CN103856477A

CN103856477A - Trusted computing system, corresponding attestation method and corresponding devices

Info

Publication number: CN103856477A
Application number: CN201310050808.6A
Authority: CN
Inventors: 付颖芳
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2012-12-06
Filing date: 2013-02-08
Publication date: 2014-06-11
Anticipated expiration: 2033-02-08
Also published as: CN103856478B; CN103856478A; CN103856477B

Abstract

The invention discloses a trusted computing system, a corresponding attestation method and corresponding devices. The trusted computing system comprises an administrative domain and a plurality of trusted domains. Members of each trusted domain include a DT and domain terminals. The attestation method includes the steps that the DTs carry out registering in the administrative domain with platform identity certificates of the DTs as identification, and after the DTs pass attestation of the administrative domain, signature certificates of the administrative domain to the DTs are awarded to the DTs; the domain terminals carry out registering in the DTs of the trusted domains where the domain terminals are located with platform identity certificates of the domain terminals as identification, and after the domain terminals pass attestation of the DTs, terminal identity certificates are awarded to the domain terminals and comprise signatures of the administrative domain to the DTs and signatures of the DTs to the domain terminals; when the domain terminals of different trusted domains are interactive, remote attestation on remote terminal identities is achieved based on the terminal identity certificates of remote terminals. The trusted computing system, the corresponding attestation method and the corresponding devices can be conveniently extended to be used for integration of the trusted domains with different scales, network flow, computing loads and storage space are reduced, and the cross-domain attestation efficiency is improved.

Description

A kind of credible accounting system and corresponding authentication method and equipment

Technical field

The application relates to credible calculating, more specifically, relates to a kind of credible accounting system and corresponding authentication method and equipment with distributed network topology.

Background technology

Along with the development of Internet, the continuous reinforcement of distributed computation ability, makes large-scale resource-sharing become a kind of trend.But, due to the autonomy of opening, uncontrollability and the resource thereof of distributed network environment, imperfection that aggregation of resources and cooperative surroundings exist, inconsistency and the problem such as uncertain, traditional security mechanism based on centralized management is no longer applicable.People propose new thinking and ensure terminal security, i.e. reliable computing technology.Reliable computing technology core concept is comprising in the plurality of devices such as desktop computer, notebook and smart mobile phone, take embedded credible platform module (Trusted Platform Module, TPM) as core as user and platform (comprising TPM and main frame) safety guarantee is provided.TPM has the ability of remote proving, can respond the request of remote authentication side, proves the credible attribute such as platform identity and completeness of platform.Credible computation organization (Trusted Computing Group, TCG) requires in remote proving process, the effectively privacy of protecting platform identity information, i.e. the TPM information of can not blowing one's cover in the time that authenticating party carries out remote proving.

The protection problem of platform privacy information when solving remote proving, TCG successively adopts PCA method and DAA method.

TCG has proposed privacy CA (Privacy Certificate Authority in its TPM v1.1b standard, PrivacyCA) anonymous authentication system, it adopts the EK certificate issuance another name certificate that PrivacyCA is customer platform as trusted third party to guarantee anonymity, and guarantees the repeatedly independent between authentication of platform by the method for one-time pad.

For the different purposes of key, TCG has defined the key of seven types,, wherein authenticating relevant main key with platform identity has:

Signature key (EK, Endorsement Key): for the key of unique identification platform identity, generally generated in the time manufacturing TPM by TPM manufacturer.EK has influence on the fail safe of whole system, and it is only for two operations: the one, and in the time of definite platform owner, deciphering owner's authorization data; The 2nd, generate AIK key and create the another name certificate of platform identity.

Attestation Identity Key (AIK, Attestation Identity Key): be exclusively used in data that TPM is produced (as PCRs value etc.) and sign, prove the legitimacy of platform identity and the credibility of platform environment.

In order to realize the credible proof of application, management and platform of key, TCG has defined five class certificates, and every class is all used to submit necessary information for specific operation, comprising:

Self-signing certificate (Endorsement Credential): claim again EK certificate, generally issued by the manufacturer that generates EK, comprise the information such as TPM producer name, TPM model, TPM version number and EK PKI.Although EK PKI is disclosed, it is unique evidence of differentiating TPM identity, therefore also has secret and sensitiveness.

Proof of identification certificate (AIK Credential): claim again AIK certificate, for the identification of the AIK private key that PCR value is signed, it comprises that AIK PKI and other person of signing and issuing think Useful Information.AIK certificate be by one believable, can the various certificates of verification and the service side of protection privacy of user sign and issue.By grant a certificate, service side can prove that it is real that the TPM of TPM information is provided.

Other cettificate of conformity (Conformance Credential) in addition, platform credential (Platform Endorsement Credential) and confirmation certificate (Validation Credential).

PrivacyCA system is simple, the anonymous authentication of energy implementation platform, but PrivacyCA need to sign and issue new AIK certificate for each authentication of platform, require it highly available, cause PrivacyCA may become the performance bottleneck of whole Verification System, may suffer DoS attack and cause system single point failure.

In December, 2007, China national Password Management office has promulgated " trusted computing password support platform function and interface specification ", this specification description the principle of work and power and the requirement of trusted computing password support platform, and defined trusted computing password support platform and provide the interface specification of service for application layer, in order to instruct China's credible counting yield development and application of being correlated with.For realizing the protection to platform identity anonymity in remote proving process; platform identity Verification System centered by this normalized definition Liao Yigeyi trusted third party; with credible password module (TCM; Trusted Cryptographic Module) substitute TPM as trusted root; the agreement flow process of its operation principle and grant a certificate is basic identical with TCG PrivacyCA system; but for adapting to the national conditions of China, double certificate system and different cryptographic algorithms are adopted.Double certificate wherein comprises platform identity certificate and platform encrypted certificate, and wherein, platform identity certificate is the certificate of signing and issuing for the PKI of platform identity key (PIK, Platform Identity Key), also referred to as PIK certificate.PIK is at the inner SM2 key pair generating of TCM, for the information of TCM inside is signed, and implementation platform authentication and integrity report; Platform encrypted certificate is the certificate of signing and issuing for the PKI of platform encryption key (PEK, Platform Encryption Key), and also referred to as PEK certificate, it is the data encryption certificate being associated with PIK certificate in TCM.But there is the defect identical with PrivacyCA system in the Verification System of this normalized definition.

For overcoming the defect of PrivacyCA system, TCG has proposed Direct Anonymous authentication (direct anonymous attestation, DAA) system in TPM v1.2 standard.DAA Verification System is take C-L signature scheme and the zero-knowledge proof based on discrete logarithm as basis, and uses Fiat-Shamir heuristic that knowledge proof is converted to non-interactive type signatures of Knowledge.The main participant of DAA Verification System has signer (Signer), credible publisher (Issuer) and authenticating party (Verifier).When its work, first, TPM applies for obtaining for secret data (f to credible publisher based on EK PKI ₀, f ₁) C-L signature, also obtain about (f ₀, f ₁) DAA certificate (A, e, v), to authenticating party zero-knowledge proof, it has secret data (f together with the platform host that each authentication TPM afterwards binds mutually with it ₀, f ₁) and relevant DAA certificate (A, e, v), and with (f ₀, f ₁) calculate assumed name N _v, prove that by the identity of the corresponding platform of this TPM be believable.Be zero-knowledge proof due to what authenticate employing, authenticating party can not be known (f ₀, f ₁) and certificate (A, e, v), also just can not judge the true identity that proves platform, realize the anonymity of authentication.DAA Verification System, in realizing identity legitimacy authentication, is also signed to AIK PKI, makes AIK become the another name of EK.

DAA replaces original AIK certificate with DAA certificate, and only need application once and can repeatedly make the anonymity for guaranteeing credible platform, and without the help of Privacy-CA.But DAA Verification System is mainly the network environment less towards scope, border is definite, be particularly useful for an internal network, only in the case of TPM and authenticating party trust common credible publisher, be only applicable, it cannot provide the authentication between TPM and authenticating party or TPM and the TPM that adheres to different DAA territory (applying for that to different publishers DAA proves) separately, also be that current DAA Verification System is only applicable to single trust domain, can not provide trusting relationship for cross-domain authentication.Allow a TPM to apply for that to multiple different DAA publishers the mode that different DAA prove builds different TPM trusting relationship set although can consider to adopt, but too complex redundancy of the method for this exhaustive all trusting relationships, and the information that TPM can preserve is very limited, thereby this method can not really be used in Internet environment.

For the existing limitation of this cross-domain authentication, prior art has proposed some solutions.

In " computer engineering " the 36th volume o. 11th (in June, 2010) " the DAA Cross-domain Authentication Mechanisms based on dynamic trust value " that disclosed Jiang Li etc. shows, a kind of scheme that realizes the cross-domain authentication of TPM user by setting up trusting relationship between territory is proposed, the trust value between territory is quantified as one [0 by this scheme, 1] real number between, and and trust threshold comparison, if be more than or equal to trust threshold, between two territories, set up temporary transient trusting relationship, the TPM user that approval authenticated through local domain, makes it visit the resource in remote domain according to access control policy.Existing DAA scheme cannot provide to the authentication of TPM that adheres to different DAA territory separately, and this scheme has been introduced trust value center (TA) and calculated and preserve the trust value between each territory for this reason.In the time of cross-domain authentication, TPM first to this territory (territory A) certificate server submit the access request to remote domain B to, this domain authentication server authentication sends this cross-domain access request by backward remote domain (territory B) certificate server, after territory B certificate server authentication is passed through, calculate the trust value to TPM and ask TA to calculate to territory B the trust value to territory A, if this trust value is greater than threshold value, return to permission message to territory A certificate server, when territory A certificate server authentication is permission, send to TPM, TPM to hold this bill access remote domain resource bill (Ticket).

In " the cross-domain anonymous authentication mechanism under distributed network environment " that " computer application " the 30th the 8th phase of volume (in August, 2010) disclosed Zhou Yanwei etc. shows, the cross-domain authentication framework proposing comprises certificate arbitration center (the Arbitration Center of Certificate of trusted third party, and multiple inter-trust domain CAC), each inter-trust domain comprises TCP and DAA certificate authority person (IS), and the authenticity that CAC signs and issues AIK certificate to the DAA of different vendor certificate authority person is carried out dangerous card.Inter-trust domain DO _acredible calculating platform TCP _ato another inter-trust domain DO _bservice provider while applying for serving, TCP _afirst by this territory DAA certificate authority person IS _adAA authentication, obtain the AIK certificate that it is signed and issued, then send cross-domain certificate request, TCP to CAC _ause local domain AIK certificate and the integrity measurement value of self to prove its identity to CAC, CAC by with IS _abetween interacting message authentication TCP _aauthenticity and integrity, to holding legal AIK certificate and the complete TCP of platform _aissue cross-domain certificate of certification, TCP _ause cross-domain certificate of certification to inter-trust domain DO _bin service provider prove the authenticity of its identity and the integrality of platform.

In " the Direct Anonymous proof scheme in a kind of multiple trusting domains " that the people such as disclosed old small peak of " Chinese journal of computers " the 31st the 7th phase of volume (in July, 2008) show, a kind of cross-domain DAA scheme is proposed, this scheme, on the basis of DAA scheme, has increased by two participants at each inter-trust domain: passport issuer and visa issuer.Its cross-domain basic thought is: if trust domain DO _acredible calculating platform HT _a(Host/TPM A) will be to trust domain DO _bauthenticator V _bprove the identity of oneself, the privacy not sticking one's chin out, so first HT simultaneously _ato passport certificate of passport issuer application of local domain, this passport certificate has proved HT _aat trust domain DO _ain identity, then HT _awith this passport certificate to trust domain DO _bthe visa issuer certificate of applying for a visa, last, HT _awith this passport certificate and notarial deed to trust domain DO _bin authenticator V _bprove anonymously the identity of oneself.

In " improved cross-domain Direct Anonymous certificate scheme " that the people such as " computer application " the 30th the 12nd phase of volume (2010 12) disclosed plum minister show, DAA issuer in different trust domain is acted on behalf of member as of this territory, act on behalf of member by it and first the credible platform in this territory is carried out to authentication, in the situation that confirmation is legal, issue the Direct Anonymous certificate in its trust domain, and its identity, certificate validity date and Direct Anonymous certificate are bound.

These cross-domain certificate schemes all need the certificate authority person of each inter-trust domain or trusted third party (as third party's certificate arbitration center, trust value center) to participate in issuing the required certificate of cross-domain authentication above, its process is still too complicated, and better scheme requires study.

Application content

In view of this technical problem that, the application will solve is to provide a kind of credible accounting system and corresponding authentication method and equipment.

In order to solve the problems of the technologies described above, the application proposes a kind of authentication method of credible accounting system, described credible accounting system comprises management domain and multiple inter-trust domain, and the member of described inter-trust domain comprises territory trusted party (DT) and territory terminal, and described method comprises:

DT is take its platform identity certificate as proving management domain registration, and management domain authentication is authorized described DT by management domain to the signing certificate of described DT after passing through;

Territory terminal is take its platform identity certificate as proving the DT registration of place inter-trust domain, after described DT authentication is passed through, by territory terminal described in terminal identity Credentialing, described terminal identity certificate comprises signature and the described DT signature to described territory terminal of management domain to described DT;

When mutual between the territory terminal of different inter-trust domain, the terminal identity certificate based on remote port is realized the remote authentication to remote port identity.

Preferably, in above-mentioned authentication method,

The member of described management domain comprises privacy CA (PrivacyCA);

Described management domain authentication is authorized described DT by management domain to the signing certificate of described DT after passing through, and comprising: described PrivacyCA authentication is authorized described DT by DT letter of identity after passing through, and described DT letter of identity comprises the signature of described PrivacyCA to described DT.

Preferably, in above-mentioned authentication method,

The member of described management domain comprises privacy CA (PrivacyCA) and multiple virtual CA member, and described authentication method also comprises the process of establishing of following virtual CA:

Described PrivacyCA produces the public and private key of a pair of system, announces Threshold Signature and the required common parameter of checking, and system private key secret is distributed to virtual CA member;

Each virtual CA member, based on the secret shared described system private key of (t, n) Threshold, forms virtual CA, and each virtual CA member preserves the sub-private key of a system;

Described DT is take its platform identity certificate as proving that management domain registration is point to be clipped to the individual virtual CA member of t to register, after described management domain authentication is passed through, authorize described DT by management domain to the signing certificate of described DT, comprise: after described t virtual CA member authenticates respectively and pass through, described DT signature is obtained t the sub-certificate of sub-DT identity and authorizes described DT with the sub-private key of system of preserving separately according to threshold signature scheme, after described DT passes through the legitimacy authentication of the signature of the sub-private key of system to described DT in described t the sub-certificate of DT identity, according to the synthetic DT letter of identity of described t the sub-certificate of DT identity, described DT letter of identity comprises the signature of the virtual CA synthesizing with threshold signature scheme to described DT.

Preferably, in above-mentioned authentication method,

When described t virtual CA member obtains t the sub-certificate of DT identity and authorize described DT described DT signature with the sub-private key of system of preserving separately, also the CA member's letter of identity of oneself is offered to described DT as proof of identification;

Described DT receives after the sub-certificate of described DT identity and CA member's letter of identity, first based on described CA member's letter of identity, respective virtual CA member is carried out to authentication, after authentication is passed through, then the signature in the sub-certificate of described DT identity is carried out to legitimacy authentication.

Preferably, in above-mentioned authentication method,

Described CA member's letter of identity is that virtual CA member obtains by following process:

One virtual CA member is take its platform identity certificate as proving other t or t-1 virtual CA member's registration, after described other a t or t-1 virtual CA member is verified, with the sub-private key of system of preserving separately to this virtual CA member signature, the t that obtains or t-1 the sub-letter of identity of CA member are authorized this virtual CA member, this virtual CA member carries out after legitimacy authenticates and pass through this virtual CA member's signature the sub-private key of system in described t or t-1 the sub-certificate of CA member's identity, synthetic CA member t letter of identity, described CA member's letter of identity comprises the signature of the virtual CA synthesizing with threshold signature scheme to described DT,

The main part of signing in described CA member's letter of identity comprises this virtual CA member's platform mark, or comprises this virtual CA member's platform mark and system manager's mark simultaneously.

Preferably, in above-mentioned authentication method,

Described DT during by terminal identity Credentialing territory terminal, also offers described territory terminal using the DT letter of identity of oneself as proof of identification;

Described territory terminal is received after described terminal identity certificate and DT letter of identity, first based on described DT letter of identity, described DT is authenticated, and after authentication is passed through, then preserves described terminal identity certificate.

Preferably, in above-mentioned authentication method,

The main part of signing in described DT letter of identity comprises that the domain administrator of described DT identifies peaceful station identification.

Preferably, in above-mentioned authentication method,

The member of described management domain comprises PrivacyCA, and described credible accounting system other members except PrivacyCA all register to obtain platform identity certificate by following process to described PrivacyCA:

Described other members register as proving described PrivacyCA take the self-signing certificate of trusted module in its credible calculating platform, preserve the platform identity certificate that described PrivacyCA authorizes;

Described PrivacyCA authentication is authorized platform identity certificate to described other members after passing through, and described platform identity certificate comprises the signature of described PrivacyCA to described other members.

Preferably, in above-mentioned authentication method,

Described other members carried out before described other members add described credible accounting system to the process of described PrivacyCA registration;

In this process, after described PrivacyCA authentication is passed through, also for described other members distribute platform mark unique in a system, described PrivacyCA authorizes the main part of signing in described other members' platform identity certificate and comprises described platform mark.

Preferably, in above-mentioned authentication method,

In described terminal identity certificate, the main part of the signature of DT to described territory terminal comprises the terminal user identification peace station identification of described territory terminal.

Correspondingly, the application also provides a kind of credible accounting system based on distributed network environment, and this credible accounting system comprises management domain and inter-trust domain, and the member of described inter-trust domain comprises territory trusted party (DT) and territory terminal, it is characterized in that:

Described management domain, for accepting the registration of DT, after described DT authentication is passed through, is authorized described DT by management domain to the signing certificate of described DT;

Described territory terminal comprises:

Terminal certificate application module, as proving the DT registration of place inter-trust domain, preserves the terminal identity certificate that described DT authorizes for the platform identity certificate take this territory terminal;

Remote authentication module, for when with the territory terminal interaction of other inter-trust domain, provides terminal identity certificate to remote port, and terminal identity certificate based on remote port carries out authentication to remote port;

Described DT comprises:

DT certificate request module, registers as proving management domain for the platform identity certificate take this DT, and preserves the signing certificate that management domain is authorized;

Terminal certificate is issued module, and for the registration of acceptance region terminal, after described territory terminal authentication is passed through, by territory terminal described in terminal identity Credentialing, described terminal identity certificate comprises management domain to the signature of this DT and the signature of this DT to described territory terminal.

Preferably, in above-mentioned credible accounting system,

The member of described management domain comprises privacy CA (PrivacyCA);

Described PrivacyCA comprises:

DT certificate authority module, for accepting the registration of DT, after described DT authentication is passed through, authorizes described DT by DT letter of identity, and described DT letter of identity comprises the signature of described PrivacyCA to described DT.

Preferably, in above-mentioned credible accounting system,

The member of described management domain comprises PrivacyCA and multiple virtual CA member, wherein:

Described PrivacyCA comprises:

System key administration module, for generation of the public and private key of a pair of system, announces Threshold Signature and the required common parameter of checking, and system private key secret is distributed to virtual CA member;

Described multiple virtual CA member, based on the secret shared described system private key of (t, n) Threshold, forms virtual CA jointly, and wherein, each virtual CA member comprises:

DT certificate authority module, for accepting the registration of DT, after to described DT, authentication is passed through, according to threshold signature scheme, signs to described DT with the sub-private key of system of this virtual CA member's preservation, DT described in the sub-Credentialing of DT identity obtaining;

The DT certificate request module of described DT is point to be clipped to t virtual CA member's registration, obtain t the sub-certificate of DT identity, after the legitimacy authentication of the signature of the sub-private key of system to described DT in described t the sub-certificate of DT identity is passed through, according to the synthetic DT letter of identity of described t the sub-certificate of DT identity, in described DT letter of identity, comprise the signature of the virtual CA synthesizing with threshold signature scheme to described DT.

Preferably, in above-mentioned credible accounting system,

Described virtual CA member's DT certificate authority module, by described in sub-DT identity Credentialing when DT, also offers described DT using the CA member's letter of identity of oneself as proof of identification;

The DT certificate request module of described DT is received after described t the sub-certificate of DT identity and corresponding CA member's letter of identity, first based on described CA member's letter of identity, respective virtual CA member is carried out to authentication, after authentication is passed through, then the signature in the sub-certificate of described DT identity is carried out to legitimacy authentication.

Preferably, in above-mentioned credible accounting system,

Each virtual CA member also comprises:

CA member's certificate request module, for arrive other t or t-1 virtual CA member's registration take its platform identity certificate as proof, receive after the t that authorizes or t-1 the sub-certificate of CA member, the sub-private key of system is wherein carried out to legitimacy authentication to this virtual CA member's signature, authentication is by the rear CA member's letter of identity that synthesizes oneself, described CA member's letter of identity comprises the signature of the virtual CA synthesizing with threshold signature scheme to described DT, the main part of this signature comprises this virtual CA member's platform mark, or comprise this virtual CA member's platform mark and system manager's mark simultaneously,

CA member's certificate authority module, for receiving another virtual CA member's registration, after this another virtual CA member authentication is passed through, the sub-private key of system of preserving with controlling oneself is signed to this another virtual CA member, the virtual CA member of CA member's identity sub-Credentialing this another who obtains.

Preferably, in above-mentioned credible accounting system,

The terminal certificate of described DT is issued module by described in terminal identity Credentialing when the terminal of territory, also offers described territory terminal using the DT letter of identity of oneself as proof of identification;

The terminal certificate application module of described territory terminal is received after described terminal identity certificate and DT letter of identity, first based on described DT letter of identity, described DT is authenticated, and after authentication is passed through, then preserves described terminal identity certificate.

Preferably, in above-mentioned credible accounting system,

The main part of signing in the synthetic DT letter of identity of the DT certificate request module of described DT comprises that the domain administrator of described DT identifies peaceful station identification.

Preferably, in above-mentioned credible accounting system,

The member of described management domain comprises privacy CA (PrivacyCA);

Described PrivacyCA comprises:

Platform credential is issued module, and for accepting other members' of system registration, authentication is authorized platform identity certificate to described other members after passing through, and described platform identity certificate comprises the signature of described PrivacyCA to described other members;

Other members of described credible accounting system also comprise:

Platform credential application module, as proving described PrivacyCA registration, preserves the platform identity certificate that described PrivacyCA authorizes for the self-signing certificate take its credible calculating platform trusted module.

Preferably, in above-mentioned credible accounting system,

Described other members' of system platform credential application module is to described PrivacyCA registration before adding described credible accounting system;

The platform credential of described PrivacyCA is issued module after authentication is passed through, also, for described other members distribute platform mark unique in a system, described PrivacyCA authorizes the main part of signing in described other members' platform identity certificate and comprises described platform mark.

Preferably, in above-mentioned credible accounting system,

The terminal certificate of described DT is issued module and is authorized the terminal user identification peace station identification that the main part of the signature of DT to territory terminal described in the terminal identity certificate of territory terminal comprises described territory terminal.

Correspondingly, the application also provides the privacy CA in a kind of above-mentioned credible accounting system (PrivacyCA), it is characterized in that: described PrivacyCA comprises:

System key administration module, for generation of the public and private key of a pair of system, announces Threshold Signature and the required common parameter of checking, and system private key secret is distributed to virtual CA member.

Preferably, described platform credential is issued module after authentication is passed through, also, for described other members distribute platform mark unique in a system, described PrivacyCA authorizes the main part of signing in described other members' platform identity certificate and comprises described platform mark.

Correspondingly, the application also provides virtual CA (CA) member in a kind of above-mentioned credible accounting system, it is characterized in that:

Multiple virtual CA members, based on (t, n) Threshold secret sharing systems private key, form virtual CA jointly, and wherein, each virtual CA member comprises:

Platform credential application module, as proving described PrivacyCA registration, preserves the platform identity certificate that described PrivacyCA authorizes for the self-signing certificate take its credible calculating platform trusted module;

DT certificate authority module, for accepting the registration of DT, after to described DT, authentication is passed through, according to threshold signature scheme, signs to described DT with the sub-private key of system of this virtual CA member's preservation, DT described in the sub-Credentialing of DT identity obtaining.

Preferably, above-mentioned virtual certificate CA member also comprises:

Described DT certificate authority module, by described in sub-DT identity Credentialing when DT, also offers described DT using the CA member's letter of identity of oneself as proof of identification.

Correspondingly, the application also provides the territory trusted party in a kind of above-mentioned credible accounting system (DT), and described DT comprises:

Terminal certificate is issued module, for the registration of acceptance region terminal, after described territory terminal authentication is passed through, by territory terminal described in terminal identity Credentialing, offer described territory terminal using the DT letter of identity of oneself as proof of identification, described terminal identity certificate comprises management domain to the signature of this DT and the signature of this DT to described territory terminal simultaneously.

Preferably, described DT certificate request module is point to be clipped to t virtual CA member's registration, obtain t the sub-certificate of DT identity, after the legitimacy authentication of the signature of the sub-private key of system to described DT in described t the sub-certificate of DT identity is passed through, according to the synthetic DT letter of identity of described t the sub-certificate of DT identity, in described DT letter of identity, comprise the signature of the virtual CA synthesizing with threshold signature scheme to described DT.

Preferably, when receiving described t the sub-certificate of DT identity, described DT certificate request module also receives corresponding CA member's letter of identity, first based on described CA member's letter of identity, respective virtual CA member is carried out to authentication, after authentication is passed through, then the signature in the sub-certificate of described DT identity is carried out to legitimacy authentication.

Preferably, described terminal certificate is issued module and is authorized the terminal user identification peace station identification that the main part of the signature of DT to territory terminal described in the terminal identity certificate of territory terminal comprises described territory terminal.

The main part of preferably, signing in the synthetic DT letter of identity of described DT certificate request module comprises that the domain administrator of described DT identifies peaceful station identification.

Correspondingly, the application also provides the territory terminal in a kind of above-mentioned credible accounting system, and described territory terminal comprises:

Remote authentication module, for when with the territory terminal interaction of other inter-trust domain, provides terminal identity certificate to remote port, and terminal identity certificate based on remote port carries out authentication to remote port.

Preferably, when described terminal certificate application module is received described terminal identity certificate, also receive after DT letter of identity, first based on described DT letter of identity, described DT is authenticated, after authentication is passed through, then preserve described terminal identity certificate.

In the application's execution mode, the authentication method of credible accounting system and corresponding system adopt the distributed network topology based on inter-trust domain, are convenient to expansion and deal with the integrated of different scales inter-trust domain.

In the application's execution mode, territory terminal use obtains terminal identity certificate from the DT of place inter-trust domain and just can realize cross-domain authentication, need not remove to apply for certificate for each inter-trust domain, this has reduced network traffics, computational load and memory space, has improved the efficiency of the cross-domain authentication of distributed network.

In the application's execution mode; adopt virtual CA to replace PrivacyCA to issue DT letter of identity to DT; multiple virtual CA members are by (t; n) Threshold carrys out shared system private key; can avoid puppet to emit attack, single-point dos attack and inefficacy, also make PrivacyCA only in the time that other members of system register, authorize these member's platform identity certificates, verification process afterwards participates in without PrivacyCA; can effectively protect PrivacyCA, improve the security performance of system.

In the application's execution mode, this member's user is identified to peaceful station identification binding in the certificate of authorizing system member, can effectively prevent platform substitution attack.

Accompanying drawing explanation

Fig. 1 is the configuration diagram of the credible accounting system of the embodiment of the present application;

Fig. 2 is the each system member's of the embodiment of the present application module map;

Fig. 3 is the overview flow chart of the embodiment of the present application authentication method;

Fig. 4 is in the embodiment of the present application authentication method, and the member of inter-trust domain registers to apply for the flow chart of platform identity certificate to PrivacyCA;

Fig. 5 is in the embodiment of the present application authentication method, the flow chart of the process of establishing of virtual CA;

Fig. 6 is in the embodiment of the present application authentication method, and DT is to the flow chart of the virtual CA registration of management domain;

Fig. 7 is in the embodiment of the present application authentication method, and territory terminal is to the flow chart of the DT registration of place inter-trust domain;

Fig. 8 is in the embodiment of the present application authentication method, and virtual CA member is to the flow chart of other virtual CA member's registrations;

Fig. 9 is framework and the schematic flow sheet of an application example of the application.

Embodiment

For making the application's object, technical scheme and advantage clearer, hereinafter in connection with accompanying drawing, the application's embodiment is elaborated.It should be noted that, in the situation that not conflicting, the combination in any mutually of the feature in embodiment and embodiment in the application.

As shown in Figure 1, the credible accounting system of the present embodiment comprises management domain and multiple inter-trust domain, and management domain and inter-trust domain all comprise some members.As the member of credible accounting system, all members' credible calculating platform all has the trusted module (as TPM, TCM etc.) being embedded on hardware platform, in each trusted module, preserve signature key (EK, Endorsement Key) and the corresponding EK certificate of a pair of energy unique identification oneself.

Management domain, for the registration of acceptance region trusted party (DT), after authentication is passed through to DT, is authorized DT by management domain to the signing certificate of described DT.

The member of inter-trust domain comprises territory trusted party (DT) and territory terminal, and DT also can be described as inter-trust domain server, and the user of DT is called domain administrator.Territory terminal is the rank and file in inter-trust domain, and the user of territory terminal is called terminal use.DT is for obtaining to management domain the signing certificate that management domain is authorized take its platform identity certificate as proof, and the registration of acceptance region terminal, terminal identity Credentialing is authenticated to the territory terminal of passing through, described terminal identity certificate comprises management domain to the signature of this DT and the signature of this DT to territory terminal.Territory terminal is for registering take its platform identity certificate as the DT that proves place inter-trust domain, obtain the terminal identity certificate that DT authorizes, and when with the territory terminal interaction of other inter-trust domain, the terminal identity certificate based on remote port is realized the long-distance identity-certifying to remote port.

In the present embodiment, the member of management domain comprises privacy CA (PrivacyCA) 10 and multiple virtual CA member 20, and wherein virtual CA member also can be described as management domain server, and its user is called system manager.Please refer to Fig. 2 (only drawing an inter-trust domain A as example), wherein:

Privacy CA10 comprises:

System key administration module 102, for generation of the public and private key of a pair of system, announces Threshold Signature and the required common parameter of checking, and system private key secret is distributed to virtual CA member.

Platform credential is issued module 104, and for accepting other members' of system registration, authentication is authorized platform identity certificate to described other members after passing through, and described platform identity certificate comprises the signature of described PrivacyCA to described other members.Other members here comprise that all members of inter-trust domain are if DT, territory terminal and management domain other members except Privacy CA are as virtual CA member.

Described multiple virtual CA member is based on (t, n) Threshold secret sharing systems private key, forms virtual CA jointly, and these virtual CA members can be specified by Privacy CA, also can, by the terminal to apply in system, after Privacy CA approval, become virtual CA member.

Wherein, each virtual CA member 20 comprises:

DT certificate authority module 202, for accepting the registration of DT, after to described DT, authentication is passed through, according to threshold signature scheme, signs to described DT with the sub-private key of system of this virtual CA member's preservation, DT described in the sub-Credentialing of DT identity obtaining.In addition, DT certificate authority module, by described in sub-DT identity Credentialing when DT, can also offer described DT as proof of identification using the CA member's letter of identity of oneself.

CA member's certificate request module 204, for arrive other t or t-1 virtual CA member's registration take its platform identity certificate as proof, receive after the t that authorizes or t-1 the sub-certificate of CA member, the sub-private key of system is wherein carried out to legitimacy authentication to this virtual CA member's signature, authentication is by the rear CA member's letter of identity that synthesizes oneself, described CA member's letter of identity comprises the signature of the virtual CA synthesizing with threshold signature scheme to described DT, the main part of this signature can comprise this virtual CA member's platform mark, also can comprise this virtual CA member's platform mark and system manager's mark simultaneously, so that authentication authentication when realizing platform identity to this virtual CA member and user's identity as DT.

CA member's certificate authority module 206, for receiving another virtual CA member's registration, after this another virtual CA member authentication being passed through based on IKE, the sub-private key of system of preserving with controlling oneself is signed to this another virtual CA member, the virtual CA member of CA member's sub-Credentialing this another who obtains.

Platform credential application module 208, registers as proving described PrivacyCA for the self-signing certificate take its credible calculating platform trusted module, and preserves the platform identity certificate that described PrivacyCA authorizes.

Management domain can also comprise corresponding database, as user profile and the platform identity certificate repository of PrivacyCA management, and DT identity card stack room and CA member's identity card stack room etc. of virtual CA management.In an example, system member can access corresponding database by Web server as shown in Figure 1.

In the member of inter-trust domain, territory trusted party 30 comprises:

Platform credential application module 302, as proving described PrivacyCA registration, preserves the platform identity certificate that described PrivacyCA authorizes for the self-signing certificate take its credible calculating platform trusted module.

DT certificate request module 304, registers as proving management domain for the platform identity certificate take this DT, and preserves the signing certificate that management domain is authorized.In the present embodiment, DT certificate request module is point to be clipped to t virtual CA member's registration, obtain t the sub-certificate of DT identity, after the legitimacy authentication of the signature of the sub-private key of system to described DT in described t the sub-certificate of DT identity is passed through, according to the synthetic DT letter of identity of described t the sub-certificate of DT identity, in described DT letter of identity, comprise the signature of the virtual CA synthesizing with threshold signature scheme to described DT, the main part of this signature can comprise that the domain administrator of described DT identifies peaceful station identification simultaneously, so that authentication authentication when realizing platform identity to DT and user's identity as territory terminal.In the time that virtual CA member provides the CA member's letter of identity of oneself, DT certificate request module is received after described t the sub-certificate of DT identity and corresponding CA member's letter of identity, first based on described CA member's letter of identity, corresponding virtual CA member is authenticated, after authentication is passed through, then the legitimacy of signature to described DT authenticates.

Terminal certificate is issued module 306, for the registration of acceptance region terminal, after described territory terminal authentication is passed through, by territory terminal described in terminal identity Credentialing, described terminal identity certificate comprises management domain to the signature of this DT and the signature of this DT to described territory terminal, wherein the main part of the signature of this DT to described territory terminal can comprise the terminal user identification peace station identification of territory terminal simultaneously, so that authentication authentication when can realizing platform identity to this territory terminal and user's identity as another territory terminal.The terminal certificate of the present embodiment is issued module by described in terminal identity Credentialing when the terminal of territory, can also offer using the DT letter of identity of oneself as proof of identification described territory terminal.

Territory terminal 40 comprises:

Platform credential application module 402, as proving described PrivacyCA registration, preserves the platform identity certificate that described PrivacyCA authorizes for the self-signing certificate take its credible calculating platform trusted module.

Terminal certificate application module 404, as proving the DT registration of place inter-trust domain, preserves the terminal identity certificate that described DT authorizes for the platform identity certificate take this territory terminal.In the time that DT provides DT letter of identity simultaneously, first based on described DT letter of identity, described DT is authenticated, after authentication is passed through, then preserve described terminal identity certificate.

Remote authentication module 406, for when with the territory terminal interaction of other inter-trust domain, provides terminal identity certificate to remote port, and terminal identity certificate based on remote port carries out authentication to remote port.

As shown in Figure 3, its overall procedure comprises the authentication method of the present embodiment:

Step 1, DT is take its platform identity certificate as proving management domain registration, and management domain authentication is authorized this DT by DT letter of identity after passing through, and this DT letter of identity comprises the signature of management domain to this DT;

The various certificates of the present embodiment can be followed X.509 standard (but being not limited to this), certificate comprises main part (tbsCertificate), signature algorithm identifier part (signature Algorithm) and signature value part (signature Value), and signature Value is the value after the signature algorithm of use signature Algorithm part appointment is signed to tbsCertificate certificate subject part.In literary composition, the main part in certificate and signature value part are referred to as to signature.Wherein main part comprises the fields such as certificate version number, certificate serial number, certificate principal name, certificate PKI, certificate issue person's title, validity period of certificate, can also comprise the fields such as certificate issue person ID, certificate main body ID and certificate extension section, wherein certificate PKI can be used for encrypting and/or proof of identification, no longer describes in detail.

Preferably, the main part of signing in the DT letter of identity of the present embodiment, except comprising that the platform mark of credible calculating platform of DT, the ID that also comprises the legal user of DT is domain administrator ID.That is to say, in the DT letter of identity of authorizing DT, the platform ID of this DT and domain administrator ID are bound together, when authentication authenticates this DT based on DT letter of identity as territory terminal, authentication when can realizing platform to this DT and user, the platform substitution attack of avoiding illegal user to use legal DT platform to carry out.

Step 2, territory terminal is take its platform identity certificate as proving the DT registration of place inter-trust domain, after described DT authentication is passed through, by territory terminal described in terminal identity Credentialing, described terminal identity certificate comprises signature and the described DT signature to described territory terminal of management domain to described DT;

In this step, DT during by terminal identity Credentialing territory terminal, can offer using the DT letter of identity of oneself as proof of identification described territory terminal; Territory terminal is received after the DT letter of identity of the described terminal identity certificate authorized and described DT, first based on described DT letter of identity, described DT is authenticated, and after authentication is passed through, then preserves described terminal identity certificate.

Preferably, the main part of the signature of DT to territory terminal in terminal identity certificate, comprises that the platform of territory terminal identifies and terminal user identification.The user ID of this territory terminal and platform ID are bound together.Can avoid like this disabled user to utilize legal platform to carry out platform substitution attack.

Step 3, when mutual between the territory terminal of different inter-trust domain, the terminal identity certificate based on remote port is realized the authentication to remote port.

For example, when the territory terminal A of inter-trust domain A and the territory terminal B of inter-trust domain B are mutual, the terminal identity certificate of territory terminal A based on territory terminal B realized the remote authentication to territory terminal B identity, and the terminal identity certificate of territory terminal B based on territory terminal A realized the remote authentication to territory terminal A identity.

Because DT letter of identity comprises the signature of management domain to DT, trust chain is delivered to this DT by management domain.And terminal identity certificate comprises signature and the DT signature to this territory terminal of management domain to DT simultaneously, trust chain is just delivered to this territory terminal by management domain.The territory terminal of other inter-trust domain obtains after terminal identity certificate that place inter-trust domain DT authorizes, by the verification to DT signature and the verification of the signature to territory terminal to this DT to management domain, just can trust this territory terminal, realize cross-domain authentication, do not need to remove to apply for certificate to each inter-trust domain, the independence that this is convenient to inter-trust domain management, has improved the efficiency of the cross-domain authentication of distributed network thereby reduced network traffics, computational load and memory space.

The authentication method of the present embodiment can comprise following credible accounting system other members except PrivacyCA register to apply for platform identity certificate process to PrivacyCA, this process can complete before described other members add credible accounting system, as shown in Figure 4, this process comprises:

Step 110, described other members' credible calculating platform is under possessory mandate, and its inner trusted module generates the public and private key of a pair of platform identity, and platform identity private key is kept at trusted module inside;

Trusted module herein can be the trusted module of various criterion as TPM or TCM, trusted module is embedded in the credible calculating platform of place.

Step 120, described other members' credible calculating platform, take EK certificate as proof of identification, is applied for the registration of to PrivacyCA, carries the platform identity PKI of EK certificate and generation;

Step 130, PrivacyCA authentication is authorized platform identity certificate to described other members after passing through, and this platform identity certificate comprises the signature of PrivacyCA to described other members.

Preferably, after PrivacyCA authentication is passed through, also identify described member's credible calculating platform for described other members distribute the interior unique platform of a system, the main part of the signature of described PrivacyCA to described other members comprises described platform mark.For the member of different inter-trust domain sets up intrasystem unified mark, the convenient unified management of credible calculating platform and the realization of cross-domain authentication to system.

The process of above-mentioned application platform identity certificate can adopt in PCA system TPM to obtain TPM in AIK certificate or Chinese standard and obtain the mode of PIK certificate, but is not limited to this, repeats no more here.The platform identity certificate that Privacy-CA signs and issues at intrasystem another name certificate, can prove to other members of system the legitimacy of this platform identity as EK.

Secret sharing is a very important branch in contemporary cryptology field, is also important research contents of information security direction.First secret sharing scheme is (t, n) Threshold scheme, this scheme is Shamir[1] and Blakley[2] in 1979, the character based on Lagrange interpolation method and hyperspace point proposed respectively, after secret shared ideas is suggested, many researchers have done a large amount of research to it, and have obtained many achievements.Described (t, n) Threshold is by secret s, is divided into n part, preserves a secret share by each participant, for the secret s of reconstruct, and, need at least t participant to cooperate.

The application is by (t, n) Threshold applies to the foundation of the virtual CA of credible accounting system, by PrivacyCA as secret distributor, the system private key of its generation is as secret s, n virtual CA member is as participant, and each virtual CA member preserves a secret share (being called the sub-private key of system).Restructurer need to obtain the sub-private key of system of at least t virtual CA member's preservation or the pseudo-share calculating with the sub-private key of system, just can recover system private key.

In the present embodiment, the process of establishing of virtual CA as shown in Figure 5, comprising:

Step 210, described PrivacyCA produces the public and private key of a pair of system, announces Threshold Signature and the required common parameter of checking, and system private key secret is distributed to virtual CA member;

Privacy-CA can adopt the key schedule such as RSA Algorithm, SM2 to generate the public and private key of said system.The public and private key of a pair of system producing can leave in the pool of keys of system.

Step 220, each virtual CA member is based on the secret shared described system private key of (t, n) Threshold.

The DT that the virtual CA of structure can replace PrivacyCA to be inter-trust domain issues DT letter of identity.Inter-trust domain member is from PrivacyCA obtains platform identity certificate, certificate acquisition afterwards and the process of authentication do not need PrivacyCA to participate in, avoid carrying out the single-point dos attack that brings when letter of identity is issued and the problem of inefficacy by node of PrivacyCA, and multiple virtual CA members issue DT letter of identity jointly, also improve privacy.

In the present embodiment, the process that DT registers to management domain as shown in Figure 6, comprising:

Step 310, DT, take its platform identity certificate as proof of identification, submits application for registration to t virtual CA member, carries the platform ID of this DT simultaneously;

The DT of inter-trust domain can be specified by Privacy CA, also can, by the territory terminal to apply of inter-trust domain, become DT by Privacv CA approval.

Step 320, each virtual CA member authenticates described DT, authentication authorizes DT identity sub-certificate to this DT respectively after passing through, in the sub-certificate of each DT identity, comprise respective virtual CA member with the sub-private key of system of its preservation the signature to this DT;

Step 330, DT, according to the synthetic DT letter of identity of t the sub-certificate of DT identity obtaining, comprises the signature of the virtual CA synthesizing with threshold signature scheme to described DT in described DT letter of identity.

Signature based on Threshold and proof scheme have proposed much at present, as document [1] R Gennaro, S Jarecki, HKrawczyk, TRabin.Robust threshold DSS signatures.In:Eurocrypt ' 96, LNCS1070.Berlin:Springer-Verlag, 1996.354-371; Document [2] Ronald Cramer, Ivan Damgard, Ueli Maurer.General secure multi-party computation from any linear secret sharing scheme.In:Procceedings of Eurocrypt ' 2000.LNCS1807.Berlin:Springer-Verlag, 2000.316-334; Document [3] Xu Chunxiang, Dong Qingkuan, Xiao Guo town. the secret of vector space is shared---Sequential multi-signature. electronic letters, vol, 2003,31 (1): 48-50.Document [4] Zhang Xinglan. with the Threshold Group Signature of fault-tolerance. Postgraduate School, Chinese Academy of Sciences's journal. the 21st volume the 3rd phase .2004 .398-401 in July.Wherein, document [1], in the Threshold Group Signature that [2] provide, secret (secret share) holder of son, first needs the son of making oneself to sign.Document [2] provides a Threshold Group Signature, and the signature that the secret holder of each height does all can be verified.Document [4] is the improvement project providing for document [3], utilizes the principle of in many ways calculating, provide one effectively, with Threshold Signature and the proof scheme of fault-tolerance.

In the present embodiment, adopt the Threshold Signature of document [4] and proof scheme but the application is not limited to this, Privacy CA in the present embodiment is as the reliable center of selecting and calculating open parameter in document [4], n virtual CA member forms n participant's set, and t virtual CA member forms an authorized subset arbitrarily, system private key is as the secret that will share, the sub-private key of system is secret as son, and main part in the sub-certificate of DT identity that comprises the information such as DT identity information, associated public key is as message m.(calculate sig according to the sub-signature algorithm of threshold signature scheme _i(m)), each virtual CA member is to the son signature of message m the signature of the sub-private key of system, DT being made in the sub-certificate of DT identity, and DT can verify the signature in the sub-certificate of DT identity according to the verification algorithm of antithetical phrase signature.And DT receives after t the sub-certificate of identity, can synthesize and obtain the signature of management domain to DT in DT letter of identity according to the composition algorithm in threshold signature scheme (calculating the algorithm of Threshold Signature (R, S) in document [4]).And the verification algorithm to synthetic signature in the terminal threshold signature scheme of territory can be verified the signature in DT letter of identity with corresponding common parameter.

Preferably, in DT letter of identity, the main part of the signature of management domain to DT comprises platform ID and the domain administrator ID of DT simultaneously, domain administrator ID can be in system this domain administrator of unique identification, wherein can IncFlds ID.This domain administrator ID can be being distributed by Privacy CA in the time that platform identity certificate is obtained in Privacy CA registration, also can generate according to predetermined rule, while adding native system as the DT of existing inter-trust domain, on the basis of former mark, add that domain identifier obtains domain administrator ID.System manager's mark of virtual CA member below and the terminal user identification of territory terminal are also like this.

In this step, CA member's letter of identity that t virtual CA member can provide oneself when using sub-DT identity Credentialing DT is simultaneously as proof of identification.DT can authenticate respective virtual CA member's identity based on described CA member's letter of identity, after all t virtual ca authentications are passed through, then the signature in t the sub-certificate of DT identity is authenticated.The process that virtual CA member registers to obtain CA member's letter of identity to virtual CA below will describe in detail, but in other embodiments, the modes such as the platform identity certificate that DT also can provide according to virtual CA member's PKI or virtual CA member authenticate its identity, and the process that virtual CA member obtains CA member's letter of identity is optional.

In the present embodiment, the process that territory terminal is registered to the DT of place inter-trust domain as shown in Figure 7, comprising:

Step 410, the credible calculating platform (TCP) of territory terminal, take platform identity certificate as proof of identification, to the DT registration of place inter-trust domain, carries TCP ID simultaneously;

Step 420, after described DT passes through described territory terminal authentication, generates the terminal identity certificate of described territory terminal, and described terminal identity certificate comprises the signature of described DT to described territory terminal;

Terminal identity certificate can be followed X.509 standard, the main part of its signature comprises that the relevant information of territory terminal is as the information such as platform ID and terminal use ID of while IncFlds terminal, this terminal use ID can be in system this terminal use of unique identification, wherein can IncFlds ID.In the present embodiment, the person that also comprises certificate authority in this terminal identity certificate is that the relevant information of DT is as the platform ID of this DT and domain administrator ID.The signature value that its signature value part has comprised the relevant information of management domain to this DT and the signature value of the relevant information of this DT to described territory terminal.Like this, the terminal identity certificate of territory terminal can be for another inter-trust domain the remote authentication to this territory terminal.

Step 430, described terminal identity certificate is sent to described territory terminal by described DT.

Above-mentioned territory terminal is the process from DT application terminal identity certificate based on platform identity certificate, can adopt proof side in PCA system to realize from the mode of Privacy CA application AIK certificate based on EK certificate, now the territory terminal in the application is equivalent to the proof side in PCA system, DT is equivalent to the Privacy CA in PCA system, and the relative AIK certificate of the application's terminal identity certificate has increased the signature of management domain to DT.In another embodiment, above-mentioned territory terminal also can adopt proof side DAA system to obtain for secret data (f to credible publisher's application based on EK PKI based on platform identity certificate from the process of DT application terminal identity certificate ₀, f ₁) C-L signature be DAA certificate (A, e, v) mode realizes, now, territory terminal in the application is equivalent to this proof side in DAA system, DT is equivalent to the credible publisher in DAA system, and the relative DAA certificate of the application's terminal identity certificate has increased the signature of management domain to DT.

Terminal identity certificate and corresponding user profile can be kept in the corresponding database of inter-trust domain.

In the present embodiment, can comprise that virtual CA member registers to obtain the process of CA member's letter of identity to virtual CA, as shown in Figure 8, the process that this process and DT register to obtain DT letter of identity to virtual CA is similar, comprising:

Step 510, a virtual CA member is take its platform identity certificate as proving other t or t-1 virtual CA member's application for registration CA member letter of identity;

Because virtual CA member itself is (t, n) participant of shared secret in Threshold, just can recover secret as long as obtain other t-1 virtual CA members' secret share or its pseudo-share, but when the virtual CA member of the application registers to obtain CA member's letter of identity to virtual CA, can stipulate this virtual CA member of registration to get rid of outside t virtual CA member, now, still required t virtual CA member's registration of this virtual CA member.

Step 520, after described other a t or t-1 virtual CA member passes through this virtual CA member authentication, this virtual CA member is signed with the sub-private key of system of preserving separately according to threshold signature scheme, by the t obtaining or t-1 this virtual CA member of the sub-Credentialing of CA member's identity;

Step 530, after this virtual CA member passes through the legitimate verification of the signature of the sub-private key of system to this virtual CA member in described other t or t-1 the sub-certificate of virtual CA member's identity, according to described t or synthetic oneself the CA member's letter of identity of t-1 sub-certificate of CA member's identity, described CA member's letter of identity comprises the signature of the management domain synthetic with threshold signature scheme (being virtual CA) to virtual CA member here.

The main part of signing in described CA member's letter of identity can comprise this virtual CA member's platform mark, or comprises this virtual CA member's platform mark and system manager's mark simultaneously.

Above-described embodiment has mainly been described the process that realizes authentication by certificate, can, with reference to relevant criterion, repeat no more about authentications such as the integralities of platform herein.

In above-mentioned execution mode, the authentication method of credible accounting system and corresponding system adopt the distributed network topology based on inter-trust domain, are convenient to expansion and deal with the integrated of different scales inter-trust domain.

In above-mentioned execution mode, territory terminal use obtains terminal identity certificate from the DT of place inter-trust domain and just can realize cross-domain authentication, need not remove to apply for certificate for each inter-trust domain, this has reduced network traffics, computational load and memory space, has improved the efficiency of the cross-domain authentication of distributed network.

In above-mentioned execution mode; adopt virtual CA to replace PrivacyCA to issue the sub-certificate of DT identity to DT; multiple virtual CA members are by (t; n) Threshold carrys out shared system private key; can avoid puppet to emit attack, single-point dos attack and inefficacy, also make PrivacyCA only in the time that other members of system register, authorize these member's platform identity certificates, verification process afterwards participates in without PrivacyCA; can effectively protect PrivacyCA, improve the security performance of system.

In above-mentioned execution mode, in the certificate of authorizing system member, this member's user can be identified to peaceful station identification binding, can effectively prevent platform substitution attack.

Above-described embodiment can have some to become example.Become in example at one, management domain is made up of PrivacyCA, does not comprise virtual CA.In certificates of recognition correspondingly, do not comprise the process of establishing of virtual CA.And credible accounting system other members except PrivacyCA register to apply for that to PrivacyCA the process of platform identity certificate can retain, also can cancel.At DT, in PrivacyCA registration process, DT can prove its identity as platform identity certificate with the EK certificate of its trusted module or its another name certificate.Correspondingly, PrivacyCA authentication is directly authorized described DT by DT letter of identity after passing through, and this DT letter of identity comprises the signature of PrivacyCA to described DT, PrivacyCA sign herein use pair of secret keys in private key, can with platform identity certificate in signature use identical or different.

In credible accounting system, the member relevant to virtual CA and module thereof can be cancelled.Correspondingly, PrivacyCA comprises:

And DT certificate request module in DT only need to be take the platform identity certificate of this DT as proving management domain registration, and preserve the DT letter of identity that PrivacyCA authorizes, no longer need to synthesize DT letter of identity according to the sub-certificate of DT identity.

Due to the territory terminal of inter-trust domain only need obtain terminal identity certificate from the DT application in territory, place can be mutual with other inter-trust domain, equally also can avoid PrivacyCA to become the performance bottleneck of whole Verification System, suffer DoS attack and cause system single point failure; And also need not remove to apply for certificate for each inter-trust domain, this has reduced network traffics, computational load and memory space, improve the efficiency of the cross-domain authentication of distributed network.This structure that becomes routine DT letter of identity and terminal identity certificate can be same as the previously described embodiments.

By an application example, above-described embodiment is described below.Please refer to Fig. 1, the distributed credible accounting system of this application example comprises 1 management domain and 2 inter-trust domain (inter-trust domain A and inter-trust domain B), management domain comprises 6 virtual CA members (1 corresponding station server of virtual CA member) and 1 Privacy-CA, and 1 Web server can also be set in management domain.These 6 virtual CA members form virtual CA by (3,6) Threshold.In each inter-trust domain, have 1 territory trusted party (DT) and multiple territories terminal, territory terminal can be fixed terminals such as mobile terminal and desktop computer such as PDA, mobile phone, notebook computer etc.

Referring to Fig. 9, corresponding authentication method comprises:

1., Privacy-CA produces for the own a pair of public and private key of platform identity certificate signature and the public and private key of a pair of system distributed for secret step, and discloses corresponding system parameters;

Above-mentioned two pairs of keys can generate but be not limited to this with RSA Algorithm, in the pool of keys that the key of generation can be preserved.

2., the trusted module in other members' of system credible calculating platform produces a pair of platform identity key to step, to Privacy-CA registration, carries EK certificate and platform identity PKI;

3., Privacy-CA receives application for registration to step, after the legitimacy of described other member's platforms of authentication, authorizes described other member's platform ID and platform identity certificate.

In step process 2. and 3., system member except Privacy-CA is if territory terminal, DT, virtual CA member are take oneself EK certificate as proving to obtain its platform identity certificate, the proof of identification as its credible calculating platform in native system from Privacy-CA application.This process can be similar in PCA system proof side with the process of EK certificate acquisition AIK certificate, but in this example, Privacy-CA in the time issuing platform identity certificate simultaneously for system member distributes a platform mark.For example, territory terminal Bob is to Privacy-CA registration, and Privacy-CA authentication is distributed to platform ID of Bob after passing through, and sends to him together with platform identity certificate.These members' platform identity certificate can leave the corresponding certificate repository of management domain in, and this certificate repository can visit by Web server.User's mark of each member also can be distributed at this moment in the lump.

4., multiple virtual CA members, according to (t, n) Threshold secret sharing systems private key, form virtual CA to step, and Privacy CA is secret dissemination system private key in virtual CA member;

On entity, Privacy CA can comprise one or two entity, and as an entity is used for issuing platform identity certificate, an entity is for generating and secret dissemination system private key.Virtual CA member can be specified by Privacy CA, also can be by terminal to apply, and Privacy CA selectes.System key adopts distributed management mode, can improve the fail safe of system key keeping.

Mode based on (t, n) Threshold shared secret and secret distribution has a lot, provide an example below but be not used in restriction the application, above-mentioned steps 4. in, the virtual CA of the individual virtual CA member composition of n, uses B _irepresent wherein i virtual CA member, s _irepresent the sub-private key of system that i virtual CA member gets, i=1 ..., n

Privacy CA obtains S according to following formula _iand be distributed to corresponding virtual CA member:

h(x)＝α _t-1x ^t-1+…+α ₁x+α ₀modφ (4-1)

S _i＝h(x _i)modφx _i＝i，i＝1，...，n (4-2)

Wherein, prime number φ is greater than system private key S and the virtual CA member sum n of maximum possible, and α ₀mod φ=h (0)=S, α _t-1..., α ₁for random coefficient and these coefficients are maintained secrecy; x _ii sub-private key s _icorresponding variable, in this example, x _ivalue equal i.

Making A is that n arbitrary subset and the A in virtual CA member comprises that t virtual CA member is A>=t, and the r in subset A virtual CA member's the sub-private key of system is designated as

r=1 ... t,

x_{i_{r}} = i_{r} .

According to formula (4-2), have:

s_{i_{r}} = h (x_{i_{r}}) \mod φ - - - (4 - 3)

T the sub-private key of system that virtual CA member preserves

and meet between system private key S:

s = Σ_{B_{i} &Element; A, r = 1}^{t} c_{i_{r}} s_{i_{r}} - - - (4 - 4)

c_{i_{r}} = \underset{l \leq j, r \leq t, j &NotEqual; r}{Π} \frac{x_{i_{j}}}{x_{i_{j}} - x_{i_{r}}}

(x_{i_{r}} = i_{r}) - - - (4 - 5)

Wherein,

r variable in the subset that forms of t variable in the variables set that n sub-private key is corresponding;

j variable in the subset that forms of t variable in the variables set that n sub-private key is corresponding.

5., DT is take its platform identity certificate as proof for step, at least registers to obtain the sub-certificate of DT identity to t member in n virtual CA member;

Suppose, n=6, t=3, take territory trusted party John as example, John is at least to 3 member's submit applications of 6 credible virtual CA members.

Step 6., after t this DT platform of virtual CA member authentication is legal, respectively by this DT of the sub-Credentialing of a DT identity, the sub-certificate of each DT identity comprises the signature of the system sub-private key of a virtual CA member based on its preservation of threshold signature scheme to this DT, after this DT passes through the legitimate verification of signing in the sub-certificate of DT identity, according to the synthetic DT letter of identity of t the sub-certificate of DT identity, in this DT letter of identity, comprise the signature of the virtual CA synthesizing with threshold signature scheme to this DT.

Virtual CA member can obtain CA member's letter of identity and offer DT in DT registration process to other virtual CA member's registrations by similar mode, now DT first authenticates virtual CA member's identity based on CA member's letter of identity, by after again signature in the sub-certificate of DT identity is carried out to legitimate verification.Use the checking of CA member's letter of identity can improve the confidence level to virtual CA member's authentication.

Step 7., territory terminal wants to access the Internet resources of inter-trust domain, and to the DT application for registration terminal identity certificate of place inter-trust domain, territory terminal and DT authenticate mutually the legitimacy of the other side's certificate, DT is by this territory terminal of terminal identity Credentialing, and territory terminal is preserved this terminal identity certificate;

The main part of signing in terminal identity certificate can comprise platform mark and the terminal user identification of territory terminal simultaneously.

8. step, when another territory terminal of the non-local inter-trust domain of territory terminal access, submits terminal identity certificate to, remote port (being another territory terminal) authenticate legal after, also submit the terminal identity certificate of oneself to, after this territory terminal authentication passes through, just accessible this inter-trust domain network obtains resource service.

Territory terminal in above-mentioned verification process jointly negotiation of authorization key to encrypt mutual data.

Existing distributed network user, in the time of the different inter-trust domain of access, need to re-start access authentication, this process not only require autgmentability strong, authenticate credible and postpone little.The application's distributed network cross-domain authentication method can effectively prevent that unauthorized user from entering network, thereby makes authorized user be obtained the resource service in territory, strange land by rapid authentication.

One of ordinary skill in the art will appreciate that all or part of step in said method can carry out instruction related hardware by program and complete, described program can be stored in computer-readable recording medium, as read-only memory, disk or CD etc.Alternatively, all or part of step of above-described embodiment also can realize with one or more integrated circuits, and correspondingly, the each module/unit in above-described embodiment can adopt the form of hardware to realize, and also can adopt the form of software function module to realize.The application is not restricted to the combination of the hardware and software of any particular form.

The preferred embodiment that the foregoing is only the application, is not limited to the application, and for a person skilled in the art, the application can have various modifications and variations.All within the application's spirit and principle, any modification of doing, be equal to replacement, improvement etc., within all should being included in the application's protection range.

Claims

1. an authentication method for credible accounting system, described credible accounting system comprises management domain and multiple inter-trust domain, and the member of described inter-trust domain comprises territory trusted party (DT) and territory terminal, and described method comprises:

2. authentication method as claimed in claim 1, is characterized in that:

The member of described management domain comprises privacy CA (PrivacyCA);

3. authentication method as claimed in claim 1, is characterized in that:

4. authentication method as claimed in claim 3, is characterized in that:

5. authentication method as claimed in claim 4, is characterized in that:

6. the authentication method as described in claim 2 or 3 or 4 or 5, is characterized in that:

7. authentication method as claimed in claim 3, is characterized in that:

8. the authentication method as described in claim 1 or 2 or 3 or 4 or 5 or 7, is characterized in that:

9. authentication method as claimed in claim 8, is characterized in that:

10. as claim 1-5, the authentication method in 7,9 described in arbitrary claim, is characterized in that:

11. 1 kinds of credible accounting systems based on distributed network environment, this credible accounting system comprises management domain and inter-trust domain, the member of described inter-trust domain comprises territory trusted party (DT) and territory terminal, it is characterized in that:

Described territory terminal comprises:

Described DT comprises:

12. credible accounting systems as claimed in claim 11, is characterized in that:

The member of described management domain comprises privacy CA (PrivacyCA);

Described PrivacyCA comprises:

13. credible accounting systems as claimed in claim 11, is characterized in that:

Described PrivacyCA comprises:

14. credible accounting systems as claimed in claim 13, is characterized in that:

15. credible accounting systems as claimed in claim 14, is characterized in that:

Each virtual CA member also comprises:

16. credible accounting systems as described in claim 12 or 13 or 14 or 15, is characterized in that:

17. credible accounting systems as claimed in claim 13, is characterized in that:

18. as claim 11-15, and the credible accounting system in 17 described in arbitrary claim, is characterized in that:

The member of described management domain comprises privacy CA (PrivacyCA);

Described PrivacyCA comprises:

Other members of described credible accounting system also comprise:

19. credible accounting systems as claimed in claim 18, is characterized in that:

20. as claim 11-15, and the credible accounting system in 17,19 described in arbitrary claim, is characterized in that:

Privacy CA (PrivacyCA) in 21. 1 kinds of credible accounting systems based on distributed network environment, is characterized in that: described PrivacyCA comprises:

22. PrivacyCA as claimed in claim 21, is characterized in that:

Described platform credential is issued module after authentication is passed through, and also for described other members distribute platform mark unique in a system, described PrivacyCA authorizes the main part of signing in described other members' platform identity certificate and comprises described platform mark.

Virtual CA (CA) member in 23. 1 kinds of credible accounting systems based on distributed network environment, is characterized in that:

24. virtual certificate CA members as claimed in claim 23, is characterized in that, also comprise:

CA member's certificate authority module, for receiving another virtual CA member's registration, after this another virtual CA member authentication is passed through, the sub-private key of system of preserving with controlling oneself is signed to this another virtual CA member, the virtual CA member of CA member's identity sub-Credentialing this another who obtains;

Territory trusted party (DT) in 25. 1 kinds of credible accounting systems based on distributed network environment, is characterized in that, described DT comprises:

26. territory as claimed in claim 25 trusted parties, is characterized in that:

Described DT certificate request module is point to be clipped to t virtual CA member's registration, obtain t the sub-certificate of DT identity, after the legitimacy authentication of the signature of the sub-private key of system to described DT in described t the sub-certificate of DT identity is passed through, according to the synthetic DT letter of identity of described t the sub-certificate of DT identity, in described DT letter of identity, comprise the signature of the virtual CA synthesizing with threshold signature scheme to described DT.

27. territory as claimed in claim 26 trusted parties, is characterized in that:

When receiving described t the sub-certificate of DT identity, described DT certificate request module also receives corresponding CA member's letter of identity, first based on described CA member's letter of identity, respective virtual CA member is carried out to authentication, after authentication is passed through, then the signature in the sub-certificate of described DT identity is carried out to legitimacy authentication.

28. territory trusted parties as described in claim 25 or 26 or 27, is characterized in that:

Described terminal certificate is issued module and is authorized the terminal user identification peace station identification that the main part of the signature of DT to territory terminal described in the terminal identity certificate of territory terminal comprises described territory terminal.

29. territory trusted parties as described in claim 26 or 27, is characterized in that:

The main part of signing in the synthetic DT letter of identity of described DT certificate request module comprises that the domain administrator of described DT identifies peaceful station identification.

Territory terminal in 30. 1 kinds of credible accounting systems based on distributed network environment, is characterized in that: described territory terminal comprises:

31. territory as claimed in claim 30 terminals, is characterized in that:

When described terminal certificate application module is received described terminal identity certificate, also receive after DT letter of identity, first based on described DT letter of identity, described DT is authenticated, after authentication is passed through, then preserve described terminal identity certificate.