北京)有限公司 | Safety chip information processing apparatus and starting method based on chip |
-
2007
- 2007-01-16 CN CN200710051271A patent/CN101226572B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1282092C (en) * | 2003-08-25 | 2006-10-25 | 联想(北京)有限公司 | Safety chip information processing apparatus and starting method based on chip |
| CN1752887A (en) * | 2004-09-23 | 2006-03-29 | 惠普开发有限公司 | Computer security system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101226572A (en) | 2008-07-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9081911B2 (en) | Mediating communication of a universal serial bus device | |
| US8458791B2 (en) | Hardware-implemented hypervisor for root-of-trust monitoring and control of computer system | |
| JP4556144B2 (en) | Information processing apparatus, recovery apparatus, program, and recovery method | |
| CN1331017C (en) | Safety chip | |
| Tian et al. | Making {USB} great again with {USBFILTER} | |
| CN103124975A (en) | Method for enforcing resource access control in computer systems | |
| CN102541765A (en) | Security protection for memory content of processor main memory | |
| CN101976320B (en) | Credible computer platform | |
| CN102122327A (en) | Entering a secured computing environment using multiple authenticated code modules | |
| CN108154032A (en) | It is a kind of that the computer system root of trust construction method of memory integrity ensuring is had the function of based on credible performing environment | |
| Lee et al. | Efficient security monitoring with the core debug interface in an embedded processor | |
| CN101226571B (en) | Information safety computer | |
| CN101226572B (en) | Information safety computer for protecting basic input/output system safety | |
| Zhu et al. | Enabling privacy-preserving, compute-and data-intensive computing using heterogeneous trusted execution environment | |
| Salehi et al. | Microguard: Securing bare-metal microcontrollers against code-reuse attacks | |
| CN202652255U (en) | SQL injection safety protection system | |
| Moon et al. | Detecting and preventing kernel rootkit attacks with bus snooping | |
| CN113728319A (en) | Method and configurable hardware module for monitoring hardware applications | |
| Hunt et al. | Isolation and beyond: Challenges for system security | |
| CN111737178B (en) | Method and equipment for obtaining evidence in computer memory and memory evidence analysis system | |
| CN102088348A (en) | Mobile phone security chip for embedded platform and protection system comprising same | |
| Cotret et al. | Lightweight reconfiguration security services for axi-based mpsocs | |
| US11461490B1 (en) | Systems, methods, and devices for conditionally allowing processes to alter data on a storage device | |
| RU2413290C2 (en) | Computer architecture with self-contained modules | |
| CN114912138A (en) | Architecture, system, and method for secure computing using hardware security levels |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Information safety computer for protecting basic input/output system safety Effective date of registration: 20101206 Granted publication date: 20100519 Pledgee: Bank of Communications Ltd Wuhan East Lake New Technology Development Zone sub branch Pledgor: JETWAY Information Security Industry Co., Ltd. Registration number: 2010990000992 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20111208 Granted publication date: 20100519 Pledgee: Bank of Communications Ltd Wuhan East Lake New Technology Development Zone sub branch Pledgor: JETWAY Information Security Industry Co., Ltd. Registration number: 2010990000992 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Information safety computer for protecting basic input/output system safety Effective date of registration: 20111208 Granted publication date: 20100519 Pledgee: Bank of Communications Ltd Wuhan East Lake New Technology Development Zone sub branch Pledgor: JETWAY Information Security Industry Co., Ltd. Registration number: 2011990000480 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20120428 Granted publication date: 20100519 Pledgee: Bank of Communications Ltd Wuhan East Lake New Technology Development Zone sub branch Pledgor: JETWAY Information Security Industry Co., Ltd. Registration number: 2011990000480 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Information safety computer for protecting basic input/output system safety Effective date of registration: 20120428 Granted publication date: 20100519 Pledgee: Wuhan science and technology Company limited by guarantee Pledgor: JETWAY Information Security Industry Co., Ltd. Registration number: 2012990000181 |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100519 Termination date: 20200116 |