CN101043338A - Safety requirement based remote proving method and system thereof - Google Patents
Safety requirement based remote proving method and system thereof Download PDFInfo
- Publication number
- CN101043338A CN101043338A CN 200710098814 CN200710098814A CN101043338A CN 101043338 A CN101043338 A CN 101043338A CN 200710098814 CN200710098814 CN 200710098814 CN 200710098814 A CN200710098814 A CN 200710098814A CN 101043338 A CN101043338 A CN 101043338A
- Authority
- CN
- China
- Prior art keywords
- proof
- authentication
- tolerance
- platform
- metric
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a long-distance proof method and system based on the safety request, and the long-distance proof method is based on the believed computer platform and makes a strict definition, and the measurement and proof are finished jointly between the proof party, checking party and the proof authority institution: the proof party starts the proof request according to the safety requirement, and the checking party measures the allocation of platform, and the proof authority institution verifies the measurement result, and at last the checking party decides relying on the platform of proof party or not. Comparing with other long-distance proof methods, the invention separates the measurement with the proof, and the proof course just needs match with the measurement proof, and it has the characteristics of safety request measurement proof, platform privacy protection and smart system allocation, and it can be used in the one-way long-distance proof, and it can be used in the two-way long-distance proof by simple expansion.
Description
Technical field
The invention belongs to credible calculating platform safe practice field, relate in particular to a kind of remote certification method and system thereof.
Background technology
Along with rapid development of network technique; the data that are stored in the computer may be usurped or unauthorized access by long-range; only rely on outer protection mechanism such as fire compartment wall, anti-virus software, rely on authentication modes such as simple password, be difficult to withstand hacker, virus, the inside person's of stealing secret information invasion and attack.At these problems, in order to strengthen the inside immunity of computer platform, in recent years with credible platform module (Trusted Platform Module, TPM) develop rapidly for the credible calculating platform technology of core, on original computer platform, introduce the safety chip framework, authentication to computer platform software and hardware configuration integrality, correctness is provided, sets up the mutual trust between application program, between the computer platform under the distributed environment.
Credible calculating is the important means that makes up computer system security, network security.Credible calculating platform provides defencive functions such as storage protection, remote proving, isolation mech isolation test, safe I/O, has greatly strengthened the data protection ability of platform, makes can set up between platform inside, platform and the platform widely to trust.Its implication of credible calculating is " system provides reliable service ability, and this trustworthiness can be verified ".The moment of emergency PC from powering up, system is carried out integrity measurement, the parts that guarantee each operation all are reliable; TPM encrypts storage to sensitive data in the system, and data encapsulation has prevented from illegally to steal sensitive data; Existing computer is to rely on unfixed also not unique IP address to carry out activity on network, cause network hacker to spread unchecked and the user credit deficiency, and the credible calculating platform that possesses unique letter of identity of being issued by authoritative institution possesses the unique identify label on network, thereby can provide reliable outer platform proof of identification and application identity to prove to external entity; TPM carries out granted access to internal resource, and its unique function is similar to " fire compartment wall " that is provided with authority.This a series of mechanism has guaranteed that system can provide reliable service ability, and for this reliable service ability, whether long-range relying party trusts, and the mechanism by remote proving proves realization.
Remote proving is as a big featured function of credible calculating, and the running status that is intended to the software of each layer operation in authentication platform hardware, the software stack proves the platform credible at application program place to long-range relying party.Remote certification method has four kinds of basic models: directly prove, based on the proof of TTP (Trusted Third Party, trusted third party) checking, based on the proof of off-line TTP, entrust proof.Directly prove proof side's metrology platform self integrality, show completeness of platform information to authentication, authentication is by the proof of integrity value database authentication proof side.Defective is self-evident, and this needs each authentication all to have an integrity value database.Based on the proof of TTP checking, based on the proof of off-line TTP with to entrust proof all be to verify the integrity measurement value by trusted third party.Because there is the time interval that proves and verify in the proof based on off-line TTP, requires proof and verify that the interval can not be oversize between the two, otherwise be difficult to the credibility that assurance proves.Entrust the demand of proof authentication to trust TTP fully, entrust TTP to verify bright side's proof, TTP can become the communication bottleneck.Proof based on the TTP checking is used commonplace on credible platform, existing a lot of method of proof, as based on the remote proving of attribute, the remote proving of WebService etc., all be to adopt this model, this is the very general model of credible calculating platform remote proving.
Summary of the invention
The object of the invention is to provide a kind of remote certification method and system thereof based on the authentication demand for security.Compare with other remote certification methods, the present invention has by characteristics such as demand for security tolerance proof, platform secret protection, system configuration are flexible.
Remote certification method of the present invention comprises 3 roles based on credible calculating platform: prove side (Attestor), authentication (Verifier) and proof authority mechanism (AA, Attestation Authority).Authentication is initiated the proof request according to demand for security, proves the side according to the request metric platform configuration, and the checking tolerance result of proof authority mechanism finally judges whether trust proof side's platform by authentication.So-called platform configuration tolerance is exactly that credible platform module (TPM) carries out hash calculating to the binary data blocks of software, firmware and the hardware of computer system, and resulting Hash Value is its metric, and metric and tolerance descriptor have been formed metrics logs.The platform configuration register (PCR) that metric is constantly expanded TPM inside obtains final tolerance result.
The tolerance of above-mentioned proof side and remote proving rely on three big nucleus modules: prove service module (AS, AttestationService), measure proxy module (MA, Measurement Agent) and credible platform module (the module formation of proof side is with reference to Fig. 3).The proof request of proof service module Receipt Validation side is responsible for communicating with remote validation side; The tolerance proxy module is set up the relevant proof data of remote proving according to the configuration of demand of proof metrology platform; Credible platform module is finished hash calculating, encryption and the signature operation of concrete module.
The remote certification method that the present invention is based on demand for security specifically comprises the steps:
1. authentication is created the proof request according to the proof Attribute certificate that obtains from proof authority mechanism, and the request that will prove sends to proof side;
2. after the proof request of authentication transmission is received by proof side, require the content of proof and the metric attribute certificate that proof authority mechanism issues according to authentication, by TPM implementation system assembly tolerance, encrypt metrics logs, to final tolerance result's signature of its inside PCR storage;
Proof side with the metrics logs of encrypting, finally measure the result and the signature result sends to authentication;
4. authentication keeps final tolerance result and signature thereof, and the metrics logs of encrypting is sent to proof authority mechanism;
5. proof authority mechanism verifies the encryption metrics logs that authentication sends;
6. proof authority mechanism will send to authentication with final tolerance result and the checking result that metrics logs is calculated;
7. if proof authority mechanism checking result is for passing through checking, authentication compares the final tolerance result of proof authority mechanism calculating and the final tolerance result that proof side sends, the two unanimity is then verified tolerance result's signature, thereby finally guarantees the credibility of the side of proof.
Above-mentioned proof Attribute certificate limits the content that proof side needs proof, comprises the component list of needs proof; And the metric attribute certificate comprises whole metric point statements of component description information and assembly.Proof Attribute certificate and metric attribute certificate all are the certification requirement generation of proof authority mechanism according to authentication, send to authentication and proof side respectively.
In the above-mentioned remote proving flow process, step 2 is that proof side uses the TPM metrology platform assembly that embeds on the computing platform mainboard, the measure of assembly can carry out (with reference to the function in the embodiment 1) according to the self-defining MEASURE flow process of the present invention, comprises the following steps:
2-1 proof service module is resolved the platform assembly that needing to obtain proof from the proof Attribute certificate of authentication, the component list that will prove sends to the tolerance proxy module.
The current platform assembly of 2-2 tolerance proxy module checking whether with the platform assembly coupling of needs proof, if do not match then withdraw from proof, coupling is then measured proxy module and is used TPM according to following MEASURE flow implementation assembly tolerance:
A). from the platform assembly of needs proof, choose a certain assembly C;
B). with the metric point that the SHA1 algorithm is measured assembly C successively, the metrics logs that the tolerance proxy module is preserved C,
C). the tolerance proxy module uses the TPM_Extend method to obtain the metric h (C) of assembly C;
D) if. all the assembly that need prove has been measured and has been finished, and jump to step e and carry out, otherwise rebound step a continues to carry out;
E). the metric h (C) of all components that the tolerance proxy module obtains step c, expand the PCR register of TPM inside successively, obtain the final metric value (being kept among the PCR) of TPM.
2-3 tolerance proxy module is encrypted all components metrics logs, then the metrics logs of encrypting is sent to the proof service module.
2-4TPM usage platform identity key is to final tolerance result (being kept among the PCR) signature, will finally measure result, signature result, TPM letter of identity and send to the proof service module.
Above-mentioned remote certification method step 5 and 7 based on demand for security is that proof authority mechanism, authentication are verified the proof result jointly.Wherein, step 5 proof authority mechanism utilizes the gauge value of collecting after metrics logs is deciphered, and can carry out integrity verification (with reference to the function in the embodiment 2) according to the self-defining VERIFY flow process of the present invention, specifically comprises the following steps:
5-1. checking proof side assembly metrics logs is successively chosen the metrics logs of assembly C from the side's of proof metrics logs, whether the metric of each metric point of comparing component is consistent with the standard value of issuing, if inconsistent then authentication failed.
5-2. recomputate the metric of assembly C, expand the value of each metric point successively according to the TPM_Extend method, obtain the metric of assembly C.
The 5-3. whether metric of comparing component C is consistent with standard value, if unequal then authentication failed.If finished the checking of all components, skip to step 5-4 and carry out, otherwise continue execution in step 5-1.
5-4. expand the metric of each assembly successively according to the TPM_Extend method, calculate final platform metric, proof authority mechanism will verify that result, final metric send to authentication then.
Proof procedure is as the inverse operation of metrics process, and comparing with metrics process does not need TPM to participate in, and groundwork is a checking metrics logs correctness, measures as a result hash simultaneously again and calculates.Therefore proof authority mechanism only verifies metrics logs, proves that the final tolerance result of side is then verified by authentication, under the believable prerequisite of proof authority mechanism, prove that the side forges metrics logs, verifies that the result can both detect the side of being verified in the middle of distorting.
Ciphering process in the above-mentioned steps 2 generates symmetric key for proof side, metrics logs is encrypted, and utilize the public key encryption symmetric key of proof authority mechanism.Accordingly, after the encryption metrics logs that authentication sends is received by proof authority mechanism, at first use the symmetric key of own private key enabling decryption of encrypted, and then use the metrics logs of symmetric key deciphering through encryption.
The remote proving system that the present invention is based on demand for security comprises proof side, authentication and the three parts of proof authority mechanism, communication between the three is carried out through the Internet (Internet), wherein the side's of proof computer motherboard physically embeds safety chip TPM, and authentication, authoritative institution do not need to have TPM.Authentication is initiated the proof request according to demand for security, proves the side according to the request metric platform configuration, and the checking tolerance result of proof authority mechanism finally judges whether trust proof side's platform by authentication.Wherein, prove that the side comprises proof service module, tolerance proxy module and credible platform module again, wherein: prove the proof request of service module Receipt Validation side, be responsible for communicating with remote validation side; The tolerance proxy module is set up the relevant proof data of remote proving according to the configuration of demand of proof metrology platform; Credible platform module is finished concrete hash calculating, encryption and signature operation.Credible platform module (TPM) is positioned at the hardware layer of computer system, be embedded on the mainboard, the tolerance proxy module is the kernel module of operating system, it all is to drive by the TPM that is installed in operating system to finish that the tolerance proxy module calls that TPM measures, signs, and the proof service module runs on application service layer, on operating system, there is not direct correlation with TPM, prove that service module carries out the transmission of data by the message communication mechanism of operating system.
Above-mentioned authentication can be made of authentication server and Resource Server; operate in the relatively independent protected network; this protected network is by all network requests from the outside of network insertion point control; the authentication server is responsible for verifying the integrity measurement from proof side; after verifying; provide the access control result of determination to Network Access Point, thereby the access to netwoks of control proof side connects, have only the visit of the proof side of process checking just to allow the access resources server.
The present invention is based in the remote proving system of demand for security, before certain service of proof side (service requester) requests verification side (ISP), prove that the side utilizes the security feature of credible platform to satisfy the safety requirements that service is limited to authentication proof platform running environment.User and bank during e-bank uses, long-distance user and vpn server during VPN uses, these practical application examples are to proof side and authentication that should the remote proving system.
Proof authority mechanism is a trusted third party with public credibility, is responsible for the integrity measurement daily record of aided verification side's verification platform.The software and hardware manufacturer of system platform externally issues it sets up the module value, and proof authority mechanism collection assembly module value is examined the correctness of proof side's metrics logs during proof procedure.If run into the metrics logs checking of unknown assembly, proof authority mechanism or directly to assembly producer inquiry, or finish checking to other proof authority mechanisms inquiries indirectly.
Another critical function of proof authority mechanism is to realize that tolerance and proof in the remote proving are separated from each other.Proof side gathers platform assembly information, to proof authority mechanism application metric attribute certificate.The metric attribute certificate comprises whole metric point statements of component description information and assembly, if authentication request proof assembly A states that according to descriptor and the metric point of assembly A TPM just can finish the tolerance of assembly A so.Authentication obtains the proof Attribute certificate according to the demand for security of practical application from proof authority, proves the component list that comprises the needs proof in the Attribute certificate.Metric attribute certificate and proof Attribute certificate are all by the issue of proof authority mechanism, and both not only separately create but also interrelated, guarantee its authenticity by proof authority mechanism.
The platform metrics process and the proof procedure that the present invention is based on the remote proving of demand for security all carry out strict definition, and tolerance and proof be collaborative mutually finishing in proof side, authentication, the three parts of proof authority mechanism.This remote certification method will be measured with proof and separate, TPM by proof side's platform measures according to the demand for security of authentication, the proof platform configuration information, only need simply measure the proof coupling in the proof procedure, avoid the tolerance and the checking of invalid platform information, reduced the complexity of tolerance and proof.The platform configuration information of tolerance transmits with encrypted form, has prevented the leakage of platform configuration privacy.This remote proving is easy to proof side, authentication flexible configuration, need not to prove negotiation.This method not only can be applicable to unidirectional remote proving, and also can be applicable to bidirectional remote through simple extension proves.Particularly, the advantage of this method is:
1) initiated by authentication, the content of remote proving is determined by the demand for security of authentication, and different demands for security proves content peace dado amount difference.The content of the remote proving that proof side initiates then is the whole service environment of proof side's platform, by comparison, has avoided numerous invalid proof information that have nothing to do with demand for security, has also avoided the leakage of whole platform configuration information simultaneously.
Measure according to distinctive metric function by proof side when 2) measuring, then verify according to the checking function of special use when proving, do not need the negotiation of measuring and verifying by proof authority mechanism and authentication.Both separate with remote proving vacuum metrics and proof for this, and proof procedure only carries out simple metric proof coupling, have just guaranteed the consistency that proof side's tolerance content and authentication checking require.
3) adopt the method for encrypting the platform integrity metric result, protection platform configuration privacy is avoided leaking platform configuration information at authentication.And the platform of encrypting tolerance result can decryption verification in trusted third party.
4) method of employing co-verification, checking integrity measurement intermediate object program is to carry out in trusted third party, and the integrality signature, the credible platform identify label, checking integrity measurement final result is to carry out at authentication, this can prevent the side's of proof forgery proof message, distorts communication message deception authentication, can prevent that also trusted third party from cheat authentication for the checking result who makes mistake simultaneously.
Description of drawings
Fig. 1 is the remote certification method step schematic diagram that the present invention is based on demand for security.
Fig. 2 is the remote certification method flow chart that the present invention is based on demand for security.
Fig. 3 is a proof method, system module structure drafting of the present invention.
Fig. 4 is the remote proving system configuration schematic diagram of the embodiment of the invention based on demand for security.
Embodiment
Below by embodiment, further specify the present invention in conjunction with the accompanying drawings, but the scope that does not limit the present invention in any way.
Based on the remote proving flow process of demand for security, in conjunction with trusted bootstrap, platform assembly tolerance, the trustable network connection of credible calculating platform, we realize connecting the remote proving system based on the trustable network of demand for security.Detailed system configuration is with reference to Fig. 4, and the application scenarios of this remote system is, proves that the side attempts to visit the Resource Server R in the protected network, at first must just allow to visit through behind the authentication server integrity verification.The proof side of proof system is a computer that has the TPM safety chip, make tolerance in the operation of system kernel layer and act on behalf of kernel module, finishing the platform configuration integrality according to certification requirement and collect, is proof the service module responsible and communication of authentication server on the tolerance agency.The Internet visit protected network P that the proof square tube is open excessively.Authentication then is by authentication server V, and Resource Server R constitutes, and authentication is arranged in protected network P.Protected network P is made of Network Access Point C, authentication server V, Resource Server R.C controls all outside network requests, the network requests of invalidated is forwarded to authentication server V without exception and carries out safety verification, the network of unaccepted proof side A connects and will be under an embargo, and has only the visit of the proof side A of process checking just to allow access resources server R.Authentication server V is responsible for verifying the integrity measurement from the requesting party, after verifying, provides the access control result of determination to Network Access Point C, and the access to netwoks of control proof side connects.
In the remote proving system realization based on safety; the demand for security that authentication is chosen is clean boot flow process, operating system patch, the anti-virus software of checking proof side, the fail safe of firewall software; by TPM gauging system start-up course and system component; to remote parties proof computer system running environment is believable, and whether checking allows computer to insert protected network.
After each of the system computer and the network equipment deploy, the whole proof system of initialization and then.At first authentication V is to proof authority AA request proof Attribute certificate, and AA issues the X.509 Attribute certificate of v4.0, and the Attribute domain in the Attribute certificate comprises 4 assemblies that require proof such as trusted bootstrap, operating system patch, anti-virus software, firewall software.Be that proof side obtains the tolerance certificate then, prove direction AA system request metric attribute certificate, comprise the metric point of system's Common Component in the metric attribute certificate, above the metric point of 4 assemblies being mentioned must be included.
Proof side is not random tolerance, and authentication can both be proved to be successful, and must follow certain agreement or rule.Remote proving based on demand for security, tolerance flow process and proof flow process must be formulated clear and definite rule, we have formulated the tolerance flow process and the checking flow process of component level in this system, tolerance (checking) is asked as input, (checking) result is as output for tolerance, has defined MEASURE and VERIFY function representation tolerance flow process and checking flow process.The basis of platform tolerance is the tolerance of assembly, the tolerance of definitions component at first below, and the metrics process that defines platform then is function MEASURE.
Suppose that credible calculating platform is configured to: CONF={C
1, C
2, C
3..., C
N;
C
iMetric point set be: MP_SET (C
i)={ M
Ci, 1, M
Ci, 2..., M
Ci, Ki;
C
iThe metric list collection be: ML_SET (C
i)={ I
Ci, 1, I
Ci, 2..., I
Ci, ki, I wherein
Ci, j=SHA1 (M
Ci, j), be metric point M
Ci, jMetric, j=1,2 ..., K
i
Definitions component C
iMetric function MEASURE (C
i, MP_SET (C
i)), metric function is described below:
Function input: C
i, MP_SET (C
i)={ M
Ci, 1, M
Ci, 2..., M
Ci, ki, ML_SET (C
i)={ };
Initialization: assembly C
iTolerance PCR be made as virtPCR (C
i)=0; Metric point label j=1; The extended arithmetic of PCR is PCR_Extend;
Output: ML_SET (C
i), virtPCR (C
j).
1. from MP_SET (C
i) in choose M
Ci, j, assembly C
iMetric point M
Ci, j, I
Ci, j=SHA1 (M
Ci, j);
2.ML_SET(C
i)=ML_SET(C
i)∪{I
Ci,j};
3.virtPCR(C
i)=PCR_Extend(virtPCR(C
i),I
Ci,j);
4.IF?j==K
i;
THEN finishes assembly C
iTolerance, finish;
ELSE j=+1 jumped to for (1) step and continues tolerance.
On the basis that assembly is measured,, prove that the metric function of the platform that the side realizes is: MEASURE (CONF, MP_SET (CONF))={ MEASURE (C for whole platform configuration
i, MP_SET (C
i)), i=1,2 ..., N.The tolerance result of whole platform is MEASURE (CONF, MP_SET (CONF))={ ML, virtPCR}; Wherein:
ML={ML_SET(C
1),virtPCR(C
1),ML_SET(C
2),virtPCR(C
2),...,ML_SET(C
N),virtPCR(C
N)}
Total PCR value virtPCR is (to virtPCR (C
i) value comprehensive expansion), virtPCR calculates as follows:
virtPCR=0;
FOR?i=1TO?N?DO
virtPCR=PCR_Extend(virtPCR,virtPCR(C
i))
So metric function is defined as:
MEASURE (CONF, MP_SET (CONF))={ ML, virtPCR}-----------------------function 1
The proof procedure definition checking function that the AA of proof authority mechanism carries out the integrity value of platform is VERIFY (ML):
1. checking integrity value:
ML={ML_SET(C
1),virtPCR(C
1),ML_SET(C
2),virtPCR(C
2),...,ML_SET(C
N),virtPCR(C
N)};
I=1,2 ..., L verifies ML_SET (C successively
i), checking assembly C
iMetric whether consistent with the standard value of storing in the integrity value database.
2. verify the PCR value: if the checking result of step 1 is inconsistent, vRet=false stops checking; If it is consistent,
ML_SET (C
i)={ I
Ci, 1, I
Ci, 2..., I
Ci, Ki, checking virtPCR (C
i):
tPCR=0
FOR?j=1TO?K
i?DO
tPCR=PCR_Extend(tPCR,I
Ci,j);
3. compare tPCR and virtPCR (C
i) whether consistent, if inconsistent, vRet=false stops checking.
Calculate total PCR value: if all component all is proved to be successful, vRet=true, the PCR that computing platform is total:
vPCR=0;
FOR?i=1TO?L?DO
vPCR=PCR_Extend(vPCR,virtPCR(C
i));
The checking function returns: VERIFY (ML)={ vRet, vPCR}.
So the checking function definition is:
VERIFY (ML)={ vRet, vPCR}--------------------------------------function 2
Based on above-mentioned tolerance and checking function, seven steps of the whole process of the remote certification method of demand for security of the present invention can be divided into two stages: tolerance stage and proof stage, details are as follows (referring to Fig. 1 and Fig. 2, wherein notes by abridging: prove side--A; Authentication--V; Proof authority mechanism--AA; Proof service--AS; Tolerance agency--MA):
The tolerance stage has only proof side and authentication to participate in, and its function is the proof request of proof side according to authentication, and TPM measures credible calculating platform by the bottom credible platform module.The tolerance stage comprises the following steps 1~3:
1 V----〉A: random number R N, prove Attribute certificate
(1) identity of A authentication V, having only V is the validated user of A, the internal module AS of A just is necessary to provide remote proving.
(2) V sends random number R N and proof Attribute certificate to AS.
2 A: metrics process
(1) prove that serving the AS checking measures the integrality of acting on behalf of MA, AS obtains the platform configuration reqCONF that need prove from the proof Attribute certificate, and AS sends to MA with reqCONF;
(2) MA obtains tolerance point range table MP_SET (CONF) from the metric attribute certificate;
If reqCONF is CONF, CONF is the platform assembly configuration of whole proof side, and reqCONF CONF shows the requirement of platform configuration satisfaction proof Attribute certificate, otherwise proof of termination, the failure of notice V proof.MA uses TPM to adopt MEASURE measure (function 1) to measure to the platform configuration reqCONF of request, and its result is MEASURE (reqCONF, MP_SET (reqCONF))={ ML, virtPCR}.
In this step, TPM tolerance be not whole platform assemblies configuration CONF, but only measured the platform configuration reqCONF relevant with the authentication demand for security, tolerance and checking that this has significantly reduced invalid configuration information have improved the efficient of remote proving.
(3) MA produces a symmetric key s_key, adds the amount of densities result with s_key, with the public key encryption symmetric key of AA, sML=Enc
S_key(ML), sKey=Enc
AA_pubkey(s_key).The integrality of MA checking AS, with sML, sKey sends to AS.Metrics logs ML is encrypted transmission, only has only the AA of proof authority mechanism could decipher metrics logs and verifies, what authentication V only obtained is the ciphertext of metrics logs, can not reveal platform configuration information.
(4) AS sends to TPM with random number m, and TPM is to the tolerance result Quote=Sign that signs
AIK_priv{ virtPCR, m}, the result that will sign and TPM letter of identity Cert
TPMReturn to AS.
TPM signs to platform tolerance final result PCR value, guarantees can not distorting of proof result.
3 A---->V:Quote,sML,sKey,Cert
TPM
The tolerance that A will encrypt is sML as a result, sKey, and the TPM signature is Quote=Sign as a result
AIK_priv{ virtPCR, rn}, TPM certificate Cert
TPMSend to V.
The proof stage has only authentication and proof authority mechanism to participate in, and its function is the verification platform integrity measurement result of proof authority mechanism, the final result of authentication verification platform tolerance.The proof stage comprises the following steps 4~7:
4 V---->AA:sML,sKey
The signature of V reservation TPM is Quote as a result, Cert
TPM, as final checking, with the tolerance of encrypting sML as a result, sKey sends to AA.
5 AA: checking
(1) AA separates amount of densities ML as a result, s_key=Dec with symmetric key s_key again with private key deciphering symmetric key s_key
AA_priv(sKey), ML=Dec
S_key(sML);
(2) AA utilizes the module value checking tolerance tabulation ML that collects, and adopts VERIFY verification method (function 2) to carry out the checking of completeness of platform value, VERIFY (ML)={ vRet, vPCR}.
6 AA---->V:vRet,vPCR
AA will verify that the result sends to V.
7 V: final checking
(1) the V root certification authentication TPM certificate of Privacy-CA, VeriryCert (Cert
TPM, Cert
PrivacyCA);
(2) proof of V checking AA vRet as a result, whether vRet is true;
(3) V uses the public key verifications TPM signature of TPM, Verify
AIK_pubkey(virtPCR, rn), Quote}, whether PCR value virtPCR more total after being proved to be successful is consistent with AA result of calculation vPCR;
Random number R N when (4) whether the random number rn of V checking TPM signature usefulness is with request is identical.
Have only and passed through above-mentioned 4 steps card, the success of proof side A remote proving could be described.
In sum, trustable network based on demand for security connects in the remote proving system, authentication at first sends the proof request and prevents the random number of Replay Attack, proof service analytic demonstration request, extract the assembly that needs tolerance from the proof Attribute certificate, request is transmitted to the tolerance agency, tolerance agency extracts metric point from the metric attribute certificate, 1MEASURE measures requesting component according to function, and the integrality daily record makes up with the XML message format.Tolerance agency produces RC4 cryptographic algorithm key, and metrics logs is encrypted, and the RC4 key is encrypted with the PKI of AA again.That the platform credible guiding of the side of proof is adopted is Grub, and operating system is Windows XP, and anti-virus software is Norton Antivirus, and fire compartment wall is NortonInternet Security.After tolerance is finished, prove that service request TPM signs to the platform configuration state, proof service at last will prove that data send to authentication.Authentication receives the proof data, and at first to AA requests verification metrics logs, AA uses the private key deciphering RC4 symmetric key of oneself, deciphers daily record again and verifies according to function 2VERIFY, and AA verifies that with the centre result returns to the verifier.Authentication V finally verifies the letter of identity chain of proof side A, and the signature of checking TPM calculates PCR value checking final result.V provides whether allow access network according to the checking result, and the network that orders about Network Access Point C control proof side connects.
Claims (6)
1. a remote certification method comprises the steps:
(1) authentication is created the proof request according to the proof Attribute certificate that obtains from proof authority mechanism, and the request that will prove sends to proof side;
(2) prove the proof request of receiving that authentication sends in the side after, require the content of proof and the metric attribute certificate that proof authority mechanism issues according to authentication, credible platform module implementation system assembly tolerance by proof side, encrypt metrics logs, to final tolerance result's signature of its inside panel configuration register storage;
(3) prove the side with the metrics logs of encrypting, finally measure the result and the signature result sends to authentication;
(4) authentication keeps final tolerance result and signature thereof, and the metrics logs of encrypting is sent to proof authority mechanism;
(5) proof authority mechanism verifies the encryption metrics logs that authentication sends;
(6) proof authority mechanism will send to authentication with final tolerance result and the checking result that metrics logs is calculated;
(7) if the checking result of proof authority mechanism is for passing through checking, authentication compares the final tolerance result of proof authority mechanism calculating and the final tolerance result that proof side sends, the two unanimity is then verified tolerance result's signature, thereby finally guarantees the credibility of the side of proof.
2. remote certification method as claimed in claim 1 is characterized in that, described step (2) specifically comprises the following steps:
2-1. the proof service module of proof side from the proof Attribute certificate of authentication, is resolved the platform assembly that needing to obtain proof, the component list that will prove sends to the tolerance proxy module;
2-2. the current platform assembly of tolerance proxy module checking whether with the platform assembly coupling of needs proof, if do not match then withdraw from proof, coupling is then measured proxy module and is used credible platform module to implement assembly tolerance according to following step a~e:
A). from the platform assembly of needs proof, choose a certain assembly C;
B). with the metric point that the SHA1 algorithm is measured assembly C successively, the metrics logs that the tolerance proxy module is preserved C;
C). the tolerance proxy module uses the TPM_Extend method to obtain the metric h (C) of assembly C;
D) if. all the assembly that need prove has been measured and has been finished, and jump to step e and carry out, otherwise rebound step a continues to carry out;
E). the metric h (C) of all components that the tolerance proxy module obtains step c, expand the platform configuration register of credible platform module inside successively, obtain final metric value;
2-3. the tolerance proxy module is encrypted all components metrics logs, then the metrics logs of encrypting is sent to the proof service module;
2-4. credible platform module usage platform identity key, will finally be measured result, signature result, credible platform module letter of identity to final tolerance result signature and be sent to the proof service module.
3. remote certification method as claimed in claim 2 is characterized in that, described step (5) proof authority mechanism utilizes the gauge value of collecting after metrics logs is deciphered, and carries out integrity verification according to the following step:
5-1. checking proof side assembly metrics logs is successively chosen the metrics logs of assembly C from the side's of proof metrics logs, whether the metric of each metric point of comparing component is consistent with the standard value of issuing, if inconsistent then authentication failed;
5-2. recomputate the metric of assembly C, expand the value of each metric point successively according to the TPM_Extend method, obtain the metric of assembly C;
5-3. whether the metric of comparing component C is consistent with standard value, if unequal then authentication failed if finished the checking of all components, skips to step 5-4 and carries out, otherwise continues execution in step 5-1;
5-4. expand the metric of each assembly successively according to the TPM_Extend method, calculate final platform metric, proof authority mechanism will verify that result, final metric send to authentication then.
4. as the described remote certification method of each claim in the claim 1~3, it is characterized in that, ciphering process in the described step 2 generates symmetric key for proof side, metrics logs is encrypted, and utilize the public key encryption symmetric key of proof authority mechanism, corresponding, after the encryption metrics logs that authentication sends is received by step 5 proof authority mechanism, at first use the symmetric key of the private key enabling decryption of encrypted of oneself, and then use the metrics logs of symmetric key deciphering through encrypting.
5. remote proving system, comprise proof side, authentication and the three parts of proof authority mechanism, carrying out communication by the Internet between the three connects, initiate the proof request by authentication according to demand for security, proof side is according to the request metric platform configuration, the checking tolerance result of proof authority mechanism, finally judge whether trust proof side by authentication, described proof side comprises the proof service module, tolerance proxy module and credible platform module, wherein: prove that service module runs on application service layer, on operating system, carry out the transmission of data by the message communication mechanism of operating system, the proof request of Receipt Validation side is responsible for communicating with remote validation side; The tolerance proxy module is the kernel module of operating system, and credible platform module according to the configuration of demand of proof metrology platform, is set up the relevant proof data of remote proving under the driving of tolerance proxy module; Credible platform module is positioned at the hardware layer of proof side's computer system, is embedded on the mainboard, finishes concrete hash calculating, encryption and signature operation.
6. remote proving as claimed in claim 5 system; it is characterized in that; described authentication is made of authentication server and Resource Server; operate in the relatively independent protected network; this protected network is by all network requests from the outside of network insertion point control; the authentication server is responsible for verifying the integrity measurement from proof side; after verifying; provide the access control result of determination to Network Access Point, have only proof to allow the access resources server just now by checking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710098814A CN100583768C (en) | 2007-04-27 | 2007-04-27 | Safety requirement based remote proving method and system thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200710098814A CN100583768C (en) | 2007-04-27 | 2007-04-27 | Safety requirement based remote proving method and system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101043338A true CN101043338A (en) | 2007-09-26 |
| CN100583768C CN100583768C (en) | 2010-01-20 |
Family
ID=38808572
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200710098814A Expired - Fee Related CN100583768C (en) | 2007-04-27 | 2007-04-27 | Safety requirement based remote proving method and system thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100583768C (en) |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101902472A (en) * | 2010-07-09 | 2010-12-01 | 北京工业大学 | Method for pushing remote declaration based on behaviors in trusted network |
| WO2011022902A1 (en) * | 2009-08-25 | 2011-03-03 | 西安西电捷通无线网络通信股份有限公司 | Method for implementing bidirectional platform authentication |
| CN102025741A (en) * | 2010-12-07 | 2011-04-20 | 中国科学院软件研究所 | Trusted identity service platform with two-layer framework and construction method thereof |
| CN102281510A (en) * | 2011-07-27 | 2011-12-14 | 上海和辰信息技术有限公司 | Multi-factor credible identity authenticating method and system for mobile mailbox |
| CN101610273B (en) * | 2009-08-03 | 2011-12-28 | 西安西电捷通无线网络通信股份有限公司 | Secure remote certification method |
| CN102342142A (en) * | 2009-03-06 | 2012-02-01 | 交互数字专利控股公司 | Platform validation and management of wireless devices |
| CN102685092A (en) * | 2011-11-29 | 2012-09-19 | 河海大学 | Remote proofing method for proofing security attribute of remote platform |
| CN102750471A (en) * | 2012-05-22 | 2012-10-24 | 中国科学院计算技术研究所 | Local verification type starting method based on trusted platform module (TPM) |
| CN101783800B (en) * | 2010-01-27 | 2012-12-19 | 华为终端有限公司 | Embedded system safety communication method, device and system |
| CN102957535A (en) * | 2011-08-19 | 2013-03-06 | 国民技术股份有限公司 | Communication method and communication system for trusted computing platform and electronic certificate authentication system |
| CN103488937A (en) * | 2013-09-16 | 2014-01-01 | 华为技术有限公司 | Measuring method, electronic equipment and measuring system |
| CN104038478A (en) * | 2014-05-19 | 2014-09-10 | 瑞达信息安全产业股份有限公司 | Embedded platform identity authentication trusted network connection method and system |
| CN104333451A (en) * | 2014-10-21 | 2015-02-04 | 广东金赋信息科技有限公司 | Trusted self-help service system |
| CN104506532A (en) * | 2014-12-24 | 2015-04-08 | 北京智捷伟讯科技有限公司 | Remote proving method applicable to emergency rescue platform |
| US9253643B2 (en) | 2009-03-05 | 2016-02-02 | Interdigital Patent Holdings, Inc. | Method and apparatus for H(e)NB integrity verification and validation |
| CN106354550A (en) * | 2016-11-01 | 2017-01-25 | 广东浪潮大数据研究有限公司 | Method, device and system for protecting security of virtual machine |
| CN106533681A (en) * | 2015-09-11 | 2017-03-22 | 中国科学院软件研究所 | Attribute attestation method and system supporting partial presentation |
| US9652320B2 (en) | 2010-11-05 | 2017-05-16 | Interdigital Patent Holdings, Inc. | Device validation, distress indication, and remediation |
| CN106953733A (en) * | 2017-05-10 | 2017-07-14 | 成都麟成科技有限公司 | A kind of platform software integrity certification method and apparatus |
| CN107104804A (en) * | 2017-05-10 | 2017-08-29 | 成都麟成科技有限公司 | A kind of platform integrity verification method and device |
| WO2017143757A1 (en) * | 2016-02-26 | 2017-08-31 | 华为技术有限公司 | Trustworthiness measuring method and device for cloud computing platform |
| US9826335B2 (en) | 2008-01-18 | 2017-11-21 | Interdigital Patent Holdings, Inc. | Method and apparatus for enabling machine to machine communication |
| CN108171042A (en) * | 2017-11-16 | 2018-06-15 | 中国科学院软件研究所 | A kind of system configuration attribute method of proof and system based on credible performing environment |
| CN109213741A (en) * | 2018-11-22 | 2019-01-15 | 浙江中农在线电子商务有限公司 | High-performance log storage method and device |
| CN109272314A (en) * | 2018-08-14 | 2019-01-25 | 中国科学院数据与通信保护研究教育中心 | A kind of safety communicating method and system cooperateing with signature calculation based on two sides |
| CN109660530A (en) * | 2018-12-08 | 2019-04-19 | 公安部第三研究所 | A kind of protecting information safety method based on hardware certificate |
| CN109714168A (en) * | 2017-10-25 | 2019-05-03 | 阿里巴巴集团控股有限公司 | Trusted remote method of proof, device and system |
| WO2020098377A1 (en) * | 2018-11-16 | 2020-05-22 | 阿里巴巴集团控股有限公司 | Remote attestation method and apparatus for trusted application program, and electronic device |
| CN111741008A (en) * | 2020-07-08 | 2020-10-02 | 南京红阵网络安全技术研究院有限公司 | Two-way anonymous authentication system and method based on mimicry defense principle |
| CN112134692A (en) * | 2019-06-24 | 2020-12-25 | 华为技术有限公司 | Remote certification mode negotiation method and device |
| CN112217775A (en) * | 2019-07-12 | 2021-01-12 | 华为技术有限公司 | Remote certification method and device |
| CN112688907A (en) * | 2019-10-17 | 2021-04-20 | 华为技术有限公司 | Combined type equipment remote certification mode negotiation method and related equipment |
| CN112787988A (en) * | 2019-11-11 | 2021-05-11 | 华为技术有限公司 | Remote certification method, device, system and computer storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1783848A (en) * | 2004-12-02 | 2006-06-07 | 北京航空航天大学 | Mail transmission agent primary anti-deny method based on domain hierarchy identifying mechanism |
| CN100495963C (en) * | 2006-09-23 | 2009-06-03 | 西安西电捷通无线网络通信有限公司 | Public key certificate state obtaining and verification method |
-
2007
- 2007-04-27 CN CN200710098814A patent/CN100583768C/en not_active Expired - Fee Related
Cited By (56)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9826335B2 (en) | 2008-01-18 | 2017-11-21 | Interdigital Patent Holdings, Inc. | Method and apparatus for enabling machine to machine communication |
| US9253643B2 (en) | 2009-03-05 | 2016-02-02 | Interdigital Patent Holdings, Inc. | Method and apparatus for H(e)NB integrity verification and validation |
| CN102342142A (en) * | 2009-03-06 | 2012-02-01 | 交互数字专利控股公司 | Platform validation and management of wireless devices |
| US9924366B2 (en) | 2009-03-06 | 2018-03-20 | Interdigital Patent Holdings, Inc. | Platform validation and management of wireless devices |
| CN101610273B (en) * | 2009-08-03 | 2011-12-28 | 西安西电捷通无线网络通信股份有限公司 | Secure remote certification method |
| WO2011022902A1 (en) * | 2009-08-25 | 2011-03-03 | 西安西电捷通无线网络通信股份有限公司 | Method for implementing bidirectional platform authentication |
| CN101783800B (en) * | 2010-01-27 | 2012-12-19 | 华为终端有限公司 | Embedded system safety communication method, device and system |
| CN101902472A (en) * | 2010-07-09 | 2010-12-01 | 北京工业大学 | Method for pushing remote declaration based on behaviors in trusted network |
| CN101902472B (en) * | 2010-07-09 | 2013-04-24 | 北京工业大学 | Method for pushing remote declaration based on behaviors in trusted network |
| US9652320B2 (en) | 2010-11-05 | 2017-05-16 | Interdigital Patent Holdings, Inc. | Device validation, distress indication, and remediation |
| CN102025741A (en) * | 2010-12-07 | 2011-04-20 | 中国科学院软件研究所 | Trusted identity service platform with two-layer framework and construction method thereof |
| CN102025741B (en) * | 2010-12-07 | 2013-06-05 | 中国科学院软件研究所 | Trusted identity service platform with two-layer framework and construction method thereof |
| CN102281510A (en) * | 2011-07-27 | 2011-12-14 | 上海和辰信息技术有限公司 | Multi-factor credible identity authenticating method and system for mobile mailbox |
| CN102281510B (en) * | 2011-07-27 | 2014-06-25 | 上海和辰信息技术有限公司 | Multi-factor credible identity authenticating method and system for mobile mailbox |
| CN102957535A (en) * | 2011-08-19 | 2013-03-06 | 国民技术股份有限公司 | Communication method and communication system for trusted computing platform and electronic certificate authentication system |
| CN102685092B (en) * | 2011-11-29 | 2014-11-19 | 河海大学 | Remote proofing method for proofing security attribute of remote platform |
| CN102685092A (en) * | 2011-11-29 | 2012-09-19 | 河海大学 | Remote proofing method for proofing security attribute of remote platform |
| CN102750471A (en) * | 2012-05-22 | 2012-10-24 | 中国科学院计算技术研究所 | Local verification type starting method based on trusted platform module (TPM) |
| CN102750471B (en) * | 2012-05-22 | 2015-02-11 | 中国科学院计算技术研究所 | Local verification type starting method based on trusted platform module (TPM) |
| CN103488937A (en) * | 2013-09-16 | 2014-01-01 | 华为技术有限公司 | Measuring method, electronic equipment and measuring system |
| US10339284B2 (en) | 2013-09-16 | 2019-07-02 | Huawei Technologies Co., Ltd. | Measurement method, electronic device, and measurement system |
| CN104038478A (en) * | 2014-05-19 | 2014-09-10 | 瑞达信息安全产业股份有限公司 | Embedded platform identity authentication trusted network connection method and system |
| CN104333451A (en) * | 2014-10-21 | 2015-02-04 | 广东金赋信息科技有限公司 | Trusted self-help service system |
| CN104506532A (en) * | 2014-12-24 | 2015-04-08 | 北京智捷伟讯科技有限公司 | Remote proving method applicable to emergency rescue platform |
| CN104506532B (en) * | 2014-12-24 | 2018-06-26 | 北京智捷伟讯科技有限公司 | A kind of remote certification method suitable for emergency relief platform |
| CN106533681B (en) * | 2015-09-11 | 2019-09-17 | 中国科学院软件研究所 | A kind of attribute method of proof and system that support section is shown |
| CN106533681A (en) * | 2015-09-11 | 2017-03-22 | 中国科学院软件研究所 | Attribute attestation method and system supporting partial presentation |
| CN107133520A (en) * | 2016-02-26 | 2017-09-05 | 华为技术有限公司 | The credible measurement method and apparatus of cloud computing platform |
| CN107133520B (en) * | 2016-02-26 | 2021-05-14 | 华为技术有限公司 | Credibility measuring method and device for cloud computing platform |
| WO2017143757A1 (en) * | 2016-02-26 | 2017-08-31 | 华为技术有限公司 | Trustworthiness measuring method and device for cloud computing platform |
| US11017095B2 (en) | 2016-02-26 | 2021-05-25 | Huawei Technologies Co., Ltd. | Method and apparatus for trusted measurement of cloud computing platform |
| CN106354550A (en) * | 2016-11-01 | 2017-01-25 | 广东浪潮大数据研究有限公司 | Method, device and system for protecting security of virtual machine |
| CN107104804A (en) * | 2017-05-10 | 2017-08-29 | 成都麟成科技有限公司 | A kind of platform integrity verification method and device |
| CN106953733A (en) * | 2017-05-10 | 2017-07-14 | 成都麟成科技有限公司 | A kind of platform software integrity certification method and apparatus |
| US11621843B2 (en) | 2017-10-25 | 2023-04-04 | Alibaba Group Holding Limited | Trusted remote proving method, apparatus and system |
| CN109714168B (en) * | 2017-10-25 | 2022-05-27 | 阿里巴巴集团控股有限公司 | Trusted remote attestation method, device and system |
| CN109714168A (en) * | 2017-10-25 | 2019-05-03 | 阿里巴巴集团控股有限公司 | Trusted remote method of proof, device and system |
| CN108171042B (en) * | 2017-11-16 | 2021-07-30 | 中国科学院软件研究所 | Trusted execution environment-based system configuration attribute certification method and system |
| CN108171042A (en) * | 2017-11-16 | 2018-06-15 | 中国科学院软件研究所 | A kind of system configuration attribute method of proof and system based on credible performing environment |
| CN109272314A (en) * | 2018-08-14 | 2019-01-25 | 中国科学院数据与通信保护研究教育中心 | A kind of safety communicating method and system cooperateing with signature calculation based on two sides |
| CN112468473B (en) * | 2018-11-16 | 2023-10-24 | 创新先进技术有限公司 | Remote proving method and device for trusted application program and electronic equipment |
| CN112468473A (en) * | 2018-11-16 | 2021-03-09 | 创新先进技术有限公司 | Remote certification method and device for trusted application program and electronic equipment |
| WO2020098377A1 (en) * | 2018-11-16 | 2020-05-22 | 阿里巴巴集团控股有限公司 | Remote attestation method and apparatus for trusted application program, and electronic device |
| CN109213741A (en) * | 2018-11-22 | 2019-01-15 | 浙江中农在线电子商务有限公司 | High-performance log storage method and device |
| CN109660530A (en) * | 2018-12-08 | 2019-04-19 | 公安部第三研究所 | A kind of protecting information safety method based on hardware certificate |
| CN112134692A (en) * | 2019-06-24 | 2020-12-25 | 华为技术有限公司 | Remote certification mode negotiation method and device |
| WO2020259419A1 (en) * | 2019-06-24 | 2020-12-30 | 华为技术有限公司 | Method and apparatus for negotiating remote attestation mode |
| CN112134692B (en) * | 2019-06-24 | 2022-02-15 | 华为技术有限公司 | Remote certification mode negotiation method and device |
| CN112217775A (en) * | 2019-07-12 | 2021-01-12 | 华为技术有限公司 | Remote certification method and device |
| CN112217775B (en) * | 2019-07-12 | 2022-04-05 | 华为技术有限公司 | Remote certification method and device |
| CN112688782A (en) * | 2019-10-17 | 2021-04-20 | 华为技术有限公司 | Remote certification method and equipment for combined equipment |
| CN112688907A (en) * | 2019-10-17 | 2021-04-20 | 华为技术有限公司 | Combined type equipment remote certification mode negotiation method and related equipment |
| CN112688782B (en) * | 2019-10-17 | 2023-09-08 | 华为技术有限公司 | Remote proving method and equipment for combined equipment |
| CN112787988A (en) * | 2019-11-11 | 2021-05-11 | 华为技术有限公司 | Remote certification method, device, system and computer storage medium |
| CN111741008A (en) * | 2020-07-08 | 2020-10-02 | 南京红阵网络安全技术研究院有限公司 | Two-way anonymous authentication system and method based on mimicry defense principle |
| CN111741008B (en) * | 2020-07-08 | 2020-12-04 | 南京红阵网络安全技术研究院有限公司 | Two-way anonymous authentication system and method based on mimicry defense principle |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100583768C (en) | 2010-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101043338A (en) | Safety requirement based remote proving method and system thereof | |
| JP6151402B2 (en) | Inclusive verification of platform to data center | |
| US9497210B2 (en) | Stateless attestation system | |
| US9998438B2 (en) | Verifying the security of a remote server | |
| US9405912B2 (en) | Hardware rooted attestation | |
| TWI537764B (en) | Method for verifying the geographic location of a virtual disk image excuting within a data center | |
| US8549592B2 (en) | Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform | |
| CN104158791A (en) | Safe communication authentication method and system in distributed environment | |
| Böck et al. | Towards more trustable log files for digital forensics by means of “trusted computing” | |
| JP2010508567A (en) | Disabling malware on computing devices | |
| WO2020143906A1 (en) | Method and apparatus for trust verification | |
| Aslam et al. | FoNAC-an automated fog node audit and certification scheme | |
| TWI546698B (en) | Login system based on servers, login authentication server, and authentication method thereof | |
| CN112784249B (en) | Method, system, processor and computer readable storage medium for implementing mobile terminal authentication processing under no-identification condition | |
| Niemi et al. | Platform attestation in consumer devices | |
| Lucyantie et al. | Attestation with trusted configuration machine | |
| CN113806810B (en) | Authentication method, authentication system, computing device, and storage medium | |
| Chaki et al. | Verification across intellectual property boundaries | |
| KR102162108B1 (en) | Lw_pki system for nfv environment and communication method using the same | |
| Borhan et al. | Platform Property Certificate for Property-based Attestation Model | |
| Wilson | Formally Verified Remote Attestation Protocols with Strong Authentication | |
| Petullo et al. | Digital identity security architecture in Ethos | |
| CN113987461A (en) | Identity authentication method and device and electronic equipment | |
| CN117201161A (en) | Lightweight equipment authentication method | |
| Wentao et al. | Trusted remote attestation scheme based on property |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100120 |