CN100543759C - Data storage and data retrieval based on public key encryption - Google Patents
Data storage and data retrieval based on public key encryption Download PDFInfo
- Publication number
- CN100543759C CN100543759C CN 200610059571 CN200610059571A CN100543759C CN 100543759 C CN100543759 C CN 100543759C CN 200610059571 CN200610059571 CN 200610059571 CN 200610059571 A CN200610059571 A CN 200610059571A CN 100543759 C CN100543759 C CN 100543759C
- Authority
- CN
- China
- Prior art keywords
- key
- ssp
- program
- data
- constraint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
On the one hand, obtain data from a calling program.Use public key encryption to comprise and the ciphertext of described data only allow one or more target programs to obtain described data from described ciphertext with generation.On the other hand, obtain a bit string from a calling program.An identifier checking described calling program is visited enciphered data in the described bit string ciphertext to determine whether to allow described calling program.By using public-key cryptography to make described data decrypted, and and if only if described calling program just returns to described calling program with described data when being allowed to visit described data.
Description
The application is the dividing an application of 03131208.X patented claim that is filed on April 17th, 2003.
Related application
The application requires by Paul England, Marcus Peinado and Bryan M.Willman on April 17th, 2002 the rights and interests of common that propose, the U.S. Provisional Application 60/373505 of " safe storage processor " by name, above-mentioned provisional application is used as reference here.
The disclosed a part of content of this part patent document comprises material protected by copyright.The copyright owner does not oppose to utilize any duplicating in patent document or the Patent publish with the form of the patent document of patent and trademark office or record, but the copyright owner keeps other all rights.
Technical field
The present invention relates to data storage and data retrieval, relate in particular to data storage and data retrieval based on public key encryption.
Background technology
Data on the protection computing machine, so that data only are provided for a suitable side, this is that the user pays special attention to.The data type that the user needs protection alters a great deal, for example relevant with work or private classified papers, Bank Account Number, credit card number, social insurance number or the like.In addition, for some third party, prevent that the data on illegal use or the calling party computing machine from being important too.For example, give rogue program or computer hacker thereby the credit card issue person wishes that credit number can be protected to be leaked, music company wishes that its song can prevent by piracy, and film studio wishes to prevent that its film is by piracy or the like.
Be the data on the protection computing machine, a solution is to give up universal computing device and use the special-purpose anti-interference box that is used to transmit, store and show secure content.Yet this solution is not practicable, because he stops the user to expand their computing machine (for example, the user can not install other component software and/or nextport hardware component NextPort on this anti-interference box).Therefore, it is necessary providing a kind of approach of on universal computing device data being protected.
Summary of the invention
Data storage and data retrieval based on public key encryption will be described hereinafter.
On the one hand, obtain data from a calling program.Use public key encryption to produce the ciphertext that comprises these data with the form that only allows one or more target programs from described ciphertext, to obtain described data.
On the other hand, obtain a bit string from a calling program.Check described calling program identifier visit enciphered data in the described bit string ciphertext to confirm whether to allow described calling program.Have only when described calling program is allowed to visit described data, these data are just decrypted by public-key cryptography, and turn back to described calling program.
Description of drawings
Identical tag application is represented identical assembly and/or feature in the entire chapter file.
Fig. 1 illustrates a typical access control model.
Fig. 2 represents to use an access controlled environments of four different brackets levels.
Fig. 3 is the process flow diagram that is used to carry out a typical operation of " locked in " operation.
Fig. 4 is the process flow diagram that is used to carry out a typical operation of open operation.
Fig. 5 is the process flow diagram that is used to carry out a typical operation of storage operation.
Fig. 6 is the process flow diagram that is used to carry out a typical operation of " locked in " operation.
Fig. 7 is the process flow diagram that is used to carry out a typical operation of referencing operation.
Fig. 8 is the process flow diagram that is used to carry out a typical operation of checked operation.
Fig. 9 is the process flow diagram that is used to carry out a typical operation of " locked in " operation.
Figure 10 is the process flow diagram that is used to carry out a typical operation of public-key cryptography " locked in " operation.
Figure 11 is the process flow diagram that is used to carry out a typical operation of general " locked in " operation.
Figure 12 explanation can be used for carrying out a general-purpose computer environment of technology hereinafter.
Embodiment
Fig. 1 illustrates a typical access control model 100.Main body 102 can produce a request of the protected resource of visit.Described request is received by a protective device 104, and this protective device control is to the visit of resource 106.Protective device 104 checks on the basis of the access strategy relevant with other information with described resource whether described request and decision authorize this request, such as the main body 102 of identification issue described request.Be better explanation, an independent main body 102, protective device 104 and resource 106 have been shown among Fig. 1.Yet, should illustrate that access control model 100 can comprise a plurality of main bodys 102, a plurality of protective device and 104 and/or a plurality of resource 106.
In the argumentation here, with the access control model 100 of explanation about on an independent computing equipment, carrying out.Yet clearly described, the different piece of model can be carried out on different computing equipments.For example, main body 102 can be on a computing equipment, and protective device 104 and resource 106 can be on other computing equipments.
Main body on a computing equipment and protective device can be classified as the many levels l of arbitrary number n
nFig. 2 represents an access controlled environments that uses four different layers.In one embodiment, layer l
1Relate to hardware or security kernel layer, layer l
2Relate to one and import/state out system (BIOS) layer substantially, layer l
3Relate to an operating system (OS) layer, layer l
4Relate to an application layer.
In example environment shown in Figure 2, lowermost layer (layer l
1) the protection Root Resource.Serve as next more high-rise in the protective device of main body, middle layer (layer l
2And l
3) in program serve as from the next one main body of request visit the low layer more.Described middle layer just can increase function for the main body in more high-rise.
For example, suppose the Root Resource 128 that the 120 expectation retrievals of a program are protected by protective device 126.Any request of program 120 loads is from the main body of the described Root Resource 128 of module 122 visits, a protective device of promptly serving as described resource.(for example, response is relevant with described resource in preceding request and utilize program 120 or layer I if module 122 has a copy of described resource 128
4In certain other program from protective device 126 preceding obtain or when module 122 is initialised or be written in the described computing equipment), whether 122 scrutiny programs of module 120 are allowed to retrieve described resource.If program 120 is allowed to retrieve described resource, then module 122 is returned described resource to program 120.
But if module 122 does not have the copy of described resource 128, then module 122 is served as the main body of request from the described Root Resource of module 124 visits, and module 124 is served as a protective device of described resource.If module 124 has a copy of described resource 128 (for example, by module 122 or at layer l
3In certain other module responds relevant with described resource preceding request from protective device 126 preceding acquisition or when module 124 is initialised or is written into described computing equipment), then module 124 checks whether modules 122 are allowed to retrieve described resource.If module 122 is allowed to retrieve described resource, then module 124 is returned described resource to module 122.
Yet if module 124 does not have a copy of described resource 128, module 124 is served as the main body of request from the described Root Resource of protective device 126 visits.Protective device 126 checks whether module 124 is allowed to retrieve described resource, and, if module 124 is allowed to retrieve described resource, then return described resource to module 124.If module 122 is allowed to retrieve described resource, then module 124 is returned described resource to module 122, and if program 120 is allowed to retrieve described resource, then module 122 is returned described resource to program 120.
In the argumentation here, for a plurality of references have been listed in the use of the access control model 100 of Fig. 1, to allow the verifying software operation.Usually, protected described resource is a key in the verification operation of software.Yet clearly, the software verification operation only is to use one of example of access control model 100.
Another example that uses access control model 100 is the checking to the computer user.State the present age computer residence mostly an access control system is arranged.A user signs in to computing machine, whom is so that this computing machine is known the user.After the login, the user moves the needed program of common access system resources (for example, read file, write window on the screen etc.).Usually, the described access control system of described computing machine conferred (for example, " and user X can be on resource Z executable operations Y? ").If answer is negated, just described program can not be visited described resource.
Another example that uses access control model 100 is the checking to the remote service user.Remote service such as website (for example, online broker people or bank) and so on can be considered to have access control system.Described resource is the People's Bank's account, their money and stock.A user signs in to after the described website, described access control system will determine whether described user is authorized to carry out the visit of its request, for example, to the visit (to retrieve up-to-date bank state) of " bank account data " resource, perhaps to one " transmission " visit of resource " in the bank account 12345 1000 dollars ".
Another example that uses access control model 100 is the constraint to the physical access in special building or zone.For example, when a user arrived the post morning, this user shows his/her certificate and request is operated resource " Qianmen " " opening ".Certain electronic system (protective device) determines according to institute's canned data on the certificate whether described user is allowed to enter this building and accordingly this door is carried out release.
If possible allow computer program (from a deciphering protective device or service protective device) obtain the protection visit at least one encrypt asset, then computing equipment enables the verification operation of a program (software).As mentioned below, in certain embodiments, enable to verify and the computing equipment of isolating enables verification operation.
If these 2 can both be satisfied, so, program C is referred to as and isolates mutually with another program D: (1) has the storer that can be visited by program C and can not be visited by program D, and (2) program D can not working procedure C (except a possible entrance of being determined by program C).Program is provided by its transformation rule (executable code) and its original state (entrance or instruction pointer IP initial value).Because data can be stored in the storer that can not be visited by program D, so, even the existence of the behavior of runing counter to of program D is arranged, described first program code that also can guarantee program C and status information complete.This point also allows program C to protect to come the confidential data (for example, key) in the observation of free program D.The described second promise D can not destroy the behavior of C by the entrance of selecting to run counter to.
In addition, if program C enables to discern the original state of transformation rule (program code) and program D, we can say that then program C can proving program D.Computing equipment can isolate any program C of program from any other program D, and an exception is the single program E of every layer of j<i
j, wherein i is the layer of program C.This can protect a plurality of programs to avoid the observation and the interference of arbitrary program, except the sequence E of protective device
1, E
2..., E
I-1Outside, program C asks to visit its resource by this protective device.And for any layer of i, described computing equipment can make a program carry out in layer i to verify some programs in layer i+1 at least.This request allows a program to serve as and the relevant protective device of request from theme in the described lower floor.These two observations have caused an inductive argument, and the program in promptly any layer can be asked to visit a resource by the predecessor to it and be protected their resource of its complete sum and verify the protective device of serving as resource from the request of the main body in the next layer by isolating.
Isolation can realize by using physical storage to protect.This approach is referred to as " isolation in the space " and " space isolation ".For example, the protection of ring in many Modern microprocessor and virtual memory is enough to the isolation in the implementation space.Can be application program (layer i+1) with the operating system kernel (layer i) of privileged mode operation and set up page table, thereby, Any Application can only access physical memory some part, this part is the selected described application program virtual address space of mirroring of described operating system kernel.And the privilege of described core constraint applies program is so that they can not change memory map, and the assurance application program only starts the execution of core code in the entrance (system call) of clearly stipulating.
Another kind realizes that the approach of isolating is in time to separate their execution between two-layer.This method relates to " in time separating " and " time separates ".A program among the ground floor i is fully implemented, and makes and can not obtain some resource, just stops then.Subsequently, control is transferred among the next layer i+1.
Verify between a plurality of layers (j=i+1) that occur in subsequently.The original state of the configuration of program C proving program (transformation rule) and j.Described program can be verified by making the program among the program C inspection layer j.That is, exemplary program C reads the storer of the program that comprises layer j, and calculates a secret summary in the scope of this storer.It should be noted that the purpose of this point only is to determine the identity of described code, rather than the statement of other main body of the relevant described code of assessment.Therefore, in this, certificate is not necessary.
Second original state that task is recognizer D of program C.Unusual difficulty when generally speaking, determining the original state of a program in any one execute phase.Therefore, the original state of program C control program D.In fact, this means if program C with the execution of δ state start-up routine D, so, program C only can determine the original state δ of program D.
In a word, for proving program D, program C checks that it thinks relevant memory content and calculate a secret summary.Afterwards, program C transmits the entrance of carrying out a clear and definite program D.
In described resource is under the situation of encryption key, and verification operation allows each operating system and application program exclusively to visit one or more secrets.Each secret of above-mentioned insulation blocking is avoided the attack of hostile code.The checking permission program of said procedure is identified, thereby each secret is merely able to the disclosed described program that has it of giving.
Usually, owing to provide a request from program (main body 102 of Fig. 1), protective device 104 is set up the identity (that is, protective device 104 is authorized described program) of described program.If described program is not owner's (resource 106) that request is maintained secrecy, then protective device 104 these requests of refusal.Otherwise protective device 104 calculates certain function (himself can be described secret) of described secret, and if possible, also further calculates by information that described program provided and returns described result.In other words, not clearly to receive or refuse to ask, protective device 104 can be the described request service, but the identity of described caller is assembled among the described result.This method that replaces is suitable, for example, if the described result who is returned by described protective device does not comprise security information (for example, using a secret to produce the request of digital signature).The item gate function is used to consult both of these case here.
