CN102842005B - CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method - Google Patents
CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method Download PDFInfo
- Publication number
- CN102842005B CN102842005B CN201110166272.5A CN201110166272A CN102842005B CN 102842005 B CN102842005 B CN 102842005B CN 201110166272 A CN201110166272 A CN 201110166272A CN 102842005 B CN102842005 B CN 102842005B
- Authority
- CN
- China
- Prior art keywords
- key
- csp
- interface
- tspi
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention relates to a CSP (chip scale package) module of a TSPI (telephony service provider interface) based on a TSM (tivoli storage manager) and a CSP implementation method. The CSP module mainly comprises a CSP connection interface created by the TSPI on the basis of the TSM, a CSP key generating and exchange interface, a CSP encryption and decryption interface and a CSP hash and digital signature interface; the CSP connection interface is used for obtaining and cleaning a CSP key container, setting and obtaining container parameters and releasing the CSP key container; the CSP key generating and exchange interface is used for generating and destroying a key object by CSP, leading in and out the key object, loading the key object, obtaining and setting the key object parameters and generating a random number; the CSP encryption and decryption interface is used for carrying out CSP encryption and decryption; the CSP hash and digital signature interface is used for generating and destroying a hash object, obtaining and setting hash object parameters, signing and checking the signature. The interfaces are encapsulated on the TSPI of a TSM interface, therefore, an application developer can conveniently and safely develop TCM (terminal-to-computer multiplexer) application, and the traditional application is fast transplanted in the TCM conveniently at the same time.
Description
Technical field
The present invention relates to trust computing field; the application programming interface that Microsoft CryptoAPI(Microsoft provides is realized in particular to application reliable computing technology; provide one group of function; these functions allow application program to be encrypted or digital signature data in a flexible way providing during protection the responsive private key data of user) the CSP(Cryptographic Service Provider of encryption standard, Cryptographic Service Provider) system and method.
Background technology
Credible password module (Trusted Cryptography Module, TCM) is the key foundation parts of trusted computing password support platform indispensability, provides independently cryptographic algorithm calculation function, supports credible calculating platform ergasia and sets up.
TCM constructs a subsystem having memory protection and perform protection, and this subsystem is that computing platform breaks the wall of mistrust foundation, its independently computational resource will set up the safety protecting mechanism of very critical.For effectively playing the effect of TCM ergasia; to the function of execution protection be needed in subsystem and demarcate without the need to performing the function protected; power function without the need to performing protection is performed by computing platform primary processor; and these support that function constitutes TCM service module; be designated as TSM(Trusted Services Module, trusted service module).
TSM is as the Software Protocol Stack of TCM, normalized function interface is provided, and the TCM service call interface TSPI(TSM Service Provider Interface of application program-oriented method, TSM Service Provider Interface), divide 10 class, 120 interface functions, can instruct for creditable calculation password application development provide and call.But the cryptographic service calling interface type main flow adopted due to the current most of safety applications encryption technology of future generation that is CSP, CNG(Cryptography API:Next Generation) and PKCS#11(PKCS#11 be an encryption standard), most of application developer is familiar with and custom CSP, CNG and PKCS#11 interface interchange pattern, and the product development support system of built vertical maturation.
When conventional security application developer turn to carry out application and development based on TCM cryptographic service function time, need to relearn TCM cryptographic service calling interface system (TSPI), in addition, more notably, conventional security application will be transplanted on TCM, all again must develop, bring resource consumption to application vendor, this is very large resistance for TCM application brings.
Summary of the invention
Technical matters to be solved by this invention is to provide a kind of CSP module of the TSPI interface based on TSM, applies with convenient and safe application developer fast Development TCM, convenient tradition application Rapid transplant to TCM comes simultaneously.
The technical scheme that the present invention solves the problems of the technologies described above is as follows:
Based on a CSP module for the TSPI interface of TSM, comprising:
TCM chip, the TSM of described TCM chip, the calling interface TSPI of described TSM, and the CSP connecting interface, CSP secret generating and the Fabric Interface that create based on described TSPI, CSP encryption and decryption interface and CSP Hash and digital signature interface; Wherein
Described CSP connecting interface for carry out the acquisition of CSP cryptographic key containers and removing, container parameters setting and acquisition and discharge described CSP cryptographic key containers;
Described CSP secret generating and Fabric Interface are used for carrying out CSP and produce and destroy key object, import and export key object, load key object, obtain and arrange key object parameter and generate random number;
Described CSP encryption and decryption interface is used for carrying out CSP encryption and decryption;
Described CSP Hash and digital signature interface for generation of with destruction Hash object, obtain and Hash image parameter, signature and sign test be set.
Further, described CSP connecting interface comprises:
CSP environment acquisition module: be used to specify CSP, return the handle of CSP cryptographic key containers, obtain TCM chip SMK(Storage Master Key, store master key) object and TCM object, and be father's secret generating SM2(asymmetric enciphering and deciphering algorithm with SMK) container key, this SM2 container key is father's key of follow-up all keys;
Cryptographic key containers release module: for destroying CSP cryptographic key containers handle;
CSP attribute setup module: for arranging the attribute of CSP;
CSP attribute acquisition module: for obtaining the attribute of CSP.
Further, described key generates and stores in the hardware of TCM chip, and is that described CSP key carries out hardware protection in conjunction with the storage of computing machine and computational resource.
Further, described CSP secret generating and Fabric Interface comprise:
Key generation module: for generation of key;
Key object generation module: for generating key object;
Cipher key destruction module: for destroying the key produced;
Key derives module: for key derivation, make it produce a duplicate key;
Key imports module: for importing duplicate key in CSP;
Key parameter acquisition module: for obtaining key parameter;
Key parameter arranges module: for arranging key parameter;
Random-number-generating module: for generation of random number.
Further, the TSPI interface that described key derivation module is called comprises:
Tspi key data loading interface, is loaded in TCM for loading the key data block of specifying;
Tspi moves bill and provides interface, for providing the migration bill of transition process;
Tspi key migration data block creates interface, for creating the migration data block of current key;
Tspi key data block unloading interface, for unloading the key data block be loaded in TCM.
Further, the TSPI interface that described key importing module is called comprises:
Tspi key object creates interface, for creating a key object;
Tspi policy object distribution interface, for being key object binding strategy object;
Tspi key object data arrange interface, for arranging the data of key object;
Tspi data block translation interface, for being converted to common key data block by migration data block.
Further, the TSPI interface that described random-number-generating module calls comprises:
Tspi generating random number interface, for generating random number.
Further, described CSP encryption and decryption interface comprises:
Data encryption module: for data encryption;
Data decryption module: for data deciphering.
Further, described CSP Hash and digital signature interface comprise:
Hash object generation module: for generation of the Hash object of sky;
Hashed value generation module: for generation of the hashed value of data-oriented;
Hash image parameter acquisition module: for obtaining the parameter of Hash object;
Hash image parameter arranges module: for arranging the parameter of Hash object;
Hash object destroys module: for destroying Hash object;
Cryptographic hash generation module: for producing cryptographic hash to key object;
Hash object signature module: for signing to the Hash object of specifying;
Signature verification module: for verifying signature.
Further, the TSPI interface that described Hash object signature module is called comprises:
Tspi cryptographic hash more new interface, for upgrading the cryptographic hash of Hash object;
Signature key handle acquiring interface, for obtaining signature key handle;
Tspi key loading interface, for loading signature key in TCM;
Tspi cryptographic hash signature interface, signs for using the cryptographic hash of signature key to Hash object;
Tspi key data block unloading interface, for unloading the key data block be loaded in TCM;
Signature key object realizing interface, for discharging signature key object.
Further, the TSPI interface that described signature verification module is called comprises:
Tspi signature verification interface, for verifying signature.
Present invention also offers a kind of CSP implementation method of the TSPI interface based on TSM, comprising:
By CSP connecting interface carry out the acquisition of CSP cryptographic key containers and removing, container parameters setting and acquisition and discharge described CSP cryptographic key containers;
Carry out CSP by CSP secret generating and Fabric Interface to produce and destroy key object, import and export key object, load key object, obtain and arrange key object parameter and generate random number;
CSP encryption and decryption are carried out by CSP encryption and decryption interface;
The generation of Hash object and destruction, Hash image parameter, the acquisition of signature and sign test and setting is carried out by CSP Hash and digital signature interface.
Beneficial effect of the present invention is, by encapsulating CSP connecting interface, CSP secret generating and Fabric Interface, CSP encryption and decryption interface and CSP Hash and digital signature interface on TSM interface TSPI, can apply by convenient and safe application developer fast Development TCM, convenient tradition application Rapid transplant to TCM comes simultaneously.
Accompanying drawing explanation
Fig. 1 is the CSP cryptographic service system assumption diagram of the TSPI interface based on TSM in the present invention;
Fig. 2 is the key hierarchy figure of the CSP cryptographic service system of the TSPI interface that the present invention is based on TSM;
Fig. 3 is the process flow diagram arranging signature key or exchange key use authority;
Fig. 4 is the process flow diagram using signature key or exchange key authorization.
Embodiment
Be described principle of the present invention and feature below in conjunction with accompanying drawing, example, only for explaining the present invention, is not intended to limit scope of the present invention.
As shown in Figure 1, the CSP cryptographic service system of the TSPI interface based on TSM of the present invention, on the basis of the TSM of TCM module, TCM service call interface TSPI is utilized to develop a set of new CSP interface, by this CSP interface, the application program of program developer exploitation can directly utilize the CryptoSPI of Microsoft to use the cryptographic services of CSP provided by the invention.Program developer does not need to relearn TCM cryptographic service calling interface system (TSPI), and traditional safety applications also can be grafted directly in TCM module without the need to carrying out code revision.Save a large amount of program development resources, reduce the popularization resistance of TCM application.In the present invention, key generates in TCM chip hardware, store and management, and the storage of coupling system platform and computer resource can provide hardware based protection for algorithm and key.
CSP interface in the CSP cryptographic service system of the TSPI interface based on TSM of the present invention comprises as follows.
Based on the TSPI interface of TSM, create CSP connecting interface, this CSP connecting interface for carry out the acquisition of CSP cryptographic key containers and removing, container parameters setting and acquisition and discharge described CSP cryptographic key containers.
This step is when producing CSP cryptographic key containers, and for each CSP cryptographic key containers produces a container key corresponding with it, this container key is take SMK as the SM2 key of father's key, father's key of to be also follow-up CSP be simultaneously all keys of this CSP cryptographic key containers generation.The information of CSP cryptographic key containers and the UUID(Universally Unique Identifiers of CSP container key, Globally Unique Identifier) information can be kept at the NV(Non-volatile Storage of TCM chip, nonvolatile storage) in the registration table of memory block or operating system.
Above-mentioned CSP connecting interface comprises with minor function:
CPAcquireContext function: be used to specify CSP, return the handle of CSP cryptographic key containers, obtain TCM chip SMK object and TCM object, and be the container key of father's secret generating SM2 with SMK, this SM2 container key is father's key of follow-up all keys, and the hierarchical structure of key as shown in Figure 2;
CPReleaseContext function: for destroying CSP cryptographic key containers handle;
CPSetProvParam function: for arranging the attribute of CSP;
CPGetProvParam function: for obtaining the attribute of CSP.
Wherein, being implemented as follows of CPAcquireContext function:
Build TSP context and global object, the TSPI interface called comprises:
Tspi_Context_Create (), for constructing TSP context;
Tspi_Context_Connect (), for connecting TCS;
Tspi_Context_GetTCMObject (), for obtaining TCM chip object;
Tspi_Context_CreateObject (), for generating SMK object, being defaulted as Policy object;
Tspi_Policy_SetSecret (), for arranging authorization data;
Tspi_Policy_AssignToObject (), for giving the object binding policy object needing to authorize;
According to container parameters operation key set;
Record environment configurations, returns container handle.
Being implemented as follows of CPReleaseContext function:
Discharge the resource failing normally to discharge, comprise key object and Hash object, the TSPI interface called comprises:
Tspi_Context_CloseObject (), for destroying the object associated by context object handle, discharges the related resource of this object;
Tspi_Policy_FlushSecret (), for emptying the authorization data of authorization object;
Tspi_Context_CloseObject (), for destroying SMK object, being defaulted as Policy object;
Tspi_Context_Close (), for disconnecting the connection with TCS, destroys context object;
Delete current environment configuration record.
CPSetProvParam function, as shown in Figure 3, Figure 4 by arranging signature key or exchanging authorization data or the use authority data that key authorization data parameters arranges signature key or exchange key.Meanwhile, by arranging amendment signature key or exchanging the authorization data that key authorization data parameters changes corresponding secret key.
Based on the TSPI interface of TSM, create CSP secret generating and Fabric Interface, this CSP secret generating and Fabric Interface are used for carrying out CSP and produce and destroy key object, import and export key object, load key object, obtain and arrange key object parameter and generate random number.
In this step, key generates in TCM chip hardware, store and management, and can in conjunction with the storage of computer system platform and computational resource for algorithm and CSP key provide hardware protection.At generation signature key or before exchanging key, have invoked and container signature key password is set or exchanges key password by generating with specifying the corresponding secret key of authorizing, reuse the use authority that this key needs to arrange key later.
Key import and export function be between two credible platforms safe key migration, use key import and export function time, the Owner of checking TCM chip is authorized, only have Owner to authorize and successfully just can complete importing and exporting of key, Owner authorizes unsuccessful, can not complete importing and exporting of key, arranges Owner and authorizes and arrange container TCM chip owner authorization parameter complete by calling.
Above-mentioned CSP secret generating and Fabric Interface comprise with minor function:
CPDeriveKey function: for generation of key;
CPGenKey function: for generating key object;
CPDestroyKey function: for destroying the key produced;
CPExportKey function: for key derivation, makes it produce a duplicate key;
CPImportKey function: for importing duplicate key in CSP;
CPGetKeyParam function: for obtaining key parameter;
CPSetKeyParam function: for arranging key parameter;
CPGenRandom function: for generation of random number.
Wherein, being implemented as follows of CPDeriveKey function:
Get the cryptographic hash of Hash object, the TSPI interface called comprises:
Tspi_Hash_GetHashValue (), for obtaining the cryptographic hash of Hash object;
Tspi_Context_CreateObject (), for creating key object;
Tspi_Policy_AssignToObject (), for being key object allocation strategy object;
Use cryptographic hash to fill key data, the TSPI interface called comprises:
Tspi_SetAttribData (), for arranging the data content of key object;
Generate SMS4 key, the TSPI interface called comprises:
Tspi_Key_WrapKey (), for wrapping up key object;
Key object access rights are set;
Record key object, and return its handle.
Being implemented as follows of CPGenKey function:
Generate key object, the TSPI interface called comprises:
Tspi_Context_CreateObject (), for creating key object;
Tspi_Policy_AssignToObject (), for being key object allocation strategy object;
Tspi_Key_CreateKey (), for creating double secret key, and wraps up with father's key;
Cipher key access authority is set;
If what generate is unsymmetrical key, then register in key database, the TSPI interface called comprises:
Tspi_Context_RegisterKey (), for login key in key database;
Record this key, and return its handle.
Being implemented as follows of CPDestroyKey function:
Close key object, the TSPI interface called comprises:
Tspi_Context_CloseObject (), for destroying the object associated by a key object handle, discharges the related resource of this object;
Delete this key data record.
The TSPI interface of CPExportKey function call and being implemented as follows:
Tspi_Key_LoadKey (), is loaded in TCM for loading the key data block of specifying;
Tspi_Key_AuthorizeMigrationKey (), for providing the migration bill of transition process;
Tspi_Key_CreateMigrationBlob (), for creating the migration data block of current key;
Tspi_Key_UnLoadKey (), for unloading the key data block be loaded in TCM.
The TSPI interface of CPImportKey function call and being implemented as follows:
Tspi_Context_Create (), for creating a key object;
Tspi_Policy_AssignToObject (), for being key object binding strategy object;
Tspi_SetAttribData (), for arranging the data of key object;
Tspi_Key_ConvertMigrationBlob (), for being converted to common key data block by migration data block.
The TSPI interface of CPGenRandom function call and being implemented as follows:
Tspi_TCM_GetRandom (), for generating random number.
Based on the TSPI interface of TSM, create CSP encryption and decryption interface, described CSP encryption and decryption interface is used for carrying out CSP encryption and decryption.
By the CSP encryption and decryption interface in this step, carry out the encryption and decryption of data at TCM chip internal, if the exchange key used is provided with mandate, then TCM chip checking exchanges the authorization data of key.
Above-mentioned CSP encryption and decryption interface comprises:
CPEncrypt function: for data encryption;
CPDecrypt function: for data deciphering.
Wherein, being implemented as follows of CPEncrypt function:
Carry out Hash calculation to clear data, the TSPI interface called comprises:
Tspi_Hash_UpdateHashValue (), for upgrading the cryptographic hash of Hash object;
Be encrypted clear data, the TSPI interface called comprises:
Tspi_Context_CreateObject (), for creating cryptographic object;
Tspi_Key_LoadKey (), for loading encryption key in TCM;
Tspi_Data_Encrypt (), for being encrypted clear data;
Tspi_Key_UnLoadKey (), for unloading the key data block be loaded in TCM;
Tspi_GetAttribData (), for obtaining the encrypted data chunk of cryptographic object;
Tspi_Context_CloseObject (), for destroying the object associated by a cryptographic object handle, discharges the related resource of this object.
Being implemented as follows of CPDecrypt function:
Be decrypted encrypt data, the TSPI interface called comprises:
Tspi_Context_CreateObject (), for creating cryptographic object;
Tspi_SetAttribData (), for arranging the encrypted data chunk of cryptographic object;
Tspi_Key_LoadKey (), for loading decruption key in TCM;
Tspi_Data_Decrypt (), for being decrypted encrypt data;
Tspi_Key_UnLoadKey (), for unloading the key data block be loaded in TCM;
Tspi_Context_CloseObject (), for destroying the object associated by a cryptographic object handle, discharges the related resource of this object;
If Hash object exists, then carry out Hash calculation to the clear data after deciphering, the TSPI interface called comprises:
Tspi_Hash_UpdateHashValue (), for upgrading the cryptographic hash of Hash object.
TSPI interface based on TSM creates CSP Hash and digital signature interface, this CSP Hash and digital signature interface for generation of with destruction Hash object, obtain and Hash image parameter, signature and sign test be set.
By this CSP Hash and digital signature interface, carry out data signature at TCM chip internal, if the signature key used is provided with mandate, then the authorization data of TCM chip checking signature key.
Above-mentioned CSP Hash and digital signature interface comprise with minor function:
CPCreateHash function: for generation of the Hash object of sky;
CPHashData function: for generation of the hashed value of data-oriented;
CPGetHashParam function: for obtaining the parameter of Hash object;
CPSetHashParam function: for arranging the parameter of Hash object;
CPDestroyHash function: for destroying Hash object;
CPHashSessionKey function: for producing cryptographic hash to key object;
CPSignHash function: for signing to the Hash object of specifying;
CPVerifySignature function: for verifying signature.
Wherein, being implemented as follows of CPCreateHash function:
Generate Hash object, the TSPI interface called comprises:
Tspi_Context_CreateObject (), for creating a Hash object;
Record this Hash object, and return its handle.
Being implemented as follows of CPHashData function:
By data supplementing in TSM Hash object, the TSPI interface called comprises:
Tspi_Hash_UpdateHashValue (), for upgrading the cryptographic hash of Hash object.
Being implemented as follows of CPDestroyHash function:
Close TSM Hash object, the TSPI interface called comprises:
Tspi_Context_CloseObject (), for destroying the object associated by a Hash object handle, discharges the related resource of this object;
Delete this Hash object record.
Being implemented as follows of CPHashSessionKey function:
The BLOB getting session key carries out Hash calculation, and the TSPI interface called comprises:
Tspi_GetAttribData (), for obtaining the encrypted data chunk of session key;
Tspi_Hash_UpdateHashValue (), for upgrading the cryptographic hash of Hash object.
The TSPI interface of CPSignHash function call is as follows:
Tspi_Hash_UpdateHashValue (), for upgrading the cryptographic hash of Hash object;
CPGetUserKey (), for obtaining signature key handle;
Tspi_Key_LoadKey, for loading signature key in TCM;
Tspi_Hash_Sign (), signs for using the cryptographic hash of signature key to Hash object;
Tspi_Key_UnloadKey (), for unloading the key data block be loaded in TCM;
CPDestroyKey (), for discharging signature key object.
The TSPI interface of CPVerifySignature function call and being implemented as follows:
Tspi_Hash_VerifySignature (), for verifying signature.
The present invention utilizes TCM chip, based on the calling interface TSPI in the TSM of TCM chip, develops above-mentioned CSP connecting interface, CSP secret generating and Fabric Interface, CSP encryption and decryption interface and CSP Hash and digital signature interface.Provide the CSP of a hardware, keys all in this CSP all produces at TCM chip internal, encryption and decryption operation and the operation of signature sign test are all complete at TCM chip internal, all needing to carry out authorization identifying, ensure that the security of CSP key when using the private key of the unsymmetrical key in CSP.And, title and the purposes of above-mentioned function name and purposes and function in existing CSP are consistent, therefore, safety applications developer need not relearn the CSP that TCM cryptographic service calling interface system (TSPI) just can utilize hardware provided by the invention, also facilitate tradition application Rapid transplant on TCM, reduce the resistance of TCM application.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (11)
1., based on a CSP module for the TSPI interface of TSM, it is characterized in that, comprising:
TCM chip, the TSM of described TCM chip, the calling interface TSPI of described TSM, and CSP connecting interface, CSP secret generating and the Fabric Interface to create based on described TSPI, CSP encryption and decryption interface and CSP Hash and digital signature interface, described CSP secret generating and Fabric Interface comprise key derives module, for key derivation, it is made to produce a duplicate key; The TSPI interface that described key derivation module is called comprises:
Tspi key data loading interface, is loaded in TCM for loading the key data block of specifying;
Tspi moves bill and provides interface, for providing the migration bill of transition process;
Tspi key migration data block creates interface, for creating the migration data block of current key;
Tspi key data block unloading interface, for unloading the key data block be loaded in TCM;
Wherein, described CSP connecting interface for carry out the acquisition of CSP cryptographic key containers and removing, container parameters setting and acquisition and discharge described CSP cryptographic key containers;
Described CSP secret generating and Fabric Interface are used for carrying out CSP and produce and destroy key object, import and export key object, load key object, obtain and arrange key object parameter and generate random number;
Described CSP encryption and decryption interface is used for carrying out CSP encryption and decryption;
Described CSP Hash and digital signature interface for generation of with destruction Hash object, obtain and Hash image parameter, signature and sign test be set.
2. the CSP module of the TSPI interface based on TSM according to claim 1, is characterized in that, described CSP connecting interface comprises:
CSP environment acquisition module: be used to specify CSP, returns the handle of CSP cryptographic key containers, obtains TCM chip SMK object and TCM object, and is the container key of father's secret generating SM2 with SMK, and this SM2 container key is father's key of follow-up all keys;
Cryptographic key containers release module: for destroying CSP cryptographic key containers handle;
CSP attribute setup module: for arranging the attribute of CSP;
CSP attribute acquisition module: for obtaining the attribute of CSP.
3. the CSP module of the TSPI interface based on TSM according to claim 1, is characterized in that: described key generates and stores in the hardware of TCM chip, and is that described CSP key carries out hardware protection in conjunction with the storage of computing machine and computational resource.
4. the CSP module of the TSPI interface based on TSM according to claim 1, is characterized in that, described CSP secret generating and Fabric Interface also comprise:
Key generation module: for generation of key;
Key object generation module: for generating key object;
Cipher key destruction module: for destroying the key produced;
Key derives module: for key derivation, make it produce a duplicate key;
Key imports module: for importing duplicate key in CSP;
Key parameter acquisition module: for obtaining key parameter;
Key parameter arranges module: for arranging key parameter;
Random-number-generating module: for generation of random number.
5. the CSP module of the TSPI interface based on TSM according to claim 4, is characterized in that, the TSPI interface that described key importing module is called comprises:
Tspi key object creates interface, for creating a key object;
Tspi policy object distribution interface, for being key object binding strategy object;
Tspi key object data arrange interface, for arranging the data of key object;
Tspi data block translation interface, for being converted to common key data block by migration data block.
6. the CSP module of the TSPI interface based on TSM according to claim 4, is characterized in that, the TSPI interface that described random-number-generating module calls comprises:
Tspi generating random number interface, for generating random number.
7. the CSP module of the TSPI interface based on TSM according to claim 1, is characterized in that, described CSP encryption and decryption interface comprises:
Data encryption module: for data encryption;
Data decryption module: for data deciphering.
8. the CSP module of the TSPI interface based on TSM according to claim 1, is characterized in that, described CSP Hash and digital signature interface comprise:
Hash object generation module: for generation of the Hash object of sky;
Hashed value generation module: for generation of the hashed value of data-oriented;
Hash image parameter acquisition module: for obtaining the parameter of Hash object;
Hash image parameter arranges module: for arranging the parameter of Hash object;
Hash object destroys module: for destroying Hash object;
Cryptographic hash generation module: for producing cryptographic hash to key object;
Hash object signature module: for signing to the Hash object of specifying;
Signature verification module: for verifying signature.
9. the CSP module of the TSPI interface based on TSM according to claim 8, is characterized in that, the TSPI interface that described Hash object signature module is called comprises:
Tspi cryptographic hash more new interface, for upgrading the cryptographic hash of Hash object;
Signature key handle acquiring interface, for obtaining signature key handle;
Tspi key loading interface, for loading signature key in TCM;
Tspi cryptographic hash signature interface, signs for using the cryptographic hash of signature key to Hash object;
Tspi key data block unloading interface, for unloading the key data block be loaded in TCM;
Signature key object realizing interface, for discharging signature key object.
10. the CSP module of the TSPI interface based on TSM according to claim 8, is characterized in that, the TSPI interface that described signature verification module is called comprises:
Tspi signature verification interface, for verifying signature.
11., based on the CSP implementation method of the TSPI interface of TSM, comprising:
By CSP connecting interface carry out the acquisition of CSP cryptographic key containers and removing, container parameters setting and acquisition and discharge described CSP cryptographic key containers;
Carry out CSP by CSP secret generating and Fabric Interface to produce and destroy key object, import and export key object, load key object, obtain and arrange key object parameter and generate random number;
Described CSP secret generating and Fabric Interface comprise key derives module, for key derivation, makes it produce a duplicate key; The TSPI interface that described key derivation module is called comprises:
Tspi key data loading interface, is loaded in TCM for loading the key data block of specifying;
Tspi moves bill and provides interface, for providing the migration bill of transition process;
Tspi key migration data block creates interface, for creating the migration data block of current key;
Tspi key data block unloading interface, for unloading the key data block be loaded in TCM;
CSP encryption and decryption are carried out by CSP encryption and decryption interface;
The generation of Hash object and destruction, Hash image parameter, the acquisition of signature and sign test and setting is carried out by CSP Hash and digital signature interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110166272.5A CN102842005B (en) | 2011-06-21 | 2011-06-21 | CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110166272.5A CN102842005B (en) | 2011-06-21 | 2011-06-21 | CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102842005A CN102842005A (en) | 2012-12-26 |
| CN102842005B true CN102842005B (en) | 2015-06-10 |
Family
ID=47369355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110166272.5A Active CN102842005B (en) | 2011-06-21 | 2011-06-21 | CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102842005B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831360B (en) * | 2012-08-06 | 2015-01-28 | 江苏敏捷科技股份有限公司 | Personal electronic document safety management system and management method thereof |
| CN104052596A (en) * | 2013-03-11 | 2014-09-17 | 江苏国盾科技实业有限责任公司 | Application service system based on SM2 algorithm |
| CN103138938B (en) * | 2013-03-22 | 2016-01-20 | 中金金融认证中心有限公司 | Based on SM2 certificate request and the application process of CSP |
| CN104050426B (en) * | 2014-06-12 | 2017-03-22 | 南京理工大学 | Classified information transplanting system based on TCM (Trusted Cryptography Module) |
| CN105871539B (en) * | 2016-03-18 | 2020-02-14 | 华为技术有限公司 | Key processing method and device |
| CN106096446B (en) * | 2016-06-15 | 2019-01-15 | 北京工业大学 | The packaging method of cryptographic service interface in a kind of trusted computation environment |
| CN106775656B (en) * | 2016-11-28 | 2020-03-31 | 江西金格科技股份有限公司 | Scheduling method based on multiple intelligent key discs |
| EP3989478B1 (en) * | 2020-10-22 | 2023-10-18 | Moxa Inc. | Computing system and device for handling a chain of trust |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1449527A (en) * | 2000-06-28 | 2003-10-15 | 微软公司 | Shared name |
| CN101447010A (en) * | 2008-12-30 | 2009-06-03 | 北京飞天诚信科技有限公司 | Login system and method for logging in |
| CN102055759A (en) * | 2010-06-30 | 2011-05-11 | 北京飞天诚信科技有限公司 | Hardware engine realization method |
-
2011
- 2011-06-21 CN CN201110166272.5A patent/CN102842005B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1449527A (en) * | 2000-06-28 | 2003-10-15 | 微软公司 | Shared name |
| CN101447010A (en) * | 2008-12-30 | 2009-06-03 | 北京飞天诚信科技有限公司 | Login system and method for logging in |
| CN102055759A (en) * | 2010-06-30 | 2011-05-11 | 北京飞天诚信科技有限公司 | Hardware engine realization method |
Non-Patent Citations (1)
| Title |
|---|
| 可信计算密码支撑平台功能与接口规范;国家密码管理局;《http://gm.gd.gov.cn/upfile/2009113103555609.pdf》;20071231;正文第2页至第3页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102842005A (en) | 2012-12-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102842005B (en) | CSP (chip scale package) module of TSPI (telephony service provider interface) based on TSM (tivoli storage manager) and CSP implementation method | |
| CN110784491B (en) | Internet of things safety management system | |
| US9251380B1 (en) | Method and storage device for isolating and preventing access to processor and memory used in decryption of text | |
| CN103221961B (en) | Comprise the method and apparatus of the framework for the protection of multi-ser sensitive code and data | |
| TWI701929B (en) | Cryptographic calculation, method for creating working key, cryptographic service platform and equipment | |
| US20140112470A1 (en) | Method and system for key generation, backup, and migration based on trusted computing | |
| CN103457739B (en) | Method and device for acquiring dynamic token parameters | |
| CN103902915B (en) | Trustable industrial control terminal and establishing method thereof | |
| CN101442404B (en) | Multilevel management system and method for license | |
| CN101771699A (en) | Method and system for improving SaaS application security | |
| US20240054239A1 (en) | Cryptographically secure post-secrets-provisioning services | |
| CN114465726B (en) | Digital wallet security framework system based on security unit and trusted execution environment | |
| CN104021335B (en) | Password service method based on extensible password service framework | |
| JP2010514000A (en) | Method for securely storing program state data in an electronic device | |
| CN103457742A (en) | Security suite library system based on USB KEY | |
| CN103971034A (en) | Method and device for protecting Java software | |
| CN111783078A (en) | Android platform security chip control system | |
| CN104715208A (en) | Platform integrity checking method based on TPM chip | |
| CN102270285B (en) | Key authorization information management method and device | |
| US20230327863A1 (en) | Data management and encryption in a distributed computing system | |
| CN114050915A (en) | Fine-grained permission access synchronization method, device and equipment under isolated network | |
| CN104899480A (en) | Software copyright protection and management method based on combined public key identity authentication technology | |
| England et al. | Towards a programmable TPM | |
| WO2021031087A1 (en) | Certificate management method and apparatus | |
| Bouamama et al. | Cloud Key Management using Trusted Execution Environment. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |