CN105871539B - Key processing method and device - Google Patents
Key processing method and device Download PDFInfo
- Publication number
- CN105871539B CN105871539B CN201610156470.6A CN201610156470A CN105871539B CN 105871539 B CN105871539 B CN 105871539B CN 201610156470 A CN201610156470 A CN 201610156470A CN 105871539 B CN105871539 B CN 105871539B
- Authority
- CN
- China
- Prior art keywords
- key
- command
- module
- slot
- slots
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 41
- 238000012545 processing Methods 0.000 claims abstract description 67
- 238000004891 communication Methods 0.000 claims abstract description 14
- 230000015654 memory Effects 0.000 claims description 43
- 238000000034 method Methods 0.000 claims description 37
- 238000013507 mapping Methods 0.000 claims description 26
- 238000012790 confirmation Methods 0.000 claims description 12
- 230000006870 function Effects 0.000 description 10
- 230000008569 process Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 8
- 230000000694 effects Effects 0.000 description 4
- 239000008186 active pharmaceutical agent Substances 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
- H04L9/0897—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Technology Law (AREA)
- Multimedia (AREA)
- Remote Sensing (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Radar, Positioning & Navigation (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The embodiment of the invention provides a secret key processing method and a secret key processing device, relates to the field of communication, and can avoid returning error codes with full space when secret keys are loaded, so that the secret key loading is ensured to be carried out smoothly. The key processing method comprises the following steps: acquiring a key loading command, wherein the key loading command indicates that a Trusted Platform Module (TPM) chip loads a first key; if all the key slots in the TPM chip are in a non-idle state, releasing first key slots in all the key slots in the TPM chip; and loading the first key on the first key slot according to the key loading command.
Description
Technical Field
The present invention relates to the field of communications, and in particular, to a method and an apparatus for processing a secret key.
Background
In a communication system, in order to secure data, a Terminal Device (Terminal Device) generally needs to encrypt the data using keys, and once the keys are leaked, the confidentiality of the encrypted data related to the keys is seriously affected. It is therefore necessary to provide a security protection mechanism to prevent the keys from being stored in the system or code in the clear. TPM (Trusted Platform Module) is a commonly used key protection scheme, and can provide a hardware-based sensitive information secure storage function by integrating a key and an encryption/decryption operation engine. The TPM chip is a chip conforming to the TPM standard, wherein the TPM standard is proposed by TCG (Trusted Computing Group), and the standard prevents an illegal user from accessing and changing the internal data thereof by embedding a chip including key generation, encryption and decryption calculation, secure storage, and tamper-proof functions in a computer system, thereby ensuring the security of data encryption.
In the prior art, 5 to 10 key slots are usually arranged in one TPM chip, and a key can only be called by an application program if the key is loaded in the key slot. If the key slot of the TPM chip is full and there are still applications attempting to load keys, the TPM chip returns an error code that the space is full.
Disclosure of Invention
Embodiments of the present invention provide a method and an apparatus for processing a secret key, which can avoid returning an error code whose space is full when the secret key is loaded, and ensure smooth key loading.
In order to achieve the above purpose, the embodiment of the invention adopts the following technical scheme:
in a first aspect, an embodiment of the present invention provides a key processing method, including:
firstly, a key loading command is obtained, and the key loading command indicates that a first key is loaded on a TPM chip of a trusted platform module; secondly, judging whether all the key slots in the TPM chip are in a non-idle state or not, and if all the key slots in the TPM chip are in the non-idle state, releasing first key slots in all the key slots in the TPM chip; and finally, loading the first key on the first key slot according to the key loading command.
In the key processing method provided by the embodiment of the invention, when a key loading command indicating that a TPM chip of a trusted platform module loads a first key is obtained and all key slots in the TPM chip are in a non-idle state, a key processing device can release the first key slot of all key slots in the TPM chip and load the first key on the first key slot according to the key loading command. Therefore, the error code with full space can be prevented from being returned when the secret key is loaded, the smooth loading of the secret key is ensured, and the memory space resource of the TPM chip is reasonably used.
Optionally, the method further includes:
and confirming the mapping relation between all the key slots and the key in the TPM chip before releasing the first key slot.
Optionally, releasing the first key slot of all the key slots in the TPM chip specifically includes:
acquiring an identifier of a first key slot, wherein a key occupying the first key slot is a key which occupies the keys of all the key slots and has the least use times, or the key occupying the first key slot is a key which occupies the earliest load of the keys of all the key slots; and instructing the TPM chip to release the first key slot according to the identification of the first key slot.
In the key processing method provided by the embodiment of the present invention, the key occupying the first key slot is a key that occupies the keys of all key slots with the least number of times of use, or the key occupying the first key slot is a key that occupies the earliest load of the keys of all key slots. The first key slot is selected in a reasonable mode, and other key slots are guaranteed not to be influenced when the first key is loaded as far as possible.
Optionally, the method further includes:
before releasing the first key slot, a field record of the key occupying the first key slot is saved.
In the key processing method provided by the embodiment of the invention, the field record of the key occupying the first key slot is stored before the first key slot is released, so that the field record of the key can be directly recovered when the key is reloaded next time, and the rapid loading of the key is realized.
Optionally, the method further includes:
and when the first key is loaded on the first slot, confirming that the field record of the first key is stored in the memory, and acquiring and recovering the field record of the first key.
In the key processing method provided by the embodiment of the invention, when the first key is loaded on the first slot, if the field record of the first key is stored in the memory, the field record of the first key can be directly recovered, so that the rapid loading of the key is realized.
Optionally, the method further includes:
when the first key is loaded on the first key slot, the mapping relation between the first key slot and the first key is recorded, so that the first key is obtained from the first key slot according to the mapping relation.
Optionally, the method further includes:
acquiring a key release command, wherein the key release command is used for triggering the TPM chip to release a second key occupying a second key slot in the TPM chip;
releasing a second key on a second key slot according to the key release command;
and when the second key is released on the second key slot, deleting the mapping relation between the second key slot and the second key.
In a first possible implementation manner, before obtaining the key loading command, the method further includes:
judging whether the number of key slots in an idle state in the TPM chip is greater than or equal to a preset threshold or not; if the number of the key slots in the TPM chip in the idle state is larger than or equal to a preset threshold, acquiring a first command from the received at least one command, wherein the first command is any one command in the at least one command, and the first command comprises a key loading command.
In a second possible implementation manner, before obtaining the key loading command, the method further includes:
judging whether the number of key slots in an idle state in the TPM chip is smaller than a preset threshold or not; if the number of the key slots in the TPM chip in the idle state is smaller than a preset threshold, acquiring a first command from the received at least one command, wherein the first command is a command with the highest priority level in the at least one command, and the first command comprises a key loading command.
In the key processing method provided by the embodiment of the invention, a first command is obtained from at least one received command by judging whether the number of key slots in an idle state in a chip is greater than or equal to a preset threshold and when the number of key slots in the idle state in the chip is greater than or equal to the preset threshold, wherein the first command is any one of the at least one command; and when the number of the key slots in the idle state in the chip is smaller than a preset threshold, acquiring a first command from the received at least one command, wherein the first command is a command with the highest priority in the at least one command, and reasonably utilizing the key slots in the TPM chip.
In a second aspect, an embodiment of the present invention provides a key processing apparatus, where the key processing apparatus includes an obtaining module, a confirming module, a releasing module, and a loading module;
the key loading command indicates that a first key is loaded on a TPM chip of the trusted platform module;
the confirmation module is used for confirming that all the key slots in the TPM chip are in a non-idle state after the key loading command is obtained by the obtaining module;
the release module is used for releasing first key slots in all the key slots in the TPM chip if all the key slots in the TPM chip are in a non-idle state;
and the loading module is used for loading the first key on the first key slot according to the key loading command after the releasing module releases the first key slot in all the key slots in the TPM chip.
The technical effects of the key processing apparatus provided in the embodiments of the present invention can be referred to the technical effects of the key processing apparatus described in the key processing method executed by the key processing apparatus in the first aspect, and are not described herein again.
Optionally, the confirmation module is further configured to confirm mapping relationships between all key slots and keys in the TPM chip before the release module releases the first key slot.
Optionally, the release module is specifically configured to obtain an identifier of the first key slot, where a key occupying the first key slot is a key that is used for the fewest times among keys occupying all key slots, or a key occupying the first key slot is a key that is loaded earliest among keys occupying all key slots; and instructing the TPM chip to release the first key slot according to the identification of the first key slot.
Optionally, the key processing apparatus further includes a storage module;
and the storage module is used for storing the field record of the key occupying the first key slot before the release module releases the first key slot.
Optionally, the loading module is specifically configured to, when the loading module loads the first key on the first slot, confirm that the field record of the first key is stored in the memory, and obtain and recover the field record of the first key.
Optionally, the key processing apparatus further includes a recording module;
and the recording module is used for recording the mapping relation between the first key slot and the first key when the loading module loads the first key on the first key slot so as to acquire the first key from the first key slot according to the mapping relation.
Optionally, the obtaining module is further configured to obtain a key release command, where the key release command is used to trigger the TPM chip to release a second key occupying a second key slot in the TPM chip;
the release module is further configured to release the second key on the second key slot according to the key release command after the key release command is obtained by the obtaining module;
the recording module is further configured to delete the mapping relationship between the second key slot and the second key when the releasing module releases the second key in the second key slot.
Optionally, the confirmation module is further configured to confirm that the number of key slots in the TPM chip that are in the idle state is greater than or equal to a preset threshold before the obtaining module obtains the key loading command;
the obtaining module is further configured to obtain a first command from the received at least one command after the determining module determines that the number of key slots in the TPM chip in the idle state is greater than or equal to a preset threshold, where the first command is any one of the at least one command, and the first command includes a key loading command.
Optionally, the confirmation module is further configured to confirm that the number of key slots in the TPM chip that are in the idle state is less than a preset threshold before the obtaining module obtains the key loading command;
the obtaining module is further configured to obtain a first command from the received at least one command after the determining module determines that the number of key slots in the TPM chip in the idle state is smaller than a preset threshold, where the first command is a command with a highest priority level in the at least one command, and the first command includes a key loading command.
In a third aspect, an embodiment of the present invention further provides a terminal device, where the terminal device includes a memory, a processor, a communication interface, and a system bus;
the memory, the processor and the communication interface are connected through the system bus, the memory is used for storing computer instructions, and the processor is used for executing the computer instructions stored by the memory, so that the terminal device executes the key processing method according to the first aspect.
The technical effects of the terminal device provided in the embodiment of the present invention may refer to the technical effects of the key processing apparatus described in the key processing method executed by the key processing apparatus in the first aspect, and are not described herein again.
In a fourth aspect, an embodiment of the present invention further provides a software product, where the software product includes computer instructions for implementing a key processing method.
The computer instructions may be stored on a readable storage medium; from the readable storage medium, the processor can read and execute computer instructions, so that the processor realizes the key processing method.
The embodiment of the invention provides a secret key processing method and a secret key processing device, wherein a secret key loading command is obtained, and the secret key loading command indicates that a TPM chip of a trusted platform module loads a first secret key; if all the key slots in the TPM chip are in a non-idle state, releasing first key slots in all the key slots in the TPM chip; and loading the first key on the first key slot according to the key loading command. Based on the description of the above embodiment, when a key loading command indicating that a TPM chip of a trusted platform module is loaded with a first key is obtained and all key slots in the TPM chip are in a non-idle state, a key processing device may release the first key slot of all key slots in the TPM chip and load the first key in the first key slot according to the key loading command. Therefore, the error code with full space can be prevented from being returned when the secret key is loaded, the smooth loading of the secret key is ensured, and the memory space resource of the TPM chip is reasonably used.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention.
Fig. 1 is a first diagram of a system architecture of a chip based on version 1.2 of TSS according to an embodiment of the present invention;
FIG. 2 is a first diagram of a system architecture of a chip based on TSS version 2.0 according to an embodiment of the present invention;
fig. 3 is a first flowchart illustrating a key processing method according to an embodiment of the present invention;
fig. 4 is a flowchart illustrating a second method for processing a key according to an embodiment of the present invention;
fig. 5 is a third schematic flowchart of a key processing method according to an embodiment of the present invention;
fig. 6 is a fourth schematic flowchart of a key processing method according to an embodiment of the present invention;
fig. 7 is a fifth flowchart illustrating a key processing method according to an embodiment of the present invention;
fig. 8 is a first schematic structural diagram of a key processing apparatus according to an embodiment of the present invention;
fig. 9 is a schematic structural diagram of a key processing apparatus according to an embodiment of the present invention;
fig. 10 is a schematic structural diagram of a key processing apparatus according to a third embodiment of the present invention;
FIG. 11 is a second diagram of a system architecture of a chip based on TSS version 1.2 according to an embodiment of the present invention;
fig. 12 is a diagram of a system architecture of a chip based on the TSS version 2.0 according to an embodiment of the present invention;
fig. 13 is a hardware schematic diagram of a terminal device according to an embodiment of the present invention.
Detailed Description
Technical solutions in the embodiments of the present invention will be described in detail below with reference to the drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments.
The techniques described in embodiments of the present invention may be used with a variety of chips, particularly TPM chips. In addition to proposing the TPM standard, the TCG defines a TSS (TPM Software Stack), which is a Software system that provides access to TPM interfaces for upper-level trusted computing applications.
Fig. 1 is a system architecture of a chip based on TSS version 1.2 according to an embodiment of the present invention, including: simplified API (Application Program Interface), TDDL (TPM Device driver library), TCS (TCG Core Service), and TSP (TCG Service provider). The simplified API provides compatibility service for various application programs; the TDDL provides a uniform driver library function interface for different TPM equipment; the TCS is responsible for sending TPM commands and receiving TPM command responses in a byte stream mode and invoking basic queuing for the concurrent TPM commands; the TSP is responsible for key management and provides an API interface for applications.
Fig. 2 is a system architecture of a chip based on the TSS 2.0 version according to an embodiment of the present invention, which includes: simplified API, feature API, enhanced system API, TCTI (TPM Command Transmission Interface), TAB (TPM Access Broker), and resource manager. The simplified API provides compatibility service for various application programs; the resource manager mainly provides TPM object (such as key), context management; the TAB is used for processing the synchronization of the access of the multiple processes to the TPM, and ensures that one process is not interfered by other processes when calling one TPM command; the TCTI is used for processing communication modes of all the TPM at the bottom layer, such as a local TPM, a TPM simulator, a virtual TPM, a remote TPM and the like; the system API is used for sending TPM commands and receiving the TPM commands in a byte stream mode; the enhanced system API and the feature API provide better bottom abstraction for the application program.
The key processing method provided by the embodiment of the present invention may be applied to the TSS 1.2 shown in fig. 1, and may also be applied to the TSS 2.0 shown in fig. 2, the TSS to which the present invention is applicable is not limited, and the TSS 1.2 and the TSS 2.0 are only examples.
The TSS can be deployed to a TPM chip or a terminal device, and the deployment form can be a middleware form. If the TSS is deployed to the TPM chip, a processor of the TPM chip executes a key processing method based on the TSS. If the TSS is deployed to the terminal device, a processor of the terminal device executes a key processing method based on the TSS.
In addition, the terminal device described in the embodiments of the present invention may be a wireless terminal or a wired terminal, and the wireless terminal may be a device providing voice and/or data connectivity to a user, a handheld device having a wireless connection function, or another processing device connected to a wireless modem. Wireless terminals, which may be mobile terminals such as mobile telephones (or "cellular" telephones) and computers having mobile terminals, such as portable, pocket, hand-held, computer-included, or vehicle-mounted mobile devices, may communicate with one or more core networks via a radio access network (e.g., RAN). Such as Personal Communication Service (PCS) phones, cordless phones, Session Initiation Protocol (SIP) phones, Wireless Local Loop (WLL) stations, Personal Digital Assistants (PDAs), and the like. A wireless terminal may also be referred to as a system, a subscriber unit (subscriber unit), a subscriber station (subscriber station), a mobile station (mobile), a remote station (remote station), an access point (access point), a remote terminal (remote terminal), an access terminal (access terminal), a user terminal (user terminal), a user agent (user agent), a user device (user device), or a user equipment (user equipment).
It should be further noted that the term "and/or" is only one kind of association relationship describing the associated object, and means that three relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
An embodiment of the present invention provides a key processing method, as shown in fig. 3, specifically, the method includes:
s101, the TSS acquires a key loading command.
The key loading command indicates that the first key is loaded on the TPM chip of the trusted platform module.
It should be noted that the key processing method provided in the embodiment of the present invention is implemented on a TSS software layer, specifically, the TSS is deployed in a key processing apparatus, where the key processing apparatus may be a TPM chip or a terminal device, and the present invention is not limited to this.
The commands that the TPM chip mentioned in the embodiments of the present invention can process are generally classified into four types: a key load command, a key release command, a long job command, and a short job command. The key loading command is a command for loading a key in a key slot in an idle state; the key release command is a command for releasing a key loaded in the key slot; both the long job command and the short job command refer to commands for an application to call a key loaded in a key slot. The case that the TPM chip obtains other types of commands (such as a key release command, a long job command, or a short job command) will be described in detail in the following embodiments, and will not be described herein again.
S102, if all the key slots in the TPM chip are in a non-idle state, the TSS releases the first key slot in all the key slots in the TPM chip.
The TSS releases the first key slot in the TPM chip, which may be specifically implemented as follows: the TSS instructs the TPM chip to release the first key slot.
After the TSS obtains the key loading command, it is first required to determine whether all key slots in the TPM chip are in a non-idle state. Specifically, the method for the TSS to determine whether all the key slots in the TPM chip are in the non-idle state may be: the TSS validates the mapping relationship of all key slots and keys in the TPM chip. If all the key slots in the TPM chip are respectively mapped with different keys, it is indicated that all the key slots in the TPM chip are in a non-idle state; if at least one key slot in the TPM chip has no mapping relation with any key, the key slot in the TPM chip which has no mapping relation with any key is in an idle state.
If at least one key slot in all the key slots in the TPM chip is in an idle state, the at least one key slot is indicated to be an idle key slot, and at the moment, a first key is directly loaded on any idle key slot; if all the key slots in the TPM chip are in a non-idle state, it indicates that all the key slots in the TPM chip are full, and at this time, the TSS needs to release the first key slot in the TPM chip.
It should be noted that the first key slot may be any one of all key slots in the TPM chip. Preferably, the key occupying the first key slot is a key which is used for the least number of times among keys occupying all key slots, or the key occupying the first key slot is a key which is loaded earliest among keys occupying all key slots.
S103, the TSS loads the first key on the first key slot according to the key loading command.
The TSS loads the first key in the first key slot, and the specific implementation may be: the TSS instructs the TPM chip to load the first key on the first key slot.
Specifically, the process of loading the first key on the first key slot by the TSS according to the key loading command may include: the TSS acquires a parent key of the first key according to the first key, wherein the parent key of the first key is a superior key of the first key; if the parent Key of the first Key is the SRK (Storage Root Key), the TSS decrypts the Key data using the SRK to obtain the plaintext of the first Key, and loads the first Key in the first Key slot to generate the first Key handle. It should be noted that, if the parent key of the first key is not the SRK, the TSS continues to obtain the grandparent key of the first key, where the grandparent key of the first key is the previous-level key of the parent key of the first key until the SRK is obtained; assuming that the parent key of the first key is the SRK, in this embodiment, the SRK is used to obtain the plaintext of the parent key of the first key, the parent key of the first key is loaded in the free key slot, the key data is decrypted by using the parent key of the first key to obtain the plaintext of the first key, and then the first key is loaded in the first key slot to generate the first key handle. So that the application program can call and accept operations of encryption, signature, verification or HMAC (HashMessage Authentication Code) calculation and the like according to the first key handle.
Specifically, as shown in fig. 4, a complete flow of the key processing method provided in the embodiment of the present invention includes:
s201, the TSS judges whether the number of the key slots in the TPM chip in the idle state is larger than or equal to a preset threshold.
It is understood that before step S201 is executed, the TSS may receive at least one command from at least one application at the same time, and then the execution sequence of the at least one command needs to be defined. Wherein, one application program can issue one command or multiple commands, and the invention is not limited.
Optionally, the TSS can classify the received at least one command by command type. The TSS classifies the key loading commands into one class, the key release commands into one class, the long operation commands into one class and the short operation commands into one class, and the execution sequence of the commands of the same class is determined according to the sequence of the commands received by the TSS.
The TSS judges whether the number of the key slots in the TPM chip in the idle state is larger than or equal to a preset threshold. The preset threshold may be less than or equal to the total number of key slots in the chip. Generally, the preset threshold is smaller than the total number of key slots in the TPM chip, and assuming that 6 key slots are provided in the TPM chip, the preset threshold may be set to 2.
S202, if the number of the key slots in the TPM chip in the idle state is larger than or equal to a preset threshold, the TSS acquires a first command from the received at least one command, wherein the first command is any one of the at least one command.
If the number of the key slots in the idle state in the TPM chip is greater than or equal to the preset threshold, it indicates that there are many key slots in the idle state in the TPM chip, and at this time, the TSS obtains a first command from the received at least one command, where the first command is any one of the at least one command.
S203, if the number of the key slots in the TPM chip in the idle state is smaller than a preset threshold, the TSS acquires a first command from the received at least one command, wherein the first command is a command with the highest priority in the at least one command.
If the number of the key slots in the idle state in the TPM chip is smaller than the preset threshold, it indicates that there are few key slots in the idle state in the TPM chip, and even there may be no key slot in the idle state, at this time, the TSS obtains the first command from the received at least one command, where the first command is a command with the highest priority in the at least one command, so that it can be ensured that the command with the high priority can be preferentially executed.
Generally, the priority of four types of commands that the TSS can process is, in order from high to low: a key release command, a short job command, a long job command, and a key load command.
It should be noted that the TSS is executed in sequence when processing the commands, and therefore, the first command acquired by the TSS from at least one received command is a single command at a time. After executing the first command, the TSS may return to execute step S202 or step S203 until all received commands are executed.
S204, the TSS judges whether the first command is a key loading command.
Wherein the key loading command instructs loading of the first key at the TPM chip.
S205, if the first command is a key loading command, the TSS judges whether the first key is loaded already.
If the first key is already loaded, there is no need to reload the first key, and the following steps need not be performed.
S206, if the first key is not loaded, the TSS acquires the states of all the key slots in the TPM chip.
If the first key is not loaded, the TSS needs to acquire the states of all key slots in the TPM chip, and determine whether all key slots in the TPM chip are in a non-idle state. Specifically, the method for the TSS to determine whether all the key slots in the TPM chip are in the non-idle state may be: the TSS validates the mapping relationship of all key slots and keys in the TPM chip. If at least one key slot in the TPM chip is in an idle state, it indicates that at least one idle key slot is in the TPM chip, and at the moment, the first key is directly loaded on any idle key slot.
S207, if all the key slots in the TPM chip are in a non-idle state, the TSS releases the first key slot in all the key slots in the TPM chip.
Specifically, as shown in fig. 5, step S207 may include S207a and S207 b:
s207a, if all the key slots in the TPM chip are in the non-idle state, the TSS acquires the first key slot.
The TSS acquires the first key slot, which means that the TSS acquires the first key slot satisfying the preset condition, wherein the first key slot satisfying the preset condition means: the key occupying the first key slot is the key which occupies the keys of all the key slots and has the least use times, or the key occupying the first key slot is the key which occupies the earliest load of the keys of all the key slots.
S207b, TSS releases the first key slot. Specifically, the TSS instructs the TPM chip to release the first key slot.
Optionally, as shown in fig. 6, between step S207a and step S207b, the method further includes step S207 c:
s207c, TSS saves a live record of the key occupying the first key slot.
It should be noted that, in the key processing method provided in the embodiment of the present invention, the memory connected to the TPM chip or the memory inside the TPM chip may store a field record of the key, where the field record of the key refers to information such as a file and a state required when the key is loaded, so as to ensure that the field record of the key can be quickly read from the memory when the key is loaded next time, and the key is recovered.
Thus, the TSS needs to keep a field record of the key occupying the first key slot before the TSS releases the first key slot.
S208, the TSS loads the first key on the first key slot. The TSS instructs the TPM chip to load the first key on the first key slot.
Specifically, as shown in fig. 7, step S208 may include S208a and S208 b:
s208a and TSS determine whether the memory stores the live record of the first key.
When the TSS loads the first key on the first key slot, whether a field record of the first key is stored in the memory is judged firstly, and if the field record of the first key is not stored in the memory, the TSS loads the first key on the first key slot. The specific loading process has been described in detail in the above embodiments, and is not described herein again.
S208b, if the memory stores the live record of the first key, the TSS acquires and restores the live record of the first key.
If the field record of the first key is stored in the memory, the TSS acquires and recovers the field record of the first key, so that the key can be loaded quickly.
S209, the TSS records the first information in the key loading record.
The first information at least comprises a mapping relation between the first key slot and the first key.
It should be noted that, the states of all the key slots in the TPM chip at the current time are recorded in the key loading record in real time. After the TSS loads the first key in the first key slot, the TSS records first information in the key loading record, where the first information at least includes a mapping relationship between the first key slot and the first key.
S210, if the first command is not the key loading command, the TSS judges whether the first command is the key releasing command.
Step S210 is a step parallel to step S205.
The key release command is used for triggering the chip to release a second key, and the second key is a key occupying a second key slot in the chip.
And S211, if the first command is a key release command, the TSS releases the second key on the second key slot.
S212, the TSS deletes the second information in the key loading record.
The second information at least comprises a mapping relation between the second key slot and the second key.
It should be noted that, the states of all the key slots in the TPM chip at the current time are recorded in the key loading record in real time. And after the TSS releases the second key on the second key slot, the TSS deletes the second information in the key loading record, wherein the second information at least comprises the mapping relation between the second key slot and the second key.
It should be added that if the first command is neither the key loading command nor the key release command, it indicates that the first command is the long job command or the short job command, and since the key already loaded in the key slot is always used for the request of the long job command or the short job command, the number of times of using the key used for the request of the long job command or the short job command only needs to be recorded in the key loading record.
The embodiment of the invention provides a key processing method, which comprises the steps of obtaining a key loading command, wherein the key loading command indicates that a TPM chip of a trusted platform module loads a first key; if all the key slots in the TPM chip are in a non-idle state, releasing first key slots in all the key slots in the TPM chip; and loading the first key on the first key slot according to the key loading command. Based on the description of the above embodiment, when a key loading command indicating that a TPM chip of a trusted platform module is loaded with a first key is obtained and all key slots in the TPM chip are in a non-idle state, a key processing device may release the first key slot of all key slots in the TPM chip and load the first key in the first key slot according to the key loading command. Therefore, the error code with full space can be prevented from being returned when the secret key is loaded, the smooth loading of the secret key is ensured, and the memory space resource of the TPM chip is reasonably used.
An embodiment of the present invention provides a key processing apparatus, as shown in fig. 8, the key processing apparatus is configured to execute the steps executed by the key processing apparatus in the above method. The key processing device may include modules corresponding to the respective steps. Illustratively, the key processing apparatus may include an acquisition module 10, a confirmation module 11, a release module 12, and a loading module 13.
The obtaining module 10 is configured to obtain a key loading command, where the key loading command indicates to load a first key on a TPM chip of the trusted platform module.
And the confirming module 11 is configured to confirm that all key slots in the TPM chip are in a non-idle state after the obtaining module 10 obtains the key loading command.
And the releasing module 12 is configured to release the first key slot that meets the preset condition in the TPM chip after the confirming module 11 confirms that all the key slots in the TPM chip are in the non-idle state.
And a loading module 13, configured to load a first key on a first key slot according to the key loading command after the releasing module 12 releases the first key slot in all key slots in the TPM chip.
Optionally, the confirming module 11 is further configured to confirm mapping relationships between all key slots and keys in the TPM chip before the releasing module 12 releases the first key slot.
Optionally, the releasing module 12 is specifically configured to obtain an identifier of the first key slot, where a key occupying the first key slot is a key that is used for the fewest times among keys occupying all key slots, or a key occupying the first key slot is a key that is loaded earliest among keys occupying all key slots; and instructing the TPM chip to release the first key slot according to the identification of the first key slot.
Optionally, as shown in fig. 9, the key processing apparatus further includes a saving module 14.
A saving module 14, configured to save a field record of the key occupying the first key slot before the releasing module 12 releases the first key slot.
Optionally, the loading module 13 is specifically configured to, when the loading module 13 loads the first key on the first slot, confirm that the field record of the first key is stored in the memory, and obtain and recover the field record of the first key.
Optionally, as shown in fig. 10, the key processing apparatus further includes a recording module 15.
The recording module 15 is configured to record a mapping relationship between the first key slot and the first key when the loading module 13 loads the first key on the first key slot, so as to obtain the first key from the first key slot according to the mapping relationship.
Optionally, the obtaining module 10 is further configured to obtain a key release command, where the key release command is used to trigger the key processing apparatus to release the second key occupying the second key slot in the TPM chip.
The releasing module 12 is further configured to release the second key on the second key slot after the obtaining module 10 obtains the key release command.
The recording module 15 is further configured to delete the second information in the key loading record after the releasing module 12 releases the second key in the second key slot, where the second information at least includes a mapping relationship between the second key slot and the second key.
Optionally, the confirming module 11 is further configured to confirm that the number of key slots in the TPM chip that are in the idle state is greater than or equal to a preset threshold before the obtaining module 10 obtains the key loading command or obtains the key releasing command.
The obtaining module 10 is further configured to obtain a first command from the received at least one command after the confirming module 11 confirms that the number of key slots in the TPM chip in the idle state is greater than or equal to the preset threshold, where the first command is any one of the at least one command, and the first command includes a key loading command or a key releasing command.
Optionally, the confirming module 11 is further configured to confirm that the number of key slots in the TPM chip that are in the idle state is smaller than a preset threshold before the obtaining module 10 obtains the key loading command or obtains the key releasing command.
The obtaining module 10 is further configured to obtain a first command from the received at least one command after the determining module 11 determines that the number of key slots in the TPM chip in the idle state is smaller than a preset threshold, where the first command is a command with a highest priority level in the at least one command, and the first command includes a key loading command or a key releasing command.
It can be understood that the key processing apparatus of this embodiment may correspond to the key processing apparatus in the key processing method according to any one of the embodiments shown in fig. 3 to 7, and the division and/or the function of each module in the key processing apparatus of this embodiment are all for implementing the method flow shown in any one of fig. 3 to 7, and are not described herein again for brevity.
For example, the TSS is deployed in the key processing apparatus, as shown in fig. 11, a system architecture of a chip based on the TSS version 1.2 may specifically include: simplified API, TDDL, TCS and TSP. The TSP layer may include a parent key loading and releasing module and a parent key storage module, where the parent key loading and releasing module and the parent key storage module correspond to the loading module 13 in the key processing apparatus; the TCS layer may include a multi-stage queue scheduling module, a key loading and releasing module, a field record storage module, and a key loading and recording module, where the field record storage module stores field records, the key loading and recording module stores key loading records, the multi-stage queue scheduling module corresponds to the obtaining module 10 in the key processing apparatus, the key loading and releasing module corresponds to the loading module 13 in the key processing apparatus, the field record storage module corresponds to the saving module 14 in the key processing apparatus, and the key loading and recording module corresponds to the recording module 15 in the key processing apparatus.
As another example, as shown in fig. 12, the system architecture of the chip based on the TSS 2.0 version may specifically include: thin APIs, feature APIs, enhanced System APIs, TCTI, TAB, and resource manager. The feature API may include a parent key loading and releasing module and a parent key storage module, where the parent key loading and releasing module and the parent key storage module correspond to the loading module 13 in the key processing apparatus; the resource manager may include a multi-stage queue scheduling module, a key loading and releasing module, a field record storage module, and a key loading and recording module, where the field record storage module stores field records, the key loading and recording module stores key loading records, the multi-stage queue scheduling module corresponds to the obtaining module 10 in the key processing apparatus, the key loading and releasing module corresponds to the loading module 13 in the key processing apparatus, the field record storage module corresponds to the saving module 14 in the key processing apparatus, and the key loading and recording module corresponds to the recording module 15 in the key processing apparatus.
The embodiment of the invention provides a key processing device, which comprises an acquisition module, a confirmation module, a release module and a loading module, wherein the acquisition module is used for acquiring a key; the key loading command indicates that a first key is loaded on a TPM chip of the trusted platform module; the confirmation module is used for confirming that all the key slots in the TPM chip are in a non-idle state after the key loading command is obtained by the obtaining module; the release module is used for releasing first key slots in all the key slots in the TPM chip if all the key slots in the TPM chip are in a non-idle state; and the loading module is used for loading the first key on the first key slot according to the key loading command after the releasing module releases the first key slot in all the key slots in the TPM chip. Based on the description of the above embodiment, when a key loading command indicating that a TPM chip of a trusted platform module is loaded with a first key is obtained and all key slots in the TPM chip are in a non-idle state, a key processing device may release the first key slot of all key slots in the TPM chip and load the first key in the first key slot according to the key loading command. Therefore, the error code with full space can be prevented from being returned when the secret key is loaded, the smooth loading of the secret key is ensured, and the memory space resource of the TPM chip is reasonably used.
An embodiment of the present invention further provides a terminal device, as shown in fig. 13, where the terminal device includes: memory 20, processor 21, communication interface 22, and system bus 23.
The memory 20, the processor 21 and the communication interface 22 are connected by a system bus 23, the memory 20 is used for storing some computer instructions, and the processor 21 is used for executing the computer instructions so as to make the terminal device execute the key processing method as shown in any one of fig. 3-7. For a specific key processing method, reference may be made to the related description in the embodiment shown in any one of fig. 3 to fig. 7, and details are not described herein again.
Specifically, the processor 21 may be a key processing apparatus as described in the embodiment shown in any one of fig. 8 to 10, or may be another hardware structure capable of implementing the processor function, including the key processing apparatus described in the embodiment shown in any one of fig. 8 to 10.
The processor 21 may be a Central Processing Unit (CPU). The processor 21 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), field-programmable gate arrays (FPGAs) or other programmable logic devices, discrete gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The processor 21 may be a dedicated processor that may include at least one of a baseband processing chip, a radio frequency processing chip, and the like. Further, the special purpose processor may also include a chip with other special purpose processing functions of the terminal device.
The memory 20 may include a volatile memory (volatile memory), such as a random-access memory (RAM); the memory 20 may also include a non-volatile memory (non-volatile memory), such as a read-only memory (ROM), a flash memory (flash memory), a Hard Disk Drive (HDD) or a solid-state drive (SSD); the memory 20 may also comprise a combination of memories of the kind described above.
The system bus 23 may include a data bus, a power bus, a control bus, a signal status bus, and the like. In the present embodiment, the various buses are illustrated in FIG. 13 as system bus 23 for clarity of illustration.
The communication interface 22 may include a receiver and a transmitter. And in a specific implementation of the terminal device the receiver and the transmitter may specifically be transceivers on the terminal device. The transceiver may be a wireless transceiver.
In a specific implementation process, each step in the method flow shown in any one of fig. 3 to 7 may be implemented by executing computer execution instructions in the form of software by hardware. To avoid repetition, further description is omitted here.
The embodiment of the invention provides terminal equipment. Based on the description of the above embodiment, when a key loading command indicating that a TPM chip of a trusted platform module is loaded with a first key is obtained and all key slots in the TPM chip are in a non-idle state, a key processing device may release the first key slot of all key slots in the TPM chip and load the first key in the first key slot according to the key loading command. Therefore, the error code with full space can be prevented from being returned when the secret key is loaded, the smooth loading of the secret key is ensured, and the memory space resource of the TPM chip is reasonably used.
Embodiments of the present invention also provide a software product, which may include computer instructions for implementing a key processing method.
The computer instructions may be stored on a readable storage medium; from the readable storage medium, the processor can read and execute computer instructions, so that the processor realizes the key processing method.
It will be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional modules is merely used as an example, and in practical applications, the above function distribution may be performed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules to perform all or part of the above described functions. For the specific working processes of the system, the apparatus and the unit described above, reference may be made to the corresponding processes in the foregoing method embodiments, and details are not described here again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a module or a unit may be divided into only one logical function, and may be implemented in other ways, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be substantially implemented or contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, a network device, or the like) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (15)
1. A key processing method is applied to a terminal device, and comprises the following steps:
acquiring a key loading command, wherein the key loading command indicates that a Trusted Platform Module (TPM) chip loads a first key;
if all the key slots in the TPM chip are in a non-idle state, releasing first key slots in all the key slots in the TPM chip;
loading the first key on the first key slot according to the key loading command;
the method further comprises the following steps:
before releasing the first key slot, saving a field record of a key occupying the first key slot, wherein the field record comprises state information, and the field record is used for recovering the key occupying the first key slot.
2. The key processing method of claim 1, wherein the method further comprises:
and confirming the mapping relation between all the key slots and the key in the TPM chip before releasing the first key slot.
3. The key processing method according to claim 1 or 2, wherein the releasing a first key slot of all key slots in the TPM chip specifically includes:
acquiring an identifier of the first key slot, wherein the key occupying the first key slot is a key which occupies the keys of all the key slots and has the least use times, or the key occupying the first key slot is a key which occupies the earliest load of the keys of all the key slots;
and indicating the TPM chip to release the first key slot according to the identification of the first key slot.
4. The key processing method according to any one of claims 1 to 2, wherein the method further comprises:
and when the first key is loaded on the first key slot, confirming that the field record of the first key is stored in the memory, and acquiring and recovering the field record of the first key.
5. The key processing method according to any one of claims 1 to 2, wherein the method further comprises:
when the first key is loaded on the first key slot, recording the mapping relation between the first key slot and the first key so as to obtain the first key from the first key slot according to the mapping relation.
6. The key processing method according to any one of claims 1 to 2, wherein before the get key load command, the method further comprises:
confirming that the number of the key slots in the TPM chip in the idle state is greater than or equal to a preset threshold;
acquiring a first command from the received at least one command, wherein the first command is any one command in the at least one command, and the first command comprises a key loading command.
7. The key processing method according to any one of claims 1 to 2, wherein before the get key load command, the method further comprises:
confirming that the number of the key slots in the TPM chip in the idle state is smaller than a preset threshold;
obtaining a first command from the received at least one command, wherein the first command is a command with the highest priority in the at least one command, and the first command comprises a key loading command.
8. A key processing device is characterized in that the key processing device is positioned on a terminal device and comprises an acquisition module, a confirmation module, a release module, a loading module and a storage module;
the acquisition module is used for acquiring a key loading command, and the key loading command indicates that a TPM chip of a trusted platform module is loaded with a first key;
the confirmation module is used for confirming that all the key slots in the TPM chip are in a non-idle state after the key loading command is acquired by the acquisition module;
the release module is used for releasing first key slots in all the key slots in the TPM chip if all the key slots in the TPM chip are in a non-idle state;
the loading module is configured to load the first key in the first key slot according to the key loading command after the releasing module releases the first key slot in all the key slots in the TPM chip;
the storage module is configured to store a field record of a key occupying the first key slot before the release module releases the first key slot, where the field record includes state information, and the field record is used to recover the key occupying the first key slot.
9. The key processing apparatus according to claim 8,
the confirmation module is further configured to confirm mapping relationships between all the key slots and the key in the TPM chip before the release module releases the first key slot.
10. The key processing apparatus according to claim 8 or 9,
the release module is specifically configured to obtain an identifier of the first key slot, where a key occupying the first key slot is a key that occupies the keys of all key slots with the fewest usage times, or a key occupying the first key slot is a key that occupies the keys of all key slots and is loaded earliest; and indicating the TPM chip to release the first key slot according to the identification of the first key slot.
11. The key processing apparatus according to any one of claims 8 to 9,
the loading module is specifically configured to, when the loading module loads the first key on the first slot, confirm that a field record of the first key is stored in the memory, and acquire and recover the field record of the first key.
12. The key processing apparatus according to any one of claims 8 to 9, wherein the key processing apparatus further includes a recording module;
the recording module is configured to record a mapping relationship between the first key slot and the first key when the loading module loads the first key on the first key slot, so as to obtain the first key from the first key slot according to the mapping relationship.
13. The key processing apparatus according to any one of claims 8 to 9,
the confirmation module is further configured to confirm that the number of key slots in an idle state in the TPM chip is greater than or equal to a preset threshold before the obtaining module obtains the key loading command;
the obtaining module is further configured to obtain a first command from the received at least one command after the determining module determines that the number of key slots in the TPM chip that are in an idle state is greater than or equal to a preset threshold, where the first command is any one of the at least one command, and the first command includes a key loading command.
14. The key processing apparatus according to any one of claims 8 to 9,
the confirmation module is further configured to confirm that the number of key slots in an idle state in the TPM chip is smaller than a preset threshold before the key loading command is acquired by the acquisition module;
the obtaining module is further configured to obtain a first command from the received at least one command after the determining module determines that the number of key slots in the TPM chip in the idle state is smaller than a preset threshold, where the first command is a command with a highest priority level among the at least one command, and the first command includes a key loading command.
15. A terminal device, comprising a memory, a processor, a communication interface, and a system bus;
the memory, the processor and the communication interface are connected through the system bus, the memory is used for storing computer instructions, and the processor is used for executing the computer instructions stored by the memory so as to enable the terminal device to execute the key processing method of any one of claims 1-7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610156470.6A CN105871539B (en) | 2016-03-18 | 2016-03-18 | Key processing method and device |
| PCT/CN2016/101582 WO2017157006A1 (en) | 2016-03-18 | 2016-10-09 | Secret key processing method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610156470.6A CN105871539B (en) | 2016-03-18 | 2016-03-18 | Key processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105871539A CN105871539A (en) | 2016-08-17 |
| CN105871539B true CN105871539B (en) | 2020-02-14 |
Family
ID=56624643
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610156470.6A Active CN105871539B (en) | 2016-03-18 | 2016-03-18 | Key processing method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN105871539B (en) |
| WO (1) | WO2017157006A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105871539B (en) * | 2016-03-18 | 2020-02-14 | 华为技术有限公司 | Key processing method and device |
| CN107959567B (en) * | 2016-10-14 | 2021-07-27 | 阿里巴巴集团控股有限公司 | Data storage method, data acquisition method, device and system |
| CN110059875B (en) * | 2019-04-12 | 2023-02-17 | 湖北工业大学 | Public bicycle demand prediction method based on distributed whale optimization algorithm |
| CN115250189B (en) * | 2021-04-27 | 2023-06-02 | 西门子(中国)有限公司 | Key management method and device for intelligent household equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1538767A (en) * | 2003-10-24 | 2004-10-20 | 大唐移动通信设备有限公司 | Method and device for realizing resource seizing based on priority of radio link |
| CN101465808A (en) * | 2008-12-30 | 2009-06-24 | 华为技术有限公司 | Method, device and system for controlling network PRI |
| CN101656630A (en) * | 2009-09-09 | 2010-02-24 | 中兴通讯股份有限公司 | Service protection method and system |
Family Cites Families (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7369856B2 (en) * | 2004-11-24 | 2008-05-06 | Intel Corporation | Method and system to support fast hand-over of mobile subscriber stations in broadband wireless networks |
| US8064605B2 (en) * | 2007-09-27 | 2011-11-22 | Intel Corporation | Methods and apparatus for providing upgradeable key bindings for trusted platform modules |
| CN101547198B (en) * | 2009-01-22 | 2011-12-28 | 北京网御星云信息技术有限公司 | Method and device for controlling connections of network security equipment |
| JP2010224942A (en) * | 2009-03-24 | 2010-10-07 | Olympus Corp | Processing element and distributed processing unit |
| US8505076B2 (en) * | 2009-05-03 | 2013-08-06 | Kabushiki Kaisha Toshiba | Proactive authentication |
| CN101854353B (en) * | 2010-04-28 | 2013-01-16 | 国网电力科学研究院 | Multi-chip parallel encryption method based on FPGA |
| CN102136044B (en) * | 2010-07-14 | 2013-08-28 | 华为技术有限公司 | Safe starting method, device and computer system |
| CN102842005B (en) * | 2011-06-21 | 2015-06-10 | 国民技术股份有限公司 | CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method |
| CN103138939B (en) * | 2013-03-28 | 2015-09-16 | 武汉大学 | Based on the key access times management method of credible platform module under cloud memory module |
| CN103268258B (en) * | 2013-04-27 | 2016-08-10 | 中国空间技术研究院 | A kind of satellite ground remote control is issued an order method of controlling security |
| CN103763315B (en) * | 2014-01-14 | 2016-12-07 | 北京航空航天大学 | A kind of trust data access control method being applied to mobile device cloud storage |
| CN104331329B (en) * | 2014-09-30 | 2017-12-01 | 上海斐讯数据通信技术有限公司 | The mobile office security system and method for support region management |
| CN105245334B (en) * | 2015-10-28 | 2018-03-02 | 武汉大学 | A kind of TPM key and its authorization data backup/restoration system and method |
| CN105871539B (en) * | 2016-03-18 | 2020-02-14 | 华为技术有限公司 | Key processing method and device |
-
2016
- 2016-03-18 CN CN201610156470.6A patent/CN105871539B/en active Active
- 2016-10-09 WO PCT/CN2016/101582 patent/WO2017157006A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1538767A (en) * | 2003-10-24 | 2004-10-20 | 大唐移动通信设备有限公司 | Method and device for realizing resource seizing based on priority of radio link |
| CN101465808A (en) * | 2008-12-30 | 2009-06-24 | 华为技术有限公司 | Method, device and system for controlling network PRI |
| CN101656630A (en) * | 2009-09-09 | 2010-02-24 | 中兴通讯股份有限公司 | Service protection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105871539A (en) | 2016-08-17 |
| WO2017157006A1 (en) | 2017-09-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8589667B2 (en) | Booting and configuring a subsystem securely from non-local storage | |
| JP6332766B2 (en) | Trusted Service Manager Trusted Security Zone Container for data protection and confidentiality | |
| US9049186B1 (en) | Trusted security zone re-provisioning and re-use capability for refurbished mobile devices | |
| CN106063183B (en) | Method and apparatus for cloud assisted cryptography | |
| CN105871539B (en) | Key processing method and device | |
| US20090298468A1 (en) | System and method for deleting data in a communication device | |
| TWI543014B (en) | System and method of rapid deployment trusted execution environment application | |
| WO2015175164A1 (en) | Methods and apparatus to support globalplatform usage on an embedded uicc | |
| EP3808053B1 (en) | Queryless device configuration determination-based techniques for mobile device management | |
| US20150207624A1 (en) | Key extraction during secure boot | |
| US20170201378A1 (en) | Electronic device and method for authenticating identification information thereof | |
| EP2405376B1 (en) | Utilization of a microcode interpreter built in to a processor | |
| US9769671B1 (en) | Securing identities of chipsets of mobile devices | |
| CN104937904A (en) | Copy offload for disparate offload providers | |
| EP4152791A1 (en) | Electronic device and method for electronic device to provide ranging-based service | |
| US9734307B2 (en) | User terminal interworking with peripheral device and method for preventing leakage of information using the same | |
| CN111459673A (en) | Secure memory expansion and release method and device and electronic equipment | |
| EP4036775A1 (en) | Data processing method and apparatus, and system chip | |
| CN104969176B (en) | Method, device and medium for managing access of application to certificate and secret key | |
| US8621191B2 (en) | Methods, apparatuses, and computer program products for providing a secure predefined boot sequence | |
| EP4280053A1 (en) | Method and system for upgrading firmware of vehicle infotainment system | |
| CN111386513B (en) | Data processing method, device and system chip | |
| US11853428B2 (en) | Firmware policy enforcement via a security processor | |
| CN108449753B (en) | Method for reading data in trusted computing environment by mobile phone device | |
| CN114584287A (en) | Method and device for key management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220225 Address after: 550025 Huawei cloud data center, jiaoxinggong Road, Qianzhong Avenue, Gui'an New District, Guiyang City, Guizhou Province Patentee after: Huawei Cloud Computing Technology Co.,Ltd. Address before: 518129 Bantian HUAWEI headquarters office building, Longgang District, Guangdong, Shenzhen Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd. |
|
| TR01 | Transfer of patent right |