Trusted cryptographic module security management method and system

Abstract

The invention relates to the technical field of information security, in particular to a trusted cryptographic module security management method and system. The authorization role comprises a password manager used for generating a trusted password module key and setting a working mode and administrator authorization data, an administrator used for generating a storage main key and user setting authorization data, and a user used for using password service; when the trusted password module is logged in, physical authorization is carried out on a password manager in a safe environment, and role identification is carried out on an administrator and a user by executing data encryption and decryption through the trusted password module. Authorization roles of the trusted password module are set as the password manager, the administrator and the user, different role tasks are distinct, and physical identification under a safe environment is carried out on the password manager, so that role setting and task distinct can be effectively ensured, illegal users are prevented from logging in and accessing the trusted password module, and role and identification security management in the trusted cryptographic module is ensured.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a method and system for security management of a trusted cryptographic module. Background technique [0002] At present, trusted computing technology has become one of the main development trends in the field of computer security. At the same time, as an information security technology recognized by the industry, it has also become the development direction of the IT industry. Compared with the passive defense of traditional security solutions that focus on defending outside and inside, and defending service facilities first and then terminal facilities, Trusted Computing realizes active defense, firstly ensuring the security of terminals, and building through components that ensure security Stronger security system. The full English name of TCM trusted cryptography module is "Trusted Cryptography Module". TCM is a hardware module of trusted computing platform, whic...

AI Technical Summary

Problems solved by technology

[0003] For the management of trusted cryptographic modules, administrators and users are usually set up, only data and access rights are set, simple password authentication and other operations are performed for users and operators, and in terms of key management, multi-type keys are usually Without a sound management system, there are potential security risks in the trusted cryptographic module, which will lead to malicious login and access by illegal users, and the risk of leakage and theft of key security parameters such as keys in the module

Images