可信计算机平台密钥管理  被引量：2

作　　者：李新明[1,2] 张功萱[1] 施超[1] 宋斌[1] 

机构地区：[1]南京理工大学计算机科学与技术学院,江苏南京210094 [2]装备指挥技术学院重点实验室,北京101416

出　　处：《南京理工大学学报》2010年第4期431-435,447,共6页Journal of Nanjing University of Science and Technology

基　　金：国家自然科学基金(60850002);国家"863"计划资助项目(2006AA01Z447)

摘　　要：针对纯软件安全防护的不足,提出了遵循可信计算技术及国家可信密码模块(TCM)接口规范的嵌入式可信安全模型(ETSM)可信计算平台框架。围绕着可信计算核心内容-密钥管理方法,提出了基于ETSM的密钥管理体系结构,将密码算法(或密码引擎)、密钥管理功能、随机密钥的生成等植入到ETSM硬件环境。设计并实现了ETSM密钥管理体系结构中基本的管理功能,给出了双端口密钥缓存管理、外部密钥存储管理方案。独立的ETSM模块与PC主机构成了异构双处理系统,PC主机通过PCI接口与ETSM快速通讯,完成对敏感数据或文件的加解密任务,并将相关的密钥保存到ETSM的非易失性存储器,以保证加密后数据的安全性,提高了本异构系统的可信性,满足了可信计算平台完整性和安全性的要求。Duo to the limitation of security protection only by software,a trusted computing framework of embedded trusted security model（ETSM） is proposed according to the trusted computing technology and the national related trusted cryptography module（TCM） interface specification.Moreover,for the key management methods of the trusted computing core content,an ETSM-based key management architecture is presented.The modules of encryption/decryption algorithms（or engines）,key management and random key generation are built and stored in ETSM hardware.Some important functions of key management are designed and implemented in the key management architecture.The management strategies are given for dual-port key cache management and external key storage management.As for the hardware environment,it is a heterogeneous system of dual processors with individual ETSM and personal computer（PC） host.The PC host can quickly exchange messages with ETSM through the peripheral component interconnect（PCI） interface and achieve the encryption/decryption of sensitive data or files.The related keys are stored in non-violate memory of ETSM so that the encrypted data are of high security.It is an efficient scheme to enhance the system＇s trustworthiness and the scheme meets the requirement of trusted computing platform＇s integrity and security.

关 键 词：可信计算 可信计算机平台 密钥 密钥管理 

分 类 号：TP309.1[自动化与计算机技术—计算机系统结构]