CN101166096B - Saving and retrieving data based on public key encryption - Google Patents
Saving and retrieving data based on public key encryption Download PDFInfo
- Publication number
- CN101166096B CN101166096B CN 200710152963 CN200710152963A CN101166096B CN 101166096 B CN101166096 B CN 101166096B CN 200710152963 CN200710152963 CN 200710152963 CN 200710152963 A CN200710152963 A CN 200710152963A CN 101166096 B CN101166096 B CN 101166096B
- Authority
- CN
- China
- Prior art keywords
- key
- constraint
- program
- ssp
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an encryption retention and data retrieve based on symmetric cipher key. In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using a symmetric cipher, in a manner that allows only one or more target programs to be able to obtain the data from the ciphertext. In accordance with other aspects, a bit string is received from a calling program. An identifier of the calling program is checked to determine whether the calling program is allowed to access data encrypted in ciphertext of the bit string. The integrity of the data is also verified, and the data is decrypted using a symmetric key. The data is returned to the calling program only if the calling program is allowed to access the data and if the integrity of the data is successfully verified.
Description
The application is the dividing an application of 03131208.X patent application that is filed on April 17th, 2003.
Related application
The application requires by Paul England; Marcus Peinado and Bryan M.Willman on April 17th, 2002 the rights and interests of common that propose, the U.S. Provisional Application 60/373505 of " safe storage processor " by name, above-mentioned provisional application is used as reference here.
A part of content that this part patent document is disclosed comprises the material that receives copyright protection.The copyright owner does not oppose to utilize any the duplicating in patent document or the Patent publish with the form of the patent document of patent and trademark office or record, but the copyright owner keeps other all rights.
Technical field
The present invention relates to storage and data retrieval, relate in particular to storage and data retrieval based on public key encryption.
Background technology
Data on the protection computer, so that data only are provided for a suitable side, this is that the user pays special attention to.The data type that the user needs protection alters a great deal, for example relevant with work or private classified papers, Bank Account Number, credit card number, social insurance number or the like.In addition, as far as some third party, prevent that the data on illegal use or the calling party computer from being important too.For example, give rogue program or computer hacker thereby the credit card issue person hopes that credit number can be protected to be leaked, music company hopes that its song can prevent by piracy, and film studio hopes to prevent that its film is by piracy or the like.
Be the data on the protection computer, a solution is to give up universal computing device and use the special-purpose anti-interference box that is used to transmit, store and show secure content.Yet this solution is not practicable, because he stops the user to expand their computer (for example, the user can not install other component software and/or nextport hardware component NextPort on this anti-interference box).Therefore, it is necessary a kind of approach of on universal computing device, data being protected being provided.
Summary of the invention
Storage and data retrieval based on public key encryption will be described hereinafter.
On the one hand, obtain data from a caller.Use public key encryption to produce the ciphertext that comprises these data with the form that only allows one or more target programs from said ciphertext, to obtain said data.
On the other hand, obtain a bit string from a caller.Check said caller identifier to confirm whether to allow said caller to visit the enciphered data in the said bit string ciphertext.Have only when said caller is allowed to visit said data, these data are just deciphered through public-key cryptography, and turn back to said caller.
Description of drawings
Identical tag application is represented identical assembly and/or characteristic in the entire chapter file.
Fig. 1 explains a typical access control model.
Fig. 2 representes to use an access controlled environments of four different brackets levels.
Fig. 3 is the flow chart that is used to carry out a typical operation of " locked in " operation.
Fig. 4 is the flow chart that is used to carry out a typical operation of open operation.
Fig. 5 is the flow chart that is used to carry out a typical operation of storage operation.
Fig. 6 is the flow chart that is used to carry out a typical operation of " locked in " operation.
Fig. 7 is the flow chart that is used to carry out a typical operation of referencing operation.
Fig. 8 is the flow chart that is used to carry out a typical operation of checked operation.
Fig. 9 is the flow chart that is used to carry out a typical operation of " locked in " operation.
Figure 10 is the flow chart that is used to carry out a typical operation of public-key cryptography " locked in " operation.
Figure 11 is the flow chart that is used to carry out a typical operation of general " locked in " operation.
Figure 12 explanation can be used for carrying out a general-purpose computer environment of technology hereinafter.
Embodiment
Fig. 1 explains a typical access control model 100.Main body 102 can produce visit by a request of resource conservation.Described request is received by a protector 104, and this protector control is to the visit of resource 106.Protector 104 checks on the basis of the access strategy relevant with other information with said resource whether described request and decision authorize this request, such as the main body 102 of identification issue described request.Be better explanation, an independent main body 102, protector 104 and resource 106 have been shown among Fig. 1.Yet, should explain that access control model 100 can comprise a plurality of main body 102, a plurality of protector and 104 and/or a plurality of resource 106.
In the argumentation here, with the access control model 100 of explanation about on an independent computing equipment, carrying out.Yet clearly said, the different piece of model can be carried out on different computing equipments.For example, main body 102 can be on a computing equipment, and protector 104 can be on other computing equipment with resource 106.
Main body on a computing equipment and protector can be classified as the many levels I of arbitrary number n
nFig. 2 representes an access controlled environments that uses four different layers.In one embodiment, layer I
1Relate to hardware or security kernel layer, layer I
2Relate to one and import/state out system (BIOS) layer basically, layer I
3Relate to an operating system (OS) layer, layer I
4Relate to an application layer.
In example environment shown in Figure 2, lowermost layer (layer I
1) the protection Root Resource.In serving as next more high level in the protector of main body, intermediate layer (layer I
2And I
3) in program serve as from the next one main body of request visit the low layer more.Said intermediate layer just can increase function for the main body in the high level more.
For example, suppose the Root Resource 128 that the 120 expectation retrievals of a program are protected by protector 126.Any request of program 120 loads is from the main body of the said Root Resource 128 of module 122 visits, a protector of promptly serving as said resource.(for example, response is relevant with said resource in preceding request and utilize program 120 or layer I if module 122 has a copy of said resource 128
4In certain other program from protector 126 preceding obtain or when module 122 is initialised or be written in the said computing equipment), whether 122 audit programs of module 120 are allowed to retrieve said resource.If program 120 is allowed to retrieve said resource, then module 122 is returned said resource to program 120.
But if module 122 does not have the copy of said resource 128, then module 122 is served as the main body of request from the said Root Resource of module 124 visits, and module 124 is served as a protector of said resource.If the copy that module 124 has a said resource 128 (for example; By module 122 or certain other module responds in layer I3 relevant with said resource preceding request from protector 126 preceding acquisition perhaps when module 124 is initialised or is written into said computing equipment), then module 124 checks whether modules 122 are allowed to retrieve said resource.If module 122 is allowed to retrieve said resource, then module 124 is returned said resource to module 122.
Yet if module 124 does not have a copy of said resource 128, module 124 is served as the main body of request from the said Root Resource of protector 126 visits.Whether protector 126 inspection modules 124 are allowed to retrieve said resource, and, if module 124 is allowed to retrieve said resource, then return said resource to module 124.If module 122 is allowed to retrieve said resource, then module 124 is returned said resource to module 122, and if program 120 is allowed to retrieve said resource, then module 122 is returned said resource to program 120.
In the argumentation here, for a plurality of references have been listed in the use of the access control model 100 of Fig. 1, to allow the verifying software operation.Usually, protected said resource is a key in the verification operation of software.Yet clearly, the software verification operation only is to use one of example of access control model 100.
Another uses the example of access control model 100 is the checkings to the computer user.State the present age computer residence mostly an access control system is arranged.A user signs in to computer, whom is so that this computer is known the user.After the login, the user moves the needed program of common access system resources (for example, read file, write window on the screen etc.).Usually, the said access control system of said computer conferred (for example, " and user X can be on resource Z executable operations Y? ").If answer is negated, just said program can not be visited said resource.
Another uses the example of access control model 100 is the checkings to the remote service user.Remote service such as website (for example, online broker people or bank) and so on can be considered to have access control system.Said resource is the People's Bank's account, their money and stock.A user signs in to after the said website; Said access control system will confirm whether said user is authorized to carry out the visit of its request; For example; To the visit (to retrieve up-to-date bank state) of " bank account data " resource, perhaps to one " transmission " visit of resource " in the bank account 12345 1000 dollars ".
Another example that uses access control model 100 is the constraint to the physical access in special building or zone.For example, when a user arrived the post morning, this user shows his/her certificate and request is operated resource " Qianmen " " opening ".Certain electronic system (protector) attendes institute's canned data according to certificate and confirms whether said user is allowed to get into this building and accordingly this door is carried out release.
If possible let computer program (from a deciphering protector or service protector) obtain the protection visit at least one encrypt asset, then computing equipment enables the verification operation of a program (software).As mentioned below, in certain embodiments, enable checking and isolation Calculation devices enable verification operation.
If these 2 can both be satisfied; So; Program C is referred to as and isolates each other with another program D: (1) has can be by program C visit and can not be by the memory of program D visit, and (2) program D can not working procedure C (except a possible entrance of being confirmed by program C).Program is provided by its transformation rule (executable code) and its initial condition (entrance or IP IP initial value).Because data can be stored in the memory that can not be visited by program D, so, even the existence of the behavior of runing counter to of program D is arranged, said first program code that also can guarantee program C and state information complete.This point also allows program C to protect to come the confidential data (for example, key) in the observation of free program D.The said second promise D can not destroy the behavior of C through the entrance of selecting to run counter to.
In addition, if program C enables to discern the initial condition of transformation rule (program code) and program D, we can say that then program C can proving program D.Computing equipment can isolate any program C of program from any other program D, and an exception is the single program E of every layer of j<i
j, wherein i is the layer of program C.This can protect a plurality of programs to avoid the observation and the interference of arbitrary program, except the sequence E of protector
1, E
2..., E
I-1Outside, program C asks to visit its resource through this protector.And as far as any layer of i, said computing equipment can make a program in layer i, carry out to verify some programs in layer i+1 at least.This request allows a program to serve as and the relevant protector of request from theme in the said lower floor.These two observations have caused an inductive argument, and the program in promptly any layer can be asked to visit a resource through the predecessor to it and protected their resource of its complete sum and verify the protector of serving as resource from the request of the main body in the next layer through isolating.
Isolation can realize through using physical storage to protect.This approach is referred to as " isolation in the space " and " spatial separation ".For example, the protection of ring in many Modern microprocessor and virtual memory is enough to the isolation in the implementation space.Can be application program (layer i+1) with the operating system kernel (layer i) of privileged mode operation and set up page table; Thereby; Any Application can only access physical memory some part, this part is the selected said application program virtual address space of mirroring of said operating system kernel.And the privilege of said core constraint applies program is so that they can not change storage image, and the assurance application program only starts the execution of core code in the entrance (system call) of clearly stipulating.
Another kind realizes that the approach of isolating is in time to separate their execution between two-layer.This method relates to " in time separating " and " time separates ".Program among the ground floor i is carried out fully, and makes and can not obtain some resource, just stops then.Subsequently, control is transferred among the next layer i+1.
Checking occurs between a plurality of layers (j=i+1) subsequently.The initial condition of the configuration of program C proving program (transformation rule) and j.Said program can be able to checking through making the program among the program C inspection layer j.That is, exemplary program C reads the memory of the program that comprises layer j, and calculates a secret summary in the scope of this memory.It should be noted that the purpose of this point only is to confirm the identity of said code, rather than the statement of other main body of the relevant said code of assessment.Therefore, in this, certificate is not necessary.
Second initial condition that task is recognizer D of program C.Unusual difficulty when generally speaking, confirming the initial condition of a program in any execution phase.Therefore, the initial condition of program C control program D.In fact, this means if program C with the execution of δ state start-up routine D, so, program C only can confirm the initial condition δ of program D.
In a word, for proving program D, it thinks relevant memory content and calculate a secret summary program C inspection.Afterwards, program C transmission implements the entrance of a clear and definite program D.
In said resource is under the situation of encryption key, and verification operation allows each operating system and application program exclusively to visit one or more secrets.Each secret of above-mentioned insulation blocking is avoided the attack of hostile code.The checking permission program of said procedure is identified, thereby each secret is merely able to disclosed to the said program that has it.
Usually, owing to provide a request from program (main body 102 of Fig. 1), protector 104 is set up the identity (that is, protector 104 is authorized said program) of said program.If said program is not owner's (resource 106) that request is maintained secrecy, then protector 104 refusals should request.Otherwise protector 104 calculates certain function (himself can be said secret) of said secret, and if possible, also further calculates by information that said program provided and returns said result.In other words, not clearly to receive or refuse to ask, protector 104 can be the described request service, but the identity of said caller is assembled among the said result.This method that replaces is suitable, for example, if the said result who is returned by said protector does not comprise security information (for example, using a secret to produce the request of digital signature).The item gate function is used to consult both of these case here.
In addition, under various situation, protector 104 checking said callers (main body 102).Checking to main body 102 also relates to a function ID () here, and this function id () returns a summary of said caller (gate function of this routine call protector 104).Said summary can be generated by any ways customary, for example uses any one or a plurality of keyed hash function (being also referred to as one-way hash function), SHA1 (secret Hash operation rule 1) for example, and MD5 (informative abstract 5), MD2 (informative abstract 2), or the like; Use keying MAC (Message Authentication Code) or the like.
One type of gate function described herein realizes enclosed storage.The purpose of enclosed storage is to allow the procedure stores secret, so that only one group of special one or more program (by the program defined of storage secret) can be retrieved said secret.The said secret of calculating functional recovery (unlatching) that the said secret of initial preservation (sealing) is only arranged in an example.Usually, these secret useful life will exceed the independent execution time limit of said program.Employed secret can be preserved (sealing) or isolated during program is carried out once, and a randomizer also allows said program term of execution of time, to keep said secret.Enclosed storage also allows a program whole the term of execution, all to keep secret from start to finish, and these execution can not be overlapping immediately.By with lower interface (for example, use " sealing " and " unlatchings " to operate and/or public-key cryptography seals and the public-key cryptography open operation), layer I
iEnclosed storage is exposed to down one deck I
I+1
Argumentation about enclosed storage relates to the key that is used to encryption and decryption.These keys are keys relevant with the protector that resource is being protected (for example, the protector 104 of Fig. 1).
The argumentation here also relates to program identifier (for example, call an identifier of the program of an operation, or be allowed to visit an identifier of a target program of a resource).These identifiers often are referred to as summary here.Yet clearly, summary only is an example of program identifier.Can use other type of identifier, this identifier is a tolerance or other performance of program, and allows all to be detected to any change of program.If program (is for example changed to some extent; Visit or utilize one or more instructions that the adversary changed of protected data for malice); Then the said identifier of said program will reflect this change (for example, the identifier of the program of change will not be different from the identifier of the program of change).
Said " locked in " operation receives the data that are closed (for example, secret) is imported.Said " locked in " operation also can randomly receive as input when be used to discern and/or Xiang Hezhe discloses the condition of secret.In one embodiment, this condition is a summary of a target program, and this program is allowed to retrieval (unlatching) said data.In addition, be allowed to the retrieval (unlatching) said data program can otherwise be identified.For example, said program can be discerned by a public-key cryptography, thereby makes that each proof is relevant with one or more programs.
In addition, except or replace the identifier of said target program can also use other conditions.For example, said condition can comprise the special time-constrain that can be disclosed the time correlation of (unlatching) with said data, for example can be by one day or many days the special time in the week during disclosing (unlatching) in said secret.Again for example, disclosed (unlatching) in order to make said secret, said condition can comprise the password that must be provided or the identifier of other data, and for example, said secret can only be known that the program of password opens.
Again for example, said condition can be a logical formula (for example, writes on any statement in the first rank logic, write on any statement in the predicate logic or the like).Said logical formula is assessed (for example, through protector) and is had only when said assessment and return when really indicating, and said secret is just disclosed (unlatching).
Again for example, said condition can be executable program (for example, java, the C of certain language
*, Javascript, VBScript or the like).Program is performed (for example, through protector), has only when said program is returned certain for the indication of " very " or " satisfying " the just quilt disclosure (unlatching) of said secret.
Be that said " locked in " operation can use the summary of the said program of calling said " locked in " operation under the situation of summary of said target program in said condition, (impliedly importing the summary of said target program whereby) replaces providing the summary of said target program.In addition, the summary of multiple target program can be imported into said " locked in " operation, allows the multiple target program to disclose (unlatching) said data whereby.
Said " locked in " operation is encrypted the identifier of said caller with input (said data and the condition that allows to disclose (unlatching) said data).Said " locked in " operation returns said input data with the form (as ciphertext) of an encryption.Said " locked in " operation also returns a value (for example, a Message Authentication Code (MAC) value), and this value can be used for verifying the integrality of said sealing data.The data that the data of being returned allow to be stored are cited in open operation subsequently, will further discuss hereinafter
The pseudo-code that is used for said open operation describes in Table I.In the pseudo-code of Table I, ID () relates to the ID () function that preceding text are discussed, and e relates to the value that is returned to said caller (for example, character string or bit sequence), and data relate to the data that are closed, and [t
1..., t
m] relating to the summary of one or more target programs, this target program allows to disclose (unlatching) said data (one or more other conditions in other words).
Table I
| D=ID() E=store(data,[t 1......,t m],d) Return?e |
Fig. 3 is the flow chart that explanation is used to realize an exemplary process 200 of said " locked in " operation.Processing 200 is performed by the protector among Fig. 1 104, and can realize with the form of hardware, software, firmware or its combination.
At first, receive the secret (step 202) that needs are closed from said caller.Said secret is encrypted so that said secret can only be retrieved (step 202) by a special target program, and perhaps, if one or more specified conditions are satisfied, said secret can only be retrieved.The ciphertext that comprises encrypted confidential then is returned to said caller (step 206).Additional information also can be returned to said caller (separating as the part of said ciphertext or from said ciphertext), a summary of for example said caller and/or said target program.
Said open operation receives a bit string as input, and this bit string is returned by said " locked in " operation when the said caller of sealing is hoped data retrieved now.Said open operation obtains to be used to disclose the condition of said data, and checks whether these conditions are satisfied.For example, if condition comprises the summary of the one or more target programs that are allowed to retrieval (unlatching) said data, then said open operation obtains these summaries and checks whether said caller is one of one or more target programs.If said caller is not one of one or more callers, then said open operation failure and the data of being asked are not returned to said caller.Yet if said caller is one of one or more target programs, said open operation success and said requested data are returned to said caller.The summary that seals the program of said data is also returned arbitrarily by said open operation.
The pseudo-code that is used for open operation describes in Table II.In the pseudo-code of Table II, data relate to just requested data (and before being closed), [t
1..., t
m] relate to the summary (being one or more other conditions) of one or more target programs that is allowed to retrieval (unlatching) said data; E relates to the input (through previous typical case's output of a " locked in " operation) to said open operation, and d relates to the summary of the program of sealing said data.
Table II
| (data,[t 1......,t m],d)=retrieve(e) if?ID()is?in[t 1......,t m]then?return(data,d) else?fail |
Explanation is used to realize the flow chart of an exemplary process 220 of said open operation during Fig. 4.Handle 220 performedly, also can combine to realize through hardware, software, firmware or its by the protector 104 of Fig. 1.
At first, said caller ciphertext desired retrieval, that have enciphered data be retrieved (step 222).Make one about whether allowing said caller to retrieve the inspection (step 224) of said data, and carry out based on whether allowing said caller to retrieve the processing (step 226) of said data.If said caller is allowed to retrieve said data, then said data (deciphering) are returned to said caller (step 228).If said caller is not allowed to retrieve said data, then said processing failure (step 230) and said data are not returned to said caller.
Enclosed storage can realize through different modes.In one embodiment, realize enclosed storage through the nonvolatile memory that uses physical protection.In the present embodiment, said computing equipment links with the protector with different piece of protected nonvolatile storage, and allows each protector can only visit the part relevant with said protector.In the present embodiment, call close with open operation in the storage that relates to search operaqtion so that said computing equipment can store respectively and retrieve relevant with said protector by the data in the protection nonvolatile memory.
For example, a memory device (for example hard disk drive) can be realized a protector.Not simply said memory device unconditionally to be carried out read write command, the main body (for example) of said this memory device of memory device identification attempt visit based on a summary of said main body, and only allow a said memory device of special principal access.In addition, different main body can be confined to the special part that can only visit said memory device (for example, special sector or address realm).
In another embodiment, realize enclosed storage through the art that accesses to your password.An exemplary embodiments of carrying out enclosed storage through the art that accesses to your password will be described below.
When the art that accesses to your password realized enclosed storage, said resource was a key K rather than by the memory of physical protection.Said storage operation is not physically to store its input.Opposite, said storage operation produces the output c of a cryptoguard, and this output c is an input with the storage operation of encryption and the appearance of Global Macros form.Said encryption is that a symmetric cryptography is applied to the result in the said input.Back one characteristic is applied to a Message Authentication Code (MAC) in the said input through (before or after said input is encrypted) and obtains.
Explanation is used for the pseudo-code of storage operation in Table III.In the pseudo-code of Table III, b relates to the bit string that is imported in the storage operation, and c relates to by the bit string of said storage operation output.K1 relates to the first of key K, and K2 relates to the second portion of key K.Said key K is to realize the symmetric key of the protector of sealing and storage operation.
Table III
| M=MAC k1(b) C=(m,Encrypt k2(b)) Return?c |
Therefore, from Table III, can see, generate a value (m) through the bit string that a MAC is applied to be input in the said storage operation.Said MAC is used to a part (K1) of key K.The bit string that is input in the said storage operation is also encrypted through a second portion (k2) that uses key K.Be returned caller through said MAC being applied to said input bit string and encrypting the value that said input bit string generates to said storage operation.
Said key K is divided into two independently key K 1 and K2, to avoid that MAC is used identical key with password.Any mode of this division in can be in many ways carried out.This division can be used the different position of key K or use one or more identical positions.For example, suppose that key K is 1024, then low 512 can be used as key K 1, and high 512 can be used as key K 2, (position 0,2, even-numbered position; 4,6,8,10 ... 1022) can be used as key K 1; ( position 1,3,5,7,9, odd-numbered position; 11 ..., 1023) can be used as key K 2, low 650 can be used as key K 1, and high 650 can be used as key K 2 (causing some position can be used to K1 and K2) or the like.In addition, same key K can be used to MAC and password.
The pseudo-code of explaining in the Table III through calculating said data MAC, enciphered data and export said MAC and said ciphertext realizes said storage operation.In addition, said storage operation can realize in a different manner.For example, said storage operation can at first be encrypted said data, calculates a MAC of said ciphertext then, and exports said ciphertext and said MAC.Again for example, said storage operation can be calculated the MAC of said data, encrypts said data and said MAC then, and exports said ciphertext.
The encryption of carrying out through the ciphertext of storage operation can realize through using different symmetric encipherment algorithms.Usually, symmetric encipherment algorithm uses same key to carry out encryption and decryption.For example, the algorithm that comprises triple des (data encryption standard), AES (Advanced Encryption Standard) etc.
Similarly; Said MAC can be a Message Authentication Code arbitrarily; For example, in advance in cryptography---cipher machine ' 96, among " computer science " lecture notes No.1109 in promptly 1996; MAC described in the M.Bellare, R.Canetti and H.Krawczyk " hash function that is used for the use key of Information Authentication ".In addition, come integral body is protected through a public-key cryptography digital signature that substitutes a MAC.
Fig. 5 is the flow chart that is used to realize an exemplary processes 250 of said storage operation.Carry out processing 250 through the protector among Fig. 1 104, and can realize with the form of hardware, software, firmware or its combination.
At first, receive stored data (step 252).Symmetric encipherment algorithm is applied to said data (step 254) and a Message Authentication Code (MAC) is applied to said data (step 256).Enciphered data that in step 254, generates and the MAC value that in step 256, generates are returned to said caller (step 258).
Said search operaqtion receive comprise a MAC value and ciphertext the input bit string.Said ciphertext is deciphered with generation expressly, and generates a MAC value of said ciphertext.Received MAC value is identical if the MAC value of said plaintext is with the part of conduct input bit string, and then said plaintext is returned to said caller.But received MAC value is different if the MAC value of said plaintext is with the part of conduct input bit string, and then said search operaqtion failure and said plaintext are not returned to said caller.Clearly, depend on the mode that realizes said storage operation for the particular form that obtains the search operaqtion that said MAC and said ciphertext carry out from said input bit string.
Explanation is used for the pseudo-code of search operaqtion in Table IV.In the pseudo-code of Table IV; C relates to the bit string that is imported in the said search operaqtion; B relates to the bit string that is outputed in the said search operaqtion, and m relates to the part MAC value of the bit string that is imported in the said search operaqtion, and d relates to the part ciphertext of the bit string that is imported in the said search operaqtion; K1 relates to the first of said key K, and K2 relates to the second portion of said key K.Combine the relevant argumentation of said storage operation the same in the again, K1 and K2 are the same parts of said key K.
Table IV
| Let(m,d)=c B=Decrypt k2(d) If?m=MAC k1(b)then?return?b Else?fail |
Therefore, can see from Table IV that the bit string that inputs to said search operaqtion through deciphering generates a value (b).Received MAC value is identical if the MAC value that said search operaqtion generates inputs to the bit string of the part in the said search operaqtion with conduct, and then said value (b) is returned the caller to said search operaqtion, otherwise said search operaqtion failure.
Said pseudo-code in the Table IV is calculated the MAC of said data and is encrypted said data based on the realization of said storage operation in this storage operation, said MAC and ciphertext are together by output (with as the input bit string to said search operaqtion).If said storage operation is at first encrypted said data; Then calculate a MAC of said ciphertext and export said ciphertext and MAC; Then; The MAC that said search operaqtion will be calculated said ciphertext also and with the MAC that form was received that partly imports bit string compares, if said MAC value is complementary, then deciphers said ciphertext and returns said data decryption.If said storage operation is used to calculate a MAC of said data; Then encrypt said data and MAC; Said then search operaqtion will be deciphered said input bit string; A MAC who calculates the data in the said input bit string then also compares a MAC in this MAC and the said deciphering character string, if said MAC value is complementary, then returns said data.
Be similar to the relevant argumentation of storage operation described in the preceding text, said search operaqtion can be used decipherment algorithm arbitrarily.Yet said decipherment algorithm should be corresponding with said AES, so that said enciphered data can be deciphered.Similarly, Message Authentication Code can be used as said MAC arbitrarily, but used Message Authentication Code should be identical with the Message Authentication Code that said storage operation is used.
Fig. 6 is the flow chart that is used to realize an exemplary process 270 of said " locked in " operation.Protector 104 among Fig. 1 is carried out and is handled 270, and can realize with the form of hardware, software, firmware or its combination.
At first, receive a ciphertext and MAC value (step 272).Said ciphertext is deciphered to generate clear data (step 274).A Message Authentication Code (MAC) is applied to said clear data generating a MAC value, and the MAC value that generates in the inspection step 276 MAC value (step 278) that whether equals in the step 272 to be received.MAC value according to whether the MAC value that is generated equals to be received is handled (step 280).If the MAC value that is generated equals the MAC value that received, then said clear data is returned to said caller (step 282).Yet,, handle failure and said clear data and be not returned said caller if the MAC value that is generated is not equal to the MAC value that is received.
Therefore; The encryption method that is used for " locked in " operation has guaranteed that fully any error of value c (output of said storage operation) can both be to be detected; And if not to the visit of key K 2 (the employed key of password that is used for secret value b), value b (input of said storage operation) can not be retrieved.
Another kind of gating function realizes remote validation.The purpose of remote validation is, even also can proving program under the situation that does not arrive the strong physical coupling of demo plant (for example, using server or smart card).In this case, checking is based on password.That is, two entities form an encrypted authentication agreement.This comprises the checking configuration that can visit a secret, and this configuration is normally based on a private key or a symmetric key of said agreement.The identity property of the configuration of using and require this use (for example, processor and/or software) that in addition, said computing equipment can be secret with these checkings couples together.Therefore, said demo plant can set up said computing equipment and the said software carried out above that identity property.
Referencing operation and public-key cryptography open operation are respectively the gating functions that is used for public-key cryptography signature and public-key cryptography deciphering.The protector access signature key K s that realizes these gating functions conciliates keys Kd.Said signature key Ks conciliates keys Kd and also is referred to as open/right private key of private key.Should open/private key to being to realize the said pair of secret keys of quoting with the protector of public-key cryptography open operation.
A public-key cryptography signature is returned in input and the combination (for example, cascade) of a condition of said referencing operation through said referencing operation, this condition identification when and/or said secret can be disclosed and given what person.Similar with said sealing and the open operation discussed in the preceding text, the disclosure of said secret is subject to any condition of a plurality of conditions.In one embodiment, this condition is an identifier (for example being the summary of said caller) of said caller.
Having the said operation of expression in said signature inside is to be identified a proof of carrying out on the basis of the request of caller.Said referencing operation and a verification operation work in concert, this verification operation normally go up and carry out being used to carry out equipment beyond the equipment of referencing operation (for example on remote server or smart card or the like).Said verification operation is carried out a public-key cryptography signature verification, and retrieves and assess the said caller identifier of (and/or other is used to disclose the condition of said secret).
Explanation is used for the pseudo-code of referencing operation in Table V.In the pseudo-code of Table V, ID () relates to above-mentioned ID () function, and a relates to the data that are imported in the said referencing operation, and Ks relates to a signature key.
Table V
| D=ID() Return?sn=Signature ks(d,a) |
Therefore, can find out from Table V that said referencing operation obtains a summary of said caller and receives an input value a.Said referencing operation uses signature key Ks to generate the digital signature (sn) of the summary of input value a and said caller.Input value a can be generated by said caller, perhaps can be a value that is received from another assembly or equipment (for example, with the equipment that is performed verification operation).Use public key encryption to generate said digital signature.
Fig. 7 is the flow chart that explanation is used to realize an exemplary process 300 of said referencing operation.Protector among Fig. 1 is carried out and is handled 300, and can realize with the form of hardware, software, firmware or its combination.
At first, receive the input data from a caller (step 302).Obtain an identifier (/ or a plurality of other condition that is used to retrieve said input data) (step 304) of this caller and generate a digital signature (step 306), this digital signature is based on the combination of the identifier (and/or one or more other condition) of said input data and said caller.
Said verification operation is carried out a public-key cryptography signature verification and is retrieved and assess the identifier of said caller.Said verification operation receives a digital signature that is generated by a caller usually from the equipment (for example, remote service equipment, smart card etc.) except that the equipment of carrying out verification operation.Said verification operation extracts summary (for example, application program, operating system, firmware program etc.) and assessment this summary of said program to determine how to carry out, said procedure calls said referencing operation from the digital signature that is received.
Explanation is used for the pseudo-code 6 of said verification operation in Table VI.In the pseudo-code of Table VI, d relates to the summary of the program of calling said referencing operation, and a relates to the value that is imported in the said referencing operation, and Sn relates to the digital signature of the input of conduct that said verification operation receives.
Table VI
| (d,a)=Extract Kv(Sn) Evaluate(d) |
Therefore, can find out that said verification operation receives a digital signature, and use authentication secret Kv (this key is the open/right public-key cryptography of private key that comprises said signature key Ks) from said signature, to extract said summary d and value a from Table VI.Said verification operation can be assessed the summary d of the program of calling said referencing operation.The mode of assessment summary d can change.For example, said assessment can comprise with the summary d compare with the tabulation of " being checked and approved " or " trust " application program.
Fig. 8 is the flow chart that is used to realize an exemplary process 320 of said verification operation.Protector 104 among Fig. 1 is carried out and is handled 320, and can realize with the form of hardware, software, firmware or its combination.
At first, receive a digital signature (step 322).Marker character and the said input value itself of quoting the caller (and/or one or more other condition that is used for retrieving said input value) of an input value (using said referencing operation) are extracted (step 324) from said digital signature.The identifier (and/or one or more other condition that is extracted) of assessing said caller is to confirm how to proceed said input value (step 326).
Said public-key cryptography open operation is a public key encryption version or one or more other condition of logic gating on the conforming basis of said caller (the for example summary of said caller).The public-key cryptography decrypted result that is imported into the input c in the said public-key cryptography open operation be interpreted as one to (d, s), wherein, s is a secret, d discerns the configuration (for example, the summary of a caller) that can disclose s to it.If the caller that public-key cryptography is opened is not d, then said public-key cryptography open operation failure.One second public-key cryptography " locked in " operation generates the input c to said public-key cryptography open operation, and it can remove execution on the equipment the equipment of carrying out said public-key cryptography open operation (for example, remote service equipment, paper can block etc.).Said public-key cryptography " locked in " operation carry out to r (d, s) close will the encryption disclosed.Said public-key cryptography open operation and public-key cryptography " locked in " operation also can be used to realize enclosed storage.
Explanation is used for the pseudo-code of said public-key cryptography open operation in Table VII.In the pseudo-code of Table VII, ID () function relates to above-mentioned ID () function, and c relates to the input to said public-key cryptography open operation, [d1 ..., d
m] relate to the summary of one or more callers; S can be disclosed this program (one or more in other words other program) of giving; S relates to said protected data; Kd relates to one and separates keys (private key of open/private key centering relevant with protector, and this protector is just being carried out said public-key cryptography open operation).
Table VII
| ([d1,......,d m],)=Decrypt Kd(c) if?ID()is?in[d1,......,d m]then?return?s else?fail |
Therefore, can find out from Table VII that said public-key cryptography open operation uses public-key cryptography deciphering and said decruption key Kd to decipher said input value a.Said deciphering input value comprise one or more be allowed to its disclose the caller of said protected data s summary [d1 ..., d
m] (but or one or more identification protecting data s when disclosed and/or disclose other condition of giving what person).Said public-key cryptography open operation also generates a summary of said caller.If the summary of said caller and summary [d1 ..., d
m] one of equate that then said protected data is returned to said caller.But, if the summary of said caller and summary [d1 ..., d
m] in any one is all unequal, then said protected data is not returned to said caller.
Fig. 9 is the flow chart that is used to explain the processing 340 that realizes said public-key cryptography open operation.Protector 104 among Fig. 1 is carried out and is handled 340, and can realize with hardware, software, a firmware or one of which form that combines.
At first, the ciphertext that has an enciphered data of the desired retrieval of said caller be retrieved (step 342).Whether inspection allows said caller to retrieve said data (step 344), and whether is allowed to retrieve said data according to said caller and handles (step 346).If said caller is allowed to retrieve said data, then said data (being deciphered through public-key cryptography) are returned to said caller (step 348).If said caller is allowed to retrieve said data, then said processing failure (step 350) and said data are not returned to said caller.
Said public-key cryptography " locked in " operation is a public key encryption scheme that on the conforming basis of said caller (for example, the summary of said caller, or one or more other program), obtains through the logic gating.Said public-key cryptography " locked in " operation is carried out a function to (wherein s is one or more configurations (for example, the summary of a caller) that a secret and d identification can disclose said s to it for d, public key encryption s).
Explanation is used for the pseudo-code of said public-key cryptography " locked in " operation in Table VIII.In the pseudo-code of Table VIII, c relates to the output of said public-key cryptography " locked in " operation, [d1 ..., d
m] relating to the summary of one or more callers, s can be disclosed gives this caller, and s relates to said protected data, and Ke relates to an encryption key.
Table VIII
| C=EncryptKe([d1,......,d m],s) Return?c |
Therefore, from Table VIII, can find out, said public-key cryptography " locked in " operation receive as the said protected data s of input with can to its disclose one or more programs of said protected data s summary [d1 ..., dm].Said function to [d1 ..., d
m], be that s is used based on the public key cryptography of said encryption key Ke and encrypts s.Said encryption key Ke is a public-key cryptography of attempting to decipher the said protector of said ciphertext.Ciphertext from said public key encryption is returned to said caller
Figure 10 is the flow chart that explanation is used to realize an exemplary process 360 of said public-key cryptography " locked in " operation.Processing 360 is performed by a protector 104 among Fig. 1, and can realize with hardware, software, a firmware or one of which form that combines.
At first, receive a secret (step 362) that will be closed from a caller.If use public key encryption or one or more other conditions to be satisfied, then encrypt said secret, thereby make said secret retrieved (step 364) by a specific target program.The ciphertext that comprises said encrypted confidential is returned to said caller (step 366).Additional information also can be returned to said caller (as the part of said ciphertext or a part of separating with said ciphertext), the for example summary of said caller summary and/or said target program.
Said quoting with the public-key cryptography open operation attempts to be used to be connected the public-key cryptography indentification protocol.Most of public-key cryptography indentification protocols can be called any one in public-key cryptography deciphering, public key encryption, signature and the signature verification and by direct modification, public-key cryptography deciphering, public key encryption, signature and signature verification wherein is respectively through opening public-key cryptography, the public-key cryptography sealing, quoting and calling of verifying realized through replacement.
In some cases, obtaining a random number is very important (for example, as the basis that generates key).Random number can obtain through different ways.In one embodiment, the source of random number is a cipher random number generator of realizing with the computing equipment example, in hardware.
A selection as above-mentioned " locked in " operation is with said " locked in " operation and the general " locked in " operation that the random number generating run combines.The summary of the said target program of said general " locked in " operation reception conduct input [t1 ..., t
m], this target program can be retrieved said secret (thereby and/or must be satisfied other condition that makes that said secret can be retrieved).Said general " locked in " operation generates a random number and also seals newly-generated random number so that it can only by have the target summary [t1 ..., t
m] in the caller (and/or other condition that is satisfied) of a summary retrieve.
Explanation is used for the pseudo-code of said general operation in Table I X.In the bit code of Table I X, ID () relates to above-mentioned ID () function, and c relates to the output of said general operation, and s relates to said newly-generated random number, [t1 ..., t
m] relate to the one or more target programs (it is to call one of random procedure of said general operation) that are allowed to searching value s, one or more in other words other conditions, function G enRandom () relates to a function that generates a random number.
Table I X
| D=ID() S=GenRandom() C=store(s,[t1,......,t m],d) Return?c |
Figure 11 is the flow chart that explanation is used to realize an exemplary process 380 of said general " locked in " operation.Processing 380 is performed by the protector among Fig. 1 104, and can realize with hardware, software, a firmware or one of which form that combines.
At first, the target program that can retrieve a secret maybe will be satisfied so that the caller of one or more conditions that said secret can be retrieved receives input (step 382) from being used to discern.Generate said secret (step 384) then, said secret is encrypted perhaps to be had only when one or more conditions are satisfied so that the target program that said secret can only be identified is retrieved (step 386), and said secret can be retrieved.Then, comprising that the ciphertext of said encrypted confidential is returned to said caller (as the part of said ciphertext or from the isolated part of said ciphertext), for example is a summary of said caller and/or the summary of said target program.
The service that is provided by a deciphering protector can be used to general sealing service.For example, consult Fig. 1 and Fig. 2, in the initialization, layer n-1 discloses a single key and gives a layer n (for example, after the resetting and starts of said computing equipment, or before a program begins execution) based on the consistency of layer n.Layer n this key of storage also uses it to encrypt additional secret.Next that is imported into identical configuration at said platform constantly, said deciphering protector provides identical root key (for example, through opening or public-key cryptography is opened), and previous all encrypted secrets can be retrieved by tegillum n.
In certain embodiments, when one deck was initialised instantly, lower level disclosed one or more secrets (for example, after the resetting and starts of said computing equipment, or before a program begins execution) to said one deck down.After this gating disclosed, said lower level no longer was used (start or reset up to the next one).This uses a model and is called as the deciphering Protection Model.Should deciphering Protection Model through using, the visit of said lower level is reduced.
Isolate and spatial separation service time, and gating function described here can be conciliate the tight defense protection unit with the service protector and used.Four kinds of service models realizing verification operation are described below: (1) service protector---spatial separation; (2) deciphering protector---spatial separation; (3) the deciphering protector---the time isolates; (4) the service protector---the time isolates.In the service model described here, suppose that a more rudimentary protector has disclosed one or more keys to the said protector that is positioned at the layer place that be considered.The mode that obtains these keys depends on the isolation model of said protector and the layer under it.Different layer in same computing equipment can use any different service model.
(1) service protector---spatial separation: during initialization, the consistency of requestor is measured and preserved to said protector.The system call interfaces that said protector uses processor service and one to represent said verification operation basic operation realizes a protection system (for example, a processor or other safe processor or common processor).
(2) deciphering protector---spatial separation: said protector obtains the services request of encrypted code form when initialization.This point can be stored in the memory, obtains from external memory in other words.Said protector is measured the consistency of initialize routine, and according to above-mentioned control function key is disclosed to program.Before the control of abandoning following one deck, said protector is that self and its secret resource are set up the pattern protection.
(3) the deciphering protector---the time isolates: said protector obtains the services request (hyte) of password point form when initialization.This point can be stored in the memory, can obtain from external memory in other words.Said protector is measured the consistency of initialize routine, and according to above-mentioned gating function key is disclosed to program.Before the control of transmitting these programs, said protector deletion (otherwise it can not be inserted) is used to realize the key of said gating function.
(4) in the time isolation model, said computing equipment resets through safety and keeps program state safely service protector---time isolates: at said service protector---.This model and model (1) (service protector---spatial separation) are similar, yet before one deck, said service protector is deleted its secret (making its loss of function up to restart next time) under control is delivered to.Following one deck will normally be carried out, and need ask a service from said protector up to it.In this, its parameter with described request stores certain position in the memory into, and this position can make memory contents avoid one to reset or carry out one and reset.When said equipment is restarted; Said service protector obtains its secret; See that also (using its key) carries out described request, said key and any relevant information were lost efficacy, and the result that will calculate and control sends down one deck (layer of initial request service) to.
In certain embodiments, if a computing equipment support space is isolated, then said security kernel will disclose said basic (operation) sealing, unlatching, acquisition random number (being used to obtain a random number) and public-key cryptography and open (or quoting).Said security kernel can be realized a deciphering protector or a service unit.On the other hand, if the said platform support time isolates, then said security kernel will provide a deciphering protector, and realize said basic (operation) unlatching, general sealing and public-key cryptography unlatching (or quoting).
It should be noted that and to set up the function of quoting with the public-key cryptography unlatching based on sealing and open perhaps unlatching and general sealing basic operation.For example, manufacturer can be according at I
1The I that a realization is quoted or public-key cryptography is opened is made in middle general sealing that realizes and unlatching
2Program is also served as a main frame that is used for high-level software (for example, operating system).Said manufacturer can generate and seal the needed key of said service layer and it loaded together onto ship (or make its online available) with said equipment or CPU.
Below be the exemplary illustration that a series of hardware are implemented, this enforcement can make platform support verification operation.More high level with in the said system is the same, the I among lowermost layer Fig. 2
1) characteristic be: (a) secret keys resource, (b) have the right to visit the privilege sign indicating number of these keys and (c) controlled initialization of said layer.
Verification operation provides the strong constraint between program and the secret keys.In higher level, the protector in the lower level guarantees should constraint.In lowermost layer, do not have and to visit the secret potential software protecting device of said platform by gating.Therefore, another kind of engine is used to support said I
1Key and said I
1The association of program.A kind of approach of accomplishing this constraint is to make I
1Software becomes not platform microcode or the firmware that changes with manufacturing and makes said I
1Software is visited said I without restrictions
1Key.This platform microcode or firmware can be called as security kernel, and said I
1Key is called platform key.Said platform is designed to pass control to the predetermined safe core.The performance of said hardware also can be interpreted as the simple resource protector that discloses said platform key to said predetermined security kernel.
Said platform key and security kernel firmware can be the parts of said processor, also can utilize one or more assemblies of said computing equipment to realize (for example, safe handling itself or common processor, it also can carry out cryptographic operation).Said platform key and security kernel firmware can be implemented in an independent assembly, also can in a plurality of assemblies of said computing equipment, be implemented.
Utilize verification operation, program is activated in a controlled initial condition.In higher level, the program of in lower level, moving can begin in correct entrance to carry out.At I
1The place carries out this function by hardware.Usually, power supply rise or situation about resetting subsequently under, current processor begins to carry out by certain order of confirming.For example, under the situation the simplest, said processor starts peek and the actuating code from a predetermined memory unit.For I
1, program can be started by hardware in a controlled initial condition, and this hardware guarantees that said security kernel is the code of when starting, carrying out (as a part of confirming sequence).
In addition, there is not other platform status can destroy the execution of said security kernel.Reset and power supply rises to the cleared condition that said processor provides the good debugging of a firm process.As use in this example, the change that is used to start or calls the said platform status of said security kernel is called as a safety and resets.
In addition, equipment manufacturers will arrange the generation and the installation of platform key, and this key is used to realize I
1Sealing and unlatching.If said equipment is identified as the part of a PKI (public key infrastructure), said manufacturer is also with a public-key cryptography that guarantees to be used for said platform.This can be directly by I
1An employed platform key, or the key that higher level is used.
The generation of key and authentication are said CPU manufacturers or such as the responsibility of some other department of the OEM that said CPU is assembled into an equipment, in addition, said responsibility should have a plurality of parties to share
In case carry out said security kernel, then can use above-mentioned isolation engine to avoid itself execution at higher level place code.Isolation in the space generally includes the privileged mode support, and the isolation in the time generally includes the secret that is hidden in the high level.
On up-to-date processor, not needing the complementary platform support to come support space to isolate---existing privileged mode or level of privilege are enough (as long as allowing the hardware resource of the said platform key of visit can be protected to higher level).
For the support time isolates, the auxiliary said security kernel hidden said platform key before control being passed to higher level that allows of hardware.In said time isolation model, provide an approach of platform key safety to be to use the state protection circuit that is called as reset latch.Reset latch is one and has that unlatching resets subsequently or the hardware circuit of power supply rising characteristic, but any software at any time can both be closed said latch.In case be closed, the said latch state that just keeps shut resets or the power supply rising up to the next one.The platform of realizing a time isolation safe core will be controlled a platform key visit under the reset latch state, and said security kernel will be closed said latch before control being passed to higher level.As stated, said security kernel also will be taked extra action, for example before transmitting control, remove memory and register, but these action be identical with the use in upper.
If said platform usage space is isolated, then said security kernel uses the infringement of privileged mode with the program (for example operating system) avoiding himself and its platform key to receive it being received.And said security kernel is that calling of said verification operation set up a system call interfaces.
If said platform usage space is isolated, then said platform will comprise that also one can intactly be preserved that safety resets so that parameter sent to the memory of service routine.For calling a service, operating system is prepared an order and parameter block in the known memory cell of said security kernel, and carries out a safety and reset.If said operating system hope to continue to carry out follow-up service call (with one simply restart relatively), then this operating system and the said security kernel measurement that will add, with guarantee its by reliable with carry out safely.
Verification operation described here can be used to the fail safe of multiple setting, and the service data of for example protecting personal data to avoid virus, protection secret is avoided network attack, network management, copy protection, reliable Distributed Calculation or the like.Said verification operation allows different programs, and these programs can be carried out on same computer and not need a special relation of trust, with the encrypt asset that has nothing to do with other software of protecting them.
Some following argumentations relate to a SSP (security services processor).In one embodiment, a SSP is a processor (being used for a computing equipment), and this processor provides the secret on basis to serve to a computing equipment (for example, said SSP support gating function (for example, the layer I among Fig. 2 described here
1)).Said SSP can use key, have that one or more said SSP just have (or be considered to just have) key.Said SSP can be the part of the CPU of said equipment, or one or more other processor.For example, said SSP can be separating chips or the integrated circuit (IC) in the computing equipment.
In different embodiment,, a SSP is the software program that a quilt is suitably isolated, the embodiment of this program before equally discloses the caller to it with identical functions.The embodiment of said SSP can (directly or indirectly) access encrypted key.For this visit is provided, there are many enforcement options to exist.For example, said SSP can be invoked at service or the deciphering protector in the lower level.Perhaps said SSP can exclusive visit comprises certain part of the permanent memory (for example, hard disk, flash memory, ROM or the like) of the key of being asked.
In a word, in a higher level, a SSP defines by being exposed to main functions.The protector (as stated) that SSP is an addressable key.Said SSP uses these keys to provide cryptographic services to its caller.Following part will be described the exemplary functions that SSP embodies
Example operation
It below is argumentation to the embodiment of enclosed storage operation and remote validation operation.This part is explained the embodiment of above-mentioned sealing, unlatching, application and public-key cryptography open operation.
Following being defined in this part used:
| Name | Type | Explanation |
| Summary | Byte [20] | 160 place values.The normally output of a SHA-1 hash function operation. |
| Secret | Byte [32] | 256 place values.Normally one is closed or is disclosed the secret that key seals. |
| Ordinal number | Integer | The ownership of the said operation of ordinal number component recognition of each input and output structure also confirms whether it is one and inputs or |
| K | ||
| M | 256 keys | The key that is used for the |
| K | ||
| S | 256 keys | Be used to the AES key that seals and open |
| K U | 2048 * 3 | The RSA key that is used for the public-key cryptography unlatching is right |
| K Q | 2048 * 3 | The RSA key that is used to quote is |
| R | ||
| 128 | Random number |
In addition, this part relates to that access strategy relates to and the part of back relates to the constraint key operation.Said access strategy describes when said specific operation is functional (that is, when they will work).The user of a computing equipment optionally cuts off certain function.For example, said computing equipment (for example, SSP who realizes said " locked in " operation) comprises a register that is called as FeatureEnable.A position in the said register is called as MainEnable.If said user is provided with MainEnable for false, then in these parts, there is not function can work again.Which type of FeatureEnable the access strategy that each function comprises has been described at is provided with said function just to work.
Sealing
Definition
SSP_STATUS?Seal(
[in]SECRET?S,
[in]DIGEST?Targe[2],
[in]UNIT32?MaxLen,
[out]UNIT32*ActualLen,
[out]BYTE*SealedBlob
)
Parameter
Seal-Input::= SEQUENCE{
Ordinal INTEGER,
Secret Secret,
Target DigestPair}
Seal-Output::= SEQUENCE{
Ordinal INTEGER,
Status INTEGER,
Sealed-bolb OCTET?STRING}
Return value
SSP_SUCCESS
Note
If followingly be evaluated as very, then said " locked in " operation forms can only be by a pass point (one group of position) of corresponding open operation deciphering:
● it is correct to encode?
● is MAC correct?
● does the current SK/SL of target by name (security kernel or the city preface of packing into safely) move during said " locked in " operation?
Unlatching has increased internal random property so that the output of the " locked in " operation in the same input causes different results.This guarantees that unlatching can not be used as a hardware device identifier and use.Open the identifier that also comprises a program; When carrying out said sealing when providing complete information to said opening device; The said " locked in " operation of this routine call (for example, be kept at the summary of the caller in the PCR register of said SSP, also be called as the PCR value here).
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsesymmKey==All|
FeatureEnable.UseSymmKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Said " locked in " operation is realized following function:
1. generate 128 random number R
2. make D () become the currency of said PCR [0], D1=PCR [1]
3. M=HMAC [K makes a summary
M] (R||S||target||D0||D1)
4.C=AES[K
S](R||S||Target||D0||D1||M)
5. return the SSP_SUCCESS that has SealedBlob and give C
Open
Definition
SSP_STATUS?Unseal(
[in]BYTE*SealedBlob,
[in]UINT32?SealedBlobLen
[out]SECRET?S,
[out]DIGEST?Source
)
Parameter
Unseal-Input::= SEQUENCE{
Ordinal INTEGER,
Sealed-blob?OCTET?STRING}
Unseal-Output::=?SEQUENCE{
Ordinal INTEGER,
Status INTEGER,
Secret Secret,
Source Digest}
Return value
SSP_SUCCESS
SSP_UNSEAL_ERROR
Note
The point that one of the inner deciphering of said open operation is generated by said " locked in " operation is also checked following condition
● it is correct to encode?
● during said " locked in " operation, be the currency of the said PCR of target by name?
If all successes of all inspections, the PCR of then said secret and said locking device is returned; Otherwise return a UNSEAL_ERROR.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsesymmKey==All|
FeatureEnable.UseSymmKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Said open operation is carried out following function:
1.M=AES-1[K
S](SealedBlob)
2. M is interpreted as (BIT [128] R||SECRET S1||DIGEST
Target()||DIGEST?Target1||DIGEST?Sealer()||DIGEST?Sealer1||
DIGEST?N).
3.DIGEST?D=HMAC[K
M](R||S1||Target()||Target1||
Sealer()||Sealer1).
4.If?(Target()!=PCR[0]||Target1!=PCR[1])return
SSP_UNSEAL_ERROR?with?S,Source?set?to?zero.
5.If?D!=N?return?SSP_UNSEAL_ERROR?with?S,Source?set?tozero.
6.Else?return?SSP_SUCCESS?with?S?set?to?S1?and?Souce?set?to
{Sealer(),Sealer1}.
Quote
Definition
SSP_STATUS?Quote(
[in]BITSTRING?d-ext,
[out]PKSingnature?SigBlob
)
Parameter
Quote-Input::={
Ordinal INTEGER,
d-ext DIGEST}
Quote-output::={
Ordinal INTEGER,
Status INTEGER,
Sig-blob PKSignature}
Return value
SSP_SUCCESS
SSP_CRYPTO_ERROR
Note
Said referencing operation indicates said SSP that the D-EXT that is provided by the outside was signed with being connected of inner PCR value.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable?UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Said referencing operation is carried out following function:
1. said SSP constitutes an information M who is made up of the splicing of the content of identifier, D-EXT and the said PCR register of type of message QuoteMessage, under DER (special coding rule) coding situation:
SEQUENCE{
Message-type?PKMessage?Type,
d-ext Digest
pcr DigestPair
}
2. said SSP uses K
Q, PRIV and according to as the default value of the RSASSA-PSS-SIGND that in PKCS#V02.1, stipulates generate the message of signature through M.If said function returns an error message, then return and have the SSP_CRYPTO_ERROR that is set as zero SigBlob.
3. said SSP returns SSP_SUCCESS and said signature value, and this signature value is just to calculate rSASSA-PSS-Default-Identifier with the signature that is arranged in SigBlob to calculate together.
Public-key cryptography is opened
Definition
SSP_STATUS_PK_Unseal(
[in]PKCiphertext?SealedBlob,
[out]SECRET?Secret,
)
Parameter
PKUnseal-Input::={
Ordinal INTEGER,
Pk-sealed-blob PKCiphertext}
PKUnseal-output::={
Ordinal INTEGER,
Status INTEGER,
Secret Secret}
Return value
SSP_SUCCESS
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
Note
Said public-key cryptography open operation adopts pass point one 416 bit length, special format.This point is deciphered, and if said deciphering and decoding successfully, then said 416 information are interpreted as the splicing of a secret value and said PCR value, and this splicing is allowed to receive said decrypted value.
If current PC R value equates with the value of defined in said secret point, then discloses said secret; Otherwise return an error message.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Said referencing operation is realized following function:
1. whether the said algorithm identifier that said SSP detects among the pk-seales-blob is ssp V1BoundKey.
2. said SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that in PKCS, stipulates.
3., then return the SSP_BAD_DATA_ERROR that has by the secret of zero setting if the output of said decode operation is " decoding error ".
Otherwise, the information M that is recovered will have the following form according to DER coding:
SEQUENCE{
Message-type?PKMessage?Type,
secret Secret
target Digest}
And secret is made up of 256 (=32 eight bit bytes), and target is made up of 160 (=20 eight bit bytes).Said type of message is sspV1PKSealedMessage.If any one of these conditions is not satisfied, then return the SP_BAD_DATA_ERROR that has by the secret of zero setting.
=PCR returns the SP_BAD_DATA_ERROR that has by the secret of zero setting.
2. if target==PCR returns the SP_SUCCESS that has by the secret of zero setting.
The constraint key operation
In addition, one group retrains key function or local setting of operation permission and evaluation encryption key (for example, utilizing SSP), and also allows key to communicate (for example, propagating into said SSP) from the remote portion of being trusted.
The function of constraint key is represented as follows:
1. (for example, SSP) directly visit one and retrain key at a service protector at certain system layer place.Each constraint key has a correlated condition, and this condition confirms that which (a bit) protector can visit said constraint key.This condition is impliedly explained.That is, said constraint key is encrypted, so that only one or more groups protector utilizes said key to go to decipher it.
2. the service protector that said constraint key is conducted interviews will ask to use the function of said constraint key (for example, signature, MAC, encryption, deciphering) to disclose to the main body in higher level.Each constraint key can have a relevant service condition, and in this case, said protector will only be served the request of satisfying correlated condition.
3. the constraint key is comprised in the data structure of encrypted protection (also relating to the constraint key point here).The self-protecting of constraint key point also can be stored in the outside trusted context.
The constraint key has advantage:
● each main body can be allowed to have the constraint key of oneself.And each main body can be allowed to have any a plurality of constraint key.For more superior prevention policies, this allows to be provided with in some applications and to improve secret.Therefore, protector need not be confined to have and is used to serve only one or several key from the request of whole main bodys.
● said constraint key does not disclose to the device except that authorized protector.Therefore, the infringement of a main body (for example, because a program error) will can not cause the infringement of any constraint key.In one embodiment, said service protector (SSP) is realized with the form of hardware.If so, the constraint key can be owing to software malice or that do not strive for is compromised.
Said constraint key function provides the protection to encryption key.The constraint key can be generated by remote portion, or they can be provided with by local through the GenBoundKey order.
Can be sent one " quoting " by the local constraint key that generates proves; This proof can be used to remote portion provide said public-key cryptography type proof, generate Key Tpe proof, generate during proof and the proof that retrains the condition (optional) (for example, summary) of said key of machine state
The constraint key comprises one or more following key elements:
● the purposes of said key (for example, public-key cryptography unlatching, the deciphering of constraint public-key cryptography, constraint MAC, constraint encryption or constraint deciphering are quoted, retrained in constraint signature, constraint).This key element is optional.If comprised that this key element is defined as said constraint key can only be used together with the type function that is identified.
● a condition element (as stated), it is defined in said constraint key just can be used under which kind of condition (also being called as constraint key service condition).For example, can use the said condition of formal representation of one or more program digest.In this case, the program that said constraint key must designated summary or its represent use.Another example of condition comprises aforesaid time-constrain, logical formula and executable program.This key element is optional.If this key element is left in the basket, just certain implied terms is launched.For example, said implied terms can not limit the visit (empty condition) to said constraint key.
● allow to calculate encryption key (said constraint key) or some data of said key.
● (aforesaid) one or more conditions under this condition, can change the service condition of said constraint key.This change also is called as the constraint key migration, and this condition is a transition condition.This key element is optional.If this key element is left in the basket, just certain implied terms is launched.For example, said implied terms can " be false " always, to such an extent as to said summary (if existence) can not be modified
● one or more conditions, under this condition, one group of service protector can directly visiting said constraint key can be modified.This change also is called as constraint key output, and this condition is an output condition one by one.This key element is optional.
The encipherment protection of constraint key
(sealing, unlatching, public-key cryptography are opened) enclosed storage as above-mentioned has identical encryption requirement with proof function, constraint key.Particularly, the local constraint key that generates can be protected by arbitrary encryption execution of above-mentioned storage and retrieval functions.In all cases, the confidentiality of said constraint key self and the integrality of whole data structure are able to protection, with the use of guaranteeing to control said constraint key different condition be not destroyed.As stated, this can or have MACs or the difference of the public key encryption algorithm of digital signature combines to realize through symmetric cryptography.In one embodiment, said constraint key data structure is disclosed secret key encryption.
Function
In certain embodiments, the constraint key can be used to one or more array functions down:
● BoundSign (constraint signature)
● BoundQuote (constraint is quoted)
● BoundPKDecrypt (deciphering of constraint public-key cryptography)
● BoundPKUnseal (the constraint public-key cryptography is opened)
● BoundMAC (constraint Message Authentication Code)
● BoundEncrypt (constraint is encrypted)
● BoundDecrypt (constraint deciphering)
● GenBoundKey (universal constraining key)
● BoundKeyMigrate (constraint key migration)
● BoundKeyExport (output of constraint key)
In each above-mentioned function, said constraint key point (one group of position in the said data structure) and be included in the operated said data of key in the said constraint key point and be provided for the constraint key function with the form of parameter.If the use unit of this key is included in the said constraint key point; Then said SSP guarantees that said constraint key is used to correct purpose (for example, a set key of type " BoundQuoteKey " can only be used in the BoundQuote operation).
In some were carried out, said constraint key was an open/right private key of private key.In these were carried out, said constraint key point can comprise said private key, allowed to calculate some data of said key in other words.For example, a private key section can be included in the said constraint key point, and this key sections combines with corresponding public-key cryptography, can be used to reconstruct said open/the right private key of private key.
Said BoundSign operation receives a data input that will be used said constraint key signature.Said SSP recovers said dedicated signatures key according to said constraint key point, uses said recovery signature key then and generates a digital signature information based on said data input.Said then SSP exports said digital signature information.If said constraint key point is destroyed or any said constraint key service condition is unsatisfactory, then said SSP does not carry out said operation.Under not by the situation of the private key that said SSP retrieved, use said recovery private key that digital signature is carried out in said data input.
Said BoundQuote operation receives the data that will be signed and the constraint key point as input.Said SSP recovers said private key and uses said recovery signature key to generate based on a signature like the described data input to said operation of above-mentioned referencing operation and current PC R value (for example, identifier, such as a summary that calls the program that said BoundQuote operates) from said constraint key point.Said then SSP exports said digital signature information.If said constraint key is destroyed or said constraint key service condition is not satisfied, then said SSP does not carry out said operation.In an enforcement, said BoundQuote class of operation is similar to said BoundSign operation, but its difference is that current PC R value is used in said BoundQuote operation.
Said BoundDecrypt operation receives a ciphertext and the constraint key point as input.Said SSP recovers said private key according to stating constraint key point, uses said recovery private key to go to decipher said input ciphertext then.Said then decrypting ciphertext is exported by said BoundPKDecrypt operation.If said constraint key is destroyed or any said constraint key service condition is unsatisfactory, then said SSP does not carry out said operation.
Said BoundPKUnseal operation receives an input ciphertext and a constraint key point.Said SSP recovers said private key from said constraint key point, and as the same in above-mentioned said public-key cryptography open operation, uses this private key to go to decipher said input ciphertext.Then, the said data decryption of said BoundPKUnseal operation output.If said constraint key point is destroyed or said constraint key service condition is not satisfied, then said SSP does not carry out this operation.
Said BoundMAC operation receives a data input of using said its MAC of constraint key calculation.Receive a constraint key point.If said constraint key point is destroyed or said constraint key service condition is not satisfied, then said SSP does not carry out said operation.Otherwise said SSP recovers said constraint key according to said constraint key point, and the data input of the constraint key that is resumed through use generates a Message Authentication Code (MAC).Then, the MAC after said SSP output is calculated.Therefore, under the situation of the constraint key that is not disclosed, can use recovery constraint key to calculate a MAC who is used for the data input by said SSP.
Said BoundEncrypt operation receives a data input, and it can use said constraint key to encrypt, and also receives a constraint key point.If said constraint key point is destroyed or said constraint key service condition is not satisfied, then said SSP does not carry out said operation.Otherwise said SSP recovers said constraint key according to said constraint key point, and uses said recovery constraint key to encrypt said data input.Ciphertext after said SSP output is calculated.Therefore, under not by the situation of the constraint key that said SSP disclosed, can use recovery constraint key to decipher said data input.
Said BoundDecrypt operation receives a data input, and it can use said constraint key to be deciphered, and receives a constraint key point.If said constraint key point is destroyed or said constraint key service condition is not satisfied, then said SSP does not carry out said operation.Otherwise said SSP recovers said constraint key according to said constraint key point, recovers the constraint key then and deciphers said data input.Plaintext after said then SSP output is calculated.Therefore, under not by the situation of the constraint key that said SSP disclosed, can use recovery constraint key to decipher said data input.
Said GenBoundKey operation makes said SSP that a new constraint key is set.This new constraint key is a cryptographic key, and generates a new constraint key point that comprises newly-generated key.Clearly, said constraint key point needn't comprise whole key always.For example, if newly-generated key be one open/private key is right, comprises in said constraint key point that then said private key is just enough.
Said new constraint key point must be one or more protectors---the SSP that normally carries out said operation is (for example; Be similar to above-mentioned storage function; The said new constraint key point of encipherment protection, on the contrary perhaps maintain secrecy said new constraint key point so that its can only be retrieved by said SSP).Said GenBoundKey operation also can have the parameter of confirming said new constraint key point various aspects; And the form of describing data one Global Macros of these parameters (for example is attached to said newly-generated private key; Generate data, as the part of said new constraint key point) on.As stated, an example as this data comprises said transition condition and said constraint key service condition or the like.Said then new constraint key point is exported by said GenBoundKey operation.
Usually, a constraint key can make the cryptographic key of any kind, comprises that a symmetric key or one are open---and private key is right.Accurately Key Tpe relies on the constraint key operation of using this Key Tpe.For example, in BoundMAC, use one constraint key will as one to becoming key, otherwise, a constraint key that in BoundSign, uses will as one open/the dedicated signatures key is right.Said Key Tpe can be defined as the parameter of GenBoundKey.
Said BoundKeyMigrate operation allows the service condition of a constraint key to be modified.Said SSP verifies whether one or more transition conditions are modified.In a plurality of conditions any one can be used (for example, be similar to the above-mentioned any condition about said sealing and open operation, when this condition can be discerned and/or which kind of data can be moved) together with said BoundKeyMigrate operation.If successfully carry out and should verify that then said protector was provided with a new constraint key point, constraint key service condition wherein can be changed according to request.
The said SSP of said BoundKeyExport operation indication removes to change the one group of protector (SSP) that can directly visit said constraint key.Said SSP verifies whether one or more conditions are satisfied.In a plurality of conditions any one can be used (for example, be similar to the above-mentioned any condition about said sealing and open operation, when this condition can be discerned and/or which kind of data can be moved) with said BoundKeyExport operation.If successfully do not make this checking, said operation failure.If successfully carried out this checking, then said SSP is according to the encipherment protection of request change to said constraint key point.In one embodiment, said SSP uses one or more new keys to encrypt said constraint key.
The maker of said constraint key (local or remotely) but one type of example of rated condition is said constraint key can only represented its program digest to have a main body of a special value and be used.In this case, after the retrieval of the inside of said constraint key point, if the summary of said constraint key operation inspection request body is and said summary and regulation in said constraint key point different, then inefficacy and do not carry out additional calculations.
So that the cryptographic operation that continues, said constraint key point is usually by connection or be bound on the specific SSP by means of unique key of the said specific SSP of request.For example, this operation can be MAC, digital signature, encryption, combined ciphering and integrity verification function.
Constraint key operation instance
In one embodiment, prove by the output that authorized organization issued through local migration proof or one and authorize a migration.This local migration proves an acquiescence based on the RSASSA-PSS-SIGN of following data structure:
Bound-migration-info::=SEQUENCE{
Source-bound-blob-digest?Digest,
Dest-PCR DigestPair
}
Use said BoundKeyMigrate to operate and ask local SSP migration.In order to authorize local migration, said SSP is provided a Bound-migration-info structure, and this structure relates to this constraint key and to a proof that suitably forms by structure that said authorized organization provided.If said migration proves acceptable, said SSP utilizes unchanged all other attributes of residue to retrain the key relevant with new PCR (for example, if initial unqualified said close medicine is a PCR value, just no longer like this when limiting again) again.Said source-bound-blob-digest is the summary by the external encryption form of said constraint key.
Realize said remotely migrating through for example having by the said BoundeyExport function of the Bound-export-info structure of said authorized organization signature:
Bound-export-info::=SEQUENCE{
Source-bound-blob-digest Digest
Dest-pubkey RSAPublicKey
Dest-PCR DigestPair
}
When a key was labeled to such an extent that can export, said authorized organization was in its key fully and receives under the said equipment or control of software that retrains again.
Said constraint key operation is used a PKCiphertext, and it is to use an encrypted type B ound-Key-blob sequence of following platform public encipherment key:
Bound-key-blob::= SEQUENCE{
Message-type PKMessageType,
Key-type Bound-key-type,
Bound-to-PCR BOOL,
Bound-to DigestPair,
Migrateable Bool,
Migrate-auth Digest,
Exportable Bool,
Export-auth Digest,
Pub-key-digest Digest,
Bound-key PKCmpressedPrivateKey}
Wherein:
Bound-key-type::=?INTEGER{
BoundSignKey,
BoundQuoteKey
BoundDecryptKey,
BoundPKUnsealKey}
Said bound-to-PCR composition is a mark, and this mark points out whether said bound-to abstract fields is complementary so that use said constraint key with current PC R value.{ migrateable, migrate-auth} point out whether said key is transportable, if then receive the control (if not transportable, just then said migrate-auth value is inessential) of certain authority.{ exportable, export-auth} point out whether said value is exportable, if then receive the control (if not exportable, just then said export-auth value is inessential) of certain authority.Pub-key-digest is the summary of corresponding public-key cryptography, recovers the required strong combination of said private key between said PKCompressedPrivateKey and said public-key cryptography, to provide one.
In an example; If come the local constraint key of creating through said GenBoundKey function, then said SSP creates a signature to auspicious data structure and the said system configuration of stating the open characteristic of said key that has just produced between constraint key period of output.
Bound-key-pub-info::= SEQUENCE{
Message-type PKMessageType,
//sspV1?BoundKeyGenMessage
sig-nonce Digest,
key-type Bound-key-type,
bound-to-PCR BOOL,
bound-to DigestPair,
migrateable Bool,
migrate-auth Digest,
exportable Bool,
export-auth Digest,
creator-PCR DigestPair
bound-pub-key Digest}
In this data structure, key-type, bound-to-PCR, bound-to, migrateable, migrate-auth, exportable and export-auth are the characteristics of the constraint key of newly-generated key.Creator-PCR is at the effective PCR of output during said key, and bound-pub-key is the summary of newly-generated public-key cryptography.Signonce is the said digest-sized value of when the request public-key cryptography generates, being transmitted.
Said BoundSign, BoundQuote, BoundPKDecrypt, BoundPKUnseal, GenBoundKey, the typical definition of BoundKeyMigrate and BoundKeyExport operation is following:
BoundSign
Definition
SSP_STATUS_BoundSign(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?PubPartOfBoundKey,
[in]BITSTRING?DataToBeSigned
[out]PKSignature?sig-blob
)
Parameter
BoundSign-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Data-to-be-signed OCTET?STRING}
BoundSign-output::={
Ordinal INTEGER,
Status INTEGER,
Sig-blob PKSignature}
Return value
SSP_SUCCESS
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
SSP_UNSEAL_ERROR
Note
The plaintext of type sspV1 BoundKey is taked in said BoundSign operation, and this expressly comprises a BoundKeyBlob and the corresponding public-key cryptography of type B oundSignKey.If any one in these conditions is not satisfied, or the not successfully decoding of said sequence, then said operation failure returns SSP_CRYPTO_ERROR.
If Bound-to-PCR is set, whether then said SSP inspection current PC R value is identical with regulation in said Bound-key-blob sequence.If not, then said SSP returns SSP_CRYPTO_ERROR.
At last, said SSP utilizes said deciphering private key that said input information is signed.
Access strategy
Allowed=FeatureEnable.MainEnable&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UseSummKey)
Effect
Following function is carried out in said BoundSign operation:
1. whether the said algorithm identifier that said SSP detects among the pk-seales-blob is ssp V1BoundKey.
2. state the default value inner deciphering SealedBlob of SSP, obtain a clear-text message M according to the RSAES-OAEP-DECRYPT that in PKCS# 1 V2.1, stipulates.
3., then return the SSP_CRYPTO_ERROR that has by the secret of zero setting if the output of said decode operation is " decoding error ".
Otherwise, the information M of recovery will be DER coding that has the Bound-key-blob form of type B oundSignKey.If not, then said SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then said bound-to will compare with current PC R value.If said value is inequality, then said SSP will export SSP_CRYPTO_ERROR.
6. said then SSP uses the relevant public-key cryptography that is provided to recover said constraint private key.If failure, then said SSP returns SSP_CRYPTO_ERROR.If success, then said SSP carries out, uses said recovery private key bound-key to generate a signing messages based on said input information DataToSigned according to the acquiescence of the RSASSA-PSS-SIGN of defined among the PKCS# 1 V2.1.
7. return SSP-SUCCESS
BoundQuote
Definition
SSP_STATUS?BoundQuote(
[in]PKCiphertext?BoundKeyBlob,
[in]DIGEST?DataToBeSigned
[out]PKSignature?sig-blob
)
Parameter
BoundQuote-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Data-to-be-quoted Digest}
BoundQuote-output::={
Ordinal INTEGER,
Status INTEGER,
Sig-blob PKSignature}
Return value
SSP_SUCCESS
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
SSP_UNSEAL_ERROR
Note
The open plaintext of type sspV1BoundKey is taked in said BoundQuote operation, and this expressly comprises the BoundKeyBlob of type B oundQuoteKey.If any one in these conditions is not satisfied, or the not successfully decoding of said sequence, SSP_CRYPTO_ERROR then produced, operation failure.
If Bound-to-PCR is set, then said SSP inspection current PC R value whether with in said Bound-key-blob sequence, stipulate identical.If not, then said SSP returns SSP_CRYPTO_ERROR.
At last, said SSP quotes the input message with said deciphering private key.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in said BoundQuote operation:
1. whether the said algorithm identifier that said SSP detects among the pk-seales-blob is ssp V1BoundKey.
2. said SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that in PKCS# 1 V2.1, stipulates.
3., then return the SSP_CRYPTO_ERROR that has by the secret of zero setting if the output of said decode operation is " decoding error ".
Otherwise, the information M of recovery will be DER coding of Bound-key-blob form, have type B oundSignKey.If not, then said SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then said bound-to will compare with current PC R value.If said value is inequality, then said SSP will export SSP_CRYPTO_ERROR.
6. then, said SSP uses recovery private key section and public-key cryptography with the said private key of reconstruct.Said private key can be as follows by reconstruct.Usually, RSA key is formed by counting N=p*q (N is the product of two prime number p and q) and two exponent e (encryption exponent) and d (decryption exponent).N and e form said public-key cryptography; D is said private key.Usually, the length of d and N identical (for example, 2048).If the factorization of N is known (that is, if p and q are known), then said private key d can be confirmed easily.Notice that p and q have only half of N.So we store p rather than d as said private key.Then, owing to provided public-key cryptography N, e and p, thus can calculated value q=N/p, then, value d provides p and q definitely.
According to the explanation in the said referencing operation of top definition, said private key is used to produce signature information to said input information DataToBeSigned and said current PC R then.If said function returns an error message, then return the SSP_CRYPTO_ERROR that has by the SigBlob of zero setting.
7. return SSP-SUCCESS
BoundPKDecrypt
Definition
SSP_STATUS?BoundPKDecrypt(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?BoundPubKey,
[in]PKCiphertext?DataToBeDcerypted
[out]Secret?decrypted?Data
)
Parameter
BoundSign-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Pk-sealed-blob PKCiphertext}
BoundPKDecrypt-output::={
Ordinal INTEGER,
Status INTEGER,
d-blob Secret}
Return value
SSP_SUCCESS
SSP_UNSEAL_ERROR
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
Note
The public-key cryptography plaintext of type sspV1BoundKey is taked in said BoundSignPKDecrypt operation, and this expressly comprises the BoundKeyBlob of type B oundDecryptKey.If any one in these conditions is not satisfied, or the not successfully decoding of said sequence, then said operation failure returns SSP_CRYPTO_ERROR.
If Bound-to-PCR is set, whether then said SSP inspection current PC R value is identical with regulation in said Bound-key-blob sequence.If not, then said SSP returns SSP_CRYPTO_ERROR.
At last, said SSP is used to decipher said input information from the said deciphering private key of said bound-blob.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in said BoundPkDecrypt operation:
1. whether the said algorithm identifier that said SSP detects among the pk-seales-blob is ssp V1BoundKey.
2. said SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that in PKCS# 1 V2.1, stipulates.
3., then return the SSP_CRYPTO_ERROR that has by the secret of zero setting if the output of said decode operation is " decoding error ".
Otherwise, the information M of recovery will be DER coding with Bound-key-blob form of type B oundSignKey.If not, then said SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then said bound-to will compare with current PC R value.If said value is inequality, then said SSP will export SSP_CRYPTO_ERROR.
6. said SSP uses the public-key cryptography that is provided to recover said private key.This private key can be resumed as above-mentioned in the BoundQuote operation.Use the default value of the RSAES-OAEP-DECRYPT that in PKCS# 1 V2.1, stipulates to recover special-purpose bound-key then,, obtain a clear-text message M to decipher said pk-sealed-blob.
7. it is M that said SSP is provided with d-blob.
8. return SSP-SUCCESS
BoundPKUnseal
Definition
SSP_STATUS?BoundPKDecrypt(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?BoundPubKey,
[in]PKCiphertext?DataToBeUnsealed
[out]Secret?decrypted?Data
)
Parameter
BoundSign-Input::={
Ordinal INTERGER,
Bound-key BoundKeyBlob,
Bound-pub-key RSAPublicKey,
Pk-sealed-blob PKCiphertext}
BoundPKDecrypt-output::={
Ordinal INTEGER,
Status INTEGER,
d-blob Secret}
Return value
SSP_SUCCESS
SSP_UNSEAL_ERROR
SSP_CRYPTO_ERROR
SSP_BAD_DATA_ERROR
Note
The public-key cryptography plaintext of type sspV1BoundKey is taked in said BoundSignPKDecrypt operation, and this expressly comprises the BoundKeyBlob of type B oundDecryptKey.If any one in these conditions is not satisfied, or the not successfully decoding of said sequence, SSP_CRYPTO_ERROR then produced, said operation failure.
If Bound-to-PCR is set, whether then said SSP inspection current PC R value is identical with regulation in said Bound-key-blob sequence.If not, then said SSP returns SSP_CRYPTO_ERROR.
At last, said SSP uses the PK_Unseal unlatching to have the input message from the said deciphering private key of said bound-blob.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in said BoundPkUnseal operation:
1. whether the said algorithm identifier among the said SSP inspection pk-seales-blob is ssp V1BoundKey.
2. said SSP obtains a clear-text message M according to the inner deciphering of the default value SealedBlob of the RSAES-OAEP-DECRYPT that in PKCS# 1 V2.1, stipulates.
3., then return the SSP_CRYPTO_ERROR that has by the secret of zero setting if the output of said decode operation is " decoding error ".
Otherwise, the information M of recovery will be DER coding that has the Bound-key-blob form of type B oundSignKey.If not, then said SSP will send SSP_CRYPTO_ERROR.
5. if bound-to-PCR is true, then said bound-to will compare with current PC R value.If said value is inequality, then said SSP will export SSP_CRYPTO_ERROR.
6. said SSP uses said constraint key point to rebuild said private key.Said private key can be resumed as above-mentioned in said BoundQuote operation.Use the step of in said PK_Unseal order, describing then and use the special-purpose constraint of said recovery key to open said pk-sealed-blob.
7. if PCR that in said opening point, names and current PC R do not match, then said SSP returns SSP_CRYPT0_ERROR.
Otherwise, it is M that said SSP is provided with d-blob.
9. return SSP-SUCCESS.
GenBoundKey
Definition
SSP_STATUS?GenBoundKey(
[in]BoundKeyType?KeyType,
[in]BOOL?BoundToPcr,
[in]DIGEST?BoundTo[2],
[in]BOOL?migrateable,
[in]DIGEST?migrationAuthority,
[in]BOOL?exportable,
[in]DIGEST?exportAuthority,
[in]DIGEST?SigNonce,
[out]BoundKey?bound-key,
[out]PKPublickey?newPubKey,
[out]PKSignature?boundKeyQuoteBlob
)
Parameter
GenBoundKey-Input::={
Ordinal INTEGER,
Key-type Bound-key-type,
Bound-to-pcr BOOL,
Bound-to DigestPair,
Migrateable BOOL,
Migrate-auth Digest,
Exportable BOOL,
Export-auth Digest,
Sig-nonce Digest
}
GenBoundKey-output::={
Ordinal INTEGER,
Status INTEGER,
Bound-blob PKCiphertext,
Bound-pub RSAPublicKey,
Sig-blob PKSignature}
Return value
SSP_SUCCESS
SSP_BAD_DATA_ERROR
Note
Said GenBoundKey operation makes said SSP generate a new constraint key point that comprises newly-generated private key.Said constraint key point is utilized the public key encryption of said SSP oneself
What GenBoundKey exported also that the right public-key cryptography of said newly-generated key, one point out that said SSP generates said key quotes signature, its characteristic and said PCR value when generating said key.
The caller of GenBoundKey is also indicated the constraint Key Tpe that will be generated: whether it is used to is signed, quote, the unlatching of BoundPKUnseal, or the deciphering of BoundPKDecrypt.Said caller stipulates also whether said constraint key is restricted to a PCR, if said PCR value is defined.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in said GenBoundKey operation:
1. said SSP produces one, and new to disclose special-purpose RSA key right.Otherwise when said SSP was in the free time, it is right that said SSP can generate key alternatively, and one of storage is used for the directly little memory block of key of retrieval in nonvolatile memory.
2. said SSP is inner generate other parameter of comprising newly-generated private key, said constraint Key Tpe and providing by said caller a constraint key structure.
3. said SSP utilizes said platform public encipherment key to encrypt said constraint key point.
4. said SSP generates the signature points of a bound-key-pub-info, and this signature points is included in that key is created and creates the characteristic of key and the value of said PCR earlier when providing.
5. said SSP exports said encryption constraint key point, newly-generated public-key cryptography and the said key point of quoting.
6. return SSP_SUCCESS.
BoundKeyMigrate
Definition
SSP_STATUS?BoundKeyMigrate(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?PubPa?rtOfBoundKey,
[in]BOUND_MIGRATION_INFO?MifrationInfo,
[in]RSA_SIG?SigOnMigrationInfo
)
Parameter
GenBoundKey-Input::={
Ordinal INTEGER,
Migration-info Bound-migration-info,
Migration-pubkey RSAPublicKey,
Migration-auth PKSignature
}
GenBoundKey-output::={
Ordinal INTEGER,
Status INTEGER,
Re-bound-blob PKCiphertext,
}
Return value
SSP_SUCCESS
SSP_BAD_DATA_ERROR
Note
The said SSP of said BoundKeyMigrate operational order is connected to said key on the different PCR value with a controlled manner again.Initial key generator, be Local or Remote key generator name migration authorized organization.Only being labeled as transportable constraint key can be moved, and has only that these keys could be moved when said SSP is provided with a suitable signature Boundmigration-info structure.Suitably the device of signature utilizes its summary to be included in the public-key cryptography signature in the said constraint key point.Remaining constraint key attribute is not modified.
Access strategy
Allowed=FeatureEnable.MainEnable&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in said BoundKeyMigrate operation:
1. said SSP deciphers said constraint key structure and it is interpreted as the close main points of constraint in inside.If said decoding failure, then said SSP returns SSP_CRYPTO_ERROR.
2. said SSP confirms that Bound-export-info relates to same key, said signature is suitably formed and the summary of said signer's public-key cryptography is identical with the name in " transportable " territory of said constraint key point.
3. said SSP checks the transportable property of said key.If not transportable, then said SSP returns SSP_CRYPO_ERROR.
4. if said key is restricted to a PCR, whether then said SSP inspection current PC R is that in said key point, named.
5. said SSP is utilized in the value of naming in the target P CR territory section of said Bound-migration-info and replaces said PCR value.
6. said SSP encrypts said constraint key point again, and exports said structure of encrypting again.
7. return SSP_SUCCESS.
BoundKeyExport
Definition
SSP_STATUS?BoundKeyExport(
[in]PKCiphertext?BoundKeyBlob,
[in]RSAPublicKey?PubPartOfBoundKey,
[in]BOUND_Export_INFO?ExportInfo,
[in]RSA_SIG?SigOnMigrationInfo
[out]PKCipherText?ReBoundBlob
)
Parameter
BoundKeyExport-Input::={
Ordinal INTEGER,
Bound-key PKCipherText,
Bound-pub-key RSAPublicKey,
Export-info Bound-export-info
Export-auth PKSignature
}
GenBoundKey-output::={
Ordinal INTEGER,
Status INTEGER,
Re-bound-blob PKCiphertext,
}
Return value
SSP_SUCCESS
SSP_BAD_DATA_ERROR
Note
The said SSP of said BoundKeyExport operation indication will retrain key with a controlled manner a private part with said resource apparatus on the corresponding to form of constraint key export to a long-range mechanism.Initial key generator, i.e. the said output of Local or Remote key generator name authorized organization.Only being marked as exportable constraint key can be exported, and has only when said SSP is provided with the Bound-export-info structure of a correct signature, and these constraint keys are just exported.Suitably the device of signature utilizes its summary to be included in the public-key cryptography signature in the initial constraint key point.BoundkeyExport allows the caller regulation of appropriate authorization will be retrained the public-key cryptography and the PCR value of the said target mechanism of said key again.Here not having external entity is the specific (special) requirements of a SSP, but said new obligatory point is followed the agreement of constraint key, directly consumes the constraint key of output to allow long-range SSPs.
Access strategy
Allowed=FeatureEnable.MainEnable?&
(FeatureEnable.UsePrivKey==All|
FeatureEnable.UsePrivKey==AuthSL
&?SLKnown?&?AuthPCR[CurrentSL].UsePrivKey)
Effect
Following function is carried out in said BoundKeyExport operation:
1. state the inner said constraint key structure of deciphering of SSP and it is interpreted as the close main points of constraint.If said decoding failure, then said SSP returns SSP_CRYPTO_ERROR.
2. said SSP confirms that Bound-export-info relates to same key, said signature is the same with the appointment in " output " section of said constraint key point by the summary of correct formation and said signer's public-key cryptography.
3. said SSP checks the exportable property of said key.If not exportable moving, then said SSP returns SSP_CRYPO_ERROR.
4. if said key is restricted to a PCR, whether then said SSP inspection current PC R is named in said key point.
5. one of the inner generation of said SSP comprises from the new constraint key dot structure of the parameter of initial constraint key structure and the new PCR value that in Bound-export-info, provides.Other all parameters are consistent.
6. said SSP is utilized in the public encipherment key that provides among the Bound-export-info and encrypts said new constraint key point.
7. said new constraint key is exported.
8. return SSP_SUCCESS.
General-purpose computer environment
Figure 12 explains a general-purpose computer environment 400, and it can be used to realize technology described here.Said computer environment 400 is one of example of computing environment, is not to attempt suggestion about the use of said computer and network configuration or any qualification of function.Computer environment 400 should not be interpreted as has any one assembly that relates in normatron environment 400 explanation or any relevant or requirement of its combination.
One or more comprise a memory bus or memory controller, peripheral bus, AGP, a processor or use arbitrary bus-structured local bus in the multiple types of bus structure of system bus 408 expressions.For example, this structure can comprise that an industrial standard architectures (ISA) bus, a little channel architecture (MCA) bus, one strengthen ISA (EISA) bus, VESA's (VESA) local bus and as a periphery component interconnection (PCI) bus of middle level bus.
The computer-readable media that said disk drive is relevant with it provides computer-readable instruction, data structure, program module and is used for the non-volatile memory of other data of computer 402.Though this example shows hard disk 416, moveable magnetic disc 420 and removable CD 424; But clearly; Can be by the computer-readable media of other type of the stored data of a computer access; For example tape or other magnetic storage apparatus, flash memory cards, CD-ROM, digital universal disc (DVD) or other optical memory, random access storage device (RAM), read-only memory (ROM), electricallyerasable ROM (EEROM) (EEPROM) or analog also can be used to realize a typical computing system and environment.
The many program modules that comprise operating system 426, one or more application program 428, other program module 430 and routine data 432 as an example can be stored on hard disk 416, disk 420, CD 424, ROM412 and/or the RAM410.In this operating system 426, one or more application program 428, other program module 430 and the routine data 432 each (or its certain combine) all can realize the resident assembly of all or part of support distributed file system.
The user through such as keyboard 434 and pointing device 436 (for example, " mouse ") to computer 402 input commands and information.Miscellaneous equipment 438 (not illustrating especially) can comprise microphone, joystick, game mat, satellite dish, serial port, scanner and/or analog.These are connected on the processing unit 404 through the input/output interface 440 that is connected to system bus 408 with other input equipment; But also can be connected with bus structures through other interface, for example be parallel port, game port or USB (USB).
The display device of monitor 442 or other type also can be through for example being that the interface of a video adapter 444 is connected to system bus 408.Except that monitor 442, other output ancillary equipment can comprise the assembly and a printer 446 that can be connected to computer 402 through input/output interface 440 such as the loud speaker (not shown).
One or more remote computers that computer 402 can use logic to be connected to such as remote computing device 448 run in the network environment.For example, remote computing device 448 can be personal computer, portable computer, server, router, network computer, equal equipment or other universal network node and analog.Remote computing device 448 is represented as a portable computer, and this computer can comprise here with regard to computer 402 described many or whole members and characteristics.
Logic between computer 402 and the remote computer 448 connects as a Local Area Network 450 and wide area network (WAN) 452 and is described.This network environment is common in office, for example, and the computer network between the enterprise, Intranet and Internet.
When in a local area network (LAN) networked environment, realizing, computer 402 is connected to a local area network (LAN) 450 through a network interface or adapter 454.When in a wide area network networked environment, carrying out, computer 402 generally includes the modulator-demodulator 456 or other device that are used on wide area network 452, setting up communication.Modulator-demodulator 456, it can be internal or external at computer 402, can be connected to system bus 408 through input/output interface 440 or other suitable engine.Clearly, it is an example that the network connection is shown, and other device that between computer 402 and 448, establishes a communications link also can be used.
Such as utilizing in the network environment shown in the computing environment 400, can be stored in the remote storage device with computer 402 relevant said program module or parts wherein.For example, remote application 458 resides on the memory device of remote computer 448.Be illustrative purposes; Application program and be represented as discrete area here such as other executable program of said operating system resides in the different memory modules of computing equipment 402 and by the data processor of said computer at different time and carries out though can identify this program and assembly.
Here, with context various modules and technology described such as the computer executable instructions of the program module that can be carried out by one or more computers or miscellaneous equipment.Usually, program module comprises the subprogram that can carry out special duty or realize special summary data type, program, target program, assembly, data structure or the like.Usually, the function of said program module can be as in desirable mutual combination of each embodiment or distribution.
These modules can be stored through the form of computer-readable storage medium or transmit with an execution of technology.Computer-readable storage medium can be any useable medium that can be visited by a computer.Such as but be not limited to, computer-readable media can comprise " computer storage media may " and " communication medium ".
" computer storage media may " comprises volatibility and non-volatile, the detachable or non-removable medium of realizing with any means or technology, is used for storage such as computer-readable instruction, data structure, program module or other data.Computer storage media may includes but not limited to RAM, ROM, EEPROM, fast storage or other memory technology, CD-ROM, digital universal disc (DVD) or other optical memory, cassette, tape, magnetic disc store or other magnetic storage apparatus, any other medium that maybe can be used to store desired information and can be visited by a computer.
" communication medium " generally includes computer-readable instruction, data structure, program module or such as other data that exist with the modulated data signal form of carrier wave or other transmission engine.Communication medium also comprises any information delivery media.Term " modulated data signal " is meant to have one or more characteristics that are provided with and change with the mode that the information in said signal is encoded.Such as but be not limited to, communication medium comprises wired media and the wireless medium such as sound, radio frequency, infrared ray such as a cable network or direct wired connection.Any above-mentioned combination also is included in the scope of computer-readable storage medium.
Though the language to architectural feature and/or method behavior has been used in above-mentioned explanation, should be appreciated that to the invention is not restricted to said characteristic or behavior by the accompanying claims regulation.That is, said characteristic and behavior just realize an example of the present invention.
Claims (15)
1. one kind is used for being realized generating the method that retrains key operation by one or more processors, comprising:
In response to the said generation of routine call constraint key operation, generate one with will be constrained to said one or more processor on the relevant data structure of new constraint key, wherein said data structure comprises:
Permission recovers the data of a right private key of open/private key according to said data structure, and said constraint key is said private key;
The key purposes key element of the key operation that sign can be carried out said private key, said key operation is in the following operation: use said private key to decipher the decryption oprerations of additional data, use said private key to come the referencing operation that additional data is carried out the signature operation of digital signature and additional data and the identifier that calls the program of referencing operation carried out digital signature; And
Appointment can be used the condition element of one or more conditions of said private key;
The said data structure of encipherment protection; And
Output is by the data structure of the encipherment protection of said generation constraint key operation generation.
The method of claim 1, wherein the said data structure of encipherment protection comprise use said open/the right said data structure of public key encryption of private key.
3. one kind is used for realizing retraining the key migration method of operating by one or more processors of computing equipment, comprising:
Receive a data structure as input, said data structure comprises a constraint key and specifies in the service condition that can use said constraint key under what condition that wherein, said constraint key is constrained to the program of calling said constraint key migration operation;
Verify that can the be called program of said constraint key migration operation of said service condition change, verify that wherein can the be called program of said constraint key migration operation of said service condition changes and comprise and verify that calling the program that said constraint key migration operates is permitted moving said constraint key; And
If said the checking successfully changed said service condition and produced the new data structure that comprises said constraint key and the service condition of being changed.
4. method as claimed in claim 3, wherein, said service condition comprises the identifier of the program that said key is constrained to.
5. method as claimed in claim 3 wherein, verifies whether said service condition can be comprised also whether the said constraint key of checking is marked as transportable by said program change.
6. method as claimed in claim 3 wherein, verifies whether said service condition can be comprised also whether logical formula assessment of checking is true by said program change.
7. method as claimed in claim 3 wherein, verifies whether said service condition can be comprised also whether the execution of verifying a specific program returns one for really indicating by said program change.
8. method as claimed in claim 3 wherein, verifies whether said service condition can be comprised also whether the proving time constraint is satisfied by said program change.
9. method that is used for being realized retraining by the processor of computing equipment the key output function comprises:
Receive a data structure as input; Said data structure comprises the constraint key; Said constraint key is an open/right private key of private key; Wherein, said constraint key is constrained to said security services processor based on the key of security services processor via Password Operations, and wherein said data structure also comprises:
The key purposes key element of the key operation that sign can be carried out said private key, said key operation is in the following operation: use said private key to decipher the decryption oprerations of additional data, use said private key to come the referencing operation that additional data is carried out the signature operation of digital signature and additional data and the identifier that calls the program of referencing operation carried out digital signature; And
Appointment can be used the condition element of one or more conditions of said private key;
Verify that said constraint key can be tied to a different security service processor again, verify that wherein said constraint key can be tied to the program that a different security service processor comprises that the output function of said constraint key is called in checking again and be permitted exporting said constraint key; With
If said the checking successfully; Said key reconsul newly is tied to said different security service processor, and wherein said constraint key comes to be tied to again said different security service processor based on the key of said different security service processor via Password Operations.
10. method as claimed in claim 9, wherein, said security services processor comprises said processor, and said different security service processor comprises another processor.
11. method as claimed in claim 9, wherein, said different security service processor is identified as an input to the output function of said constraint key.
12. method as claimed in claim 9 wherein, verifies that said constraint key can be tied to different security services processors again and comprise also whether the said constraint key of checking is marked as exportable.
13. method as claimed in claim 9 wherein, verifies that said constraint key can be tied to different security services processors again and comprise also whether the assessment of checking one logical formula is true.
14. method as claimed in claim 9 wherein, verifies that said constraint key can be tied to different security services processors again and comprise also whether the execution of verifying a specific program returns one for really indicating.
15. method as claimed in claim 9 wherein, verifies that said constraint key can be tied to different security services processors again and comprise also whether time-constrain of checking is satisfied.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US37350502P | 2002-04-17 | 2002-04-17 | |
| US60/373,505 | 2002-04-17 |
Related Parent Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB03131208XA Division CN100351815C (en) | 2002-04-17 | 2003-04-17 | Encrypted data memory & data search based on public key |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101166096A CN101166096A (en) | 2008-04-23 |
| CN101166096B true CN101166096B (en) | 2012-01-11 |
Family
ID=29270506
Family Applications (6)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710152961 Expired - Fee Related CN101166095B (en) | 2002-04-17 | 2003-04-17 | Saving and retrieving data based on public key encryption |
| CN 200710152963 Expired - Fee Related CN101166096B (en) | 2002-04-17 | 2003-04-17 | Saving and retrieving data based on public key encryption |
| CNB031307744A Expired - Fee Related CN1322431C (en) | 2002-04-17 | 2003-04-17 | Encryption retention and data retrieve based on symmetric cipher key |
| CNB03131208XA Expired - Lifetime CN100351815C (en) | 2002-04-17 | 2003-04-17 | Encrypted data memory & data search based on public key |
| CN 200610059598 Expired - Fee Related CN100547598C (en) | 2002-04-17 | 2003-04-17 | Preserve and retrieve data based on symmetric key encryption |
| CN 200610059571 Expired - Fee Related CN100543759C (en) | 2002-04-17 | 2003-04-17 | Data storage and data retrieval based on public key encryption |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710152961 Expired - Fee Related CN101166095B (en) | 2002-04-17 | 2003-04-17 | Saving and retrieving data based on public key encryption |
Family Applications After (4)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031307744A Expired - Fee Related CN1322431C (en) | 2002-04-17 | 2003-04-17 | Encryption retention and data retrieve based on symmetric cipher key |
| CNB03131208XA Expired - Lifetime CN100351815C (en) | 2002-04-17 | 2003-04-17 | Encrypted data memory & data search based on public key |
| CN 200610059598 Expired - Fee Related CN100547598C (en) | 2002-04-17 | 2003-04-17 | Preserve and retrieve data based on symmetric key encryption |
| CN 200610059571 Expired - Fee Related CN100543759C (en) | 2002-04-17 | 2003-04-17 | Data storage and data retrieval based on public key encryption |
Country Status (2)
| Country | Link |
|---|---|
| CN (6) | CN101166095B (en) |
| CA (3) | CA2425006C (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7890771B2 (en) | 2002-04-17 | 2011-02-15 | Microsoft Corporation | Saving and retrieving data based on public key encryption |
| US7673345B2 (en) * | 2005-03-31 | 2010-03-02 | Intel Corporation | Providing extended memory protection |
| US7747024B2 (en) * | 2007-02-09 | 2010-06-29 | Lenovo (Singapore) Pte. Ltd. | System and method for generalized authentication |
| CN101561815B (en) * | 2009-05-19 | 2010-10-13 | 华中科技大学 | Distributed cryptograph full-text retrieval system |
| US9904803B2 (en) * | 2015-03-25 | 2018-02-27 | Intel Corporation | Technologies for hardening data encryption with secure enclaves |
| WO2018057479A1 (en) * | 2016-09-21 | 2018-03-29 | Mastercard International Incorporated | Method and system for double anonymization of data |
| CN108111587B (en) * | 2017-12-15 | 2020-11-06 | 中山大学 | Cloud storage searching method based on time release |
| WO2020007339A1 (en) | 2018-07-04 | 2020-01-09 | Yunding Network Technology (Beijing) Co., Ltd. | Method and system for operating an electronic device |
| CN109829294B (en) * | 2019-01-31 | 2021-07-13 | 云丁网络技术(北京)有限公司 | Firmware verification method, system, server and electronic equipment |
| CN109284585B (en) * | 2018-08-17 | 2020-12-22 | 网宿科技股份有限公司 | Script encryption method, script decryption operation method and related device |
| CN110365490B (en) * | 2019-07-25 | 2022-06-21 | 中国工程物理研究院电子工程研究所 | Information system integration security policy method based on token encryption authentication |
| CN112434711B (en) * | 2020-11-27 | 2023-10-13 | 杭州海康威视数字技术股份有限公司 | Data management method and device and electronic equipment |
| CN112558019B (en) * | 2020-12-14 | 2023-08-15 | 北京遥感设备研究所 | Extraterrestrial celestial body landing measurement radar receiving and transmitting isolation system based on pseudo code modulation |
| CN112738219B (en) * | 2020-12-28 | 2022-06-10 | 中国第一汽车股份有限公司 | Program running method, program running device, vehicle and storage medium |
| CN112667586B (en) * | 2021-01-26 | 2023-04-25 | 浪潮通用软件有限公司 | Method, system, equipment and medium for synchronizing data based on stream processing |
| CN113609510B (en) * | 2021-09-28 | 2021-12-24 | 武汉泰乐奇信息科技有限公司 | Big data encryption transmission method and device based on distributed storage |
| CN115242490B (en) * | 2022-07-19 | 2023-09-26 | 北京计算机技术及应用研究所 | Group key secure distribution method and system in trusted environment |
| CN115277259B (en) * | 2022-09-27 | 2023-02-28 | 南湖实验室 | Method for supporting large-scale cross-platform migration of persistent data through privacy calculation |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5557765A (en) * | 1994-08-11 | 1996-09-17 | Trusted Information Systems, Inc. | System and method for data recovery |
| ID22384A (en) * | 1997-02-07 | 1999-10-07 | Salbu Res & Dev Pty Ltd | SAFE RADIO PACKAGE NETWORK |
| US6229894B1 (en) * | 1997-07-14 | 2001-05-08 | Entrust Technologies, Ltd. | Method and apparatus for access to user-specific encryption information |
| US6032260A (en) * | 1997-11-13 | 2000-02-29 | Ncr Corporation | Method for issuing a new authenticated electronic ticket based on an expired authenticated ticket and distributed server architecture for using same |
| US6560706B1 (en) * | 1998-01-26 | 2003-05-06 | Intel Corporation | Interface for ensuring system boot image integrity and authenticity |
| US6263431B1 (en) * | 1998-12-31 | 2001-07-17 | Intle Corporation | Operating system bootstrap security mechanism |
| KR100684056B1 (en) * | 1999-01-28 | 2007-02-16 | 코닌클리케 필립스 일렉트로닉스 엔.브이. | Synchronisation of decryption keys in a data packet transmission system |
-
2003
- 2003-04-09 CA CA2425006A patent/CA2425006C/en not_active Expired - Fee Related
- 2003-04-09 CA CA2425010A patent/CA2425010C/en not_active Expired - Fee Related
- 2003-04-09 CA CA2778805A patent/CA2778805C/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200710152961 patent/CN101166095B/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200710152963 patent/CN101166096B/en not_active Expired - Fee Related
- 2003-04-17 CN CNB031307744A patent/CN1322431C/en not_active Expired - Fee Related
- 2003-04-17 CN CNB03131208XA patent/CN100351815C/en not_active Expired - Lifetime
- 2003-04-17 CN CN 200610059598 patent/CN100547598C/en not_active Expired - Fee Related
- 2003-04-17 CN CN 200610059571 patent/CN100543759C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN101166095A (en) | 2008-04-23 |
| CN100351815C (en) | 2007-11-28 |
| CA2778805C (en) | 2015-01-20 |
| CN1487422A (en) | 2004-04-07 |
| CN100543759C (en) | 2009-09-23 |
| CA2425006A1 (en) | 2003-10-17 |
| CN101166095B (en) | 2013-01-16 |
| CN1493996A (en) | 2004-05-05 |
| CA2778805A1 (en) | 2003-10-17 |
| CN1322431C (en) | 2007-06-20 |
| CN1822015A (en) | 2006-08-23 |
| CA2425010A1 (en) | 2003-10-17 |
| CN1822016A (en) | 2006-08-23 |
| CN100547598C (en) | 2009-10-07 |
| CA2425006C (en) | 2012-06-05 |
| CN101166096A (en) | 2008-04-23 |
| CA2425010C (en) | 2013-11-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101166096B (en) | Saving and retrieving data based on public key encryption | |
| Debnath et al. | Secure and efficient private set intersection cardinality using bloom filter | |
| KR100996784B1 (en) | Saving and retrieving data based on public key encryption | |
| KR101067399B1 (en) | Saving and retrieving data based on symmetric key encryption | |
| WO2018046008A1 (en) | Storage design method of blockchain encrypted radio frequency chip | |
| US20070074046A1 (en) | Secure microprocessor and method | |
| CN101114326A (en) | Systems and methods for computer device authentication | |
| US20220141014A1 (en) | Storing secret data on a blockchain | |
| JP4703668B2 (en) | Content transfer method | |
| WO2019124164A1 (en) | Encrypted data processing system and program | |
| Lyu et al. | NSSIA: A New Self‐Sovereign Identity Scheme with Accountability | |
| Verma et al. | Applications of Data Security and Blockchain in Smart City Identity Management | |
| Kaptchuk et al. | Managing Secrets with Consensus Networks: Fairness, Ransomware and Access Control. | |
| Faragallah et al. | Multilevel security for relational databases | |
| Vieitez Parra | The Impact of Attestation on Deniable Communications | |
| Lin et al. | Software Tamper Resistance Based on White-Box SMS4 Implementation | |
| JP2011171936A (en) | Device and method for processing information, and authentication system | |
| JP2006279179A (en) | Encryption processing system utilizing data duplication | |
| JP2011010325A (en) | Device key |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: MICROSOFT TECHNOLOGY LICENSING LLC Free format text: FORMER OWNER: MICROSOFT CORP. Effective date: 20150424 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20150424 Address after: Washington State Patentee after: Micro soft technique license Co., Ltd Address before: Washington State Patentee before: Microsoft Corp. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120111 Termination date: 20200417 |