CN107766724A - A kind of construction method of trusted computer platform software stack function structure - Google Patents

A kind of construction method of trusted computer platform software stack function structure Download PDF

Info

Publication number
CN107766724A
CN107766724A CN201710962366.0A CN201710962366A CN107766724A CN 107766724 A CN107766724 A CN 107766724A CN 201710962366 A CN201710962366 A CN 201710962366A CN 107766724 A CN107766724 A CN 107766724A
Authority
CN
China
Prior art keywords
key
tcm
platform
entity
trusted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710962366.0A
Other languages
Chinese (zh)
Inventor
吴克河
徐美娇
刘忠海
张鹏
郭伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
North China Electric Power University
State Grid Jibei Electric Power Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Information and Telecommunication Branch of State Grid Liaoning Electric Power Co Ltd
Original Assignee
State Grid Corp of China SGCC
State Grid Information and Telecommunication Co Ltd
North China Electric Power University
State Grid Jibei Electric Power Co Ltd
Beijing Smartchip Microelectronics Technology Co Ltd
Information and Telecommunication Branch of State Grid Liaoning Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Corp of China SGCC, State Grid Information and Telecommunication Co Ltd, North China Electric Power University, State Grid Jibei Electric Power Co Ltd, Beijing Smartchip Microelectronics Technology Co Ltd, Information and Telecommunication Branch of State Grid Liaoning Electric Power Co Ltd filed Critical State Grid Corp of China SGCC
Priority to CN201710962366.0A priority Critical patent/CN107766724A/en
Publication of CN107766724A publication Critical patent/CN107766724A/en
Pending legal-status Critical Current

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明公开一种可信计算机平台软件栈功能架构的构建方法,可信计算机平台软件栈由上至下分别是:TSS服务提供者,TSS核心服务,TCG设备驱动库和TPM设备驱动,构建方法包括:密钥管理、密码学服务、安全存储、完整性验证、授权协议和证书管理。本发明构建方法所构建的基于安全芯片的电力业务终端多级安全模型,在软件层建立可信软件栈,为系统提供度量应用程序的工具,系统可以通过可信软件栈调用可信芯片,实现对应用程序的度量;可信软件栈实现支持应用可信平台模块功能的单个入口点、提供对可信平台模块的同步访问功能、给上层应用程序提供合适的接口来隐藏可信平台模块的指令流和管理可信平台模块资源。

The present invention discloses a method for constructing a trusted computer platform software stack functional architecture. The trusted computer platform software stack includes, from top to bottom: TSS service provider, TSS core service, TCG device driver library and TPM device driver, and the construction method Including: key management, cryptographic services, secure storage, integrity verification, authorization protocol and certificate management. The multi-level security model of the power service terminal based on the security chip constructed by the construction method of the present invention establishes a trusted software stack at the software layer to provide the system with a tool for measuring application programs, and the system can call the trusted chip through the trusted software stack to realize Measurement of applications; the trusted software stack implements a single entry point that supports the application of trusted platform module functions, provides synchronous access to trusted platform modules, and provides appropriate interfaces for upper-layer applications to hide trusted platform module instructions Stream and manage Trusted Platform Module resources.

Description

一种可信计算机平台软件栈功能架构的构建方法A method for constructing the functional architecture of a trusted computer platform software stack

技术领域technical field

本发明涉及信息统计安全技术领域,尤其涉及一种可信计算机平台软件栈功能架构的构建方法。The invention relates to the technical field of information statistics security, in particular to a method for constructing a functional framework of a trusted computer platform software stack.

背景技术Background technique

可信计算是针对目前计算系统不能从根本上解决安全问题而提出的,通过在计算系统中集成专用硬件模块建立信任源点,利用密码机制建立信任链,构建可信赖的计算环境,为计算机平台系统提供安全基础。Trusted computing is proposed in view of the fact that the current computing system cannot fundamentally solve the security problem. By integrating special hardware modules in the computing system to establish a source of trust, using a cryptographic mechanism to establish a chain of trust, and building a reliable computing environment, it provides a platform for computer platforms. The system provides the security foundation.

可信计算平台是构建在计算系统中并用来实现可信计算功能的支撑系统,是信任链的源头,只有解决源头的安全问题,才能建立起信任链,从而保证整体的安全可信。可信平台模块是可信计算平台的重要组成部分,可信平台模块包括密码算法、密钥管理、证书管理、密码协议、密码服务等内容,为实现上层平台的自身的完整性度量、平台身份证明和数据安全存储提供密码支持,可信计算组织提出了可信软件栈,并规定了它的功能需求、层次结构以及各层次之间的函数接口。TSS是TPM的支撑软件,TPM芯片是一个提供可信计算基本功能的安全硬件模块,但由于芯片资源有限,它仅仅对外提供了基本功能的接口,所以要使用TSS作为TPM芯片的扩充和支撑系统,实现面向上层实际应用程序的功能,提供访问TPM功能的函数接口;TSS是TPM与上层应用之间的桥梁,不仅使TPM提供的功能得到充分的应用,而且使上层应用能够方便、安全地使用TPM的功能。The trusted computing platform is a support system built in the computing system and used to realize trusted computing functions. It is the source of the trust chain. Only by solving the security problems at the source can the trust chain be established, thereby ensuring the overall security and credibility. The trusted platform module is an important part of the trusted computing platform. The trusted platform module includes cryptographic algorithms, key management, certificate management, cryptographic protocols, and cryptographic services. Attestation and data security storage provide cryptographic support. The Trusted Computing Organization proposes a trusted software stack, and specifies its functional requirements, hierarchical structure, and functional interfaces between layers. TSS is the supporting software of TPM. The TPM chip is a secure hardware module that provides the basic functions of trusted computing. However, due to limited chip resources, it only provides the interface of basic functions externally. Therefore, TSS should be used as the expansion and support system of the TPM chip. , realize the functions of the upper-layer actual application program, and provide the function interface for accessing the TPM function; TSS is the bridge between the TPM and the upper-layer application, which not only enables the functions provided by the TPM to be fully applied, but also enables the upper-layer application to be used conveniently and safely TPM function.

TSS由四个模块构成,它们由上至下分别是:TSS服务提供者(TSP),TSS核心服务(TCS),TCG设备驱动库(TDDL),TPM设备驱动(TDD)。其中在体系最上层的TSP是向用户的应用程序提供接口的,它把来自应用程序的参数打包传给TCS模块,由TCS模块来提供具体的功能函数(例如密钥管理),TCS模块把来自TSP模块的参数进行分析和操作以后写成一个TPM可以识别的字节流,通过TDDL传到TPM里面去,TPM接收到字节流以后进行相应的操作,把结果以字节流的形式通过TDDL返回到TCS里去,对字节流分析以后,把结果传给TSP,由TSP把正式的结果返回给应用程序。TDD是内核模式的组件,它接收来自于TDDL的字节流,并把它们发向TPM,最后返回对TDDL的响应。TSS consists of four modules, which are from top to bottom: TSS Service Provider (TSP), TSS Core Service (TCS), TCG Device Driver Library (TDDL), and TPM Device Driver (TDD). Among them, the TSP at the top of the system provides an interface to the user's application program. It packs the parameters from the application program to the TCS module, and the TCS module provides specific functions (such as key management). The parameters of the TSP module are analyzed and manipulated and written into a byte stream that can be recognized by the TPM, which is transmitted to the TPM through TDDL. After receiving the byte stream, the TPM performs corresponding operations and returns the result in the form of a byte stream through TDDL. Go to TCS, after analyzing the byte stream, pass the result to TSP, and TSP returns the formal result to the application program. TDD is a kernel-mode component that receives byte streams from TDDL, sends them to the TPM, and finally returns a response to TDDL.

通过调用可信软件栈中服务提供者所提供的接口函数,上层应用程序可以使用的功能,由此可以将可信计算应用于各种领域之中。这些领域包括安全风险管理、电子商务、数字版权管理、网络认证授权、虚拟专用网、网络入侵检测、恶意代码检测与防范等。By calling the interface function provided by the service provider in the trusted software stack, the upper-layer application can use the function, so that trusted computing can be applied to various fields. These areas include security risk management, e-commerce, digital rights management, network authentication and authorization, virtual private network, network intrusion detection, malicious code detection and prevention, etc.

发明内容Contents of the invention

发明目的:为克服现有技术不足,本发明旨于提供一种可信计算机平台软件栈功能架构的构建方法。Purpose of the invention: In order to overcome the deficiencies of the prior art, the present invention aims to provide a method for constructing the functional architecture of the trusted computer platform software stack.

技术方案:为解决上述技术问题,本发明提供如下技术方案:Technical solution: In order to solve the above technical problems, the present invention provides the following technical solutions:

一种可信计算机平台软件栈功能架构的构建方法,可信计算机平台软件栈功能架构的构建方法包括:A method for building a functional architecture of a trusted computer platform software stack, the method for building a functional architecture of a trusted computer platform software stack includes:

(1)密钥管理:用户通过调用可信计算平台的硬件模块TCM_CreateWrapKey命令,TCM产生对称加密密钥或ECC密钥对,并用上一级密钥加密存储;创建密钥时设置使用密码和迁移密码,使用密码用于加密和解密操作的使用授权,但不允许发现实际密码值的迁移密码对用户在一个特定的公钥下迁移密钥进行授权;当用户需要使用该密钥时,调用TCM_LoadWrapKey命令,TCM用父密钥解密并将它载入到一个空闲的区域,返回keyhandle,供用户使用;(1) Key management: The user calls the TCM_CreateWrapKey command of the hardware module of the trusted computing platform, and the TCM generates a symmetric encryption key or an ECC key pair, which is encrypted and stored with the upper-level key; when creating a key, set the password and migration Password, use the password to authorize the use of encryption and decryption operations, but do not allow the migration password to find the actual password value to authorize the user to migrate the key under a specific public key; when the user needs to use the key, call TCM_LoadWrapKey Command, TCM decrypts with the parent key and loads it into a free area, returns the keyhandle for the user to use;

(2)密码学服务:可信计算机平台中配备的密码算法包括随机数生成算法、杂凑算法、消息验证码算法、对称密码算法和非对称密码算法;(2) Cryptography services: The cryptographic algorithms equipped on trusted computer platforms include random number generation algorithms, hash algorithms, message authentication code algorithms, symmetric cryptographic algorithms, and asymmetric cryptographic algorithms;

(3)安全存储:TCM提供对于密钥和其它敏感数据的安全存储功能,保证存储在其中的密钥和敏感信息不会被破坏、更改和泄漏,以及未授权使用;(3) Secure storage: TCM provides a secure storage function for keys and other sensitive data, ensuring that keys and sensitive information stored in it will not be destroyed, changed, leaked, or used without authorization;

(4)完整性验证:可信计算机平台完整性验证包括完整性度量、存储与报告三方面;完整性度量是指计算度量值,记录该事件到事件日志,并把度量值记入相应的平台配置寄存器PCR中;完整性报告是指TCM向验证者提供其保护区域中平台或部分部件的完整性的度量值、日志中的度量事件和相关的证书,验证者可以通过完整性报告判断平台的状态;验证者可通过分析完整性度量事件日志信息判断该PCR值是否来自正确的度量过程;可信计算机平台向外部实体提供完整性度量值报告的功能,所报告的度量值作为判断平台可信性的依据;(4) Integrity verification: Integrity verification of trusted computer platforms includes three aspects: integrity measurement, storage and reporting; integrity measurement refers to calculating the measurement value, recording the event to the event log, and recording the measurement value into the corresponding platform In the configuration register PCR; the integrity report means that the TCM provides the verifier with the integrity measurement value of the platform or some components in its protected area, the measurement events in the log and related certificates, and the verifier can judge the platform through the integrity report status; the verifier can judge whether the PCR value comes from the correct measurement process by analyzing the integrity measurement event log information; the trusted computer platform provides the function of reporting the integrity measurement value to the external entity, and the reported measurement value is used as a judgment platform credible sexual grounds;

(5)授权协议:任何实体可提交TCM命令,实体和TCM平台之间形成一条安全的交流通道,通过这条交流通道提交TCM命令并且返回结果;交流通道为完成面向session的信息交换遵循请求-响应语义学,协议实现外部实体与TCM之间的授权认证、信息的完整性验证和敏感数据的机密性保护;(5) Authorization protocol: Any entity can submit TCM commands, and a secure communication channel is formed between the entity and the TCM platform, through which TCM commands are submitted and results are returned; the communication channel follows the request for completing session-oriented information exchange- Response semantics, the protocol implements authorization authentication between external entities and TCM, information integrity verification and confidentiality protection of sensitive data;

(6)证书管理:数字证书采用公开密钥体制,即利用一对互相匹配的密钥进行加密、解密;每个用户自己设定一把特定的、仅为本人所知的专有密钥私钥,用它进行解密和签名同时设定一把公共密钥公钥并由本人公开,用于加密和验证签名。(6) Certificate management: Digital certificates adopt a public key system, that is, use a pair of matching keys for encryption and decryption; each user sets a specific private key known only to himself. Key, use it to decrypt and sign, and set a public key public key and make it public for encryption and signature verification.

上述可信计算平台的硬件模块TCM为可信计算平台提供密码运算功能,具有受保护的存储空间;The hardware module TCM of the above-mentioned trusted computing platform provides a cryptographic operation function for the trusted computing platform, and has a protected storage space;

上述平台配置寄存器PCR位于TPM内部,仅仅用来装载对模块的度量值,大小为160比特;The above-mentioned platform configuration register PCR is located inside the TPM and is only used to load the measurement value of the module, with a size of 160 bits;

上述完整性度量是为保证可信计算平台的可信性引入,是指任何想要获得平台控制权的实体,在获得控制权之前都要被度量;The above integrity measurement is introduced to ensure the credibility of the trusted computing platform, which means that any entity that wants to obtain control of the platform must be measured before obtaining control;

上述数字证书又叫“数字身份证”、“数字ID”,是由认证中心发放并经认证中心数字签名的,包含公开密钥拥有者以及公开密钥相关信息的一种电子文件,用来证明数字证书持有者的真实身份;The above-mentioned digital certificate is also called "digital ID card" and "digital ID". It is issued by the certification center and digitally signed by the certification center. The true identity of the digital certificate holder;

上述实体为进程、线程或者控制器。The above entities are processes, threads or controllers.

进一步的,所述(1)密钥管理,通过引入对称算法和“用户实体”概念减少密钥管理层级,简化密钥存储保护,并采用三级密钥管理模式:Further, the (1) key management reduces key management levels by introducing symmetric algorithms and the concept of "user entity", simplifies key storage protection, and adopts a three-level key management model:

A、密码模块密钥、存储主密钥、平台所有者的授权数据直接存放在可信密码模块内部,通过可信密码模块的物理安全措施保护;A. The cryptographic module key, storage master key, and authorized data of the platform owner are directly stored inside the trusted cryptographic module and protected by physical security measures of the trusted cryptographic module;

B、实体加密密钥、实体认证密钥、实体权限数据等信息构成实体身份数据块,由存储根密钥加密保护,存放在TCM外部;实体拥有的各种应用密钥、P仪等由实体加密密钥加密保护,存放在TCM外部,平台通过设置实体的权限数据来控制用户对密钥的访问;B. Entity encryption key, entity authentication key, entity authority data and other information constitute the entity identity data block, which is encrypted and protected by the storage root key and stored outside the TCM; various application keys, P instruments, etc. owned by the entity The encryption key is encrypted and protected and stored outside the TCM. The platform controls the user's access to the key by setting the entity's permission data;

C、TCM的功能之一就是创建SMI对称密钥和ECC非对称密钥对,这些密钥的详细信息在创建后将保存在TCM中,但由于TCM的空间有限,必要时将他们以加密的形式放到外部的存储区中,当要使用这个密钥的时候,如上节中的加载步骤将其加载到TCM内再进行使用。C. One of the functions of TCM is to create SMI symmetric key and ECC asymmetric key pair. The details of these keys will be stored in TCM after creation, but due to the limited space of TCM, they will be encrypted if necessary. The form is placed in the external storage area. When the key is to be used, it is loaded into the TCM according to the loading steps in the previous section before use.

进一步的,所述(1)密钥管理中,迁移密钥必须在受控的环境中发生,保证密钥只从一个硬件受保护的环境转移到另一个硬件受保护的环境中。Further, in (1) key management, key migration must occur in a controlled environment, ensuring that the key is only transferred from one hardware-protected environment to another hardware-protected environment.

数据的移动性是密钥管理中的一个重要话题,当存储在一个平台上的数据需要备份到另一个平台上,与该数据相关的密钥也必须迁移,才能使这些数据可用。Data mobility is an important topic in key management. When data stored on one platform needs to be backed up to another platform, the keys associated with the data must also be migrated to make the data available.

进一步的,所述(2)密码学服务中随机数生成算法为单向散列函数将一个不可预测的输入变成犯字节长度的随机数;Further, the random number generation algorithm in the (2) cryptographic service is a one-way hash function that turns an unpredictable input into a random number with a byte length;

对称密码算法为引入对称加密算法,使用对称加密算法生成加密密钥,以及进行TCM内部的加解密操作;The symmetric encryption algorithm is to introduce a symmetric encryption algorithm, use the symmetric encryption algorithm to generate an encryption key, and perform encryption and decryption operations inside the TCM;

非对称密码算法包括公钥密码和密钥密码,公钥密码算法为ECC密码算法,密钥位长为m,ECC密码算法包括密钥对生成、签名/验证算法、加解密算法和密钥协商等方面,密钥对生成为ECC的密钥对,包括私钥d和公钥Q,其中d为小于n-1的一个随机的正整数,Q为椭圆曲线E上的一个非无穷远点且满足Q=dG,G为曲线中的一个基点;Asymmetric cryptography algorithms include public key cryptography and key cryptography. The public key cryptography algorithm is the ECC cipher algorithm, and the key bit length is m. The ECC cryptography algorithm includes key pair generation, signature/verification algorithm, encryption and decryption algorithm, and key agreement. etc., the key pair is generated as an ECC key pair, including the private key d and the public key Q, where d is a random positive integer less than n-1, Q is a non-infinity point on the elliptic curve E and Satisfy Q=dG, G is a base point in the curve;

杂凑算法为SMZ,对于给定的长度为k的消息,杂凑算法经过填充、迭代压缩和选裁,生成杂凑值,经预处理过的消息分组长度为比特,杂凑值长度为比特,杂凑函数将消息压缩为独特的数字信息,保证原有消息的合法性和安全性,SMZ是单向加密函数,并且对于任意长度的消息经处理后都将生成同样长度的杂凑值,使得比较原始消息更为方便,对于机密信息仅需保存其杂凑值,一方面,存储的杂凑值不能被破译使原始信息充分得到了保护,即使在传输过程中也不用担心杂凑值被恶意截取,另一方面,比对信息更为方便安全;The hash algorithm is SMZ. For a given message with a length of k, the hash algorithm generates a hash value after padding, iterative compression, and selection. The length of the preprocessed message group is bits, and the length of the hash value is bits. The hash function will The message is compressed into unique digital information to ensure the legitimacy and security of the original message. SMZ is a one-way encryption function, and a hash value of the same length will be generated for a message of any length after processing, making it easier to compare the original message Convenience, only the hash value needs to be saved for confidential information. On the one hand, the stored hash value cannot be deciphered so that the original information is fully protected, and there is no need to worry about the hash value being maliciously intercepted even during transmission. On the other hand, the comparison Information is more convenient and secure;

消息验证码算法HMAC需要一个加密用散列函数和一个密钥。The message authentication code algorithm HMAC requires an encryption hash function and a key.

经过杂凑算法的处理,原始信息即使只更动一个字母,对应的压缩信息也会变得截然不同,这就保证了经过处理的信息的唯一性;同时SMZ不是加密,它不可能把杂凑值解密回原始消息。After the processing of the hash algorithm, even if the original information only changes one letter, the corresponding compressed information will become completely different, which ensures the uniqueness of the processed information; at the same time, SMZ is not encrypted, it is impossible to decrypt the hash value back to the original message.

上述签名与验证算法:计算数字签名需要用到杂凑算法对待签名消息进行压缩,签名算法的输入消息是待签名消息经过杂凑算法压缩后的比特长度的摘要,验证数字签名需要用到杂凑算法对待签名消息进行压缩,验证算法的输入消息是待签名消息经过杂凑算法压缩后的m比特长度的摘要。The above signature and verification algorithm: calculating the digital signature requires the use of a hash algorithm to compress the message to be signed, the input message of the signature algorithm is a summary of the bit length of the message to be signed after being compressed by the hash algorithm, and the verification of the digital signature requires the use of the hash algorithm to treat the signature The message is compressed, and the input message of the verification algorithm is the m-bit digest of the message to be signed after being compressed by the hash algorithm.

上述加解密算法:平台中的ECC加密算法用于加密对称密钥和随机数等敏感信息,ECC加密的明文信息字节长度可变。解密算法输出明文信息。当加密信息无效时,解密算法不输出任何明文信息。The above encryption and decryption algorithm: the ECC encryption algorithm in the platform is used to encrypt sensitive information such as symmetric keys and random numbers, and the byte length of the plaintext information encrypted by ECC is variable. The decryption algorithm outputs plaintext information. When the encrypted information is invalid, the decryption algorithm does not output any plaintext information.

上述密钥协商:设密钥协商双方为A、B,其密钥对分别为(dA,QA)和(dB,QB),双方需要获得的密钥数据的比特长度为klen。密钥协商算法分为两个阶段;The above-mentioned key negotiation: assume that the two parties of the key negotiation are A and B, and their key pairs are (dA, QA) and (dB, QB) respectively, and the bit length of the key data that both parties need to obtain is klen. The key agreement algorithm is divided into two stages;

第一阶段:产生临时密钥对,用户A调用密钥对产生算法产生一对临时密钥对(rA,RA),将RA发送给B,用户B调用密钥对产生算法产生一对临时密钥对(rB,RB),将RB发送给B;The first stage: generate a temporary key pair, user A invokes the key pair generation algorithm to generate a pair of temporary key pair (rA, RA), sends RA to B, user B invokes the key pair generation algorithm to generate a pair of temporary key pair Key pair (rB, RB), send RB to B;

第二阶段:计算共享的密钥数据。Phase 2: Calculate the shared key data.

上述消息验证码算法HMAC的安全性分析:Security analysis of the above message authentication code algorithm HMAC:

消息验证码算法HMAC更像是一种加密算法,它引入了密钥,其安全性已经不完全依赖于所使用的HASH算法,安全性主要有以下几点保证:The message authentication code algorithm HMAC is more like an encryption algorithm. It introduces a key, and its security is not completely dependent on the HASH algorithm used. The security is mainly guaranteed by the following points:

A、使用的密钥是双方事先约定的,第三方不可能知道,作为非法截获信息的第三方,能够得到的信息只有作为“挑战”的随机数和作为“响应”的结果,无法根据这两个数据推算出密钥,由于不知道密钥,所以无法仿造一致的响应;A. The key used is agreed in advance by both parties, and it is impossible for a third party to know. As a third party who illegally intercepts information, the only information that can be obtained is the random number as a "challenge" and the result of a "response". The key is deduced from the data, and a consistent response cannot be forged because the key is not known;

B、消息验证码算法HMAC与一般的加密重要的区别在于它具有“瞬时”性,即认证只在当时有效,而加密算法被破解后,以前的加密结果就可能被解密。B. The important difference between the message authentication code algorithm HMAC and general encryption is that it is "instantaneous", that is, the authentication is only valid at that time, and after the encryption algorithm is cracked, the previous encryption result may be decrypted.

进一步的,所述(3)安全存储中安全存储包括以下几种方式:Further, the safe storage in (3) safe storage includes the following methods:

A、绑定:使用公钥对一个消息进行加密,接收者使用私钥解密,是一种传统的加密方式,如果一个密钥是不可迁移的密钥,则和某一个特定的绑定,在TCM中不可迁移密钥主要用于签名;A. Binding: use the public key to encrypt a message, and the receiver uses the private key to decrypt it. It is a traditional encryption method. If a key is a non-migratable key, it is bound to a specific The non-migratable key in TCM is mainly used for signature;

B、签名加助:使用私钥产生一个签名,用于保护一个消息的完整性;签名密钥由TCM产生和管理,用于对信息进行签名,通过它和一定的签名算法可以得到含有平台标识的密文,通常是不可迁移的;其中一些密钥被定义为签名密钥,则该密钥只能进行签名,而不能用来加密操作;B. Signature assistance: use the private key to generate a signature to protect the integrity of a message; the signature key is generated and managed by TCM and used to sign the information. Through it and a certain signature algorithm, you can get the platform identity The ciphertext is usually non-migratable; some of the keys are defined as signature keys, and the keys can only be used for signing, but not for encryption operations;

C、密封:在加密消息的时候加入平台状态信息,即某些的PCR值。在接收方对消息进行解密时,需先判断解密方的平台状态与加密时的PCR值相同,否则就不能进行解密。C. Sealing: Add platform status information, that is, certain PCR values, when encrypting messages. When the receiving party decrypts the message, it needs to judge that the platform status of the decrypting party is the same as the PCR value at the time of encryption, otherwise it cannot be decrypted.

D、密封签名:签名时和某些PCR的值联系起来,以说明签名时平台达到了某种状态需求。D. Sealed signature: When signing, it is associated with certain PCR values to indicate that the platform has reached a certain state requirement when signing.

进一步的,所述(5)授权协议还包括:Further, the (5) authorization agreement also includes:

A、授权数据:平台内部的密钥、敏感数据及其它需要存储保护的数据称为对象,每个对象必须具有相应的授权数据,一个授权数据可以对应多个对象,必须通过授权数据的验证才能访问对象。对象的授权数据,由用户从平台上输入,经杂凑算法进行长度归一化处理后存储;TCM拥有者的SMK的认证码是由TCM本身持有的,而每一个实体的认证码是由实体本身持有的,TCM将认证码作为能够验证实体身份的完全证据。不再需要其他的核对,知道对象的authorizationdata就表示有权使用该TCM对象,请求者的任何实体在它保存授权数据的地方还需要有额外的保护和请求,而TCM不需要;A. Authorization data: The keys, sensitive data and other data that need to be stored and protected inside the platform are called objects. Each object must have corresponding authorization data. One authorization data can correspond to multiple objects, and must pass the verification of authorization data to access object. The authorization data of the object is input by the user from the platform, and stored after length normalization processing by the hash algorithm; the authentication code of the SMK of the TCM owner is held by the TCM itself, and the authentication code of each entity is obtained by the entity Possessed by itself, the TCM uses the authentication code as full proof that it can verify the identity of the entity. There is no need for other checks. Knowing the authorization data of the object means that you have the right to use the TCM object. Any entity of the requester needs additional protection and requests where it saves the authorization data, but TCM does not;

B、授权会话:任何实体都可能与TCM进行对话,为给实体与TCM平台之间的对话提供一条安全的通道,通过这条通道可以保证交互数据以及结果的安全传输,由于这种需求的存在,引入了认证会话,session建立的目的在于确保对TCM对象的访问是经过认证的,它使用轮番随机数的协议机制,可以防止重放攻击;B. Authorized session: Any entity may have a dialogue with TCM, in order to provide a secure channel for the dialogue between the entity and the TCM platform, through which the secure transmission of interactive data and results can be guaranteed, due to the existence of this requirement , the authentication session is introduced. The purpose of session establishment is to ensure that the access to the TCM object is authenticated. It uses the protocol mechanism of random numbers in turns to prevent replay attacks;

C、协议流程:授权协议和机制的目的在于向TCM证明请求者有权利执行命令和使用一些对象。C. Protocol flow: The purpose of the authorization protocol and mechanism is to prove to the TCM that the requester has the right to execute commands and use some objects.

上述请求者是指希望在TCM上执行命令或者使用特殊实体。The above-mentioned requester refers to the entity that wishes to execute commands on the TCM or use a special entity.

进一步的,所述协议流程的协议满足如下要求:Further, the protocol of the protocol process meets the following requirements:

1)AP会话以TCM_AP_CREATE命令发起,以TCM_AP_TERMINATE结束;1) The AP session is initiated with the TCM_AP_CREATE command and ends with TCM_AP_TERMINATE;

2)协议提供认证机制以AuthData为共享秘密生成会话密钥,并基于该会话密钥生成校验值,用以判断调用者是否拥有对某一实体的权限;2) The protocol provides an authentication mechanism that uses AuthData as the shared secret to generate a session key, and generates a verification value based on the session key to determine whether the caller has the authority to a certain entity;

3)协议提供完整性保护机制。以双方共享的会话密钥对功能调用阶段的数据包进行完整性保护;3) The protocol provides an integrity protection mechanism. Integrity protection of the data packets in the function call phase with the session key shared by both parties;

4)TCMAPCREATE命令中计算为可选项;4) The calculation in the TCMAPCREATE command is optional;

5)协议提供可选的机密性保护机制,根据需要以双方共享的会话密钥对功能调用阶段的数据包进行加密保护,IfEncrypted为是否对通信数据包进行加密的标志,在特殊情况下通信数据本身己经加密,如密钥迁移,可以选择对通信数据不加密,表中所描述的为数据包被加密的情况;5) The protocol provides an optional confidentiality protection mechanism. According to the needs, the data packets in the function call phase are encrypted and protected with the session key shared by both parties. IfEncrypted is a sign of whether to encrypt the communication data packets. In special cases, the communication data It has already been encrypted, such as key migration, you can choose not to encrypt the communication data, and the description in the table is the situation where the data packet is encrypted;

6)协议提供抗重播机制seqNonce为抗重播序列号,由TCM生成并在外部调用者和TCM之间共享,双方各自维护序列号,每发送一个数据包序列号自增1,用以防止重播攻击。6) The protocol provides an anti-replay mechanism. seqNonce is an anti-replay sequence number, which is generated by the TCM and shared between the external caller and the TCM. Both parties maintain the sequence number, and the sequence number is incremented by 1 each time a data packet is sent to prevent replay attacks. .

进一步的,所述(6)证书管理中,当发送一份保密文件时,发送方使用接收方的公钥对数据加密,而接收方则使用自己的私钥解密,这样信息就可以安全无误地到达目的地;通过使用数字证书,使用者可以得到如下保证:信息除发送方和接收方外不被其它人窃取信息在传输过程中不被篡改发送方能够通过数字证书来确认接收方的身份发送方对于自己的信息不能抵赖信息自数字签名后到收到为止,未曾作过任何修改,签发的文件是真实文件。Further, in (6) certificate management, when sending a confidential document, the sender uses the receiver’s public key to encrypt the data, and the receiver uses its own private key to decrypt, so that the information can be safely and correctly Reach the destination; by using digital certificates, users can get the following guarantees: the information will not be stolen by others except the sender and the receiver, and the information will not be tampered with during transmission. The sender can confirm the identity of the receiver through the digital certificate. The party cannot deny that the information has not been modified since it was digitally signed until it was received, and the issued document is a real document.

进一步的,数字证书采用公钥机制,证书颁发机构提供的程序为用户产生一对密钥,一把是公开的公钥,它将在用户的数字证书中公布并寄存于数字证书认证中心,另一把是私人的私钥,它将存放在用户的计算机上。Furthermore, the digital certificate adopts the public key mechanism. The program provided by the certificate authority generates a pair of keys for the user. One is a public public key, which will be published in the user's digital certificate and stored in the digital certificate certification center. One is the private private key, which will be stored on the user's computer.

进一步的,所述数字证书要进行鉴别通信和保密通信,鉴别通信为发送方使用自己的私钥对明文进行加密,接收方使用发送方的公钥对密文进行解密;保密通信为发送方使用接收方的公钥对明文进行加密,接受方使用自己的私钥对密文进行解密。Further, the digital certificate needs to carry out authentication communication and confidential communication. For authentication communication, the sender uses its own private key to encrypt the plaintext, and the receiver uses the sender’s public key to decrypt the ciphertext; for confidential communication, the sender uses The recipient's public key encrypts the plaintext, and the recipient uses its own private key to decrypt the ciphertext.

上述鉴别通信中接收方使用发送方的公钥进行解密,可以确信信息是由发送方加密的,也就可以鉴别了发送方的身份;保密通信中由于只有接收方才能对由自己的公钥加密的信息解密,因此可以实现保密通信。In the above-mentioned authentication communication, the receiver uses the sender's public key to decrypt, so it can be sure that the information is encrypted by the sender, and the identity of the sender can be identified; The information decryption, so that secure communication can be realized.

有益效果:本发明可信软件栈功能架构的构建方法,所构建的基于安全芯片的电力业务终端多级安全模型,在软件层建立可信软件栈,为系统提供度量应用程序的工具,系统可以通过可信软件栈调用可信芯片,实现对应用程序的度量;可信软件栈实现支持应用可信平台模块功能的单个入口点、提供对可信平台模块的同步访问功能、给上层应用程序提供合适的接口来隐藏可信平台模块的指令流和管理可信平台模块资源。Beneficial effects: the construction method of the trusted software stack functional framework of the present invention, the constructed multi-level security model of the power service terminal based on the security chip, establishes a trusted software stack at the software layer, and provides the system with tools for measuring application programs, and the system can The trusted chip is called by the trusted software stack to realize the measurement of the application program; the trusted software stack implements a single entry point that supports the application of the trusted platform module function, provides synchronous access to the trusted platform module, and provides upper-layer applications with Appropriate interfaces to hide the instruction flow of the TPM and manage TPM resources.

附图说明Description of drawings

图1为本发明可信计算机平台软件栈功能架构图;Fig. 1 is a functional architecture diagram of the trusted computer platform software stack of the present invention;

图2为本发明可信计算机平台软件栈中平台完整性验证流程图;Fig. 2 is a flow chart of platform integrity verification in the trusted computer platform software stack of the present invention;

图3为本发明密钥的产生和加载过程图。Fig. 3 is a process diagram of key generation and loading in the present invention.

具体实施方式Detailed ways

实施例1Example 1

如图1-3所示,一种可信计算机平台软件栈功能架构的构建方法,可信计算机平台软件栈功能架构的构建方法包括:As shown in Figure 1-3, a method for constructing the functional architecture of the trusted computer platform software stack, the method for constructing the functional architecture of the trusted computer platform software stack includes:

(1)密钥管理:用户通过调用可信计算平台的硬件模块TCM_CreateWrapKey命令,TCM产生对称加密密钥或ECC密钥对,并用上一级密钥加密存储;创建密钥时设置使用密码和迁移密码,使用密码用于加密和解密操作的使用授权,但不允许发现实际密码值的迁移密码对用户在一个特定的公钥下迁移密钥进行授权;当用户需要使用该密钥时,调用TCM_LoadWrapKey命令,TCM用父密钥解密并将它载入到一个空闲的区域,返回keyhandle,供用户使用;通过引入对称算法和“用户实体”概念减少密钥管理层级,简化密钥存储保护,并采用三级密钥管理模式:(1) Key management: The user calls the TCM_CreateWrapKey command of the hardware module of the trusted computing platform, and the TCM generates a symmetric encryption key or an ECC key pair, which is encrypted and stored with the upper-level key; when creating a key, set the password and migration Password, use the password to authorize the use of encryption and decryption operations, but do not allow the migration password to find the actual password value to authorize the user to migrate the key under a specific public key; when the user needs to use the key, call TCM_LoadWrapKey command, TCM decrypts with the parent key and loads it into a free area, and returns the keyhandle for the user; by introducing the symmetric algorithm and the concept of "user entity", the key management level is reduced, the key storage protection is simplified, and the key storage protection is adopted Three-level key management mode:

A、密码模块密钥、存储主密钥、平台所有者的授权数据直接存放在可信密码模块内部,通过可信密码模块的物理安全措施保护;A. The cryptographic module key, storage master key, and authorized data of the platform owner are directly stored inside the trusted cryptographic module and protected by physical security measures of the trusted cryptographic module;

B、实体加密密钥、实体认证密钥、实体权限数据等信息构成实体身份数据块,由存储根密钥加密保护,存放在TCM外部;实体拥有的各种应用密钥、P仪等由实体加密密钥加密保护,存放在TCM外部,平台通过设置实体的权限数据来控制用户对密钥的访问;B. Entity encryption key, entity authentication key, entity authority data and other information constitute the entity identity data block, which is encrypted and protected by the storage root key and stored outside the TCM; various application keys, P instruments, etc. owned by the entity The encryption key is encrypted and protected and stored outside the TCM. The platform controls the user's access to the key by setting the entity's permission data;

C、TCM的功能之一就是创建SMI对称密钥和ECC非对称密钥对,这些密钥的详细信息在创建后将保存在TCM中,但由于TCM的空间有限,必要时将他们以加密的形式放到外部的存储区中,当要使用这个密钥的时候,如上节中的加载步骤将其加载到TCM内再进行使用;C. One of the functions of TCM is to create SMI symmetric key and ECC asymmetric key pair. The details of these keys will be stored in TCM after creation, but due to the limited space of TCM, they will be encrypted if necessary. The form is placed in the external storage area. When the key is to be used, it is loaded into the TCM according to the loading steps in the previous section before use;

数据的移动性是密钥管理中的一个重要话题,当存储在一个平台上的数据需要备份到另一个平台上,与该数据相关的密钥也必须迁移,才能使这些数据可用;迁移密钥必须在受控的环境中发生,保证密钥只从一个硬件受保护的环境转移到另一个硬件受保护的环境中。Data mobility is an important topic in key management. When data stored on one platform needs to be backed up to another platform, the keys related to the data must also be migrated to make the data available; migration keys This must occur in a controlled environment, ensuring that keys are only transferred from one hardware-protected environment to another.

(2)密码学服务:可信计算机平台中配备的密码算法包括随机数生成算法、杂凑算法、消息验证码算法、对称密码算法和非对称密码算法;(2) Cryptography services: The cryptographic algorithms equipped on trusted computer platforms include random number generation algorithms, hash algorithms, message authentication code algorithms, symmetric cryptographic algorithms, and asymmetric cryptographic algorithms;

A、随机数生成算法:单向散列函数将一个不可预测的输入变成犯字节长度的随机数;A. Random number generation algorithm: a one-way hash function turns an unpredictable input into a random number with a byte length;

B、对称密码算法:引入对称加密算法,使用对称加密算法生成加密密钥,以及进行TCM内部的加解密操作;B. Symmetric encryption algorithm: introduce a symmetric encryption algorithm, use the symmetric encryption algorithm to generate an encryption key, and perform encryption and decryption operations inside the TCM;

C、非对称密码算法:公钥密码算法为ECC密码算法,密钥位长为m,ECC密码算法包括密钥对生成、签名/验证算法、加解密算法和密钥协商等方面,C. Asymmetric cryptographic algorithm: The public key cryptographic algorithm is ECC cryptographic algorithm, and the key bit length is m. ECC cryptographic algorithm includes key pair generation, signature/verification algorithm, encryption and decryption algorithm, and key negotiation.

密钥对生成:ECC的密钥对包括私钥d和公钥Q,其中d为小于n-1的一个随机的正整数,Q为椭圆曲线E上的一个非无穷远点且满足Q=dG,G为曲线中的一个基点;Key pair generation: ECC key pair includes private key d and public key Q, where d is a random positive integer less than n-1, Q is a non-infinity point on the elliptic curve E and satisfies Q=dG , G is a base point in the curve;

签名与验证算法:计算数字签名需要用到杂凑算法对待签名消息进行压缩,签名算法的输入消息是待签名消息经过杂凑算法压缩后的比特长度的摘要,验证数字签名需要用到杂凑算法对待签名消息进行压缩,验证算法的输入消息是待签名消息经过杂凑算法压缩后的m比特长度的摘要;Signature and Verification Algorithm: To calculate a digital signature, a hash algorithm is required to compress the message to be signed. The input message of the signature algorithm is a summary of the bit length of the message to be signed after being compressed by the hash algorithm. To verify a digital signature, a hash algorithm is required to treat the signed message Compression, the input message of the verification algorithm is a summary of the length of m bits after the message to be signed is compressed by the hash algorithm;

加解密算法:平台中的ECC加密算法用于加密对称密钥和随机数等敏感信息,ECC加密的明文信息字节长度可变。解密算法输出明文信息。当加密信息无效时,解密算法不输出任何明文信息;Encryption and decryption algorithm: The ECC encryption algorithm in the platform is used to encrypt sensitive information such as symmetric keys and random numbers, and the byte length of the plaintext information encrypted by ECC is variable. The decryption algorithm outputs plaintext information. When the encrypted information is invalid, the decryption algorithm does not output any plaintext information;

密钥协商:设密钥协商双方为A、B,其密钥对分别为(dA,QA)和(dB,QB),双方需要获得的密钥数据的比特长度为klen。密钥协商算法分为两个阶段;Key negotiation: Let A and B be the two parties in the key negotiation, and their key pairs are (dA, QA) and (dB, QB) respectively, and the bit length of the key data that both parties need to obtain is klen. The key agreement algorithm is divided into two stages;

第一阶段:产生临时密钥对,用户A调用密钥对产生算法产生一对临时密钥对(rA,RA),将RA发送给B,用户B调用密钥对产生算法产生一对临时密钥对(rB,RB),将RB发送给B;The first stage: generate a temporary key pair, user A invokes the key pair generation algorithm to generate a pair of temporary key pair (rA, RA), sends RA to B, user B invokes the key pair generation algorithm to generate a pair of temporary key pair Key pair (rB, RB), send RB to B;

第二阶段:计算共享的密钥数据;The second stage: calculate the shared key data;

D、杂凑算法:杂凑算法为SMZ,对于给定的长度为k的消息,杂凑算法经过填充、迭代压缩和选裁,生成杂凑值,经预处理过的消息分组长度为比特,杂凑值长度为比特,杂凑函数将消息压缩为独特的数字信息,保证原有消息的合法性和安全性,经过杂凑算法的处理,原始信息即使只更动一个字母,对应的压缩信息也会变得截然不同,这就保证了经过处理的信息的唯一性;同时SMZ不是加密,它不可能把杂凑值解密回原始消息;SMZ是单向加密函数,并且对于任意长度的消息经处理后都将生成同样长度的杂凑值,使得比较原始消息更为方便,对于机密信息仅需保存其杂凑值,一方面,存储的杂凑值不能被破译使原始信息充分得到了保护,即使在传输过程中也不用担心杂凑值被恶意截取,另一方面,比对信息更为方便安全;D. Hash algorithm: The hash algorithm is SMZ. For a given message with a length of k, the hash algorithm generates a hash value through padding, iterative compression, and selection. The length of the preprocessed message group is bits, and the length of the hash value is Bit, the hash function compresses the message into unique digital information to ensure the legitimacy and security of the original message. After the hash algorithm is processed, even if the original information is only changed by one letter, the corresponding compressed information will become completely different. This ensures the uniqueness of the processed information; at the same time, SMZ is not encrypted, it is impossible to decrypt the hash value back to the original message; SMZ is a one-way encryption function, and will generate the same length for any length of message after processing The hash value makes it more convenient to compare the original message. For confidential information, only the hash value needs to be saved. On the one hand, the stored hash value cannot be deciphered so that the original information is fully protected, and there is no need to worry about the hash value being destroyed even during transmission. Malicious interception, on the other hand, is more convenient and safer than information manipulation;

E、消息验证码算法:消息验证码算法HMAC需要一个加密用散列函数和一个密钥。E. Message authentication code algorithm: The message authentication code algorithm HMAC requires an encryption hash function and a key.

消息验证码算法HMAC的安全性分析:Security analysis of message authentication code algorithm HMAC:

消息验证码算法HMAC更像是一种加密算法,它引入了密钥,其安全性已经不完全依赖于所使用的HASH算法,安全性主要有以下几点保证:The message authentication code algorithm HMAC is more like an encryption algorithm. It introduces a key, and its security is not completely dependent on the HASH algorithm used. The security is mainly guaranteed by the following points:

A、使用的密钥是双方事先约定的,第三方不可能知道,作为非法截获信息的第三方,能够得到的信息只有作为“挑战”的随机数和作为“响应”的结果,无法根据这两个数据推算出密钥,由于不知道密钥,所以无法仿造一致的响应;A. The key used is agreed in advance by both parties, and it is impossible for a third party to know. As a third party who illegally intercepts information, the only information that can be obtained is the random number as a "challenge" and the result of a "response". The key is deduced from the data, and a consistent response cannot be forged because the key is not known;

B、消息验证码算法HMAC与一般的加密重要的区别在于它具有“瞬时”性,即认证只在当时有效,而加密算法被破解后,以前的加密结果就可能被解密。B. The important difference between the message authentication code algorithm HMAC and general encryption is that it is "instantaneous", that is, the authentication is only valid at that time, and after the encryption algorithm is cracked, the previous encryption result may be decrypted.

(3)安全存储:TCM提供对于密钥和其它敏感数据的安全存储功能,保证存储在其中的密钥和敏感信息不会被破坏、更改和泄漏,以及未授权使用;安全存储中安全存储包括以下几种方式:(3) Secure storage: TCM provides secure storage functions for keys and other sensitive data, ensuring that the stored keys and sensitive information will not be destroyed, changed, leaked, or used without authorization; secure storage includes: The following ways:

A、绑定:使用公钥对一个消息进行加密,接收者使用私钥解密,是一种传统的加密方式,如果一个密钥是不可迁移的密钥,则和某一个特定的绑定,在TCM中不可迁移密钥主要用于签名;A. Binding: use the public key to encrypt a message, and the receiver uses the private key to decrypt it. It is a traditional encryption method. If a key is a non-migratable key, it is bound to a specific The non-migratable key in TCM is mainly used for signature;

B、签名加助:使用私钥产生一个签名,用于保护一个消息的完整性;签名密钥由TCM产生和管理,用于对信息进行签名,通过它和一定的签名算法可以得到含有平台标识的密文,通常是不可迁移的;其中一些密钥被定义为签名密钥,则该密钥只能进行签名,而不能用来加密操作;B. Signature assistance: use the private key to generate a signature to protect the integrity of a message; the signature key is generated and managed by TCM and used to sign the information. Through it and a certain signature algorithm, you can get the platform identity The ciphertext is usually non-migratable; some of the keys are defined as signature keys, and the keys can only be used for signing, but not for encryption operations;

C、密封:在加密消息的时候加入平台状态信息,即某些的PCR值。在接收方对消息进行解密时,需先判断解密方的平台状态与加密时的PCR值相同,否则就不能进行解密。C. Sealing: Add platform status information, that is, certain PCR values, when encrypting messages. When the receiving party decrypts the message, it needs to judge that the platform status of the decrypting party is the same as the PCR value at the time of encryption, otherwise it cannot be decrypted.

D、密封签名:签名时和某些PCR的值联系起来,以说明签名时平台达到了某种状态需求。D. Sealed signature: When signing, it is associated with certain PCR values to indicate that the platform has reached a certain state requirement when signing.

(4)完整性验证:可信计算机平台完整性验证包括完整性度量、存储与报告三方面;完整性度量是指计算度量值,记录该事件到事件日志,并把度量值记入相应的平台配置寄存器PCR中;完整性度量是为保证可信计算平台的可信性引入,是指任何想要获得平台控制权的实体,在获得控制权之前都要被度量;完整性报告是指TCM向验证者提供其保护区域中平台或部分部件的完整性的度量值、日志中的度量事件和相关的证书,验证者可以通过完整性报告判断平台的状态;验证者可通过分析完整性度量事件日志信息判断该PCR值是否来自正确的度量过程;可信计算机平台向外部实体提供完整性度量值报告的功能,所报告的度量值作为判断平台可信性的依据。(4) Integrity verification: Integrity verification of trusted computer platforms includes three aspects: integrity measurement, storage and reporting; integrity measurement refers to calculating the measurement value, recording the event to the event log, and recording the measurement value into the corresponding platform In the configuration register PCR; Integrity measurement is introduced to ensure the credibility of the trusted computing platform, which means that any entity that wants to gain control of the platform must be measured before obtaining control; The verifier provides the integrity measurement value of the platform or some components in its protected area, the measurement events in the log and related certificates, and the verifier can judge the status of the platform through the integrity report; the verifier can analyze the integrity measurement event log The information judges whether the PCR value comes from the correct measurement process; the trusted computer platform provides the function of reporting the integrity measurement value to the external entity, and the reported measurement value is used as the basis for judging the credibility of the platform.

(5)授权协议:任何实体(进程、线程或者控制器)可提交TCM命令,实体和TCM平台之间形成一条安全的交流通道,通过这条交流通道提交TCM命令并且返回结果;交流通道为完成面向session的信息交换遵循请求-响应语义学,协议实现外部实体与TCM之间的授权认证、信息的完整性验证和敏感数据的机密性保护:(5) Authorization protocol: any entity (process, thread or controller) can submit a TCM command, and a secure communication channel is formed between the entity and the TCM platform, through which the TCM command is submitted and the result is returned; the communication channel is completed Session-oriented information exchange follows request-response semantics, and the protocol implements authorization authentication between external entities and TCM, information integrity verification, and confidentiality protection of sensitive data:

A、授权数据:平台内部的密钥、敏感数据及其它需要存储保护的数据称为对象,每个对象必须具有相应的授权数据,一个授权数据可以对应多个对象,必须通过授权数据的验证才能访问对象。对象的授权数据,由用户从平台上输入,经杂凑算法进行长度归一化处理后存储;TCM拥有者的SMK的认证码是由TCM本身持有的,而每一个实体的认证码是由实体本身持有的,TCM将认证码作为能够验证实体身份的完全证据。不再需要其他的核对,知道对象的authorizationdata就表示有权使用该TCM对象,请求者(希望在TCM上执行命令或者使用特殊实体)的任何实体在它保存授权数据的地方还需要有额外的保护和请求,而TCM不需要;A. Authorization data: The keys, sensitive data and other data that need to be stored and protected inside the platform are called objects. Each object must have corresponding authorization data. One authorization data can correspond to multiple objects, and must pass the verification of authorization data to access object. The authorization data of the object is input by the user from the platform, and stored after length normalization processing by the hash algorithm; the authentication code of the SMK of the TCM owner is held by the TCM itself, and the authentication code of each entity is obtained by the entity Possessed by itself, the TCM uses the authentication code as full proof that it can verify the identity of the entity. No further checks are needed, knowing the authorizationdata of an object indicates the right to use the TCM object, any entity that is requesting (wishing to execute commands on the TCM or use a special entity) needs additional protection where it stores authorization data and requests, while TCM does not;

B、授权会话:任何实体都可能与TCM进行对话,为给实体与TCM平台之间的对话提供一条安全的通道,通过这条通道可以保证交互数据以及结果的安全传输,由于这种需求的存在,引入了认证会话,session建立的目的在于确保对TCM对象的访问是经过认证的,它使用轮番随机数的协议机制,可以防止重放攻击;B. Authorized session: Any entity may have a dialogue with TCM, in order to provide a secure channel for the dialogue between the entity and the TCM platform, through which the secure transmission of interactive data and results can be guaranteed, due to the existence of this requirement , the authentication session is introduced. The purpose of session establishment is to ensure that the access to the TCM object is authenticated. It uses the protocol mechanism of random numbers in turns to prevent replay attacks;

C、协议流程:授权协议和机制的目的在于向TCM证明请求者有权利执行命令和使用一些对象,协议满足如下要求:C. Protocol flow: The purpose of the authorization protocol and mechanism is to prove to the TCM that the requester has the right to execute commands and use some objects. The protocol meets the following requirements:

1)AP会话以TCM_AP_CREATE命令发起,以TCM_AP_TERMINATE结束;1) The AP session is initiated with the TCM_AP_CREATE command and ends with TCM_AP_TERMINATE;

2)协议提供认证机制以AuthData为共享秘密生成会话密钥,并基于该会话密钥生成校验值,用以判断调用者是否拥有对某一实体的权限;2) The protocol provides an authentication mechanism that uses AuthData as the shared secret to generate a session key, and generates a verification value based on the session key to determine whether the caller has the authority to a certain entity;

3)协议提供完整性保护机制。以双方共享的会话密钥对功能调用阶段的数据包进行完整性保护;3) The protocol provides an integrity protection mechanism. Integrity protection of the data packets in the function call phase with the session key shared by both parties;

4)TCMAPCREATE命令中计算为可选项;4) The calculation in the TCMAPCREATE command is optional;

5)协议提供可选的机密性保护机制,根据需要以双方共享的会话密钥对功能调用阶段的数据包进行加密保护,IfEncrypted为是否对通信数据包进行加密的标志,在特殊情况下通信数据本身己经加密,如密钥迁移,可以选择对通信数据不加密,表中所描述的为数据包被加密的情况;5) The protocol provides an optional confidentiality protection mechanism. According to the needs, the data packets in the function call phase are encrypted and protected with the session key shared by both parties. IfEncrypted is a sign of whether to encrypt the communication data packets. In special cases, the communication data It has already been encrypted, such as key migration, you can choose not to encrypt the communication data, and the description in the table is the situation where the data packet is encrypted;

6)协议提供抗重播机制seqNonce为抗重播序列号,由TCM生成并在外部调用者和TCM之间共享,双方各自维护序列号,每发送一个数据包序列号自增1,用以防止重播攻击。6) The protocol provides an anti-replay mechanism. seqNonce is an anti-replay sequence number, which is generated by the TCM and shared between the external caller and the TCM. Both parties maintain the sequence number, and the sequence number is incremented by 1 each time a data packet is sent to prevent replay attacks. .

(6)证书管理:数字证书又叫“数字身份证”、“数字ID”,是由认证中心发放并经认证中心数字签名的,包含公开密钥拥有者以及公开密钥相关信息的一种电子文件,用来证明数字证书持有者的真实身份;数字证书采用公开密钥体制,即利用一对互相匹配的密钥进行加密、解密;每个用户自己设定一把特定的、仅为本人所知的专有密钥私钥,用它进行解密和签名同时设定一把公共密钥公钥并由本人公开,用于加密和验证签名;当发送一份保密文件时,发送方使用接收方的公钥对数据加密,而接收方则使用自己的私钥解密,这样信息就可以安全无误地到达目的地;通过使用数字证书,使用者可以得到如下保证:信息除发送方和接收方外不被其它人窃取信息在传输过程中不被篡改发送方能够通过数字证书来确认接收方的身份发送方对于自己的信息不能抵赖信息自数字签名后到收到为止,未曾作过任何修改,签发的文件是真实文件。(6) Certificate management: Digital certificates are also called "digital ID cards" and "digital IDs". They are issued by the certification center and digitally signed by the certification center. documents, used to prove the true identity of the holder of the digital certificate; the digital certificate adopts the public key system, that is, a pair of matching keys is used for encryption and decryption; each user sets a specific Known private key private key, use it to decrypt and sign at the same time set a public key public key and make it public for encryption and signature verification; when sending a confidential document, the sender uses the receiving The party's public key encrypts the data, and the receiver uses its own private key to decrypt, so that the information can reach the destination safely and without error; by using digital certificates, the user can obtain the following guarantees: The information will not be stolen by others. The information will not be tampered with during transmission. The sender can confirm the identity of the receiver through digital certificate. The files are real files.

数字证书采用公钥机制,证书颁发机构提供的程序为用户产生一对密钥,一把是公开的公钥,它将在用户的数字证书中公布并寄存于数字证书认证中心,另一把是私人的私钥,它将存放在用户的计算机上。The digital certificate adopts the public key mechanism. The program provided by the certificate authority generates a pair of keys for the user. One is the public public key, which will be published in the user's digital certificate and stored in the digital certificate certification center, and the other is the public key. The private private key, which will be stored on the user's computer.

数字证书要进行鉴别通信和保密通信,鉴别通信为发送方使用自己的私钥对明文进行加密,接收方使用发送方的公钥对密文进行解密,可以确信信息是由发送方加密的,也就可以鉴别了发送方的身份;保密通信为发送方使用接收方的公钥对明文进行加密,接受方使用自己的私钥对密文进行解密;由于只有接收方才能对由自己的公钥加密的信息解密,因此可以实现保密通信。Digital certificates need to carry out authentication communication and confidential communication. In authentication communication, the sender uses its own private key to encrypt the plaintext, and the receiver uses the sender’s public key to decrypt the ciphertext. It can be sure that the information is encrypted by the sender, and The identity of the sender can be identified; the confidential communication is that the sender uses the receiver's public key to encrypt the plaintext, and the receiver uses its own private key to decrypt the ciphertext; since only the receiver can encrypt the plaintext encrypted by its own public key The information decryption, so that secure communication can be realized.

可信计算机平台将提供至少以下三种基本属性功能:The trusted computer platform will provide at least the following three basic attribute functions:

(1)保护存储(1) Protect storage

它是一个可以对受保护区域进行排外访问的指令集。受保护区域是可以安全的对敏感数据进行操作的区域,TPM使用保护存储和平台完整性测量报告来实现保护能力。保护存储是以一种可信的方法来执行计算和保护存储数据。TPM提供对于密钥和其它敏感数据的安全存储功能,保证存储在其中的密钥和敏感信息不会被破坏、更改和泄漏,以及未授权使用,保护存储的实现。It is an instruction set that enables exclusive access to protected areas. The protected area is an area where sensitive data can be safely operated. TPM uses protected storage and platform integrity measurement reports to achieve protection capabilities. Protected storage is a trusted way to perform computations and protect stored data. TPM provides a secure storage function for keys and other sensitive data, ensuring that the keys and sensitive information stored in it will not be destroyed, changed, leaked, and used without authorization to protect the implementation of storage.

(2)平台的完整性测量、存储、报告(2) Integrity measurement, storage and reporting of the platform

主要用于对平台配置信息的可信描述。它是一个获取影响平台完整性的平台指标,存储这些指标并把这些指标的摘要信息存放平台配置寄存器中的过程。测量的开始点被称为用于测量的可信根。一个静态的测量可信根是来自于一个启动状态例如加电的自检。一个测量的动态可信根是来自于一个不可信状态向可信状态的转换。处于完整性测量和完整性报告之间的是完整性存储。完整性存储将完整性指标存储在日志文件中同时将这些指标的摘要信息存储在平台配置寄存器中。完整性报告是一个证明完整性存储内容的过程。对于完整性测量、存储、报告的方法要求平台可以进入任何可能的状态包括不期望的和不安全的状态,但是不允许平台对它所处状态进行欺骗性的报告。It is mainly used for credible description of platform configuration information. It is a process of obtaining platform indicators that affect the integrity of the platform, storing these indicators and storing the summary information of these indicators in the platform configuration register. The starting point for measurement is called the root of trust for measurement. A static measurement root of trust is derived from a startup state such as power-on self-test. A measured dynamic root of trust results from a transition from an untrusted state to a trusted state. Sitting between integrity measurement and integrity reporting is integrity storage. Integrity storage stores integrity metrics in log files and a summary of those metrics in platform configuration registers. Integrity reporting is the process of proving the integrity of stored content. The methods of integrity measurement, storage and reporting require that the platform can enter any possible state including undesired and unsafe states, but the platform is not allowed to report its state fraudulently.

(3)身份证明(3) Identity certificate

证明是保证信息准确性的一个过程,是一个平台对影响平台完整性的平台属性的证明。所有形式的证明都需要待证明实体的可信赖的证据。实质上,这意味着一个可信平台应该可以保护攻击,有能力证明它的平台代码和数据的完整性,对代码的执行实现保护,维护敏感信息的机密性。为了确保可信,一个可信平台可以可靠的测量有关它自身的任何属性指标并且证明它。一些有用的属性指标包括平台装载的软件和任意的硬件设备。用户将必须审核这些属性指标是否与单独获得的可信值相一致以决定这个平台是否是值得信赖的。Proof is a process to ensure the accuracy of information, and it is a platform's proof of platform attributes that affect the integrity of the platform. All forms of proof require trustworthy evidence of the entity to be proved. In essence, this means that a trusted platform should be able to protect against attacks, have the ability to prove the integrity of its platform code and data, implement protection for code execution, and maintain the confidentiality of sensitive information. To ensure trustworthiness, a trusted platform can reliably measure any attribute index about itself and prove it. Some useful attribute indicators include platform loaded software and any hardware devices. Users will have to review whether these attribute indicators are consistent with the trustworthy values obtained separately to decide whether the platform is trustworthy.

所以一个可信计算软件栈必须包括密码算法、密钥管理、证书管理、密码协议、密码服务等内容,为平台自身的完整性、身份可信性和数据安全性提供密码支持。Therefore, a trusted computing software stack must include cryptographic algorithms, key management, certificate management, cryptographic protocols, and cryptographic services to provide cryptographic support for the platform's own integrity, identity credibility, and data security.

平台完整性验证包括完整性度量、存储与报告三方面。完整性度量是指计算度量值,记录该事件到事件日志,并把度量值记入相应的PCR中。完整性度量是为保证可信计算平台的可信性引入,它是指任何想要获得平台控制权的实体,在获得控制权之前都要被度量。完整性报告是指TCM向验证者提供其保护区域中平台或部分部件的完整性的度量值、日志中的度量事件和相关的证书,验证者可以通过完整性报告判断平台的状态。验证者可通过分析完整性度量事件日志信息判断该PCR值是否来自正确的度量过程。平台向外部实体提供完整性度量值报告的功能,所报告的度量值作为判断平台可信性的依据。具体过程如下:Platform integrity verification includes three aspects: integrity measurement, storage and reporting. Integrity measurement refers to calculating the measurement value, recording the event to the event log, and recording the measurement value into the corresponding PCR. Integrity measurement is introduced to ensure the credibility of the trusted computing platform. It means that any entity that wants to gain control of the platform must be measured before gaining control. Integrity report means that TCM provides the verifier with the measured value of the integrity of the platform or some components in its protected area, the measured events in the log and related certificates, and the verifier can judge the status of the platform through the integrity report. The verifier can judge whether the PCR value comes from the correct measurement process by analyzing the integrity measurement event log information. The platform provides the function of integrity measurement report to external entities, and the reported measurement value is used as the basis for judging the credibility of the platform. The specific process is as follows:

①想要获得平台控制权的外部实体,请求平台发送完整性度量报告;①An external entity that wants to gain control of the platform requests the platform to send an integrity measurement report;

②基于自主密码的可信计算平台接收实体发送的请求;②The trusted computing platform based on autonomous cryptography receives the request sent by the entity;

③可信平台中的可信密码模块收集PCR值;③ The trusted cryptographic module in the trusted platform collects the PCR value;

④PIK(签名密钥)对PCR值进行签名返回给外部实体;④ PIK (signature key) signs the PCR value and returns it to the external entity;

⑤外部实体验证PIK证书和PCR签名;⑤ The external entity verifies the PIK certificate and PCR signature;

⑥外部实体比对PCR值与平台完整性基准值,判断当前平台状态可不可信。⑥ The external entity compares the PCR value with the platform integrity benchmark value to determine whether the current platform status is credible.

用户通过调用TCM_Create_WrapKey命令,TCM产生对称加密密钥或密钥对,并用上一级密钥加密存储。创建密钥时可以设置两个密码使用密码和迁移密码。使用密码用于加密和解密操作的使用授权,但不允许发现实际的密码值迁移密码对用户在一个特定的公钥下迁移一个密钥进行授权。By calling the TCM_Create_WrapKey command, the TCM generates a symmetric encryption key or key pair, and stores them encrypted with the upper-level key. Two passwords can be set when creating a key: a usage password and a migration password. Use a password for authorization of use for encryption and decryption operations, but does not allow discovery of the actual password value. Migration ciphers authorize users to migrate a key under a specific public key.

当用户需要使用该密钥时,调用TCM_LoadKey命令,用父密钥解密并将它载入到一个空闲的区域,返回keyhandle,供用户使用。When the user needs to use the key, call the TCM_LoadKey command, decrypt it with the parent key and load it into a free area, and return the keyhandle for the user to use.

本发明未提及的技术均为现有技术。The technologies not mentioned in the present invention are all prior art.

Claims (10)

1.一种可信计算机平台软件栈功能架构的构建方法,其特征在于:可信计算机平台软件栈功能架构的构建方法包括:1. A method for building a trusted computer platform software stack functional architecture, characterized in that: the method for building a trusted computer platform software stack functional architecture includes: (1)密钥管理:用户通过调用可信计算平台的硬件模块TCM_CreateWrapKey命令,TCM产生对称加密密钥或ECC密钥对,并用上一级密钥加密存储;创建密钥时设置使用密码和迁移密码,使用密码用于加密和解密操作的使用授权,但不允许发现实际密码值的迁移密码对用户在一个特定的公钥下迁移密钥进行授权;当用户需要使用该密钥时,调用TCM_LoadWrapKey命令,TCM用父密钥解密并将它载入到一个空闲的区域,返回keyhandle,供用户使用;(1) Key management: The user calls the TCM_CreateWrapKey command of the hardware module of the trusted computing platform, and the TCM generates a symmetric encryption key or an ECC key pair, which is encrypted and stored with the upper-level key; when creating a key, set the password and migration Password, use the password to authorize the use of encryption and decryption operations, but do not allow the migration password to find the actual password value to authorize the user to migrate the key under a specific public key; when the user needs to use the key, call TCM_LoadWrapKey Command, TCM decrypts with the parent key and loads it into a free area, returns the keyhandle for the user to use; (2)密码学服务:可信计算机平台中配备的密码算法包括随机数生成算法、杂凑算法、消息验证码算法、对称密码算法和非对称密码算法;(2) Cryptography services: The cryptographic algorithms equipped on trusted computer platforms include random number generation algorithms, hash algorithms, message authentication code algorithms, symmetric cryptographic algorithms, and asymmetric cryptographic algorithms; (3)安全存储:TCM提供对于密钥和其它敏感数据的安全存储功能,保证存储在其中的密钥和敏感信息不会被破坏、更改和泄漏,以及未授权使用;(3) Secure storage: TCM provides a secure storage function for keys and other sensitive data, ensuring that keys and sensitive information stored in it will not be destroyed, changed, leaked, or used without authorization; (4)完整性验证:可信计算机平台完整性验证包括完整性度量、存储与报告三方面;完整性度量是指计算度量值,记录该事件到事件日志,并把度量值记入相应的平台配置寄存器PCR中;完整性报告是指TCM向验证者提供其保护区域中平台或部分部件的完整性的度量值、日志中的度量事件和相关的证书,验证者可以通过完整性报告判断平台的状态;验证者可通过分析完整性度量事件日志信息判断该PCR值是否来自正确的度量过程;可信计算机平台向外部实体提供完整性度量值报告的功能,所报告的度量值作为判断平台可信性的依据;(4) Integrity verification: Integrity verification of trusted computer platforms includes three aspects: integrity measurement, storage and reporting; integrity measurement refers to calculating the measurement value, recording the event to the event log, and recording the measurement value into the corresponding platform In the configuration register PCR; the integrity report means that the TCM provides the verifier with the integrity measurement value of the platform or some components in its protected area, the measurement events in the log and related certificates, and the verifier can judge the platform through the integrity report status; the verifier can judge whether the PCR value comes from the correct measurement process by analyzing the integrity measurement event log information; the trusted computer platform provides the function of reporting the integrity measurement value to the external entity, and the reported measurement value is used as a judgment platform credible sexual grounds; (5)授权协议:任何实体可提交TCM命令,实体和TCM平台之间形成一条安全的交流通道,通过这条交流通道提交TCM命令并且返回结果;交流通道为完成面向session的信息交换遵循请求-响应语义学,协议实现外部实体与TCM之间的授权认证、信息的完整性验证和敏感数据的机密性保护;(5) Authorization protocol: Any entity can submit TCM commands, and a secure communication channel is formed between the entity and the TCM platform, through which TCM commands are submitted and results are returned; the communication channel follows the request for completing session-oriented information exchange- Response semantics, the protocol implements authorization authentication between external entities and TCM, information integrity verification and confidentiality protection of sensitive data; (6)证书管理:数字证书采用公开密钥体制,即利用一对互相匹配的密钥进行加密、解密;每个用户自己设定一把特定的、仅为本人所知的专有密钥私钥,用它进行解密和签名同时设定一把公共密钥公钥并由本人公开,用于加密和验证签名。(6) Certificate management: Digital certificates adopt a public key system, that is, use a pair of matching keys for encryption and decryption; each user sets a specific private key known only to himself. Key, use it to decrypt and sign, and set a public key public key and make it public for encryption and signature verification. 2.根据权利要求1所述的可信计算机平台软件栈功能架构的构建方法,其特征在于:所述(1)密钥管理中,通过引入对称算法和“用户实体”概念减少密钥管理层级,简化密钥存储保护,并采用三级密钥管理模式:2. The construction method of the trusted computer platform software stack functional architecture according to claim 1, characterized in that: in the (1) key management, the level of key management is reduced by introducing symmetric algorithms and the concept of "user entity" , simplify key storage protection, and adopt a three-level key management model: A、密码模块密钥、存储主密钥、平台所有者的授权数据直接存放在可信密码模块内部,通过可信密码模块的物理安全措施保护;A. The cryptographic module key, storage master key, and authorized data of the platform owner are directly stored inside the trusted cryptographic module and protected by physical security measures of the trusted cryptographic module; B、实体加密密钥、实体认证密钥、实体权限数据等信息构成实体身份数据块,由存储根密钥加密保护,存放在TCM外部;实体拥有的各种应用密钥、P仪等由实体加密密钥加密保护,存放在TCM外部,平台通过设置实体的权限数据来控制用户对密钥的访问;B. Entity encryption key, entity authentication key, entity authority data and other information constitute the entity identity data block, which is encrypted and protected by the storage root key, and stored outside the TCM; various application keys and P instruments owned by the entity are controlled by the entity The encryption key is encrypted and protected and stored outside the TCM. The platform controls the user's access to the key by setting the entity's permission data; C、TCM的功能之一就是创建SMI对称密钥和ECC非对称密钥对,这些密钥的详细信息在创建后将保存在TCM中,但由于TCM的空间有限,必要时将他们以加密的形式放到外部的存储区中,当要使用这个密钥的时候,如上节中的加载步骤将其加载到TCM内再进行使用。C. One of the functions of TCM is to create SMI symmetric key and ECC asymmetric key pair. The details of these keys will be stored in TCM after creation, but due to the limited space of TCM, they will be encrypted if necessary. The form is placed in the external storage area. When the key is to be used, it is loaded into the TCM according to the loading steps in the previous section before use. 3.根据权利要求1所述的可信计算机平台软件栈功能架构的构建方法,其特征在于:所述(1)密钥管理中,迁移密钥必须在受控的环境中发生,保证密钥只从一个硬件受保护的环境转移到另一个硬件受保护的环境中。3. the construction method of trusted computer platform software stack functional architecture according to claim 1, is characterized in that: in described (1) key management, migration key must take place in the controlled environment, guarantee key Only move from one hardware-protected environment to another. 4.根据权利要求1所述的可信计算机平台软件栈功能架构的构建方法,其特征在于:所述(2)密码学服务中,随机数生成算法为单向散列函数将一个不可预测的输入变成犯字节长度的随机数;4. the construction method of trusted computer platform software stack functional framework according to claim 1, it is characterized in that: in described (2) cryptography service, random number generation algorithm is a one-way hash function will an unpredictable The input becomes a random number with a byte length; 对称密码算法为引入对称加密算法,使用对称加密算法生成加密密钥,以及进行TCM内部的加解密操作;The symmetric encryption algorithm is to introduce a symmetric encryption algorithm, use the symmetric encryption algorithm to generate an encryption key, and perform encryption and decryption operations inside the TCM; 非对称密码算法包括公钥密码和密钥密码,公钥密码算法为ECC密码算法,密钥位长为m,ECC密码算法包括密钥对生成、签名/验证算法、加解密算法和密钥协商等方面,密钥对生成为ECC的密钥对,包括私钥d和公钥Q,其中d为小于n-1的一个随机的正整数,Q为椭圆曲线E上的一个非无穷远点,且满足Q=dG,G为曲线中的一个基点;Asymmetric cryptography algorithms include public key cryptography and key cryptography. The public key cryptography algorithm is the ECC cipher algorithm, and the key bit length is m. The ECC cryptography algorithm includes key pair generation, signature/verification algorithm, encryption and decryption algorithm, and key agreement. etc., the key pair is generated as an ECC key pair, including the private key d and the public key Q, where d is a random positive integer less than n-1, and Q is a non-infinity point on the elliptic curve E, And satisfy Q=dG, G is a base point in the curve; 杂凑算法为SMZ,对于给定的长度为k的消息,杂凑算法经过填充、迭代压缩和选裁,生成杂凑值,经预处理过的消息分组长度为比特,杂凑值长度为比特,杂凑函数将消息压缩为独特的数字信息,保证原有消息的合法性和安全性,SMZ是单向加密函数,并且对于任意长度的消息经处理后都将生成同样长度的杂凑值,使得比较原始消息更为方便,对于机密信息仅需保存其杂凑值,一方面,存储的杂凑值不能被破译使原始信息充分得到了保护,即使在传输过程中也不用担心杂凑值被恶意截取,另一方面,比对信息更为方便安全;The hash algorithm is SMZ. For a given message with a length of k, the hash algorithm generates a hash value after padding, iterative compression, and selection. The length of the preprocessed message group is bits, and the length of the hash value is bits. The hash function will The message is compressed into unique digital information to ensure the legitimacy and security of the original message. SMZ is a one-way encryption function, and a hash value of the same length will be generated for a message of any length after processing, making it easier to compare the original message Convenience, only the hash value needs to be saved for confidential information. On the one hand, the stored hash value cannot be deciphered so that the original information is fully protected, and there is no need to worry about the hash value being maliciously intercepted even during transmission. On the other hand, the comparison Information is more convenient and secure; 消息验证码算法HMAC需要一个加密用散列函数和一个密钥。The message authentication code algorithm HMAC requires an encryption hash function and a key. 5.根据权利要求4所述的可信计算机平台软件栈功能架构的构建方法,其特征在于:所述(3)安全存储中安全存储包括以下几种方式:5. the building method of trusted computer platform software stack functional architecture according to claim 4, is characterized in that: safe storage in described (3) safe storage comprises the following several modes: A、绑定:使用公钥对一个消息进行加密,接收者使用私钥解密,是一种传统的加密方式,如果一个密钥是不可迁移的密钥,则和某一个特定的绑定,在TCM中不可迁移密钥主要用于签名;A. Binding: use the public key to encrypt a message, and the receiver uses the private key to decrypt it. It is a traditional encryption method. If a key is a non-migratable key, it is bound to a specific The non-migratable key in TCM is mainly used for signature; B、签名加助:使用私钥产生一个签名,用于保护一个消息的完整性;签名密钥由TCM产生和管理,用于对信息进行签名,通过它和一定的签名算法可以得到含有平台标识的密文,通常是不可迁移的;其中一些密钥被定义为签名密钥,则该密钥只能进行签名,而不能用来加密操作;B. Signature assistance: use the private key to generate a signature to protect the integrity of a message; the signature key is generated and managed by TCM and used to sign the information. Through it and a certain signature algorithm, you can get the platform identity The ciphertext is usually non-migratable; some of the keys are defined as signature keys, and the keys can only be used for signing, but not for encryption operations; C、密封:在加密消息的时候加入平台状态信息,即某些的PCR值。在接收方对消息进行解密时,需先判断解密方的平台状态与加密时的PCR值相同,否则就不能进行解密。C. Sealing: Add platform status information, that is, certain PCR values, when encrypting messages. When the receiving party decrypts the message, it needs to judge that the platform status of the decrypting party is the same as the PCR value at the time of encryption, otherwise it cannot be decrypted. D、密封签名:签名时和某些PCR的值联系起来,以说明签名时平台达到了某种状态需求。D. Sealed signature: When signing, it is associated with certain PCR values to indicate that the platform has reached a certain state requirement when signing. 6.根据权利要求1-5任意一项所述的可信计算机平台软件栈功能架构的构建方法,其特征在于:所述(5)授权协议还包括:6. according to the construction method of the trusted computer platform software stack functional framework described in any one of claim 1-5, it is characterized in that: described (5) authorization agreement also comprises: A、授权数据:平台内部的密钥、敏感数据及其它需要存储保护的数据称为对象,每个对象必须具有相应的授权数据,一个授权数据可以对应多个对象,必须通过授权数据的验证才能访问对象。对象的授权数据,由用户从平台上输入,经杂凑算法进行长度归一化处理后存储;TCM拥有者的SMK的认证码是由TCM本身持有的,而每一个实体的认证码是由实体本身持有的,TCM将认证码作为能够验证实体身份的完全证据。不再需要其他的核对,知道对象的authorizationdata就表示有权使用该TCM对象,请求者的任何实体在它保存授权数据的地方还需要有额外的保护和请求,而TCM不需要;A. Authorization data: The keys, sensitive data and other data that need to be stored and protected inside the platform are called objects. Each object must have corresponding authorization data. One authorization data can correspond to multiple objects, and must pass the verification of authorization data to access object. The authorization data of the object is input by the user from the platform and stored after length normalization processing by the hash algorithm; the authentication code of the SMK of the TCM owner is held by the TCM itself, and the authentication code of each entity is obtained by the entity Possessed by itself, the TCM uses the authentication code as full proof that it can verify the identity of the entity. There is no need for other checks. Knowing the authorization data of the object means that you have the right to use the TCM object. Any entity of the requester needs additional protection and requests where it saves the authorization data, but TCM does not; B、授权会话:任何实体都可能与TCM进行对话,为给实体与TCM平台之间的对话提供一条安全的通道,通过这条通道可以保证交互数据以及结果的安全传输,由于这种需求的存在,引入了认证会话,session建立的目的在于确保对TCM对象的访问是经过认证的,它使用轮番随机数的协议机制,可以防止重放攻击;B. Authorized session: Any entity may have a dialogue with TCM, in order to provide a secure channel for the dialogue between the entity and the TCM platform, through which the secure transmission of interactive data and results can be guaranteed, due to the existence of this requirement , the authentication session is introduced. The purpose of session establishment is to ensure that the access to the TCM object is authenticated. It uses the protocol mechanism of random numbers in turns to prevent replay attacks; C、协议流程:授权协议和机制的目的在于向TCM证明请求者有权利执行命令和使用一些对象。C. Protocol flow: The purpose of the authorization protocol and mechanism is to prove to the TCM that the requester has the right to execute commands and use some objects. 7.根据权利要求6所述的可信计算机平台软件栈功能架构的构建方法,其特征在于:所述协议流程的协议满足如下要求:7. The construction method of the trusted computer platform software stack functional framework according to claim 6, characterized in that: the protocol of the protocol flow meets the following requirements: 1)AP会话以TCM_AP_CREATE命令发起,以TCM_AP_TERMINATE结束;1) The AP session is initiated with the TCM_AP_CREATE command and ends with TCM_AP_TERMINATE; 2)协议提供认证机制以AuthData为共享秘密生成会话密钥,并基于该会话密钥生成校验值,用以判断调用者是否拥有对某一实体的权限;2) The protocol provides an authentication mechanism that uses AuthData as the shared secret to generate a session key, and generates a verification value based on the session key to determine whether the caller has the authority to a certain entity; 3)协议提供完整性保护机制。以双方共享的会话密钥对功能调用阶段的数据包进行完整性保护;3) The protocol provides an integrity protection mechanism. Integrity protection of the data packets in the function call phase with the session key shared by both parties; 4)TCMAPCREATE命令中计算为可选项;4) The calculation in the TCMAPCREATE command is optional; 5)协议提供可选的机密性保护机制,根据需要以双方共享的会话密钥对功能调用阶段的数据包进行加密保护,IfEncrypted为是否对通信数据包进行加密的标志,在特殊情况下通信数据本身己经加密,如密钥迁移,可以选择对通信数据不加密,表中所描述的为数据包被加密的情况;5) The protocol provides an optional confidentiality protection mechanism. According to the needs, the data packets in the function call phase are encrypted and protected with the session key shared by both parties. IfEncrypted is a sign of whether to encrypt the communication data packets. In special cases, the communication data It has already been encrypted, such as key migration, you can choose not to encrypt the communication data, and the description in the table is the situation where the data packet is encrypted; 6)协议提供抗重播机制seqNonce为抗重播序列号,由TCM生成并在外部调用者和TCM之间共享,双方各自维护序列号,每发送一个数据包序列号自增1,用以防止重播攻击。6) The protocol provides an anti-replay mechanism. seqNonce is an anti-replay sequence number, which is generated by the TCM and shared between the external caller and the TCM. Both parties maintain the sequence number, and the sequence number is incremented by 1 each time a data packet is sent to prevent replay attacks. . 8.根据权利要求1-5任意一项所述的可信计算机平台软件栈功能架构的构建方法,其特征在于:所述(6)证书管理中,当发送一份保密文件时,发送方使用接收方的公钥对数据加密,而接收方则使用自己的私钥解密,这样信息就可以安全无误地到达目的地;通过使用数字证书,使用者可以得到如下保证:信息除发送方和接收方外不被其它人窃取信息在传输过程中不被篡改发送方能够通过数字证书来确认接收方的身份发送方对于自己的信息不能抵赖信息自数字签名后到收到为止,未曾作过任何修改,签发的文件是真实文件。8. According to the construction method of the trusted computer platform software stack functional framework described in any one of claims 1-5, it is characterized in that: in the (6) certificate management, when sending a confidential file, the sender uses The recipient's public key encrypts the data, and the recipient uses its own private key to decrypt it, so that the information can reach the destination safely and without error; by using digital certificates, the user can obtain the following guarantees: the information is separated from the sender and the recipient The information will not be stolen by others, and the information will not be tampered with during transmission. The sender can confirm the identity of the receiver through the digital certificate. Documents issued are authentic documents. 9.根据权利要求8所述的可信计算机平台软件栈功能架构的构建方法,其特征在于:数字证书采用公钥机制,证书颁发机构提供的程序为用户产生一对密钥,一把是公开的公钥,它将在用户的数字证书中公布并寄存于数字证书认证中心,另一把是私人的私钥,它将存放在用户的计算机上。9. The construction method of the trusted computer platform software stack functional architecture according to claim 8, characterized in that: the digital certificate adopts a public key mechanism, and the program provided by the certificate authority generates a pair of keys for the user, one of which is public The public key, which will be published in the user's digital certificate and stored in the digital certificate certification authority, and the other is the private private key, which will be stored on the user's computer. 10.根据权利要求9所述的可信计算机平台软件栈功能架构的构建方法,其特征在于:所述数字证书要进行鉴别通信和保密通信,鉴别通信为发送方使用自己的私钥对明文进行加密,接收方使用发送方的公钥对密文进行解密;保密通信为发送方使用接收方的公钥对明文进行加密,接受方使用自己的私钥对密文进行解密。10. The construction method of the trusted computer platform software stack functional framework according to claim 9, wherein: the digital certificate will carry out authentication communication and confidential communication, and the authentication communication is that the sender uses his own private key to carry out plaintext In encryption, the receiver uses the sender's public key to decrypt the ciphertext; in confidential communication, the sender uses the receiver's public key to encrypt the plaintext, and the receiver uses its own private key to decrypt the ciphertext.
CN201710962366.0A 2017-10-17 2017-10-17 A kind of construction method of trusted computer platform software stack function structure Pending CN107766724A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710962366.0A CN107766724A (en) 2017-10-17 2017-10-17 A kind of construction method of trusted computer platform software stack function structure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710962366.0A CN107766724A (en) 2017-10-17 2017-10-17 A kind of construction method of trusted computer platform software stack function structure

Publications (1)

Publication Number Publication Date
CN107766724A true CN107766724A (en) 2018-03-06

Family

ID=61269557

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710962366.0A Pending CN107766724A (en) 2017-10-17 2017-10-17 A kind of construction method of trusted computer platform software stack function structure

Country Status (1)

Country Link
CN (1) CN107766724A (en)

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109445328A (en) * 2018-10-22 2019-03-08 北京广利核系统工程有限公司 Nuclear power plant instrument control system prevents Replay Attack method and apparatus
CN109743174A (en) * 2018-12-21 2019-05-10 积成电子股份有限公司 The monitoring and managing method that electric power monitoring security management and control system program updates
CN109948354A (en) * 2019-03-19 2019-06-28 南京大学 A method for encrypting and verifying files using hardware isolation environment across platforms
CN110635904A (en) * 2019-09-16 2019-12-31 绍兴文理学院 A remote attestation method and system for software-defined Internet of Things nodes
CN110704359A (en) * 2019-08-14 2020-01-17 北京中电华大电子设计有限责任公司 High-safety low-power-consumption communication method of dual-core chip
CN111414625A (en) * 2020-04-01 2020-07-14 中国人民解放军国防科技大学 Method and system for realizing computer trusted software stack supporting active trusted capability
CN111506915A (en) * 2019-01-31 2020-08-07 阿里巴巴集团控股有限公司 Authorized access control method, device and system
CN111651740A (en) * 2020-05-26 2020-09-11 西安电子科技大学 A Trusted Platform Sharing System for Distributed Intelligent Embedded System
CN112069535A (en) * 2020-08-13 2020-12-11 中国电子科技集团公司第三十研究所 Dual-system safety intelligent terminal architecture based on access partition physical isolation
CN112468448A (en) * 2020-11-05 2021-03-09 中国电子信息产业集团有限公司 Processing method and device of communication network, electronic equipment and readable storage medium
CN112514321A (en) * 2018-05-31 2021-03-16 爱迪德技术有限公司 Shared secret establishment
CN112631177A (en) * 2020-12-13 2021-04-09 贵州省通信产业服务有限公司 Agricultural data acquisition device based on hardware encryption transmission
CN113282910A (en) * 2021-04-22 2021-08-20 中国科学院软件研究所 Root key protection method for trusted computing trust root
CN113645229A (en) * 2018-06-06 2021-11-12 北京八分量信息科技有限公司 Authentication system and method based on credible confirmation
CN113711532A (en) * 2019-01-30 2021-11-26 诺基亚通信公司 Distributed or cloud computing system information
CN114006729A (en) * 2021-09-29 2022-02-01 广东电网有限责任公司电力调度控制中心 Low-voltage power line carrier communication trusted access management method and system
US11240008B2 (en) 2019-03-22 2022-02-01 Advanced New Technologies Co., Ltd. Key management method, security chip, service server and information system
CN114024705A (en) * 2020-10-30 2022-02-08 北京八分量信息科技有限公司 Trust architecture aiming at node dynamics
CN114124506A (en) * 2021-11-16 2022-03-01 北京八分量信息科技有限公司 Method for realizing trusted security protocol based on trusted computing
CN114115836A (en) * 2022-01-28 2022-03-01 麒麟软件有限公司 Design method and system of trusted TCM software stack based on Linux operating system
CN114762290A (en) * 2019-12-06 2022-07-15 三星电子株式会社 Method and electronic device for managing digital key
WO2022161182A1 (en) * 2021-01-27 2022-08-04 支付宝(杭州)信息技术有限公司 Trusted computing method and apparatus based on data stream
CN114884986A (en) * 2022-04-21 2022-08-09 武汉芯鑫微电子有限公司 Private protocol LoT control system and method based on SoC
CN114978774A (en) * 2022-07-28 2022-08-30 四川九洲空管科技有限责任公司 Multi-level key management method based on nested protection structure
CN115022093A (en) * 2022-08-05 2022-09-06 确信信息股份有限公司 Trusted CPU key calculation method and system based on multi-stage key
CN115378740A (en) * 2022-10-25 2022-11-22 麒麟软件有限公司 Method for realizing bidirectional authentication login based on trusted opennsh
CN116490868A (en) * 2020-10-09 2023-07-25 华为技术有限公司 System and method for secure and fast machine learning reasoning in trusted execution environments

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112514321A (en) * 2018-05-31 2021-03-16 爱迪德技术有限公司 Shared secret establishment
CN113645229A (en) * 2018-06-06 2021-11-12 北京八分量信息科技有限公司 Authentication system and method based on credible confirmation
CN109445328B (en) * 2018-10-22 2021-07-16 北京广利核系统工程有限公司 Method and device for preventing replay attack of instrument control system of nuclear power station
CN109445328A (en) * 2018-10-22 2019-03-08 北京广利核系统工程有限公司 Nuclear power plant instrument control system prevents Replay Attack method and apparatus
CN109743174A (en) * 2018-12-21 2019-05-10 积成电子股份有限公司 The monitoring and managing method that electric power monitoring security management and control system program updates
CN113711532A (en) * 2019-01-30 2021-11-26 诺基亚通信公司 Distributed or cloud computing system information
CN111506915A (en) * 2019-01-31 2020-08-07 阿里巴巴集团控股有限公司 Authorized access control method, device and system
CN111506915B (en) * 2019-01-31 2023-05-02 阿里巴巴集团控股有限公司 Authorized access control method, device and system
CN109948354A (en) * 2019-03-19 2019-06-28 南京大学 A method for encrypting and verifying files using hardware isolation environment across platforms
US11240008B2 (en) 2019-03-22 2022-02-01 Advanced New Technologies Co., Ltd. Key management method, security chip, service server and information system
CN110704359A (en) * 2019-08-14 2020-01-17 北京中电华大电子设计有限责任公司 High-safety low-power-consumption communication method of dual-core chip
CN110635904A (en) * 2019-09-16 2019-12-31 绍兴文理学院 A remote attestation method and system for software-defined Internet of Things nodes
CN110635904B (en) * 2019-09-16 2020-07-31 绍兴文理学院 A software-defined IoT node remote attestation method and system
US12120105B2 (en) 2019-12-06 2024-10-15 Samsung Electronics Co., Ltd Method and electronic device for managing digital keys
CN114762290B (en) * 2019-12-06 2024-04-19 三星电子株式会社 Method and electronic device for managing digital keys
CN114762290A (en) * 2019-12-06 2022-07-15 三星电子株式会社 Method and electronic device for managing digital key
CN111414625B (en) * 2020-04-01 2023-09-22 中国人民解放军国防科技大学 Implementation method and system of computer trusted software stack supporting active trust capability
CN111414625A (en) * 2020-04-01 2020-07-14 中国人民解放军国防科技大学 Method and system for realizing computer trusted software stack supporting active trusted capability
CN111651740A (en) * 2020-05-26 2020-09-11 西安电子科技大学 A Trusted Platform Sharing System for Distributed Intelligent Embedded System
CN111651740B (en) * 2020-05-26 2023-04-07 西安电子科技大学 Trusted platform sharing system for distributed intelligent embedded system
CN112069535A (en) * 2020-08-13 2020-12-11 中国电子科技集团公司第三十研究所 Dual-system safety intelligent terminal architecture based on access partition physical isolation
CN112069535B (en) * 2020-08-13 2023-01-31 中国电子科技集团公司第三十研究所 Dual-system safety intelligent terminal architecture based on access partition physical isolation
CN116490868A (en) * 2020-10-09 2023-07-25 华为技术有限公司 System and method for secure and fast machine learning reasoning in trusted execution environments
CN114024705B (en) * 2020-10-30 2024-02-20 北京八分量信息科技有限公司 Trust architecture for node dynamics
CN114024705A (en) * 2020-10-30 2022-02-08 北京八分量信息科技有限公司 Trust architecture aiming at node dynamics
CN112468448B (en) * 2020-11-05 2023-08-08 中国电子信息产业集团有限公司 Processing method and device of communication network, electronic equipment and readable storage medium
CN112468448A (en) * 2020-11-05 2021-03-09 中国电子信息产业集团有限公司 Processing method and device of communication network, electronic equipment and readable storage medium
CN112631177A (en) * 2020-12-13 2021-04-09 贵州省通信产业服务有限公司 Agricultural data acquisition device based on hardware encryption transmission
WO2022161182A1 (en) * 2021-01-27 2022-08-04 支付宝(杭州)信息技术有限公司 Trusted computing method and apparatus based on data stream
CN113282910B (en) * 2021-04-22 2023-07-18 中国科学院软件研究所 A Root Key Protection Method for Trusted Computing Root of Trust
CN113282910A (en) * 2021-04-22 2021-08-20 中国科学院软件研究所 Root key protection method for trusted computing trust root
CN114006729B (en) * 2021-09-29 2023-12-01 广东电网有限责任公司电力调度控制中心 Trusted access management method and system for power line carrier communication
CN114006729A (en) * 2021-09-29 2022-02-01 广东电网有限责任公司电力调度控制中心 Low-voltage power line carrier communication trusted access management method and system
CN114124506A (en) * 2021-11-16 2022-03-01 北京八分量信息科技有限公司 Method for realizing trusted security protocol based on trusted computing
CN114115836A (en) * 2022-01-28 2022-03-01 麒麟软件有限公司 Design method and system of trusted TCM software stack based on Linux operating system
CN114884986A (en) * 2022-04-21 2022-08-09 武汉芯鑫微电子有限公司 Private protocol LoT control system and method based on SoC
CN114978774A (en) * 2022-07-28 2022-08-30 四川九洲空管科技有限责任公司 Multi-level key management method based on nested protection structure
CN115022093A (en) * 2022-08-05 2022-09-06 确信信息股份有限公司 Trusted CPU key calculation method and system based on multi-stage key
CN115378740A (en) * 2022-10-25 2022-11-22 麒麟软件有限公司 Method for realizing bidirectional authentication login based on trusted opennsh

Similar Documents

Publication Publication Date Title
CN107766724A (en) A kind of construction method of trusted computer platform software stack function structure
CN110138799B (en) A Secure Cloud Storage Method Based on SGX
US20190089527A1 (en) System and method of enforcing a computer policy
US7526649B2 (en) Session key exchange
JP3999655B2 (en) Method and apparatus for access control with leveled security
US10142107B2 (en) Token binding using trust module protected keys
US7900046B2 (en) System and method for establishing mutual trust on a per-deployment basis between two software modules
US20040098591A1 (en) Secure hardware device authentication method
CN112565205B (en) Credible authentication and measurement method, server, terminal and readable storage medium
CN116490868A (en) System and method for secure and fast machine learning reasoning in trusted execution environments
US11438161B2 (en) Implicit attestation for network access
EP4096147A1 (en) Secure enclave implementation of proxied cryptographic keys
US11502827B1 (en) Exporting remote cryptographic keys
CN117063174A (en) Security module and method for inter-app trust through app-based identity
CN118337430A (en) System, method, device, processor and storage medium for realizing trusted transmission and reverse authorization processing for multiparty interaction data
Alzomai et al. The mobile phone as a multi OTP device using trusted computing
CN113297563B (en) Method and device for accessing system-on-chip privileged resources, and system-on-chip
CN115834149A (en) Numerical control system safety protection method and device based on state cryptographic algorithm
US20240283664A1 (en) Authentication with Cloud-Based Secure Enclave
Wu et al. Secure key management of mobile agent system using tpm-based technology on trusted computing platform
HK40083485A (en) Exporting remote cryptographic keys
Micheal Holistic Review of Modern Cryptographic Algorithms and Their Application in Securing Mobile Apps, APIs, and Databases
Xing et al. A new authorization protocol for trusted computing
CN119728101A (en) Key management method, key encryption method, data encryption method and related equipment
Fernando et al. Information Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180306