Method and apparatus for signing identity verification certificate in trusted computing

Abstract

The invention provides a method and apparatus for signing and issuing ID certificate in a credible calculation, the method comprises following steps that: public key, validity certificate and proxy authentication authoritative identification binding value of ID cipher key pair submitted by the credible calculation platform can be received by the proxy authentication authority, wherein, the validity certificate is signed and issued after the credible calculation platform is verified truly and effectively by the privacy authentication authority; if the proxy authentication authority ID binding value is matched to the proxy authentication authority oneself, so that the validity certificate is verified whether effective or not; if effective, the proxy authentication authority signs and issues the ID certificate for the public key of the ID cipher key pair. According to the invention embodiment, the true validity verification and the ID certificate of the credible calculation platform are singed and issued dividedly and are completed by the privacy authentication authority and the proxy authentication authority respectively, and the validity certificate can be used repeatedly, thereby reducing the certificate signing and issuing amount of the privacy authentication authority and alleviating the load of the privacy authentication authority.

Description

technical field [0001] The invention relates to the technical field of trusted computing, in particular to a method and device for issuing identity certificates in trusted computing. Background technique [0002] TCG (Trusted Computing Group, Trusted Computing Working Group) is an industrial standardization organization aimed at enhancing the security of various heterogeneous computing platforms. Based on the specifications of security-enhanced hardware and software, evaluation criteria have also been published to measure whether computing devices using TCG technology meet trustworthiness requirements. [0003] The TCP defined by TCG is to embed TPM (Trusted Platform Module, Trusted Platform Module) on the main board, and add TSS (Trusted Software Stack, Trusted Software Stack) to the software layer, through the mutual cooperation of TCP and TSS for the upper layer application Provide trusted computing capabilities. Among them, TCP has a platform certificate to confirm the...

AI Technical Summary

Problems solved by technology

However, since each TCP uses a different AIK certificate in each identity verification process, the privacy CA needs to participate in each TCP identity verification process, and there are a large number of TCPs in the trust domain of a privacy CA. Continuous identity verification is required for different transaction behaviors, which requires a high processing speed for the privacy CA. If the AIK request of TCP cannot be processed in time, it will easily cause congestion in the issuance process and become a performance bottleneck in the entire authentication process. bottleneck

[0010] It can be seen that the defect of the existing technology is that the privacy CA needs to participate in each identity verification process of TCP, and the load is too large

Images