CN101166095B - Saving and retrieving data based on public key encryption - Google Patents
Saving and retrieving data based on public key encryption Download PDFInfo
- Publication number
- CN101166095B CN101166095B CN 200710152961 CN200710152961A CN101166095B CN 101166095 B CN101166095 B CN 101166095B CN 200710152961 CN200710152961 CN 200710152961 CN 200710152961 A CN200710152961 A CN 200710152961A CN 101166095 B CN101166095 B CN 101166095B
- Authority
- CN
- China
- Prior art keywords
- key
- data
- program
- public
- ssp
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses an encryption retention and data retrieve based on symmetric cipher key. In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
Description
The application is the dividing an application of 03131208.X patent application that is filed on April 17th, 2003.
Related application
The application requires by Paul England, Marcus Peinado and Bryan M.Willman on April 17th, 2002 the rights and interests of common that propose, the U.S. Provisional Application 60/373505 of " safe storage processor " by name, above-mentioned provisional application is used as reference here.
The disclosed a part of content of this part patent document comprises material protected by copyright.The copyright owner does not oppose to utilize patent document or patent any the copying in disclosing with the form of the patent document of patent and trademark office or record, but the copyright owner keeps other all rights.
Technical field
The present invention relates to data storage and data retrieval, relate in particular to data storage and data retrieval based on public key encryption.
Background technology
Data on the protection calculation machine, so that data only are provided for a suitable side, this is that the user pays special attention to.The data type that the user needs protection alters a great deal, for example relevant with work or private classified papers, Bank Account Number, credit card number, social insurance number etc.In addition, for some third party, prevent that the data on illegal use or the calling party computer from being important too.For example, leaked to rogue program or computer hacker thereby the credit card issue person wishes that credit number can be protected, music company wishes that its song can prevent by piracy, and film studio wishes to prevent that its film is by piracy etc.
Be the data on the protection calculation machine, a solution is to give up universal computing device and use for transmission, storage and show the special-purpose anti-interference box of secure content.Yet this solution is not practicable, because he stops the user to expand their computer (for example, the user can not install other component software and/or nextport hardware component NextPort at this anti-interference box).Therefore, it is necessary providing a kind of approach of on universal computing device data being protected.
Summary of the invention
Data storage and data retrieval based on public key encryption will be described hereinafter.
On the one hand, obtain data from a caller.Use public key encryption to produce the ciphertext that comprises these data with the form that only allows one or more target programs from described ciphertext, to obtain described data.
On the other hand, obtain a bit string from a caller.Check described caller identifier to be confirmed whether to allow described caller to access enciphered data in the described bit string ciphertext.Only have when described caller is allowed to access described data, these data are just decrypted by public-key cryptography, and turn back to described caller.
Description of drawings
Identical tag application represents identical assembly and/or feature in the entire chapter file.
Fig. 1 illustrates a typical access control model.
Fig. 2 represents to use an access controlled environments of four different brackets levels.
Fig. 3 is the flow chart for a typical operation carrying out " locked in " operation.
Fig. 4 is the flow chart for a typical operation carrying out open operation.
Fig. 5 is the flow chart for a typical operation carrying out storage operation.
Fig. 6 is the flow chart for a typical operation carrying out " locked in " operation.
Fig. 7 is the flow chart for a typical operation carrying out referencing operation.
Fig. 8 is the flow chart for a typical operation carrying out checked operation.
Fig. 9 is the flow chart for a typical operation carrying out " locked in " operation.
Figure 10 is the flow chart for a typical operation carrying out the public-key cryptography " locked in " operation.
Figure 11 is the flow chart be used to a typical operation carrying out general " locked in " operation.
Figure 12 explanation can be used for carrying out a general-purpose computer environment of technology hereinafter.
Embodiment
Fig. 1 illustrates a typical access control model 100.Main body 102 can produce a request of the protected resource of access.Described request is received by a protector 104, and this protector control is to the access of resource 106.Protector 104 checks described request and determines whether to authorize this request on the basis of the access strategy relevant with other information with described resource, such as the main body 102 of identification issue described request.Be better explanation, an independent main body 102, protector 104 and resource 106 have been shown among Fig. 1.Yet, should illustrate, access control model 100 can comprise a plurality of main bodys 102, a plurality of protector and 104 and/or a plurality of resource 106.
In the discussion here, with the access control model 100 of explanation about carrying out at an independent computing equipment.Yet clearly described, the different piece of model can be carried out at different computing equipments.For example, main body 102 can be on a computing equipment, and protector 104 and resource 106 can be on other computing equipments.
Main body on a computing equipment and protector can be classified as the many levels I of arbitrary number n
nFig. 2 represents an access controlled environments that uses four different layers.In one embodiment, layer I
1Relate to a hardware or security kernel layer, layer I
2Relate to one and substantially input/state out system (BIOS) layer, layer I
3Relate to an operating system (OS) layer, layer I
4Relate to an application layer.
In example environment shown in Figure 2, lowermost layer (layer I
1) the protection Root Resource.Serve as next more high-rise in the protector of main body, intermediate layer (layer I
2And I
3) in program serve as from the next one main body of request access the low layer more.Described intermediate layer just can increase function for the main body in more high-rise.
For example, suppose the Root Resource 128 that the 120 expectation retrievals of a program are protected by protector 126.Any request of program 120 loads is from the main body of the described Root Resource 128 of module 122 access, a protector of namely serving as described resource.If module 122 have described resource 128 a copy (for example, the response with described resource dependency front request and utilize program 120 or the layer I
4In certain other program from protector 126 front obtain or when module 122 is initialised or be written in the described computing equipment), whether 122 audit programs of module 120 are allowed to retrieve described resource.If program 120 is allowed to retrieve described resource, then module 122 is returned described resource to program 120.
But if module 122 does not have the copy of described resource 128, then module 122 request of serving as is from a main body of the described Root Resource of module 124 access, and module 124 is served as a protector of described resource.If the copy that module 124 has a described resource 128 (for example, by module 122 or certain other module responds in layer I3 and described resource dependency front request from protector 126 front acquisition or when module 124 is initialised or is written into described computing equipment), then whether module 124 checking modules 122 are allowed to retrieve described resource.If module 122 is allowed to retrieve described resource, then module 124 is returned described resource to module 122.
Yet if module 124 does not have a copy of described resource 128, module 124 request of serving as is from a main body of the described Root Resource of protector 126 access.Whether protector 126 checking modules 124 are allowed to retrieve described resource, and, if module 124 is allowed to retrieve described resource, then return described resource to module 124.If module 122 is allowed to retrieve described resource, then module 124 is returned described resource to module 122, and if program 120 is allowed to retrieve described resource, then module 122 is returned described resource to program 120.
In the discussion here, for a plurality of references have been listed in the use of the access control model 100 of Fig. 1, to allow the verifying software operation.Usually, protected described resource is key in the verification operation of software.Yet clearly, the software verification operation only is to use one of example of access control model 100.
Another example that uses access control model 100 is the checking to the computer user.Mostly state the present age computer residence access control system is arranged.A user signs in to computer, whom is so that this computer is known the user.After the login, the user moves the needed program of common access system resources (for example, file reading, write window on the screen etc.).Usually, the described access control system of described computer conferred (for example, " and user X can be on resource Z executable operations Y? ").If answer is negated, just described program can not be accessed described resource.
Another example that uses access control model 100 is the checking to the remote service user.Remote service such as website (for example, online broker people or bank) and so on can be considered to have access control system.Described resource is the People's Bank's account, their money and stock.A user signs in to after the described website, described access control system will determine whether described user is authorized to carry out the access of its request, for example, to the access (to retrieve up-to-date bank state) of " bank account data " resource, perhaps to one " transmission " access of resource " in the bank account 12345 1000 dollars ".
Another example that uses access control model 100 is the constraint to the physical access in special building or zone.For example, when a user arrived the post morning, this user shows his/her certificate also to be asked resource " Qianmen " " opening " operated.Certain electronic system (protector) determines according to institute's canned data on the certificate whether described user is allowed to enter this building and accordingly this door is carried out release.
If possible allow computer program (from a deciphering protector or service protector) obtain the protection access at least one encrypt asset, then computing equipment enables the verification operation of a program (software).As mentioned below, in certain embodiments, enable to verify and the computing equipment of isolating enables verification operation.
If these 2 can both be satisfied, so, program C is referred to as and mutually isolates with another program D: (1) has the memory that can be accessed by program C and can not be accessed by program D, and (2) program D can not working procedure C (except a possible entrance of being determined by program C).Program is provided by its transformation rule (executable code) and its initial condition (entrance or IP IP initial value).Because data can be stored in the memory that can not be accessed by program D, so, even the existence of the behavior of runing counter to of program D is arranged, described first program code that also can guarantee program C and state information complete.This point also allows program C to protect to come the confidential data (for example, key) in the observation of free program D.Described second point guarantees that D can not destroy by the entrance of selecting to run counter to the behavior of C.
In addition, if program C enables to identify the initial condition of transformation rule (program code) and program D, can say that then program C can proving program D.Computing equipment can isolate any program C of program from any other program D, and an exception is the single program E of every layer of j<i
j, wherein i is the layer of program C.This can protect a plurality of programs to avoid observation and the interference of arbitrary program, except the sequence E of protector
1, E
2..., E
I-1Outside, program C passes through this protector and its resource of request access.And for any layer of i, described computing equipment can make a program carry out to verify at least some programs in layer i+1 in layer i.This request allow a program serve as with from the relevant protector of the request of theme in the described lower floor.These two observations have caused an inductive argument, and namely the program in any layer can be by protecting its complete and their resource and checking protector of serving as resource from the request of the main body in the next layer to its resource of former request access and by isolation.
Isolation can be by realizing with physical storage protection.This approach is referred to as " isolation in the space " and " space isolation ".For example, the protection of the ring in many Modern microprocessor and virtual memory is enough to the isolation in the implementation space.Can be application program (layer i+1) with the operating system kernel (layer i) of privileged mode operation and set up page table, thereby, any application program can only access physical memory some part, this part is the selected described application program virtual address space of mirroring of described operating system kernel.And the privilege of described core constraint applies program is so that they can not change storage image, and the assurance application program only starts the execution of core code in the entrance of clear (system call).
Another kind realizes that the approach of isolation is in time to separate their execution between two-layer.The method relates to " in time separating " and " time separates ".A program among the ground floor i is fully implemented, and makes and can not obtain some resource, then just stops.Subsequently, control is transferred among the next layer i+1.
Verify between a plurality of layers (j=i+1) that occur in subsequently.The initial condition of the configuration of program C proving program (transformation rule) and j.Described program can be verified by making the program among the program C inspection layer j.That is, exemplary program C reads the memory of the program that comprises layer j, and calculates a secret summary in the scope of this memory.It should be noted, the purpose of this point only is to determine the identity of described code, rather than the statement of other main body of the relevant described code of assessment.Therefore, in this, certificate is not necessary.
Second initial condition that task is recognizer D of program C.Very difficult when generally speaking, determining the initial condition of a program in any one execution phase.Therefore, the initial condition of program C control program D.In fact, this means if program C with the execution of δ state start-up routine D, so, the initial condition δ that program C only can determine procedures D.
In a word, for proving program D, program C checks that it thinks relevant memory content and calculate a secret summary.Afterwards, program C transmission execution is to the entrance of a clear and definite program D.
In the situation that described resource is encryption key, verification operation allows each operating system and application program exclusively to access one or more secrets.Each secret of above-mentioned insulation blocking is avoided the attack of hostile code.The checking permission program of said procedure is identified, thereby each secret is merely able to disclosed described program to having it.
Usually, owing to providing a request from program (main body 102 of Fig. 1), protector 104 is set up the identity (that is, protector 104 is authorized described program) of described program.If described program is not owner's (resource 106) that request is maintained secrecy, then protector 104 these requests of refusal.Otherwise protector 104 calculates certain function (himself can be described secret) of described secret, and if possible, the information that is provided by described program also further is provided and is returned described result.In other words, not clearly to receive or refuse to ask, protector 104 can be the described request service, but the identity of described caller is assembled among the described result.This method that replaces is suitable, for example, if the described result who is returned by described protector does not comprise security information (for example, using a secret to produce the request of digital signature).The item gate function is used to consult both of these case here.
In addition, in all cases, protector 104 checking described callers (main body 102).The checking of main body 102 is also related to the function ID () here, and this function id () returns a summary of described caller (gate function of this routine call protector 104).Described summary can be generated by any ways customary, for example use any one or a plurality of keyed Hash function (being also referred to as one-way Hash function), SHA1 (secret Hash operation rule 1) for example, MD5 (informative abstract 5), MD2 (informative abstract 2), etc.; Use keying MAC (Message Authentication Code) etc.
A class gate function described herein realizes enclosed storage.The purpose of enclosed storage is to allow the procedure stores secret, so that only one group of special one or more program (by the program defined of storage secret) can be retrieved described secret.The described secret of calculating functional recovery (unlatching) that the described secret of initial preservation (sealing) is only arranged in an example.Usually, these secret useful life will exceed the independent Deadline of described program.Employed secret can be saved (sealing) or isolation during program is carried out once, and a randomizer also allows described program to keep described secret term of execution of time.Enclosed storage also allows a program all to keep from start to finish secret whole the term of execution, and these execution can not be immediately overlapping.By with lower interface (for example, use " sealing " and " unlatchings " to operate and/or public-key cryptography seals and the public-key cryptography open operation), layer I
iEnclosed storage is exposed to lower one deck I
I+1
Discussion about enclosed storage relates to the key that is used to encryption and decryption.These keys are keys relevant with the protector that resource is being protected (for example, the protector 104 of Fig. 1).
The discussion here also relates to program identifier (for example, call an identifier of the program of an operation, or be allowed to access an identifier of a target program of a resource).These identifiers often are referred to as summary here.Yet clearly, summary only is an example of program identifier.Can use other type of identifier, this identifier is a tolerance or other performance of program, and allows any change of program all is detected.If program (is for example changed to some extent; one or more instructions of accessing or utilizing the adversary of protected data to change for malice); then the described identifier of described program will reflect this change (for example, the identifier of the program of change will not be different from the identifier of the program of change).
Described " locked in " operation receives data (for example, secret) input that will be closed.Described " locked in " operation also optionally receives when being used for identification and/or disclosing the condition of secret to whichever as input.In one embodiment, this condition is a summary of a target program, and this program is allowed to retrieval (unlatching) described data.In addition, be allowed to the retrieval (unlatching) described data program can otherwise be identified.For example, described program can be identified by a public-key cryptography, thereby so that each proof is relevant with one or more programs.
In addition, except or replace the identifier of described target program can also use other conditions.For example, described condition can comprise the special time-constrain of time correlation that can disclosed (unlatching) with described data, for example one day or many days the special time in the week during described secret can disclosed (unlatching).Again for example, in order to make described secret disclosed (unlatching), described condition can comprise the password that must be provided or the identifier of other data, and for example, described secret can only be known the program of password and open.
Again for example, described condition can be a logical formula (for example, writes on any statement in the first rank logic, write on any statement in the predicate logic etc.).Described logical formula evaluated (for example, passing through protector) and only have when described assessment and return when really indicating, described secret is disclosed (unlatching).
Again for example, described condition can be executable program (for example, java, the C of certain language
*, Javascript, VBScript etc.).Program is performed (for example, passing through protector), only has when described program is returned certain for the indication of "True" or " satisfying " described secret ability disclosed (unlatching).
In the situation of summary of described target program in described condition, described " locked in " operation can use the summary of the described program of calling described " locked in " operation, (impliedly inputting whereby the summary of described target program) replaces providing the summary of described target program.In addition, the summary of multiple target program can be imported into described " locked in " operation, allows whereby the multiple target program to disclose (unlatching) described data.
Described " locked in " operation is encrypted the identifier of described caller with input (described data and permission disclose the condition of (unlatching) described data).Described " locked in " operation returns described input data with the form (as ciphertext) of an encryption.Described " locked in " operation also returns a value (for example, a Message Authentication Code (MAC) value), and this value can be used for verifying the integrality of described sealing data.The data that the data of returning allow to store are cited in open operation subsequently, will further discuss hereinafter
The pseudo-code that is used for described open operation describes in Table I.In the pseudo-code of Table I, ID () relates to ID discussed above () function, and e relates to the value that is returned to described caller (for example, character string or bit sequence), and data relate to the data that are closed, and [t
1..., t
m] relating to the summary of one or more target programs, this target program allows to disclose (unlatching) described data (in other words, one or more other conditions).
Table I
| D=ID() E=store(data,[t 1......,t m],d) Return?e |
Fig. 3 is that explanation is for the flow chart of an exemplary process 200 that realizes described " locked in " operation.Processing 200 is performed by the protector 104 among Fig. 1, and can realize with the form of hardware, software, firmware or its combination.
At first, receive the secret (step 202) that needs are closed from described caller.Described secret is encrypted so that described secret can only be retrieved (step 202) by a special target program, and perhaps, if one or more specified conditions are satisfied, described secret can only be retrieved.The ciphertext that comprises encrypted confidential then is returned to described caller (step 206).Additional information also can be returned to described caller (separating as the part of described ciphertext or from described ciphertext), for example described caller and/or described target program summary.
Described open operation receives a bit string as input, and this bit string is to be returned by described " locked in " operation when the data that the described caller of sealing wishes to retrieve now.Described open operation obtains to be used for disclosing the condition of described data, and checks whether these conditions are satisfied.For example, if condition comprises the summary of one or more target programs that is allowed to retrieval (unlatching) described data, then described open operation obtains these summaries and checks whether one of one or more target programs of described caller.If described caller is not one of one or more callers, then described open operation data failed and that ask are not returned to described caller.Yet if described caller is one of one or more target programs, described open operation success and described requested data are returned to described caller.The summary that seals the program of described data is also returned arbitrarily by described open operation.
The pseudo-code that is used for open operation describes in Table II.In the pseudo-code of Table II, data relate to just requested data (and before being closed), [t
1..., t
m] relate to the summary (being one or more other conditions) of one or more target programs that is allowed to retrieval (unlatching) described data, e relates to the input (by previous typical case's output of a " locked in " operation) to described open operation, and d relates to the summary of the program of sealing described data.
Table II
| (data,[t 1......,t m],d)=retrieve(e) if?ID()is?in[t 1......,t m]then?return(data,d) else?fail |
Explanation is for the flow chart of an exemplary process 220 that realizes described open operation during Fig. 4.Processing 220 is performed by the protector 104 of Fig. 1, also can realize by hardware, software, firmware or its combination.
At first, the desired retrieval of described caller, with the ciphertext of enciphered data be retrieved (step 222).Make one about whether allowing described caller to retrieve the inspection (step 224) of described data, and carry out based on whether allowing described caller to retrieve the processing (step 226) of described data.If described caller is allowed to retrieve described data, then described data (deciphering) are returned to described caller (step 228).If described caller is not allowed to retrieve described data, then describedly process unsuccessfully (step 230) and described data are not returned to described caller.
Enclosed storage can realize by different modes.In one embodiment, realize enclosed storage by the nonvolatile memory with physical protection.In the present embodiment, described computing equipment links with the protector with different piece of protected nonvolatile storage, and allows each protector can only access the part relevant with described protector.In the present embodiment, call close with open operation in the storage that relates to search operaqtion so that described computing equipment can store respectively and the data of retrieving in the protected nonvolatile memory relevant with described protector.
For example, a memory device (for example hard disk drive) can be realized a protector.Not simply described memory device unconditionally to be carried out read write command, the main body of described this memory device of memory device identification attempt access (for example, and only allow a described memory device of special principal access a summary based on described main body).In addition, different main bodys can be confined to the special part (for example, special sector or address realm) that can only access described memory device.
In another embodiment, realize enclosed storage by the art that accesses to your password.The below will describe an exemplary embodiments of carrying out enclosed storage by the art that accesses to your password.
When the art that accesses to your password realized enclosed storage, described resource was a key K rather than by the memory of physical protection.Described storage operation is not physically to store its input.Opposite, described storage operation produces the output c of a cryptoguard, this output c be one to encrypt and the input of the storage operation of Global Macros form appearance.Described encryption is that a symmetric cryptography is applied to result in the described input.A rear characteristic is applied to described input by (before or after described input is encrypted) with a Message Authentication Code (MAC) and obtains.
Explanation is used for the pseudo-code of storage operation in Table III.In the pseudo-code of Table III, b relates to the bit string that is imported in the storage operation, and c relates to the bit string of being exported by described storage operation.K1 relates to the first of key K, and K2 relates to the second portion of key K.Described key K is to realize the symmetric key of the protector of sealing and storage operation.
Table III
| M=MAC k1(b) C=(m,Encrypt k2(b)) Return?c |
Therefore, from Table III, can see, generate a value (m) by the bit string that a MAC is applied to be input in the described storage operation.Described MAC is used to a part (K1) of key K.The bit string that is input in the described storage operation is also encrypted by a second portion (k2) that uses key K.By described MAC being applied to described input bit string and encrypting the caller that value that described input bit string generates is returned to described storage operation.
Described key K is divided into two independently key K 1 and K2, to avoid that MAC is used identical key with password.Any mode of this division in can be in many ways carried out.This division can be used the different position of key K or use one or more identical positions.For example, suppose that key K is 1024, then low 512 can be used as key K 1, and high 512 can be used as key K 2, ( position 0,2,4,6, even-numbered position, 8,10 ... 1022) can be used as key K 1, (position 1, odd-numbered position, 3,5,7,9,11 ..., 1023) can be used as key K 2, low 650 can be used as key K 1, and high 650 can be used as key K 2 (causing some position can be used to K1 and K2) etc.In addition, same key K can be used to MAC and password.
The pseudo-code that illustrates in the Table III by calculating described data MAC, enciphered data and export described MAC and described ciphertext realizes described storage operation.In addition, described storage operation can realize in a different manner.For example, described storage operation can at first be encrypted described data, then calculates a MAC of described ciphertext, and exports described ciphertext and described MAC.Again for example, described storage operation can be calculated the MAC of described data, then encrypts described data and described MAC, and exports described ciphertext.
The encryption of carrying out by the ciphertext of storage operation can be by realizing with different symmetric encipherment algorithms.Usually, symmetric encipherment algorithm uses same key to be encrypted and to decipher.For example, the algorithm that comprises triple des (data encryption standard), AES (Advanced Encryption Standard) etc.
Similarly, described MAC can be Message Authentication Code arbitrarily, for example, in advance in cryptography cipher machine ' 96 one by one, among " computer science " lecture notes No.1109 in namely 1996, MAC described in the M.Bellare, R.Canetti and H.Krawczyk " hash function that is used for the use key of Information Authentication ".In addition, come integral body is protected by a public-key cryptography digital signature that substitutes a MAC.
Fig. 5 is the flow chart be used to an exemplary processes 250 that realizes described storage operation.Carry out processing 250 by the protector 104 among Fig. 1, and can realize with the form of hardware, software, firmware or its combination.
At first, receive data to be stored (step 252).Symmetric encipherment algorithm is applied to described data (step 254) and a Message Authentication Code (MAC) is applied to described data (step 256).The enciphered data that generates in step 254 and the MAC value that generates in step 256 are returned to described caller (step 258).
Described search operaqtion receive comprise a MAC value and ciphertext the input bit string.Described ciphertext is decrypted with generation expressly, and generates a MAC value of described ciphertext.Received MAC value is identical if the MAC value of described plaintext is with the part of conduct input bit string, and then described plaintext is returned to described caller.But received MAC value is different if the MAC value of described plaintext is from the part of conduct input bit string, and then described search operaqtion failure and described plaintext are not returned to described caller.Clearly, depend on the mode that realizes described storage operation for the particular form that obtains the search operaqtion that described MAC and described ciphertext carry out from described input bit string.
Explanation is used for the pseudo-code of search operaqtion in Table IV.In the pseudo-code of Table IV, c relates to the bit string that is imported in the described search operaqtion, b relates to the bit string that is output in the described search operaqtion, m relates to the part MAC value of the bit string that is imported in the described search operaqtion, d relates to the part ciphertext of the bit string that is imported in the described search operaqtion, K1 relates to the first of described key K, and K2 relates to the second portion of described key K.With above the same in conjunction with the relevant discussion of described storage operation, K1 and K2 are the same parts of described key K.
Table IV
| Let(m,d)=c B=Decrypt k2(d) If?m=MAC k1(b)then?return?b Else?fail |
Therefore, can see from Table IV, the bit string that inputs to described search operaqtion by deciphering generates a value (b).Received MAC value is identical if the MAC value that described search operaqtion generates inputs to the bit string of the part in the described search operaqtion with conduct, and then described value (b) is returned to the caller of described search operaqtion, otherwise described search operaqtion failure.
Described pseudo-code in the Table IV is calculated the MAC of described data and is encrypted described data based on the realization of described storage operation in this storage operation, described MAC and ciphertext are output (with as the input bit string to described search operaqtion) together.If described storage operation is at first encrypted described data, then calculate a MAC of described ciphertext and export described ciphertext and MAC, then, the MAC that described search operaqtion will be calculated described ciphertext also and with the MAC that form was received that partly inputs bit string compares, if described MAC value is complementary, then deciphers described ciphertext and return described data decryption.If described storage operation is used to calculate a MAC of described data, then encrypt described data and MAC, then described search operaqtion will be deciphered described input bit string, then a MAC who calculates the data in the described input bit string also compares a MAC in this MAC and the described deciphering character string, if described MAC value is complementary, then return described data.
Be similar to the above relevant discussion of described storage operation, described search operaqtion can be used arbitrarily decipherment algorithm.Yet described decipherment algorithm should be corresponding with described cryptographic algorithm, so that described enciphered data can be decrypted.Similarly, Message Authentication Code can be used as described MAC arbitrarily, but used Message Authentication Code should be identical with the Message Authentication Code that described storage operation is used.
Fig. 6 is the flow chart be used to an exemplary process 270 that realizes described " locked in " operation.Protector 104 among Fig. 1 is carried out and is processed 270, and can realize with the form of hardware, software, firmware or its combination.
At first, receive a ciphertext and MAC value (step 272).Described ciphertext is decrypted to generate clear data (step 274).A Message Authentication Code (MAC) is applied to described clear data generating a MAC value, and checks the MAC value (step 278) whether the MAC value that generates in the step 276 equals to receive in the step 272.Process (step 280) according to the MAC value whether the MAC value that generates equals to receive.If the MAC value that the MAC value that generates equals to receive, then described clear data is returned to described caller (step 282).Yet, if the MAC value that generates is not equal to the MAC value that receives, process unsuccessfully and described clear data is not returned described caller.
Therefore, the encryption method that is used for " locked in " operation has guaranteed that fully any error of value c (output of described storage operation) can both be detected, and, if to the access of key K 2 (the employed key of password that is used for secret value b), value b (input of described storage operation) can not be retrieved.
Another kind of gating function is realized remote validation.The purpose of remote validation is, even also can proving program in the situation that does not arrive the strong physical coupling of demo plant (for example, using server or smart card).In this case, checking is based on password.That is, two entities form an encrypted authentication agreement.This comprises the checking configuration that can access a secret, and this configuration is normally based on a private key or a symmetric key of described agreement.The identity property of the configuration of using and require this use (for example, processor and/or software) that in addition, described computing equipment can be secret with these checkings couples together.Therefore, described demo plant can set up described computing equipment and the described software carried out thereon identity property.
Referencing operation and public-key cryptography open operation are respectively the gating functions for public-key cryptography signature and public-key cryptography deciphering.The protector access signature key K s that realizes these gating functions conciliates secret keys Kd.Described signature key Ks conciliates secret keys Kd and also is referred to as open/right private key of private key.The disclosure/private key is to being to realize the described pair of secret keys of quoting with the protector of public-key cryptography open operation.
Described referencing operation by described referencing operation input and a combination (for example, cascade) of a condition return a public-key cryptography signature, this condition identification when and/or described secret can disclosedly give whichever.Similar with described sealing and the open operation above discussed, the disclosure of described secret is subject to any one condition of a plurality of conditions.In one embodiment, this condition is an identifier (for example being the summary of described caller) of described caller.
Having the described operation of expression in described signature inside is a proof of carrying out on the basis of the request that is identified caller.Described referencing operation and a verification operation work in concert, this verification operation normally be used for to be carried out equipment beyond the equipment of referencing operation (for example on remote server or smart card etc.) execution.Described verification operation is carried out a public-key cryptography signature verification, and retrieves and assess the described caller identifier of (and/or other is used for disclosing condition of described secret).
Explanation is used for the pseudo-code of referencing operation in Table V.In the pseudo-code of Table V, ID () relates to above-mentioned ID () function, and a relates to the data that are imported in the described referencing operation, and Ks relates to a signature key.
Table V
| D=ID() Return?sn=Signature ks(d,a) |
Therefore, can find out from Table V, described referencing operation obtains a summary of described caller and receives an input value a.Described referencing operation uses signature key Ks to generate the digital signature (sn) of the summary of input value a and described caller.Input value a can be generated by described caller, perhaps can be a value that receives from another assembly or equipment (for example, will being performed the equipment of verification operation).Generate described digital signature with public key encryption.
Fig. 7 is that explanation is for the flow chart of an exemplary process 300 that realizes described referencing operation.Protector among Fig. 1 is carried out and is processed 300, and can realize with the form of hardware, software, firmware or its combination.
At first, receive the input data from a caller (step 302).Obtain an identifier (/ or a plurality of other condition be used to retrieving described input data) (step 304) of this caller and generate a digital signature (step 306), this digital signature is based on the combination of the identifier (and/or one or more other condition) of described input data and described caller.
Described verification operation is carried out a public-key cryptography signature verification and is retrieved and assess the identifier of described caller.Described verification operation receives a digital signature that is generated by a caller usually from the equipment (for example, remote service equipment, smart card etc.) except the equipment of carrying out verification operation.Described verification operation extracts the summary (for example, application program, operating system, firmware program etc.) of described program and assesses this and make a summary to determine how to carry out, and said procedure calls described referencing operation from the digital signature that receives.
Explanation is used for the pseudo-code 6 of described verification operation in Table VI.In the pseudo-code of Table VI, d relates to the summary of the program of calling described referencing operation, and a relates to the value that is imported in the described referencing operation, and Sn relates to the digital signature of the input of conduct that described verification operation receives.
Table VI
| (d,a)=Extract Kv(Sn) Evaluate(d) |
Therefore, can find out from Table VI, described verification operation receives a digital signature, and use authentication secret Kv (this key be comprise described signature key Ks open/the right public-key cryptography of private key) from described signature, extract described summary d and value a.Described verification operation can be assessed the summary d of the program of calling described referencing operation.The mode of assessment summary d can change.For example, described assessment can comprise with the summary d compare with the tabulation of " being checked and approved " or " trust " application program.
Fig. 8 is the flow chart be used to an exemplary process 320 that realizes described verification operation.Protector 104 among Fig. 1 is carried out and is processed 320, and can realize with the form of hardware, software, firmware or its combination.
At first, receive a digital signature (step 322).Marker character and the described input value itself of quoting the caller (and/or one or more other condition for retrieving described input value) of an input value (using described referencing operation) are extracted (step 324) from described digital signature.Assess the identifier (and/or one or more other condition that is extracted) of described caller to determine how to proceed described input value (step 326).
Described public-key cryptography open operation is a public key encryption version or one or more other condition of logic gating on the conforming basis of described caller (for example summary of described caller).The public-key cryptography decrypted result that is imported into the input c in the described public-key cryptography open operation is interpreted as one to (d, s), and wherein, s is a secret, and d identifies the configuration (for example, the summary of a caller) that can disclose to it s.If the caller that public-key cryptography is opened is not d, then described public-key cryptography open operation failure.Second public-key cryptography " locked in " operation generates the input c to described public-key cryptography open operation, and it can go up execution the equipment except the equipment of carrying out described public-key cryptography open operation (for example, remote service equipment, paper can block etc.).Described public-key cryptography " locked in " operation is carried out and will be encrypted disclosing of r (d, s) is close.Described public-key cryptography open operation and public-key cryptography " locked in " operation also can be used to realize enclosed storage.
Explanation is used for the pseudo-code of described public-key cryptography open operation in Table VII.In the pseudo-code of Table VII, ID () function relates to above-mentioned ID () function, and c relates to the input to described public-key cryptography open operation, [d1 ..., d
m] relate to the summary of one or more callers; s can disclosedly give this program (in other words one or more other programs); s relates to described protected data; Kd relates to one and separates secret keys (relevant with protector one discloses/private key of private key centering, and this protector is just being carried out described public-key cryptography open operation).
Table VII
| ([d1,......,d m],)=Decrypt Kd(c) if?ID()is?in[d1,......,d m]?then?return?s else?fail |
Therefore, can find out from Table VII, described public-key cryptography open operation is deciphered described input value a with public-key cryptography deciphering and described decruption key Kd.Described deciphering input value comprise one or more be allowed to its disclose the caller of described protected data s summary [d1 ..., d
m] (but or one or more identification protecting data s when disclosed and/or disclose other condition to whichever).Described public-key cryptography open operation also generates a summary of described caller.If the summary of described caller and summary [d1 ..., d
m] one of equate, then described protected data is returned to described caller.But, if the summary of described caller and summary [d1 ..., d
m] in any one is all unequal, then described protected data is not returned to described caller.
Fig. 9 is the flow chart of realizing the processing 340 of described public-key cryptography open operation for explanation.Protector 104 among Fig. 1 is carried out and is processed 340, and can realize with the form of hardware, software, a firmware or one combination.
At first, with the ciphertext of the enciphered data of the desired retrieval of described caller be retrieved (step 342).Check whether to allow described caller to retrieve described data (step 344), and whether be allowed to retrieve described data according to described caller and process (step 346).If described caller is allowed to retrieve described data, then described data (decrypted by public-key cryptography) are returned to described caller (step 348).If described caller is allowed to retrieve described data, then describedly process unsuccessfully (step 350) and described data are not returned to described caller.
Described public-key cryptography " locked in " operation is a public key encryption scheme that obtains by the logic gating on the conforming basis of described caller (for example, the summary of described caller, or one or more other program).Described public-key cryptography " locked in " operation is carried out a function to a public key encryption of (d, s), and wherein s is one or more configurations (for example, the summary of a caller) that a secret and d identification can disclose to it described s.
Explanation is used for the pseudo-code of described public-key cryptography " locked in " operation in Table VIII.In the pseudo-code of Table VIII, c relates to the output of described public-key cryptography " locked in " operation, [d1 ..., d
m] relating to the summary of one or more callers, s can disclosedly give this caller, and s relates to described protected data, and Ke relates to an encryption key.
Table VIII
| C=EncryptKe([d1,......,d m],s) Return?c |
Therefore, from Table VIII, can find out, described public-key cryptography " locked in " operation receive as the described protected data s of input and can to its disclose one or more programs of described protected data s summary [d1 ..., dm].Described function to [d1 ..., d
m], be that s is used based on the public key cryptography of described encryption key Ke and encrypts s.Described encryption key Ke is the public-key cryptography of attempting to decipher the described protector of described ciphertext.Ciphertext from described public key encryption is returned to described caller
Figure 10 is that explanation is for a flow chart of an exemplary process 360 that realizes described public-key cryptography " locked in " operation.Processing 360 is performed by a protector 104 among Fig. 1, and can realize with the form of hardware, software, a firmware or one combination.
At first, receive a secret (step 362) that will be closed from a caller.If use public key encryption or one or more other condition to be satisfied, then encrypt described secret, thereby make described secret be retrieved (step 364) by a specific target program.The ciphertext that comprises described encrypted confidential is returned to described caller (step 366).Additional information also can be returned to described caller (as the part of described ciphertext or a part of separating with described ciphertext), for example the summary of described caller summary and/or described target program.
Described quoting is connected to be used to connect the public-key cryptography indentification protocol with the public-key cryptography open operation.Most of public-key cryptography indentification protocols can be called any one in public-key cryptography deciphering, public key encryption, signature and the signature verification and directly revised by replacement, and public-key cryptography deciphering, public key encryption, signature and signature verification wherein is respectively by opening public-key cryptography, the public-key cryptography sealing, quoting and calling of verifying realized.
In some cases, obtaining a random number is very important (for example, as the basis that generates key).Random number can obtain by multiple different mode.In one embodiment, the source of random number is a cipher random number generator of realizing with the computing equipment example, in hardware.
A selection as above-mentioned " locked in " operation is with described " locked in " operation and the general " locked in " operation that the random number generating run combines.The summary of the described target program of described general " locked in " operation reception conduct input [t1 ..., t
m], this target program can be retrieved described secret (thereby and/or must be satisfied so that other condition that described secret can be retrieved).Described general " locked in " operation generates a random number and also seals newly-generated random number so that it can only by have the target summary [t1 ..., t
m] in the caller (and/or other condition that is satisfied) of a summary retrieve.
Explanation is used for the pseudo-code of described general operation in Table I X.In the bit code of Table I X, ID () relates to above-mentioned ID () function, and c relates to the output of described general operation, and s relates to described newly-generated random number, [t1 ..., t
m] relate to the one or more target programs (it is to call one of random procedure of described general operation) that are allowed to searching value s, one or more other conditions in other words, function G enRandom () relates to a function that generates a random number.
Table I X
| D=ID() S=GenRandom() C=store(s,[t1,......,t m],d) Return?c |
Figure 11 is that explanation is for a flow chart of an exemplary process 380 that realizes described general " locked in " operation.Processing 380 is performed by the protector 104 among Fig. 1, and can realize with the form of hardware, software, a firmware or one combination.
At first, maybe will be satisfied so that the caller of one or more conditions that described secret can be retrieved receives input (step 382) from the target program that can retrieve a secret for identification.Then generate described secret (step 384), described secret is encrypted perhaps to be only had when one or more conditions are satisfied so that the target program that described secret can only be identified is retrieved (step 386), and described secret can be retrieved.Then, comprising that the ciphertext of described encrypted confidential is returned to described caller (as the part of described ciphertext or from the isolated part of described ciphertext), for example is a summary of described caller and/or the summary of described target program.
The service that is provided by a deciphering protector can be used to general sealing service.For example, consult Fig. 1 and Fig. 2, in the initialization, layer n-1 discloses a single key to a layer n (for example, after the resetting and starts of described computing equipment, or before a program begins execution) based on the consistency of layer n.Layer n stores this key and uses it to encrypt additional secret.Be imported into next moment of identical configuration at described platform, described deciphering protector provides identical root key (for example, by opening or the public-key cryptography unlatching), and previous all encrypted secret energy tegillum n retrieve.
In certain embodiments, when one deck was initialised instantly, lower level disclosed one or more secrets (for example, after the resetting and start of described computing equipment, or before a program begins to carry out) to described lower one deck.After this gating disclosed, described lower level no longer was used (until the next one starts or resets).This uses a model and is called as the deciphering Protection Model.By using this deciphering Protection Model, the access of described lower level is reduced.
Isolation and space isolation service time, gating function described here can be conciliate the tight defense protection unit with the service protector and be used.Four kinds of service models realizing verification operation are as described below: (1) service protector---space isolation; (2) deciphering protector---space isolation; (3) deciphering protector---time isolation; (4) service protector---time isolation.In the service model described here, suppose that a more rudimentary protector has disclosed one or more keys to the described protector that is positioned at the layer place that be considered.The mode that obtains these keys depends on the isolation model of described protector and the layer under it.Different layer in same computing equipment can use any different service model.
(1) service protector---space isolation: during initialization, the consistency of requestor is measured and preserved to described protector.The system call interfaces that described protector represents described verification operation basic operation with processor service and one realizes a protection system (for example, a processor or other safe processor or common processor).
(2) deciphering protector---the space isolation: described protector obtains the service request of encrypted code form when initialization.This point can be stored in the memory, obtains from external memory in other words.Described protector is measured the consistency of initialize routine, and according to above-mentioned control function key is disclosed to program.Before the control of abandoning lower one deck, described protector is set up the pattern protection for self and its secret resource.
(3) deciphering protector---the time isolation: described protector obtains the service request (hyte) of password point form when initialization.This point can be stored in the memory, can obtain from external memory in other words.Described protector is measured the consistency of initialize routine, and according to above-mentioned gating function key is disclosed to program.Before the control of transmitting these programs, described protector deletion (otherwise it not can be accessed by) is used to realize the key of described gating function.
(4) in the time isolation model, described computing equipment keeps program state by safety reset to service protector---time isolation: at described service protector---safely.This model and model (1) (service protector---space isolation) are similar, yet before control was delivered to lower one deck, described service protector was deleted its secret (making its loss of function until restart next time).Lower one deck will normally be carried out, until it need to ask a service from described protector.In this, it is the Parameter storage of described request certain position in the memory, and this position can make memory contents avoid one to reset or carry out one and reset.When described equipment is restarted, described service protector obtains its secret, see that also (using its key) carries out described request, described key and any relevant information were lost efficacy, and the result that will calculate and control sends lower one deck (layer of initial request service) to.
In certain embodiments, if a computing equipment support space isolation, then described security kernel will disclose described basic (operation) sealing, unlatching, acquisition random number (being used for obtaining a random number) and public-key cryptography and open (or quoting).Described security kernel can be realized a deciphering protector or a service unit.On the other hand, if the isolation of described platform support time, then described security kernel will provide a deciphering protector, and realize described basic (operation) unlatching, general sealing and public-key cryptography unlatching (or quoting).
It should be noted that to set up based on sealing and unlatching or unlatching and general sealing basic operation and quote the function of opening with public-key cryptography.For example, manufacturer can be according at I
1The I that a realization is quoted or public-key cryptography is opened is made in the general sealing of middle realization and unlatching
2Program is also served as a main frame for high-level software (for example, operating system).Described manufacturer can generate and seal the needed key of described service layer and itself and described equipment or CPU be loaded together onto ship (or make its available online).
Below be an exemplary illustration to a series of hardware implementations, this enforcement can make platform support verification operation.With more high-rise in the described system, the I among lowermost layer Fig. 2
1) feature be: (a) secret keys resource, (b) the privilege code of these keys of Internet access, and (c) controlled initialization of described layer.
Verification operation provides the strong constraint between program and the secret keys.In higher level, the protector in the lower level guarantees this constraint.In lowermost layer, there is not can gating to access the potential software protecting device of described platform secret.Therefore, another kind of engine is used to support described I
1Key and described I
1The association of program.A kind of approach of finishing this constraint is to make I
1Software becomes not the platform microcode that changes with manufacturing or firmware and so that described I
1Software is accessed described I without restrictions
1Key.This platform microcode or firmware can be called as security kernel, and described I
1Key is called platform key.Described platform is designed to pass control to predetermined security kernel.The performance of described hardware also can be interpreted as disclosing to described predetermined security kernel the simple resource protector of described platform key.
Described platform key and security kernel firmware can be the parts of described processor, also can utilize one or more assemblies of described computing equipment to realize (for example, safe handling itself or common processor, it also can carry out cryptographic operation).Described platform key and security kernel firmware can be implemented in an independent assembly, also can be implemented in a plurality of assemblies of described computing equipment.
Utilize verification operation, program is activated in a controlled initial condition.In higher level, the program of moving in lower level can begin in correct entrance to carry out.At I
1The place carries out this function by hardware.Usually, in the situation that power supply rises or resets subsequently, current processor begins to carry out by certain order of determining.For example, in the situation the simplest, described processor starts peek and the actuating code from a predetermined memory unit.For I
1, program can be started by hardware in a controlled initial condition, and this hardware guarantees that described security kernel is the code (as a part of determining sequence) of carrying out when starting.
In addition, there is not other platform status can destroy the execution of described security kernel.Reset and rise to the cleared condition that described processor provides the good debugging of a firm process with power supply.As use in this example, the change that is used to start or calls the described platform status of described security kernel is called as a safety reset.
In addition, equipment manufacturers will arrange generation and the installation of platform key, and this key is used to realize I
1Sealing and unlatching.If described equipment is identified as the part of a PKI (public key infrastructure), described manufacturer also will guarantee to be used for a public-key cryptography of described platform.This can be directly by I
1An employed platform key, or the key that higher level is used.
The generation of key and authentication are described CPU manufacturers or such as the responsibility of some other department of the OEM that described CPU is assembled into an equipment, in addition, described responsibility should have a plurality of parties to share
In case carry out described security kernel, then can avoid itself in the execution of higher level place code with above-mentioned isolation engine.Isolation in the space generally includes the privileged mode support, and the isolation in the time generally includes the secret that is hidden in the high level.
On up-to-date processor, not needing the complementary platform support to come the support space isolation---existing privileged mode or level of privilege are enough (as long as allowing the hardware resource of the described platform key of access can be protected to higher level).
Be the isolation of support time, the auxiliary described security kernel hidden described platform key before passing control to higher level that allows of hardware.The approach that platform key safety is provided in described time isolation model is to use the state protection circuit that is called as reset latch.Reset latch is one and has that unlatching resets subsequently or the hardware circuit of power supply rising characteristic, but any software at any time can both be closed described latch.In case be closed, described latch just keeps closed condition until the next one resets or power supply rises.The platform of realizing a time isolation safe core will be controlled a platform key access under the reset latch state, and described security kernel will be closed described latch before passing control to higher level.As mentioned above, described security kernel also will be taked extra action, for example removed memory and register before transmitting control, but these action be identical with the use in more senior.
If the isolation of described platform usage space, then described security kernel uses privileged mode with the infringement of the program (for example operating system) avoiding himself and its platform key to be subject to it being received.And described security kernel is that calling of described verification operation set up a system call interfaces.
If the isolation of described platform usage space, then described platform also will comprise one can intact preservation safety reset in order to parameter is sent to the memory of service routine.For calling a service, operating system is prepared an order and parameter block in the known memory cell of described security kernel, and carries out a safety reset.If described operating system wishes to continue to carry out follow-up service call (simply restarting relative with), then this operating system and the described security kernel measurement that will add is to guarantee that it is by reliable and carry out safely.
Verification operation described here can be used to the fail safe of multiple setting, and the service data of for example protecting personal data to avoid virus, protection secret is avoided network attack, network management, copy protection, reliable Distributed Calculation etc.Described verification operation allows different programs, and these programs can be carried out and do not need a special relation of trust at same computer, with protect them with the irrelevant encrypt asset of other software.
Some following discussions relate to a SSP (security services processor).In one embodiment, a SSP is a processor (being used for a computing equipment), and this processor provides the secret on basis to serve to a computing equipment (for example, described SSP support gating function (for example, the layer I among Fig. 2 described here
1)).Described SSP can use key, have that one or more described SSP just have (or be considered to just have) key.Described SSP can be the part of the CPU of described equipment, or one or more other processor.For example, described SSP can be separating chips or the integrated circuit (IC) in the computing equipment.
In different embodiment,, a SSP is a software program that quilt is suitably isolated, this program equally discloses identical function caller to it with the embodiment of front.The embodiment of described SSP can (directly or indirectly) access encryption key.For this access is provided, there are many enforcement options to exist.For example, described SSP can be invoked at service or the deciphering protector in the lower level.Perhaps described SSP can exclusive access comprises certain part of the permanent memory (for example, hard disk, flash memory, ROM etc.) of the key of asking.
In a word, in a higher level, a SSP is defined by the function that is exposed to main body.The protector (as mentioned above) that SSP is an addressable key.Described SSP provides cryptographic services to its caller with these keys.Following part will be described the exemplary functions that SSP embodies
Example operation
It below is the discussion to the embodiment of enclosed storage operation and remote validation operation.This part illustrates the embodiment of above-mentioned sealing, unlatching, application and public-key cryptography open operation.
Following being defined in this part used:
| Name | Type | Explanation |
| Summary | Byte [20] | 160 place values.The normally output of a SHA-1 hash function operation. |
| Secret | Byte [32] | 256 place values.Normally one is closed or is disclosed the secret that key seals. |
| Ordinal number | Integer | The ownership of the described operation of ordinal number component recognition of each input and output structure and determine its whether one input or output structure |
| K M | 256 keys | The key that is used for the HMAC operation |
| K S | 256 keys | The AES key that is used for sealing and opens |
| K U | 2048 * 3 | Be used for RSA key that public-key cryptography opens pair |
| K Q | 2048 * 3 | Be used for the RSA key |
| R | ||
| 128 | Random number |
In addition, this part relates to that access strategy relates to and the part of back relates to the constraint cipher key operation.Described access strategy describes when described specific operation is functional (that is, when they will work).The user of a computing equipment optionally cuts off certain function.For example, described computing equipment (for example, SSP who realizes described " locked in " operation) comprises a register that is called as FeatureEnable.A position in the described register is called as MainEnable.If it is false that described user arranges MainEnable, then in these parts, there is not function can work again.The access strategy that each function comprises has been described and at which type of FeatureEnable lower described function has been set and just works.
Sealing
Definition
SSP_STATUS?Seal(
[in]SECRET?S,
[in]DIGEST?Targe[2],
[in]UNIT32?MaxLen,
[out]UNIT32*ActualLen,
[out]BYTE*SealedBlob
)
Parameter
Seal-Input::= SEQUENCE{
Ordinal INTEGER,
Secret Secret,
Target DigestPair}
Seal-Output::= SEQUENCE{
Ordinal INTEGER,
Status INTEGER,
Sealed-bolb OCTET?STRING}
Return value
SSP_SUCCESS
Note
If followingly be evaluated as very, then described " locked in " operation forms the pass point (one group of position) that can only be deciphered by corresponding open operation:
● encode correct?
● is MAC correct?
● does the current SK/SL of target by name (security kernel or the city order of packing into safely) move during described " locked in " operation?
Unlatching has increased internal random so that the output of the " locked in " operation in the same input causes different results.This guarantees that unlatching can not be used as a hardware device identifier and use.Open the identifier that also comprises a program, when carrying out described sealing when providing complete information to described opening device, the described " locked in " operation of this routine call (for example, be kept at the summary of the caller in the PCR register of described SSP, be also referred to as the PCR value here).
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsesymmKey==All|
FeatureEnable.UseSymmKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Described " locked in " operation is realized following function:
1. generate 128 random number R
2. make D () become described PCR[0] currency, D1=PCR[1]
3. M=HMAC[K makes a summary
M] (R||S||target||D0||D1)
4.C=AES[K
S](R||S||Target||D0||D1||M)
5. return SSP_SUCCESS with SealedBlob to C
Open
Definition
SSP_STATUS?Unseal(
[in]BYTE*SealedBlob,
[in]UINT32?SealedBlobLen
[out]SECRET?S,
[out]DIGEST?Source
)
Parameter
Unseal-Input::= SEQUENCE{
Ordinal INTEGER,
Sealed-blob?OCTET?STRI?NG}
Unseal-Output::=?SEQUENCE{
Ordinal INTEGER,
Status INTEGER,
Secret Secret,
Source Digest}
Return value
SSP_SUCCESS
SSP_UNSEAL_ERROR
Note
Described open operation is inner deciphers one by the point of described " locked in " operation generation and checks following condition
● encode correct?
● during described " locked in " operation, be the currency of the described PCR of target by name?
If all check all successes, then the PCR of described secret and described locking device is returned; Otherwise return a UNSEAL_ERROR.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsesymmKey==All|
FeatureEnable.UseSymmKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Described open operation is carried out following function:
1.M=AES-1[K
S](SealedBlob)
2. M is interpreted as (BIT[128] R||SECRET S1||DIGEST
Target()||DIGEST?Target1||DIGEST?Sealer()||DIGEST?Sealer1||
DIGEST?N).
3.DIGEST?D=HMAC[K
M](R||S1||Target()||Target1||
Sealer()||Sealer1).
4.If?(Target()!=PCR[0]||Target1!=PCR[1])return
SSP_UNSEAL_ERROR?with?S,Source?set?to?zero.
5.If?D!=N?return?SSP_UNSEAL_ERROR?with?S,Source?set?tozero.
6.Else?return?SSP_SUCCESS?with?S?set?to?S1?and?Souce?set?to
{Sealer(),Sealer1}.
Quote
Definition
SSP_STATUS?Quote(
[in]BITSTRING?d-ext,
[out]PKSingnature?SigBlob
)
Parameter
Quote-Input::={
Ordinal INTEGER,
d-ext DIGEST}
Quote-output::={
Ordinal INTEGER,
Status INTEGER,
Sig-blob PKSignature}
Return value
SSP_SUCCESS
SSP_CRYPTO_ERROR
Note
Described referencing operation indicate described SSP to the D-EXT that provided by the outside be connected the connection of PCR value and sign.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Described referencing operation is carried out following function:
1. described SSP consists of the information M that the splicing by the content of identifier, D-EXT and the described PCR register of type of message QuoteMessage forms, in DER (special coding rule) coding situation:
SEQUENCE{
Message-type?PKMessage?Type,
d-ext Digest
pcr DigestPair
}
2. described SSP uses K
Q, PRIV and according to as the default value of the RSASSA-PSS-SIGND that in PKCS#V02.1, stipulates generate the message of signature through M.If described function returns an error message, then return with the SSP_CRYPTO_ERROR that is set as zero SigBlob.
3. described SSP returns SSP_SUCCESS and described signature value, and this signature value is just to calculate rSASSA-PSS-Default-Identifier with the signature that is arranged in SigBlob to calculate together.
Public-key cryptography is opened
Definition
SSP_STATUS?PK_Unseal(
[in]PKCiphertext?SealedBlob,
[out]SECRET?Secret,
)
Parameter
PKUnseal-Input::={
Ordinal INTEGER,
Pk-sealed-blob PKCiphertext}
PKUnseal-output::={
Ordinal INTEGER,
Status INTEGER,
Secret Secret}
Return value
SSP_SUCCESS
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
Note
Described public-key cryptography open operation adopts pass point 416 bit lengths, special format.This point is decrypted, and if described deciphering and successfully decoded, then described 416 information are interpreted as the splicing of a secret value and described PCR value, and this splicing is allowed to receive described decrypted value.
If current PC R value equates with the value of defined in described secret point, then discloses described secret; Otherwise return an error message.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Described referencing operation is realized following function:
1. described SSP detects whether the described algorithm identifier among the pk-seales-blob is ssp V1BoundKey.
2. described SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that stipulates in PKCS.
3. if the output of described decode operation is " decoding error ", then return with by the SSP_BAD_DATA_ERROR of the secret of zero setting.
Otherwise, the information M that recovers will have the following form according to DER coding:
SEQUENCE{
Message-type?PKMessage?Type,
● described constraint key does not disclose to the device except authorized protector.Therefore, the infringement of a main body (for example, because a program error) will can not cause the infringement of any constraint key.In one embodiment, described service protector (SSP) is realized with the form of hardware.If so, the constraint key can be owing to software malice or that do not strive for is compromised.
Described constraint key function provides the protection to encryption key.The constraint key can be generated by remote portion, or they can be arranged by local by the GenBoundKey order.
Can be sent one " quoting " by the local constraint key that generates proves, this proof can be used to the proof that the proof of machine state between the proof of described public-key cryptography type, the proof that generates Key Tpe, generation is provided and retrains the condition (optional) (for example, summary) of described key to remote portion
The constraint key comprises one or more following key elements:
● the purposes of described key (for example, public-key cryptography unlatching, the deciphering of constraint public-key cryptography, constraint MAC, constraint encryption or constraint deciphering are quoted, retrained in constraint signature, constraint).This key element is optional.If be included, this key element is defined as described constraint key can only be used together with the type function that is identified.
● a condition element (as mentioned above), it is defined in described constraint key just can be used under which kind of condition (being also referred to as constraint key service condition).For example, can be with the described condition of the formal representation of one or more program digest.In this case, the program that described constraint key must designated summary or its represent use.Another example of condition comprises aforesaid time-constrain, logical formula and executable program.This key element is optional.If this key element is left in the basket, just certain implied terms is enabled.For example, described implied terms can not limit the access (empty condition) to described constraint key.
● allow to calculate encryption key (described constraint key) or some data of described key.
● (aforesaid) one or more conditions under this condition, can change the service condition of described constraint key.This change is also referred to as the constraint key migration, and this condition is a transition condition.This key element is optional.If this key element is left in the basket, just certain implied terms is enabled.For example, described implied terms can " be false " always, to such an extent as to described summary (if existence) can not be modified
● one or more conditions, under this condition, can directly access one group of clothes of described constraint key
secret Secret
target Digest}
And secret is comprised of 256 (=32 eight bit bytes), and target is comprised of 160 (=20 eight bit bytes).Described type of message is sspV1PKSealedMessage.If any one of these conditions is not satisfied, then return with by the SP_BAD_DATA_ERROR of the secret of zero setting.
1. if target unequal to PCR returns with by the SP_BAD_DATA_ERROR of the secret of zero setting.
2. if target==PCR returns with by the SP_SUCCESS of the secret of zero setting.
The constraint cipher key operation
In addition, one group retrains key function or the local setting of operation permission and evaluation encryption key (for example, utilizing SSP), and also allows key to communicate (for example, propagating into described SSP) from the remote portion of trusting.
The following expression of function of constraint key:
1. (for example, SSP) directly access one and retrain key at a service protector at certain system layer place.Each constraint key has a correlated condition, and this condition determines which (a bit) protector can access described constraint key.This condition is impliedly explained.That is, described constraint key is encrypted, so that only one or more groups protector utilizes described key to go to decipher it.
2. the service protector that described constraint key is conducted interviews will ask to use the function of described constraint key (for example, signature, MAC, encryption, deciphering) to disclose to the main body in higher level.Each constraint key can have a relevant service condition, and in this case, described protector will only be served the request of satisfying correlated condition.
3. the constraint key is comprised in the data structure of encrypted protection (also relating to the constraint key point here).The self-protecting of constraint key point also can be stored in the outside trusted context.
The constraint key has following advantages:
● each main body can be allowed to have the constraint key of oneself.And each main body can be allowed to have any a plurality of constraint key.For more superior prevention policies, this allows to arrange in some applications and improve secret.Therefore, protector need not be confined to have only one or several key that is used to serve from the request of whole main bodys.
The affair protector can be modified.This change is also referred to as constraint key output, and this condition is output condition one by one.This key element is optional.
The encipherment protection of constraint key
(sealing, unlatching, public-key cryptography are opened) enclosed storage described above and proof function, the constraint key has identical encryption requirement.Particularly, the local constraint key that generates can be protected by arbitrary encryption execution of above-mentioned storage and retrieval functions.In all cases, the confidentiality of described constraint key self and the integrality of whole data structure are protected, with the use of guaranteeing to control described constraint key different condition not destroyed.As mentioned above, this can by symmetric cryptography or with the difference of the public key encryption algorithm of MACs or digital signature in conjunction with realizing.In one embodiment, described constraint cipher key data structure is disclosed secret key encryption.
Function
In certain embodiments, the constraint key can be used to one or more lower array functions:
● BoundSign (constraint signature)
● BoundQuote (constraint is quoted)
● BoundPKDecrypt (deciphering of constraint public-key cryptography)
● BoundPKUnseal (the constraint public-key cryptography is opened)
● BoundMAC (constraint Message Authentication Code)
● BoundEncrypt (constraint is encrypted)
● BoundDecrypt (constraint deciphering)
● GenBoundKey (universal constraining key)
● BoundKeyMigrate (constraint key migration)
● BoundKeyExport (output of constraint key)
In each above-mentioned function, described constraint key point (one group of position in the described data structure) and be included in the operated described data of key in the described constraint key point and be provided for the constraint key function with the form of parameter.If the use unit of this key is included in the described constraint key point, then described SSP guarantees that described constraint key is used to correct purpose (for example, a set key of type " BoundQuoteKey " can only be used in the BoundQuote operation).
In some were carried out, described constraint key was an open/right private key of private key.In these were carried out, described constraint key point can comprise described private key, allowed to calculate in other words some data of described key.For example, a private key section can be included in the described constraint key point, and this cipher key sections combines with corresponding public-key cryptography, can be used to reconstruct described open/the right private key of private key.
Described BoundSign operation receives a data input that will be used described constraint key signature.Described SSP recovers described dedicated signatures key according to described constraint key point, then uses described recovery signature key and generates a digital signature information based on described data input.Then described SSP exports described digital signature information.If the destroyed or any described constraint key service condition of described constraint key point is unsatisfactory, then described SSP does not carry out described operation.In not by the situation of the private key that described SSP retrieved, use described recovery private key that digital signature is carried out in described data input.
Described BoundQuote operation receives as one that inputs signed data and a constraint key point.Described SSP from described constraint key point recover described private key and with described recovery signature key generate based on as above-mentioned referencing operation described to as described in a signature of the data input of operation and current PC R value (for example, identifier, such as a summary that calls the program that described BoundQuote operates).Then described SSP exports described digital signature information.If the destroyed or described constraint key of described constraint key service condition is not satisfied, then described SSP does not carry out described operation.In one embodiment, described BoundQuote class of operation is similar to described BoundSign operation, but its difference be, current PC R value is used in described BoundQuote operates.
Described BoundDecrypt operation receives a ciphertext and the constraint key point as input.Described SSP recovers described private key according to stating constraint key point, then uses described recovery private key to go to decipher described input ciphertext.Then described decrypting ciphertext is exported by described BoundPKDecrypt operation.If the destroyed or any described constraint key service condition of described constraint key is unsatisfactory, then described SSP does not carry out described operation.
Described BoundPKUnseal operation receives an input ciphertext and a constraint key point.Described SSP recovers described private key from described constraint key point, and as in the above-mentioned described public-key cryptography open operation, uses this private key to go to decipher described input ciphertext.Then, the described data decryption of described BoundPKUnseal operation output.If the destroyed or described constraint key of described constraint key point service condition is not satisfied, then described SSP does not carry out this operation.
Described BoundMAC operation receives a data input of using described its MAC of constraint cipher key calculation.Receive a constraint key point.If the destroyed or described constraint key of described constraint key point service condition is not satisfied, then described SSP does not carry out described operation.Otherwise described SSP recovers described constraint key according to described constraint key point, and generates a Message Authentication Code (MAC) by the data input with the constraint key that is resumed.Then, the MAC after described SSP output is calculated.Therefore, in the situation of the constraint key that is not disclosed by described SSP, can calculate a MAC who is used for the data input with recovering the constraint key.
Described BoundEncrypt operation receives a data input, and it can be encrypted with described constraint key, and also receives a constraint key point.If the destroyed or described constraint key of described constraint key point service condition is not satisfied, then described SSP does not carry out described operation.Otherwise described SSP recovers described constraint key according to described constraint key point, and encrypts described data input with described recovery constraint key.Ciphertext after described SSP output is calculated.Therefore, in the situation of disclosed constraint key, can not deciphered described data input by described SSP with recovering the constraint key.
Described BoundDecrypt operation receives a data input, and it can be decrypted with described constraint key, and receives a constraint key point.If the destroyed or described constraint key of described constraint key point service condition is not satisfied, then described SSP does not carry out described operation.Otherwise described SSP recovers described constraint key according to described constraint key point, then recovers the constraint key and deciphers described data input.Then the plaintext after described SSP output is calculated.Therefore, in the situation of disclosed constraint key, can not deciphered described data input by described SSP with recovering the constraint key.
Described GenBoundKey operation makes described SSP that a new constraint key is set.This new constraint key is a cryptographic key, and generates a new constraint key point that comprises newly-generated key.Clearly, described constraint key point needn't comprise whole key always.For example, if newly-generated key is open/private key pair, comprise in described constraint key point that then described private key is just enough.
Described new constraint key point must be one or more protectors---(for example normally carry out the SSP of described operation; be similar to above-mentioned storage function; the described new constraint key point of encipherment protection, on the contrary perhaps maintain secrecy described new constraint key point so that its can only be retrieved by described SSP).Described GenBoundKey operation also can have the parameter of determining described new constraint key point various aspects; and the form of describing data one Global Macros of these parameters (for example is attached to described newly-generated private key; generated data is as the part of described new constraint key point) on.As mentioned above, an example as this data comprises described transition condition and described constraint key service condition etc.Then described new constraint key point is exported by described GenBoundKey operation.
Usually, a constraint key can make the cryptographic key of any type, comprises that a symmetric key or one are open---private key pair.Accurately Key Tpe relies on the constraint cipher key operation of using this Key Tpe.For example, in BoundMAC, use one constraint key will as one to becoming key, otherwise a constraint key that uses in BoundSign will be as open/dedicated signatures key pair.Described Key Tpe can be defined as the parameter of GenBoundKey.
Described BoundKeyMigrate operation allows the service condition of a constraint key to be modified.Described SSP verifies whether one or more transition conditions are modified.In a plurality of conditions any one can be used together with described BoundKeyMigrate operation (for example, be similar to the above-mentioned any condition about described sealing and open operation, when this condition can be identified and/or which kind of data can be moved).If successfully do not carry out this checking, then described protector arranges a new constraint key point, and constraint key service condition wherein can be changed according to request.
The described SSP of described BoundKeyExport operation indication removes to change the one group of protector (SSP) that can directly access described constraint key.Described SSP verifies whether one or more conditions are satisfied.In a plurality of conditions any one can be used with described BoundKeyExport operation (for example, be similar to the above-mentioned any condition about described sealing and open operation, when this condition can be identified and/or which kind of data can be moved).If successfully do not make this checking, described operation failure.If successfully carried out this checking, then described SSP is according to the encipherment protection of request change to described constraint key point.In one embodiment, described SSP encrypts described constraint key with one or more new keys.
The maker of described constraint key (local or remotely) but a class example of rated condition is described constraint key can only be represented its program digest and have a main body of a special value and be used.In this case, after the retrieval of the inside of described constraint key point, described constraint cipher key operation checks the summary of request body, and if described summary and regulation in described constraint key point different, then inefficacy with do not carry out additional calculations.
So that the cryptographic operation that continues, described constraint key point usually is connected or is bound on the specific SSP by means of unique key of the described specific SSP of request.For example, this operation can be MAC, digital signature, encryption, combined ciphering and integrity verification function.
Constraint cipher key operation example
In one embodiment, prove to authorize a migration by local migration's proof or an output of being issued by authorized organization.This local migration proves an acquiescence based on the RSASSA-PSS-SIGN of following data structure:
Bound-migration-info::=SEQUENCE{
Source-bound-blob-digest?Digest,
Dest-PCR DigestPair
}
Operate to ask local SSP migration with described BoundKeyMigrate.In order to authorize local migration, described SSP is provided a Bound-migration-info structure, and this structure relates to this constraint key and to a proof that suitably forms of the structure that provided by described authorized organization.If described migration proves acceptable, described SSP utilizes unchanged all other attributes of residue again to retrain the key relevant with new PCR (for example, being a PCR value if do not limit at first described close medicine, just no longer like this when again limiting).Described source-bound-blob-digest is the summary by the external encryption form of described constraint key.
Realize described remotely migrating through for example having by the described BoundeyExport function of the Bound-export-info structure of described authorized organization signature:
Bound-export-info::=SEQUENCE{
Source-bound-blob-digest Digest
Dest-pubkey RSAPublicKey
Dest-PCR DigestPair
}
When a key was labeled to such an extent that can export, described authorized organization was under the control of described equipment that its key retrained again or software fully.
Described constraint cipher key operation is used a PKCiphertext, and it is to use an encrypted type B ound-Key-blob sequence of following platform public encipherment key:
Bound-key-blob::= SEQUENCE{
Message-type PKMessageType,
Key-type Bound-key-type,
Bound-to-PCR BOOL,
Bound-to DigestPair,
Migrateable Bool,
Migrate-auth Digest,
Exportable Bool,
Export-auth Digest,
Pub-key-digest Digest,
Bound-key PKCmpressedPrivateKey}
Wherein:
Bound-key-type::= INTEGER{
BoundSignKey,
BoundQuoteKey
BoundDecryptKey,
BoundPKUnsealKey}
Described bound-to-PCR composition is a mark, and this mark points out whether described bound-to abstract fields is complementary in order to use described constraint key with current PC R value.{ migrateable, migrate-auth} point out whether transportable described key is, if so, then are subjected to the control (if not transportable, just then described migrate-auth value is inessential) of certain authority.{ exportable, export-auth} point out whether exportable described value is, if so, then are subjected to the control (if not exportable, just then described export-auth value is inessential) of certain authority.Pub-key-digest is the summary of corresponding public-key cryptography, recovers the required strong combination of described private key to provide one between described PKCompressedPrivateKey and described public-key cryptography.
In an example, if come a constraint of local establishment key by described GenBoundKey function, then described SSP creates a signature for auspicious data structure and the described system configuration of stating the open characteristic of described key that has just produced between constraint key period of output.
Bound-key-pub-info::= SEQUENCE{
Message-type PKMessageType,
//sspV1BoundKeyGenMessage
sig-nonce Digest,
key-type Bound-key-type,
bound-to-PCR BOOL,
bound-to DigestPair,
migrateable Bool,
migrate-auth Digest,
exportable Bool,
export-auth Digest,
creator-PCR DigestPair
bound-pub-key Digest}
In this data structure, key-type, bound-to-PCR, bound-to, migrateable, migrate-auth, exportable and export-auth are the features of the constraint key of newly-generated key.Creator-PCR is at the effective PCR of output during described key, and bound-pub-key is the summary of newly-generated public-key cryptography.Signonce is the described digest-sized value of transmitting when the request public-key cryptography generates.
Described BoundSign, BoundQuote, BoundPKDecrypt, BoundPKUnseal, GenBoundKey, the typical definition of BoundKeyMigrate and BoundKeyExport operation is as follows:
BoundSign
Definition
SSP_STATUS?BoundSign(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?PubPartOfBoundKey,
[in]BITSTRlNG?DataToBeSigned
[out]PKSignature?sig-blob
)
Parameter
BoundSign-Input::={
Ordinal INTERGER,
Bound-key Bound?Key?Blob,
Bound-pub-key RSAPublicKey,
Data-to-be-signed OCTET?STRING}
BoundSign-output::={
Ordinal INTEGER,
Status INTEGER,
Sig-blob PKSignature}
Return value
SSP_SUCCESS
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
SSP_UNSEAL_ERROR
Note
The plaintext of type sspV1 BoundKey is taked in described BoundSign operation, and this expressly comprises a BoundKeyBlob and the corresponding public-key cryptography of type B oundSignKey.If any one in these conditions is not satisfied, or the not successfully decoding of described sequence, then described operation failure returns SSP_CRYPTO_ERROR.
If Bound-to-PCR is set, then described SSP checks that current PC R value is whether identical with regulation in described Bound-key-blob sequence.If not, then described SSP returns SSP_CRYPTO_ERROR.
At last, described SSP utilizes described deciphering private key that described input message is signed.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Following function is carried out in described BoundSign operation:
1. described SSP detects whether the described algorithm identifier among the pk-seales-blob is ssp V1BoundKey.
2. state SSP according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that in PKCS# 1 V2.1, stipulates, obtain a clear-text message M.
3. if the output of described decode operation is " decoding error ", then return with by the SSP_CRYPTO_ERROR of the secret of zero setting.
Otherwise, the information M of recovery will be DER coding with the Bound-key-blob form of type B oundSignKey.If not, then described SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then described bound-to will compare with current PC R value.If described value is not identical, then described SSP will export SSP_CRYPTO_ERROR.
6. then described SSP recovers described constraint private key with the relevant public-key cryptography that is provided.If failure, then described SSP returns SSP_CRYPTO_ERROR.If success, then described SSP carries out, generates a signing messages based on described input message DataToSigned with described recovery private key bound-key according to the acquiescence of the RSASSA-PSS-SIGN of defined among the PKCS# 1 V2.1.
7. return SSP-SUCCESS
BoundQuote
Definition
SSP_STATUS?BoundQuote(
[in]PKCiphertext?BoundKeyBlob,
[in]DIGEST?DataToBeSigned
[out]PKSignature?sig-blob
)
Parameter
BoundQuote-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Data-to-be-quoted Digest}
BoundQuote-output::={
Ordinal INTEGER,
Status INTEGER,
Sig-blob PKSignature}
Return value
SSP_SUCCESS
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
SSP_UNSEAL_ERROR
Note
The open plaintext of type sspV1 BoundKey is taked in described BoundQuote operation, and this expressly comprises the BoundKeyBlob of type B oundQuoteKey.If any one in these conditions is not satisfied, or the not successfully decoding of described sequence, SSP_CRYPTO_ERROR then produced, operation failure.
If Bound-to-PCR is set, then described SSP check current PC R value whether with in described Bound-key-blob sequence, stipulate identical.If not, then described SSP returns SSP_CRYPTO_ERROR.
At last, described SSP quotes the input message with described deciphering private key.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described BoundQuote operation:
1. described SSP detects whether the described algorithm identifier among the pk-seales-blob is ssp V1BoundKey.
2. described SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that stipulates in PKCS# 1 V2.1.
3. if the output of described decode operation is " decoding error ", then return with by the SSP_CRYPTO_ERROR of the secret of zero setting.
Otherwise, the information M of recovery will be DER coding of Bound-key-blob form, with type B oundSignKey.If not, then described SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then described bound-to will compare with current PC R value.If described value is not identical, then described SSP will export SSP_CRYPTO_ERROR.
6. then, described SSP uses recovery private key section and public-key cryptography with the described private key of reconstruct.Described private key can be reconstructed as follows.Usually, RSA key is by several N=p
*Q (N is the product of two prime number p and q) and two exponent e (encryption exponent) and d (decryption exponent) form.N and e form described public-key cryptography; D is described private key.Usually, the length of d and N identical (for example, 2048).If the factorization of N is known (that is, if p and q are known), then described private key d can be determined easily.Note, p and q only have half of N.So we store p rather than d as described private key.Then, owing to having provided public-key cryptography N, e and p, thus can calculated value q=N/p, then, value d provides p and q definitely.
Then according to the explanation in the described referencing operation defined above, described private key is used to produce signature information for described input message DataToBeSigned and described current PC R.If described function returns an error message, then return with by the SSP_CRYPTO_ERROR of the SigBlob of zero setting.
7. return SSP-SUCCESS
BoundPKDecrypt
Definition
SSP_STATUS?BoundPKDecrypt(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?BoundPubKey,
[in]PKCiphertext?DataToBeDcerypted
[out]Secret?decrypted?Data
)
Parameter
BoundSign-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Pk-sealed-blob PKCiphertext}
BoundPKDecrypt-output::={
Ordinal INTEGER,
Status INTEGER,
d-blob Secret}
Return value
SSP_SUCCESS
SSP_UNSEAL_ERROR
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
Note
The public-key cryptography plaintext of type sspV1 BoundKey is taked in described BoundSignPKDecrypt operation, and this expressly comprises the BoundKeyBlob of type B oundDecryptKey.If any one in these conditions is not satisfied, or the not successfully decoding of described sequence, then described operation failure returns SSP_CRYPTO_ERROR.
If Bound-to-PCR is set, then described SSP checks that current PC R value is whether identical with regulation in described Bound-key-blob sequence.If not, then described SSP returns SSP_CRYPTO_ERROR.
At last, described SSP is used to decipher described input message from the described deciphering private key of described bound-blob.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described BoundPkDecrypt operation:
1. described SSP detects whether the described algorithm identifier among the pk-seales-blob is ssp V1BoundKey.
2. described SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that stipulates in PKCS# 1 V2.1.
3. if the output of described decode operation is " decoding error ", then return with by the SSP_CRYPTO_ERROR of the secret of zero setting.
Otherwise, the information M of recovery will be DER coding with Bound-key-blob form of type B oundSignKey.If not, then described SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then described bound-to will compare with current PC R value.If described value is not identical, then described SSP will export SSP_CRYPTO_ERROR.
6. described SSP uses the public-key cryptography that provides to recover described private key.This private key can be resumed in the BoundQuote operation as described above.Then use the default value of the RSAES-OAEP-DECRYPT that in PKCS# 1 V2.1, stipulates to recover special-purpose bound-key, to decipher described pk-sealed-blob, obtain a clear-text message M.
7. d-blob is set is M to described SSP.
8. return SSP-SUCCESS
BoundPKUnseal
Definition
SSP_STATUS?BoundPKDecrypt(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?BoundPubKey,
[in]PKCiphertext?DataToBeUnsealed
[out]Secret?decrypted?Data
)
Parameter
BoundSign-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Pk-sealed-blob PKCiphertext}
BoundPKDecrypt-output::={
Ordinal INTEGER,
Status INTEGER,
d-blob Secret}
Return value
SSP_SUCCESS
SSP_UNSEAL_ERROR
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
Note
The public-key cryptography plaintext of type sspV1 BoundKey is taked in described BoundSignPKDecrypt operation, and this expressly comprises the BoundKeyBlob of type B oundDecryptKey.If any one in these conditions is not satisfied, or the not successfully decoding of described sequence, SSP_CRYPTO_ERROR then produced, described operation failure.
If Bound-to-PCR is set, then described SSP checks that current PC R value is whether identical with regulation in described Bound-key-blob sequence.If not, then described SSP returns SSP_CRYPTO_ERROR.
At last, described SSP uses PK_Unseal to open the input message that has from the described deciphering private key of described bound-blob.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described BoundPkUnseal operation:
1. described SSP checks whether the described algorithm identifier among the pk-seales-blob is ssp V1BoundKey.
2. described SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that stipulates in PKCS# 1 V2.1.
3. if the output of described decode operation is " decoding error ", then return with by the SSP_CRYPTO_ERROR of the secret of zero setting.
Otherwise, the information M of recovery will be DER coding with the Bound-key-blob form of type B oundSignKey.If not, then described SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then described bound-to will compare with current PC R value.If described value is not identical, then described SSP will export SSP_CRYPTO_ERROR.
6. described SSP uses described constraint key point to rebuild described private key.Described private key can be resumed in described BoundQuote operation as described above.Then use the step of in described PK_Unseal order, describing and use the special-purpose constraint of described recovery key to open described pk-sealed-blob.
7. if the PCR that names in described opening point and current PC R do not mate, then described SSP returns SSP_CRYPT0_ERROR.
Otherwise, it is M that described SSP arranges d-blob.
9. return SSP-SUCCESS.
GenBoundKey
Definition
SSP_STATUS?GenBoundKey(
[in]BoundKeyType?KeyType,
[in]BOOL?BoundToPcr,
[in]DIGEST?BoundTo[2],
[in]BOOL?migrateable,
[in]DIGEST?migrationAuthority,
[in]BOOL?exportable,
[in]DIGEST?exportAuthority,
[in]DIGEST?SigNonce,
[out]BoundKey?bound-key,
[out]PKPublickey?newPubKey,
[out]PKSignature?boundKeyQuoteBlob
)
Parameter
GenBoundKey-Input::={
Ordinal INTEGER,
Key-type Bound-key-type,
Bound-to-pcr BOOL,
Bound-to DigestPair,
Migrateable BOOL,
Migrate-auth Digest,
Exportable BOOL,
Export-auth Digest,
Sig-nonce Digest
}
GenBoundKey-output::={
Ordinal INTEGER,
Status INTEGER,
Bound-blob PKCiphertext,
Bound-pub RSAPublicKey,
Sig-blob PKSignature}
Return value
SSP_SUCCESS
SSP_BAD_DATA_ERROR
Note
Described GenBoundKey operation makes described SSP generate a new constraint key point that comprises newly-generated private key.Described constraint key point is utilized the public key encryption of described SSP oneself
What GenBoundKey exported also that the right public-key cryptography of described newly-generated key, one point out that described SSP generates described key quotes signature, its characteristic and described PCR value when generating described key.
The caller of GenBoundKey is also indicated the constraint Key Tpe that will be generated: whether it is used to is signed, quote, the unlatching of BoundPKUnseal, or the deciphering of BoundPKDecrypt.Described caller stipulates also whether described constraint key is restricted to a PCR, and if so, described PCR value is defined.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described GenBoundKey operation:
1. described SSP produces a new special-purpose RSA key pair of disclosing.Otherwise when described SSP was in the free time, described SSP can generate key pair alternatively, and one of storage is used for the little memory block of key directly retrieved in nonvolatile memory.
Described SSP inner generate other parameter of comprising newly-generated private key, described constraint Key Tpe and being provided by described caller a constraint key structure.
3. described SSP utilizes described platform public encipherment key to encrypt described constraint key point.
4. described SSP generates the signature points of a bound-key-pub-info, and this signature points is included in that key creates and the characteristic that creates first key when providing and the value of described PCR.
5. described SSP exports described encryption constraint key point, newly-generated public-key cryptography and the described key point of quoting.
6. return SSP_SUCCESS.
BoundKeyMigrate
Definition
SSP_STATUS?BoundKeyMigrate(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?PubPartOfBoundKey,
[in]BOUND_MIGRATION_INFO?MifrationInfo,
[in]RSA_SIG?SigOnMigrationInfo
)
Parameter
GenBoundKey-Input::={
Ordinal INTEGER,
Migration-info Bound-migration-info,
Migration-pubkey RSAPublicKey,
Migration-auth PKSignature
}
GenBoundKey-output::={
Ordinal INTEGER,
Status INTEGER,
Re-bound-blob PKCiphertext,
}
Return value
SSP_SUCCESS
SSP_BAD_DATA_ERROR
Note
The described SSP of described BoundKeyMigrate operational order reconnects to described key on the different PCR value with a controlled manner.Initial key generator, be Local or Remote key generator name migration authorized organization.Only being labeled as transportable constraint key can be moved, and only has that these keys could be moved when described SSP is provided with a suitable signature Boundmigration-info structure.The public-key cryptography that the device of suitably signing utilizes its summary to be included in the described constraint key point is signed.Remaining constraint key attribute is not modified.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described BoundKeyMigrate operation:
1. described SSP deciphers described constraint key structure and it is interpreted as the close main points of constraint in inside.If described the decoding unsuccessfully, then described SSP returns SSP_CRYPTO_ERROR.
2. described SSP confirms that Bound-export-info relates to same key, described signature is suitably formed and the summary of described signer's public-key cryptography is identical with the name in " transportable " territory of described constraint key point.
3. described SSP checks the transportable property of described key.If not transportable, then described SSP returns SSP_CRYPO_ERROR.
4. if described key is restricted to a PCR, then described SSP checks that whether current PC R is named in described key point.
5. described SSP utilizes the value of naming in the section of the target P CR territory of described Bound-migration-info to replace described PCR value.
6. the described constraint key point of described SSP re-encrypted, and export the structure of described re-encrypted.
7. return SSP_SUCCESS.
BoundKeyExport
Definition
SSP_STATUS?BoundKeyExport(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?PubPartOfBoundKey,
[in]BOUND_Export_INFO?ExportInfo,
[in]RSA_SIG?SigOnMigrationInfo
[out]PKCipherText?ReBoundBlob
)
Parameter
BoundKeyExport-Input::={
Ordinal INTEGER,
Bound-key PKCipherText,
Bound-pub-key RSAPublicKey,
Export-info Bound-export-info
Export-auth PKSignature
}
GenBoundKey-output::={
Ordinal INTEGER,
Status INTEGER,
Re-bound-blob PKCiphertext,
}
Return value
SSP_SUCCESS
SSP_BAD_DATA_ERROR
Note
The described SSP of described BoundKeyExport operation indication will retrain key with a controlled manner a private part with described resource apparatus on the consistent formatted output of constraint key to a long-range mechanism.Initial key generator, i.e. the described output of Local or Remote key generator name authorized organization.Only being marked as exportable constraint key can be output, and only has when described SSP is provided with the Bound-export-info structure of a correct signature, and these constraint keys just are output.The public-key cryptography that the device of suitably signing utilizes its summary to be included in the initial constraint key point is signed.BoundkeyExport allows the caller regulation of appropriate authorization will again be retrained public-key cryptography and the PCR value of the described target mechanism of described key.Here not having external entity is the specific (special) requirements of a SSP, but described new obligatory point is followed the agreement of constraint key, directly consumes the constraint key of output to allow long-range SSPs.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described BoundKeyExport operation:
1. state the inner described constraint key structure of deciphering of SSP and it is interpreted as the close main points of constraint.If described the decoding unsuccessfully, then described SSP returns SSP_CRYPTO_ERROR.
2. described SSP confirms that Bound-export-info relates to same key, described signature is correctly formed and the summary of described signer's public-key cryptography is the same with the appointment in " output " section of described constraint key point.
3. described SSP checks the exportable property of described key.If exportable moving not, then described SSP returns SSP_CRYPO_ERROR.
4. if described key is restricted to a PCR, then described SSP checks whether current PC R is named in described key point.
5. described SSP is inner generates one and comprises from the new constraint key dot structure of the parameter of initial constraint key structure and the new PCR value that provides in Bound-export-info.Other all parameters are consistent.
6. described SSP utilizes the public encipherment key that provides in Bound-export-info to encrypt described new constraint key point.
7. described new constraint key is output.
8. return SSP_SUCCESS.
General-purpose computer environment
Figure 12 illustrates a general-purpose computer environment 400, and it can be used to realize technology described here.Described computer environment 400 is one of example of computing environment, is not to attempt suggestion about the use of described cyber-net structure or any restriction of function.Computer environment 400 should not be interpreted as having any one assembly or any of its combination that relate to explanation in normatron environment 400 and be correlated with or requirement.
One or more comprise a memory bus or memory controller, peripheral bus, Accelerated Graphics Port, a processor or use arbitrary bus-structured local bus in the multiple types of bus structure of system bus 408 expressions.For example, this structure can comprise that an industrial standard architectures (ISA) bus, a little channel architecture (MCA) bus, one strengthen ISA (EISA) bus, VESA's (VESA) local bus and as a periphery component interconnection (PCI) bus of middle level bus.
The computer-readable media that described disk drive is relevant with it provides computer-readable instruction, data structure, program module and is used for the non-volatile memory of other data of computer 402.Although this example shows hard disk 416, moveable magnetic disc 420 and removable CD 424, but clearly, can be by the computer-readable media of other type of the stored data of a computer access, for example tape or other magnetic storage apparatus, flash memory cards, CD-ROM, digital universal disc (DVD) or other optical memory, random access storage device (RAM), read-only memory (ROM), electricallyerasable ROM (EEROM) (EEPROM) or analog also can be used to realize a typical computing system and environment.
The many program modules that comprise as an example operating system 426, one or more application program 428, other program module 430 and routine data 432 can be stored on hard disk 416, disk 420, CD 424, ROM412 and/or the RAM410.In this operating system 426, one or more application program 428, other program module 430 and the routine data 432 each (or its certain in conjunction with) can realize the resident assembly of all or part of support distributed file system.
The user by such as keyboard 434 and pointing device 436 (for example, " mouse ") to computer 402 input commands and information.Miscellaneous equipment 438 (not illustrating especially) can comprise microphone, joystick, game mat, satellite dish, serial port, scanner and/or analog.These and other input equipment is connected on the processing unit 404 by the input/output interface 440 that is connected to system bus 408, but also can be connected by other interface and bus structures, for example be parallel port, game port or USB (USB).
The display device of monitor 442 or other type also can be by for example being that the interface of a video adapter 444 is connected to system bus 408.Except monitor 442, the printer 446 that other output ancillary equipment can comprise the assembly such as the loud speaker (not shown) and can be connected to by input/output interface 440 computer 402.
One or more remote computers that computer 402 can use logic to be connected to such as remote computing device 448 run in the network environment.For example, remote computing device 448 can be personal computer, portable computer, server, router, network computer, equal equipment or other universal network node and analog.Remote computing device 448 is represented as a portable computer, and this computer can comprise here with regard to computer 402 described many or whole members and features.
Logic between computer 402 and the remote computer 448 connects as local area network (LAN) (LAN) 450 and wide area network (WAN) 452 and is described.This network environment is common in office, for example, and the computer network between the enterprise, Intranet and Internet.
When realizing in a local area network (LAN) networked environment, computer 402 is connected to a local area network (LAN) 450 by a network interface or adapter 454.When carrying out in a wide area network networked environment, computer 402 generally includes one and is used for setting up modulator-demodulator 456 or other device of communication at wide area network 452.Modulator-demodulator 456, it can be internal or external at computer 402, can be connected to system bus 408 by input/output interface 440 or other suitable engine.Clearly, it is an example that network connection is shown, and other device that establishes a communications link between computer 402 and 448 also can be used.
Such as utilizing in the network environment shown in the computing environment 400, described program module or wherein the part relevant with computer 402 can be stored in the remote storage device.For example, remote application 458 resides on the memory device of remote computer 448.Purpose for explanation, other executable program of application program and all as described operating system is represented as discrete area here, resides in the different memory modules of computing equipment 402 and by the data processor of described computer at different time and carries out although can identify this program and assembly.
Here, with the context such as the computer executable instructions of the program module that can be carried out by one or more computers or miscellaneous equipment various modules and technology be described.Usually, program module comprises the subprogram that can carry out special duty or realize special summary data type, program, target program, assembly, data structure etc.Usually, the function of described program module can be as in the desirable mutual combination of each embodiment or distribution.
An execution of these modules and technology can be stored by the form of computer-readable storage medium or transmit.Computer-readable storage medium can be any useable medium that can be accessed by a computer.Such as but be not limited to, computer-readable media can comprise " computer storage media may " and " communication medium ".
" computer storage media may " comprises volatibility and non-volatile, the detachable or non-removable media of realizing with any means or technology, is used for storage such as computer-readable instruction, data structure, program module or other data.Computer storage media may includes but not limited to RAM, ROM, EEPROM, fast storage or other memory technology, CD-ROM, digital universal disc (DVD) or other optical memory, cassette, tape, magnetic disc store or other magnetic storage apparatus, any other media that maybe can be used to store desired information and can be accessed by a computer.
" communication medium " generally includes computer-readable instruction, data structure, program module or such as other data that exist with the modulated data signal form of carrier wave or other transmission engine.Communication medium also comprises any information delivery media.Term " modulated data signal " refers to have one or more features that arrange and change in the mode that the information in described signal is encoded.Such as but be not limited to, communication medium comprises wired media and the wireless medium such as sound, radio frequency, infrared ray such as a cable network or direct wired connection.Above-mentioned any is in conjunction with also being included in the scope of computer-readable storage medium.
Although the language for architectural feature and/or method behavior has been used in above-mentioned explanation, should be appreciated that to the invention is not restricted to described feature or behavior by claims regulations.That is, described feature and behavior just realize an example of the present invention.
Claims (17)
1. date storage method based on public key encryption comprises:
Identification is with the data that are closed;
Call a public-key cryptography " locked in " operation, send described data to the public-key cryptography " locked in " operation as input and also identify in order to open described data the condition that is satisfied.
2. the method for claim 1, wherein also comprise the described public-key cryptography " locked in " operation of response and receive the ciphertext that comprises the encrypted form data, wherein, described data use public-key cryptography to be encrypted.
3. the method for claim 1, wherein described condition comprises the identifier of the multiple target program that is allowed to open described data.
4. method as claimed in claim 3 wherein, also comprises the identifier of described multiple target program as to another input of described public-key cryptography " locked in " operation and transmit.
5. method as claimed in claim 4, wherein, the identifier of each in the described multiple target program comprises a summary that a cryptographic Hash function is applied to described target program and generates.
6. method as claimed in claim 4, wherein, a program calling described public-key cryptography " locked in " operation is one of described multiple target program.
7. the method for claim 1, wherein one of condition comprises the time-constrain of the time that described data can be unlocked.
8. the method for claim 1, wherein one of condition comprises one with evaluated logical formula, and wherein, only has the described logical formula of working as to be evaluated as true time, and described data just can be unlocked.
9. the method for claim 1, wherein one of condition comprises one with the program that is performed, and wherein, only has described program implementation to return one when really indicating, and described data just can be unlocked.
One kind that realized by a program, based on the data retrieval method of public key encryption, comprising:
Call a public-key cryptography open operation so that a bit string is decrypted, with described bit string as one of described public-key cryptography open operation input is transmitted;
Only have when described program be that just response receives at least a portion of described deciphering bit string to calling of described public-key cryptography open operation, wherein, deciphers described data with public key encryption when being allowed to open one of the multiple target program of described bit string.
11. method as claimed in claim 10, wherein, when using a public-key cryptography operation to be enclosed in advance the data of encrypting in the described bit string, only have by a keyed Hash function is applied to summary that described program produces with by in the identical situation of one or more summaries of caller identification, described program just is allowed to open described bit string.
12. method as claimed in claim 10, wherein, the described input of described public-key cryptography open operation is a pointer of described bit string.
13. the data retrieval method based on public key encryption comprises:
Call a public-key cryptography open operation, in order to obtain data the bit string that is closed from responding calling of a public-key cryptography " locked in " operation;
Only have when data to be unlocked required satisfied condition when being satisfied, just respond described open operation and receive data from described sealing bit string.
14. method as claimed in claim 13, wherein, described condition comprises the identifier of the program that is allowed to open institute's data.
15. method as claimed in claim 13, wherein, one of described condition comprises a time-constrain of the time correlation that can be unlocked with described data.
16. method as claimed in claim 13, wherein, one of described condition comprises an evaluated logical formula, and wherein, only has when described logical formula to be evaluated as true time, and described data just can be unlocked.
17. method as claimed in claim 13, one of condition wherein comprise one with the program that is performed, and wherein, only have when described program implementation and return one when really indicating, described data just can be unlocked.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US37350502P | 2002-04-17 | 2002-04-17 | |
| US60/373,505 | 2002-04-17 |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB03131208XA Division CN100351815C (en) | 2002-04-17 | 2003-04-17 | Encrypted data memory & data search based on public key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101166095A CN101166095A (en) | 2008-04-23 |
| CN101166095B true CN101166095B (en) | 2013-01-16 |
Family
ID=29270506
Family Applications (6)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710152963 Expired - Fee Related CN101166096B (en) | 2002-04-17 | 2003-04-17 | Saving and retrieving data based on public key encryption |
| CN 200610059598 Expired - Fee Related CN100547598C (en) | 2002-04-17 | 2003-04-17 | Preserve and retrieve data based on symmetric key encryption |
| CNB03131208XA Expired - Lifetime CN100351815C (en) | 2002-04-17 | 2003-04-17 | Encrypted data memory & data search based on public key |
| CN 200610059571 Expired - Fee Related CN100543759C (en) | 2002-04-17 | 2003-04-17 | Data storage and data retrieval based on public key encryption |
| CNB031307744A Expired - Fee Related CN1322431C (en) | 2002-04-17 | 2003-04-17 | Encryption retention and data retrieve based on symmetric cipher key |
| CN 200710152961 Expired - Fee Related CN101166095B (en) | 2002-04-17 | 2003-04-17 | Saving and retrieving data based on public key encryption |
Family Applications Before (5)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710152963 Expired - Fee Related CN101166096B (en) | 2002-04-17 | 2003-04-17 | Saving and retrieving data based on public key encryption |
| CN 200610059598 Expired - Fee Related CN100547598C (en) | 2002-04-17 | 2003-04-17 | Preserve and retrieve data based on symmetric key encryption |
| CNB03131208XA Expired - Lifetime CN100351815C (en) | 2002-04-17 | 2003-04-17 | Encrypted data memory & data search based on public key |
| CN 200610059571 Expired - Fee Related CN100543759C (en) | 2002-04-17 | 2003-04-17 | Data storage and data retrieval based on public key encryption |
| CNB031307744A Expired - Fee Related CN1322431C (en) | 2002-04-17 | 2003-04-17 | Encryption retention and data retrieve based on symmetric cipher key |
Country Status (2)
| Country | Link |
|---|---|
| CN (6) | CN101166096B (en) |
| CA (3) | CA2425006C (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7890771B2 (en) | 2002-04-17 | 2011-02-15 | Microsoft Corporation | Saving and retrieving data based on public key encryption |
| US7673345B2 (en) * | 2005-03-31 | 2010-03-02 | Intel Corporation | Providing extended memory protection |
| US7747024B2 (en) * | 2007-02-09 | 2010-06-29 | Lenovo (Singapore) Pte. Ltd. | System and method for generalized authentication |
| CN101561815B (en) * | 2009-05-19 | 2010-10-13 | 华中科技大学 | Distributed cryptograph full-text retrieval system |
| US9904803B2 (en) * | 2015-03-25 | 2018-02-27 | Intel Corporation | Technologies for hardening data encryption with secure enclaves |
| WO2018057479A1 (en) * | 2016-09-21 | 2018-03-29 | Mastercard International Incorporated | Method and system for double anonymization of data |
| CN108111587B (en) * | 2017-12-15 | 2020-11-06 | 中山大学 | Cloud storage searching method based on time release |
| WO2020007339A1 (en) | 2018-07-04 | 2020-01-09 | Yunding Network Technology (Beijing) Co., Ltd. | Method and system for operating an electronic device |
| CN109829294B (en) * | 2019-01-31 | 2021-07-13 | 云丁网络技术(北京)有限公司 | Firmware verification method, system, server and electronic equipment |
| CN109284585B (en) * | 2018-08-17 | 2020-12-22 | 网宿科技股份有限公司 | Script encryption method, script decryption operation method and related device |
| CN110365490B (en) * | 2019-07-25 | 2022-06-21 | 中国工程物理研究院电子工程研究所 | Information system integration security policy method based on token encryption authentication |
| CN112434711B (en) * | 2020-11-27 | 2023-10-13 | 杭州海康威视数字技术股份有限公司 | Data management method and device and electronic equipment |
| CN112558019B (en) * | 2020-12-14 | 2023-08-15 | 北京遥感设备研究所 | Extraterrestrial celestial body landing measurement radar receiving and transmitting isolation system based on pseudo code modulation |
| CN112738219B (en) * | 2020-12-28 | 2022-06-10 | 中国第一汽车股份有限公司 | Program running method, program running device, vehicle and storage medium |
| CN112667586B (en) * | 2021-01-26 | 2023-04-25 | 浪潮通用软件有限公司 | Method, system, equipment and medium for synchronizing data based on stream processing |
| CN113609510B (en) * | 2021-09-28 | 2021-12-24 | 武汉泰乐奇信息科技有限公司 | Big data encryption transmission method and device based on distributed storage |
| CN115242490B (en) * | 2022-07-19 | 2023-09-26 | 北京计算机技术及应用研究所 | Group key secure distribution method and system in trusted environment |
| CN115277259B (en) * | 2022-09-27 | 2023-02-28 | 南湖实验室 | Method for supporting large-scale cross-platform migration of persistent data through privacy calculation |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5991406A (en) * | 1994-08-11 | 1999-11-23 | Network Associates, Inc. | System and method for data recovery |
| CN1251717A (en) * | 1997-02-07 | 2000-04-26 | 萨尔布研究及发展私人有限公司 | Secure packet radio network |
| CN1293847A (en) * | 1999-01-28 | 2001-05-02 | 皇家菲利浦电子有限公司 | Synchronisation of decryption keys in data packet transmission system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6229894B1 (en) * | 1997-07-14 | 2001-05-08 | Entrust Technologies, Ltd. | Method and apparatus for access to user-specific encryption information |
| US6032260A (en) * | 1997-11-13 | 2000-02-29 | Ncr Corporation | Method for issuing a new authenticated electronic ticket based on an expired authenticated ticket and distributed server architecture for using same |
| US6560706B1 (en) * | 1998-01-26 | 2003-05-06 | Intel Corporation | Interface for ensuring system boot image integrity and authenticity |
| US6263431B1 (en) * | 1998-12-31 | 2001-07-17 | Intle Corporation | Operating system bootstrap security mechanism |
-
2003
- 2003-04-09 CA CA2425006A patent/CA2425006C/en not_active Expired - Fee Related
- 2003-04-09 CA CA2778805A patent/CA2778805C/en not_active Expired - Fee Related
- 2003-04-09 CA CA2425010A patent/CA2425010C/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200710152963 patent/CN101166096B/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200610059598 patent/CN100547598C/en not_active Expired - Fee Related
- 2003-04-17 CN CNB03131208XA patent/CN100351815C/en not_active Expired - Lifetime
- 2003-04-17 CN CN 200610059571 patent/CN100543759C/en not_active Expired - Fee Related
- 2003-04-17 CN CNB031307744A patent/CN1322431C/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200710152961 patent/CN101166095B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5991406A (en) * | 1994-08-11 | 1999-11-23 | Network Associates, Inc. | System and method for data recovery |
| CN1251717A (en) * | 1997-02-07 | 2000-04-26 | 萨尔布研究及发展私人有限公司 | Secure packet radio network |
| CN1293847A (en) * | 1999-01-28 | 2001-05-02 | 皇家菲利浦电子有限公司 | Synchronisation of decryption keys in data packet transmission system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100543759C (en) | 2009-09-23 |
| CA2425006C (en) | 2012-06-05 |
| CN1822015A (en) | 2006-08-23 |
| CN1493996A (en) | 2004-05-05 |
| CN100547598C (en) | 2009-10-07 |
| CN1487422A (en) | 2004-04-07 |
| CN100351815C (en) | 2007-11-28 |
| CA2778805A1 (en) | 2003-10-17 |
| CA2425010C (en) | 2013-11-19 |
| CN1322431C (en) | 2007-06-20 |
| CN101166095A (en) | 2008-04-23 |
| CA2425010A1 (en) | 2003-10-17 |
| CA2778805C (en) | 2015-01-20 |
| CN101166096B (en) | 2012-01-11 |
| CA2425006A1 (en) | 2003-10-17 |
| CN101166096A (en) | 2008-04-23 |
| CN1822016A (en) | 2006-08-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR100996784B1 (en) | Saving and retrieving data based on public key encryption | |
| JP5060652B2 (en) | How to unlock the secret of the calling program | |
| CN101166095B (en) | Saving and retrieving data based on public key encryption | |
| JP2023548572A (en) | Storing sensitive data on the blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: MICROSOFT TECHNOLOGY LICENSING LLC Free format text: FORMER OWNER: MICROSOFT CORP. Effective date: 20150424 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20150424 Address after: Washington State Patentee after: Micro soft technique license Co., Ltd Address before: Washington State Patentee before: Microsoft Corp. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130116 Termination date: 20200417 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |