CN105897427A - Method, device and system for protecting safety of equipment - Google Patents
Method, device and system for protecting safety of equipment Download PDFInfo
- Publication number
- CN105897427A CN105897427A CN201610203867.6A CN201610203867A CN105897427A CN 105897427 A CN105897427 A CN 105897427A CN 201610203867 A CN201610203867 A CN 201610203867A CN 105897427 A CN105897427 A CN 105897427A
- Authority
- CN
- China
- Prior art keywords
- privacy
- signature key
- information
- protection end
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/565—Static detection by checking file integrity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
- G06F21/645—Protecting data integrity, e.g. using checksums, certificates or signatures using a third party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Virology (AREA)
- Computing Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method, a device and a system for protecting the safety of equipment. The method comprises the following steps: a protection side acquires the integrity information of a startup part of equipment to be protected when starting the equipment to be protected; the protection side sends the integrity information to a trusted third party; the trusted third party verifies the integrity information according to the pre-stored trusted integrity information of the equipment to be protected, wherein the trusted third party determines that the equipment to be protected is safe if the integrity information passes verification, and determines that the equipment to be protected is not safe if the integrity information fails to pass verification; and the trusted third party sends the verification result to the protection side. The invention provides the method, the device and the system for protecting the safety of equipment, which can improve the safety of equipment to be protected.
Description
Technical field
The present invention relates to field of computer technology, particularly to protection equipment safety method, device and be
System.
Background technology
Along with the fast development of the development of business, especially cloud computing, enterprise's peace to physical platform
Full property requires the highest, especially with virtualization, the technology data center as critical support such as distributed.
How to ensure the safety of physical platform, increasingly come into one's own.
In prior art, ensured the safety of physical platform by anti-virus tools.These anti-virus tools can be with
The operating system physical platform starts together, starts to protect physical platform after startup.
But, have and begin to virus very much physical platform is attacked between os starting, example
As: RootKit, BootKit etc., at this time anti-virus tools does not the most start, it is impossible to protection platform.
As a example by BootKit virus, before os starting, physical platform is attacked by BootKit virus
Hit, obtain the priority of system, by virus therefore to evade the killing of anti-virus tools.Pass through foregoing description
Visible, prior art has no idea to protect physical platform between system start-up, and safety is relatively low.
Summary of the invention
Embodiments provide the method for protection equipment safety, Apparatus and system, it is possible to increase wait to protect
Protect the safety of equipment.
First aspect, embodiments provides a kind of method protecting equipment safety, including:
S1: protection end, during starting equipment to be protected, obtains the boot portion of described equipment to be protected
The integrity information of part;
S2: described integrity information is sent to trusted third party by described protection end;
S3: described trusted third party believes according to the believable integrity of the described equipment to be protected prestored
Breath, verifies described integrity information, if by checking, it is determined that described equipment to be protected is pacified
Entirely, without by checking, it is determined that described equipment to be protected is dangerous, transmits verification result to
Described protection end.
Further, described trusted third party includes: Privacy CA;
Before described S1, also include: described protection end obtains what described Privacy CA issued in advance
Signature key certificate;
Described S2, including:
Described integrity information is signed by described protection end according to the signature key pre-set, it is thus achieved that
Signature value;
Described integrity information, described signature value and described signature key certificate are packed by described protection end,
Generate information to be verified, the CA PKI that described information to be verified is sent by Privacy CA is added
Close;
Information to be verified after encryption is sent to described Privacy CA by described protection end;
Before described S3, also include:
Described Privacy CA decipher described encryption by CA private key corresponding to described CA PKI after treat
Checking information, obtains described signature key certificate, according to described signature key certificate, to described integrity
Information and described signature value carry out signature verification, after checking, obtain described integrity information.
Further, described protection end obtains the signature key certificate that described Privacy CA issues in advance,
Including:
Described protection end issues request to the described Privacy CA described signature key certificate of transmission;
Described Privacy CA returns label label and described CA PKI to described protection end;
Described protection end receives label and the described CA PKI that described Privacy CA returns, by described
The default property of label and the signature key previously generated is packed, and with the described signature key number to packing
According to signing, generate PrivCASign information;
The public territory data of described PrivCASign information with described signature key are beaten by described protection end
Bag, and be encrypted with the symmetric cryptographic key previously generated, generate symBlob;
Described protection end symmetric cryptographic key described in described CA public key encryption, generates asymBlob;
Described protection end is by described symBlob, described asymBlob and the described safety chip pre-set
The certificate EC of TPM endorsement key is sent to described Privacy CA;
Described Privacy CA deciphers described asymBlob according to described CA private key, it is thus achieved that described symmetry adds
Decryption key;
Described Privacy CA deciphers described symBlob according to described symmetric cryptographic key, it is thus achieved that described
The public territory data of PrivCASign information and described signature key;
Described Privacy CA according to the public territory data of described signature key to described PrivCASign
Information carries out signature verification, after being verified, issues described signature key certificate to described protection end;
Described protection end receives described signature key certificate.
Further, described issue described signature key certificate to described protection end, including:
Described Privacy CA generates described signature key certificate with described CA private key, and generates key
PcaKey, encrypts described signature key certificate by described pcaKey;
Described Privacy CA generates random number seed, calculates the public territory data of described signature key
Digest value name;
Described Privacy CA using described seed as the key of cipher key derivation function KDF, by described name
As the context of KDF, obtain symmetric key symKey;
Described Privacy CA utilizes described symKey to be encrypted described pcaKey, generates
credentialBlob;
Described Privacy CA obtains the PKI in described EC, and utilizes the public key encryption in described EC
Described seed, generates secret;
Described Privacy CA is by close to described secret, described credentialBlob and encrypted signature
Key certificate is sent to described protection end;
Described protection end receives described signature key certificate, including:
Described protection end obtains described pcaKey according to described secret and described credentialBlob, deciphering;
Described protection end deciphers encrypted signature key certificate according to described pcaKey, it is thus achieved that described label
Name key certificate.
Second aspect, embodiments provides a kind of system protecting equipment safety, including:
Protection end, trusted third party;
Described protection end, for, during starting equipment to be protected, obtaining described equipment to be protected
The integrity information of activation member, is sent to described trusted third party by described integrity information;
Described trusted third party, for the believable integrity according to the described equipment to be protected prestored
Information, verifies described integrity information, if by checking, it is determined that described equipment to be protected
Safety, without by checking, it is determined that described equipment to be protected is dangerous, sends the result
To described protection end.
Further, described trusted third party includes: Privacy CA;
Described protection end, is additionally operable to obtain the signature key certificate that described Privacy CA issues;
Described protection end, when performing described integrity information is sent to trusted third party, for basis
Described integrity information is signed by the signature key pre-set, it is thus achieved that signature value, by described completely
Property information, described signature value and described signature key certificate packing, generate information to be verified, by described
The CA PKI that information to be verified is sent by Privacy CA is encrypted, by the letter to be verified after encryption
Breath is sent to described Privacy CA;
Described Privacy CA, be additionally operable to by CA private key corresponding to described CA PKI decipher described in add
Information to be verified after close, obtains described signature key certificate, according to described signature key certificate, to institute
State integrity information and described signature value carries out signature verification, after checking, obtain described integrity
Information.
Further, described protection end, for sending described signature key certificate to described Privacy CA
Issue request, receive described Privacy CA return label and described CA PKI, by described label
Pack with the default property of the signature key previously generated, and with described signature key, the data of packing are entered
Row signature, generates PrivCASign information, by described PrivCASign information and described signature key
Public territory data packing, and be encrypted with the symmetric cryptographic key previously generated, generate symBlob,
With symmetric cryptographic key described in described CA public key encryption, generate asymBlob, by described symBlob,
The certificate EC of described asymBlob and the described safety chip TPM endorsement key pre-set is sent to
Described Privacy CA, receives the described signature key certificate that described Privacy CA issues
Described Privacy CA, for returning label label and described CA PKI, root to described protection end
Described asymBlob is deciphered, it is thus achieved that described symmetric cryptographic key, according to described symmetry according to described CA private key
SymBlob described in encryption key decryption, it is thus achieved that described PrivCASign information and the public affairs of described signature key
Area data, is carried out described PrivCASign information according to the public territory data of described signature key altogether
Signature verification, after being verified, issues described signature key certificate to described protection end.
Further, described Privacy CA, described to issue described signature to described protection end close performing
During key certificate, for generating described signature key certificate with described CA private key, and generate key pcaKey,
Encrypt described signature key certificate by described pcaKey, generate random number seed, calculate described label
The digest value name of the public territory data of name key, using described seed as cipher key derivation function KDF
Key, using described name as the context of KDF, obtain symmetric key symKey, utilize institute
State symKey described pcaKey is encrypted, generate credentialBlob, obtain in described EC
PKI, and utilize seed described in the public key encryption in described EC, generates secret, by described secret,
Described credentialBlob and encrypted signature key certificate are sent to described protection end;
Described protection end, when performing described reception described signature key certificate, for according to described secret
With described credentialBlob, deciphering obtains described pcaKey, encrypted according to described pcaKey deciphering
Signature key certificate, it is thus achieved that described signature key certificate.
The third aspect, embodiments provides a kind of method protecting equipment safety, including:
During starting equipment to be protected, obtain the integrity of the activation member of described equipment to be protected
Information;
Described integrity information is sent to trusted third party, so that described trusted third party is according to depositing in advance
The believable integrity information of storage, verifies described integrity information, after checking, it is determined that
Described equipment to be protected safety, without by checking, it is determined that described equipment to be protected is dangerous.
Fourth aspect, embodiments provides a kind of device protecting equipment safety, including:
Acquiring unit, for, during starting equipment to be protected, obtaining opening of described equipment to be protected
The integrity information of dynamic component;
Authentication unit, for described integrity information is sent to trusted third party, so that described credible the
Described integrity information, according to the believable integrity information prestored, is verified, is passed through by tripartite
After checking, it is determined that described equipment to be protected safety, without by checking, it is determined that described in wait to protect
Protect equipment dangerous.
In embodiments of the present invention, trusted third party prestored equipment to be protected believable completely
Property information, protection end in equipment to be protected start-up course, obtain activation member integrity information, will
Integrity information issues trusted third party, and trusted third party, according to the believable integrity information of storage, comes
Verifying the integrity information received, and then judge equipment to be protected whether safety, this is authenticated
Cheng Fasheng is before equipment to be protected starts, even if equipment to be protected is invaded before being initiated, it is also possible to
Even if being detected, improve the safety of equipment to be protected.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, below will be to reality
Execute the required accompanying drawing used in example or description of the prior art to be briefly described, it should be apparent that below,
Accompanying drawing in description is some embodiments of the present invention, for those of ordinary skill in the art, not
On the premise of paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart of a kind of method protecting equipment safety that one embodiment of the invention provides;
Fig. 2 is the flow chart of the method for the another kind of protection equipment safety that one embodiment of the invention provides;
Fig. 3 is the schematic diagram of a kind of system protecting equipment safety that one embodiment of the invention provides;
Fig. 4 is the flow chart of the method for another the protection equipment safety that one embodiment of the invention provides;
Fig. 5 is the schematic diagram of a kind of device protecting equipment safety that one embodiment of the invention provides.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearer, below in conjunction with this
Accompanying drawing in bright embodiment, is clearly and completely described the technical scheme in the embodiment of the present invention,
Obviously, described embodiment is a part of embodiment of the present invention rather than whole embodiments, based on
Embodiment in the present invention, those of ordinary skill in the art are institute on the premise of not making creative work
The every other embodiment obtained, broadly falls into the scope of protection of the invention.
As it is shown in figure 1, embodiments provide a kind of method protecting equipment safety, the method can
To comprise the following steps:
S1: protection end, during starting equipment to be protected, obtains the boot portion of described equipment to be protected
The integrity information of part;
S2: described integrity information is sent to trusted third party by described protection end;
S3: described trusted third party believes according to the believable integrity of the described equipment to be protected prestored
Breath, verifies described integrity information, if by checking, it is determined that described equipment to be protected is pacified
Entirely, without by checking, it is determined that described equipment to be protected is dangerous, transmits verification result to
Described protection end.
In embodiments of the present invention, trusted third party prestored equipment to be protected believable completely
Property information, protection end in equipment to be protected start-up course, obtain activation member integrity information, will
Integrity information issues trusted third party, and trusted third party, according to the believable integrity information of storage, comes
Verifying the integrity information received, and then judge equipment to be protected whether safety, this is authenticated
Cheng Fasheng is before equipment to be protected starts, even if equipment to be protected is invaded before being initiated, it is also possible to
Even if being detected, improve the safety of equipment to be protected.
In a kind of possible implementation, described integrity information is verified, can be by following
Mode realizes: the believable integrity information of the integrity information received with storage is entered by trusted third party
Row comparison, if identical, then by checking, if it is different, then not by checking.
In order to ensure the safe transmission of integrity information, in a kind of possible implementation, described credible
Third party includes: Privacy CA;
Before described S1, also include: described protection end obtains what described Privacy CA issued in advance
Signature key certificate;
Described S2, including:
Described integrity information is signed by described protection end according to the signature key pre-set, it is thus achieved that
Signature value;
Described integrity information, described signature value and described signature key certificate are packed by described protection end,
Generate information to be verified, the CA PKI that described information to be verified is sent by Privacy CA is added
Close;
Information to be verified after encryption is sent to described Privacy CA by described protection end;
Before described S3, also include:
Described Privacy CA decipher described encryption by CA private key corresponding to described CA PKI after treat
Checking information, obtains described signature key certificate, according to described signature key certificate, to described integrity
Information and described signature value carry out signature verification, after checking, obtain described integrity information.
In this implementation, Privacy CA obtains described signature key certificate, close according to described signature
Key certificate, carries out signature verification to described integrity information and described signature value, specifically can by with
Under type realizes: Privacy CA obtains the PKI in described signature key certificate, by this PKI to complete
Whole property information and signature value carry out signature verification.It addition, without by checking, it is determined that to be tested
Card information is damaged in transmitting procedure, does not carry out follow-up verification.
In a kind of possible implementation, described protection end obtains what described Privacy CA issued in advance
Signature key certificate, including:
Described protection end issues request to the described Privacy CA described signature key certificate of transmission;
Described Privacy CA returns label (label) and described CA PKI to described protection end;
Described protection end receives label and the described CA PKI that described Privacy CA returns, by described
The default property of label and the signature key previously generated is packed, and with the described signature key number to packing
According to signing, generate PrivCASign information;
The public territory data of described PrivCASign information with described signature key are beaten by described protection end
Bag, and be encrypted with the symmetric cryptographic key previously generated, generate symBlob;
Described protection end symmetric cryptographic key described in described CA public key encryption, generates asymBlob;
Described protection end is by described symBlob, described asymBlob and the described EC (TPM pre-set
The certificate of (safety chip, Trusted Platform Module) endorsement key, Endorsement
Credential) it is sent to described Privacy CA;
Described Privacy CA deciphers described asymBlob according to described CA private key, it is thus achieved that described symmetry adds
Decryption key;
Described Privacy CA deciphers described symBlob according to described symmetric cryptographic key, it is thus achieved that described
The public territory data of PrivCASign information and described signature key;
Described Privacy CA according to the public territory data of described signature key to described PrivCASign
Information carries out signature verification, after being verified, issues described signature key certificate to described protection end;
Described protection end receives described signature key certificate.
In this implementation, issue request by what label marked that protection end initiates, public by CA
Key convenient protection end encrypts the information sent.Here symmetric cryptographic key can be a random number.As
After really Privacy CA carries out signature verification to PrivCASign information, not over checking, the most not to
Protection end issues signature key certificate.
In order to ensure the transmission safety of signature key certificate, in a kind of possible implementation, described to
Described protection end issues described signature key certificate, including:
Described Privacy CA generates described signature key certificate with described CA private key, and generates key
PcaKey, encrypts described signature key certificate by described pcaKey;
Described Privacy CA generates random number seed, calculates the public territory data of described signature key
Digest value name;
Described Privacy CA using described seed as the key of KDF, using described name as KDF
Context, obtain symmetric key symKey;
Described Privacy CA utilizes described symKey to be encrypted described pcaKey, generates
credentialBlob;
Described Privacy CA obtains the PKI in described EC, and utilizes the public key encryption in described EC
Described seed, generates secret;
Described Privacy CA is by close to described secret, described credentialBlob and encrypted signature
Key certificate is sent to described protection end;
Described protection end receives described signature key certificate, including:
Described protection end obtains described pcaKey according to described secret and described credentialBlob, deciphering;
Described protection end deciphers encrypted signature key certificate according to described pcaKey, it is thus achieved that described label
Name key certificate.
In this implementation, protection end obtains described according to secret and credentialBlob, deciphering
PcaKey, specifically can be accomplished by: protection end is according to the private key deciphering in the EC of storage
Secret, generates seed;Protection end is according to the public territory data of signature key of storage and seed, right
CredentialBlob is decrypted, if the public territory data of signature key that Privacy CA receives
With the public territory data consistent of the signature key of protection end storage, then protection end just can be deciphered
CredentialBlob, and then pcaKey can be obtained, if it is inconsistent, cannot decipher
CredentialBlob, it is impossible to obtain pcaKey.
In embodiments of the present invention, protection end can be TPM2.0 chip, and activation member may include that
BIOS (Basic Input Output System, basic input output system), MBR (Master Boot
Record, MBR), OS Kernel (Operating System Kernel, operating system nucleus),
Integrity information can be the cryptographic Hash of these activation member Programs or these programs, described obtaining
During the integrity information of the activation member of equipment to be protected, can be instructed by TPM2_Quote and realize.
Described pcaKey is obtained according to described secret and described credentialBlob, deciphering performing protection end
Time, can be accomplished by: secret and credentialBlob is called by protection end as input
TPM2_ActivateCredential instructs, and is decrypted.Privacy CA in the embodiment of the present invention can
With by supporting that the Privacy CA of TPM certificate protection process realizes.
In embodiments of the present invention, Privacy CA utilizes the name (TPM of signature key that TPM provides
The digest value of key public territory) and the protection key secret of a generating random number certificate, use TPM
The PKI of EK (Endorsement Key, endorsement key) protect this random number, TPM uses EK
Private key recover this random number, utilize the method identical with Privacy CA to calculate protection key
Secret, re-uses secret and recovers the signature key certificate of encrypted protection.
As in figure 2 it is shown, embodiments provide a kind of method protecting equipment safety, the method can
To comprise the following steps:
Step 201: protection end sends to Privacy CA in advance and issues request, and ask for an autograph key certificate,
Obtain the signature key certificate that Privacy CA issues.
Specifically, protection end here includes: TPM2.0 chip.
Step 202: protection end, during starting equipment to be protected, obtains the startup of equipment to be protected
The integrity information of parts.
Specifically, equipment to be protected can be a computer, and activation member can be BIOS, and complete
Whole property information is the cryptographic Hash of the program in BIOS.
Step 203: integrity information is signed by protection end according to the signature key pre-set, and obtains
Must sign value.
Specifically, the signature key during signature key here can be TPM2.0 chip.
Step 204: integrity information, signature value and signature key certificate are packed by protection end, generate
Information to be verified, is encrypted the CA PKI that information to be verified is sent by Privacy CA.
Specifically, CA PKI here can be Privacy CA receive protection end send issue please
It is sent to after asking protect end.
Step 205: the information to be verified after encryption is sent to Privacy CA by protection end.
Step 206:Privacy CA by CA PKI corresponding CA private key deciphering encryption after to be verified
Information, obtains signature key certificate.
Integrity information and signature value, according to signature key certificate, are entered by step 207:Privacy CA
Row signature verification, after checking, obtains integrity information.
Step 208:Privacy CA by the believable integrity information of equipment to be protected that prestores with
The integrity information that protection end is sent is compared, if the two is consistent, then by checking, determines and waits to protect
Protect equipment safety, if the two is inconsistent, then not over checking, determine that equipment to be protected is dangerous,
Transmit verification result to protect end.
In embodiments of the present invention, after protection termination receives the result of equipment to be protected safety, permissible
Normally start equipment to be protected;After protection termination receives the unsafe the result of equipment to be protected, permissible
Stop starting equipment to be protected, or remind user's equipment to be protected dangerous, or to equipment to be protected
Carry out virus killing etc..
The present invention proposes the method for the mode verification platform integrity utilizing remote authentication, according to TCG
The specification construction platform of (Trusted Computing Group, Trusted Computing Group) credible tolerance chain opens
The integrity information of this critical component started collected by dynamic tolerance chain, utilizes Privacy CA to complete right
The completeness check of this platform.Meanwhile, process is being issued for protection remote authentication Information Signature key certificate
In safety, utilize key structure that TPM2.0 chip is new and information architecture protection key encipherment protection
Signature key certificate, is completed the reduction to protection key and the deciphering to signing certificate by TPM end, with
This ensures signature key Credential-Security.
As it is shown on figure 3, a kind of system protecting equipment safety that the present embodiment provides, including:
Protection end 301, trusted third party 302;
Described protection end 301, for starting during equipment to be protected, obtains described to be protected set
The integrity information of standby activation member, is sent to described trusted third party by described integrity information;
Described trusted third party 302, believable complete for according to the described equipment to be protected that prestores
Whole property information, verifies described integrity information, if by checking, it is determined that described to be protected
Equipment safety, without by checking, it is determined that described equipment to be protected is dangerous, by the result
It is sent to described protection end.
In a kind of possible implementation, trusted third party 302 includes: Privacy CA;
Described protection end 301, is additionally operable to obtain the signature key certificate that described Privacy CA issues;
Described protection end 301, when performing described integrity information is sent to trusted third party, is used for
According to the signature key pre-set, described integrity information is signed, it is thus achieved that signature value, by described
Integrity information, described signature value and the packing of described signature key certificate, generate information to be verified, will
The CA PKI that described information to be verified is sent by Privacy CA is encrypted, will encryption after to be tested
Card information is sent to described Privacy CA;
Described Privacy CA, be additionally operable to by CA private key corresponding to described CA PKI decipher described in add
Information to be verified after close, obtains described signature key certificate, according to described signature key certificate, to institute
State integrity information and described signature value carries out signature verification, after checking, obtain described integrity
Information.
In a kind of possible implementation, described protection end, for sending institute to described Privacy CA
That states signature key certificate issues request, receives label and described CA that described Privacy CA returns
PKI, packs the default property of described label with the signature key previously generated, and close with described signature
The data of packing are signed by key, generate PrivCASign information, by described PrivCASign information
Pack with the public territory data of described signature key, and add with the symmetric cryptographic key previously generated
Close, generate symBlob, with symmetric cryptographic key described in described CA public key encryption, generate asymBlob,
By described symBlob, described asymBlob and the described safety chip TPM endorsement key pre-set
Certificate EC be sent to described Privacy CA, receive the described signature that described Privacy CA issues close
Key certificate
Described Privacy CA, for returning label label and described CA PKI, root to described protection end
Described asymBlob is deciphered, it is thus achieved that described symmetric cryptographic key, according to described symmetry according to described CA private key
SymBlob described in encryption key decryption, it is thus achieved that described PrivCASign information and the public affairs of described signature key
Area data, is carried out described PrivCASign information according to the public territory data of described signature key altogether
Signature verification, after being verified, issues described signature key certificate to described protection end.
In a kind of possible implementation, described Privacy CA, described to described protection end in execution
When issuing described signature key certificate, for generating described signature key certificate with described CA private key, and
Generate key pcaKey, encrypt described signature key certificate by described pcaKey, generate random number seed,
Calculate the digest value name of the public territory data of described signature key, using described seed as key
The key of derivation function KDF, using described name as the context of KDF, obtains symmetric key
SymKey, utilizes described symKey to be encrypted described pcaKey, generates credentialBlob,
Obtain the PKI in described EC, and utilize seed described in the public key encryption in described EC, generate secret,
Described secret, described credentialBlob and encrypted signature key certificate are sent to described anti-
Protect end;
Described protection end, when performing described reception described signature key certificate, for according to described secret
With described credentialBlob, deciphering obtains described pcaKey, encrypted according to described pcaKey deciphering
Signature key certificate, it is thus achieved that described signature key certificate.
The contents such as the information between each unit in said apparatus is mutual, execution process, due to the present invention
Embodiment of the method is based on same design, and particular content can be found in the narration in the inventive method embodiment, this
Place repeats no more.
As shown in Figure 4, a kind of method protecting equipment safety that the embodiment of the present invention provides, including:
Step 401: during starting equipment to be protected, obtain the boot portion of described equipment to be protected
The integrity information of part;
Step 402: described integrity information is sent to trusted third party, so that described trusted third party
According to the believable integrity information prestored, described integrity information is verified, by checking
After, it is determined that described equipment to be protected safety, without by checking, it is determined that described to be protected set
Standby dangerous.
In embodiments of the present invention, can be realized by TPM2.0 chip.
As it is shown in figure 5, a kind of device protecting equipment safety that the embodiment of the present invention provides, including:
Acquiring unit 501, for, during starting equipment to be protected, obtaining described equipment to be protected
The integrity information of activation member;
Authentication unit 502, for described integrity information is sent to trusted third party so that described can
Described integrity information, according to the believable integrity information prestored, is verified by letter third party,
After checking, it is determined that described equipment to be protected safety, without by checking, it is determined that described
Equipment to be protected is dangerous.
In embodiments of the present invention, this device can be by realizing for TPM2.0 chip.
The embodiment of the present invention at least has the advantages that
1, in embodiments of the present invention, the believable complete of equipment to be protected has been prestored in trusted third party
Whole property information, protection end, in equipment to be protected start-up course, obtains the integrity information of activation member,
Integrity information is issued trusted third party, trusted third party according to storage believable integrity information,
The integrity information received is verified, and then judges equipment to be protected whether safety, this checking
Process occurs before equipment to be protected starts, even if equipment to be protected is invaded before being initiated, it is possible to
Even if to be detected, improve the safety of equipment to be protected.
2, in embodiments of the present invention, complete to equipment to be protected of the key code system of TPM2.0 chip is utilized
Whole property Information Signature, sends it to Privacy CA, Privacy CA completes integrity information
Verification, the signature key certificate that the instruction protection Privacy CA utilizing TPM2.0 to encapsulate issues, protect
The availability of card certificate is consistent with the availability of the signature key that TPM produces.
3, in embodiments of the present invention, the distinctive hardware designs of TPM chip is utilized to ensure its internal execution
Process safe and secret, in the start-up course of equipment to be protected, calculates and collects the complete of activation member
Property information, key node to far-end Privacy CA initiate remote authentication, by Privacy CA utilize
It is the most credible that the believable integrity information having verifies this integrity information starting collection, it is ensured that waits to protect
Protect the secure and trusted of the activation member of equipment, meanwhile, the key structure new according to TPM2.0 and information structure
Build the protection information of certificate protection key, it is ensured that in remote certification process, TPM signature key completely may be used
Letter.
It should be noted that in this article, the relational terms of such as first and second etc be used merely to by
One entity or operation separate with another entity or operating space, and not necessarily require or imply this
Relation or the order of any this reality is there is between a little entities or operation.And, term " includes ",
" comprise " or its any other variant is intended to comprising of nonexcludability, so that include that one is
The process of row key element, method, article or equipment not only include those key elements, but also include the brightest
Other key elements really listed, or also include intrinsic for this process, method, article or equipment
Key element.In the case of there is no more restriction, statement " including ... " limit
Key element, it is not excluded that there is also another in including the process of described key element, method, article or equipment
Outer same factor.
One of ordinary skill in the art will appreciate that: realize all or part of step of said method embodiment
Can be completed by the hardware that programmed instruction is relevant, aforesaid program can be stored in embodied on computer readable
Storage medium in, this program upon execution, performs to include the step of said method embodiment;And it is aforementioned
Storage medium include: various Jie that can store program code such as ROM, RAM, magnetic disc or CD
In matter.
Last it should be understood that the foregoing is only presently preferred embodiments of the present invention, it is merely to illustrate this
The technical scheme of invention, is not intended to limit protection scope of the present invention.All spirit in the present invention and former
Any modification, equivalent substitution and improvement etc. done within then, are all contained in protection scope of the present invention.
Claims (10)
1. the method protecting equipment safety, it is characterised in that including:
S1: protection end, during starting equipment to be protected, obtains the boot portion of described equipment to be protected
The integrity information of part;
S2: described integrity information is sent to trusted third party by described protection end;
S3: described trusted third party believes according to the believable integrity of the described equipment to be protected prestored
Breath, verifies described integrity information, if by checking, it is determined that described equipment to be protected is pacified
Entirely, without by checking, it is determined that described equipment to be protected is dangerous, transmits verification result to
Described protection end.
Method the most according to claim 1, it is characterised in that described trusted third party includes:
Privacy CA;
Before described S1, also include: described protection end obtains what described Privacy CA issued in advance
Signature key certificate;
Described S2, including:
Described integrity information is signed by described protection end according to the signature key pre-set, it is thus achieved that
Signature value;
Described integrity information, described signature value and described signature key certificate are packed by described protection end,
Generate information to be verified, the CA PKI that described information to be verified is sent by Privacy CA is added
Close;
Information to be verified after encryption is sent to described Privacy CA by described protection end;
Before described S3, also include:
Described Privacy CA decipher described encryption by CA private key corresponding to described CA PKI after treat
Checking information, obtains described signature key certificate, according to described signature key certificate, to described integrity
Information and described signature value carry out signature verification, after checking, obtain described integrity information.
Method the most according to claim 2, it is characterised in that described protection end obtains described in advance
The signature key certificate that Privacy CA issues, including:
Described protection end issues request to the described Privacy CA described signature key certificate of transmission;
Described Privacy CA returns label label and described CA PKI to described protection end;
Described protection end receives label and the described CA PKI that described Privacy CA returns, by described
The default property of label and the signature key previously generated is packed, and with the described signature key number to packing
According to signing, generate PrivCASign information;
The public territory data of described PrivCASign information with described signature key are beaten by described protection end
Bag, and be encrypted with the symmetric cryptographic key previously generated, generate symBlob;
Described protection end symmetric cryptographic key described in described CA public key encryption, generates asymBlob;
Described protection end is by described symBlob, described asymBlob and the described safety chip pre-set
The certificate EC of TPM endorsement key is sent to described Privacy CA;
Described Privacy CA deciphers described asymBlob according to described CA private key, it is thus achieved that described symmetry adds
Decryption key;
Described Privacy CA deciphers described symBlob according to described symmetric cryptographic key, it is thus achieved that described
The public territory data of PrivCASign information and described signature key;
Described Privacy CA according to the public territory data of described signature key to described PrivCASign
Information carries out signature verification, after being verified, issues described signature key certificate to described protection end;
Described protection end receives described signature key certificate.
Method the most according to claim 3, it is characterised in that described issue institute to described protection end
State signature key certificate, including:
Described Privacy CA generates described signature key certificate with described CA private key, and generates key
PcaKey, encrypts described signature key certificate by described pcaKey;
Described Privacy CA generates random number seed, calculates the public territory data of described signature key
Digest value name;
Described Privacy CA using described seed as the key of cipher key derivation function KDF, by described name
As the context of KDF, obtain symmetric key symKey;
Described Privacy CA utilizes described symKey to be encrypted described pcaKey, generates
credentialBlob;
Described Privacy CA obtains the PKI in described EC, and utilizes the public key encryption in described EC
Described seed, generates secret;
Described Privacy CA is by close to described secret, described credentialBlob and encrypted signature
Key certificate is sent to described protection end;
Described protection end receives described signature key certificate, including:
Described protection end obtains described pcaKey according to described secret and described credentialBlob, deciphering;
Described protection end deciphers encrypted signature key certificate according to described pcaKey, it is thus achieved that described label
Name key certificate.
5. the system protecting equipment safety, it is characterised in that including:
Protection end, trusted third party;
Described protection end, for, during starting equipment to be protected, obtaining described equipment to be protected
The integrity information of activation member, is sent to described trusted third party by described integrity information;
Described trusted third party, for the believable integrity according to the described equipment to be protected prestored
Information, verifies described integrity information, if by checking, it is determined that described equipment to be protected
Safety, without by checking, it is determined that described equipment to be protected is dangerous, sends the result
To described protection end.
System the most according to claim 5, it is characterised in that described trusted third party includes:
Privacy CA;
Described protection end, is additionally operable to obtain the signature key certificate that described Privacy CA issues;
Described protection end, when performing described integrity information is sent to trusted third party, for basis
Described integrity information is signed by the signature key pre-set, it is thus achieved that signature value, by described completely
Property information, described signature value and described signature key certificate packing, generate information to be verified, by described
The CA PKI that information to be verified is sent by Privacy CA is encrypted, by the letter to be verified after encryption
Breath is sent to described Privacy CA;
Described Privacy CA, be additionally operable to by CA private key corresponding to described CA PKI decipher described in add
Information to be verified after close, obtains described signature key certificate, according to described signature key certificate, to institute
State integrity information and described signature value carries out signature verification, after checking, obtain described integrity
Information.
System the most according to claim 6, it is characterised in that including:
Described protection end, for described Privacy CA send described signature key certificate issue request,
Receive described Privacy CA return label and described CA PKI, by described label with previously generate
The default property packing of signature key, and with described signature key, the data of packing are signed, raw
Become PrivCASign information, by the public territory number of described PrivCASign information Yu described signature key
According to packing, and it is encrypted with the symmetric cryptographic key previously generated, generates symBlob, use described CA
Symmetric cryptographic key described in public key encryption, generates asymBlob, by described symBlob, described asymBlob
It is sent to described Privacy with the certificate EC of the described safety chip TPM endorsement key pre-set
CA, receives the described signature key certificate that described Privacy CA issues
Described Privacy CA, for returning label label and described CA PKI, root to described protection end
Described asymBlob is deciphered, it is thus achieved that described symmetric cryptographic key, according to described symmetry according to described CA private key
SymBlob described in encryption key decryption, it is thus achieved that described PrivCASign information and the public affairs of described signature key
Area data, is carried out described PrivCASign information according to the public territory data of described signature key altogether
Signature verification, after being verified, issues described signature key certificate to described protection end.
System the most according to claim 7, it is characterised in that including:
Described Privacy CA, perform described issue described signature key certificate to described protection end time,
For generating described signature key certificate with described CA private key, and generate key pcaKey, by described
PcaKey encrypts described signature key certificate, generates random number seed, calculates the public affairs of described signature key
The digest value name of common area data, using described seed as the key of cipher key derivation function KDF, incites somebody to action
Described name, as the context of KDF, obtains symmetric key symKey, utilizes described symKey
Described pcaKey is encrypted, generates credentialBlob, obtain the PKI in described EC, and profit
With seed described in the public key encryption in described EC, generate secret, by described secret, described
CredentialBlob and encrypted signature key certificate are sent to described protection end;
Described protection end, when performing described reception described signature key certificate, for according to described secret
With described credentialBlob, deciphering obtains described pcaKey, encrypted according to described pcaKey deciphering
Signature key certificate, it is thus achieved that described signature key certificate.
9. the method protecting equipment safety, it is characterised in that including:
During starting equipment to be protected, obtain the integrity of the activation member of described equipment to be protected
Information;
Described integrity information is sent to trusted third party, so that described trusted third party is according to depositing in advance
The believable integrity information of storage, verifies described integrity information, after checking, it is determined that
Described equipment to be protected safety, without by checking, it is determined that described equipment to be protected is dangerous.
10. the device protecting equipment safety, it is characterised in that including:
Acquiring unit, for, during starting equipment to be protected, obtaining opening of described equipment to be protected
The integrity information of dynamic component;
Authentication unit, for described integrity information is sent to trusted third party, so that described credible the
Described integrity information, according to the believable integrity information prestored, is verified, is passed through by tripartite
After checking, it is determined that described equipment to be protected safety, without by checking, it is determined that described in wait to protect
Protect equipment dangerous.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610203867.6A CN105897427A (en) | 2016-04-01 | 2016-04-01 | Method, device and system for protecting safety of equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610203867.6A CN105897427A (en) | 2016-04-01 | 2016-04-01 | Method, device and system for protecting safety of equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105897427A true CN105897427A (en) | 2016-08-24 |
Family
ID=57012276
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610203867.6A Pending CN105897427A (en) | 2016-04-01 | 2016-04-01 | Method, device and system for protecting safety of equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105897427A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1625105A (en) * | 2003-12-02 | 2005-06-08 | 国际商业机器公司 | Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus |
CN102202046A (en) * | 2011-03-15 | 2011-09-28 | 北京邮电大学 | Network-operating-system-oriented trusted virtual operating platform |
CN102255726A (en) * | 2011-06-05 | 2011-11-23 | 田小平 | Device and method for implementing symmetric key digital signature |
CN102396251A (en) * | 2009-04-15 | 2012-03-28 | 交互数字专利控股公司 | Validation and/or authentication of device for communication with network |
-
2016
- 2016-04-01 CN CN201610203867.6A patent/CN105897427A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1625105A (en) * | 2003-12-02 | 2005-06-08 | 国际商业机器公司 | Information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus |
CN102396251A (en) * | 2009-04-15 | 2012-03-28 | 交互数字专利控股公司 | Validation and/or authentication of device for communication with network |
CN102202046A (en) * | 2011-03-15 | 2011-09-28 | 北京邮电大学 | Network-operating-system-oriented trusted virtual operating platform |
CN102255726A (en) * | 2011-06-05 | 2011-11-23 | 田小平 | Device and method for implementing symmetric key digital signature |
Non-Patent Citations (1)
Title |
---|
王小亮: "面向云计算环境的信任链研究", 《中国优秀硕士学位论文全文数据库》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10721080B2 (en) | Key-attestation-contingent certificate issuance | |
US10530753B2 (en) | System and method for secure cloud computing | |
CN109309565B (en) | Security authentication method and device | |
EP2866166B1 (en) | Systems and methods for enforcing third party oversight data anonymization | |
ES2692900T3 (en) | Cryptographic certification of secure hosted execution environments | |
Wang et al. | Enabling security-enhanced attestation with Intel SGX for remote terminal and IoT | |
JP5635539B2 (en) | Remote preboot authentication | |
CN103888251B (en) | A kind of method of virtual machine credible security in cloud environment | |
CN107251481A (en) | Credible platform module certification and proof are carried out using Anonymity Key system | |
CN110138799A (en) | A kind of secure cloud storage method based on SGX | |
EP3001598B1 (en) | Method and system for backing up private key in electronic signature token | |
US11281781B2 (en) | Key processing methods and apparatuses, storage media, and processors | |
US9544299B2 (en) | Information processing apparatus, server, method for controlling the same and storage medium | |
CN104639516A (en) | Method, equipment and system for authenticating identities | |
US20170012774A1 (en) | Method and system for improving the data security during a communication process | |
CN107294710B (en) | Key migration method and device for vTPM2.0 | |
CN102986161B (en) | For carrying out the method and system of cryptoguard to application | |
CN113014539A (en) | Internet of things equipment safety protection system and method | |
Liu et al. | $ LiveForen $: Ensuring Live Forensic Integrity in the Cloud | |
Alzomai et al. | The mobile phone as a multi OTP device using trusted computing | |
CN105404470B (en) | Date storage method and safety device, data-storage system | |
CN105871858A (en) | Method and system for ensuring high data safety | |
CN114329522A (en) | Private key protection method, device, system and storage medium | |
CN105897427A (en) | Method, device and system for protecting safety of equipment | |
Stumpf et al. | Towards secure e-commerce based on virtualization and attestation techniques |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160824 |
|
RJ01 | Rejection of invention patent application after publication |