Key generation, backup and migration method and system based on trusted computing

A key generation and trusted computing technology, applied in the computer field, can solve problems such as inability to provide data security and low security of cloud storage data

Inactive Publication Date: 2012-02-15
HUAWEI TECH CO LTD +1
View PDF2 Cites 44 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the embodiment of the present invention is to provide a key generation method based on trusted computing, which aims to solve the problem of The problem of low data security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Key generation, backup and migration method and system based on trusted computing
  • Key generation, backup and migration method and system based on trusted computing
  • Key generation, backup and migration method and system based on trusted computing

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0069] Trust Platform Module (TPM for short) is a new embedded security subsystem placed in the computer, which protects the security of the terminal platform through functions such as public key authentication, integrity measurement, and remote authentication. The keys in the trusted platform module can be divided into migratory keys and non-migratory keys. The root key SRK is a non-migratory key, which is the basis for establishing a trust relationship. The binding key is a migratory key. These keys are all asymmetric keys RSA. In the embodiment of the present invention, the root key is used as the parent key to encrypt and save the generated platform migration key, and then the platform migration key is used as the parent key to the user. The transferable key is encrypted and stored, thereby constructing a key tree. There is a trust relationship between each node. Finally, the security of the key in the entire tree is guaranteed by the root key.

[0070] figure 1 The imple...

Embodiment 2

[0080] In the embodiment of the present invention, by setting the migration mode of the key and performing migration authorization on the generated key, the security characteristics of the generated key are ensured, and unauthorized users are prevented from migrating the generated key, and further Improved key security.

[0081] image 3 The implementation process of a key generation method based on trusted computing provided by the second embodiment of the present invention is shown, and the details are as follows:

[0082] In step S301, a key generation request input by a user is received.

[0083] In step S302, the trusted platform module is controlled to generate a platform transferable key, the platform transferable key is encrypted using the public key of the root key of the trusted platform module, and the ciphertext key of the platform transferable key is saved.

[0084] In step S303, the trusted platform module is controlled to generate the user's transferable key o...

Embodiment 3

[0103] Figure 4 The structure of a key generation system based on trusted computing provided by the third embodiment of the present invention is shown. For the convenience of description, only the parts related to the embodiment of the present invention are shown, wherein:

[0104] The generation request receiving unit 41 receives a key generation request input by the user. The first key generation unit 42 controls the trusted platform module to generate a platform transferable key, encrypts the platform transferable key with the public key of the root key of the trusted platform module, and saves the ciphertext of the platform transferable key. key.

[0105] The second key generation unit 43 controls the trusted platform module to generate the user's transferable key of the user, encrypts the user's transferable key with the public key of the platform's transferable key, and saves the ciphertext key of the user's transferable key. .

[0106] The third key generation unit ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention is suitable for the technical field of computers, and provides a key generation, backup and migration method and system based on trusted computing. The method comprises the following steps of: receiving a key generation request input by a user; controlling a trusted platform module to generate a platform migratory key, encrypting the platform migratory key by a public key of a root key of the trusted platform module, and storing a cipher text key of the platform migratory key; controlling the trusted platform module to generate a user migratory key, encrypting the user migratory key by using the public key of the platform migratory key, and storing the cipher text key of the user migratory key; and controlling the trusted platform module to generate a binding key of the user, and encrypting the binding key by using the public key of the user migratory key, and storing the cipher text key of the binding key. According to the method and the system, the generation, backup, recovery and migration of the key are realized based on a trusted computing module in the trusted computing, and the security of the key in the generation, backup, recovery and migration processes is improved.

Description

technical field [0001] The invention belongs to the field of computer technology, and in particular relates to a method and system for key generation, backup and migration based on trusted computing. Background technique [0002] Cloud storage is a new concept extended and developed from the concept of cloud computing. It is a system that provides data storage and business access functions to the outside world by working together through application software. [0003] With the continuous introduction of cloud computing, cloud storage and other products, the demand for data security in the cloud has become increasingly prominent. When the data is put into the cloud, the data will face security threats from all aspects, mainly in the following aspects: it is difficult for users to pass Effective technical means ensure that the cloud storage service provider (who has absolute control over the computer where the user stores the data) will not illegally obtain and use the data s...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L9/30H04L9/08H04L29/06
CPCG06F21/57H04L9/0877H04L9/0825H04L9/0836H04L9/0897H04L2209/127H04L9/14H04L9/0819H04L9/3006
Inventor 沈晴霓杨雅辉杨欣徐磊
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap