CN107315960B - Control method and system of trusted platform module - Google Patents

Control method and system of trusted platform module Download PDF

Info

Publication number
CN107315960B
CN107315960B CN201710492053.3A CN201710492053A CN107315960B CN 107315960 B CN107315960 B CN 107315960B CN 201710492053 A CN201710492053 A CN 201710492053A CN 107315960 B CN107315960 B CN 107315960B
Authority
CN
China
Prior art keywords
trusted platform
platform module
electronic equipment
port
pin
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710492053.3A
Other languages
Chinese (zh)
Other versions
CN107315960A (en
Inventor
王瑞扬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN201710492053.3A priority Critical patent/CN107315960B/en
Publication of CN107315960A publication Critical patent/CN107315960A/en
Application granted granted Critical
Publication of CN107315960B publication Critical patent/CN107315960B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/22Detection or location of defective computer hardware by testing during standby operation or during idle time, e.g. start-up testing
    • G06F11/26Functional testing
    • G06F11/263Generation of test inputs, e.g. test vectors, patterns or sequences ; with adaptation of the tested hardware for testability with external testers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • G06F13/38Information transfer, e.g. on bus
    • G06F13/40Bus structure
    • G06F13/4063Device-to-bus coupling
    • G06F13/4068Electrical coupling
    • G06F13/4081Live connection to bus, e.g. hot-plugging

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)

Abstract

The present disclosure provides a method for controlling a trusted platform module, wherein the trusted platform module is disposed in an electronic device, and the method includes: detecting whether a port of the electronic equipment has hot plug operation of corresponding hardware or not to obtain a detection result; and controlling the working state of the trusted platform module according to the detection result. The present disclosure also provides a control system of the trusted platform module.

Description

Control method and system of trusted platform module
Technical Field
The disclosure relates to a control method and a system of a trusted platform module.
Background
Currently, a Trusted Platform Module (TPM) is generally used for performing data encryption or decryption operations on an electronic device. Meanwhile, the trusted platform module may also be used to protect an operating System and a Basic Input Output System (BIOS) from being modified. In the related art, a switch is usually designed on an electronic device, and the switch is toggled according to a system prompt to set the operating state of the TPM. However, in the process of implementing the present disclosure, the inventor finds that the field personnel must open the casing to toggle the switch, and the operation is very inconvenient.
Disclosure of Invention
One aspect of the present disclosure provides a method for controlling a trusted platform module, where the trusted platform module is disposed in an electronic device, and the method includes: detecting whether a port of the electronic equipment has a hot plug operation of corresponding hardware or not to obtain a detection result; and controlling the working state of the trusted platform module according to the detection result.
Optionally, controlling the working state of the trusted platform module according to the detection result includes: under the condition that the hot plug of corresponding hardware on the port of the electronic equipment is detected, the trusted platform module is started so as to enable the trusted platform module to execute corresponding work tasks in the electronic equipment; and maintaining the current working state of the trusted platform module under the condition of detecting that no corresponding hardware hot plug operation exists on the port of the electronic equipment.
Optionally, in a case of detecting a hot plug operation of corresponding hardware on a port of the electronic device, opening the trusted platform module includes: receiving a control instruction, wherein the control instruction is used for controlling the state of a first pin of the electronic device, and the first pin is used for transmitting a starting signal to a second pin of the trusted platform module according to the control instruction; and opening the trusted platform module in response to the boot signal received by the second pin of the trusted platform module.
Optionally, after the trusted platform module is opened, the method further includes: and locking the first pin of the electronic equipment so that the state of the second pin of the trusted platform module is not changed any more.
Optionally, the detecting whether the port of the electronic device has a hot plug operation of corresponding hardware includes: detecting whether the USB port of the electronic equipment has hot plug operation of the USB equipment; and/or detecting whether the network cable port of the electronic equipment has hot plug operation of the network cable.
Another aspect of the present disclosure provides a control system of a trusted platform module, wherein the trusted platform module is disposed in an electronic device, and the system includes: the detection module is used for detecting whether the port of the electronic equipment has the hot plug operation of corresponding hardware or not to obtain a detection result; and the control module is used for controlling the working state of the trusted platform module according to the detection result.
Optionally, the control module includes: the opening unit is used for opening the trusted platform module under the condition that the port of the electronic equipment is detected to have the heat of corresponding hardware, so that the trusted platform module executes corresponding work tasks in the electronic equipment; and the maintaining unit is used for maintaining the current working state of the trusted platform module under the condition of detecting that no corresponding hardware hot plug operation exists on the port of the electronic equipment.
Optionally, the opening unit includes: a receiving subunit, configured to receive a control instruction, where the control instruction is used to control a state of a first pin of the electronic device, and the first pin is used to transmit a start signal to a second pin of the trusted platform module according to the control instruction; and the opening subunit is used for responding to the starting signal received by the second pin of the trusted platform module and opening the trusted platform module.
Optionally, the system further includes: and the locking module is used for locking the first pin of the electronic equipment after the trusted platform module is opened so that the state of the second pin of the trusted platform module is not changed any more.
Optionally, the detection module includes: the first detection unit is used for detecting whether the USB port of the electronic equipment has hot plug operation of the USB equipment; and/or the second detection unit is used for detecting whether the network cable port of the electronic equipment has hot plug operation of the network cable.
Another aspect of the present disclosure provides a non-volatile storage medium storing computer-executable instructions for implementing the above-described method when executed by a processor.
Another aspect of the disclosure provides a computer program comprising computer executable instructions which, when executed by a processor, are adapted to implement the method described above.
Another aspect of the present disclosure provides a control system of another trusted platform module, including: a processor for executing a computer program; and a computer-readable storage medium on which the above-mentioned computer program is stored, the computer program being adapted to carry out the above-mentioned method when executed by the above-mentioned processor.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:
FIG. 1 schematically illustrates a flow chart of a method of controlling a trusted platform module according to an embodiment of the present disclosure;
FIG. 2A schematically illustrates a flow chart of a method of controlling a trusted platform module according to another embodiment of the present disclosure;
FIG. 2B schematically illustrates a flow chart of a method of controlling a trusted platform module according to another embodiment of the present disclosure;
FIG. 2C schematically illustrates a flow chart of a method of controlling a trusted platform module according to another embodiment of the present disclosure;
FIG. 3A schematically illustrates a flow chart of a method of controlling a trusted platform module according to another embodiment of the present disclosure;
FIG. 3B schematically illustrates a flow chart of a method of controlling a trusted platform module according to another embodiment of the present disclosure;
FIG. 4 schematically illustrates a block diagram of a control system of a trusted platform module, in accordance with an embodiment of the present disclosure;
FIG. 5A schematically illustrates a block diagram of a control system of a trusted platform module, according to another embodiment of the present disclosure;
FIG. 5B schematically illustrates a block diagram of a control system of a trusted platform module, according to another embodiment of the present disclosure;
FIG. 5C schematically illustrates a block diagram of a control system of a trusted platform module, according to another embodiment of the present disclosure;
FIG. 6 schematically illustrates a block diagram of a control system of a trusted platform module, according to another embodiment of the present disclosure; and
FIG. 7 schematically illustrates a block diagram of a control system of a trusted platform module, according to another embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The words "a", "an" and "the" and the like as used herein are also intended to include the meanings of "a plurality" and "the" unless the context clearly dictates otherwise. Furthermore, the terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing system, such that the instructions, which execute via the processor, create a system that implements the functions/acts specified in the block diagrams and/or flowchart block or blocks.
Accordingly, the techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable medium having instructions stored thereon for use by or in connection with an instruction execution system. In the context of this disclosure, a computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the instructions. For example, the computer-readable medium can include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or propagation medium. Specific examples of the computer readable medium include: magnetic storage systems, such as magnetic tape or Hard Disk Drives (HDDs); optical storage systems, such as compact discs (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
When the electronic equipment adopts the trusted platform module TPM to perform data encryption or decryption operation, the trusted platform module TPM is set to be started or closed in the basic input/output system BIOS, and whether hot plug operation exists on a port of the electronic equipment can be detected in order to ensure that a real person on the site operates (namely, the real person on the site operates). By the method, when the working state of the trusted platform module is reset, the system can prompt relevant information to confirm that the real person operation exists on the spot, so that the trouble that the shell needs to be opened when the trusted platform module is controlled in the related technology can be avoided, and whether the real person operation exists on the spot or not can be ensured. In addition, the operation of a real person on site is ensured, so that a hacker is prevented from realizing remote control on the trusted platform module by cracking the starting or closing password of the trusted platform module.
The embodiment of the disclosure provides a control method of a trusted platform module and a control system of the trusted platform module. The method comprises the steps of detecting whether a port of the electronic equipment has a hot plug operation of corresponding hardware or not, and obtaining a detection result. And controlling the working state of the trusted platform module according to the detection result.
FIG. 1 schematically illustrates a flow chart of a method of controlling a trusted platform module according to an embodiment of the disclosure.
As shown in fig. 1, the method includes operations S101 and S102.
In operation S101, whether a hot plug operation of corresponding hardware exists on a port of the electronic device is detected, and a detection result is obtained.
According to the embodiment of the disclosure, whether the port of the electronic device has the hot plug operation of the hardware is detected, and when the port of the electronic device has the hot plug operation of the hardware, it indicates that someone operates the electronic device on site. When the hot plug operation of hardware on the port of the electronic equipment is detected, the situation that no person operates the electronic equipment on site is indicated. According to the embodiment of the disclosure, the electronic device may be a server, a personal computer, or other terminal devices such as a mobile phone. The electronic device may have one or more ports for connecting with an external device (referred to as a peripheral device for short), and thus, by detecting the ports of the electronic device (which may be any one or more ports on the electronic device), it may be determined whether a hot plug operation of hardware exists on the electronic device.
It should be noted that the hardware may be an external storage device such as a usb disk and a solid state disk, and may also be an input device such as a keyboard and a mouse, which is not limited herein.
According to the embodiment of the disclosure, whether the port of the electronic device has the hot plug operation of the hardware or not is detected, whether the port of the electronic device has the hot plug operation or not is detected, and whether the port of the electronic device has the hot plug operation or the hot plug operation is detected.
In operation S102, the operating state of the trusted platform module is controlled according to the detection result.
According to the embodiment of the disclosure, after the detection result of whether the port of the electronic device has the hot plug operation of the corresponding hardware is obtained, the working state of the trusted platform module can be controlled according to the detection result. Wherein, the detection result at least comprises: there are hot-plug operations, hot-pull operations, both hot-plug and hot-pull operations, neither hot-plug nor hot-pull operations.
Correspondingly, the working state of the trusted platform module is controlled according to the detection result, which includes various possibilities, for example, if hot plug-in operation exists, the trusted platform module is controlled to execute corresponding operation tasks; if the hot plug-out operation exists, controlling the trusted platform module to execute a corresponding operation task; if the hot plug-in operation and the hot plug-out operation exist, executing a corresponding operation task on the working state of the trusted platform module or maintaining the current working state of the trusted platform module; and if the hot plug-in operation and the hot plug-out operation do not exist, maintaining the current working state of the trusted platform module.
The working state of the trusted platform module may be a working state in which the trusted platform module is running to execute a corresponding operation task, or may be an unopened state.
Through the embodiment of the disclosure, whether the electronic equipment is operated by someone on site can be judged by detecting whether the port of the electronic equipment has the hot plug operation of hardware. The electronic equipment control system not only can realize the control of the trusted platform module on the electronic equipment, but also overcomes the trouble that the shell must be opened when the trusted platform module is controlled by the related technology, achieves the purpose of convenient operation, and can ensure whether the operation is really carried out by someone on site.
The method shown in fig. 1 is further described with reference to fig. 2A-3B in conjunction with specific embodiments.
FIG. 2A schematically illustrates a flow chart of a method of controlling a trusted platform module according to another embodiment of the present disclosure.
As shown in fig. 2A, controlling the operating state of the trusted platform module according to the detection result includes operations S1021 and S1022.
In operation S1021, in case that a hot plug of corresponding hardware on a port of the electronic device is detected, the trusted platform module is started.
In operation S1022, in case of detecting that there is no hot plug operation of corresponding hardware on the port of the electronic device, the current working state of the trusted platform module is maintained.
According to the embodiment of the disclosure, when a hot plug operation of corresponding hardware on a port of the electronic device is detected, it is indicated that a person operates the electronic device on site, and in this case, the trusted platform module may be opened to enable the trusted platform module to work in the electronic device, thereby implementing an operation of data encryption or decryption, and protecting other functions such as an operating system.
According to the embodiment of the disclosure, when it is detected that there is no hot plug operation of corresponding hardware on the port of the electronic device, it is indicated that no one operates the electronic device on site, and in this case, the current working state of the trusted platform module is maintained, and at this time, the current working state of the trusted platform module may be an unopened state or an opened working state. According to the embodiment of the disclosure, when a hot plug operation without corresponding hardware on the port of the electronic device is detected, the current state is maintained regardless of the current working state of the trusted platform module.
Through the embodiment of the disclosure, when the hot plug operation of corresponding hardware on the port of the electronic equipment is detected, the fact that a person operates the electronic equipment on site is indicated, and the authenticity of the operation of a real person on site is ensured. When the hot plug operation of corresponding hardware on the port of the electronic equipment is detected to be absent, the situation that no person operates the electronic equipment on site is indicated, and the electronic equipment can work normally by maintaining the current working state of the trusted platform module. Because the operation of the real person in the field is ensured, a hacker is prevented from realizing the remote control of the trusted platform module by cracking the starting or closing password of the trusted platform module.
According to an embodiment of the present disclosure, under a condition that a hot plug operation of corresponding hardware is detected on a port of an electronic device, opening a trusted platform module includes: receiving a control instruction, wherein the control instruction is used for controlling the state of a first pin of the electronic equipment, and the first pin is used for transmitting a starting signal to a second pin of the trusted platform module according to the control instruction; and opening the trusted platform module in response to the start signal received by the second pin of the trusted platform module.
FIG. 2B schematically illustrates a flow chart of a method of controlling a trusted platform module according to another embodiment of the present disclosure. In this embodiment, operations S201 and S202 are included in addition to the respective operations described above with reference to fig. 1. The description of the corresponding operation in fig. 1 is omitted here for the sake of brevity of description.
As shown in fig. 2B, in the case of detecting a hot plug operation of corresponding hardware on a port of an electronic device, the opening of the trusted platform module includes operations S201 and S202.
In operation S201, a control instruction is received, where the control instruction is used to control a state of a first pin of the electronic device, and the first pin is used to transmit a start signal to a second pin of the trusted platform module according to the control instruction.
According to the embodiment of the disclosure, in the case of detecting that a hot plug operation of corresponding hardware exists on a port of an electronic device, the state of a first pin of the electronic device is controlled through a control instruction, and the state of the first pin can be a high level state or a low level state. And transmitting a starting signal to a second pin of the trusted platform module according to the state of the first pin, so as to trigger the trusted platform module to perform corresponding operation.
In operation S202, the trusted platform module is started in response to the start signal received by the second pin of the trusted platform module.
According to the embodiment of the disclosure, after the second pin of the trusted platform module receives the starting signal, the starting signal is responded, so that the trusted platform module is started.
According to the embodiment of the disclosure, the trusted platform module is controlled to work through the pin on the electronic device, and the trusted platform module is controlled on hardware, so that the safety problem of software operation is avoided, and the safety of controlling the trusted platform module is improved.
FIG. 2C schematically illustrates a flow chart of a method of controlling a trusted platform module according to another embodiment of the present disclosure. In this embodiment, operations S201 to S203 are included in addition to the corresponding operations described above with reference to fig. 1. The description of the corresponding operation in fig. 1 is omitted here for the sake of brevity of description.
As shown in fig. 2C, the steps of opening the trusted platform module and opening the trusted platform module include operations S201 to S203.
In operation S201, a control instruction is received, where the control instruction is used to control a state of a first pin of the electronic device, and the first pin is used to transmit a start signal to a second pin of the trusted platform module according to the control instruction.
In operation S202, the trusted platform module is started in response to the start signal received by the second pin of the trusted platform module.
In operation S203, the first pin of the electronic device is locked so that the state of the second pin of the trusted platform module is not changed.
According to the embodiment of the disclosure, after the trusted platform module is started in response to the start signal, the method further includes locking the first pin of the electronic device, so that the state of the second pin of the trusted platform module is not changed any more. According to the embodiment of the disclosure, after the first pin of the electronic device is locked, other electronic devices such as a remote server are difficult to control the first pin of the electronic device through an instruction, so that the state of the second pin of the trusted platform module is not changed any more. And if the working state of the trusted platform module needs to be changed again, a corresponding unlocking password or a preset instruction is needed for unlocking. Therefore, the purpose of safely controlling the trusted platform module is ensured again, and the effect of controlling the safety of the trusted platform module is improved.
FIG. 3A schematically illustrates a flow chart of a method of controlling a trusted platform module according to another embodiment of the present disclosure.
As shown in fig. 3A, the method includes operation S301 and operation S302.
In operation S301, whether a hot plug operation of a USB device is performed on a USB port of an electronic device is detected.
In operation S302, the operating state of the trusted platform module is controlled according to the detection result.
According to the embodiment of the disclosure, the electronic device is provided with the USB port, and hot plug operation can be performed by using the corresponding USB device. The USB device can be a USB flash disk, a mouse and the like. And controlling the working state of the trusted platform module according to whether the USB equipment performs hot plug operation.
FIG. 3B schematically illustrates a flow chart of a method of controlling a trusted platform module according to another embodiment of the present disclosure.
As shown in fig. 3B, the method includes operation S401 and operation S402.
In operation S401, it is detected whether there is a hot plug operation of a network cable on a network cable port of an electronic device.
In operation S402, the operating state of the trusted platform module is controlled according to the detection result.
According to the embodiment of the disclosure, when the network cable port is arranged on the electronic equipment, the hot plug operation can be carried out by using the corresponding network cable port. And controlling the working state of the trusted platform module according to whether the network cable interface is in hot plug operation.
According to the embodiment of the disclosure, whether the specific port of the electronic device has the corresponding hot plug operation or not can be determined according to the actual situation of the port configured on the electronic device, and whether the specific port of the electronic device has the corresponding hot plug operation or not can be detected on the electronic devices with different configurations. It should be noted that the port on the electronic device is not limited to the above port, and the detection of the port type on the electronic device should not be limited, and for example, an earphone port is also included.
FIG. 4 schematically illustrates a block diagram of a control system of a trusted platform module, according to an embodiment of the disclosure.
As shown in FIG. 4, the control system 500 includes a detection module 510 and a control module 520. The control system 500 may perform the methods described above with reference to fig. 1-3B to implement control of a trusted platform module.
According to an embodiment of the present disclosure, the detecting module 510 is configured to detect whether a hot plug operation of corresponding hardware exists on a port of an electronic device, so as to obtain a detection result.
And the control module 520 is configured to control the working state of the trusted platform module according to the detection result.
Through the embodiment of the disclosure, whether the electronic equipment is operated by someone on site can be judged by detecting whether the port of the electronic equipment has the hot plug operation of hardware. The electronic equipment control system not only can realize the control of the trusted platform module on the electronic equipment, but also overcomes the trouble that the shell must be opened when the trusted platform module is controlled by the related technology, achieves the purpose of convenient operation, and can ensure whether the operation is really carried out by someone on site.
It is understood that the detection module 510 and the control module 520 may be combined in one module, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the invention, at least one of the detection module 510 and the control module 520 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or any other reasonable way of integrating or packaging a circuit, as hardware or firmware, or as a suitable combination of software, hardware, and firmware implementations. Alternatively, at least one of the detection module 510 and the control module 520 may be implemented at least partly as computer program modules, which, when executed by a computer, may perform the functions of the respective module.
FIG. 5A schematically illustrates a block diagram of a control system of a trusted platform module, according to another embodiment of the present disclosure.
As shown in fig. 5A, the control module 520 includes an opening unit 521 and a maintaining unit 522.
According to the embodiment of the present disclosure, the opening unit 521 is configured to open the trusted platform module to enable the trusted platform module to execute the corresponding work task in the electronic device, in a case that the port of the electronic device is detected to be hot by the corresponding hardware.
The maintaining unit 522 is configured to maintain a current operating state of the trusted platform module when a hot plug operation of no corresponding hardware on a port of the electronic device is detected.
Through the embodiment of the disclosure, when the hot plug operation of corresponding hardware on the port of the electronic equipment is detected, the fact that a person operates the electronic equipment on site is indicated, and the authenticity of the operation of a real person on site is ensured. When the hot plug operation of corresponding hardware on the port of the electronic equipment is detected to be absent, the situation that no person operates the electronic equipment on site is indicated, and the electronic equipment can work normally by maintaining the current working state of the trusted platform module. Because the operation of the real person in the field is ensured, a hacker is prevented from realizing the remote control of the trusted platform module by cracking the starting or closing password of the trusted platform module.
FIG. 5B schematically illustrates a block diagram of a control system of a trusted platform module, according to another embodiment of the present disclosure.
As shown in fig. 5B, the opening unit 521 includes: a receiving subunit 5211 and an opening subunit 5212.
According to an embodiment of the disclosure, the receiving subunit 5211 is configured to receive a control instruction, where the control instruction is used to control a state of a first pin of the electronic device, and the first pin is used to transmit an initiation signal to a second pin of the trusted platform module according to the control instruction.
The opening subunit 5211 is configured to open the trusted platform module in response to a start signal received by the second pin of the trusted platform module.
According to the embodiment of the disclosure, the trusted platform module is controlled to work through the pin on the electronic device, and the trusted platform module is controlled on hardware, so that the safety problem of software operation is avoided, and the safety of controlling the trusted platform module is improved.
FIG. 5C schematically illustrates a block diagram of a control system of a trusted platform module, according to another embodiment of the present disclosure.
As shown in fig. 5C, the control system 500 further includes a locking module 530.
According to an embodiment of the disclosure, the locking module 530 is configured to lock the first pin of the electronic device after the trusted platform module is unlocked, so that the state of the second pin of the trusted platform module is not changed.
According to the embodiment of the disclosure, after the trusted platform module is started in response to the start signal, the method further includes locking the first pin of the electronic device, so that the state of the second pin of the trusted platform module is not changed any more. According to the embodiment of the disclosure, after the first pin of the electronic device is locked, other electronic devices such as a remote server are difficult to control the first pin of the electronic device through an instruction, so that the state of the second pin of the trusted platform module is not changed any more. And if the working state of the trusted platform module needs to be changed again, a corresponding unlocking password or a preset instruction is needed for unlocking. Therefore, the purpose of safely controlling the trusted platform module is ensured again, and the effect of controlling the safety of the trusted platform module is improved.
FIG. 6 schematically illustrates a block diagram of a control system of a trusted platform module, according to another embodiment of the present disclosure.
As shown in FIG. 6, the detection module 510 includes a first detection unit 511 and/or a second detection unit 512 (only the case where the detection module 510 includes the first detection unit 511 and the second detection unit 512 is schematically shown in FIG. 6)
The first detection unit 511 is configured to detect whether a hot plug operation of a USB device is performed on a USB port of an electronic device according to an embodiment of the present disclosure.
And/or the second detecting unit 512 is used for detecting whether a hot plug operation of a network cable exists on the network cable port of the electronic device.
According to the embodiment of the disclosure, whether the specific port of the electronic device has the corresponding hot plug operation or not can be determined according to the actual situation of the port configured on the electronic device, and whether the specific port of the electronic device has the corresponding hot plug operation or not can be detected on the electronic devices with different configurations. It should be noted that the port on the electronic device is not limited to the above port, and the detection of the port type on the electronic device should not be limited, and for example, an earphone port is also included.
FIG. 7 schematically illustrates a block diagram of a control system of a trusted platform module, according to another embodiment of the present disclosure.
As shown in fig. 7, the control system 700 includes a processor 710, a computer-readable storage medium 720. The control system 700 may perform the methods described above with reference to fig. 1-3B to implement control of a trusted platform module.
In particular, processor 710 may comprise, for example, a general purpose microprocessor, an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The processor 710 may also include on-board memory for caching purposes. Processor 710 may be a single processing unit or a plurality of processing units for performing the different actions of the method flows described with reference to fig. 1-3B in accordance with embodiments of the present disclosure.
Computer-readable storage medium 720 may be, for example, any medium that can contain, store, communicate, propagate, or transport the instructions. For example, a readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, device, or propagation medium. Specific examples of the readable storage medium include: magnetic storage systems, such as magnetic tape or Hard Disk Drives (HDDs); optical storage systems, such as compact discs (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and/or wired/wireless communication links.
The computer-readable storage medium 720 may include a computer program 721, which computer program 721 may include code/computer-executable instructions that, when executed by the processor 710, cause the processor 710 to perform a method flow such as described above in connection with fig. 1-3B, and any variations thereof.
The computer program 721 may be configured with, for example, computer program code comprising computer program modules. For example, in an example embodiment, code in computer program 721 may include one or more program modules, including, for example, 721A, module 721B. It should be noted that the division and number of modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, which when executed by the processor 710, enable the processor 710 to perform the method flows described above in connection with fig. 1-3B, for example, and any variations thereof.
According to an embodiment of the present invention, at least one of the detection module 710 and the control module 720 may be implemented as a computer program module described with reference to fig. 7, which, when executed by the processor 710, may implement the respective operations described above.
Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.
While the disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the disclosure as defined by the appended claims and their equivalents. Accordingly, the scope of the present disclosure should not be limited to the embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.

Claims (6)

1. A method of controlling a trusted platform module, wherein the trusted platform module is provided in an electronic device, the method comprising:
detecting whether a port of the electronic equipment has hot plug operation of corresponding hardware or not to obtain a detection result; and
controlling the working state of the trusted platform module according to the detection result;
wherein, controlling the working state of the trusted platform module according to the detection result comprises:
under the condition that the hot plug of corresponding hardware on the port of the electronic equipment is detected, the trusted platform module is started so as to enable the trusted platform module to execute corresponding work tasks in the electronic equipment;
under the condition that the hot plug operation of corresponding hardware on the port of the electronic equipment is detected, the step of opening the trusted platform module comprises the following steps:
receiving a control instruction, wherein the control instruction is used for controlling the state of a first pin of the electronic equipment, and the first pin is used for transmitting a starting signal to a second pin of the trusted platform module according to the control instruction;
responding to the starting signal received by a second pin of the trusted platform module, and starting the trusted platform module; and
and locking the first pin of the electronic equipment so that the state of the second pin of the trusted platform module is not changed any more.
2. The method of claim 1, wherein controlling the operating state of the trusted platform module according to the detection result comprises:
and maintaining the current working state of the trusted platform module under the condition of detecting that no corresponding hardware hot plug operation exists on the port of the electronic equipment.
3. The method of claim 1, wherein detecting whether there is a hot plug operation of corresponding hardware on a port of the electronic device comprises:
detecting whether the USB port of the electronic equipment has hot plug operation of the USB equipment; and/or
And detecting whether the network cable port of the electronic equipment has hot plug operation of the network cable.
4. A control system for a trusted platform module, wherein the trusted platform module is provided in an electronic device, the system comprising:
the detection module is used for detecting whether the port of the electronic equipment has the hot plug operation of corresponding hardware or not to obtain a detection result; and
the control module is used for controlling the working state of the trusted platform module according to the detection result;
wherein the control module comprises:
the opening unit is used for opening the trusted platform module under the condition that the port of the electronic equipment is detected to be hot of corresponding hardware, so that the trusted platform module executes corresponding work tasks in the electronic equipment;
the opening unit includes:
the receiving subunit is configured to receive a control instruction, where the control instruction is used to control a state of a first pin of the electronic device, and the first pin is used to transmit a start signal to a second pin of the trusted platform module according to the control instruction; and
the starting subunit is used for responding to the starting signal received by the second pin of the trusted platform module and starting the trusted platform module;
the system further comprises:
and the locking module is used for locking the first pin of the electronic equipment after the trusted platform module is opened so that the state of the second pin of the trusted platform module is not changed any more.
5. The system of claim 4, wherein the control module comprises:
and the maintaining unit is used for maintaining the current working state of the trusted platform module under the condition of detecting that no corresponding hardware hot plug operation exists on the port of the electronic equipment.
6. The system of claim 4, wherein the detection module comprises:
the first detection unit is used for detecting whether the USB port of the electronic equipment has hot plug operation of the USB equipment; and/or
And the second detection unit is used for detecting whether the network cable port of the electronic equipment has hot plug operation of the network cable.
CN201710492053.3A 2017-06-23 2017-06-23 Control method and system of trusted platform module Active CN107315960B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710492053.3A CN107315960B (en) 2017-06-23 2017-06-23 Control method and system of trusted platform module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710492053.3A CN107315960B (en) 2017-06-23 2017-06-23 Control method and system of trusted platform module

Publications (2)

Publication Number Publication Date
CN107315960A CN107315960A (en) 2017-11-03
CN107315960B true CN107315960B (en) 2020-08-25

Family

ID=60180786

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710492053.3A Active CN107315960B (en) 2017-06-23 2017-06-23 Control method and system of trusted platform module

Country Status (1)

Country Link
CN (1) CN107315960B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114691572A (en) * 2020-12-30 2022-07-01 中兴通讯股份有限公司 Hot plug control device and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101122936A (en) * 2007-09-21 2008-02-13 武汉大学 Embed type platform guiding of credible mechanism
CN103109294A (en) * 2010-05-20 2013-05-15 高赛科实验室公司 Computer motherboard having peripheral security functions
CN105556494A (en) * 2013-08-29 2016-05-04 联想企业解决方案(新加坡)有限公司 Establishing physical presence with a trusted platform module by physically connecting or disconnecting a hot-pluggable device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080229433A1 (en) * 2007-03-13 2008-09-18 Richard Chen Digital certificate based theft control for computers

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101122936A (en) * 2007-09-21 2008-02-13 武汉大学 Embed type platform guiding of credible mechanism
CN103109294A (en) * 2010-05-20 2013-05-15 高赛科实验室公司 Computer motherboard having peripheral security functions
CN105556494A (en) * 2013-08-29 2016-05-04 联想企业解决方案(新加坡)有限公司 Establishing physical presence with a trusted platform module by physically connecting or disconnecting a hot-pluggable device

Also Published As

Publication number Publication date
CN107315960A (en) 2017-11-03

Similar Documents

Publication Publication Date Title
EP3198789B1 (en) Securely pairing computing devices
KR102403138B1 (en) Method for privileged mode based secure input mechanism
CN104205114A (en) System and method for providing secure inter-process communications
EP2534600B1 (en) Externally managed security and validation processing device
US10430361B1 (en) Combination write blocker
EP3379446B1 (en) Systems and methods for usb/firewire port monitoring, filtering, and security
CN104077533A (en) Sensitive data operating method and device
EP3494482B1 (en) Systems and methods for storing administrator secrets in management controller-owned cryptoprocessor
EP2985717A1 (en) Data erasing device, data erasing method, program, and storage medium
TW201627908A (en) System and method of rapid deployment trusted execution environment application
KR102240181B1 (en) Prevention of cable-swap security attack on storage devices
JP6887522B2 (en) Environmental status verification and user authentication in the security coprocessor
US20190332392A1 (en) Information Handling Systems And Related Methods For Establishing Trust Between Boot Firmware And Applications Based On User Physical Presence Verification
CN107578231B (en) Safety operation device and method thereof
CN106549934B (en) Network equipment safety system
CN111567076B (en) User terminal device, electronic device, system including the same, and control method
CN107315960B (en) Control method and system of trusted platform module
CN103824014A (en) Isolation certificating and monitoring method of USB (universal serial bus) port within local area network
US11799649B2 (en) Tamper-proof data processing device
EP3044721B1 (en) Automatic pairing of io devices with hardware secure elements
KR20150018155A (en) User equipment, locking method thereof, and secure service system supporting
EP3098744A1 (en) A remotely protected electronic device
KR101475907B1 (en) System for monitoring input command to server
US10963568B1 (en) Using security app injection and multi-device licensing to recover device facing denial of access caused by malware infection
US9489507B2 (en) Secure personal storage device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant