CN105227319A - A kind of method of authentication server and device - Google Patents

A kind of method of authentication server and device Download PDF

Info

Publication number
CN105227319A
CN105227319A CN201510697751.8A CN201510697751A CN105227319A CN 105227319 A CN105227319 A CN 105227319A CN 201510697751 A CN201510697751 A CN 201510697751A CN 105227319 A CN105227319 A CN 105227319A
Authority
CN
China
Prior art keywords
verified
server
metric
identity key
key certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510697751.8A
Other languages
Chinese (zh)
Inventor
刘海伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Electronic Information Industry Co Ltd
Original Assignee
Inspur Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Electronic Information Industry Co Ltd filed Critical Inspur Electronic Information Industry Co Ltd
Priority to CN201510697751.8A priority Critical patent/CN105227319A/en
Publication of CN105227319A publication Critical patent/CN105227319A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention provides a kind of method and device of authentication server, the method comprises: in server to be verified, arrange safety chip in advance, by safety chip, integrity measurement is carried out to described server to be verified, obtain at least one metric, at least one metric is stored in the PCR of safety chip respectively, obtain the fiducial value of the metric that each PCR is corresponding in server to be verified in advance, send checking request to server to be verified, in checking request, carry the information of PCR to be verified; Receive the metric to be verified in PCR to be verified corresponding to the information of the PCR to be verified that server to be verified returns; Judge that whether the fiducial value that metric to be verified and PCR to be verified are corresponding is identical, if so, then server to be verified is by checking, otherwise server to be verified is not by checking.The invention provides a kind of method and device of authentication server, can verify the integrality of server.

Description

A kind of method of authentication server and device
Technical field
The present invention relates to field of computer technology, particularly a kind of method of authentication server and device.
Background technology
Particularly relate to the structure of the safe trust chain of server host, and prove the state of host integrity in this transitive trust process.
Increasingly mature along with cloud computing, the construction of cloud data center is also more and more general, and the cloud Host Security problem of data center also more and more comes into one's own.Conventional safety detection mode is all carry out Prevention-Security after starting system, before starting and start-up course, lacks effective protection and tolerance to system.If system is attacked before being initiated or in start-up course, the critical file of the server of credible calculating platform is tampered, cannot the integrality of Deterministic service device, this can the safety of serious threat credible calculating platform.In prior art, cannot the integrality of authentication server.
Summary of the invention
In view of this, the invention provides a kind of method and device of authentication server, can verify the integrality of server.
On the one hand, the invention provides a kind of method of authentication server, comprise: in advance safety chip is set in server to be verified, by described safety chip, integrity measurement is carried out to described server to be verified, obtain at least one metric, at least one metric described is stored in the platform configuration register PCR of safety chip respectively, obtains the fiducial value of the metric that each PCR is corresponding in described server to be verified in advance, also comprise:
S1: send checking request to server to be verified, carries the information of PCR to be verified in described checking request;
S2: receive the metric to be verified in PCR to be verified corresponding to the information of the PCR described to be verified that described server to be verified returns;
S3: judge that whether the fiducial value that described metric to be verified and PCR to be verified are corresponding is identical, if so, then described server to be verified is by checking, otherwise described server to be verified is not by checking.
Further, described S2, comprising:
Receive the remote proving signature carrying described metric to be verified, described remote proving signature comprises: through the cryptographic Hash of the metric described to be verified of the identity key encrypted private key of described server to be verified, the plaintext of described metric to be verified;
Before described S1, also comprise: the identity key PKI obtaining described server to be verified;
After described S2, before described S3, also comprise:
Calculate the cryptographic Hash of the plaintext of described metric to be verified;
By the cryptographic Hash of the metric described to be verified through described identity key encrypted private key in remote proving signature described in described identity key public key decryptions, obtain the cryptographic Hash of described metric to be verified;
Judge that whether the cryptographic Hash of the plaintext of described metric to be verified is equal with the cryptographic Hash of described metric to be verified, if so, then perform step S3, otherwise, terminate current process.
Further, before described S1, also comprise: issue identity key certificate by described trusted third party to described server to be verified in advance;
Before described S3, also comprise:
Receive the described identity key certificate that described server to be verified is sent together with described metric to be verified;
Described identity key certificate is sent to described trusted third party, to make described trusted third party, described trusted key certificate is verified;
Receive the result that described trusted third party returns, when described identity key certificate is by checking, perform step S3, when described identity key certificate is not by checking, terminate current process.
Further, described in advance by described trusted third party give described server way identity key certificate to be verified, comprising:
A1: the endorsement key PKI being obtained described server to be verified by described trusted third party;
A2: the identity key certificate request sent by the described server to be verified of described trusted third party's reception;
A3: by described trusted third party, generates described identity key certificate according to described identity key certificate request;
A4: by described trusted third party, signs to described identity key certificate with the signature key of described trusted third party, and the described identity key certificate after using described endorsement key public key encryption to sign;
A5: by described trusted third party, identity key certificate by described endorsement key public key encryption is sent to described server to be verified, to make safety chip described in described server by utilizing to be verified, by the deciphering of endorsement key private key by the identity key certificate of described endorsement key public key encryption, obtain described identity key certificate.
Further, before described S1, also comprise: generate and prove challenge random number;
Also comprise: in all sessions that described checking request is corresponding, add described proof challenge random number.
Further, describedly by described safety chip, integrity measurement is carried out to described server to be verified, comprising: integrity measurement is carried out to one or more in the basic input-output system BIOS of described server to be verified, BootLoader, operating system OS and application program.
On the other hand, the invention provides a kind of device of authentication server, comprising:
Metric element, for arranging safety chip in server to be verified, by described safety chip, integrity measurement is carried out to described server to be verified, obtain at least one metric, at least one metric described is stored in the platform configuration register PCR of safety chip respectively;
First acquiring unit, for obtaining the fiducial value of the metric that each PCR is corresponding in described server to be verified;
Transmitting element, for sending checking request to server to be verified, carries the information of PCR to be verified in described checking request;
Receiving element, the metric to be verified in the PCR to be verified that the information for receiving the PCR described to be verified that described server to be verified returns is corresponding;
Authentication unit, whether identical for judging the fiducial value that described metric to be verified and PCR to be verified are corresponding, if so, then described server to be verified is by checking, otherwise described server to be verified is not by checking.
Further, described receiving element, for receiving the remote proving signature carrying described metric to be verified, described remote proving signature comprises: through the cryptographic Hash of the metric described to be verified of the identity key encrypted private key of described server to be verified, the plaintext of described metric to be verified;
Also comprise: second acquisition unit, for obtaining the identity key PKI of described server to be verified;
Also comprise: remote proving signature verification unit, for calculating the cryptographic Hash of the plaintext of described metric to be verified, by the cryptographic Hash of the metric described to be verified through described identity key encrypted private key in remote proving signature described in described identity key public key decryptions, obtain the cryptographic Hash of described metric to be verified, judge that whether the cryptographic Hash of the plaintext of described metric to be verified is equal with the cryptographic Hash of described metric to be verified, when judged result is for being, then notify described authentication unit, when judged result is no, terminate the checking to described server to be verified.
Further, also comprise: issue unit, for issuing identity key certificate to described server to be verified by described trusted third party;
Also comprise: identity key certificate verification unit, for receiving the described identity key certificate that described server to be verified is sent, described identity key certificate is sent to described trusted third party, to make described trusted third party, described trusted key certificate is verified, receive the result that described trusted third party returns, when described identity key certificate is by checking, notify described authentication unit, when described identity key certificate is not by checking, terminate the checking to described server to be verified.
Further, described in issue unit, specifically for:
A1: the endorsement key PKI being obtained described server to be verified by described trusted third party;
A2: the identity key certificate request sent by the described server to be verified of described trusted third party's reception;
A3: by described trusted third party, generates described identity key certificate according to described identity key certificate request;
A4: by described trusted third party, signs to described identity key certificate with the signature key of described trusted third party, and the described identity key certificate after using described endorsement key public key encryption to sign;
A5: by described trusted third party, identity key certificate by described endorsement key public key encryption is sent to described server to be verified, to make safety chip described in described server by utilizing to be verified, by the deciphering of endorsement key private key by the identity key certificate of described endorsement key public key encryption, obtain described identity key certificate.
Further, also comprising: generation unit, proving challenge random number for generating;
Also comprise: adding device, for adding described proof challenge random number in all sessions that described checking request is corresponding.
Further, described metric element, perform described by described safety chip, integrity measurement is carried out to described server to be verified time, specifically execution: integrity measurement is carried out to one or more in the basic input-output system BIOS of described server to be verified, BootLoader, operating system OS and application program.
By method and the device of a kind of authentication server provided by the invention, in server to be verified, safety chip is set, treat authentication server by safety chip and carry out integrity measurement, metric is stored in the PCR of safety chip, metric to be verified corresponding for PCR to be verified is compared with corresponding fiducial value, if server to be verified was tampered, the two will be different, if the same illustrate that server to be verified is safe, can be verified the integrality of server by the method and device.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the flow chart of the method for a kind of authentication server that one embodiment of the invention provides;
Fig. 2 is the flow chart of the method for the another kind of authentication server that one embodiment of the invention provides;
Fig. 3 is the schematic diagram of the device of a kind of authentication server that one embodiment of the invention provides;
Fig. 4 is the schematic diagram of the device of the another kind of authentication server that one embodiment of the invention provides.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly; below in conjunction with the accompanying drawing in the embodiment of the present invention; technical scheme in the embodiment of the present invention is clearly and completely described; obviously; described embodiment is the present invention's part embodiment, instead of whole embodiments, based on the embodiment in the present invention; the every other embodiment that those of ordinary skill in the art obtain under the prerequisite not making creative work, all belongs to the scope of protection of the invention.
As shown in Figure 1, embodiments provide a kind of method of authentication server, the method can comprise the following steps:
S0: in advance safety chip is set in server to be verified, by described safety chip, integrity measurement is carried out to described server to be verified, obtain at least one metric, at least one metric described is stored in respectively the PCR (PlatformConfigurationRegister of safety chip, platform configuration register) in, obtain the fiducial value of the metric that each PCR is corresponding in described server to be verified in advance;
S1: send checking request to server to be verified, carries the information of PCR to be verified in described checking request;
S2: receive the metric to be verified in PCR to be verified corresponding to the information of the PCR described to be verified that described server to be verified returns;
S3: judge that whether the fiducial value that described metric to be verified and PCR to be verified are corresponding is identical, if so, then described server to be verified is by checking, otherwise described server to be verified is not by checking.
The method of a kind of authentication server provided by the embodiment of the present invention, in server to be verified, safety chip is set, treat authentication server by safety chip and carry out integrity measurement, metric is stored in the PCR of safety chip, metric to be verified corresponding for PCR to be verified is compared with corresponding fiducial value, if server to be verified was tampered, the two will be different, if the same illustrate that server to be verified is safe, can be verified the integrality of server by the method.
Fiducial value in the embodiment of the present invention can be that server to be verified had not been tampered, and when being safe, safety chip carries out the metric that integrity measurement obtains.
Send in the process of metric to be verified at server to be verified, this metric to be verified may be tampered, make verifying end cannot obtain metric to be verified accurately, and then the result of checking also can be inaccurate, in order to solve this problem, ensure the safety of transmitting procedure moderate value, metric can be carried at remote proving signature, by determining whether metric to be verified was tampered to this remote proving signature.Particularly, in a kind of possible implementation, described S2, comprising:
Receive the remote proving signature carrying described metric to be verified, described remote proving signature comprises: through the cryptographic Hash of the metric described to be verified of the identity key encrypted private key of described server to be verified, the plaintext of described metric to be verified;
Before described S1, also comprise: the identity key PKI obtaining described server to be verified;
After described S2, before described S3, also comprise:
Calculate the cryptographic Hash of the plaintext of described metric to be verified;
By the cryptographic Hash of the metric described to be verified through described identity key encrypted private key in remote proving signature described in described identity key public key decryptions, obtain the cryptographic Hash of described metric to be verified;
Judge that whether the cryptographic Hash of the plaintext of described metric to be verified is equal with the cryptographic Hash of described metric to be verified, if so, then perform step S3, otherwise, terminate current process.
In this implementation, server to be verified calculates the cryptographic Hash of metric to be verified, then by this cryptographic Hash identity key encrypted private key, is adding the plaintext of metric to be verified, constitutes remote proving signature.After the plaintext of metric to be verified is tampered, the cryptographic Hash of the plaintext of this metric to be verified will be unequal with the cryptographic Hash of encrypted metric to be verified, when not being tampered, the two is equal, whether accurate can verify the metric to be verified received by the method.Determining that the two just can to metric to be verified by step S3 process after identical, this metric to be verified can be exactly the plaintext from metric to be verified.
After receiving metric to be verified, can not determine that this metric to be verified is exactly that server to be verified is sent, likely be blocked in transmitting procedure, and be replaced, in order to verify that the metric to be verified received server whether to be verified is sent, in a kind of possible implementation, before described S1, also comprise: issue identity key certificate by described trusted third party to described server to be verified in advance;
Before described S3, also comprise:
Receive the described identity key certificate that described server to be verified is sent;
Described identity key certificate is sent to described trusted third party, to make described trusted third party, described trusted key certificate is verified;
Receive the result that described trusted third party returns, when described identity key certificate is by checking, perform step S3, when described identity key certificate is not by checking, terminate current process.
In this implementation, the identity of server to be verified verified by the identity key certificate that can be presented to server to be verified by trusted third party.After confirming the metric to be verified that server to be verified is sent, can by this metric by step S3 process.
In a kind of possible implementation, described in advance by described trusted third party give described server way identity key certificate to be verified, comprising:
A1: the endorsement key PKI being obtained described server to be verified by described trusted third party;
A2: the identity key certificate request sent by the described server to be verified of described trusted third party's reception;
A3: by described trusted third party, generates described identity key certificate according to described identity key certificate request;
A4: by described trusted third party, signs to described identity key certificate with the signature key of described trusted third party, and the described identity key certificate after using described endorsement key public key encryption to sign;
A5: by described trusted third party, identity key certificate by described endorsement key public key encryption is sent to described server to be verified, to make safety chip described in described server by utilizing to be verified, by the deciphering of endorsement key private key by the identity key certificate of described endorsement key public key encryption, obtain described identity key certificate.
Carry out in the process verified treating authentication server, the message that other servers to be verified are sent may be subject to, or the multiple messages that same server to be verified is sent, proof procedure may be made like this to occur mistake, in order to solve this problem, add mark can to all sessions in proof procedure, be used for marking this proof procedure, can by proving that challenge random number is used as mark, particularly, in a kind of possible implementation, before described S1, also comprise: generate and prove challenge random number;
Also comprise: in all sessions that described checking request is corresponding, add described proof challenge random number.
In a kind of possible implementation, describedly by described safety chip, integrity measurement is carried out to described server to be verified, comprise: to the BIOS (BasicInputOutputSystem of described server to be verified, basic input output system), one or more in BootLoader, OS (operating system, OperatingSystem) and application program carry out integrity measurement.
For making the object, technical solutions and advantages of the present invention clearly, below in conjunction with drawings and the specific embodiments, the present invention is described in further detail.
In this embodiment, server to be verified is server A, and PCR to be verified is a PCR, and metric to be verified is the metric A in a PCR, and the fiducial value of the metric that a PCR is corresponding is metric B.
As shown in Figure 2, embodiments provide a kind of method of authentication server, the method can comprise the following steps:
Step 201: in advance safety chip is set in server A, by safety chip, integrity measurement is carried out to server A, obtain at least one metric, at least one metric is stored in the PCR of safety chip respectively, issue identity key certificate by trusted third party to server A in advance.
Step 202: the fiducial value obtaining the metric that each PCR is corresponding in server A in advance, obtains the identity key PKI of server A.
Step 203: send checking request to server A, carry the information of a PCR in this checking request.
Step 204: the remote proving signature of what reception server A returned carry metric A and identity key certificate, this remote proving signature comprises: through the cryptographic Hash of the metric A of the identity key encrypted private key of server A, the plaintext of metric A.
Step 205: identity key certificate is sent to trusted third party, verifies described trusted key certificate to make trusted third party.
According to described the result, step 206: receive the result that trusted third party returns, judges that whether identity key certificate is by checking, if so, then performs step 207, otherwise, terminate current process.
Step 207: the cryptographic Hash of the plaintext of computing metric A.
Step 208: by the cryptographic Hash of the metric A through identity key encrypted private key in identity key public key decryptions remote proving signature, obtain the cryptographic Hash of metric A.
Step 209: judge that whether the cryptographic Hash of the plaintext of metric A is equal with the cryptographic Hash of metric A, if so, then performs step 210, otherwise, terminate current process.
Step 210: judge that whether metric A is identical with metric B, if so, then determines that server A passes through checking, otherwise, determine server A not by checking.
As shown in Figure 3, Figure 4, a kind of device of authentication server is embodiments provided.Device embodiment can pass through software simulating, also can be realized by the mode of hardware or software and hardware combining.Say from hardware view; as shown in Figure 3; a kind of hardware structure diagram of the device place equipment of a kind of authentication server provided for the embodiment of the present invention; except the processor shown in Fig. 3, internal memory, network interface and nonvolatile memory; in embodiment, the equipment at device place can also comprise other hardware usually, as the forwarding chip etc. of responsible process message.For software simulating, as shown in Figure 4, as the device on a logical meaning, be by the CPU of its place equipment, computer program instructions corresponding in nonvolatile memory is read operation in internal memory to be formed.The device of a kind of authentication server that the present embodiment provides, comprising:
Metric element 401, for arranging safety chip in server to be verified, by described safety chip, integrity measurement is carried out to described server to be verified, obtain at least one metric, at least one metric described is stored in the platform configuration register PCR of safety chip respectively;
First acquiring unit 402, for obtaining the fiducial value of the metric that each PCR is corresponding in described server to be verified;
Transmitting element 403, for sending checking request to server to be verified, carries the information of PCR to be verified in described checking request;
Receiving element 404, the metric to be verified in the PCR to be verified that the information for receiving the PCR described to be verified that described server to be verified returns is corresponding;
Authentication unit 405, whether identical for judging the fiducial value that described metric to be verified and PCR to be verified are corresponding, if so, then described server to be verified is by checking, otherwise described server to be verified is not by checking.
In a kind of possible implementation, described receiving element 404, for receiving the remote proving signature carrying described metric to be verified, described remote proving signature comprises: through the cryptographic Hash of the metric described to be verified of the identity key encrypted private key of described server to be verified, the plaintext of described metric to be verified;
Also comprise: second acquisition unit, for obtaining the identity key PKI of described server to be verified;
Also comprise: remote proving signature verification unit, for calculating the cryptographic Hash of the plaintext of described metric to be verified, by the cryptographic Hash of the metric described to be verified through described identity key encrypted private key in remote proving signature described in described identity key public key decryptions, obtain the cryptographic Hash of described metric to be verified, judge that whether the cryptographic Hash of the plaintext of described metric to be verified is equal with the cryptographic Hash of described metric to be verified, when judged result is for being, then notify described authentication unit, when judged result is no, terminate the checking to described server to be verified.
In a kind of possible implementation, this device also comprises: issue unit, for issuing identity key certificate to described server to be verified by described trusted third party;
Also comprise: identity key certificate verification unit, for receiving the described identity key certificate that described server to be verified is sent, described identity key certificate is sent to described trusted third party, to make described trusted third party, described trusted key certificate is verified, receive the result that described trusted third party returns, when described identity key certificate is by checking, notify described authentication unit, when described identity key certificate is not by checking, terminate the checking to described server to be verified.
In a kind of possible implementation, described in issue unit, specifically for:
A1: the endorsement key PKI being obtained described server to be verified by described trusted third party;
A2: the identity key certificate request sent by the described server to be verified of described trusted third party's reception;
A3: by described trusted third party, generates described identity key certificate according to described identity key certificate request;
A4: by described trusted third party, signs to described identity key certificate with the signature key of described trusted third party, and the described identity key certificate after using described endorsement key public key encryption to sign;
A5: by described trusted third party, identity key certificate by described endorsement key public key encryption is sent to described server to be verified, to make safety chip described in described server by utilizing to be verified, by the deciphering of endorsement key private key by the identity key certificate of described endorsement key public key encryption, obtain described identity key certificate.
In a kind of possible implementation, also comprising: generation unit, proving challenge random number for generating;
Also comprise: adding device, for adding described proof challenge random number in all sessions that described checking request is corresponding.
In a kind of possible implementation, described metric element, perform described by described safety chip, integrity measurement is carried out to described server to be verified time, specifically execution: integrity measurement is carried out to one or more in BIOS, BootLoader, OS of described server to be verified and application program.
The content such as information interaction, implementation between each unit in said apparatus, due to the inventive method embodiment based on same design, particular content can see in the inventive method embodiment describe, repeat no more herein.
It should be noted that: the server to be verified in above-described embodiment can be the server of credible calculating platform.Above-mentioned safety chip can be TPM, TCM.
When treating authentication server and carrying out integrity measurement, the execution integrity state of server upper module to be verified (hardware, firmware and software) is recorded, thus builds the trust chain of server to be verified.The starting point of integrity measurement is called as tolerance root of trust, and it is positioned at safety chip inside, is absolute confidence.When computer starting, start to perform integrality metrics process, from BIOS, BootLoader, OS to application program, each entity can be measured.Wherein, metric can with summarize by extension storage in PCR.If there is any module maliciously to be infected, the digest value in this PCR must change.
In order to ensure fail safe, avoid the endorsement key exposing server to be verified, the embodiment of the present invention carries out proof of identification by identity key, and non-immediate uses endorsement key.Identity key is produced by safety chip under the guidance of endorsement key, the double secret key of mark safety chip identity.
Issue in the process of identity key certificate giving server to be verified, safety chip owner use safety chip generates the RSA key (i.e. identity key) that Key Tpe is identity key, identity key PKI, endorsement key, platform credential are packaged in together, send to trusted third party together with identity key certificate request.In addition, in order to the validity of identity verification key certificate request, endorsement key certificate is sent to trusted third party by server to be verified together with identity key certificate request, and trusted third party is determined one's identity by checking endorsement key certificate the validity of key certificate request.In addition, after server to be verified obtains identity key certificate, can send to authentication the request of proof, inform that authentication can be treated authentication server and verify, here authentication can be the device of the method realizing above-mentioned authentication server, can be the device of above-mentioned authentication server.
The embodiment of the present invention provides a kind of method and device of authentication server, has following beneficial effect:
1, a kind of method of authentication server that provides of the embodiment of the present invention and device, in server to be verified, safety chip is set, treat authentication server by safety chip and carry out integrity measurement, metric is stored in the PCR of safety chip, metric to be verified corresponding for PCR to be verified is compared with corresponding fiducial value, if server to be verified was tampered, the two will be different, if the same illustrate that server to be verified is safe, by the method and device, can verify the integrality of server.
2, the method of a kind of authentication server that the embodiment of the present invention provides and device, server to be verified calculates the cryptographic Hash of metric to be verified, then by this cryptographic Hash identity key encrypted private key, adding the plaintext of metric to be verified, constitute remote proving signature, after the plaintext of metric to be verified is tampered, the cryptographic Hash of the plaintext of this metric to be verified will be unequal with the cryptographic Hash of encrypted metric to be verified, when not being tampered, the two is equal, whether accurately the metric to be verified received can be verified by the method, achieve the checking of the accuracy to metric to be verified, ensure that the accuracy of the result of server to be verified.
3, a kind of method of authentication server that provides of the embodiment of the present invention and device, the identity of server to be verified verified by the identity key certificate that can be presented to server to be verified by trusted third party, and then can verify what the metric to be verified received server whether to be verified was sent, ensure that the accuracy of the result treating authentication server.
It should be noted that, in this article, the relational terms of such as first and second and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element " being comprised " limited by statement, and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical factor.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in the storage medium of embodied on computer readable, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium in.
Finally it should be noted that: the foregoing is only preferred embodiment of the present invention, only for illustration of technical scheme of the present invention, be not intended to limit protection scope of the present invention.All any amendments done within the spirit and principles in the present invention, equivalent replacement, improvement etc., be all included in protection scope of the present invention.

Claims (10)

1. the method for an authentication server, it is characterized in that, comprise: in advance safety chip is set in server to be verified, by described safety chip, integrity measurement is carried out to described server to be verified, obtain at least one metric, at least one metric described is stored in the platform configuration register PCR of safety chip respectively, obtains the fiducial value of the metric that each PCR is corresponding in described server to be verified in advance, also comprise:
S1: send checking request to server to be verified, carries the information of PCR to be verified in described checking request;
S2: receive the metric to be verified in PCR to be verified corresponding to the information of the PCR described to be verified that described server to be verified returns;
S3: judge that whether the fiducial value that described metric to be verified and PCR to be verified are corresponding is identical, if so, then described server to be verified is by checking, otherwise described server to be verified is not by checking.
2. method according to claim 1, is characterized in that, described S2, comprising:
Receive the remote proving signature carrying described metric to be verified, described remote proving signature comprises: through the cryptographic Hash of the metric described to be verified of the identity key encrypted private key of described server to be verified, the plaintext of described metric to be verified;
Before described S1, also comprise: the identity key PKI obtaining described server to be verified;
After described S2, before described S3, also comprise:
Calculate the cryptographic Hash of the plaintext of described metric to be verified;
By the cryptographic Hash of the metric described to be verified through described identity key encrypted private key in remote proving signature described in described identity key public key decryptions, obtain the cryptographic Hash of described metric to be verified;
Judge that whether the cryptographic Hash of the plaintext of described metric to be verified is equal with the cryptographic Hash of described metric to be verified, if so, then perform step S3, otherwise, terminate current process.
3. method according to claim 1, is characterized in that, before described S1, also comprises: issue identity key certificate to described server to be verified by described trusted third party in advance;
Before described S3, also comprise:
Receive the described identity key certificate that described server to be verified is sent together with described metric to be verified;
Described identity key certificate is sent to described trusted third party, to make described trusted third party, described trusted key certificate is verified;
Receive the result that described trusted third party returns, when described identity key certificate is by checking, perform step S3, when described identity key certificate is not by checking, terminate current process.
4. method according to claim 3, is characterized in that, described in advance by described trusted third party give described server way identity key certificate to be verified, comprising:
A1: the endorsement key PKI being obtained described server to be verified by described trusted third party;
A2: the identity key certificate request sent by the described server to be verified of described trusted third party's reception;
A3: by described trusted third party, generates described identity key certificate according to described identity key certificate request;
A4: by described trusted third party, signs to described identity key certificate with the signature key of described trusted third party, and the described identity key certificate after using described endorsement key public key encryption to sign;
A5: by described trusted third party, identity key certificate by described endorsement key public key encryption is sent to described server to be verified, to make safety chip described in described server by utilizing to be verified, by the deciphering of endorsement key private key by the identity key certificate of described endorsement key public key encryption, obtain described identity key certificate.
5. method according to claim 1, is characterized in that, before described S1, also comprises: generate and prove challenge random number;
Also comprise: in all sessions that described checking request is corresponding, add described proof challenge random number;
And/or, describedly by described safety chip, integrity measurement is carried out to described server to be verified, comprising: integrity measurement is carried out to one or more in the basic input-output system BIOS of described server to be verified, BootLoader, operating system OS and application program.
6. a device for authentication server, is characterized in that, comprising:
Metric element, for arranging safety chip in server to be verified, by described safety chip, integrity measurement is carried out to described server to be verified, obtain at least one metric, at least one metric described is stored in the platform configuration register PCR of safety chip respectively;
First acquiring unit, for obtaining the fiducial value of the metric that each PCR is corresponding in described server to be verified;
Transmitting element, for sending checking request to server to be verified, carries the information of PCR to be verified in described checking request;
Receiving element, the metric to be verified in the PCR to be verified that the information for receiving the PCR described to be verified that described server to be verified returns is corresponding;
Authentication unit, whether identical for judging the fiducial value that described metric to be verified and PCR to be verified are corresponding, if so, then described server to be verified is by checking, otherwise described server to be verified is not by checking.
7. device according to claim 6, it is characterized in that, described receiving element, for receiving the remote proving signature carrying described metric to be verified, described remote proving signature comprises: through the cryptographic Hash of the metric described to be verified of the identity key encrypted private key of described server to be verified, the plaintext of described metric to be verified;
Also comprise: second acquisition unit, for obtaining the identity key PKI of described server to be verified;
Also comprise: remote proving signature verification unit, for calculating the cryptographic Hash of the plaintext of described metric to be verified, by the cryptographic Hash of the metric described to be verified through described identity key encrypted private key in remote proving signature described in described identity key public key decryptions, obtain the cryptographic Hash of described metric to be verified, judge that whether the cryptographic Hash of the plaintext of described metric to be verified is equal with the cryptographic Hash of described metric to be verified, when judged result is for being, then notify described authentication unit, when judged result is no, terminate the checking to described server to be verified.
8. device according to claim 6, is characterized in that, also comprises: issue unit, for issuing identity key certificate to described server to be verified by described trusted third party;
Also comprise: identity key certificate verification unit, for receiving the described identity key certificate that described server to be verified is sent, described identity key certificate is sent to described trusted third party, to make described trusted third party, described trusted key certificate is verified, receive the result that described trusted third party returns, when described identity key certificate is by checking, notify described authentication unit, when described identity key certificate is not by checking, terminate the checking to described server to be verified.
9. device according to claim 8, is characterized in that, described in issue unit, specifically for:
A1: the endorsement key PKI being obtained described server to be verified by described trusted third party;
A2: the identity key certificate request sent by the described server to be verified of described trusted third party's reception;
A3: by described trusted third party, generates described identity key certificate according to described identity key certificate request;
A4: by described trusted third party, signs to described identity key certificate with the signature key of described trusted third party, and the described identity key certificate after using described endorsement key public key encryption to sign;
A5: by described trusted third party, identity key certificate by described endorsement key public key encryption is sent to described server to be verified, to make safety chip described in described server by utilizing to be verified, by the deciphering of endorsement key private key by the identity key certificate of described endorsement key public key encryption, obtain described identity key certificate.
10. device according to claim 6, is characterized in that, also comprises: generation unit, proves challenge random number for generating;
Also comprise: adding device, for adding described proof challenge random number in all sessions that described checking request is corresponding;
And/or,
Described metric element, perform described by described safety chip, integrity measurement is carried out to described server to be verified time, specifically execution: integrity measurement is carried out to one or more in the basic input-output system BIOS of described server to be verified, BootLoader, operating system OS and application program.
CN201510697751.8A 2015-10-23 2015-10-23 A kind of method of authentication server and device Pending CN105227319A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510697751.8A CN105227319A (en) 2015-10-23 2015-10-23 A kind of method of authentication server and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510697751.8A CN105227319A (en) 2015-10-23 2015-10-23 A kind of method of authentication server and device

Publications (1)

Publication Number Publication Date
CN105227319A true CN105227319A (en) 2016-01-06

Family

ID=54996038

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510697751.8A Pending CN105227319A (en) 2015-10-23 2015-10-23 A kind of method of authentication server and device

Country Status (1)

Country Link
CN (1) CN105227319A (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743918A (en) * 2016-04-05 2016-07-06 浪潮电子信息产业股份有限公司 Information encrypted transmission method, device and system
CN106096420A (en) * 2016-06-15 2016-11-09 京信通信技术(广州)有限公司 The method and apparatus of embedded device clean boot
CN106778286A (en) * 2016-12-21 2017-05-31 郑州云海信息技术有限公司 A kind of system and method whether attacked for detection service device hardware
CN109213572A (en) * 2018-09-10 2019-01-15 郑州云海信息技术有限公司 A kind of confidence level based on virtual machine determines method and server
CN109714168A (en) * 2017-10-25 2019-05-03 阿里巴巴集团控股有限公司 Trusted remote method of proof, device and system
CN110245495A (en) * 2018-03-09 2019-09-17 阿里巴巴集团控股有限公司 BIOS method of calibration, configuration method, equipment and system
CN110324355A (en) * 2019-07-15 2019-10-11 山西百信信息技术有限公司 A kind of internet-of-things terminal method for security protection based on trust computing
CN110601843A (en) * 2019-07-15 2019-12-20 山西百信信息技术有限公司 Internet of things terminal security protection system based on trusted computing
CN110781509A (en) * 2019-10-28 2020-02-11 腾讯科技(深圳)有限公司 Data verification method and device, storage medium and computer equipment
CN111143887A (en) * 2019-12-26 2020-05-12 海光信息技术有限公司 Safety control method, processor, integrated device and computer equipment
WO2020192287A1 (en) * 2019-03-22 2020-10-01 阿里巴巴集团控股有限公司 Trusted computing method, and server
CN112000935A (en) * 2019-05-27 2020-11-27 阿里巴巴集团控股有限公司 Remote authentication method, device, system, storage medium and computer equipment
CN112688782A (en) * 2019-10-17 2021-04-20 华为技术有限公司 Remote certification method and equipment for combined equipment
WO2021093485A1 (en) * 2019-11-11 2021-05-20 华为技术有限公司 Remote attestation method, apparatus and system, and computer storage medium
CN113132330A (en) * 2019-12-31 2021-07-16 华为技术有限公司 Method for trusted state attestation and related device

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105743918A (en) * 2016-04-05 2016-07-06 浪潮电子信息产业股份有限公司 Information encrypted transmission method, device and system
CN106096420A (en) * 2016-06-15 2016-11-09 京信通信技术(广州)有限公司 The method and apparatus of embedded device clean boot
CN106778286A (en) * 2016-12-21 2017-05-31 郑州云海信息技术有限公司 A kind of system and method whether attacked for detection service device hardware
US11621843B2 (en) 2017-10-25 2023-04-04 Alibaba Group Holding Limited Trusted remote proving method, apparatus and system
CN109714168A (en) * 2017-10-25 2019-05-03 阿里巴巴集团控股有限公司 Trusted remote method of proof, device and system
CN109714168B (en) * 2017-10-25 2022-05-27 阿里巴巴集团控股有限公司 Trusted remote attestation method, device and system
CN110245495A (en) * 2018-03-09 2019-09-17 阿里巴巴集团控股有限公司 BIOS method of calibration, configuration method, equipment and system
CN109213572B (en) * 2018-09-10 2021-10-22 郑州云海信息技术有限公司 Credibility determination method based on virtual machine and server
CN109213572A (en) * 2018-09-10 2019-01-15 郑州云海信息技术有限公司 A kind of confidence level based on virtual machine determines method and server
WO2020192287A1 (en) * 2019-03-22 2020-10-01 阿里巴巴集团控股有限公司 Trusted computing method, and server
US11163865B2 (en) 2019-03-22 2021-11-02 Advanced New Technologies Co., Ltd. Trusted computing method, and server
CN112000935A (en) * 2019-05-27 2020-11-27 阿里巴巴集团控股有限公司 Remote authentication method, device, system, storage medium and computer equipment
CN110324355A (en) * 2019-07-15 2019-10-11 山西百信信息技术有限公司 A kind of internet-of-things terminal method for security protection based on trust computing
CN110601843A (en) * 2019-07-15 2019-12-20 山西百信信息技术有限公司 Internet of things terminal security protection system based on trusted computing
CN112688782B (en) * 2019-10-17 2023-09-08 华为技术有限公司 Remote proving method and equipment for combined equipment
CN112688782A (en) * 2019-10-17 2021-04-20 华为技术有限公司 Remote certification method and equipment for combined equipment
CN110781509A (en) * 2019-10-28 2020-02-11 腾讯科技(深圳)有限公司 Data verification method and device, storage medium and computer equipment
WO2021093485A1 (en) * 2019-11-11 2021-05-20 华为技术有限公司 Remote attestation method, apparatus and system, and computer storage medium
CN111143887B (en) * 2019-12-26 2022-05-24 海光信息技术股份有限公司 Safety control method, processor, integrated device and computer equipment
CN111143887A (en) * 2019-12-26 2020-05-12 海光信息技术有限公司 Safety control method, processor, integrated device and computer equipment
CN113132330B (en) * 2019-12-31 2022-06-28 华为技术有限公司 Method, device, attestation server and readable storage medium for attestation of trusted status
CN113132330A (en) * 2019-12-31 2021-07-16 华为技术有限公司 Method for trusted state attestation and related device

Similar Documents

Publication Publication Date Title
CN105227319A (en) A kind of method of authentication server and device
JP6463269B2 (en) Method, system, and computer program product for determining the geographical location of a virtual disk image running on a data center server in a data center
CN107133520B (en) Credibility measuring method and device for cloud computing platform
US9998438B2 (en) Verifying the security of a remote server
CN110874494B (en) Method, device and system for processing password operation and method for constructing measurement trust chain
EP3637297A1 (en) Securing firmware
CN109905360B (en) Data verification method and terminal equipment
CN112311718B (en) Method, device, equipment and storage medium for detecting hardware
CN109818730B (en) Blind signature acquisition method and device and server
CN103107996A (en) On-line download method and system of digital certificate and digital certificate issuing platform
CN110096887B (en) Trusted computing method and server
CN109586920A (en) A kind of trust authentication method and device
CN103269271A (en) Method and system for back-upping private key in electronic signature token
CN105303094A (en) Safety self-verification system of USB main control chip and safety self-verification method of USB main control chip
US20230289478A1 (en) Generating signed measurements
CN111695097A (en) Login checking method and device and computer readable storage medium
WO2021137769A1 (en) Method and apparatus for sending and verifying request, and device thereof
CN115664655A (en) TEE credibility authentication method, device, equipment and medium
CN111371726A (en) Authentication method and device for security code space, storage medium and processor
CN111901304A (en) Registration method and device of mobile security equipment, storage medium and electronic device
CN110830507A (en) Resource access method, device, electronic equipment and system
CN114117388A (en) Device registration method, device registration apparatus, electronic device, and storage medium
CN109784032B (en) Test equipment verification method, test equipment, verification equipment and storage device
CN110188530A (en) A kind of safety certifying method, device, equipment and readable storage medium storing program for executing
CN112000935A (en) Remote authentication method, device, system, storage medium and computer equipment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20160106

WD01 Invention patent application deemed withdrawn after publication