[go: up one dir, main page]

CN101477602A - Remote proving method in trusted computation environment - Google Patents

Remote proving method in trusted computation environment Download PDF

Info

Publication number
CN101477602A
CN101477602A CN 200910013697 CN200910013697A CN101477602A CN 101477602 A CN101477602 A CN 101477602A CN 200910013697 CN200910013697 CN 200910013697 CN 200910013697 A CN200910013697 A CN 200910013697A CN 101477602 A CN101477602 A CN 101477602A
Authority
CN
China
Prior art keywords
measurement
platform
value
pcr
verification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN 200910013697
Other languages
Chinese (zh)
Inventor
李清玉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IEIT Systems Co Ltd
Original Assignee
Langchao Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Langchao Electronic Information Industry Co Ltd filed Critical Langchao Electronic Information Industry Co Ltd
Priority to CN 200910013697 priority Critical patent/CN101477602A/en
Publication of CN101477602A publication Critical patent/CN101477602A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明提供一种可信计算环境中远程证明的方法,是采用会话加密密钥对被验证可信平台的完整性度量值和度量日志加密,并对加密结果数字签名,该方法基于安全芯片TPM/TCM,所采用的远程证明架构由完整性度量机制、报告机制和验证机制三部分组成,分别由完整性度量代理、报告代理和验证请求者完成,其中度量代理、报告代理和安全芯片安装在被验证的可信平台中,该方法能够保证被验证可信平台的完整性度量值和度量日志的真实性和平台的隐私性,和有效防范重放攻击、假冒攻击和中间人攻击,能用于向验证请求者证明平台运行环境是可信的或用于平台运行环境的自身检测,而且能用于向验证请求者证明平台运行环境是可信的,并可用于平台运行环境的自身检测,更适合于公平、开放的网络环境。

Figure 200910013697

The invention provides a method for remote certification in a trusted computing environment, which uses a session encryption key to encrypt the integrity measurement value and measurement log of the verified trusted platform, and digitally signs the encrypted result. The method is based on a security chip TPM /TCM, the remote attestation architecture adopted is composed of three parts: integrity measurement mechanism, reporting mechanism and verification mechanism, which are respectively completed by integrity measurement agent, reporting agent and verification requester, wherein the measurement agent, reporting agent and security chip are installed in In the verified trusted platform, the method can guarantee the authenticity of the integrity measurement value and the measurement log of the verified trusted platform and the privacy of the platform, and effectively prevent replay attacks, impersonation attacks and man-in-the-middle attacks, and can be used for Prove to the verification requester that the platform operating environment is credible or used for self-testing of the platform operating environment, and can be used to prove to the verification requester that the platform operating environment is credible and can be used for self-testing of the platform operating environment. Suitable for a fair and open network environment.

Figure 200910013697

Description

一种可信计算环境中远程证明的方法 A Method of Remote Attestation in Trusted Computing Environment

技术领域 technical field

本发明涉及一种可信计算环境中远程证明的方法,属于计算机信息安全可信计算领域。The invention relates to a remote attestation method in a trusted computing environment, which belongs to the field of computer information security trusted computing.

背景技术 Background technique

分布式应用对开放系统环境下的计算平台的安全性要求越来越高,分布式应用中包括众多的利益和安全冲突方,因此建立平台间的相互信任,证明计算环境可信已经成为当前信息安全的一大迫切需求。另一方面,运行有恶意程序代码的计算平台表现出任意的攻击行为,如拜占庭攻击(Byzantine attack),这使得平台之间无法保持长久的静态信任。目前,通用的思路是使用远程证明来标识远程平台运行的软件配置和状态,以至于计算环境状态,检测出被损坏的参与平台,保证可信运行环境的平台间的正常通信。可信计算组织TCG(Trusted ComputingGroup)制定了可信计算平台、可信存储和可信网络连接等一系列相关规范,其方法是在主机平台、移动平台和嵌入式平台上安装专用的安全芯片TPM(TrustedPlatform Module,可信平台模块),以此为系统信任根解决可信计算平台信任的建立和证明问题。我国也制定了具有自主知识产权的可信密码模块TCM(TrustedCryptography Module)相关标准,国内IT厂商相继研制出支持TCM标准的安全芯片。与TPM规范和芯片类似,TCM标准和芯片同样支持可信计算平台计算环境的证明。在此,将TPM/TCM的这种证明平台可信状态的安全功能统称远程证明(RemoteAttestation,RA)。Distributed applications have higher and higher security requirements for computing platforms in an open system environment. Distributed applications include many interests and security conflicting parties. Therefore, establishing mutual trust between platforms and proving that the computing environment is credible has become the current information A major imperative for security. On the other hand, computing platforms running malicious program codes exhibit arbitrary attack behaviors, such as Byzantine attacks, which make it impossible to maintain long-term static trust between platforms. At present, the general idea is to use remote attestation to identify the software configuration and status of remote platforms, so as to calculate the environment status, detect damaged participating platforms, and ensure normal communication between platforms in trusted operating environments. The trusted computing organization TCG (Trusted Computing Group) has formulated a series of related specifications such as trusted computing platforms, trusted storage, and trusted network connections. The method is to install a dedicated security chip TPM on the host platform, mobile platform, and embedded platform. (TrustedPlatform Module, Trusted Platform Module), which is used as the root of trust of the system to solve the problem of establishing and proving the trust of the trusted computing platform. my country has also formulated the relevant standards of TCM (Trusted Cryptography Module) with independent intellectual property rights, and domestic IT manufacturers have successively developed security chips that support the TCM standard. Similar to TPM specifications and chips, TCM standards and chips also support the certification of trusted computing platform computing environments. Here, the security function of the TPM/TCM for proving the trusted state of the platform is collectively referred to as Remote Attestation (Remote Attestation, RA).

远程证明RA是发出验证请求的一方即验证请求者,验证并确认远程平台的身份和平台状态配置信息的过程。RA以完整性的度量、存储和报告为基础,其中,完整性度量与存储是指计算部件的度量值,记录该事件到度量日志,并把度量值记入平台配置寄存器PCR中;完整性报告是指可信计算平台向验证请求者提供平台或部分完整性度量值的过程。报告完整性度量值时,平台身份密钥应对完整性度量值数字签名。验证请求者通过验证签名的有效性以及校验完整性度量值来判断该平台的可信性。Remote attestation RA is the process of verifying and confirming the identity of the remote platform and the configuration information of the platform status by the party that sends the verification request, that is, the verification requester. RA is based on integrity measurement, storage and reporting, wherein, integrity measurement and storage refers to the measurement value of the calculation component, records the event to the measurement log, and records the measurement value into the platform configuration register PCR; integrity report Refers to the process by which a trusted computing platform provides platform or part integrity metrics to a verification requester. When reporting integrity metrics, the platform identity key shall digitally sign the integrity metrics. The verification requester judges the credibility of the platform by verifying the validity of the signature and verifying the integrity measurement value.

远程证明是可信计算领域重要的研究问题之一。TCG框架下的远程证明方案得到了国内外众多学者、研究机构的广泛关注,众多的研究成果中较为典型的有IBM研究院提出的完整性度量框架IMA(Integrity Measurement Architecture)。现有的远程证明方案都是由验证请求者发出验证请求,度量和证明缺乏一致性和可扩展性,不能保证完整性度量值的真实性和平台的隐私性,缺乏对重放攻击、假冒攻击和中间人攻击的防范能力。Remote attestation is one of the important research issues in the field of trusted computing. The remote attestation scheme under the TCG framework has received extensive attention from many scholars and research institutions at home and abroad. Among the many research results, the integrity measurement framework IMA (Integrity Measurement Architecture) proposed by IBM Research is more typical. Existing remote attestation schemes are issued by the verification requester. The measurement and proof lack consistency and scalability, cannot guarantee the authenticity of the integrity measurement value and the privacy of the platform, and lack protection against replay attacks and impersonation attacks. and protection against man-in-the-middle attacks.

发明内容 Contents of the invention

本发明的目的是在于改进可信计算组织TCG在可信平台模块TPM规范中所提出的远程证明机制,提出一种新的可信计算环境中远程证明的方法,该方法是采用会话加密密钥对被验证可信平台的完整性度量值和度量日志加密,并对加密结果数字签名,保证被验证可信平台的完整性度量值和度量日志的真实性和平台的隐私性,能够有效防范重放攻击、假冒攻击和中间人攻击,能用于向验证请求者证明平台运行环境是可信的,还可用于平台运行环境的自身检测。The purpose of the present invention is to improve the remote attestation mechanism proposed by Trusted Computing Group TCG in the Trusted Platform Module TPM specification, and propose a new method for remote attestation in a trusted computing environment, which uses a session encryption key Encrypt the integrity measurement value and measurement log of the verified trusted platform, and digitally sign the encrypted result to ensure the authenticity of the integrity measurement value and measurement log of the verified trusted platform and the privacy of the platform, which can effectively prevent duplication Release attacks, impersonation attacks and man-in-the-middle attacks can be used to prove to the verification requester that the platform operating environment is credible, and can also be used for self-detection of the platform operating environment.

本方法基于安全芯片TPM/TCM,所采用的远程证明架构由完整性度量机制、报告机制和验证机制三部分组成,分别由完整性度量代理、报告代理和验证请求者完成,其中度量代理、报告代理和安全芯片安装在被验证的可信平台中。在被验证的可信平台中有一个有效的身份证书,它绑定被验证可信平台的身份密钥PIKpub。其中,This method is based on the security chip TPM/TCM, and the adopted remote attestation architecture consists of three parts: integrity measurement mechanism, reporting mechanism and verification mechanism, which are respectively completed by integrity measurement agent, reporting agent and verification requester, wherein measurement agent, report Agents and security chips are installed in verified and trusted platforms. There is a valid identity certificate in the verified trusted platform, which binds the identity key PIK pub of the verified trusted platform. in,

(1)度量代理:决定度量的客体、度量时间和如何安全地维护度量值。其主要功能是计算部件的度量值,记录该度量事件到度量日志中,并把度量值记入安全芯片内相应的平台配置寄存器PCR中。记入的方法是:新PCR值=密码杂凑算法(原PCR值||度量值)。度量日志至少包括但不限于:度量者信息、被度量者信息、原PCR值、度量值、新PCR值、完成时间。度量日志代表了被验证可信平台的完整性度量历史。(1) Measurement agent: determine the object of measurement, measurement time and how to maintain the measurement value safely. Its main function is to calculate the measurement value of the component, record the measurement event into the measurement log, and record the measurement value into the corresponding platform configuration register PCR in the security chip. The recording method is: new PCR value=cipher hash algorithm (original PCR value||metric value). The measurement log at least includes but is not limited to: measurer information, measureee information, original PCR value, measurement value, new PCR value, and completion time. The measurement log represents the integrity measurement history of the verified trusted platform.

(2)报告代理:向验证请求者提供平台或部分部件的完整性度量值,根据既定的密钥生成算法(如DH算法),生成会话加密密钥,对指定PCR值和指定PCR的相关度量日志信息加密,并使用平台身份密钥PIKpub所对应的私钥PIKprv对加密结果数字签名,将签名结果发送给验证请求者。(2) Reporting agent: Provide the integrity measurement value of the platform or some components to the verification requester, generate the session encryption key according to the established key generation algorithm (such as the DH algorithm), and the specified PCR value and the relevant measurement of the specified PCR The log information is encrypted, and the encrypted result is digitally signed using the private key PIK prv corresponding to the platform identity key PIK pub , and the signed result is sent to the verification requester.

(3)验证请求者:向被验证可信平台发送验证请求,对接收到的响应结果使用平台身份密钥PIKpub验证PCR值和度量日志的签名并解密。通过度量日志,重构整个完整性度量过程并计算杂凑值,将最终的PCR值与解密的PCR值进行比较。若两者相同,则可确认被验证可信平台的可信性;若两者不同,可以得出被验证可信平台的状态已经发生改变,不能确认其可信性。(3) Verification requester: Send a verification request to the verified trusted platform, use the platform identity key PIK pub to verify the signature of the PCR value and the measurement log and decrypt the received response result. Through the measurement log, reconstruct the entire integrity measurement process and calculate the hash value, and compare the final PCR value with the decrypted PCR value. If the two are the same, the credibility of the verified trusted platform can be confirmed; if the two are different, it can be concluded that the status of the verified trusted platform has changed, and its credibility cannot be confirmed.

具体的远程证明过程为:The specific remote attestation process is:

(1)验证请求者C生成不可预期的时间戳NC,对C和NC数字签名,然后发送验证请求消息C,NC

Figure A200910013697D0005085257QIETU
给被验证可信平台A;(1) The verification requester C generates an unpredictable timestamp N C , digitally signs C and N C , and then sends verification request messages C, N C ,
Figure A200910013697D0005085257QIETU
To the verified trusted platform A;

(2)接收到C的验证请求消息后,A请求可信第三方CA验证C证书的有效性和合法性;(2) After receiving C's verification request message, A requests a trusted third-party CA to verify the validity and legitimacy of C's certificate;

(3)证书验证通过后,CA将C的公钥证书发送给A;(3) After the certificate verification is passed, the CA sends C's public key certificate to A;

(4)A利用C的公钥PUBC验证签名

Figure A200910013697D00061
中的C和NC是否与消息中未签名的C和NC分别相同。若相同,则生成不可预期的时间戳NA,和NC根据既定的密钥生成算法(如DH算法)生成会话加密密钥SK。(4) A uses C's public key PUB C to verify the signature
Figure A200910013697D00061
Are the C and N C in the message the same as the unsigned C and N C in the message, respectively. If they are the same, an unpredictable time stamp N A is generated, and N C generates a session encryption key SK according to a predetermined key generation algorithm (such as a DH algorithm).

A从安全芯片TPM/TCM中获取指定PCR的值和指定PCR的相关度量日志ML,并用会话加密密钥SK对PCR值和度量日志ML加密,得到加密结果enc{PCR,ML}SK,并使用平台身份密钥PIKpub所对应的私钥PIKprv对身份标识A、不可预期时间戳NA、NC+1和加密结果enc{PCR,ML}SK数字签名,发送如下消息给C:A obtains the value of the specified PCR and the relevant measurement log ML of the specified PCR from the security chip TPM/TCM, and encrypts the PCR value and the measurement log ML with the session encryption key SK to obtain the encrypted result enc{PCR, ML} SK , and uses The private key PIK prv corresponding to the platform identity key PIK pub digitally signs the identity A, the unpredictable timestamp N A , N C +1 and the encryption result enc{PCR, ML} SK , and sends the following message to C:

AA ,, NN AA ,, sigsig {{ AA ,, NN AA ,, NN CC ++ 11 ,, encenc {{ PCRPCR ,, MLML }} SKSK }} PIKPIK prvprv

(5)接收到A的响应消息后,C通过CA验证A平台身份证书的有效性和合法性;(5) After receiving A's response message, C verifies the validity and legitimacy of A's platform identity certificate through CA;

(6)证书验证通过后,C利用A平台身份密钥PIKpub验证签名中的A和NA是否与消息中未签名的A和NA分别相同,并检查其中的NC与所发送的NC是否匹配。(6) After the certificate verification is passed, C uses the A platform identity key PIK pub to verify whether the A and N A in the signature are the same as the unsigned A and N A in the message, and check that the N C in it is the same as the sent N Whether C matches.

若NC匹配,C利用NA和NC根据既定的密钥生成算法(如DH算法)生成会话加密密钥SK,解密enc{PCR,ML}SK,得到PCR值和度量日志ML。If N C matches, C uses N A and N C to generate session encryption key SK according to a predetermined key generation algorithm (such as DH algorithm), decrypts enc{PCR, ML} SK , and obtains PCR value and measurement log ML.

C根据度量日志ML重构整个完整性度量过程,计算得到最终的PCR值,与解密得到的PCR值进行比较。若两者相同,则可确认被验证可信平台是可信的;否则,就认为被验证可信平台是不可信的。C reconstructs the entire integrity measurement process according to the measurement log ML, calculates the final PCR value, and compares it with the decrypted PCR value. If the two are the same, it can be confirmed that the verified trusted platform is trusted; otherwise, it is considered that the verified trusted platform is not trusted.

木发明的有益效果是:为解决基于完整性验证的可信平台远程证明机制中存在的不能有效防范重放攻击、假冒攻击和中间人攻击的缺陷,本发明专利提出一种新的远程证明方法,采用会话加密密钥对被验证可信平台的完整性度量值和度量日志加密,并对加密结果数字签名,保证被验证可信平台的完整性度量值和度量日志的真实性和平台的隐私性,不仅能够有效防范上述攻击方式,而且能用于向验证请求者证明平台运行环境是可信的,并可用于平台运行环境的自身检测,更适合于公平、开放的网络环境。The beneficial effect of the invention is: in order to solve the defects in the remote certification mechanism of the trusted platform based on integrity verification that cannot effectively prevent replay attacks, counterfeit attacks and man-in-the-middle attacks, the patent of the present invention proposes a new remote certification method, Use the session encryption key to encrypt the integrity measurement value and measurement log of the verified trusted platform, and digitally sign the encrypted result to ensure the authenticity of the integrity measurement value and measurement log of the verified trusted platform and the privacy of the platform , not only can effectively prevent the above attack methods, but also can be used to prove to the verification requester that the platform operating environment is credible, and can be used for self-testing of the platform operating environment, which is more suitable for a fair and open network environment.

附图说明 Description of drawings

图1是系统组成图,Figure 1 is a system composition diagram,

图2是远程证明过程图。Figure 2 is a diagram of the remote attestation process.

附图符号说明:Explanation of reference symbols:

验证请求者:C:         身份标识Verify the requester: C: Identity

            NC:        C生成的不可预期时间戳N C : Unexpected timestamp generated by C

            PUBC,PRVC:C持有的公私钥对PUB C , PRV C : the public-private key pair held by C

被验证可信平台:A:     身份标识Verified and trusted platform: A: Identity

NA:            A生成的不可预期时间戳N A : Unexpected timestamp generated by A

PIKpub,PIKprv:A持有的公私钥对PIK pub , PIK prv : the public-private key pair held by A

PCR:           平台配置寄存器,保存完整性度量值PCR: Platform configuration register, which holds integrity metrics

ML:            完整性度量日志ML: Integrity Metrics Log

可信第三方:CATrusted third party: CA

会话密钥:  SK,根据既定的密钥生成算法(如DH算法)生成操作:Session key: SK, according to the established key generation algorithm (such as DH algorithm) to generate operations:

数字签名:  sigDigital signature: sig

加密:      enc,使用对称加密算法进行加密。Encryption: enc, encrypted using a symmetric encryption algorithm.

具体实施方式 Detailed ways

以下通过具体的实施例和附图对本发明做详细的说明。The present invention will be described in detail below through specific embodiments and accompanying drawings.

本发明是一种可信计算环境中远程证明的方法,是采用安全芯片TPM/TCM,利用被验证可信平台和验证请求者所产生的不可预期时间戳,生成会话加密密钥,对被验证可信平台的完整性度量值和度量日志加密,并对身份标识、不可预期时间戳、加密结果数字签名,以保证被验证可信平台的完整性度量值和度量日志的真实性和平台的隐私性;通过度量日志,验证请求者重构被验证可信平台的完整性度量过程,计算并比较完整性度量值,实现被验证可信平台的远程证明,The present invention is a method for remote certification in a trusted computing environment. It uses a security chip TPM/TCM to generate a session encryption key by using the unanticipated time stamp generated by the verified trusted platform and the verification requester. The integrity measurement value and measurement log of the trusted platform are encrypted, and the identity, unpredictable time stamp, and encryption result are digitally signed to ensure the authenticity of the integrity measurement value and measurement log of the verified trusted platform and the privacy of the platform Through the measurement log, the verification requester reconstructs the integrity measurement process of the verified trusted platform, calculates and compares the integrity measurement value, and realizes the remote proof of the verified trusted platform.

本发明的方法,包括被验证可信平台A和验证请求者C,其中被验证可信平台A安装有安全芯片TPM/TCM、度量代理和报告代理,其中:The method of the present invention includes a verified trusted platform A and a verified requester C, wherein the verified trusted platform A is equipped with a security chip TPM/TCM, a measurement agent and a report agent, wherein:

(1)验证请求:C生成160位或256位的不可预期时间戳NC,对C和NC数字签名,然后发送验证请求消息

Figure A200910013697D00071
给被验证可信平台A;(1) Verification request: C generates a 160-bit or 256-bit unpredictable time stamp N C , digitally signs C and N C , and then sends a verification request message
Figure A200910013697D00071
To the verified trusted platform A;

(2)证书检查:接收到C的验证请求消息后,A请求可信第三方CA验证C证书的有效性和合法性;(2) Certificate check: After receiving C's verification request message, A requests a trusted third-party CA to verify the validity and legitimacy of C's certificate;

(3)证书发送:证书验证通过后,CA将C的公钥证书发送给A;(3) Certificate sending: After the certificate verification is passed, the CA sends C's public key certificate to A;

(4)度量报告:A利用C的公钥PUBC验证签名

Figure A200910013697D00072
中的C和NC是否与消息中未签名的C和NC分别相同。若相同,则生成160位或256位的不可预期时间戳NA,和NC根据既定的密钥生成算法(如DH算法)生成160位或256位的会话加密密钥SK。(4) Measurement report: A uses C's public key PUB C to verify the signature
Figure A200910013697D00072
Are the C and N C in the message the same as the unsigned C and N C in the message, respectively. If they are the same, a 160-bit or 256-bit unpredictable time stamp N A is generated, and N C generates a 160-bit or 256-bit session encryption key SK according to a predetermined key generation algorithm (eg, DH algorithm).

A从安全芯片TPM/TCM中获取指定PCR的值和指定PCR的相关度量日志ML,并用会话加密密钥SK对PCR值和度量日志ML加密,得到加密结果enc{PCR,ML}SK,并使用平台身份密钥PIKpub所对应的私钥PIKprv对身份标识A、不可预期时间戳NA、NC+1和加密结果enc{PCR,ML}SK数字签名,发送如下消息给C:A obtains the value of the specified PCR and the relevant measurement log ML of the specified PCR from the security chip TPM/TCM, and encrypts the PCR value and the measurement log ML with the session encryption key SK to obtain the encrypted result enc{PCR, ML} SK , and uses The private key PIK prv corresponding to the platform identity key PIK pub digitally signs the identity A, the unpredictable timestamp N A , N C +1 and the encryption result enc{PCR, ML} SK , and sends the following message to C:

AA ,, NN AA ,, sigsig {{ AA ,, NN AA ,, NN CC ++ 11 ,, encenc {{ PCRPCR ,, MLML }} SKSK }} PIKPIK prvprv

(5)证书检查:接收到A的响应消息后,C通过CA验证A平台身份证书的有效性和合法性;(5) Certificate check: After receiving A's response message, C verifies the validity and legitimacy of A's platform identity certificate through CA;

(6)远程证明:证书验证通过后,C利用A平台身份密钥PIKpub验证签名中A和NA是否与消息中未签名的A和NA分别相同,并检查其中的NC与所发送的NC是否匹配。(6) Remote proof: After the certificate verification is passed, C uses the A platform identity key PIK pub to verify whether the A and N A in the signature are the same as the unsigned A and N A in the message, and check that the N C in it is the same as the one sent Whether the N C matches.

若NC匹配,C利用NA和NC根据既定的密钥生成算法(如DH算法)生成会话加密密钥SK,解密enc{PCR,ML}SK,得到PCR值和度量日志ML。If N C matches, C uses N A and N C to generate session encryption key SK according to a predetermined key generation algorithm (such as DH algorithm), decrypts enc{PCR, ML} SK , and obtains PCR value and measurement log ML.

C根据度量日志ML重构整个完整性度量过程,计算得到最终的PCR值,与解密得到的PCR值进行比较。若两者相同,则可确认被验证可信平台是可信的;否则,就认为被验证可信平台是不可信的。C reconstructs the entire integrity measurement process according to the measurement log ML, calculates the final PCR value, and compares it with the decrypted PCR value. If the two are the same, it can be confirmed that the verified trusted platform is trusted; otherwise, it is considered that the verified trusted platform is not trusted.

11)验证请求者C根据度量日志ML重构整个完整性度量过程,计算得到最终的PCR值,与解密得到的PCR值进行比较,两者相同,则确认被验证可信平台是可信的;否则,就认为被验证可信平台是不可信的。11) The verification requester C reconstructs the entire integrity measurement process according to the measurement log ML, calculates the final PCR value, compares it with the decrypted PCR value, and if the two are the same, it confirms that the verified trusted platform is credible; Otherwise, the verified trusted platform is considered untrustworthy.

Claims (4)

1.一种可信计算环境中远程证明的方法,其特征在于,采用会话加密密钥对被验证可信平台的完整性度量值和度量日志加密,并对加密结果数字签名,保证被验证可信平台的完整性度量值和度量日志的真实性和平台的隐私性,和有效防范重放攻击、假冒攻击和中间人攻击,能用于向验证请求者证明平台运行环境是可信的或用于平台运行环境的自身检测,该方法基于安全芯片TPM/TCM,所采用的远程证明架构由完整性度量机制、报告机制和验证机制三部分组成,分别由完整性度量代理、报告代理和验证请求者完成,其中度量代理、报告代理和安全芯片安装在被验证的可信平台中,在被验证的可信平台中有一个有效的身份证书,它绑定被验证可信平台的身份密钥PIKpub,其中,1. A method for remote attestation in a trusted computing environment, characterized in that the integrity measurement value and the measurement log of the verified trusted platform are encrypted using a session encryption key, and the encrypted result is digitally signed to ensure that the verified The authenticity of the integrity measurement value of the trust platform and the measurement log and the privacy of the platform, and the effective prevention of replay attacks, counterfeit attacks and man-in-the-middle attacks can be used to prove to the verification requester that the platform operating environment is credible or used for Self-detection of the platform operating environment. This method is based on the security chip TPM/TCM. The remote attestation architecture adopted consists of three parts: integrity measurement mechanism, reporting mechanism and verification mechanism, which are respectively composed of integrity measurement agent, reporting agent and verification requester. Complete, where the measurement agent, reporting agent, and security chip are installed in the verified trusted platform, and there is a valid identity certificate in the verified trusted platform, which binds the identity key PIK pub of the verified trusted platform ,in, (1)度量代理:决定度量的客体、度量时间和如何安全地维护度量值,其功能是计算部件的度量值,记录该度量事件到度量日志中,并把度量值记入安全芯片内相应的平台配置寄存器PCR中,记入的方法是:新PCR值=密码杂凑算法,度量日志至少包括但不限于:度量者信息、被度量者信息、原PCR值、度量值、新PCR值、完成时间,度量日志代表了被验证可信平台的完整性度量历史;(1) Measurement agent: determine the measurement object, measurement time and how to safely maintain the measurement value. Its function is to calculate the measurement value of the component, record the measurement event into the measurement log, and record the measurement value into the corresponding In the platform configuration register PCR, the recording method is: new PCR value = cryptographic hash algorithm, and the measurement log includes at least but not limited to: measurer information, measureee information, original PCR value, measurement value, new PCR value, completion time , the measurement log represents the integrity measurement history of the verified trusted platform; (2)报告代理:向验证请求者提供平台或部分部件的完整性度量值,根据既定的密钥生成算法,生成会话加密密钥,对指定PCR值和指定PCR的相关度量日志信息加密,并使用平台身份密钥PIKpub所对应的私钥PIKprv对加密结果数字签名,将签名结果发送给验证请求者;(2) Reporting agent: Provide the integrity measurement value of the platform or some components to the verification requester, generate a session encryption key according to the established key generation algorithm, encrypt the specified PCR value and the relevant measurement log information of the specified PCR, and Use the private key PIK prv corresponding to the platform identity key PIK pub to digitally sign the encrypted result, and send the signed result to the verification requester; (3)验证请求者:向被验证可信平台发送验证请求,对接收到的响应结果使用平台身份密钥PIKpub验证PCR值和度量日志的签名并解密,通过度量日志,重构整个完整性度量过程并计算杂凑值,将最终的PCR值与解密的PCR值进行比较,两者相同,则确认被验证可信平台的可信性;若两者不同,得出被验证可信平台的状态已经发生改变,不能确认其可信性;(3) Verification requester: Send a verification request to the verified trusted platform, use the platform identity key PIK pub to verify the signature of the PCR value and the measurement log and decrypt the received response result, and reconstruct the entire integrity through the measurement log Measure the process and calculate the hash value, compare the final PCR value with the decrypted PCR value, if the two are the same, then confirm the credibility of the verified trusted platform; if the two are different, obtain the status of the verified trusted platform has been changed and its credibility cannot be confirmed; 具体的远程证明步骤是:The specific remote attestation steps are: (1)验证请求者C生成不可预期的时间戳NC,对C和NC数字签名,然后发送验证请求消息C,NC
Figure A200910013697C00021
给被验证可信平台A;(1) The verification requester C generates an unpredictable timestamp N C , digitally signs C and N C , and then sends verification request messages C, N C ,
Figure A200910013697C00021
To the verified trusted platform A; (2)接收到C的验证请求消息后,A请求可信第三方CA验证C证书的有效性和合法性;(2) After receiving C's verification request message, A requests a trusted third-party CA to verify the validity and legitimacy of C's certificate; (3)证书验证通过后,CA将C的公钥证书发送给A;(3) After the certificate verification is passed, the CA sends C's public key certificate to A; (4)A利用C的公钥PUBC验证签名中的C和NC是否与消息中未签名的C和NC分别相同,若相同,则生成不可预期的时间戳NA,和NC根据既定的密钥生成算法(如DH算法)生成会话加密密钥SK;(4) A uses C's public key PUB C to verify the signature Whether the C and NC in the message are the same as the unsigned C and NC in the message, and if they are the same, an unpredictable timestamp N A will be generated, and NC will generate a session according to the established key generation algorithm (such as the DH algorithm) encryption key SK; A从安全芯片TPM/TCM中获取指定PCR的值和指定PCR的相关度量日志ML,并用会话加密密钥SK对PCR值和度量日志ML加密,得到加密结果enc{PCR,ML}SK,并使用平台身份密钥PIKpub所对应的私钥PIKprv对身份标识A、不可预期时间戳NA、NC+1和加密结果enc{PCR,ML}SK数字签名,发送如下消息给C:A obtains the value of the specified PCR and the relevant measurement log ML of the specified PCR from the security chip TPM/TCM, and encrypts the PCR value and the measurement log ML with the session encryption key SK to obtain the encrypted result enc{PCR, ML} SK , and uses The private key PIK prv corresponding to the platform identity key PIK pub digitally signs the identity A, the unpredictable timestamp N A , N C +1 and the encryption result enc{PCR, ML} SK , and sends the following message to C: AA ,, NN AA ,, sigsig {{ AA ,, NN AA ,, NN CC ++ 11 ,, encenc {{ PCRPCR ,, MLML }} SKSK }} PIKPIK prvprv ;; (5)接收到A的响应消息后,C通过CA验证A平台身份证书的有效性和合法性;(5) After receiving A's response message, C verifies the validity and legitimacy of A's platform identity certificate through CA; (6)证书验证通过后,C利用A平台身份密钥PIKpub验证签名中的A和NA是否与消息中未签名的A和NA分别相同,并检查其中的NC与所发送的NC是否匹配;(6) After the certificate verification is passed, C uses the A platform identity key PIK pub to verify whether the A and N A in the signature are the same as the unsigned A and N A in the message, and check that the N C in it is the same as the sent N Whether C matches; 若NC匹配,C利用NA和NC根据既定的密钥生成算法生成会话加密密钥SK,解密enc{PCR,ML}SK,得到PCR值和度量日志ML;If N C matches, C uses N A and N C to generate a session encryption key SK according to a predetermined key generation algorithm, and decrypts enc{PCR, ML} SK to obtain the PCR value and the measurement log ML; C根据度量日志ML重构整个完整性度量过程,计算得到最终的PCR值,与解密得到的PCR值进行比较。若两者相同,则确认被验证可信平台是可信的;否则,就认为被验证可信平台是不可信的。C reconstructs the entire integrity measurement process according to the measurement log ML, calculates the final PCR value, and compares it with the decrypted PCR value. If the two are the same, it is confirmed that the verified trusted platform is trusted; otherwise, the verified trusted platform is considered to be untrusted. 2、根据权利要求1所述的方法,其特征在于,被验证可信平台的完整性度量过程,包括完整性度量机制、报告机制和验证机制,分别由完整性度量代理、报告代理和验证请求者完成,其中度量代理、报告代理和安全芯片TPM/TCM安装在被验证可信平台中。2. The method according to claim 1, characterized in that the integrity measurement process of the verified trusted platform includes an integrity measurement mechanism, a reporting mechanism and a verification mechanism, and the integrity measurement agent, the reporting agent and the verification request or completed, wherein the measurement agent, the reporting agent and the security chip TPM/TCM are installed in the verified trusted platform. 3、根据权利要求1所述的方法,其特征在于,度量代理决定度量的客体、度量时间和如何安全地维护度量值,其主要功能是计算部件的度量值,记录该度量事件到度量日志中,并把度量值记入安全芯片TPM/TCM内相应的平台配置寄存器PCR中。3. The method according to claim 1, characterized in that the measurement agent determines the measurement object, measurement time and how to maintain the measurement value safely, its main function is to calculate the measurement value of the component, and record the measurement event into the measurement log , and record the measurement value into the corresponding platform configuration register PCR in the security chip TPM/TCM. 4、根据权利要求1所述的方法,其特征在于,度量日志包括,但不限于,度量者信息、被度量者信息、原PCR值、度量值、新PCR值、完成时间。4. The method according to claim 1, wherein the measurement log includes, but is not limited to, measurer information, measureee information, original PCR value, measurement value, new PCR value, and completion time.
CN 200910013697 2009-02-10 2009-02-10 Remote proving method in trusted computation environment Pending CN101477602A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200910013697 CN101477602A (en) 2009-02-10 2009-02-10 Remote proving method in trusted computation environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200910013697 CN101477602A (en) 2009-02-10 2009-02-10 Remote proving method in trusted computation environment

Publications (1)

Publication Number Publication Date
CN101477602A true CN101477602A (en) 2009-07-08

Family

ID=40838313

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200910013697 Pending CN101477602A (en) 2009-02-10 2009-02-10 Remote proving method in trusted computation environment

Country Status (1)

Country Link
CN (1) CN101477602A (en)

Cited By (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102271153A (en) * 2010-06-03 2011-12-07 英特尔公司 Systems, methods, and apparatus to virtualize tpm accesses
CN102281510A (en) * 2011-07-27 2011-12-14 上海和辰信息技术有限公司 Multi-factor credible identity authenticating method and system for mobile mailbox
CN101610273B (en) * 2009-08-03 2011-12-28 西安西电捷通无线网络通信股份有限公司 Secure remote certification method
CN102750471A (en) * 2012-05-22 2012-10-24 中国科学院计算技术研究所 Local verification type starting method based on trusted platform module (TPM)
CN103220300A (en) * 2012-12-05 2013-07-24 清华大学 Mobile terminal system supporting dynamic remote attestation
CN103501303A (en) * 2013-10-12 2014-01-08 武汉大学 Active remote attestation method for measurement of cloud platform virtual machine
CN103701792A (en) * 2013-12-20 2014-04-02 中电长城网际系统应用有限公司 Credibility authorization method, system, credibility security management center and server
CN103973680A (en) * 2014-04-29 2014-08-06 神华集团有限责任公司 Method and system for verifying integrity of cloud computing platform, client terminal and remote terminal
CN104038478A (en) * 2014-05-19 2014-09-10 瑞达信息安全产业股份有限公司 Embedded platform identity authentication trusted network connection method and system
CN104092733A (en) * 2014-06-20 2014-10-08 华南理工大学 A Trusted Distributed File System Based on HDFS
CN104506532A (en) * 2014-12-24 2015-04-08 北京智捷伟讯科技有限公司 Remote proving method applicable to emergency rescue platform
CN106851650A (en) * 2015-12-07 2017-06-13 普天信息技术有限公司 The processing method and system that completeness of platform in GSM differentiates
CN106851649A (en) * 2015-12-07 2017-06-13 普天信息技术有限公司 The method for repairing and mending that completeness of platform in GSM differentiates
CN106973067A (en) * 2017-05-10 2017-07-21 成都麟成科技有限公司 A kind of platform environment integrality detection method and device
WO2017143757A1 (en) * 2016-02-26 2017-08-31 华为技术有限公司 Trustworthiness measuring method and device for cloud computing platform
CN107301332A (en) * 2011-10-17 2017-10-27 英特托拉斯技术公司 System and method for protecting and managing genome and other information
CN108390866A (en) * 2018-02-06 2018-08-10 南京航空航天大学 Trusted remote method of proof based on the two-way anonymous authentication of dual-proxy
CN109462611A (en) * 2018-12-27 2019-03-12 新华三技术有限公司 A kind of integrity certification method and device
CN109586920A (en) * 2018-12-05 2019-04-05 大唐高鸿信安(浙江)信息科技有限公司 A kind of trust authentication method and device
CN109714185A (en) * 2017-10-26 2019-05-03 阿里巴巴集团控股有限公司 Policy deployment method, apparatus, system and the computing system of trusted servers
CN109960935A (en) * 2017-12-22 2019-07-02 华为技术有限公司 Method, device and storage medium for determining trusted state of TPM
CN110036597A (en) * 2016-12-09 2019-07-19 微软技术许可有限责任公司 Private cipher key is securely distributed for what is used by insincere code
CN110197073A (en) * 2019-05-30 2019-09-03 苏州浪潮智能科技有限公司 A kind of method and system based on self checking mechanism protected host integrality
CN110276198A (en) * 2019-06-14 2019-09-24 中国科学院信息工程研究所 An embedded variable granularity control flow verification method and system based on probability prediction
CN110601843A (en) * 2019-07-15 2019-12-20 山西百信信息技术有限公司 Internet of things terminal security protection system based on trusted computing
CN110768791A (en) * 2019-09-24 2020-02-07 北京八分量信息科技有限公司 Zero-knowledge proof data interaction method, node and equipment
CN110795742A (en) * 2018-08-02 2020-02-14 阿里巴巴集团控股有限公司 Measurement processing method and device for high-speed cryptographic operation, storage medium and processor
CN110858246A (en) * 2018-08-24 2020-03-03 阿里巴巴集团控股有限公司 Authentication method and system of security code space, and registration method thereof
CN111147233A (en) * 2019-11-26 2020-05-12 北京八分量信息科技有限公司 Reliable implementation method and node for ABE attribute encryption
CN112087304A (en) * 2020-09-18 2020-12-15 湖南红普创新科技发展有限公司 Heterogeneous fusion method and device of trusted computing environment and related equipment
CN112688782A (en) * 2019-10-17 2021-04-20 华为技术有限公司 Remote certification method and equipment for combined equipment
CN112787988A (en) * 2019-11-11 2021-05-11 华为技术有限公司 Remote certification method, device, system and computer storage medium
WO2021093486A1 (en) * 2019-11-11 2021-05-20 华为技术有限公司 Remote attestation method, apparatus and system, and computer storage medium
CN113315805A (en) * 2021-04-08 2021-08-27 中国科学院信息工程研究所 Group verification method and system for cloud infrastructure trusted device
CN114021106A (en) * 2021-11-03 2022-02-08 海光信息技术股份有限公司 A remote authentication method, device and system for reliable measurement
CN114499881A (en) * 2022-01-25 2022-05-13 北京工业大学 Dynamic remote certification scheme suitable for terminal resource access
CN114697107A (en) * 2022-03-29 2022-07-01 杭州安恒信息技术股份有限公司 Communication method, apparatus, computer device and readable storage medium
CN115001766A (en) * 2022-05-24 2022-09-02 四川大学 Efficient multi-node batch remote certification method
CN115001695B (en) * 2021-03-01 2024-01-09 慧与发展有限责任合伙企业 Secure provisioning of baseboard management controller identities for platforms
CN120128426A (en) * 2025-05-09 2025-06-10 京东科技信息技术有限公司 Confidential computing remote verification method, device, system, equipment, medium and product

Cited By (69)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610273B (en) * 2009-08-03 2011-12-28 西安西电捷通无线网络通信股份有限公司 Secure remote certification method
US9405908B2 (en) 2010-06-03 2016-08-02 Intel Corporation Systems, methods, and apparatus to virtualize TPM accesses
CN102271153A (en) * 2010-06-03 2011-12-07 英特尔公司 Systems, methods, and apparatus to virtualize tpm accesses
CN102271153B (en) * 2010-06-03 2015-02-25 英特尔公司 Systems, methods, and apparatus to virtualize TPM accesses
US8959363B2 (en) 2010-06-03 2015-02-17 Intel Corporation Systems, methods, and apparatus to virtualize TPM accesses
CN102281510A (en) * 2011-07-27 2011-12-14 上海和辰信息技术有限公司 Multi-factor credible identity authenticating method and system for mobile mailbox
CN102281510B (en) * 2011-07-27 2014-06-25 上海和辰信息技术有限公司 Multi-factor credible identity authenticating method and system for mobile mailbox
CN107301332A (en) * 2011-10-17 2017-10-27 英特托拉斯技术公司 System and method for protecting and managing genome and other information
US11481729B2 (en) 2011-10-17 2022-10-25 Intertrust Technologies Corporation Systems and methods for protecting and governing genomic and other information
CN102750471A (en) * 2012-05-22 2012-10-24 中国科学院计算技术研究所 Local verification type starting method based on trusted platform module (TPM)
CN102750471B (en) * 2012-05-22 2015-02-11 中国科学院计算技术研究所 Local verification type starting method based on trusted platform module (TPM)
CN103220300A (en) * 2012-12-05 2013-07-24 清华大学 Mobile terminal system supporting dynamic remote attestation
CN103220300B (en) * 2012-12-05 2016-01-20 清华大学 A kind of mobile terminal system supporting dynamic remote to prove
CN103501303B (en) * 2013-10-12 2017-02-22 武汉大学 Active remote attestation method for measurement of cloud platform virtual machine
CN103501303A (en) * 2013-10-12 2014-01-08 武汉大学 Active remote attestation method for measurement of cloud platform virtual machine
CN103701792A (en) * 2013-12-20 2014-04-02 中电长城网际系统应用有限公司 Credibility authorization method, system, credibility security management center and server
CN103973680B (en) * 2014-04-29 2016-01-13 神华集团有限责任公司 Cloud computing platform integrity verification method
CN103973680A (en) * 2014-04-29 2014-08-06 神华集团有限责任公司 Method and system for verifying integrity of cloud computing platform, client terminal and remote terminal
CN104038478A (en) * 2014-05-19 2014-09-10 瑞达信息安全产业股份有限公司 Embedded platform identity authentication trusted network connection method and system
CN104092733A (en) * 2014-06-20 2014-10-08 华南理工大学 A Trusted Distributed File System Based on HDFS
CN104092733B (en) * 2014-06-20 2018-09-14 华南理工大学 A kind of credible distributed file system based on HDFS
CN104506532A (en) * 2014-12-24 2015-04-08 北京智捷伟讯科技有限公司 Remote proving method applicable to emergency rescue platform
CN104506532B (en) * 2014-12-24 2018-06-26 北京智捷伟讯科技有限公司 A kind of remote certification method suitable for emergency relief platform
CN106851650A (en) * 2015-12-07 2017-06-13 普天信息技术有限公司 The processing method and system that completeness of platform in GSM differentiates
CN106851649A (en) * 2015-12-07 2017-06-13 普天信息技术有限公司 The method for repairing and mending that completeness of platform in GSM differentiates
WO2017143757A1 (en) * 2016-02-26 2017-08-31 华为技术有限公司 Trustworthiness measuring method and device for cloud computing platform
US11017095B2 (en) 2016-02-26 2021-05-25 Huawei Technologies Co., Ltd. Method and apparatus for trusted measurement of cloud computing platform
CN110036597A (en) * 2016-12-09 2019-07-19 微软技术许可有限责任公司 Private cipher key is securely distributed for what is used by insincere code
CN106973067A (en) * 2017-05-10 2017-07-21 成都麟成科技有限公司 A kind of platform environment integrality detection method and device
CN109714185A (en) * 2017-10-26 2019-05-03 阿里巴巴集团控股有限公司 Policy deployment method, apparatus, system and the computing system of trusted servers
CN109960935A (en) * 2017-12-22 2019-07-02 华为技术有限公司 Method, device and storage medium for determining trusted state of TPM
US11637704B2 (en) 2017-12-22 2023-04-25 Huawei Technologies Co., Ltd. Method and apparatus for determining trust status of TPM, and storage medium
CN108390866A (en) * 2018-02-06 2018-08-10 南京航空航天大学 Trusted remote method of proof based on the two-way anonymous authentication of dual-proxy
CN108390866B (en) * 2018-02-06 2020-10-02 南京航空航天大学 Trusted remote certification method and system based on double-agent bidirectional anonymous authentication
CN110795742A (en) * 2018-08-02 2020-02-14 阿里巴巴集团控股有限公司 Measurement processing method and device for high-speed cryptographic operation, storage medium and processor
CN110795742B (en) * 2018-08-02 2023-05-02 阿里巴巴集团控股有限公司 Metric processing method, device, storage medium and processor for high-speed cryptographic operation
CN110858246B (en) * 2018-08-24 2023-04-11 阿里巴巴集团控股有限公司 Authentication method and system of security code space, and registration method thereof
CN110858246A (en) * 2018-08-24 2020-03-03 阿里巴巴集团控股有限公司 Authentication method and system of security code space, and registration method thereof
CN109586920A (en) * 2018-12-05 2019-04-05 大唐高鸿信安(浙江)信息科技有限公司 A kind of trust authentication method and device
CN109462611A (en) * 2018-12-27 2019-03-12 新华三技术有限公司 A kind of integrity certification method and device
CN109462611B (en) * 2018-12-27 2021-06-29 新华三技术有限公司 Integrity certification method and device
CN110197073A (en) * 2019-05-30 2019-09-03 苏州浪潮智能科技有限公司 A kind of method and system based on self checking mechanism protected host integrality
CN110276198A (en) * 2019-06-14 2019-09-24 中国科学院信息工程研究所 An embedded variable granularity control flow verification method and system based on probability prediction
CN110276198B (en) * 2019-06-14 2021-04-20 中国科学院信息工程研究所 An embedded variable granularity control flow verification method and system based on probabilistic prediction
CN110601843A (en) * 2019-07-15 2019-12-20 山西百信信息技术有限公司 Internet of things terminal security protection system based on trusted computing
CN110768791B (en) * 2019-09-24 2022-11-04 北京八分量信息科技有限公司 Data interaction method, node and equipment with zero knowledge proof
CN110768791A (en) * 2019-09-24 2020-02-07 北京八分量信息科技有限公司 Zero-knowledge proof data interaction method, node and equipment
US12113823B2 (en) 2019-10-17 2024-10-08 Huawei Technologies Co., Ltd. Remote attestation method and device for composite device
WO2021073376A1 (en) * 2019-10-17 2021-04-22 华为技术有限公司 Method and device for remote attestation of combined device
CN112688782A (en) * 2019-10-17 2021-04-20 华为技术有限公司 Remote certification method and equipment for combined equipment
US12231452B2 (en) 2019-10-17 2025-02-18 Huawei Technologies Co., Ltd. Remote attestation mode negotiation method for combined device and related device
CN112688782B (en) * 2019-10-17 2023-09-08 华为技术有限公司 Remote proving method and equipment for combined equipment
WO2021093486A1 (en) * 2019-11-11 2021-05-20 华为技术有限公司 Remote attestation method, apparatus and system, and computer storage medium
US12271479B2 (en) 2019-11-11 2025-04-08 Huawei Technologies Co., Ltd. Remote attestation method, apparatus, system, and computer storage medium
CN112787988A (en) * 2019-11-11 2021-05-11 华为技术有限公司 Remote certification method, device, system and computer storage medium
CN111147233B (en) * 2019-11-26 2023-04-07 北京八分量信息科技有限公司 Reliable implementation method and node for ABE attribute encryption
CN111147233A (en) * 2019-11-26 2020-05-12 北京八分量信息科技有限公司 Reliable implementation method and node for ABE attribute encryption
CN112087304B (en) * 2020-09-18 2021-08-17 湖南红普创新科技发展有限公司 Heterogeneous fusion method and device of trusted computing environment and related equipment
CN112087304A (en) * 2020-09-18 2020-12-15 湖南红普创新科技发展有限公司 Heterogeneous fusion method and device of trusted computing environment and related equipment
CN115001695B (en) * 2021-03-01 2024-01-09 慧与发展有限责任合伙企业 Secure provisioning of baseboard management controller identities for platforms
CN113315805A (en) * 2021-04-08 2021-08-27 中国科学院信息工程研究所 Group verification method and system for cloud infrastructure trusted device
CN114021106B (en) * 2021-11-03 2022-07-19 海光信息技术股份有限公司 Remote authentication method, device and system for credibility measurement
CN114021106A (en) * 2021-11-03 2022-02-08 海光信息技术股份有限公司 A remote authentication method, device and system for reliable measurement
CN114499881A (en) * 2022-01-25 2022-05-13 北京工业大学 Dynamic remote certification scheme suitable for terminal resource access
CN114697107B (en) * 2022-03-29 2023-09-19 杭州安恒信息技术股份有限公司 Communication method, communication device, computer equipment and readable storage medium
CN114697107A (en) * 2022-03-29 2022-07-01 杭州安恒信息技术股份有限公司 Communication method, apparatus, computer device and readable storage medium
CN115001766B (en) * 2022-05-24 2023-07-04 四川大学 Efficient multi-node batch remote proving method
CN115001766A (en) * 2022-05-24 2022-09-02 四川大学 Efficient multi-node batch remote certification method
CN120128426A (en) * 2025-05-09 2025-06-10 京东科技信息技术有限公司 Confidential computing remote verification method, device, system, equipment, medium and product

Similar Documents

Publication Publication Date Title
CN101477602A (en) Remote proving method in trusted computation environment
CN109067801B (en) Identity authentication method, identity authentication device and computer readable medium
CN103856478B (en) A kind of certificate issuance of trustable network, authentication method and corresponding equipment
Barker et al. Nist special publication 800-57 part 1, revision 4
CN102577229B (en) Key certification in one round trip
Chen et al. Property-based attestation without a trusted third party
CN109561110B (en) A SGX-based cloud platform audit log protection method
CN108833440B (en) Block chain-based network security audit system and network security audit method
US20050283826A1 (en) Systems and methods for performing secure communications between an authorized computing platform and a hardware component
CN112651037A (en) Off-chain data access method and system of block chain system
Yu et al. Decim: Detecting endpoint compromise in messaging
CN106790064A (en) The method that both sides are communicated in credible root server cloud computing server model
CN102986161A (en) Method for the cryptographic protection of an application
CN104270376A (en) A Proof Method for Platform Integrity
CN101488851B (en) Method and apparatus for signing identity verification certificate in trusted computing
CN114726536A (en) A time stamp generation method, device, electronic device and storage medium
Zhang et al. Data security in cloud storage
CN115225346B (en) Data evidence storage system oriented to credit investigation big data field
CN112364370A (en) Privacy protection cloud auditing method based on block chain
CN114616797A (en) Handling requests to control information stored at multiple servers
CN107104804A (en) A kind of platform integrity verification method and device
CN119051860A (en) Digital certificate generation method, device, equipment and medium based on hybrid encryption technology
CN112784249A (en) Method, system, processor and computer readable storage medium for implementing mobile terminal authentication processing under non-identification condition
Yu et al. How to detect unauthorised usage of a key.
CN115664749B (en) A Fabric data privacy protection method based on trusted execution environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Open date: 20090708