[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN116089967B - Data rollback prevention method and electronic equipment - Google Patents

Data rollback prevention method and electronic equipment Download PDF

Info

Publication number
CN116089967B
CN116089967B CN202210513658.7A CN202210513658A CN116089967B CN 116089967 B CN116089967 B CN 116089967B CN 202210513658 A CN202210513658 A CN 202210513658A CN 116089967 B CN116089967 B CN 116089967B
Authority
CN
China
Prior art keywords
data
value
counter value
ciphertext
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210513658.7A
Other languages
Chinese (zh)
Other versions
CN116089967A (en
Inventor
单志华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Honor Device Co Ltd
Original Assignee
Honor Device Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Honor Device Co Ltd filed Critical Honor Device Co Ltd
Priority to CN202210513658.7A priority Critical patent/CN116089967B/en
Publication of CN116089967A publication Critical patent/CN116089967A/en
Application granted granted Critical
Publication of CN116089967B publication Critical patent/CN116089967B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a data rollback prevention method and electronic equipment, wherein in the method, second data to be verified are acquired; decrypting ciphertext according to the first counter value to obtain first data, wherein the first counter value is a counter value of the first data, and the ciphertext is obtained by encrypting the first data based on the first counter value; according to the first data, verifying the second data to obtain a verification result, when the verification result is that the second data is successfully verified, the second data is identical to the first data, when the verification result is that the second data is failed to verify, the first data is updated data of the second data, and the first counter value represents the update times of the data; and executing corresponding operation according to the verification result. According to the embodiment of the application, decryption can be performed according to the counter value of the first data, and because the counter value of the data before updating is different from the counter value of the first data, when verification is performed by using the data before updating, verification cannot be passed, and further data rollback is prevented.

Description

Data rollback prevention method and electronic equipment
Technical Field
The embodiment of the application relates to a data processing technology, in particular to a data rollback prevention method and electronic equipment.
Background
Data rollback (rollback) refers to the act of recovering data to the last time by a data error, while anti-rollback (rollback protection) refers to a protection technique that prevents data from being recovered to the last time. Some devices, such as personal computers (personal computer, PCs), currently lack anti-rollback mechanisms, and after data in the PC is deleted, the PC can restore the data by backup or other means, thereby causing data security problems.
There is a need for a method of preventing data rollback.
Disclosure of Invention
The embodiment of the application provides a data rollback prevention method and electronic equipment, which can prevent data rollback.
In a first aspect, an embodiment of the present application provides a data rollback prevention method, where the method is applied to a terminal. In the method, the terminal acquires second data to be verified, and when verifying the second data, the terminal can decrypt ciphertext according to the maximum counter value recorded by the counter corresponding to the second data, namely the counter value (first counter value) of the first data, so as to obtain the first data. Wherein the ciphertext is derived from encrypting the first data based on the first counter value. That is, in the embodiment of the present application, during decryption, the corresponding ciphertext may be decrypted using the maximum counter value corresponding to the second data, thereby obtaining the plaintext (the first data). The first counter value represents the number of updates of the data, that is, the number of updates of the recorded counter value of the counter corresponding to the first data. It should be appreciated that the counters corresponding to the first data and the second data are the same.
And the terminal verifies the second data according to the first data to obtain a verification result. And when the verification result is that the second data verification is successful, characterizing that the second data is identical to the first data, and when the verification result is that the second data verification is failed, characterizing that the first data is updated data of the second data, namely that the second data is pre-updated data.
And the terminal can execute corresponding operation according to the verification result. When the verification result is that the second data fails to be verified, the terminal may not respond to the second data, i.e. not execute the action responding to the first operation. In the embodiment of the application, the data before updating (the second data, namely, the data with rollback) cannot trigger the terminal to execute corresponding operation, namely, the terminal does not respond to the data with rollback, so that the data security problem caused by the rollback of the data can be avoided.
In one possible implementation manner, before the obtaining the second data to be verified, the method further includes: acquiring the first counter value in response to the first data to be stored; encrypting the first data according to the first counter value to obtain the ciphertext; and storing the ciphertext.
In this implementation, when encrypting the first data, the first counter value may be used to encrypt the first data, which may on the one hand ensure data security of the first data and may in addition provide a basis for preventing data rollback.
In one possible implementation, the obtaining the first counter value includes: detecting the maximum counter value recorded by the counter corresponding to the first data; and obtaining the first counter value according to the maximum counter value. In one embodiment, the terminal may add the maximum counter value to a preset value to obtain the first counter value. In one embodiment, the preset value may be 1.
In the implementation mode, after the data is updated, the counter value can be increased, namely the counter value recorded by one counter is increased, so that the condition that the counter values of the data are identical to pass verification can be avoided in the process of encrypting and decrypting the data, the counter values of the data before and after the update can be different, and therefore, when the data is decrypted, the latest data decryption can only be adopted successfully, and the data rollback can be prevented.
In one possible implementation manner, encrypting the first data according to the first counter value to obtain the ciphertext includes: generating a first salt value; generating a first key according to the first salt value, the root key, and the first counter value; and encrypting the first data by adopting the first secret key to obtain the ciphertext.
In this implementation, encrypting the first data based on the first salt value (i.e., a random value), and the root key may improve the security of the data. The first data is encrypted based on the first counter value, so that a basis can be provided for preventing the data from rolling back during decryption.
In one possible implementation, the method further includes: the first salt value, the first counter value, and the ciphertext are stored. Wherein, according to the first counter value, decrypting the ciphertext to obtain first data, including: generating the first key from the root key, the first salt value, and the first counter value; and decrypting the ciphertext by adopting the first key to obtain the first data.
In one possible implementation manner, after the ciphertext is obtained, the method further includes: generating a second salt value;
generating a second key according to the second salt value and the first key; and encrypting the ciphertext by adopting the second key to obtain the MAC value of the first message authentication code.
In the implementation mode, after the ciphertext is obtained, the ciphertext can be encrypted, and the safety and the integrity of the ciphertext can be ensured.
In one possible implementation manner, said encrypting the ciphertext using the second key to obtain the message authentication code MAC value includes: encrypting the ciphertext by adopting the second secret key and the description information of the first data to obtain a first MAC value, wherein the description information comprises at least one of the following items: the first counter value, the first salt value, and the second salt value.
In one possible implementation manner, after the obtaining the first MAC value, the method further includes: the second salt value and the first MAC value are stored. The method further comprises the steps of, before decrypting the ciphertext by adopting the first key to obtain the first data: generating the second key according to the second salt value and the first key; and encrypting the ciphertext by adopting the second secret key and the description information of the first data to obtain a second MAC value.
Decrypting the ciphertext using the first key to obtain the first data, including: determining first data to be decrypted according to description information of the first data in response to the second MAC value being identical to the first MAC value; and decrypting the ciphertext by adopting the first key to obtain the first data.
It should be understood that the description information of each data is different for indicating the data. Therefore, when the terminal determines that the second MAC value is the same as the first MAC value and the ciphertext needs to be decrypted, the first data to be decrypted can be determined according to the description information of the first data.
In the implementation mode, the MAC value can be verified a priori in the process of decrypting the ciphertext, and the ciphertext can be decrypted under the condition that the MAC value passes verification, namely, the ciphertext is equivalent to secondary protection, and the safety of the ciphertext can be improved.
In one possible implementation, the first data is any one of the following: an unlocking password of a terminal, a payment password, a password applied in the terminal, an installation package applied in the terminal, data setting of the terminal, or parameter setting of the terminal.
In one possible implementation manner, when the first data is an unlock password of the terminal, the executing a corresponding operation according to the verification result includes: unlocking the terminal when the verification result is that the second data is successfully verified; and outputting prompt information when the verification result is that the second data verification fails, wherein the prompt information indicates that unlocking the terminal fails.
It should be noted that the operations performed by the terminal may be different based on the authentication result if the data is different. The terminal may perform different operations based on different authentication results for the same data.
In a second aspect, embodiments of the present application provide a data rollback prevention device, which may be a terminal according to the first aspect, or a chip in the terminal. The data rollback prevention apparatus may include: a key management service module, a trusted platform module TPM and an application.
The key management service module is used for acquiring second data to be verified.
The TPM is used for:
decrypting the ciphertext according to the first counter value to obtain first data, and verifying the second data according to the first data to obtain a verification result. The first counter value is a counter value of the first data, and the ciphertext is obtained by encrypting the first data based on the first counter value; and when the verification result is that the second data is successfully verified, the second data is the same as the first data, and when the verification result is that the second data is failed to be verified, the first data is the data updated by the second data, and the first counter value represents the update times of the data.
And the application is used for executing corresponding operation according to the verification result.
In one possible implementation, the key management service module is configured to obtain the first counter value in response to the presence of the first data to be stored.
The TPM is used for encrypting the first data according to the first counter value to obtain the ciphertext.
The key management service module is further used for storing the ciphertext. In one embodiment, the key management service module may store ciphertext into BIOS NV.
In one possible implementation manner, the key management service module is specifically configured to detect a maximum counter value recorded by a counter corresponding to the first data; and obtaining the first counter value according to the maximum counter value. The key management service module may read a maximum counter value recorded in the counter corresponding to the first data in the BIOS NV.
In one possible implementation, the key management service module is specifically configured to generate a first salt value.
The TPM is used for generating a first key according to the first salt value, the root key and the first counter value, and encrypting the first data by adopting the first key to obtain the ciphertext.
In one possible implementation, the key management service module is further configured to store the first salt value, the first counter value, and the ciphertext. For example, the key management service module may store the first salt value, the first counter value, and the ciphertext into BIOS NV.
Correspondingly, in the decryption process, the TPM is configured to generate the first key according to the root key, the first salt value, and the first counter value; and decrypting the ciphertext by adopting the first key to obtain the first data.
In a possible implementation manner, the key management service module is further configured to generate a second salt value.
The TPM is used for generating a second key according to the second salt value and the first key, and encrypting the ciphertext by adopting the second key to obtain a first Message Authentication Code (MAC) value.
In one possible implementation manner, the TPM is specifically configured to encrypt the ciphertext with the second key and the description information of the first data to obtain a first MAC value, where the description information includes at least one of the following: the first counter value, the first salt value, and the second salt value.
In a possible implementation manner, the key management service module is further configured to store the second salt value and the first MAC value. For example, the key management service module may store the first MAC value into the BIOS NV.
Correspondingly, in the decryption process, the TPM is configured to generate the second key according to the second salt value and the first key, encrypt the ciphertext by using the description information of the first data to obtain a second MAC value, and determine the first data to be decrypted according to the description information of the first data in response to the second MAC value being the same as the first MAC value, and further decrypt the ciphertext by using the first key to obtain the first data.
In one possible implementation, the first data is any one of the following: an unlocking password of a terminal, a payment password, a password applied in the terminal, an installation package applied in the terminal, data setting of the terminal, or parameter setting of the terminal.
In one possible implementation manner, when the first data is an unlocking password of the terminal and the verification result is that the second data is successfully verified, the method is applied to unlock the terminal. When the first data is the unlocking password of the terminal and the verification result is that the second data fails to be verified, the application is used for outputting prompt information, and the prompt information indicates that the terminal fails to be unlocked.
In a third aspect, embodiments of the present application provide an electronic device, which may include: a processor and a memory. The memory is for storing computer executable program code, the program code comprising instructions; the instructions, when executed by a processor, cause the electronic device to perform the method as in the first aspect.
In a fourth aspect, an embodiment of the present application provides an electronic device, where the electronic device may be the apparatus for keeping the application in the background of the second aspect or the terminal device in the first aspect. The electronic device may comprise means, modules or circuits for performing the method provided in the first aspect above.
In a fifth aspect, embodiments of the present application provide a computer program product comprising instructions which, when run on a computer, cause the computer to perform the method of the first aspect described above.
In a sixth aspect, embodiments of the present application provide a computer-readable storage medium having instructions stored therein, which when run on a computer, cause the computer to perform the method of the first aspect described above.
The advantages of each of the possible implementation manners of the second aspect to the sixth aspect may be referred to as the advantages brought by the first aspect, and are not described herein.
Drawings
FIG. 1 is an example of prior art data rollback;
FIG. 2 is a schematic diagram illustrating the operation of a UEFI BIOS according to the prior art;
fig. 3 is a schematic diagram of an operation process of the UEFI BIOS provided in an embodiment of the present application;
fig. 4 is a schematic structural diagram of a terminal according to an embodiment of the present application;
fig. 5A is another schematic structural diagram of a terminal provided in an embodiment of the present application;
fig. 5B is another schematic structural diagram of a terminal provided in an embodiment of the present application;
FIG. 6 is a flow chart of an embodiment of a method for data rollback prevention provided in an embodiment of the present application;
FIG. 7A is a schematic diagram of data stored in BIOS NV according to an embodiment of the present application;
FIG. 7B is another schematic diagram of data stored in BIOS NV provided by an embodiment of the present application;
FIG. 8 is a schematic diagram of encrypting data according to an embodiment of the present application;
FIG. 9 is a schematic diagram of TPM protection data provided in an embodiment of the present application;
FIG. 10 is a flowchart illustrating another embodiment of a data rollback prevention method according to an embodiment of the present disclosure;
FIG. 11 is another schematic diagram of data stored in BIOS NV according to an embodiment of the present application;
FIG. 12 is a flowchart illustrating another embodiment of a data rollback prevention method according to an embodiment of the present disclosure;
Fig. 13 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Current personal computers (personal computer, PCs) lack anti-rollback mechanisms, and after data in a PC is deleted, the PC can restore the data by backup or other means, or malicious users can restore the data, which can cause data security problems. By way of example, taking the data as the unlocking password of the PC as an example, the unlocking password may be a biological feature of the user, such as a fingerprint, a face, an iris, etc. of the user, and the embodiment of the present application does not limit the biological feature, and the following description will take the unlocking password of the PC as an example. As shown in fig. 1, the user 1 sets the unlock code of the PC to its face, and the PC may store the unlock code "face of user 1" of the PC. Accordingly, the user 1 can unlock the PC using his face. Later, if the user 1 sells the PC to the user 2, the user 2 may set the unlock code of the PC to its own face, the PC may delete the stored unlock code "face of the user 1" of the PC, and store the new unlock code "face of the user 2" of the PC. Accordingly, the user 2 can unlock the PC using his face.
Because the existing PC lacks an anti-rollback mechanism, after the PC deletes the unlocking password of 'the face of the user 1', the PC or other malicious users (malicious users use malicious software) can recover the unlocking password of 'the face of the user 1', so that the user 1 can unlock the PC by using the face of the user 1, which can cause the leakage of data of the user 2 and cause the problem of data security.
It should be understood that the data rollback prevention method provided by the embodiment of the application can be applicable to unlocking passwords of a PC and can be applied to other scenes. By way of example, other scenarios such as attack scenarios, degradation scenarios, etc. In other words, attack scenarios include, but are not limited to: data setting and/or parameter setting of the PC, unlocking password of the PC, payment password, password of Application (APP) in the PC (e.g. login password, unlocking password, etc.). Degradation scenarios include, but are not limited to: installation package of APP in PC. It should be understood that the unlocking password of the APP is a password entering the interface of the APP or a specific interface, such as a private album entering a gallery, which requires the unlocking password.
Wherein, the data in the above scene can be regarded as monotonously increasing data, and if new data is set, the PC deletes old data and stores the new data. The PC needs to perform anti-rollback protection on the new data to avoid the new data from being rolled back to the last data, so as to cause a data security problem or cause the PC to malfunction. For example, if the unlock code of the PC rolls back to the unlock code of the last time, a data security problem may be raised, and if the install package of the APP in the PC rolls back to the install package of the last version, the APP may have a program failure (bug).
It should be noted that, the data rollback prevention method provided in the embodiment of the present application may be applied not only to the scenario illustrated in the above example, but also to other scenarios requiring data rollback prevention, where the scenario is not illustrated in an exhaustive manner, and in the following embodiments, an unlock password of a PC is illustrated as an example of a face.
In the prior art, to prevent data rollback in a PC, hardware, such as one-time programmable memory (one time programmable, OTP) or fuse eFUSEs, may be added to the PC. Taking OTP as an example, OTP is a non-volatile memory (NVM) that allows data to be written only once. Because data can only be written once, the data written in the OTP cannot be invaded by malicious software, and therefore the data written in the OTP cannot be rolled back, and the function of preventing the data from rolling back is achieved. Taking eFUSE as an example, the principle of data rollback prevention is: the internal fuse is blown by passing sufficient current through a particular pin of the chip. After the fuse is blown, the data in the chip cannot be read out or rewritten, so that the data rollback can be prevented.
The mode of setting OTP or eFUSE hardware in the PC can play a role in preventing data rollback, but on one hand, the additional hardware is needed, the cost is high, on the other hand, the number of times of preventing data rollback by the OTP and eFUSE is limited, and the OTP and eFUSE cannot be reused, for example, data in the OTP can be written once, only one 'face' can be prevented from rolling back, for example, eFUSE has limited pins, and limited times of data rollback can be realized.
Because the rollback prevention data needs to be stored in the NVM, the data in the NVM cannot disappear even if the PC is powered off, in the embodiment of the present application, the data can be conveniently stored through the non-volatile memory of the basic input output system (basic input output system, BIOS) in the PC and the non-volatile memory based on the BIOS, so as to achieve the purpose of rollback prevention of the data. In the embodiment of the application, the data needing rollback prevention can be stored in the NVM in an encrypted mode, decryption verification is needed when the data is read and written, and reading and writing of the data are forbidden when verification fails, so that the purpose of rollback prevention of the data can be achieved. In addition, in the embodiment of the present application, in order to avoid the problem that a conventional encryption and decryption algorithm is easy to crack, the counter value of data may be combined to encrypt the data that needs to be rollback, so that the data verification after rollback is adopted cannot pass, and further, the problem that the operation is performed by using the rollback data is avoided, so that the data security may be improved, and specifically, reference may be made to the related description in the following embodiments.
It should be understood that the counter value before the data update may be regarded as n-1, and the counter value after the data update may be regarded as n, which is an integer greater than 1.
For example, if the "face of user 1" of the unlock code of the PC is the first unlock code of the PC, the "face of user 1" may be regarded as the unlock code 1 of the PC (i.e. the counter value of the unlock code of the PC is 1), and correspondingly, the "face of user 2" of the unlock code of the PC may be regarded as the unlock code 2 of the PC (i.e. the counter value of the unlock code of the PC is 2). In one embodiment, the counter value of the unlock code of the PC may be characterized as: the number of updating the unlock code "face" of the PC is exemplified by that the counter value of "face of user 1" is 1, which can be understood as the first updating of the unlock code "face" of the PC in the PC, and the counter value of "face of user 2" is 2, which can be understood as the second updating of the unlock code "face" of the PC in the PC.
Illustratively, if the installation package of APP1 installed for the first time by the PC can be considered as version 1 of the installation package (i.e., the counter value of the installation package of APP1 is 1), then the updated installation package of APP1 can be considered as version 2 of the installation package (i.e., the counter value of the installation package of APP1 is 2). Similarly, in one embodiment, the counter value of the APP1 installation package may characterize: the number of updates of the installation package of APP1, for example, the counter value of version 1 of the installation package is 1, which may be understood as the first update of the installation package of APP1 in the PC, and the counter value of version 2 of the installation package is 2, which may be understood as the second update of the installation package in the PC.
Illustratively, if the unlock code of APP1 of the PC is fingerprint 1, the counter value of fingerprint 1 may be regarded as 1, and if the user modifies the unlock code of APP1 of the PC to fingerprint 2, the counter value of fingerprint 2 may be regarded as 2. Similarly, in one embodiment, the counter value of the unlock code "fingerprint" of APP1 may be characterized as: the number of updating the unlock code "fingerprint" of APP1 is exemplified by that, for example, the counter value of fingerprint 1 is 1, which can be understood as the first update of the unlock code "fingerprint" of APP1 in the PC, and for example, the counter value of fingerprint 2 is 2, which can be understood as the second update of the unlock code "fingerprint" of APP1 in the PC.
To sum up, in one embodiment, the counter value may characterize the number of updates of data (e.g., unlock password "face" of PC, install package of APP1, unlock password of APP1, etc.).
The data rollback prevention method provided by the embodiment of the application can be suitable for terminals without rollback prevention mechanisms such as PCs and the like, and also can be suitable for terminals with rollback prevention requirements of hardware such as OTP and the like in the prior art for upgrading the rollback prevention mechanisms, and the form of the terminals is not particularly limited in the embodiment of the application. The terminal may be, for example, a tablet (portable android device, PAD), a personal digital assistant (personal digital assistant, PDA), a handheld device with wireless communication capability, a computing device, a vehicle mounted device or a wearable device, a Virtual Reality (VR) terminal device, an augmented reality (augmented reality, AR) terminal device, a wireless terminal in an industrial control (industrial control), a wireless terminal in a smart home (smart home), etc.
Before describing the data rollback prevention method provided in the embodiments of the present application, the operation mechanism of the BIOS and the structure of the terminal are first described with reference to fig. 2 to 5A:
the BIOS is a set of programs that are cured onto the terminal motherboard. The BIOS stores the most important basic input and output program, system setting information, a self-checking program after starting up and a system self-starting program of the terminal, and in addition, the BIOS can also read and write parameters on the main board to set. That is, the BIOS may provide the lowest, most direct hardware setup and control for the terminal. In short, the BIOS is the first program loaded during the terminal startup process, and the setting of the BIOS directly relates to whether the terminal can be started normally, and affects the use efficiency of the terminal afterwards. The Windows operating system in the terminal also operates under the direction of the BIOS.
It should be understood that the data rollback prevention method in the embodiments of the present application may be applicable to not only a conventional BIOS, but also a unified extensible firmware interface (unified extensible firmware interface, UEFI) BIOS, and other types of BIOS, and the following embodiments are described by taking the UEFI BIOS as an example.
Fig. 2 is a schematic diagram illustrating the operation of the UEFI BIOS in the prior art. In one embodiment, UEFI builds on a framework known as the platform initialization (platform initialization, PI) standard. Referring to fig. 2, in a security phase (SEC), a central processing unit (central processing unit, CPU) and CPU internal resources are initialized, so that a cache (cache) provides a stack run C code, i.e., (CAR, cache as RAM) as a random access memory (random access memory, RAM). In the EFI pre-initialization phase (pre-EFI initialization, PEI), memory is initialized and the information to be transferred is passed to the driver execution environment (drive execution environment, DXE). After the memory has been fully available, the DXE initializes the core chip and passes control to the UEFI interface.
A boot device select (boot device select, BDS) responsible for initializing all devices required to boot an Operating System (OS) and for executing all drivers conforming to the UEFI driver model. After the BDS selects the device, an operating system loader (OS loader) is loaded to run the OS. After the OS is started, the control right of the system is transferred from the UEFI to the OS loader, the resources occupied by the UEFI are recovered to the OS loader, and only the UEFI operation is reserved as a service. The operation mechanism of the BIOS is described above, and specific similar steps can be referred to the related description in the prior art.
Referring to fig. 3, in the embodiment of the present application, a nonvolatile storage area BIOS NV may be set in a BIOS of Run Time (RT), where the BIOS NV is used to store a counter value of each type of data, and ciphertext after encrypting each type of data, which may be described in the following embodiments. In one embodiment, the BIOS NV may be part of the original memory space in the BIOS. Alternatively, in one embodiment, the BIOS NV is newly deployed memory. It should be appreciated that in order to characterize the BIOS NV set in the BIOS, shading is used in FIG. 3 for identification.
Fig. 4 is a schematic structural diagram of a terminal according to an embodiment of the present application. Referring to fig. 4, the terminal 40 may include: BIOS41 and memory 42. The BIOS41 includes BIOS NV.
Memory 42 may be used to store one or more computer programs, including instructions. The memory 42 may include a stored program area and a stored data area. The storage program area can store an operating system; the storage area may also store one or more applications (e.g., gallery, contacts, etc.), and so forth. The storage data area may store data created during use of the terminal, etc. In addition, the memory 42 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, universal flash memory (universal flash storage, UFS), and the like. In one embodiment, the memory 42 may be a Solid State Disk (SSD). It should be appreciated that the memory 42 may be used to store decrypted ciphertext (i.e., plaintext).
In one embodiment, the terminal 40 may further include: trusted platform module (trusted platform module, TPM) 43. Among other things, TPM 43 may be considered a secondary processor that protects the BIOS and operating system from modification, the role and principles of which may be referenced in the related description of the prior art.
Fig. 5A is another schematic structural diagram of a terminal according to an embodiment of the present application. Referring to fig. 5A, a software system of a terminal may employ a layered architecture, and in this embodiment, a PC system architecture of the terminal (e.g., a PC) is taken as an example to describe a software structure of the terminal. The layered architecture can divide the software system of the terminal into a plurality of layers, each layer has clear roles and division, and the layers are communicated through software interfaces.
In one embodiment, the PC system may be divided into four layers, an application layer (applications), a system services layer, a kernel, and a driver layer, respectively. It should be appreciated that the embodiment of the present application adds a hardware layer of the PC to the PC system architecture shown in fig. 5A. The embodiment of the application does not limit the layering of the software structure of the terminal. The modules included in each of the following layers in the following embodiments are modules referred to in the embodiments of the present application, and the modules included in each of the following layers do not constitute a limitation on the structure of the terminal, and the hierarchy (illustration) of the module deployment does not constitute a limitation on the structure of the terminal. For example, the WMI module may be deployed at a system service layer, or at a kernel and driver layer. In one embodiment, the modules shown in FIG. 5A may be deployed alone, or several modules may be deployed together, with the division of the modules in FIG. 5A being an example. In one embodiment, the names of the modules shown in FIG. 5A are exemplary.
The application layer may include an application package, among other things. By way of example, the application layer may include: camera, gallery, calendar, talk, map, navigation, bluetooth, music, video, short message, etc.
Referring to fig. 5A, the application program layer includes a PC manager Application (APP) and an application requiring data rollback prevention protection. Applications requiring data rollback protection, such as "biometric authentication" applications (e.g., PC unlock applications, APP unlock applications, etc.), among others. It should be appreciated that applications requiring data rollback prevention protection are illustrated in fig. 5A as including a "face unlocking application" and "other applications". Other applications, such as data setting and/or parameter setting applications for PCs, payment applications, etc.
The PC manager APP is used for providing anti-rollback service of face data for the face unlocking application.
In one embodiment, the PC manager APP comprises: a key management service module, a BIOS NV storage (storage) module, and a TPM encryption (crypto) module. The BIOS NV storage module is configured to assist the key management service module to store data into the BIOS NV, where the data is "ciphertext, meta data, etc. in the following embodiments. The TPM crypto module is used for assisting the key management service module to protect data stored in the BIOS NV and prevent the data stored in the BIOS NV from being tampered.
In one embodiment, the key management service module may be a hong general keystore system (Harmony universal key store, HUKS). It should be appreciated that HUKS provides keystore capabilities to applications, including key management and cryptographic manipulation of keys. The keys managed by the HUKS may be imported by the application or generated by the application invoking the HUKS interface. Specific functions of HUKS embodiments of the present application are not described in detail.
In one embodiment, referring to fig. 5A, the system service layer may include: a Windows management interface (Windows management interface, WMI) module and a TPM base service (base service) module. And the WMI module is used for realizing communication between the BIOS NV storage module and a BIOS NV driver. And the TPM base service module is used for realizing communication between the TPM crypto module and a TPM driver.
The kernel and the driving layer at least comprise hardware drivers for driving the hardware to work. The driving layer comprises the following components: sensor driver, display driver (display driver), graphics processor driver (graphics processing unit driver), and the like, to which embodiments of the present application are not limited. It should be appreciated that the BIOS NV driver, as well as the TPM driver, involved in embodiments of the present application are illustrated in FIG. 5A. Illustratively, the BIOS NV driver is configured to drive the BIOS NV. And the TPM driver is used for driving the TPM to work.
The hardware layer includes hardware devices in the PC, such as a display screen, a central processing unit (central processing unit, CPU), a temperature sensor, a battery, and the like, which are not described herein. It should be understood that the BIOS NV and TPM involved in the embodiments of the present application are illustrated in the hardware layer in FIG. 5A. The BIOS NV is used for storing data, such as meta data and ciphertext, and the data stored in the BIOS NV may be described with reference to the following embodiments. The TPM is used for encrypting the data to be stored in the BIOS NV, and can realize data decryption, so that the data security of the BIOS and the operating system can be protected.
It should be understood that the functions of the modules of the terminal in fig. 5A may be described with reference to the following embodiments.
In one embodiment, as shown in connection with fig. 3, the structure of the terminal shown in fig. 5A may be simplified to fig. 5B. Referring to fig. 5b, the pc manager APP may include: data protection services (modules). The data protection service may include: a key management service module, a BIOS NV storage module and a TPM crypto module. The data protection service can communicate with the BIOS NV driver through the WMI module, so that the data protection service can use the BIOS NV service in the running time to realize interaction between the data protection service and the BIOS NV, and further realize that the data protection service stores data into the BIOS NV. It should be appreciated that the UEFI BIOS NV shown in FIG. 5B may be considered BIOS NV.
It will be appreciated that the structures shown in fig. 4, 5A, and 5B do not constitute a specific limitation on the terminal. In other embodiments of the present application, the terminal may include more or less components than illustrated, or certain components may be combined, or certain components may be split, or different arrangements of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
Based on the structure of the terminal shown in fig. 4 to 5B, the data rollback prevention method provided in the embodiment of the present application is described below with reference to specific embodiments. The following embodiments may be combined with each other, and some embodiments may not be repeated for the same or similar concepts or processes.
Fig. 6 is a flowchart of an embodiment of a data rollback prevention method according to an embodiment of the present application. It should be appreciated that the process from storing data to preventing data rollback in fig. 6 illustrates the data rollback prevention method provided by embodiments of the present application. Referring to fig. 6, the data rollback prevention method provided in the embodiment of the present application may include:
s601, the application transmits the first data to the key management service module in response to the presence of the first data to be stored.
The first data to be stored is data requiring anti-rollback protection. The key management service module may provide data anti-rollback protection for the application.
For example, the application may be a "face unlocking application", and when the user sets the unlocking password "face 2", the application determines that there is first data to be stored as follows: the unlock code of the PC "face 2", the application may send the first data "face 2" to the key management service module. It should be understood that "face 2" may be understood as data of face 2.
It should be understood that, in the embodiment of the present application, the unlock password of the PC is taken as an example and the first data is taken as an installation package of the application, after the application downloads the new version of the installation package, it is determined that there is the first data to be stored, and then the application may send the new version of the installation package to the key management service module.
S602, the key management service module updates a counter value of first data in the BIOS NV.
The BIOS NV has stored therein a counter value for at least one type of data.
For example, referring to a in fig. 7A, taking the example of the unlock code "face" of the PC and the unlock code "fingerprint" of APP1 stored in the BIOS NV, the BIOS NV may store the following: the unlock code "fingerprint" of APP1 (value=3), and the unlock code "face" of PC (value=1). The unlock code "fingerprint" of APP1 (value=3) can be understood as: the user has set 3 fingerprints in the PC as the unlocking password of APP1, and the currently used unlocking password of APP1 is the third fingerprint. Similarly, the unlock code "face" (value=1) of the PC can be understood as: the user has set 1 face in the PC as the unlock code of the PC, and the unlock code of the currently used PC is the first fingerprint.
When the key management service module receives the first data "face 2" to be stored, it may be determined that the user sets a new unlock code of the PC, and then a counter value of the unlock code "face" of the PC may be updated. Referring to b in fig. 7A, the value of the unlock code "face" of the PC may be updated from 1 to 2.
In one embodiment, the relevant data of the unlocking password "face" of the PC with value of 1, such as relevant data of "face 1", may also be stored in the PC, and may be described with reference to fig. 7B.
In one embodiment, the type of data, i.e., a counter identification, such as counter_1 for the unlock code "fingerprint" data of APP1 and counter_2 for the unlock code "face" data of the PC, may also be included in the BIOS NV. In this embodiment, the counter value may be referred to as a counter value, i.e., counter value. It will be appreciated that the counter is used to record the incremental value of the data, i.e., the value after the data update.
In one embodiment, the key management service module updates the counter value of the first data in the BIOS NV by: the key management service module sends an update indication to the BIOS NV, where the update indication includes a counter_2 and an updated counter value value=2, and accordingly, the BIOS NV may update a value corresponding to the counter_2 from 1 to 2. In one embodiment, the counter value of the first data may be referred to as a first counter value, e.g., the first counter value is value=2.
S603, the key management service module generates a data salt value.
The data SALT value file_key_salt, which may be a random value, is generated by the KEY management service module.
In one embodiment, the data salt value may be referred to as a first salt value.
S604, the key management service module sends an encryption request for the first data to the TPM.
The encryption request is used to encrypt the first data.
In one embodiment, the encryption request includes first data, a counter value for the first data, and a data salt value. It should be appreciated that the counter value of the first data is an updated counter value. Illustratively, when the first data is "face 2", the counter_2 counter value is updated from 1 to 2, and the counter value of the first data in the encryption request is 2.
S605, the TPM generates a data key from the data salt value, the root key, and the counter value of the first data using a first encryption algorithm in response to the encryption request.
In one embodiment, the TPM has stored therein a root key rootkey. In one embodiment, the TPM may generate the root key at initialization. The first encryption algorithm may include, but is not limited to: HMAC-based key derivation functions (HMAC-based KDF, HKDF), and key derivation algorithms involved in the SP800-108 standard.
Illustratively, in response to receiving an encryption request from the key management service module, the TPM may employ an HKDF algorithm to generate a data key File_key from the data salt value, the root key, and the counter value of the first data. In one embodiment, the data key may be referred to as a first key.
S606, the TPM adopts a second encryption algorithm to encrypt the first data by using the data key to obtain ciphertext.
The second encryption algorithm may include, but is not limited to: advanced encryption standard (xex encryption mode with tweak and cipher text stealing advanced encryption standard), XTS-AES algorithm with adjustment and ciphertext theft.
Illustratively, the TPM may employ the XTS-AES algorithm to encrypt the first data using the data key File_key to obtain the ciphertext. Illustratively, the TPM may encrypt the first data "face 2" using the data key File_key to obtain the ciphertext of "face 2" using the XTS-AES algorithm.
S607, the TPM sends ciphertext to the key management service module.
S608, the key management service module stores the ciphertext in the BIOS NV.
In one embodiment, the key management service module may store the ciphertext in the BIOS NV after receiving the ciphertext from the TPM, sequentially through the BIOS NV storage module, the WMI module, and the BIOS NV driver. In one embodiment, the key management service module may store the ciphertext and metadata (Meta data) of the first data into the BIOS NV.
In one embodiment, meta data of the first data may be referred to as description information of the first data for indicating the first data. In one embodiment, if the first data is considered an article, the Meta data of the first data can be considered a summary of the article.
In one embodiment, for the unlock code "face" of the PC, the key management service module may store Meta data of the unlock code "face" of the PC, along with ciphertext, into the BIOS NV. In one embodiment, meta data may include: the unlocking password of the PC is the counter identification (counter_2), the counter value (value=2), and the data salt value (i.e., the data salt value of "face 2" generated by the key management service module). It should be understood that in the embodiment of the present application, the data key is not directly stored in the BIOS NV, so that the security of the data key can be ensured, and further, the security of the ciphertext and the first data is ensured.
In one embodiment, although the key management service module updates the counter value of the unlock password "face" of the PC, the BIOS NV may still store the face data with a counter value of 1. For example, for the unlock code "face" of the PC, the BIOS NV may store data with a counter value of 1 and data with a counter value of 2, that is, the unlock code "face" of the PC before update and the unlock code "face" of the PC after update.
For example, referring to fig. 7b, the Meta data and ciphertext of the unlock code "face" of the PC with a counter value of 1 and the Meta data and ciphertext of the unlock code "face" of the PC with a counter value of 2 may be stored in the bios NV. In one embodiment, the Meta data and ciphertext of the unlock code "face" of the PC with a counter value of 1 stored in the BIOS NV may be referred to as a first file, and the Meta data and ciphertext of the unlock code "face" of the PC with a counter value of 2 may be referred to as a second file.
It is conceivable that for other types of data, such as the unlock password "fingerprint" of APP1, the BIOS NV may also store data of "fingerprint" with counter values 1, 2 and 3, respectively.
In one embodiment, when the unlock code "face" of the PC before update, such as Meta data and ciphertext of face 1, is stored in fig. 7B, the counter value of "face 1" may not be stored in the Meta data of face 1 because the counter value of the unlock code "face" of the PC has been updated to 2.
The process of storing data (e.g. "face 2") is illustrated as S601-S608 above, and the process of preventing rollback of data is described below, in one embodiment, S609-S616 may also be performed after S608:
S609, the application transmits the second data to the key management service module in response to the second data input by the user.
The second data may be understood as data to be verified. Wherein the application may send the second data to the key management service module in response to the second data entered by the user so that the key management service module verifies the second data.
For example, if the unlock password of the PC is "face 2", the user may input second data "face 2" to the PC to unlock the PC, or other users may input second data "face 1" to the PC to attempt to unlock the PC. The second data is data (such as face 1 or face 2) to be compared and verified with the first data, which is input by the user.
S610, the key management service module sends a decryption request to the TPM.
In one embodiment, the second data is included in the decryption request.
S611, the TPM obtains a data key from the counter value, the data salt value, and the root key of the first data stored in the BIOS NV in response to the decryption request.
The TPM, in response to a decryption request from the key management service module, may obtain a data key from a counter value of the first data stored in the BIOS NV, a data salt value, and a root key stored in the TPM. It should be understood that, in the embodiment of the present application, in order to prevent the data from rolling back, that is, in order to avoid that the user may unlock the PC using the face 1, the counter value of the first data adopted by the TPM is the latest counter value, such as value=2.
In one embodiment, the TPM may access the BIOS NV to obtain a counter value, a data salt value, of the first data stored in the BIOS NV. In one embodiment, the TPM may send a counter identification of the second data, such as counter_2, to the BIOS NV in response to the decryption request, such that the BIOS NV may feed back to the TPM the latest counter value corresponding to counter_2 (i.e., counter value=2 for the first data, and data salt value corresponding to counter value 2).
In one embodiment, the TPM may obtain the data key from the counter value (value=2), the data salt value (i.e., the data salt value of "face 2"), and the root key using a first encryption algorithm, which may be described with reference to the correlation in S605.
S612, the TPM decrypts the ciphertext stored in the BIOS NV according to the data key to obtain plaintext.
It should be noted that after obtaining the data key, the TPM may decrypt the ciphertext in the second file to which the counter value (value=2) belongs according to the data key, to obtain the plaintext.
Illustratively, the TPM may decrypt the ciphertext of the first data "face 2" according to the data key file_key using an XTS-AES algorithm to obtain "face 2".
S613, the TPM detects whether the second data is identical to plaintext. If yes, execution is S614, if no, execution is S616.
If the user uses the face 2 to unlock the PC, the second data is the face 2, and the tpm detects that the second data is identical to the plaintext (first data) obtained by decryption. If the user attempts to unlock the PC using face 1, the second data is face 1 and the tpm detects that the second data is different from the decrypted plaintext (first data).
S614, the TPM feeds back a first message to the application through the key management service module, the first message indicating that the second data is identical to plaintext.
S615, the application executes corresponding operations.
For example, taking the plaintext as "face 2", for example, after the plaintext "face 2" obtained by decryption by the key management service module, the "face 2" may be fed back to the application, so that the application may unlock the PC using the "face 2".
S616, the TPM does not respond.
If the plaintext decrypted by the TPM is different from the second data, the face used by the characterization user is not the unlocking password of the PC, namely the face 2, but the unlocking password of the PC, namely the face 1, used before, so that the TPM can not respond to the data rollback prevention.
For example, if the unlock password of the PC of the user 2 is the face "face 2" of the user 2, when the user 1 uses the face "face 1" of the user to unlock the PC, the TPM does not respond, i.e., the user 1 cannot unlock the PC using the face "face 1" of the user, so that rollback of the unlock password of the PC can be avoided.
In addition, it is noted that the TPM may protect the data stored in the BIOS NV (Meta data, ciphertext, etc.) from intrusion, and in the process of S611-S614, the TPM may provide a secure and reliable execution environment for the execution of the steps. Illustratively, the protection of the first data encryption and decryption process by the TPM may be as shown in FIG. 9.
In one embodiment, an extended access control policy is set in the TPM to protect the first data encryption and decryption process. In one embodiment, the extended access control policy may be understood as: preventing other malware or application spoofing key management service modules from performing the steps in the embodiments described above.
The platform configuration register (platform configuration register, PCR) may be set in the TPM, and the PCR may prevent the windows system from being replaced with an illegal version, so as to avoid malicious software or an application from replacing a file in the windows system, and further avoid tampering with data in the BIOS NV. In addition, during the interaction process of the TPM and the key management service module, the authentication of the key management service module, such as the authentication of the identity characteristic value of the key management service module, can be added, and the TPM interacts with the key management service module after the authentication is successful, so as to further protect the data security. In one embodiment, the identity value of the key management service module may include, but is not limited to: signature information of the key management service module and secret parameters of the key management service module when running. It should be appreciated that the secret parameters are obfuscated in the code and generated at the key management service module runtime.
In one embodiment, the steps shown in FIG. 6 are optional steps and the steps may be combined with one another. In one embodiment, the modules shown in FIG. 6 may also be combined, the combined modules being used to perform at least one of the steps of FIG. 6.
In this embodiment of the present application, the first data may be stored in the BIOS NV in an encrypted manner based on the counter value of the first data to be stored, and when the second data is verified, the first data ciphertext may be decrypted based on the counter value of the first data, if the second data is the same as the decrypted plaintext, the next operation may be performed, if the second data is different from the decrypted plaintext, the application may not respond, so that the problem that the application still responds to the second data when the first data rolls back to the second data is avoided. In addition, when the second data is the same as the decrypted plaintext, the next operation can be executed, and the smooth proceeding of the application is ensured.
It should be understood that, although the encryption and decryption algorithm used in the embodiment of the present application is a common encryption and decryption algorithm, in the embodiment of the present application, encryption and decryption calculation is performed according to the counter value of the first data, because the counter value is incremented after the data is updated, in the embodiment of the present application, encryption and decryption calculation is performed based on the counter value of the first data, only the data corresponding to the latest counter value is allowed to be decrypted, and if the data after rollback cannot pass verification, data rollback prevention can be realized, so that data rollback prevention can be effectively achieved, and because the data rollback prevention method in the embodiment of the present application does not limit the number of times of data rollback prevention, and can be used infinitely.
In the embodiment shown in fig. 6, rollback protection of data may be implemented, and in one embodiment, in order to ensure the integrity of the first data, the TPM may further encrypt the ciphertext encrypted by the first data, so as to ensure the integrity and security of the ciphertext.
In one embodiment, referring to FIG. 10, S606A-S608A may also be performed after S606 above:
S606A, the TPM generates a message authentication code MAC salt value.
In one embodiment, the message authentication code (message authentication code, MAC) SALT, mackey SALT, is generated by the TPM, and the data SALT FILE KEY SALT may be a random value.
In one embodiment, the MAC salt may be referred to as a second salt.
It should be understood that S606A and S605 are not sequentially distinguished, and may be simultaneously performed.
S607A, the TPM generates the MAC key by adopting a first encryption algorithm according to the MAC salt value and the data key.
Wherein a MAC key (mackey) is used to protect the data key. In one embodiment, the MAC key may be referred to as a second key.
And S608A, the TPM encrypts the ciphertext by adopting a third encryption algorithm according to the MAC key to obtain the MAC value.
The third encryption algorithm may include, but is not limited to: HMAC algorithm. HMAC is a method of constructing a MAC using a one-way hash function, where H represents a hash. In one embodiment, the third encryption algorithm may also be other types of message digest algorithms.
In one embodiment, the TPM may encrypt ciphertext based on the MAC key and the Meta data of the first data to obtain the MAC value. The purpose of encrypting ciphertext using Meta data of the first data is: because the Meta data of a plurality of data are stored in the BIOS NV, the ciphertext corresponding to each Meta data is different, in the embodiment of the present application, in order to quickly locate the ciphertext during decryption, the decryption speed is improved, and the ciphertext in the BIOS NV can be quickly found out by using the Meta data.
In one embodiment, meta data of the first data used in S608A may include at least one of the following: a data salt value, a counter value for the first data, and a MAC salt value.
In one embodiment, the MAC value in S608A may be referred to as a first MAC value. In this embodiment, the TPM may encrypt the ciphertext to ensure the security and integrity of the ciphertext.
Because in the embodiment of the present application, the TPM further encrypts the ciphertext, S607 may be replaced by S609A, and S608 may be replaced by S610A:
S609A, the TPM feeds back the MAC salt value, the MAC value, and the ciphertext to the key management service module.
And S610A, the key management service module stores the MAC salt value, the MAC value and the ciphertext into the BIOS NV.
For example, the data stored in the BIOS NV in fig. 6 may refer to a in fig. 11, and in the embodiment shown in fig. 10, the TPM may encrypt the ciphertext, so the key management service module may store the MAC salt value, the MAC value, and the ciphertext into the BIOS NV. In one embodiment, the MAC salt value, the Meta data of which the MAC value belongs to the first data, and the data stored in the BIOS NV may be referred to as b in fig. 11.
In this embodiment, since the TPM performs encryption operation on the ciphertext, the plaintext decryption process is also changed accordingly, as shown in fig. 10, and S611A-S611A may be further performed after S611:
S611A, the TPM acquires the MAC key according to the data key and the MAC salt value stored in the BIOS NV.
S611A may refer to the related description in S607A. The manner in which the TPM obtains the MAC salt value stored in the BIOS NV in S611A may refer to the manner in which the TPM obtains the counter value and the related description of the data salt value of the first data stored in the BIOS NV in S611.
S612A, the TPM encrypts the ciphertext by using a third encryption algorithm according to the MAC key to obtain the MAC value.
S612A may refer to the related description in S608A.
In one embodiment, the MAC value in S612A may be referred to as a first MAC value.
S613A, the TPM detects whether the MAC value is the same as the MAC stored in the BIOS NV. If yes, execution proceeds to S612, if no, execution proceeds to S616.
In one embodiment, it can be understood that: the TPM detects whether the calculated second MAC value is the same as the second MAC value stored in the BIOS NV.
In one embodiment, the encryption and decryption process of the TPM may be simplified to the steps shown in fig. 8. FIG. 8 shows the process of TPM encrypted storage of "face 2".
In the embodiment of the application, the TPM can encrypt the ciphertext to protect the integrity of the ciphertext. In the decryption process, the TPM may acquire a MAC key according to the data key and a MAC salt value stored in the BIOS NV, further encrypt the ciphertext according to the MAC key by using a third encryption algorithm to acquire a MAC value (second MAC value), compare the calculated MAC value with a MAC value stored in the BIOS NV (first MAC value), decrypt the ciphertext when the calculated MAC value is the same as the MAC value stored in the BIOS NV, and not decrypt the ciphertext when the calculated MAC value is different from the MAC value stored in the BIOS NV. In the embodiment of the application, a verification step is added in the decryption process of the ciphertext, so that the security of the ciphertext is improved.
In one embodiment, the steps shown in FIG. 10 are optional steps and the steps may be combined with one another. In one embodiment, the modules shown in FIG. 10 may also be combined, the combined modules being used to perform at least one of the steps of FIG. 10.
In the embodiment of the application, the TPM can further encrypt the ciphertext after the first data is encrypted, so that the integrity of the ciphertext can be ensured, and the integrity and the safety of the first data (plaintext) are further ensured.
In the above embodiment, the module included in the terminal is taken as an execution body, and the data rollback prevention method provided in the embodiment of the application is described. For example, the terminal may be a PC. Referring to fig. 12, a data rollback prevention method provided in an embodiment of the present application may include:
s1201, second data to be verified is acquired.
In one embodiment, S1201 may refer to the relevant description in S609. The second data to be verified may be, for example, a face 1 or a face 2. In one embodiment, the second data may also be a face 3 that is not set to the unlock code of the PC.
In one embodiment, when the second data to be verified is the unlock password of the PC, the user may input the second data to be verified when unlocking the PC, and correspondingly, the PC may acquire the second data to be verified.
In one embodiment, when the second data to be verified is a payment password (such as a payment password of a bank card or a payment password of an application, etc.), the user may input the second data to be verified when the user pays, and correspondingly, the PC may acquire the second data to be verified.
In one embodiment, when the second data to be verified is an installation package of the application in the PC, the terminal may acquire the installation package of the application (i.e., the second data to be verified) at the time of application running.
In one embodiment, when the second data to be verified is the data setting of the terminal, or the parameter setting of the terminal, the terminal may acquire the data setting of the terminal at power-on, or the parameter setting of the terminal (i.e., the second data to be verified). By way of example, the data setting of the terminal may be understood as data set by the terminal, such as time, date, timed shutdown time, automatic sleep time, etc. set by the terminal. The parameter setting of the terminal can be understood as parameters set by the terminal, such as the frequency of operation of a CPU set by the terminal, the refresh rate of a display screen of the terminal, and the like.
In an embodiment, the second data to be verified may also be data such as a document, a picture, and audio stored in the terminal, and in the embodiment of the present application, the type of the second data to be verified is not limited. It should be understood that the second data to be verified is updatable data, such as a document that can be updated to a new version after the document is modified, the installation package of the application is updated to a new version of the installation package, and the unlock code of the PC is updated to a newly set unlock code.
In one embodiment, the terminal may also obtain the second data when other requirements verify the second data. Wherein, the requirement verification second data may include, but is not limited to, the following scenarios: the second data is verified periodically (e.g., periodically) or at the direction of the user. In this manner, the terminal may periodically (e.g., periodically) obtain the second data to be verified, or based on an indication of the user.
It should be understood that the type of the second data to be verified is different, and the manner in which the terminal acquires the second data is different. The second data is described above as an example, and the type of the second data is not exhaustive in the embodiments of the present application.
S1202, decrypting ciphertext according to a first counter value to obtain first data, wherein the first counter value is a counter value of the first data, and the ciphertext is obtained by encrypting the first data based on the first counter value.
The first counter value is a counter value of the first data, and the first counter value represents the update times of the data. Taking the unlock code "face" of the PC as an example, for example, if the user sets the unlock code "face" of the PC twice, the face set for the first time is face 1, and the face set for the second time is first data "face 2", the counter value (i.e., the first counter value) of the first data is 2, and the update number of the unlock code "face" of the PC is represented by the first counter value 2 and is 2, for example, the counter value of face 1 is 1. In the embodiment of the present application, in order to record the update times of the unlock code "face" of the PC, a counter may be set for the unlock code "face" of the PC, for example, the counter may record the counter value of the face 1 as 1, and the counter value of the face 2 as 2.
In one embodiment, the unlock code of the PC may also be a "fingerprint", and a counter may be set for the unlock code "fingerprint" of the PC, where the counter is used to record the number of updates of the unlock code "fingerprint" of the PC, for example, the user sets 3 fingerprints for the unlock code "fingerprint" of the PC, and the first set is fingerprint 1, the second set is fingerprint 2, and the third set is fingerprint 3, and then the counter may record that the counter value of fingerprint 1 is 1, the counter value of fingerprint 2 is 2, and the counter value of fingerprint 3 is 3. The counter value of fingerprint 3 is 3 representing the number of updates of the unlock code "fingerprint" of the PC.
For example, taking the installation package of application 1 as an example, a counter may be set for the installation package of application 1, where the counter is used to record the number of updates of the installation package of application 1, e.g., the counter may record the counter value of the installation package with version 1 as 1, the counter value of the installation package with version 2 as 2, and the counter value of the installation package with version 3 as 3. A counter value of 3 for the installation package of version 3 characterizes the number of updates of the installation package of application 1. It should be appreciated that the counters corresponding to the installation packages for different applications are different. It should be appreciated that the version 1 installation package is updated with the version 2 installation package, and the version 2 installation package is updated with the version 3 installation package.
The first counter value is the maximum counter value recorded by the counter corresponding to the first data. It can be understood that: the first data is the most current data. Taking the first data as an unlocking password "face" of the PC as an example, the first counter value 2 is the largest counter value of the unlocking passwords "face" of the PC, which indicates that the face 2 is the latest unlocking password "face" of the PC. Wherein the counter corresponding to the first data and the second data is the same.
Illustratively, when the second data is a face 1, the counter value (e.g., 1) of the second data is less than the first counter value. When the second data can be a face 2, the counter value of the second data is the first counter value. When the second data may be a face 3, the counter value of the second data does not exist in the terminal. In an embodiment, the method for preventing rollback of data provided in the embodiments of the present application may not be limited to be applied to a scenario where the second data may be the face 1, that is, the counter value of the second data is smaller than the first counter value.
The ciphertext is derived from encrypting the first data based on the first counter value, and in one embodiment, the encryption process may be described with reference to the above embodiments. In one embodiment, the PC may employ an encryption algorithm to encrypt the first data based on the first counter value to obtain the ciphertext. Illustratively, the PC may employ a first encryption algorithm to encrypt the first data based on the first counter value to obtain the ciphertext.
S1203, validating the second data according to the first data, to obtain a validation result.
After the PC decrypts the ciphertext to obtain the first data, the second data can be verified according to the first data.
In one embodiment, verifying the second data may be understood as: it is detected whether the first data is identical to the second data. And if the first data and the second data are the same, the second data are represented to be successfully verified, and if the first data and the second data are different, the second data are represented to be failed to be verified. In one embodiment, the first data and the second data being different may be understood as: the first data is updated data of the second data.
In other words, if the second data to be verified is not the latest data, the second data verification fails. For example, when the PC is unlocked by using the face 1, since the PC has set the new unlock code face as "face 2", the authentication by using the face 1 fails, i.e., the PC cannot be unlocked by using the face 1.
In one embodiment, the first data is any one of: unlocking password of the terminal, payment password, password applied in the terminal, installation package applied in the terminal, data setting of the terminal, or parameter setting of the terminal. It should be understood that the first data and the second data belong to the same kind of data, if the second data is the unlocking password "face" of the terminal, the first data is also the unlocking password "face" of the terminal, if the second data is the unlocking password "fingerprint" of the terminal, the first data is also the unlocking password "fingerprint" of the terminal, if the second data is the installation package of the application 1, the first data is also the installation package of the application 1. It should be understood that the counters corresponding to the first data and the second data are the same, that is, the first data and the second data may be the same, or the first data is updated data of the second data.
And S1204, executing corresponding operation according to the verification result.
In one embodiment, the verification result may include: the second data is verified successfully or failed.
In one embodiment, the manner in which the corresponding operations are performed may be different depending on the data and the verification result. When the first data is the unlocking password of the terminal, the terminal responds to the successful verification of the second data, the terminal is unlocked, and the terminal can output prompt information in response to the failure of the verification of the second data. The prompt information indicates that the unlocking terminal fails.
For example, when the first data is a payment password (such as a payment password of a bank card or a payment password of an application, etc.), the terminal may perform payment in response to the second data verification being successful, and in response to the second data verification failing, the terminal may output prompt information. Wherein the prompt indicates a payment failure.
It should be appreciated that when the first data is an installation package of an application in the terminal, the terminal may verify the installation package of the application (e.g., whether the installation package of the application rolls back) at the time of the application running. The terminal can run the application in response to successful verification of the second data, and can output prompt information in response to failure of verification of the second data. The prompt information indicates that the installation package of the application is data rolled back, and data security risks exist, or the terminal can not run the application in response to failure of second data verification.
It should be understood that when the first data is the data setting of the terminal, or the parameter setting of the terminal, the terminal may verify the data setting of the terminal, or the parameter setting of the terminal, at power-on. The terminal responds to the successful verification of the second data, and can execute the starting operation to start normally. In response to the second data authentication failure, the terminal may output a hint information. The prompt information indicates data setting of the terminal of the application or data rollback occurs in parameter setting of the terminal, and data security risks exist. Alternatively, the terminal may not be powered on in response to the second data authentication failing.
It should be understood that, as the first data above and the terminal output verification result are exemplary, the data rollback prevention method provided in the embodiments of the present application is not limited to be applied to the first data as the above example.
According to the data rollback prevention method, data can be encrypted and decrypted according to the counter value of the first data, so that when rollback of the data (namely, data before updating is used) occurs, the counter value of the rolled back data is different from the counter value of the first data, and therefore, after ciphertext is decrypted by using the counter value of the first data, the rolled back data cannot be verified, and therefore, corresponding operation cannot be executed by using the rolled back data, namely, corresponding operation (such as unlocking of a terminal) can be executed after the rolling back of the data can be avoided, and data safety can be ensured.
The embodiment shown in fig. 12 illustrates a decryption process of the terminal, and in one embodiment, a process in which the terminal encrypts the first data for storage is described herein. The terminal responds to the first data to be stored, the first counter value can be obtained, the first data is encrypted according to the first counter value, the ciphertext is obtained, and the terminal can store the ciphertext.
In one embodiment, the manner in which the terminal obtains the first counter value may be: the terminal acquires the maximum recorded counter value of the counter corresponding to the first data, and further acquires the first counter value according to the maximum counter value. For example, if the first data is the unlock code "face 2" of the PC, the terminal may obtain the maximum counter value already recorded by the counter corresponding to the unlock code "face" is 1, and the terminal may obtain the first counter value according to the maximum counter value 1.
In one embodiment, the terminal may increment the maximum counter value by 1 to obtain a first counter value, e.g., increment the maximum counter value by 1 to obtain a first counter value of 2. In one embodiment, the terminal may further add a preset value to the maximum counter value to obtain the first counter value. The preset value may not be limited to 1, and in this embodiment, the number of updates of the first counter value characterization data may be understood as: the number of updates of the data may be characterized according to the preset value and the first counter value.
In one embodiment, the terminal may encrypt the first data according to the first counter value using a first encryption algorithm to obtain the ciphertext. In this embodiment, the terminal may decrypt the ciphertext using a first encryption algorithm based on the first counter value to obtain the first data.
In an embodiment, the terminal may generate the first salt value, and further generate the first key according to the first salt value, the root key, and the first counter value, so as to encrypt the first data with the first key to obtain the ciphertext, where the embodiment is described in the related embodiments above. The decryption process with respect to such an embodiment may also be referred to the relevant description in the above-described embodiment.
In an embodiment, an electronic device is further provided in an embodiment of the present application, where the electronic device may be a terminal as described in the foregoing embodiment, and referring to fig. 13, the electronic device 1300 may include: a processor 1301 (e.g., a CPU), a memory 1302. The memory 1302 may include a random-access memory (RAM) and may also include a non-volatile memory (NVM), such as at least one magnetic disk memory, in which various instructions may be stored in the memory 1302 for performing various processing functions and implementing method steps of the present application.
Optionally, the electronic device related to the present application may further include: a power supply 1303, a communication bus 1304, and a communication port 1305. The communication port 1305 is used for enabling connection communication between the electronic device and other peripheral devices. In the present embodiment, the memory 1302 is used for storing computer executable program code, which includes instructions; when the processor 1301 executes the instructions, the instructions cause the processor 1301 of the electronic apparatus to perform the actions in the above method embodiments, which achieve similar principles and technical effects, and are not described herein again.
It should be noted that the modules or components described in the above embodiments may be one or more integrated circuits configured to implement the above methods, for example: one or more application specific integrated circuits (application specific integrated circuit, ASIC), or one or more microprocessors (digital signal processor, DSP), or one or more field programmable gate arrays (field programmable gate array, FPGA), or the like. For another example, when a module above is implemented in the form of a processing element scheduler code, the processing element may be a general purpose processor, such as a central processing unit (central processing unit, CPU) or other processor that may invoke the program code, such as a controller. For another example, the modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on a computer, the processes or functions in accordance with embodiments of the present application are produced in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in or transmitted from one computer-readable storage medium to another, for example, by wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)), or wireless (e.g., infrared, wireless, microwave, etc.) means from one website, computer, server, or data center. Computer readable storage media can be any available media that can be accessed by a computer or data storage devices, such as servers, data centers, etc., that contain an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
The term "plurality" herein refers to two or more. The term "and/or" is herein merely an association relationship describing an associated object, meaning that there may be three relationships, e.g., a and/or B, may represent: a exists alone, A and B exist together, and B exists alone. In addition, the character "/" herein generally indicates that the front and rear associated objects are an "or" relationship; in the formula, the character "/" indicates that the front and rear associated objects are a "division" relationship. In addition, it should be understood that in the description of this application, the words "first," "second," and the like are used merely for distinguishing between the descriptions and not for indicating or implying any relative importance or order.
It will be appreciated that the various numerical numbers referred to in the embodiments of the present application are merely for ease of description and are not intended to limit the scope of the embodiments of the present application.
It should be understood that, in the embodiments of the present application, the sequence number of each process described above does not mean that the execution sequence of each process should be determined by the function and the internal logic of each process, and should not constitute any limitation on the implementation process of the embodiments of the present application.

Claims (6)

1. A method for preventing rollback of data, comprising:
acquiring second data to be verified;
decrypting ciphertext according to a first counter value to obtain first data, wherein the first counter value is a counter value of the first data, and the ciphertext is obtained by encrypting the first data based on the first counter value;
according to the first data, verifying the second data to obtain a verification result, wherein when the verification result is that the second data is successfully verified, the second data is identical to the first data, and when the verification result is that the second data is failed to verify, the first data is updated data of the second data, and the first counter value represents the updating times of the data;
executing corresponding operation according to the verification result;
before the second data to be verified is obtained, the method further comprises:
acquiring the first counter value in response to the first data to be stored;
encrypting the first data according to the first counter value to obtain the ciphertext;
storing the ciphertext;
the obtaining the first counter value includes:
detecting the maximum counter value recorded by the counter corresponding to the first data;
Obtaining the first counter value according to the maximum counter value;
the encrypting the first data according to the first counter value to obtain the ciphertext includes:
generating a first salt value;
generating a first key according to the first salt value, the root key, and the first counter value;
encrypting the first data by adopting the first key to obtain the ciphertext;
storing the first salt value, the first counter value, and the ciphertext;
decrypting the ciphertext according to the first counter value to obtain first data, including:
generating the first key from the root key, the first salt value, and the first counter value;
decrypting the ciphertext by adopting the first key to obtain the first data;
after the ciphertext is obtained, the method further comprises the following steps:
generating a second salt value;
generating a second key according to the second salt value and the first key;
encrypting the ciphertext by adopting the second key to obtain a first Message Authentication Code (MAC) value;
encrypting the ciphertext by adopting the second key to obtain a Message Authentication Code (MAC) value, wherein the method comprises the following steps:
encrypting the ciphertext by adopting the second secret key and the description information of the first data to obtain a first MAC value, wherein the description information comprises at least one of the following items: the first counter value, the first salt value, and the second salt value;
Wherein the first salt value, the second salt value, the root key, the first counter value, the first MAC value, and the ciphertext are stored in a nonvolatile memory area BIOS NV in a basic input output system BIOS.
2. The method of claim 1, wherein after the obtaining the first MAC value, further comprising:
storing the second salt value and the first MAC value;
the method further comprises the steps of, before decrypting the ciphertext by adopting the first key to obtain the first data:
generating the second key according to the second salt value and the first key;
encrypting the ciphertext by adopting the second secret key and the description information of the first data to obtain a second MAC value;
decrypting the ciphertext using the first key to obtain the first data, including:
determining first data to be decrypted according to description information of the first data in response to the second MAC value being identical to the first MAC value;
and decrypting the ciphertext by adopting the first key to obtain the first data.
3. The method according to claim 1 or 2, wherein the first data is any one of the following: an unlocking password of a terminal, a payment password, a password applied in the terminal, an installation package applied in the terminal, data setting of the terminal, or parameter setting of the terminal.
4. The method according to claim 3, wherein when the first data is an unlock code of the terminal, the performing a corresponding operation according to the verification result includes:
unlocking the terminal when the verification result is that the second data is successfully verified;
and outputting prompt information when the verification result is that the second data verification fails, wherein the prompt information indicates that unlocking the terminal fails.
5. An electronic device, comprising: a processor and a memory;
the memory stores computer instructions;
the processor executing computer instructions stored in the memory, causing the processor to perform the method of any one of claims 1-4.
6. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a computer program or instructions, which when executed, implement the method of any of claims 1-4.
CN202210513658.7A 2022-05-12 2022-05-12 Data rollback prevention method and electronic equipment Active CN116089967B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210513658.7A CN116089967B (en) 2022-05-12 2022-05-12 Data rollback prevention method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210513658.7A CN116089967B (en) 2022-05-12 2022-05-12 Data rollback prevention method and electronic equipment

Publications (2)

Publication Number Publication Date
CN116089967A CN116089967A (en) 2023-05-09
CN116089967B true CN116089967B (en) 2024-03-26

Family

ID=86197926

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210513658.7A Active CN116089967B (en) 2022-05-12 2022-05-12 Data rollback prevention method and electronic equipment

Country Status (1)

Country Link
CN (1) CN116089967B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105786588A (en) * 2016-02-22 2016-07-20 中南大学 Remote authentication method for cleanroom trusted virtual machine monitor
CN106713327A (en) * 2016-12-29 2017-05-24 上海众人网络安全技术有限公司 Authentication method and system of verification code security reinforcement
EP3333747A1 (en) * 2016-12-06 2018-06-13 ETH Zurich Methods and systems for detecting rollback attacks
CN109474423A (en) * 2018-12-10 2019-03-15 平安科技(深圳)有限公司 Data encryption/decryption method, server and storage medium
CN111723383A (en) * 2019-03-22 2020-09-29 阿里巴巴集团控股有限公司 Data storage and verification method and device
CN112088376A (en) * 2018-06-30 2020-12-15 华为技术有限公司 File storage method and device and storage medium
CN112348997A (en) * 2019-08-08 2021-02-09 云丁网络技术(北京)有限公司 Intelligent door lock control method, device and system
WO2021087956A1 (en) * 2019-11-08 2021-05-14 华为技术有限公司 Data processing method and apparatus, and system chip
CN111386513B (en) * 2018-05-03 2021-09-07 华为技术有限公司 Data processing method, device and system chip

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105786588A (en) * 2016-02-22 2016-07-20 中南大学 Remote authentication method for cleanroom trusted virtual machine monitor
EP3333747A1 (en) * 2016-12-06 2018-06-13 ETH Zurich Methods and systems for detecting rollback attacks
CN106713327A (en) * 2016-12-29 2017-05-24 上海众人网络安全技术有限公司 Authentication method and system of verification code security reinforcement
CN111386513B (en) * 2018-05-03 2021-09-07 华为技术有限公司 Data processing method, device and system chip
CN112088376A (en) * 2018-06-30 2020-12-15 华为技术有限公司 File storage method and device and storage medium
CN109474423A (en) * 2018-12-10 2019-03-15 平安科技(深圳)有限公司 Data encryption/decryption method, server and storage medium
CN111723383A (en) * 2019-03-22 2020-09-29 阿里巴巴集团控股有限公司 Data storage and verification method and device
CN112348997A (en) * 2019-08-08 2021-02-09 云丁网络技术(北京)有限公司 Intelligent door lock control method, device and system
WO2021087956A1 (en) * 2019-11-08 2021-05-14 华为技术有限公司 Data processing method and apparatus, and system chip
CN113168477A (en) * 2019-11-08 2021-07-23 华为技术有限公司 Data processing method, device and system chip

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
云计算执行环境可信构建关键技术研究;代炜琦;《中国博士学位论文全文数据库 信息科技辑》(第07期);I139-24 *
云计算环境下数据保护关键技术研究;顾瑜;《中国博士学位论文全文数据库 信息科技辑》(第09期);I137-7 *

Also Published As

Publication number Publication date
CN116089967A (en) 2023-05-09

Similar Documents

Publication Publication Date Title
US11921860B2 (en) Rollback resistant security
EP3458999B1 (en) Self-contained cryptographic boot policy validation
US6539480B1 (en) Secure transfer of trust in a computing system
JP5703391B2 (en) System and method for tamper resistant boot processing
EP2583410B1 (en) Single-use authentication methods for accessing encrypted data
EP2681689B1 (en) Protecting operating system configuration values
US7639819B2 (en) Method and apparatus for using an external security device to secure data in a database
US8099789B2 (en) Apparatus and method for enabling applications on a security processor
US8190916B1 (en) Methods and systems for modifying an integrity measurement based on user authentication
EP2727040B1 (en) A secure hosted execution architecture
WO2019104988A1 (en) Plc security processing unit and bus arbitration method thereof
KR102030858B1 (en) Digital signing authority dependent platform secret
TW201500960A (en) Detection of secure variable alteration in a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware
JP7406013B2 (en) Securely sign configuration settings
US8656190B2 (en) One time settable tamper resistant software repository
CN116070217A (en) Safe starting system and method for chip module
CN116089967B (en) Data rollback prevention method and electronic equipment
WO2016024967A1 (en) Secure non-volatile random access memory
JP2024507531A (en) Trusted computing for digital devices
US12019752B2 (en) Security dominion of computing device
CN111357003A (en) Data protection in a pre-operating system environment
US20240152620A1 (en) Owner revocation emulation container
JP2023136601A (en) Software management device, software management method, and program
TW202424741A (en) Owner revocation emulation container
WO2009127905A1 (en) Apparatus and method for enabling applications on a security processor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant