TW201824809A

TW201824809A - Method and system for distributing attestation key and certificate in trusted computing

Info

Publication number: TW201824809A
Application number: TW106136869A
Authority: TW
Inventors: 付穎芳
Original assignee: 香港商阿里巴巴集團服務有限公司
Priority date: 2016-12-15
Filing date: 2017-10-26
Publication date: 2018-07-01
Also published as: CN108234115A; TWI734854B; CN108234115B

Abstract

One embodiment described herein provides a system and method for secure attestation. During operation, a Trusted Platform Module (TPM) of a trusted platform receives a request for an attestation key from an application module configured to run an application on the trusted platform. The request comprises a first nonce generated by the application module. The TPM computes an attestation public/private key pair based on the first nonce and a second nonce, which is generated by the TPM, computes TPM identity information based on a unique identifier of the TPM and attestation key, and transmits a public key of the attestation public/private key pair and the TPM identity information to the application module, thereby enabling the application module to verify the public key of the attestation public/private key pair based on the TPM identity information.

Description

Information security verification method, device and system

本發明涉及資訊安全領域，具體而言，涉及一種資訊安全的驗證方法、裝置和系統。The present invention relates to the field of information security, and in particular, to a method, device and system for verifying information security.

隨著計算網路技術的發展，資訊安全越來越受到人們的重視。資訊安全主要包括：設備安全、資料安全、內容安全與行為安全。為了確保資訊的安全性，如果在兩台設備之間進行通信，一台設備通常需借助平台身份資料和平台證書來向另一台設備證明其身份及設備平台的可信性。　　在資訊安全領域，為了保證用於通信的兩台設備之間的可信性，簡單的方案是採用口令及動態驗證碼的方式，即，借助用戶預設的口令以及實時的動態驗證碼來驗證互動實體的真實性，但是該方案在口令及動態驗證碼分發過程中，易截取洩露，並且動態驗證碼的獲取及輸入都會造成用戶的操作不便，也沒有考慮用戶所在平台的安全性。因而，現有技術大多採用可信計算組織(Trusted Computing Group，TCG)提出的可信計算方案，可信計算能夠在計算運算的同時進行安全防護，使計算結果總是與預期一致，計算全程可測可控，不被干擾。　　目前，可信計算主要分為兩種：一種是國內的可信平台控制模組(Trusted Platform Control Module，TPCM)，另一種是國際TCG標準組織的可信平台模組(Trusted Platform Module，TPM)。TCG規範中給出了對可信(trusted)的定義：一個實體一直以一種可預期的方式為特定的目標運行。可信計算的核心機制是通過信任鏈機制構建可信計算環境，目前運行實體是否可信是建立系統前一運行過程是否可信的基礎上。基於這種信任關係，如果系統從一個初始的信任根出發，在平台計算環境的每一次轉換時，這種信任可以通過傳遞的方式維持下去，從而在計算平台上建立了一級驗證一級，一級信任一級的可信鏈，該計算環境就始終是可信的，它就能夠被本地用戶或遠程實體信任，如圖1所示，圖1是根據現有技術的一種可選的TCG信任鏈示意圖，從圖1可以看出，可信計算的關鍵技術包括可信度量、可信報告、可信儲存和可信網路連接等幾部分。　　可信計算的核心要素是可信鏈與可信根，TCG規範中的可信平台模組(Trusted Platform Module，TPM)是可信計算平台的硬體可信根，TPM是提供受保護的安全儲存、密碼運算能力的安全晶片。TPM通過物理方式與可信計算平台相連並通過外部匯流排連接到CPU上，例如PC機平台上採取直接固化在主板上的方式並通過LPC匯流排連接。由於TPM的核心度量根CRTM(Core Root of Trust for Measurement)處於基本輸入輸出系統BIOS中，不受TPM的保護。而可信平台控制模組TPCM實現了可信平台模組TPM的基本功能，其功能組成和與可信平台模組TPM基本相同，但在計算平台的運行控制傳遞過程中，可信根TPCM判斷其下一級執行代碼的真實性和完整性是否被篡改，如果沒有，系統將運行控制權傳遞到下一級可信執行代碼，系統的可信範圍因擴大到下一級功能代碼；同理，這種系統控制權不斷傳遞，就可以實現信任鏈的建立和傳遞過程，最終實現系統範圍可信構建。一個完整的系統可信傳遞過程要從可信根開始，系統控制權順序由可信平台控制模組傳遞到可信的BIOS，再傳遞到可信的操作系統裝載器，從可信的操作系統裝載器傳遞到可信的操作系統，再從可信的操作系統傳遞到可信的應用。因此，TPCM提出了一種新的可信度量根設計，解決了可信度量根的起始度量點問題，改變了啟動和度量順序，在此基礎上，建立了以該晶片為信任根的信任鏈度量流程，實現了由該晶片控制整個系統的啟動，I/O介面控制以及系統配置等，體現了該晶片對系統可信性的控制作用。　　由上可知，可信計算以硬體可信模組為核心，通過可信傳遞構建計算平台的信任鏈，可以保障網路和資訊系統安全。遠程證明作為可信計算的重要內容，是開放網路環境下建立計算平台間信任的有效機制。遠程證明協議基於Privacy CA產生一個平台身份密鑰，在認證平台身份的同時，保護用戶的隱私，基於平台身份密鑰向遠程方證明平台的軟體狀態，但是，該方案在獲取身份密鑰和身份證書的進程與可信安全晶片之間並無身份合法性驗證，存在中間人攻擊。具體地，結合圖2來說明現有的平台身份密鑰及證書分發過程，圖2是根據現有技術的一種平台身份密鑰及證書分發過程示意圖，如圖2所示，包括如下步驟：　　步驟S202，用戶進程U向安全晶片T發送身份標簽L和指定的可信第三方PCA。　　具體地，在上述步驟中，身份標簽L為用戶終端上運行的用戶進程U的身份標簽，只是一個標簽，可以由用戶自由選取，可以用於查找AIK證書，而無法作為安全晶片或者用戶唯一標識名稱使用。需要說明的是，由於身份標簽L沒有加密，易被攻擊者截取。　　步驟S204，安全晶片T向用戶進程U發送平台身份公鑰AIK、簽名的身份內容資訊I，其中，I=[AIK，L，PCA] AIK^-1 。　　具體地，在上述步驟中，安全晶片T調用TPM_ MakeIdentity命令，由TPM晶片為用戶進程U產生一個新的平台身份密鑰對，將用戶進程U的平台身份私鑰保存在TPM晶片內部，而將用戶進程U的平台身份公鑰AIK和TPM產生的身份內容資訊I返回給用戶；其中，I=[AIK，L，PCA]AIK^-1 函數通過安全晶片T為用戶進程U產生的平台身份私鑰AIK^-1 對用戶進程U的平台身份公鑰AIK、身份標簽L和可信第三方PCA進行簽名，表示這些資料與該安全晶片T關聯。　　需要說明的是，在協議中安全晶片T沒有向用戶進程U證明AIK以及AIK^-1 為其產生的平台身份公私鑰對。　　步驟S206，用戶進程U向可信第三方PCA發送安全晶片背書證書Cert_EK、用戶進程U的平台身份公鑰AIK、身份標簽L和簽名的身份內容資訊I。　　需要說明的是，由於安全晶片背書證書Cert_EK、身份標簽L均未保護，容易遭受截取。　　步驟S208，可信第三方PCA將加密包[Cert_AIK]_EK 返回至用戶進程U。　　具體地，在上述步驟中，可信第三方PCA驗證安全晶片背書證書Cert_EK的有效性，利用其私鑰SK(廠商私鑰)對平台身份公鑰AIK進行簽名，產生AIK證書後，使用安全晶片背書公鑰加密保護AIK證書，並將加密包返回至用戶進程U。　　步驟S210，用戶進程U向安全晶片T發送利用安全晶片背書公鑰EK產生的加密包[Cert_AIK]_EK 。　　步驟S212，安全晶片T使用其內部的安全晶片背書私鑰EK解密加密包[Cert_AIK]_EK 並獲得相應的AIK證書Cert_AIK。　　具體地，在上述步驟中，安全晶片T通過TPM_ ActivateIdentity命令來激活T內部的新平台身份密鑰AIK，同時使用T內部的安全晶片背書私鑰EK解密獲得相應的AIK證書。　　分析可知，現有的平台身份密鑰及證書分發過程中，由於獲取身份密鑰和身份證書的用戶進程與可信安全晶片之間沒有身份合法性驗證，用戶進程向安全晶片獲取身份密鑰，以及向PCA獲取身份證書過程中，雙方也沒有身份合法性確認，這使得獲取身份密鑰和身份證書的過程中存在中間人攻擊；另一方面，用戶向PCA申請證書時，並不驗證該進程是否來自可信安全晶片平台，這使得許多沒有安全晶片的平台可以利用一個可信平台的安全晶片來欺騙驗證者從而獲取合法身份證書，或者說沒有合法平台的用戶進程均可以通過一個被控制的合法可信平台去獲得合法身份證書。　　針對上述現有技術中用戶終端上運行的用戶進程與安全晶片互動時沒有對雙方身份進行合法性驗證的問題，目前尚未提出有效的解決方案。With the development of computing network technology, information security is receiving more and more attention. Information security mainly includes: device security, data security, content security and behavioral security. In order to ensure the security of information, if communication between two devices, one device usually needs to use the platform identity information and platform certificate to prove the identity of the other device and the credibility of the device platform. In the field of information security, in order to ensure the credibility between the two devices used for communication, a simple solution is to use a password and a dynamic verification code, that is, to verify with the password preset by the user and the real-time dynamic verification code The authenticity of the interactive entity, but this solution is easy to intercept and leak during the distribution of passwords and dynamic verification codes, and the acquisition and input of dynamic verification codes will cause inconvenience to the user's operation, and do not consider the security of the user's platform. Therefore, most of the existing technologies adopt the trusted computing scheme proposed by the Trusted Computing Group (TCG). Trusted computing can perform security protection while computing and make the calculation results always consistent with expectations, and the calculation process can be measured. Controllable and undisturbed. At present, there are two main types of trusted computing: one is the domestic Trusted Platform Control Module (TPCM), and the other is the Trusted Platform Module (TPM) of the International TCG Standards Organization. . The definition of trusted is given in the TCG specification: An entity has been operating in a predictable manner for a specific purpose. The core mechanism of trusted computing is to build a trusted computing environment through a chain of trust mechanism. Whether the current operating entity is trusted is based on whether the previous operating process of the system is trusted. Based on this trust relationship, if the system starts from an initial root of trust, this trust can be maintained in a transitive manner at each transformation of the platform's computing environment, thereby establishing a level of verification, a level of trust on the computing platform. First-level trusted chain, the computing environment is always trusted, and it can be trusted by local users or remote entities, as shown in Figure 1, which is a schematic diagram of an optional TCG trust chain according to the prior art. As can be seen in Figure 1, the key technologies of trusted computing include trusted metrics, trusted reports, trusted storage, and trusted network connections. The core elements of trusted computing are the trusted chain and the trusted root. The Trusted Platform Module (TPM) in the TCG specification is the hardware trusted root of the trusted computing platform. The TPM is to provide protected security. Storage, cryptographic computing security chip. The TPM is physically connected to the trusted computing platform and connected to the CPU through an external bus. For example, the PC platform is directly cured on the motherboard and connected through the LPC bus. Because the core measurement root CRTM (Core Root of Trust for Measurement) of the TPM is in the basic input output system BIOS, it is not protected by the TPM. The trusted platform control module TPCM implements the basic functions of the trusted platform module TPM. Its functional composition is basically the same as that of the trusted platform module TPM. However, during the operation control transfer of the computing platform, the trusted root TPCM judges Whether the authenticity and integrity of the execution code at the next level has been tampered with. If not, the system passes operation control to the trusted execution code at the next level, and the system's credibility is expanded to the functional code at the next level. Similarly, The continuous transmission of system control can realize the establishment and transfer of trust chain, and finally achieve the system-wide trusted construction. A complete system trusted transfer process starts from the trusted root, the system control order is transferred from the trusted platform control module to the trusted BIOS, and then to the trusted operating system loader, from the trusted operating system The loader is passed to the trusted operating system, and then from the trusted operating system to the trusted application. Therefore, TPCM proposed a new trusted metric root design, which solved the problem of the initial metric point of the trusted metric root, changed the startup and metric sequence, and established a trust chain with the chip as the root of trust. The measurement process realizes that the chip controls the start of the entire system, I / O interface control, and system configuration, etc., which reflects the chip's control of system credibility. It can be seen from the above that trusted computing takes hardware trusted modules as the core and builds the trust chain of the computing platform through trusted transfer, which can guarantee the security of the network and information systems. As an important content of trusted computing, remote attestation is an effective mechanism for establishing trust between computing platforms in an open network environment. The remote attestation protocol generates a platform identity key based on the Privacy CA. While authenticating the identity of the platform, it protects the privacy of the user. The platform identity key is used to prove the software status of the platform to the remote party. However, the solution is to obtain the identity key and identity. There is no identity legality verification between the certificate process and the trusted security chip, and there is a man-in-the-middle attack. Specifically, the existing platform identity key and certificate distribution process will be described with reference to FIG. 2. FIG. 2 is a schematic diagram of a platform identity key and certificate distribution process according to the prior art. As shown in FIG. 2, it includes the following steps: Step S202, The user process U sends an identity tag L and a designated trusted third-party PCA to the security chip T. Specifically, in the above steps, the identity tag L is the identity tag of the user process U running on the user terminal. It is just a tag that can be freely selected by the user and can be used to find the AIK certificate. Name use. It should be noted that, because the identity label L is not encrypted, it is easy to be intercepted by an attacker. In step S204, the security chip T sends the platform identity public key AIK and the signed identity content information I to the user process U, where I = [AIK, L, PCA] AIK ^-1 . Specifically, in the above steps, the security chip T calls the TPM_MakeIdentity command, the TPM chip generates a new platform identity key pair for the user process U, stores the platform identity private key of the user process U in the TPM chip, and The platform identity public key AIK of the user process U and the identity content information I generated by the TPM are returned to the user; where I = [AIK, L, PCA] AIK ^-1 function uses the security chip T to generate the platform identity private key for the user process U AIK ^-1 signs the platform identity public key AIK, identity tag L, and trusted third-party PCA of the user process U, indicating that these materials are associated with the security chip T. It should be noted that in the protocol, the security chip T does not prove to the user process U the AIK and AIK ^-1 platform identity public-private key pair generated for it. In step S206, the user process U sends a secure chip endorsement certificate Cert_EK, the platform identity public key AIK, the identity label L, and the signed identity content information I to the trusted third-party PCA. It should be noted that because the security chip endorsement certificate Cert_EK and the identity tag L are not protected, they are vulnerable to interception. In step S208, the trusted third-party PCA returns the encrypted package [Cert_AIK] _EK to the user process U. Specifically, in the above steps, a trusted third-party PCA verifies the validity of the security chip endorsement certificate Cert_EK, uses its private key SK (vendor private key) to sign the platform identity public key AIK, and uses the security chip after generating the AIK certificate Endorsed the public key encryption to protect the AIK certificate and return the encrypted packet to the user process U. In step S210, the user process U sends an encrypted packet [Cert_AIK] _EK generated by the secure chip T to endorse the public key EK to the secure chip T. Step S212: The security chip T uses its internal security chip to endorse the private key EK to decrypt the encrypted packet [Cert_AIK] _EK and obtains the corresponding AIK certificate Cert_AIK. Specifically, in the above steps, the security chip T activates the new platform identity key AIK inside T through the TPM_ActivateIdentity command, and simultaneously decrypts using the security chip endorsement private key EK inside T to obtain the corresponding AIK certificate. The analysis shows that in the existing platform identity key and certificate distribution process, because there is no identity legality verification between the user process obtaining the identity key and identity certificate and the trusted security chip, the user process obtains the identity key from the security chip, and During the process of obtaining the identity certificate from PCA, the two parties did not confirm the validity of the identity, which made man-in-the-middle attacks in the process of obtaining the identity key and identity certificate. On the other hand, when the user applied for a certificate from PCA, the process was not verified. From a trusted secure chip platform, this allows many platforms without a secure chip to use a trusted chip of the secure chip to deceive verifiers to obtain a legal identity certificate, or that user processes without a legitimate platform can pass a controlled legal Trusted platform to obtain legal identity certificate. Aiming at the problem that when the user process running on the user terminal in the prior art interacts with the security chip, the identity of both parties is not verified, and no effective solution has been proposed at present.

本發明實施例提供了一種資訊安全的驗證方法、裝置和系統，以至少解決現有技術中用戶終端上運行的用戶進程與安全晶片互動時沒有對雙方身份進行合法性驗證的技術問題。　　根據本發明實施例的一個方面，提供了一種資訊安全的驗證方法，包括：用戶終端將加密後的資訊集發送至安全晶片，其中，資訊集包括：第一隨機數；用戶終端接收安全晶片返回的身份資料，其中，身份資料包括：使用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊和安全晶片為用戶終端上運行的用戶進程產生的平台身份公鑰；用戶終端根據第一隨機數對身份資料進行解密得到第一解密結果，其中，第一解密結果包括：對加密後的背書證書進行解密，和/或對身份內容資訊進行解密；用戶終端根據第一解密結果確定安全晶片是否為合法的晶片。　　根據本發明實施例的另一方面，還提供了一種資訊安全的驗證系統，包括：安全晶片；用戶終端，用於將加密後的資訊集發送至安全晶片，接收安全晶片返回的身份資料，根據第一隨機數對身份資料進行解密得到第一解密結果，根據第一解密結果確定安全晶片是否為合法的晶片；其中，資訊集包括：第一隨機數，身份資料包括：使用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊和安全晶片為用戶終端上運行的用戶進程產生的平台身份公鑰，第一解密結果包括：對加密後的背書證書進行解密，和/或對身份內容資訊進行解密。　　根據本發明實施例的另一方面，還提供了一種資訊安全的驗證裝置，包括：第一發送模組，用於用戶終端將加密後的資訊集發送至安全晶片，其中，資訊集包括：第一隨機數；接收模組，用於用戶終端接收安全晶片返回的身份資料，其中，身份資料包括：使用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊和安全晶片為用戶終端上運行的用戶進程產生的平台身份公鑰；第一解密模組，用於用戶終端根據第一隨機數對身份資料進行解密得到第一解密結果，其中，第一解密結果包括：對加密後的背書證書進行解密，和/或對身份內容資訊進行解密；第一確定模組，用於用戶終端根據第一解密結果確定安全晶片是否為合法的晶片。　　在本發明實施例中，通過用戶終端將加密後的資訊集發送至安全晶片，其中，資訊集包括：第一隨機數；用戶終端接收安全晶片返回的身份資料，其中，身份資料包括：使用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊和安全晶片為用戶終端上運行的用戶進程產生的平台身份公鑰；用戶終端根據第一隨機數對身份資料進行解密得到第一解密結果，其中，第一解密結果包括：對加密後的背書證書進行解密，和/或對身份內容資訊進行解密；用戶終端根據第一解密結果確定安全晶片是否為合法的晶片，達到了用戶終端上的用戶進程與安全晶片之間進行可信性驗證的目的，從而實現了提高了通信過程中資訊安全性的技術效果，進而解決了現有技術中用戶終端上運行的用戶進程與安全晶片互動時沒有對雙方身份進行合法性驗證的技術問題。Embodiments of the present invention provide a method, device, and system for verifying information security, so as to at least solve a technical problem in the prior art that a user process running on a user terminal interacts with a security chip without verifying the identities of both parties. According to an aspect of an embodiment of the present invention, a method for verifying information security is provided, including: a user terminal sends an encrypted information set to a security chip, wherein the information set includes: a first random number; the user terminal receives the security chip and returns Identity information, wherein the identity information includes: an endorsement certificate of the security chip encrypted using the first random number, identity content information including the chip identification of the security chip, and the platform identity generated by the security chip for the user process running on the user terminal Public key; the user terminal decrypts the identity data according to the first random number to obtain a first decryption result, wherein the first decryption result includes: decrypting the encrypted endorsement certificate, and / or decrypting identity content information; the user terminal It is determined whether the security chip is a legitimate chip according to the first decryption result. According to another aspect of the embodiments of the present invention, an information security verification system is also provided, including: a security chip; a user terminal for sending the encrypted information set to the security chip, and receiving identity data returned by the security chip, according to The first random number decrypts the identity data to obtain a first decryption result, and determines whether the security chip is a legitimate chip according to the first decryption result; wherein the information set includes: the first random number, and the identity data includes: using the first random number to perform The endorsement certificate of the encrypted security chip, the identity content information containing the chip identification of the security chip, and the platform identity public key generated by the security chip for the user process running on the user terminal. The first decryption result includes: performing the encrypted endorsement certificate. Decrypt, and / or decrypt the identity content information. According to another aspect of the embodiments of the present invention, there is also provided an information security verification device, including: a first sending module for a user terminal to send an encrypted information set to a security chip, wherein the information set includes: a first A random number; a receiving module for the user terminal to receive the identity data returned by the security chip, wherein the identity data includes: an endorsement certificate of the security chip encrypted using the first random number, and the identity content including the chip identification of the security chip The information and security chip is a platform identity public key generated by a user process running on the user terminal; a first decryption module is used for the user terminal to decrypt the identity data according to the first random number to obtain a first decryption result, where the first decryption The results include: decrypting the encrypted endorsement certificate, and / or decrypting the identity content information; a first determination module, used by the user terminal to determine whether the security chip is a legitimate chip according to the first decryption result. In the embodiment of the present invention, the encrypted information set is sent to the security chip through the user terminal, where the information set includes: a first random number; the user terminal receives identity data returned by the security chip, wherein the identity data includes: using the first An endorsement certificate of the security chip encrypted with a random number, the identity content information including the chip identification of the security chip, and the platform identity public key generated by the security chip for the user process running on the user terminal; the user terminal verifies the identity according to the first random number The data is decrypted to obtain a first decryption result, wherein the first decryption result includes: decrypting the encrypted endorsement certificate, and / or decrypting identity content information; the user terminal determines whether the security chip is legitimate according to the first decryption result The chip achieves the purpose of verifying the credibility between the user process on the user terminal and the security chip, thereby achieving the technical effect of improving the information security in the communication process, thereby solving the users running on the user terminal in the prior art Process interacts with security chip without identity to both parties Technical issues for legality verification.

為了使本技術領域的人員更好地理解本發明方案，下面將結合本發明實施例中的圖式，對本發明實施例中的技術方案進行清楚、完整地描述，顯然，所描述的實施例僅僅是本發明一部分的實施例，而不是全部的實施例。基於本發明中的實施例，本領域普通技術人員在沒有做出創造性勞動前提下所獲得的所有其他實施例，都應當屬本發明保護的範圍。　　需要說明的是，本發明的說明書和申請專利範圍及上述圖式中的術語“第一”、“第二”等是用於區別類似的對象，而不必用於描述特定的順序或先後次序。應該理解這樣使用的資料在適當情況下可以互換，以便這裡描述的本發明的實施例能夠以除了在這裡圖示或描述的那些以外的順序實施。此外，術語“包括”和“具有”以及他們的任何變形，意圖在於覆蓋不排他的包含，例如，包含了一系列步驟或單元的過程、方法、系統、產品或設備不必限於清楚地列出的那些步驟或單元，而是可包括沒有清楚地列出的或對於這些過程、方法、產品或設備固有的其它步驟或單元。　　首先，在對本申請實施例進行描述的過程中出現的部分名詞或術語適用於如下解釋：　　(1)U：用戶終端上運行的用戶進程；　　(2)T：安全晶片；　　(3)T_ID ：安全晶片唯一標識，可以標識安全晶片T的唯一性；　　(4)PCA：第三方證書伺服器的資訊，即，可信第三方；　　(5)N1：第一隨機數，用戶終端上運行的用戶進程U產生的隨機數；　　(6)N2：第二隨機數，安全晶片T產生的隨機數；　　(7)L：用戶終端上運行的用戶進程的標識資訊，即，用戶進程的身份標簽；　　(8)AIK：安全晶片T為用戶進程U產生的用於驗證平台身份的密鑰，其中，AIK為用戶進程U的平台身份公鑰，AIK^-1 為用戶進程U的平台身份私鑰，平台身份私鑰存放在安全晶片T的晶片內部；　　(9)I=[AIK, L, PCA]_AIK ^-1 ，注：表示用平台身份私鑰AIK^-1 加密資訊集：AIK, L, PCA；　　(10)EK：安全晶片T的安全晶片背書公鑰；EK^-1 ：安全晶片T中與安全晶片背書公鑰EK對應的安全晶片背書私鑰；　　(11)Cert_EK：安全晶片的背書證書，Cert_EK=[TID, EK, MF]_SK(MF) ，其中，MF是廠商，SK(MF)是廠商私鑰；[T, EK, MF]_SK(MF) 表示用廠商私鑰SK(MF)加密資訊[T，EK，MF]，本申請實施例中，[Y]_X 表示用X加密Y，後續不再重述；　　(12)Cert_AIK=[L, AIK, PCA]_SK(PCA) ；　　(13)PCA的平台身份公私鑰對：PK(PCA)為PCA的公鑰，SK(PCA)為PCA的私鑰；　　(14)證書格式[u, PK(u), CA]_Sk(CA) ：其中，u表示證書擁有者；PK(u)表示證書擁有者公鑰；CA表示證書頒發者；Sk(CA)表示證書頒發者私鑰。實施例1 　　根據本發明實施例，還提供了一種資訊安全的驗證的系統實施例，需要說明的是，本發明實施例1所提供的資訊安全的驗證系統實施例可以應用於如圖3所示的由伺服器303和終端301所構成的硬體環境中。如圖3所示，終端301可以經由資料網路連接或電子連接到一個或多個伺服器。一種可選實施例中，上述終端301可以但不限定於PC電腦、手機、筆記本電腦、平板電腦等設備。資料網路連接可以是區域網連接、廣域網連接、網際網路連接，或其他類型的資料網路連接。終端301可以執行以連接到由一個伺服器或一組伺服器執行的網路服務。網路伺服器是基於網路的用戶服務，諸如社交網路、雲端資源、電子郵件、線上支付或其他線上應用。　　需要說明的是，本申請實施例一所提供的系統實施例中的終端301可以在計算機終端、移動終端或者類似的運算裝置中執行。以運行在移動終端上為例，圖4是本發明實施例的一種用於實現資訊安全的驗證系統的移動終端的硬體結構方塊圖。如圖4所示，該移動終端40可以包括一個或多個(圖中僅示出一個)處理器402(處理器402可以包括但不限於微處理器MCU或可編程邏輯器件FPGA等的處理裝置)、用於儲存資料的記憶體404、以及用於通信功能的傳輸裝置406。本領域普通技術人員可以理解，圖4所示的結構僅為示意，其並不對上述電子裝置的結構造成限定。例如，移動終端40還可包括比圖4中所示更多或者更少的組件，或者具有與圖4所示不同的配置。　　記憶體404可用於儲存應用軟體的軟體程式以及模組，如本發明實施例中的資訊安全的驗證方法對應的程式指令/模組，處理器402通過運行儲存在記憶體404內的軟體程式以及模組，從而執行各種功能應用以及資料處理，即實現上述的資訊安全的驗證方法。記憶體404可包括高速隨機記憶體，還可包括非揮發性記憶體，如一個或者多個磁性儲存裝置、快閃記憶體、或者其他非揮發性固態記憶體。在一些實例中，記憶體404可進一步包括相對於處理器402遠程設置的記憶體，這些遠程記憶體可以通過網路連接至移動終端40。上述網路的實例包括但不限於互聯網、企業內部網、區域網、移動通信網及其組合。　　傳輸裝置406用於經由一個網路接收或者發送資料。上述的網路具體實例可包括移動終端40的通信供應商提供的無線網路。在一個實例中，傳輸裝置406包括一個網路控制器(Network Interface Controller，NIC)，其可通過基站與其他網路設備相連從而可與互聯網進行通訊。在一個實例中，傳輸裝置406可以為射頻(Radio Frequency，RF)模組，其用於通過無線方式與互聯網進行通訊。　　此處需要說明的是，在一些可選實施例中，上述圖4所示的移動終端可以包括硬體元件(包括電路)、軟體元件(包括儲存在計算機可讀介質上的計算機代碼)、或硬體元件和軟體元件兩者的結合。應當指出的是，圖4僅為特定具體實例的一個實例，並且旨在示出可存在於上述移動終端中的部件的類型。　　需要說明的是，圖4示出的硬體結構方塊圖，不僅可以作為上述終端301的示例性方塊圖，還可以作為上述伺服器303的示例性方塊圖。　　在上述運行環境下，本申請提供了一種資訊安全的驗證系統實施例。圖5是根據本發明實施例的一種資訊安全的驗證系統示意圖；如圖5所示，該系統包括：安全晶片501和用戶終端503。　　其中，用戶終端503，用於將加密後的資訊集發送至安全晶片501，接收安全晶片501返回的身份資料，根據第一隨機數對身份資料進行解密得到第一解密結果，根據第一解密結果確定安全晶片是否為合法的晶片；　　其中，資訊集包括：第一隨機數，身份資料包括：使用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊和安全晶片為用戶終端上運行的用戶進程產生的平台身份公鑰，第一解密結果包括：對加密後的背書證書進行解密，和/或對身份內容資訊進行解密。　　具體地，在本實施例中，上述安全晶片501可以為用於在計算運算的同時進行安全防護的可信任平台模組，是一個可獨立進行密鑰產生、加解密的裝置，內部擁有獨立的處理器和儲存單元，可儲存密鑰和特徵資料，為終端設備提供加密和安全認證服務；利用安全晶片進行加密，密鑰被儲存在硬體中，被竊的資料無法解密，從而保護商業隱私和資料安全；上述用戶終端可以為用於通信的計算機、筆記本電腦、平板電腦、手機等終端設備，用戶進程可以為用戶在上述用戶終端上運行的進程，一旦用戶進程產生，則安全晶片會為用戶進程產生相應的平台身份密鑰對，用戶進程獲取平台身份公鑰，該用戶進程的平台身份私鑰則留在安全晶片內部；上述資訊集為用戶終端發送的包含了用戶進程的身份標簽、可信第三方PCA資訊的資料，需要說明的是，本申請實施中，在資訊集中加入了第一隨機數，因而，上述資訊集可以包括用戶終端上運行的用戶進程的身份標簽、可信第三方PCA資訊以及第一隨機數。　　通過上述實施例中安全晶片和用戶終端公開的方案，用戶終端(實際上是用戶終端上運行的用戶進程)在將資訊集發送至安全晶片之前，會首先將資訊集進行加密；在用戶終端將加密後的資訊集發送至安全晶片後，安全晶片接收用戶終端發送的加密後的資訊集，進行解密，得到該用戶終端的身份標簽、可信第三方PCA資訊以及第一隨機數；安全晶片內部產生第二隨機數，並利用第一隨機數、第二隨機數以及安全晶片內部的安全晶片背書私鑰為用戶進程產生平台身份平台身份公私鑰對，其中，平台身份私鑰保留在安全晶片中，平台身份公鑰發送至用戶進程，同時將採用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊也發送至用戶終端。用戶終端接收得到安全晶片返回的身份資料後，利用第一隨機數對接收到的身份資料進行解密，得到第一解密結果，並驗證安全晶片是否為合法的晶片。　　一種可選的實施例中，假設用戶終端上運行的用戶進程U、安全晶片T、可信第三方PCA在身份密鑰及身份證書互動之前，已獲得安全晶片背書公鑰EK，用戶進程U可以利用安全晶片背書公鑰EK將資訊集[L，PCA，N1]加密，其中，L為用戶進程U的身份標簽，PCA為可信第三方資訊、N1為第一隨機數。　　基於上述實施例，在安全晶片接收到利用安全晶片背書公鑰EK加密的資訊集[L，PCA，N1]_EK 後，首先，利用安全晶片背書私鑰EK^-1 解密接收到的資訊集[L，PCA，N1]_EK ，得到用戶進程的身份標簽L、可信第三方PCA資訊以及第一隨機數N1；接著，安全晶片產生第二隨機數N2，並依據N1、N2、EK^-1 為用戶進程U產生平台身份平台身份公私鑰對AIK(平台身份公鑰)、AIK^-1 (平台身份私鑰)，其中，AIK=[N1||N2||L]_EK ^-1 ，平台身份私鑰AIK^-1 保留在安全晶片T中；然後，安全晶片T通過計算得到身份內容資訊I=[AIK, L, TID, PCA]_AIK ^-1 以及利用第一隨機數N1加密得到的安全晶片的背書證書[Cert_EK]_N1 ；最後，安全晶片T將使用第一隨機數進行加密的安全晶片的背書證書[Cert_EK]_N1 、基於第一隨機數和第二隨機數(安全晶片內部產生的隨機數)產生的用戶進程的平台身份公鑰AIK、包含了安全晶片的晶片標識的身份內容資訊I發送至用戶進程。　　作為一種可選的實施例，上述身份資料中可以包括：第一隨機數進行加密的安全晶片的背書證書[Cert_EK]_N1 、基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰AIK、包含了安全晶片的晶片標識的身份內容資訊I=[AIK, L, TID, PCA]_AIK ^-1 ，其中，T_ID 可以標識安全晶片T的唯一性，將T_ID 與用戶進程的身份標簽L綁定作為用戶進程U的平台身份資訊一部分，解決了用戶進程請求身份與安全晶片平台身份的綁定。用戶終端接收到安全晶片返回的平台身份密鑰後，利用第一隨機數N1對加密的安全晶片的背書證書[Cert_EK]_N1 進行解密，可以得到背書證書Cert_EK。　　可選地，基於上述實施例公開的方案，用戶進程U利用第一隨機數N1對身份密鑰進行解密，得到背書證書Cert_EK後，根據背書證書Cert_EK得到相應的安全晶片背書公鑰EK後，利用安全晶片背書公鑰EK來解密平台身份公鑰AIK=[N1||N2||L]_EK ^-1 ，如果所解密的結果資訊中包含第一隨機數N1，且身份內容資訊中包含的T_ID 的資訊與Cer_安全晶片背書證書Cert_EK所包含的T_ID 資訊一致，則認為AIK和I是合法的安全晶片T發給自己的平台身份公鑰及身份內容資訊，流程繼續，否則終止。　　由上可知，在本申請上述實施例中，用戶終端(實際上是用戶終端上運行的用戶進程)在將資訊集發送至安全晶片之前，利用安全晶片背書公鑰來對資訊集加密；安全晶片接收到用戶進程發送的加密後的資訊集後，採用相應的私鑰來對加密後的資訊集進行解密，由於資訊集中添加了第一隨機數，安全晶片利用第一隨機數對其背書證書進行加密後發送至用戶進程，同時將包含了其晶片標識的身份內容資訊和基於第一隨機數和第二隨機數(安全晶片內部產生的隨機數)產生的平台身份公鑰發送至用戶進程；用戶進程在接收到安全晶片返回的加密後的背書證書、包含了晶片標識的身份內容資訊以及平台身份公鑰後，利用第一隨機數進行解密，並根據解密後的解密結果確定安全晶片是否為合法的晶片。　　通過上述實施例公開的方案，達到了用戶終端上的用戶進程與安全晶片之間進行可信性驗證的目的，從而實現了提高通信過程中資訊安全性的技術效果。　　由此，本申請上述實施例解決了現有技術中用戶終端上運行的用戶進程與安全晶片互動時沒有對雙方身份進行合法性驗證的技術問題。　　在一種可選的實施例中，上述安全晶片501還用於使用與安全晶片背書公鑰EK對應的安全晶片背書私鑰EK^-1 對加密後的資訊集進行解密，得到資訊集，並在獲取到第二隨機數(安全晶片內部產生的隨機數)之後，根據資訊集、第二隨機數和安全晶片背書私鑰EK^-1 產生用戶進程的平台身份公鑰AIK、平台身份私鑰AIK^-1 和身份內容資訊，並使用第一隨機數對安全晶片的背書證書進行加密；上述用戶終端503還用於接收安全晶片發送的至少將如下資訊：身份內容資訊、加密後的背書證書和平台身份公鑰AIK。　　具體地，在上述實施例中，在用戶終端503將加密後的資訊集發送至安全晶片501後，安全晶片501接收用戶終端503發送的加密後的資訊集，可以利用與安全晶片背書公鑰EK對應的安全晶片背書私鑰EK^-1 對加密後的資訊集進行解密，得到用戶終端503上運行的用戶進程的身份標簽、可信第三方PCA資訊以及用戶終端503上運行的用戶進程U產生的第一隨機數；並產生第二隨機數，利用第一隨機數、第二隨機數以及安全晶片501內部的安全晶片背書私鑰EK^-1 為用戶終端503上運行的用戶進程產生平台身份平台身份公私鑰對，即，用戶進程U的平台身份公鑰AIK、平台身份私鑰AIK^-1 ；其中，平台身份私鑰AIK^-1 保留在安全晶片501中，平台身份公鑰AIK發送至用戶終端503，同時將採用第一隨機數進行加密的安全晶片501的背書證書、身份內容資訊也發送至用戶終端503。　　此處需要說明的是，上述身份內容資訊中包含了安全晶片T的晶片標識，由本申請背景部分內容可知，現有的平台身份密鑰及證書分發過程中，安全晶片T向用戶進程U發送的簽名後的身份內容資訊為I=[AIK, L, PCA]AIK^-1 ，而本申請實施例中，安全晶片T通過計算得到的身份內容資訊I=[AIK, L, TID, PCA]，其中，T_ID 為安全晶片T唯一標識。　　通過上述實施例，安全晶片501採用第一隨機數、第二隨機數以及安全晶片501內部的安全晶片背書私鑰EK^-1 產生安全晶片501的平台身份公鑰AIK，可以便於後續用戶進程對安全晶片501的驗證，安全晶片501使用T_ID 用以標識可信晶片T的唯一性，並將之與身份標簽L綁定作為用戶進程U的平台身份資訊一部分，解決了用戶進程請求身份與可信晶片平台身份的綁定。　　在一種可選的實施例中，如圖5所示，上述系統還包括：第三方證書伺服器505，接收用戶終端503發送的待驗證的資訊，待驗證的資訊包括至少如下資料：使用第三方伺服器提供的證書公鑰對安全晶片背書證書進行加密的加密結果、用戶終端上運行的用戶進程的身份標簽、第三方證書伺服器505的標識資訊、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰。　　具體地，在上述實施例中，在用戶終端向第三方證書伺服器505發送背書證書的加密結果、用戶終端上運行的用戶進程的身份標簽、第三方證書伺服器505的標識資訊、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰等資訊之後，第三方證書伺服器505使用與證書公鑰對應的證書私鑰對背書證書的加密結果進行解密，得到安全晶片的背書證書、用戶進程的身份標簽L和安全晶片的安全晶片背書公鑰EK；然後，第三方證書伺服器505使用安全晶片的安全晶片背書公鑰EK對用戶進程的平台身份公鑰AIK進行解密，得到用戶進程U的身份標簽L，並使用用戶進程的平台身份公鑰AIK對身份內容資訊進行解密，得到相應的解密資訊，如果解密資訊中包含的晶片標識與背書證書中記錄的晶片標識一致，和/或解密資訊中包含的用戶進程的身份標簽與背書證書中記錄的身份標簽一致，則確定安全晶片提供了為用戶終端上運行的用戶進程U提供了合法的平台身份平台身份公私鑰對。　　一種可選的實施例中，用戶終端使用第三方證書伺服器505提供的證書公鑰PK(PCA)對安全晶片的背書證書進行加密，得到背書證書的加密結果[Cert_EK]_PK(PCA) ，並向第三方證書伺服器505(即，可信第三方PCA)發送以下資訊：背書證書的加密結果[Cert_EK]_PK(PCA) 、用戶進程的身份標簽L、第三方證書伺服器505的標識資訊PCA、包含了安全晶片的晶片標識的身份內容資訊I和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰AIK。第三方證書伺服器505接收到上述資訊後，利用與證書公鑰PK(PCA)對應的證書私鑰SK(PCA)解密背書證書的加密結果資訊[Cert_EK，L]PK(PCA)，得到背書證書Cert_EK、用戶進程的身份標簽L、以及安全晶片背書公鑰EK，利用安全晶片背書公鑰EK解密用戶進程的平台身份公鑰AIK，得到用戶進程的身份標簽L，判斷利用安全晶片背書公鑰EK解密得到的用戶進程的身份標簽L與利用證書私鑰SK(PCA)解密背書證書的加密結果資訊[Cert_EK，L]PK(PCA)得到身份標簽L是否一致，以及利用平台身份公鑰AIK解密平台身份內容資訊I得到的晶片標識T_ID 與背書證書Cert_EK裡的T_ID 是否一致，從而確定平台身份公鑰AIK和平台身份私鑰AIK^-1 是否來自合法的安全晶片為用戶進程產生的平台身份公私鑰對。　　通過上述實施例，實現了為用戶進程提供的平台身份公私鑰對的安全晶片的合法性進行驗證。　　在一種可選的實施例中，上述用戶終端503還用於使用安全晶片背書公鑰EK對資訊集進行加密，其中，資訊集還包括：用戶終端503上運行的用戶進程的標識資訊和第三方證書伺服器的資訊。　　具體地，在上述實施例中，安全晶片背書公鑰EK可以為基於TCG規範，用於在平台身份密鑰和身份證書的分發過程中的平台身份公鑰；用戶終端503上運行的用戶進程的標識資訊可以為用戶終端503的身份標簽，第三方證書伺服器的資訊可以為可信第三方平台的資訊；一種可選的實施例中，假設用戶終端503U，安全晶片501T，可信第三方PCA在平台身份密鑰及身份證書互動之前，已獲得平台安全晶片背書公鑰EK，用戶終端503在將加密後的資訊集發送至安全晶片501前，可以首先利用安全晶片背書公鑰EK將資訊集[L, PCA, N1]加密，其中，其中，L為用戶終端503的身份標簽，PCA為第三方證書伺服器的資訊、N1為第一隨機數，用戶進程U產生的隨機產生數。　　在一種可選的實施例中，上述用戶終端503還用於使用第一隨機數對加密後的背書證書進行解密，得到背書證書；根據背書證書得到安全晶片背書公鑰EK，並驗證背書證書的合法性；使用安全晶片背書公鑰EK對平台身份公鑰AIK進行解密，得到第三解密結果。　　具體地，在上述實施例中，上述第一隨機數可以為用戶終端503上運行的用戶進程U產生的隨機產生數；用戶終端503在接收得到安全晶片501返回的平台身份公鑰後，利用第一隨機數對使用第一隨機數進行加密的安全晶片501的背書證書進行解密，得到安全晶片501的背書證書；利用背書證書得到相應的安全晶片背書公鑰，使用安全晶片背書公鑰對平台身份公鑰進行解密，得到第三解密結果。　　一種可選的實施例中，上述身份資料中可以包括：第一隨機數進行加密的安全晶片501的背書證書，得到加密結果[Cert_EK]_N1 、安全晶片501產生的平台身份公鑰AIK、包含了安全晶片501的晶片標識的身份內容資訊I=[AIK, L, TID, PCA]_AIK ^-1 ；用戶終端503U利用第一隨機數N1對加密結果[Cert_EK]_N1 進行解密，得到背書證書Cert_EK後，根據背書證書Cert_EK得到相應的安全晶片背書公鑰EK後，利用安全晶片背書公鑰EK來解密平台身份公鑰資訊AIK=[N1||N2||L]_EK ^-1 ，得到第三解密結果，其中，如果安全晶片背書公鑰EK合法的情況下，得到的第三解密結果中應該包含第一隨機數N1。　　通過上述實施例，由於用戶終端503在向安全晶片501發送資訊集之前，在資訊集中增加了第一隨機數，因而，可以通過驗證上述解密後的結果中是否包含第一隨機數來驗證安全晶片501是否合法。　　在一種可選的實施例中，上述用戶終端503還用於驗證第三解密結果中是否包含第一隨機數；如果第三解密結果中包含第一隨機數，則確定安全晶片501為合法的晶片。　　具體地，在上述實施例中，用戶終端503在根據第一隨機數對加密的安全晶片的背書證書進行解密得到第一解密結果後，可以通過驗證第三解密結果中是否包含第一隨機數來確定安全晶片501是否為合法的晶片，如果第三解密結果中包含第一隨機數，則確定安全晶片501為合法的晶片。　　具體的，用戶終端可以利用第一隨機數N1對加密結果[Cert_EK]_N1 進行解密，得到背書證書Cert_EK後，根據背書證書Cert_EK得到相應的安全晶片背書公鑰EK後，利用安全晶片背書公鑰EK來解密平台身份公鑰資訊AIK=[N1||N2||L]_EK ^-1 ，得到第三解密結果，其中，如果安全晶片背書公鑰EK合法的情況下，得到的第三解密結果中應該包含第一隨機數N1。　　通過上述實施例，可以實現用戶終端503上運行的用戶進程對安全晶片501是否合法進行驗證，提高了通信的安全性。　　在一種可選的實施例中，上述用戶終端503還用於使用第三方證書伺服器505提供的證書公鑰對安全晶片501的背書證書進行加密，得到背書證書的加密結果；向第三方證書伺服器505發送待驗證的資訊，待驗證的資訊包括至少如下資料：背書證書的加密結果、用戶終端503上運行的用戶進程的身份標簽、第三方證書伺服器505的標識資訊、包含了安全晶片501的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的安全晶片501的平台身份公鑰。　　具體地，在上述實施例中，第三方證書伺服器505為可信第三方平台；在用戶終端503根據第一解密結果確定安全晶片501為合法的晶片的情況下，用戶終端503使用第三方證書伺服器505提供的證書公鑰對安全晶片501的背書證書進行加密，得到背書證書的加密結果，並將該加密結果與用戶終端503上運行的用戶進程的身份標簽、第三方證書伺服器505的標識資訊、包含了安全晶片501的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的安全晶片501的平台身份公鑰發送至第三方證書伺服器505。　　在一種可選的實施例中，第三方證書伺服器505還用於使用證書公鑰對預定的資料集合進行加密，產生身份證書，其中，預定的資料集合包括：用戶進程的身份標簽、安全晶片501的平台身份公鑰AIK、用戶進程的身份標簽和第三方證書伺服器505的標識資訊；使用安全晶片背書公鑰EK對身份證書進行加密，並將加密結果分發身份證書到至少一個用戶終端503。　　具體地，在上述實施例中，在第三方證書伺服器505確定安全晶片501提供了合法的平台身份公私鑰對之後，第三方證書伺服器505使用證書公鑰對用戶進程的身份標簽、安全晶片501的平台身份公鑰AIK、用戶進程的身份標簽和第三方證書伺服器505的標識等資訊進行加密，為用戶終端503的用戶進程產生相應的身份證書，並利用安全晶片背書公鑰EK對身份證書進行加密，並將加密結果分發身份證書發送一個或多個用戶終端503。　　在一種可選的實施例中，上述用戶終端503還用於接收到身份證書並將身份證書轉發給安全晶片501；上述安全晶片501還用於使用安全晶片背書私鑰EK^-1 對加密後的身份證書進行解密，得到身份證書。　　在一種可選的實施例中，上述安全晶片501還用於採用第一隨機數對身份證書進行加密，並將加密結果發送至用戶終端503，上述用戶終端503還用於採用本地儲存的第一隨機數解密得到身份證書。實施例2 　　根據本發明實施例，還提供了一種資訊安全的驗證的方法實施例，需要說明的是，在圖式的流程圖示出的步驟可以在諸如一組計算機可執行指令的計算機系統中執行，並且，雖然在流程圖中示出了邏輯順序，但是在某些情況下，可以以不同於此處的順序執行所示出或描述的步驟。　　本申請實施例2所提供的方法實施例可以在移動終端、計算機終端或者類似的運算裝置中執行。圖6示出了一種用於實現資訊安全的驗證方法的計算機終端的硬體結構方塊圖。如圖6所示，計算機終端60可以包括一個或多個(圖中採用602a、602b，……，602n來示出)處理器602(處理器602可以包括但不限於微處理器MCU或可編程邏輯器件FPGA等的處理裝置)、用於儲存資料的記憶體604、以及用於通信功能的傳輸裝置606。除此以外，還可以包括：顯示器、輸入/輸出介面(I/O介面)、通用串列匯流排(USB)埠(可以作為I/O介面的埠中的一個埠被包括)、網路介面、電源和/或相機。本領域普通技術人員可以理解，圖6所示的結構僅為示意，其並不對上述電子裝置的結構造成限定。例如，計算機終端60還可包括比圖6中所示更多或者更少的組件，或者具有與圖6所示不同的配置。　　應當注意到的是上述一個或多個處理器602和/或其他資料處理電路在本文中通常可以被稱為“資料處理電路”。該資料處理電路可以全部或部分的體現為軟體、硬體、韌體或其他任意組合。此外，資料處理電路可為單個獨立的處理模組，或全部或部分的結合到計算機終端60(或移動設備)中的其他元件中的任意一個內。如本申請實施例中所涉及到的，該資料處理電路作為一種處理器控制(例如與介面連接的可變電阻終端路徑的選擇)。　　記憶體604可用於儲存應用軟體的軟體程式以及模組，如本發明實施例中的資訊安全的驗證方法對應的程式指令/資料儲存裝置，處理器602通過運行儲存在記憶體604內的軟體程式以及模組，從而執行各種功能應用以及資料處理，即實現上述的資訊安全的驗證方法。記憶體604可包括高速隨機記憶體，還可包括非揮發性記憶體，如一個或者多個磁性儲存裝置、快閃記憶體、或者其他非揮發性固態記憶體。在一些實例中，記憶體604可進一步包括相對於處理器602遠程設置的記憶體，這些遠程記憶體可以通過網路連接至計算機終端60。上述網路的實例包括但不限於互聯網、企業內部網、區域網、移動通信網及其組合。　　傳輸裝置606用於經由一個網路接收或者發送資料。上述的網路具體實例可包括計算機終端60的通信供應商提供的無線網路。在一個實例中，傳輸裝置606包括一個網路控制器(Network Interface Controller，NIC)，其可通過基站與其他網路設備相連從而可與互聯網進行通訊。在一個實例中，傳輸裝置606可以為射頻(Radio Frequency，RF)模組，其用於通過無線方式與互聯網進行通訊。　　顯示器可以例如觸控螢幕式的液晶顯示器(LCD)，該液晶顯示器可使得用戶能夠與計算機終端60的用戶界面進行互動。　　此處需要說明的是，在一些可選實施例中，上述圖6所示的計算機終端可以包括硬體元件(包括電路)、軟體元件(包括儲存在計算機可讀介質上的計算機代碼)、或硬體元件和軟體元件兩者的結合。應當指出的是，圖6僅為特定具體實例的一個實例，並且旨在示出可存在於上述計算機終端中的部件的類型。　　此處還需要說明的是，在一些實施例中，上述圖6所示的計算機終端具有觸控顯示器(也被稱為“觸控螢幕”或“觸控顯示螢幕”)。在一些實施例中，上述圖6所示的計算機終端具有圖像用戶界面(GUI)，用戶可以通過觸摸觸敏表面上的手指接觸和/或手勢來與GUI進行人機互動，此處的人機互動功能可選的包括如下互動：創建網頁、繪圖、文字處理、製作電子文檔、遊戲、視頻會議、即時通信、收發電子郵件、通話界面、播放數字視頻、播放數字音樂和/或網路瀏覽等、用於執行上述人機互動功能的可執行指令被配置/儲存在一個或多個處理器可執行的計算機程式產品或可讀儲存介質中。　　一種可選實施例中，圖7以方塊圖示出了使用上述圖6所示的計算機終端作為發送端的一種實施例。如圖7所示，計算機終端701可以經由資料網路連接或電子連接到一個或多個伺服器703。一種可選實施例中，上述計算機終端701可以是任意移動計算設備等。資料網路連接可以是區域網連接、廣域網連接、網際網路連接，或其他類型的資料網路連接。計算機終端701可以執行以連接到由一個伺服器或一組伺服器執行的網路服務。網路伺服器是基於網路的用戶服務，諸如社交網路、雲端資源、電子郵件、線上支付或其他線上應用。容易注意的是，圖6示出的硬體結構方塊圖，不僅可以作為上述計算機終端701的示例性方塊圖，還可以作為上述伺服器703的示例性方塊圖。　　在上述運行環境下，本申請提供了如圖8所示的一種資訊安全的驗證方法。圖8是根據本發明實施例的一種資訊安全的驗證方法的流程圖，如圖8所示，包括如下步驟：　　步驟S802，用戶終端將加密後的資訊集發送至安全晶片，其中，資訊集可以至少包括：第一隨機數。　　具體地，在上述步驟中，上述用戶終端可以為用於通信的計算機、筆記本電腦、平板電腦、手機等終端設備，用戶進程可以為用戶在上述用戶終端上運行的進程，一旦用戶進程產生，則安全晶片會為用戶進程產生相應的平台身份密鑰對，用戶進程獲取平台身份公鑰，該用戶進程的平台身份私鑰則留在安全晶片內部；上述安全晶片可以為用於在計算運算的同時進行安全防護的可信任平台模組，是一個可獨立進行密鑰產生、加解密的裝置，內部擁有獨立的處理器和儲存單元，可儲存密鑰和特徵資料，為終端設備提供加密和安全認證服務；利用安全晶片進行加密，密鑰被儲存在硬體中，被竊的資料無法解密，從而保護商業隱私和資料安全；上述資訊集為用戶終端(實際上是用戶終端上運行的用戶進程)發送的包含了用戶進程的身份標簽、可信第三方PCA資訊的資料，需要說明的是，本申請實施中，在資訊集中加入了第一隨機數，因而，上述資訊集可以包括用戶進程的身份標簽、可信第三方PCA資訊以及第一隨機數；上述用戶進程在將資訊集發送至安全晶片之前，會首先將資訊集進行加密。　　一種可選的實施例中，假設用戶終端上運行的用戶進程U、安全晶片T、可信第三方PCA在身份密鑰及身份證書互動之前，已獲得安全晶片背書公鑰EK，用戶終端可以利用安全晶片背書公鑰EK將資訊集[L, PCA, N1]加密，其中，L為用戶進程U的身份標簽，PCA為可信第三方資訊、N1為第一隨機數。　　此處需要說明的是，在上述實施例中，由於平台背書EK公鑰中包含安全晶片T的唯一識別資訊，可以方便後續用戶進程U對安全晶片T的合法性進行驗證；採用平台EK公鑰對資訊集[L, PCA, N1]加密，可以對身份進程的身份表情L進行保護；另外，由於增加了一組隨機數N1，從而可以用N1來保護傳輸的安全晶片背書證書Cert_EK。　　步驟S804，用戶終端接收安全晶片返回的身份資料，其中，身份資料包括：使用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊和安全晶片為用戶終端上運行的用戶進程產生的平台身份公鑰。　　具體地，在上述步驟中，在用戶終端將加密後的資訊集發送至安全晶片後，安全晶片接收用戶終端發送的加密後的資訊集，進行解密，得到用戶終端上運行的用戶進程的身份標簽、可信第三方PCA資訊以及第一隨機數；並產生第二隨機數，利用第一隨機數、第二隨機數以及安全晶片內部的安全晶片背書私鑰為用戶終端產生平台身份公私鑰對，其中，平台身份私鑰保留在安全晶片中，平台身份公鑰發送至用戶進程，同時將採用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊也發送至用戶進程。　　一種可選的實施例中，仍以上述用戶進程U利用安全晶片背書公鑰EK將資訊集加密為例，在安全晶片接收到利用安全晶片背書公鑰EK加密的資訊集[L, PCA, N1]_EK 後，首先，利用安全晶片背書私鑰EK^-1 解密接收到的資訊集[L, PCA, N1]_EK ，得到用戶終端上運行的用戶進程的身份標簽L、可信第三方PCA資訊以及第一隨機數N1；接著，安全晶片產生第二隨機數N2，並依據N1、N2、EK^-1 為用戶進程U產生平台身份公私鑰對AIK、AIK^-1 ，其中，AIK=[N1||N2||L]_EK ^-1 ，AIK^-1 保留在晶片中；然後，安全晶片T通過計算得到身份內容資訊I=[AIK, L, TID, PCA]_AIK ^-1 以及利用第一隨機數N1加密得到的安全晶片的背書證書[Cert_EK]_N1 ；最後，安全晶片T將使用第一隨機數進行加密的安全晶片的背書證書[Cert_EK]_N1 、基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰AIK、包含了安全晶片的晶片標識的身份內容資訊I發送至用戶終端。　　步驟S806，用戶終端根據第一隨機數對身份資料進行解密得到第一解密結果，其中，第一解密結果包括：對加密後的背書證書進行解密，和/或對身份內容資訊進行解密。　　具體地，在上述步驟中，用戶終端在接收得到安全晶片返回的身份資料後，利用第一隨機數對使用第一隨機數進行加密的安全晶片的背書證書進行解密，得到安全晶片的背書證書。　　一種可選的實施例中，上述身份資料中可以包括：第一隨機數進行加密的安全晶片的背書證書，得到加密結果[Cert_EK]_N1 、安全晶片為用戶終端上運行的用戶進程產生的平台身份公鑰AIK、包含了安全晶片的晶片標識的身份內容資訊I=[AIK, L, TID, PCA]_AIK ^-1 ，其中，T_ID 可以標識安全晶片T的唯一性，將T_ID 與用戶終端的身份標簽L綁定作為用戶進程U的平台身份資訊一部分，解決了進程請求身份與可信晶片平台身份的綁定。用戶進程U接收得到安全晶片T返回的身份資料後，利用第一隨機數N1對身份資料中的加密結果[Cert_EK]_N1 進行解密，可以得到背書證書Cert_EK。　　步驟S808，用戶終端根據第一解密結果確定安全晶片是否為合法的晶片。　　具體地，在上述步驟中，用戶終端上運行的用戶進程利用第一隨機數對身份資料進行解密得到第一解密結果後，驗證安全晶片是否為合法的晶片，一種可選的實施方案中，在利用第一隨機數對使用第一隨機數進行加密的安全晶片的背書證書進行解密，得到在安全晶片的背書證書後，利用背書證書得到相應的安全晶片背書公鑰，使用安全晶片背書公鑰對平台身份公鑰進行解密，如果解密的結果中包含第一隨機數，則說明安全晶片為合法的晶片。　　一種可選的實施例中，用戶終端上的用戶進程U利用第一隨機數N1對[Cert_EK]_N1 進行解密，得到背書證書Cert_EK後，根據背書證書Cert_EK得到相應的安全晶片背書公鑰EK後，利用安全晶片背書公鑰EK來解密平台身份公鑰資訊AIK=[N1||N2||L]_EK ^-1 ，如果所解密的結果資訊中包含第一隨機數N1，且身份內容資訊中包含的T_ID 的資訊與Cer_安全晶片背書證書Cert_EK所包含的T_ID 資訊一致，則認為AIK和I是個合法的T發給自己的平台身份公鑰及身份內容資訊，流程繼續，否則終止。　　由上可知，在本申請上述實施例中，用戶終端(實際上是用戶終端上運行的用戶進程)在將資訊集發送至安全晶片之前，利用安全晶片背書公鑰來對資訊集加密；安全晶片接收到用戶進程發送的加密後的資訊集後，採用相應的私鑰來對加密後的資訊集進行解密，由於資訊集中添加了第一隨機數，安全晶片利用第一隨機數對其背書證書進行加密後發送至用戶進程，同時將包含了其晶片標識的身份內容資訊和基於第一隨機數和第二隨機數(安全晶片內部產生的隨機數)產生的平台身份公鑰發送至用戶進程；用戶進程在接收到安全晶片返回的加密後的背書證書、包含了晶片標識的身份內容資訊以及平台身份公鑰後，利用第一隨機數進行解密，並根據解密後的解密結果確定安全晶片是否為合法的晶片。　　通過上述實施例公開的方案，達到了用戶終端上的用戶進程與安全晶片之間進行可信性驗證的目的，從而實現了提高通信過程中資訊安全性的技術效果。　　由此，本申請上述實施例解決了現有技術中用戶終端上運行的用戶進程與安全晶片互動時沒有對雙方身份進行合法性驗證的技術問題。　　在一種可選的實施例中，用戶終端將加密後的資訊集發送至安全晶片，可以包括：步驟S801，用戶終端使用安全晶片背書公鑰EK對資訊集進行加密，其中，資訊集還包括：用戶終端上運行的用戶進程的標識資訊和第三方證書伺服器的資訊。　　具體地，在上述實施例中，安全晶片背書公鑰EK可以為基於TCG規範，用於在平台身份密鑰和身份證書的分發過程中的平台身份公鑰；用戶終端上運行的用戶進程的標識資訊可以為用戶終端的身份標簽，第三方證書伺服器的資訊可以為可信第三方平台的資訊；一種可選的實施例中，假設用戶進程U，安全晶片T，可信第三方PCA在平台身份密鑰及身份證書互動之前，已獲得平台安全晶片背書公鑰EK，用戶終端在將加密後的資訊集發送至安全晶片前，可以首先利用安全晶片背書公鑰EK將資訊集[L, PCA, N1]加密，其中，其中，L為用戶終端的身份標簽，PCA為第三方證書伺服器的資訊、N1為第一隨機數，用戶進程U產生的隨機產生數。　　在一種可選的實施例中，在用戶終端接收安全晶片返回的身份資料之前，如圖9所示，上述方法還可以包括：　　步驟S902，安全晶片使用與安全晶片背書公鑰對應的安全晶片背書私鑰對加密後的資訊集進行解密，得到資訊集；　　步驟S904，在獲取到第二隨機數之後，安全晶片根據資訊集、第二隨機數和安全晶片背書私鑰產生用戶進程的平台身份公鑰、平台身份私鑰和身份內容資訊，並使用第一隨機數對安全晶片的背書證書進行加密；　　步驟S906，安全晶片至少將如下資訊發送至用戶終端：身份內容資訊、加密後的背書證書和平台身份公鑰。　　具體地，在上述實施例中，在用戶終端將加密後的資訊集發送至安全晶片後，安全晶片接收用戶終端發送的加密後的資訊集，可以利用與安全晶片背書公鑰EK對應的安全晶片背書私鑰EK^-1 對加密後的資訊集進行解密，得到用戶終端上運行的用戶進程的身份標簽、可信第三方PCA資訊以及用戶終端上運行的用戶進程U產生的第一隨機數；並產生第二隨機數，利用第一隨機數、第二隨機數以及安全晶片內部的安全晶片背書私鑰EK^-1 為用戶終端上運行的用戶進程產生平台身份公私鑰對，即，用戶進程的平台身份公鑰AIK、平台身份私鑰AIK^-1 其中，平台身份私鑰AIK^-1 保留在安全晶片中，平台身份公鑰AIK發送至用戶終端，同時將採用第一隨機數進行加密的安全晶片的背書證書、身份內容資訊也發送至用戶終端。　　此處需要說明的是，上述身份內容中包含了安全晶片的晶片標識，由本申請背景部分內容可知，現有的平台身份密鑰及證書分發過程中，安全晶片T向用戶進程U發送的簽名後的身份內容資訊I=[AIK, L, PCA]AIK^-1 ，而本申請實施例中，安全晶片T通過計算得到的身份內容資訊I=[AIK, L, TID, PCA]，其中，T_ID 為安全晶片唯一標識。　　通過上述實施例，安全晶片採用第一隨機數、第二隨機數以及安全晶片內部的安全晶片背書私鑰EK^-1 產生用戶進程的平台身份公鑰AIK，可以便於後續用戶進程對安全晶片的驗證，安全晶片使用T_ID 用以標識可信晶片T的唯一性，並將之與L綁定作為用戶U進程的平台身份資訊一部分，解決了用戶進程請求身份與可信晶片平台身份的綁定。　　在一種可選的實施例中，如圖10所示，用戶終端根據第一隨機數對身份資料進行解密得到第一解密結果，可以包括如下步驟：　　步驟S102，使用第一隨機數對加密後的背書證書進行解密，得到背書證書；　　步驟S104，根據背書證書得到安全晶片背書公鑰，並驗證背書證書的合法性；　　步驟S106，使用安全晶片背書公鑰對平台身份公鑰進行解密，得到第三解密結果。　　具體地，在上述實施例中，上述第一隨機數可以為用戶終端上運行的用戶進程U產生的隨機產生數；用戶終端在接收得到安全晶片返回的身份資料後，利用第一隨機數對使用第一隨機數進行加密的安全晶片的背書證書進行解密，得到安全晶片的背書證書；利用背書證書得到相應的安全晶片背書公鑰，使用安全晶片背書公鑰對平台身份公鑰進行解密，得到第三解密結果。　　一種可選的實施例中，上述身份資料中可以包括：加密第一隨機數進行加密的安全晶片的背書證書，得到加密結果[Cert_EK]_N1 、安全晶片為用戶終端上運行的用戶進程產生的平台身份公鑰AIK、包含了安全晶片的晶片標識的身份內容資訊I=[AIK, L, TID, PCA]_AIK ^-1 ；用戶進程U利用第一隨機數N1對加密結果[Cert_EK]_N1 進行解密，得到背書證書Cert_EK後，根據背書證書Cert_EK得到相應的安全晶片背書公鑰EK後，利用安全晶片背書公鑰EK來解密平台身份公鑰資訊AIK=[N1||N2||L]_EK ^-1 ，得到第三解密結果，其中，如果安全晶片背書公鑰EK合法的情況下，得到的第三解密結果中應該包含第一隨機數N1。　　通過上述實施例，由於用戶終端在向安全晶片發送資訊集之前，在資訊集中增加了第一隨機數，因而，可以通過驗證上述解密後的結果中是否包含第一隨機數來驗證安全晶片是否合法。　　在一種可選的實施例中，如圖11所示，用戶終端根據第一解密結果確定安全晶片是否為合法的晶片，可以包括如下步驟：　　步驟S112，驗證第三解密結果中是否包含第一隨機數；　　步驟S114，如果第三解密結果中包含第一隨機數，則確定安全晶片為合法的晶片。　　具體地，在上述實施例中，用戶終端在根據第一隨機數對加密的安全晶片的背書證書[Cert_EK]_N1 進行解密得到第一解密結果後，可以通過驗證第三解密結果中是否包含第一隨機數來確定安全晶片是否為合法的晶片，如果第三解密結果中包含第一隨機數，則確定安全晶片為合法的晶片。　　具體的，用戶終端可以利用第一隨機數N1對加密結果[Cert_EK]_N1 進行解密，得到背書證書Cert_EK後，根據背書證書Cert_EK得到相應的安全晶片背書公鑰EK後，利用安全晶片背書公鑰EK來解密平台身份公鑰資訊AIK=[N1||N2||L]_EK ^-1 ，得到第三解密結果，其中，如果安全晶片背書公鑰EK合法的情況下，得到的第三解密結果中應該包含第一隨機數N1。　　通過上述實施例，可以實現用戶終端的用戶進程對安全晶片是否合法進行驗證，提高了通信的安全性。　　在一種可選的實施例中，上述方法還可以包括：步驟S116，如果第三解密結果中包含第一隨機數，且身份內容資訊中包含的晶片標識與背書證書中記錄的晶片標識一致，則確定安全晶片為合法的晶片。　　具體地，在上述實施例中，基於本申請實施例，由於安全晶片在向用戶終端返回的身份內容資訊中包含了晶片標識，因而可以通過判斷解密結果中的身份內容資訊中包含的晶片標識與背書證書中記錄的晶片標識是否一致，來確定安全晶片是否為合法的晶片。　　通過上述實施例，可以實現用於進程請求身份與安全晶片平台身份的綁定，通過判斷解密結果中的身份內容資訊中包含的晶片標識與背書證書中記錄的晶片標識是否一致，可以確定用戶終端接收到的平台身份公鑰資訊和身份資訊內容是否來自合法的安全晶片，進一步提高了通信的安全性。　　在一種可選的實施例中，如圖12所示，在用戶終端根據第一解密結果確定安全晶片是否為合法的晶片之後，上述方法還可以包括如下步驟：　　步驟S122，用戶終端使用第三方證書伺服器提供的證書公鑰對安全晶片的背書證書進行加密，得到背書證書的加密結果；　　步驟S124，用戶終端向第三方證書伺服器發送待驗證的資訊，待驗證的資訊包括至少如下資料：背書證書的加密結果、用戶終端上運行的用戶進程的身份標簽、第三方證書伺服器的標識資訊、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰。　　具體地，在上述實施例中，第三方證書伺服器為可信第三方平台；在用戶終端根據第一解密結果確定安全晶片為合法的晶片的情況下，用戶終端使用第三方證書伺服器提供的證書公鑰對安全晶片的背書證書進行加密，得到背書證書的加密結果，並將該加密結果與用戶終端上運行的用戶進程的身份標簽、第三方證書伺服器的標識資訊、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰發送至第三方證書伺服器。　　在一種可選的實施例中，如圖13所示，在用戶終端向第三方證書伺服器發送待驗證的資訊之後，上述方法還可以包括如下步驟：　　步驟S132，第三方證書伺服器使用與證書公鑰對應的證書私鑰對背書證書的加密結果進行解密，得到第四解密結果，其中，第四解密結果包括：安全晶片的背書證書、用戶進程的身份標簽L和安全晶片的安全晶片背書公鑰；　　步驟S134，第三方證書伺服器使用安全晶片背書公鑰對用戶進程的平台身份公鑰進行解密，得到用戶進程的身份標簽，並使用用戶進程的平台身份公鑰對身份內容資訊進行解密，得到解密資訊；　　步驟S136，如果解密資訊中包含的晶片標識與背書證書中記錄的晶片標識一致，和/或解密資訊中包含的用戶進程的身份標簽與背書證書中記錄的身份標簽一致，第三方證書伺服器確定用戶進程的平台身份公私鑰對由合法的安全晶片所產生。　　具體地，在上述實施例中，在用戶終端向第三方證書伺服器發送背書證書的加密結果、用戶終端上運行的用戶進程的身份標簽、第三方證書伺服器的標識資訊、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰等資訊之後，第三方證書伺服器使用與證書公鑰對應的證書私鑰對背書證書的加密結果進行解密，得到安全晶片的背書證書、用戶進程的身份標簽L和安全晶片的安全晶片背書公鑰EK；然後，第三方證書伺服器使用安全晶片的安全晶片背書公鑰EK對用戶進程的平台身份公鑰AIK進行解密，得到用戶進程U的身份標簽L，並使用用戶進程的平台身份公鑰AIK對身份內容資訊進行解密，得到相應的解密資訊，如果解密資訊中包含的晶片標識與背書證書中記錄的晶片標識一致，和/或解密資訊中包含的用戶進程的身份標簽與背書證書中記錄的身份標簽一致，則確定安全晶片提供了為用戶終端上運行的用戶進程U提供了合法的平台身份公私鑰對。　　一種可選的實施例中，用戶終端使用第三方證書伺服器提供的證書公鑰PK(PCA)對安全晶片的背書證書進行加密，得到背書證書的加密結果[Cert_EK]_PK(PCA) ，並向第三方證書伺服器(即，可信第三方PCA)發送以下資訊：背書證書的加密結果[Cert_EK]_PK(PCA) 、用戶進程的身份標簽L、第三方證書伺服器的標識資訊PCA、包含了安全晶片的晶片標識的身份內容資訊I和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰AIK。第三方證書伺服器接收到上述資訊後，利用與證書公鑰PK(PCA)對應的證書私鑰SK(PCA)解密背書證書的加密結果資訊[Cert_EK，L]PK(PCA)，得到背書證書Cert_EK、用戶進程的身份標簽L、以及安全晶片背書公鑰EK，利用安全晶片背書公鑰EK解密用戶進程的平台身份公鑰AIK，得到用戶進程的身份標簽L，判斷利用安全晶片背書公鑰EK解密得到的用戶進程的身份標簽L與利用證書私鑰SK(PCA)解密背書證書的加密結果資訊[Cert_EK，L]PK(PCA)得到身份標簽L是否一致，以及利用平台身份公鑰AIK解密平台身份內容資訊I得到的晶片標識T_ID 與背書證書Cert_EK裡的T_ID 是否一致，從而確定平台身份公鑰AIK和平台身份私鑰AIK^-1 是否來自合法的安全晶片為用戶進程產生的平台身份公私鑰對。　　通過上述實施例，實現了對安全晶片為用戶進程提供的平台身份公私鑰對的合法性進行驗證。　　在一種可選的實施例中，如圖14所示，在第三方證書伺服器確定用戶進程的平台身份公私鑰對由合法的安全晶片所產生之後，上述方法還可以包括如下步驟：　　步驟S142，第三方證書伺服器使用證書公鑰對預定的資料集合進行加密，產生身份證書，其中，預定的資料集合包括：用戶進程的身份標簽、用戶進程的平台身份公鑰、用戶進程的身份標簽和第三方證書伺服器的標識資訊；　　步驟S144，第三方證書伺服器使用安全晶片背書公鑰對身份證書進行加密，並將加密結果分發身份證書到至少一個用戶終端。　　具體地，在上述實施例中，在第三方證書伺服器確定用戶進程的平台身份公私鑰對由合法的安全晶片所產生之後，第三方證書伺服器使用證書公鑰對用戶進程的身份標簽、用戶進程的平台身份公鑰AIK、用戶進程的身份標簽和第三方證書伺服器的標識等資訊進行加密，為用戶終端的用戶進程產生相應的身份證書，並利用安全晶片背書公鑰EK對身份證書進行加密，並將加密結果分發身份證書發送一個或多個用戶終端。　　在一種可選的實施例中，如圖15所示，在第三方證書伺服器分發身份證書到至少一個用戶終端之後，上述方法還可以包括如下步驟：　　步驟S152，接收到身份證書的用戶終端將身份證書轉發給安全晶片；　　步驟S154，安全晶片使用安全晶片背書私鑰對加密後的身份證書進行解密，得到身份證書。　　具體地，在上述實施例中，在第三方證書伺服器分發身份證書到至少一個用戶終端之後，用戶終端將接收到的身份證書轉發給安全晶片，安全晶片使用安全晶片背書私鑰EK^-1 對加密後的身份證書進行解密，得到身份證書。　　在一種可選的實施例中，如圖15所示，在安全晶片使用安全晶片背書私鑰對加密後的身份證書進行解密，得到身份證書之後，上述方法還可以包括：　　步驟S156，安全晶片採用第一隨機數對身份證書進行加密，並將加密結果發送至用戶終端，使得用戶終端採用本地儲存的第一隨機數解密得到身份證書。　　具體地，在上述實施例中，在安全晶片使用安全晶片背書私鑰EK^-1 對加密後的身份證書進行解密，得到身份證書之後，再採用第一隨機數對身份證書進行加密，並將加密後的身份證書發送至用戶終端，用戶終端接收到加密後的身份證書後，利用第一隨機數進行解密得到相應身份證書。　　作為一種優選的實施例，可以結合圖16來說明書本申請上述實施例，圖16是根據本發明實施例的一種可選的平台身份密鑰與證書分發過程示意圖，如圖16所示，包括如下步驟：　　步驟S162，用戶終端上運行的用戶進程U向安全晶片T發送加密資訊集[L, PCA, N1]_EK 。　　具體地，在上述步驟中，假設用戶終端上運行的用戶進程U、安全晶片T、可信第三方PCA在身份密鑰及身份證書互動之前，已獲得平台EK公鑰，用戶終端可以利用安全晶片背書公鑰EK將資訊集[L, PCA, N1]加密，其中，L為用戶終端的身份標簽，PCA為可信第三方資訊、N1為第一隨機數；用戶終端可以利用安全晶片背書公鑰EK將資訊集[L, PCA, N1]加密後，將加密的資訊集[L, PCA, N1]_EK 發送至安全晶片T。　　步驟S164，安全晶片T向用戶終端上運行的用戶進程U發送加密的背書證書[Cert_AIK]_N1 、公鑰AIK、簽名的身份內容I，其中，I=[AIK, L, T_ID , PCA]_AIK ^-1 。　　具體地，在上述步驟中，安全晶片T在接收到來自用戶終端的用戶進程U發送的加密的資訊集[L, PCA, N1]_EK 後，首先，利用安全晶片背書私鑰EK^-1 解密接收到的資訊集[L, PCA, N1]_EK ，得到用戶終端上運行的用戶進程的身份標簽L、可信第三方PCA資訊以及第一隨機數N1；接著，安全晶片產生第二隨機數N2，並依據N1、N2、EK^-1 為U產生身份平台身份公私鑰對AIK、AIK^-1 ，其中，AIK=[N1||N2||L]_EK ^-1 ，AIK^-1 保留在晶片中；然後，安全晶片T通過計算得到身份內容資訊I=[AIK, L, TID, PCA]_AIK ^-1 以及利用第一隨機數N1加密得到的安全晶片的背書證書[Cert_EK]_N1 ；最後，安全晶片T將使用第一隨機數進行加密的安全晶片的背書證書[Cert_EK]_N1 、基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰AIK、包含了安全晶片的晶片標識的身份內容資訊I發送至用戶終端。　　步驟S166，用戶終端上運行的用戶進程U驗證安全晶片的合法性。　　具體地，在上述步驟中，用戶終端上的用戶進程U利用第一隨機數N1對安全晶片返回的身份資料進行解密，該身份資料包括：第一隨機數進行加密的安全晶片的背書證書[Cert_EK]_N1 、基於第一隨機數N1和第二隨機數N2產生的用戶進程的平台身份公鑰AIK、包含了安全晶片的晶片標識的身份內容資訊I=[AIK, L, T_ID , PCA]_AIK ^-1 ，其中，T_ID 可以標識安全晶片T的唯一性；在對身份資料進行解密得到背書證書Cert_EK後，根據背書證書Cert_EK得到相應的安全晶片背書公鑰EK後，利用安全晶片背書公鑰EK來解密平台身份公鑰資訊AIK=[N1||N2||L]_EK ^-1 ，如果所解密的結果資訊中包含第一隨機數N1，且身份內容資訊中包含的T_ID 的資訊與Cer_安全晶片背書證書Cert_EK所包含的T_ID 資訊一致，則認為AIK和I是個合法的T發給自己的平台身份公鑰及身份內容資訊，流程繼續，否則終止。　　步驟S168，用戶進程U向可信第三方PCA發送[Cert_EK，L] _PK _(PCA) 、公鑰AIK、指定的可信第三方PCA和簽名的身份內容I。　　具體地，在上述步驟中，用戶終端使用第三方證書伺服器提供的證書公鑰PK(PCA)對安全晶片的背書證書進行加密，得到背書證書的加密結果[Cert_EK]_PK(PCA) ，並向第三方證書伺服器(即，可信第三方PCA)發送以下資訊：背書證書的加密結果[Cert_EK]_PK(PCA) 、用戶進程的身份標簽L、第三方證書伺服器的標識資訊PCA、包含了安全晶片的晶片標識的身份內容資訊I和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰AIK。　　第三方證書伺服器接收到上述資訊後，執行如下步驟：①利用與證書公鑰PK(PCA)對應的證書私鑰SK(PCA)解密背書證書的加密結果資訊[Cert_EK，L] PK(PCA)，得到背書證書Cert_EK、用戶進程的身份標簽L、以及安全晶片背書公鑰EK，通過SK(MF)可以驗證背書證書Cert_EK的合法性；②利用安全晶片背書公鑰EK解密用戶進程的平台身份公鑰AIK，得到用戶進程的身份標簽L，判斷利用安全晶片背書公鑰EK解密得到的用戶進程的身份標簽L與步驟①得到身份標簽L是否一致，並利用平台身份公鑰AIK解密平台身份內容資訊I，如果解密得到的晶片標識T_ID 與背書證書Cert_EK裡的T_ID 一致，且包含了一致的L和T_ID ，則認為平台身份公鑰AIK和平台身份私鑰AIK^-1 來自合法的安全晶片為用戶進程產生的平台身份公私鑰對；③如果步驟①和②合理，則流程繼續，否則終止。　　步驟S170，可信第三方PCA將加密包[Cert_AIK]_EK 返回至用戶進程U。　　具體地，在上述步驟中，可信第三方PCA(第三方證書伺服器)使用證書公鑰對用戶進程的身份標簽、用戶進程的平台身份公鑰AIK、用戶進程的身份標簽和第三方證書伺服器的標識等資訊進行加密，為用戶終端的用戶進程產生相應的身份證書，並利用安全晶片背書公鑰EK對身份證書進行加密，並將加密結果分發身份證書發送一個或多個用戶終端的用戶進程U。　　步驟S172，用戶進程U向安全晶片發送利用EK產生的加密包[Cert_AIK]_EK 。　　具體地，在上述步驟中，在第三方證書伺服器分發身份證書到至少一個用戶終端之後，用戶終端將接收到的身份證書轉發給安全晶片，安全晶片使用安全晶片背書私鑰EK^-1 對加密後的身份證書進行解密，得到身份證書。　　步驟S174，安全晶片T向用戶進程Ｕ發送[Cert_AIK]_N1 。　　具體地，在上述步驟中，在安全晶片使用安全晶片背書私鑰EK^-1 對加密後的身份證書進行解密，得到身份證書之後，再採用第一隨機數對身份證書進行加密，並將加密後的身份證書發送至用戶終端。　　步驟S176，用戶終端上運行的用戶進程U解密接收到的[Cert_AIK]_N1 。　　具體地，在上述步驟中，用戶終端接收到加密後的身份證書後，利用第一隨機數進行解密得到相應身份證書。　　本申請上述實施例公開了一種可信平台身份密鑰及證書的分發方法，即利用隨機產生的會話密鑰來確定用戶進程的合法性，用安全晶片背書公鑰EK平台身份公私鑰對來確定可信安全晶片的合法性；利用隨機會話密鑰及安全晶片背書公鑰EK平台身份公私鑰對來共同防範平台身份密鑰及證書頒發過程中的中間人攻擊，偽裝獲取身份證書攻擊。　　通過本申請上述實施例公開的方案，可以達到以下技術效果：　　(1)無需借助用戶預設的口令以及實時的動態驗證碼來驗證互動實體的真實性；避免了口令及動態驗證碼在分發過程中，易截取洩露；動態驗證碼的獲取及輸入給用戶帶來使用的不便；沒有考慮用戶所在平台的安全性。　　(2)與TCG(可信計算組織)提出採用可信計算技術比較，本申請實施例提供的方案，重視平台身份密鑰的驗證。　　(3)與基於Privacy CA的遠程證明協議相比，本申請實施例提供的方案，對用戶進程向安全晶片獲取身份密鑰，以及向PCA獲取身份證書過程中的雙方身份的合法性進行確認，避免了獲取身份密鑰和身份證書的過程中存在中間人攻擊的想像；另外，在用戶向PCA申請證書時，驗證該進程是否來自可信的安全晶片平台，使得許多沒有安全晶片的平台欺騙驗證者從而獲取合法身份證書，或者通過一個被控制的合法可信平台去獲得合法身份證書。　　需要說明的是，對於前述的各方法實施例，為了簡單描述，故將其都表述為一系列的動作組合，但是本領域技術人員應該知悉，本發明並不受所描述的動作順序的限制，因為依據本發明，某些步驟可以採用其他順序或者同時進行。其次，本領域技術人員也應該知悉，說明書中所描述的實施例均屬優選實施例，所涉及的動作和模組並不一定是本發明所必須的。　　通過以上的實施方式的描述，本領域的技術人員可以清楚地瞭解到根據上述實施例的資訊安全的驗證方法可借助軟體加必需的通用硬體平台的方式來實現，當然也可以通過硬體，但很多情況下前者是更佳的實施方式。基於這樣的理解，本發明的技術方案本質上或者說對現有技術做出貢獻的部分可以以軟體產品的形式體現出來，該計算機軟體產品儲存在一個儲存介質(如ROM/RAM、磁碟、光碟)中，包括若干指令用以使得一台終端設備(可以是手機，計算機，伺服器，或者網路設備等)執行本發明各個實施例所述的方法。實施例3 　　根據本發明實施例，還提供了一種用於實施上述資訊安全的驗證方法的裝置實施例，圖17是根據本發明實施例的一種資訊安全的驗證裝置示意圖，如圖17所示，該裝置包括：第一發送模組171、接收模組173、第一解密模組175和第一確定模組177。　　其中，第一發送模組171，用於用戶終端將加密後的資訊集發送至安全晶片，其中，資訊集包括：第一隨機數；接收模組173，用於用戶終端接收安全晶片返回的身份資料，其中，身份資料包括：使用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊和用戶進程的平台身份公鑰；第一解密模組175，用於用戶終端根據第一隨機數對身份資料進行解密得到第一解密結果，其中，第一解密結果包括：對加密後的背書證書進行解密，和/或對身份內容資訊進行解密；第一確定模組177，用於用戶終端根據第一解密結果確定安全晶片是否為合法的晶片。　　此處需要說明的是，上述第一發送模組171、接收模組173、第一解密模組175和第一確定模組177可以對應於實施例2中的步驟S802至步驟S808，四個模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。　　由上可知，在本申請上述實施例中，用戶終端(實際上是用戶終端上運行的用戶進程)在將資訊集發送至安全晶片之前，利用安全晶片背書公鑰來對資訊集加密；安全晶片接收到用戶進程發送的加密後的資訊集後，採用相應的私鑰來對加密後的資訊集進行解密，由於資訊集中添加了第一隨機數，安全晶片利用第一隨機數對其背書證書進行加密後發送至用戶進程，同時將包含了其晶片標識的身份內容資訊和基於第一隨機數和第二隨機數(安全晶片內部產生的隨機數)產生的平台身份公鑰發送至用戶進程；用戶進程在接收到安全晶片返回的加密後的背書證書、包含了晶片標識的身份內容資訊以及平台身份公鑰後，利用第一隨機數進行解密，並根據解密後的解密結果確定安全晶片是否為合法的晶片。　　通過上述實施例公開的方案，達到了用戶終端上的用戶進程與安全晶片之間進行可信性驗證的目的，從而實現了提高通信過程中資訊安全性的技術效果。　　由此，本申請上述實施例解決了現有技術中用戶終端上運行的用戶進程與安全晶片互動時沒有對雙方身份進行合法性驗證的技術問題。　　在一種可選的實施例中，上述第一發送模組包括：第一加密模組，用於用戶終端使用安全晶片背書公鑰對資訊集進行加密，其中，資訊集還包括：用戶終端上運行的用戶進程的標識資訊和第三方證書伺服器的資訊。　　此處需要說明的是，上述第一加密模組可以對應於實施例2中的步驟S801，該模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。　　在一種可選的實施例中，上述裝置還包括：第二解密模組，用於安全晶片使用與安全晶片背書公鑰EK對應的安全晶片背書私鑰EK^-1 對加密後的資訊集進行解密，得到資訊集；第二加密模組，用於在獲取到第二隨機數之後，安全晶片根據資訊集、第二隨機數和安全晶片背書私鑰EK^-1 產生用戶進程的平台身份公鑰AIK、平台身份私鑰AIK^-1 和身份內容資訊，並使用第一隨機數對安全晶片的背書證書進行加密；第二發送模組，用於安全晶片至少將如下資訊發送至用戶終端：身份內容資訊、加密後的背書證書和平台身份公鑰AIK。　　此處需要說明的是，上述第二解密模組、第二加密模組和第二發送模組可以對應於實施例2中的步驟S902至步驟S906，三個模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。　　在一種可選的實施例中，上述第一解密模組包括：第三解密模組，用於使用第一隨機數對加密後的背書證書進行解密，得到背書證書；第一驗證模組，用於根據背書證書得到安全晶片背書公鑰，並驗證背書證書的合法性；第四解密模組，用於使用安全晶片背書公鑰對平台身份公鑰進行解密，得到第三解密結果。　　此處需要說明的是，上述第三解密模組、第一驗證模組和第四解密模組可以對應於實施例2中的步驟S102至步驟S106，三個模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。　　在一種可選的實施例中，上述第一確定模組包括：第二驗證模組，用於驗證第三解密結果中是否包含第一隨機數；第二確定模組，用於如果第三解密結果中包含第一隨機數，則確定安全晶片為合法的晶片。　　此處需要說明的是，上述第二驗證模組和第二確定模組可以對應於實施例2中的步驟S112至步驟S114，兩個模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。　　在一種可選的實施例中，上述裝置還包括：第三確定模組，用於如果第三解密結果中包含第一隨機數，且身份內容資訊中包含的晶片標識與背書證書中記錄的晶片標識一致，則確定安全晶片為合法的晶片。　　此處需要說明的是，上述第三確定模組可以對應於實施例2中的步驟S116，該模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。　　在一種可選的實施例中，上述裝置還包括：第三加密模組，用於用戶終端使用第三方證書伺服器提供的證書公鑰對安全晶片的背書證書進行加密，得到背書證書的加密結果；第三發送模組，用於用戶終端向第三方證書伺服器發送待驗證的資訊，待驗證的資訊包括至少如下資料：背書證書的加密結果、用戶終端上運行的用戶進程的身份標簽、第三方證書伺服器的標識資訊、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰。　　此處需要說明的是，上述第三加密模組和第三發送模組可以對應於實施例2中的步驟S122至步驟S124，四個模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。　　在一種可選的實施例中，上述裝置還包括：第五解密模組，用於第三方證書伺服器使用與證書公鑰對應的證書私鑰對背書證書的加密結果進行解密，得到第四解密結果，其中，第四解密結果包括：安全晶片的背書證書、用戶進程的身份標簽L和安全晶片的安全晶片背書公鑰EK；第六解密模組，用於第三方證書伺服器使用安全晶片背書公鑰EK對用戶進程的平台身份公鑰AIK進行解密，得到用戶進程的身份標簽，並使用用戶進程的平台身份公鑰AIK對身份內容資訊進行解密，得到解密資訊；第四確定模組，用於如果解密資訊中包含的晶片標識與背書證書中記錄的晶片標識一致，和/或解密資訊中包含的用戶進程的身份標簽與背書證書中記錄的身份標簽一致，第三方證書伺服器確定用戶進程的平台身份公私鑰對由合法的安全晶片所產生。　　此處需要說明的是，上述第五解密模組、第六解密模組和第四確定模組可以對應於實施例2中的步驟S132至步驟S136，三個模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。　　在一種可選的實施例中，上述裝置還包括：第四加密模組，用於第三方證書伺服器使用證書公鑰對預定的資料集合進行加密，產生身份證書，其中，預定的資料集合包括：用戶進程的身份標簽、用戶進程的平台身份公鑰、用戶進程的身份標簽和第三方證書伺服器的標識資訊；第五加密模組，用於第三方證書伺服器使用安全晶片背書公鑰對身份證書進行加密，並將加密結果分發身份證書到至少一個用戶終端。　　此處需要說明的是，上述第四加密模組和第五加密模組可以對應於實施例2中的步驟S142至步驟S144，兩個模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。　　在一種可選的實施例中，上述裝置還包括：第四發送模組，用於接收到身份證書的用戶終端將身份證書轉發給安全晶片；第七解密模組，用於安全晶片使用安全晶片背書私鑰對加密後的身份證書進行解密，得到身份證書。　　此處需要說明的是，上述第四發送模組和第七解密模組可以對應於實施例2中的步驟S152至步驟S154，兩個模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。　　在一種可選的實施例中，上述裝置還包括：處理模組，用於安全晶片採用第一隨機數對身份證書進行加密，並將加密結果發送至用戶終端，是的用戶終端採用本地儲存的第一隨機數解密得到身份證書。　　此處需要說明的是，上述處理模組可以對應於實施例2中的步驟S156，該模組與對應的步驟所實現的實例和應用場景相同，但不限於上述實施例2所公開的內容。需要說明的是，上述模組作為裝置的一部分可以運行在實施例2提供的計算機終端60中。實施例4 　　本發明的實施例可以提供一種計算機終端，該計算機終端可以是計算機終端群中的任意一個計算機終端設備。可選地，在本實施例中，上述計算機終端也可以替換為移動終端等終端設備。　　可選地，在本實施例中，上述計算機終端可以位於計算機網路的多個網路設備中的至少一個網路設備。　　在本實施例中，上述計算機終端可以執行應用程式的資訊安全的驗證方法中以下步驟的程式代碼：用戶終端將加密後的資訊集發送至安全晶片，其中，資訊集包括：第一隨機數；用戶終端接收安全晶片返回的身份資料，其中，身份資料包括：使用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰；用戶終端根據第一隨機數對身份資料進行解密得到第一解密結果，其中，第一解密結果包括：對加密後的背書證書進行解密，和/或對身份內容資訊進行解密；用戶終端根據第一解密結果確定安全晶片是否為合法的晶片。　　可選地，圖18是根據本發明實施例的一種計算機終端的結構方塊圖。如圖18所示，該計算機終端A可以包括：一個或多個(圖中僅示出一個)處理器181、記憶體183、以及傳輸裝置185。　　其中，記憶體可用於儲存軟體程式以及模組，如本發明實施例中的資訊安全的驗證方法和裝置對應的程式指令/模組，處理器通過運行儲存在記憶體內的軟體程式以及模組，從而執行各種功能應用以及資料處理，即實現上述的資訊安全的驗證方法。記憶體可包括高速隨機記憶體，還可以包括非揮發性記憶體，如一個或者多個磁性儲存裝置、快閃記憶體、或者其他非揮發性固態記憶體。在一些實例中，記憶體可進一步包括相對於處理器遠程設置的記憶體，這些遠程記憶體可以通過網路連接至終端A。上述網路的實例包括但不限於互聯網、企業內部網、區域網、移動通信網及其組合。　　處理器可以通過傳輸裝置調用記憶體儲存的資訊及應用程式，以執行下述步驟：用戶終端將加密後的資訊集發送至安全晶片，其中，資訊集包括：第一隨機數；用戶終端接收安全晶片返回的身份資料，其中，身份資料包括：使用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰；用戶終端根據第一隨機數對身份資料進行解密得到第一解密結果，其中，第一解密結果包括：對加密後的背書證書進行解密，和/或對身份內容資訊進行解密；用戶終端根據第一解密結果確定安全晶片是否為合法的晶片。　　可選的，上述處理器還可以執行如下步驟的程式代碼：用戶終端使用安全晶片背書公鑰EK對資訊集進行加密，其中，資訊集還包括：用戶終端上運行的用戶進程的標識資訊和第三方證書伺服器的資訊。　　可選的，上述處理器還可以執行如下步驟的程式代碼：安全晶片使用與安全晶片背書公鑰對應的安全晶片背書私鑰對加密後的資訊集進行解密，得到資訊集；在獲取到第二隨機數之後，安全晶片根據資訊集、第二隨機數和安全晶片背書私鑰產生用戶進程的平台身份公鑰、平台身份私鑰和身份內容資訊，並使用第一隨機數對安全晶片的背書證書進行加密；安全晶片至少將如下資訊發送至用戶終端：身份內容資訊、加密後的背書證書和平台身份公鑰。　　可選的，上述處理器還可以執行如下步驟的程式代碼：使用第一隨機數對加密後的背書證書進行解密，得到背書證書；根據背書證書得到安全晶片背書公鑰，並驗證背書證書的合法性；使用安全晶片背書公鑰對平台身份公鑰進行解密，得到第三解密結果。　　可選的，上述處理器還可以執行如下步驟的程式代碼：驗證第三解密結果中是否包含第一隨機數；如果第三解密結果中包含第一隨機數，則確定安全晶片為合法的晶片。　　可選的，上述處理器還可以執行如下步驟的程式代碼：如果第三解密結果中包含第一隨機數，且身份內容資訊中包含的晶片標識與背書證書中記錄的晶片標識一致，則確定安全晶片為合法的晶片。　　可選的，上述處理器還可以執行如下步驟的程式代碼：用戶終端使用第三方證書伺服器提供的證書公鑰對安全晶片的背書證書進行加密，得到背書證書的加密結果；用戶終端向第三方證書伺服器發送待驗證的資訊，待驗證的資訊包括至少如下資料：背書證書的加密結果、用戶終端上運行的用戶進程的身份標簽、第三方證書伺服器的標識資訊、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰。　　可選的，上述處理器還可以執行如下步驟的程式代碼：第三方證書伺服器使用與證書公鑰對應的證書私鑰對背書證書的加密結果進行解密，得到第四解密結果，其中，第四解密結果包括：安全晶片的背書證書、用戶進程的身份標簽和安全晶片的安全晶片背書公鑰EK；第三方證書伺服器使用安全晶片背書公鑰對用戶進程的平台身份公鑰進行解密，得到用戶進程的身份標簽，並使用用戶進程的平台身份公鑰對身份內容資訊進行解密，得到解密資訊；如果解密資訊中包含的晶片標識與背書證書中記錄的晶片標識一致，和/或解密資訊中包含的用戶進程的身份標簽與背書證書中記錄的身份標簽一致，第三方證書伺服器確定用戶進程的平台身份公私鑰對由合法的安全晶片所產生。　　可選的，上述處理器還可以執行如下步驟的程式代碼：第三方證書伺服器使用證書公鑰對預定的資料集合進行加密，產生身份證書，其中，預定的資料集合包括：用戶進程的身份標簽、用戶進程的平台身份公鑰、用戶進程的身份標簽和第三方證書伺服器的標識資訊；第三方證書伺服器使用安全晶片背書公鑰對身份證書進行加密，並將加密結果分發身份證書到至少一個用戶終端。　　可選的，上述處理器還可以執行如下步驟的程式代碼：接收到身份證書的用戶終端將身份證書轉發給安全晶片；安全晶片使用安全晶片背書私鑰對加密後的身份證書進行解密，得到身份證書。　　可選的，上述處理器還可以執行如下步驟的程式代碼：安全晶片採用第一隨機數對身份證書進行加密，並將加密結果發送至用戶終端，使得用戶終端採用本地儲存的第一隨機數解密得到身份證書。　　本領域普通技術人員可以理解，圖18所示的結構僅為示意，計算機終端也可以是智慧型手機(如Android手機、iOS手機等)、平板電腦、掌聲電腦以及移動互聯網設備(Mobile Internet Devices，MID)、PAD等終端設備。圖18其並不對上述電子裝置的結構造成限定。例如，計算機終端18還可包括比圖18中所示更多或者更少的組件(如網路介面、顯示裝置等)，或者具有與圖18所示不同的配置。　　本領域普通技術人員可以理解上述實施例的各種方法中的全部或部分步驟是可以通過程式來指令終端設備相關的硬體來完成，該程式可以儲存於一計算機可讀儲存介質中，儲存介質可以包括：快閃記憶體、唯讀記憶體(Read-Only Memory，ROM)、隨機存取記憶體(Random Access Memory，RAM)、磁碟或光碟等。實施例5 　　本發明的實施例還提供了一種儲存介質。可選地，在本實施例中，上述儲存介質可以用於保存上述實施例2所提供的資訊安全的驗證方法所執行的程式代碼。　　可選地，在本實施例中，上述儲存介質可以位於計算機網路中計算機終端群中的任意一個計算機終端中，或者位於移動終端群中的任意一個移動終端中。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：用戶終端將加密後的資訊集發送至安全晶片，其中，資訊集包括：第一隨機數；用戶終端接收安全晶片返回的身份資料，其中，身份資料包括：使用第一隨機數進行加密的安全晶片的背書證書、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰；用戶終端根據第一隨機數對身份資料進行解密得到第一解密結果，其中，第一解密結果包括：對加密後的背書證書進行解密，和/或對身份內容資訊進行解密；用戶終端根據第一解密結果確定安全晶片是否為合法的晶片。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：用戶終端使用安全晶片背書公鑰對資訊集進行加密，其中，資訊集還包括：用戶終端上運行的用戶進程的標識資訊和第三方證書伺服器的資訊。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：安全晶片使用與安全晶片背書公鑰對應的安全晶片背書私鑰對加密後的資訊集進行解密，得到資訊集；在獲取到第二隨機數之後，安全晶片根據資訊集、第二隨機數和安全晶片背書私鑰EK^-1 產生用戶進程的平台身份公鑰、平台身份私鑰和身份內容資訊，並使用第一隨機數對安全晶片的背書證書進行加密；安全晶片至少將如下資訊發送至用戶終端：身份內容資訊、加密後的背書證書和平台身份公鑰。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：使用第一隨機數對加密後的背書證書進行解密，得到背書證書；根據背書證書得到安全晶片背書公鑰EK，並驗證背書證書的合法性；使用安全晶片背書公鑰對平台身份公鑰進行解密，得到第三解密結果。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：驗證第三解密結果中是否包含第一隨機數；如果第三解密結果中包含第一隨機數，則確定安全晶片為合法的晶片。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：如果第三解密結果中包含第一隨機數，且身份內容資訊中包含的晶片標識與背書證書中記錄的晶片標識一致，則確定安全晶片為合法的晶片。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：用戶終端使用第三方證書伺服器提供的證書公鑰對安全晶片的背書證書進行加密，得到背書證書的加密結果；用戶終端向第三方證書伺服器發送待驗證的資訊，待驗證的資訊包括至少如下資料：背書證書的加密結果、用戶終端上運行的用戶進程的身份標簽、第三方證書伺服器的標識資訊、包含了安全晶片的晶片標識的身份內容資訊和基於第一隨機數和第二隨機數產生的用戶進程的平台身份公鑰。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：第三方證書伺服器使用與證書公鑰對應的證書私鑰對背書證書的加密結果進行解密，得到第四解密結果，其中，第四解密結果包括：安全晶片的背書證書、用戶進程的身份標簽和安全晶片的安全晶片背書公鑰；第三方證書伺服器使用安全晶片背書公鑰對用戶進程的平台身份公鑰進行解密，得到用戶進程的身份標簽，並使用用戶進程的平台身份公鑰對身份內容資訊進行解密，得到解密資訊；如果解密資訊中包含的晶片標識與背書證書中記錄的晶片標識一致，和/或解密資訊中包含的用戶進程的身份標簽與背書證書中記錄的身份標簽一致，第三方證書伺服器確定用戶進程的平台身份公私鑰對由合法的安全晶片所產生。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：第三方證書伺服器使用證書公鑰對預定的資料集合進行加密，產生身份證書，其中，預定的資料集合包括：用戶進程的身份標簽、用戶進程的平台身份公鑰、用戶進程的身份標簽和第三方證書伺服器的標識資訊；第三方證書伺服器使用安全晶片背書公鑰對身份證書進行加密，並將加密結果分發身份證書到至少一個用戶終端。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：接收到身份證書的用戶終端將身份證書轉發給安全晶片；安全晶片使用安全晶片背書私鑰對加密後的身份證書進行解密，得到身份證書。　　可選地，在本實施例中，儲存介質被設置為儲存用於執行以下步驟的程式代碼：安全晶片採用第一隨機數對身份證書進行加密，並將加密結果發送至用戶終端，使得用戶終端採用本地儲存的第一隨機數解密得到身份證書。　　上述本發明實施例序號僅僅為了描述，不代表實施例的優劣。　　在本發明的上述實施例中，對各個實施例的描述都各有側重，某個實施例中沒有詳述的部分，可以參見其他實施例的相關描述。　　在本申請所提供的幾個實施例中，應該理解到，所揭露的技術內容，可通過其它的方式實現。其中，以上所描述的裝置實施例僅僅是示意性的，例如該單元的劃分，僅僅為一種邏輯功能劃分，實際實現時可以有另外的劃分方式，例如多個單元或組件可以結合或者可以集成到另一個系統，或一些特徵可以忽略，或不執行。另一點，所顯示或討論的相互之間的耦合或直接耦合或通信連接可以是通過一些介面，單元或模組的間接耦合或通信連接，可以是電性或其它的形式。　　該作為分離部件說明的單元可以是或者也可以不是物理上分開的，作為單元顯示的部件可以是或者也可以不是物理單元，即可以位於一個地方，或者也可以分佈到多個網路單元上。可以根據實際的需要選擇其中的部分或者全部單元來實現本實施例方案的目的。　　另外，在本發明各個實施例中的各功能單元可以集成在一個處理單元中，也可以是各個單元單獨物理存在，也可以兩個或兩個以上單元集成在一個單元中。上述集成的單元既可以採用硬體的形式實現，也可以採用軟體功能單元的形式實現。　　該集成的單元如果以軟體功能單元的形式實現並作為獨立的產品銷售或使用時，可以儲存在一個計算機可讀取儲存介質中。基於這樣的理解，本發明的技術方案本質上或者說對現有技術做出貢獻的部分或者該技術方案的全部或部分可以以軟體產品的形式體現出來，該計算機軟體產品儲存在一個儲存介質中，包括若干指令用以使得一台計算機設備(可為個人計算機、伺服器或者網路設備等)執行本發明各個實施例所述方法的全部或部分步驟。而前述的儲存介質包括：U碟、唯讀記憶體(ROM，Read-Only Memory)、隨機存取記憶體(RAM，Random Access Memory)、移動硬碟、磁碟或者光碟等各種可以儲存程式代碼的介質。　　以上所述僅是本發明的優選實施方式，應當指出，對於本技術領域的普通技術人員來說，在不脫離本發明原理的前提下，還可以做出若干改進和潤飾，這些改進和潤飾也應視為本發明的保護範圍。In order to enable those skilled in the art to better understand the solutions of the present invention, the technical solutions in the embodiments of the present invention will be described clearly and completely in combination with the drawings in the embodiments of the present invention. Obviously, the described embodiments are only The embodiments are part of the present invention, but not all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative labor shall fall within the protection scope of the present invention. It should be noted that the terms "first" and "second" in the scope of the description and patent application of the present invention and the above drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the materials used as such are interchangeable under appropriate circumstances so that the embodiments of the invention described herein can be implemented in an order other than those illustrated or described herein. Furthermore, the terms "including" and "having" and any of their variations are intended to cover non-exclusive inclusions, for example, a process, method, system, product, or device that includes a series of steps or units need not be limited to those explicitly listed Those steps or units may instead include other steps or units not explicitly listed or inherent to these processes, methods, products or equipment. First of all, some terms or terms appearing during the description of the embodiments of this application are applicable to the following explanations: (1) U: user process running on the user terminal; (2) T: security chip; (3) T_ID : The unique identification of the security chip can identify the uniqueness of the security chip T; (4) PCA: the information of the third-party certificate server, that is, a trusted third party; (5) N1: the first random number, which runs on the user terminal Random number generated by user process U; (6) N2: second random number, random number generated by security chip T; (7) L: identification information of the user process running on the user terminal, that is, the identity tag of the user process; (8) AIK: The security chip T generates a key used to verify the identity of the platform for the user process U, where AIK is the platform identity public key of the user process U, AIK^-1 Is the platform identity private key of the user process U, and the platform identity private key is stored inside the chip of the security chip T; (9) I = [AIK, L, PCA]_AIK ^-1 , Note: Indicates the platform identity private key AIK^-1 Encrypted information set: AIK, L, PCA; (10) EK: Security chip endorsement public key of security chip T; EK^-1 : Security chip endorsement private key corresponding to security chip endorsement public key EK in security chip T; 11 (11) Cert_EK: Endorsement certificate of security chip, Cert_EK = [TID, EK, MF]_{SK (MF)} , Where MF is the manufacturer and SK (MF) is the manufacturer's private key; [T, EK, MF]_{SK (MF)} Indicates that the information [T, EK, MF] is encrypted with the manufacturer's private key SK (MF). In the embodiment of this application, [Y]_X Denote that Y is encrypted with X, which will not be repeated later; (12) Cert_AIK = [L, AIK, PCA]_{SK (PCA)} (13) PCA's platform identity public and private key pair: PK (PCA) is the public key of PCA, SK (PCA) is the private key of PCA; (14) Certificate format [u, PK (u), CA]_{Sk (CA)} : Among them, u represents the certificate owner; PK (u) represents the certificate owner's public key; CA represents the certificate issuer; Sk (CA) represents the certificate issuer's private key. Embodiment 1 According to the embodiment of the present invention, an embodiment of a system for information security verification is also provided. It should be noted that the embodiment of the information security verification system provided in Embodiment 1 of the present invention can be applied as shown in FIG. 3 In the hardware environment composed of the server 303 and the terminal 301. As shown in FIG. 3, the terminal 301 may be connected to one or more servers via a data network connection or electronically. In an optional embodiment, the terminal 301 may be, but is not limited to, a PC, a mobile phone, a notebook computer, and a tablet computer. The data network connection can be a LAN connection, a WAN connection, an Internet connection, or other types of data network connections. The terminal 301 may execute to connect to a web service performed by a server or a group of servers. Web servers are web-based user services such as social networks, cloud resources, email, online payments, or other online applications. It should be noted that the terminal 301 in the system embodiment provided in the first embodiment of the present application may be executed in a computer terminal, a mobile terminal, or a similar computing device. Taking a mobile terminal as an example, FIG. 4 is a block diagram of a hardware structure of a mobile terminal for implementing an information security verification system according to an embodiment of the present invention. As shown in FIG. 4, the mobile terminal 40 may include one or more (only one shown in the figure) a processor 402 (the processor 402 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) ), A memory 404 for storing data, and a transmission device 406 for communication functions. Persons of ordinary skill in the art can understand that the structure shown in FIG. 4 is only schematic, and it does not limit the structure of the electronic device. For example, the mobile terminal 40 may further include more or fewer components than those shown in FIG. 4, or have a different configuration from that shown in FIG. 4. The memory 404 may be used to store software programs and modules of application software, such as program instructions / modules corresponding to the information security verification method in the embodiment of the present invention. The processor 402 runs the software programs stored in the memory 404 and Module to perform various functional applications and data processing, that is, to achieve the above-mentioned information security verification method. The memory 404 may include high-speed random memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 404 may further include memory remotely disposed with respect to the processor 402, and these remote memories may be connected to the mobile terminal 40 through a network. Examples of the above network include, but are not limited to, the Internet, an intranet, an intranet, a mobile communication network, and combinations thereof. The transmission device 406 is used to receive or send data via a network. The above specific examples of the network may include a wireless network provided by a communication provider of the mobile terminal 40. In one example, the transmission device 406 includes a network interface controller (NIC), which can be connected to other network devices through a base station so as to communicate with the Internet. In one example, the transmission device 406 may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner. It should be noted here that in some optional embodiments, the mobile terminal shown in FIG. 4 may include hardware components (including circuits), software components (including computer code stored on a computer-readable medium), or A combination of both hardware and software components. It should be noted that FIG. 4 is only one example of a specific specific example, and is intended to illustrate the types of components that may be present in the above-mentioned mobile terminal. It should be noted that the block diagram of the hardware structure shown in FIG. 4 can be used not only as an exemplary block diagram of the foregoing terminal 301 but also as an exemplary block diagram of the foregoing server 303. In the above-mentioned operating environment, this application provides an embodiment of an information security verification system. FIG. 5 is a schematic diagram of an information security verification system according to an embodiment of the present invention. As shown in FIG. 5, the system includes a security chip 501 and a user terminal 503. The user terminal 503 is configured to send the encrypted information set to the security chip 501, receive the identity data returned by the security chip 501, and decrypt the identity data according to the first random number to obtain a first decryption result, and according to the first decryption result Determine whether the security chip is a legitimate chip; Among them, the information set includes: the first random number, and the identity data includes: an endorsement certificate of the security chip encrypted using the first random number, the identity content information including the chip identification of the security chip, and The security chip is a platform identity public key generated by a user process running on the user terminal. The first decryption result includes decrypting the encrypted endorsement certificate, and / or decrypting identity content information. Specifically, in this embodiment, the above-mentioned security chip 501 may be a trusted platform module for performing security protection while calculating and calculating. It is a device capable of independently generating and encrypting keys, and has an independent internal The processor and storage unit can store keys and characteristic data, provide encryption and security authentication services for terminal equipment; use a security chip for encryption, the keys are stored in hardware, and stolen data cannot be decrypted, thereby protecting business privacy And data security; the user terminal may be a terminal device such as a computer, a notebook computer, a tablet computer, or a mobile phone for communication. The user process may be a process that the user runs on the user terminal. Once the user process is generated, the security chip will be The user process generates a corresponding platform identity key pair, the user process obtains the platform identity public key, and the user process ’s platform identity private key remains inside the security chip; the above information set is the user terminal ’s identity tag, Information about trusted third-party PCA information. What needs to be explained is that this application Shi, the information that adding the first random number, therefore, the above information set may include identity tag user processes running on the user terminal, PCA trusted third party information and the first random number. Through the solution disclosed by the security chip and the user terminal in the above embodiment, the user terminal (actually, a user process running on the user terminal) first encrypts the information set before sending the information set to the security chip; After the encrypted information set is sent to the security chip, the security chip receives the encrypted information set sent by the user terminal and decrypts it to obtain the user terminal's identity tag, trusted third-party PCA information, and the first random number; inside the security chip Generate a second random number, and use the first random number, the second random number, and the secure chip endorsement private key inside the security chip to generate a platform identity platform identity public and private key pair for the user process, wherein the platform identity private key is retained in the security chip The platform identity public key is sent to the user process. At the same time, the endorsement certificate of the security chip encrypted with the first random number and the identity content information including the chip identification of the security chip are also sent to the user terminal. After receiving the identity data returned by the security chip, the user terminal uses the first random number to decrypt the received identity data, obtain a first decryption result, and verify whether the security chip is a legitimate chip. In an optional embodiment, it is assumed that the user process U, the security chip T, and the trusted third-party PCA running on the user terminal have obtained the security chip endorsement public key EK before the identity key and the identity certificate interact, and the user process U may The information set [L, PCA, N1] is encrypted using the security chip endorsement public key EK, where L is the identity tag of the user process U, PCA is the trusted third-party information, and N1 is the first random number. Based on the above embodiment, the security chip receives the information set encrypted by the security chip endorsement public key EK [L, PCA, N1]_EK Then, first, endorsing the private key EK with a security chip^-1 Decrypt the received information set [L, PCA, N1]_EK To obtain the identity tag L of the user process, trusted third-party PCA information, and the first random number N1; then, the security chip generates a second random number N2, and according to N1, N2, EK^-1 Generate platform identity platform identity public and private key pair AIK (platform identity public key), AIK for user process U^-1 (Platform identity private key), where AIK = [N1 || N2 || L]_EK ^-1 , Platform identity private key AIK^-1 Retained in the security chip T; then, the security chip T obtains the identity content information through calculation I = [AIK, L, TID, PCA]_AIK ^-1 And the endorsement certificate of the security chip encrypted with the first random number N1 [Cert_EK]_N1 ; Finally, the security chip T will use the first random number to encrypt the endorsement certificate of the security chip [Cert_EK]_N1 The platform identity public key AIK of the user process generated based on the first random number and the second random number (random number generated inside the security chip), and the identity content information I including the chip identification of the security chip is sent to the user process. As an optional embodiment, the above identity information may include: an endorsement certificate of the security chip encrypted by the first random number [Cert_EK]_N1 The platform identity public key AIK based on the user process generated by the first random number and the second random number, and the identity content information including the chip identification of the security chip I = [AIK, L, TID, PCA]_AIK ^-1 , Where T_ID The uniqueness of the security chip T can be identified, and T_ID Binding with the identity tag L of the user process as part of the platform identity information of the user process U solves the binding of the user process request identity and the security chip platform identity. After receiving the platform identity key returned by the security chip, the user terminal uses the first random number N1 to endorse the encrypted security chip [Cert_EK]_N1 After decryption, the endorsement certificate Cert_EK can be obtained. Optionally, based on the solution disclosed in the above embodiment, the user process U decrypts the identity key by using the first random number N1 to obtain the endorsement certificate Cert_EK, and then obtains the corresponding security chip endorsement public key EK according to the endorsement certificate Cert_EK, and then uses Security chip endorses public key EK to decrypt platform identity public key AIK = [N1 || N2 || L]_EK ^-1 , If the decrypted result information includes the first random number N1, and the identity content information contains T_ID Information and Cer_Secure chip endorsement certificate Cert_EK contains T_ID If the information is consistent, it is considered that AIK and I are legitimate security chips. T sends its own platform identity public key and identity content information. The process continues, or it terminates. It can be known from the above that, in the above embodiment of the present application, before the user terminal (actually a user process running on the user terminal) sends the information set to the security chip, the information set is encrypted by the security chip endorsement public key; the security chip After receiving the encrypted information set sent by the user process, the corresponding private key is used to decrypt the encrypted information set. Since the first random number is added to the information set, the security chip uses the first random number to endorse the endorsed certificate. After encryption, it is sent to the user process, and at the same time, the identity content information including its chip identification and the platform identity public key generated based on the first random number and the second random number (random number generated inside the security chip) are sent to the user process; the user; After receiving the encrypted endorsement certificate returned by the security chip, the identity content information containing the chip identification, and the platform identity public key, the process uses the first random number to decrypt, and determines whether the security chip is legitimate according to the decrypted decryption result Of wafers. Through the solutions disclosed in the above embodiments, the purpose of credibility verification between the user process on the user terminal and the security chip is achieved, thereby achieving the technical effect of improving information security in the communication process. Therefore, the foregoing embodiment of the present application solves the technical problem that the user processes running on the user terminal in the prior art do not perform legality verification on the identity of both parties when interacting with the security chip.一种 In an optional embodiment, the security chip 501 is further configured to use a security chip endorsement private key EK corresponding to the security chip endorsement public key EK.^-1 Decrypt the encrypted information set to obtain the information set, and after obtaining the second random number (the random number generated inside the security chip), endorse the private key EK according to the information set, the second random number, and the security chip^-1 Generate the platform identity public key AIK and platform identity private key AIK of the user process^-1 And identity content information, and use the first random number to encrypt the endorsement certificate of the security chip; the user terminal 503 is also used to receive at least the following information sent by the security chip: identity content information, encrypted endorsement certificate, and platform identity publicity Key AIK. Specifically, in the above embodiment, after the user terminal 503 sends the encrypted information set to the security chip 501, the security chip 501 receives the encrypted information set sent by the user terminal 503, and can endorse the public key EK with the security chip. Corresponding security chip endorses the private key EK^-1 Decrypt the encrypted information set to obtain the identity tag of the user process running on the user terminal 503, trusted third-party PCA information, and a first random number generated by the user process U running on the user terminal 503; and generate a second random number Using the first random number, the second random number, and the secure chip endorsement private key EK inside the secure chip 501^-1 Generate platform identity platform identity public and private key pair for user process running on user terminal 503, that is, platform identity public key AIK and platform identity private key AIK of user process U^-1 ; Among them, the platform identity private key AIK^-1 Retained in the security chip 501, the platform identity public key AIK is sent to the user terminal 503, and the endorsement certificate and identity content information of the security chip 501 encrypted with the first random number is also sent to the user terminal 503. It should be noted here that the identity content information includes the chip identification of the security chip T. As can be seen from the background of this application, during the existing platform identity key and certificate distribution process, the signature sent by the security chip T to the user process U After the identity content information is I = [AIK, L, PCA] AIK^-1 In the embodiment of the present application, the identity content information I = [AIK, L, TID, PCA] obtained by the security chip T is calculated, where T_ID Uniquely identifies the security chip T. Through the above embodiment, the security chip 501 uses the first random number, the second random number, and the security chip endorsement private key EK inside the security chip 501^-1 Generate the platform identity public key AIK of the security chip 501, which can facilitate subsequent user processes to verify the security chip 501. The security chip 501 uses T_ID It is used to identify the uniqueness of the trusted chip T and bind it with the identity tag L as part of the platform identity information of the user process U, which solves the binding of the user process request identity and the trusted chip platform identity. In an optional embodiment, as shown in FIG. 5, the above system further includes: a third-party certificate server 505 that receives the information to be verified sent by the user terminal 503, and the information to be verified includes at least the following information: using a third party The encryption public result of the certificate provided by the server to encrypt the endorsement certificate of the security chip, the identity tag of the user process running on the user terminal, the identification information of the third-party certificate server 505, and the identity content information including the chip identification of the security chip And the platform identity public key of the user process generated based on the first random number and the second random number. Specifically, in the above embodiment, the user terminal sends the encryption result of the endorsement certificate to the third-party certificate server 505, the identity tag of the user process running on the user terminal, the identification information of the third-party certificate server 505, and security information. After the identity content information of the chip identification of the chip and the platform identity public key of the user process generated based on the first random number and the second random number, the third-party certificate server 505 endorses the certificate private key corresponding to the certificate public key. The encrypted result of the certificate is decrypted to obtain the endorsement certificate of the security chip, the identity tag L of the user process, and the security chip endorsement public key EK of the security chip. Then, the third-party certificate server 505 uses the security chip endorsement public key EK of the security chip. Decrypt the platform identity public key AIK of the user process to obtain the identity tag L of the user process U, and use the platform identity public key AIK of the user process to decrypt the identity content information to obtain the corresponding decryption information. If the decrypted information contains a chip The identification is consistent with the wafer identification recorded in the endorsement certificate, and / or the decryption information Consistent with the endorsement certificate user identity label process included in the record of the identity of the label is determined to provide security chip user process to run on the user terminal U provides a legal platform identity platform identity public and private key pairs. In an optional embodiment, the user terminal encrypts the endorsement certificate of the security chip using the public certificate key PK (PCA) provided by the third-party certificate server 505 to obtain the encryption result of the endorsement certificate [Cert_EK]_{PK (PCA)} , And send the following information to the third-party certificate server 505 (ie, a trusted third-party PCA): the encryption result of the endorsement certificate [Cert_EK]_{PK (PCA)} , The identity tag L of the user process, the identification information PCA of the third-party certificate server 505, the identity content information I including the chip identification of the security chip, and the platform identity of the user process based on the first random number and the second random number Key AIK. After receiving the above information, the third-party certificate server 505 uses the private certificate SK (PCA) corresponding to the certificate public key PK (PCA) to decrypt the encrypted result information of the endorsement certificate [Cert_EK, L] PK (PCA) to obtain the endorsement certificate. Cert_EK, the identity tag L of the user process, and the security chip endorsement public key EK. The security chip endorsement public key EK is used to decrypt the user process's platform identity public key AIK to obtain the user process's identity tag L, and the security chip endorsement public key EK is determined. The identity tag L of the user process obtained after decryption and the encrypted result information [Cert_EK, L] PK (PCA) obtained by using the certificate private key SK (PCA) to decrypt the endorsement certificate are consistent, and the platform identity public key AIK is used to decrypt the platform Chip ID T obtained from identity content information I_ID T in endorsement certificate Cert_EK_ID Whether they are consistent to determine the platform identity public key AIK and platform identity private key AIK^-1 Whether it comes from a platform identity public-private key pair generated by a legitimate security chip for the user process. Through the above embodiments, the legality of the security chip of the platform identity public and private key pair provided for the user process is verified. In an optional embodiment, the user terminal 503 is further configured to encrypt the information set by using the secure chip endorsement public key EK, wherein the information set further includes: identification information of a user process running on the user terminal 503 and a third party Certificate server information. Specifically, in the above embodiment, the public key EK endorsed by the security chip may be a platform identity public key used in the distribution process of the platform identity key and identity certificate based on the TCG specification; the user process running on the user terminal 503 The identification information may be an identification tag of the user terminal 503, and the information of the third-party certificate server may be information of a trusted third-party platform; in an optional embodiment, it is assumed that the user terminal 503U, the security chip 501T, and the trusted third-party PCA Before the platform identity key and identity certificate interact, the platform security chip endorses the public key EK. Before the user terminal 503 sends the encrypted information set to the security chip 501, the user can first use the security chip endorsement public key EK to collect the information set. [L, PCA, N1] encryption, where L is the identity tag of the user terminal 503, PCA is the information of the third-party certificate server, N1 is the first random number, and the randomly generated number generated by the user process U. In an optional embodiment, the user terminal 503 is further configured to decrypt the encrypted endorsement certificate using the first random number to obtain the endorsement certificate; obtain the security chip endorsement public key EK according to the endorsement certificate, and verify the endorsement certificate. Legality; use the security chip to endorse the public key EK to decrypt the platform identity public key AIK, and obtain the third decryption result. Specifically, in the above embodiment, the first random number may be a randomly generated number generated by a user process U running on the user terminal 503; after receiving the platform identity public key returned by the security chip 501, the user terminal 503 uses the first A random number is used to decrypt the endorsement certificate of the security chip 501 encrypted with the first random number to obtain the endorsement certificate of the security chip 501; use the endorsement certificate to obtain the corresponding security chip endorsement public key, and use the security chip endorsement public key to identify the platform identity The public key is decrypted to obtain a third decryption result. In an optional embodiment, the above identity information may include: an endorsement certificate of the security chip 501 encrypted by the first random number, and an encryption result is obtained [Cert_EK]_N1 The platform identity public key AIK generated by the security chip 501, the identity content information containing the chip identification of the security chip 501, I = [AIK, L, TID, PCA]_AIK ^-1 ; The user terminal 503U uses the first random number N1 to encrypt the result [Cert_EK]_N1 After decryption, the endorsement certificate Cert_EK is obtained, and the corresponding secure chip endorsement public key EK is obtained according to the endorsement certificate Cert_EK, and then the secure chip endorsement public key EK is used to decrypt the platform identity public key information AIK = [N1 || N2 || L]_EK ^-1 To obtain a third decryption result. If the security chip endorses the public key EK, the obtained third decryption result should include the first random number N1. According to the foregoing embodiment, since the user terminal 503 adds the first random number to the information set before sending the information set to the security chip 501, the security chip can be verified by verifying whether the first random number is included in the decrypted result. 501 is legal. In an optional embodiment, the user terminal 503 is further configured to verify whether the third decryption result includes the first random number; if the third decryption result includes the first random number, determine that the security chip 501 is a valid chip . Specifically, in the foregoing embodiment, after the user terminal 503 decrypts the endorsement certificate of the encrypted security chip according to the first random number to obtain the first decryption result, the user terminal 503 may verify whether the third decryption result includes the first random number to obtain the first decryption result. It is determined whether the security chip 501 is a legal chip. If the third decryption result includes the first random number, it is determined that the security chip 501 is a legal chip. Specifically, the user terminal can use the first random number N1 to encrypt the result [Cert_EK]_N1 After decryption, the endorsement certificate Cert_EK is obtained, and the corresponding secure chip endorsement public key EK is obtained according to the endorsement certificate Cert_EK, and then the secure chip endorsement public key EK is used to decrypt the platform identity public key information AIK = [N1 || N2 || L]_EK ^-1 To obtain a third decryption result. If the security chip endorses the public key EK, the obtained third decryption result should include the first random number N1. Through the above embodiment, the user process running on the user terminal 503 can be implemented to verify whether the security chip 501 is legal, and the security of communication is improved. In an optional embodiment, the above-mentioned user terminal 503 is further configured to encrypt the endorsement certificate of the security chip 501 by using the certificate public key provided by the third-party certificate server 505 to obtain the encryption result of the endorsement certificate; The server 505 sends the information to be verified. The information to be verified includes at least the following information: the encryption result of the endorsement certificate, the identity tag of the user process running on the user terminal 503, the identification information of the third-party certificate server 505, and the security chip 501. The identity content information of the chip identification and the platform identity public key of the security chip 501 generated based on the first random number and the second random number. Specifically, in the above embodiment, the third-party certificate server 505 is a trusted third-party platform; in the case where the user terminal 503 determines that the secure chip 501 is a legitimate chip according to the first decryption result, the user terminal 503 uses the third-party certificate The certificate public key provided by the server 505 encrypts the endorsement certificate of the security chip 501 to obtain the encrypted result of the endorsement certificate, and the encrypted result is combined with the identity tag of the user process running on the user terminal 503, the third-party certificate server 505, The identification information, the identity content information including the chip identification of the security chip 501, and the platform identity public key of the security chip 501 generated based on the first random number and the second random number are sent to the third-party certificate server 505. In an optional embodiment, the third-party certificate server 505 is further configured to use a certificate public key to encrypt a predetermined data set to generate an identity certificate, where the predetermined data set includes an identity tag of a user process and a security chip. 501 platform identity public key AIK, user process identity tag and identification information of third-party certificate server 505; use security chip endorsement public key EK to encrypt the identity certificate, and distribute the encrypted result to at least one user terminal 503 . Specifically, in the above embodiment, after the third-party certificate server 505 determines that the secure chip 501 provides a valid platform identity public-private key pair, the third-party certificate server 505 uses the certificate public key to identify the user process ’s identity tag and security chip. 501 ’s platform identity public key AIK, user process ’s identity tag, and third-party certificate server 505 ’s identity are encrypted to generate the corresponding identity certificate for the user process of user terminal 503, and the security chip is used to endorse the public key EK for identity The certificate is encrypted, and the encrypted result distribution identity certificate is sent to one or more user terminals 503.一种 In an optional embodiment, the user terminal 503 is further configured to receive the identity certificate and forward the identity certificate to the security chip 501. The security chip 501 is also used to endorse the private key EK with the security chip.^-1 Decrypt the encrypted identity certificate to obtain the identity certificate. In an optional embodiment, the security chip 501 is further configured to encrypt the identity certificate by using a first random number, and sends the encrypted result to the user terminal 503. The user terminal 503 is further configured to use a locally stored first The random number is decrypted to obtain the identity certificate. Embodiment 2 According to the embodiment of the present invention, an embodiment of a method for verifying information security is also provided. It should be noted that the steps shown in the flowchart of the figure can be implemented in a computer system such as a set of computer-executable instructions. Perform, and although the logical order is shown in the flowchart, in some cases, the steps shown or described may be performed in a different order than here.实施 The method embodiment provided in Embodiment 2 of this application may be executed in a mobile terminal, a computer terminal, or a similar computing device. FIG. 6 shows a block diagram of a hardware structure of a computer terminal for implementing a method for verifying information security. As shown in FIG. 6, the computer terminal 60 may include one or more (shown with 602a, 602b, ..., 602n in the figure) a processor 602 (the processor 602 may include but is not limited to a microprocessor MCU or a programmable A processing device such as a logic device FPGA), a memory 604 for storing data, and a transmission device 606 for a communication function. In addition, it can also include: display, input / output interface (I / O interface), universal serial bus (USB) port (can be included as one of the I / O interface ports), network interface , Power, and / or camera. Persons of ordinary skill in the art can understand that the structure shown in FIG. 6 is only schematic, and it does not limit the structure of the electronic device. For example, the computer terminal 60 may further include more or fewer components than those shown in FIG. 6, or have a different configuration from that shown in FIG. 6. It should be noted that the aforementioned one or more processors 602 and / or other data processing circuits may be generally referred to herein as "data processing circuits". The data processing circuit may be fully or partially embodied as software, hardware, firmware, or any other combination. In addition, the data processing circuit may be a single independent processing module, or all or part of the data processing circuit may be incorporated into any one of the other components in the computer terminal 60 (or mobile device). As mentioned in the embodiment of the present application, the data processing circuit is controlled as a processor (for example, selection of a variable resistance terminal path connected to an interface). The memory 604 can be used to store software programs and modules of application software, such as a program instruction / data storage device corresponding to the information security verification method in the embodiment of the present invention. The processor 602 runs the software program stored in the memory 604 And modules to perform various functional applications and data processing, that is, to achieve the above-mentioned information security verification method. The memory 604 may include high-speed random memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 604 may further include memory remotely disposed with respect to the processor 602, and these remote memories may be connected to the computer terminal 60 through a network. Examples of the above network include, but are not limited to, the Internet, an intranet, an intranet, a mobile communication network, and combinations thereof. The transmission device 606 is used to receive or transmit data via a network. A specific example of the aforementioned network may include a wireless network provided by a communication provider of the computer terminal 60. In one example, the transmission device 606 includes a network interface controller (NIC), which can be connected to other network devices through a base station so as to communicate with the Internet. In one example, the transmission device 606 may be a radio frequency (RF) module, which is used to communicate with the Internet in a wireless manner. The display may be, for example, a touch screen liquid crystal display (LCD), which may enable a user to interact with a user interface of the computer terminal 60. It should be noted here that, in some optional embodiments, the computer terminal shown in FIG. 6 may include hardware components (including circuits), software components (including computer code stored on a computer-readable medium), or A combination of both hardware and software components. It should be noted that FIG. 6 is only one example of a specific specific example, and is intended to illustrate the types of components that may be present in the computer terminal described above. It also needs to be explained here that in some embodiments, the computer terminal shown in FIG. 6 above has a touch display (also referred to as a “touch screen” or a “touch display screen”). In some embodiments, the computer terminal shown in FIG. 6 described above has a graphical user interface (GUI), and the user can perform human-computer interaction with the GUI by touching finger contacts and / or gestures on the touch-sensitive surface. Machine-to-machine interactive options include the following interactions: creating web pages, drawing, word processing, making electronic documents, games, video conferences, instant messaging, sending and receiving emails, calling interfaces, playing digital videos, playing digital music, and / or web browsing Etc. The executable instructions for performing the human-computer interaction function are configured / stored in a computer program product or a readable storage medium executable by one or more processors. In an alternative embodiment, FIG. 7 shows a block diagram of an embodiment using the computer terminal shown in FIG. 6 as the sending end. As shown in FIG. 7, the computer terminal 701 may be connected to one or more servers 703 via a data network connection or electronically. In an optional embodiment, the computer terminal 701 may be any mobile computing device or the like. The data network connection can be a LAN connection, a WAN connection, an Internet connection, or other types of data network connections. The computer terminal 701 can execute to connect to a network service performed by a server or a group of servers. Web servers are web-based user services such as social networks, cloud resources, email, online payments, or other online applications. It is easy to note that the block diagram of the hardware structure shown in FIG. 6 can be used not only as an exemplary block diagram of the computer terminal 701 described above, but also as an exemplary block diagram of the server 703 described above. In the above-mentioned operating environment, this application provides a method for verifying information security as shown in FIG. 8. FIG. 8 is a flowchart of an information security verification method according to an embodiment of the present invention. As shown in FIG. 8, the method includes the following steps: Step S802: The user terminal sends the encrypted information set to the security chip. The information set may be At least: a first random number. Specifically, in the above steps, the user terminal may be a terminal device such as a computer, a notebook computer, a tablet computer, or a mobile phone used for communication. The user process may be a process that the user runs on the user terminal. Once the user process is generated, The security chip will generate the corresponding platform identity key pair for the user process, the user process obtains the platform identity public key, and the user process's platform identity private key remains inside the security chip; the above security chip can be used for computing operations The trusted platform module for security protection is a device that can independently generate, encrypt and decrypt keys. It has an independent processor and storage unit inside, which can store keys and characteristic data, and provide encryption and security authentication for terminal equipment. Services; use security chip for encryption, the key is stored in hardware, the stolen data cannot be decrypted, thereby protecting business privacy and data security; the above information set is the user terminal (actually the user process running on the user terminal) Contains the identity tag of the user process and a trusted third-party PCA It should be noted that in the implementation of this application, the first random number is added to the information set. Therefore, the above information set may include the identity tag of the user process, trusted third-party PCA information, and the first random number. The user process encrypts the information set before sending it to the security chip. In an optional embodiment, it is assumed that the user process U, the security chip T, and the trusted third-party PCA running on the user terminal have obtained the security chip endorsement public key EK before the identity key and the identity certificate interact, and the user terminal can use The security chip endorses the public key EK to encrypt the information set [L, PCA, N1], where L is the identity tag of the user process U, PCA is the trusted third-party information, and N1 is the first random number. What needs to be explained here is that, in the above embodiment, the platform EK public key contains the unique identification information of the security chip T, which can facilitate subsequent user processes U to verify the legality of the security chip T; the platform EK public key is used Encrypting the information set [L, PCA, N1] can protect the identity expression L of the identity process. In addition, because a set of random numbers N1 is added, N1 can be used to protect the transmitted security chip endorsement certificate Cert_EK. Step S804, the user terminal receives the identity data returned by the security chip, where the identity data includes: an endorsement certificate of the security chip encrypted using the first random number, identity content information including the chip identification of the security chip, and the security chip as the user terminal The platform identity public key generated by a user process running on. Specifically, in the above steps, after the user terminal sends the encrypted information set to the security chip, the security chip receives the encrypted information set sent by the user terminal and decrypts it to obtain the identity tag of the user process running on the user terminal. , Trusted third-party PCA information, and the first random number; and generating a second random number, using the first random number, the second random number, and the private key endorsed by the security chip inside the security chip to generate a platform identity public and private key pair for the user terminal, The platform identity private key is kept in the security chip, and the platform identity public key is sent to the user process. At the same time, the endorsement certificate of the security chip encrypted with the first random number and the identity content information including the chip identification of the security chip are also sent. To the user process. In an optional embodiment, the user process U encrypts the information set using the security chip endorsement public key EK as an example. The security chip receives the information set encrypted by the security chip endorsement public key EK [L, PCA, N1 ]_EK Then, first, endorsing the private key EK with a security chip^-1 Decrypt the received information set [L, PCA, N1]_EK To obtain the identity tag L of the user process running on the user terminal, the trusted third-party PCA information, and the first random number N1; then, the security chip generates a second random number N2, which is based on N1, N2, and EK^-1 Generate platform identity public and private key pair AIK, AIK for user process U^-1 , Where AIK = [N1 || N2 || L]_EK ^-1 , AIK^-1 Remain in the chip; then, the security chip T calculates the identity content information through calculation I = [AIK, L, TID, PCA]_AIK ^-1 And the endorsement certificate of the security chip encrypted with the first random number N1 [Cert_EK]_N1 ; Finally, the security chip T will use the first random number to encrypt the endorsement certificate of the security chip [Cert_EK]_N1 The platform identity public key AIK based on the user process generated based on the first random number and the second random number, and the identity content information I including the chip identification of the security chip are transmitted to the user terminal. (Step S806) The user terminal decrypts the identity data according to the first random number to obtain a first decryption result, where the first decryption result includes: decrypting the encrypted endorsement certificate, and / or decrypting identity content information. Specifically, in the above steps, after receiving the identity data returned by the security chip, the user terminal uses the first random number to decrypt the endorsement certificate of the security chip encrypted using the first random number to obtain the endorsement certificate of the security chip. In an optional embodiment, the above identity information may include: an endorsement certificate of a security chip encrypted by a first random number, and an encryption result is obtained [Cert_EK]_N1 The platform identity public key AIK generated by the security chip for the user process running on the user terminal, and the identity content information containing the chip identification of the security chip I = [AIK, L, TID, PCA]_AIK ^-1 , Where T_ID The uniqueness of the security chip T can be identified, and T_ID Binding with the user terminal's identity tag L as part of the platform identity information of the user process U resolves the binding of the process request identity and the trusted chip platform identity. After receiving the identity data returned by the security chip T, the user process U uses the first random number N1 to encrypt the identity data in the identity data [Cert_EK]_N1 After decryption, the endorsement certificate Cert_EK can be obtained. (Step S808) The user terminal determines whether the security chip is a legal chip according to the first decryption result. Specifically, in the above steps, the user process running on the user terminal uses the first random number to decrypt the identity data to obtain the first decryption result, and then verifies whether the security chip is a legitimate chip. In an optional implementation, in The first random number is used to decrypt the endorsement certificate of the security chip encrypted using the first random number. After the endorsement certificate of the security chip is obtained, the corresponding endorsement public key of the security chip is obtained by using the endorsement certificate. The platform identity public key is used for decryption. If the decrypted result contains the first random number, the security chip is a legitimate chip. In an optional embodiment, the user process U on the user terminal uses the first random number N1 pair [Cert_EK]_N1 After decryption, the endorsement certificate Cert_EK is obtained, and the corresponding secure chip endorsement public key EK is obtained according to the endorsement certificate Cert_EK, and the secure chip endorsement public key EK is used to decrypt the platform identity public key information AIK = [N1 || N2 || L]_EK ^-1 , If the decrypted result information includes the first random number N1, and the identity content information contains T_ID Information and Cer_Secure chip endorsement certificate Cert_EK contains T_ID If the information is consistent, AIK and I are considered to be legitimate T platform ID public keys and identity content information sent to their own, the process continues, otherwise it will terminate. It can be known from the above that, in the above embodiment of the present application, before the user terminal (actually a user process running on the user terminal) sends the information set to the security chip, the information set is encrypted by the security chip endorsement public key; the security chip After receiving the encrypted information set sent by the user process, the corresponding private key is used to decrypt the encrypted information set. Since the first random number is added to the information set, the security chip uses the first random number to endorse the endorsed certificate. After encryption, it is sent to the user process, and at the same time, the identity content information including its chip identification and the platform identity public key generated based on the first random number and the second random number (random number generated inside the security chip) are sent to the user process; the user; After receiving the encrypted endorsement certificate returned by the security chip, the identity content information containing the chip identification, and the platform identity public key, the process uses the first random number to decrypt, and determines whether the security chip is legitimate according to the decrypted decryption result Of wafers. Through the solutions disclosed in the above embodiments, the purpose of credibility verification between the user process on the user terminal and the security chip is achieved, thereby achieving the technical effect of improving information security in the communication process. Therefore, the foregoing embodiment of the present application solves the technical problem that the user processes running on the user terminal in the prior art do not perform legality verification on the identity of both parties when interacting with the security chip. In an optional embodiment, the user terminal sending the encrypted information set to the security chip may include: Step S801, the user terminal encrypts the information set by using the security chip endorsement public key EK, wherein the information set further includes: The identification information of the user process running on the user terminal and the information of the third-party certificate server. Specifically, in the above embodiments, the public key EK endorsed by the security chip may be a platform identity public key used in the distribution process of the platform identity key and identity certificate based on the TCG specification; the identity of the user process running on the user terminal The information can be the identity tag of the user terminal, and the information of the third-party certificate server can be the information of the trusted third-party platform. In an optional embodiment, it is assumed that the user process U, the security chip T, and the trusted third-party PCA are on the platform. Before the identity key and identity certificate are interacted, the platform security chip endorses the public key EK. Before the user terminal sends the encrypted information set to the security chip, the user can first use the security chip endorsement public key EK to communicate the information set [L, PCA N1] encryption, where L is the identity tag of the user terminal, PCA is the information of the third-party certificate server, N1 is the first random number, and a randomly generated number generated by the user process U. In an optional embodiment, before the user terminal receives the identity data returned by the security chip, as shown in FIG. 9, the above method may further include: Step S902, the security chip uses the security chip endorsement corresponding to the security chip endorsement public key. The private key decrypts the encrypted information set to obtain the information set; Step S904, after obtaining the second random number, the security chip generates the platform identity of the user process based on the information set, the second random number, and the private key endorsed by the security chip. Key, platform identity private key and identity content information, and use the first random number to encrypt the endorsement certificate of the security chip; Step S906, the security chip sends at least the following information to the user terminal: identity content information, encrypted endorsement certificate and Platform identity public key. Specifically, in the above embodiment, after the user terminal sends the encrypted information set to the security chip, the security chip receives the encrypted information set sent by the user terminal, and can use the security chip corresponding to the security chip endorsement public key EK Endorsement private key EK^-1 Decrypting the encrypted information set to obtain the identity tag of the user process running on the user terminal, trusted third-party PCA information, and a first random number generated by the user process U running on the user terminal; and generating a second random number, Endorses the private key EK using the first random number, the second random number, and the secure chip inside the secure chip^-1 Generate platform identity public and private key pairs for user processes running on user terminals, that is, the platform identity public key AIK and platform identity private key AIK of the user process^-1 Among them, the platform identity private key AIK^-1 Retained in the security chip, the platform identity public key AIK is sent to the user terminal, and the endorsement certificate and identity content information of the security chip encrypted with the first random number is also sent to the user terminal. What needs to be explained here is that the identity content includes the chip identification of the security chip. As can be seen from the background of this application, in the existing platform identity key and certificate distribution process, the security chip T sends the signed signature to the user process U. Identity content information I = [AIK, L, PCA] AIK^-1 In the embodiment of the present application, the identity content information I = [AIK, L, TID, PCA] obtained by the security chip T is calculated, where T_ID Unique identification for security chip. Through the above embodiment, the security chip uses the first random number, the second random number, and the security chip endorsement private key EK inside the security chip^-1 Generate the platform identity public key AIK of the user process, which can facilitate the subsequent user process to verify the security chip. The security chip uses T_ID It is used to identify the uniqueness of the trusted chip T and bind it with L as part of the platform identity information of the user U process, which solves the binding of the user process request identity and the trusted chip platform identity. In an optional embodiment, as shown in FIG. 10, the user terminal decrypts the identity data according to the first random number to obtain the first decryption result, which may include the following steps: Step S102, the encrypted random number is encrypted by using the first random number. The endorsement certificate is decrypted to obtain the endorsement certificate; Step S104, the security chip endorsement public key is obtained according to the endorsement certificate, and the legitimacy of the endorsement certificate is verified; Step S106, the security chip endorsement public key is used to decrypt the platform identity public key to obtain a third Decrypt the result. Specifically, in the above embodiment, the first random number may be a randomly generated number generated by a user process U running on the user terminal; after receiving the identity data returned by the security chip, the user terminal uses the first random number pair to use The first random number is encrypted and the endorsement certificate of the security chip is decrypted to obtain the endorsement certificate of the security chip. The endorsement certificate is used to obtain the corresponding security chip endorsement public key. The security chip endorsement public key is used to decrypt the platform identity public key to obtain the first Three decryption results. In an optional embodiment, the above identity information may include: an endorsement certificate of a security chip that encrypts the first random number for encryption, and obtains the encryption result [Cert_EK]_N1 The platform identity public key AIK generated by the security chip for the user process running on the user terminal, and the identity content information containing the chip identification of the security chip I = [AIK, L, TID, PCA]_AIK ^-1 ; User process U uses the first random number N1 to encrypt the result [Cert_EK]_N1 After decryption, the endorsement certificate Cert_EK is obtained, and the corresponding secure chip endorsement public key EK is obtained according to the endorsement certificate Cert_EK, and then the secure chip endorsement public key EK is used to decrypt the platform identity public key information AIK = [N1 || N2 || L]_EK ^-1 To obtain a third decryption result. If the security chip endorses the public key EK, the obtained third decryption result should include the first random number N1. According to the above embodiment, since the user terminal adds a first random number to the information set before sending the information set to the security chip, it is possible to verify whether the security chip is legal by verifying whether the first random number is included in the decrypted result. . In an optional embodiment, as shown in FIG. 11, the user terminal determines whether the secure chip is a legitimate chip according to the first decryption result, which may include the following steps: Step S112, verifying whether the third decryption result includes the first random Step S114: If the third decryption result includes the first random number, determine that the security chip is a legitimate chip. Specifically, in the above-mentioned embodiment, the user terminal endorses the certificate of the security chip encrypted according to the first random number [Cert_EK]_N1 After the decryption is performed to obtain the first decryption result, it is possible to determine whether the secure chip is a legitimate chip by verifying whether the third decryption result contains the first random number. If the third decryption result contains the first random number, it is determined that the secure chip is Legal chip. Specifically, the user terminal can use the first random number N1 to encrypt the result [Cert_EK]_N1 After decryption, the endorsement certificate Cert_EK is obtained, and the corresponding secure chip endorsement public key EK is obtained according to the endorsement certificate Cert_EK, and then the secure chip endorsement public key EK is used to decrypt the platform identity public key information AIK = [N1 || N2 || L]_EK ^-1 To obtain a third decryption result. If the security chip endorses the public key EK, the obtained third decryption result should include the first random number N1. Through the above embodiment, the user process of the user terminal can be implemented to verify whether the security chip is legal, and the security of communication is improved. In an optional embodiment, the above method may further include: Step S116, if the third decryption result includes the first random number, and the chip identifier included in the identity content information is consistent with the chip identifier recorded in the endorsement certificate, then Determine that the security chip is a legitimate chip. Specifically, in the above embodiment, based on the embodiment of the present application, since the security chip includes the chip identifier in the identity content information returned to the user terminal, it is possible to determine the chip identifier and the chip content included in the identity content information in the decryption result. Whether the chip identification recorded in the endorsement certificate is consistent to determine whether the security chip is a legitimate one. Through the above embodiments, the binding for the process request identity and the identity of the secure chip platform can be achieved. By determining whether the chip identification included in the identity content information in the decryption result is consistent with the chip identification recorded in the endorsement certificate, the user terminal can be determined. Whether the received platform identity public key information and identity information content comes from a legitimate security chip, further improving communication security. In an optional embodiment, as shown in FIG. 12, after the user terminal determines whether the secure chip is a legitimate chip according to the first decryption result, the above method may further include the following steps: Step S122, the user terminal uses a third-party certificate The certificate public key provided by the server encrypts the endorsement certificate of the security chip to obtain the encryption result of the endorsement certificate; Step S124, the user terminal sends the information to be verified to the third-party certificate server. The information to be verified includes at least the following information: Endorsement The encryption result of the certificate, the identity tag of the user process running on the user terminal, the identification information of the third-party certificate server, the identity content information of the chip identification containing the security chip, and the user generated based on the first random number and the second random number The platform identity public key of the process. Specifically, in the above embodiment, the third-party certificate server is a trusted third-party platform; in a case where the user terminal determines that the security chip is a legitimate chip according to the first decryption result, the user terminal uses the The public key of the certificate encrypts the endorsement certificate of the security chip to obtain the encryption result of the endorsement certificate, and the encryption result and the identity tag of the user process running on the user terminal, the identification information of the third-party certificate server, The identity content information of the chip identification and the platform identity public key of the user process generated based on the first random number and the second random number are sent to a third-party certificate server. In an optional embodiment, as shown in FIG. 13, after the user terminal sends the information to be verified to the third-party certificate server, the above method may further include the following steps: Step S132, the third-party certificate server uses the certificate The certificate private key corresponding to the public key decrypts the encrypted result of the endorsement certificate to obtain a fourth decryption result. The fourth decryption result includes the endorsement certificate of the security chip, the identity tag L of the user process, and the security chip endorsement company. Step S134, the third-party certificate server uses the security chip endorsement public key to decrypt the platform identity public key of the user process to obtain the identity tag of the user process, and uses the platform identity public key of the user process to decrypt the identity content information, Obtain decryption information; Step S136, if the chip identification contained in the decryption information is consistent with the chip identification recorded in the endorsement certificate, and / or the identity tag of the user process included in the decryption information is consistent with the identity label recorded in the endorsement certificate, the third party The certificate server determines the platform body of the user process A public-private key pair is generated by a legitimate security chip. Specifically, in the above embodiment, the user terminal sends the encryption result of the endorsement certificate to the third-party certificate server, the identity tag of the user process running on the user terminal, the identification information of the third-party certificate server, and the security chip containing the security chip. After the identity content information of the chip identification and the platform identity public key of the user process generated based on the first random number and the second random number, the third-party certificate server uses the certificate private key corresponding to the certificate public key to encrypt the endorsed certificate. The result is decrypted to obtain the security chip endorsement certificate, the user process's identity tag L, and the security chip endorsement public key EK of the security chip. Then, the third-party certificate server uses the security chip endorsement public key EK of the security chip to the platform of the user process. The identity public key AIK is decrypted to obtain the identity tag L of the user process U, and the identity content information of the user process UAI is used to decrypt the identity content information to obtain the corresponding decryption information. If the decrypted information contains the chip identification and endorsement certificate The chip identification recorded in the Consistent with the endorsement certificate user identity tag in the process of recording the identity of the label is determined to provide security chip user process to run on the user terminal U provides a legal platform identity public and private key pairs. In an optional embodiment, the user terminal uses the certificate public key PK (PCA) provided by the third-party certificate server to encrypt the endorsement certificate of the security chip to obtain the encryption result of the endorsement certificate [Cert_EK]_{PK (PCA)} And send the following information to a third-party certificate server (ie, a trusted third-party PCA): Encrypted result of endorsement certificate [Cert_EK]_{PK (PCA)} , The identity tag L of the user process, the identity information PCA of the third-party certificate server, the identity content information I containing the chip identification of the security chip, and the platform identity public key of the user process based on the first random number and the second random number AIK. After receiving the above information, the third-party certificate server uses the certificate private key SK (PCA) corresponding to the certificate public key PK (PCA) to decrypt the encrypted result information of the endorsement certificate [Cert_EK, L] PK (PCA) to obtain the endorsement certificate Cert_EK , The identity tag L of the user process, and the public key EK endorsed by the security chip, and the platform identity public key AIK of the user process is decrypted using the public key EK of the security chip to obtain the identity tag L of the user process, and the public key EK of the security chip is used to decrypt the decryption. The obtained identity tag L of the user process and the encryption result information [Cert_EK, L] PK (PCA) obtained by using the certificate private key SK (PCA) to decrypt the endorsement certificate are consistent, and the platform identity public key AIK is used to decrypt the platform identity Chip ID T obtained from content information I_ID T in endorsement certificate Cert_EK_ID Whether they are consistent to determine the platform identity public key AIK and platform identity private key AIK^-1 Whether it comes from a platform identity public-private key pair generated by a legitimate security chip for the user process. Through the above embodiments, the validity of the platform identity public and private key pair provided by the security chip for the user process is verified. In an optional embodiment, as shown in FIG. 14, after the third-party certificate server determines that the platform identity public and private key pair of the user process is generated by a legitimate security chip, the above method may further include the following steps: ： Step S142, The third-party certificate server uses the certificate public key to encrypt a predetermined data set to generate an identity certificate. The predetermined data set includes: the user process ’s identity tag, the user process ’s platform identity public key, the user process ’s identity tag, and the first Identification information of the three-party certificate server; Step S144, the third-party certificate server uses the security chip endorsement public key to encrypt the identity certificate, and distributes the encrypted result to the at least one user terminal. Specifically, in the above embodiment, after the third-party certificate server determines that the platform identity public and private key pair of the user process is generated by a legitimate security chip, the third-party certificate server uses the certificate public key to identify the user process ’s identity tag, user, and user. The platform identity public key AIK of the process, the identity tag of the user process, and the identity of the third-party certificate server are encrypted to generate the corresponding identity certificate for the user process of the user terminal, and the identity certificate is endorsed by the security chip's public key EK Encrypt and send the encrypted result distribution identity certificate to one or more user terminals. In an optional embodiment, as shown in FIG. 15, after the third-party certificate server distributes the identity certificate to at least one user terminal, the above method may further include the following steps: Step S152, the user terminal receiving the identity certificate will The identity certificate is forwarded to the security chip; Step S154, the security chip decrypts the encrypted identity certificate using the private key endorsed by the security chip to obtain the identity certificate. Specifically, in the above embodiment, after the third-party certificate server distributes the identity certificate to at least one user terminal, the user terminal forwards the received identity certificate to the security chip, and the security chip uses the security chip to endorse the private key EK.^-1 Decrypt the encrypted identity certificate to obtain the identity certificate. In an optional embodiment, as shown in FIG. 15, after the security chip decrypts the encrypted identity certificate using the secure chip endorsement private key to obtain the identity certificate, the above method may further include: Step S156, the security chip adopts The first random number encrypts the identity certificate and sends the encrypted result to the user terminal, so that the user terminal decrypts the first random number stored locally to obtain the identity certificate. Specifically, in the above embodiment, the secure chip is used to endorse the private key EK on the secure chip.^-1 Decrypt the encrypted identity certificate, obtain the identity certificate, and then use the first random number to encrypt the identity certificate, and send the encrypted identity certificate to the user terminal. After receiving the encrypted identity certificate, the user terminal uses the The first random number is decrypted to obtain a corresponding identity certificate. As a preferred embodiment, the foregoing embodiment of the present application can be described in conjunction with FIG. 16, which is a schematic diagram of an optional platform identity key and certificate distribution process according to an embodiment of the present invention, as shown in FIG. 16, including the following Steps: Step S162, the user process U running on the user terminal sends the encrypted information set to the security chip T [L, PCA, N1]_EK . Specifically, in the above steps, it is assumed that the user process U, the security chip T, and the trusted third-party PCA running on the user terminal have obtained the platform EK public key before the identity key and the identity certificate interact, and the user terminal can use the security chip The endorsement public key EK encrypts the information set [L, PCA, N1], where L is the identity tag of the user terminal, PCA is the trusted third-party information, and N1 is the first random number; the user terminal can use the security chip to endorse the public key EK encrypts the information set [L, PCA, N1] after encrypting it_EK Send to security chip T. Step S164, the security chip T sends an encrypted endorsement certificate to the user process U running on the user terminal [Cert_AIK]_N1 , Public key AIK, signed identity content I, where I = [AIK, L, T_ID , PCA]_AIK ^-1 . Specifically, in the above steps, the security chip T receives the encrypted information set sent from the user process U of the user terminal [L, PCA, N1]_EK Then, first, endorsing the private key EK with a security chip^-1 Decrypt the received information set [L, PCA, N1]_EK To obtain the identity tag L of the user process running on the user terminal, the trusted third-party PCA information, and the first random number N1; then, the security chip generates a second random number N2, which is based on N1, N2, and EK^-1 Generate identity platform identity public and private key pair AIK, AIK for U^-1 , Where AIK = [N1 || N2 || L]_EK ^-1 , AIK^-1 Remain in the chip; then, the security chip T calculates the identity content information through calculation I = [AIK, L, TID, PCA]_AIK ^-1 And the endorsement certificate of the security chip encrypted with the first random number N1 [Cert_EK]_N1 ; Finally, the security chip T will use the first random number to encrypt the endorsement certificate of the security chip [Cert_EK]_N1 The platform identity public key AIK based on the user process generated based on the first random number and the second random number, and the identity content information I including the chip identification of the security chip are transmitted to the user terminal. (Step S166) The user process U running on the user terminal verifies the legality of the security chip. Specifically, in the above steps, the user process U on the user terminal uses the first random number N1 to decrypt the identity data returned by the security chip. The identity data includes: the endorsement certificate of the security chip encrypted with the first random number [Cert_EK ]_N1 , The platform identity public key AIK of the user process generated based on the first random number N1 and the second random number N2, and the identity content information of the chip identification containing the security chip I = [AIK, L, T_ID , PCA]_AIK ^-1 , Where T_ID Can identify the uniqueness of the security chip T; after decrypting the identity information to obtain the endorsement certificate Cert_EK, after obtaining the corresponding security chip endorsement public key EK according to the endorsement certificate Cert_EK, use the security chip endorsement public key EK to decrypt the platform identity public key information AIK = [N1 || N2 || L]_EK ^-1 , If the decrypted result information includes the first random number N1, and the identity content information contains T_ID Information and Cer_Secure chip endorsement certificate Cert_EK contains T_ID If the information is consistent, AIK and I are considered to be legitimate T platform ID public keys and identity content information sent to their own, the process continues, otherwise it will terminate. Step S168, the user process U sends [Cert_EK, L] to the trusted third-party PCA _PK _(PCA) , Public key AIK, designated trusted third-party PCA, and signed identity content I. Specifically, in the above steps, the user terminal uses the certificate public key PK (PCA) provided by the third-party certificate server to encrypt the endorsement certificate of the security chip to obtain the encryption result of the endorsement certificate [Cert_EK]_{PK (PCA)} And send the following information to a third-party certificate server (ie, a trusted third-party PCA): Encrypted result of endorsement certificate [Cert_EK]_{PK (PCA)} , The identity tag L of the user process, the identity information PCA of the third-party certificate server, the identity content information I containing the chip identification of the security chip, and the platform identity public key of the user process based on the first random number and the second random number AIK. After receiving the above information, the third-party certificate server executes the following steps: ① Use the certificate private key SK (PCA) corresponding to the certificate public key PK (PCA) to decrypt the encrypted result information of the endorsement certificate [Cert_EK, L] PK (PCA) To obtain the endorsement certificate Cert_EK, the identity tag L of the user process, and the security chip endorsement public key EK, and the legitimacy of the endorsement certificate Cert_EK can be verified through SK (MF); Key AIK to obtain the identity tag L of the user process, determine whether the identity tag L of the user process decrypted using the security chip endorsed the public key EK and step ① to obtain the identity tag L are consistent, and use the platform identity public key AIK to decrypt the platform identity content information I, if the decrypted wafer ID T_ID T in endorsement certificate Cert_EK_ID Consistent and contains consistent L and T_ID The platform identity public key AIK and platform identity private key AIK^-1 The platform identity public and private key pair generated by the legitimate security chip for the user process; ③ If steps ① and ② are reasonable, the process continues, otherwise it terminates. Step S170, the trusted third-party PCA encrypts the packet [Cert_AIK]_EK Return to user process U. Specifically, in the above steps, the trusted third-party PCA (third-party certificate server) uses the certificate public key to identify the identity tag of the user process, the platform identity public key AIK of the user process, the identity tag of the user process, and the third-party certificate server. The information such as the identification of the device is encrypted to generate the corresponding identity certificate for the user process of the user terminal, and the identity certificate is encrypted using the security chip endorsement public key EK, and the encryption result is distributed to the user who sends the identity certificate to one or more user terminals. Process U. Step S172, the user process U sends an encrypted packet using the EK to the security chip [Cert_AIK]_EK . Specifically, in the above steps, after the third-party certificate server distributes the identity certificate to at least one user terminal, the user terminal forwards the received identity certificate to the security chip, and the security chip uses the security chip to endorse the private key EK^-1 Decrypt the encrypted identity certificate to obtain the identity certificate. Step S174, the security chip T sends [Cert_AIK] to the user process U_N1 . Specifically, in the above steps, the secure chip is used to endorse the private key EK on the secure chip.^-1 After decrypting the encrypted identity certificate, after obtaining the identity certificate, the identity certificate is encrypted by using the first random number, and the encrypted identity certificate is sent to the user terminal. Step S176, the user process U running on the user terminal decrypts the received [Cert_AIK]_N1 . Specifically, in the above steps, after receiving the encrypted identity certificate, the user terminal uses the first random number to decrypt it to obtain a corresponding identity certificate. The above embodiment of the present application discloses a method for distributing a trusted platform identity key and certificate, that is, using a randomly generated session key to determine the legitimacy of a user process, and using a security chip to endorse the public key and the EK platform identity public and private key pair to determine The legitimacy of the trusted security chip; the random session key and the security chip endorsed the public key EK platform identity public and private key pair to jointly prevent platform identity keys and man-in-the-middle attacks during certificate issuance, and disguise the identity certificate attack. Through the solutions disclosed in the above embodiments of the present application, the following technical effects can be achieved: (1) The authenticity of the interactive entity is not required to be verified by means of a password preset by the user and a real-time dynamic verification code; the distribution process of the password and the dynamic verification code is avoided. It is easy to intercept and leak; the acquisition and input of dynamic verification codes bring inconvenience to the user; the security of the platform where the user is located is not considered. (2) Compared with TCG (Trusted Computing Organization), which adopts trusted computing technology, the solution provided in the embodiment of this application pays attention to the verification of the platform identity key. (3) Compared with the remote certification protocol based on Privacy CA, the solution provided in the embodiment of this application confirms the legitimacy of the identity of both parties in the process of obtaining the identity key from the security chip by the user process and obtaining the identity certificate from the PCA. Avoid the imagination of man-in-the-middle attacks in the process of obtaining identity keys and identity certificates; in addition, when users apply for a certificate from PCA, verify whether the process comes from a trusted security chip platform, making many platforms without security chips cheat verification In order to obtain a legal identity certificate, or through a controlled and trusted platform to obtain a legal identity certificate. It should be noted that, for the foregoing method embodiments, for simplicity of description, they are all described as a series of action combinations, but those skilled in the art should know that the present invention is not limited by the described action order. Because according to the present invention, certain steps may be performed in another order or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present invention. Through the description of the above embodiments, those skilled in the art can clearly understand that the information security verification method according to the above embodiments can be implemented by means of software plus the necessary universal hardware platform. Of course, it can also be implemented by hardware. But in many cases the former is a better implementation. Based on such an understanding, the technical solution of the present invention is essentially or part that contributes to the existing technology can be embodied in the form of a software product. The computer software product is stored in a storage medium (such as ROM / RAM, magnetic disk, optical disk). ) Includes a number of instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to execute the methods described in the embodiments of the present invention. Embodiment 3 According to an embodiment of the present invention, an apparatus embodiment for implementing the above information security verification method is also provided. FIG. 17 is a schematic diagram of an information security verification apparatus according to an embodiment of the present invention, as shown in FIG. 17, The device includes a first sending module 171, a receiving module 173, a first decryption module 175, and a first determining module 177. The first sending module 171 is used for the user terminal to send the encrypted information set to the security chip. The information set includes: the first random number; and the receiving module 173 is used for the user terminal to receive the identity returned by the security chip. Data, wherein the identity data includes: an endorsement certificate of the security chip encrypted using the first random number, the identity content information including the chip identification of the security chip, and the platform identity public key of the user process; the first decryption module 175, The user terminal decrypts the identity data according to the first random number to obtain a first decryption result, where the first decryption result includes: decrypting the encrypted endorsement certificate, and / or decrypting identity content information; the first determining mode Group 177 is used by the user terminal to determine whether the security chip is a legal chip according to the first decryption result. It should be noted here that the above-mentioned first sending module 171, receiving module 173, first decrypting module 175, and first determining module 177 may correspond to steps S802 to S808 in the second embodiment. The examples and application scenarios implemented by the group and the corresponding steps are the same, but are not limited to the content disclosed in the above embodiment 2. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment. It can be known from the above that, in the above embodiment of the present application, before the user terminal (actually a user process running on the user terminal) sends the information set to the security chip, the information set is encrypted by the security chip endorsement public key; the security chip After receiving the encrypted information set sent by the user process, the corresponding private key is used to decrypt the encrypted information set. Since the first random number is added to the information set, the security chip uses the first random number to endorse the endorsed certificate. After encryption, it is sent to the user process, and at the same time, the identity content information including its chip identification and the platform identity public key generated based on the first random number and the second random number (random number generated inside the security chip) are sent to the user process; the user; After receiving the encrypted endorsement certificate returned by the security chip, the identity content information containing the chip identification, and the platform identity public key, the process uses the first random number to decrypt, and determines whether the security chip is legitimate according to the decrypted decryption result Of wafers. Through the solutions disclosed in the above embodiments, the purpose of credibility verification between the user process on the user terminal and the security chip is achieved, thereby achieving the technical effect of improving information security in the communication process. Therefore, the foregoing embodiment of the present application solves the technical problem that the user processes running on the user terminal in the prior art do not perform legality verification on the identity of both parties when interacting with the security chip. In an optional embodiment, the first sending module includes: a first encryption module for a user terminal to encrypt the information set by using a public key endorsed by a secure chip, wherein the information set further includes: running on the user terminal User process identification information and third-party certificate server information. It should be noted here that the above-mentioned first encryption module may correspond to step S801 in Embodiment 2. This module is the same as the example and application scenario implemented by the corresponding steps, but is not limited to the one disclosed in Embodiment 2 above. content. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment.一种 In an optional embodiment, the above-mentioned device further includes: a second decryption module for the security chip to use the security chip endorsement private key EK corresponding to the security chip endorsement public key EK^-1 Decrypt the encrypted information set to obtain the information set; the second encryption module is used to secure the endorsement private key EK according to the information set, the second random number, and the security chip after obtaining the second random number^-1 Generate the platform identity public key AIK and platform identity private key AIK of the user process^-1 And identity content information, and use the first random number to encrypt the endorsement certificate of the security chip; the second sending module is used for the security chip to send at least the following information to the user terminal: identity content information, encrypted endorsement certificate and platform Identity public key AIK. What needs to be explained here is that the above-mentioned second decryption module, second encryption module, and second sending module may correspond to steps S902 to S906 in Embodiment 2. The three modules and the corresponding steps are implemented by The examples and application scenarios are the same, but are not limited to the content disclosed in the above embodiment 2. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment. In an optional embodiment, the first decryption module includes: a third decryption module, configured to decrypt the encrypted endorsement certificate using the first random number to obtain the endorsement certificate; and a first verification module, which uses The public key of the security chip endorsement is obtained according to the endorsement certificate, and the legitimacy of the endorsement certificate is verified; the fourth decryption module is used to decrypt the platform identity public key by using the security chip endorsement public key to obtain a third decryption result. It should be noted here that the third decryption module, the first verification module, and the fourth decryption module may correspond to steps S102 to S106 in Embodiment 2. The three modules and the corresponding steps are implemented by The examples and application scenarios are the same, but are not limited to the content disclosed in the above embodiment 2. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment. In an optional embodiment, the first determining module includes: a second verification module for verifying whether the third decryption result includes the first random number; and a second determination module for if the third decryption If the result includes the first random number, the security chip is determined to be a legitimate chip. It should be noted here that the second verification module and the second determination module may correspond to steps S112 to S114 in Embodiment 2. The two modules are the same as the examples and application scenarios implemented by the corresponding steps. However, it is not limited to the content disclosed in the second embodiment. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment. In an optional embodiment, the above device further includes: a third determining module, configured to: if the third decryption result includes the first random number, and the chip identification included in the identity content information and the chip recorded in the endorsement certificate If the marks are consistent, the security chip is determined to be a legitimate chip. What needs to be explained here is that the third determination module may correspond to step S116 in Embodiment 2. This module is the same as the example and application scenario implemented by the corresponding steps, but is not limited to the one disclosed in Embodiment 2 above. content. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment. In an optional embodiment, the above device further includes: a third encryption module, which is used by the user terminal to encrypt the endorsement certificate of the security chip by using the public key of the certificate provided by the third-party certificate server to obtain the encryption result of the endorsement certificate. A third sending module, which is used for the user terminal to send the information to be verified to the third-party certificate server. The information to be verified includes at least the following information: the encryption result of the endorsement certificate, the identity tag of the user process running on the user terminal, the first The identification information of the three-party certificate server, the identity content information including the chip identification of the security chip, and the platform identity public key of the user process generated based on the first random number and the second random number. It should be noted here that the third encryption module and the third sending module may correspond to steps S122 to S124 in Embodiment 2. The four modules and the corresponding steps implement the same instances and application scenarios. However, it is not limited to the content disclosed in the second embodiment. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment. In an optional embodiment, the above device further includes: a fifth decryption module for a third-party certificate server to decrypt the encrypted result of the endorsed certificate by using the certificate private key corresponding to the certificate public key to obtain a fourth decryption. As a result, the fourth decryption result includes: the endorsement certificate of the security chip, the identity tag L of the user process, and the security chip endorsement public key EK of the security chip; the sixth decryption module, which is used by the third-party certificate server to endorse the security chip The public key EK decrypts the platform identity public key AIK of the user process to obtain the identity tag of the user process, and uses the platform identity public key AIK of the user process to decrypt the identity content information to obtain decryption information; the fourth determination module uses the If the chip identification contained in the decryption information is consistent with the chip identification recorded in the endorsement certificate, and / or the identity tag of the user process included in the decryption information is consistent with the identity tag recorded in the endorsement certificate, the third-party certificate server determines the user process The public and private key pair of the platform identity is generated by a legitimate security chip. What needs to be explained here is that the above-mentioned fifth decryption module, sixth decryption module, and fourth determination module may correspond to steps S132 to S136 in Embodiment 2. The three modules and the corresponding steps are implemented by The examples and application scenarios are the same, but are not limited to the content disclosed in the above embodiment 2. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment. In an optional embodiment, the device further includes: a fourth encryption module, which is used by a third-party certificate server to encrypt a predetermined data set by using a certificate public key to generate an identity certificate, where the predetermined data set includes : The user process ’s identity tag, the user process ’s platform identity public key, the user process ’s identity tag, and the third-party certificate server ’s identification information; the fifth encryption module is used by the third-party certificate server to endorse the public key pair with a security chip The identity certificate is encrypted, and the encrypted result is distributed to the at least one user terminal. It should be noted here that the above-mentioned fourth encryption module and fifth encryption module may correspond to steps S142 to S144 in Embodiment 2. The examples and application scenarios implemented by the two modules and the corresponding steps are the same. However, it is not limited to the content disclosed in the second embodiment. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment. In an optional embodiment, the above device further includes: a fourth sending module, configured to forward the identity certificate to the security chip by the user terminal receiving the identity certificate; and a seventh decryption module, which is used by the security chip to use the security chip The endorsed private key decrypts the encrypted identity certificate to obtain the identity certificate. It should be noted here that the above-mentioned fourth sending module and seventh decryption module may correspond to steps S152 to S154 in Embodiment 2. The two modules are the same as the examples and application scenarios implemented by the corresponding steps. However, it is not limited to the content disclosed in the second embodiment. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment. In an optional embodiment, the above device further includes a processing module for the security chip to encrypt the identity certificate by using the first random number, and sends the encrypted result to the user terminal. The first random number is decrypted to obtain an identity certificate.需要 It should be noted here that the above processing module may correspond to step S156 in Embodiment 2. This module is the same as the example and application scenario implemented by the corresponding steps, but is not limited to the content disclosed in the above Embodiment 2. It should be noted that, as a part of the device, the above module can be run in the computer terminal 60 provided in the second embodiment. Embodiment 4 的 An embodiment of the present invention may provide a computer terminal, and the computer terminal may be any computer terminal device in a computer terminal group. Optionally, in this embodiment, the computer terminal described above may also be replaced with a terminal device such as a mobile terminal. Optionally, in this embodiment, the computer terminal may be located in at least one network device among multiple network devices in a computer network. In this embodiment, the computer terminal may execute the program code of the following steps in the information security verification method of the application program: the user terminal sends the encrypted information set to the security chip, where the information set includes: a first random number; The user terminal receives the identity data returned by the security chip, where the identity data includes: an endorsement certificate of the security chip encrypted using the first random number, identity content information including the chip identification of the security chip, and information based on the first random number and the second The public key of the platform identity of the user process generated by the random number; the user terminal decrypts the identity data according to the first random number to obtain a first decryption result, wherein the first decryption result includes: decrypting the encrypted endorsement certificate, and / or The identity content information is decrypted; the user terminal determines whether the security chip is a legitimate chip according to the first decryption result. Optionally, FIG. 18 is a structural block diagram of a computer terminal according to an embodiment of the present invention. As shown in FIG. 18, the computer terminal A may include: one or more processors (only one is shown in the figure), a processor 181, a memory 183, and a transmission device 185. The memory can be used to store software programs and modules, such as information security verification methods and device program corresponding instructions / modules in the embodiments of the present invention. The processor runs the software programs and modules stored in the memory. Therefore, various functional applications and data processing are performed, that is, the above-mentioned information security verification method is implemented. The memory may include high-speed random memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory may further include a memory remotely disposed with respect to the processor, and these remote memories may be connected to the terminal A through a network. Examples of the above network include, but are not limited to, the Internet, an intranet, an intranet, a mobile communication network, and combinations thereof. The processor may call the information and application programs stored in the memory through the transmission device to perform the following steps: the user terminal sends the encrypted information set to the security chip, wherein the information set includes: the first random number; the user terminal receives security The identity data returned by the chip, wherein the identity data includes: an endorsement certificate of the security chip encrypted using the first random number, identity content information including the chip identification of the security chip, and information generated based on the first random number and the second random number The platform identity public key of the user process; the user terminal decrypts the identity data according to the first random number to obtain a first decryption result, where the first decryption result includes: decrypting the encrypted endorsement certificate, and / or identity content information Decryption is performed; the user terminal determines whether the security chip is a legitimate chip according to the first decryption result. Optionally, the processor may further execute the program code of the following steps: the user terminal uses the security chip to endorse the public key EK to encrypt the information set, wherein the information set further includes: the identification information of the user process running on the user terminal and the first Information for a three-party certificate server. Optionally, the processor may further execute the program code of the following steps: the security chip uses the security chip endorsement private key corresponding to the security chip endorsement public key to decrypt the encrypted information set to obtain the information set; upon obtaining the second information set, After the random number, the security chip generates the platform identity public key, platform identity private key, and identity content information of the user process based on the information set, the second random number, and the private key endorsed by the security chip, and uses the first random number to endorse the security chip. Encryption; the security chip sends at least the following information to the user terminal: identity content information, encrypted endorsement certificate and platform identity public key. Optionally, the processor may further execute the program code of the following steps: decrypt the encrypted endorsement certificate using the first random number to obtain the endorsement certificate; obtain the public key of the security chip endorsement according to the endorsement certificate, and verify the legitimacy of the endorsement certificate Use the security chip endorsement public key to decrypt the platform identity public key to get the third decryption result. Optionally, the processor may further execute the program code of the following steps: verifying whether the third decryption result includes the first random number; if the third decryption result includes the first random number, determining that the security chip is a legitimate chip. Optionally, the processor may further execute the program code of the following steps: if the third decryption result includes the first random number, and the chip identifier included in the identity content information is consistent with the chip identifier recorded in the endorsement certificate, determine security The wafer is a legal wafer. Optionally, the processor may further execute the program code of the following steps: the user terminal encrypts the endorsement certificate of the security chip by using the public key of the certificate provided by the third-party certificate server, and obtains the encryption result of the endorsement certificate; The certificate server sends the information to be verified. The information to be verified includes at least the following information: the encryption result of the endorsement certificate, the identity tag of the user process running on the user terminal, the identification information of the third-party certificate server, and the chip containing the security chip. The identified identity content information and the platform identity public key of the user process generated based on the first random number and the second random number. Optionally, the processor may further execute the program code of the following steps: the third-party certificate server uses the private certificate of the certificate corresponding to the public key of the certificate to decrypt the encrypted result of the endorsed certificate to obtain a fourth decryption result, wherein the fourth The decryption results include: the endorsement certificate of the security chip, the identity tag of the user process, and the public key EK of the security chip. The third-party certificate server uses the public key of the security chip to decrypt the platform identity public key of the user process to obtain the user. The process ’s identity tag and the user ’s platform identity public key are used to decrypt the identity content information to obtain the decrypted information; if the chip identification contained in the decrypted information matches the chip identification recorded in the endorsement certificate, and / or the decrypted information contains The identity tag of the user process is consistent with the identity tag recorded in the endorsement certificate, and the third-party certificate server determines that the platform identity public and private key pair of the user process is generated by a legitimate security chip. Optionally, the processor may further execute the program code of the following steps: the third-party certificate server uses the certificate public key to encrypt a predetermined data set to generate an identity certificate, where the predetermined data set includes an identity tag of a user process , The user ’s platform identity public key, the user ’s identity tag, and the identification information of the third-party certificate server; the third-party certificate server uses the security chip endorsement public key to encrypt the identity certificate, and distributes the encryption result to at least the identity certificate A user terminal. Optionally, the processor may further execute the program code of the following steps: the user terminal receiving the identity certificate forwards the identity certificate to the security chip; the security chip uses the security chip endorsement private key to decrypt the encrypted identity certificate to obtain the identity certificate. Optionally, the processor may further execute the program code of the following steps: the security chip encrypts the identity certificate by using the first random number, and sends the encryption result to the user terminal, so that the user terminal decrypts using the first random number stored locally Get an identity certificate. Those of ordinary skill in the art can understand that the structure shown in FIG. 18 is only an illustration, and the computer terminal may also be a smart phone (such as an Android phone, an iOS phone, etc.), a tablet computer, an applause computer, and a mobile Internet device (Mobile Internet Devices, MID), PAD and other terminal equipment. FIG. 18 does not limit the structure of the electronic device. For example, the computer terminal 18 may also include more or fewer components (such as a network interface, a display device, etc.) than those shown in FIG. 18, or have a different configuration from that shown in FIG. 18. Those of ordinary skill in the art can understand that all or part of the steps in the various methods of the above embodiments can be completed by a program instructing the hardware related to the terminal device. The program can be stored in a computer-readable storage medium, and the storage medium can Including: flash memory, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk, etc. Embodiment 5 的 An embodiment of the present invention also provides a storage medium. Optionally, in this embodiment, the foregoing storage medium may be used to store program code executed by the information security verification method provided in the foregoing Embodiment 2. Optionally, in this embodiment, the foregoing storage medium may be located in any computer terminal in a computer terminal group in a computer network, or in any mobile terminal in a mobile terminal group. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the user terminal sends the encrypted information set to the security chip, where the information set includes: a first random number; a user The terminal receives the identity data returned by the security chip, where the identity data includes: an endorsement certificate of the security chip encrypted using the first random number, identity content information including the chip identification of the security chip, and information based on the first random number and the second random number The public key of the platform identity of the user process generated by the number; the user terminal decrypts the identity data according to the first random number to obtain a first decryption result, wherein the first decryption result includes: decrypting the encrypted endorsement certificate, and / or The identity content information is decrypted; the user terminal determines whether the security chip is a legitimate chip according to the first decryption result. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the user terminal encrypts the information set by using a secure chip endorsement public key, wherein the information set further includes: running on the user terminal User process identification information and third-party certificate server information. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the security chip uses the security chip endorsement private key corresponding to the security chip endorsement public key to decrypt the encrypted information set, Get the information set; after obtaining the second random number, the security chip endorses the private key EK according to the information set, the second random number, and the security chip^-1 Generate the platform identity public key, platform identity private key, and identity content information of the user process, and use the first random number to encrypt the endorsement certificate of the security chip; the security chip sends at least the following information to the user terminal: identity content information, encrypted Endorsement certificate and platform identity public key. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: decrypting the encrypted endorsement certificate using the first random number to obtain the endorsement certificate; and obtaining the security chip endorsement according to the endorsement certificate Public key EK, and verify the legitimacy of the endorsement certificate; use the security chip endorsement public key to decrypt the platform identity public key to obtain the third decryption result. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: verifying whether the third decryption result includes the first random number; if the third decryption result includes the first random number, It is determined that the security chip is a legal chip. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: if the third decryption result includes the first random number, and the chip identification and endorsement certificate included in the identity content information If the recorded wafer IDs are consistent, the security wafer is determined to be a legitimate wafer. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the user terminal encrypts the endorsement certificate of the security chip by using the public key of the certificate provided by the third-party certificate server to obtain the endorsement certificate The encryption result of the user terminal; the user terminal sends the information to be verified to the third-party certificate server. The information to be verified includes at least the following information: the encryption result of the endorsement certificate, the identity tag of the user process running on the user terminal, and the third-party certificate server's The identification information, the identity content information including the chip identification of the security chip, and the platform identity public key of the user process generated based on the first random number and the second random number. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the third-party certificate server uses the certificate private key corresponding to the certificate public key to decrypt the encrypted result of the endorsement certificate, and obtains The fourth decryption result, wherein the fourth decryption result includes: the endorsement certificate of the security chip, the identity tag of the user process, and the public key of the security chip endorsement; the third-party certificate server uses the security chip endorsement public key to the platform of the user process The identity public key is decrypted to obtain the identity tag of the user process, and the identity content information of the user process is used to decrypt the identity content information to obtain the decryption information; if the chip identification contained in the decryption information is consistent with the chip identification recorded in the endorsement certificate , And / or the identity tag of the user process included in the decryption information is consistent with the identity tag recorded in the endorsement certificate, and the third-party certificate server determines that the platform identity public and private key pair of the user process is generated by a legitimate security chip. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the third-party certificate server uses the certificate public key to encrypt a predetermined data set to generate an identity certificate, where the predetermined The data set includes: the identity tag of the user process, the platform identity public key of the user process, the identity tag of the user process, and the identification information of the third-party certificate server; the third-party certificate server uses the security chip endorsement public key to encrypt the identity certificate, The encrypted result is distributed to at least one user terminal. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the user terminal that receives the identity certificate forwards the identity certificate to the security chip; the security chip uses the security chip to endorse the private key pair for encryption The identity certificate is decrypted to obtain the identity certificate. Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps: the security chip uses the first random number to encrypt the identity certificate, and sends the encryption result to the user terminal, so that the user terminal The identity certificate is obtained by decrypting the first random number stored locally.序号 The sequence numbers of the above embodiments of the present invention are only for description, and do not represent the advantages and disadvantages of the embodiments. In the above embodiments of the present invention, the description of each embodiment has its own emphasis. For a part that is not described in detail in an embodiment, reference may be made to related descriptions in other embodiments. In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. The device embodiments described above are only schematic. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner. For example, multiple units or components may be combined or integrated into Another system, or some features, can be ignored or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, units or modules, and may be electrical or other forms. The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, which may be located in one place, or may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objective of the solution of this embodiment. In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist separately physically, or two or more units may be integrated into one unit. The above integrated unit may be implemented in the form of hardware or in the form of software functional unit. If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention essentially or part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, which is stored in a storage medium, Several instructions are included to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method described in various embodiments of the present invention. The aforementioned storage media include: U disks, Read-Only Memory (ROM), Random Access Memory (RAM), removable hard disks, magnetic disks, or optical disks, which can store various program codes The medium. The above is only a preferred embodiment of the present invention. It should be noted that for those of ordinary skill in the art, without departing from the principles of the present invention, several improvements and retouches can be made. These improvements and retouches also It should be regarded as the protection scope of the present invention.

S202～S212‧‧‧步驟S202 ～ S212‧‧‧step

301‧‧‧終端301‧‧‧Terminal

303、703‧‧‧伺服器303, 703‧‧‧ servers

40‧‧‧移動終端40‧‧‧mobile terminal

402‧‧‧處理器402‧‧‧Processor

404‧‧‧記憶體404‧‧‧Memory

501‧‧‧安全晶片501‧‧‧security chip

503‧‧‧用戶終端503‧‧‧user terminal

505‧‧‧第三方證書伺服器505‧‧‧Third-party certificate server

U‧‧‧用戶進程U‧‧‧User Process

T‧‧‧安全晶片T‧‧‧security chip

PCA‧‧‧可信第三方PCA‧‧‧Trusted Third Party

60、701‧‧‧計算機終端60、701‧‧‧Computer terminal

602a、602b、602n‧‧‧處理器602a, 602b, 602n‧‧‧ processors

604‧‧‧記憶體604‧‧‧Memory

606‧‧‧傳輸裝置606‧‧‧ transmission device

S802～S808‧‧‧步驟S802 ～ S808‧‧‧step

S902～S906‧‧‧步驟S902 ～ S906‧‧‧step

S102～S106‧‧‧步驟Steps S102 ～ S106‧‧‧‧

S112、S114‧‧‧步驟S112, S114‧‧‧ steps

S122、S124‧‧‧步驟S122, S124‧‧‧ steps

S132～S136‧‧‧步驟S132 ～ S136‧‧‧step

S142、S144‧‧‧步驟Steps S142, S144‧‧‧‧

S152～S156‧‧‧步驟S152 ～ S156‧‧‧step

S162～S176‧‧‧步驟S162 ～ S176‧‧‧step

171‧‧‧第一發送模組171‧‧‧First sending module

173‧‧‧接收模組173‧‧‧Receiving module

175‧‧‧第一解密模組175‧‧‧The first decryption module

177‧‧‧第一確定模組177‧‧‧First Confirmation Module

181‧‧‧處理器181‧‧‧Processor

183‧‧‧記憶體183‧‧‧Memory

185‧‧‧傳輸裝置185‧‧‧Transmission device

A‧‧‧計算機終端A‧‧‧Computer Terminal

此處所說明的圖式用來提供對本發明的進一步理解，構成本申請的一部分，本發明的示意性實施例及其說明用於解釋本發明，並不構成對本發明的不當限定。在圖式中：　　圖1是根據現有技術的一種可選的TCG信任鏈示意圖；　　圖2是根據現有技術的一種平台身份密鑰及證書分發過程示意圖；　　圖3是本發明實施例的一種用於實現資訊安全的驗證系統的硬體環境示意圖；　　圖4是根據本發明實施例的一種用於資訊安全的驗證系統的移動終端的硬體結構方塊圖；　　圖5是根據本發明實施例的一種資訊安全的驗證系統示意圖；　　圖6是根據本發明實施例的一種用於實現資訊安全的驗證方法的計算機終端的硬體結構方塊圖；　　圖7是本發明實施例的一種用於實現資訊安全的驗證方法的硬體環境示意圖；　　圖8是根據本發明實施例的一種資訊安全的驗證方法的流程圖；　　圖9是根據本發明實施例的一種可選的資訊安全的驗證方法的流程圖；　　圖10是根據本發明實施例的一種可選的資訊安全的驗證方法的流程圖；　　圖11是根據本發明實施例的一種可選的資訊安全的驗證方法的流程圖；　　圖12是根據本發明實施例的一種可選的資訊安全的驗證方法的流程圖；　　圖13是根據本發明實施例的一種可選的資訊安全的驗證方法的流程圖；　　圖14是根據本發明實施例的一種可選的資訊安全的驗證方法的流程圖；　　圖15是根據本發明實施例的一種可選的資訊安全的驗證方法的流程圖；　　圖16是根據本發明實施例的一種可選的平台身份密鑰與證書分發過程示意圖；　　圖17是根據本發明實施例的一種資訊安全的驗證裝置示意圖；以及　　圖18是根據本發明實施例的一種計算機終端的結構方塊圖。The drawings described herein are used to provide a further understanding of the present invention and constitute a part of the present application. The schematic embodiments of the present invention and the descriptions thereof are used to explain the present invention, and do not constitute an improper limitation on the present invention. In the drawings: FIG. 1 is a schematic diagram of an optional TCG trust chain according to the prior art; FIG. 2 is a schematic diagram of a platform identity key and certificate distribution process according to the prior art; FIG. 3 is an embodiment of the present invention. Schematic diagram of the hardware environment for an information security verification system; FIG. 4 is a block diagram of the hardware structure of a mobile terminal for an information security verification system according to an embodiment of the invention; FIG. 5 is an information system according to an embodiment of the invention Schematic diagram of a secure authentication system; FIG. 6 is a block diagram of a hardware structure of a computer terminal for implementing a method for verifying information security according to an embodiment of the present invention; FIG. 7 is a method for implementing information security verification according to an embodiment of the present invention Schematic diagram of the hardware environment of the method; FIG. 8 is a flowchart of an information security verification method according to an embodiment of the present invention; FIG. 9 is a flowchart of an optional information security verification method according to an embodiment of the present invention; FIG. 10 An optional information security verification according to an embodiment of the present invention的 FIG. 11 is a flowchart of an optional information security verification method according to an embodiment of the present invention; FIG. 12 is a flowchart of an optional information security verification method according to an embodiment of the present invention; FIG. 13 is a flowchart of an optional information security verification method according to an embodiment of the present invention; FIG. 14 is a flowchart of an optional information security verification method according to an embodiment of the present invention; FIG. 15 is implemented according to the present invention An example flowchart of an optional information security verification method; FIG. 16 is a schematic diagram of an optional platform identity key and certificate distribution process according to an embodiment of the present invention; FIG. 17 is an information security according to an embodiment of the present invention And FIG. 18 is a block diagram showing a structure of a computer terminal according to an embodiment of the present invention.

Claims

An information security verification method, comprising: a user terminal sends an encrypted information set to a security chip, wherein the information set includes at least: a first random number; the user terminal receives identity data returned by the security chip , Wherein the identity data includes: an endorsement certificate of the security chip encrypted using the first random number, identity content information including a chip identification of the security chip, and the security chip generated for a user process running on the user terminal The public key of the platform identity; the user terminal decrypts the identity data according to the first random number to obtain a first decryption result, wherein the first decryption result includes a result of decrypting the encrypted endorsement certificate, and / Or the result of decrypting the identity content information; the user terminal determines whether the security chip is a legitimate chip according to the first decryption result.

The method according to claim 1, wherein the user terminal sends the encrypted information set to the security chip, including: the user terminal encrypts the information set using a security chip endorsement public key, wherein the information set further includes: The identification information of the user process running on the user terminal and the information of the third-party certificate server.

The method according to claim 2, wherein before the user terminal receives the identity data returned by the security chip, the method further includes: The security chip uses a security chip endorsement private key corresponding to the security chip endorsement public key to the The encrypted information set is decrypted to obtain the information set; After obtaining the second random number, the security chip generates the platform identity of the user process based on the information set, the second random number, and the private key endorsed by the security chip. Key, platform identity private key, and the identity content information, and use the first random number to encrypt the endorsement certificate of the security chip; The security chip sends at least the following information to the user terminal: the identity content information, the encrypted content Endorsement certificate and the platform's identity public key.

The method according to claim 3, wherein the user terminal decrypts the identity data according to the first random number to obtain a first decryption result, including: 解密 decrypting the encrypted endorsement certificate using the first random number, Obtain the endorsement certificate; 得到 obtain the public key of the security chip endorsement according to the endorsement certificate and verify the legitimacy of the endorsement certificate; 解密 use the public key of the security chip endorsement to decrypt the platform identity public key to obtain a third decryption result.

The method according to claim 4, wherein the user terminal determines whether the secure chip is a legal chip according to the first decryption result, including: verifying whether the third decryption result includes the first random number; if the first If the three decryption results include the first random number, it is determined that the security chip is a legitimate chip.

The method according to claim 5, wherein if the third decryption result includes the first random number, and the chip identifier included in the identity content information is consistent with the chip identifier recorded in the endorsement certificate, determining the security The wafer is a legal wafer.

The method according to any one of claims 1 to 6, wherein after the user terminal determines whether the security chip is a legitimate chip according to the first decryption result, the method further includes: the user terminal uses a third-party certificate The certificate public key provided by the server encrypts the endorsement certificate of the security chip to obtain the encryption result of the endorsement certificate; The user terminal sends information to be verified to the third-party certificate server, and the information to be verified includes at least the following information : The encryption result of the endorsement certificate, the identity tag of the user process running on the user terminal, the identification information of the third-party certificate server, the identity content information including the chip identification of the security chip, and the security chip as the user process Generated platform identity public key.

The method according to claim 7, wherein after the user terminal sends the information to be verified to the third-party certificate server, the method further includes: the third-party certificate server uses a certificate private corresponding to the certificate public key The key decrypts the encryption result of the endorsement certificate to obtain a fourth decryption result, where the fourth decryption result includes: the endorsement certificate of the security chip, the identity tag of the user process, and the public key of the security chip endorsement; the third party The certificate server uses the security chip endorsement public key to decrypt the platform identity public key of the user process to obtain the identity tag of the user process, and uses the platform identity public key of the user process to decrypt the identity content information to obtain decryption ； If the chip identification contained in the decrypted information is consistent with the chip identification recorded in the endorsement certificate, and / or the identity tag of the user process included in the decrypted information is consistent with the identity label recorded in the endorsement certificate, the third party The certificate server determines that the platform identity public and private key pair of the user process is legitimate Safety wafer produced.

The method according to claim 8, wherein after the third-party certificate server determines that the platform identity public and private key pair of the user process is generated by a legitimate security chip, the method further includes: the third-party certificate server uses the The certificate public key encrypts a predetermined data set to generate an identity certificate, where the predetermined data set includes: the user process's identity tag, the user process's platform identity public key, the chip identification of the security chip, and the third party Identification information of the certificate server; The third-party certificate server uses the security chip endorsement public key to encrypt the identity certificate, and distributes the encrypted result to at least one user terminal.

The method according to claim 9, wherein after the third-party certificate server distributes the identity certificate to at least one user terminal, the method further includes: 的 The user terminal that received the identity certificate forwards the identity certificate to the security Chip; The security chip uses the security chip endorsement private key to decrypt the encrypted identity certificate to obtain the identity certificate.

The method according to claim 10, wherein after the security chip uses the security chip endorsement private key to decrypt the encrypted identity certificate and obtain the identity certificate, the method further comprises: the security chip adopts the first random The identity certificate is encrypted by the number and the encryption result is sent to the user terminal, so that the user terminal decrypts the first random number stored locally to obtain the identity certificate.

An information security verification device, comprising: a first sending module for a user terminal to send an encrypted information set to a security chip, wherein the information set includes at least: a first random number; a receiving module For the user terminal to receive the identity data returned by the security chip, wherein the identity data includes: an endorsement certificate of the security chip encrypted using the first random number, and identity content information including the chip identification of the security chip And the public key of the platform identity generated by the security chip for the user process running on the user terminal; a first decryption module for the user terminal to decrypt the identity data according to the first random number to obtain a first decryption result, where The first decryption result includes: a result of decrypting the encrypted endorsement certificate, and / or a result of decrypting the identity content information; a first determining module for the user terminal according to the first decryption result Determine if the security chip is a legitimate chip.

An information security verification system, comprising: security chip; a user terminal for sending an encrypted information set to the security chip, receiving identity data returned by the security chip, and according to a first randomness of the information set The identity data is decrypted to obtain a first decryption result, and whether the security chip is a legitimate chip is determined according to the first decryption result; wherein the identity information includes: an endorsement of the security chip encrypted using the first random number The certificate, the identity content information containing the chip identification of the security chip, and the platform identity public key generated by the security chip for the user process running on the user terminal, the first decryption result includes: decrypting the encrypted endorsement certificate , And / or the result of decrypting the identity content information.

The system according to claim 13, wherein the security chip is further used to decrypt the encrypted information set using the security chip endorsement private key corresponding to the security chip endorsement public key to obtain the information set, and obtain the information set. After the second random number, the platform identity public key, platform identity private key, and identity content information of the user process are generated according to the information set, the second random number, and the private key endorsed by the security chip, and the first random number is used Encrypt the endorsement certificate of the security chip; The user terminal is also used to receive at least the following information sent by the security chip: the identity content information, the encrypted endorsement certificate, and the platform identity public key.

The system according to claim 14, further comprising: a third-party certificate server that receives information to be verified sent by the user terminal, the information to be verified includes at least the following information: using the third-party certificate server The encryption result provided by the certificate public key to encrypt the endorsement certificate, the identity tag of the user process running on the user terminal, the identification information of the third-party certificate server, the identity content information containing the chip identification of the security chip, and The platform identity public key of the user process generated based on the first random number and the second random number.