Method, device and server for obtaining platform identity certificate

By using secure chips and ciphertext data generation and multi-factor authentication methods at the agent end, the security issues in the generation and transmission of platform identity certificates are resolved, enabling secure generation and transmission of identity certificates and protecting data security.

CN114065170BActive Publication Date: 2026-06-05ALIPAY (HANGZHOU) INFORMATION TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
ALIPAY (HANGZHOU) INFORMATION TECH CO LTD
Filing Date
2021-10-14
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

In existing technologies, the generation and transmission of platform identity certificates are vulnerable to security risks such as man-in-the-middle attacks and platform substitution attacks, making identity certificates susceptible to theft or tampering and failing to effectively protect data security.

Method used

The method of generating and transmitting platform identity certificates through a security chip utilizes the identification information of the security chip and the identification information of the holder to generate encrypted data. The agent and third party perform identity verification to ensure the reliability and integrity of the data.

Benefits of technology

It effectively reduces the risk of man-in-the-middle attacks and platform replacement attacks, ensures the secure generation and transmission of identity certificates, prevents theft or tampering, protects data security, and provides a good interactive experience without increasing the complexity of user operations.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN114065170B_ABST
    Figure CN114065170B_ABST
Patent Text Reader

Abstract

The present specification provides a platform identity certificate acquisition method, device and server. By performing interaction verification of identification information related to a security chip, security risks such as man-in-the-middle attacks and platform replacement attacks in the platform identity certificate acquisition process can be effectively reduced, the platform identity certificate of a target object can be efficiently and safely generated and transmitted, the platform identity certificate is prevented from being stolen or tampered with, and the data security of the target object is protected.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This manual belongs to the field of Internet technology, and in particular relates to methods, devices and servers for obtaining platform identity certificates. Background Technology

[0002] In many data interaction scenarios, in order to protect data security, the initiator of the data interaction (e.g., a user with interaction needs) often needs to obtain and use a platform identity certificate generated by a trusted third party (e.g., a bank) as credentials to prove their identity to the interaction party (e.g., a resource website) so that they can conduct specific data interactions with that party.

[0003] Currently, there is an urgent need for a method that can efficiently and securely generate and transmit platform identity certificates for target objects. Summary of the Invention

[0004] This specification provides a method, apparatus, and server for obtaining platform identity certificates, which can effectively reduce security risks such as man-in-the-middle attacks and platform substitution attacks during the acquisition of platform identity certificates, efficiently and securely generate and transmit platform identity certificates of target objects, prevent platform identity certificates from being stolen or tampered with, and protect the data security of target objects.

[0005] The method, apparatus, and server for obtaining a platform identity certificate provided in this specification are implemented as follows:

[0006] A method for obtaining a platform identity certificate, applied to a security chip, includes: receiving encrypted data of a first information set; decrypting the encrypted data of the first information set to obtain the identification information of a target object and a first random key; wherein the target object is the holder of the platform identity certificate; generating encrypted data of a second information set; wherein the second information set includes at least encrypted identity content information and encrypted identity public key; the identity content information includes at least the identification information of the target object and the identification information of the security chip; sending the encrypted data of the second information set to an agent; wherein the agent, based on the encrypted data of the second information set and after determining that a preset first identity verification has passed, generates encrypted data of a third information set; and sends the encrypted data of the third information set to a third party to generate the platform identity certificate of the target object.

[0007] A method for obtaining a platform identity certificate, applied to an agent, includes: generating encrypted data of a first information set and sending the encrypted data of the first information set to a security chip; wherein the first information set includes at least the identification information of a target object and a first random key; receiving encrypted data of a second information set; performing a preset first authentication based on the encrypted data of the second information set; generating encrypted data of a third information set if the preset first authentication is successful; and sending the encrypted data of the third information set to a third party to generate a platform identity certificate for the target object.

[0008] A method for obtaining a platform identity certificate, applied to a third party, includes: receiving encrypted data of a third information set; wherein the encrypted data of the third information set is generated by an agent after determining that a preset first identity verification has passed based on encrypted data of a second information set; performing a preset second identity verification based on the encrypted data of the third information set; and generating a platform identity certificate for the target object after determining that the preset second identity verification has passed.

[0009] A device for obtaining a platform identity certificate includes: a receiving module for receiving encrypted data of a first information set; a decryption module for decrypting the encrypted data of the first information set to obtain identification information of a target object and a first random key; wherein the target object is the holder of the platform identity certificate; a generating module for generating encrypted data of a second information set; wherein the second information set includes at least encrypted identity content information and encrypted identity public key; the identity content information includes at least identification information of the target object and identification information of a security chip; and a sending module for sending the encrypted data of the second information set to an agent; wherein the agent generates encrypted data of a third information set based on the encrypted data of the second information set, provided that a preset first identity verification has been passed; and sends the encrypted data of the third information set to a third party to generate a platform identity certificate for the target object.

[0010] A device for obtaining a platform identity certificate includes: a first generation module, configured to generate encrypted data of a first information set and send the encrypted data of the first information set to a security chip; wherein the first information set includes at least identification information of a target object and a first random key; a receiving module, configured to receive encrypted data of a second information set and perform a preset first authentication based on the encrypted data of the second information set; a second generation module, configured to generate encrypted data of a third information set if the preset first authentication is successful; and a sending module, configured to send the encrypted data of the third information set to a third party to generate a platform identity certificate for the target object.

[0011] A platform identity certificate acquisition device includes: a receiving module for receiving encrypted data of a third information set; wherein the encrypted data of the third information set is generated by an agent after determining that a preset first identity verification has passed based on the encrypted data of a second information set; a verification module for performing a preset second identity verification based on the encrypted data of the third information set; and a generation module for generating a platform identity certificate for a target object after determining that the preset second identity verification has passed.

[0012] A server includes a processor and a memory for storing processor-executable instructions, wherein the processor, when executing the instructions, implements the steps of a method for obtaining a platform identity certificate.

[0013] A computer-readable storage medium storing computer instructions thereon, which, when executed, implement the relevant steps of the method for obtaining the platform identity certificate.

[0014] The platform identity certificate acquisition method, device, and server provided in this specification allow the security chip participating in data interaction to first utilize its own identification information, combined with the identification information of the target object holding the platform identity certificate, to generate encrypted data of a corresponding second information set; this encrypted data of the second information set is then sent to the proxy. The proxy can first perform a preset first identity verification based on the encrypted data of the second information set, involving the identification information of the security chip; if the verification is successful, confirming that the identity of the security chip participating in the data interaction is reliable and accurate, it generates encrypted data of a corresponding third information set and sends this encrypted data of the third information set to a third party. The third party can first perform a preset second identity verification based on the encrypted data of the third information set, involving the identification information of the security chip; if the verification is successful, confirming that the relevant data contained in the third information set comes from a trusted security chip and that the obtained relevant data has not been tampered with, it generates a platform identity certificate for the target object and transmits the platform identity certificate to the security chip for storage and management through the proxy. This effectively reduces security risks such as man-in-the-middle attacks and platform replacement attacks during the acquisition of platform identity certificates, efficiently and securely generates and transmits platform identity certificates for the target object, prevents the target object's platform identity certificate from being stolen or tampered with, prevents the forgery of platform identity certificates, and protects the data security of the target object. Attached Figure Description

[0015] To more clearly illustrate the embodiments of this specification, the accompanying drawings used in the embodiments will be briefly introduced below. The drawings described below are only some embodiments recorded in this specification. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0016] Figure 1 This is a schematic diagram of an embodiment of the system structure of the platform identity certificate acquisition method provided in the embodiments of this specification;

[0017] Figure 2 This is a schematic diagram illustrating one embodiment of the platform identity certificate acquisition method provided in the embodiments of this specification, applied in a scenario example.

[0018] Figure 3 This is a flowchart illustrating a method for obtaining a platform identity certificate according to an embodiment of this specification;

[0019] Figure 4 This is a schematic diagram illustrating one embodiment of the platform identity certificate acquisition method provided in the embodiments of this specification, applied in a scenario example.

[0020] Figure 5 This is a flowchart illustrating a method for obtaining a platform identity certificate according to an embodiment of this specification;

[0021] Figure 6 This is a flowchart illustrating a method for obtaining a platform identity certificate according to an embodiment of this specification;

[0022] Figure 7 This is a schematic diagram of the structural composition of a server provided in one embodiment of this specification;

[0023] Figure 8 This is a schematic diagram of the structure of a platform identity certificate acquisition device provided in one embodiment of this specification. Detailed Implementation

[0024] To enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this specification, and not all embodiments. Based on the embodiments in this specification, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of this specification.

[0025] This specification provides a method for obtaining a platform identity certificate, which can be specifically applied to a system containing a server, a proxy, and a security chip. For details, please refer to... Figure 1 As shown. Clients can connect to this system through a proxy.

[0026] Specifically, the aforementioned server can be a server deployed on the side of a trusted third party (e.g., credit platform A). This trusted third party (hereinafter referred to as the third party, which can be abbreviated as PCA) can be understood as a platform that endorses users and generates platform identity certificates corresponding to those users.

[0027] The aforementioned server may specifically include a backend server deployed on a third-party side, capable of data transmission, data processing, and other functions. Specifically, the server may be, for example, an electronic device with data processing, storage, and network interaction capabilities. Alternatively, the server may be a software program running on the aforementioned electronic device, providing support for data processing, storage, and network interaction. In this embodiment, the number of servers is not specifically limited. The server may be a single server, several servers, or a server cluster formed by several servers.

