CN102842005A - CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method - Google Patents
CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method Download PDFInfo
- Publication number
- CN102842005A CN102842005A CN2011101662725A CN201110166272A CN102842005A CN 102842005 A CN102842005 A CN 102842005A CN 2011101662725 A CN2011101662725 A CN 2011101662725A CN 201110166272 A CN201110166272 A CN 201110166272A CN 102842005 A CN102842005 A CN 102842005A
- Authority
- CN
- China
- Prior art keywords
- key
- csp
- interface
- tspi
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention relates to a CSP (chip scale package) module of a TSPI (telephony service provider interface) based on a TSM (tivoli storage manager) and a CSP implementation method. The CSP module mainly comprises a CSP connection interface created by the TSPI on the basis of the TSM, a CSP key generating and exchange interface, a CSP encryption and decryption interface and a CSP hash and digital signature interface; the CSP connection interface is used for obtaining and cleaning a CSP key container, setting and obtaining container parameters and releasing the CSP key container; the CSP key generating and exchange interface is used for generating and destroying a key object by CSP, leading in and out the key object, loading the key object, obtaining and setting the key object parameters and generating a random number; the CSP encryption and decryption interface is used for carrying out CSP encryption and decryption; the CSP hash and digital signature interface is used for generating and destroying a hash object, obtaining and setting hash object parameters, signing and checking the signature. The interfaces are encapsulated on the TSPI of a TSM interface, therefore, an application developer can conveniently and safely develop TCM (terminal-to-computer multiplexer) application, and the traditional application is fast transplanted in the TCM conveniently at the same time.
Description
Technical field
The present invention relates to the Trusted Computing field; Be particularly related to and use the reliable computing technology realization Microsoft CryptoAPI (API that Microsoft provided; One group of function is provided; These functions allow application programs when the responsive private key data to the user provides protection, with flexible way data to be encrypted or digital signature) system and method for the CSP (Cryptographic Service Provider, cryptographic services supplier) of encryption standard.
Background technology
(Trusted Cryptography Module is the indispensable key foundation parts of creditable calculation password support platform TCM) to credible password module, and independently cryptographic algorithm calculation function is provided, and supports the credible calculating platform ergasia and sets up.
TCM has made up a subsystem with memory protection and execute protection, and this subsystem is the computing platform foundation that breaks the wall of mistrust, its independently computational resource will set up strict limited safety protecting mechanism.Be effectively performance TCM ergasia effect; Function that needs execute protection in the subsystem and the function that need not execute protection are demarcated; The power function that need not execute protection is carried out by the computing platform primary processor; And these support that function has constituted the TCM service module, are designated as TSM (Trusted Services Module, credible service module).
TSM is as the software protocol stack of TCM; Normalized function interface is provided; And the TCM service call interface TSPI of application program-oriented method (TSM Service Provider Interface; TSM ISP interface), divides 10 types of 120 interface functions, can instruct and call for the creditable calculation password application development provides.But because the cryptographic service calling interface type main flow that present most of Secure Application adopted is CSP, CNG (Cryptography API:Next Generation encryption technology of future generation) and PKCS#11 (PKCS#11 is an encryption standard); Most of application developer are familiar with and custom CSP, CNG and PKCS#11 interface interchange pattern, and have set up ripe product development support system.
When the developer who uses when conventional security turns to and carries out application and development based on TCM cryptographic service function; Need relearn TCM cryptographic service calling interface system (TSPI), in addition, person more very; Conventional security is used and will be transplanted on the TCM; Must all develop again, bring resource consumption to application vendor, this is very big resistance for the TCM application brings.
Summary of the invention
Technical matters to be solved by this invention provides a kind of CSP module of the TSPI interface based on TSM, develops TCM fast with convenient and safe application developer and uses, and makes things convenient for conventional use to be transplanted to TCM fast simultaneously and goes up.
The technical scheme that the present invention solves the problems of the technologies described above is following:
A kind of CSP module of the TSPI interface based on TSM comprises:
The calling interface TSPI of the TSM of TCM chip, said TCM chip, said TSM, and CSP connecting interface, the generation of CSP key and Fabric Interface, CSP encryption and decryption interface and CSP Hash and the digital signature interface created based on said TSPI; Wherein
Said CSP connecting interface be used to carry out the CSP cryptographic key containers obtain with the setting of removing, container parameters with obtain and discharge said CSP cryptographic key containers;
Said CSP key generates and Fabric Interface is used to carry out CSP generation and destruction key object, imports and exports key object, loads key object, obtains and be provided with the key object parameter and generates random number;
Said CSP encryption and decryption interface is used to carry out the CSP encryption and decryption;
Said CSP Hash and digital signature interface are used for producing and destroy the Hash object, obtain and be provided with the Hash image parameter, sign and test label.
Further, said CSP connecting interface comprises:
CSP environment acquisition module: be used to specify CSP; Return the handle of CSP cryptographic key containers; Obtain TCM chip SMK (Storage Master Key; The storage master key) object and TCM object, and take SMK as the container key of father's key generation SM2 (a kind of asymmetric enciphering and deciphering algorithm), this SM2 container key is father's key of follow-up all keys;
Cryptographic key containers release module: be used to destroy CSP cryptographic key containers handle;
The CSP attribute is provided with module: the attribute that is used to be provided with CSP;
CSP attribute acquisition module: the attribute that is used to obtain CSP.
Further, said key generates in the hardware of TCM chip and stores, and the storage and the computational resource of combination computing machine are that said CSP key carries out hardware protection.
Further, said CSP key generation and Fabric Interface comprise:
Key generation module: be used to produce key;
Key object generation module: be used to generate key object;
Cipher key destruction module: be used to destroy the key that has produced;
Key is derived module: be used for key derivation, make it produce a duplicate key;
Key imports module: be used for importing duplicate key to CSP;
Key parameter acquisition module: be used to obtain key parameter;
Key parameter is provided with module: be used to be provided with key parameter;
Random number generation module: be used to produce random number.
Further, the TSPI interface of said key derivation module invokes comprises:
Tspi key data loading interface, the key data piece that is used for loading appointment is loaded into TCM;
Tspi migration bill provides interface, is used to provide the migration bill of transition process;
Tspi key migration data block is created interface, is used to create the migration data piece of current key;
Tspi key data piece unloading interface is used for unloading the key data piece that has been loaded into TCM.
Further, the TSPI interface of said key importing module invokes comprises:
The Tspi key object is created interface, is used to create a key object;
Tspi policy object distribution interface is used to key object binding strategy object;
Tspi key object data are provided with interface, are used to be provided with the data of key object;
Tspi data block translation interface is used for converting the migration data piece into the common key data block.
Further, the TSPI interface that calls of said random number generation module comprises:
The Tspi random number generates interface, is used to generate random number.
Further, said CSP encryption and decryption interface comprises:
Data encryption module: be used for data encryption;
Data decryption module: be used for data decryption.
Further, said CSP Hash and digital signature interface comprise:
Hash object generation module: be used to produce empty Hash object;
Hashed value generation module: be used to produce hashed value to given data;
Hash image parameter acquisition module: the parameter that is used to obtain the Hash object;
The Hash image parameter is provided with module: the parameter that is used to be provided with the Hash object;
The Hash object is destroyed module: be used to destroy the Hash object;
Cryptographic hash generation module: be used for key object is produced cryptographic hash;
Hash object signature blocks: be used for the Hash object of appointment is signed;
Signature verification module: be used for signature is verified.
Further, the TSPI interface that calls of said Hash object signature blocks comprises:
Tspi cryptographic hash updating interface is used to upgrade the cryptographic hash of Hash object;
Signature key handle acquiring interface is used to obtain the signature key handle;
Tspi key loading interface is used for loading signature key to TCM;
Tspi cryptographic hash signature interface is used to use signature key that the cryptographic hash of Hash object is done signature;
Tspi key data piece unloading interface is used for unloading the key data piece that has been loaded into TCM;
Signature key object realizing interface is used to discharge the signature key object.
Further, the TSPI interface of said signature verification module invokes comprises:
Tspi signature verification interface is used for signature is verified.
The present invention also provides a kind of CSP implementation method of the TSPI interface based on TSM, comprising:
Through the CSP connecting interface carry out the CSP cryptographic key containers obtaining with the setting of removing, container parameters with obtain and discharge said CSP cryptographic key containers;
Carrying out CSP through generation of CSP key and Fabric Interface produces and destroys key object, imports and exports key object, loads key object, obtains and be provided with key object parameter and generation random number;
Carry out the CSP encryption and decryption through CSP encryption and decryption interface;
Through CSP Hash and digital signature interface carry out the Hash object generation and destruction, Hash image parameter, sign and test obtaining and being provided with of label.
Beneficial effect of the present invention is; Through encapsulation CSP connecting interface, the generation of CSP key and Fabric Interface, CSP encryption and decryption interface and CSP Hash and digital signature interface on TSM interface TSPI; Can convenient and safe application developer develop the TCM application fast, make things convenient for conventional use to be transplanted to TCM fast simultaneously and go up.
Description of drawings
Fig. 1 is the CSP cryptographic service system assumption diagram based on the TSPI interface of TSM among the present invention;
Fig. 2 is the key hierarchy figure of CSP cryptographic service system that the present invention is based on the TSPI interface of TSM;
Fig. 3 is the process flow diagram that signature key or interchange key use authority are set;
Fig. 4 is for using the process flow diagram of signature key or interchange key mandate.
Embodiment
Below in conjunction with accompanying drawing principle of the present invention and characteristic are described, institute gives an actual example and only is used to explain the present invention, is not to be used to limit scope of the present invention.
As shown in Figure 1; The CSP cryptographic service system of the TSPI interface based on TSM of the present invention; On the basis of the TSM of TCM module; Utilize TCM service call interface TSPI to develop the new CSP interface of a cover, through this CSP interface, the application program of program developer exploitation can directly utilize the CryptoSPI of Microsoft to use the cryptographic services of CSP provided by the invention.Program developer need not relearn TCM cryptographic service calling interface system (TSPI), and traditional Secure Application also need not to carry out code revision and can be grafted directly on the TCM module.Save a large amount of program development resources, reduced the popularization resistance that TCM uses.Among the present invention, key generates in the TCM chip hardware, stores and manages, and storage and computer resource that can the coupling system platform be that algorithm and key provide hardware based protection.
CSP interface in the CSP cryptographic service system of the TSPI interface based on TSM of the present invention comprises as follows.
Based on the TSPI interface of TSM, create the CSP connecting interface, this CSP connecting interface be used to carry out the CSP cryptographic key containers obtain with the setting of removing, container parameters with obtain and discharge said CSP cryptographic key containers.
This step is that each CSP cryptographic key containers produces a container key corresponding with it when generation CSP cryptographic key containers, and this container key also is simultaneously the father key of follow-up CSP for all keys of this CSP cryptographic key containers generation for being the SM2 key of father's key with SMK.The UUID of the information of CSP cryptographic key containers and CSP container key (Universally Unique Identifiers; GUID) information can be kept in the registration table of NV (Non-volatile Storage, nonvolatile storage) memory block or operating system of TCM chip.
Above-mentioned CSP connecting interface comprises with minor function:
CPAcquireContext function: be used to specify CSP; Return the handle of CSP cryptographic key containers, obtain TCM chip SMK object and TCM object, and be the container key of father's key generation SM2 with SMK; This SM2 container key is father's key of follow-up all keys, and the hierarchical structure of key is as shown in Figure 2;
CPReleaseContext function: be used to destroy CSP cryptographic key containers handle;
CPSetProvParam function: the attribute that is used to be provided with CSP;
CPGetProvParam function: the attribute that is used to obtain CSP.
Wherein, the concrete realization of CPAcquireContext function is following:
Make up TSP context and global object, the TSPI interface that calls comprises:
Tspi_Context_Create () is used to construct the TSP context;
Tspi_Context_Connect () is used to connect TCS;
Tspi_Context_GetTCMObject () is used to obtain TCM chip object;
Tspi_Context_CreateObject () is used to generate the SMK object, is defaulted as the Policy object;
Tspi_Policy_SetSecret () is used to be provided with authorization data;
Tspi_Policy_AssignToObject () is used for the object binding strategy object to the needs mandate;
According to container parameters operation key set;
The record environment configurations is returned the container handle.
The concrete realization of CPReleaseContext function is following:
The normal resource that discharges is failed in release, comprises key object and Hash object, and the TSPI interface that calls comprises:
Tspi_Context_CloseObject (), be used to destroy the context object handle related object, discharge the related resource of this object;
Tspi_Policy_FlushSecret () is used to empty the authorization data of authorization object;
Tspi_Context_CloseObject () is used to destroy the SMK object, is defaulted as the Policy object;
Tspi_Context_Close () is used to break off and being connected of TCS, and destroys context object;
Deletion current environment configuration record.
The CPSetProvParam function is like Fig. 3, shown in Figure 4 through authorization data or the use authority data that signature key or interchange key authorization data parameter are provided with signature key or interchange key are set.Simultaneously, through the authorization data of revising signature key or interchange key authorization data parameter change corresponding secret key is set.
TSPI interface based on TSM; Create the CSP key and generate and Fabric Interface, this CSP key generation and Fabric Interface are used to carry out CSP and produce and destroy key object, import and export key object, load key object, obtain and be provided with key object parameter and generation random number.
In this step, key generates in the TCM chip hardware, stores and manages, and can to combine the storage of computer system platform and computational resource be that algorithm and CSP key provide hardware protection.Before generating signature key or interchange key, called and container signature key password or interchange key password are set generation is had specify the corresponding secret key of authorizing, reuse the use authority that this key need be provided with key later on.
The function that imports and exports of key is two safe key migrations between the credible platform; Use key import and export function the time; The Owner of checking TCM chip is authorized; Have only Owner to authorize successfully and could accomplish importing and exporting of key, Owner authorizes to get nowhere and then can not accomplish importing and exporting of key, the Owner mandate is set through calling the completion of container TCM chip owner authorization parameter is set.
Above-mentioned CSP key generates and Fabric Interface comprises with minor function:
CPDeriveKey function: be used to produce key;
CPGenKey function: be used to generate key object;
CPDestroyKey function: be used to destroy the key that has produced;
CPExportKey function: be used for key derivation, make it produce a duplicate key;
CPImportKey function: be used for importing duplicate key to CSP;
CPGetKeyParam function: be used to obtain key parameter;
CPSetKeyParam function: be used to be provided with key parameter;
CPGenRandom function: be used to produce random number.
Wherein, the concrete realization of CPDeriveKey function is following:
Get the cryptographic hash of Hash object, the TSPI interface that calls comprises:
Tspi_Hash_GetHashValue () is used to obtain the cryptographic hash of Hash object;
Tspi_Context_CreateObject () is used to create key object;
Tspi_Policy_AssignToObject () is used to key object allocation strategy object;
Use cryptographic hash to fill key data, the TSPI interface that calls comprises:
Tspi_SetAttribData () is used to be provided with the data content of key object;
Generate the SMS4 key, the TSPI interface that calls comprises:
Tspi_Key_WrapKey () is used to wrap up key object;
The key object access rights are set;
Write down key object, and return its handle.
The concrete realization of CPGenKey function is following:
Generate key object, the TSPI interface that calls comprises:
Tspi_Context_CreateObject () is used to create key object;
Tspi_Policy_AssignToObject () is used to key object allocation strategy object;
Tspi_Key_CreateKey (), it is right to be used to create key, and wraps up with father's key;
The key access authority is set;
If what generate is unsymmetrical key, then in key database, to register, the TSPI interface that calls comprises:
Tspi_Context_RegisterKey () is used at the key database login key;
Write down this key, and return its handle.
The concrete realization of CPDestroyKey function is following:
Close key object, the TSPI interface that calls comprises:
Tspi_Context_CloseObject (), be used to destroy a key object handle related object, discharge the related resource of this object;
Delete this key record.
The TSPI interface of CPExportKey function call is realized as follows with concrete:
Tspi_Key_LoadKey (), the key data piece that is used for loading appointment is loaded into TCM;
Tspi_Key_AuthorizeMigrationKey () is used to provide the migration bill of transition process;
Tspi_Key_CreateMigrationBlob () is used to create the migration data piece of current key;
Tspi_Key_UnLoadKey () is used for unloading the key data piece that has been loaded into TCM.
The TSPI interface of CPImportKey function call is realized as follows with concrete:
Tspi_Context_Create () is used to create a key object;
Tspi_Policy_AssignToObject () is used to key object binding strategy object;
Tspi_SetAttribData () is used to be provided with the data of key object;
Tspi_Key_ConvertMigrationBlob () is used for converting the migration data piece into the common key data block.
The TSPI interface of CPGenRandom function call is realized as follows with concrete:
Tspi_TCM_GetRandom () is used to generate random number.
Based on the TSPI interface of TSM, create CSP encryption and decryption interface, said CSP encryption and decryption interface is used to carry out the CSP encryption and decryption.
Through the CSP encryption and decryption interface in this step, carry out the encryption and decryption of data at the TCM chip internal, if the interchange key that uses is provided with mandate, the authorization data of TCM chip checking interchange key then.
Above-mentioned CSP encryption and decryption interface comprises:
CPEncrypt function: be used for data encryption;
CPDecrypt function: be used for data decryption.
Wherein, the concrete realization of CPEncrypt function is following:
Clear data is carried out hash calculation, and the TSPI interface that calls comprises:
Tspi_Hash_UpdateHashValue () is used to upgrade the cryptographic hash of Hash object;
Clear data is encrypted, and the TSPI interface that calls comprises:
Tspi_Context_CreateObject () is used to create cryptographic object;
Tspi_Key_LoadKey () is used for loading encryption key to TCM;
Tspi_Data_Encrypt () is used for clear data is encrypted;
Tspi_Key_UnLoadKey () is used for unloading the key data piece that has been loaded into TCM;
Tspi_GetAttribData () is used to obtain the encrypted data chunk of cryptographic object;
Tspi_Context_CloseObject (), be used to destroy a cryptographic object handle related object, discharge the related resource of this object.
The concrete realization of CPDecrypt function is following:
Encrypt data is deciphered, and the TSPI interface that calls comprises:
Tspi_Context_CreateObject () is used to create cryptographic object;
Tspi_SetAttribData () is used to be provided with the encrypted data chunk of cryptographic object;
Tspi_Key_LoadKey () is used for loading decruption key to TCM;
Tspi_Data_Decrypt () is used for encrypt data is deciphered;
Tspi_Key_UnLoadKey () is used for unloading the key data piece that has been loaded into TCM;
Tspi_Context_CloseObject (), be used to destroy a cryptographic object handle related object, discharge the related resource of this object;
If the Hash object exists, then to carrying out hash calculation through the clear data after the deciphering, the TSPI interface that calls comprises:
Tspi_Hash_UpdateHashValue () is used to upgrade the cryptographic hash of Hash object.
TSPI interface based on TSM is created CSP Hash and digital signature interface, and this CSP Hash and digital signature interface are used for producing and destroy the Hash object, obtains and be provided with the Hash image parameter, signs and test label.
Through this CSP Hash and digital signature interface, carry out data signature at the TCM chip internal, be provided with mandate as if the signature key that uses, then the authorization data of TCM chip checking signature key.
Above-mentioned CSP Hash and digital signature interface comprise with minor function:
CPCreateHash function: be used to produce empty Hash object;
CPHashData function: be used to produce hashed value to given data;
CPGetHashParam function: the parameter that is used to obtain the Hash object;
CPSetHashParam function: the parameter that is used to be provided with the Hash object;
CPDestroyHash function: be used to destroy the Hash object;
CPHashSessionKey function: be used for key object is produced cryptographic hash;
CPSignHash function: be used for the Hash object of appointment is signed;
CPVerifySignature function: be used for signature is verified.
Wherein, the concrete realization of CPCreateHash function is following:
Generate the Hash object, the TSPI interface that calls comprises:
Tspi_Context_CreateObject () is used to create a Hash object;
Write down this Hash object, and return its handle.
The concrete realization of CPHashData function is following:
In TSM Hash object, the TSPI interface that calls comprises with data supplementing:
Tspi_Hash_UpdateHashValue () is used to upgrade the cryptographic hash of Hash object.
The concrete realization of CPDestroyHash function is following:
Close TSM Hash object, the TSPI interface that calls comprises:
Tspi_Context_CloseObject (), be used to destroy a Hash object handle related object, discharge the related resource of this object;
Delete this Hash object record.
The concrete realization of CPHashSessionKey function is following:
The BLOB that gets session key carries out hash calculation, and the TSPI interface that calls comprises:
Tspi_GetAttribData () is used to obtain the encrypted data chunk of session key;
Tspi_Hash_UpdateHashValue () is used to upgrade the cryptographic hash of Hash object.
The TSPI interface of CPSignHash function call is following:
Tspi_Hash_UpdateHashValue () is used to upgrade the cryptographic hash of Hash object;
CPGetUserKey () is used to obtain the signature key handle;
Tspi_Key_LoadKey is used for loading signature key to TCM;
Tspi_Hash_Sign () is used to use signature key that the cryptographic hash of Hash object is done signature;
Tspi_Key_UnloadKey () is used for unloading the key data piece that has been loaded into TCM;
CPDestroyKey () is used to discharge the signature key object.
The TSPI interface of CPVerifySignature function call is realized as follows with concrete:
Tspi_Hash_VerifySignature () is used for signature is verified.
The present invention utilizes the TCM chip, based on the calling interface TSPI among the TSM of TCM chip, develop above-mentioned CSP connecting interface, the generation of CSP key and Fabric Interface, CSP encryption and decryption interface and CSP Hash and digital signature interface.The CSP of a hardware is provided; Keys all among this CSP all produce at the TCM chip internal; Encryption and decryption operation and signature are tested and signed operation all is in the completion of TCM chip internal, all need carry out authorization identifying during the private key of the unsymmetrical key in using CSP, has guaranteed the security of CSP key.And; Above-mentioned function name is consistent with the title and the purposes of function among the existing CSP with purposes; Therefore; Secure Application developer needn't relearn the CSP that TCM cryptographic service calling interface system (TSPI) just can be utilized hardware provided by the invention, has also made things convenient for conventional use to be transplanted to TCM fast and has gone up, and has reduced the resistance of TCM application.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. the CSP module based on the TSPI interface of TSM is characterized in that, comprising:
The calling interface TSPI of the TSM of TCM chip, said TCM chip, said TSM, and CSP connecting interface, the generation of CSP key and Fabric Interface, CSP encryption and decryption interface and CSP Hash and the digital signature interface created based on said TSPI; Wherein
Said CSP connecting interface be used to carry out the CSP cryptographic key containers obtain with the setting of removing, container parameters with obtain and discharge said CSP cryptographic key containers;
Said CSP key generates and Fabric Interface is used to carry out CSP generation and destruction key object, imports and exports key object, loads key object, obtains and be provided with the key object parameter and generates random number;
Said CSP encryption and decryption interface is used to carry out the CSP encryption and decryption;
Said CSP Hash and digital signature interface are used for producing and destroy the Hash object, obtain and be provided with the Hash image parameter, sign and test label.
2. the CSP module of the TSPI interface based on TSM according to claim 1 is characterized in that said CSP connecting interface comprises:
CSP environment acquisition module: be used to specify CSP, return the handle of CSP cryptographic key containers, obtain TCM chip SMK object and TCM object, and be the container key of father's key generation SM2 with SMK, this SM2 container key is father's key of follow-up all keys;
Cryptographic key containers release module: be used to destroy CSP cryptographic key containers handle;
The CSP attribute is provided with module: the attribute that is used to be provided with CSP;
CSP attribute acquisition module: the attribute that is used to obtain CSP.
3. the CSP module of the TSPI interface based on TSM according to claim 1, it is characterized in that: said key generates in the hardware of TCM chip and stores, and to combine the storage and the computational resource of computing machine be that said CSP key carries out hardware protection.
4. the CSP module of the TSPI interface based on TSM according to claim 1 is characterized in that, said CSP key generates and Fabric Interface comprises:
Key generation module: be used to produce key;
Key object generation module: be used to generate key object;
Cipher key destruction module: be used to destroy the key that has produced;
Key is derived module: be used for key derivation, make it produce a duplicate key;
Key imports module: be used for importing duplicate key to CSP;
Key parameter acquisition module: be used to obtain key parameter;
Key parameter is provided with module: be used to be provided with key parameter;
Random number generation module: be used to produce random number.
5. the CSP module of the TSPI interface based on TSM according to claim 4 is characterized in that, the TSPI interface that said key is derived module invokes comprises:
Tspi key data loading interface, the key data piece that is used for loading appointment is loaded into TCM;
Tspi migration bill provides interface, is used to provide the migration bill of transition process;
Tspi key migration data block is created interface, is used to create the migration data piece of current key;
Tspi key data piece unloading interface is used for unloading the key data piece that has been loaded into TCM.
6. the CSP module of the TSPI interface based on TSM according to claim 4 is characterized in that, the TSPI interface that said key imports module invokes comprises:
The Tspi key object is created interface, is used to create a key object;
Tspi policy object distribution interface is used to key object binding strategy object;
Tspi key object data are provided with interface, are used to be provided with the data of key object;
Tspi data block translation interface is used for converting the migration data piece into the common key data block.
7. the CSP module of the TSPI interface based on TSM according to claim 4 is characterized in that the TSPI interface that said random number generation module calls comprises:
The Tspi random number generates interface, is used to generate random number.
8. the CSP module of the TSPI interface based on TSM according to claim 1 is characterized in that said CSP encryption and decryption interface comprises:
Data encryption module: be used for data encryption;
Data decryption module: be used for data decryption.
9. the CSP module of the TSPI interface based on TSM according to claim 1 is characterized in that said CSP Hash and digital signature interface comprise:
Hash object generation module: be used to produce empty Hash object;
Hashed value generation module: be used to produce hashed value to given data;
Hash image parameter acquisition module: the parameter that is used to obtain the Hash object;
The Hash image parameter is provided with module: the parameter that is used to be provided with the Hash object;
The Hash object is destroyed module: be used to destroy the Hash object;
Cryptographic hash generation module: be used for key object is produced cryptographic hash;
Hash object signature blocks: be used for the Hash object of appointment is signed;
Signature verification module: be used for signature is verified.
10. the CSP module of the TSPI interface based on TSM according to claim 9 is characterized in that the TSPI interface that said Hash object signature blocks is called comprises:
Tspi cryptographic hash updating interface is used to upgrade the cryptographic hash of Hash object;
Signature key handle acquiring interface is used to obtain the signature key handle;
Tspi key loading interface is used for loading signature key to TCM;
Tspi cryptographic hash signature interface is used to use signature key that the cryptographic hash of Hash object is done signature;
Tspi key data piece unloading interface is used for unloading the key data piece that has been loaded into TCM;
Signature key object realizing interface is used to discharge the signature key object.
11. the CSP module of the TSPI interface based on TSM according to claim 9 is characterized in that the TSPI interface of said signature verification module invokes comprises:
Tspi signature verification interface is used for signature is verified.
12. the CSP implementation method based on the TSPI interface of TSM comprises:
Through the CSP connecting interface carry out the CSP cryptographic key containers obtaining with the setting of removing, container parameters with obtain and discharge said CSP cryptographic key containers;
Carrying out CSP through generation of CSP key and Fabric Interface produces and destroys key object, imports and exports key object, loads key object, obtains and be provided with key object parameter and generation random number;
Carry out the CSP encryption and decryption through CSP encryption and decryption interface;
Through CSP Hash and digital signature interface carry out the Hash object generation and destruction, Hash image parameter, sign and test obtaining and being provided with of label.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110166272.5A CN102842005B (en) | 2011-06-21 | 2011-06-21 | CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110166272.5A CN102842005B (en) | 2011-06-21 | 2011-06-21 | CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102842005A true CN102842005A (en) | 2012-12-26 |
| CN102842005B CN102842005B (en) | 2015-06-10 |
Family
ID=47369355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110166272.5A Active CN102842005B (en) | 2011-06-21 | 2011-06-21 | CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102842005B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831360A (en) * | 2012-08-06 | 2012-12-19 | 江苏敏捷科技股份有限公司 | Personal electronic document safety management system and management method thereof |
| CN103138938A (en) * | 2013-03-22 | 2013-06-05 | 中金金融认证中心有限公司 | SM2 certificate application method based on cryptographic service provider (CSP) |
| CN104052596A (en) * | 2013-03-11 | 2014-09-17 | 江苏国盾科技实业有限责任公司 | Application service system based on SM2 algorithm |
| CN105871539A (en) * | 2016-03-18 | 2016-08-17 | 华为技术有限公司 | Secret key processing method and apparatus |
| CN106096446A (en) * | 2016-06-15 | 2016-11-09 | 北京工业大学 | The method for packing of cryptographic service interface in a kind of trusted computation environment |
| CN104050426B (en) * | 2014-06-12 | 2017-03-22 | 南京理工大学 | Classified information transplanting system based on TCM (Trusted Cryptography Module) |
| CN106775656A (en) * | 2016-11-28 | 2017-05-31 | 江西金格科技股份有限公司 | A kind of dispatching method based on many intelligent key disks |
| CN114385248A (en) * | 2020-10-22 | 2022-04-22 | 四零四科技股份有限公司 | Computing system and device for processing trust chain |
| CN114385248B (en) * | 2020-10-22 | 2024-04-23 | 四零四科技股份有限公司 | Computing system and device for processing trust chain |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1449527A (en) * | 2000-06-28 | 2003-10-15 | 微软公司 | Shared name |
| CN101447010A (en) * | 2008-12-30 | 2009-06-03 | 北京飞天诚信科技有限公司 | Login system and method for logging in |
| CN102055759A (en) * | 2010-06-30 | 2011-05-11 | 北京飞天诚信科技有限公司 | Hardware engine realization method |
-
2011
- 2011-06-21 CN CN201110166272.5A patent/CN102842005B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1449527A (en) * | 2000-06-28 | 2003-10-15 | 微软公司 | Shared name |
| CN101447010A (en) * | 2008-12-30 | 2009-06-03 | 北京飞天诚信科技有限公司 | Login system and method for logging in |
| CN102055759A (en) * | 2010-06-30 | 2011-05-11 | 北京飞天诚信科技有限公司 | Hardware engine realization method |
Non-Patent Citations (1)
| Title |
|---|
| 国家密码管理局: "可信计算密码支撑平台功能与接口规范", 《HTTP://GM.GD.GOV.CN/UPFILE/2009113103555609.PDF》 * |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831360B (en) * | 2012-08-06 | 2015-01-28 | 江苏敏捷科技股份有限公司 | Personal electronic document safety management system and management method thereof |
| CN102831360A (en) * | 2012-08-06 | 2012-12-19 | 江苏敏捷科技股份有限公司 | Personal electronic document safety management system and management method thereof |
| CN104052596A (en) * | 2013-03-11 | 2014-09-17 | 江苏国盾科技实业有限责任公司 | Application service system based on SM2 algorithm |
| CN103138938A (en) * | 2013-03-22 | 2013-06-05 | 中金金融认证中心有限公司 | SM2 certificate application method based on cryptographic service provider (CSP) |
| CN103138938B (en) * | 2013-03-22 | 2016-01-20 | 中金金融认证中心有限公司 | Based on SM2 certificate request and the application process of CSP |
| CN104050426B (en) * | 2014-06-12 | 2017-03-22 | 南京理工大学 | Classified information transplanting system based on TCM (Trusted Cryptography Module) |
| CN105871539A (en) * | 2016-03-18 | 2016-08-17 | 华为技术有限公司 | Secret key processing method and apparatus |
| CN106096446A (en) * | 2016-06-15 | 2016-11-09 | 北京工业大学 | The method for packing of cryptographic service interface in a kind of trusted computation environment |
| CN106096446B (en) * | 2016-06-15 | 2019-01-15 | 北京工业大学 | The packaging method of cryptographic service interface in a kind of trusted computation environment |
| CN106775656A (en) * | 2016-11-28 | 2017-05-31 | 江西金格科技股份有限公司 | A kind of dispatching method based on many intelligent key disks |
| CN106775656B (en) * | 2016-11-28 | 2020-03-31 | 江西金格科技股份有限公司 | Scheduling method based on multiple intelligent key discs |
| CN114385248A (en) * | 2020-10-22 | 2022-04-22 | 四零四科技股份有限公司 | Computing system and device for processing trust chain |
| CN114385248B (en) * | 2020-10-22 | 2024-04-23 | 四零四科技股份有限公司 | Computing system and device for processing trust chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102842005B (en) | 2015-06-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102842005B (en) | CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method | |
| CN102646077B (en) | A kind of method of the full disk encryption based on credible password module | |
| US9251380B1 (en) | Method and storage device for isolating and preventing access to processor and memory used in decryption of text | |
| CN103221961B (en) | Comprise the method and apparatus of the framework for the protection of multi-ser sensitive code and data | |
| US9824239B2 (en) | System for and method of cryptographic provisioning | |
| KR101712784B1 (en) | System and method for key management for issuer security domain using global platform specifications | |
| CN100354786C (en) | Open type general-purpose attack-resistant CPU and application system thereof | |
| CN103457739B (en) | Method and device for acquiring dynamic token parameters | |
| CN103902915B (en) | Trustable industrial control terminal and establishing method thereof | |
| CN114465726B (en) | Digital wallet security framework system based on security unit and trusted execution environment | |
| CN104021335B (en) | Password service method based on extensible password service framework | |
| CN103457742A (en) | Security suite library system based on USB KEY | |
| CN111783078A (en) | Android platform security chip control system | |
| CN103971034A (en) | Method and device for protecting Java software | |
| CN109478214A (en) | Device and method for certificate registration | |
| CN116601912A (en) | Post-secret provisioning service providing encryption security | |
| CN108491215A (en) | A kind of unmanned plane firmware protection system | |
| CN104715208A (en) | Platform integrity checking method based on TPM chip | |
| CN103425939B (en) | A kind of SM3 algorithm realization method and system in JAVA environment | |
| CN100596058C (en) | System and method for managing credible calculating platform key authorization data | |
| CN114050915A (en) | Fine-grained permission access synchronization method, device and equipment under isolated network | |
| EP4205347A1 (en) | Data management and encryption in a distributed computing system | |
| WO2023240866A1 (en) | Cipher card and root key protection method therefor, and computer readable storage medium | |
| CN104899480A (en) | Software copyright protection and management method based on combined public key identity authentication technology | |
| CN113676446B (en) | Communication network safety error-proof control method, system, electronic equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |