CN103501303B - Active remote attestation method for measurement of cloud platform virtual machine - Google Patents
Active remote attestation method for measurement of cloud platform virtual machine Download PDFInfo
- Publication number
- CN103501303B CN103501303B CN201310474995.0A CN201310474995A CN103501303B CN 103501303 B CN103501303 B CN 103501303B CN 201310474995 A CN201310474995 A CN 201310474995A CN 103501303 B CN103501303 B CN 103501303B
- Authority
- CN
- China
- Prior art keywords
- virtual machine
- metric
- measurement
- remote proving
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides an active remote attestation method for the measurement of a cloud platform virtual machine. The active remote attestation method comprises the active operation process of a remote attestation client-side and the server trusted authentication process of a cloud management side, wherein static measurement is carried out after the cloud platform virtual machine is started, periodic dynamic measurement is carried out after running, active remote attestation is carried out after measurement is finished, and measurement values and measurement reports are obtained by the cloud management side and then the measurement values are compared with reference values to authenticate whether the state of the virtual machine is changed or not. The traditional passive remote attestation method is changed by the method, the remote attestation client-side is actively triggered by a measurement module, the measurement results are sent to the cloud management server side in real time, and the measurement values do not need to be stored in a PCR of a TPM, so that a remote attestation problem about the dynamic varied measurement and the regular dynamic measurement of the virtual machine in the cloud platform is solved.
Description
Technical field
The invention belongs to field of information security technology, it is a kind of remote proving side for the detection of virtual machine trusted status
Method.
Background technology
Credible calculating platform provides the function that external entity is entered with line justification, referred to as remote proving.Credible calculating platform
There are three trusted roots, be credible tolerance root, trusted storage root and credible report root respectively, support credible tolerance, trusted storage
With three Core Features of credible report, the presence of these three Core Features is so that credible calculating platform can be to external entity report
Accuse platform identity and platform status, remote proving is substantially the extension of credible report concept.
Remote proving is that platform is done with comprehensive tolerance, proves that its operating conditions are believable to remote communication party.Far
Journey proves the process that a comprehensive completeness check and identity differentiate, provides a believable platform-like to verifier simultaneously
State is reported.TPM is the trusted root of report, ensure that and makees believable report to current integrity metric.
At present, remote proving is all realized by remote proving agreement.One platform(Challenger)To a platform
(Certifier)Send one and challenge the message proving and a random number it is desirable to obtain one or more PCR(Platform configuration is deposited
Device)Value is to verify to the platform status of certifier.Certifier utilizes AIK(Authentication certificate)Challenger is specified
After PCR value is signed, affix corresponding metrics logs list item and AIK certificate send jointly to challenger.Challenger verifies
Bright value is verified, proof procedure includes recalculating cryptographic Hash, AIK certificate being verified according to metrics logs, and will
Signature value and expected value carry out mating three steps.
Under cloud computing platform, the remote proving for virtual machine state has two compared with traditional remote proving and asks
Topic:1st, the number of virtual machine is uncertain.In cloud platform, server can run many according to different hardware configuration
Individual virtual machine, and quantity is uncertain.However, a server only has a TPM in general(Credible platform module)Core
Piece, and the PCR quantity of TPM is limited, is generally up to about only 24.Therefore, traditional remote certification method is by metric
In the PCR of write TPM, then carry out signature and trusted status checking cannot meet virtual platform dynamically telescopic demand.
2nd, the dynamic measurement of virtual machine needs the remote proving of active.In cloud platform, it is the credible of verifying virtual machines, needs to virtual
Machine carries out static and dynamic remote proving.Traditional remote proving agreement challenges remote proving by the server end of remote proving
Client, client receive remote proving request after, by the metric in PCR and tolerance report through TPM signature after send out
Give remote proving server end.This method cannot adapt to the remote proving of the dynamic measurement of virtual machine.Because, virtual machine
Dynamic measurement is typically clocked flip, and such as 5 minutes tolerance is once.Therefore, under cloud platform distributed environment, remote proving
Server end be difficult to sync client with send remote proving request carry out trust authentication.
For the remote proving of cloud platform, in document [1 ~ 3], safe enhancing is carried out to the remote proving agreement of TCG, literary composition
Offer [4,5] and propose a kind of cloud computing remote certification method based on attribute, document [6 ~ 9] have studied virtual machine institute in cloud platform
The Host running and virtual machine manager(VMM)Credible tolerance and remote proving mechanism, but the studies above is operated in agreement and sets
Due to not considering the dynamic measurement of virtual machine on meter, therefore remote proving still sends a request to client using server end
End, the then passive remote proving mode of the response of client.The present invention is directed to the trust authentication of virtual machine in cloud platform, proposes
A kind of active remote identification protocol for cloud platform virtual machine dynamic measurement.
Relevant document:[1] Liu Fagui, Zhang Xiaojie, Yang Yang, Wang Liangming. a kind of long-range based on cloud computing IaaS environment
Method of proof. South China Science & Engineering University, 2013. [2] Yang Yang. the research of the remote proving based on cloud computing IaaS environment with set
Meter. South China Science & Engineering University, 2012. [3] Marvin's are beautiful. the remote proving of credible cloud platform. Institutes Of Technology Of Taiyuan, 2011.
[4] Xin Siyuan;Zhao Yong;Lin Li;Wang Xiaohai. method of proof research that Iaas environment is credible [J]. computer engineering, 2012.
[5] Wu fruit;Xin Siyuan. towards calculating platform remote proving [J] microcomputer information of cloud computing, 2012. [6]
Santos N.Gummadi, K.P. Rodrigues R.Towards Trusted Cloud Computing. In:
Proceedings of the 2009 Conference on Hot Topics in Cloud Computing,
HotCloud2009. USENIX Association, Berkeley (2009). [7] Schiffman, J. Moyer,
T. Vijayakumar, H. Jaeger, T. McDaniel, P. SeedingClouds With Trust Anchors.
In: Proceedings of the, ACM Workshop on CloudComputing Security, CCSW 2010,
pp. 43–46. ACM, New York (2010). [8] Aslam M. Gehrmann C. RasmussonL.
Bjorkman M. Securely Launching Virtual Machines on Trustworthy Platforms in a
Public Cloud - An Enterprise’s Perspective. In: Leymann, F. Ivanov, I. van
Sinderen, M.,Shan, T. (eds.) CLOSER,pp. 511–521. SciTePress (2012). [9]
Paladi N.Gehrmann C.Aslam M.Morenius F.TrustedLaunch of Virtual Machine
Instancesin Public IaaS Environments.In:T.Kwon ,M.-K.Lee , and D. Kwon ( E d
s.): ICISC 2012, LNCS 7839, pp.309–323, 2013.
Content of the invention
For the problems referred to above, the present invention proposes a kind of active remote method of proof for cloud platform virtual machine metric.
The technical scheme is that a kind of active remote method of proof for cloud platform virtual machine metric, cloud management end
Server select after calculate node sets up virtual machine, in the host operating system of calculate node, to set up remote proving client,
Actively trigger remote proving client by the measurement results of virtual machine and carry out remote proving, gained metric will be measured in real time and send
To the server at cloud management end, metric need not be saved in the PCR of TPM;The process of realization includes remote proving client phase
Close operating process and the server trust authentication process at cloud management end,
Described remote proving client associative operation process realization is as follows,
After the virtual machine of cloud platform is measured by the virtual machine manager vacuum metrics module of calculate node every time, by sending out
Metric and metrics logs are sent actively to trigger remote proving client and carry out remote proving, after described tolerance includes virtual machine startup
Staticametric and virtual machine run after periodic dynamic measurement;Remote proving client receives metric and metrics logs
Afterwards, by the UUID of host name and virtual machine, read out and be sent to the server at cloud management end from metrics logs, to server
Request random number;Server receives the UUID of host name and virtual machine, generates a random number for this virtual machine, and is sent to remote
Journey proves client;After remote proving client receives random number, first, metric is iterated with Hash and obtains final Hash
Value, then with the signature private key in TPM, cryptographic Hash is signed, obtain signature value;Then, generate an integrity report, will
Random number, metric, the essential information of cryptographic Hash, signature value and virtual machine are inserted in integrity report;Finally, by integrity report
Accuse and metrics logs are sent to cloud management server;
The server trust authentication process realization at described cloud management end is as follows,
After server receives integrity report and metrics logs every time, each data item in integrity report is parsed
Come, first check for random number;Then recalculate Hash, verify cryptographic Hash;Further take out public signature key checking signature;Acquiescence first
Secondary metric is baseline value, and metric each afterwards is compared with baseline value, when metric is equal to baseline value, checking knot
Fruit is that virtual machine is credible, otherwise for insincere.
And, when the result for virtual machine insincere when, search the corresponding metrics logs of this virtual machine, again iteration breathe out
Uncommon, computing metric, find out error assembly.
Method provided by the present invention carries out integrity measurement when cloud platform virtual machine starts and runs to virtual machine, tolerance
After the completion of, carry out the remote proving of active, after cloud management end trust authentication module obtains value and the tolerance report of tolerance, by with
The contrast of baseline value, whether the state of verifying virtual machines is tampered.The method changes traditional passive type remote certification method,
Remote proving client is actively triggered by virtual machine dynamic measurement module and carries out remote proving, in real time measurement results are sent to cloud
Management server end, metric need not be saved in the PCR of TPM, thus solve virtual machine in above-mentioned cloud platform dynamically may be used
Change and the remote proving problem of timing dynamic measurement.Technical scheme has the advantage that:
(1)The metric of virtual machine does not exist inside PCR, because only having 24 PCR inside general TPM chip, and real
The virtual machine quantity that border uses is dynamically changeable, and the PCR of TPM therefore cannot be utilized to store metric, so the present invention is direct
Metric is sent to remote proving client after TPM signature.
(2)The metrics logs of virtual machine are not existed locally with document form, prevent log information from revealing, directly will measure day
Will is sent to remote proving client in the form of character stream.
(3)Because there being multiple client, therefore there are multiple host and multiple virtual machine, so we are identified not with host name
Same main frame, identifies different virtual machines with the UUID of virtual machine.Each integrity report and metrics logs can correspond to
Some virtual machine on a certain main frame.
(4)Metric faced by first outer in TPM makees Hash, then in TPM, cryptographic Hash is signed.
(5)Create a pair of signature key for each main frame, signature private key is used for signing in TPM, and public signature key takes
The public key at business device end is encrypted, by the KMC at public signature key ciphertext presence server end, KMC's phase
When in a trusted third party.When server needs checking signature, public signature key is taken out use from KMC.
Brief description
Fig. 1 is the scene graph of the embodiment of the present invention.
Fig. 2 is the flow chart of the embodiment of the present invention.
Fig. 3 is the reference implementation frame diagram of the present invention.
Specific embodiment
Describe technical solution of the present invention below in conjunction with drawings and Examples in detail.
When virtual machine starts, virtual machine makees staticametric to itself platform status, triggers remote proving, forms integrity report
Accuse and verify.The virtual machine remote of embodiment proves application scenario diagram as shown in figure 1, scene description is as follows:
(1)User uses virtual machine to cloud platform management end application, and cloud platform management end typically adopts server technology real
Existing, that is, cloud management server is provided.When being embodied as, cloud management server is typically provided with Virtual Machine Manager part, in key
The heart, trust data center and trust authentication part.
(2)After cloud platform management end receives user's request, select a calculate node as main frame, main frame is user
Start a virtual machine.When being embodied as, typically realized by the Virtual Machine Manager part of cloud management server.
(3)When virtual machine starts, the VMM of place calculate node(Virtual machine manager)In metric module to virtual machine
Start-up loading item carry out staticametric.After virtual machine starts, periodic dynamic measurement is carried out to the running status of virtual machine.
After static every time and dynamic measurement terminates, the remote proving client in triggering Domain 0 (host operating system) immediately.Degree
Amount result includes metric and metrics logs.Remote proving client is used for metric signature and sends metric to cloud management
End server.When being embodied as, remote proving client can be realized according to software engineering by those skilled in the art, in Domain
Corresponding program is set in 0.Calculate node starts after virtual machine for user, Domain 0 can set up remote proving client
End.
(4)Remote proving client proceeds by remote proving, is signed using TPM including by measurement results, is formed
Integrity report, and integrity report is sent to cloud management server.
(5)Cloud management server carries out trust authentication, including the public key obtaining this calculate node from cipher key center, to verify
The signature of measurement results, and contrasted with the baseline value of storage in the heart in trust data, thus judging that this virtual machine whether may be used
Letter.Finally, result is fed back to manager and user.When being embodied as, typically by the trust authentication part of cloud management server
Realize.
The present invention is improved to remote proving mode, the virtual machine remote of embodiment prove flow chart as shown in Fig. 2
Idiographic flow is as follows:
Remote proving whole process can be divided into two parts, and one is the operation in remote proving client, and two is that server can
Letter checking.
(1)Remote proving client
After virtual machine starts and measures, metric and metrics logs are sent to the remote proving client in Domain 0
End.Remote proving client receives metric and metrics logs, by the UUID of host name and virtual machine(General unique identifier)
Read out from daily record, server can be sent to by Web Service, to server request random number.Server receives master
Machine name and the UUID of virtual machine, generate a random number for this virtual machine, and are sent to remote proving client.The work of random number
With being to prevent Replay Attack.After remote proving client receives random number, Hash is carried out to metric(HASH)Obtain cryptographic Hash,
With the signature private key in TPM, cryptographic Hash is signed again, obtain signature value.The integrity report of an XML format can be generated,
The essential information of random number, metric, cryptographic Hash, signature value and virtual machine is inserted in integrity report.Finally, remote proving
Integrity report and metrics logs can be sent to cloud management server by Web Service by client.Virtual machine basic
Information generally comprises UUID, OS type of virtual machine(OS Type)Etc. essential information.
(2)Trust authentication
After server receives integrity report and metrics logs every time, by each data in the integrity report of XML format
Item parses.First check for random number;Then recalculate Hash, verify cryptographic Hash;Again public signature key is taken out checking to sign
Name, when being embodied as, public signature key keeping, in cloud management end cipher key center, can be taken out;Giving tacit consent to primary metric is
Baseline value, will be compared with baseline value each metric afterwards, and finally draw the result, the result is shown on interface.
When metric is equal to baseline value, the result is that virtual machine is credible, otherwise for insincere.The effect of metrics logs is once empty
Plan machine is insincere, searches the corresponding metrics logs of this virtual machine, finds out which assembly error.
When being embodied as, Module Division can be carried out to system, so that software is realized, such as virtual machine remote shown in Fig. 3
Prove implementation framework, remote proving system has 6 modules, and their function is as follows:
(1)Virtual machine metric module:It is responsible for carrying out static state and dynamic measurement to it after virtual machine starts, refer to existing
Technology
(2)Virtual machine initiation module:It is responsible for triggering remote proving
(3)Remote proving respond module:It is responsible for starting remote proving formation integrity report.Remote proving respond module is received
To after metric and metrics logs, just proceed by remote proving, generate integrity report, by integrity report and metrics logs
It is sent to cloud management server.
(4)Remote proving sending module:It is responsible for sending integrity report and metrics logs
(5)Cloud management server receiver module:It is responsible for receiving integrity report and the metrics logs of virtual machine
(6)Cloud management server authentication module:Whether responsible verifying virtual machines are credible.Cloud management server receives integrity
Report and metrics logs, verify to integrity report.If the result is credible, show trusted status, if insincere,
The metrics logs of this virtual machine then can be checked further, position which assembly out of joint.
Virtual machine metric module, virtual machine initiation module are arranged in the virtual machine manager of calculate node, remote proving
Respond module and remote proving sending module are arranged at remote proving client, cloud management server receiver module and cloud management clothes
Business device authentication module is arranged at the server at cloud management end.
When being embodied as, after in client, virtual machine starts, virtual machine manager vacuum metrics module is in Grub, virtual machine
The assemblies such as core, application program, key modules carry out staticametric, periodically carry out dynamic measurement to postrun virtual machine.
After measuring every time, Hash is iterated to the value of tolerance, obtains corresponding metric either statically or dynamically, and generate either statically or dynamically
The corresponding metrics logs of tolerance, have recorded the process of whole tolerance in daily record, including having measured which assembly, the degree of each assembly
Value and measuring period etc..After tolerance terminates, virtual machine initiation module, metric and metrics logs are sent to long-range card
Bright respond module, for triggering signature and the transmission of remote proving.The realization of concrete tolerance and iteration Hash adopts traditional Remote
Mode in proof, after being typically by once measuring, is iterated HASH to the HASH value of all metric module, is formed
One final metric, it will not go into details for the present invention.
Specific embodiment described herein is only explanation for example to present invention spirit.The affiliated technology of the present invention is led
The technical staff in domain can be made various modifications or supplement or replaced using similar mode to described specific embodiment
Generation, but the spirit without departing from the present invention or surmount scope defined in appended claims.
Claims (2)
1. a kind of active remote method of proof for cloud platform virtual machine metric it is characterised in that:The server at cloud management end
After selecting calculate node to set up virtual machine, set up remote proving client in the host operating system of calculate node, by virtual machine
Measurement results actively trigger remote proving client and carry out remote proving, in real time tolerance gained metric is sent to cloud management
The server at end, metric need not be saved in the PCR of TPM, and described TPM is credible platform module, and described PCR joins for platform
Put depositor;The process of realization includes remote proving client associative operation process and the server trust authentication mistake at cloud management end
Journey,
Described remote proving client associative operation process realization is as follows,
After the virtual machine of cloud platform is measured by the virtual machine manager vacuum metrics module of calculate node every time, by transmission degree
Value and metrics logs actively trigger remote proving client and carry out remote proving, and described tolerance includes quiet after virtual machine starts
Periodic dynamic measurement after attitude amount and virtual machine operation;After remote proving client receives metric and metrics logs, will
Host name and the UUID of virtual machine, read out and are sent to the server at cloud management end, to server request from metrics logs
Random number, described UUID is general unique identifier;Server receives the UUID of host name and virtual machine, generates for this virtual machine
One random number, and it is sent to remote proving client;After remote proving client receives random number, first, metric is entered
Row iteration Hash obtains final hash value, then with the signature private key in TPM, cryptographic Hash is signed, and obtains signature value;Then,
Generate an integrity report, the essential information of random number, metric, cryptographic Hash, signature value and virtual machine is inserted integrity
In report;Finally, integrity report and metrics logs are sent to the server at cloud management end;
The server trust authentication process realization at described cloud management end is as follows,
After server receives integrity report and metrics logs every time, each data item in integrity report is parsed, first
First check random number;Then recalculate Hash, verify cryptographic Hash;Further take out public signature key checking signature;Acquiescence is primary
Metric is baseline value, corresponding with this UUID for metric each afterwards virtual machine baseline value is compared, when metric is equal to
During baseline value, the result is that virtual machine is credible, otherwise for insincere.
2. according to claim 1 be directed to cloud platform virtual machine metric active remote method of proof it is characterised in that:When testing
When card result is that virtual machine is insincere, searches the corresponding metrics logs of this virtual machine, iteration Hash again, computing metric, look for
Malfunction assembly.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310474995.0A CN103501303B (en) | 2013-10-12 | 2013-10-12 | Active remote attestation method for measurement of cloud platform virtual machine |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310474995.0A CN103501303B (en) | 2013-10-12 | 2013-10-12 | Active remote attestation method for measurement of cloud platform virtual machine |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103501303A CN103501303A (en) | 2014-01-08 |
| CN103501303B true CN103501303B (en) | 2017-02-22 |
Family
ID=49866475
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310474995.0A Active CN103501303B (en) | 2013-10-12 | 2013-10-12 | Active remote attestation method for measurement of cloud platform virtual machine |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103501303B (en) |
Families Citing this family (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9413765B2 (en) * | 2014-03-25 | 2016-08-09 | Intel Corporation | Multinode hubs for trusted computing |
| CN104243457A (en) * | 2014-08-29 | 2014-12-24 | 上海斐讯数据通信技术有限公司 | Credibility measuring method and system for mobile terminal |
| CN104951708A (en) * | 2015-06-11 | 2015-09-30 | 浪潮电子信息产业股份有限公司 | File measurement and protection method and device |
| US10122695B2 (en) | 2015-10-28 | 2018-11-06 | Cisco Technology, Inc. | Remote crowd attestation in a network |
| CN105550095B (en) * | 2015-12-22 | 2018-07-06 | 中国科学院信息工程研究所 | Host behavior master based on virtualization passively combines detecting system and method |
| CN106354550A (en) * | 2016-11-01 | 2017-01-25 | 广东浪潮大数据研究有限公司 | Method, device and system for protecting security of virtual machine |
| WO2018162060A1 (en) * | 2017-03-08 | 2018-09-13 | Huawei Technologies Co., Ltd. | Methods and devices for attesting an integrity of a virtual machine |
| CN107392030A (en) * | 2017-07-28 | 2017-11-24 | 浪潮(北京)电子信息产业有限公司 | A kind of method and device for detecting virtual machine and starting safety |
| CN107861793A (en) * | 2017-11-08 | 2018-03-30 | 浪潮(北京)电子信息产业有限公司 | Virtual hardware platform starts method, apparatus, equipment and computer-readable storage medium |
| CN109213572B (en) * | 2018-09-10 | 2021-10-22 | 郑州云海信息技术有限公司 | Credibility determination method based on virtual machine and server |
| CN109358945A (en) * | 2018-09-27 | 2019-02-19 | 郑州云海信息技术有限公司 | A kind of complete method and apparatus of verifying virtual machines hardware resource |
| CN110096887B (en) | 2019-03-22 | 2020-06-30 | 阿里巴巴集团控股有限公司 | Trusted computing method and server |
| CN111901285B (en) * | 2019-05-06 | 2022-09-20 | 阿里巴巴集团控股有限公司 | Credibility verification method, system, equipment and storage medium |
| CN112000935A (en) * | 2019-05-27 | 2020-11-27 | 阿里巴巴集团控股有限公司 | Remote authentication method, device, system, storage medium and computer equipment |
| CN114640441A (en) * | 2019-06-24 | 2022-06-17 | 华为技术有限公司 | Remote certification mode negotiation method and device |
| CN110324422B (en) * | 2019-07-05 | 2020-08-28 | 北京大学 | Cloud application verification method and system |
| CN110334515B (en) * | 2019-07-05 | 2021-05-14 | 北京可信华泰信息技术有限公司 | Method and device for generating measurement report based on trusted computing platform |
| CN110334518B (en) * | 2019-07-05 | 2021-05-14 | 北京可信华泰信息技术有限公司 | Trusted computing platform-based measurement policy verification method and device |
| CN114884689A (en) * | 2019-07-12 | 2022-08-09 | 华为技术有限公司 | Remote certification method and device |
| CN112688907B (en) * | 2019-10-17 | 2023-06-30 | 华为技术有限公司 | Combined equipment remote proof mode negotiation method, related equipment and storage medium |
| CN112787817A (en) * | 2019-11-11 | 2021-05-11 | 华为技术有限公司 | Remote certification method, device, system and computer storage medium |
| CN112787988B (en) * | 2019-11-11 | 2023-06-02 | 华为技术有限公司 | Remote attestation method, device, system and computer storage medium |
| CN113132330B (en) * | 2019-12-31 | 2022-06-28 | 华为技术有限公司 | Method, device, attestation server and readable storage medium for attestation of trusted status |
| CN111737081B (en) * | 2020-06-16 | 2022-05-17 | 平安科技(深圳)有限公司 | Cloud server monitoring method, device, equipment and storage medium |
| CN111831609B (en) * | 2020-06-18 | 2024-01-02 | 中国科学院数据与通信保护研究教育中心 | Method and system for unified management and distribution of binary metric values in virtualized environments |
| CN112468448B (en) * | 2020-11-05 | 2023-08-08 | 中国电子信息产业集团有限公司 | Processing method and device of communication network, electronic equipment and readable storage medium |
| CN113315805A (en) * | 2021-04-08 | 2021-08-27 | 中国科学院信息工程研究所 | Group verification method and system for cloud infrastructure trusted device |
| CN113423108B (en) * | 2021-05-11 | 2022-07-12 | 西安电子科技大学 | Remote certification method, system, computer equipment and data processing terminal |
| CN113869901B (en) * | 2021-12-02 | 2022-05-10 | 腾讯科技(深圳)有限公司 | Key generation method, key generation device, computer-readable storage medium and computer equipment |
| CN115001766B (en) * | 2022-05-24 | 2023-07-04 | 四川大学 | Efficient multi-node batch remote proving method |
| CN116015782B (en) * | 2022-12-13 | 2024-03-22 | 四川大学 | Trust relation establishing method for multi-cloud network architecture |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101477602A (en) * | 2009-02-10 | 2009-07-08 | 浪潮电子信息产业股份有限公司 | Remote proving method in trusted computation environment |
| WO2012038211A1 (en) * | 2010-09-22 | 2012-03-29 | International Business Machines Corporation | Attesting use of an interactive component during a boot process |
| CN103023922A (en) * | 2012-12-05 | 2013-04-03 | 清华大学 | Control flow model behavior based dynamic remote attestation method |
-
2013
- 2013-10-12 CN CN201310474995.0A patent/CN103501303B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101477602A (en) * | 2009-02-10 | 2009-07-08 | 浪潮电子信息产业股份有限公司 | Remote proving method in trusted computation environment |
| WO2012038211A1 (en) * | 2010-09-22 | 2012-03-29 | International Business Machines Corporation | Attesting use of an interactive component during a boot process |
| CN103023922A (en) * | 2012-12-05 | 2013-04-03 | 清华大学 | Control flow model behavior based dynamic remote attestation method |
| CN103220300A (en) * | 2012-12-05 | 2013-07-24 | 清华大学 | Mobile terminal system supporting dynamic remote attestation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103501303A (en) | 2014-01-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103501303B (en) | Active remote attestation method for measurement of cloud platform virtual machine | |
| Bera et al. | Designing blockchain-based access control protocol in IoT-enabled smart-grid system | |
| US11212081B2 (en) | Method for signing a new block in a decentralized blockchain consensus network | |
| Balfe et al. | Trusted computing: Providing security for peer-to-peer networks | |
| CN103118027B (en) | The method of TLS passage is set up based on the close algorithm of state | |
| EP4066434B1 (en) | Password-authenticated public key establishment | |
| US20180006826A1 (en) | Public key infrastructure using blockchains | |
| Chen et al. | Property-based attestation without a trusted third party | |
| CN104158791A (en) | Safe communication authentication method and system in distributed environment | |
| US8341410B2 (en) | Efficient certified email protocol | |
| WO2020258837A1 (en) | Unlocking method, device for realizing unlocking, and computer readable medium | |
| CN101834860A (en) | Method for remote dynamic verification on integrality of client software | |
| Frymann et al. | Asynchronous remote key generation: An analysis of yubico's proposal for W3C webauthn | |
| US20230052608A1 (en) | Remote attestation | |
| CN109600228A (en) | The signature method and sealing system of anti-quantum calculation based on public keys pond | |
| CN109560935A (en) | The signature method and sealing system of anti-quantum calculation based on public asymmetric key pond | |
| CN103326856A (en) | Cloud storage data responsibility confirmation structure and method based on two-way digital signature | |
| CN116112187A (en) | Remote proving method, device, equipment and readable storage medium | |
| CN101789939B (en) | Effective realization method for credible OpenSSH | |
| CN107104804A (en) | A kind of platform integrity verification method and device | |
| CN111241492A (en) | Product multi-tenant secure credit granting method, system and electronic equipment | |
| Xie et al. | A novel blockchain-based and proxy-oriented public audit scheme for low performance terminal devices | |
| Zhou et al. | Trusted channels with password-based authentication and TPM-based attestation | |
| Ernstberger et al. | Origo: Proving provenance of sensitive data with constant communication | |
| Zou et al. | Dynamic provable data possession based on ranked merkle hash tree |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |