Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Key management and method for virtual trusted platform module in cloud environment

A key management system and platform module technology, which is applied in the field of information security, can solve problems such as poor security, key information such as keys are vulnerable to attacks, and key management cannot reach the hardware security level, so as to improve security and meet privacy requirements The effect of security requirements

Active Publication Date: 2017-12-12
DATANG GAOHONG XINAN ZHEJIANG INFORMATION TECH CO LTD
View PDF9 Cites 18 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] Because the virtual trusted platform module is completely based on software implementation, it can be migrated with the migration of the virtual machine, and is not limited by the bound hardware, so it has strong flexibility. The management cannot reach the hardware security level. Compared with the hardware trusted platform module, the key information such as the key of the virtual trusted platform module is more vulnerable to attacks and has poorer security.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Key management and method for virtual trusted platform module in cloud environment
  • Key management and method for virtual trusted platform module in cloud environment
  • Key management and method for virtual trusted platform module in cloud environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0056] The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments.

[0057] Such as figure 1 As mentioned above, the key management system of the virtual trusted platform module in the cloud environment disclosed by the present invention includes a cryptographic device, a cryptographic device client, a resource management server, a server resource pool, a trusted authentication server, a certificate management server, and the like.

[0058] Cryptographic device, a password management device based on hardware, such as a portable USB cryptographic device, the key device includes a key management module, an encryption and decryption operation module, and the key management module is used to manage the key of the virtual trusted platform module, including generating a key Keys, storage keys, use keys, destruction keys, etc. The keys include root keys, virtual identity authentication keys, storage keys and other key...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a key management system and method for a virtual trusted platform module in a cloud environment. A virtual machine and the virtual trusted platform module corresponding to the virtual machine are established on a trusted host. A key management function of the virtual trusted platform module is independent and is realized by hardware password device. Key management and authentication are carried out through combination of a resource management server, a certificate management server, a trusted authentication server, and the like. Other functions of the virtual trusted platform module are realized through software. The flexibility when the virtual trusted platform module is migrated is ensured. Hardware level protection for key information such as a key can be realized. An application data symmetric key is transmitted through a confidential channel between the trusted host and a password device client, so the security of the key information such as the key is improved. The key usage and management control right can be transferred from a cloud service provider to users of the virtual machine and the virtual trusted platform module, and the key management is a non-centralized management mode.

Description

technical field [0001] The invention relates to a key management system and method for a virtual trusted platform module in a cloud environment, and belongs to the technical field of information security. Background technique [0002] The main industrial implementation of trusted computing is the hardware Trusted Platform Module (TPM: Trusted Platform Module). Due to the limitations of the trusted platform module's own performance and cost, it cannot provide sufficient trusted security services to upper-layer cloud services. For this reason, the concept of a virtual trusted platform module is proposed. It assigns a virtual trusted platform module to each virtual machine by simulating the function and interface of a hardware trusted platform module, and can realize various functions equivalent to a trusted platform module. , to solve the security issues of upper cloud services. [0003] Because the virtual trusted platform module is completely based on software implementatio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32H04L9/08
CPCH04L9/0877H04L9/0897H04L9/3234H04L9/3263H04L63/06H04L63/0823
Inventor 郑驰梁思谦
Owner DATANG GAOHONG XINAN ZHEJIANG INFORMATION TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products