Method and device for protecting secret key authorized data, and TPM (trusted platform module) secrete key management center
A key management center and authorization data technology, applied in the TPM key management center to protect the key authorization data field, can solve the problems of insecure storage of key authorization data and low security performance, so as to improve security and reduce leakage. , the effect of reducing the possibility of damage by tampering
Active Publication Date: 2015-05-13
HUAWEI TECH CO LTD
View PDF5 Cites 16 Cited by
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
[0014] The present invention provides a method, device and TPM key management center for protecting key authorization data, which are used to solve the problem that in the prior art, in an automated operation system, the key authorization data can only be stored unsafely together with the key On the static storage device of the computer, the problem of low security performance
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View moreImage
Smart Image Click on the blue labels to locate them in the text.
Smart ImageViewing Examples
Examples
Experimental program
Comparison scheme
Effect test
Embodiment Construction
[0068] Embodiments of the present invention provide a method, device, and TPM key management center (English: TPM Key Management Center, TPM-KMC for short) for protecting key authorization data. By saving the key authorization data to the TPM-KMC, Temporarily apply for authorization data to TPM-KMC when accessing the key is needed, and then delete the applied authorization data after accessing the key, thereby improving the security of the key authorization data and reducing the possibility of authorization data leakage and tampering.
[0069] The technical solutions of the present invention will be described below in conjunction with the accompanying drawings and various embodiments.
[0070] refer to figure 2 As shown, the embodiment of the present invention provides a system for protecting key authorization data, including TPM-KMC and host (English: Host) / virtual machine (English: Virtual Machine, abbreviated: VM) / terminal (English: Terminal) , where Host / VM / Terminal is a...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More PUM
Login to View More Abstract
The invention discloses a method and a device for protecting secret key authorized data, and a TPM (trusted platform module) secrete key management center. Authorization data is temporarily applied from the TPM secrete key management center when a secrete key is required to visit; after visiting the secrete key, the applied authorization data is deleted, and thus safety of the authorization data of the secrete key is improved, and possibility of leaking, falsifying and damaging the authorization data is reduced. The method comprises the following steps: a first device sends a dispatching application for authorization data to the TPM secrete key management center; the first device is a physical server, a virtual machine or a terminal integrated with the TPM functions; the first device receives the authorization data encrypted by a TPM public key of the first device and returned by the TPM secrete key management center; the first device decrypts the authorization data by a TPM private key of the first device, and visits the secrete key by the decrypted authorization data; after visiting the secrete key, the first device deletes the received authorization data.
Description
technical field [0001] The invention relates to the field of information security, in particular to a method, device and TPM key management center for protecting key authorization data. Background technique [0002] Symmetric keys, private keys, and shared secrets, which are widely used in computer systems to provide information security protection mechanisms, are all sensitive data. Once these sensitive data are leaked, the confidentiality of the encrypted data related to them will be seriously affected. Therefore, a security protection mechanism must be provided to prevent it from being stored in the system or code in plain text. To protect the confidentiality of this sensitive data, consider deploying one or more of the following safeguards: [0003] The first type: key encryption storage, in order to protect the confidentiality of symmetric keys, private keys, shared secrets, etc., these information need to be encrypted again. For example, use the key to encrypt the ke...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More Application Information
Patent Timeline
Login to View More IPC IPC(8): H04L9/08
Inventor 施迅叶思海
Owner HUAWEI TECH CO LTD