[0028] The aforementioned security chip (or trusted platform module, trusted chip, such as TPM, Trusted Platform Module; or TPCM, Trusted Platform Control Module, etc., which can be denoted as T) can be specifically understood as a chip module that is bound to the trusted computing platform and is used to ensure the integrity and authenticity of data during data interaction.

[0029] The aforementioned Trusted Computing Platform (hereinafter referred to as the Computing Platform) can be specifically understood as a trusted computing system platform involving data interaction, hardware, and systems during the platform's identity certificate acquisition process. The Computing Platform may also be configured with a Platform Configuration Register (PCR) to store specific hash values ​​of the measurement results involved in the Computing Platform.

[0030] It should be added that the aforementioned security chip differs from other modules and structures on the computing platform other than the security chip itself, offering stronger confidentiality and higher security.

[0031] The aforementioned client may specifically include a front-end device deployed on the user's side, capable of data collection, data transmission, and other functions. Specifically, the client may be, for example, a desktop computer, tablet computer, laptop computer, or smartphone. Alternatively, the client may be a software application running on the aforementioned electronic devices. For example, it could be an app running on a smartphone. The user can initiate the platform identity certificate acquisition process within the system through the client and obtain the corresponding platform identity certificate through the client.

[0032] The aforementioned agent (or trusted agent, Antra-agent) can be specifically understood as a relay device or relay module that interfaces with external systems (e.g., external clients or requesters), participates in the relevant data interaction during the platform's identity certificate acquisition process, and is responsible for forwarding relevant data.

[0033] In the above system, data exchange between the security chip and the server can be conducted through a proxy. Data exchange between the client and the system can also be conducted through a proxy.

[0034] The current user L (who can be denoted as the target object) wants to access database B and obtain data resources from database B.

[0035] Based on the access rules of database B, user L needs to first obtain a platform identity certificate provided by credit platform A; only after remotely verifying his identity using this platform identity certificate can user L access database B through the client.

[0036] Before implementation, the server and agent in the system can interact with the security chip to obtain and store the endorsement public key (denoted as EK) and the security chip's endorsement certificate (denoted as Cert_EK) locally. The security chip holds and stores the endorsement private key (denoted as EK) corresponding to the aforementioned endorsement public key. -1 ).

[0037] The aforementioned endorsement certificate must contain at least the identification information of the security chip (which can be denoted as T). ID ).

[0038] The identification information of the aforementioned security chip can be understood as a data identifier that corresponds one-to-one with the security chip. Specifically, for example, the identification information of the security chip can be information such as the hardware number or physical address of the security chip, or it can be a hash value obtained by performing a hash operation on the aforementioned information, which corresponds one-to-one with the aforementioned information.

[0039] The aforementioned endorsement certificate can be pre-issued by the certificate manufacturer using its identity information (which can be denoted as MF) and the identification information of the security chip (T). ID The endorsement certificate is generated from the public key (EK) of the certifier and the private key of the certificate holder (SK(MF)). Specifically, for example, the aforementioned endorsement certificate can be generated using the following formula: Cert_EK = [T...] ID [EK,MF] SK(MF) .

[0040] In addition, the proxy can also obtain and store third-party association information, such as the third party's identification information (which can be denoted as PCA), and the third party's public key (which can be denoted as PK(PCA)), through relevant interactions with the server. The server holds and stores the third party's private key (which can be denoted as SK(PCA)). The server can also obtain and hold the certificate holder's public key (which can be denoted as PK(MF)).

[0041] In practice, when user L needs to generate a platform identity certificate, he / she can generate and send a platform identity certificate generation request to the agent in the system through the client. This generation request must at least carry user L's identification information (e.g., user L's name, username, user ID, etc., which can be denoted as L).

[0042] The agent receives and responds to the generation request. First, it parses the request to obtain the user's identification information (L). Simultaneously, it generates a first random key (which can be denoted as N1). Then, it combines the first random key, the third party's identification information (PCA), and the user L's identification information (L) to obtain a first information set, which can be represented as [L, PCA, N1]. This first information set thus includes at least the user's identification information and the first random key. (See also...) Figure 2 As shown.

[0043] Then, the agent can use the endorsement public key to encrypt the first information set, obtaining the ciphertext data of the first information set, which can be represented as: [L,PCA,N1] EK Next, the agent can send the encrypted data of the first information set to the security chip.

[0044] After receiving the encrypted data of the first information set, the security chip can first use the endorsement private key it holds to decrypt the encrypted data of the first information set to obtain the first information set; then, based on the first information set, it can obtain the user's identification information L and the first random key N1.

[0045] Furthermore, the security chip can generate a public key (which can be denoted as AK) and a private key (which can also be denoted as AK) for the user based on the user's identification information. -1 The security chip holds and stores the identity's private key.

[0046] Specifically, the security chip can store the aforementioned identity private key within the security chip to prevent the identity private key from being leaked.

[0047] Specifically, the security chip can generate a key pair corresponding to the user's identification information based on the corresponding encryption algorithm, thereby obtaining the user's public key and private key.

[0048] The security chip can also first generate a random number N'; then, based on the random number, the first random key, and the endorsement private key, generate a public key for the user's identity. For example, the public key for the user's identity can be generated according to the following formula: AK = [N1||N2||L] EK -1 Then, based on the generated public key, the corresponding private key is calculated.

[0049] Of course, the methods for generating public and private keys listed above are merely illustrative. In practice, depending on the specific circumstances and security requirements, other suitable methods can be used to generate public and private keys. This specification does not limit this approach.

[0050] After generating the user's public and private identity keys, the security chip can use the public and private identity keys and the first random key to generate the corresponding encrypted data of the second information set.

[0051] Specifically, the security chip can combine the identity public key, the user's identification information, and the security chip's identification information to obtain identity content information that binds the user's identification information and the security chip's identification information together; then, it uses the held identity private key to encrypt the information, resulting in encrypted identity content information, which can be denoted as: I = [AK, L, T] ID ] AK -1 .

[0052] Simultaneously, the security chip can use the endorsed private key to encrypt the identity public key, obtaining the encrypted identity public key, for example, it can be denoted as: [AK] EK -1 .

[0053] Next, the security chip can combine the encrypted public key, the encrypted identity content information, and the security chip's endorsement certificate to obtain a second information set; and then encrypt this second information set using the first random key to obtain the corresponding ciphertext data of the second information set, for example, it can be denoted as: [Cert_EK, [AK] EK -1 ,I] N1 Then, the encrypted data of the second information set mentioned above is sent to the agent.

[0054] After receiving the encrypted data of the second information set, the proxy can first use the encrypted data of the second information set to perform a preset first authentication involving the identification information of the security chip. This is to determine whether the identity of the security chip participating in the data interaction is reliable and accurate, and whether the received encrypted data of the second information set comes from a trusted security chip, rather than from a man-in-the-middle attack or a platform substitution attack. The preset first authentication includes at least a preset first verification and a preset second verification.

[0055] Specifically, when performing the first authentication, the agent can first try to decrypt the encrypted data of the second information set using the first random key.

[0056] If the proxy fails to decrypt the ciphertext data of the second information set using the first random key, it can be determined that the received ciphertext data of the second information set was not encrypted using the first random key. Therefore, it can be concluded that the source of the ciphertext data of the second information set is likely not the genuine secure chip, but rather a possible man-in-the-middle attack or platform substitution attack, posing a security risk. In this situation, the proxy suspends subsequent data processing to protect the user's data security.

[0057] At the agent end, the encrypted data of the second information set is decrypted using the first random key. If the decryption is successful, it can be determined that the received encrypted data of the second information set was obtained by encrypting it using the first random key. At the same time, the agent end can obtain the endorsement certificate of the security chip in the second information set, the encrypted identity content information, and the encrypted identity public key.

[0058] In this scenario, the agent can use the locally stored endorsement public key, combined with the decrypted endorsement certificate, to perform a pre-defined first verification to determine whether the decrypted endorsement certificate is correct, legal, and meets the requirements.

[0059] If the endorsement certificate is found to be non-compliant, the agent can determine that the encrypted data of the received second information set poses a security risk and suspend subsequent data processing.

[0060] Conversely, if the endorsement certificate meets the requirements, the agent can further perform a pre-defined second verification using the encrypted public key and encrypted identity content information obtained through decryption.

[0061] Specifically, the agent can use the locally stored endorsement public key to attempt to decrypt the encrypted identity public key to determine whether the decryption was successful.

[0062] If decryption fails, it can be determined that the encrypted identity public key in the second information set was not encrypted using the endorsement private key corresponding to the locally stored endorsement public key, thus confirming a security risk, and the agent will suspend subsequent data processing.

[0063] Conversely, if decryption is successful, it can be determined that the encrypted identity public key in the second information set was obtained by encrypting it using the endorsement private key corresponding to the locally stored endorsement public key. The agent can then obtain the identity public key and use it to decrypt the encrypted identity content information to obtain the identification information of the security chip.

[0064] Next, the agent can use the locally stored endorsement certificate of the security chip to verify the identification information of the decrypted security chip, in order to determine whether the identification information of the security chip contained in the endorsement certificate is consistent with the identification information obtained from decryption, or whether the difference value is less than a preset difference threshold.

[0065] If the identification information of the security chip contained in the endorsement certificate is inconsistent with the identification information obtained by decryption, or if the difference value is greater than or equal to the preset difference threshold, it can be determined that there is a security risk, and the agent will suspend subsequent data processing.

[0066] Conversely, if it is determined that the identification information of the security chip contained in the endorsement certificate is consistent with the decrypted identification information, or the difference value is less than the preset difference threshold; combined with the previously determined encrypted identity public key in the second information set is encrypted using the endorsement private key corresponding to the locally stored endorsement public key, it can be determined that the preset first identity verification is successful, and that the identity of the security chip participating in the data interaction is reliable and accurate, thereby triggering subsequent data processing.

[0067] If the initial authentication is successful, the agent can combine the security chip's endorsement certificate, the user's identifier, the user's public key, and the encrypted identity information to obtain a third information set. Then, it uses the third-party public key to encrypt the third information set, obtaining its ciphertext data, which can be represented as: [Cert_EK,L,AK,I] PK(PCA) The proxy can send the encrypted data of the aforementioned third information set to the third-party server.

[0068] After receiving the encrypted data from the third information set, the server can first use this encrypted data to perform a pre-defined second authentication involving the identification information of the security chip. This verifies the reliability and accuracy of the security chip's identity in the data interaction, and whether the received data has been tampered with, or whether there are security risks such as man-in-the-middle attacks or platform substitution attacks. Only if the pre-defined second authentication is successful will the server generate a platform identity certificate for user L.

[0069] Specifically, the server can use the third-party private key SK (PCA) it holds to attempt to decrypt the ciphertext data of the received third-party information set to determine whether the decryption was successful.

[0070] If decryption fails, it can be determined that the ciphertext data of the third information set was not encrypted using the third-party public key corresponding to the third-party private key stored locally. This indicates a security risk, and the server can suspend subsequent data processing to protect user data security.

[0071] Conversely, if decryption is successful, it can be determined that the ciphertext data of the third information set was encrypted using a third-party public key corresponding to the third-party private key stored locally; the server can obtain the endorsement certificate of the security chip in the third information set, the user's identification information, the user's identity public key, and the encrypted identity content information.

[0072] Next, considering that the endorsement certificate is generated using the certificate holder's private key, the server can use the locally stored certificate holder's public key to verify the endorsement certificate in the third information set to determine whether the decrypted endorsement certificate is legitimate and accurate. If the endorsement certificate is deemed legitimate and accurate, the verification is considered successful. Then, the user's identity public key in the third information set can be used to decrypt the encrypted identity content information to obtain the security chip's identification information and the user's identification information within the identity content information.

[0073] Furthermore, the server can compare the decrypted security chip identification information with the security chip identification information contained in the locally stored endorsement certificate. Additionally, it can compare the decrypted user identification information with the user identification information associated with the user's public key.

[0074] Through the above comparison, if the difference between the identification information is large, it is determined that the identification information is inaccurate. The verification of the identification information of the security chip in the identity content information and the identification information of the target object fails, the preset second identity verification fails, and it can be judged that there is a security risk. The server then suspends subsequent data processing.

[0075] Conversely, if the identification information is determined to be consistent, or the difference between the identification information is small, then the identification information is determined to be accurate. The identification information of the security chip in the identity content information and the identification information of the target object are verified, the preset second identity verification is passed, and then the generation of a platform identity certificate for user L can be triggered.

[0076] Specifically, the server can use the user's identification information (L), the user's public key (AK), and the security chip's identification information (T) to... IDThe corresponding platform identity certificate for user L is generated using methods such as Cert_AK.

[0077] After creating the platform identity certificate for the aforementioned user, the server can generate a second random key (which can be denoted as N2). Combining the second random key and the user's platform identity certificate yields the corresponding fourth information set; this fourth information set is then encrypted using the endorsement public key to obtain its ciphertext data, which can be represented as: [Cert_AK, N2] EK .

[0078] Simultaneously, the server can perform HMAC operations based on the user's public key and platform certificate to obtain the corresponding message authentication code; and encrypt this message authentication code using the second random key to obtain the encrypted message authentication code for the fourth information set, which can be represented as: [hmac(AK,Cert_AK)] N2 .

[0079] The aforementioned HMAC (Hash-based Message Authentication Code) can be understood as a hash-based message authentication code associated with a key. Specifically, this message authentication code can be used to verify the data integrity of the fourth information set.

[0080] Then, the server can combine the ciphertext data of the fourth information set mentioned above with the encrypted message authentication code ({[Cert_AK,N2]). EK [hmac(AK,Cert_AK)] N2 The encrypted data from the fourth information set is then sent to the agent. The agent then sends the encrypted data from the fourth information set and the encrypted message authentication code to the security chip.

[0081] After receiving the ciphertext data of the fourth information set and the encrypted message authentication code, the security chip can first use the endorsement public key to decrypt the ciphertext data of the fourth information set to obtain user L's platform identity certificate and the second random key.

[0082] Next, the security chip can first query and obtain the user's identity public key stored locally based on the authorization handle corresponding to the user's identification information L; then, it can use the aforementioned identity public key, along with the decrypted platform identity certificate and the encrypted message authentication code, to perform data integrity verification to determine whether the platform identity certificate meets the preset requirements.

[0083] When performing data integrity verification, the security chip uses the user's public key and platform identity certificate stored locally to perform HMAC operations, obtaining the corresponding HMAC value as the verification value. Simultaneously, it uses the second random key obtained through decryption to decrypt the encrypted message authentication code, obtaining the plaintext message authentication code. The message authentication code is then compared with the verification value.

[0084] Through the above comparison, if the difference between the verification value and the message authentication code is significant—for example, if the difference is greater than or equal to a preset difference threshold—it can be determined that the decrypted platform identity certificate has a security risk and may not be a legitimate platform identity certificate generated by a trusted third party. Data integrity verification fails, and the platform identity certificate is determined not to meet preset requirements. Consequently, the security chip will not save the platform identity certificate.

[0085] Conversely, if the difference between the verification value and the message authentication code is small—for example, less than a preset difference threshold—it can be determined that the decrypted platform identity certificate is a legitimate platform identity certificate generated by a trusted third party. The data integrity verification passes, and the platform identity certificate meets the preset requirements. Accordingly, the security chip can store this platform identity certificate.

[0086] While storing the platform identity certificate, the security chip can also send the platform identity certificate to the agent. The agent then sends the platform identity certificate to the client.

[0087] Furthermore, user L can send a data access request to the server of database B through a client. This data access request can carry a platform identity certificate endorsed by credit platform A as a trusted third party.

[0088] After receiving a data access request, the server of database B can verify the platform identity certificate carried in the data access request; if the verification is successful, it can allow user L to access and obtain data resources in database B through a client.

[0089] As can be seen from the above scenario examples, the platform identity certificate acquisition method provided in the embodiments of this specification can, on the one hand, effectively reduce the security risks such as man-in-the-middle attacks and platform substitution attacks during the acquisition of platform identity certificates, efficiently and securely generate and transmit the user's platform identity certificate, prevent the platform identity certificate from being stolen or tampered with, and protect the user's data security; on the other hand, it does not increase the operational complexity on the user side, and the user does not need to obtain dynamic verification codes through the client, so that the user can obtain a better interactive experience.

[0090] See Figure 3As shown in the embodiments of this specification, a method for obtaining a platform identity certificate is provided. This method is specifically applied to the security chip side. In practical implementation, the method may include the following:

[0091] S301: Receive the encrypted data of the first information set.

[0092] S302: Decrypt the ciphertext data of the first information set to obtain the identification information of the target object and the first random key; wherein, the target object is the holder of the platform identity certificate.

[0093] S303: Generate ciphertext data of a second information set; wherein the second information set includes at least encrypted identity content information and encrypted identity public key; the identity content information includes at least the identification information of the target object and the identification information of the security chip.

[0094] S304: Send the encrypted data of the second information set to the agent; wherein, the agent generates the encrypted data of the third information set based on the encrypted data of the second information set, provided that the preset first identity verification is successful; and sends the encrypted data of the third information set to a third party to generate the platform identity certificate of the target object.

[0095] In some embodiments, the target object may specifically be the holder of a platform identity certificate. The holder of a platform identity certificate may be a user, a process, an application, or something similar.

[0096] In some embodiments, the aforementioned security chip (T) may specifically be a domestic Trusted Platform Control Module (TPCM) or an international TCG standards organization Trusted Platform Module (TPM), etc. Of course, the security chips listed above applicable to the platform identity certificate acquisition method provided in the embodiments of this specification are merely illustrative. In specific implementations, depending on the specific application scenario and processing requirements, the aforementioned security chip may also include other suitable types of security chips, such as TCMs, etc.

[0097] The aforementioned security chip can be integrated into a trusted computing platform to participate in trusted computing within that platform. This trusted computing platform (or computing platform) can be understood as a trusted computing system platform encompassing hardware and systems. This trusted computing platform can be deployed on terminals, servers, or in the cloud.

[0098] The aforementioned third party can specifically be a trusted third party (PCA) with a certain level of credibility, responsible for generating the platform's identity certificate. For example, this third party could be a bank, a credit agency, a data center, etc.

[0099] The aforementioned agent (or trusted agent, Antra-agent) can be specifically understood as a data relay device or data relay module that interfaces with external systems (e.g., external clients or requesters), participates in the relevant data interaction during the platform's identity certificate acquisition process, and is responsible for forwarding relevant data.

[0100] Furthermore, the aforementioned system may also include the TSS within a TPM, or the TSB within a TPCM. Correspondingly, the agent and the security chip can exchange data via the TSS or TSB through relevant drivers. Specifically, the TSS refers to the Trusted Software Stack, and the TSB refers to the Trusted Software Base.

[0101] In some embodiments, the aforementioned proxy can also be considered an application (e.g., a target object). Accordingly, the TSS or TSB in the system can replace the proxy in the system to handle the relevant data forwarding in order to obtain the platform identity certificate.

[0102] In some embodiments, the aforementioned agent and security chip may be deployed in the same device (e.g., the same server).

[0103] In some embodiments, the identification information of the target object (which can be denoted as L) can be specifically understood as a data identifier that corresponds one-to-one with the target object. Specifically, for example, the identification information of the target object may include the name of the target object, the number of the target object, the serial number of the target object, etc.

[0104] The identification information of the aforementioned security chip (which can be denoted as T) ID Specifically, it can be understood as a data identifier that corresponds one-to-one with the security chip. For example, the identification information of a security chip may include its hardware serial number, physical address, and factory code; it may also include a data value corresponding to the aforementioned information obtained through operations (e.g., hash operations). The hardware serial number of the security chip can be obtained through corresponding hardware instructions.

[0105] In some embodiments, the first information set may include at least the identification information of the target object and a first random key (N1). Further, the first information set may also include the identification information (PCA) of the third party responsible for generating the platform identity certificate of the target object.

[0106] Specifically, the encrypted data of the aforementioned first information set can be the encrypted data sent to the security chip by the Antra-agent after encrypting the first information set using a pre-obtained endorsement public key (EK). It can be denoted as: [L, PCA, N1] EK .

[0107] Specifically, the agent can generate the encrypted data of the first information set mentioned above by receiving and responding to the request to generate the platform identity certificate of the target object.

[0108] In some embodiments, the security chip can utilize the endorsement private key (EK) it holds. -1 Decrypt the ciphertext data of the first information set to obtain the identification information of the target object and the first random key.

[0109] In some embodiments, the encrypted data for generating the second information set described above may include the following: generating the target object's public key (AK) and private key (AK) based on the target object's identification information. -1 Using the public key, private key, and first random key, the encrypted data of the second information set is generated.

[0110] In some embodiments, the above-described method of generating ciphertext data of the second information set using the identity public key, identity private key, and first random key may specifically include the following: combining the identity public key, the identification information of the target object, and the identification information of the security chip to obtain identity content information; encrypting the identity content information using the identity private key to obtain encrypted identity content information; encrypting the identity public key using the endorsement private key to obtain encrypted identity public key; combining the encrypted identity public key, the encrypted identity content information, and the endorsement certificate of the security chip to obtain the second information set; and encrypting the second information set using the first random key to obtain ciphertext data of the second information set.

[0111] In some embodiments, the second information set may include at least: encrypted identity content information (I), and encrypted identity public key ([AK]). EK -1 )wait.

[0112] The aforementioned identity information includes at least: the target object's identification information, the security chip's endorsement certificate (which can be denoted as Cert_EK), and the security chip's identification information. This allows for the introduction and binding of the security chip's identification information with the target object's identification information, enabling them to jointly participate in subsequent verification processes. This reduces security risks such as man-in-the-middle attacks and platform substitution attacks during the platform's identity certificate acquisition process, thereby improving security.

[0113] Furthermore, in addition to the target object's public key, the target object's identifier, and the security chip's identifier, the aforementioned identity information may also include identifiers such as the computing platform's registers (which can be denoted as PCR) and third-party identifiers (PCA). For example, identity information can be represented as: [AK,L,T] ID [PCR, PCA]. Accordingly, in subsequent verification, the richer identity information mentioned above can be used for more accurate verification, thereby further improving security.

[0114] In some embodiments, the ciphertext data of the second information set can specifically be the ciphertext data obtained by encrypting the second information set using the first random key, and can be represented as: {Cert_EK, [AK]} EK -1 ,I} N1 .

[0115] In some embodiments, the security chip can send the encrypted data of the second information set to the agent. The agent can first perform a preset first authentication based on the encrypted data of the second information set to determine whether the security chip participating in the data interaction is a trusted, designated security chip. If the preset first authentication is successful and the identity of the security chip participating in the data interaction is confirmed to be reliable and accurate, the agent can generate the encrypted data of the corresponding third information set and send the encrypted data of the third information set to the third party. The specific content of the preset first authentication will be explained separately later.

[0116] A third party can first perform a pre-defined second authentication based on the encrypted data of the third information set to determine whether the relevant data contained in the third information set comes from a trusted, designated security chip and whether the relevant data has been tampered with. Only if the pre-defined second authentication passes, confirming that the relevant data contained in the third information set comes from a trusted security chip and has not been tampered with, will the third party generate a platform identity certificate (which can be denoted as Cert_AK) for the target object. The specific details of the pre-defined second authentication will be explained later.

[0117] In some embodiments, after sending the encrypted data of the second information set to the agent, the method may further include the following: receiving the encrypted data of the fourth information set and the encrypted message authentication code of the fourth information set; decrypting the encrypted data of the fourth information set to obtain the platform identity certificate and the second random key of the target object; obtaining the locally stored public key of the target object; and performing data integrity verification based on the locally stored public key of the target object, the platform identity certificate, and the encrypted message authentication code to determine whether the platform identity certificate meets the preset requirements.

[0118] In some embodiments, the fourth information set mentioned above includes at least: a second random key (which may be denoted as N2) and the platform identity certificate (Cert_AK) of the target object.

[0119] The ciphertext data of the aforementioned fourth information set can specifically be the ciphertext data obtained by encrypting the fourth information set using the endorsement public key, and can be represented as [Cert_AK, N2]. EK The encrypted message authentication code for the fourth information set can be specifically represented as [hmac(AK, Cert_AK)]. N2 .

[0120] In practice, after a third party generates and obtains the platform identity certificate of the target object, it can use the encrypted data of the fourth information set and the encrypted message authentication code about the fourth information set, which can be represented as: {[Cert_AK,N2] EK [hmac(AK,Cert_AK)] N2 Then, the client sends the encrypted data of the fourth information set, along with the encrypted message authentication code for the fourth information set, to the security chip.

[0121] In some embodiments, the security chip can use the endorsement public key to decrypt the ciphertext data of the fourth information set to obtain the platform identity certificate and the second random key in the fourth information set. Then, the security chip can query and use the locally stored public key of the target object, along with the platform identity certificate and the encrypted message authentication code in the fourth information set, to perform data integrity verification to determine whether the platform identity certificate meets preset requirements.

[0122] In some embodiments, the above-mentioned data integrity verification based on the locally stored public key of the target object, the platform identity certificate, and the encrypted message authentication code to determine whether the platform identity certificate meets the preset requirements may specifically include the following: performing an HMAC operation based on the locally stored public key of the target object and the platform identity certificate to obtain the corresponding HMAC value as a verification value; decrypting the encrypted message authentication code using a second random key to obtain the message authentication code; comparing the verification value with the message authentication code; and determining that the platform identity certificate meets the preset requirements if the difference between the verification value and the message authentication code is less than a preset difference threshold.

[0123] In some embodiments, when it is determined that the platform identity certificate meets the preset requirements, the method may further include the following: storing the platform identity certificate locally and establishing a correspondence between the platform identity certificate and the identification information of the target object.

[0124] Specifically, considering that there is a correspondence between the target object's public key and its identification information, when saving the target object's platform identity certificate, a correspondence can be established between the authorized handle of the target object's public key and the target object's platform identity certificate.

[0125] In some embodiments, see Figure 4 As shown, after the security chip stores the platform identity certificate of the target object, in specific implementation, the method may further include the following: receiving a request to obtain the platform identity certificate of the target object; wherein the request carries at least an authorization handle and an authorization key of the target object's public key; responding to the request to obtain the platform identity certificate, verifying the authorization handle and authorization key of the target object's public key; if the verification is successful, performing a local query based on the authorization handle of the target object's public key to obtain the platform identity certificate of the target object; and sending the platform identity certificate of the target object to the agent.

[0126] In some embodiments, when a requester (e.g., the target object or other objects associated with the target object) needs to use the platform identity certificate of the target object, it can send a request to the security chip through a proxy to obtain the platform identity certificate of the target object.

[0127] The security chip receives and responds to the acquisition request, first verifying whether the authorization handle and authorization key of the identity public key carried in the acquisition request are accurate and valid. If the verification is successful, and it is determined that the authorization handle and authorization key of the identity public key carried in the acquisition request are accurate and valid, the security chip can retrieve the platform identity certificate of the target object stored locally by querying.

[0128] Furthermore, the security chip can use the first random key to encrypt the aforementioned platform identity certificate, obtaining the encrypted platform identity certificate, which can be denoted as: [Cert_AK] N1 Then send the encrypted platform identity certificate to the agent.

[0129] The agent can use the first random key it holds to decrypt the encrypted platform identity certificate and obtain the platform identity certificate in plaintext.

[0130] In some embodiments, the agent can provide the platform identity certificate of the target object to the client. The client can then use the obtained platform identity certificate of the target object to perform corresponding target data processing.

[0131] In some embodiments, specifically, for example, the requester can use the target object's platform identity certificate as a remote authentication to access the database as the target object and retrieve corresponding data resources from the database. As another example, the requester can also use the target object's platform identity certificate as a communication credential to establish a communication connection with a communication object (e.g., a communication device) and interact with the communication object through the connection. Yet another example is that the requester can use the target object's platform identity certificate to perform specific transaction data processing such as money transfers and shopping.

[0132] Of course, it should be noted that the target data processing using the target object's platform identity certificate listed above is only an illustrative example. In actual implementation, depending on the specific application scenario and processing requirements, the requesting party may also use the target object's platform identity certificate for other types of data processing. This specification does not limit this.

[0133] As can be seen from the above, based on the platform identity certificate acquisition method provided in the embodiments of this specification, the security chip participating in data interaction can first use its own identification information, combined with the identification information of the target object holding the platform identity certificate, to generate corresponding encrypted data of a second information set; then, the encrypted data of the second information set is sent to the proxy end. The proxy end can first perform a preset first identity verification involving the identification information of the security chip based on the encrypted data of the second information set; if the verification is successful and the identity of the security chip participating in data interaction is confirmed to be reliable and accurate, it generates encrypted data of a corresponding third information set and sends the encrypted data of the third information set to the third party. The third party can first perform a preset second identity verification involving the identification information of the security chip based on the encrypted data of the third information set; if the verification is successful and the relevant data contained in the third information set is confirmed to come from a trusted security chip and that the relevant data has not been tampered with, it generates a platform identity certificate for the target object and transmits the platform identity certificate to the security chip for storage and management through the proxy end. This effectively reduces security risks such as man-in-the-middle attacks and platform substitution attacks during the acquisition of platform identity certificates. It efficiently and securely generates and transmits platform identity certificates for the target object, preventing the theft or tampering of the target object's platform identity certificate and protecting the target object's data security. Furthermore, after generating the platform identity certificate, the third party can first generate encrypted data of a fourth information set containing the platform identity certificate, as well as an encrypted message authentication code for that fourth information set. Then, the encrypted data of the fourth information set and the encrypted message authentication code are sent to the security chip through a proxy. The security chip can verify the data integrity using locally stored data based on the received encrypted data of the fourth information set and the encrypted message authentication code. If the verification is successful, confirming that the platform identity certificate contained in the fourth information set is accurate, reliable, untampered, and meets preset requirements, the platform identity certificate is then stored locally for later use. This enables relatively secure transmission of the platform identity certificate, ensuring that the platform identity received and stored by the security chip is accurate, reliable, and untampered, effectively preventing the forgery of platform identity certificates.

[0134] See Figure 5 As shown in the embodiments of this specification, a method for obtaining a platform identity certificate is also provided. This method is specifically applied to the proxy side. In practical implementation, the method may include the following:

[0135] S501: Generate ciphertext data of the first information set and send the ciphertext data of the first information set to the security chip; wherein, the first information set includes at least the identification information of the target object and the first random key.

[0136] S502: Receive the encrypted data of the second information set; and perform a preset first authentication based on the encrypted data of the second information set.

[0137] S503: If the preset first authentication is successful, generate the encrypted data of the third information set.

[0138] S504: Send the encrypted data of the third information set to a third party to generate the platform identity certificate of the target object.

[0139] In some embodiments, the agent can interface with external systems. Specifically, the agent can receive and respond to requests from external or internal systems to generate a platform identity certificate for a target object, and generate encrypted data of a first information set.

[0140] In some embodiments, the above-mentioned generation of ciphertext data of the first information set may specifically include the following: generating a first random key; obtaining the identification information of the target object; combining the first random key and the identification information of the target object to obtain the first information set; and encrypting the first information set using an endorsement public key to obtain the ciphertext data of the first information set.

[0141] In some embodiments, the aforementioned preset first authentication may specifically be an authentication of the security chip involving identification information of the security chip. Specifically, the aforementioned preset first authentication may include at least: a preset first verification and a preset second verification.

[0142] In some embodiments, the aforementioned preset first authentication of the security chip based on the encrypted data of the second information set may specifically include the following: decrypting the encrypted data of the second information set to obtain the security chip's endorsement certificate, encrypted identity content information, and encrypted identity public key; using the locally stored endorsement public key to perform a preset first verification to determine whether the security chip's endorsement certificate meets the requirements; and if the security chip's endorsement certificate meets the requirements, performing a preset second verification based on the encrypted identity public key and the encrypted identity content information.

[0143] In some embodiments, the agent may attempt to decrypt the encrypted data of the second information set using a first random key. If decryption fails, the agent may pause subsequent data processing. If decryption succeeds, the agent may obtain the endorsement certificate (Cert_EK) of the security chip in the second information set, the encrypted identity content information (I), and the encrypted identity public key ([AK]). EK -1 ).

[0144] In some embodiments, when implementing a specific application, the agent can use the locally stored endorsement public key to compare with the endorsement certificate in the second information set to determine whether the endorsement certificate in the second information set is valid, and perform a preset first verification to determine whether the endorsement certificate of the security chip in the second information set meets the requirements.

[0145] If the first verification is successful, and the locally stored endorsement public key matches the endorsement public key contained in the endorsement certificate in the second information set, and the endorsement certificate meets the requirements, then the encrypted data of the second information set is determined to come from a trusted designated security chip, thus completing the first verification of the security chip's identity.

[0146] In some embodiments, if the endorsement certificate of the security chip is found to meet the requirements, the agent can decrypt the encrypted identity content information using the endorsement public key; obtain and use the identification information of the security chip in the identity content information to perform a preset second verification, so as to perform a second verification of the identity of the security chip.

[0147] In some embodiments, the above-mentioned second verification based on the encrypted identity public key and the encrypted identity content information may specifically include the following: processing the encrypted identity public key with the endorsement public key to determine whether decryption is successful; obtaining the identity public key if decryption is successful; decrypting the encrypted identity content information with the identity public key to obtain the identification information of the security chip; and verifying the obtained identification information of the security chip based on the locally stored endorsement certificate of the security chip.

[0148] In some embodiments, during implementation, the agent can attempt to decrypt the encrypted identity public key using a locally stored endorsement public key. If decryption fails, subsequent data processing can be paused. If decryption succeeds, the target object's identity public key can be obtained; subsequently, this identity public key can be used to decrypt the encrypted identity content information to obtain the security chip's identification information (T). ID ).

[0149] Furthermore, the proxy can compare the security chip identification information in the identity content information with the security chip identification information contained in the endorsement certificate. If it is determined that the security chip identification information in the identity content information is consistent with the security chip identification information contained in the endorsement certificate or the difference value is less than a preset difference threshold; and it is determined that in the second information set, the identity public key is the endorsement private key EK. -1 The signature confirms that the encrypted data of the second information set comes from a trusted designated security chip, completing the second verification of the security chip's identity and confirming that the preset first identity verification has passed.

[0150] In some embodiments, when performing a preset first identity verification, the identification information of the target object can be obtained from the identity content information in the second information set; then the identification information of the target object in the identity content information is compared with the identification information of the target object locally for more accurate verification.

[0151] In some embodiments, the aforementioned third information set may include at least the security chip's endorsement certificate, the target object's identification information, the target object's public key, and encrypted identity content information.

[0152] Furthermore, the aforementioned third information set may also include: information related to the computing platform where the security chip resides, and / or, third-party identification information, etc. Utilizing this third information set, which contains relatively richer and more diverse information, third parties can subsequently perform more refined and accurate pre-defined second identity verification.

[0153] The ciphertext data of the aforementioned third information set may specifically include ciphertext data obtained by encrypting the third information using a third party's public key. For example, [Cert_EK,L,AK,PCA,I,PP] PK(PCA) .

[0154] In some embodiments, the encrypted data for generating the third information set described above may include the following: combining the endorsement certificate of the security chip, the identification information of the target object, the public key of the target object, and the encrypted identity content information to obtain the third information set; encrypting the third information set using a third-party public key to obtain the encrypted data of the third information set.

[0155] In some embodiments, the proxy can send the encrypted data of the aforementioned third information set to a third party. The third party receives the encrypted data of the aforementioned third information set and performs a preset second authentication based on it. If the preset second authentication is successful, the third party generates a platform identity certificate for the target object and sends the platform identity certificate to the security chip through the proxy. The security chip can store the platform identity certificate of the target object.

[0156] In some embodiments, the method may further include the following: obtaining a request for obtaining a platform identity certificate of the target object; wherein the request carries at least an authorization handle and an authorization key of the target object's public identity key; and sending the request to the security chip.

[0157] In some embodiments, specifically when a requester needs to use the platform identity certificate of a target object, it can send a request to the proxy to obtain the platform identity certificate of the target object through a client or other port that interfaces with the proxy. The proxy can then send this request to the security chip. The security chip can receive and respond to the request, retrieve the corresponding platform identity certificate, and then provide it to the requester through the proxy. The requester can then use the platform identity certificate to perform specific target data processing.

[0158] See Figure 6 As shown in the embodiments of this specification, a method for obtaining a platform identity certificate is also provided. This method is specifically applied to a third-party side. In practical implementation, the method may include the following:

[0159] S601: Receive ciphertext data of the third information set; wherein the ciphertext data of the third information set is generated by the agent when it determines that the preset first authentication has passed based on the ciphertext data of the second information set.

[0160] S602: Perform a pre-defined second authentication based on the ciphertext data of the third information set.

[0161] S603: If the preset second authentication is successful, generate the platform identity certificate for the target object.

[0162] In some embodiments, the aforementioned pre-defined second authentication based on the encrypted data of the third information set may specifically include the following: using a third-party private key to decrypt the encrypted data of the third information set to obtain the security chip's endorsement certificate, the target object's identification information, the target object's public key, and the encrypted identity content information; using the certificate holder's public key to verify the obtained security chip's endorsement certificate; and if the security chip's endorsement certificate is verified successfully, using the public key to decrypt the encrypted identity content information to obtain the security chip's identification information and the target object's identification information from the identity content information; and verifying whether the security chip's identification information and the target object's identification information from the identity content information are accurate.

[0163] In some embodiments, during implementation, a third party may first attempt to decrypt the encrypted data of the third information set using its private key. If decryption fails, the third party may pause subsequent data processing. If decryption succeeds, the third party can obtain at least the security chip's endorsement certificate, the target object's identification information, the target object's public key, and the encrypted identity content information from the third information set.

[0164] In some embodiments, a third party may verify the endorsement certificate in a third information set by using the certificate holder's public key (PK(MF)) to verify the legitimacy of the endorsement certificate.

[0165] Once the endorsement certificate is verified, a third party can use the identity public key to decrypt the encrypted identity content information to obtain the identification information of the security chip and the identification information of the target object from the identity content information.

[0166] Furthermore, third parties can verify the security chip identification information and target object identification information in the identity content information by comparing the identification information of the security chip in the identity content information with the identification information of the security chip contained in the endorsement certificate; and by comparing the identification information of the target object in the identity content information with the identification information of the target object outside the identity content information in the third information set, in order to determine whether the security chip identification information and target object identification information in the identity content information are accurate.

[0167] If the identification information of the security chip in the identity content information is consistent with or differs from the identification information of the security chip contained in the endorsement certificate by less than a preset difference threshold; and if the identification information of the target object in the identity content information is consistent with or differs from the identification information of the target object outside the identity content information in the third information set by less than a preset difference threshold, it can be determined that the preset second authentication is successful, and that the relevant data contained in the third information set (e.g., the target object's public key) is indeed from a trusted designated security chip, and that the relevant data has not been tampered with.

[0168] In some embodiments, the third information set may further include: platform properties (PP, platform properties, other attribute information of the computing platform where the security chip is located, excluding the security chip). Accordingly, the aforementioned second authentication based on the encrypted data of the third information set may, in specific implementation, further include: verifying the platform properties in the third information set based on locally stored platform information.

[0169] Furthermore, the aforementioned third information set may specifically include the identification information of a third party. Correspondingly, the aforementioned pre-defined second identity verification based on the encrypted data of the third information set may, in practice, also include: verifying whether the identification information of the third party in the third information set is accurate.

[0170] Furthermore, the third party can also receive requests from the proxy client to generate the platform identity certificate for the target object. Accordingly, during the pre-defined second identity verification, the third party can also verify the legitimacy of the aforementioned generation request.

[0171] Through the above embodiments, third parties can perform preset second identity verification more accurately to further improve security.

[0172] In some embodiments, if the preset second authentication is successful, the third party can create a platform identity certificate (Cert_AK) for the target object based on the target object's identification information, identity public key, and security chip identification information.

[0173] Specifically, third parties can also use the target object's identification information, identity public key, security chip identification information, as well as the computing platform's register identification information (PCR), third party identification information (PCA), and computing platform association information (PP) to create a more detailed platform identity certificate for the target object.

[0174] In some embodiments, after generating the platform identity certificate of the target object, the method may further include: generating encrypted data of a fourth information set and an encrypted message authentication code for the fourth information set based on the platform identity certificate of the target object; and sending the encrypted data of the fourth information set and the encrypted message authentication code for the fourth information set to the agent.

[0175] In some embodiments, the above-described generation of the encrypted data of the fourth information set based on the platform identity certificate of the target object may specifically include the following: generating a second random key (N2); combining the second random key and the platform identity certificate of the target object to obtain the fourth information set; and encrypting the fourth information set using the endorsement public key to obtain the encrypted data of the fourth information set, for example, [Cert_AK, N2]. EK .

[0176] In some embodiments, the generation of the encrypted message authentication code for the fourth information set described above may specifically include the following: performing an HMAC operation based on the target object's public key and platform identity certificate to obtain the corresponding message authentication code; encrypting the message authentication code using a second random key to obtain the encrypted message authentication code for the fourth information set, for example, [hmac(AK,Cert_AK)]. N2 .

[0177] In some embodiments, a third party may transmit the encrypted data of the fourth information set along with the encrypted message authentication code (e.g., {[Cert_AK,N2]). EK [hmac(AK,Cert_AK)] N2 The message is forwarded to the security chip via a proxy.

[0178] After receiving the encrypted data from the fourth information set and the encrypted message authentication code, the security chip can perform verifications such as data integrity verification to check whether the public key contained in the platform's identity certificate is consistent with the public key stored locally, or whether the difference is less than a preset difference threshold. This determines whether the public key and platform identity certificate have been subjected to man-in-the-middle attacks or platform substitution attacks during transmission. Only if the above verification passes and it is determined that no man-in-the-middle attack or platform substitution attack has occurred will the security chip determine that the platform identity certificate in the received fourth information set is an accurate and reliable platform identity certificate, and then store the platform identity certificate locally for future use.

[0179] As can be seen from the above, the platform identity certificate acquisition method provided in the embodiments of this specification can effectively reduce the security risks such as man-in-the-middle attacks and platform replacement attacks during the acquisition of platform identity certificates by performing interactive verification involving the identification information of the security chip. It can efficiently and securely generate and transmit platform identity certificates for the target object, prevent the platform identity certificate of the target object from being stolen or tampered with, and protect the data security of the target object.

[0180] This specification also provides a server, including a processor and a memory for storing processor-executable instructions. Specifically, the processor can perform the following steps according to the instructions: receiving encrypted data of a first information set; decrypting the encrypted data of the first information set to obtain the identification information of a target object and a first random key; wherein the target object is the holder of a platform identity certificate; generating encrypted data of a second information set; wherein the second information set includes at least encrypted identity content information and an encrypted identity public key; the identity content information includes at least the identification information of the target object and the identification information of a security chip; sending the encrypted data of the second information set to a proxy; wherein the proxy, based on the encrypted data of the second information set and after confirming that a preset first identity verification has passed, generates encrypted data of a third information set; and sends the encrypted data of the third information set to a third party to generate a platform identity certificate for the target object.

[0181] This specification also provides another server, including a processor and a memory for storing processor-executable instructions. Specifically, the processor can perform the following steps according to the instructions: generating encrypted data of a first information set and sending the encrypted data of the first information set to a security chip; wherein the first information set includes at least the identification information of the target object and a first random key; receiving encrypted data of a second information set; performing a preset first authentication on the security chip based on the encrypted data of the second information set; if the preset first authentication is successful, generating encrypted data of a third information set; and sending the encrypted data of the third information set to a third party to generate a platform identity certificate for the target object.

[0182] This specification also provides another server, including a processor and a memory for storing processor-executable instructions. Specifically, the processor can perform the following steps according to the instructions: receiving encrypted data of a third information set; wherein the encrypted data of the third information set is generated by the agent after determining that a preset first authentication has passed based on the encrypted data of a second information set; performing a preset second authentication based on the encrypted data of the third information set; and generating a platform identity certificate for the target object after determining that the preset second authentication has passed.

[0183] To execute the above instructions more accurately, please refer to... Figure 7 As shown in the embodiments of this specification, another specific server is also provided, wherein the server includes a network communication port 701, a processor 702, and a memory 703. The above structures are connected by internal cables so that the various structures can perform specific data interaction.

[0184] Specifically, the network communication port 701 can be used to receive encrypted data of a third information set; wherein the encrypted data of the third information set is generated by the agent when it determines that the preset first authentication has passed based on the encrypted data of the second information set.

[0185] The processor 702 can be specifically used to perform a preset second authentication based on the encrypted data of the third information set; and generate a platform identity certificate for the target object if the preset second authentication is successful.

[0186] The memory 703 can be used to store the corresponding instruction program.

[0187] In this embodiment, the network communication port 701 can be a virtual port bound to different communication protocols, thereby enabling the sending or receiving of different data. For example, the network communication port can be a port responsible for web data communication, a port responsible for FTP data communication, or a port responsible for email data communication. Furthermore, the network communication port can also be a physical communication interface or communication chip. For example, it can be a wireless mobile network communication chip, such as GSM or CDMA; it can also be a Wi-Fi chip; or it can be a Bluetooth chip.

[0188] In this embodiment, the processor 702 can be implemented in any suitable manner. For example, the processor can take the form of a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro)processor, logic gates, switches, application-specific integrated circuits (ASICs), programmable logic controllers, and embedded microcontrollers, etc. This specification is not limiting.

[0189] In this embodiment, the memory 703 may include multiple layers. In a digital system, anything that can store binary data can be a memory. In an integrated circuit, a circuit with storage function but no physical form is also called a memory, such as RAM, FIFO, etc. In a system, a storage device with a physical form is also called a memory, such as a memory stick, TF card, etc.

[0190] This specification also provides a computer storage medium based on the above-described method for obtaining a platform identity certificate. The computer storage medium stores computer program instructions that, when executed, implement the following: receiving encrypted data of a first information set; decrypting the encrypted data of the first information set to obtain the identification information of a target object and a first random key; wherein the target object is the holder of the platform identity certificate; generating encrypted data of a second information set; wherein the second information set includes at least encrypted identity content information and an encrypted identity public key; the identity content information includes at least the identification information of the target object and the identification information of the security chip; sending the encrypted data of the second information set to an agent; wherein the agent, based on the encrypted data of the second information set and after confirming that a preset first identity verification has passed, generates encrypted data of a third information set; and sends the encrypted data of the third information set to a third party to generate the platform identity certificate of the target object.

[0191] This specification also provides a computer storage medium based on the above-described method for obtaining platform identity certificates. The computer storage medium stores computer program instructions that, when executed, perform the following: generating encrypted data of a first information set and sending the encrypted data of the first information set to a security chip; wherein the first information set includes at least the identification information of the target object and a first random key; receiving encrypted data of a second information set; performing a preset first authentication on the security chip based on the encrypted data of the second information set; generating encrypted data of a third information set if the preset first authentication is successful; and sending the encrypted data of the third information set to a third party to generate a platform identity certificate for the target object.

[0192] This specification also provides a computer storage medium based on the above-described method for obtaining platform identity certificates. The computer storage medium stores computer program instructions that, when executed, implement the following: receiving encrypted data of a third information set; wherein the encrypted data of the third information set is generated by the agent after determining that a preset first identity verification has passed based on the encrypted data of a second information set; performing a preset second identity verification based on the encrypted data of the third information set; and generating a platform identity certificate for the target object after determining that the preset second identity verification has passed.

[0193] In this embodiment, the storage medium includes, but is not limited to, Random Access Memory (RAM), Read-Only Memory (ROM), cache, hard disk drive (HDD), or memory card. The memory can be used to store computer program instructions. The network communication unit can be an interface configured according to standards specified in the communication protocol for network connection communication.

[0194] In this embodiment, the specific functions and effects implemented by the program instructions stored in the computer storage medium can be explained in comparison with other implementation methods, and will not be repeated here.

[0195] See Figure 8 As shown, at the software level, this specification also provides a device for obtaining a platform identity certificate, which may specifically include the following structural modules:

[0196] The receiving module 801 can be specifically used to receive the encrypted data of the first information set;

[0197] The decryption module 802 is specifically used to decrypt the ciphertext data of the first information set to obtain the identification information of the target object and the first random key; wherein, the target object is the holder of the platform identity certificate;

[0198] The generation module 803 can be specifically used to generate ciphertext data of the second information set; wherein, the second information set includes at least encrypted identity content information and encrypted identity public key; the identity content information includes at least the identification information of the target object and the identification information of the security chip;

[0199] The sending module 804 is specifically used to send the encrypted data of the second information set to the agent; wherein, the agent generates the encrypted data of the third information set based on the encrypted data of the second information set, after determining that the preset first identity verification has passed; and sends the encrypted data of the third information set to a third party to generate the platform identity certificate of the target object.

[0200] This specification also provides another platform identity certificate acquisition device, which may specifically include the following structural modules: a first generation module, used to generate encrypted data of a first information set and send the encrypted data of the first information set to a security chip; wherein, the first information set includes at least the identification information of the target object and a first random key; a receiving module, used to receive encrypted data of a second information set and perform a preset first authentication on the security chip based on the encrypted data of the second information set; a second generation module, used to generate encrypted data of a third information set if the preset first authentication is successful; and a sending module, used to send the encrypted data of the third information set to a third party to generate a platform identity certificate for the target object.

[0201] This specification also provides another platform identity certificate acquisition device, which may specifically include the following structural modules: a receiving module for receiving encrypted data of a third information set; wherein the encrypted data of the third information set is generated by the agent when it determines that a preset first identity verification has passed based on the encrypted data of a second information set; a verification module for performing a preset second identity verification based on the encrypted data of the third information set; and a generation module for generating a platform identity certificate for the target object when it is determined that the preset second identity verification has passed.

[0202] It should be noted that the units, devices, or modules described in the above embodiments can be implemented by computer chips or physical entities, or by products with certain functions. For ease of description, the above devices are described by dividing them into various modules according to their functions. Of course, in implementing this specification, the functions of each module can be implemented in one or more software and / or hardware, or the module that implements the same function can be implemented by a combination of multiple sub-modules or sub-units, etc. The device embodiments described above are merely illustrative. For example, the division of units is only a logical functional division, and there may be other division methods in actual implementation. For example, multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection between the devices or units shown or discussed can be through some interfaces, and the indirect coupling or communication connection between devices or units can be electrical, mechanical, or other forms.

[0203] As can be seen from the above, the platform identity certificate acquisition device provided in the embodiments of this specification can effectively reduce the security risks such as man-in-the-middle attacks and platform replacement attacks during the acquisition of platform identity certificates by performing interactive verification of identification information involving security chips. It can efficiently and securely generate and transmit platform identity certificates for target objects, prevent platform identity certificates from being stolen or tampered with, and protect the data security of target objects.

[0204] While this specification provides the steps of operation for the methods described in the embodiments or flowcharts, more or fewer steps may be included based on conventional or non-inventive means. The order of steps listed in the embodiments is merely one possible order of execution among many steps and does not represent the only possible order. In actual device or client product execution, the methods shown in the embodiments or drawings may be executed sequentially or in parallel (e.g., in a parallel processor or multi-threaded processing environment, or even a distributed data processing environment). The terms "comprising," "including," or any other variations thereof are intended to cover a non-exclusive inclusion, such that a process, method, product, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, product, or apparatus. Without further limitations, the presence of other identical or equivalent elements in a process, method, product, or apparatus that includes said elements is not excluded. The terms "first," "second," etc., are used to denote names and do not indicate any particular order.

[0205] Those skilled in the art will also know that, besides implementing the controller using purely computer-readable program code, the same functions can be achieved by logically programming the method steps, making the controller function as logic gates, switches, application-specific integrated circuits (ASICs), programmable logic controllers (PLCs), and embedded microcontrollers. Therefore, such a controller can be considered a hardware component, and the devices within it used to implement various functions can also be considered structures within that hardware component. Alternatively, the devices used to implement various functions can be considered as both software modules implementing the method and structures within a hardware component.

[0206] This specification can be described in the general context of computer-executable instructions that are executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, classes, etc., that perform a specific task or implement a specific abstract data type. This specification can also be practiced in distributed computing environments, where tasks are performed by remote processing devices connected via a communication network. In distributed computing environments, program modules can reside in local and remote computer storage media, including storage devices.

[0207] As can be seen from the above description of the embodiments, those skilled in the art can clearly understand that this specification can be implemented by means of software plus necessary general-purpose hardware platforms. Based on this understanding, the technical solutions of this specification can essentially be embodied in the form of a software product. This computer software product can be stored in a storage medium, such as ROM / RAM, magnetic disk, optical disk, etc., and includes several instructions to cause a computer device (which may be a personal computer, mobile terminal, server, or network device, etc.) to execute the methods described in the various embodiments or some parts of the embodiments of this specification.

[0208] The various embodiments in this specification are described in a progressive manner. Similar or identical parts between embodiments can be referred to interchangeably. Each embodiment focuses on its differences from other embodiments. This specification can be used in numerous general-purpose or special-purpose computer system environments or configurations. Examples include: personal computers, server computers, handheld or portable devices, tablet devices, multiprocessor systems, microprocessor-based systems, set-top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, and distributed computing environments including any of the above systems or devices, etc.

[0209] Although this specification has been described by way of examples, those skilled in the art will recognize that many variations and modifications are possible without departing from the spirit of this specification, and it is intended that the appended claims cover such variations and modifications without departing from the spirit of this specification.

Claims

1. A method for obtaining a platform identity certificate, applied to a security chip, comprising: Receive the encrypted data of the first information set; Decrypt the ciphertext data of the first information set to obtain the identification information of the target object and the first random key; wherein, the target object is the holder of the platform identity certificate; Generate encrypted data of a second information set; wherein the second information set includes at least encrypted identity content information and encrypted public key of the target object; the identity content information includes at least the identification information of the target object and the identification information of the security chip; The encrypted data of the second information set is sent to the proxy terminal; wherein, the proxy terminal generates encrypted data of the third information set based on the encrypted data of the second information set, provided that the preset first identity verification is successful; the proxy terminal sends the encrypted data of the third information set to a third party to generate the platform identity certificate of the target object; the proxy terminal includes a relay module responsible for data interaction between the security chip and the third party, and data interaction between the external client and the system; the third information set includes at least: the endorsement certificate of the security chip, the identification information of the target object, the public key of the target object, and the encrypted identity content information; The method further includes: receiving encrypted data of a fourth information set and an encrypted message authentication code for the fourth information set; decrypting the encrypted data of the fourth information set to obtain the platform identity certificate and second random key of the target object; obtaining the target object's identity public key stored locally; and performing data integrity verification based on the target object's identity public key stored locally, the platform identity certificate, and the encrypted message authentication code to determine whether the platform identity certificate meets preset requirements.

2. The method according to claim 1, generating ciphertext data of the second information set, comprising: Based on the identification information of the target object, generate the target object's public key and private key; Using the aforementioned public key, private key, and first random key, ciphertext data of the second information set is generated.

3. The method according to claim 2, wherein generating ciphertext data of the second information set using the public key, private key, and first random key comprises: By combining the public key, the identification information of the target object, and the identification information of the security chip, identity content information is obtained; The identity content information is then encrypted using the identity private key to obtain the encrypted identity content information; The identity public key is encrypted using the endorsement private key to obtain the encrypted identity public key; The second information set is obtained by combining the encrypted public key, the encrypted identity content information, and the endorsement certificate of the security chip. The second information set is then encrypted using the first random key to obtain the ciphertext data of the second information set.

4. The method according to claim 1, wherein data integrity verification is performed based on the locally stored public key of the target object, the platform identity certificate, and the encrypted message authentication code to determine whether the platform identity certificate meets preset requirements, including: Based on the target object's public key stored locally and the platform's identity certificate, perform an HMAC operation to obtain the corresponding HMAC value as the verification value. The encrypted message authentication code is decrypted using the second random key to obtain the message authentication code; Compare the test value with the message authentication code; If the difference between the test value and the message authentication code is less than a preset difference threshold, the platform identity certificate is determined to meet the preset requirements.

5. The method according to claim 4, wherein, if it is determined that the platform identity certificate meets preset requirements, the method further includes: Store the platform identity certificate locally and establish a correspondence between the platform identity certificate and the identification information of the target object.

6. The method according to claim 5, further comprising: Receive a request to obtain the platform identity certificate of the target object; wherein the request carries at least an authorization handle and an authorization key of the target object's public identity key; In response to the platform's request to obtain the identity certificate, verify the authorization handle and authorization key of the target object's public identity key; If the verification is successful, a local query is performed based on the authorized handle of the target object's public key to obtain the target object's platform identity certificate; and the target object's platform identity certificate is sent to the agent.

7. A method for obtaining a platform identity certificate, applied to a proxy terminal, wherein the proxy terminal includes a relay module responsible for data interaction between the security chip and a third party, and data interaction between an external client and the system, comprising: Generate encrypted data of a first information set and send the encrypted data of the first information set to the security chip; wherein, the first information set includes at least the identification information of the target object and a first random key; The system receives encrypted data of a second information set sent by a security chip; and performs a preset first authentication on the security chip based on the encrypted data of the second information set; the second information set includes at least: encrypted identity content information and encrypted public key of the target object; the identity content information includes at least the identification information of the target object and the identification information of the security chip; If the preset first identity verification is successful, ciphertext data of the third information set is generated; the third information set includes at least: the endorsement certificate of the security chip, the identification information of the target object, the public key of the target object, and the encrypted identity content information; The encrypted data of the third information set is sent to a third party to generate a platform identity certificate for the target object; wherein, the security chip receives the encrypted data of the fourth information set generated by the third party, as well as the encrypted message authentication code for the fourth information set; decrypts the encrypted data of the fourth information set to obtain the platform identity certificate and the second random key of the target object; obtains the target object's identity public key stored locally; and performs data integrity verification based on the target object's identity public key stored locally, the platform identity certificate, and the encrypted message authentication code to determine whether the platform identity certificate meets the preset requirements.

8. The method according to claim 7, wherein a preset first authentication is performed based on the encrypted data of the second information set, comprising: Decrypt the ciphertext data of the second information set to obtain the endorsement certificate of the security chip, the encrypted identity content information, and the encrypted public key of the target object; Using the locally stored endorsement public key, a preset first verification is performed to determine whether the endorsement certificate of the security chip meets the requirements; If the endorsement certificate of the security chip meets the requirements, a preset second verification is performed based on the encrypted identity public key and the encrypted identity content information.

9. The method according to claim 8, wherein a preset second verification is performed based on the encrypted public key and the encrypted identity content information, comprising: The encrypted identity public key is processed using the endorsement public key to determine whether decryption was successful. If decryption is successful, the identity public key is obtained; The encrypted identity information is then decrypted using the public key to obtain the identification information of the security chip. The identification information of the obtained security chip is verified based on the endorsement certificate of the security chip stored locally.

10. The method according to claim 7, generating ciphertext data of the third information set, comprising: The third information set is obtained by combining the endorsement certificate of the security chip, the identification information of the target object, the public key of the target object, and the encrypted identity content information. The third information set is encrypted using a third party's public key to obtain the ciphertext data of the third information set.

11. The method according to claim 10, wherein the third information set further comprises: Information about the computing platform on which the security chip resides, and / or, the identification information of third parties.

12. A method for obtaining a platform identity certificate, applied to a third party, including: The system receives encrypted data from a third information set. This encrypted data is generated by the proxy terminal after determining that the security chip's preset first authentication has passed based on the encrypted data from the second information set. The proxy terminal includes a relay module responsible for data interaction between the security chip and a third party, as well as data interaction between the external client and the system. The second information set includes at least: encrypted identity content information and encrypted public key of the target object. The third information set includes at least: the security chip's endorsement certificate, the target object's identification information, the target object's public key, and encrypted identity content information. The identity content information includes at least the target object's identification information and the security chip's identification information. Based on the encrypted data of the third information set, a pre-defined second identity verification is performed; If the preset second authentication is successful, a platform identity certificate for the target object is generated; Based on the target object's platform identity certificate, a fourth information set of encrypted data and an encrypted message authentication code for the fourth information set are generated. The encrypted data of the fourth information set and the encrypted message authentication code are sent to the proxy end for forwarding to the security chip. The security chip decrypts the encrypted data of the fourth information set to obtain the target object's platform identity certificate and a second random key. It also obtains the target object's locally stored public key. Based on the locally stored public key, the platform identity certificate, and the encrypted message authentication code, data integrity verification is performed to determine whether the platform identity certificate meets preset requirements.

13. The method according to claim 12, wherein a preset second authentication is performed based on the encrypted data of the third information set, comprising: By using a third-party private key to decrypt the ciphertext data of a third information set, the endorsement certificate of the security chip, the identification information of the target object, the public key of the target object, and the encrypted identity content information can be obtained. Use the certificate holder's public key to verify the endorsement certificate of the obtained security chip; And if the endorsement certificate of the security chip is verified, the encrypted identity content information is decrypted using the identity public key to obtain the identification information of the security chip and the identification information of the target object in the identity content information; Verify the accuracy of the security chip identification information and the target object identification information in the identity content information.

14. The method according to claim 13, wherein the third information set further comprises: Information related to the computing platform; Correspondingly, the pre-defined second authentication based on the encrypted data of the third information set also includes: Verify the association information of the computing platform based on the platform information stored locally.

15. The method according to claim 12, wherein generating encrypted data of a fourth information set based on the platform identity certificate of the target object includes: Generate a second random key; The second random key and the target object's platform identity certificate are combined to obtain the fourth information set; The fourth information set is then encrypted using the endorsement public key to obtain the ciphertext data of the fourth information set.

16. The method according to claim 15, generating an encrypted message authentication code for a fourth information set, comprising: Based on the target object's public key and the platform's identity certificate, perform HMAC operations to obtain the corresponding message authentication code; The message authentication code is encrypted using the second random key to obtain the encrypted message authentication code for the fourth information set.

17. A device for obtaining a platform identity certificate, applied to a security chip, comprising: The receiving module is used to receive the encrypted data of the first information set; The decryption module is used to decrypt the ciphertext data of the first information set and obtain the identification information of the target object and the first random key; wherein, the target object is the holder of the platform identity certificate; A generation module is used to generate ciphertext data of a second information set; wherein the second information set includes at least encrypted identity content information and encrypted public key of the target object; the identity content information includes at least the identification information of the target object and the identification information of the security chip; A sending module is used to send the encrypted data of the second information set to the agent terminal; wherein, the agent terminal generates the encrypted data of the third information set based on the encrypted data of the second information set, provided that the preset first authentication is successful; and sends the encrypted data of the third information set to a third party to generate the platform identity certificate of the target object; the agent terminal includes a relay module responsible for data interaction between the security chip and the third party, and data interaction between the external client and the system; the third information set includes at least: the endorsement certificate of the security chip, the identification information of the target object, the public key of the target object, and the encrypted identity content information; The device is also used to receive encrypted data of a fourth information set and an encrypted message authentication code for the fourth information set; decrypt the encrypted data of the fourth information set to obtain the platform identity certificate and second random key of the target object; obtain the public key of the target object stored locally; and perform data integrity verification based on the public key of the target object stored locally, the platform identity certificate, and the encrypted message authentication code to determine whether the platform identity certificate meets preset requirements.

18. A platform identity certificate acquisition device, applied to a proxy terminal, the proxy terminal including a relay module responsible for data interaction between a security chip and a third party, and data interaction between an external client and the system, comprising: A first generation module is used to generate ciphertext data of a first information set and send the ciphertext data of the first information set to a security chip; wherein, the first information set includes at least the identification information of the target object and a first random key; A receiving module is used to receive encrypted data of a second information set sent by a security chip; and to perform a preset first authentication on the security chip based on the encrypted data of the second information set; the second information set includes at least: encrypted identity content information and encrypted public key of the target object; the identity content information includes at least the identification information of the target object and the identification information of the security chip; The second generation module is used to generate encrypted data of the third information set when the preset first authentication is successful; the third information set includes at least: the endorsement certificate of the security chip, the identification information of the target object, the public key of the target object, and the encrypted identity content information. The sending module is used to send the encrypted data of the third information set to a third party to generate a platform identity certificate for the target object; wherein, the security chip receives the encrypted data of the fourth information set generated by the third party, and the encrypted message authentication code about the fourth information set; decrypts the encrypted data of the fourth information set to obtain the platform identity certificate and the second random key of the target object; obtains the target object's identity public key stored locally; and performs data integrity verification based on the target object's identity public key stored locally, the platform identity certificate, and the encrypted message authentication code to determine whether the platform identity certificate meets preset requirements.

19. A device for obtaining a platform identity certificate, applied to a third party, comprising: A receiving module is used to receive encrypted data of a third information set; wherein, the encrypted data of the third information set is generated by the proxy terminal after determining that the preset first authentication of the security chip has passed based on the encrypted data of the second information set; the proxy terminal includes a relay module responsible for data interaction between the security chip and a third party, and data interaction between the external client and the system; the second information set includes at least: encrypted identity content information and encrypted public key of the target object; the third information set includes at least: the endorsement certificate of the security chip, the identification information of the target object, the public key of the target object, and encrypted identity content information; the identity content information includes at least the identification information of the target object and the identification information of the security chip; The verification module is used to perform a preset second identity verification based on the encrypted data of the third information set; The generation module is used to generate a platform identity certificate for the target object if the preset second authentication is successful. The device is further configured to generate encrypted data of a fourth information set and an encrypted message authentication code for the fourth information set based on the platform identity certificate of the target object; send the encrypted data of the fourth information set and the encrypted message authentication code for the fourth information set to the proxy end for forwarding to the security chip through the proxy end; wherein, the security chip decrypts the encrypted data of the fourth information set to obtain the platform identity certificate and the second random key of the target object; obtains the locally stored public key of the target object; and performs data integrity verification based on the locally stored public key of the target object, the platform identity certificate, and the encrypted message authentication code to determine whether the platform identity certificate meets the preset requirements.

20. A server comprising a processor and a memory for storing processor-executable instructions, wherein the processor, when executing the instructions, implements the steps of the method of any one of claims 1 to 16.

21. A computer-readable storage medium having stored thereon computer instructions that, when executed, perform the steps of the method according to any one of claims 1 to 16.