In addition, in all cases, protective device 104 checking described callers (main body 102).The checking of main body 102 is also related to the function ID () here, and this function id () returns a summary of described calling program (gate function of this routine call protective device 104).Described summary can be generated by any ways customary, for example uses any one or a plurality of keyed Hash function (being also referred to as one-way Hash function), SHA1 (secret Hash operation rule 1) for example, and MD5 (informative abstract 5), MD2 (informative abstract 2), or the like; Use keying MAC (Message Authentication Code) or the like.
A class gate function described herein realizes enclosed storage.The purpose of enclosed storage is to allow the procedure stores secret, so that only one group of special one or more program (by the program defined of storage secret) can be retrieved described secret.The described secret of calculating functional recovery (unlatching) that the described secret of initial preservation (sealing) is only arranged in an example.Usually, these secret term of life will exceed the independent execution time limit of described program.Employed secret can be saved (sealing) or isolate during program is carried out once, and a randomizer also allows described program to keep described secret term of execution of time.Enclosed storage also allows a program all to keep secret from start to finish whole the term of execution, and these execution can not be overlapping immediately.By with lower interface (for example, use " sealing " and " unlatchings " to operate and/or public-key cryptography seals and the public-key cryptography open operation), layer l
iEnclosed storage is exposed to down one deck l
I+1
Argumentation about enclosed storage relates to the key that is used to encryption and decryption.These keys are keys relevant with the protective device that resource is being protected (for example, the protective device 104 of Fig. 1).
The argumentation here also relates to program identifier (for example, call an identifier of the program of an operation, or be allowed to visit an identifier of a target program of a resource).These identifiers often are referred to as summary here.Yet clearly, summary only is an example of program identifier.Can use other type of identifier, this identifier is a tolerance or other performance of program, and allows all detected to any change of program.If program (is for example changed to some extent; visit or utilize one or more instructions that the adversary changed of protected data for malice); then the described identifier of described program will reflect this change (for example, the identifier of the program of change will not be different from the identifier of the program of change).
Described " locked in " operation receives data (for example, secret) input that will be closed.Described " locked in " operation also can randomly receive as input when be used to discern and/or Xiang Hezhe discloses the condition of secret.In one embodiment, this condition is a summary of a target program, and this program is allowed to retrieval (unlatching) described data.In addition, be allowed to the retrieval (unlatching) described data program can otherwise be identified.For example, described program can be discerned by a public-key cryptography, thereby makes that each proof is relevant with one or more programs.
In addition, except or replace the identifier of described target program can also use other conditions.For example, described condition can comprise the special time-constrain of time correlation that can disclosed (unlatching) with described data, for example one day or many days the special time in the week during described secret can disclosed (unlatching).Again for example, in order to make described secret disclosed (unlatching), described condition can comprise the password that must be provided or the identifier of other data, and for example, described secret can only be known the program of password and open.
Again for example, described condition can be a logical formula (for example, writes on any statement in the first rank logic, write on any statement in the predicate logic or the like).Described logical formula evaluated (for example, passing through protective device) and have only when described assessment and return when really indicating, described secret is disclosed (unlatching).
Again for example, described condition can be executable program (for example, java, the C of certain language
*, Javascript, VBScript or the like).Program is performed (for example, passing through protective device), has only when described program is returned certain for the indication of " very " or " satisfying " described secret ability disclosed (unlatching).
Be that described " locked in " operation can use the summary of the described program of calling described " locked in " operation under the situation of summary of described target program in described condition, (impliedly importing the summary of described target program whereby) replaces providing the summary of described target program.In addition, the summary of multiple goal program can be imported into described " locked in " operation, allows the multiple goal program to disclose (unlatching) described data whereby.
Described " locked in " operation is encrypted the identifier of described caller with input (described data and permission disclose the condition of (unlatching) described data).Described " locked in " operation returns described input data with the form (as ciphertext) of an encryption.Described " locked in " operation also returns a value (for example, a Message Authentication Code (MAC) value), and this value can be used for verifying the integrality of described sealing data.The data that the data of being returned allow to be stored are cited in open operation subsequently, will further discuss hereinafter.
The pseudo-code that is used for described open operation describes in Table I.In the pseudo-code of Table I, ID () relates to ID discussed above () function, and e relates to the value that is returned to described calling program (for example, character string or bit sequence), and data relate to the data that are closed, and [t
1..., t
m] relating to the summary of one or more target programs, this target program allows to disclose (unlatching) described data (one or more other conditions in other words).
Table I
Fig. 3 is the process flow diagram that explanation is used to realize an exemplary process 200 of described " locked in " operation.Processing 200 is performed by the protective device among Fig. 1 104, and can realize with the form of hardware, software, firmware or its combination.
At first, receive the secret (step 202) that needs are closed from described calling program.Described secret is encrypted so that described secret can only be retrieved (step 202) by a special target program, and perhaps, if one or more specified conditions are satisfied, described secret can only be retrieved.The ciphertext that comprises encrypted confidential then is returned to described calling program (step 206).Additional information also can be returned to described calling program (separating as the part of described ciphertext or from described ciphertext), a summary of for example described calling program and/or described target program.
Described open operation receives a bit string as input, and this bit string is returned by described " locked in " operation when the described calling program of sealing is wished data retrieved now.Described open operation obtains to be used to disclose the condition of described data, and checks whether these conditions are satisfied.For example, if condition comprises the summary of the one or more target programs that are allowed to retrieval (unlatching) described data, then described open operation obtains these summaries and checks whether described calling program is one of one or more target programs.If described calling program is not one of one or more calling programs, then described open operation failure and the data of being asked are not returned to described calling program.Yet if described calling program is one of one or more target programs, described open operation success and described requested data are returned to described calling program.The summary that seals the program of described data is also returned arbitrarily by described open operation.
The pseudo-code that is used for open operation describes in Table II.In the pseudo-code of Table II, data relate to just requested data (and before being closed), [t
1..., t
m] relate to the summary (being one or more other conditions) of one or more target programs that is allowed to retrieval (unlatching) described data, e relates to the input (by previous typical case's output of a " locked in " operation) to described open operation, and d relates to the summary of the program of sealing described data.
Table II
Explanation is used to realize the process flow diagram of an exemplary process 220 of described open operation during Fig. 4.Processing 220 is performed by the protective device 104 of Fig. 1, also can realize by hardware, software, firmware or its combination.
At first, described caller ciphertext desired retrieval, that have enciphered data be retrieved (step 222).Make one about whether allowing described calling program to retrieve the inspection (step 224) of described data, and carry out based on whether allowing described calling program to retrieve the processing (step 226) of described data.If described calling program is allowed to retrieve described data, then described data (deciphering) are returned to described calling program (step 228).If described calling program is not allowed to retrieve described data, then described processing failure (step 230) and described data are not returned to described calling program.
Enclosed storage can realize by different modes.In one embodiment, realize enclosed storage by the nonvolatile memory that uses physical protection.In the present embodiment, described computing equipment links with the protective device with different piece of protected nonvolatile memory, and allows each protective device can only visit the part relevant with described protective device.In the present embodiment, call close with open operation in the storage that relates to search operaqtion so that described computing equipment can store respectively and the data of retrieving in the protected nonvolatile memory relevant with described protective device.
For example, a memory device (for example hard disk drive) can be realized a protective device.Not simply described memory device unconditionally to be carried out read write command, the main body (for example) of described this memory device of memory device identification attempt visit based on a summary of described main body, and only allow a described memory device of special principal access.In addition, different main body can be confined to the special part that can only visit described memory device (for example, special sector or address realm).
In another embodiment, realize enclosed storage by the art that accesses to your password.An exemplary embodiments of carrying out enclosed storage by the art that accesses to your password will be described below.
When the art that accesses to your password realized enclosed storage, described resource was a key K rather than by the storer of physical protection.Described storage operation is not physically to store its input.Opposite, described storage operation produces the output c of a cryptoguard, and this output c is an input with the storage operation of encryption and the appearance of Global Macros form.Described encryption is that a symmetric cryptography is applied to result in the described input.Back one characteristic is applied to a Message Authentication Code (MAC) in the described input by (before or after described input is encrypted) and obtains.
Explanation is used for the pseudo-code of storage operation in Table III.In the pseudo-code of Table III, b relates to the bit string that is imported in the storage operation, and c relates to the bit string of being exported by described storage operation.K1 relates to the first of key K, and K2 relates to the second portion of key K.Described key K is to realize the symmetric key of the protective device of sealing and storage operation.
Table III
Therefore, from Table III, can see, generate a value (m) by the bit string that a MAC is applied to be input in the described storage operation.Described MAC is used to a part (K1) of key K.The bit string that is input in the described storage operation is also encrypted by a second portion (k2) that uses key K.By described MAC being applied to described input bit string and encrypting the calling program that value that described input bit string generates is returned to described storage operation.
Described key K is divided into two independently key K 1 and K2, to avoid that MAC is used identical key with password.Any mode of this division in can be in many ways carried out.This division can be used the different position of key K or use one or more identical positions.For example, suppose that key K is 1024, then low 512 can be used as key K 1, and high 512 can be used as key K 2, (position 0,2,4,6, even-numbered position, 8,10 ... 1022) can be used as key K 1, (position 1, odd-numbered position, 3,5,7,9,11 ..., 1023) can be used as key K 2, low 650 can be used as key K 1, and high 650 can be used as key K 2 (causing some position can be used to K1 and K2) or the like.In addition, same key K can be used to MAC and password.
The pseudo-code that illustrates in the Table III by calculating described data MAC, enciphered data and export described MAC and described ciphertext realizes described storage operation.In addition, described storage operation can realize in a different manner.For example, described storage operation can at first be encrypted described data, calculates a MAC of described ciphertext then, and exports described ciphertext and described MAC.Again for example, described storage operation can be calculated the MAC of described data, encrypts described data and described MAC then, and exports described ciphertext.
The encryption of carrying out by the ciphertext of storage operation can realize by using different symmetric encipherment algorithms.Usually, symmetric encipherment algorithm uses same key to carry out encryption and decryption.For example, the algorithm that comprises triple des (data encryption standards), AES (Advanced Encryption Standard) etc.
Similarly, described MAC can be a Message Authentication Code arbitrarily, for example, in advance in cryptography---cipher machine ' 96, among " computer science " lecture notes No.1109 in promptly 1996, MAC described in the M.Bellare, R.Canetti and H.Krawczyk " hash function that is used for the use key of Information Authentication ".In addition, come integral body is protected by a public-key cryptography digital signature that substitutes a MAC.
Fig. 5 is the process flow diagram that is used to realize an exemplary processes 250 of described storage operation.Carry out processing 250 by the protective device among Fig. 1 104, and can realize with the form of hardware, software, firmware or its combination.
At first, receive data to be stored (step 252).Symmetric encipherment algorithm is applied to described data (step 254) and a Message Authentication Code (MAC) is applied to described data (step 256).Enciphered data that generates in step 254 and the MAC value that generates in step 256 are returned to described calling program (step 258).
Described search operaqtion receive comprise a MAC value and ciphertext the input bit string.Described ciphertext is decrypted with generation expressly, and generates a MAC value of described ciphertext.Received MAC value is identical if the MAC value of described plaintext is with the part of conduct input bit string, and then described plaintext is returned to described calling program.But received MAC value is different if the MAC value of described plaintext is with the part of conduct input bit string, and then described search operaqtion failure and described plaintext are not returned to described calling program.Clearly, depend on the mode that realizes described storage operation for the particular form that obtains the search operaqtion that described MAC and described ciphertext carry out from described input bit string.
Explanation is used for the pseudo-code of search operaqtion in Table IV.In the pseudo-code of Table IV, c relates to the bit string that is imported in the described search operaqtion, b relates to the bit string that is output in the described search operaqtion, m relates to the part MAC value of the bit string that is imported in the described search operaqtion, d relates to the part ciphertext of the bit string that is imported in the described search operaqtion, K1 relates to the first of described key K, and K2 relates to the second portion of described key K.With above the same in conjunction with the relevant argumentation of described storage operation, K1 and K2 are the same parts of described key K.
Table IV
Therefore, can see from Table IV that the bit string that inputs to described search operaqtion by deciphering generates a value (b).Received MAC value is identical if the MAC value that described search operaqtion generates inputs to the bit string of the part in the described search operaqtion with conduct, and then described value (b) is returned to the calling program of described search operaqtion, otherwise described search operaqtion failure.
Described pseudo-code in the Table IV is calculated the MAC of described data and is encrypted described data based on the realization of described storage operation in this storage operation, described MAC and ciphertext are output (with as the input bit string to described search operaqtion) together.If described storage operation is at first encrypted described data, then calculate a MAC of described ciphertext and export described ciphertext and MAC, then, the MAC that described search operaqtion will be calculated described ciphertext also and with the MAC that form was received that partly imports bit string compares, if described MAC value is complementary, then deciphers described ciphertext and return described data decryption.If described storage operation is used to calculate a MAC of described data, then encrypt described data and MAC, described then search operaqtion will be deciphered described input bit string, a MAC who calculates the data in the described input bit string then also compares a MAC in this MAC and the described deciphering character string, if described MAC value is complementary, then return described data.
Be similar to the above relevant argumentation of described storage operation, described search operaqtion can be used decipherment algorithm arbitrarily.Yet described decipherment algorithm should be corresponding with described cryptographic algorithm, so that described enciphered data can be decrypted.Similarly, Message Authentication Code can be used as described MAC arbitrarily, but used Message Authentication Code should be identical with the Message Authentication Code that described storage operation is used.
Fig. 6 is the process flow diagram that is used to realize an exemplary process 270 of described " locked in " operation.Protective device 104 among Fig. 1 is carried out and is handled 270, and can realize with the form of hardware, software, firmware or its combination.
At first, receive a ciphertext and MAC value (step 272).Described ciphertext is decrypted to generate clear data (step 274).A Message Authentication Code (MAC) is applied to described clear data generating a MAC value, and checks the MAC value (step 278) whether the MAC value that generates in the step 276 equals in the step 272 to be received.Handle (step 280) according to the MAC value whether the MAC value that is generated equals to be received.If the MAC value that is generated equals the MAC value that received, then described clear data is returned to described calling program (step 282).Yet,, handle failure and described clear data and be not returned described calling program if the MAC value that is generated is not equal to the MAC value that is received.
Therefore, the encryption method that is used for " locked in " operation has guaranteed that fully any error of value c (output of described storage operation) can both be detected, and if not to the visit of key K 2 (the employed key of password that is used for secret value b), value b (input of described storage operation) can not be retrieved.
Another kind of gating function realizes remote validation.The purpose of remote validation is, even also can proving program under the situation that does not arrive the strong physical coupling of demo plant (for example, using server or smart card).In this case, checking is based on password.That is, two entities form an encrypted authentication agreement.This comprises the checking configuration that can visit a secret, and this configuration is normally based on a private key or a symmetric key of described agreement.In addition, the identity property of the configuration of using and require this use (for example, processor and/or software) that described computing equipment can be secret with these checkings couples together.Therefore, described demo plant can set up described computing equipment and the described software carried out thereon identity property.
Referencing operation and public-key cryptography open operation are respectively the gating functions that is used for public-key cryptography signature and public-key cryptography deciphering.The protective device access signature key K s that realizes these gating functions conciliates secret keys Kd.Described signature key Ks conciliates secret keys Kd and also is referred to as open/right private key of private key.The disclosure/private key is to being to realize the described pair of secret keys of quoting with the protective device of public-key cryptography open operation.
Described referencing operation by described referencing operation input and a combination (for example, cascade) of a condition return a public-key cryptography signature, this condition identification when and/or described secret can disclosedly give what person.Similar with described sealing and the open operation above discussed, the disclosure of described secret is subject to any one condition of a plurality of conditions.In one embodiment, this condition is an identifier (for example being the summary of described calling program) of described calling program.
Having the described operation of expression in described signature inside is to be identified a proof of carrying out on the basis of the request of calling program.Described referencing operation and a verification operation work in concert, this verification operation normally go up and carry out being used to carry out equipment beyond the equipment of referencing operation (for example on remote server or smart card or the like).Described verification operation is carried out a public-key cryptography signature verification, and retrieves and assess the described calling program identifier of (and/or other is used to disclose the condition of described secret).
Explanation is used for the pseudo-code of referencing operation in Table V.In the pseudo-code of Table V, ID () relates to above-mentioned ID () function, and a relates to the data that are imported in the described referencing operation, and Ks relates to a signature key.
Table V
Therefore, as can be seen, described referencing operation obtains a summary of described calling program and receives an input value a from Table V.Described referencing operation uses signature key Ks to generate the digital signature (sn) of the summary of input value a and described calling program.Input value a can be generated by described calling program, perhaps can be a value that is received from another assembly or equipment (for example, will being performed the equipment of verification operation).Use public key encryption to generate described digital signature.
Fig. 7 is the process flow diagram that explanation is used to realize an exemplary process 300 of described referencing operation.Protective device among Fig. 1 is carried out and is handled 300, and can realize with the form of hardware, software, firmware or its combination.
At first, receive the input data from a calling program (step 302).Obtain an identifier (/ or a plurality of other condition that is used to retrieve described input data) (step 304) of this calling program and generate a digital signature (step 306), this digital signature is based on the combination of the identifier (and/or one or more other condition) of described input data and described calling program.
Described verification operation is carried out a public-key cryptography signature verification and is retrieved and assess the identifier of described calling program.Described verification operation receives a digital signature that is generated by a calling program usually from the equipment (for example, remote service equipment, smart card etc.) except that the equipment of carrying out verification operation.Described verification operation extracts the summary (for example, application program, operating system, firmware program etc.) of described program and assesses this summary and how to carry out with decision, and said procedure calls described referencing operation from the digital signature that is received.
Explanation is used for the pseudo-code 6 of described verification operation in Table VI.In the pseudo-code of Table VI, d relates to the summary of the program of calling described referencing operation, and a relates to the value that is imported in the described referencing operation, and Sn relates to the digital signature of the input of conduct that described verification operation receives.
Table VI
Therefore, from Table VI as can be seen, described verification operation receives a digital signature, and uses authentication secret Kv (this key is the open/right public-key cryptography of private key that comprises described signature key Ks) to extract described summary d and value a from described signature.Described verification operation can be assessed the summary d of the program of calling described referencing operation.The mode of assessment summary d can change.For example, described assessment can comprise with the summary d compare with the tabulation of " being checked and approved " or " trust " application program.
Fig. 8 is the process flow diagram that is used to realize an exemplary process 320 of described verification operation.Protective device 104 among Fig. 1 is carried out and is handled 320, and can realize with the form of hardware, software, firmware or its combination
At first, receive a digital signature (step 322).Marker character and the described input value itself of quoting the calling program (and/or one or more other condition that is used for retrieving described input value) of an input value (using described referencing operation) are extracted (step 324) from described digital signature.The identifier (and/or one or more other condition that is extracted) of assessing described calling program is to determine how to proceed described input value (step 326).
Described public-key cryptography open operation is a public key encryption version or one or more other condition of logic gating on the conforming basis of described caller (for example summary of described calling program).The public-key cryptography decrypted result that is imported into the input c in the described public-key cryptography open operation be interpreted as one to (d, s), wherein, s is a secret, d discerns the configuration (for example, the summary of a calling program) that can disclose s to it.If the caller that public-key cryptography is opened is not d, then described public-key cryptography open operation failure.One second public-key cryptography " locked in " operation generates the input c to described public-key cryptography open operation, and it can remove execution on the equipment the equipment of carrying out described public-key cryptography open operation (for example, remote service equipment, paper can block etc.).Described public-key cryptography " locked in " operation carry out to r (d, s) close will the encryption disclosed.Described public-key cryptography open operation and public-key cryptography " locked in " operation also can be used to realize enclosed storage.
Explanation is used for the pseudo-code of described public-key cryptography open operation in Table VII.In the pseudo-code of Table VII, ID () function relates to above-mentioned ID () function, and c relates to the input to described public-key cryptography open operation, [d1 ..., d
m] relate to the summary of one or more calling programs; s can disclosedly give this program (one or more in other words other program); s relates to described protected data; Kd relates to one and separates secret keys (private key of open/private key centering relevant with protective device, and this protective device is just being carried out described public-key cryptography open operation).
Table VII
Therefore, as can be seen, described public-key cryptography open operation uses public-key cryptography deciphering and described decruption key Kd to decipher described input value a from Table VII.Described deciphering input value comprise one or more be allowed to its disclose the calling program of described protected data s summary [d1 ..., d
m] (but or one or more identification protecting data s when disclosed and/or disclose other condition of giving what person).Described public-key cryptography open operation also generates a summary of described calling program.If the summary of described calling program and summary [d1 ..., d
m] one of equate that then described protected data is returned to described calling program.But, if the summary of described calling program and summary [d1 ..., d
m] in any one is all unequal, then described protected data is not returned to described calling program.
Fig. 9 is the process flow diagram that is used to illustrate the processing 340 that realizes described public-key cryptography open operation.Protective device 104 among Fig. 1 is carried out and is handled 340, and can realize with the form of hardware, software, a firmware or one combination.
At first, the ciphertext that has an enciphered data of the desired retrieval of described caller be retrieved (step 342).Check whether to allow described caller to retrieve described data (step 344), and whether be allowed to retrieve described data according to described caller and handle (step 346).If described caller is allowed to retrieve described data, then described data (decrypted by public-key cryptography) are returned to described caller (step 348).If described caller is allowed to retrieve described data, then described processing failure (step 350) and described data are not returned to described caller.
Described public-key cryptography " locked in " operation is a public key encryption scheme that obtains by the logic gating on the conforming basis of described caller (for example, the summary of described calling program, or one or more other program).Described public-key cryptography " locked in " operation is carried out a function to (wherein s is one or more configurations (for example, the summary of a calling program) that a secret and d identification can disclose described s to it for d, public key encryption s).
Explanation is used for the pseudo-code of described public-key cryptography " locked in " operation in Table VIII.In the pseudo-code of Table VIII, c relates to the output of described public-key cryptography " locked in " operation, [d1 ..., d
m] relating to the summary of one or more calling programs, s can disclosedly give this calling program, and s relates to described protected data, and Ke relates to an encryption key.
Table VIII
Therefore, from Table VIII as can be seen, described public-key cryptography " locked in " operation receive as the described protected data s of input and can to its disclose one or more programs of described protected data s summary [d1 ..., dm].Described function to [d1 ..., d
m], be that s is used based on the public key cryptography of described encryption key Ke and encrypts s.Described encryption key Ke is a public-key cryptography of attempting to decipher the described protective device of described ciphertext.Ciphertext from described public key encryption is returned to described calling program.
Figure 10 is the process flow diagram that explanation is used to realize an exemplary process 360 of described public-key cryptography " locked in " operation.Processing 360 is performed by a protective device 104 among Fig. 1, and can realize with the form of hardware, software, a firmware or one combination.
At first, receive a secret (step 362) that will be closed from a caller.If use public key encryption or one or more other condition to be satisfied, then encrypt described secret, thereby make described secret be retrieved (step 364) by a specific target program.The ciphertext that comprises described encrypted confidential is returned to described caller (step 366).Additional information also can be returned to described caller (as the part of described ciphertext or a part of separating with described ciphertext), for example the summary of described caller summary and/or described target program.
Described quoting with the public-key cryptography open operation attempts to be used to be connected the public-key cryptography indentification protocol.Most of public-key cryptography indentification protocols can be called any one in public-key cryptography deciphering, public key encryption, signature and the signature verification and directly revised by replacement, and public-key cryptography deciphering, public key encryption, signature and signature verification wherein is respectively by opening public-key cryptography, the public-key cryptography sealing, quoting and calling of verifying realized.
In some cases, obtaining a random number is very important (for example, as the basis that generates key).Random number can obtain by different ways.In one embodiment, the source of random number is a cipher random number generator of realizing with the computing equipment example, in hardware.
A selection as above-mentioned " locked in " operation is with described " locked in " operation and the general " locked in " operation that the random number generating run combines.The summary of the described target program of described general " locked in " operation reception conduct input [t1 ..., t
m], this target program can be retrieved described secret (thereby and/or must be satisfied other condition that makes that described secret can be retrieved).Described general " locked in " operation generates a random number and also seals newly-generated random number so that it can only by have the target summary [t1 ..., t
m] in the calling program (and/or other condition that is satisfied) of a summary retrieve.
Explanation is used for the pseudo-code of described general operation in Table I X.In the bit code of Table I X, ID () relates to above-mentioned ID () function, and c relates to the output of described general operation, and s relates to described newly-generated random number, [tl ..., t
m] relate to the one or more target programs (it is to call one of random procedure of described general operation) that are allowed to searching value s, one or more in other words other conditions, function G enRandom () relates to a function that generates a random number.
Table I X
Figure 11 is the process flow diagram that explanation is used to realize an exemplary process 380 of described general " locked in " operation.Processing 380 is performed by the protective device among Fig. 1 104, and can realize with the form of hardware, software, a firmware or one combination.
At first, the target program that can retrieve a secret maybe will be satisfied so that the caller of one or more conditions that described secret can be retrieved receives input (step 382) from being used to discern.Generate described secret (step 384) then, described secret is encrypted perhaps to be had only when one or more conditions are satisfied so that the target program that described secret can only be identified is retrieved (step 386), and described secret can be retrieved.Then, comprising that the ciphertext of described encrypted confidential is returned to described caller (as the part of described ciphertext or from the isolated part of described ciphertext), for example is a summary of described caller and/or the summary of described target program.
The service that is provided by a deciphering protective device can be used to general sealing service.For example, consult Fig. 1 and Fig. 2, in the initialization, layer n-1 discloses a single key and gives a layer n (for example, after the resetting and starts of described computing equipment, or before a program begins execution) based on the consistance of layer n.Layer n stores this key and uses it to encrypt additional secret.Next that is imported into identical configuration at described platform constantly, described deciphering protective device provides identical root key (for example, by opening or public-key cryptography is opened), and previous all encrypted secrets can be retrieved by tegillum n.
In certain embodiments, when one deck was initialised instantly, lower level disclosed one or more secrets (for example, after the resetting and starts of described computing equipment, or before a program begins execution) to described one deck down.After this gating disclosed, described lower level no longer was used (start or reset up to the next one).This uses a model and is called as the deciphering Protection Model.By using this deciphering Protection Model, the visit of described lower level is reduced.
Isolate service time and the space isolation, gating function described here can be conciliate the tight defense protection unit with the service protective device and be used.Four kinds of service models realizing verification operation are as described below: (1) service protective device---the space isolates; (2) the deciphering protective device---the space isolates; (3) the deciphering protective device---the time isolates; (4) the service protective device---the time isolates.In the service model described here, suppose that a more rudimentary protective device has disclosed one or more keys to the described protective device that is positioned at the layer place that be considered.The mode that obtains these keys depends on the isolation model of described protective device and the layer under it.Different layer in same computing equipment can use any different service model.
(1) the service protective device---the space isolates: during initialization, the consistance of requestor is measured and preserved to described protective device.The system call interfaces that described protective device uses processor service and one to represent described verification operation basic operation realizes a protection system (for example, a processor or other safe processor or common processor).
(2) the deciphering protective device---the space isolates: described protective device obtains the services request of encrypted code form when initialization.This point can be stored in the storer, obtains from external storage in other words.Described protective device is measured the consistance of initialize routine, and according to above-mentioned control function key is disclosed to program.Before the control of abandoning following one deck, described protective device is that self and its secret resource are set up the pattern protection.
(3) the deciphering protective device---the time isolates: described protective device obtains the services request (hyte) of password point form when initialization.This point can be stored in the storer, can obtain from external storage in other words.Described protective device is measured the consistance of initialize routine, and according to above-mentioned gating function key is disclosed to program.Before the control of transmitting these programs, described protective device deletion (otherwise it can not be inserted) is used to realize the key of described gating function.
(4) in the time isolation model, described computing equipment resets by safety and keeps program state safely service protective device---time isolates: at described service protective device---.This model and model (1) (the service protective device---the space isolates) are similar, yet before one deck, described service protective device is deleted its secret (making its loss of function up to restart next time) under control is delivered to.Following one deck will normally be carried out, and need ask a service from described protective device up to it.In this, its parameter with described request stores certain position in the storer into, and this position can make memory contents avoid one to reset or carry out one and reset.When described equipment is restarted, described service protective device obtains its secret, see that also (using its key) carries out described request, described key and any relevant information were lost efficacy, and the result that will calculate and control sends down one deck (layer of initial request service) to.
In certain embodiments, if a computing equipment support space is isolated, then described security kernel will disclose described basic (operation) sealing, unlatching, acquisition random number (being used to obtain a random number) and public-key cryptography and open (or quoting).Described security kernel can be realized a deciphering protective device or a service unit.On the other hand, if the described platform support time isolates, then described security kernel will provide a deciphering protective device, and realize described basic (operation) unlatching, general sealing and public-key cryptography unlatching (or quoting).
It should be noted that to set up based on sealing and unlatching or unlatching and general sealing basic operation and quote the function of opening with public-key cryptography.For example, manufacturer can be according at l
1The l that a realization is quoted or public-key cryptography is opened is made in middle general sealing that realizes and unlatching
2Program is also served as a main frame that is used for high-level software (for example, operating system).Described manufacturer can generate and seal the needed key of described service layer and itself and described equipment or CPU be loaded together onto ship (or make its online available).
Below be the exemplary illustration that a series of hardware are implemented, this enforcement can make platform support verification operation.More high-rise the same with in the described system, the I among lowermost layer Fig. 2
1) feature be: (a) secret keys resource, (b) have the right to visit the privilege sign indicating number of these keys and (c) controlled initialization of described layer.
Verification operation provides the strong constraint between program and the secret keys.In higher level, the protective device in the lower level guarantees this constraint.In lowermost layer, there is not can gating to visit the potential software protecting device of described platform secret.Therefore, another kind of engine is used to support described l
1Key and described l
1The association of program.A kind of approach of finishing this constraint is to make I1 software become not platform microcode or the firmware that changes with manufacturing and make described I
1Software is visited described I without restrictions
1Key.This platform microcode or firmware can be called as security kernel, and described l
1Key is called platform key.Described platform is designed to pass control to the predetermined safe core.The performance of described hardware also can be interpreted as disclosing to described predetermined security kernel the simple resource protective device of described platform key.
Described platform key and security kernel firmware can be the parts of described processor, also can utilize one or more assemblies of described computing equipment to realize (for example, safe handling itself or common processor, it also can carry out cryptographic operation).Described platform key and security kernel firmware can be implemented in an independent assembly, also can be implemented in a plurality of assemblies of described computing equipment.
Utilize verification operation, program is activated in a controlled original state.In higher level, the program of moving in lower level can begin in correct entrance to carry out.At l
1The place carries out this function by hardware.Usually, power supply rise or situation about resetting subsequently under, current processor begins to carry out by certain order of determining.For example, under the situation the simplest, described processor starts peek and the actuating code from a predetermined memory unit.For l
1, program can be started by hardware in a controlled original state, and this hardware guarantees that described security kernel is the code of carrying out (as a part of determining sequence) when starting.
In addition, there is not other platform status can destroy the execution of described security kernel.Reset and power supply rises to the cleared condition that described processor provides the good debugging of a firm process.As use in this example, the change that is used to start or calls the described platform status of described security kernel is called as a safety and resets.
In addition, equipment manufacturers will arrange the generation and the installation of platform key, and this key is used to realize l
1Sealing and unlatching.If described equipment is identified as the part of a PKI (public key infrastructure), described manufacturer also will guarantee to be used for a public-key cryptography of described platform.This can be directly by l
1An employed platform key, or the key that higher level is used.
The generation of key and authentication are described CPU manufacturers or such as the responsibility of some other department of the OEM that described CPU is assembled into an equipment, in addition, described responsibility should have a plurality of litiganies to share.
In case carry out described security kernel, then can use above-mentioned isolation engine to avoid itself execution at higher level place code.Isolation in the space generally includes the privileged mode support, and the isolation in the time generally includes the secret that is hidden in the high level.
On up-to-date processor, not needing the complementary platform support to come support space to isolate---existing privileged mode or level of privilege are enough (as long as allowing the hardware resource of the described platform key of visit can be protected to higher level).
For the support time isolates, the auxiliary described security kernel hidden described platform key before passing control to higher level that allows of hardware.In described time isolation model, provide an approach of platform key safety to be to use the state protection circuit that is called as reset latch.Reset latch is one and has that unlatching resets subsequently or the hardware circuit of power supply rising characteristic, but any software at any time can both be closed described latch.In case be closed, described latch just keeps closed condition to reset or the power supply rising up to the next one.The platform of realizing a time isolation safe core will be controlled a platform key visit under the reset latch state, and described security kernel will be closed described latch before passing control to higher level.As mentioned above, described security kernel also will be taked extra action, for example removed storer and register before transmitting control, but these action be identical with the use in more senior.
If described platform usage space is isolated, then described security kernel uses the infringement of privileged mode with the program (for example operating system) avoiding himself and its platform key to be subjected to it being received.And described security kernel is that calling of described verification operation set up a system call interfaces.
If described platform usage space is isolated, then described platform will comprise that also one can intact preservation safety reset so that parameter is sent to the storer of service routine.For calling a service, operating system is prepared an order and parameter block in the known storage unit of described security kernel, and carries out a safety and reset.If described operating system wishes to continue to carry out follow-up service call (simply restarting relative with), then this operating system and the described security kernel measurement that will add is to guarantee that it is by reliable and carry out safely.
Verification operation described here can be used to the security of multiple setting, and the service data of for example protecting personal data to avoid virus, protection secret is avoided network attack, network management, copy protection, reliable Distributed Calculation or the like.Described verification operation allows different programs, and these programs can be carried out on same computing machine and not need a special relation of trust, with the encrypt asset that has nothing to do with other software of protecting them.
Some following argumentations relate to a SSP (security services processor).In one embodiment, a SSP is a processor (being used for a computing equipment), and this processor provides the secret on basis to serve to a computing equipment (for example, described SSP support gating function (for example, the layer l among Fig. 2 described here
1)).Described SSP can use key, have that one or more described SSP just have (or be considered to just have) key.Described SSP can be the part of the CPU of described equipment, or one or more other processor.For example, described SSP can be separating chips or the integrated circuit (IC) in the computing equipment.
In different embodiment,, a SSP is a software program that quilt is suitably isolated, this program equally discloses identical functions caller to it with the embodiment of front.The embodiment of described SSP can (directly or indirectly) visit encryption key.For this visit is provided, there are many enforcement options to exist.For example, described SSP can be invoked at service or the deciphering protective device in the lower level.Perhaps described SSP can exclusive visit comprises certain part of the permanent storage (for example, hard disk, flash memory, ROM or the like) of the key of being asked.
In a word, in a higher level, a SSP is defined by being exposed to main functions.The protective device (as mentioned above) that SSP is an addressable key.Described SSP uses these keys to provide cryptographic services to its caller.Following part will be described the exemplary functions that SSP embodies.
Example operation
It below is argumentation to the embodiment of enclosed storage operation and remote validation operation.This part illustrates the embodiment of above-mentioned sealing, unlatching, application and public-key cryptography open operation.
Following being defined in this part used:
| Name | Type | Explanation |
| Summary | Byte [20] | 160 place values.The normally output of a SHA-1 hash function operation. |
| Secret | Byte [32] | 256 place values.Normally one is closed or is disclosed the secret that key seals. |
| Ordinal number | Integer | The ownership of the described operation of ordinal number component recognition of each input and output structure also determines whether it is one and inputs or |
| K | ||
| M | 256 keys | The key that is used for the |
| K | ||
| S | 256 keys | Be used to the AES key of sealing and opening |
| K U | 2048 * 3 | The RSA key that is used for the public-key cryptography unlatching is right |
| K Q | 2048 * 3 | The RSA key that is used to quote is right |
| R | 128 | Random number |
In addition, this part relates to that access strategy relates to and the part of back relates to the constraint cipher key operation.Described access strategy describes when described specific operation is functional (that is, when they will work).The user of a computing equipment optionally cuts off certain function.For example, described computing equipment (for example, SSP who realizes described " locked in " operation) comprises a register that is called as FeatureEnable.A position in the described register is called as MainEnable.If described user is provided with MainEnable for false, then in these parts, there is not function can work again.Which type of FeatureEnable the access strategy that each function comprises has been described at is provided with described function just to work.
Sealing
Definition
SSP_STATUS?Seal(
[in]SECRET?S,
[in]DIGEST?Targe[2],
[in]UNIT32?MaxLen,
[out]UNIT32
*?ActualLen,
[out]BYTE*SealedBlob
)
Parameter
Seal-Input::= SEQUENCE{
Ordinal INTEGER,
Secret Secret,
Target DigestPair}
Seal-Output::= SEQUENCE{
Ordinal INTEGER,
Status INTEGER,
Sealed-bolb OCTET?STRING}
Rreturn value
SSP_SUCCESS
Note
If followingly be evaluated as very, then described " locked in " operation forms the pass point (one group of position) that can only be deciphered by corresponding open operation:
● it is correct to encode?
● is MAC correct?
● does the current SK/SL of target by name (security kernel or the city preface of packing into safely) move during described " locked in " operation?
Unlatching has increased internal random so that the output of the " locked in " operation in the same input causes different results.This guarantees that unlatching can not be used as a hardware device identifier and use.Open the identifier that also comprises a program, when carrying out described sealing when providing complete information to described opening device, the described " locked in " operation of this routine call (for example, be kept at the summary of the calling program in the PCR register of described SSP, be also referred to as the PCR value here).
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsesymmKey==All|
FeatureEnable.UseSymmKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Described " locked in " operation is realized following function:
1. generate 128 random number R
2. make D () become described PCR[0] currency, D1=PCR[1]
3. M=HMAC[K makes a summary
M] (R ‖ S ‖ target ‖ D0 ‖ D1)
4.C=AES[K
S](R‖S‖Target‖D0‖D1‖M)
5. return the SSP_SUCCESS that has SealedBlob and give C
Open
Definition
SSP_STATUS?Unseal(
[in]BYTE*SealedBlob,
[in]UINT32?SealedBlobLen
[out]SECRET?S,
[out]DIGEST?Source
)
Parameter
Unseal-Input::= SEQUENCE{
Ordinal INTEGER,
Sealed-blob?OCTET?STRING}
Unseal-Output::= SEQUENCE{
Ordinal INTEGER,
Status INTEGER,
Secret Secret,
Source Digest}
Rreturn value
SSP_SUCCESS
SSP_UNSEAL_ERROR
Note
The point that one of the inner deciphering of described open operation is generated by described " locked in " operation is also checked following condition:
● it is correct to encode?
● during described " locked in " operation, be the currency of the described PCR of target by name?
If all check all successes, the PCR of then described secret and described locking device is returned; Otherwise return a UNSEAL_ERROR.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsesymmKey==All|
FeatureEnable.UseSymmKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Described open operation is carried out following function:
1.M=AES-1[K
S](SealedBlob)
2. M is interpreted as (BIT[128] R ‖ SECRET S1 ‖ DIGEST
Target()‖DIGEST?Target1‖DIGEST?Sealer()‖DIGEST?Sealer1‖
DIGEST?N).
3.DIGEST?D=HMAC[K
M](R‖S1‖Target()‖Target1‖
Sealer()‖Sealer1).
4.If(Target()!=PCR[0]‖Target1!=PCR[1])return
SSP_UNSEAL_ERROR?with?S,Source?set?to?zero.
5.If?D!=N?return?SSP_UNSEAL_ERROR?with?S,Source?set?to?zero.
6.Else?return?SSP_SUCCESS?with?S?set?to?S1?and?Souce?set?to
{Sealer(),Sealer1}.
Quote
Definition
SSP_STATUS?Quote(
[in]BITSTRING?d-ext,
[out]PKSingnature?SigBlob
)
Parameter
Quote-Input::={
Ordinal INTEGER,
d-ext DIGEST}
Quote-output::={
Ordinal INTEGER,
Status INTEGER,
Sig-blob PKSignature}
Rreturn value
SSP_SUCCESS
SSP_CRYPTO_ERROR
Note
Described referencing operation indicates described SSP that the D-EXT that is provided by the outside was signed with being connected of inner PCR value.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Described referencing operation is carried out following function:
1. described SSP constitutes an information M who is made up of the splicing of the content of identifier, D-EXT and the described PCR register of type of message QuoteMessage, under DER (special coding rule) coding situation:
SEQUENCE{
Message-type?PKMessage?Type,
d-ext Digest
pcr DigestPair
}
2. described SSP uses K
Q, PRIV and according to as the default value of the RSASSA-PSS-SIGND that in PKCS#V02.1, stipulates generate the message of signature through M.If described function returns an error message, then return and have the SSP_CRYPTO_ERROR that is set as zero SigBlob.
3. described SSP returns SSP_SUCCESS and described signature value, and this signature value is just to calculate rSASSA-PSS-Default-Identifier with the signature that is arranged in SigBlob to calculate together.
Public-key cryptography is opened
Definition
SSP_STATUS?PK_Unseal(
[in]PKCiphertext?SealedBlob,
[out]SECRET?Secret,
)
Parameter
PKUnseal-Input::={
Ordinal INTEGER,
Pk-sealed-blob PKCiphertext}
PKUnseal-output::={
Ordinal INTEGER,
Status INTEGER,
Secret Secret}
Rreturn value
SSP_SUCCESS
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
Note
Described public-key cryptography open operation adopts pass point one 416 bit length, special format.This point is decrypted, and if described deciphering and decoding successfully, then described 416 information are interpreted as the splicing of a secret value and described PCR value, and this splicing is allowed to receive described decrypted value.
If current PC R value equates with the value of defined in described secret point, then discloses described secret; Otherwise return an error message.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Described referencing operation is realized following function:
1. whether the described algorithm identifier that described SSP detects among the pk-seales-blob is ssp V1BoundKey.
2. described SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that stipulates in PKCS.
3., then return the SSP_BAD_DATA_ERROR that has by the secret of zero setting if the output of described decode operation is " decoding error ".
Otherwise, the information M that is recovered will have the following form according to DER coding:
SEQUENCE{
Message-type?PKMessage?Type,
secret Secret
target Digest}
And secret is made up of 256 (=32 eight bit bytes), and target is made up of 160 (=20 eight bit bytes).Described type of message is sspV1PKSealedMessage.If any one of these conditions is not satisfied, then return the SP_BAD_DATA_ERROR that has by the secret of zero setting.
=PCR returns the SP_BAD_DATA_ERROR that has by the secret of zero setting.
2. if target==PCR returns the SP_SUCCESS that has by the secret of zero setting.
The constraint cipher key operation
In addition, one group retrains key function or local setting of operation permission and evaluation encryption key (for example, utilizing SSP), and also allows key to communicate (for example, propagating into described SSP) from the remote portion of being trusted.
The following expression of function of constraint key:
1. (for example, SSP) directly visit one and retrain key at a service protective device at certain system layer place.Each constraint key has a correlated condition, and this condition determines which (a bit) protective device can visit described constraint key.This condition is impliedly explained.That is, described constraint key is encrypted, so that only one or more groups protective device utilizes described key to go to decipher it.
2. the service protective device that described constraint key is conducted interviews will ask to use the function of described constraint key (for example, signature, MAC, encryption, deciphering) to disclose to the main body in higher level.Each constraint key can have a relevant service condition, and in this case, described protective device will only be served the request of satisfying correlated condition.
3. the constraint key is comprised in the data structure of encrypted protection (also relating to the constraint key point here).The self-protecting of constraint key point also can be stored in the outside trusted context.
The constraint key has following advantage:
● each main body can be allowed to have the constraint key of oneself.And each main body can be allowed to have any a plurality of constraint key.For more superior prevention policies, this allows to be provided with in some applications and to improve secret.Therefore, protective device need not be confined to have only one or several key that is used to serve from the request of whole main bodys.
● described constraint key does not disclose to the device except that authorized protective device.Therefore, the infringement of a main body (for example, because a program error) will can not cause the infringement of any constraint key.In one embodiment, described service protective device (SSP) is realized with the form of hardware.If so, the constraint key can be owing to software malice or that do not strive for is compromised.
Described constraint key function provides the protection to encryption key.The constraint key can be generated by remote portion, or they can be provided with by local by the GenBoundKey order.
Can be sent one " quoting " by the local constraint key that generates proves, this proof can be used to remote portion provide described public-key cryptography type proof, generate Key Tpe proof, generate during the proof of machine state and the proof that retrains the condition (optional) (for example, summary) of described key.
The constraint key comprises one or more following key elements:
● the purposes of described key (for example, public-key cryptography unlatching, the deciphering of constraint public-key cryptography, constraint MAC, constraint encryption or constraint deciphering are quoted, retrained in constraint signature, constraint).This key element is optional.If comprised, this key element is defined as described constraint key can only be used together with the type function that is identified.
● a condition element (as mentioned above), it is defined in described constraint key just can be used under which kind of condition (being also referred to as constraint key service condition).For example, can be with the described condition of the formal representation of one or more program digest.In this case, the program that described constraint key must designated summary or its represent use.Another example of condition comprises aforesaid time-constrain, logical formula and executable program.This key element is optional.If this key element is left in the basket, just certain implied terms is enabled.For example, described implied terms can not limit the visit (empty condition) to described constraint key.
● allow to calculate encryption key (described constraint key) or some data of described key.
● (aforesaid) one or more conditions under this condition, can change the service condition of described constraint key.This change is also referred to as the constraint key migration, and this condition is a transition condition.This key element is optional.If this key element is left in the basket, just certain implied terms is enabled.For example, described implied terms can " be false " always, to such an extent as to described summary (if existence) can not be modified.
● one or more conditions, under this condition, one group of service protective device can directly visiting described constraint key can be modified.This change is also referred to as constraint key output, and this condition is an output condition one by one.This key element is optional.
The encipherment protection of constraint key
As above-mentioned (sealing, unlatching, public-key cryptography are opened) enclosed storage and proof function, the constraint key has identical encryption requirement.Particularly, the local constraint key that generates can be protected by arbitrary encryption execution of above-mentioned storage and retrieval functions.In all cases, the confidentiality of described constraint key self and the integrality of whole data structure are protected, with the use of guaranteeing to control described constraint key different condition not destroyed.As mentioned above, this can by symmetric cryptography have MACs or the difference of the public key encryption algorithm of digital signature in conjunction with realizing.In one embodiment, described constraint cipher key data structure is disclosed secret key encryption.
Function
In certain embodiments, the constraint key can be used to one or more array functions down:
● BoundSign (constraint signature)
● BoundQuote (constraint is quoted)
● BoundPKDecrypt (deciphering of constraint public-key cryptography)
● BoundPKUnseal (the constraint public-key cryptography is opened)
● BoundMAC (constraint Message Authentication Code)
● BoundEncrypt (constraint is encrypted)
● BoundDecrypt (constraint deciphering)
● GenBoundKey (universal constraining key)
● BoundKeyMigrate (constraint key migration)
● BoundKeyExport (output of constraint key)
In each above-mentioned function, described constraint key point (one group of position in the described data structure) and be included in the operated described data of key in the described constraint key point and be provided for the constraint key function with the form of parameter.If the use unit of this key is included in the described constraint key point, then described SSP guarantees that described constraint key is used to correct purpose (for example, a set key of type " BoundQuoteKey " can only be used in the BoundQuote operation).
In some were carried out, described constraint key was an open/right private key of private key.In these were carried out, described constraint key point can comprise described private key, allowed to calculate some data of described key in other words.For example, a private key section can be included in the described constraint key point, and this cipher key sections combines with corresponding public-key cryptography, can be used to reconstruct described open/the right private key of private key.
Described BoundSign operation receives a data input that will be used described constraint key signature.Described SSP recovers described dedicated signatures key according to described constraint key point, uses described recovery signature key then and generates a digital signature information based on described data input.Described then SSP exports described digital signature information.If the destroyed or any described constraint key service condition of described constraint key point is unsatisfactory, then described SSP does not carry out described operation.Under not by the situation of the private key that described SSP retrieved, use described recovery private key that digital signature is carried out in described data input.
Described BoundQuote operation receives the data that will be signed and the constraint key point as input.Described SSP from described constraint key point recover described private key and use described recovery signature key generate based on as above-mentioned referencing operation described to as described in a signature of the data input of operation and current PC R value (for example, identifier, such as a summary that calls the program that described BoundQuote operates).Described then SSP exports described digital signature information.If the destroyed or described constraint key of described constraint key service condition is not satisfied, then described SSP does not carry out described operation.In one embodiment, described BoundQuote class of operation is similar to described BoundSign operation, but its difference is that current PC R value is used in described BoundQuote operation.
Described BoundDecrypt operation receives a ciphertext and the constraint key point as input.Described SSP recovers described private key according to stating constraint key point, uses described recovery private key to go to decipher described input ciphertext then.Described then decrypting ciphertext is exported by described BoundPKDecrypt operation.If the destroyed or any described constraint key service condition of described constraint key is unsatisfactory, then described SSP does not carry out described operation.
Described BoundPKUnseal operation receives an input ciphertext and a constraint key point.Described SSP recovers described private key from described constraint key point, and as in above-mentioned described public-key cryptography open operation, uses this private key to go to decipher described input ciphertext.Then, the described data decryption of described BoundPKUnseal operation output.If the destroyed or described constraint key of described constraint key point service condition is not satisfied, then described SSP does not carry out this operation.
Described BoundMAC operation receives a data input of using described its MAC of constraint cipher key calculation.Receive a constraint key point.If the destroyed or described constraint key of described constraint key point service condition is not satisfied, then described SSP does not carry out described operation.Otherwise described SSP recovers described constraint key according to described constraint key point, and the data input of the constraint key that is resumed by use generates a Message Authentication Code (MAC).Then, the MAC after described SSP output is calculated.Therefore, under the situation of the constraint key that is not disclosed, can use recovery constraint key to calculate a MAC who is used for the data input by described SSP.
Described BoundEncrypt operation receives a data input, and it can use described constraint key to encrypt, and also receives a constraint key point.If the destroyed or described constraint key of described constraint key point service condition is not satisfied, then described SSP does not carry out described operation.Otherwise described SSP recovers described constraint key according to described constraint key point, and uses described recovery constraint key to encrypt described data input.Ciphertext after described SSP output is calculated.Therefore, under the situation of disclosed constraint key, can not used recovery constraint key to decipher described data input by described SSP.
Described BoundDecrypt operation receives a data input, and it can use described constraint key decrypted, and receives a constraint key point.If the destroyed or described constraint key of described constraint key point service condition is not satisfied, then described SSP does not carry out described operation.Otherwise described SSP recovers described constraint key according to described constraint key point, recovers the constraint key then and deciphers described data input.Plaintext after described then SSP output is calculated.Therefore, under the situation of disclosed constraint key, can not used recovery constraint key to decipher described data input by described SSP.
Described GenBoundKey operation makes described SSP that a new constraint key is set.This new constraint key is a cryptographic key, and generates a new constraint key point that comprises newly-generated key.Clearly, described constraint key point needn't comprise whole key always.For example, if newly-generated key be one open/private key is right, comprises in described constraint key point that then described private key is just enough.
Described new constraint key point must be one or more protective devices---the SSP that normally carries out described operation is (for example; be similar to above-mentioned storage function; the described new constraint key point of encipherment protection, on the contrary perhaps maintain secrecy described new constraint key point so that its can only be retrieved by described SSP).Described GenBoundKey operation also can have the parameter of determining described new constraint key point various aspects; and the form of describing data one Global Macros of these parameters (for example is attached to described newly-generated private key; generate data, as the part of described new constraint key point) on.As mentioned above, an example as this data comprises described transition condition and described constraint key service condition or the like.Described then new constraint key point is exported by described GenBoundKey operation.
Usually, a constraint key can make the cryptographic key of any kind, comprises that a symmetric key or one are open---and private key is right.Accurately Key Tpe relies on the constraint cipher key operation of using this Key Tpe.For example, in BoundMAC, use one constraint key will as one to becoming key, otherwise, a constraint key that in BoundSign, uses will as one open/the dedicated signatures key is right.Described Key Tpe can be defined as the parameter of GenBoundKey.
Described BoundKeyMigrate operation allows the service condition of a constraint key to be modified.Described SSP verifies whether one or more transition conditions are modified.In a plurality of conditions any one can be used (for example, be similar to the above-mentioned any condition about described sealing and open operation, when this condition can be discerned and/or which kind of data can be moved) together with described BoundKeyMigrate operation.If successfully do not carry out this checking, then described protective device is provided with a new constraint key point, and constraint key service condition wherein can be changed according to request.
The described SSP of described BoundKeyExport operation indication removes to change the one group of protective device (SSP) that can directly visit described constraint key.Described SSP verifies whether one or more conditions are satisfied.In a plurality of conditions any one can be used (for example, be similar to the above-mentioned any condition about described sealing and open operation, when this condition can be discerned and/or which kind of data can be moved) with described BoundKeyExport operation.If successfully do not make this checking, described operation failure.If successfully carried out this checking, then described SSP is according to the encipherment protection of request change to described constraint key point.In one embodiment, described SSP uses one or more new keys to encrypt described constraint key.
The maker of described constraint key (local or remotely) but a class example of rated condition is described constraint key can only be represented its program digest to have a main body of a special value and be used.In this case, after the retrieval of the inside of described constraint key point, described constraint cipher key operation is checked the summary of request body, and if described summary and regulation in described constraint key point different, then inefficacy with do not carry out additional calculations.
So that the cryptographic operation that continues, described constraint key point is connected usually or is bound on the specific SSP by means of unique key of the described specific SSP of request.For example, this operation can be MAC, digital signature, encryption, combined ciphering and integrity verification function.
Constraint cipher key operation example
In one embodiment, prove by the output that authorized organization issued by local migration proof or one and authorize a migration.This local migration proves an acquiescence based on the RSASSA-PSS-SIGN of following data structure:
Bound-migration-info::=SEQUENCE{
Source-bound-blob-digest?Digest,
Dest-PCR DigestPair
}
Use described BoundKeyMigrate to operate and ask local SSP migration.In order to authorize local migration, described SSP is provided a Bound-migration-info structure, and this structure relates to this constraint key and to a proof that suitably forms by structure that described authorized organization provided.If described migration proves acceptable, described SSP utilizes unchanged all other attributes of residue to retrain the key relevant with new PCR (for example, if initial unqualified described close medicine is a PCR value, just no longer like this when limiting again) again.Described source-bound-blob-digest is the summary by the external encryption form of described constraint key.
Realize described remotely migrating through for example having by the described BoundeyExport function of the Bound-export-info structure of described authorized organization signature:
Bound-export-info::=SEQUENCE{
Source-bound-blob-digest Digest
Dest-pubkey RSAPublicKey
Dest-PCR DigestPair
}
When a key was labeled to such an extent that can export, described authorized organization was under the control of described equipment that its key is subjected to retraining again or software fully.
Described constraint cipher key operation is used a PKCiphertext, and it is to use an encrypted type B ound-Key-blob sequence of following platform public encipherment key:
Bound-key-blob::= SEQUENCE{
Message-type PKMessageType,
Key-type Bound-key-type,
Bound-to-PCR BOOL,
Bound-to DigestPair,
Migrateable Bool,
Migrate-auth Digest,
Exportable Bool,
Export-auth Digest,
Pub-key-digest Digest,
Bound-key PKCmpressedPrivateKey}
Wherein:
Bound-key-type::= INTEGER{
BoundSignKey,
BoundQuoteKey
BoundDecryptKey,
BoundPKUnsealKey}
Described bound-to-PCR composition is a mark, and this mark points out whether described bound-to abstract fields is complementary so that use described constraint key with current PC R value.
{ migrateable, migrate-auth} point out whether described key is transportable, if then be subjected to the control (if not transportable, just then described migrate-auth value is inessential) of certain authority.
{ exportable, export-auth} point out whether described value is exportable, if then be subjected to the control (if not exportable, just then described export-auth value is inessential) of certain authority.Pub-key-digest is the summary of corresponding public-key cryptography, recovers the required strong combination of described private key to provide one between described PKCompressedPrivateKey and described public-key cryptography.
In an example, if come the local constraint key of creating by described GenBoundKey function, then described SSP creates a signature at auspicious data structure and the described system architecture of stating the open characteristic of described key that has just produced between constraint key period of output.
Bound-key-pub-info::=SEQUENCE{
Message-type PKMessageType,
//sspV1BoundKeyGenMessage
sig-nonce Digest,
key-type Bound-key-type,
bound-to-PCR BOOL,
bound-to DigestPair,
migrateable Bool,
migrate-auth Digest,
exportable Bool,
export-auth Digest,
creator-PCR DigestPair
bound-pub-key Digest}
In this data structure, key-type, bound-to-PCR, bound-to, migrateable, migrate-auth, exportable and export-auth are the features of the constraint key of newly-generated key.Creator-PCR is at the effective PCR of output during described key, and bound-pub-key is the summary of newly-generated public-key cryptography.Signonce is the described digest-sized value of being transmitted when the request public-key cryptography generates.
Described BoundSign, BoundQuote, BoundPKDecrypt, BoundPKUnseal, GenBoundKey, the typical definition of BoundKeyMigrate and BoundKeyExport operation is as follows:
BoundSign
Definition
SSP_STATUS?BoundSign(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?PubPartOfBoundKey,
[in]BITSTRING?DataToBeSigned
[out]PKSignature?sig-blob
)
Parameter
BoundSign-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Data-to-be-signed OCTET?STRING}
BoundSign-output::={
Ordinal INTEGER,
Status INTEGER,
Sig-blob PKSignature}
Rreturn value
SSP_SUCCESS
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
SSP_UNSEAL_ERROR
Note
The plaintext of type sspV1BoundKey is taked in described BoundSign operation, and this expressly comprises a BoundKeyBlob and the corresponding public-key cryptography of type B oundSignKey.If any one in these conditions is not satisfied, or the not successfully decoding of described sequence, then described operation failure returns SSP_CRYPTO_ERROR.
If Bound-to-PCR is set, then described SSP checks that current PC R value is whether identical with regulation in described Bound-key-blob sequence.If not, then described SSP returns SSP_CRYPTO_ERROR.
At last, described SSP utilizes described deciphering private key that described input information is signed.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Following function is carried out in described BoundSign operation:
1. whether the described algorithm identifier that described SSP detects among the pk-seales-blob is ssp V1BoundKey.
2. state the default value inner deciphering SealedBlob of SSP, obtain a clear-text message M according to the RSAES-OAEP-DECRYPT that in PKCS#1V2.1, stipulates.
3., then return the SSP_CRYPTO_ERROR that has by the secret of zero setting if the output of described decode operation is " decoding error ".
Otherwise, the information M of recovery will be DER coding that has the Bound-key-blob form of type B oundSignKey.If not, then described SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then described bound-to will compare with current PC R value.If described value is inequality, then described SSP will export SSP_CRYPTO_ERROR.
6. described then SSP uses the relevant public-key cryptography that is provided to recover described constraint private key.If failure, then described SSP returns SSP_CRYPTO_ERROR.If success, then described SSP generates a signing messages based on described input information DataToSigned according to acquiescence execution, the described recovery private key bound-key of use of the RSASSA-PSS-SIGN of defined among the PKCS#1 V2.1.
7. return SSP-SUCCESS
BoundQuote
Definition
SSP_STATUS?BoundQuote(
[in]PKCiphertext?BoundKeyBlob,
[in]DIGEST?DataToBeSigned
[out]PKSignature?sig-blob
)
Parameter
BoundQuote-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Data-to-be-quoted Digest}
BoundQuote-output::={
Ordinal INTEGER,
Status INTEGER,
Sig-blob PKSignature}
Rreturn value
SSP_SUCCESS
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
SSP_UNSEAL_ERROR
Note
The open plaintext of type sspV1BoundKey is taked in described BoundQuote operation, and this expressly comprises the BoundKeyBlob of type B oundQuoteKey.If any one in these conditions is not satisfied, or the not successfully decoding of described sequence, SSP_CRYPTO_ERROR then produced, operation failure.
If Bound-to-PCR is set, then described SSP check current PC R value whether with in described Bound-key-blob sequence, stipulate identical.If not, then described SSP returns SSP_CRYPTO_ERROR.
At last, described SSP quotes the input message with described deciphering private key.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described BoundQuote operation:
1. whether the described algorithm identifier that described SSP detects among the pk-seales-blob is ssp V1BoundKey.
2. described SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that stipulates in PKCS#1V2.1.
3., then return the SSP_CRYPTO_ERROR that has by the secret of zero setting if the output of described decode operation is " decoding error ".
Otherwise, the information M of recovery will be DER coding of Bound-key-blob form, have type B oundSignKey.If not, then described SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then described bound-to will compare with current PC R value.If described value is inequality, then described SSP will export SSP_CRYPTO_ERROR.
6. then, described SSP uses recovery private key section and public-key cryptography with the described private key of reconstruct.Described private key can be as follows by reconstruct.Usually, RSA key is formed by counting N=p*q (N is the product of two prime number p and q) and two exponent e (encryption exponent) and d (decryption exponent).N and e form described public-key cryptography; D is described private key.Usually, the length of d and N identical (for example, 2048).If the factorization of N is known (that is, if p and q are known), then described private key d can be determined easily.Notice that p and q have only half of N.So we store p rather than d as described private key.Then, owing to provided public-key cryptography N, e and p, thus can calculated value q=N/p, then, value d provides p and q definitely.
According to the explanation in the described referencing operation defined above, described private key is used to produce signature information at described input information DataToBeSigned and described current PC R then.If described function returns an error message, then return the SSP_CRYPTO_ERROR that has by the SigBlob of zero setting.
7. return SSP-SUCCESS
BoundPKDecrypt
Definition
SSP_STATUS?BoundPKDecrypt(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?BoundPubKey,
[in]PKCiphertext?DataToBeDcerypted
[out]Secret?decryptedData
)
Parameter
BoundSign-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Pk-sealed-blob PKCiphertext}
BoundPKDecrypt-output::={
Ordinal INTEGER,
Status INTEGER,
d-blob Secret}
Rreturn value
SSP_SUCCESS
SSP_UNSEAL_ERROR
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
Note
The public-key cryptography plaintext of type sspV1BoundKey is taked in described BoundSignPKDecrypt operation, and this expressly comprises the BoundKeyBlob of type B oundDecryptKey.If any one in these conditions is not satisfied, or the not successfully decoding of described sequence, then described operation failure returns SSP_CRYPTO_ERROR.
If Bound-to-PCR is set, then described SSP checks that current PC R value is whether identical with regulation in described Bound-key-blob sequence.If not, then described SSP returns SSP_CRYPTO_ERROR.
At last, described SSP is used to decipher described input information from the described deciphering private key of described bound-blob.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described BoundPkDecrypt operation:
1. whether the described algorithm identifier that described SSP detects among the pk-seales-blob is ssp V1BoundKey.
2. described SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that stipulates in PKCS#1V2.1.
3., then return the SSP_CRYPTO_ERROR that has by the secret of zero setting if the output of described decode operation is " decoding error ".
Otherwise, the information M of recovery will be DER coding with Bound-key-blob form of type B oundSignKey.If not, then described SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then described bound-to will compare with current PC R value.If described value is inequality, then described SSP will export SSP_CRYPTO_ERROR.
6. described SSP uses the public-key cryptography that is provided to recover described private key.This private key can be resumed as above-mentioned in the BoundQuote operation.Use the default value of the RSAES-OAEP-DECRYPT that in PKCS#1V2.1, stipulates to recover special-purpose bound-key then,, obtain a clear-text message M to decipher described pk-sealed-blob.
7. it is M that described SSP is provided with d-blob.
8. return SSP-SUCCESS
BoundPKUnseal
Definition
SSP_STATUS?BoundPKDecrypt(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?BoundPubKey,
[in]PKCiphertext?DataToBeUnsealed
[out]Secret?decryptedData
)
Parameter
BoundSign-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Pk-sealed-blob PKCiphertext}
BoundPKDecrypt-output::={
Ordinal INTEGER,
Status INTEGER,
d-blob Secret}
Rreturn value
SSP_SUCCESS
SSP_UNSEAL_ERROR
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
Note
The public-key cryptography plaintext of type sspV1BoundKey is taked in described BoundSignPKDecrypt operation, and this expressly comprises the BoundKeyBlob of type B oundDecryptKey.If any one in these conditions is not satisfied, or the not successfully decoding of described sequence, SSP_CRYPTO_ERROR then produced, described operation failure.
If Bound-to-PCR is set, then described SSP checks that current PC R value is whether identical with regulation in described Bound-key-blob sequence.If not, then described SSP returns SSP_CRYPTO_ERROR.
At last, described SSP uses PK_Unseal to open the input message that has from the described deciphering private key of described bound-blob.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described BoundPkUnseal operation:
1. described SSP checks whether the described algorithm identifier among the pk-seales-blob is ssp V1BoundKey.
2. described SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that stipulates in PKCS#1V2.1.
3., then return the SSP_CRYPTO_ERROR that has by the secret of zero setting if the output of described decode operation is " decoding error ".
Otherwise, the information M of recovery will be DER coding that has the Bound-key-blob form of type B oundSignKey.If not, then described SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then described bound-to will compare with current PC R value.If described value is inequality, then described SSP will export SSP_CRYPTO_ERROR.
6. described SSP uses described constraint key point to rebuild described private key.Described private key can be resumed as above-mentioned in described BoundQuote operation.Use the step of in described PK_Unseal order, describing then and use the special-purpose constraint of described recovery key to open described pk-sealed-blob.
7. if PCR that names in described opening point and current PC R do not match, then described SSP returns SSP_CRYPT0_ERROR.
Otherwise, it is M that described SSP is provided with d-blob.
9. return SSP-SUCCESS.
GenBoundKey
Definition
SSP_STATUS?GenBoundKey(
[in]BoundKeyType?KeyType,
[in]BOOL?BoundToPcr,
[in]DIGEST?BoundTo[2],
[in]BOOL?migrateable,
[in]DIGEST?migrationAuthority,
[in]BOOL?exportable,
[in]DIGEST?exportAuthority,
[in]DIGEST?SigNonce,
[out]BoundKey?bound-key,
[out]PKPublickey?newPubKey,
[out]PKSignature?boundKeyQuoteBlob
)
Parameter
GenBoundKey-Input::={
Ordinal INTEGER,
Key-type Bound-key-type,
Bound-to-pcr BOOL,
Bound-to DigestPair,
Migrateable BOOL,
Migrate-auth Digest,
Exportable BOOL,
Export-auth Digest,
Sig-nonce Digest
}
GenBoundKey-output::={
Ordinal INTEGER,
Status INTEGER,
Bound-blob PKCiphertext,
Bound-pub RSAPublicKey,
Sig-blob PKSignature}
Rreturn value
SSP_SUCCESS
SSP_BAD_DATA_ERROR
Note
Described GenBoundKey operation makes described SSP generate a new constraint key point that comprises newly-generated private key.Described constraint key point is utilized the public key encryption of described SSP oneself.
What GenBoundKey exported also that the right public-key cryptography of described newly-generated key, one point out that described SSP generates described key quotes signature, its characteristic and described PCR value when generating described key.
The caller of GenBoundKey is also indicated the constraint Key Tpe that will be generated: whether it is used to is signed, quote, the unlatching of BoundPKUnseal, or the deciphering of BoundPKDecrypt.Described caller stipulates also whether described constraint key is restricted to a PCR, if described PCR value is defined.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described GenBoundKey operation:
1. described SSP produces one, and new to disclose special-purpose RSA key right.Otherwise when described SSP was in the free time, it is right that described SSP can generate key alternatively, and one of storage is used for the directly little memory block of key of retrieval in nonvolatile memory.
2. described SSP is inner generate other parameter of comprising newly-generated private key, described constraint Key Tpe and providing by described caller a constraint key structure.
3. described SSP utilizes described platform public encipherment key to encrypt described constraint key point.
4. described SSP generates the signature points of a bound-key-pub-info, and this signature points is included in that key is created and creates the characteristic of key and the value of described PCR earlier when providing.
5. described SSP exports described encryption constraint key point, newly-generated public-key cryptography and the described key point of quoting.
6. return SSP_SUCCESS.
BoundKeyMigrate
Definition
SSP_STATUS?BoundKeyMigrate(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?PubPartOfBoundKey,
[in]BOUND_MIGRATION_INFO?MifrationInfo,
[in]RSA_SIG?SigOnMigrationInfo
)
Parameter
GenBoundKey-Input::={
Ordinal INTEGER,
Migration-info Bound-migration-info,
Migration-pubkey RSAPublicKey,
Migration-auth PKSignature
}
GenBoundKey-output::={
Ordinal INTEGER,
Status INTEGER,
Re-bound-blob PKCiphertext,
}
Rreturn value
SSP_SUCCESS
SSP_BAD_DATA_ERROR
Note
The described SSP of described BoundKeyMigrate operational order reconnects to described key on the different PCR value with a controlled manner.Initial key generator, be Local or Remote key generator name migration authorized organization.Only being labeled as transportable constraint key can be moved, and has only that these keys could be moved when described SSP is provided with a suitable signature Boundmigration-info structure.The public-key cryptography that the device of suitable signature utilizes its summary to be included in the described constraint key point is signed.Remaining constraint key attribute is not modified.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described BoundKeyMigrate operation:
1. described SSP deciphers described constraint key structure and it is interpreted as the close main points of constraint in inside.If described decoding failure, then described SSP returns SSP_CRYPTO_ERROR.
2. described SSP confirms that Bound-export-info relates to same key, described signature is suitably formed and the summary of described signer's public-key cryptography is identical with the name in " transportable " territory of described constraint key point.
3. described SSP checks the transportable property of described key.If not transportable, then described SSP returns SSP_CRYPO_ERROR.
4. if described key is restricted to a PCR, then described SSP checks whether current PC R is that named in described key point.
5. described SSP utilizes the value of naming in the section of the target P CR territory of described Bound-migration-info to replace described PCR value.
6. described SSP encrypts described constraint key point again, and exports described structure of encrypting again.
7. return SSP_SUCCESS.
BoundKeyExport
Definition
SSP_STATUS?BoundKeyExport(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?PubPartOfBoundKey,
[in]BOUND_Export_INFO?ExportInfo,
[in]RSA_SIG?SigOnMigrationInfo
[out]PKCipherText?ReBoundBlob
)
Parameter
BoundKeyExport-Input::={
Ordinal INTEGER,
Bound-key PKCipherText,
Bound-pub-key RSAPublicKey,
Export-info Bound-export-info
Export-auth PKSignature
}
GenBoundKey-output::={
Ordinal INTEGER,
Status INTEGER,
Re-bound-blob PKCiphertext,
}
Rreturn value
SSP_SUCCESS
SSP_BAD_DATA_ERROR
Note
The described SSP of described BoundKeyExport operation indication will retrain key with a controlled manner a private part with described resource apparatus on the corresponding to form of constraint key export to a long-range mechanism.Initial key generator, i.e. the described output of Local or Remote key generator name authorized organization.Only being marked as exportable constraint key can be output, and has only when described SSP is provided with the Bound-export-info structure of a correct signature, and these constraint keys just are output.The public-key cryptography that the device of suitable signature utilizes its summary to be included in the initial constraint key point is signed.
BoundkeyExport allows the caller regulation of appropriate authorization will be retrained the public-key cryptography and the PCR value of the described target mechanism of described key again.Here not having external entity is the specific (special) requirements of a SSP, but described new obligatory point is followed the agreement of constraint key, directly consumes the constraint key of output to allow long-range SSPs.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in described BoundKeyExport operation:
1. state the inner described constraint key structure of deciphering of SSP and it is interpreted as the close main points of constraint.If described decoding failure, then described SSP returns SSP_CRYPTO_ERROR.
2. described SSP confirms that Bound-export-info relates to same key, described signature is correctly formed and the summary of described signer's public-key cryptography is the same with the appointment in " output " section of described constraint key point.
3. described SSP checks the exportable property of described key.If not exportable moving, then described SSP returns SSP_CRYPO_ERROR.
4. if described key is restricted to a PCR, then described SSP checks whether current PC R is named in described key point.
5. one of the inner generation of described SSP comprises from the new constraint key dot structure of the parameter of initial constraint key structure and the new PCR value that provides in Bound-export-info.Other all parameters are consistent.
6. described SSP utilizes the public encipherment key that provides in Bound-export-info to encrypt described new constraint key point.
7. described new constraint key is output.
8. return SSP_SUCCESS.
General-purpose computer environment
Figure 12 illustrates a general-purpose computer environment 400, and it can be used to realize technology described here.Described computer environment 400 is one of example of computing environment, is not to attempt suggestion about the use of described computing machine and network structure or any qualification of function.Computer environment 400 should not be interpreted as having any one assembly or any of its combination that relate to explanation in normatron environment 400 and be correlated with or requirement.
One or more comprise a memory bus or memory controller, peripheral bus, Accelerated Graphics Port, a processor or use arbitrary bus-structured local bus in the multiple types of bus structure of system bus 408 expressions.For example, this structure can comprise that an industrial standard architectures (ISA) bus, a little channel architecture (MCA) bus, one strengthen ISA (EISA) bus, VESA's (VESA) local bus and as a periphery component interconnection (PCI) bus of middle level bus.
The computer-readable media that described disk drive is relevant with it provides computer-readable instruction, data structure, program module and is used for the non-volatile memory of other data of computing machine 402.Though this example shows hard disk 416, moveable magnetic disc 420 and removable CD 424, but clearly, can be by the computer-readable media of other type of the stored data of a computer access, for example tape or other magnetic storage apparatus, flash memory cards, CD-ROM, digital universal disc (DVD) or other optical memory, random access storage device (RAM), ROM (read-only memory) (ROM), electricallyerasable ROM (EEROM) (EEPROM) or analog also can be used to realize a typical computing system and environment.
The many program modules that comprise operating system 426, one or more application program 428, other program module 430 and routine data 432 as an example can be stored on hard disk 416, disk 420, CD 424, ROM412 and/or the RAM410.In this operating system 426, one or more application program 428, other program module 430 and the routine data 432 each (or its certain in conjunction with) all can realize the resident assembly of all or part of support distributed file system.
The user by such as keyboard 434 and pointing device 436 (for example, " mouse ") to computing machine 402 input commands and information.Miscellaneous equipment 438 (not illustrating especially) can comprise microphone, operating rod, game mat, satellite dish, serial port, scanner and/or analog.These and other input equipment is connected on the processing unit 404 by the input/output interface 440 that is connected to system bus 408, but also can be connected by other interface and bus structure, for example be parallel port, game port or USB (universal serial bus) (USB).
The display device of monitor 442 or other type also can be by for example being that the interface of a video adapter 444 is connected to system bus 408.Except that monitor 442, the printer 446 that other output peripherals can comprise the assembly such as the loudspeaker (not shown) and can be connected to computing machine 402 by input/output interface 440.
One or more remote computers that computing machine 402 can use logic to be connected to such as remote computing device 448 run in the network environment.For example, remote computing device 448 can be personal computer, portable computer, server, router, network computer, equal equipment or other universal network node and analog.Remote computing device 448 is represented as a portable computer, and this computing machine can comprise here with regard to computing machine 402 described many or whole members and features.
Logic between computing machine 402 and the remote computer 448 connects as a Local Area Network 450 and wide area network (WAN) 452 and is described.This network environment is common in office, for example, and the computer network between the enterprise, Intranet and Internet.
When realizing in a LAN (Local Area Network) networked environment, computing machine 402 is connected to a LAN (Local Area Network) 450 by a network interface or adapter 454.When carrying out in a wide area network networked environment, computing machine 402 generally includes the modulator-demodular unit 456 or other device that are used for setting up communication on wide area network 452.Modulator-demodular unit 456, it can be internal or external at computing machine 402, can be connected to system bus 408 by input/output interface 440 or other suitable engine.Clearly, it is an example that the network connection is shown, and other device that establishes a communications link between computing machine 402 and 448 also can be used.
Such as utilizing in the network environment shown in the computing environment 400, described program module or wherein the part relevant with computing machine 402 can be stored in the remote storage device.For example, remote application 458 resides on the memory device of remote computer 448.Be illustrative purposes, other executable program of application program and all operating system as described is represented as discrete area here, resides in the different memory modules of computing equipment 402 and by the data processor of described computing machine at different time and carries out though can identify this program and assembly.
Here, with context various modules and technology be described such as the computer executable instructions of the program module that can be carried out by one or more computing machines or miscellaneous equipment.Usually, program module comprises the subroutine that can carry out special duty or realize special summary data type, program, target program, assembly, data structure or the like.Usually, the function of described program module can be as in desirable mutual combination of each embodiment or distribution.
An execution of these modules and technology can be stored by the form of computer-readable storage medium or transmit.Computer-readable storage medium can be any useable medium that can be visited by a computing machine.Such as but be not limited to, computer-readable media can comprise " computer storage media may " and " communication medium ".
" computer storage media may " comprises volatibility and non-volatile, the detachable or non-removable medium of realizing with any means or technology, is used for storage such as computer-readable instruction, data structure, program module or other data.Computer storage media may includes but not limited to RAM, ROM, EEPROM, short-access storage or other memory technology, CD-ROM, digital universal disc (DVD) or other optical memory, tape cassete, tape, magnetic disk memory or other magnetic storage apparatus, any other medium that maybe can be used to store desired information and can be visited by a computing machine.
" communication medium " generally includes computer-readable instruction, data structure, program module or such as other data that exist with the modulated data signal form of carrier wave or other transmission engine.Communication medium also comprises any information delivery media.Term " modulated data signal " is meant to have one or more features that are provided with and change in the mode that the information in described signal is encoded.Such as but be not limited to, communication medium comprises wired media and the wireless medium such as sound, radio frequency, infrared ray such as a cable network or direct wired connection.Above-mentioned any is in conjunction with also being included in the scope of computer-readable storage medium.
Though the language at architectural feature and/or method behavior has been used in above-mentioned explanation, should be appreciated that to the invention is not restricted to described feature or behavior by claims regulations.That is, described feature and behavior just realize an example of the present invention.
Claims (4)
1. one kind is used for comprising based on the data storage of public key encryption and the system of data retrieval:
The a plurality of hierarchical layer that comprise a bottom, this bottom can be protected a Root Resource;
Wherein, described a plurality of hierarchical layer further comprises one or more middle layers, this middle layer is played from next lower level request and is visited the effect of the main body of described Root Resource, and plays to main body in next higher level and protect the effect of the protective device of described Root Resource; With
Only allow to be authorized to visit the described Root Resource of principal access of described Root Resource, wherein, described allow to comprise use a public-key cryptography " locked in " operation to come safely the identifier of described Root Resource with a plurality of main bodys that are allowed to visit Root Resource is sealed, and use a public-key cryptography open operation to retrieve described Root Resource.
2. the system as claimed in claim 1, wherein, described a plurality of hierarchical layer comprises four layers, wherein, the bottom is a security kernel layer, on described security kernel layer is a basic input/output layer, and on described basic input/output layer is an operating system layer, and top be an application layer.
3. the system as claimed in claim 1, described Root Resource wherein comprises an encryption key.
4. the system as claimed in claim 1 is characterized in that, only when the identifier of main body is comprised in the Root Resource one of a plurality of identifiers as a plurality of main bodys that are allowed to visit Root Resource, allows this principal access Root Resource.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US37350502P | 2002-04-17 | 2002-04-17 | |
| US60/373,505 | 2002-04-17 |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB03131208XA Division CN100351815C (en) | 2002-04-17 | 2003-04-17 | Encrypted data memory & data search based on public key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1822015A CN1822015A (en) | 2006-08-23 |
| CN100543759C true CN100543759C (en) | 2009-09-23 |
Family
ID=29270506
Family Applications (6)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710152963 Expired - Fee Related CN101166096B (en) | 2002-04-17 | 2003-04-17 | Saving and retrieving data based on public key encryption |
| CN 200610059598 Expired - Fee Related CN100547598C (en) | 2002-04-17 | 2003-04-17 | Preserve and retrieve data based on symmetric key encryption |
| CNB03131208XA Expired - Lifetime CN100351815C (en) | 2002-04-17 | 2003-04-17 | Encrypted data memory & data search based on public key |
| CN 200610059571 Expired - Fee Related CN100543759C (en) | 2002-04-17 | 2003-04-17 | Data storage and data retrieval based on public key encryption |
| CNB031307744A Expired - Fee Related CN1322431C (en) | 2002-04-17 | 2003-04-17 | Encryption retention and data retrieve based on symmetric cipher key |
| CN 200710152961 Expired - Fee Related CN101166095B (en) | 2002-04-17 | 2003-04-17 | Saving and retrieving data based on public key encryption |
Family Applications Before (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710152963 Expired - Fee Related CN101166096B (en) | 2002-04-17 | 2003-04-17 | Saving and retrieving data based on public key encryption |
| CN 200610059598 Expired - Fee Related CN100547598C (en) | 2002-04-17 | 2003-04-17 | Preserve and retrieve data based on symmetric key encryption |
| CNB03131208XA Expired - Lifetime CN100351815C (en) | 2002-04-17 | 2003-04-17 | Encrypted data memory & data search based on public key |
Family Applications After (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031307744A Expired - Fee Related CN1322431C (en) | 2002-04-17 | 2003-04-17 | Encryption retention and data retrieve based on symmetric cipher key |
| CN 200710152961 Expired - Fee Related CN101166095B (en) | 2002-04-17 | 2003-04-17 | Saving and retrieving data based on public key encryption |
Country Status (2)
| Country | Link |
|---|---|
| CN (6) | CN101166096B (en) |
| CA (3) | CA2425006C (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7890771B2 (en) | 2002-04-17 | 2011-02-15 | Microsoft Corporation | Saving and retrieving data based on public key encryption |
| US7673345B2 (en) * | 2005-03-31 | 2010-03-02 | Intel Corporation | Providing extended memory protection |
| US7747024B2 (en) * | 2007-02-09 | 2010-06-29 | Lenovo (Singapore) Pte. Ltd. | System and method for generalized authentication |
| CN101561815B (en) * | 2009-05-19 | 2010-10-13 | 华中科技大学 | Distributed cryptograph full-text retrieval system |
| US9904803B2 (en) * | 2015-03-25 | 2018-02-27 | Intel Corporation | Technologies for hardening data encryption with secure enclaves |
| WO2018057479A1 (en) * | 2016-09-21 | 2018-03-29 | Mastercard International Incorporated | Method and system for double anonymization of data |
| CN108111587B (en) * | 2017-12-15 | 2020-11-06 | 中山大学 | Cloud storage searching method based on time release |
| WO2020007339A1 (en) | 2018-07-04 | 2020-01-09 | Yunding Network Technology (Beijing) Co., Ltd. | Method and system for operating an electronic device |
| CN109829294B (en) * | 2019-01-31 | 2021-07-13 | 云丁网络技术(北京)有限公司 | Firmware verification method, system, server and electronic equipment |
| CN109284585B (en) * | 2018-08-17 | 2020-12-22 | 网宿科技股份有限公司 | Script encryption method, script decryption operation method and related device |
| CN110365490B (en) * | 2019-07-25 | 2022-06-21 | 中国工程物理研究院电子工程研究所 | Information system integration security policy method based on token encryption authentication |
| CN112434711B (en) * | 2020-11-27 | 2023-10-13 | 杭州海康威视数字技术股份有限公司 | Data management method and device and electronic equipment |
| CN112558019B (en) * | 2020-12-14 | 2023-08-15 | 北京遥感设备研究所 | Extraterrestrial celestial body landing measurement radar receiving and transmitting isolation system based on pseudo code modulation |
| CN112738219B (en) * | 2020-12-28 | 2022-06-10 | 中国第一汽车股份有限公司 | Program running method, program running device, vehicle and storage medium |
| CN112667586B (en) * | 2021-01-26 | 2023-04-25 | 浪潮通用软件有限公司 | Method, system, equipment and medium for synchronizing data based on stream processing |
| CN113609510B (en) * | 2021-09-28 | 2021-12-24 | 武汉泰乐奇信息科技有限公司 | Big data encryption transmission method and device based on distributed storage |
| CN115242490B (en) * | 2022-07-19 | 2023-09-26 | 北京计算机技术及应用研究所 | Group key secure distribution method and system in trusted environment |
| CN115277259B (en) * | 2022-09-27 | 2023-02-28 | 南湖实验室 | Method for supporting large-scale cross-platform migration of persistent data through privacy calculation |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5557765A (en) * | 1994-08-11 | 1996-09-17 | Trusted Information Systems, Inc. | System and method for data recovery |
| CN1134943C (en) * | 1997-02-07 | 2004-01-14 | 萨尔布研究及发展私人有限公司 | Secure packet radio network |
| US6229894B1 (en) * | 1997-07-14 | 2001-05-08 | Entrust Technologies, Ltd. | Method and apparatus for access to user-specific encryption information |
| US6032260A (en) * | 1997-11-13 | 2000-02-29 | Ncr Corporation | Method for issuing a new authenticated electronic ticket based on an expired authenticated ticket and distributed server architecture for using same |
| US6560706B1 (en) * | 1998-01-26 | 2003-05-06 | Intel Corporation | Interface for ensuring system boot image integrity and authenticity |
| US6263431B1 (en) * | 1998-12-31 | 2001-07-17 | Intle Corporation | Operating system bootstrap security mechanism |
| JP4838422B2 (en) * | 1999-01-28 | 2011-12-14 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Transmission system |
-
2003
- 2003-04-09 CA CA2425006A patent/CA2425006C/en not_active Expired - Fee Related
- 2003-04-09 CA CA2778805A patent/CA2778805C/en not_active Expired - Fee Related
- 2003-04-09 CA CA2425010A patent/CA2425010C/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200710152963 patent/CN101166096B/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200610059598 patent/CN100547598C/en not_active Expired - Fee Related
- 2003-04-17 CN CNB03131208XA patent/CN100351815C/en not_active Expired - Lifetime
- 2003-04-17 CN CN 200610059571 patent/CN100543759C/en not_active Expired - Fee Related
- 2003-04-17 CN CNB031307744A patent/CN1322431C/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200710152961 patent/CN101166095B/en not_active Expired - Fee Related
Non-Patent Citations (2)
| Title |
|---|
| A Microprocessor-based Cryptoprocessor. Christian Muller-Schloer.Micro IEEE,Vol.3 No.5. 1983 |
| A Microprocessor-based Cryptoprocessor. Christian Muller-Schloer.Micro IEEE,Vol.3 No.5. 1983 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CA2425006C (en) | 2012-06-05 |
| CN1822015A (en) | 2006-08-23 |
| CN1493996A (en) | 2004-05-05 |
| CN100547598C (en) | 2009-10-07 |
| CN1487422A (en) | 2004-04-07 |
| CN100351815C (en) | 2007-11-28 |
| CN101166095B (en) | 2013-01-16 |
| CA2778805A1 (en) | 2003-10-17 |
| CA2425010C (en) | 2013-11-19 |
| CN1322431C (en) | 2007-06-20 |
| CN101166095A (en) | 2008-04-23 |
| CA2425010A1 (en) | 2003-10-17 |
| CA2778805C (en) | 2015-01-20 |
| CN101166096B (en) | 2012-01-11 |
| CA2425006A1 (en) | 2003-10-17 |
| CN101166096A (en) | 2008-04-23 |
| CN1822016A (en) | 2006-08-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100543759C (en) | Data storage and data retrieval based on public key encryption | |
| KR100996784B1 (en) | Saving and retrieving data based on public key encryption | |
| JP5060652B2 (en) | How to unlock the secret of the calling program | |
| US20220141014A1 (en) | Storing secret data on a blockchain | |
| Kaptchuk et al. | Managing Secrets with Consensus Networks: Fairness, Ransomware and Access Control. | |
| JP2009194640A (en) | Method for transferring content | |
| JP2011171936A (en) | Device and method for processing information, and authentication system | |
| House | nShield™ Family of Hardware Security Modules Firmware Version 2.33. 60 |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: MICROSOFT TECHNOLOGY LICENSING LLC Free format text: FORMER OWNER: MICROSOFT CORP. Effective date: 20150429 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20150429 Address after: Washington State Patentee after: Micro soft technique license Co., Ltd Address before: Washington State Patentee before: Microsoft Corp. |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090923 Termination date: 20200417 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |