CN112000935A - Remote authentication method, device, system, storage medium and computer equipment - Google Patents
Remote authentication method, device, system, storage medium and computer equipment Download PDFInfo
- Publication number
- CN112000935A CN112000935A CN201910447430.0A CN201910447430A CN112000935A CN 112000935 A CN112000935 A CN 112000935A CN 201910447430 A CN201910447430 A CN 201910447430A CN 112000935 A CN112000935 A CN 112000935A
- Authority
- CN
- China
- Prior art keywords
- value
- pcr value
- current
- last
- platform system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 185
- 230000008569 process Effects 0.000 claims abstract description 107
- 238000005259 measurement Methods 0.000 claims abstract description 68
- 230000015654 memory Effects 0.000 claims description 33
- 238000004590 computer program Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 abstract description 10
- 230000005540 biological transmission Effects 0.000 description 17
- JBWKIWSBJXDJDT-UHFFFAOYSA-N triphenylmethyl chloride Chemical compound C=1C=CC=CC=1C(C=1C=CC=CC=1)(Cl)C1=CC=CC=C1 JBWKIWSBJXDJDT-UHFFFAOYSA-N 0.000 description 11
- 238000012545 processing Methods 0.000 description 10
- 238000010586 diagram Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 5
- 238000004422 calculation algorithm Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000005034 decoration Methods 0.000 description 2
- 230000009365 direct transmission Effects 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 239000007943 implant Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000003826 tablet Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/305—Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a remote authentication method, a device, a system, a storage medium and computer equipment. Wherein, the method comprises the following steps: comparing the current PCR value of the platform configuration register with a reference PCR value stored by a remote authenticator, wherein the current PCR value is a measurement value of the current starting process of the trusted platform system; comparing the last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to obtain a comparison result, wherein the last PCR is a measurement value of the last starting process of the current starting process of the trusted platform system; and determining a certification result of the trusted platform system according to the comparison result. The invention solves the technical problems of false authentication and false alarm omission in the process of authenticating the trusted platform system in the related technology.
Description
Technical Field
The invention relates to the field of computers, in particular to a remote authentication method, a remote authentication device, a remote authentication system, a storage medium and computer equipment.
Background
The trusted computing is computing based on hardware security module support in a computing and communication system so as to improve the security of the whole system. Trusted Computing is completed based on the Trusted standard of the international Trusted Computing Group (TCG)/Trusted Platform Module (TPM). The TCG/TPM trusted standards are: with the TPM as a root of trust, when the system is started, devices or applications included in the system are measured step by step, and all measurement values are faithfully recorded in a Platform Configuration Register (PCR) inside TPM hardware.
Trusted remote authentication, namely, a trusted platform system (or called as a local trusted server) reports a PCR value recorded in a TPM of the trusted platform system to a remote authenticator (challenge) faithfully, and the remote authenticator compares the PCR value with a correct PCR reference value (refresh PCR), and if the PCR value is equal to the reference value, the remote authentication is passed, and the trusted server is trusted; if the values are not equal, the remote authentication fails, which indicates that the PCR values recorded in the TPM of the trusted server are not correct, that is, the trusted server is not trusted because the module measured in the system boot link is tampered by a person. (remote authenticator, challenge, is usually a dedicated authentication center, and one authentication center can manage remote authentication of many trusted servers).
In the process of remote authentication, the PCR reference value of the remote authenticator (challenge) is stored in the remote authenticator itself, and the PCR value of the trusted server is stored in the TPM of the trusted server itself. When the PCR reference value needs to be updated (including the first generation of the PCR reference value as well), the remote authenticator does not actually know what the correct reference value is; the method needs a trusted server to report a current PCR value to a remote authentication party, and the remote authentication party takes the reported PCR value as a PCR reference value to store: generally, the trusted server is assumed to be trusted for the first boot, and reports the PCR value at this time as a reference value to the remote authenticator.
The PCR reference value of the trusted server needs to be updated, for example, the update needs to be performed in the following cases: BIOS updates, OS loader (bootloader) updates, OS updates, platform hardware updates, and the like. At this time, the trusted server is required to report the updated PCR to the remote authenticator, and the remote authenticator stores the updated PCR as a new PCR reference value. When the new PCR reference value is not already stored on the remote authenticator, two cases occur: if the old PCR reference value is still used at the moment, other legal server remote authentication requests are judged to be illegal due to the fact that the other legal server remote authentication requests do not accord with the old PCR reference value, and false alarm is generated; if the old PCR reference value is disabled at this time, other illegal server remote authentication requests cannot be determined to be illegal because no PCR reference value can be compared, which results in false negatives. Therefore, when the related art authenticates the trusted platform system, the problems of false authentication and false authentication are existed.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides a remote authentication method, a remote authentication device, a remote authentication system, a storage medium and computer equipment, which at least solve the technical problems of false authentication and false authentication in the process of authenticating a trusted platform system in the related technology.
According to an aspect of an embodiment of the present invention, there is provided a remote authentication method, including: comparing the current PCR value of the platform configuration register with a reference PCR value stored by a remote authenticator, wherein the current PCR value is a measurement value of the current starting process of the trusted platform system; comparing a last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to obtain a comparison result, wherein the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system; and determining a certification result of the trusted platform system according to the comparison result.
According to another aspect of the embodiments of the present invention, there is also provided a remote authentication method, including: reading a current Platform Configuration Register (PCR) value and a last PCR value stored by a trusted platform system, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR is a measurement value of a last starting process of the current starting process of the trusted platform system; reporting the current PCR value and the last PCR value to a remote authenticator; and receiving the certification result fed back by the remote authenticator.
According to still another aspect of the embodiments of the present invention, there is also provided a remote authentication method, including: a trusted platform system reads a current platform configuration register PCR value and a last PCR value, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system; the trusted platform system reports the current PCR value and the last PCR value to a remote authenticator; and the remote authenticator compares the current PCR value with a reference PCR value stored by the remote authenticator, and compares the last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to determine the certification result of the trusted platform system.
According to an aspect of the embodiments of the present invention, there is also provided a remote authentication apparatus, including: the system comprises a first comparison module, a second comparison module and a third comparison module, wherein the first comparison module is used for comparing a current platform configuration register PCR value with a reference PCR value stored by a remote authentication party, and the current PCR value is a measurement value of the current starting process of a trusted platform system; the second comparison module is used for comparing a last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to obtain a comparison result, wherein the last PCR is a measurement value of a last starting process of the current starting process of the trusted platform system; and the determining module is used for determining the certification result of the trusted platform system according to the comparison result.
According to another aspect of the embodiments of the present invention, there is also provided a remote authentication apparatus, including: the reading module is used for reading a current platform configuration register PCR value and a last PCR value stored by the trusted platform system, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system; a reporting module, configured to report the current PCR value and the last PCR value to a remote authenticator; and the receiving module is used for receiving the certification result fed back by the remote authenticator.
According to still another aspect of the embodiments of the present invention, there is also provided a remote authentication system, including: the system comprises a trusted platform system and a remote authenticator, wherein the trusted platform system is used for reading a current Platform Configuration Register (PCR) value and a last PCR value, and reporting the current PCR value and the last PCR value to the remote authenticator, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR is a measurement value of a last starting process of the current starting process of the trusted platform system; and the remote authenticator is used for comparing the current PCR value with a reference PCR value stored by the remote authenticator and determining a certification result of the trusted platform system.
According to an aspect of the embodiments of the present invention, there is also provided a storage medium storing a program, wherein when the program is executed by a processor, the processor is controlled to execute any one of the above-mentioned remote authentication methods.
According to another aspect of the embodiments of the present invention, there is also provided a computer device, including: a memory and a processor, the memory storing a computer program; the processor is configured to execute the computer program stored in the memory, and when the computer program runs, the processor is configured to execute any one of the above remote authentication methods.
In the embodiment of the invention, the current PCR value and the last PCR value are respectively compared with the reference PCR value according to the current PCR value and the last PCR value, so that the aim of determining whether the reference PCR value is updated timely is achieved, the technical effects of accurately authenticating a trusted platform system and avoiding false alarm and false alarm are realized, and the technical problems of authentication false alarm and false alarm in the process of authenticating the trusted platform system in the related technology are solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 shows a hardware configuration block diagram of a computer terminal for implementing a remote authentication method;
FIG. 2 is a flowchart of the trust chain delivery of the TCG/TPM trusted standard on which embodiments of the present invention are based;
FIG. 3 is a simplified flow diagram of TPM remote authentication on which an embodiment of the present invention is based;
fig. 4 is a flowchart of a first remote authentication method according to embodiment 1 of the present invention;
fig. 5 is a flowchart of a second remote authentication method according to embodiment 1 of the present invention;
fig. 6 is a flowchart of a third remote authentication method according to embodiment 1 of the present invention;
fig. 7 is a flowchart of trusted remote authentication for dual PCR value reporting according to a preferred embodiment of the present invention;
FIG. 8 is a flow chart of trusted reference value update in accordance with a preferred embodiment of the present invention;
fig. 9 is a block diagram of a first remote authentication apparatus according to an embodiment of the present invention;
fig. 10 is a block diagram showing the structure of a second remote authentication apparatus according to the embodiment of the present invention;
fig. 11 is a block diagram of a remote authentication system according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
First, some terms or terms appearing in the description of the embodiments of the present application are applicable to the following explanations:
trusted Computing (Trusted Computing) technology developed and popularized by the international Trusted Computing Group (TCG), wherein a Trusted Computing platform based on hardware security module support is used in a Computing and communication system to improve the overall security of the system. With trusted computing, the computer will always operate in the expected manner, and these behaviors will be guaranteed by both the computer hardware and the program, by using a hardware security module that is inaccessible to the rest of the system to achieve this behavior.
Trusted Platform Module (TPM), TPM is an international standard for secure cryptoprocessors, written by TCG, to protect hardware by integrating encryption keys into devices through specialized microcontrollers. The TPM security chip is a security chip conforming to TPM standards, and is generally bound to a computing platform in a physical mode, so that the PC can be effectively protected and illegal user access can be prevented.
TPCM, as independent controllable credible node in China, implants the credible source root, adds the Control function of the credible root on the basis of TPM, realizes the initiative Control and measurement on the basis of password; the TPCM starts before the CPU and verifies the BIOS, thereby changing the traditional thought that the TPM is taken as a passive device and realizing the active control of the TPCM on the whole platform.
PCR (platform Configuration registers) for non-permanent secure storage space provided by trusted secure chips. The system is used for storing the measurement extension value and proving the integrity of the platform outwards, and can be used for proving the integrity of the measurement log.
Example 1
There is also provided, in accordance with an embodiment of the present invention, a method embodiment of a remote authentication method, it being noted that the steps illustrated in the flowchart of the figure may be performed in a computer system such as a set of computer-executable instructions and that, although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that presented herein.
The method provided by the first embodiment of the present application may be executed in a mobile terminal, a computer terminal, or a similar computing device. Fig. 1 shows a hardware configuration block diagram of a computer terminal (or mobile device) for implementing a remote authentication method. As shown in fig. 1, the computer terminal 10 (or mobile device 10) may include one or more (shown as 102a, 102b, … …, 102 n) processors 102 (the processors 102 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), and memory 104 for storing data. Besides, the method can also comprise the following steps: a transmission module, a display, an input/output interface (I/O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of the I/O interface), a network interface, a power source, and/or a camera. It will be understood by those skilled in the art that the structure shown in fig. 1 is only an illustration and is not intended to limit the structure of the electronic device. For example, the computer terminal 10 may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
It should be noted that the one or more processors 102 and/or other data processing circuitry described above may be referred to generally herein as "data processing circuitry". The data processing circuitry may be embodied in whole or in part in software, hardware, firmware, or any combination thereof. Further, the data processing circuit may be a single stand-alone processing module, or incorporated in whole or in part into any of the other elements in the computer terminal 10 (or mobile device). As referred to in the embodiments of the application, the data processing circuit acts as a processor control (e.g. selection of a variable resistance termination path connected to the interface).
The memory 104 may be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the remote authentication method in the embodiment of the present invention, and the processor 102 executes various functional applications and data processing by executing the software programs and modules stored in the memory 104, that is, implements the remote authentication method of the application program. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the computer terminal 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission module is used for receiving or sending data through a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the computer terminal 10. In one example, the transmission module includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission module may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
The display may be, for example, a touch screen type Liquid Crystal Display (LCD) that may enable a user to interact with a user interface of the computer terminal 10 (or mobile device).
In the related art, in the existing remote authentication mechanism of TPM/TPCM, a reference value of platform integrity (PCR value) needs to be stored in a remote authentication server, a local machine (trusted server) reports its platform integrity (PCR value) to a remote authenticator (remote authentication server), and then the remote authenticator compares the reported value of the local machine with the reference value to prove whether the platform integrity of the local machine is legal and give an alarm. How to synchronously realize the reference value update of the platform integrity on the remote authentication party and reduce the false alarm and the missing report of the remote authentication is one of the key problems to be considered.
In the foregoing operating environment, the embodiment of the present invention provides a remote authentication method, which may be performed based on the following authentication process, and it should be noted that the following authentication process is only an example and is not limited thereto.
Fig. 2 is a flowchart of a trust chain transfer of a TCG/TPM trusted standard on which an embodiment of the present invention is based, and as shown in fig. 2, the TCG/TPM trusted standard is: the method comprises the steps of taking a TPM as a trusted root, measuring equipment or application included by a System step by step when the System is started, starting from the trusted measuring root in a basic Input Output System (BIOS for short) when the System is started, measuring a BIOS initial boot module, measuring a BIOS main boot module by the BIOS initial boot module, measuring the rest part of the BIOS and an Operating System (OS) loader by the BIOS main boot module, measuring an OS kernel by the OS loader, and so on, thereby finally completing a trust transfer process from a starting point to the application and a network. All the measurement values are faithfully recorded in a Platform Configuration Register (PCR) inside the TPM hardware.
Fig. 3 is a simple flow chart of TPM remote authentication based on an embodiment of the present invention, as shown in fig. 3, the flow includes:
1. the remote authenticator (challenge) generates a random number Nonce using the random number producer RNG and sends it to the Trusted Platform system (Trusted Platform).
2. After receiving the random number Nonce, the trusted platform system reads the PCR value stored in the TPM and calculates the Hash value of Nonce + PCR; and the Hash value is signed by using a Signature Key (Signature Key) of the TPM (the TPM _ Quote instruction is called), and the Hash value is sent back to the remote authenticator.
3. The remote authenticator calculates a Hash value (Reference Hash) of a Nonce + PCR Reference value (Reference PCR), wherein the PCR Reference value needs to be stored in the remote authenticator in advance; meanwhile, the remote authentication party uses the TPM signature public key of the trusted platform system to verify and sign the Hash value of the trusted platform system; and finally, comparing whether the Reference Hash is equal to the Hash, so as to judge whether the trusted platform system is legal.
Based on the above trust chain delivery and authentication process, in the embodiment of the present invention, a remote authentication method as shown in fig. 4 is provided. Fig. 4 is a flowchart of a first remote authentication method according to embodiment 1 of the present invention, and as shown in fig. 4, the flowchart includes the following steps:
step S402, comparing the current PCR value of the platform configuration register with a reference PCR value stored by a remote authentication party, wherein the current PCR value is a measurement value of the current starting process of the trusted platform system;
as an alternative embodiment, the execution principal may be a remote authenticator. The remote authenticator may be a server, desktop, etc. The remote authenticator may be a dedicated authentication center, where one authentication center may manage remote authentication of many trusted platform systems.
As an alternative embodiment, the current PCR value may be all measurement values of the current boot process of the trusted platform system, may also be a part of the measurement values of the current boot process of the trusted platform system, or may also be some specified measurement values of the current boot process of the platform system.
As an alternative embodiment, when the current PCR value is compared with the reference PCR value stored by the remote authenticator, various ways may be adopted, for example, the current PCR value may be directly compared with the reference PCR value stored by the remote authenticator, so as to directly obtain the comparison result. However, the current PCR value is typically stored locally on the trusted platform system, while the reference PCR value is typically stored on the remote authenticator, and therefore, the current PCR value needs to be transmitted from the trusted platform system to the remote authenticator when the remote authenticator performs authentication. The direct transmission of the current PCR value may result in unsafe PCR values. Therefore, in this embodiment, a method is provided for calculating a current PCR value by using a predetermined algorithm, storing the current PCR value in a corresponding calculation result, and implementing secure transmission of the current PCR value by transmitting the calculation result.
As an alternative embodiment, when the current PCR value is calculated, various manners may be adopted, for example, a hash operation may be adopted. When the hash operation is performed on the current PCR value, the current PCR value and the reference PCR value may be compared according to the hash operation result obtained by the operation. For example, comparing the current PCR value to a reference PCR value stored by the remote authenticator may include: comparing the current hash value with a reference hash value, wherein the current hash value is obtained by calculating according to the random number and the current PCR value, and the reference hash value is obtained by calculating according to the random number and the reference PCR value; determining that the current PCR value is consistent with the reference PCR value under the condition that the current hash value is equal to the reference hash value; and/or determining that the current PCR value is inconsistent with the reference PCR value in the case that the current hash value is not equal to the reference hash value.
Step S404, comparing the last PCR value with the reference PCR value to obtain a comparison result under the condition that the current PCR value is inconsistent with the reference PCR value, wherein the last PCR is a measurement value of the last starting process of the current starting process of the credible platform system;
as an optional embodiment, based on a situation similar to the above comparison between the current PCR value and the reference PCR value stored by the remote authenticator, when the last PCR value is compared with the reference PCR value, the current PCR value may also be compared with the reference PCR value according to the hash operation result obtained by the operation when the last PCR value is subjected to the hash operation. For example, aligning the last PCR value to the reference PCR value can comprise: comparing the last hash value with the reference hash value, wherein the last hash value is obtained by calculating according to the random number and the last PCR value; under the condition that the last hash value is equal to the reference hash value, determining that the last PCR value is consistent with the reference PCR value; and/or determining that the last PCR value is inconsistent with the reference PCR value under the condition that the last hash value is not equal to the reference hash value.
As an optional embodiment, when performing the hash operation on the current PCR value and performing the hash operation on the last PCR value, different operation manners may be adopted, for example, simply, the current PCR value may be directly added to a random number to obtain an operation result as the current digest value; or directly adding the last PCR value and the random number to obtain the operation result as the last abstract value. Wherein the random number may be generated by the remote authenticator using a random number generator and transmitted to the trusted platform system.
And step S406, determining a certification result of the trusted platform system according to the comparison result.
As an alternative embodiment, when determining the certification result of the trusted platform system according to the comparison result, there may be multiple types, for example, in a case that the current PCR value is not consistent with the reference PCR value, and the last PCR value is also consistent with the reference PCR value, it is determined whether the reference PCR value stored in the remote authenticator is not updated in time, or a metric value of the trusted platform system at the last boot is used, and therefore, it is determined that the reference PCR value needs to be updated, and it is determined that the trusted platform system is legal.
As an alternative embodiment, after determining that the reference PCR value needs to be updated, the method may further include: acquiring a current PCR value; the current PCR value is stored at the remote authenticator in place of the reference PCR value. The latest measurement value of the system during starting, namely the current PCR value, is obtained from the trusted platform system, and the current PCR value is used as the updated PCR value to update the old reference PCR value stored by the remote authentication party, so that the reference value is updated in time, and subsequent trusted authentication is facilitated.
As an optional embodiment, in order to ensure the security of the process of obtaining the current PCR value, when obtaining the current PCR value, the current PCR value may be encrypted first, and then the encrypted current PCR value is transmitted, for example, a ciphertext sent by the trusted platform system is received, where the ciphertext is obtained by encrypting the current PCR value with the session key; and decrypting the ciphertext by adopting the session key to obtain the current PCR.
As an optional embodiment, to further ensure the security of transmission of the current PCR value, the session key used for encrypting the current PCR value may also be encrypted, for example, the session key is generated by an authoritative remote authenticator, and the session key is encrypted by using the public signature key of the trusted platform system to obtain a key ciphertext; and sending the key ciphertext to a trusted platform system, wherein the trusted platform system decrypts the key ciphertext by using a signature private key of the trusted platform system to obtain a session key.
As an alternative embodiment, after comparing the current PCR value with the reference PCR value stored by the remote authenticator, in case that the current PCR value is consistent with the reference PCR value, it is determined that the trusted platform system is legal. For this case: the pre-PCR value is consistent with the reference PCR value, so that not only can the credible platform system be determined to be legal, but also the reference PCR value stored in the remote authenticator can be determined to be latest, namely the updating of the reference PCR value is timely.
As an alternative embodiment, in the case where the last PCR value is not consistent with the reference PCR value, it is determined that the trusted platform system is illegal. That is, in the case that the current PCR value is not consistent with the reference PCR value, and the last PCR value is not consistent with the reference PCR value, it is determined that the trusted platform system is tampered, illegal, and unsafe.
As an optional embodiment, in order to further implement security of the current PCR value and the last PCR value, the current hash value obtained by performing hash operation on the current PCR value and the last hash value obtained by performing hash operation on the last PCR value may be encrypted and transmitted respectively. For example, for a remote authenticator, a current signature file and a last signature file sent by a trusted platform system may be received, where the current signature file is obtained by performing an encryption signature operation on a current hash value by a signature private key of the trusted platform, and the last signature file is obtained by performing an encryption signature operation on a last hash value by the signature private key; and carrying out decryption and signature verification operation on the current signature file by adopting a signature public key of the trusted platform system to obtain a current hash value, and carrying out decryption and signature verification operation on the last signature file by adopting the signature public key to obtain a last hash value. Carrying out Hash operation on the PCR value to obtain a current Hash value, and carrying out Hash operation on the last PCR value to obtain a last Hash value; then, encrypting the current hash value and encrypting the last hash value; the encrypted current hash value and the encrypted last hash value are transmitted to the remote authentication party, which is equivalent to double-layer protection, thereby ensuring the transmission safety and the credibility of the system.
In the embodiment of the invention, aiming at one side of a remote authentication party, a double-PCR reporting mechanism is adopted, and a reference value updating system is newly added, so that the remote authentication of TPM/TPCM in the related technology can be solved, the problems of false alarm and missing report can not be effectively avoided, and the following can be realized: when the current PCR value of the trusted platform system is inconsistent with the reference PCR value, the last PCR value of the last startup is additionally compared with the reference PCR value, so that the occurrence of false alarm can be reduced; when the current PCR reference value is inaccurate, a new reference value is updated in time, so that the occurrence of missing report can be reduced.
Fig. 5 is a flowchart of a second remote authentication method according to embodiment 1 of the present invention, and as shown in fig. 5, the flowchart includes the following steps:
step S502, reading a current platform configuration register PCR value stored by the trusted platform system and a last PCR value, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system;
as an alternative embodiment, the execution agent may be a trusted platform system. The trusted platform system may be a server, a desktop, or the like. The trusted platform system may include a plurality of hardware devices and software applications, and when the trusted platform system is started, measure values obtained by measuring the plurality of hardware devices and software applications included in the system, and store the obtained measure values in a platform configuration register PCR, where a value stored in the PCR is referred to as a PCR value.
As an alternative embodiment, the current PCR value may be all measurement values of the current boot process of the trusted platform system, may also be a part of the measurement values of the current boot process of the trusted platform system, or may also be some specified measurement values of the current boot process of the platform system. The last PCR value may be all measurement values of the last boot process of the trusted platform system, may also be a part of measurement values of the last boot process of the trusted platform system, and may also be some specified measurement values of the last boot process of the platform system.
Step S504, report current PCR value and last PCR value to the long-range authentication side;
as an alternative embodiment, the current PCR value and the last PCR value may be unsafe due to the direct transmission of the current PCR value and the last PCR value. Therefore, in this embodiment, a method is provided for performing an operation on a current PCR value and a last PCR value by using a predetermined algorithm, storing the current PCR value and the last PCR value in corresponding operation results, and realizing safe transmission of the current PCR value and the last PCR value by transmitting the operation results. For example, when the current PCR value and the last PCR value are operated, a hash operation may be optionally performed. Therefore, the current PCR value and the last PCR value can be reported to the remote authentication party by reporting the current hash value and the last hash value, wherein the current hash value is obtained by calculating according to the random number and the current PCR value, and the last hash value is obtained by calculating according to the random number and the last PCR value.
As an optional embodiment, in order to ensure the security of transmission of the current PCR value and the last PCR value, and protect the security of the current PCR value and the last PCR value in a double-layer manner, the obtained current hash value and the last hash value may be further encrypted for transmission. For example, the current hash value and the last hash value may be reported to the remote authenticator by sending the current signature file and the last signature file to the remote authenticator, where the current signature file is obtained by performing an encryption signature operation on the current hash value by a signature private key of the trusted platform, and the last signature file is obtained by performing an encryption signature operation on the last hash value by the signature private key.
Step S506, receiving the certification result fed back by the remote authenticator.
As an alternative embodiment, the receiving of the proof result fed back by the remote authenticator comprises at least one of: if the current PCR value is not consistent with the reference PCR value stored by the remote authentication party, and the last PCR value is consistent with the reference PCR value, the reference PCR value needs to be updated, and the trusted platform system is legal; the current PCR value is consistent with the reference PCR value, the trusted platform system is legal, and under the condition, the reference PCR value stored in the remote authentication party is updated in time and is trusted; the last PCR value is not consistent with the reference PCR value, and the trusted platform system is illegal, in which case, the trusted platform system may be tampered with and illegal.
As an optional embodiment, when the result of receiving the proof fed back by the remote authenticator is that the reference PCR value needs to be updated, the current PCR value in the current start-up process of the trusted platform system may be obtained in time, and the latest PCR value is sent to the remote authenticator. When the current PCR value is sent to a remote authentication party, in order to ensure the safety of the transmission of the current PCR value, a session key is adopted to encrypt the current PCR value to obtain a ciphertext; and sending the ciphertext to the remote authenticator, so that the remote authenticator decrypts the ciphertext by using the session key to obtain the current PCR, and replacing the current PCR with the reference PCR value stored by the remote authenticator.
As an optional embodiment, in order to further ensure the transmission security, a key ciphertext sent by the remote authenticator may be received first, where the key ciphertext is obtained by encrypting the session key with a signature public key of the trusted platform system; and decrypting the key ciphertext by adopting a signature private key of the trusted platform system to obtain the session key. And the session key used for encrypting the current PCR value is encrypted, and a double encryption mode is adopted, so that the transmission safety of the current PCR value is finally ensured.
In the embodiment of the invention, as for the trusted platform system, a double-PCR reporting mechanism is adopted, and a reference value updating system is newly added, so that the remote authentication of TPM/TPCM in the related technology can be solved, the problems of false alarm and missing report can not be effectively avoided, and the following can be realized: when the current PCR value of the trusted platform system is inconsistent with the reference PCR value, the last PCR value of the last startup is additionally compared with the reference PCR value, so that the occurrence of false alarm can be reduced; when the current PCR reference value is inaccurate, a new reference value is updated in time, so that the occurrence of missing report can be reduced.
Fig. 6 is a flowchart of a third remote authentication method according to embodiment 1 of the present invention, and as shown in fig. 6, the flowchart includes the following steps:
step S602, the trusted platform system reads the current platform configuration register PCR value and the last PCR value, wherein the current PCR value is the measurement value of the current starting process of the trusted platform system, and the last PCR value is the measurement value of the last starting process of the current starting process of the trusted platform system;
as an alternative embodiment, the current PCR value may be all measurement values of the current boot process of the trusted platform system, may also be a part of the measurement values of the current boot process of the trusted platform system, or may also be some specified measurement values of the current boot process of the platform system. The last PCR value may be all measurement values of the last boot process of the trusted platform system, may also be a part of measurement values of the last boot process of the trusted platform system, and may also be some specified measurement values of the last boot process of the platform system.
Step S604, the trusted platform system reports the current PCR value and the last PCR value to the remote authenticator;
and step S606, the remote authentication party compares the current PCR value with a reference PCR value stored by the remote authentication party, and compares the last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value, so as to determine the certification result of the trusted platform system.
As an alternative embodiment, the remote authenticator may further determine that the certification result of the trusted platform system may include multiple types after comparing the current PCR value with the reference PCR value stored by the remote authenticator, for example, in the case that the last PCR value is consistent with the reference PCR value, the certification result of the trusted platform system is determined as: the reference PCR value needs to be updated, the credible platform system is determined to be legal, and the determined certification result is fed back to the credible platform system; and under the condition that the current PCR value is consistent with the reference PCR value, determining that the certification result of the trusted platform system is as follows: the trusted platform system is legal and feeds back the determined certification result to the trusted platform system; after the remote authenticator compares the current PCR value with the reference PCR value stored by the remote authenticator, under the condition that the last PCR value is inconsistent with the reference PCR value, the certification result of the trusted platform system is determined as follows: and the trusted platform system is illegal, and the determined certification result is fed back to the trusted platform system.
As an alternative embodiment, before the trusted platform system reads the current platform configuration register PCR value and the last PCR value, the remote authenticator generates a random number and sends the generated random number to the trusted platform system to trigger authentication of the trusted platform system.
As an alternative embodiment, the reporting, by the trusted platform system, the current PCR value and the last PCR value to the remote authenticator may include: the trusted platform system carries out operation according to the random number and the current PCR value to obtain a current hash value, and carries out operation according to the random number and the last PCR value to obtain a last hash value; and then, the trusted platform system sends the current hash value and the last hash value to the remote authenticator.
As an alternative embodiment, the comparing, by the remote authenticator, the current PCR value with the reference PCR value stored by the remote authenticator may include: the remote authentication party calculates according to the random number and the reference PCR value to obtain a reference hash value, compares the current hash value with the reference hash value, and determines that the current PCR value is consistent with the reference PCR value under the condition that the current hash value is equal to the reference hash value; and/or determining that the current PCR value is inconsistent with the reference PCR value in the case that the current hash value is not equal to the reference hash value.
As an alternative embodiment, the comparing the last PCR value with the reference PCR value by the remote authenticator comprises: under the condition that the last hash value is equal to the reference hash value, determining that the last PCR value is consistent with the reference PCR value; and/or determining that the last PCR value is inconsistent with the reference PCR value under the condition that the last hash value is not equal to the reference hash value.
As an alternative embodiment, the determination of the attestation result to the trusted platform system at the remote authenticator is: when the reference PCR value needs to be updated, the trusted platform system sends the current PCR value to the remote authenticator; the remote authenticator stores the current PCR value in place of the reference PCR value at the remote authenticator.
As an alternative embodiment, when the trusted platform system sends the current PCR value to the remote authenticator, in order to ensure the transmission security of the current PCR value, the following method may be adopted: the trusted platform system encrypts the current PCR value by adopting the session key to obtain a ciphertext and sends the ciphertext to the remote authenticator; and the remote authenticator decrypts the ciphertext by adopting the session key to obtain the current PCR value.
In the embodiment of the invention, a double-PCR reporting mechanism is adopted, and a reference value updating system is newly added, so that the problems of false report and missing report can not be effectively avoided due to the remote authentication of TPM/TPCM in the related technology, and the following can be realized: when the current PCR value of the trusted platform system is inconsistent with the reference PCR value, the last PCR value of the last startup is additionally compared with the reference PCR value, so that the occurrence of false alarm can be reduced; when the current PCR reference value is inaccurate, a new reference value is updated in time, so that the occurrence of missing report can be reduced.
Based on the above-described embodiments and preferred embodiments, a preferred embodiment is provided, which is described below.
Fig. 7 is a flowchart of trusted remote authentication for reporting dual PCR values according to a preferred embodiment of the present invention, and as shown in fig. 7, the flowchart includes the following steps:
s1, the remote authenticator challenge generates a true Random Number Nonce using a Random Number Generator (RNG).
S2, the remote authenticator, Challenger, sends the random number Nonce to the Trusted Platform system Trusted Platform.
And S3, after receiving the random number Nonce, the trusted platform system reads the PCR _ now value of the current boot process and the PCR _ last value of the latest boot process from the trusted security chip (TPM/TPCM) in the trusted platform system. Here, a trusted security chip is required to provide the ability to record the two-boot PCR values.
S4, adding the Nonce and the PCR _ now by the trusted platform system, and calculating the digest value Hash _ now; similarly, calculate the digest value of Nonce + PCR _ last, Hash _ last. The Hash algorithm used here includes, but is not limited to, SHA1, SHA256, SM3, and so on.
And S5, the trusted platform system calls a Signature private key in a trusted security chip (TPM/TPCM), and carries out encryption Signature operation on the digest values Hash _ now and Hash _ last to generate Signature files Signature _ now and Signature _ last.
And S6, the trusted platform system replies Signature _ now and Signature _ last to the remote authentication party.
S7, the remote authenticator adds the Nonce to the PCR Reference value Reference _ PCR, and calculates the digest value Reference _ Hash thereof. The Hash algorithm used here includes, but is not limited to, SHA1, SHA256, SM3, and so on. Here, Reference _ PCR is securely held in advance in the remote authenticator.
And S8, after receiving the Signature _ now and Signature _ last, the remote authentication party uses the Signature public key of the trusted platform system to decrypt and check the Signature _ now and Signature _ last, and obtains the original digest values Hash _ now and Hash _ last. Here, the trusted platform system needs to disclose its own public signature key to the remote authenticator in advance.
S9, the remote authentication party compares the Hash _ now with the Reference _ Hash (Verification), if the Hash _ now and the Reference _ Hash are equal, the remote authentication is passed, and the trusted platform system is legal; if the two are not equal, further comparing (verifying) the Hash _ last with the Reference _ Hash, if the two are equal, updating the current Reference value Reference _ Hash, turning to the next section of trusted Reference value updating process, and simultaneously remotely proving that the trusted platform system is legal after passing; if the two are not equal, the remote certification fails, and the trusted platform system is illegal.
Fig. 8 is a flowchart of updating the trusted reference value according to the preferred embodiment of the present invention, and as shown in fig. 8, the flowchart includes the following steps:
when the Hash _ now of the trusted platform system is not equal to the Reference _ Hash and the Hash _ last is equal to the Reference _ Hash, it indicates that the Reference _ Hash is expired and invalid at the moment, and the current PCR _ now is needed to be used for updating the original Reference value.
S1, the challenge, who is a registered remote authenticator, generates a random number as the session Key _ session using the random number generator RNG.
S2, the remote authentication party uses the signature public Key of the credible platform system to encrypt the Key _ session and generate a Key ciphertext Key _ ciphertext.
And S3, the remote authenticator sends the Key _ cipher back to the trusted platform system.
And S4, after receiving the Key _ cipher, the trusted platform system calls a signature private Key in a trusted security chip (TPM/TPCM) to decrypt the Key _ cipher to obtain the Key _ session.
S5, the trusted platform system reads the PCR _ now value of the current starting process, and uses Key _ session to encrypt the value, and generates the ciphertext PCR _ ciphertext.
And S6, the trusted platform system sends the PCR _ cipher to the remote authenticator.
And S7, after receiving the PCR _ cipher, the remote authenticator decrypts the PCR _ cipher by using the Key _ session generated in the step 1 to obtain the PCR _ now.
S8, the remote authenticator replaces the original PCR Reference value with PCR _ now to become a new Reference _ PCR.
In the preferred embodiment, a double-PCR reporting mechanism is adopted, and a reference value updating system is newly added, so that the problems of false alarm and missing report cannot be effectively solved due to the remote authentication of TPM/TPCM in the related technology, and the following can be realized: when the current PCR value of the trusted platform system is inconsistent with the reference PCR value, the last PCR value of the last startup is additionally compared with the reference PCR value, so that the occurrence of false alarm can be reduced; when the current PCR reference value is inaccurate, a new reference value is updated in time, so that the occurrence of missing report can be reduced.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
Example 2
According to an embodiment of the present invention, there is further provided an apparatus for implementing the first remote authentication method in embodiment 1, and fig. 9 is a block diagram of a first remote authentication apparatus according to an embodiment of the present invention, and as shown in fig. 9, the apparatus includes: a first comparison module 92, a second comparison module 94 and a determination module 96, which are described below.
A first comparison module 92, configured to compare a current platform configuration register PCR value with a reference PCR value stored by a remote authenticator, where the current PCR value is a metric value of a current start-up process of the trusted platform system; a second comparison module 94, connected to the first comparison module 92, for comparing the last PCR value with the reference PCR value to obtain a comparison result when the current PCR value is inconsistent with the reference PCR value, where the last PCR value is a measurement value of a last boot process of the current boot process of the trusted platform system; the determining module 96 is connected to the second comparing module 94, and is configured to determine a certification result for the trusted platform system according to the comparison result.
It should be noted that the first comparison module 92, the second comparison module 94 and the determination module 96 correspond to steps S402 to S406 of the first remote authentication method in embodiment 1, and the modules and the corresponding steps implement the same example and application scenarios, but are not limited to the disclosure of the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.
Example 3
According to an embodiment of the present invention, there is further provided an apparatus for implementing the second remote authentication method in embodiment 1, where fig. 10 is a block diagram of a second remote authentication apparatus according to an embodiment of the present invention, and as shown in fig. 10, the apparatus includes: the reading module 102, the reporting module 104 and the receiving module 106 are described below.
The reading module 102 is configured to read a current platform configuration register PCR value stored in the trusted platform system and a last PCR value, where the current PCR value is a metric value of a current starting process of the trusted platform system, and the last PCR value is a metric value of a last starting process of the current starting process of the trusted platform system; a reporting module 104, connected to the reading module 102, for reporting the current PCR value and the last PCR value to the remote authenticator; a receiving module 106, connected to the reporting module 104, for receiving the certification result fed back by the remote authenticator.
It should be noted that the reading module 102, the reporting module 104 and the receiving module 106 correspond to steps S502 to S506 of the second remote authentication method in embodiment 1, and the modules are the same as the corresponding steps in the implementation example and application scenarios, but are not limited to the disclosure in the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.
Example 4
According to an embodiment of the present invention, there is further provided a system for implementing the third remote authentication method in embodiment 1, where fig. 11 is a block diagram of a remote authentication system according to an embodiment of the present invention, and as shown in fig. 11, the system includes: a trusted platform system 112 and a remote authenticator 114, which are described below.
The trusted platform system 112 is configured to read a current platform configuration register PCR value and a last PCR value, and report the current PCR value and the last PCR value to the remote authenticator, where the current PCR value is a measurement value of a current start-up process of the trusted platform system, and the last PCR value is a measurement value of a last start-up process of the current start-up process of the trusted platform system; and the remote authenticator 114 is in communication with the trusted platform system 112 and is used for comparing the current PCR value with the reference PCR value stored by the remote authenticator, and comparing the last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value, so as to determine the certification result of the trusted platform system.
It should be noted that, the above-mentioned trusted platform system 112 and the remote authenticator 114 correspond to steps S602 to S606 in embodiment 1, and the above-mentioned structure is the same as the example and application scenario realized by the corresponding steps, but is not limited to the disclosure of the above-mentioned embodiment one. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.
Example 5
Embodiments of the present invention may provide a computer terminal (or referred to as a computer device), where the computer terminal may be any one computer terminal device in a computer terminal group. Optionally, in this embodiment, the computer terminal may also be replaced with a terminal device such as a mobile terminal.
Optionally, in this embodiment, the computer terminal may be located in at least one network device of a plurality of network devices of a computer network.
Optionally, in this embodiment, the computer device may include: a memory and a processor, the memory storing a computer program; a processor for executing a computer program stored in the memory, the computer program when executed causing the processor to perform any of the remote authentication methods described above.
The memory may be configured to store software programs and modules, such as program instructions/modules corresponding to the remote authentication method and apparatus in the embodiments of the present invention, and the processor executes various functional applications and data processing by running the software programs and modules stored in the memory, so as to implement the remote authentication method. The memory may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory may further include memory remotely located from the processor, and these remote memories may be connected to terminal a through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The processor can call the information and application program stored in the memory through the transmission device to execute the following steps: comparing the current PCR value of the platform configuration register with a reference PCR value stored by a remote authenticator, wherein the current PCR value is a measurement value of the current starting process of the trusted platform system; comparing the last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to obtain a comparison result, wherein the last PCR is a measurement value of the last starting process of the current starting process of the trusted platform system; and determining a certification result of the trusted platform system according to the comparison result.
Optionally, the processor may further execute the program code of the following steps: according to the comparison result, determining that the certification result of the trusted platform system comprises at least one of the following: under the condition that the last PCR value is consistent with the reference PCR value, determining that the reference PCR value needs to be updated, and determining that the trusted platform system is legal; determining that the trusted platform system is legal under the condition that the current PCR value is consistent with the reference PCR value; and under the condition that the last PCR value is inconsistent with the reference PCR value, determining that the trusted platform system is illegal.
Optionally, the processor may further execute the program code of the following steps: comparing the current PCR value to a reference PCR value stored by the remote authenticator comprises: comparing the current hash value with a reference hash value, wherein the current hash value is obtained by calculating according to the random number and the current PCR value, and the reference hash value is obtained by calculating according to the random number and the reference PCR value; determining that the current PCR value is consistent with the reference PCR value under the condition that the current hash value is equal to the reference hash value; and/or determining that the current PCR value is inconsistent with the reference PCR value in the case that the current hash value is not equal to the reference hash value.
Optionally, the processor may further execute the program code of the following steps: comparing the last PCR value to the reference PCR value comprises: comparing the last hash value with the reference hash value, wherein the last hash value is obtained by calculating according to the random number and the last PCR value; under the condition that the last hash value is equal to the reference hash value, determining that the last PCR value is consistent with the reference PCR value; and/or determining that the last PCR value is inconsistent with the reference PCR value under the condition that the last hash value is not equal to the reference hash value.
Optionally, the processor may further execute the program code of the following steps: receiving a current signature file and a last signature file sent by a trusted platform system, wherein the current signature file is obtained by carrying out encryption signature operation on a current hash value by a signature private key of the trusted platform, and the last signature file is obtained by carrying out encryption signature operation on a last hash value by the signature private key; and carrying out decryption and signature verification operation on the current signature file by adopting a signature public key of the trusted platform system to obtain a current hash value, and carrying out decryption and signature verification operation on the last signature file by adopting the signature public key to obtain a last hash value.
Optionally, the processor may further execute the program code of the following steps: a random number is generated using a random number generator and sent to the trusted platform system.
Optionally, the processor may further execute the program code of the following steps: after determining that the reference PCR value needs to be updated, the method further includes: acquiring a current PCR value; the current PCR value is stored at the remote authenticator in place of the reference PCR value.
Optionally, the processor may further execute the program code of the following steps: obtaining the current PCR value includes: receiving a ciphertext sent by the trusted platform system, wherein the ciphertext is obtained by encrypting a current PCR value by a session key; and decrypting the ciphertext by adopting the session key to obtain the current PCR.
Optionally, the processor may further execute the program code of the following steps: generating a session key, and encrypting the session key by adopting a signature public key of a trusted platform system to obtain a key ciphertext; and sending the key ciphertext to the trusted platform system, wherein the key ciphertext is decrypted by adopting a signature private key of the trusted platform system to obtain a session key.
The processor can also call the information stored in the memory and the application program through the transmission device to execute the following steps: reading a current platform configuration register PCR value and a last PCR value stored by the trusted platform system, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system; reporting the current PCR value and the last PCR value to a remote authentication party; and receiving the certification result fed back by the remote authenticator.
Optionally, the processor may further execute the program code of the following steps: the certification result of receiving the feedback of the remote authenticator comprises at least one of the following: the current PCR value is inconsistent with a reference PCR value stored by the remote authenticator, and the last PCR value is consistent with the reference PCR value, the reference PCR value needs to be updated, and the trusted platform system is legal; the current PCR value is consistent with the reference PCR value, and the trusted platform system is legal; the last PCR value is inconsistent with the reference PCR value, so that the trusted platform system is illegal.
Optionally, the processor may further execute the program code of the following steps: reporting the current PCR value and the last PCR value to a remote authenticator comprises: and reporting the current PCR value and the last PCR value to a remote authentication party by reporting the current hash value and the last hash value, wherein the current hash value is obtained by calculating according to the random number and the current PCR value, and the last hash value is obtained by calculating according to the random number and the last PCR value.
Optionally, the processor may further execute the program code of the following steps: reporting the current PCR value and the last PCR value to a remote authentication party by reporting the current hash value and the last hash value comprises: and reporting the current hash value and the last hash value to the remote authentication party by sending the current signature file and the last signature file to the remote authentication party, wherein the current signature file is obtained by carrying out encryption signature operation on the current hash value by a signature private key of a trusted platform, and the last signature file is obtained by carrying out encryption signature operation on the last hash value by the signature private key.
Optionally, the processor may further execute the program code of the following steps: encrypting the current PCR value by adopting a session key to obtain a ciphertext; and sending the ciphertext to the remote authenticator, so that the remote authenticator decrypts the ciphertext by using the session key to obtain the current PCR, and replacing the current PCR with the reference PCR value stored by the remote authenticator.
Optionally, the processor may further execute the program code of the following steps: receiving a key ciphertext sent by a remote authenticator, wherein the key ciphertext is obtained by encrypting a session key by using a signature public key of a trusted platform system; and decrypting the key ciphertext by adopting a signature private key of the trusted platform system to obtain the session key.
The processor can also call the information stored in the memory and the application program through the transmission device to execute the following steps: the method comprises the steps that a trusted platform system reads a current platform configuration register PCR value and a last PCR value, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system; the trusted platform system reports the current PCR value and the last PCR value to the remote authentication party; and the remote authentication party compares the current PCR value with a reference PCR value stored by the remote authentication party, and compares the last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to determine a certification result of the trusted platform system.
Optionally, the processor may further execute the program code of the following steps: determining that the attestation results for the trusted platform system include at least one of: and under the condition that the last PCR value is consistent with the reference PCR value, determining that the certification result of the trusted platform system is as follows: the reference PCR value needs to be updated, the credible platform system is determined to be legal, and the determined certification result is fed back to the credible platform system; and under the condition that the current PCR value is consistent with the reference PCR value, determining that the certification result of the trusted platform system is as follows: the trusted platform system is legal and feeds back the determined certification result to the trusted platform system; under the condition that the last PCR value is inconsistent with the reference PCR value, determining that the certification result of the trusted platform system is as follows: and the trusted platform system is illegal, and the determined certification result is fed back to the trusted platform system.
Optionally, the processor may further execute the program code of the following steps: the remote authentication party generates a random number and sends the generated random number to the trusted platform system; the trusted platform system carries out operation according to the random number and the current PCR value to obtain a current hash value, and carries out operation according to the random number and the last PCR value to obtain a last hash value; the trusted platform system reports the current PCR value and the last PCR value to the remote authenticator, and the method comprises the following steps: the trusted platform system sends the current hash value and the last hash value to the remote authentication party; the remote authenticator comparing the current PCR value with a reference PCR value stored by the remote authenticator comprises: the remote authentication party calculates according to the random number and the reference PCR value to obtain a reference hash value, compares the current hash value with the reference hash value, and determines that the current PCR value is consistent with the reference PCR value under the condition that the current hash value is equal to the reference hash value; and/or determining that the current PCR value is inconsistent with the reference PCR value under the condition that the current hash value is not equal to the reference hash value; the remote authenticator comparing the last PCR value with the reference PCR value comprises: under the condition that the last hash value is equal to the reference hash value, determining that the last PCR value is consistent with the reference PCR value; and/or determining that the last PCR value is inconsistent with the reference PCR value under the condition that the last hash value is not equal to the reference hash value.
Optionally, the processor may further execute the program code of the following steps: the trusted platform system sends the current PCR value to a remote authenticator; the remote authenticator stores the current PCR value in place of the reference PCR value at the remote authenticator.
Optionally, the processor may further execute the program code of the following steps: the trusted platform system sending the current PCR value to the remote authenticator includes: the trusted platform system encrypts the current PCR value by adopting the session key to obtain a ciphertext and sends the ciphertext to the remote authenticator; and the remote authenticator decrypts the ciphertext by adopting the session key to obtain the current PCR value.
By adopting the embodiment of the invention, the current PCR value and the last PCR value are respectively compared with the reference PCR value according to the current PCR value and the last PCR value, so that the aim of determining whether the reference PCR value is updated timely is achieved, the technical effects of accurately authenticating a trusted platform system and avoiding false alarm and false alarm are realized, and the technical problems of authentication false alarm and false alarm in the process of authenticating the trusted platform system in the related technology are solved.
It can be understood by those skilled in the art that the computer terminal may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, and a Mobile Internet Device (MID), a PAD, etc. The embodiment of the invention does not limit the structure of the electronic device. For example, the computer devices described above may also include more or fewer components (e.g., network interfaces, display devices, etc.), or have different configurations.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
Example 6
The embodiment of the invention also provides a storage medium. Optionally, in this embodiment, the storage medium may be configured to store a program code corresponding to any remote authentication method provided in embodiment 1, and control the processor to execute any one of the remote authentication methods when the program code is executed by the processor. .
Optionally, in this embodiment, the storage medium may be located in any one of computer terminals in a computer terminal group in a computer network, or in any one of mobile terminals in a mobile terminal group.
Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: comparing the current PCR value of the platform configuration register with a reference PCR value stored by a remote authenticator, wherein the current PCR value is a measurement value of the current starting process of the trusted platform system; comparing the last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to obtain a comparison result, wherein the last PCR is a measurement value of the last starting process of the current starting process of the trusted platform system; and determining a certification result of the trusted platform system according to the comparison result.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: according to the comparison result, determining that the certification result of the trusted platform system comprises at least one of the following: under the condition that the last PCR value is consistent with the reference PCR value, determining that the reference PCR value needs to be updated, and determining that the trusted platform system is legal; determining that the trusted platform system is legal under the condition that the current PCR value is consistent with the reference PCR value; and under the condition that the last PCR value is inconsistent with the reference PCR value, determining that the trusted platform system is illegal.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: comparing the current PCR value to a reference PCR value stored by the remote authenticator comprises: comparing the current hash value with a reference hash value, wherein the current hash value is obtained by calculating according to the random number and the current PCR value, and the reference hash value is obtained by calculating according to the random number and the reference PCR value; determining that the current PCR value is consistent with the reference PCR value under the condition that the current hash value is equal to the reference hash value; and/or determining that the current PCR value is inconsistent with the reference PCR value in the case that the current hash value is not equal to the reference hash value.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: comparing the last PCR value to the reference PCR value comprises: comparing the last hash value with the reference hash value, wherein the last hash value is obtained by calculating according to the random number and the last PCR value; under the condition that the last hash value is equal to the reference hash value, determining that the last PCR value is consistent with the reference PCR value; and/or determining that the last PCR value is inconsistent with the reference PCR value under the condition that the last hash value is not equal to the reference hash value.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: receiving a current signature file and a last signature file sent by a trusted platform system, wherein the current signature file is obtained by carrying out encryption signature operation on a current hash value by a signature private key of the trusted platform, and the last signature file is obtained by carrying out encryption signature operation on a last hash value by the signature private key; and carrying out decryption and signature verification operation on the current signature file by adopting a signature public key of the trusted platform system to obtain a current hash value, and carrying out decryption and signature verification operation on the last signature file by adopting the signature public key to obtain a last hash value.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: a random number is generated using a random number generator and sent to the trusted platform system.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: after determining that the reference PCR value needs to be updated, the method further includes: acquiring a current PCR value; the current PCR value is stored at the remote authenticator in place of the reference PCR value.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: obtaining the current PCR value includes: receiving a ciphertext sent by the trusted platform system, wherein the ciphertext is obtained by encrypting a current PCR value by a session key; and decrypting the ciphertext by adopting the session key to obtain the current PCR.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: generating a session key, and encrypting the session key by adopting a signature public key of a trusted platform system to obtain a key ciphertext; and sending the key ciphertext to the trusted platform system, wherein the key ciphertext is decrypted by adopting a signature private key of the trusted platform system to obtain a session key.
Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: reading a current platform configuration register PCR value and a last PCR value stored by the trusted platform system, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system; reporting the current PCR value and the last PCR value to a remote authentication party; and receiving the certification result fed back by the remote authenticator.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: the certification result of receiving the feedback of the remote authenticator comprises at least one of the following: the current PCR value is inconsistent with a reference PCR value stored by the remote authenticator, and the last PCR value is consistent with the reference PCR value, the reference PCR value needs to be updated, and the trusted platform system is legal; the current PCR value is consistent with the reference PCR value, and the trusted platform system is legal; the last PCR value is inconsistent with the reference PCR value, so that the trusted platform system is illegal.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: reporting the current PCR value and the last PCR value to a remote authenticator comprises: and reporting the current PCR value and the last PCR value to a remote authentication party by reporting the current hash value and the last hash value, wherein the current hash value is obtained by calculating according to the random number and the current PCR value, and the last hash value is obtained by calculating according to the random number and the last PCR value.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: reporting the current PCR value and the last PCR value to a remote authentication party by reporting the current hash value and the last hash value comprises: and reporting the current hash value and the last hash value to the remote authentication party by sending the current signature file and the last signature file to the remote authentication party, wherein the current signature file is obtained by carrying out encryption signature operation on the current hash value by a signature private key of a trusted platform, and the last signature file is obtained by carrying out encryption signature operation on the last hash value by the signature private key.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: encrypting the current PCR value by adopting a session key to obtain a ciphertext; and sending the ciphertext to the remote authenticator, so that the remote authenticator decrypts the ciphertext by using the session key to obtain the current PCR, and replacing the current PCR with the reference PCR value stored by the remote authenticator.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: receiving a key ciphertext sent by a remote authenticator, wherein the key ciphertext is obtained by encrypting a session key by using a signature public key of a trusted platform system; and decrypting the key ciphertext by adopting a signature private key of the trusted platform system to obtain the session key.
Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the method comprises the steps that a trusted platform system reads a current platform configuration register PCR value and a last PCR value, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system; the trusted platform system reports the current PCR value and the last PCR value to the remote authentication party; and the remote authentication party compares the current PCR value with a reference PCR value stored by the remote authentication party, and compares the last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to determine a certification result of the trusted platform system.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: determining that the attestation results for the trusted platform system include at least one of: and under the condition that the last PCR value is consistent with the reference PCR value, determining that the certification result of the trusted platform system is as follows: the reference PCR value needs to be updated, the credible platform system is determined to be legal, and the determined certification result is fed back to the credible platform system; and under the condition that the current PCR value is consistent with the reference PCR value, determining that the certification result of the trusted platform system is as follows: the trusted platform system is legal and feeds back the determined certification result to the trusted platform system; under the condition that the last PCR value is inconsistent with the reference PCR value, determining that the certification result of the trusted platform system is as follows: and the trusted platform system is illegal, and the determined certification result is fed back to the trusted platform system.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: the remote authentication party generates a random number and sends the generated random number to the trusted platform system; the trusted platform system carries out operation according to the random number and the current PCR value to obtain a current hash value, and carries out operation according to the random number and the last PCR value to obtain a last hash value; the trusted platform system reports the current PCR value and the last PCR value to the remote authenticator, and the method comprises the following steps: the trusted platform system sends the current hash value and the last hash value to the remote authentication party; the remote authenticator comparing the current PCR value with a reference PCR value stored by the remote authenticator comprises: the remote authentication party calculates according to the random number and the reference PCR value to obtain a reference hash value, compares the current hash value with the reference hash value, and determines that the current PCR value is consistent with the reference PCR value under the condition that the current hash value is equal to the reference hash value; and/or determining that the current PCR value is inconsistent with the reference PCR value under the condition that the current hash value is not equal to the reference hash value; the remote authenticator comparing the last PCR value with the reference PCR value comprises: under the condition that the last hash value is equal to the reference hash value, determining that the last PCR value is consistent with the reference PCR value; and/or determining that the last PCR value is inconsistent with the reference PCR value under the condition that the last hash value is not equal to the reference hash value.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: the trusted platform system sends the current PCR value to a remote authenticator; the remote authenticator stores the current PCR value in place of the reference PCR value at the remote authenticator.
Optionally, in this embodiment, the storage medium is further configured to store program code for performing the following steps: the trusted platform system sending the current PCR value to the remote authenticator includes: the trusted platform system encrypts the current PCR value by adopting the session key to obtain a ciphertext and sends the ciphertext to the remote authenticator; and the remote authenticator decrypts the ciphertext by adopting the session key to obtain the current PCR value.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit is merely a division of a logic function, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (25)
1. A remote authentication method, comprising:
comparing the current PCR value of the platform configuration register with a reference PCR value stored by a remote authenticator, wherein the current PCR value is a measurement value of the current starting process of the trusted platform system;
comparing a last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to obtain a comparison result, wherein the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system;
and determining a certification result of the trusted platform system according to the comparison result.
2. The method of claim 1, wherein determining the attestation result to the trusted platform system based on the comparison comprises at least one of:
under the condition that the last PCR value is consistent with the reference PCR value, determining that the reference PCR value needs to be updated, and determining that the trusted platform system is legal;
determining that the trusted platform system is legitimate if the current PCR value is consistent with the reference PCR value;
determining that the trusted platform system is not legitimate if the last PCR value is not consistent with the reference PCR value.
3. The method of claim 1, wherein comparing the current PCR value to the reference PCR value stored by the remote authenticator comprises:
comparing the current hash value with a reference hash value, wherein the current hash value is obtained by calculating according to a random number and the current PCR value, and the reference hash value is obtained by calculating according to the random number and the reference PCR value;
determining that the current PCR value is consistent with the reference PCR value under the condition that the current hash value is equal to the reference hash value; and/or determining that the current PCR value is inconsistent with the reference PCR value when the current hash value is not equal to the reference hash value.
4. The method of claim 3, wherein comparing the last PCR value to the reference PCR value comprises:
comparing the last hash value with the reference hash value, wherein the last hash value is obtained by calculating according to the random number and the last PCR value;
determining that the last PCR value is consistent with the reference PCR value under the condition that the last hash value is equal to the reference hash value; and/or determining that the last PCR value is inconsistent with the reference PCR value when the last hash value is not equal to the reference hash value.
5. The method of claim 4, further comprising:
receiving a current signature file and a last signature file sent by the trusted platform system, wherein the current signature file is obtained by performing encryption signature operation on the current hash value by a signature private key of the trusted platform, and the last signature file is obtained by performing encryption signature operation on the last hash value by the signature private key;
and carrying out decryption and signature verification operation on the current signature file by adopting the signature public key of the trusted platform system to obtain the current hash value, and carrying out decryption and signature verification operation on the last signature file by adopting the signature public key to obtain the last hash value.
6. The method of claim 5, further comprising:
generating the random number using a random number generator and sending the random number to the trusted platform system.
7. The method of any one of claims 1 to 6, further comprising, after determining that the reference PCR value needs to be updated:
acquiring the current PCR value;
storing the current PCR value in place of the reference PCR value at the remote authenticator.
8. The method of claim 7, wherein obtaining the current PCR value comprises:
receiving a ciphertext sent by the trusted platform system, wherein the ciphertext is obtained by encrypting the current PCR value by a session key;
and decrypting the ciphertext by adopting the session key to obtain the current PCR.
9. The method of claim 8, further comprising:
generating the session key, and encrypting the session key by adopting a signature public key of the trusted platform system to obtain a key ciphertext;
and sending the key ciphertext to the trusted platform system, wherein the key ciphertext is decrypted by using a signature private key of the trusted platform system to obtain the session key.
10. A remote authentication method, comprising:
reading a current Platform Configuration Register (PCR) value and a last PCR value stored by a trusted platform system, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR is a measurement value of a last starting process of the current starting process of the trusted platform system;
reporting the current PCR value and the last PCR value to a remote authenticator;
and receiving the certification result fed back by the remote authenticator.
11. The method of claim 10, wherein receiving the attestation results fed back by the remote authenticator comprises at least one of:
the current PCR value is inconsistent with a reference PCR value stored by the remote authenticator, the last PCR value is consistent with the reference PCR value, the reference PCR value needs to be updated, and the trusted platform system is legal;
the current PCR value is consistent with the reference PCR value, and the trusted platform system is legal;
and if the last PCR value is inconsistent with the reference PCR value, the trusted platform system is illegal.
12. The method of claim 10, wherein reporting the current PCR value and the last PCR value to a remote authenticator comprises:
reporting the current PCR value and the last PCR value to the remote authentication party by reporting the current hash value and the last hash value, wherein the current hash value is obtained by calculating according to a random number and the current PCR value, and the last hash value is obtained by calculating according to the random number and the last PCR value.
13. The method of claim 12, wherein reporting the current PCR value and the last PCR value to the remote authenticator by reporting the current hash value and the last hash value comprises:
and reporting the current hash value and the last hash value to the remote authenticator by sending the current signature file and the last signature file to the remote authenticator, wherein the current signature file is obtained by carrying out encryption signature operation on the current hash value by a signature private key of the trusted platform, and the last signature file is obtained by carrying out encryption signature operation on the last hash value by the signature private key.
14. The method of any of claims 10 to 13, further comprising:
encrypting the current PCR value by adopting a session key to obtain a ciphertext;
and sending the ciphertext to the remote authenticator, so that the remote authenticator decrypts the ciphertext by using the session key to obtain the current PCR, and replaces the current PCR with the reference PCR value stored by the remote authenticator.
15. The method of claim 14, further comprising:
receiving a key ciphertext sent by the remote authenticator, wherein the key ciphertext is obtained by encrypting the session key by using a signature public key of the trusted platform system;
and decrypting the key ciphertext by adopting a signature private key of the trusted platform system to obtain the session key.
16. A remote authentication method, comprising:
a trusted platform system reads a current platform configuration register PCR value and a last PCR value, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system;
the trusted platform system reports the current PCR value and the last PCR value to a remote authenticator;
and the remote authenticator compares the current PCR value with a reference PCR value stored by the remote authenticator, and compares the last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to determine the certification result of the trusted platform system.
17. The method of claim 16, wherein determining the attestation results for the trusted platform system comprises at least one of:
determining, when the last PCR value is consistent with the reference PCR value, that the certification result for the trusted platform system is: the reference PCR value needs to be updated, the credible platform system is determined to be legal, and the determined certification result is fed back to the credible platform system;
determining, when the current PCR value is consistent with the reference PCR value, that a certification result for the trusted platform system is: the trusted platform system is legal and feeds back the determined certification result to the trusted platform system;
determining, in the case that the last PCR value is inconsistent with the reference PCR value, that the attestation result for the trusted platform system is: and the trusted platform system is illegal, and the determined certification result is fed back to the trusted platform system.
18. The method of claim 16,
the remote authentication party generates a random number and sends the generated random number to the trusted platform system;
the trusted platform system carries out operation according to the random number and the current PCR value to obtain a current hash value, and carries out operation according to the random number and the last PCR value to obtain a last hash value;
the step of reporting the current PCR value and the last PCR value to a remote authenticator by the trusted platform system comprises the following steps: the trusted platform system sends the current hash value and the last hash value to the remote authenticator;
the remote authenticator comparing the current PCR value to a reference PCR value stored by the remote authenticator comprises: the remote authenticator carries out operation according to the random number and the reference PCR value to obtain a reference hash value, the current hash value is compared with the reference hash value, and the current PCR value is determined to be consistent with the reference PCR value under the condition that the current hash value is equal to the reference hash value; and/or determining that the current PCR value is inconsistent with the reference PCR value when the current hash value is not equal to the reference hash value;
the remote authenticator comparing the last PCR value with the reference PCR value comprises: determining that the last PCR value is consistent with the reference PCR value under the condition that the last hash value is equal to the reference hash value; and/or determining that the last PCR value is inconsistent with the reference PCR value when the last hash value is not equal to the reference hash value.
19. The method of any one of claims 16 to 18, further comprising:
the trusted platform system sends the current PCR value to the remote authenticator;
the remote authenticator stores the current PCR value in place of the reference PCR value at the remote authenticator.
20. The method of claim 19, wherein the trusted platform system sending the current PCR value to the remote authenticator comprises:
the trusted platform system encrypts the current PCR value by adopting a session key to obtain a ciphertext and sends the ciphertext to the remote authenticator;
and the remote authenticator decrypts the ciphertext by adopting the session key to obtain the current PCR value.
21. A remote authentication apparatus, comprising:
the system comprises a first comparison module, a second comparison module and a third comparison module, wherein the first comparison module is used for comparing a current platform configuration register PCR value with a reference PCR value stored by a remote authentication party, and the current PCR value is a measurement value of the current starting process of a trusted platform system;
the second comparison module is used for comparing a last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value to obtain a comparison result, wherein the last PCR is a measurement value of a last starting process of the current starting process of the trusted platform system;
and the determining module is used for determining the certification result of the trusted platform system according to the comparison result.
22. A remote authentication apparatus, comprising:
the reading module is used for reading a current platform configuration register PCR value and a last PCR value stored by the trusted platform system, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR value is a measurement value of a last starting process of the current starting process of the trusted platform system;
a reporting module, configured to report the current PCR value and the last PCR value to a remote authenticator;
and the receiving module is used for receiving the certification result fed back by the remote authenticator.
23. A remote authentication system, comprising: the system comprises a trusted platform system and a remote authenticator, wherein the trusted platform system is used for reading a current Platform Configuration Register (PCR) value and a last PCR value, and reporting the current PCR value and the last PCR value to the remote authenticator, wherein the current PCR value is a measurement value of a current starting process of the trusted platform system, and the last PCR is a measurement value of a last starting process of the current starting process of the trusted platform system;
and the remote authenticator is used for comparing the current PCR value with a reference PCR value stored by the remote authenticator, comparing the last PCR value with the reference PCR value under the condition that the current PCR value is inconsistent with the reference PCR value, and determining a certification result of the trusted platform system.
24. A storage medium storing a program, wherein the program controls a processor to execute the remote authentication method according to any one of claims 1 to 20 when the program is executed by the processor.
25. A computer device, comprising: a memory and a processor, wherein the processor is capable of,
the memory stores a computer program;
the processor for executing a computer program stored in the memory, the computer program when executed causing the processor to perform the remote authentication method of any one of claims 1 to 20.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910447430.0A CN112000935B (en) | 2019-05-27 | 2019-05-27 | Remote authentication method, device, system, storage medium and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910447430.0A CN112000935B (en) | 2019-05-27 | 2019-05-27 | Remote authentication method, device, system, storage medium and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112000935A true CN112000935A (en) | 2020-11-27 |
| CN112000935B CN112000935B (en) | 2024-06-14 |
Family
ID=73461716
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910447430.0A Active CN112000935B (en) | 2019-05-27 | 2019-05-27 | Remote authentication method, device, system, storage medium and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112000935B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114021106A (en) * | 2021-11-03 | 2022-02-08 | 海光信息技术股份有限公司 | Remote authentication method, device and system for credibility measurement |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20090001497A (en) * | 2006-12-01 | 2009-01-09 | 한국전자통신연구원 | Internet voting method for all participants having mutual attestation functions on trusted computing environment and system thereof |
| US20090070598A1 (en) * | 2007-09-10 | 2009-03-12 | Daryl Carvis Cromer | System and Method for Secure Data Disposal |
| CN101458743A (en) * | 2007-12-12 | 2009-06-17 | 中国长城计算机深圳股份有限公司 | Method for protecting computer system |
| US20100161998A1 (en) * | 2008-12-15 | 2010-06-24 | Liqun Chen | Associating a Signing key with a Software Component of a Computing Platform |
| CN102063591A (en) * | 2011-01-07 | 2011-05-18 | 北京工业大学 | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform |
| CN103501303A (en) * | 2013-10-12 | 2014-01-08 | 武汉大学 | Active remote attestation method for measurement of cloud platform virtual machine |
| CN105227319A (en) * | 2015-10-23 | 2016-01-06 | 浪潮电子信息产业股份有限公司 | A kind of method of authentication server and device |
| CN106127057A (en) * | 2016-06-23 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | Method for constructing trusted boot control based on TPM |
| US20160381007A1 (en) * | 2006-08-09 | 2016-12-29 | International Business Machines Corporation | Method, system, and program product for remotely attesting to a state of a computer system |
| CN107563186A (en) * | 2017-08-30 | 2018-01-09 | 浪潮(北京)电子信息产业有限公司 | A kind of safe starting method and device |
| CN109586920A (en) * | 2018-12-05 | 2019-04-05 | 大唐高鸿信安(浙江)信息科技有限公司 | A kind of trust authentication method and device |
-
2019
- 2019-05-27 CN CN201910447430.0A patent/CN112000935B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160381007A1 (en) * | 2006-08-09 | 2016-12-29 | International Business Machines Corporation | Method, system, and program product for remotely attesting to a state of a computer system |
| KR20090001497A (en) * | 2006-12-01 | 2009-01-09 | 한국전자통신연구원 | Internet voting method for all participants having mutual attestation functions on trusted computing environment and system thereof |
| US20090070598A1 (en) * | 2007-09-10 | 2009-03-12 | Daryl Carvis Cromer | System and Method for Secure Data Disposal |
| CN101458743A (en) * | 2007-12-12 | 2009-06-17 | 中国长城计算机深圳股份有限公司 | Method for protecting computer system |
| US20100161998A1 (en) * | 2008-12-15 | 2010-06-24 | Liqun Chen | Associating a Signing key with a Software Component of a Computing Platform |
| CN102063591A (en) * | 2011-01-07 | 2011-05-18 | 北京工业大学 | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform |
| CN103501303A (en) * | 2013-10-12 | 2014-01-08 | 武汉大学 | Active remote attestation method for measurement of cloud platform virtual machine |
| CN105227319A (en) * | 2015-10-23 | 2016-01-06 | 浪潮电子信息产业股份有限公司 | A kind of method of authentication server and device |
| CN106127057A (en) * | 2016-06-23 | 2016-11-16 | 浪潮电子信息产业股份有限公司 | Method for constructing trusted boot control based on TPM |
| CN107563186A (en) * | 2017-08-30 | 2018-01-09 | 浪潮(北京)电子信息产业有限公司 | A kind of safe starting method and device |
| CN109586920A (en) * | 2018-12-05 | 2019-04-05 | 大唐高鸿信安(浙江)信息科技有限公司 | A kind of trust authentication method and device |
Non-Patent Citations (3)
| Title |
|---|
| 付东来;彭新光;: "基于Chameleon哈希改进的平台配置远程证明机制", 计算机科学, no. 01, 15 January 2013 (2013-01-15), pages 124 - 127 * |
| 王群;李馥娟;: "可信计算技术及其进展研究", 信息安全研究, no. 09, 5 September 2016 (2016-09-05), pages 72 - 81 * |
| 黄秀文;: "基于可信计算的远程证明的研究", 武汉纺织大学学报, no. 06, 15 December 2015 (2015-12-15), pages 88 - 93 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114021106A (en) * | 2021-11-03 | 2022-02-08 | 海光信息技术股份有限公司 | Remote authentication method, device and system for credibility measurement |
| CN114021106B (en) * | 2021-11-03 | 2022-07-19 | 海光信息技术股份有限公司 | Remote authentication method, device and system for credibility measurement |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112000935B (en) | 2024-06-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10164778B2 (en) | Method and system for distributing attestation key and certificate in trusted computing | |
| CN106416121B (en) | Common mode RSA key pair for signature generation and encryption/decryption | |
| CN108241517B (en) | Software upgrading method, client and electronic equipment | |
| US10437985B2 (en) | Using a second device to enroll a secure application enclave | |
| CN109313690B (en) | Self-contained encrypted boot policy verification | |
| CN107077574B (en) | Trust service for client devices | |
| CN109714168B (en) | Trusted remote attestation method, device and system | |
| CN109937419B (en) | Initialization method for security function enhanced device and firmware update method for device | |
| US9043604B2 (en) | Method and apparatus for key provisioning of hardware devices | |
| CN110874494B (en) | Method, device and system for processing password operation and method for constructing measurement trust chain | |
| CN110874478B (en) | Key processing method and device, storage medium and processor | |
| CN110737897B (en) | Method and system for starting measurement based on trusted card | |
| WO2006002282A1 (en) | Systems and methods for performing secure communications between an authorized computing platform and a hardware component | |
| CN110795742B (en) | Metric processing method, device, storage medium and processor for high-speed cryptographic operation | |
| WO2017053014A1 (en) | Data protection keys | |
| CN111371726B (en) | Authentication method and device for security code space, storage medium and processor | |
| WO2018112482A1 (en) | Method and system for distributing attestation key and certificate in trusted computing | |
| CN111901304B (en) | Registration method and device of mobile security equipment, storage medium and electronic device | |
| KR20110035573A (en) | Method for providing safety of virtual machine installation in cloud computing environment | |
| EP3641219A1 (en) | Puf based securing of device update | |
| CN112346785B (en) | Data processing method, device, system, storage medium and computer equipment | |
| CN112966254B (en) | Secure communication method and system for host and trusted cryptographic module | |
| CN112000935B (en) | Remote authentication method, device, system, storage medium and computer equipment | |
| CN110858246B (en) | Authentication method and system of security code space, and registration method thereof | |
| CN114117388A (en) | Device registration method, device registration apparatus, electronic device, and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |