CN105653995B - The trust computing device of reusable general purpose computer human-computer interaction device - Google Patents
The trust computing device of reusable general purpose computer human-computer interaction device Download PDFInfo
- Publication number
- CN105653995B CN105653995B CN201510551999.3A CN201510551999A CN105653995B CN 105653995 B CN105653995 B CN 105653995B CN 201510551999 A CN201510551999 A CN 201510551999A CN 105653995 B CN105653995 B CN 105653995B
- Authority
- CN
- China
- Prior art keywords
- usb
- trust computing
- interface
- attachment
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/85—Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses the trust computing devices of reusable general purpose computer human-computer interaction device a kind of, including the trust computing attachment that runs on the auxiliary software of the trust computing on general purpose computer and can be connected with general purpose computer, this trust computing attachment has external interface identical with KVM switcher, but its internal running environment with display adapter and trusted application code;After this trust computing attachment, which is manually or automatically, is switched to credible human-computer interaction state, trust computing attachment monopolizes formula using human-computer interaction devices such as keyboard, mouse, displays, and processor, memory inside etc. completes the execution of trusted application;On the one hand the trust computing auxiliary software run on a general-purpose computer can be used for calling the trusted application being installed on trust computing attachment for user, the service supports such as network transmission on the other hand can also be provided for trust computing attachment.
Description
Technical field
The present invention discloses a kind of trust computing device for being able to carry out credible human-computer interaction, and in particular to multiplexing general-purpose computations
The trust computing attachment of machine human-computer interaction device.
Background technique
Under many occasions, people both run common application on a general-purpose computer, also run trusted application, at this point, how
Guarantee that the credibility of trusted application becomes a major issue.With the development of the processors such as Intel, can guarantee at present
The credible operation of pure calculation type task, but because trusted application still need by run operating system on a general-purpose computer come into
Row human-computer interaction, and wooden horse, virus etc. will cause the insincere of operating system, therefore it is difficult to ensure that there is answering for human-computer interaction demand
With credible operation.
In order to overcome the problems, such as that providing human-computer interaction by common computer operations system supports bring insincere, some products
By the way of virtual machine, a monitor of virtual machine is run on a general-purpose computer, is controlled using this monitor of virtual machine
Human-computer interaction device, so that trusted application can carry out man-machine friendship independent of the operating system on general purpose computer
Mutually.Monitor of virtual machine is what operating system provided to the compatibility issue and monitor of virtual machine of general purpose computer video card
The performance issue of virtual video card affects the practicability of such implementation.
In extreme circumstances, user may have to configure one it is independent, transported dedicated for the device of trust computing
Row trust computing, but at this moment will cause overlapping investment of the user on human-computer interaction device.
Summary of the invention
In order to solve " trusted application run on a general-purpose computer can not possess believable human-computer interaction device " and " make
With the trusted application computing device higher cost with independent human-computer interaction device " the problem of, the present invention proposes that one kind can answer
With the trust computing attachment of general purpose computer human-computer interaction device, both realize using can believable operation and human-computer interaction,
The implementation cost of trust computing is reduced again.
The present invention proposes the trust computing device of reusable general purpose computer human-computer interaction device a kind of, including runs on logical
The trust computing attachment that assists software with the trust computing of computer and can be connected with general purpose computer, it is characterized in that,
1) external interface of the trust computing attachment include: for connect the man-machine input interface of man-machine inputting equipment,
For connecting the man-machine output interface of man-machine output devices, being connect for receiving the man-machine output of the man-machine output interface of general purpose computer
It receives interface and carries out the interactive interface of information exchange with the general purpose computer;
2) the trust computing attachment after power, creates trusted code running environment in inside;
3) the trust computing accessory internal has man-machine output signal generation module and man-machine output selector switch, described
Man-machine output selector switch can select defeated to the man-machine output interface under the control of the trust computing accessory internal program
The man-machine output signal that the man-machine output signal generation module generates out, or output are defeated from the man-machine output receiving interface
The man-machine output signal entered;
4) the trust computing accessory internal has man-machine inputting equipment analog module;Pass through in the trust computing attachment
When the man-machine output interface output is from the man-machine output signal of the man-machine output receiving interface, the trust computing attachment
Man-machine incoming event is obtained from the man-machine input interface, and by the man-machine inputting equipment analog module, via the friendship
Mutual interface provides simulated person's machine incoming event to the general purpose computer;Pass through in the trust computing attachment described man-machine
When the man-machine output signal that output interface output is generated from the man-machine output signal generation module, the trust computing attachment
Man-machine incoming event is obtained from the man-machine input interface, and using this man-machine incoming event as the sheet of trusted code running environment
Ground incoming event, and and it is not committed to the simulation that the man-machine inputting equipment analog module carries out man-machine incoming event;
5) the trust computing auxiliary software carries out information transmitting by the interactive interface and the trust computing attachment.
In general, the man-machine inputting equipment is that on-fixed is connected to keyboard, mouse, touching on the general purpose computer
Touch ball, fingerprint instrument, microphone etc.;The man-machine output devices are VGA display;The trust computing attachment uses USB interface
Connect the man-machine inputting equipments such as keyboard, mouse;The trust computing attachment using USB interface as with the general-purpose computations
The interactive interface that machine interacts, the USB interface are also responsible for transmitting keyboard operation, mouse action etc. to the general purpose computer
Man-machine incoming event.
Have persistent stored modules in the trust computing accessory internal, be responsible for the storage trust computing attachment firmware and
Trusted application software package, in the trust computing attachment power-up (interactive interface and the general-purpose computations being powered on as will be described
Machine USB interface is connected) after, the firmware creates a trusted application running environment, and root in the trust computing accessory internal
The corresponding trusted application of execution needed according to user.
Detailed description of the invention
Fig. 1 is the deployment usage mode of trust computing attachment of the present invention under exemplary embodiment.When in use,
The USB interface of general purpose computer and the USB interface (this interface is designated as USB-HOST in figure) of the trust computing attachment are connect
Mouth is connected, and the USB interface that the USB keyboard of general purpose computer, mouse are connected to the trust computing attachment (is designated as USB- in figure
IN1 and USB-IN2), the VGA output interface of general purpose computer and the USB interface of the trust computing attachment (are designated as in figure
VGA-HOST) it is connected, by the display of USB interface (being designated as VGA-OUT in figure) and general purpose computer of the trust computing attachment
Device is connected.After power-up, there is trust computing running environment in the trust computing accessory internal, trusted application can be run herein
It is run in environment;Installation and operation trust computing assists software inside general purpose computer, and the trust computing auxiliary software is logical
USB-HOST interface is crossed to be communicated with the trust computing attachment;General purpose computer also receives the trust computing from USB port
The keyboard and mouse event that attachment is exported by USB-HOST interface.
Fig. 2 is the external interface and internal structure chart of trust computing attachment of the present invention under exemplary embodiment.Figure
Middle USB-HOST, USB-IN1, USB-IN2, VGA-HOST, VGA-OUT interface and the interface of name corresponding in Fig. 1 are corresponding.For
The cable for avoiding user from needing to connect when in use is excessive, and in the construction illustrated, the trust computing accessory internal has USB
Hub module can mention general purpose computer so that USB-HOST interface need to be only connected to the USB interface of general purpose computer
For equipment such as keyboard, mouse, USB flash disk, serial ports.USB memory module is responsible for part flash storage space virtual being general-purpose computations
The addressable USB flash disk of machine, in the embodiment having, USB memory module is also responsible for part main memory being virtually that general purpose computer can
One subregion of the USB flash disk of access.Processor in figure is responsible for executing the firmware and trusted application software being loaded into main memory.It is described
Trust computing accessory internal also has display adapter, is responsible for being converted to graphics display command or lattice information into VGA video letter
Number, video output selector switch, which is then used to control, exports which kind of VGA signal (comes from VGA- eventually by VGA-OUT interface
The signal of HOST interface, or the signal from the display adapter), the processor can be to video output selector switch
Behavior is controlled.
Fig. 3, which provides for USB memory module in the trust computing attachment for general purpose computer, has the USB flash disk there are two subregion
A kind of implementation.In this implementation, the partition table of USB flash disk and second subregion are all located in flash storage, USB flash disk
First subregion is then located at the continuous sheet of region of main memory.
Fig. 4 be it is corresponding with Fig. 3, it shows the USB memory module firmware in the trust computing attachment is seen, group
At a kind of aligning method of the memory block of USB flash disk.The USB memory module firmware is according to the aligning method, USB flash disk is calculated
Specifically what corresponding storage address is to some logical memory blocks.
It should be pointed out that Fig. 3 and Fig. 4 are illustrative nature, this field engineers and technicians can use other completely
Logical block and the corresponded manner of physical block reach same or similar purpose.
Fig. 5 for when trust computing assist software for trust computing attachment provide general purpose computer funcall support when, can
Letter calculates a kind of possible execution process of auxiliary software.
Specific embodiment
Physical structure
Fig. 1 is a kind of exemplary embodiment of the invention.Trust computing attachment of the present invention has 3 USB to connect in outside
Mouth and two USB interfaces.Wherein USB-HOST interface with the USB interface of general purpose computer for being connected, USB-IN1 and USB-
IN2 is used for the VGA output interface of connection universal main frame, VGA-OUT for connecting USB keyboard and mouse, VGA-HOST
For connecting VGA output equipment.
