CN101951388A - Remote attestation method in credible computing environment - Google Patents
Remote attestation method in credible computing environment Download PDFInfo
- Publication number
- CN101951388A CN101951388A CN201010506796XA CN201010506796A CN101951388A CN 101951388 A CN101951388 A CN 101951388A CN 201010506796X A CN201010506796X A CN 201010506796XA CN 201010506796 A CN201010506796 A CN 201010506796A CN 101951388 A CN101951388 A CN 101951388A
- Authority
- CN
- China
- Prior art keywords
- recipient
- initiator
- credible calculating
- calculating platform
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a remote attestation method in credible computing environment, which comprises the following steps: based on the identity information of each credible computing platform, allocating an authentication card containing the private key of each credible computing platform; and between two random credible computing platforms, based on an identity cipher system and the private key of each credible computing platform, verifying the authenticity of the identities of two parties and the creditability of states. In a special network, the invention realizes the remote attestation of the credible computing platforms based on the identity cipher system, and the invention has the advantages of simple allocation, no need of a public key certificate and low communication traffic in the authentication process. The invention has great significance in application and popularization of the credible computing technology and has wider application prospects in special networks with definite superior and subordinate relation and compact control in banking systems, state organs and the like.
Description
Technical field
The present invention relates to the reliable computing technology field, relate in particular to the remote certification method in a kind of trusted computation environment.
Background technology
The credible terminal security that is calculated as provides good solution, is a research focus of information security field.Current credible calculating related industry chain forms, and a lot of producers have all released trusted terminal, comprise trusted computer, trusted servers etc.Also there are some problems but make up trustable network, wherein just have how to verify whether believable problem of the whether true and state of the other side's identity, promptly credible computing platform remote proving problem between the trusted terminal from trusted terminal.(the Trusted Computing Group of credible computation organization, be called for short TCG) credible calculating platform has been proposed based on PKIX (Public Key Infrastructure, abbreviation PKI) remote certification method and system, the PKIX framework as shown in Figure 1, each credible calculating platform links to each other with authentication center by Register Authority, and certificate repository provides online service for Register Authority with each credible calculating platform.Existing credible calculating platform and TPM (Trusted Platform Module, credible platform module) binding, TPM is the trusted root of credible calculating platform, each TPM has comprised unique EK (Endorement Key, endorsement key), EK is actual to be a public private key pair, is created by manufacturer usually, is solidificated in TPM inside and does not allow modification.In order to keep the anonymity of EK, credible calculating platform uses AIK (Attestation Identity Key in remote proving, the proof of identification key), credible calculating platform to the process of the CA of trusted third party (Certificate Authority, authentication center) application AIK certificate is:
Step 1, the platform owner uses RSA (Rivest, the Shamir ﹠amp among the TPM; Adleman) it is right that key production module generates an AIK key, and then that this key is right PKI and TPM endorsement certificate, cettificate of conformity and platform credential are packaged into an AIK request and send to the CA of trusted third party;
Step 2, the CA of trusted third party verifies by authentication certificate whether the AIK request is effective;
Step 3, checking generate an AIK certificate by the back CA of trusted third party and with own private key to the AIK certificate signature, then the AIK certificate after signing is returned to platform.
By using the AIK private key to sign and exchanging information realization remote provings such as signature and AIK certificate mutually, still there are following two problems in current this method in application, causes its practical application seldom between each credible calculating platform.
First problem is that these method and system itself are towards public network, and such as wherein having used the AIK certificate to protect privacy of user, this there is no need in dedicated network.Domestic consumer in the public network is in safety and may be easier to deflection conveniently on the balance easily, and can not force each user all to use trusted terminal in the public network, moreover, the behavior that malicious user in the public network can conscious use reliable computing technology contain oneself, therefore, these method and system are difficult to use and promote;
Second problem is that these method and system are disposed more complicated, expense costliness.
By top analysis as can be known, these method and system are difficult to use and promote, and these method and system itself are not suitable for dedicated network towards public network., therefore, thereby the safety of how to carry out credible calculating platform remote proving reinforcement dedicated network in dedicated network just becomes those skilled in the art's problem demanding prompt solution.
Summary of the invention
The technical problem to be solved in the present invention is, the remote certification method in a kind of trusted computation environment is provided, and realizes the remote proving of credible calculating platform in dedicated network based on the cryptographic system of identity, and dispose simple, the traffic is little.
The technical solution used in the present invention is that described trusted computation environment medium-long range method of proof comprises:
Identity information based on each credible calculating platform distributes the private key of credible calculating platform for it;
Based on the cryptographic system of identity and the private key of credible calculating platform, the authenticity of both sides' identity and the credibility of state are verified between any two credible calculating platforms.
Further, before the identity information based on each credible calculating platform distributed the private key of credible calculating platform for it, this method comprises carried out system configuration to the key production center in the PKIX, specifically comprises:
Steps A 1 is selected a security parameter K, produces a q rank group G1 and the 2nd q rank group G2, and a q rank group generator is P, a bilinearity mapping
Steps A 2 is selected two Hash functions: a Hash function H
1: 0,1}
*→ G1 and the 2nd Hash function H
2:
Steps A 3, selective system master key at random
Computing system PKI P
Pub=s * P, and the open PKI P of system
Pub
Further, described identity information based on each credible calculating platform distributes specifically the comprising of private key of credible calculating platform for it:
Step B1, the identity information of establishing credible calculating platform is ID, obtains the PKI Q of the credible calculating platform of described identity information correspondence by a Hash function calculation
ID=H
1(ID);
Step B2, the private key d of calculating credible calculating platform
ID=s * Q
ID
Step B3 is with the private key d of credible calculating platform
IDMode by the authentication card sends to credible calculating platform.
Further, abbreviate two credible calculating platforms that carry out remote proving as initiator and recipient, based on the private key of identification cipher system and credible calculating platform, the detailed process that the credibility of the authenticity of both sides' identity and state is verified comprises between described any two credible calculating platforms:
Step C1, the initiator sends random number and PCR (the Platforrn Configuration Regis-ters that comprises initiator's identity information, initiator's generation to the recipient, platform configuration register) the proof request of solicited message, the recipient obtains signing messages after with the private key of local terminal credible calculating platform the random number of initiator's identity information, PCR response message and both sides' generation being signed, and the random number that recipient's identity information, PCR response message and recipient are produced sends to the initiator together in company with signing messages;
Step C2, initiator search in the user identity tabulation of online data bank whether contain recipient's identity information, if having, and jump procedure C3 then, otherwise flow process finishes;
Step C3, initiator are with recipient's identity information certifying signature information, if by checking, it is real then marking recipient's identity, jump procedure C4; If by checking, it is not untrue then to mark recipient's identity, flow process finishes;
Step C4, initiator judge whether the PCR response message meets expection, if meet, it is believable then marking Recipient Status, otherwise the mark Recipient Status is incredible, and flow process finishes;
In like manner, the recipient verifies initiator's identity and state with same flow process.
Further, described PCR solicited message comprises the recipient PCR information list that the initiator need obtain, and described PCR response message comprises the recipient PCR information that the initiator need obtain.
Further, the random number that initiator's identity information, PCR response message and both sides are produced is designated as expressly m, and the random number that described both sides produce comprises the random number R that the initiator produces
ARandom number R with recipient's generation
B, the detailed process that obtains signing messages after described recipient signs to initiator's identity information, random number and PCR response message with the private key of local terminal credible calculating platform comprises:
Step D1, recipient select second random number at random
Step D2, the recipient calculates U=R
B* Q
ID, h=H
2(m, U), V=(R
B+ h) d
ID, wherein, Q
IDBe the PKI of recipient's credible calculating platform, d
IDPrivate key for recipient's credible calculating platform;
Step D3 is with the private key d of local terminal credible calculating platform
IDGeneration signing messages sig=(U, V).
Further, described initiator comprises with the detailed process of recipient's identity information certifying signature information:
Step e 1, the initiator receive signing messages sig=(U, V) after, calculate Q
ID=H
1(ID), h=H
2(m, U), wherein ID is recipient's identity information, ID and m send to the initiator with signing messages in step C1;
Step e 2, the initiator verifies equation
Whether set up, if equation is set up, then signature, otherwise signature is not by checking if passing through checking.
Adopt technique scheme, the present invention has following advantage at least:
Remote certification method in the trusted computation environment of the present invention, identity information based on each credible calculating platform distributes the private key of credible calculating platform for it, based on the private key of identification cipher system and credible calculating platform, the authenticity of both sides' identity and the credibility of state are verified between any two credible calculating platforms.In dedicated network, realize the remote proving of credible calculating platform, and dispose and simply, do not need public key certificate that the verification process traffic is little based on the cryptographic system of identity.The present invention is to the application of reliable computing technology and promote significant.Clear and definite in the superior and the subordinate such as banking system, government offices, control closely and have more wide application prospect in the dedicated network.
Description of drawings
Fig. 1 is a PKIX framework schematic diagram in the prior art;
Fig. 2 is based on the authentic authentication infrastructure framework of identity and register flow path schematic diagram;
Fig. 3 is for being finished the flow chart that system is provided with by the key production center;
To be KMC distribute the flow chart of the private key of credible calculating platform based on the identity information of each credible calculating platform for it to Fig. 4;
Fig. 5 is related infrastructure schematic diagram when carrying out remote proving between any two credible calculating platforms of equity;
Carry out the flow chart of remote proving between any two credible calculating platforms of Fig. 6 for equity.
Embodiment
Reach technological means and the effect that predetermined purpose is taked for further setting forth the present invention, below in conjunction with accompanying drawing and preferred embodiment, the present invention is described in detail as after.
Credible calculating platform mainly comprises the key production center based on the authentic authentication infrastructure of identity, Register Authority, four parts of data bank and credible calculating platform, as shown in Figure 2, basic function and existing PKIX are similar, but in the authentic authentication infrastructure that the present invention uses, replaced the CA of authentication center with the key production center, replaced certificate repository with the data bank of preserving the user identity tabulation, and the function that each part is finished and the PKIX of prior art are also inequality, concrete
The key production center: have master key, be responsible for the initialization of system parameters, make the authentication card, pass to Register Authority then according to the platform identity of submitting to.Here, the authentication card is based on the credible platform module TPM of identity, has the function of the TPM that meets the TCG standard.Include the corresponding private key of the key production center in the authentication card based on the identity information generation of credible calculating platform.It is right that the corresponding private key that the key production center generates based on the identity information of credible calculating platform has substituted EK public affairs, the private key of TPM in the prior art TCG standard.
TPM is a small-sized SOC (system on a chip) that contains crypto-operation parts and memory unit, possesses special-purpose arithmetic processor, tandom number generator, independently memory headroom, permanent storage space and bus input-output system independently.Use the cryptographic algorithm of conformance with standard standard, externally provide unsymmetrical key to generate computing, the computing of asymmetric arithmetic encryption and decryption, hash function computing, digital signature computing and random number and produce computing.
The present invention is based on the TPM functional structure basically identical of TCG standard in the TPM of identity and the prior art, the main distinction is the difference of crypto-operation parts.Password coprocessor and key generator all are the RSA Algorithms of realizing in the TCG standard, the cryptographic algorithm of realizing in the present invention is based on the TPM of identity that is based on identity.
Register Authority: accept the registration of credible calculating platform, represent credible calculating platform to generate center application authentication card, and each authentication card that will generate is issued to each credible calculating platform by the platform identity to key.
Data bank: deposit the data that the whole network user can openly visit, such as the list of identities and the system parameters that is used for signature verification of all credible calculating platforms of in system, registering.Data bank can provide online service for Register Authority and numerous credible calculating platforms usually, and the credible calculating platform user is when direct these data of visit, and authority is read-only, can not revise or delete.
Credible calculating platform: credible calculating platform must be registered in Register Authority earlier before the adding system, finally obtained an authentication card of being provided by Register Authority.The authentication card is inserted in the credible calculating platform equipment by the user, and as the trusted root of credible calculating platform, each platform should have unique authentication card.
Should be noted that the difference of user identity and credible calculating platform identity.The user who uses credible calculating platform in the present invention is that user's identity is verified by credible calculating platform oneself, do not comprise in the scope in the authentic authentication infrastructure of credible calculating platform based on identity, the supposition platform has all been finished the authentication to the user in the system.Only verify the credibility of the credible computer board state of authenticity peace of credible calculating platform identity between the credible calculating platform.
The key production center comprises based on the process of the corresponding private key of the identity information generation of credible calculating platform:
Step S101 finishes system's setting by the key production center, as shown in Figure 3, mainly carries out following steps:
Steps A 1 is selected a security parameter K, produces a q rank group G1 and the 2nd q rank group G2, and a q rank group generator is P, a bilinearity mapping
Steps A 2 is selected two Hash functions: a Hash function H
1: 0,1}
*→ G1 and the 2nd Hash function H
2:
Steps A 3, selective system master key at random
Computing system PKI P
Pub=s * P, and the open PKI P of system
Pub
Step S102, by Register Authority's public affairs public address system parameter and description of them: G1 in data bank, G2,
P, P
Pub, H
1, H
2
Step S103, KMC based on the identity information of each credible calculating platform for its distribute credible calculating platform private key detailed process as shown in Figure 4, comprising:
Step B1, the identity information of establishing credible calculating platform is ID, obtains the PKI Q of the credible calculating platform of described identity information correspondence by a Hash function calculation
ID=H1 (ID);
Step B2, the private key d of calculating credible calculating platform
ID=s * Q
ID
Step B3 is with the private key d of credible calculating platform
IDMode by the authentication card sends to the credible calculating platform user.
Fig. 5 for credible calculating platform after Register Authority succeeds in registration, related infrastructure when credible calculating platform carries out remote proving between mutually.Any two credible calculating platforms of equity are divided into initiator and recipient, and as shown in Figure 6, this proof procedure comprises following concrete steps:
Step S201, the initiator is with initiator's identity information ID
A, first random number R that produces of initiator
ASend to the recipient with a PCR solicited message Text1;
The integrity measurement value of disparate modules leaves among the different PCR on the credible calculating platform, always has 16 PCR, and the demand for security according to authentication in the application sends the PCR value of depositing in the PCR.In the present embodiment, a PCR solicited message Text1 is exactly the PCR information that the checking initiator needs the recipient that the recipient provides.And authentication blocks each the PCR value in the credible calculating platform that can calculate its place, and this is a technology well known in the art, so locate not describe in detail.
Step S202, the recipient is with recipient's identity information ID
B, second random number R that produces of recipient
B, a PCR response message PCR
BSend to the initiator with the 2nd PCR solicited message Text2;
Simultaneously, the recipient uses the private key d of local terminal credible calculating platform
IDBTo initiator's identity information ID
A, first random number R
A, second random number R
BWith a PCR response message PCR
BObtain the first signing messages sig1 after signing, the first signing messages sig1 is sent to the initiator;
With initiator's identity information ID
A, a PCR response message PCR
B, first random number R
AWith second random number R
BBe designated as expressly m.Concrete, the recipient uses the private key d of local terminal credible calculating platform
IDBTo initiator's identity information ID
A, first random number R
A, second random number R
BWith a PCR response message PCR
BThe process that obtains the first signing messages sig1 after signing comprises:
D1, recipient select second random number at random
D2, the recipient calculates U=R
B* Q
IDB, h=H
2(m, U), V=(R
B+ h) d
IDB, wherein, Q
IDBBe the PKI of recipient's credible calculating platform, d
IDBPrivate key for recipient's credible calculating platform;
D3, the recipient uses the private key d of local terminal credible calculating platform
IDBProduce the first signing messages sig1=(U, V).
Step S203, initiator search in the user identity tabulation of online data bank whether contain recipient's identity information ID
B, if having, jump procedure S204 then, otherwise flow process finishes;
Step S204, initiator recipient's identity information ID
BVerify the first signing messages sig1, if checking is passed through, illustrate that then the content of first signing messages is not distorted, it is real that the initiator marks recipient's identity; Checking is not passed through, and illustrates that then the content of first signing messages is distorted, and it is untrue that the initiator marks recipient's identity, and flow process finishes;
In this step, the initiator uses recipient's identity information ID
BThe detailed process of verifying the first signing messages sig1 is as follows:
E1, initiator receive signing messages sig=(U, V) after, calculate Q
IDB=H
1(ID
B), h=H
2(m, U), ID wherein
BBe recipient's identity information, ID
BIn step S202, send to the initiator together with m in company with the first signing messages sig1;
E2, the initiator verifies equation
Whether set up, if equation is set up, then signature, otherwise signature is not by checking if passing through checking.
Step S205, initiator judge a PCR response message PCR
BWhether meet expection, if meet, it is believable then marking Recipient Status, otherwise the mark Recipient Status is incredible, and flow process finishes; Here, normally setting a fixing PCR desired value in initiator and recipient compares with the PCR response message of receiving.
In like manner, the recipient can verify initiator's identity and state with same flow process.
The credible calculating platform of the present invention design has solved existing credible calculating platform based on two problems that exist in the remote certification method of PKI and the system's current application based on the remote certification method of identity, performance both ways:
The one, credible calculating platform is applicable to that based on the remote certification method of identity the superior and the subordinate such as military system, government offices are clear and definite, control dedicated network closely, and reliable computing technology is also promoted than being easier in dedicated network, and its reason is as follows:
1, relatively payes attention to safety in the dedicated network;
2, strengthening network security from trusted terminal may be supported energetically;
3, can force each user all to use trusted terminal;
4, use reliable computing technology can well retrain the behavior of internal user.
The 2nd, credible calculating platform is simple based on the required infrastructure deployment of the remote certification method of identity, and expense is less.
In addition, credible calculating platform has also been avoided problems such as the granting, storage, exchange of public key certificate based on the remote certification method of identity, does not need to exchange public key certificate and makes that the traffic reduces in the verification process.
By the explanation of embodiment, should be to reach technological means and the effect that predetermined purpose takes to be able to more deeply and concrete understanding to the present invention, yet appended diagram only provide with reference to the usefulness of explanation, be not to be used for the present invention is limited.
Claims (7)
1. a trusted computation environment medium-long range method of proof is characterized in that, distributes the private key of credible calculating platform based on the identity information of each credible calculating platform for it;
Based on the cryptographic system of identity and the private key of credible calculating platform, the authenticity of both sides' identity and the credibility of state are verified between any two credible calculating platforms.
2. according to the described trusted computation environment medium-long range of claim 1 method of proof, it is characterized in that, before the identity information based on each credible calculating platform distributes the private key of credible calculating platform for it, this method also comprises carries out system configuration to the key production center in the PKIX, specifically comprises:
Steps A 1 is selected a security parameter K, produces a q rank group G1 and the 2nd q rank group G2, and a q rank group generator is P, a bilinearity mapping
Steps A 2 is selected two Hash functions: a Hash function H
1: 0,1}
*→ G1 and the 2nd Hash function H
2:
Steps A 3, selective system master key at random
Computing system PKI P
Pub=s * P, and the open PKI P of system
Pub
3. according to the described trusted computation environment medium-long range of claim 2 method of proof, it is characterized in that described identity information based on each credible calculating platform distributes specifically the comprising of private key of credible calculating platform for it:
Step B1, the identity information of establishing credible calculating platform is ID, obtains the PKI Q of the credible calculating platform of described identity information correspondence by a Hash function calculation
ID=H
1(ID);
Step B2, the private key d of calculating credible calculating platform
ID=s * Q
ID
Step B3 is with the private key d of credible calculating platform
IDMode by the authentication card sends to credible calculating platform.
4. according to claim 1 or 2 or 3 described trusted computation environment medium-long range methods of proof, it is characterized in that, abbreviate two credible calculating platforms that carry out remote proving as initiator and recipient, based on the cryptographic system of identity and the private key of credible calculating platform, the detailed process that the credibility of the authenticity of both sides' identity and state is verified comprises between described any two credible calculating platforms:
Step C1, the initiator sends to the recipient and comprises initiator's identity information, the random number of initiator's generation and the proof request of platform configuration register PCR solicited message, the recipient obtains signing messages after with the private key of local terminal credible calculating platform the random number of initiator's identity information, PCR response message and both sides' generation being signed, and the random number that recipient's identity information, PCR response message and recipient are produced sends to the initiator together in company with signing messages;
Step C2, initiator search in the user identity tabulation of online data bank whether contain recipient's identity information, if having, and jump procedure C3 then, otherwise flow process finishes;
Step C3, initiator are with recipient's identity information certifying signature information, if by checking, it is real then marking recipient's identity, jump procedure C4; If by checking, it is not untrue then to mark recipient's identity, flow process finishes;
Step C4, initiator judge whether the PCR response message meets expection, if meet, it is believable then marking Recipient Status, otherwise the mark Recipient Status is incredible, and flow process finishes;
In like manner, the recipient verifies initiator's identity and state with same flow process.
5. according to the described trusted computation environment medium-long range of claim 4 method of proof, it is characterized in that, described PCR solicited message comprises the recipient PCR information list that the initiator need obtain, and described PCR response message comprises the recipient PCR information that the initiator need obtain.
6. according to the described trusted computation environment medium-long range of claim 4 method of proof, it is characterized in that the random number that initiator's identity information, PCR response message and both sides are produced is designated as expressly m, the random number that described both sides produce comprises the random number R that the initiator produces
ARandom number R with recipient's generation
B, the detailed process that obtains signing messages after described recipient signs to initiator's identity information, random number and PCR response message with the private key of local terminal credible calculating platform comprises:
Step D1, recipient select second random number at random
Step D2, the recipient calculates U=R
B* Q
ID, h=H
2(m, U), V=(R
B+ h) d
ID, wherein, Q
IDBe the PKI of recipient's credible calculating platform, d
IDPrivate key for recipient's credible calculating platform;
Step D3 is with the private key d of local terminal credible calculating platform
IDGeneration signing messages sig=(U, V).
7. according to the described trusted computation environment medium-long range of claim 6 method of proof, it is characterized in that described initiator comprises with the detailed process of recipient's identity information certifying signature information:
Step e 1, the initiator receive signing messages sig=(U, V) after, calculate Q
ID=H
1(ID), h=H
2(m, U), wherein ID is recipient's identity information, ID and m send to the initiator with signing messages in step C1;
Step e 2, the initiator verifies equation
Whether set up, if equation is set up, then signature, otherwise signature is not by checking if passing through checking.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010506796 CN101951388B (en) | 2010-10-14 | 2010-10-14 | Remote attestation method in credible computing environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010506796 CN101951388B (en) | 2010-10-14 | 2010-10-14 | Remote attestation method in credible computing environment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101951388A true CN101951388A (en) | 2011-01-19 |
| CN101951388B CN101951388B (en) | 2013-03-20 |
Family
ID=43454748
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010506796 Active CN101951388B (en) | 2010-10-14 | 2010-10-14 | Remote attestation method in credible computing environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101951388B (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594558A (en) * | 2012-01-19 | 2012-07-18 | 东北大学 | Anonymous digital certificate system and verification method of trustable computing environment |
| CN104504340A (en) * | 2014-12-25 | 2015-04-08 | 国家电网公司 | Power system security tag based mandatory access control method |
| CN104506532A (en) * | 2014-12-24 | 2015-04-08 | 北京智捷伟讯科技有限公司 | Remote proving method applicable to emergency rescue platform |
| CN104618307A (en) * | 2013-11-04 | 2015-05-13 | 航天信息股份有限公司 | Online banking transaction authentication system based on trusted computing platform |
| CN107395366A (en) * | 2017-08-08 | 2017-11-24 | 沈阳东青科技有限公司 | A kind of Efficient Remote method of proof towards industry control credible calculating platform |
| CN107846279A (en) * | 2017-11-04 | 2018-03-27 | 公安部第三研究所 | Safety block interconnection architecture system and implementation method |
| CN109714168A (en) * | 2017-10-25 | 2019-05-03 | 阿里巴巴集团控股有限公司 | Trusted remote method of proof, device and system |
| WO2019120231A1 (en) * | 2017-12-22 | 2019-06-27 | 华为技术有限公司 | Method and device for determining trust state of tpm, and storage medium |
| CN110166489A (en) * | 2019-06-24 | 2019-08-23 | 深圳开立生物医疗科技股份有限公司 | Data transmission method, system, equipment and computer media in a kind of Internet of Things |
| CN110543768A (en) * | 2019-08-23 | 2019-12-06 | 苏州浪潮智能科技有限公司 | method and system for controlling trusted root in BIOS |
| CN110635904A (en) * | 2019-09-16 | 2019-12-31 | 绍兴文理学院 | Remote attestation method and system for software-defined Internet of things node |
| CN110868415A (en) * | 2019-11-15 | 2020-03-06 | 浙江中控技术股份有限公司 | Remote identity verification method and device |
| CN112468473A (en) * | 2018-11-16 | 2021-03-09 | 创新先进技术有限公司 | Remote certification method and device for trusted application program and electronic equipment |
| CN112688782A (en) * | 2019-10-17 | 2021-04-20 | 华为技术有限公司 | Remote certification method and equipment for combined equipment |
| CN113438240A (en) * | 2021-06-25 | 2021-09-24 | 北京八分量信息科技有限公司 | Immune system and method for preventing intrusion of Internet of things information |
| CN114500054A (en) * | 2022-01-27 | 2022-05-13 | 百度在线网络技术(北京)有限公司 | Service access method, service access device, electronic device, and storage medium |
| CN114765533A (en) * | 2020-12-30 | 2022-07-19 | 科大国盾量子技术股份有限公司 | Remote certification method, device and system based on quantum key communication |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005100A1 (en) * | 2003-04-23 | 2005-01-06 | Liqun Chen | Cryptographic method and system |
| CN1859090A (en) * | 2005-12-30 | 2006-11-08 | 上海交通大学 | Encipher method and system based identity |
| CN101039182A (en) * | 2007-03-07 | 2007-09-19 | 广东南方信息安全产业基地有限公司 | Authentication system and method for issuing user identification certificate |
| CN101051901A (en) * | 2006-06-15 | 2007-10-10 | 上海交通大学 | Method and system for agent signature |
-
2010
- 2010-10-14 CN CN 201010506796 patent/CN101951388B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050005100A1 (en) * | 2003-04-23 | 2005-01-06 | Liqun Chen | Cryptographic method and system |
| CN1859090A (en) * | 2005-12-30 | 2006-11-08 | 上海交通大学 | Encipher method and system based identity |
| CN101051901A (en) * | 2006-06-15 | 2007-10-10 | 上海交通大学 | Method and system for agent signature |
| CN101039182A (en) * | 2007-03-07 | 2007-09-19 | 广东南方信息安全产业基地有限公司 | Authentication system and method for issuing user identification certificate |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102594558B (en) * | 2012-01-19 | 2014-08-06 | 东北大学 | Anonymous digital certificate system and verification method of trustable computing environment |
| CN102594558A (en) * | 2012-01-19 | 2012-07-18 | 东北大学 | Anonymous digital certificate system and verification method of trustable computing environment |
| CN104618307A (en) * | 2013-11-04 | 2015-05-13 | 航天信息股份有限公司 | Online banking transaction authentication system based on trusted computing platform |
| CN104618307B (en) * | 2013-11-04 | 2018-10-23 | 航天信息股份有限公司 | Network bank business Verification System based on credible calculating platform |
| CN104506532A (en) * | 2014-12-24 | 2015-04-08 | 北京智捷伟讯科技有限公司 | Remote proving method applicable to emergency rescue platform |
| CN104506532B (en) * | 2014-12-24 | 2018-06-26 | 北京智捷伟讯科技有限公司 | A kind of remote certification method suitable for emergency relief platform |
| CN104504340B (en) * | 2014-12-25 | 2017-07-14 | 国家电网公司 | A kind of forced access control method based on power system security label |
| CN104504340A (en) * | 2014-12-25 | 2015-04-08 | 国家电网公司 | Power system security tag based mandatory access control method |
| CN107395366A (en) * | 2017-08-08 | 2017-11-24 | 沈阳东青科技有限公司 | A kind of Efficient Remote method of proof towards industry control credible calculating platform |
| CN109714168A (en) * | 2017-10-25 | 2019-05-03 | 阿里巴巴集团控股有限公司 | Trusted remote method of proof, device and system |
| CN109714168B (en) * | 2017-10-25 | 2022-05-27 | 阿里巴巴集团控股有限公司 | Trusted remote attestation method, device and system |
| US11621843B2 (en) | 2017-10-25 | 2023-04-04 | Alibaba Group Holding Limited | Trusted remote proving method, apparatus and system |
| CN107846279A (en) * | 2017-11-04 | 2018-03-27 | 公安部第三研究所 | Safety block interconnection architecture system and implementation method |
| CN109960935A (en) * | 2017-12-22 | 2019-07-02 | 华为技术有限公司 | Determine the method, apparatus and storage medium of TPM trusted status |
| WO2019120231A1 (en) * | 2017-12-22 | 2019-06-27 | 华为技术有限公司 | Method and device for determining trust state of tpm, and storage medium |
| US11637704B2 (en) | 2017-12-22 | 2023-04-25 | Huawei Technologies Co., Ltd. | Method and apparatus for determining trust status of TPM, and storage medium |
| CN112468473A (en) * | 2018-11-16 | 2021-03-09 | 创新先进技术有限公司 | Remote certification method and device for trusted application program and electronic equipment |
| CN112468473B (en) * | 2018-11-16 | 2023-10-24 | 创新先进技术有限公司 | Remote proving method and device for trusted application program and electronic equipment |
| CN110166489A (en) * | 2019-06-24 | 2019-08-23 | 深圳开立生物医疗科技股份有限公司 | Data transmission method, system, equipment and computer media in a kind of Internet of Things |
| CN110543768A (en) * | 2019-08-23 | 2019-12-06 | 苏州浪潮智能科技有限公司 | method and system for controlling trusted root in BIOS |
| CN110543768B (en) * | 2019-08-23 | 2021-07-27 | 苏州浪潮智能科技有限公司 | Method and system for controlling trusted root in BIOS |
| CN110635904A (en) * | 2019-09-16 | 2019-12-31 | 绍兴文理学院 | Remote attestation method and system for software-defined Internet of things node |
| CN112688782A (en) * | 2019-10-17 | 2021-04-20 | 华为技术有限公司 | Remote certification method and equipment for combined equipment |
| US12113823B2 (en) | 2019-10-17 | 2024-10-08 | Huawei Technologies Co., Ltd. | Remote attestation method and device for composite device |
| CN112688782B (en) * | 2019-10-17 | 2023-09-08 | 华为技术有限公司 | Remote proving method and equipment for combined equipment |
| CN110868415A (en) * | 2019-11-15 | 2020-03-06 | 浙江中控技术股份有限公司 | Remote identity verification method and device |
| CN110868415B (en) * | 2019-11-15 | 2022-02-22 | 浙江中控技术股份有限公司 | Remote identity verification method and device |
| CN114765533A (en) * | 2020-12-30 | 2022-07-19 | 科大国盾量子技术股份有限公司 | Remote certification method, device and system based on quantum key communication |
| CN114765533B (en) * | 2020-12-30 | 2024-07-19 | 科大国盾量子技术股份有限公司 | Remote proving method, device and system based on quantum key communication |
| CN113438240A (en) * | 2021-06-25 | 2021-09-24 | 北京八分量信息科技有限公司 | Immune system and method for preventing intrusion of Internet of things information |
| CN114500054A (en) * | 2022-01-27 | 2022-05-13 | 百度在线网络技术(北京)有限公司 | Service access method, service access device, electronic device, and storage medium |
| CN114500054B (en) * | 2022-01-27 | 2024-03-01 | 百度在线网络技术(北京)有限公司 | Service access method, service access device, electronic device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101951388B (en) | 2013-03-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101951388B (en) | Remote attestation method in credible computing environment | |
| Feng et al. | P2BA: A privacy-preserving protocol with batch authentication against semi-trusted RSUs in vehicular ad hoc networks | |
| Jiang et al. | BAT: A robust signature scheme for vehicular networks using binary authentication tree | |
| Lee et al. | Toward a secure batch verification with group testing for VANET | |
| Feng et al. | An efficient privacy-preserving authentication model based on blockchain for VANETs | |
| US8225098B2 (en) | Direct anonymous attestation using bilinear maps | |
| Liu et al. | IBRS: an efficient identity-based batch verification scheme for VANETs based on ring signature | |
| CN114499952A (en) | Alliance chain consensus identity authentication method | |
| CN102546173B (en) | Digital signature system and signature method based on certificate | |
| Bayat et al. | A new and efficient authentication scheme for vehicular ad hoc networks | |
| CN104767612A (en) | Signcryption method from certificateless environment to public key infrastructure environment | |
| CN111654366B (en) | Secure bidirectional heterogeneous strong-designated verifier signature method between PKI and IBC | |
| Luo et al. | Efficient integrity auditing for shared data in the cloud with secure user revocation | |
| CN104901804A (en) | User autonomy-based identity authentication implementation method | |
| CN105141419B (en) | The attribute base endorsement method and system in large attribute domain | |
| KR20030062401A (en) | Apparatus and method for generating and verifying id-based blind signature by using bilinear parings | |
| CN110661816B (en) | Cross-domain authentication method based on block chain and electronic equipment | |
| Chen et al. | V‐LDAA: A New Lattice‐Based Direct Anonymous Attestation Scheme for VANETs System | |
| Wei et al. | On a group signature scheme supporting batch verification for vehicular networks | |
| CN109617700A (en) | Unidirectional multi-hop based on no certificate acts on behalf of weight endorsement method | |
| CN109766716A (en) | A kind of anonymous bidirectional authentication method based on trust computing | |
| Zhang et al. | Attack on Chen et al.'s certificateless aggregate signature scheme | |
| Li et al. | A Privacy‐Preserving Authentication Scheme for VANETs with Exculpability | |
| Zhang | Insecurity of a certificateless aggregate signature scheme | |
| CN110278073B (en) | Group digital signature and verification method, and equipment and device thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |