Direct anonymous attestation method applied to credible mobile terminal platform

Abstract

The invention provides a direct anonymous attestation method applied to a credible mobile terminal platform, which can realize the generation of a platform endorsement key (EK) pair, the establishment and revocation of a platform identity and the authentication of a mobile terminal identity by adopting a method based on identity signature and zero-knowledge proof signature. The method is divided into three stages, namely a system initialization stage, an identity establishment stage and an identity verification stage and comprises 9 steps in total, and the method is specifically as follows: stage 1: system initialization: step 1: performing the system initialization on a manufacturer; step 2: performing the system initialization on an identity authoritative institution; step 3: initializing an equipment EK pair; stage 2: identity establishment: step 4: sending a challenge number; step 5: making a response by terminal equipment; step 6: verifying and issuing an identity certificate; and the stage 3: identity verification: step 7: sending a challenge number; step 8: responding by the terminal equipment; and step 9: verifying the legitimacy of the identity certificate. The method provided by the invention meets the requirements of anonymous authentication for correctness, unforgeability and untraceability, and is suitable for a mobile terminal platform which has limited computational resources and is embedded with a TPM (trusted platform module).

Description

(1) Technical field [0001] The present invention relates to a direct anonymous certification method for embedding a trusted platform module (Trusted Platform Module, TPM) mobile terminal platform. The method belongs to the field of wireless local area network trusted access security. (2) Background technology [0002] With the continuous development of wireless local area network technology and the increasing popularity of mobile terminal equipment, it has gradually become a reality to access the network anytime and anywhere to obtain services. However, the security issues brought about by the openness of wireless network transmission media have become the bottleneck of applications. One of the security threats is In the wireless local area network environment, users can use any terminal device (mobile phone, Pad, notebook, etc.) Information is tampered with or stolen, etc. For example, a user uses a laptop that has been attacked to access some secret information through a ...

AI Technical Summary

Problems solved by technology

This solution has the disadvantage that every communication process needs to go through Privacy-CA, and Privacy-CA becomes the bottleneck of system security and performance

In order to make up for the above deficiencies, the TPMv1.2 specification adopts the Direct Anonymous Attestation (DAA) scheme proposed by Brickell et al. for the first time. Through the assumption of mathematical problems and the principle of knowledge proof signature, it satisfies the controllable anonymity and Under the premise of untraceability, the verification of the authenticity of the trusted platform is completed, and the participation of a trusted third party is not required in the process of signing and verification. However, the DAA scheme adopts the RSA cryptographic system and the key is too long, and the endorsement key pair ( Endorsement Key, EK) certificate management is complex, the authentication protocol interaction is complicated, and the amount of calculation is large. It is not suitable for mobile terminals with limited computing power and storage capacity.

Images