CN1992714B - Authority principal method based on trusted computing platform - Google Patents

Authority principal method based on trusted computing platform Download PDF

Info

Publication number
CN1992714B
CN1992714B CN200510135576XA CN200510135576A CN1992714B CN 1992714 B CN1992714 B CN 1992714B CN 200510135576X A CN200510135576X A CN 200510135576XA CN 200510135576 A CN200510135576 A CN 200510135576A CN 1992714 B CN1992714 B CN 1992714B
Authority
CN
China
Prior art keywords
key
trust
reliable hardware
entrusted
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200510135576XA
Other languages
Chinese (zh)
Other versions
CN1992714A (en
Inventor
冯荣峰
王凯
郭轶尊
李俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lenovo Beijing Ltd
Original Assignee
Lenovo Beijing Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lenovo Beijing Ltd filed Critical Lenovo Beijing Ltd
Priority to CN200510135576XA priority Critical patent/CN1992714B/en
Publication of CN1992714A publication Critical patent/CN1992714A/en
Application granted granted Critical
Publication of CN1992714B publication Critical patent/CN1992714B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention relates to a method for using key to represent agency, based on confidence calculate platform, wherein said platform comprises confidence hardware and software protocol stacks; the confidence hardware stores evidence data, root key and counter list with at least one counter; the software protocol stack stores key list with at least one key and the agency list with at least one agency. And the method comprises that: inputting at least one agency, relative key agency command and access command of key into confidence hardware; the hardware uses root key to analyze the key, extractskey access command, to check the input access command; when the input access command is right, relating the agency and key; uses root key to encrypt the agency command, inputs it into agency, uses evidence data to calculate integrality and inputs it into agency, to generate authorized agency; feedbacks said agency to software protocol stack, to be input into agency information list.

Description

Authority principal method based on credible calculating platform
Technical field
The present invention relates to authority and entrust, be specifically related to a kind of authority principal method, can improve the fail safe and the privacy of trust based on credible calculating platform.
Background technology
Current, in the various application that empowerment management arranged,, adopt the common system that comprises user, role and password in order to realize the trust of authority, or PMI (Privilege ManagementInfrastructure, rights management architecture).The shortcoming of above-mentioned common system is need be at a little less than independent exploitation of each application and the fail safe.Just, all kinds of authorization datas adopt the mode of pure software to protect.The shortcoming of above-mentioned PMI is to build complete PKI (PublicKey Infrastructure, public-key infrastructure) and PMI architectural framework, causes disposing more complicated, drop into bigger, to the network requirement height.Therefore, PMI realizes that for middle-size and small-size application desktop application particularly cost is too high.
Summary of the invention
In view of the above problems, finished the present invention.The purpose of this invention is to provide a kind of based on credible calculating platform and with the authority principal method of service detach, to improve fail safe and the privacy that authority is entrusted.
In one aspect of the invention, proposed a kind of based on credible calculating platform, the method of the authority that trust is represented by key, described credible calculating platform comprises reliable hardware and the software protocol stack that is on the described reliable hardware, described reliable hardware stores the voucher data, root key and have a counters table of at least one counter, store key list with at least one key and the trust table with at least one trust in the described software protocol stack, described method comprises step: near one item missing is entrusted, the key of being entrusted, the access password of the key of entrusting password and being entrusted is input to reliable hardware; The key that reliable hardware utilizes the root key deciphering to be entrusted, the access password of the key that extraction is entrusted, whether correct with the access password of checking input; Under the correct situation of the access password of input, described trust and the key of being entrusted are associated; Encrypt described trust password with root key, and insert in the described trust, utilize described voucher data computation integrity value and insert in the described trust trust that generation is authorized; The trust of described mandate is returned to the software protocol stack, to insert in the described trust table.
According to one embodiment of present invention, in the method, the step that the described key that will entrust and be entrusted is associated comprises: described reliable hardware reads in the described counters table check value with the corresponding counter of key of being entrusted, insert the corresponding field of described trust, and calculate the Hash Value of the key entrusted, insert the cipher key digest field of described trust.
According to one embodiment of present invention, in the method, described software protocol stack also stores the strategy group table with at least one group policy, this method also comprises strategy setting step: the reliable hardware owner is that strategy of a trust strategy establishment is organized, comprise effective counter identifier, mark and description are set, send described reliable hardware to together with the access password of described root key; Described reliable hardware is checked the access password of described root key; Under the correct situation of the access password of described root key, in described counters table, set up corresponding counter, set the state of the counter of described correspondence according to strategy; The information of the counter of described correspondence is returned described software protocol stack, to upgrade described tactful group of table.
According to one embodiment of present invention, in the method, also comprise step: the trust that the trustee will authorize, the key of being entrusted, the operation of wishing execution and trust password are input in the reliable hardware; The trust password of described reliable hardware checking input whether the operation of correct and described hope execution whether within the trust scope; Under situation about being proved to be successful, described trustee carries out the operation that described hope is carried out.
According to one embodiment of present invention, in the method, verify by the trust of deciphering described mandate with root key whether the trust password of described input is correct.
According to one embodiment of present invention, in the method, trust summary, the cipher key digest of the trust of the described mandate of described reliable hardware verification.
According to one embodiment of present invention, in the method, the state and the check value of described reliable hardware inspection and the corresponding counter of key of being entrusted.
According to one embodiment of present invention, in the method, described integrity value is the hashed message authentication code value.
According to one embodiment of present invention, in the method, described root key is that RSA key is right.
According to one embodiment of present invention, in the method, the key of being entrusted is that RSA key is right.
In another aspect of this invention, a kind of method of entrusting based on the revocation of credible calculating platform has been proposed, described credible calculating platform comprises reliable hardware and the software protocol stack that is on the described reliable hardware, described reliable hardware stores root key and has the counters table of at least one counter, store key list with at least one key and trust table in the described software protocol stack with at least one trust, described method comprises step: select trust to be cancelled from described trust table, be input to reliable hardware with owner's password of the key of being entrusted and the key of being entrusted; In described reliable hardware, verify owner's password of input by the key of being entrusted with described root key deciphering; Under situation about being proved to be successful, check whether the integrality of entrusted information and described entrusted information mate with the key of being entrusted; Under check result was sure situation, described reliable hardware was revised Counter Value; Trust described to be cancelled in the described trust table of described software protocol stack deletion.
In still another aspect of the invention, a kind of method of entrusting based on the revocation of credible calculating platform has been proposed, described credible calculating platform comprises reliable hardware and the software protocol stack that is on the described reliable hardware, described credible calculating platform comprises reliable hardware and the software protocol stack that is on the described reliable hardware, described reliable hardware stores root key and has the counters table of at least one counter, store key list in the described software protocol stack with at least one key, the strategy group table that has the trust table of at least one trust and have at least one group policy, described method comprises step: the reliable hardware owner selects the strategy group that will recall from described tactful group of table, send described reliable hardware to together with owner's password; Whether owner's access password of described reliable hardware checking user input is correct; Under situation about being proved to be successful, check whether the integrality of entrusted information and described entrusted information mate with the key of being entrusted; Under check result was sure situation, described reliable hardware was revised Counter Value; The trust that in the described trust table of software protocol stack deletion, is associated with the described strategy group that will recall.
Utilize method of the present invention, the consigner can customize open which Authorized operation to the trustee; The trustee can not know that the consigner visits the authorization message of this resource; Entrusted information can not be revised lacking under owner's authorization conditions of reliable hardware or resource in the outside, more can not carry out any operation outside the delegated authorities.In addition, configuration of the present invention and platform are closely integrated, and peel off with concrete business.
Description of drawings
Fig. 1 shows the general structure according to the credible calculating platform of the embodiment of the invention;
Fig. 2 shows the schematic diagram of the data structure of using in credible calculating platform shown in Figure 1;
Fig. 3 shows according to the authority of the embodiment of the invention and entrusts process;
Fig. 4 shows the process of entrusting according to the rights of using of the embodiment of the invention;
Fig. 5 shows and recalls the process that authority is entrusted according to the embodiment of the invention by the consigner;
Fig. 6 shows and recalls the process that authority is entrusted according to the embodiment of the invention by the reliable hardware owner;
Fig. 7 shows the process of entrusting strategy according to the setting of the embodiment of the invention.
Embodiment
The contrast accompanying drawing describes specific embodiments of the invention in detail below.
[formation of credible calculating platform]
Fig. 1 shows the overall formation according to the credible calculating platform of the embodiment of the invention.As shown in Figure 1, the credible calculating platform according to the embodiment of the invention comprises software platform 100 and reliable hardware 200.Platform user 300 is accepted the service that reliable hardware 200 provides by software platform 100.
In reliable hardware 200, input/output module 210 is responsible for and the exchanges data of the software platform 100 on upper strata and the scheduling of order.Authority commit module 220 can provide " authority trust ", " trust is cancelled ", " entrust and differentiate " and basic authorities such as " trust tactical managements " to entrust service.
In addition, key production module 240 is used for generating root key (RootKey) and common key (Key) on reliable hardware internal random ground.Persistent stored modules 230 is in chip internal persistent storage voucher data (ProofData) 231, root key (RootKey) 232 and counters table (Counter Table) 233.Persistent stored modules 230 employed storage mediums are such as being flash memory.
Other module 240 in the reliable hardware 200 comprises other function of reliable hardware needs, but the module little with the authority clientage is not described in detail here.
Store voucher data (ProofData) 231 in persistent stored modules 230, it is the concealed data of solidifying in the fabrication stage of reliable hardware 200.The manufacturing side of reliable hardware 200 should guarantee that these data are not by known to any entity beyond the reliable hardware.Each reliable hardware all has distinguished voucher data.Can carry out HMAC (a kind of hash function that needs key supports completeness check and identity to differentiate) computing with the data that these voucher data produce reliable hardware 200, do not altered and forge to guarantee these data.
In addition, also store the root key (RootKey) 232 of reliable hardware 200 in the persistent stored modules 230, it is used for encrypting the concealed data in the entrusted information.In addition, this root key 232 also is used for encrypting other key that reliable hardware 200 produces.According to one embodiment of present invention, root key and key may be that 2048 RSA key is right.Root key can only be kept at reliable hardware 200 inside and use in reliable hardware inside.In addition, when reliable hardware 200 is created root keys, also generated the access password of visit root key, and it preserves as the part of root key, and when the user uses root key, be used to the access password of verifying that the user imports.
In addition, also store counters table (Counter Table) 233 in the persistent stored modules 230.The size of this counters table 233 is subjected to the storage space limitations of reliable hardware 200.Shown in (D) among Fig. 2, each counter is except ID (sign) field that is useful on indicating self, also comprise check value (VerificationNumber, this value can only increase, and can not reduce) and field, Enabled field (enable field, 0 expression can not be used, then all entrusted informations relevant with this counter are all temporarily invalid, and can only revise by the reliable hardware owner), (then anyone must not revise Counter Value to the Locked field for locking field, 1 expression locking.Have only the reliable hardware owner can revise the Locked value).
In software platform 100, input/output module 110 is responsible for and the exchanges data of the reliable hardware 200 of the application software on upper strata and bottom and the scheduling of order.
In addition, authority commit module 120 is entrusted service for upper layer application provides " authority trust ", " trust is cancelled ", " entrust and differentiate " and basic authorities such as " trust tactical managements ".Certainly, these functions finally are to realize by the corresponding function that calls reliable hardware 200.
Persistent stored modules 130 is access keys table (Key Table) 131, trust table (Delegation Table) 132 and group table (Group Table) 133 on the persistent storage medium.The storage medium that persistent stored modules 130 uses is such as being hard disk.
Other module 140 in the software platform 100 comprises other function of software platform needs, and promptly little with authority clientage module is such as the generation of key, deletion, modification etc.Therefore be not described in detail the function of other module 140 here.
Store the key list 131 of having registered a plurality of keys in persistent stored modules 130, wherein each key generates in reliable hardware 200 inside, and is encrypted by root key.As previously mentioned.Key may be that 2048 RSA key is right.Similar with root key, key also generates the access password of this key of visit when creating, and as the part of this key by root key encrypting storing in the lump, shown in (A) among Fig. 2.
In addition, store the trust table (Delegation Table) 132 of having registered a plurality of trusts in the persistent stored modules 130.The trust of middle finger of the present invention all is the trust to key.That is, the owner of key (knowing the user of the access password of key) allows the rights of using to key other user to use the function of key with the form of entrusting limitedly.Shown in (B) among Fig. 2, trust has comprised counter identifier (CounterID, the i.e. ID of Dui Ying Counter, GroupID just, because GroupID is always consistent with CounterID), key identifier (KeyID, the i.e. ID of the Key that is entrusted), entrusted information (DelegationInfo, the i.e. operating list of the Key that specifically can use), check value (VerificationNumber, it is corresponding with VerificationNumber among the Counter), cipher key digest (KeyDigest, be a hash result of institute's counterpart keys), the trust password of encrypting (Enc (DelSecret)), entrust summary fields such as (DelDigest, the HMAC results of trust).
In addition, store group table (Group Table) in the persistent stored modules 130, promptly strategy is organized information data table, and it allows user to set up the strategy group of trust.Shown in (C) among Fig. 2, each organizes a counter in the corresponding reliable hardware, and can be associated with a plurality of trusts.Each trust must be subjected to the constraint of place group policy.The readable brief tactful group id of mark (Label) expression user is described the details that (Description) then shows current group policy, and summary (Digest) is a HMAC result of the data of this group.
[operation of credible calculating platform]
Contrast of the operating process of Fig. 3~Fig. 7 detailed description below respectively according to the credible calculating platform of the embodiment of the invention.Fig. 3 shows according to the authority of the embodiment of the invention and entrusts process.Fig. 4 shows the process of entrusting according to the rights of using of the embodiment of the invention.Fig. 5 shows and recalls the process that authority is entrusted according to the embodiment of the invention by the consigner.Fig. 6 shows and recalls the process that authority is entrusted according to the embodiment of the invention by the reliable hardware owner.Fig. 7 shows the process of entrusting strategy according to the setting of the embodiment of the invention.
A) consigner's (being the owner of certain key) carries out the process that authority is entrusted
Step S110, consigner set and will carry out authority to certain key and entrust, and edit the strategy group that operating right is tabulated and this trust is affiliated (i.e. correspondence the counter of a reliable hardware inside) of the key that this trusts can use.Then, the trust that edits is passed to reliable hardware 200 together with the access password of key, policy information, trust password and key.
Step S120 and S130, reliable hardware 200 utilizes the secret information of root key decruption key, extracts cipher key access password wherein, and whether the access password of checking user input is correct, if mistake then directly withdraw from.Then, check the Enabled field of corresponding counter, if 0, then directly withdraw from.Subsequently, check the Locked field of corresponding counter.Whether decision continues to carry out and whether will revise the Locked value according to policy information.Here, policy information is a numerical value, and 0 expression locked is 1 to be withdrawed from; 1 represents why locked is worth addings.
Step S140 carries out relatedly in reliable hardware 200 to key and trust, promptly read the check value (VerificationNumber) of corresponding counter, inserts the corresponding field of trust.Then, calculate the Hash Value of current key, insert KeyDigest (cipher key digest) field.
Step S150 encrypts the trust password with root key, deposits trust password (Enc (the DelSecret)) field of encryption in.Then, trust summary (DelDigest) all data before in entrusting are utilized voucher data computation HMAC value, and the result is inserted the trust abstract fields.
Step S160 entrusts the software platform 100 that returns to the upper strata with authorizing, and inserts then in the trust table.
B) utilize the process of delegated authorities access resources
Step S210, trustee import delegable information, entrust together with key, the operation of wishing execution, operating parameter and authority to send reliable hardware 200 to.
Password is entrusted in the encryption that step S220 and S230, reliable hardware utilize the root key deciphering to entrust, and whether the trust password of checking user input is correct.If mistake then directly withdraws from.
Step S240, trust summary (DelDigest) value that reliable hardware 200 verifications are entrusted finds that trust is illegal, then directly withdraws from.Cipher key digest (KeyDigest) value that reliable hardware 200 verifications are entrusted is found with the key that imports into inconsistently, then directly withdraws from.Reliable hardware 200 is checked corresponding counter, if the value of the Enabled field of this counter is 0, then directly withdraws from.Reliable hardware is checked the check value (VerificationNumber) of corresponding counter, if inconsistent with trust, then directly withdraws from.The reliable hardware verification wishes that the operation carried out is whether in the scope of entrusted information (DelegationInfo) appointment of entrusting.If mistake then directly withdraws from.
Step S250 in the time of in the scope of the entrusted information appointment that operates in trust of hope, carries out this operation.
C) consigner's (being the owner of key) carries out the process that authority is recalled
The authority that step S310, consigner select to cancel from the trust table is entrusted, and sends reliable hardware to together with the key of correspondence and the access password of key.
Step S320 and S330, reliable hardware utilize the secret information of root key decruption key, extract cipher key access password wherein, and whether the access password of checking user input is correct.Mistake then directly withdraws from.
Step S340, summary (DelDigest) is entrusted in the reliable hardware inspection, judges whether this trust is altered.Inconsistently then withdraw from.Reliable hardware is checked cipher key digest (KeyDigest), judges whether corresponding with the key of submitting to.Inconsistently then withdraw from.Then, check the Enabled and the Locked field of corresponding counter.If Enabled is 0 (unavailable), then directly withdraw from, not so,, then withdraw from if Locked is 1.
Step S350, reliable hardware revise the check value (verificationNumber, this value can only increase, and can not reduce, with the value of guaranteeing can not duplicate) of corresponding counter, return to the instruction that upper layer software (applications) allows this authority of deletion to entrust.
Step S360, the corresponding entrusted information of upper layer software (applications) deletion.It should be noted that the Counter Value of trust of not responsible other key of renewal of the owner of key.For a counter association situation of a plurality of trusts, reliable hardware the owner generate strategy, the locking counter does not allow recalling of single trust.
In addition, it may be noted that can allow the reliable hardware owner to carry out authority recalls operation, but this operation must be to carry out at the strategy group.Fig. 5 shows and recalls the process that authority is entrusted in this case.
C ') the reliable hardware owner carries out the process that authority is recalled
Step S410, the owner select to carry out the strategy group of recalling, and send reliable hardware to together with owner's password.
Step S420 and S430, whether owner's access password of reliable hardware checking user input is correct.Mistake then directly withdraws from.
Step S440 and S450, the summary of reliable hardware inspection policy group judges whether this strategy group is altered.Inconsistently then withdraw from.
Step S460, the Locked field of revising corresponding counter is 0; Revise the check value (verificationNumber, this value can only increase, and can not reduce, with the value of guaranteeing can not duplicate) of corresponding counter, and return to the instruction that upper layer software (applications) allows this authority of deletion to entrust.
All trusts of step S470, upper layer software (applications) this strategy group association of deletion from entrust table.
D) the reliable hardware owner sets the process (entrusting the strategy group with newly-built is example) of entrusting the strategy group
Step S510, the reliable hardware owner sets one and entrusts strategy, such as " regained on January 1st, 2006 and entrust ", create the strategy group of an association for this strategy, comprise effective counter identifier (CounterID), mark (Label) being set and describing (Description) etc., send reliable hardware 200 to together with the access password of root key.
Step S520 and S530, reliable hardware at first identify owner's identity, promptly check the access password of root key.Mistake then directly withdraws from.
Step S540 sets up corresponding counter, sets the Locked value according to strategy, then data is deposited in the counters table.
Step S550 returns software platform to the result, software platform update strategy group table.
In addition, the process and the above-mentioned process of revising and deleting a tactful group of information are similar, therefore no longer describe in detail.
It is pointed out that strategy can be by the free appointment of upper layer application.Such as, the description of a strategy group can be " recalling all trusts of reorganization at 8 in evening weekend ", and description of another strategy group can be " this group trust can at any time be recalled by the consigner ".
In addition, the number of entries of counters table and tactful group of table is the storage space limitations that is subjected to reliable hardware.
[example]
Provide the example of a method of the present invention below, wherein used Electronic Seal System based on credible calculating platform.
In this example, reliable hardware adopts the TPM chip, and software platform adopts TSS software, and upper layer application is a sealing system.
In addition, root key is 2048 a RSA PKI, and key is 2048 a RSA PKI, and the voucher data are random numbers of 20 bytes.
An Electronic Signature and the key institute correspondence that the TPM chip produces.Bypass the other parts of Electronic Signature and do not talk, the last signature of stamped signature in fact is exactly to utilize the private key of key that a Hash Value of official document is signed and return to the user at the TPM chip internal.
A complete Electronic Seal System is a PC, has comprised TPM chip, TSS software and sealing system among the PC at least.Only on this PC, the user imports the access password of key, just can use this key to sign, and promptly utilizes Electronic Signature that official document is affixed one's seal.
Suppose that user A is the owner of key A, i.e. the owner of stamped signature A.When user A wished that because this week will go on business the authority of affixing one's seal with stamped signature A handed to user B, he need carry out following operation:
Suppose that user A is exactly the owner of TPM chip, i.e. the keeper of platform, then he at first will set and entrust strategy.Might as well be following two group policies: strategy one, the consigner is recoverable at any time should to be entrusted; Strategy two is regained and entrust Monday.
Subsequently, user A sets and entrusts Da, specifies and entrusts password, and indicate the signature function of only entrusting key A, and is related with tactful one Da then.
After user A left, the trust password (entrusting password to transmit by other approach, such as accusing it personally) that user B can use A to set used stamped signature A to affix one's seal.But user B can not revise trust, can not revise the access password of entrusting password and key A.
After user A returns, can carry out " trust is recalled " process, regain and entrust.User B can't re-use.
The above; only be the embodiment among the present invention, but protection scope of the present invention is not limited thereto, anyly is familiar with the people of this technology in the disclosed technical scope of the present invention; the conversion that can expect easily or replacement all should be encompassed in of the present invention comprising within the scope.Therefore, protection scope of the present invention should be as the criterion with the protection range of claims.

Claims (12)

1. one kind based on method credible calculating platform, that entrust the authority of being represented by key, described credible calculating platform comprises reliable hardware and the software protocol stack that is on the described reliable hardware, described reliable hardware stores voucher data, root key and has the counters table of at least one counter, store key list with at least one key and the trust table with at least one trust in the described software protocol stack, described method comprises step:
The key that near one item missing is entrusted, entrusted, entrust password and the access password of the key of being entrusted is input to reliable hardware;
The key that reliable hardware utilizes the root key deciphering to be entrusted, the access password of the key that extraction is entrusted, whether correct with the access password of checking input;
Under the correct situation of the access password of input, described trust and the key of being entrusted are associated;
Encrypt described trust password with root key, and insert in the described trust, utilize described voucher data computation integrity value and insert in the described trust trust that generation is authorized;
The trust of described mandate is returned to the software protocol stack, to insert in the described trust table.
2. the method for claim 1 is characterized in that, the step that the described key that will entrust and be entrusted is associated comprises:
Described reliable hardware reads in the described counters table check value with the corresponding counter of key of being entrusted, and inserts the corresponding field of described trust, and calculates the Hash Value of the key of being entrusted, and inserts the cipher key digest field of described trust.
3. the method for claim 1 is characterized in that, described software protocol stack also stores the strategy group table with at least one group policy, and described method also comprises strategy setting step:
The reliable hardware owner one entrusts strategy to create a strategy group, comprises effective counter identifier, mark and description are set, and sends described reliable hardware to together with the access password of described root key;
Described reliable hardware is checked the access password of described root key;
Under the correct situation of the access password of described root key, in described counters table, set up corresponding counter, set the state of the counter of described correspondence according to strategy;
The information of the counter of described correspondence is returned described software protocol stack, to upgrade described tactful group of table.
4. the method for claim 1 is characterized in that, also comprises step:
The trust that the trustee will authorize, the key of being entrusted, the operation of wishing execution and trust password are input in the reliable hardware;
The trust password of described reliable hardware checking input whether the operation of correct and described hope execution whether within the trust scope;
Under situation about being proved to be successful, described trustee carries out the operation that described hope is carried out.
5. method as claimed in claim 4 is characterized in that, verifies by the trust of deciphering described mandate with root key whether the trust password of described input is correct.
6. method as claimed in claim 4 is characterized in that, trust summary, the cipher key digest of the trust of the described mandate of described reliable hardware verification.
7. method as claimed in claim 6 is characterized in that, the state and the check value of described reliable hardware inspection and the corresponding counter of key of being entrusted.
8. the method for claim 1 is characterized in that, described integrity value is the hashed message authentication code value.
9. as claim 2 or 3 described methods, it is characterized in that described root key is that RSA key is right.
10. as claim 2 or 3 described methods, it is characterized in that the key of being entrusted is that RSA key is right.
11. method of entrusting based on the revocation of credible calculating platform, described credible calculating platform comprises reliable hardware and the software protocol stack that is on the described reliable hardware, described reliable hardware stores root key and has the counters table of at least one counter, store key list with at least one key and the trust table with at least one trust in the described software protocol stack, described method comprises step:
From described trust table, select trust to be cancelled, be input to reliable hardware with owner's password of the key of being entrusted and the key of being entrusted;
In described reliable hardware, verify owner's password of input by the key of being entrusted with described root key deciphering;
Under situation about being proved to be successful, check whether the integrality of entrusted information and described entrusted information mate with the key of being entrusted;
Under check result was sure situation, described reliable hardware was revised Counter Value;
Trust described to be cancelled in the described trust table of described software protocol stack deletion.
12. method of entrusting based on the revocation of credible calculating platform, described credible calculating platform comprises reliable hardware and the software protocol stack that is on the described reliable hardware, described credible calculating platform comprises reliable hardware and the software protocol stack that is on the described reliable hardware, described reliable hardware stores root key and has the counters table of at least one counter, the strategy group table that stores the key list with at least one key, trust table in the described software protocol stack and have at least one group policy with at least one trust, described method comprises step:
The reliable hardware owner selects the strategy group that will recall from described tactful group of table, send described reliable hardware to together with owner's password;
Whether owner's access password of described reliable hardware checking user input is correct;
Under situation about being proved to be successful, check whether the integrality of entrusted information and described entrusted information mate with the key of being entrusted;
Under check result was sure situation, described reliable hardware was revised Counter Value;
The trust that in the described trust table of software protocol stack deletion, is associated with the described strategy group that will recall.
CN200510135576XA 2005-12-29 2005-12-29 Authority principal method based on trusted computing platform Expired - Fee Related CN1992714B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200510135576XA CN1992714B (en) 2005-12-29 2005-12-29 Authority principal method based on trusted computing platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200510135576XA CN1992714B (en) 2005-12-29 2005-12-29 Authority principal method based on trusted computing platform

Publications (2)

Publication Number Publication Date
CN1992714A CN1992714A (en) 2007-07-04
CN1992714B true CN1992714B (en) 2010-08-25

Family

ID=38214661

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200510135576XA Expired - Fee Related CN1992714B (en) 2005-12-29 2005-12-29 Authority principal method based on trusted computing platform

Country Status (1)

Country Link
CN (1) CN1992714B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101452514B (en) * 2007-12-06 2011-06-29 中国长城计算机深圳股份有限公司 User data protection method for safety computer
CN103617400B (en) * 2013-11-22 2016-06-15 北京海泰方圆科技股份有限公司 A kind of file strong box password remapping method
AT517365A1 (en) * 2015-06-23 2017-01-15 Diethard Dipl Ing (Fh) Mahorka Device, method and computer program product for secure data communication
US10218696B2 (en) * 2016-06-30 2019-02-26 Microsoft Technology Licensing, Llc Targeted secure software deployment
CN106230595B (en) * 2016-07-21 2019-09-03 北京可信华泰信息技术有限公司 A kind of authorized agreement of credible platform control module
CN111294379B (en) * 2018-12-10 2022-06-07 北京沃东天骏信息技术有限公司 Block chain network service platform, authority hosting method thereof and storage medium
CN110430193B (en) * 2019-08-06 2022-03-08 广州虎牙科技有限公司 Information verification method, device, server and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1282023A1 (en) * 2001-07-30 2003-02-05 Hewlett-Packard Company Trusted platform evaluation
GB2399906A (en) * 2003-03-22 2004-09-29 Hewlett Packard Development Co Delegating authority
CN1588385A (en) * 2004-07-15 2005-03-02 上海交通大学 Method for signature and seal central management and trust authorized electronic signature and seal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1282023A1 (en) * 2001-07-30 2003-02-05 Hewlett-Packard Company Trusted platform evaluation
GB2399906A (en) * 2003-03-22 2004-09-29 Hewlett Packard Development Co Delegating authority
CN1588385A (en) * 2004-07-15 2005-03-02 上海交通大学 Method for signature and seal central management and trust authorized electronic signature and seal

Also Published As

Publication number Publication date
CN1992714A (en) 2007-07-04

Similar Documents

Publication Publication Date Title
CN116112274B (en) Blockchain, management group rights and integration of access in an enterprise environment
CN109792381B (en) Method and device for storing and sharing comprehensive data
CN116601912B (en) System, method and storage medium for providing cryptographically secure post-secret provisioning services
US9286481B2 (en) System and method for secure and distributed physical access control using smart cards
JP5100286B2 (en) Cryptographic module selection device and program
JP4993733B2 (en) Cryptographic client device, cryptographic package distribution system, cryptographic container distribution system, and cryptographic management server device
US11184161B2 (en) Method and devices for verifying authorization of an electronic device
CN110489996B (en) Database data security management method and system
US7526649B2 (en) Session key exchange
US20140112470A1 (en) Method and system for key generation, backup, and migration based on trusted computing
US20100138652A1 (en) Content control method using certificate revocation lists
CN1992714B (en) Authority principal method based on trusted computing platform
CN111010430B (en) Cloud computing security data sharing method based on double-chain structure
US20080148062A1 (en) Method for the secure storing of program state data in an electronic device
KR101817152B1 (en) Method for providing trusted right information, method for issuing user credential including trusted right information, and method for obtaining user credential
CN104573549A (en) Credible method and system for protecting confidentiality of database
CN100550030C (en) On portable terminal host, add the method for credible platform
CN100596058C (en) System and method for managing credible calculating platform key authorization data
US20080229433A1 (en) Digital certificate based theft control for computers
CN115021927B (en) Administrator identity management and control method and system for cryptographic machine cluster
WO2022252845A1 (en) User data management method and related device
CN113836576B (en) User privacy data protection method for taxi taking software
CN104899480A (en) Software copyright protection and management method based on combined public key identity authentication technology
CN114726590A (en) Method for realizing login authentication without centralization in distributed system
CN117294465B (en) Attribute encryption system and method based on cross-domain communication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100825

Termination date: 20201229