CN201498001U - Credible calculation platform based on symmetrical key codes - Google Patents
Credible calculation platform based on symmetrical key codes Download PDFInfo
- Publication number
- CN201498001U CN201498001U CN2009202278961U CN200920227896U CN201498001U CN 201498001 U CN201498001 U CN 201498001U CN 2009202278961 U CN2009202278961 U CN 2009202278961U CN 200920227896 U CN200920227896 U CN 200920227896U CN 201498001 U CN201498001 U CN 201498001U
- Authority
- CN
- China
- Prior art keywords
- key
- credible
- cipher
- password module
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The utility model relates to a credible calculation platform based on symmetrical key codes, which belongs to the technical field of computer information safety. The platform comprises CPUs which are connected in turn, a north bridge which belongs to a pattern and storage centralized controller and a south bridge which belongs to an integrated centralized controller of periphery devices, a display and a memory are respectively connected with the north bridge, and a keyboard, a hard disc, a BIOSROM and a credible code module are respectively connected with the south bridge. The credible calculation platform has the advantages of leading the key to have fast storage and protection speed and high reliability, not only saving limited internal resources of platforms, but also preventing a sensitive key from being exposed outside the credible platform.
Description
Technical field
The utility model relates to a kind of credible calculating platform based on symmetric key cipher, belongs to the computer information safety technique field.
Background technology
Credible calculating platform has embedded an independent security module on common computing platform, platform proof of identification and integrity data can be provided to the visitor of this platform.This independent security module is referred to as credible password module, and former common computing platform is referred to as the credible calculating platform main frame.Credible password module has separate processor and storer, can provide functions such as encryption and decryption and secret data storage to support.For credible password module, the user of the driver on the credible calculating platform main frame, operating system or application program and operating system or application program etc. is referred to as external entity.Key under the credible calculating platform environment is the core data of encryption and decryption and authorization identifying, can the implementation platform authentication, exchanges data between completeness of platform report, platform, guarantee the functions such as confidentiality, integrality and non-repudiation of data, so key management is the important component part of credible calculating platform.Wherein, the storage of key is most important, if improper measures causes key to leak, platform can become " insincere " from " credible ".
Credible calculating platform provides a more broad security context for the network user, and it handles safety problem from the angle of security system, guarantees user's secure execution environments, breaks through Passive Defence patch installing mode.
In order to solve the safe storage problem of key, Trusted Computing tissue (TCG) adopts following safety practice:
Adopt public-key cryptosystem to reinforce the various keys that need protection: with the public-key cryptography of primary storage key partly to key to be protected encrypt encKey=AsymEnc (Key, pubSMK), the ciphertext after a storage key is encrypted; When needs use corresponding key, again with the private cipher key of primary storage key part to ciphertext be decrypted obtain key plain Key=UAsymEnc (encKey, priSMK).
The system that uses public-key is encrypted various keys and storage, because public key algorithm, algorithm speed is slow, is difficult to satisfy the encryption/decryption speed requirement of the many keys of large-scale credible calculating platform; Because private cipher key is privately owned by PKI holder individual fully, do not meet the cryptography-policy that uses the secret key encryption sensitive information, be unfavorable for realizing that the third party supervises.
Summary of the invention
The purpose of this utility model is, overcomes the shortcoming of prior art, and a kind of credible calculating platform based on symmetric key cipher is provided; make key memory protection speed fast; the reliability height had both been saved limited platform internal resource, had avoided responsive key to be exposed to outside the credible platform again.
The technical solution of the utility model is: a kind of credible calculating platform based on symmetric key cipher comprises successively the CPU that connects, belongs to the north bridge of figure and saveset middle controller and belongs to the south bridge of the integrated Centralized Controller of peripheral equipment; Display and internal memory are connected with north bridge respectively; Keyboard, hard disk, BIOS ROM and credible password module are connected with south bridge respectively.
Described credible password module comprises I/O I/O interface, processor, storer, random number generator and password coprocessor.
Described credible password module is a nonvolatile memory, and its storage inside has the key that needs storage, comprises storage master key SMK, identity key PIK, encryption key PEK.
Between described storage master key SMK and identity key PIK and encryption key PEK, the user key UK the double-deck cipher key management structure of root key to lower floor's key.
Described identity key PIK and encryption key PEK be with stored in clear physical protection zone in credible password module, or encrypt the back with storage master key SMK and be stored in the credible password module external entity with ciphertext; User key UK encrypts the back with storage master key SMK and is stored in the credible password module outside with ciphertext.
Technique effect of the present utility model is: utilize symmetric key cipher to carry out the key memory protection, speed is fast, and the reliability height had both been saved limited platform internal resource, had avoided responsive key to be exposed to outside the credible platform again; When the High Security Level key select stored in clear in credible password module the physical protection zone or encrypt when being stored in external entity safety flexibly; Adopt symmetric cryptography to realize encrypting storage, meet relevant password Regulation Policy.
Description of drawings
Fig. 1 is the credible calculating platform structural representation;
Fig. 2 is the credible password module structural representation.
Fig. 3 is a credible calculating platform key management structure synoptic diagram.
Embodiment
It is as follows that the utility model is described in further detail in conjunction with the accompanying drawings and embodiments:
As shown in Figure 1, 2, 3, a kind of credible calculating platform based on symmetric key cipher, it is made up of the CPU 200 that connects successively, the south bridge 225 that belongs to the north bridge 210 of figure and saveset middle controller and belong to the integrated Centralized Controller of peripheral equipment; Display 205 and internal memory 215 are connected with north bridge 210 respectively; Keyboard 220, hard disk 240, BIOS ROM 230 and credible password module 235 are connected with south bridge 225 respectively.Credible password module 235 includes I/O I/O interface 300, processor 305, comprises volatibility and non-volatile storer 310, random number generator 330 and password coprocessor 335.The described credible password module 235 of present embodiment is a nonvolatile memory, and its storage inside has the key that needs storage, comprises storage master key SMK 315, identity key PIK 320, encryption key PEK 325.Between storage master key SMK 315 and identity key PIK320 and encryption key PEK 325, the user key UK 326 is the double-deck cipher key management structure of root key to lower floor's key.Identity key PIK 320 and encryption key PEK 325 also can encrypt the back with storage master key SMK 315 and be stored in credible password module 235 external entities with ciphertext with stored in clear physical protection zone in credible password module 235; User key UK 326 usefulness storage master key SMK 315 encrypts the back and is stored in credible password module 235 outsides with ciphertext.
Using a kind of credible calculating platform based on symmetric key cipher of the utility model carries out the key storing step and is: A, credible password module 235 is written into the private key PRIEK of crypto module key EK, and to the credible password module initialization; B, the verifying bench owner authorize; C, checking storage master key SMK 315 authorize; D, identity key PIK 320 authorization datas are set; E, carry out the ECC key schedules by credible password module 235, it is right to generate identity key PIK 320 keys, and described key is to storing and stored in clear for ciphertext; F, use identity key PIK 320; The storage of described ciphertext is to derive together with crypto identity key PIK 320 private keys of storing master key SMK 315 and authorization data thereof and identity key PIK 320 PKIs to store external entity into, send private key and the authorization data of encrypting to crypto module then, by the ciphertext of this module with storage master key SMK 315 decryption identity key PIK 320 and private key and authorization data thereof.Described stored in clear be identity key PIK 320 with stored in clear non-volatile physical protection zone in credible password module 235, and directly be in identity key PIK 320 user modes and directly use.Described storage master key SMK 315 is with stored in clear non-volatile physical protection zone in credible password module 235.
Claims (5)
1. the credible calculating platform based on symmetric key cipher is characterized in that, this platform comprises successively the CPU (200) that connects, belong to the north bridge (210) of figure and saveset middle controller and belong to the south bridge (225) of the integrated Centralized Controller of peripheral equipment; Display (205) and internal memory (215) are connected with north bridge (210) respectively; Keyboard (220), hard disk (240), BIOS ROM (230) and credible password module (235) are connected with south bridge (225) respectively.
2. according to the described credible calculating platform of claim 1 based on symmetric key cipher, it is characterized in that described credible password module (235) comprises I/O I/O interface (300), processor (305), storer (310), random number generator (330) and password coprocessor (335).
3. according to the described credible calculating platform of claim 2 based on symmetric key cipher, it is characterized in that, described credible password module (235) is a nonvolatile memory, its storage inside has the key that needs storage, comprises storage master key SMK (315), identity key PIK (320), encryption key PEK (325).
4. according to the described credible calculating platform of claim 2 based on symmetric key cipher, it is characterized in that, be the double-deck cipher key management structure of root key to lower floor's key between described storage master key SMK (315) and identity key PIK (320) and encryption key PEK (325), the user key UK (326).
5. according to claim 3 or 4 described credible calculating platforms based on symmetric key cipher, it is characterized in that, described identity key PIK (320) and encryption key PEK (325) be with stored in clear physical protection zone in credible password module (235), or encrypt the back with storage master key SMK (315) and be stored in credible password module (235) external entity with ciphertext; User key UK (326) encrypts the back with storage master key SMK (315) and is stored in credible password module (235) outside with ciphertext.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009202278961U CN201498001U (en) | 2009-09-04 | 2009-09-04 | Credible calculation platform based on symmetrical key codes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009202278961U CN201498001U (en) | 2009-09-04 | 2009-09-04 | Credible calculation platform based on symmetrical key codes |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN201498001U true CN201498001U (en) | 2010-06-02 |
Family
ID=42441203
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009202278961U Expired - Fee Related CN201498001U (en) | 2009-09-04 | 2009-09-04 | Credible calculation platform based on symmetrical key codes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN201498001U (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901319A (en) * | 2010-07-23 | 2010-12-01 | 北京工业大学 | Trusted computing platform and method for verifying trusted chain transfer |
| CN102063591A (en) * | 2011-01-07 | 2011-05-18 | 北京工业大学 | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform |
| CN103079200A (en) * | 2011-10-26 | 2013-05-01 | 国民技术股份有限公司 | Wireless access authentication method, system and wireless router |
| CN107483188A (en) * | 2017-08-07 | 2017-12-15 | 浪潮(北京)电子信息产业有限公司 | A kind of key method for secure storing and system |
-
2009
- 2009-09-04 CN CN2009202278961U patent/CN201498001U/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901319A (en) * | 2010-07-23 | 2010-12-01 | 北京工业大学 | Trusted computing platform and method for verifying trusted chain transfer |
| CN102063591A (en) * | 2011-01-07 | 2011-05-18 | 北京工业大学 | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform |
| CN102063591B (en) * | 2011-01-07 | 2012-08-08 | 北京工业大学 | Methods for updating PCR (Platform Configuration Register) reference values based on trusted platform |
| CN103079200A (en) * | 2011-10-26 | 2013-05-01 | 国民技术股份有限公司 | Wireless access authentication method, system and wireless router |
| CN103079200B (en) * | 2011-10-26 | 2016-08-03 | 国民技术股份有限公司 | The authentication method of a kind of wireless access, system and wireless router |
| CN107483188A (en) * | 2017-08-07 | 2017-12-15 | 浪潮(北京)电子信息产业有限公司 | A kind of key method for secure storing and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102646077B (en) | A kind of method of the full disk encryption based on credible password module | |
| CN101651543B (en) | Creditable calculation platform key migration system and key migration method thereof | |
| CN102271037B (en) | Based on the key protectors of online key | |
| CN100586065C (en) | CPK credibility authorization system | |
| CN103051455B (en) | The implementation method of the credible password module cryptographic function devolution under a kind of cloud computing environment | |
| CN102262599B (en) | Trusted root-based portable hard disk fingerprint identification method | |
| US20050283826A1 (en) | Systems and methods for performing secure communications between an authorized computing platform and a hardware component | |
| CN107908574B (en) | Safety protection method for solid-state disk data storage | |
| TW202036347A (en) | Method and apparatus for data storage and verification | |
| CN104200156A (en) | Trusted cryptosystem based on Loongson processor | |
| CN102207999A (en) | Data protection method based on trusted computing cryptography support platform | |
| CN110874726A (en) | TPM-based digital currency security protection method | |
| CN107294710A (en) | A kind of key migration method and device of vTPM2.0 | |
| CN101739622A (en) | Trusted payment computer system | |
| CN103440462A (en) | Embedded control method for improving security and secrecy performance of security microprocessor | |
| CN109190401A (en) | A kind of date storage method, device and the associated component of Qemu virtual credible root | |
| CN104268447A (en) | Encryption method of embedded software | |
| CN109815747A (en) | Offline auditing method, electronic device and readable storage medium storing program for executing based on block chain | |
| CN102024115B (en) | Computer with user security subsystem | |
| CN201498001U (en) | Credible calculation platform based on symmetrical key codes | |
| CN102957541A (en) | Password encryption method based on SAAS (Software as a Service) | |
| CN101582765B (en) | User bound portable trusted mobile device | |
| CN201051744Y (en) | A secure encryption network card device | |
| KR20160076731A (en) | A method for authenticating a device of smart grid | |
| CN101799852A (en) | Hardware cryptographic module and method for protecting bank counter sensitive data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of utility model: Credible calculation platform based on symmetrical key codes Effective date of registration: 20111228 Granted publication date: 20100602 Pledgee: Guangdong Development Bank, Limited by Share Ltd, Wuhan, East Lake branch Pledgor: Ruida information security industry, Limited by Share Ltd|Shanghai Ruida safety integrated circuit Co., Ltd. Registration number: 2011990000522 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20140304 Granted publication date: 20100602 Pledgee: Guangdong Development Bank, Limited by Share Ltd, Wuhan, East Lake branch Pledgor: Ruida information security industry, Limited by Share Ltd|Shanghai Ruida safety integrated circuit Co., Ltd. Registration number: 2011990000522 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of utility model: Credible calculation platform based on symmetrical key codes Effective date of registration: 20140304 Granted publication date: 20100602 Pledgee: Guangdong Development Bank, Limited by Share Ltd, Wuhan, Wuchang branch Pledgor: JETWAY Information Security Industry Co., Ltd. Registration number: 2014990000132 |
|
| PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100602 Termination date: 20180904 |