CN107766724A - A kind of construction method of trusted computer platform software stack function structure - Google Patents
A kind of construction method of trusted computer platform software stack function structure Download PDFInfo
- Publication number
- CN107766724A CN107766724A CN201710962366.0A CN201710962366A CN107766724A CN 107766724 A CN107766724 A CN 107766724A CN 201710962366 A CN201710962366 A CN 201710962366A CN 107766724 A CN107766724 A CN 107766724A
- Authority
- CN
- China
- Prior art keywords
- key
- tcm
- platform
- algorithm
- entity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000010276 construction Methods 0.000 title claims abstract description 23
- 238000003860 storage Methods 0.000 claims abstract description 40
- 238000005259 measurement Methods 0.000 claims abstract description 34
- 238000012795 verification Methods 0.000 claims abstract description 20
- 230000006870 function Effects 0.000 claims description 51
- 238000004891 communication Methods 0.000 claims description 32
- 238000013475 authorization Methods 0.000 claims description 27
- 238000000034 method Methods 0.000 claims description 20
- 238000013508 migration Methods 0.000 claims description 20
- 230000005012 migration Effects 0.000 claims description 20
- 230000007246 mechanism Effects 0.000 claims description 19
- 230000008569 process Effects 0.000 claims description 9
- 230000004044 response Effects 0.000 claims description 8
- 230000006835 compression Effects 0.000 claims description 6
- 238000007906 compression Methods 0.000 claims description 6
- 230000008859 change Effects 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 5
- 241001269238 Data Species 0.000 claims description 4
- 238000000151 deposition Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 3
- 238000012423 maintenance Methods 0.000 claims description 3
- 238000012986 modification Methods 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims description 3
- 238000010606 normalization Methods 0.000 claims description 3
- 230000008602 contraction Effects 0.000 claims description 2
- 238000004519 manufacturing process Methods 0.000 claims 1
- 238000007726 management method Methods 0.000 description 22
- 238000005516 engineering process Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 3
- 239000011248 coating agent Substances 0.000 description 2
- 238000000576 coating method Methods 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- 238000000682 scanning probe acoustic microscopy Methods 0.000 description 2
- 230000009870 specific binding Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a kind of construction method of trusted computer platform software stack function structure, and trusted computer platform software stack is respectively from top to bottom:TSS ISPs, TSS kernel services, TCG device drives storehouse and TPM device drives, construction method include:Key management, cryptography service, safety storage, integrity verification, authorized agreement and certificate management.The power business terminal Multilevel Security Models based on safety chip constructed by construction method of the present invention, credible software stack is established in software layer, the instrument of measurement application program is provided for system, system can call credible chip by credible software stack, realize the measurement to application program;Credible software stack, which is realized, to be supported the single entrance using credible platform module function, provides the synchronization of access function to credible platform module, provides suitable interface to upper level applications to hide the instruction stream of credible platform module and management credible platform module resource.
Description
Technical field
The present invention relates to Information Statistics security technology area, more particularly to a kind of trusted computer platform software stack functional frame
The construction method of structure.
Background technology
Trust computing fundamentally can not solve safety problem for current computing system and propose, by calculating
Application specific hardware modules are integrated in system and are established and trust source point, trust chain is established using cipher mechanism, builds reliable calculating ring
Border, foundation for security is provided for computer platform system.
Credible calculating platform is built in computing systems and for realizing the support system of trust computing function, is to trust
The source of chain, only solve the safety problem in source, trust chain can be just set up, so as to ensure overall secure and trusted.It is credible
Console module is the important component of credible calculating platform, and credible platform module includes cryptographic algorithm, key management, certificate pipe
The contents such as reason, cipher protocol, cryptographic service, to realize that the integrity measurement of itself of upper platform, platform identity prove sum
Stored according to safety and password support is provided, Trusted Computing Group proposes credible software stack, and defines its functional requirement, level
Function interface between structure and each level.TSS is TPM support programs, and TPM chips are that an offer trust computing is basic
The secure hardware module of function, but because resources of chip is limited, it only externally provides the interface of basic function, so to make
Expansion and support system by the use of TSS as TPM chips, the function towards upper strata real-life program is realized, provide and access TPM work(
The function interface of energy;TSS is the bridge between TPM and upper layer application, the function that TPM is provided sufficiently is applied,
And enable function of the upper layer application easily and safely using TPM.
By four module compositions, they are respectively from top to bottom TSS:TSS ISPs (TSP), TSS kernel services
(TCS), TCG device drives storehouse (TDDL), TPM device drives (TDD).It is answering to user wherein in the TSP of the system the superiors
Interface is provided with program, the parameter packing from application program is transmitted to TCS modules by it, is provided by TCS modules specific
Power function (such as key management), TCS modules are write as one after the parameter from TSP modules is analyzed and operated
The byte stream that TPM can be identified, being passed to inside TPM and gone by TDDL, TPM is operated accordingly after receiving byte stream,
Result is returned in TCS in the form of byte stream by TDDL and gone, after analyzing byte stream, result is transmitted to TSP, by
Formal result is returned to application program by TSP.TDD is the component of kernel mode, and it receives the byte stream for coming from TDDL, and
They are sent to TPM, finally returns to the response to TDDL.
By calling the interface function that ISP is provided in credible software stack, what upper level applications can use
Function, it is possible thereby to which trust computing is applied among various fields.These fields include safety risk management, ecommerce,
Digital copyright management, network authentication mandate, Virtual Private Network, network invasion monitoring, Malicious Code Detection and strick precaution etc..
The content of the invention
Goal of the invention:A kind of to overcome the shortcomings of the existing technology, the present invention is directed to provide trusted computer platform software stack work(
The construction method of energy framework.
Technical scheme:In order to solve the above technical problems, the present invention provides following technical scheme:
A kind of construction method of trusted computer platform software stack function structure, trusted computer platform software stack functional frame
The construction method of structure includes:
(1) key management:User by calling the hardware module TCM_CreateWrapKey orders of credible calculating platform,
TCM produces symmetric cryptographic key or ECC keys pair, and is encrypted and stored with upper level key;Password is set using when creating key
With migration password, the use mandate of encrypt and decrypt operation is used for using password, but does not allow the migration for finding actual password value
To user, the migration key under a specific public key authorizes password;When user needs to use the key, TCM_ is called
LoadWrapKey orders, TCM are loaded into an idle region with father's secret key decryption and by it, return to keyhandle, for
Family uses;
(2) cryptography service:The cryptographic algorithm being equipped with trusted computer platform includes Generating Random Number, hash is calculated
Method, Message Authentication Code algorithm, symmetric cryptographic algorithm and asymmetric cryptographic algorithm;
(3) safety storage:TCM provides the secure storage function for key and other sensitive datas, and guarantee is stored in it
In key and sensitive information will not be destroyed, change and leak, and unauthorized use;
(4) integrity verification:Trusted computer platform integrity verification includes integrity measurement, storage and report tripartite
Face;Integrity measurement refers to computing metric, records the event to event log, and metric is charged to corresponding platform configuration
In register PCR;Integrity report refers to that TCM provides the integrality of platform or section components in its protection zone to verifier
The certificate of metrology event and correlation in metric, daily record, verifier can judge the state of platform by integrity report;Test
Card person can judge whether the PCR value comes from correct metrics process by analyzing integrity measurement event log information;Credible meter
The function that machine platform provides the report of integrity measurement value to external entity is calculated, the metric reported, which is used as, judges platform credible
Foundation;
(5) authorized agreement:Any entity can submit TCM orders, and the exchange of a safety is formed between entity and TCM platforms
Passage, TCM orders and returning result are submitted by this communication channel;Information of the communication channel for completion towards session
Exchange follows request-response semantics, the integrity verification of authorization identifying, information between protocol realization external entity and TCM
With the Confidentiality protection of sensitive data;
(6) certificate management:Digital certificate uses RSA arithmetic, i.e., is added using a pair of keys to match each other
Close, decryption;Each user oneself setting one it is specific, be only my known proprietary secret key and private key, be decrypted with it and
Signature concurrently sets a public keys public key and by my disclosure, for encrypting and verifying signature.
The hardware module TCM of above-mentioned credible calculating platform provides crypto-operation function for credible calculating platform, has and is protected
The memory space of shield;
Above-mentioned platform configuration register PCR bit is used merely to load the metric to module, size 160 inside TPM
Bit;
Above-mentioned integrity measurement is to ensure that the credible of credible calculating platform introduces, and refers to any go for platform control
The entity of power is made, will be measured before control is obtained;
Above-mentioned digital certificate is called " digital ID card ", " digital ID ", is by authentication center's granting and authenticated middle calculation
Word signature, a kind of e-file comprising public-key cryptography owner and public-key cryptography relevant information, for proving digital card
The true identity of book holder;
Above-mentioned entity is process, thread or controller.
Further, described (1) key management, key management is reduced by introducing symmetry algorithm and " user subject " concept
Level, simplify key storage protection, and use three-level cipher key management scheme:
A, crypto module key, storage master key, the authorization data of platform owner are directly deposited in credible password module
Inside, protected by the physical security measures of credible password module;
B, the information structure entity identification data block such as entity encryption key, entity authentication key, object authority data, by depositing
Root key encryption protection is stored up, is stored in outside TCM;Various application keys that entity possesses, P instrument etc. are by entity encryption keys
Protection, is stored in outside TCM, platform controls access of the user to key by setting the permissions data of entity;
C, one of TCM function is exactly to create SMI symmetric keys and ECC unsymmetrical key pair, the detailed letter of these keys
Breath will be stored in TCM after creation, but because TCM space is limited, they are put into outside in an encrypted form if necessary
Memory block in, when to use this key, as above save in load step be loaded into TCM again enters exercise
With.
Further, in described (1) key management, migration key must occur in controlled environment, ensure key only
It is transferred to from a shielded environment of hardware in the shielded environment of another hardware.
The mobility of data is an important topic in key management, when the data needs being stored on a platform are standby
Part on another platform, the key related to the data must also migrate, and just these data can be enable to be used.
Further, Generating Random Number is that one-way hash function can not be pre- by one in described (2) cryptography service
The random number of the input criminal's of becoming byte length of survey;
Symmetric cryptographic algorithm generates encryption key to introduce symmetric encipherment algorithm, using symmetric encipherment algorithm, and carries out
Encryption and decryption operation inside TCM;
Asymmetric cryptographic algorithm includes public key cryptography and secret key cipher, and public key algorithm is ECC cryptographic algorithms, secret key bits
A length of m, ECC cryptographic algorithm include key to generation, signature/verification algorithm, enciphering and deciphering algorithm and key agreement etc., key
Key pair to being generated as ECC, including private key d and public key Q, wherein d are a random positive integer less than n-1, and Q is ellipse
A non-infinite point on curve E and meet Q=dG, G is a basic point in curve;
Hash algorithm is SMZ, and for the message that given length is k, hash algorithm is by filling, Iteration Contraction and choosing
Cut out, generate Hash Value, the message block length of preprocessed mistake is bit, and Hash Value length is bit, and hash function is by message
The unique digital information of boil down to, ensures the legitimacy and security of original message, and SMZ is one-way encryption function, and for
The message of random length will all generate the Hash Value of same length after processing so that and it is more convenient to compare origination message, for
Confidential information only needs to preserve its Hash Value, on the one hand, the Hash Value of storage, which can not be decrypted, makes raw information fully be protected
Shield, without worrying that Hash Value is maliciously intercepted in transmitting procedure, on the other hand, the more convenient safety of comparison information;
Message Authentication Code algorithm HMAC needs an encryption hash function and a key.
By the processing of hash algorithm, even if raw information only changes a letter, corresponding compression information can also become
Completely different, this guarantees the uniqueness of treated information;SMZ is not encryption simultaneously, and it can not possibly be Hash Value solution
Close time origination message.
Above-mentioned signature and verification algorithm:Calculate digital signature and need to use hash algorithm and treat signature information and be compressed,
The input message of signature algorithm is the summary of bit length of the message to be signed after hash algorithm compresses, and verifies digital signature
Need to use hash algorithm and treat signature information and be compressed, the input message of verification algorithm is that message to be signed is calculated by hash
The summary of m bit lengths after method compression.
Above-mentioned enciphering and deciphering algorithm:ECC AESs in platform are used for the sensitive informations such as encrypted symmetric key and random number,
The cleartext information byte length of ECC encryptions is variable.Decipherment algorithm exports cleartext information.When encrypted information invalid, decipherment algorithm
Any cleartext information is not exported.
Above-mentioned key agreement:If key agreement both sides are A, B, its key to be respectively (dA, QA) and (dB, QB), both sides
The bit length for the key data for needing to obtain is klen.Cipher key agreement algorithm is divided into two stages;
First stage:Produce temporary key pair, user A call key to produce algorithm produce a pair of temporary keys to (rA,
RA), RA is sent to B, user B calls key to produce a pair of temporary keys to (rB, RB) to producing algorithm, RB is sent into B;
Second stage:Calculate shared key data.
Above-mentioned Message Authentication Code algorithm HMAC safety analysis:
Message Authentication Code algorithm HMAC is more like a kind of AES, and it introduces key, and its security is incomplete
Dependent on used HASH algorithms, security mainly has following a few promises:
A, the key used is that both sides arrange in advance, and third party can not can know that, the as illegal acquisition of information the 3rd
Side, the information that can be obtained only have the result as the random number of " challenge " and as " response ", can not be according to the two data
Key is extrapolated, due to not knowing key, so consistent response can not be copied;
B, difference important with general encryption Message Authentication Code algorithm HMAC is that it has " instantaneous " property, and authentication authorization and accounting is only
It is effective at that time, and after AES is cracked, former encrypted result may be decrypted.
Further, described (3) store safely in storing safely includes following several ways:
A, bind:One message is encrypted using public key, recipient is decrypted using private key, is a kind of traditional encryption
Mode, if a key is not transportable key, and some specific binding, can not migration key master in TCM
It is used to sign;
B, signature adds and helped:A signature is produced using private key, for protecting the integrality of a message;Signature key by
TCM is produced and management, for being signed to information, can be obtained containing platform identification with certain signature algorithm by it
Ciphertext, it is typically not transportable;Some of keys are defined as signature key, then the key can only be signed, without
Cryptographic operation can be used for;
C, seal:Platform status information, i.e., some PCR values are added when message is encrypted.In recipient to message
When being decrypted, it need to first judge that the platform status of decryption side is identical with PCR value during encryption, otherwise cannot be decrypted.
D, seal signature:Connected during signature with some PCR value, platform has reached certain state when being signed with explanation
Demand.
Further, described (5) authorized agreement also includes:
A, authorization data:Key, sensitive data and the other data for needing storage protection of platform interior are referred to as object, often
Individual object must have corresponding authorization data, and an authorization data can correspond to multiple objects, it is necessary to pass through authorization data
Checking could access object.The authorization data of object, inputted from platform by user, carried out through hash algorithm at length normalization method
Stored after reason;The SMK of TCM owner authentication code is held in itself by TCM, and the authentication code of each entity is by entity
What itself held, TCM is using authentication code as the complete evidence for being able to verify that entity identities.No longer need other verifications, it is known that
The authorizationdata of object means that, with access to the TCM objects, any entity of requestor preserves at it authorizes number
According to place also need to extra protection and request, and TCM need not;
B, authorisation session:Any entity may all engage in the dialogue with TCM, to be carried to the dialogue between entity and TCM platforms
For the passage of a safety, the safe transmission of interaction data and result can be ensured by this passage, due to this demand
Presence, introduce authen session, the purpose that session is established be to ensure that the access to TCM objects be by certification, it
Using the protocol of random number by turns, Replay Attack can be prevented;
C, agreement flow:The purpose of authorized agreement and mechanism is to have the right to perform order and make to TCM proof requestors
With some objects.
Above-mentioned requestor refers to wish to perform order on TCM or using particular entity.
Further, the agreement of the agreement flow meets following require:
1) AP sessions are initiated with TCM_AP_CREATE orders, are terminated with TCM_AP_TERMINATE;
2) agreement provides authentication mechanism and generates session key by shared secret of AuthData, and is given birth to based on the session key
Into check value, to judge whether caller possesses the authority to a certain entity;
3) agreement provides integrity protection mechanism.The packet in funcall stage is entered with the session key that both sides share
Row integrity protection;
4) it is calculated as option in TCMAPCREATE orders;
5) agreement provides optional Confidentiality protection mechanism, and the session key shared as needed with both sides is to funcall
The packet in stage is encrypted protection, IfEncrypted for whether the mark that communication data packet is encrypted, in special feelings
Oneself is encrypted in itself for communication data under condition, such as key migration, can select not encrypt communication data, described in table for number
According to the situation of coating encryption;
6) it be anti-replay sequence number that agreement, which provides anti-replay mechanism seqNonce, generated by TCM and external callers with
Shared between TCM, the respective maintenance sequence number of both sides, a data packet number is often sent from increasing 1, to prevent replay attack.
Further, in described (6) certificate management, when sending a classified document, sender uses the public affairs of recipient
Key is to data encryption, and recipient is then decrypted using the private key of oneself, and such information can arrives at safe and punctually;
By using digital certificate, user can be ensured as follows:Information is not stolen in addition to sender and recipient by other people
Information is not tampered with sender in transmitting procedure to confirm the identity sender of recipient for certainly by digital certificate
Oneself information can not deny information from after digital signature untill receiving, and not make any modification, the file signed and issued is true
File.
Further, digital certificate uses public-key mechanism, the program that certification authority provides for user produce a pair it is close
Key, one is disclosed public key, and it will announce in the digital certificate of user and is deposited at digital certificate authentication center, another
It is private private key, it will be stored on the computer of user.
Further, the digital certificate will carry out discriminating communication and secret communication, differentiate that communication uses certainly for sender
To being encrypted in plain text, ciphertext is decrypted oneself private key using the public key of sender by recipient;Secret communication is sender
Using the public key of recipient to being encrypted in plain text, ciphertext is decrypted using the private key of oneself for reciever.
Recipient is decrypted using the public key of sender in above-mentioned discriminating communication, it is believed that information is added by sender
Close, also can authenticated the identity of sender;Due to only having recipient could be to being added by the public key of oneself in secret communication
Close information decryption, therefore secret communication can be realized.
Beneficial effect:The construction method of credible software stack function structure of the present invention, the constructed electricity based on safety chip
Power service terminal Multilevel Security Models, credible software stack is established in software layer, and the instrument of measurement application program is provided for system, is
System can call credible chip by credible software stack, realize the measurement to application program;Credible software stack, which is realized, supports application
The single entrance of credible platform module function, provide to the synchronization of access function of credible platform module, to upper level applications
Suitable interface is provided to hide the instruction stream of credible platform module and management credible platform module resource.
Brief description of the drawings
Fig. 1 is trusted computer platform software stack functional frame composition of the present invention;
Fig. 2 is verifying completeness of platform flow chart in trusted computer platform software stack of the present invention;
Fig. 3 is generation and the loading procedure figure of key of the present invention.
Embodiment
Embodiment 1
As Figure 1-3, a kind of construction method of trusted computer platform software stack function structure, trusted computer platform
The construction method of software stack function structure includes:
(1) key management:User by calling the hardware module TCM_CreateWrapKey orders of credible calculating platform,
TCM produces symmetric cryptographic key or ECC keys pair, and is encrypted and stored with upper level key;Password is set using when creating key
With migration password, the use mandate of encrypt and decrypt operation is used for using password, but does not allow the migration for finding actual password value
To user, the migration key under a specific public key authorizes password;When user needs to use the key, TCM_ is called
LoadWrapKey orders, TCM are loaded into an idle region with father's secret key decryption and by it, return to keyhandle, for
Family uses;Key management level is reduced by introducing symmetry algorithm and " user subject " concept, simplifies key storage protection, and adopt
With three-level cipher key management scheme:
A, crypto module key, storage master key, the authorization data of platform owner are directly deposited in credible password module
Inside, protected by the physical security measures of credible password module;
B, the information structure entity identification data block such as entity encryption key, entity authentication key, object authority data, by depositing
Root key encryption protection is stored up, is stored in outside TCM;Various application keys that entity possesses, P instrument etc. are by entity encryption keys
Protection, is stored in outside TCM, platform controls access of the user to key by setting the permissions data of entity;
C, one of TCM function is exactly to create SMI symmetric keys and ECC unsymmetrical key pair, the detailed letter of these keys
Breath will be stored in TCM after creation, but because TCM space is limited, they are put into outside in an encrypted form if necessary
Memory block in, when to use this key, as above save in load step be loaded into TCM again enters exercise
With;
The mobility of data is an important topic in key management, when the data needs being stored on a platform are standby
Part on another platform, the key related to the data must also migrate, and just these data can be enable to be used;Migration key is necessary
Occur in controlled environment, ensure that key is only transferred to the shielded ring of another hardware from a shielded environment of hardware
In border.
(2) cryptography service:The cryptographic algorithm being equipped with trusted computer platform includes Generating Random Number, hash is calculated
Method, Message Authentication Code algorithm, symmetric cryptographic algorithm and asymmetric cryptographic algorithm;
A, Generating Random Number:One-way hash function by one it is uncertain input the criminal's of becoming byte length it is random
Number;
B, symmetric cryptographic algorithm:Symmetric encipherment algorithm is introduced, generates encryption key using symmetric encipherment algorithm, and carry out
Encryption and decryption operation inside TCM;
C, asymmetric cryptographic algorithm:Public key algorithm is ECC cryptographic algorithms, key bit length m, ECC cryptographic algorithm bag
Key is included to generation, signature/verification algorithm, enciphering and deciphering algorithm and key agreement etc.,
Key is to generation:For ECC key to including private key d and public key Q, wherein d is random less than one of n-1 just whole
Number, Q are a non-infinite point on elliptic curve E and meet Q=dG, and G is a basic point in curve;
Signature and verification algorithm:Calculate digital signature and need to use hash algorithm and treat signature information and be compressed, sign
The input message of algorithm is the summary of bit length of the message to be signed after hash algorithm compresses, and checking digital signature needs
Use hash algorithm and treat signature information and be compressed, the input message of verification algorithm is that message to be signed passes through hash algorithm pressure
The summary of m bit lengths after contracting;
Enciphering and deciphering algorithm:ECC AESs in platform are used for the sensitive informations such as encrypted symmetric key and random number, ECC
The cleartext information byte length of encryption is variable.Decipherment algorithm exports cleartext information.When encrypted information invalid, decipherment algorithm is not defeated
Go out any cleartext information;
Key agreement:If key agreement both sides are A, B, its key is to respectively (dA, QA) and (dB, QB), both sides need
The bit length of the key data of acquisition is klen.Cipher key agreement algorithm is divided into two stages;
First stage:Produce temporary key pair, user A call key to produce algorithm produce a pair of temporary keys to (rA,
RA), RA is sent to B, user B calls key to produce a pair of temporary keys to (rB, RB) to producing algorithm, RB is sent into B;
Second stage:Calculate shared key data;
D, hash algorithm:Hash algorithm is SMZ, and for the message that given length is k, hash algorithm is by filling, changing
Generation compression and choosing are cut out, and generate Hash Value, and the message block length of preprocessed mistake is bit, and Hash Value length is bit, hash
Message compression is unique digital information by function, ensures the legitimacy and security of original message, by the place of hash algorithm
Reason, even if raw information only changes a letter, corresponding compression information can also become completely different, and this guarantees at
The uniqueness of the information of reason;SMZ is not encryption simultaneously, and Hash Value can not possibly be decrypted back origination message by it;SMZ is One-Way Encryption
Function, and the Hash Value of same length will be all generated after processing for the message of random length so that compare origination message
It is more convenient, only need to preserve its Hash Value for confidential information, on the one hand, the Hash Value of storage, which can not be decrypted, makes raw information
Fully protected, without worrying that Hash Value is maliciously intercepted in transmitting procedure, on the other hand, comparison information is more
For convenience of safety;
E, Message Authentication Code algorithm:Message Authentication Code algorithm HMAC needs an encryption hash function and a key.
Message Authentication Code algorithm HMAC safety analysis:
Message Authentication Code algorithm HMAC is more like a kind of AES, and it introduces key, and its security is incomplete
Dependent on used HASH algorithms, security mainly has following a few promises:
A, the key used is that both sides arrange in advance, and third party can not can know that, the as illegal acquisition of information the 3rd
Side, the information that can be obtained only have the result as the random number of " challenge " and as " response ", can not be according to the two data
Key is extrapolated, due to not knowing key, so consistent response can not be copied;
B, difference important with general encryption Message Authentication Code algorithm HMAC is that it has " instantaneous " property, and authentication authorization and accounting is only
It is effective at that time, and after AES is cracked, former encrypted result may be decrypted.
(3) safety storage:TCM provides the secure storage function for key and other sensitive datas, and guarantee is stored in it
In key and sensitive information will not be destroyed, change and leak, and unauthorized use;Storage includes safely in safety storage
Following several ways:
A, bind:One message is encrypted using public key, recipient is decrypted using private key, is a kind of traditional encryption
Mode, if a key is not transportable key, and some specific binding, can not migration key master in TCM
It is used to sign;
B, signature adds and helped:A signature is produced using private key, for protecting the integrality of a message;Signature key by
TCM is produced and management, for being signed to information, can be obtained containing platform identification with certain signature algorithm by it
Ciphertext, it is typically not transportable;Some of keys are defined as signature key, then the key can only be signed, without
Cryptographic operation can be used for;
C, seal:Platform status information, i.e., some PCR values are added when message is encrypted.In recipient to message
When being decrypted, it need to first judge that the platform status of decryption side is identical with PCR value during encryption, otherwise cannot be decrypted.
D, seal signature:Connected during signature with some PCR value, platform has reached certain state when being signed with explanation
Demand.
(4) integrity verification:Trusted computer platform integrity verification includes integrity measurement, storage and report tripartite
Face;Integrity measurement refers to computing metric, records the event to event log, and metric is charged to corresponding platform configuration
In register PCR;Integrity measurement is to ensure that the credible of credible calculating platform introduces, and refers to any go for platform control
The entity of power is made, will be measured before control is obtained;Integrity report refers to that TCM provides its protection zone to verifier
The certificate of the metric of the integrality of middle platform or section components, the metrology event in daily record and correlation, verifier can pass through
Integrity report judges the state of platform;Verifier can judge that the PCR value is by analyzing integrity measurement event log information
It is no to come from correct metrics process;Trusted computer platform provides the function of integrity measurement value report to external entity, is reported
The metric of announcement is as the foundation for judging platform credible.
(5) authorized agreement:Any entity (process, thread or controller) can submit TCM orders, entity and TCM platforms
Between form the communication channel of a safety, pass through this communication channel and submit TCM orders and returning result;Communication channel is
The information completed towards session, which exchanges, follows request-response semantics, the mandate between protocol realization external entity and TCM
The Confidentiality protection of certification, the integrity verification of information and sensitive data:
A, authorization data:Key, sensitive data and the other data for needing storage protection of platform interior are referred to as object, often
Individual object must have corresponding authorization data, and an authorization data can correspond to multiple objects, it is necessary to pass through authorization data
Checking could access object.The authorization data of object, inputted from platform by user, carried out through hash algorithm at length normalization method
Stored after reason;The SMK of TCM owner authentication code is held in itself by TCM, and the authentication code of each entity is by entity
What itself held, TCM is using authentication code as the complete evidence for being able to verify that entity identities.No longer need other verifications, it is known that
The authorizationdata of object meant that with access to the TCM objects, requestor (it is desirable that performed on TCM order or
Use particular entity) any entity the place of authorization data preserved at it also need to extra protection and request, and TCM is not
Need;
B, authorisation session:Any entity may all engage in the dialogue with TCM, to be carried to the dialogue between entity and TCM platforms
For the passage of a safety, the safe transmission of interaction data and result can be ensured by this passage, due to this demand
Presence, introduce authen session, the purpose that session is established be to ensure that the access to TCM objects be by certification, it
Using the protocol of random number by turns, Replay Attack can be prevented;
C, agreement flow:The purpose of authorized agreement and mechanism is to have the right to perform order and make to TCM proof requestors
With some objects, agreement meets following require:
1) AP sessions are initiated with TCM_AP_CREATE orders, are terminated with TCM_AP_TERMINATE;
2) agreement provides authentication mechanism and generates session key by shared secret of AuthData, and is given birth to based on the session key
Into check value, to judge whether caller possesses the authority to a certain entity;
3) agreement provides integrity protection mechanism.The packet in funcall stage is entered with the session key that both sides share
Row integrity protection;
4) it is calculated as option in TCMAPCREATE orders;
5) agreement provides optional Confidentiality protection mechanism, and the session key shared as needed with both sides is to funcall
The packet in stage is encrypted protection, IfEncrypted for whether the mark that communication data packet is encrypted, in special feelings
Oneself is encrypted in itself for communication data under condition, such as key migration, can select not encrypt communication data, described in table for number
According to the situation of coating encryption;
6) it be anti-replay sequence number that agreement, which provides anti-replay mechanism seqNonce, generated by TCM and external callers with
Shared between TCM, the respective maintenance sequence number of both sides, a data packet number is often sent from increasing 1, to prevent replay attack.
(6) certificate management:Digital certificate is called " digital ID card ", " digital ID ", is provided by authentication center and through recognizing
Demonstrate,prove center number signature, a kind of e-file comprising public-key cryptography owner and public-key cryptography relevant information, for demonstrate,proving
The true identity of bright digital certificate holder;Digital certificate uses RSA arithmetic, that is, utilizes a pair of keys to match each other
It is encrypted, decrypts;Each user oneself setting one it is specific, be only my known proprietary secret key and private key, carried out with it
Decryption and signature concurrently set a public keys public key and by my disclosures, for encrypting and verifying signature;It is a when sending
During classified document, sender uses the public key of recipient to data encryption, and recipient is then decrypted using the private key of oneself, so
Information can arrives at safe and punctually;By using digital certificate, user can be ensured as follows:Information is removed
Digital certificate can be passed through by sender not being not tampered with transmitting procedure by other people's steal informations outside by sender and recipient
To confirm that the identity sender of recipient can not deny information from after digital signature untill receiving, not for the information of oneself
Made any modification, the file signed and issued is authentic document.
Digital certificate uses public-key mechanism, and the program that certification authority provides produces a pair of secret keys for user, and one is
Disclosed public key, it will announce in the digital certificate of user and is deposited at digital certificate authentication center, and another is private
Private key, it will be stored on the computer of user.
Digital certificate will carry out differentiating communication and secret communication, differentiate that communication uses the private key of oneself in plain text for sender
It is encrypted, ciphertext is decrypted using the public key of sender by recipient, it is believed that information is encrypted by sender,
Can authenticated the identity of sender;Secret communication be sender using the public key of recipient to being encrypted in plain text, receive
Ciphertext is decrypted using the private key of oneself for side;Due to only having recipient could be to the information solution of the public key encryption by oneself
It is close, therefore secret communication can be realized.
Trusted computer platform will provide at least following three kinds of base attribute functions:
(1) protection storage
It is an instruction set that exclusive access can be carried out to protected field.Protected field is pair that can be safe
The region that sensitive data is operated, TPM realize protective capability using protection storage and platform integrity measurement reporting.Protection
Storage is to calculate and protect data storage in a kind of believable method to perform.TPM is provided for key and other sensitive datas
Secure storage function, ensure that the key that is stored therein and sensitive information will not be destroyed, change and leak, and unauthorized
Use, protect the realization of storage.
(2) integrity measurement of platform, storage, report
It is mainly used in the credible description to platform configuration information.It is that a platform for obtaining influence completeness of platform refers to
Mark, stores these indexs and the process in the summary info storage platform configuration register of these indexs.The starting point of measurement
It is referred to as the trusted root for measurement.One static measurement trusted root come from starting state such as power-up from
Inspection.The dynamic credible root of one measurement comes from conversion of the insincere state to trusted status.In integrity measurement
Between integrity report is integrality storage.Integrity metrics are stored in this in journal file simultaneously by integrality storage
The summary info of a little indexs is stored in platform configuration register.Integrity report is the mistake of a proof integrality storage content
Journey.For integrity measurement, storage, report method require platform can enter any possible state include it is undesirable and
Unsafe state, but do not allow platform to carry out fraudulent report to its status.
(3) proof of identification
It is proved to be a process for ensureing information accuracy, is platform properties of the platform to influence completeness of platform
Prove.The proof of form of ownership is required for the reliable evidence of entity to be proved.Substantially, it means that a credible platform
Attack should can be protected, has the ability to prove the integrality of its platform code and data, protection, dimension are realized in the execution to code
Protect the confidentiality of sensitive information.In order to ensure credible, a credible platform can reliably measure any category about its own
Property index and prove it.Some useful ATTRIBUTE INDEXs include software and the arbitrary hardware device that platform loads.User will
It is whether consistent with the confidence values individually obtained to determine whether this platform is credible that these ATTRIBUTE INDEXs must be audited
's.
So TCG software stack must include cryptographic algorithm, key management, certificate management, cipher protocol, close
The contents such as code service, for the integrality of platform itself, identity is credible and Information Security provides password and supported.
Verifying completeness of platform includes integrity measurement, storage and the aspect of report three.Integrity measurement refers to computation measure
Value, records the event to event log, and metric is charged in corresponding PCR.Integrity measurement is to ensure trust computing
The credible introducing of platform, it refers to any entity for going for platform courses power, will spent before control is obtained
Amount.Integrity report refers to that TCM provides the metric of the integrality of platform or section components, day in its protection zone to verifier
Metrology event and related certificate, verifier in will can judge the state of platform by integrity report.Verifier can lead to
Cross analysis integrity measurement event log information and judge whether the PCR value comes from correct metrics process.Platform is to external entity
The function of integrity measurement value report is provided, the metric reported is as the foundation for judging platform credible.Detailed process is such as
Under:
1. going for the external entity of platform courses power, request platform sends integrity measurement report;
2. the request that the credible calculating platform receiving entity based on autonomous password is sent;
3. the credible password module in credible platform collects PCR value;
4. PIK (signature key) carries out signature to PCR value and returns to external entity;
5. external entity verifies PIK certificates and PCR signatures;
6. external entity compares PCR value and completeness of platform a reference value, judge that current platform state can be insincere.
For user by calling TCM_Create_WrapKey orders, TCM produces symmetric cryptographic key or key pair, and uses
The encryption storage of one-level key.Two passwords can be set to use password and migration password when creating key.It is used to add using password
The close and use mandate of decryption oprerations, but do not allow to find that actual password value migrates password to user in a specific public key
One key of lower migration is authorized.
When user needs to use the key, TCM_LoadKey orders are called, with father's secret key decryption and it is loaded into one
Individual idle region, keyhandle is returned to, for users to use.
The NM technology of the present invention is prior art.
Claims (10)
- A kind of 1. construction method of trusted computer platform software stack function structure, it is characterised in that:Trusted computer platform is soft The construction method of part stack function structure includes:(1) key management:User is by calling the hardware module TCM_CreateWrapKey orders of credible calculating platform, TCM productions Raw symmetric cryptographic key or ECC keys pair, and encrypted and stored with upper level key;Password and migration are set using when creating key Password, the use mandate of encrypt and decrypt operation is used for using password, but does not allow the migration password pair for finding actual password value User's migration key under a specific public key is authorized;When user needs to use the key, TCM_ is called LoadWrapKey orders, TCM are loaded into an idle region with father's secret key decryption and by it, return to keyhandle, for Family uses;(2) cryptography service:The cryptographic algorithm being equipped with trusted computer platform include Generating Random Number, hash algorithm, Message Authentication Code algorithm, symmetric cryptographic algorithm and asymmetric cryptographic algorithm;(3) safety storage:TCM provides the secure storage function for key and other sensitive datas, ensures what is be stored therein Key and sensitive information will not be destroyed, change and leak, and unauthorized uses;(4) integrity verification:Trusted computer platform integrity verification includes integrity measurement, storage and the aspect of report three;It is complete Whole property measurement refers to computing metric, records the event to event log, and metric is charged to corresponding platform configuration and deposited In device PCR;Integrity report refers to that TCM provides the measurement of the integrality of platform or section components in its protection zone to verifier The certificate of value, the metrology event in daily record and correlation, verifier can judge the state of platform by integrity report;Verifier It can judge whether the PCR value comes from correct metrics process by analyzing integrity measurement event log information;Trusted computer Platform provides the function of integrity measurement value report to external entity, the metric reported as judge platform credible according to According to;(5) authorized agreement:Any entity can submit TCM orders, and the exchange that a safety is formed between entity and TCM platforms is led to Road, TCM orders and returning result are submitted by this communication channel;Communication channel is handed over for the information completed towards session Change and follow request-response semantics, the integrity verification of authorization identifying, information between protocol realization external entity and TCM and The Confidentiality protection of sensitive data;(6) certificate management:Digital certificate uses RSA arithmetic, i.e., is encrypted, solved using a pair of keys to match each other It is close;Each user oneself setting one it is specific, be only my known proprietary secret key and private key, be decrypted and sign with it together When setting one public keys public key and by I openly, for encrypting and verifying signature.
- 2. the construction method of trusted computer platform software stack function structure according to claim 1, it is characterised in that:Institute State in (1) key management, reduce key management level by introducing symmetry algorithm and " user subject " concept, simplify key storage Protection, and use three-level cipher key management scheme:A, crypto module key, storage master key, the authorization data of platform owner are directly deposited in inside credible password module, Protected by the physical security measures of credible password module;B, the information structure entity identification data block such as entity encryption key, entity authentication key, object authority data, by storage root Key encipherment protection, is stored in outside TCM;Various application keys that entity possesses, P instrument etc. are protected by entity encryption keys Shield, is stored in outside TCM, platform controls access of the user to key by setting the permissions data of entity;C, one of TCM function is exactly to create SMI symmetric keys and ECC unsymmetrical key pair, and the details of these keys exist It will be stored in after establishment in TCM, but because TCM space is limited, they are put into depositing for outside in an encrypted form if necessary In storage area, when to use this key, the load step in as above saving is loaded into TCM to be used again.
- 3. the construction method of trusted computer platform software stack function structure according to claim 1, it is characterised in that:Institute State in (1) key management, migration key must occur in controlled environment, ensure key only from a shielded ring of hardware Border is transferred in the shielded environment of another hardware.
- 4. the construction method of trusted computer platform software stack function structure according to claim 1, it is characterised in that:Institute State (2) cryptography service in, Generating Random Number be one-way hash function by one it is uncertain input the criminal's of becoming byte The random number of length;Symmetric cryptographic algorithm generates encryption key to introduce symmetric encipherment algorithm, using symmetric encipherment algorithm, and carries out in TCM The encryption and decryption operation in portion;Asymmetric cryptographic algorithm includes public key cryptography and secret key cipher, and public key algorithm is ECC cryptographic algorithms, and key bit length is M, ECC cryptographic algorithm include key to generation, signature/verification algorithm, enciphering and deciphering algorithm and key agreement etc., and key is to life As ECC key pair, including private key d and public key Q, wherein d are a random positive integer less than n-1, and Q is elliptic curve A non-infinite point on E, and meet Q=dG, G is a basic point in curve;Hash algorithm is SMZ, and for the message that given length is k, hash algorithm is cut out by filling, Iteration Contraction and choosing, raw Into Hash Value, the message block length of preprocessed mistake is bit, and Hash Value length is bit, and message compression is by hash function Unique digital information, ensures the legitimacy and security of original message, and SMZ is one-way encryption function, and for arbitrarily long The message of degree will all generate the Hash Value of same length after processing so that it is more convenient to compare origination message, believes for secret Breath only needs to preserve its Hash Value, on the one hand, and the Hash Value of storage, which can not be decrypted, makes raw information fully be protected, even if Without worrying that Hash Value is maliciously intercepted in transmitting procedure, on the other hand, the more convenient safety of comparison information;Message Authentication Code algorithm HMAC needs an encryption hash function and a key.
- 5. the construction method of trusted computer platform software stack function structure according to claim 4, it is characterised in that:Institute State during (3) store safely to store safely and include following several ways:A, bind:One message is encrypted using public key, recipient is decrypted using private key, is a kind of traditional encryption side Formula, if a key is not transportable key, and some it is specific bind, in TCM can not migration key it is main For signing;B, signature adds and helped:A signature is produced using private key, for protecting the integrality of a message;Signature key is produced by TCM Raw and management, for being signed to information, the ciphertext containing platform identification can be obtained with certain signature algorithm by it, It is typically not transportable;Some of keys are defined as signature key, then the key can only be signed, and can not be used for Cryptographic operation;C, seal:Platform status information, i.e., some PCR values are added when message is encrypted.Message is carried out in recipient During decryption, it need to first judge that the platform status of decryption side is identical with PCR value during encryption, otherwise cannot be decrypted.D, seal signature:Connected during signature with some PCR value, platform has reached certain state and needed when being signed with explanation Ask.
- 6. the construction method of the trusted computer platform software stack function structure according to claim 1-5 any one, its It is characterised by:(5) authorized agreement also includes:A, authorization data:Key, sensitive data and the other data for needing storage protection of platform interior are referred to as object, each right As that must have corresponding authorization data, an authorization data can correspond to multiple objects, it is necessary to pass through the checking of authorization data Object could be accessed.The authorization data of object, inputted by user from platform, after hash algorithm carries out length normalization method processing Storage;The SMK of TCM owner authentication code is held in itself by TCM, and the authentication code of each entity be by entity in itself Hold, TCM is using authentication code as the complete evidence for being able to verify that entity identities.No longer need other verifications, it is known that object Authorizationdata mean that with access to the TCM objects any entity of requestor preserves authorization data at it Place also needs to extra protection and request, and TCM need not;B, authorisation session:Any entity may all engage in the dialogue with TCM, to provide one to the dialogue between entity and TCM platforms The passage of bar safety, the safe transmission of interaction data and result can be ensured by this passage, due to depositing for this demand Authen session is being introduced, the purpose that session is established is to ensure that the access to TCM objects is by certification, and it is used The protocol of random number by turns, Replay Attack can be prevented;C, agreement flow:The purpose of authorized agreement and mechanism is to prove that requestor has the right to perform order and using one to TCM A little objects.
- 7. the construction method of trusted computer platform software stack function structure according to claim 6, it is characterised in that:Institute The agreement for stating agreement flow meets following require:1) AP sessions are initiated with TCM_AP_CREATE orders, are terminated with TCM_AP_TERMINATE;2) agreement provides authentication mechanism and generates session key by shared secret of AuthData, and based on session key generation school Value is tested, to judge whether caller possesses the authority to a certain entity;3) agreement provides integrity protection mechanism.The packet in funcall stage has been carried out with the session key that both sides share Whole property protection;4) it is calculated as option in TCMAPCREATE orders;5) agreement provides optional Confidentiality protection mechanism, as needed with the session key that both sides share to the funcall stage Packet be encrypted protection, IfEncrypted for whether the mark that communication data packet is encrypted, under special circumstances Oneself is encrypted in itself for communication data, such as key migration, can select not encrypt communication data, described in table for packet Encrypted situation;6) it be anti-replay sequence number that agreement, which provides anti-replay mechanism seqNonce, by TCM generations and external callers and TCM it Between share, the respective maintenance sequence number of both sides, a data packet number is often sent from increasing 1, to prevent replay attack.
- 8. the construction method of the trusted computer platform software stack function structure according to claim 1-5 any one, its It is characterised by:In (6) certificate management, when sending a classified document, sender is using the public key of recipient to data Encryption, and recipient is then decrypted using the private key of oneself, such information can arrives at safe and punctually;By using Digital certificate, user can be ensured as follows:Information is not being passed in addition to sender and recipient by other people's steal informations Sender is not tampered with during defeated to confirm the identity sender of recipient for the information of oneself by digital certificate Information can not be denied from after digital signature untill receiving, not make any modification, the file signed and issued is authentic document.
- 9. the construction method of trusted computer platform software stack function structure according to claim 8, it is characterised in that:Number Word certificate uses public-key mechanism, and the program that certification authority provides produces a pair of secret keys for user, and one is disclosed public key, It will announce in the digital certificate of user and is deposited at digital certificate authentication center, and another is private private key, and it will be deposited It is placed on the computer of user.
- 10. the construction method of trusted computer platform software stack function structure according to claim 9, it is characterised in that: The digital certificate will carry out differentiating communication and secret communication, differentiate that communication is carried out for sender using the private key of oneself to plaintext Ciphertext is decrypted using the public key of sender by encryption, recipient;Secret communication is the public key pair that sender uses recipient It is encrypted in plain text, ciphertext is decrypted using the private key of oneself for reciever.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710962366.0A CN107766724A (en) | 2017-10-17 | 2017-10-17 | A kind of construction method of trusted computer platform software stack function structure |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710962366.0A CN107766724A (en) | 2017-10-17 | 2017-10-17 | A kind of construction method of trusted computer platform software stack function structure |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107766724A true CN107766724A (en) | 2018-03-06 |
Family
ID=61269557
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710962366.0A Pending CN107766724A (en) | 2017-10-17 | 2017-10-17 | A kind of construction method of trusted computer platform software stack function structure |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107766724A (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109445328A (en) * | 2018-10-22 | 2019-03-08 | 北京广利核***工程有限公司 | Nuclear power plant instrument control system prevents Replay Attack method and apparatus |
| CN109743174A (en) * | 2018-12-21 | 2019-05-10 | 积成电子股份有限公司 | The monitoring and managing method that electric power monitoring security management and control system program updates |
| CN109948354A (en) * | 2019-03-19 | 2019-06-28 | 南京大学 | A kind of cross-platform method that cryptographic check is carried out to file using hardware isolated environment |
| CN110635904A (en) * | 2019-09-16 | 2019-12-31 | 绍兴文理学院 | Remote attestation method and system for software-defined Internet of things node |
| CN110704359A (en) * | 2019-08-14 | 2020-01-17 | 北京中电华大电子设计有限责任公司 | High-safety low-power-consumption communication method of dual-core chip |
| CN111414625A (en) * | 2020-04-01 | 2020-07-14 | 中国人民解放军国防科技大学 | Method and system for realizing computer trusted software stack supporting active trusted capability |
| CN111506915A (en) * | 2019-01-31 | 2020-08-07 | 阿里巴巴集团控股有限公司 | Authorized access control method, device and system |
| CN111651740A (en) * | 2020-05-26 | 2020-09-11 | 西安电子科技大学 | Trusted platform sharing system for distributed intelligent embedded system |
| CN112069535A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Dual-system safety intelligent terminal architecture based on access partition physical isolation |
| CN112468448A (en) * | 2020-11-05 | 2021-03-09 | 中国电子信息产业集团有限公司 | Processing method and device of communication network, electronic equipment and readable storage medium |
| CN112514321A (en) * | 2018-05-31 | 2021-03-16 | 爱迪德技术有限公司 | Shared secret establishment |
| CN112631177A (en) * | 2020-12-13 | 2021-04-09 | 贵州省通信产业服务有限公司 | Agricultural data acquisition device based on hardware encryption transmission |
| CN113282910A (en) * | 2021-04-22 | 2021-08-20 | 中国科学院软件研究所 | Root key protection method for trusted computing trust root |
| CN113645229A (en) * | 2018-06-06 | 2021-11-12 | 北京八分量信息科技有限公司 | Authentication system and method based on credible confirmation |
| CN113711532A (en) * | 2019-01-30 | 2021-11-26 | 诺基亚通信公司 | Distributed or cloud computing system information |
| US11240008B2 (en) | 2019-03-22 | 2022-02-01 | Advanced New Technologies Co., Ltd. | Key management method, security chip, service server and information system |
| CN114006729A (en) * | 2021-09-29 | 2022-02-01 | 广东电网有限责任公司电力调度控制中心 | Low-voltage power line carrier communication trusted access management method and system |
| CN114024705A (en) * | 2020-10-30 | 2022-02-08 | 北京八分量信息科技有限公司 | Trust architecture aiming at node dynamics |
| CN114124506A (en) * | 2021-11-16 | 2022-03-01 | 北京八分量信息科技有限公司 | Method for realizing trusted security protocol based on trusted computing |
| CN114115836A (en) * | 2022-01-28 | 2022-03-01 | 麒麟软件有限公司 | Design method and system of trusted TCM software stack based on Linux operating system |
| CN114762290A (en) * | 2019-12-06 | 2022-07-15 | 三星电子株式会社 | Method and electronic device for managing digital key |
| WO2022161182A1 (en) * | 2021-01-27 | 2022-08-04 | 支付宝(杭州)信息技术有限公司 | Trusted computing method and apparatus based on data stream |
| CN114884986A (en) * | 2022-04-21 | 2022-08-09 | 武汉芯鑫微电子有限公司 | Private protocol LoT control system and method based on SoC |
| CN114978774A (en) * | 2022-07-28 | 2022-08-30 | 四川九洲空管科技有限责任公司 | Multi-level key management method based on nested protection structure |
| CN115022093A (en) * | 2022-08-05 | 2022-09-06 | 确信信息股份有限公司 | Trusted CPU key calculation method and system based on multi-stage key |
| CN115378740A (en) * | 2022-10-25 | 2022-11-22 | 麒麟软件有限公司 | Method for realizing bidirectional authentication login based on trusted opennsh |
| CN116490868A (en) * | 2020-10-09 | 2023-07-25 | 华为技术有限公司 | System and method for secure and fast machine learning reasoning in trusted execution environments |
-
2017
- 2017-10-17 CN CN201710962366.0A patent/CN107766724A/en active Pending
Cited By (38)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112514321A (en) * | 2018-05-31 | 2021-03-16 | 爱迪德技术有限公司 | Shared secret establishment |
| CN113645229A (en) * | 2018-06-06 | 2021-11-12 | 北京八分量信息科技有限公司 | Authentication system and method based on credible confirmation |
| CN109445328B (en) * | 2018-10-22 | 2021-07-16 | 北京广利核***工程有限公司 | Method and device for preventing replay attack of instrument control system of nuclear power station |
| CN109445328A (en) * | 2018-10-22 | 2019-03-08 | 北京广利核***工程有限公司 | Nuclear power plant instrument control system prevents Replay Attack method and apparatus |
| CN109743174A (en) * | 2018-12-21 | 2019-05-10 | 积成电子股份有限公司 | The monitoring and managing method that electric power monitoring security management and control system program updates |
| CN113711532A (en) * | 2019-01-30 | 2021-11-26 | 诺基亚通信公司 | Distributed or cloud computing system information |
| CN111506915A (en) * | 2019-01-31 | 2020-08-07 | 阿里巴巴集团控股有限公司 | Authorized access control method, device and system |
| CN111506915B (en) * | 2019-01-31 | 2023-05-02 | 阿里巴巴集团控股有限公司 | Authorized access control method, device and system |
| CN109948354A (en) * | 2019-03-19 | 2019-06-28 | 南京大学 | A kind of cross-platform method that cryptographic check is carried out to file using hardware isolated environment |
| US11240008B2 (en) | 2019-03-22 | 2022-02-01 | Advanced New Technologies Co., Ltd. | Key management method, security chip, service server and information system |
| CN110704359A (en) * | 2019-08-14 | 2020-01-17 | 北京中电华大电子设计有限责任公司 | High-safety low-power-consumption communication method of dual-core chip |
| CN110635904B (en) * | 2019-09-16 | 2020-07-31 | 绍兴文理学院 | Remote attestation method and system for software-defined Internet of things node |
| CN110635904A (en) * | 2019-09-16 | 2019-12-31 | 绍兴文理学院 | Remote attestation method and system for software-defined Internet of things node |
| CN114762290B (en) * | 2019-12-06 | 2024-04-19 | 三星电子株式会社 | Method and electronic device for managing digital key |
| CN114762290A (en) * | 2019-12-06 | 2022-07-15 | 三星电子株式会社 | Method and electronic device for managing digital key |
| CN111414625A (en) * | 2020-04-01 | 2020-07-14 | 中国人民解放军国防科技大学 | Method and system for realizing computer trusted software stack supporting active trusted capability |
| CN111414625B (en) * | 2020-04-01 | 2023-09-22 | 中国人民解放军国防科技大学 | Method and system for realizing computer trusted software stack supporting active trusted capability |
| CN111651740B (en) * | 2020-05-26 | 2023-04-07 | 西安电子科技大学 | Trusted platform sharing system for distributed intelligent embedded system |
| CN111651740A (en) * | 2020-05-26 | 2020-09-11 | 西安电子科技大学 | Trusted platform sharing system for distributed intelligent embedded system |
| CN112069535B (en) * | 2020-08-13 | 2023-01-31 | 中国电子科技集团公司第三十研究所 | Dual-system safety intelligent terminal architecture based on access partition physical isolation |
| CN112069535A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Dual-system safety intelligent terminal architecture based on access partition physical isolation |
| CN116490868A (en) * | 2020-10-09 | 2023-07-25 | 华为技术有限公司 | System and method for secure and fast machine learning reasoning in trusted execution environments |
| CN114024705B (en) * | 2020-10-30 | 2024-02-20 | 北京八分量信息科技有限公司 | Trust architecture for node dynamics |
| CN114024705A (en) * | 2020-10-30 | 2022-02-08 | 北京八分量信息科技有限公司 | Trust architecture aiming at node dynamics |
| CN112468448B (en) * | 2020-11-05 | 2023-08-08 | 中国电子信息产业集团有限公司 | Processing method and device of communication network, electronic equipment and readable storage medium |
| CN112468448A (en) * | 2020-11-05 | 2021-03-09 | 中国电子信息产业集团有限公司 | Processing method and device of communication network, electronic equipment and readable storage medium |
| CN112631177A (en) * | 2020-12-13 | 2021-04-09 | 贵州省通信产业服务有限公司 | Agricultural data acquisition device based on hardware encryption transmission |
| WO2022161182A1 (en) * | 2021-01-27 | 2022-08-04 | 支付宝(杭州)信息技术有限公司 | Trusted computing method and apparatus based on data stream |
| CN113282910A (en) * | 2021-04-22 | 2021-08-20 | 中国科学院软件研究所 | Root key protection method for trusted computing trust root |
| CN113282910B (en) * | 2021-04-22 | 2023-07-18 | 中国科学院软件研究所 | Root key protection method for trusted computing trust root |
| CN114006729A (en) * | 2021-09-29 | 2022-02-01 | 广东电网有限责任公司电力调度控制中心 | Low-voltage power line carrier communication trusted access management method and system |
| CN114006729B (en) * | 2021-09-29 | 2023-12-01 | 广东电网有限责任公司电力调度控制中心 | Trusted access management method and system for power line carrier communication |
| CN114124506A (en) * | 2021-11-16 | 2022-03-01 | 北京八分量信息科技有限公司 | Method for realizing trusted security protocol based on trusted computing |
| CN114115836A (en) * | 2022-01-28 | 2022-03-01 | 麒麟软件有限公司 | Design method and system of trusted TCM software stack based on Linux operating system |
| CN114884986A (en) * | 2022-04-21 | 2022-08-09 | 武汉芯鑫微电子有限公司 | Private protocol LoT control system and method based on SoC |
| CN114978774A (en) * | 2022-07-28 | 2022-08-30 | 四川九洲空管科技有限责任公司 | Multi-level key management method based on nested protection structure |
| CN115022093A (en) * | 2022-08-05 | 2022-09-06 | 确信信息股份有限公司 | Trusted CPU key calculation method and system based on multi-stage key |
| CN115378740A (en) * | 2022-10-25 | 2022-11-22 | 麒麟软件有限公司 | Method for realizing bidirectional authentication login based on trusted opennsh |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107766724A (en) | A kind of construction method of trusted computer platform software stack function structure | |
| US20190089527A1 (en) | System and method of enforcing a computer policy | |
| CN109361668A (en) | A kind of data trusted transmission method | |
| US7526649B2 (en) | Session key exchange | |
| US20040098591A1 (en) | Secure hardware device authentication method | |
| CN108418691A (en) | Dynamic network identity identifying method based on SGX | |
| JPH06223041A (en) | Rarge-area environment user certification system | |
| CN103856478A (en) | Certificate signing and issuing method of trusted network, attestation method of trusted network and corresponding devices | |
| US10263782B2 (en) | Soft-token authentication system | |
| CN106953732B (en) | Key management system and method for chip card | |
| CN114692218A (en) | Electronic signature method, equipment and system for individual user | |
| CN106973056A (en) | The safety chip and its encryption method of a kind of object-oriented | |
| CN111859446A (en) | Agricultural product traceability information sharing-privacy protection method and system | |
| CN114553603B (en) | Novel data credible decryption method based on privacy calculation | |
| CN113726733B (en) | Encryption intelligent contract privacy protection method based on trusted execution environment | |
| CN114679270B (en) | Data cross-domain encryption and decryption method based on privacy calculation | |
| CN109150906A (en) | A kind of real-time data communication safety method | |
| CN106953731A (en) | The authentication method and system of a kind of terminal management person | |
| CN105933117A (en) | Data encryption and decryption device and method based on TPM (Trusted Platform Module) key security storage | |
| CN105873043B (en) | Method and system for generating and applying network private key for mobile terminal | |
| CN113297563B (en) | Method and device for accessing privileged resources of system on chip and system on chip | |
| CN111327415A (en) | Alliance link data protection method and device | |
| CN105049433B (en) | Markization card number information transmits verification method and system | |
| CN110535632A (en) | Based on unsymmetrical key pond to and DH agreement quantum communications service station AKA cryptographic key negotiation method and system | |
| CN111600870B (en) | Bidirectional communication authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180306 |
|
| RJ01 | Rejection of invention patent application after publication |