CN107395366A - A kind of Efficient Remote method of proof towards industry control credible calculating platform - Google Patents

A kind of Efficient Remote method of proof towards industry control credible calculating platform Download PDF

Info

Publication number
CN107395366A
CN107395366A CN201710671181.4A CN201710671181A CN107395366A CN 107395366 A CN107395366 A CN 107395366A CN 201710671181 A CN201710671181 A CN 201710671181A CN 107395366 A CN107395366 A CN 107395366A
Authority
CN
China
Prior art keywords
credible
platform
private key
remote
signature
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710671181.4A
Other languages
Chinese (zh)
Inventor
高明超
岳笑含
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenyang East Green Technology Co Ltd
Original Assignee
Shenyang East Green Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenyang East Green Technology Co Ltd filed Critical Shenyang East Green Technology Co Ltd
Priority to CN201710671181.4A priority Critical patent/CN107395366A/en
Publication of CN107395366A publication Critical patent/CN107395366A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention relates to information security field, more particularly to a kind of Efficient Remote method of proof towards industry control credible calculating platform.It can solve the problem that credible calculating platform remote certification method disposes the problems such as difficulty is big and real-time is low under industrial control condition.The easy deployment of method of proof and real-time in the case where being able to ensure that industrial control condition on the basis of realizing remote proving.Towards the Efficient Remote method of proof of industry control credible calculating platform;Comprise the following steps:Private key, which is issued, is centrally generated remote proving associated cryptographic parameter;Private key issues center and issues signature private key to credible platform module TPM;Credible platform client remote proves the security of credible platform client;The validity of remote validation end server authentication remote proving.

Description

A kind of Efficient Remote method of proof towards industry control credible calculating platform
Technical field
The present invention relates to information security field, is demonstrate,proved more particularly to a kind of Efficient Remote towards industry control credible calculating platform Bright method.
Background technology
As Internet technology, the fast development of technology of Internet of things and made in China 2025, industrial 4.0 revolutions are arrived Come, the demand that industrial control system is connected to information network increasingly increases, therewith the information security issue of caused industrial control system Become to become increasingly conspicuous.And the industrial control system of early stage isolated island formula in communications protocol, operating system, peace pipe strategy and management process, answer The potential safety hazard buried with software etc. make it that industrial control system information security is filled with flaws, " the shake net Iranian from 2010 (Stuxnet) " by 2016, German Gong Deleiminggen nuclear power stations found " W32.Ramnit " virus for viral outburst, had triggered each Extensive concern of the state to industrial control system information security.To ensure computing terminal security Trusted Computing Group (Trusted Computing Group, TCG) concept of trust computing is proposed, and the standard for having formulated correlation is used to ensure calculating platform Security.
To prove platform credible in trust computing standard, TCG proposes two kinds of remote certification methods, first, directly hideing Name authentication method, but this method be based on a variety of cryptography prototypes and it is complex be not easy deployment realize;Second, it is based on privacy CA The certification of (Privacy Certification Authority), the program have continued to use PKI (Public KeyInfrastructure) architectural framework, but at present not yet with the presence of available business prototype and overall architecture performance issue. Above two method is to ensure the privacy of platform user, therefore and architecture complexity more low in aspect of performance, nothing Method meets the real-time and availability required by industrial control field, especially, under Industry Control scene, without to industry control meter Calculate platform user and carry out secret protection.
The content of the invention
The defects of present invention exists aiming at prior art, there is provided the Efficient Remote towards industry control credible calculating platform is demonstrate,proved Bright method, it can solve the problem that credible calculating platform remote certification method deployment difficulty is big under industrial control condition and real-time is low etc. Problem.The easy deployment of method of proof and real-time in the case where being able to ensure that industrial control condition on the basis of realizing remote proving.
To achieve the above object, the present invention adopts the following technical scheme that;Including:
Credible platform client, remote validation server and private key issue center.
The credible platform client is including credible platform module TPM (Trusted Platform Module) and remotely Prove module.
Described remote validation server is used to verify the signature value that credible platform client is generated, to pass through checking Credible platform client provides service.
Described private key issues center and is used to according to the unique ID of TPM be that credible platform client issues signature private key, is responsible for The management (including search and cancel) of TPM unique ID values.
Described credible platform module TPM is not direct to be interacted with outside entity, is realized by remote proving module and outer The interaction of boundary's inter-entity;Described remote proving module assists credible platform module TPM to issue center acquisition according to it to private key The signature private key of unique ID generations, the platform where proving client to remote validation server using the signature private key of acquisition are Credible platform.
Further, described credible platform client is:Under industrial control condition, the calculating platform visitor for industry control The embedded credible platform module TPM in family end, and (software and hardwares of all devices) must follow the standard of Trusted Computing Group proposition.
Further, described unique ID, it is to be formulated when credible platform module safety chip dispatches from the factory by manufacturer Global unique ID value.
Further, described signature private key is issued center by private key and issued for credible platform module TPM, is stored in TPM Inside safety chip;Credible platform client can use private key generation signature value to prove its platform to remote validation server Credibility, the signature private key can allow credible platform client to prove that it possesses credible platform module to remote validation server TPM, the credibility of platform are ensured by credible platform module TPM and client platform configuration information.
A kind of Efficient Remote method of proof towards industry control credible calculating platform;Comprise the following steps:
Step 1:Private key, which is issued, is centrally generated remote proving associated cryptographic parameter;Comprise the following steps:
Step 1-1:Based on the Bilinear Pairing on elliptic curve, rank is selected as the multiplicative cyclic group G of prime number p, makes the g be The generation member of cyclic group, and have e:G×G→GTSet up, wherein e is bilinear map, GTFor Maps Group.
Step 1-2:Randomly choose a master keyWhereinFor rank p integer fields, and calculate public key pk= gmk
Step 1-3:Select two hash functions:Hash2:{ 0,1 }*→ G, wherein { 0,1 }*Random length binary stream is represented,Represent multiplicative group.
By above-mentioned steps, it is (g, pk, Hash that private key, which issues the open parameter being centrally generated,1, Hash2), privately owned parameter is Master key mk.
Step 2:Private key issues center and issues signature private key to credible platform module TPM, comprises the steps of:
Step 2-1:According to credible platform module TPM unique ID value id, Hash is utilized2Calculate signature verification key vk= Hash2(id)。
Step 2-2:According to credible platform module TPM unique ID value id, and master key mk, Hash is utilized2Calculate label Name private key sk=(Hash2(id))mk
Step 2-3:Signature private key sk is stored in credible platform module TPM key storage area.
Private key issues center and generates signature private key for credible platform module TPM, and is stored in TPM internal non-volatiles and deposits In storage area, TPM reads the signature private key and carries out corresponding calculating operation when carrying out remote proving.
Step 3:Credible platform client remote proves the security of credible platform client;Comprise the steps of:Remotely Verifying end server carries out security requirement verification to the credible platform client platform configuration information of request service on the one hand; On the other hand verify whether the platform is credible platform;Therefore remote validation end server is initiated long-range to credible platform client Request is proved, the content of the remote proving request includes:PCR (Platform corresponding to platform configuration information Configuration Register, PCR) sequence number, the signature value to PCR value.
Step 3-1:Choose a random numberTo ensure message freshness.
Step 3-2:Signature value relevant parameter is calculated using the signature private key of credible platform module TPM storage insides, including: Sign the first element u=gr, signature second element v=vkr×skh, wherein cryptographic Hash h=Hash1(mPCR, u), mPCRFor platform Configuration information.
Step 3-3:By signature value σ=(u, v) and platform configuration information mPCRAs remote proving, it is sent to and remotely tests Demonstrate,prove server.
Step 4:The validity of remote validation end server authentication remote proving, is comprised the steps of:
Step 4-1:After receiving signature value and platform configuration information, judge whether platform configuration information meets related peace Full demand, following step is carried out if meeting, otherwise flow terminates, and handles the safety problem according to corresponding security strategy.
Step 4-2:H'=Hash is calculated according to signature value and platform configuration information1(mPCR, u).
Step 4-3:According to remote validation end server end reserve on the unique ID of the TPM corresponding to signature verification it is close Key, checking e (vk, u × pkh′Whether)=e (g, v) equation is set up:If invalid, it is invalid signature to show the signature;It is no Then show that signature is effective, further indicate that the security and credibility of the credible platform client.
Beneficial effect of the present invention compared with prior art.
To solve to be difficult to dispose existing for the credible calculating platform remote proving in industrial control condition, degraded performance and The problems such as real-time is not strong, the present invention proposes the Efficient Remote method of proof towards industry control credible calculating platform, in this method In, the entity being related to issues center, remote validation server and credible platform client including private key, with reference to the number of identity-based Word signature algorithm, give and be easy to deployment, the remote certification method that easy to implement, performance is higher, real-time is stronger, it is especially suitable In industrial control condition.
Brief description of the drawings
The present invention will be further described with reference to the accompanying drawings and detailed description.The scope of the present invention not only limits to In the statement of herein below.
Fig. 1 is a kind of Efficient Remote method of proof structural representation towards industry control credible calculating platform of the invention.
Fig. 2 is a kind of Efficient Remote method of proof general flow chart towards industry control credible calculating platform of the invention.
Fig. 3 is that a kind of private key center of issuing of Efficient Remote method of proof towards industry control credible calculating platform of the invention is issued Send out signature private key flow chart.
Fig. 4 is a kind of credible platform client of Efficient Remote method of proof towards industry control credible calculating platform of the invention Remote proving flow chart.
Fig. 5 is a kind of remote validation end service of Efficient Remote method of proof towards industry control credible calculating platform of the invention Device remote proving verifies flow chart.
Embodiment
A kind of embodiment is provided, the method structural representation of the present embodiment, as Figure 1-5.Fig. 1, including industry control are credible Calculating platform (by credible platform module TPM, credible platform groups of clients into), remote validation server and private key are genuinely convinced in issuing Business device.Described credible platform client is connected by EPA each other with remote validation server, described private Key is issued centrally and remotely authentication server and connected each other by Internet.
The present embodiment uses the Efficient Remote method of proof towards industry control credible calculating platform, as shown in Fig. 2 including following Step:
S101:Start.
S102:Private key issues central server and issues signature private key for creditable calculation modules TPM.
S103:Credible platform client with creditable calculation modules TPM interactive computing signature values by being used as platform credible Remote proving.
S104:Remote validation server receives remote proving, and the public ginseng of central server offer is issued using private key Number checking proves validity.
Specifically, S101 includes step 1 and step 2 again.
Step 1:Private key, which is issued, is centrally generated remote proving associated cryptographic parameter.
The private key center of issuing needs to generate associated cryptographic parameter to perform the specific algorithm of identity-based digital signature, this The Bilinear Pairing group that embodiment uses is based on Barreto-Naehrig (BN) elliptic curves E:y2=x3+b。
For b ≠ 0, wherein order of a curve and finite field can be defined by following multinomials:
Q (s)=36s4-36s3+18s2-6s+1;
P (s)=36s4-36s3+24s2-6s+1;
To generate above-mentioned elliptic curve E, first by randomly select s values come the polynomial value q (s) of above-mentioned two with P (s) is prime number, then chooses b values to generate a rank be q finite fields FpOn elliptic curve.In the present embodiment, build ellipse Circular curve choose parameter be:S=-7493989779944505618, b=18, q (s) and p (s) value size are 256-bit, To meet 128-bit level of security.
Based on the curve, curve E (F are chosenp) on rational point (Rational Points) be used as group G;Choose finite fieldQ ranks subgroup as group GT, wherein finite fieldOn element by one on multinomial X12+ 6 polynomial basis comes Represent.Utilize the group G and G of generationT, it is possible to achieve Ate Bilinear Pairing algorithms, that is, there is e:G×G→GTSet up, wherein e is Bilinear map, GTFor Maps Group.
Step S201:One first g ∈ G of generation of random selection, master keyWhereinFor rank p integer fields, and Calculate public key pk=gmk
Step S202:Select two hash functions:Hash2:{ 0,1 }*→ G, wherein { 0,1 }*Random length binary stream is represented,Represent multiplicative group, in the present embodiment, Hash1For SHA-256, Hash2For SHA-128。
By above-mentioned steps, it is (g, pk, Hash that private key, which issues the open parameter being centrally generated,1, Hash2), privately owned parameter is Master key mk.And open parameter is utilized from signature key generation digital certificate Certpp
Step 2:Private key issues central server and generates signature private key to credible calculating platform module.
Without loss of generality, private key is issued center and is generally responsible for by credible calculating platform module TPM manufacturers, is given birth in TPM During production, private key is injected into chip by hardware devices such as private key rifles.Specific key produces flow chart such as Fig. 3 It is shown, by step S102 to step 3 is undergone between step S103, specifically comprise the steps of:
Step S301:According to credible platform module TPM unique ID value id, similar MAC Address addressing rule can be used raw Into the ID values, Hash is utilized2Calculate signature verification key vk=Hash2(id)。
Step S302:According to credible platform module TPM unique ID value id, and master key mk, Hash is utilized2For this TPM calculates signature private key sk=Hash2(id))mk
Step S303:Signature private key sk is stored in credible platform module TPM key non-volatile storage area.
By above-mentioned steps, private key issues center and generates signature private key for credible platform module TPM, and is stored in TPM In internal non-volatile memory block, TPM can be read the signature private key and carry out corresponding calculating operation when carrying out remote proving.
Step 3:Industry control credible calculating platform proves its security to remote validation server.
In the present embodiment, industry control credible calculating platform is mainly by credible platform client and credible calculating platform module TPM is formed.When remote validation server before remote service is provided for industry control credible calculating platform, it is necessary to verify the platform Credible and security, the validity of credible platform module TPM AIK certificates is first verified that, that is, ensures the credibility of the platform, Secondly the security of user platform, remote proving flow chart are verified according to the platform configuration register PCR value of platform offer As shown in Figure 4.By step S103 to step 4 is undergone between step S104, specifically comprise the steps of:
Step S401:PRNG chooses a random number inside credible platform client call TPM For ensuring message freshness.
Step S402:Credible platform client call credible platform module TPM remote provings are instructed, and random number r is made For remote proving challenging value.After TPM receives instruction, signature value relevant parameter, bag are calculated by the signature private key of storage inside Include:Sign the first element u=gr, signature second element v=vkr×skh, wherein cryptographic Hash h=Hash1(mPCR, u), mPCRIt is flat Platform configuration information, it is stored in TPM inside panel configuration information registers PCR.
Step S403:Credible platform client is by signature value σ=(u, v) and platform configuration information mPCRAs long-range card It is bright, it is sent to remote validation end server.
Step 4:Remote validation server authentication remote proving.
Remote validation server is after the remote proving of industry control credible calculating platform transmission is received, it is necessary to according to the platform Based on credible platform module TPM issue downloading digital certificate Cert at central server from private keyppFor follow-up long-range card Bright verification;As shown in figure 5, by after S104 through going through following steps:
Step S501:Remote validation server issues center downloading digital certificate Cert from private keypp, including:Private key Issue open parameter (g, pk, the Hash being centrally generated1, Hash2)。
Step S502:Remote validation server first determines whether platform configuration information mPCRWhether associated safety demand is met, if Meet, carry out following step, otherwise flow terminates, and handles the safety problem according to corresponding security strategy.
Step S503:H '=Hash is calculated according to signature value and platform configuration information1(mPCR, u).
Step S504:According to remote validation end server end reserve on the unique ID of the TPM corresponding to signature verification it is close Key, verifies whether following equatioies are set up:E (vk, u × pkh′)=e (g, v), if invalid, it is invalid label to show the signature Name;Otherwise show that signature is effective, further indicate that the security and credibility of the credible platform client.
If meeting the demand for security of remote validation server, checking is above passed through, then remote validation server is true Believe the credibility and security of the credible platform, and service is provided for the industry control credible platform.
It is understood that above with respect to the specific descriptions of the present invention, it is merely to illustrate the present invention and is not limited to this Technical scheme described by inventive embodiments, it will be understood by those within the art that, still the present invention can be carried out Modification or equivalent substitution, to reach identical technique effect;As long as meet use needs, all protection scope of the present invention it It is interior.

Claims (9)

  1. A kind of 1. Efficient Remote method of proof towards industry control credible calculating platform, it is characterised in that including:
    Credible platform client, remote validation server and private key issue center;
    The credible platform client includes credible platform module TPM and remote proving module;
    Described remote validation server is used to verify the signature value that credible platform client is generated, to pass through the credible of checking Platform client provides service;
    Described private key issues center and is used to according to the unique ID of TPM be that credible platform client issues signature private key, is responsible for TPM only The management of one ID values;
    Described credible platform module TPM is not direct to be interacted with outside entity, is realized by remote proving module real with the external world Interaction between body;Described remote proving module assist credible platform module TPM to private key issue center obtain it is unique according to its The signature private key of ID generations, the platform where proving client to remote validation server using the signature private key of acquisition is credible Platform.
  2. 2. a kind of Efficient Remote method of proof towards industry control credible calculating platform according to claim 1, its feature exist In:Under industrial control condition, the embedded credible platform module TPM of calculating platform client for industry control, and must follow can Believe the standard that computation organization proposes.
  3. 3. a kind of Efficient Remote method of proof towards industry control credible calculating platform according to claim 1, its feature exist In:Described unique ID, it is the global unique ID value formulated when credible platform module safety chip dispatches from the factory by manufacturer.
  4. 4. a kind of Efficient Remote method of proof towards industry control credible calculating platform according to claim 1, its feature exist In:Described signature private key is issued center by private key and issued for credible platform module TPM, is stored in inside TPM safety chips.
  5. 5. a kind of Efficient Remote method of proof towards industry control credible calculating platform according to claim 1, its feature exist In comprising the following steps:
    Step 1:Private key, which is issued, is centrally generated remote proving associated cryptographic parameter;
    Step 2:Private key issues center and issues signature private key to credible platform module TPM;
    Step 3:Credible platform client remote proves the security of credible platform client;
    Step 4:The validity of remote validation end server authentication remote proving.
  6. 6. a kind of Efficient Remote method of proof towards industry control credible calculating platform according to claim 5, its feature exist In the step 1 comprises the following steps:
    Step 1-1:Based on the Bilinear Pairing on elliptic curve, rank is selected as the multiplicative cyclic group G of prime number p, makes g as circulation The generation member of group, and have e:G×G→GTSet up, wherein e is bilinear map, GTFor Maps Group;
    Step 1-2:Randomly choose a master keyWhereinFor rank p integer fields, and calculate public key pk=gmk
    Step 1-3:Select two hash functions:Hash2:{ 0,1 }*→ G, wherein { 0,1 }* Random length binary stream is represented,Represent multiplicative group;
    By above-mentioned steps, it is (g, pk, Hash that private key, which issues the open parameter being centrally generated,1, Hash2), it is close based on privately owned parameter Key mk.
  7. 7. a kind of Efficient Remote method of proof towards industry control credible calculating platform according to claim 5, its feature exist In the step 2 comprises the steps of:
    Step 2-1:According to credible platform module TPM unique ID value id, Hash is utilized2Calculate signature verification key vk=Hash2 (id);
    Step 2-2:According to credible platform module TPM unique ID value id, and master key mk, Hash is utilized2Calculate signature private key Sk=(Hash2(id))mk
    Step 2-3:Signature private key sk is stored in credible platform module TPM key storage area;
    Private key issues center and generates signature private key for credible platform module TPM, and is stored in TPM internal non-volatiles memory block Interior, TPM reads the signature private key and carries out corresponding calculating operation when carrying out remote proving.
  8. 8. a kind of Efficient Remote method of proof towards industry control credible calculating platform according to claim 5, its feature exist In the step 3 comprises the following steps:
    Step 3-1:Choose a random numberTo ensure message freshness;
    Step 3-2:Signature value relevant parameter is calculated using the signature private key of credible platform module TPM storage insides, including:Signature First element u=gr, signature second element v=vkr×skh, wherein cryptographic Hash h=Hash1(mPCR, u), mPCRFor platform configuration Information;
    Step 3-3:By signature value σ=(u, v) and platform configuration information mPCRAs remote proving, remote validation clothes are sent to Business device.
  9. 9. a kind of Efficient Remote method of proof towards industry control credible calculating platform according to claim 5, its feature exist In the step 4 comprises the following steps:
    Step 4-1:After receiving signature value and platform configuration information, judge whether platform configuration information meets associated safety need Ask, following step is carried out if meeting, otherwise flow terminates, and handles the safety problem according to corresponding security strategy;
    Step 4-2:H '=Hash is calculated according to signature value and platform configuration information1(mPCR, u);
    Step 4-3:According to remote validation end server end reserve on the unique ID of the TPM corresponding to signature verification key, test Demonstrate,prove e (vk, u × pkh′Whether)=e (g, v) equation is set up:If invalid, it is invalid signature to show the signature;Otherwise show Signature is effective, further indicates that the security and credibility of the credible platform client.
CN201710671181.4A 2017-08-08 2017-08-08 A kind of Efficient Remote method of proof towards industry control credible calculating platform Pending CN107395366A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710671181.4A CN107395366A (en) 2017-08-08 2017-08-08 A kind of Efficient Remote method of proof towards industry control credible calculating platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710671181.4A CN107395366A (en) 2017-08-08 2017-08-08 A kind of Efficient Remote method of proof towards industry control credible calculating platform

Publications (1)

Publication Number Publication Date
CN107395366A true CN107395366A (en) 2017-11-24

Family

ID=60355072

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710671181.4A Pending CN107395366A (en) 2017-08-08 2017-08-08 A kind of Efficient Remote method of proof towards industry control credible calculating platform

Country Status (1)

Country Link
CN (1) CN107395366A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107947927A (en) * 2017-12-07 2018-04-20 湖北文理学院 A kind of id password cipher key processing method and system
CN109409086A (en) * 2018-09-21 2019-03-01 中国科学院信息工程研究所 The device that return address is tampered in detection storehouse based on newly-increased instruction
CN109409083A (en) * 2018-09-21 2019-03-01 中国科学院信息工程研究所 The device that return address is tampered in detection storehouse
CN112468473A (en) * 2018-11-16 2021-03-09 创新先进技术有限公司 Remote certification method and device for trusted application program and electronic equipment
CN112583594A (en) * 2020-11-24 2021-03-30 北京数字认证股份有限公司 Data processing method, acquisition device, gateway, trusted platform and storage medium
CN114006691A (en) * 2020-07-13 2022-02-01 华为技术有限公司 Method and device for remote attestation

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101951388A (en) * 2010-10-14 2011-01-19 中国电子科技集团公司第三十研究所 Remote attestation method in credible computing environment
CN102594558A (en) * 2012-01-19 2012-07-18 东北大学 Anonymous digital certificate system and verification method of trustable computing environment

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101951388A (en) * 2010-10-14 2011-01-19 中国电子科技集团公司第三十研究所 Remote attestation method in credible computing environment
CN102594558A (en) * 2012-01-19 2012-07-18 东北大学 Anonymous digital certificate system and verification method of trustable computing environment

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107947927A (en) * 2017-12-07 2018-04-20 湖北文理学院 A kind of id password cipher key processing method and system
CN107947927B (en) * 2017-12-07 2021-02-19 湖北文理学院 Method and system for processing identification cipher key
CN109409086A (en) * 2018-09-21 2019-03-01 中国科学院信息工程研究所 The device that return address is tampered in detection storehouse based on newly-increased instruction
CN109409083A (en) * 2018-09-21 2019-03-01 中国科学院信息工程研究所 The device that return address is tampered in detection storehouse
CN112468473A (en) * 2018-11-16 2021-03-09 创新先进技术有限公司 Remote certification method and device for trusted application program and electronic equipment
CN112468473B (en) * 2018-11-16 2023-10-24 创新先进技术有限公司 Remote proving method and device for trusted application program and electronic equipment
CN114006691A (en) * 2020-07-13 2022-02-01 华为技术有限公司 Method and device for remote attestation
CN114006691B (en) * 2020-07-13 2023-02-28 华为技术有限公司 Method and device for remote attestation
CN112583594A (en) * 2020-11-24 2021-03-30 北京数字认证股份有限公司 Data processing method, acquisition device, gateway, trusted platform and storage medium
CN112583594B (en) * 2020-11-24 2023-03-31 北京数字认证股份有限公司 Data processing method, acquisition device, gateway, trusted platform and storage medium

Similar Documents

Publication Publication Date Title
CN107395366A (en) A kind of Efficient Remote method of proof towards industry control credible calculating platform
CN104811450B (en) The date storage method and integrity verification method of a kind of identity-based in cloud computing
Alladi et al. A lightweight authentication and attestation scheme for in-transit vehicles in IoV scenario
CN111147472B (en) Lightweight authentication method and system for intelligent electric meter under edge computing scene
CN110011795B (en) Symmetric group key negotiation method based on block chain
CN107659395B (en) Identity-based distributed authentication method and system in multi-server environment
CN103259662B (en) A kind of new allograph based on Integer Decomposition problem and verification method
US8452974B2 (en) Image processing apparatus, electronic signature generation system, electronic signature key generation method, image processing method, and program
CN103563288B (en) Single-round password-based key exchange protocols
CN112152792A (en) MTS-based mutually authenticated remote attestation
Chow et al. Server-aided signatures verification secure against collusion attack
CN103733564A (en) Digital signatures with implicit certificate chains
CN103765809A (en) Implicitly certified public keys
TWI608722B (en) Public key certificate method
CN105515778B (en) Cloud storage data integrity services signatures method
CN108390866B (en) Trusted remote certification method and system based on double-agent bidirectional anonymous authentication
CN104767611A (en) Signcryption method from public key infrastructure environment to certificateless environment
CN109951276A (en) Embedded device remote identity authentication method based on TPM
CN110932865B (en) Linkable ring signature generation method based on SM2 digital signature algorithm
CN116707956A (en) Zero knowledge proof-based internet of things equipment authentication method and device
Liang et al. Physically secure and conditional-privacy authenticated key agreement for VANETs
CN112804260B (en) Information transmission method and node based on block chain
CN109766716A (en) A kind of anonymous bidirectional authentication method based on trust computing
CN106534077B (en) A kind of identifiable proxy re-encryption system and method based on symmetric cryptography
CN107547199B (en) Method for realizing forward safety repudiation key exchange protocol for improving network competitive bidding system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171124