Trusted attestation method, apparatus, and electronic device
By implementing identity binding, platform authentication, and measurement report verification, the problem of secure and reliable access for IoT devices in complex environments is solved, reliable proof of remote computing platforms is achieved, interfaces are simplified, and anti-interference capabilities are enhanced.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- BEIJING UNIV OF TECH
- Filing Date
- 2022-12-16
- Publication Date
- 2026-06-23
Smart Images

Figure CN116108447B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of Internet of Things (IoT) technology, and more particularly to a trusted verification method, apparatus, and electronic device. Background Technology
[0002] With the rapid development of Internet of Things (IoT) technology, human society has gradually entered an era of interconnectedness. The IoT connects any object to the internet through information sensing devices and according to agreed-upon protocols, enabling information exchange and communication to achieve intelligent identification, location, tracking, monitoring, and management.
[0003] With the accelerating digital transformation of society, diverse devices and heterogeneous application systems place IoT devices in complex multi-domain environments. Data flow between nodes has become the norm for data resource sharing, which breaks the security boundaries of each resource node. IoT cross-node resource access has become a major target for attacks. Therefore, it is urgent to prove the security and trustworthiness of remote computing platforms on the basis of achieving trusted access for IoT devices. Summary of the Invention
[0004] This invention provides a trusted proof method, apparatus, and electronic device to prove the security and trustworthiness of a remote computing platform based on the trusted access of Internet of Things (IoT) devices.
[0005] This invention provides a trusted proof method applied to a trusted computing platform, the method comprising:
[0006] In response to the user's login command, an endorsement key is sent to the trusted management platform;
[0007] Receive user instance login success information sent by the trusted management platform; the user instance login success information is generated by the trusted management platform based on the endorsement key;
[0008] Perform a key check based on the successful login information of the user instance;
[0009] The platform identity key is issued and verified based on the interaction information with the trusted management platform, and the platform identity key certificate is stored.
[0010] Receives a trust proof request and measurement strategy sent by the trust management platform; the trust proof request is sent by the remote computing platform.
[0011] Verify the trusted proof request and analyze the measurement strategy, and obtain the platform identity key and the platform identity key certificate;
[0012] Based on the measurement strategy, trusted information about application processes and data resources is generated; based on the trusted information and the platform identity key, a platform configuration register digest report is generated; and based on the platform identity key certificate and the trusted information, a trusted report is generated.
[0013] The platform configuration register summary report and the trusted report are sent to the trusted management platform for report verification.
[0014] This invention also provides a trusted proof method, applied to a trusted management platform, the method comprising:
[0015] Receive the endorsement key sent by the trusted computing platform;
[0016] The endorsement key is confirmed to be valid. A user instance corresponding to the endorsement key is generated, and the user instance and the endorsement key are stored together.
[0017] Once the joint storage is confirmed to be complete, a user instance login success message is generated and sent to the trusted computing platform.
[0018] Based on the interaction information with the trusted computing platform, the platform identity key is issued and verified, and the platform identity key certificate is sent to the trusted computing platform.
[0019] Receive a trusted proof request sent by a remote computing platform, generate a measurement strategy based on the trusted proof request, and send the trusted proof request and the measurement strategy to the trusted management platform;
[0020] The system receives a platform configuration register summary report and a trust report from the trusted computing platform; the platform configuration register summary report and the trust report are generated by the trusted computing platform based on the trust proof request.
[0021] Based on the platform identity key certificate, the platform configuration register digest report is processed.
[0022] Perform signature verification to generate a first evaluation value; perform signature verification on the trustworthy report based on the platform identity key certificate to generate a second evaluation value;
[0023] A trusted proof report is generated based on the first evaluation value and the second evaluation value, and the trusted proof report is sent to a remote computing platform; the trusted proof report indicates that the trusted proof request has a trusted attribute.
[0024] The present invention also provides a trusted verification device, comprising: a first sending module, which, in response to a user's login command, sends a message to the trusted management platform.
[0025] Send endorsement key;
[0026] The login success information receiving module is used to receive user instance login success information sent by the trusted management platform; the user instance login success information is sent by the trusted management platform.
[0027] Generated based on the endorsement key;
[0028] 5. Key checking module, used to perform key checking based on the successful login information of the user instance;
[0029] The platform identity key certificate acquisition module is used to issue and verify the platform identity key based on the interaction information with the trusted management platform, and to store the platform identity key certificate.
[0030] The trusted proof request receiving module is used to receive a trusted proof 0 request and measurement strategy sent by the trusted management platform; the trusted proof request is sent by the remote computing platform.
[0031] The platform identity key certificate determination module is used to verify the trusted proof request and analyze the measurement strategy, and to obtain the platform identity key and the platform identity key certificate.
[0032] The report generation module is used to generate application processes and data resources based on the aforementioned measurement strategy.
[0033] Based on the trusted information and the platform identity key, a platform configuration register digest report is generated, and based on the platform identity key certificate and the trusted information, a platform configuration register digest report is generated.
[0034] Credible reports;
[0035] The report sending module is used to send the platform configuration register summary report and the trusted report to the trusted management platform for report verification.
[0036] The present invention also provides a reliable proof device, comprising:
[0037] The first receiving module is used to receive the endorsement key sent by the trusted computing platform;
[0038] The joint storage module is used to verify the validity of the endorsement key, generate a user instance corresponding to the endorsement key, and jointly store the user instance and the endorsement key.
[0039] The login success information sending module is used to generate user instance login success information and send the user instance login success information to the trusted computing platform after determining that the joint storage is completed;
[0040] The platform identity key certificate sending module is used to issue and verify the platform identity key based on the interaction information with the trusted computing platform, and send the platform identity key certificate to the trusted computing platform.
[0041] The trusted proof request sending module is used to receive trusted proof requests sent by the remote computing platform, generate a measurement strategy based on the trusted proof request, and send the trusted proof request and the measurement strategy to the trusted management platform.
[0042] The report receiving module is used to receive the platform configuration register summary report and the trust report sent by the trusted computing platform; the platform configuration register summary report and the trust report are generated by the trusted computing platform based on the trust proof request;
[0043] The evaluation value generation module is used to perform signature verification on the platform configuration register digest report based on the platform identity key certificate to generate a first evaluation value, and to perform signature verification on the trusted report based on the platform identity key certificate to generate a second evaluation value;
[0044] A trusted proof report sending module is used to generate a trusted proof report based on the first evaluation value and the second evaluation value, and send the trusted proof report to a remote computing platform; the trusted proof report indicates that the trusted proof request has a trusted attribute.
[0045] The present invention also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor, when executing the program, implements the trusted proof method as described above.
[0046] The present invention also provides a non-transitory computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the trusted proof method as described above.
[0047] The present invention also provides a computer program product, including a computer program that, when executed by a processor, implements the trusted proof method as described above.
[0048] The trusted proof method, apparatus, and electronic device provided by this invention achieve user identity binding by receiving successful user instance login information sent by a trusted management platform; issue and verify platform identity keys through interaction with the trusted management platform, store platform identity key certificates, and achieve platform authentication of the trusted computing platform. Based on the trusted proof request sent by the remote computing platform, a platform configuration register digest report and the trusted report are generated for verification by the trusted management platform, realizing the generation of a measurement report and verification of the measurement report for the trusted proof request sent by the remote computing platform. Thus, based on a series of processes including platform authentication, identity binding, measurement report generation, and measurement report verification, this embodiment of the invention achieves the proof of the security and trustworthiness of the remote computing platform after completing the trusted access of IoT devices. Attached Figure Description
[0049] To more clearly illustrate the technical solutions in this invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of this invention. For those skilled in the art, other drawings can be obtained from these drawings without creative effort.
[0050] Figure 1 This is one of the flowcharts illustrating the credible proof method provided by the present invention;
[0051] Figure 2 This is the second flowchart illustrating the credible proof method provided by the present invention;
[0052] Figure 3 This is the third flowchart illustrating the credible proof method provided by this invention;
[0053] Figure 4 This is the fourth flowchart illustrating the credible proof method provided by the present invention;
[0054] Figure 5 This is one of the structural schematic diagrams of the credible proof device provided by the present invention;
[0055] Figure 6 This is the second schematic diagram of the credible proof device provided by the present invention;
[0056] Figure 7 This is a schematic diagram of the structure of the electronic device provided by the present invention. Detailed Implementation
[0057] To make the objectives, technical solutions, and advantages of this invention clearer, the technical solutions of this invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of this invention. All other embodiments obtained by those skilled in the art based on the embodiments of this invention without creative effort are within the scope of protection of this invention.
[0058] The following is combined Figures 1-4 The method for credible proof of this invention is described. Please refer to... Figure 1 The trusted proof method of this invention, applied to a trusted computing platform, includes:
[0059] Step 100: In response to the user's login command, send the endorsement key to the trusted management platform.
[0060] In response to a user's login command, the trusted computing platform sends an endorsement key to the trusted management platform. It should be noted that the trusted computing platform in this embodiment of the invention is logically divided into a computing component and a security protection component. The computing component includes a user module, application processes, data resources, etc., while the security protection component includes a trusted cryptographic service module, etc. The user login module includes a series of user operations; the trusted cryptographic service module represents the cryptographic support mechanism, where each main function is an execution module for cryptographic functions, and the trusted cryptographic service module is a module that needs to prove its own trustworthiness.
[0061] Please refer to Figure 2 In this embodiment of the invention, the user login operation is accompanied by the generation of a platform identity key and a local key set. In the trusted computing platform, user login adopts a challenge-response mechanism, in which the user module in the computing component listens for user behavior. User login is accompanied by the initialization of the trusted computing platform. The trusted computing platform triggers a trusted cryptographic service event and sends an endorsement key to the trusted management platform, thereby confirming the binding relationship between the endorsement key and the trusted computing platform.
[0062] Step 200: Receive the user instance login success message sent by the trusted management platform.
[0063] The trusted computing platform receives a successful user instance login message from the trusted management platform. It should be noted that the trusted management platform, after verifying the validity of the endorsement key, generates a corresponding user instance, stores the endorsement key and user instance information together, completes device binding, and generates the successful user instance login message. The trusted computing platform's receipt of the successful user instance login message signifies the completion of the user's identity binding.
[0064] Step 300: Perform a key check based on the successful login information of the user instance.
[0065] Please refer to Figure 2 The trusted computing platform performs key checks based on successful user instance login information. Specifically, the user module listens for successful user instance login information and generates startup information for the trusted password service. This startup information is sent to the trusted password service module via the key management module. The key set checking module in the trusted password service module checks whether the key set already exists. If it does not exist, it initiates the key set generation operation.
[0066] Step 400: Based on the interaction information with the trusted management platform, issue and verify the platform identity key, and store the platform identity key certificate.
[0067] Please refer to Figure 2 The trusted computing platform issues and verifies its platform identity key based on interaction information with the trusted management platform, and stores the platform identity key certificate. Specifically, the trusted computing platform sends a platform identity key request to the trusted management platform. The trusted management platform verifies the platform identity key request, issues and verifies the platform identity key, and sends the platform identity key certificate to the trusted computing platform, which then stores the certificate. This achieves platform authentication of the trusted computing platform.
[0068] Step 500: Receive the trusted proof request and measurement strategy sent by the trusted management platform.
[0069] Please refer to Figure 3 The trusted computing platform receives a trusted proof request and a measurement policy from the trusted management platform. The trusted proof request is sent by a remote computing platform. It should be noted that the remote computing platform can be a user instance or a platform that needs to request the trusted computing platform to prove its trustworthiness. The remote computing platform first sends the trusted proof request to the trusted management platform. After receiving the request from the remote computing platform, the trusted management platform sends the trusted proof request to the trusted computing platform through the trusted proof management module, along with the measurement policy.
[0070] Step 600: Verify the trusted proof request and analyze the measurement strategy, and obtain the platform identity key and platform identity key certificate.
[0071] Please refer to Figure 3 After receiving the trusted proof message request and measurement policy from the trusted management platform, the trusted computing platform receives it through the local trusted proof management module within the security protection component. The local trusted proof management module verifies the trusted proof request, analyzes the measurement policy, and initiates local trusted measurement based on the policy. It also requests the trusted computing platform's certificate storage module to return the platform key certificate.
[0072] Step 700: Generate trusted information for application processes and data resources based on the measurement strategy; generate a platform configuration register digest report based on the trusted information and platform identity key; and generate a trusted report based on the platform identity key certificate and trusted information.
[0073] Please refer to Figure 3 Specifically, the trusted computing platform initiates local trusted measurements based on a measurement policy, measuring the application processes and data resources contained in the computing components, collecting trusted information composed of their behavior types, occurrence times, and user behaviors. Based on the trusted information and the platform identity key, it generates a platform configuration register digest report, and based on the platform identity key certificate and trusted information, it generates a trusted report. It also enables the generation of measurement reports based on the platform identity key certificate for trusted proof requests sent to remote computing platforms, and verifies these measurement reports.
[0074] Step 800: Send the platform configuration register summary report and the trust report to the trust management platform for report verification.
[0075] Please refer to Figure 3 The trusted computing platform sends the platform configuration register summary report and the trusted report to the trusted management platform for report verification. Specifically, the file security processing module returns the processed platform configuration register summary report and trusted report to the trusted computing platform report management module. After receiving the platform configuration register summary report and trusted report, the trusted computing platform report management module forwards them to the corresponding report verification modules for verification. This enables the generation of a measurement report and the verification of the measurement report in response to the trusted proof request sent by the remote computing platform.
[0076] It should be noted that the file security processing module, by encapsulating the basic functions of the trusted cryptography module, implements the basic components required for trusting system entities. These components complete the entire process from authentication to generating measurement reports and forming audit information.
[0077] This invention, through receiving successful login information from a trusted management platform, achieves user identity binding. It also facilitates the issuance and verification of platform identity keys through interaction with the trusted management platform, storing the platform identity key certificate to authenticate the trusted computing platform. Furthermore, it generates a platform configuration register digest report and a trusted report based on a trusted proof request sent by the remote computing platform, which are then verified by the trusted management platform. This process generates a measurement report and verifies the measurement report. Thus, based on a series of processes including platform authentication, identity binding, measurement report generation, and measurement report verification, this invention, while ensuring trusted access for IoT devices, also proves the security and trustworthiness of the remote computing platform.
[0078] In addition, the embodiments of the present invention have a simple interface for users, which greatly simplifies the interface for trusted proof. It features trusted proof of remote users and services (services include users or platforms), supports automatic binding of users and nodes to establish associations, supports decentralized enhanced anti-interference and anti-tampering capabilities, and supports dynamic concurrency of multiple users. It is implemented automatically and is easy to expand.
[0079] In other aspects of this invention embodiment, step 300, performing a key check based on the user instance login success information, includes:
[0080] Step 310: Generate startup information for the trusted password service based on the successful login information of the user instance.
[0081] Step 320: Generate the platform identity key application message format based on the startup information.
[0082] Please refer to Figure 2 Specifically, the user module listens to the returned information and generates startup information for the trusted cryptography service. This startup information, along with user information, is sent to the key management module to determine the activated key operation. The key management module receives the startup information, generates the message format required to initiate the local key generation operation, and sends this information to the trusted cryptography service module in the security protection component to initiate the local key generation operation. The key set checking module, based on the input startup information, determines the activated platform identity key certificate application operation. This platform identity key certificate application operation confirms the user's binding relationship with the platform. The platform identity key application message format is sent to the platform identity key application end module. Based on the successful login information of the user instance, the trusted computing platform generates the platform identity key application message format, which the platform identity key application end module uses to generate the platform identity key certificate application.
[0083] In other aspects of this invention, step 400, issuing and verifying the platform identity key based on interaction information with the trusted management platform, and storing the platform identity key certificate, includes:
[0084] Step 410: Obtain the platform identity key application message format;
[0085] Step 420: Generate a platform identity key application based on the platform identity key application message format and user information;
[0086] Step 430: Send the platform identity key certificate application to the trusted management platform;
[0087] Step 440: Receive and store the platform identity key certificate sent by the trusted management platform. The platform identity key certificate is obtained by the trusted management platform through the issuance and verification of the platform identity key based on the application for the platform identity key certificate.
[0088] The platform identity key application module generates a platform identity key certificate application based on user information and the platform identity key application message format. That is, it fills in user information based on the platform identity key application message format, generates a platform identity key certificate application, and sends the platform identity key certificate application to the trusted management platform.
[0089] Please refer to Figure 3 The trusted computing platform's platform identity key application end activates the platform identity key based on the platform identity key certificate issuance package returned by the trusted management platform, and sends the structure of the decrypted platform identity key certificate to the certificate verification module. The certificate verification module verifies the platform identity key certificate and, upon successful verification, sends it to the certificate storage module. After the platform identity key certificate is stored by the certificate storage module, a missing key generation record is generated and transferred to the local key set verification and generation module. The local key set verification and generation module, based on the current state of its local key set, generates a key generation request when a key needs to be generated and interacts with other modules to fill in the missing cryptographic entries in the local key set. By possessing the bound platform identity key certificate, the trusted computing platform can seamlessly perform authentication and authorization on any node in a distributed scenario, thereby ensuring that it completes its tasks in a trusted execution environment.
[0090] The local key set verification and generation module mainly adopts the national cryptographic algorithm. This component uses the random number generator, asymmetric key algorithm engine (SM2), symmetric key algorithm engine (SM4), and hash algorithm engine (SM3) in TCM (Trusted Cryptography Module) to generate asymmetric key pairs (endorsement keys, platform identity keys, etc.), symmetric key pairs (storage root key SMK, etc.) and various hash objects required for trusted cryptographic services.
[0091] In other aspects of this invention, step 700 involves generating a platform configuration register digest report based on trusted information and the platform identity key, and generating a trusted report based on the platform identity key certificate and trusted information. This includes: comparing the trusted information with a local trusted benchmark library and the platform configuration register, and performing a signature operation based on the comparison result using the platform identity key to obtain the platform configuration register digest report. Finally, the trusted information is signed using the platform identity key certificate to obtain the trusted report.
[0092] It should be noted that the Trusted Benchmark Library is a policy library that provides trusted benchmark values for some security mechanisms and policies in the trusted computing platform. It provides a reliable basis for measuring local and remote nodes on the trusted computing platform, thereby ensuring the trusted operation of the entire mechanism. The Platform Configuration Register (PCR) is a hardware module on the trusted storage root that stores data. Its main purpose is to provide a method for cryptographically recording (measuring) software state. Its primary use case is to represent the platform software state, recording the historical state of critical software and configurations running on the platform to date.
[0093] Please refer to Figure 3 Specifically, after receiving a trusted proof request, the computing component measurement module initiates local trusted measurement according to the measurement policy. It measures the application processes and data resources contained within the computing component, collecting trusted information composed of behavior types, occurrence times, and user behaviors. The computing component measurement module sends the collected trusted information to the measurement verification module, which then generates local trusted measurement information. Upon receiving a request from the trusted proof management module, the certificate storage module obtains the local platform identity key and sends the platform identity key certificate to the signature module. The measurement verification module compares the measurement records and trusted information key values with the local trusted benchmark library, and simultaneously calculates the digest value of the trusted information key information. This digest is then compared with the local register (platform configuration register). If the comparison result is successfully verified, it is extended to the platform configuration register by the platform configuration register digest generation and extension module, generating a platform configuration register digest report. Simultaneously, the platform configuration register digest report is signed by the platform identity key certificate provided by the signature module. Trusted report generation module...
[0094] The block uses platform identity key signing to sign local metric trusted information and generates a trusted report. Partial metric policies are sent to the trusted management platform to monitor application processes and data resources of computing components.
[0095] Line detection can effectively achieve remote verification.
[0096] Please refer to Figure 4 This invention also provides a trusted proof method applied to a trusted management platform, the method comprising:
[0097] Step 900: Receive the endorsement key sent by the trusted computing platform.
[0098] Step 1000: Confirm the endorsement key is valid and generate the user instance corresponding to the endorsement key.
[0099] The user instance and endorsement key are stored together.
[0100] Step 1100: Once the joint storage is completed, generate a successful login message for the user instance and send the successful login message to the trusted computing platform.
[0101] Please refer to Figure 2 Specifically, the trusted management platform receives the endorsement key sent by the trusted computing platform. After the trusted cryptography service module of the trusted management platform verifies the validity of the endorsement key,
[0102] Generate a corresponding user instance. Store the endorsement key and user instance together in the trusted management platform database. After confirming successful storage, the trusted management platform sends a successful login message to the trusted computing platform. The trusted computing platform then confirms the user's identity binding based on this login message.
[0103] Step 1200: Implement the platform identity key based on the interaction information with the trusted computing platform.
[0104] The platform issues and verifies the identity key certificate and sends it to the trusted computing platform.
[0105] Please refer to Figure 2 The trusted management platform issues and verifies the platform identity key based on the interaction information with the trusted computing platform, and sends the platform identity key certificate to the trusted computing platform.
[0106] Specifically, the Trusted Management Platform receives a platform identity key application from the Trusted Computing Platform. Based on this application, the Trusted Management Platform verifies the application, issuing and verifying the platform identity key. The Trusted Management Platform then sends the platform identity key certificate to the Trusted Computing Platform, which stores it. This process enables platform authentication of the Trusted Computing Platform.
[0107] Step 1300: Receive the trusted proof request sent by the remote computing platform, generate a measurement policy based on the trusted proof request, and send the trusted proof request and measurement policy to the trusted management platform.
[0108] Please refer to Figure 3The Trusted Management Platform receives a trust verification request from a remote computing platform, generates a measurement policy based on the request, and sends the trust verification request and measurement policy to the Trusted Management Platform. It should be noted that the remote computing platform can be a user instance or a platform requesting the Trusted Computing Platform to verify its trustworthiness. The remote computing platform first sends a trust verification request to the Trusted Management Platform. After receiving the request, the Trusted Management Platform sends a trust verification request and a measurement policy to the Trusted Computing Platform through its Trusted Verification Management module. The measurement policy may request the local user instance to collect trust information such as the behavior type, occurrence time, and user composition of the application process (subject) and data resources (object). It then calculates a digest value through the platform configuration register to generate a measurement policy report and returns an integrity and trust report.
[0109] Step 1400: Receive the platform configuration register summary report and trust report sent by the trusted computing platform.
[0110] The Trusted Management Platform receives the Platform Configuration Register Summary Report and Trust Report from the Trusted Computing Platform. These reports are generated by the Trusted Computing Platform based on the Trust Proof Request. The Trusted Computing Platform generates a Measurement Report and verifies it based on the Platform Identity Key Certificate for the Trust Proof Request sent by the remote computing platform. The Trusted Management Platform receives the Platform Configuration Register Summary Report and Trust Report for verification purposes.
[0111] Step 1500: Verify the signature of the platform configuration register digest report based on the platform identity key certificate to generate a first evaluation value; verify the signature of the trusted report based on the platform identity key certificate to generate a second evaluation value.
[0112] Please refer to Figure 3 Specifically, the Platform Configuration Register Summary Report Verification Module obtains the platform identity key of the Trusted Management Platform and verifies the signed Platform Configuration Register Summary Report. The Module verifies whether the trusted computing platform corresponding to the Platform Configuration Register Summary Report is an authorized computing platform of the Trusted Management Platform and generates a first evaluation value. Similarly, the Trusted Report Verification Module obtains the platform identity key of the Trusted Management Platform, verifies the trusted report using the corresponding measurement strategy, and generates a second evaluation value.
[0113] Step 1600: Generate a trusted proof report based on the first evaluation value and the second evaluation value, and send the trusted proof report to the remote computing platform; the trusted proof report indicates that the trusted proof request has trusted attributes.
[0114] Please refer to Figure 3The Trusted Management Platform verifies the remote computing platform's request based on a first and second evaluation value. If both evaluation values pass verification, the Trusted Proof Report Generation Module generates a Trusted Proof Report, indicating that the remote computing platform's trusted proof request possesses trustworthy attributes. If verification fails, it indicates the platform is untrustworthy. The Trusted Management Platform then sends the Trusted Proof Report to the File Security Processing Module for processing. After processing, the Trusted Management Platform sends the Trusted Proof Report back to the remote computing platform. It should be noted that the Trusted Management Platform can also send a Platform Configuration Register Summary Report and a Trusted Report to the remote computing platform. When the File Processing Module returns to the remote computing platform, it also stores the Trusted Proof Report locally in the State Storage and Verification Module for easy verification by other modules later.
[0115] By sending successful user instance login information to the trusted computing platform, user identity binding is achieved. Through interaction with the trusted computing platform, platform identity keys are issued and verified, and the platform identity key certificate is sent to the trusted computing platform, thus achieving platform authentication. Trusted proof requests sent by the remote computing platform are forwarded to the trusted computing platform. The platform configuration register digest report and trusted report sent by the trusted computing platform are received for verification by the trusted management platform, enabling the generation and verification of a measurement report based on the trusted proof requests sent by the remote computing platform. Therefore, this embodiment of the invention, based on a series of processes including platform authentication, identity binding, measurement report generation, and measurement report verification, achieves the proof of the security and trustworthiness of the remote computing platform after completing the trusted access of IoT devices.
[0116] In other aspects of the embodiments of the present invention, step 1200 involves issuing and verifying the platform identity key based on the interaction information with the trusted computing platform, and sending the platform identity key certificate to the trusted computing platform.
[0117] Step 1210: Receive the platform identity key certificate application sent by the trusted computing platform.
[0118] Step 1220: Verify the identity key certificate application based on the platform.
[0119] Step 1230: Obtain the user instance corresponding to the trusted computing platform, determine that the user instance meets the preset permission conditions, execute the issuance and verification of the platform identity key, and send the platform identity key certificate to the trusted computing platform.
[0120] Please refer to Figure 3Specifically, after receiving a platform identity key certificate application, the trusted management platform verifies it using the application verification module. Upon verification, it requests a user instance for the computing platform from the management platform database. The management platform database retrieves the user instance and returns it to the platform identity key issuance module. Using the received user instance and tag information, the platform identity key issuance module, under preset permission conditions, issues authorization information, confirms the authorization rules, generates a platform identity key, and performs a signing operation. It then returns an encrypted platform identity key certificate structure to the trusted computing platform. The trusted management platform then stores the platform identity key certificate in its management platform database.
[0121] The trusted management platform verifies the platform identity key application, thereby enabling the issuance and verification of the platform identity key. The trusted management platform then sends the platform identity key certificate to the trusted computing platform, which stores the certificate. This process achieves platform authentication of the trusted computing platform.
[0122] In other aspects of the embodiments of the present invention, step 1500, which involves signing and verifying the platform configuration register digest report based on the platform identity key certificate to generate a first evaluation value, and signing and verifying the trusted report based on the platform identity key certificate to generate a second evaluation value, includes:
[0123] Step 1510: Based on the platform identity key certificate, verify that the trusted computing platform corresponding to the platform configuration register digest report is authorized and obtain the source verification report.
[0124] Step 1520: Generate the first evaluation value based on the source verification report.
[0125] Specifically, the platform configuration register digest report verification module obtains the platform identity key of the trusted management platform and verifies the signed platform configuration register digest report. It verifies whether the platform is a trusted computing platform authorized by the trusted management platform. A source verification report is generated, proving that the corresponding platform has authorized permissions and a legitimate identity. Finally, the first evaluation value of the platform configuration register digest report is generated and sent to the trusted proof report generation module of the trusted management platform.
[0126] Step 1530: Based on the platform identity key certificate, verify the trusted computing platform corresponding to the trusted report. After authorization, verify the trusted report based on the measurement policy corresponding to the trusted report to obtain the report verification value.
[0127] Step 1540: If the report verification value is the same as the preset verification value, a second evaluation value is generated to indicate that the integrity of the credible report has not been compromised.
[0128] The trusted report verification module also obtains the platform identity key of the trusted management platform. Based on the platform identity key certificate, it verifies that the trusted computing platform corresponding to the trusted report is authorized, verifies the trusted report using the corresponding measurement strategy, and obtains the report verification value. By comparing the report verification value with the preset verification value, it proves that the integrity has not been compromised and generates a second evaluation value for the trusted report. The trusted management platform sends the second evaluation value to the trusted proof report generation module.
[0129] Step 1600: Generate a credible proof report based on the first evaluation value and the second evaluation value, including: determining that the first evaluation value is the same as the first preset evaluation value, and determining that the second evaluation value is the same as the second preset evaluation value, and generating a credible proof report.
[0130] Specifically, the trusted management platform has a first preset evaluation value to verify whether the trusted computing platform corresponding to the platform configuration register summary report is authorized. It also has a second preset evaluation value to prove that the integrity of the evidence has not been compromised. If the first evaluation value is the same as the first preset evaluation value, and the second evaluation value is the same as the second preset evaluation value, a trusted proof report is generated, thus proving that the trusted proof request from the remote computing platform has a trusted attribute. This achieves the proof of the security and trustworthiness of the remote computing platform based on the trusted access of IoT devices.
[0131] The trusted proof apparatus provided by the present invention is described below. The trusted proof apparatus described below can be referred to in correspondence with the trusted proof method described above.
[0132] Please refer to Figure 5 A trusted proof device, comprising:
[0133] The first sending module 201, in response to the user's login command, sends the endorsement key to the trusted management platform;
[0134] The login success information receiving module 202 is used to receive user instance login success information sent by the trusted management platform; the user instance login success information is generated by the trusted management platform based on the endorsement key.
[0135] Key checking module 203 is used to check keys based on successful login information of user instances;
[0136] The platform identity key certificate acquisition module 204 is used to issue and verify the platform identity key based on the interaction information with the trusted management platform, and to store the platform identity key certificate.
[0137] The trusted proof request receiving module 205 is used to receive trusted proof requests and measurement strategies sent by the trusted management platform; the trusted proof request is sent by the remote computing platform.
[0138] The platform identity key certificate determination module 206 is used to verify trusted proof requests and analyze measurement strategies, and to obtain the platform identity key and platform identity key certificate.
[0139] The report generation module 207 is used to generate trusted information about application processes and data resources based on the measurement strategy, generate a platform configuration register summary report based on the trusted information and platform identity key, and generate a trusted report based on the platform identity key certificate and trusted information.
[0140] The report sending module 208 is used to send the platform configuration register summary report and the trusted report to the trusted management platform for report verification.
[0141] In one embodiment, the key checking module 203 includes:
[0142] The startup information generation module is used to generate startup information for the trusted password service based on the successful login information of the user instance.
[0143] The platform identity key application message format generation module is used to generate the platform identity key application message format based on the startup information.
[0144] In one embodiment, the platform identity key certificate acquisition module 204 includes:
[0145] The platform identity key application message format acquisition module is used to acquire the platform identity key application message format;
[0146] The platform identity key application generation module is used to generate a platform identity key application based on the platform identity key application message format and user information.
[0147] The platform identity key certificate application sending module is used to send platform identity key certificate applications to the trusted management platform;
[0148] The receiving and storage module is used to receive and store the platform identity key certificate sent by the trusted management platform. The platform identity key certificate is obtained by the trusted management platform through the issuance and verification of the platform identity key based on the application of the platform identity key certificate.
[0149] In one embodiment, the report generation module 207 includes:
[0150] The first report generation module is used to compare trusted information with the local trusted benchmark library and the platform configuration register respectively, and perform a signature operation based on the comparison result of the platform identity key to obtain the platform configuration register digest report;
[0151] The second report generation module is used to sign trusted information based on the platform's identity key certificate to obtain a trusted report.
[0152] The present invention provides another trusted proof device, which can be referred to in correspondence with the trusted proof method described above.
[0153] Please refer to Figure 6 A trusted proof device, comprising:
[0154] The first receiving module 209 is used to receive the endorsement key sent by the trusted computing platform;
[0155] The joint storage module 210 is used to verify the validity of the endorsement key, generate a user instance corresponding to the endorsement key, and jointly store the user instance and the endorsement key.
[0156] The login success information sending module 211 is used to generate user instance login success information and send it to the trusted computing platform when the joint storage is completed.
[0157] The platform identity key certificate sending module 212 is used to issue and verify the platform identity key based on the interaction information with the trusted computing platform, and send the platform identity key certificate to the trusted computing platform.
[0158] The trusted proof request sending module 213 is used to receive trusted proof requests sent by the remote computing platform, generate a measurement strategy based on the trusted proof request, and send the trusted proof request and measurement strategy to the trusted management platform.
[0159] The report receiving module 214 is used to receive the platform configuration register summary report and the trust report sent by the trusted computing platform; the platform configuration register summary report and the trust report are generated by the trusted computing platform based on the trust proof request;
[0160] The evaluation value generation module 215 is used to perform signature verification on the platform configuration register digest report based on the platform identity key certificate to generate a first evaluation value, and to perform signature verification on the trusted report based on the platform identity key certificate to generate a second evaluation value.
[0161] The trusted proof report sending module 216 is used to generate a trusted proof report based on the first evaluation value and the second evaluation value, and send the trusted proof report to the remote computing platform; the trusted proof report indicates that the trusted proof request has a trusted attribute.
[0162] In one embodiment, the platform identity key certificate sending module 212 includes:
[0163] The platform identity key certificate application receiving module is used to receive platform identity key certificate applications sent by the trusted computing platform.
[0164] The verification module is used to verify the identity key certificate application based on the platform.
[0165] The final sending module is used to obtain the user instance corresponding to the trusted computing platform, determine that the user instance meets the preset permission conditions, perform the issuance and verification of the platform identity key, and send the platform identity key certificate to the trusted computing platform.
[0166] In one embodiment, the evaluation value generation module 215 includes:
[0167] The source verification report determination module is used to verify that the trusted computing platform corresponding to the platform configuration register digest report is authorized based on the platform identity key certificate, and obtain the source verification report;
[0168] The first evaluation value generation module is used to generate a first evaluation value based on the source verification report.
[0169] The report verification value determination module is used to verify that the trusted computing platform corresponding to the trusted report is authorized based on the platform identity key certificate, and to verify the trusted report based on the measurement policy corresponding to the trusted report to obtain the report verification value;
[0170] The second evaluation value generation module is used to determine if the report verification value is the same as the preset verification value, and then generate a second evaluation value indicating that the integrity of the credible report has not been compromised.
[0171] In one embodiment, the trusted proof report sending module 216 is specifically used to determine that the first evaluation value is the same as the first preset evaluation value, and to determine that the second evaluation value is the same as the second preset evaluation value, and to generate a trusted proof report.
[0172] Figure 7 An example is a schematic diagram of the physical structure of an electronic device, such as... Figure 7As shown, the electronic device may include: a processor 710, a communication interface 720, a memory 730, and a communication bus 740, wherein the processor 710, the communication interface 720, and the memory 730 communicate with each other through the communication bus 740. The processor 710 can invoke logical instructions in the memory 730 to execute a trusted authentication method, which includes: in response to a user's login instruction, sending an endorsement key to a trusted management platform; receiving user instance login success information sent by the trusted management platform; the user instance login success information is generated by the trusted management platform based on the endorsement key; performing a key check based on the user instance login success information; issuing and verifying a platform identity key based on interaction information with the trusted management platform, and storing the platform identity key certificate; receiving a trusted authentication request and a measurement policy sent by the trusted management platform; the trusted authentication request is sent by a remote computing platform; verifying the trusted authentication request and analyzing the measurement policy, and obtaining the platform identity key and the platform identity key certificate; generating trusted information about application processes and data resources based on the measurement policy, generating a platform configuration register digest report based on the trusted information and the platform identity key, and generating a trusted report based on the platform identity key certificate and trusted information; and sending the platform configuration register digest report and the trusted report to the trusted management platform for report verification.
[0173] Alternatively; receive the endorsement key sent by the trusted computing platform; confirm the validity of the endorsement key, generate a user instance corresponding to the endorsement key, and jointly store the user instance and the endorsement key; if the joint storage is completed, generate a successful login message for the user instance and send the successful login message to the trusted computing platform; based on the interaction information with the trusted computing platform, issue and verify the platform identity key, and send the platform identity key certificate to the trusted computing platform; receive a trusted proof request sent by the remote computing platform, generate a measurement policy based on the trusted proof request, and send the trusted proof request and measurement policy to the trusted management platform; receive the platform configuration register summary report and trusted report sent by the trusted computing platform; the platform configuration register summary report and trusted report are generated by the trusted computing platform based on the trusted proof request; perform signature verification on the platform configuration register summary report based on the platform identity key certificate to generate a first evaluation value, and perform signature verification on the trusted report based on the platform identity key certificate to generate a second evaluation value; generate a trusted proof report based on the first evaluation value and the second evaluation value, and send the trusted proof report to the remote computing platform; the trusted proof report indicates that the trusted proof request has a trusted attribute.
[0174] Furthermore, the logical instructions in the aforementioned memory 730 can be implemented as software functional units and, when sold or used as independent products, can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods of the various embodiments of the present invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0175] On the other hand, the present invention also provides a non-transitory computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the trusted proof method as described in steps 100 to 800 above, or implements the trusted proof method as described in steps 900 to 1600 above.
[0176] In another aspect, the present invention also provides a computer program product, including a computer program that, when executed by a processor, implements the trusted proof method as described in steps 100 to 800 above, or implements the trusted proof method as described in steps 900 to 1600 above.
[0177] The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate, and the components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs. Those skilled in the art can understand and implement this without any creative effort.
[0178] Through the above description of the embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus necessary general-purpose hardware platforms, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solutions, in essence or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product can be stored in a computer-readable storage medium, such as ROM / RAM, magnetic disk, optical disk, etc., including several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute the methods of various embodiments or some parts of embodiments.
[0179] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims
1. A reliable proof method, characterized in that, Applied to a trusted computing platform, the method includes: In response to the user's login command, an endorsement key is sent to the trusted management platform; Receive user instance login success information sent by the trusted management platform; the user instance login success information is generated by the trusted management platform based on the endorsement key; Perform a key check based on the successful login information of the user instance; The platform identity key is issued and verified based on the interaction information with the trusted management platform, and the platform identity key certificate is stored. Receives a trust proof request and measurement strategy sent by the trust management platform; the trust proof request is sent by the remote computing platform. Verify the trusted proof request and analyze the measurement strategy, and obtain the platform identity key and the platform identity key certificate; Based on the measurement strategy, trusted information about application processes and data resources is generated; based on the trusted information and the platform identity key, a platform configuration register digest report is generated; and based on the platform identity key certificate and the trusted information, a trusted report is generated. The platform configuration register summary report and the trusted report are sent to the trusted management platform for report verification.
2. The reliable proof method according to claim 1, characterized in that, The key check based on the successful login information of the user instance includes: Generate startup information for the trusted password service based on the successful login information of the user instance; The platform identity key application message format is generated based on the startup information.
3. The reliable proof method according to claim 2, characterized in that, The process of issuing and verifying the platform identity key based on interaction information with the trusted management platform, and storing the platform identity key certificate, includes: Obtain the platform identity key application message format; A platform identity key application is generated based on the platform identity key application message format and user information; Send the platform identity key certificate application to the trusted management platform; The system receives and stores the platform identity key certificate sent by the trusted management platform. The platform identity key certificate is obtained by the trusted management platform through the issuance and verification of the platform identity key based on the application of the platform identity key certificate.
4. The reliable proof method according to claim 1, characterized in that, The generation of the platform configuration register digest report based on the trusted information and the platform identity key includes: The trusted information is compared with the local trusted benchmark library and the platform configuration register respectively, and a signature operation is performed based on the comparison result of the platform identity key to obtain the platform configuration register digest report; The generation of a trusted report based on the platform's identity key certificate and the trusted information includes: The trusted information is signed based on the platform's identity key certificate to obtain the trusted report.
5. A reliable proof method, characterized in that, The method, applied to a trusted management platform, includes: Receive the endorsement key sent by the trusted computing platform; The endorsement key is confirmed to be valid. A user instance corresponding to the endorsement key is generated, and the user instance and the endorsement key are stored together. Once the joint storage is confirmed to be complete, a user instance login success message is generated and sent to the trusted computing platform. Based on the interaction information with the trusted computing platform, the platform identity key is issued and verified, and the platform identity key certificate is sent to the trusted computing platform. Receive a trusted proof request sent by a remote computing platform, generate a measurement strategy based on the trusted proof request, and send the trusted proof request and the measurement strategy to the trusted computing platform; Receives a platform configuration register summary report and a trust report sent by the trusted computing platform; the platform configuration register summary report and the trust report are generated by the trusted computing platform based on the trust proof request; The platform configuration register digest report is signed and verified based on the platform identity key certificate to generate a first evaluation value; the trusted report is signed and verified based on the platform identity key certificate to generate a second evaluation value. A trusted proof report is generated based on the first evaluation value and the second evaluation value, and the trusted proof report is sent to a remote computing platform; the trusted proof report indicates that the trusted proof request has a trusted attribute.
6. The reliable proof method according to claim 5, characterized in that, The step of issuing and verifying the platform identity key based on interaction information with the trusted computing platform, and sending the platform identity key certificate to the trusted computing platform, includes: Receive platform identity key certificate applications sent by the trusted computing platform; Verification is performed based on the platform's identity key certificate application; Obtain the user instance corresponding to the trusted computing platform, determine that the user instance meets the preset permission conditions, execute the issuance and verification of the platform identity key, and send the platform identity key certificate to the trusted computing platform.
7. The reliable proof method according to claim 5, characterized in that, The step of signing and verifying the platform configuration register digest report based on the platform identity key certificate to generate a first evaluation value includes: Based on the platform identity key certificate, the trusted computing platform corresponding to the platform configuration register digest report is verified to be authorized, and a source verification report is obtained; A first evaluation value is generated based on the source verification report; The step of signing and verifying the trusted report based on the platform's identity key certificate to generate a second evaluation value includes: Based on the platform identity key certificate, the trusted computing platform corresponding to the trusted report is verified to be authorized. Based on the measurement policy corresponding to the trusted report, the trusted report is verified to obtain the report verification value. If the report verification value is found to be the same as the preset verification value, a second evaluation value is generated to indicate that the integrity of the credible report has not been compromised. The process of generating a credible proof report based on the first evaluation value and the second evaluation value includes: If the first evaluation value is found to be the same as the first preset evaluation value, and the second evaluation value is found to be the same as the second preset evaluation value, the credible proof report is generated.
8. A reliable proof device, characterized in that, include: The first sending module, in response to the user's login command, sends the endorsement key to the trusted management platform; The login success information receiving module is used to receive user instance login success information sent by the trusted management platform; The successful login information for the user instance is generated by the trusted management platform based on the endorsement key. The key checking module is used to perform key checks based on the successful login information of the user instance. The platform identity key certificate acquisition module is used to issue and verify the platform identity key based on the interaction information with the trusted management platform, and to store the platform identity key certificate. The trusted proof request receiving module is used to receive trusted proof requests and measurement strategies sent by the trusted management platform. The trusted proof request is sent by the remote computing platform; The platform identity key certificate determination module is used to verify the trusted proof request and analyze the measurement strategy, and to obtain the platform identity key and the platform identity key certificate. The report generation module is used to generate trusted information about application processes and data resources based on the measurement strategy, generate a platform configuration register digest report based on the trusted information and the platform identity key, and generate a trusted report based on the platform identity key certificate and the trusted information. The report sending module is used to send the platform configuration register summary report and the trusted report to the trusted management platform for report verification.
9. A reliable proof device, characterized in that, include: The first receiving module is used to receive the endorsement key sent by the trusted computing platform; The joint storage module is used to verify the validity of the endorsement key, generate a user instance corresponding to the endorsement key, and jointly store the user instance and the endorsement key. The login success information sending module is used to generate user instance login success information and send the user instance login success information to the trusted computing platform after determining that the joint storage is completed; The platform identity key certificate sending module is used to issue and verify the platform identity key based on the interaction information with the trusted computing platform, and send the platform identity key certificate to the trusted computing platform. A trusted proof request sending module is used to receive a trusted proof request sent by a remote computing platform, generate a measurement strategy based on the trusted proof request, and send the trusted proof request and the measurement strategy to the trusted computing platform. The report receiving module is used to receive the platform configuration register summary report and the trust report sent by the trusted computing platform; the platform configuration register summary report and the trust report are generated by the trusted computing platform based on the trust proof request; The evaluation value generation module is used to perform signature verification on the platform configuration register digest report based on the platform identity key certificate to generate a first evaluation value, and to perform signature verification on the trusted report based on the platform identity key certificate to generate a second evaluation value; A trusted proof report sending module is used to generate a trusted proof report based on the first evaluation value and the second evaluation value, and send the trusted proof report to a remote computing platform; The trusted proof report indicates that the trusted proof request has a trusted attribute.
10. An electronic device comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, characterized in that, When the processor executes the program, it implements the trusted proof method as described in any one of claims 1 to 4, or claims 5 to 7.