Trust computing attachment of the present invention is internal mainly including usb hub module, USB key disk module, USB mouse
Module, USB memory module, USB serial port module, flash storage, main memory, processor, usb host controller, VGA show suitable
Orchestration and video output selector switch.Wherein USB key disk module is used to provide by usb hub module to general purpose computer
Keyboard input;USB mouse module is used to provide mouse input to general purpose computer by usb hub module;USB memory module
For providing USB flash disk storage to general purpose computer by usb hub module;USB serial port module is used to pass through usb hub mould
Block establishes serial communication relationship with general purpose computer;The flash storage is divided into two parts, and a part is used to store
The firmware of the trust computing attachment, another part are formatted as FAT32 subregion, corresponding as the USB memory module
Memory, for storing trusted application code and data;The main memory is divided into two parts, and a part is used to run described
The firmware and trusted application of trust computing attachment, another part are used to cache the number that trusted application is exchanged with general purpose computer
According to;VGA display adapter, which is used to provide display for the application in the trust computing attachment, to be supported;Video output selector switch is used
It is switched between the vision signal exported in VGA display adapter and from VGA-HOST to realize;Usb host controller is used
To help processor to receive keyboard, Mouse input information from USB-IN1 and USB-IN2.
Software composition
The software of the trust computing attachment includes two parts, and a part is that trust computing assists software, and another part is
Trust computing firmware.Wherein:
Trust computing auxiliary software is run on general purpose computer, and function has: 1) function of trust computing attachment is encapsulated,
So that the function of trust computing attachment can be used in general-purpose computer applications;2) service, such as network are provided for trust computing attachment
Transmitting-receiving service.
Trust computing firmware is stored in the flash storage of trust computing attachment, after the power-up of trust computing attachment
Starting operation, function are as follows: 1) application to load on trust computing attachment provides running environment;2) when the video exports
When selection switch selection exports the signal from VGA-HOST, the USB keyboard mouse thing from USB-IN1 and USB-IN2 is received
Part, and corresponding event is exported by USB-HOST;3) the USB keyboard event from USB-IN1 or USB-IN2 is supervised
Depending on notifying the video output selector switch switching output signal when monitoring that specific Macintosh is pressed;4) when described
When the selection output of video output selector switch is from the VGA signal of the trust computing accessory internal display adapter, it will come from
USB keyboard, the mouse event of USB-IN1 and USB-IN2 gives the application runtime environment processing of the trust computing accessory internal.
(1) the relevant process of trust computing auxiliary software
The trust computing attachment is used in order to facilitate general-purpose computer applications, the trust computing auxiliary software provides such as
Lower api interface:
1) software package load_package is loaded, function is that some software package is loaded into the trust computing attachment packet
In the memory contained.It is software package pathname that it, which inputs parameter, is returned the result load successfully to failure flags, and when load at
When function, the software package corresponding access identities in the trust computing attachment are returned to, so that future is held by this access identities
Function in this software package of row.
The trust computing auxiliary software executes the process included the following steps to complete load_package:
Software package to be loaded is written to the corresponding general purpose computer USB flash disk of the USB memory module in UPLOAD1;
UPLOAD2 returns to the storage location of the software package to caller.
2) uninstall packet unload_package, function are that some has been loaded into the trust computing attachment
Software package is deleted from the memory of the trust computing attachment.
The trust computing auxiliary software executes the process included the following steps to complete unload_package:
UNLOAD1 deletes specified software package from the corresponding general purpose computer USB flash disk of the USB memory module;
UNLOAD2 returns to software package delete operation executive condition to caller.
3) software package executable specific function call_package_func, function is can described in calling execution has been loaded into
Letter calculates some subfunction of some software package in attachment, and input parameter is the access identities of software package to be called, optional ginseng
Number is the subfunction number and call parameters of the software package.
The trust computing auxiliary software executes the process included the following steps to complete call_package_func (this
That the description of unused " physical structure " part is assumed in process " is divided into two parts for main memory, a part is used to cache credible answer
With the data exchanged with general purpose computer "):
CALL1 is requested to the corresponding general purpose computer serial ports write-in control of the USB serial port module and its parameter;
CALL2 reads the trust computing attachment to step from the corresponding general purpose computer serial ports of the USB serial port module
The transmitted performance report requested of CALL1;
If the value instruction that CALL3 step CALL2 is obtained executes mistake, error code is reported to caller;
If the request that CALL4 step CALL1 is sent requires to return the result, CALL5 is thened follow the steps, step is otherwise gone to
CALL7;
CALL5 is returned the result from the corresponding general purpose computer serial ports reading of the USB serial port module;
The caller that CALL7 will call situation to return to this process.
The trust computing auxiliary software executes the process included the following steps, to facilitate the trust computing attachment to call
The function of general purpose computer:
SVC1 opens the corresponding general purpose computer serial ports of the USB serial port module;
SVC2mset ← { fd }, wherein mset is the set for the data communications context currently monitored, and fd is step SVC1 institute
The corresponding data communications context of the serial ports of acquisition, such as the filec descriptor of serial ports;
SVC3, which is waited in mset, has data communications context to have event arrival;
If serial ports described in SVC4 step SVC1 has data arrival, SVC5 is thened follow the steps, otherwise goes to step SVC7;
SVC5 reads event code event from serial ports described in step SVC1;
The event code that SVC6 is obtained according to step SVC3, performs corresponding processing:
Case1 request is established with remote ground host to be connected to the network
CONN1 reads remote computer address from the corresponding general purpose computer serial ports of the USB serial port module;
CONN2 and the remote ground host establish data communications context;
The step CONN2 data communications context established is added in data communication descriptor set mset by CONN3;
CONN4 goes to step SVC7;
Case2 request sends data to remote ground host
SEND1 reads mailing address and message content from the corresponding general purpose computer serial ports of the USB serial port module;
The information that SEND2 is obtained according to step SEND1 calls the network sending function of general purpose computer local;
SVC7 executes the operation included the following steps for each network connection for having message to reach:
RECV1 receives message from network connection;
RECV2 is by the corresponding general purpose computer serial ports of the USB serial port module, to trust computing attachment sending step
RECV1
The network data received;
SVC8 goes to step SVC3;
(2) the relevant process of firmware in trust computing attachment
Firmware in trust computing attachment includes: 1) built-in Linux operating system;2) Android running environment;3)
Linux internal keyboard mouse monitors module;4) network transmitting-receiving redirects service in Linux;5) video exports switching module.It is wherein embedding
Enter formula (SuSE) Linux OS to be responsible for starting trust computing attachment, and is mentioned for the other firmwares and trusted application of trust computing attachment
For operation support;Android running environment is used to run the trusted application based on Android exploitation;Linux internal keyboard mouse prison
Listen module for being responsible for receiving and processing event caused by the keyboard and mouse for being connected to USB-IN1 and USB-IN2;In Linux
Network transmitting-receiving redirects service and trust computing auxiliary software cooperation, provides Microsoft Loopback Adapter service for trust computing attachment;Video
Output switching module is used to control video output selector switch.
Setting can be exported switching module, USB key dish driving, USB mouse by video and drive being total to for access in linux kernel
Variable working_status is enjoyed, wherein the codomain of working_status is { credible IO state, common IO state }.Work as working_
When status is credible IO state, the input for being connected to the USB keyboard, mouse of USB-IN1, USB-IN2 will be by trust computing attachment
Itself is used, and without being transmitted to general purpose computer by USB-HOST interface, VGA shows the input of equipment from credible meter
Calculate the display adapter of accessory internal;When working_status is common IO state, trust computing attachment is from USB-IN1
It is inputted with USB keyboard, the mouse of USB-IN2 and general purpose computer is transmitted to by USB-HOST interface, VGA shows the input of equipment
From general purpose computer.
Trust computing attachment is preset specific Macintosh and is switched as the switching of I/O state, such as definition as Ctrl, Alt and
When these three keys of F10 are pressed, the change of working_status state is carried out, so as to cause the switching output and input.
Linux internal keyboard is monitored module and is realized in the USB key dish driving of Linux.It is below Ctrl+ with predefined switching combining key
For Alt+F10, come illustrate modified USB key dish driving when receiving USB keyboard event, performed main flow.
Increase variable total_down, bitmap down_keys and variable last_key in USB key dish driving at this time, wherein if down_
The 0th of keys is 1, indicates that F10 key is pressed at this time;If the 1st of down_keys is 1, indicate that Alt key is pressed at this time;
If the 2nd of down_keys is 1, indicate that Ctrl is pressed at this time;The initial value of last_key and total_down is 0.
When USB key dish driving, which is known, keyboard input, the process included the following steps is executed:
KBD1 obtains the scan code kmap of current keyboard input;
If KBD2 kmap is different from last_key, and kmap indicates that some key is pressed, then total_down ← total_
down+1;
KBD3last_key←kmap;
If some key is pressed in KBD4 scan code kmap instruction Ctrl, Alt, F10, by phase in down_keys bitmap
Answer position 1;
If in KBD5 scan code kmap instruction Ctrl, Alt, F10 some key be released and current total_down be 3 and
Down_keys is 0x7, then goes to step KBD6, otherwise goes to step KBD14;
KBD6 resets down_keys bitmap, and total_down is reset;
If KBD7 working_status value is common IO state, KBD8 is thened follow the steps, step KBD11 is otherwise gone to;
KBD8 operates USB key disk module, makes it through USB-HOST interface to general purpose computer and sends Ctrl+Alt+F10
Macintosh release event;
Working_status is changed to credible IO state by KBD9, and video is called to export switching module, carries out video outputting cutting
It changes;
Processing terminate by KBD10;
KBD11 submits Ctrl+Alt+F10 Macintosh release event to current operation system upper layer;
Working_status is changed to common IO state by KBD12, and video is called to export switching module, carries out video outputting cutting
It changes;
Processing terminate by KBD13;
If KBD14 scan code indicates that some key is released, total_down ← total_down-1;
If some key is released in the instruction instruction of KBD15 scan code Ctrl, Alt, F10, will be in down_keys bitmap
Corresponding positions are reset;
If the current working_status of KBD16 is common IO state, USB key disk module is operated, USB- is made it through
HOST interface sends the corresponding KeyEvent of kmap to general purpose computer, otherwise submits kmap corresponding to current operation system upper layer
KeyEvent.
It is main to the modification of USB mouse driving are as follows: when working_status is common IO state, mouse-driven is utilized
The mouse event received is converted into USB message, by USB-HOST interface, is sent to general purpose computer by USB mouse module.
Network transmitting-receiving redirects the TUN/TAP mechanism serviced by built in Linux and application layer message forwarding clothes in Linux
Business is completed, and wherein TUN/TAP mechanism is used to provide virtual network interface to trusted application, and application layer message forwards service conduct
One transmission intermediary, the message that trusted application is sent to virtual network interface is handed to run on it is credible on general purpose computer
It calculates auxiliary software and carries out network transmission, and trust computing auxiliary software is received network message and hands to virtual network and is connect
Mouthful.When the forwarding service of application layer message reads message from TUN/TAP equipment, the process included the following steps is executed:
RTUN1 operates USB serial port module, sends it to general purpose computer outgoing message and requests;
RTUN2 operates USB serial port module, it is made to export the network message read to general purpose computer;
When application layer message forwards service discovery general purpose computer to send data to USB serial port module, executing includes such as
The process of lower step:
WTUN1 reads data from USB serial port module, until obtaining complete network message;
TUN/TAP equipment is written in the resulting network message of step WTUN1 by WTUN2, so that virtual network interface receives
It is inputted to external network.
It should be noted that the data speed influence when USB serial port module affects greatly the performance of trust computing
When, it can be described such as " physical structure " part, this data transmission procedure is realized using USB memory module.Its method are as follows: can
Before letter calculates attachment factory, the Flash memory space that will act as USB flash disk is formatted as comprising two subregions, as shown in figure 3, second
A subregion is located in flash storage, for storing trusted application software package;First subregion then corresponds to continuous sheet of main memory
Region, for storing the information for needing frequent exchange between general purpose computer and trust computing attachment, referred to hereinafter as this is in memory
Subregion be exchange partition.Event notice can be carried out using USB serial port module at this time, for example, the net of trust computing attachment
Network transmitting-receiving redirects the process that service execution comprises the following steps, to request trust computing auxiliary software to carry out network message hair
It send:
Network message to be sent is written by internal storage access mode in DSEND1 in exchange partition;
DSEND2 operates USB serial port module, makes it through the port USB-HOST and disappears to general purpose computer transmission serial ports notice
Breath.
At this point, trust computing auxiliary software is on startup, by the USB memory module of trust computing attachment, it can be found that
There is a USB flash disk, further, it is found that the USB flash disk is divided into two subregions, and directly access this USB flash disk in a manner of raw device
Second subregion (that is: exchange partition).In order to corresponding with the process of DSEND1 to DSEND2, serial ports notification message is being received
Afterwards, trust computing auxiliary software executes the process included the following steps and obtains message to be sent:
The mode of DRELAY1 raw device reads the message to be sent in exchange partition;
DRELAY2 disposes message to be sent acquired in step DRELAY1 from exchange partition, to recycle storage sky
Between;
DRELAY3 passes through network, message to be sent acquired in sending step DRELAY1.
Exchange partition space can also further be segmented, and facilitate trust computing auxiliary software that the network message received is written and hand over
Change subregion.Trust computing assists software by exporting " new message arrival " to the corresponding general purpose computer serial ports of USB serial port module
Notice, to notify the network of trust computing attachment receives and dispatches the service of redirection TUN/TAP is written by the message in exchange partition is located at
Equipment.
When being not concerned about the service life of flash storage, it can directly use flash storage as exchange partition,
Rather than use main memory as exchange partition.
Application scenarios 1
Telecommunication service agency from taken from operator in firmware equipped with telecommunication service apply trust computing attachment and can
Letter calculates auxiliary software, wherein the USB-HOST interface of the trust computing attachment and telecommunication service agency have general-purpose computations by oneself
The USB interface of machine is connected, and it is attached that the keyboard being inserted on general purpose computer USB interface originally, mouse are inserted into the trust computing
Originally the display being connected in general purpose computer USB interface is connected to described credible by the USB-IN1/USB-IN2 interface of part
On the VGA output interface for calculating attachment;Using VGA signal wire, by the VGA output interface and the trust computing of general purpose computer
The VGA input interface of attachment is connected;By trust computing auxiliary software installation on the general purpose computer.
When user needs to handle telecommunication service, preset Macintosh, the trust computing attachment are pressed on keyboard
After detecting the Macintosh, into credible computing modules: video output selector switch is operated, so that the output of inside VGA video card
It is shown on display;The message from USB keyboard and mouse is no longer transmitted to USB key disk module, USB mouse module,
But the input as trust computing accessory operation system local uses.
When user needs to end processing telecommunication service, preset Macintosh is pressed on keyboard, that is, can be switched to can
Letter calculates that attachment is fully transparent to user, state using only general purpose computer.
The operating system run on trust computing attachment is built-in Linux;The upper default network routing of Linux is process
TUN/TAP Microsoft Loopback Adapter is sent;The network transmitting-receiving run on Linux redirects service and is responsible for trust computing on general purpose computer
The network message write-in TUN/TAP Microsoft Loopback Adapter that auxiliary software receives, the transmitting-receiving of this network redirect service and are also responsible for from TUN/TAP
Equipment reads message, and is handed over to the auxiliary software of the trust computing on general purpose computer;It is received and dispatched by means of network and redirects clothes
Business, trust computing attachment use the printer being connected on general purpose computer in the form of the network printer;Telecommunications is applied with B/S
Mode run, local in trust computing attachment, only need to run a browser page can carry out telecommunications operation.
Application scenarios 2
In application scenarios 1, the function of trust computing auxiliary software mainly act as the trust computing attachment with
Communication pipe between remote server completes client trusted application in the trusted code of trust computing attachment operation
All using logic, and in the application mode having, only a fraction code needs to run in a trusted manner in, such as
When e-commerce website is done shopping, it can only require that " carrying out Internetbank payment " operation has credibility, illustrate below this
The operational process of system under application mode:
1) trust computing auxiliary software include general purpose computer browser plug-in and with the trust computing attachment into
Communication pool two parts of row communication;
2) run that network message redirects service, request monitoring service, address jump mould on the trust computing attachment
Block, the request that wherein request monitoring service is sent for receiving and handling general purpose computer by USB-HOST interface, address are jumped
After revolving die block completes trust computing part for realizing trust computing attachment, before jumping back to user's progress trust computing automatically
State;
3) browser plug-in monitors user's network address to be accessed by browser, to be accessed when its discovery
When network address is Internetbank address, by the communication pool, this network address (such as institute above is forwarded to the trust computing attachment
It states, can be sent by the corresponding serial ports of USB serial port module;Network address can also be written to friendship by USB memory module
Subregion is changed, then event notice is carried out by USB serial port module);
4) the request monitoring service receive forwarding come network address after, to address do proper transformation (such as: work as net
When in network address including the return address after Internetbank operates, return address is changed to preassigned local dynamic web page),
And save the return address for including in raw requests), automatically switch (can be by exporting spy into trust computing state on the table
Fixed information, to prompt to enter trust computing state), and start browser, the address is accessed, user can be in the credible meter
It calculates environment and completes Internetbank, wherein the local dynamic web page is realized by address jump module;
5) the local dynamic web page after user completes Internetbank, back to after step 4) change;
6) when the code that the local dynamic web page is called executes, the trust computing attachment is notified to exit trust computing shape
State, and by USB serial ports, to the browser plug-in transmission step 4) the former return address that saves.
It should be noted that embodiment of above is merely to introduce thought of the invention, this field engineers and technicians
Under the inspiration of embodiment of above, according to actual needs, it is (including but unlimited that designed, designed goes out the embodiment under corresponding situation
In: 1) in trust computing attachment there is no USB memory module, but only relies upon USB serial port module to realize and general-purpose computations
Information exchange between machine;2) there is no USB serial port module in trust computing attachment, but use other communication modules, such as
USBSPI communication module;3) there is no VGA video card in trust computing attachment, but only VGA signal conversion module, dependence are credible
The software in attachment is calculated to complete a map generalization;4) trust computing attachment does not have network message to redirect service, but is
Trusted application provides the standard input/output library modified, using the modified standard input and output, with general purpose computer
It interacts;5) trust computing attachment provides trustship running environment for trusted application, without allowing trusted application independent operating;6)
Trust computing attachment provides the non-Linux running environment such as windows CE for trusted application;7) trust computing attachment is not credible
Using offer Android running environment, but the other running environment for meeting application requirement are only provided, as Linux+Qt is opened
Hair ring border), it still falls within protection scope of the present invention.
Claims (8)
1. a kind of trust computing attachment being attached on general purpose computer, including the people for connecting USB man-machine inputting equipment
It is machine input interface, the video output interface VGA-OUT for connecting picture output device, defeated for receiving general purpose computer video
The video reception interface of signal and the interactive interface with general purpose computer progress information exchange out, it is characterised in that:
The trust computing attachment creates trusted code running environment after power, in inside, and runs trusted application;
The trust computing accessory internal has video output signals generation module and video output selector switch, and the video is defeated
Selection switch can select to export the video output signals to the video output interface under the control of the trusted application out
The vision signal that generation module generates, or the vision signal that output is inputted from the video reception interface;
The trust computing accessory internal has man-machine inputting equipment analog module;
The trust computing attachment has credible computing modules and common calculating two kinds of operating modes of mode;
When the trust computing attachment is in common calculating mode, the trust computing attachment passes through the video output interface
The vision signal from the video reception interface is exported, the trust computing attachment is obtained from the man-machine input interface
Man-machine incoming event, and by the man-machine inputting equipment analog module, via the interactive interface, to the general purpose computer
Simulated person's machine incoming event is provided;
When the trust computing attachment is in credible computing modules, the trust computing attachment passes through the video output interface
Export the vision signal that generates from the video output signals generation module, the trust computing attachment is from the man-machine input
Interface obtains man-machine incoming event, and using this man-machine incoming event as the local input thing of the trusted code running environment
Part, and and it is not committed to the simulation that the man-machine inputting equipment analog module carries out man-machine incoming event.
2. a kind of trust computing attachment as described in claim 1, it is characterised in that:
(1) the video output signals generation module is display adapter, and the man-machine inputting equipment analog module is USB keyboard
Module and USB mouse module, the video reception interface are video signal interface VGA-HOST, and the interactive interface is
USB interface USB-HOST, the man-machine input interface are USB interface USB-IN;
(2) the trust computing attachment further includes the memory for storing firmware, for executing the place of firmware and trusted application
Manage device, and the usb host controller of the USB device for being connected on USB interface USB-IN for processor access;
(3) in the trust computing accessory internal: the interactive interface USB-HOST and the USB key disk module and the USB
The USB interface of mouse module is connected;The downlink port of the usb host controller is connected with the man-machine input interface;
(4) processor and the USB key disk module, the USB mouse module, the display adapter, the video select
Select switch the usb host controller between there are access control accesses;
(5) when trust computing attachment starting is in credible computing modules, the processor will be from from USB interface USB-
Event on IN inputs to the application of the trust computing attachment local runtime as human-computer interaction event, and enables the video
The vision signal that output selector switch selection generates the display adapter is defeated by the video signal interface VGA-OUT
Out;When the trust computing attachment be in it is common calculate mode when, the processor is by the event on USB interface USB-IN
It is transmitted to the USB key disk module/USB mouse module, so that being connected to the calculating on the interactive interface USB-HOST
Machine can obtain human-computer interaction event, and lead the video output selector switch that will believe from the video of the VGA-HOST interface
Number from the VGA-OUT interface export.
3. a kind of trust computing attachment as claimed in claim 2, it is characterised in that:
(1) the trust computing attachment includes usb communication module, and the USB interface of the usb communication module connects with the interaction
Mouth is connected, and there are access control accesses between the processor and the usb communication module;
(2) processor can be counted by the usb communication module with the general purpose computer for being connected to the interactive interface
According to communication.
4. a kind of trust computing attachment as claimed in claim 3, it is characterised in that:
(1) the trust computing attachment includes writeable memory module;
(2) general purpose computer connecting with the USB-HOST can be by the usb communication module, to the writeable memory module
Middle write-in trust computing application software.
5. a kind of trust computing attachment as claimed in claim 3, it is characterised in that:
(1) the trust computing attachment includes writeable memory module;
(2) general purpose computer connecting with the USB-HOST can be by the usb communication module, to the writeable memory module
Middle write-in communication data.
6. any trust computing attachment as described in claim 3 to claim 5, it is characterised in that: the usb communication mould
Block is USB serial port module.
7. any trust computing attachment as described in claim 3 to claim 5, it is characterised in that: the usb communication mould
Block includes USB memory module.
It, can including run on general purpose computer 8. a kind of trust computing device of reusable general purpose computer human-computer interaction device
Letter calculates auxiliary software and trust computing attachment as described in claim 1, it is characterised in that: the trust computing assists software
Information transmitting is carried out by the interactive interface of the trust computing attachment and the trust computing attachment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510551999.3A CN105653995B (en) | 2015-09-01 | 2015-09-01 | The trust computing device of reusable general purpose computer human-computer interaction device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510551999.3A CN105653995B (en) | 2015-09-01 | 2015-09-01 | The trust computing device of reusable general purpose computer human-computer interaction device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105653995A CN105653995A (en) | 2016-06-08 |
| CN105653995B true CN105653995B (en) | 2019-02-15 |
Family
ID=56481984
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510551999.3A Active CN105653995B (en) | 2015-09-01 | 2015-09-01 | The trust computing device of reusable general purpose computer human-computer interaction device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105653995B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108268287B (en) * | 2016-12-29 | 2021-01-12 | 研祥智能科技股份有限公司 | Serial port redirection terminal software optimization implementation method |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051292A (en) * | 2007-01-08 | 2007-10-10 | 中国信息安全产品测评认证中心 | Reliable U disc, method for realizing reliable U disc safety and its data communication with computer |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101236495A (en) * | 2007-01-29 | 2008-08-06 | 义发科技股份有限公司 | Second generation personal system device recognition method and its method for loading driver |
| CN101794362A (en) * | 2010-01-22 | 2010-08-04 | 华北计算技术研究所 | Trusted computation trust root device for computer and computer |
-
2015
- 2015-09-01 CN CN201510551999.3A patent/CN105653995B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051292A (en) * | 2007-01-08 | 2007-10-10 | 中国信息安全产品测评认证中心 | Reliable U disc, method for realizing reliable U disc safety and its data communication with computer |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105653995A (en) | 2016-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8407717B2 (en) | Parallel processing method for dual operating system | |
| KR100786895B1 (en) | Storage virtualization apparatus | |
| CN112764872B (en) | Computer device, virtualization acceleration device, remote control method, and storage medium | |
| CN110168487B (en) | Touch control method and device | |
| CN103229156A (en) | Auto-configuration of a docked system in a multi-OS environment | |
| US9354919B2 (en) | Method and device for loading android virtual machine application | |
| CN109308241B (en) | Method and device for monitoring starting process of application program, terminal equipment and storage medium | |
| CN109118160B (en) | Information sharing method, device, terminal equipment and medium | |
| US20190138702A1 (en) | System on chip and terminal | |
| EP2711845A2 (en) | PCI express switch with logical device capability | |
| JP2012079084A (en) | Remote desktop system and operation application migration system | |
| CN108205619A (en) | A kind of multi-user management method based on android system and its device | |
| CN112764563A (en) | Multi-screen control method, device and system, electronic equipment and storage medium | |
| US20190079595A1 (en) | Device Driver-Level Approach for Utilizing a Single Set of Interface Input Devices for Multiple Computing Devices | |
| US20200089512A1 (en) | Method and Apparatus for Invoking Input Method, Server, and Terminal | |
| KR20080021531A (en) | Remote management method and system for portable electronic device and portable electronic device thereof | |
| JP5919838B2 (en) | Analyzer control system | |
| CN105653995B (en) | The trust computing device of reusable general purpose computer human-computer interaction device | |
| CN114217900A (en) | Remote control method, device and system, computing equipment and storage medium | |
| JP2013148519A5 (en) | ||
| EP4273731A1 (en) | Information processing method and apparatus | |
| CN102843417B (en) | The remote operation method of electronic equipment | |
| JP5515520B2 (en) | Server device and screen data transmission method | |
| JP5626839B2 (en) | Virtual computer system, virtual computer control device, and virtual computer system execution method | |
| KR101624700B1 (en) | Virtualization client controlling multiple displays under virtual operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20190104 Address after: 225600 Outer Ring Road, Chengnan New Economic Zone, Gaoyou City, Yangzhou City, Jiangsu Province Applicant after: Jiangsu tengwu Information Technology Co., Ltd. Address before: 410008 Xiangzhang Garden, Sifangping Science and Technology University, Kaifu District, Changsha City, Hunan Province, 11 Building 104 Applicant before: Liu Xiaojian |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |