摘要
针对网络用户身份管理难题及现有的身份管理方案存在的不足,基于可信计算平台完整性校验、保护存储和访问控制以及远程平台校验等安全特性,提出了可信计算平台身份管理方案和协议。本方案实现了多种方式的身份认证及身份、身份认证审计记录和主密钥、审计密钥、平台AIK私钥的加密存储,以及移动平台的可信验证、加密身份的还原和服务提供者身份标志的查找定位,并实现了身份信息和认证数据的加密传输。最后,进行了安全性分析,结果表明该方案在保护用户身份信息安全的前提下,大大减轻了用户身份管理的负担。
According to the fact that it' s becoming more and more difficult for network users to manage their identity and there were some faults in current identity management scheme. Based on the security characteristics such as integrity verifica- tion, protect storage, access control and remote platform check, the paper put forward identity management scheme and proto- col that rely on U-Key. The scheme realized multimode identity authentication and encryption storage for identity, audit record about identity authentication, master keys, audit key, trusted verification for trusted computing platform, restored from en- crypted identity, searched position of service providers identity and encrypted transmission of identity information and authenti- cation information. In the end, security analysis have been done, the result indicated that the scheme lighten the user's bur- den for their own identity management greatly under the circumstance that protect information security of user identity.
出处
《计算机应用研究》
CSCD
北大核心
2009年第9期3493-3495,3498,共4页
Application Research of Computers
基金
国家“973”基础研究规划资助项目(TG1999035801)
关键词
可信计算平台
身份管理
完整性校验
平台校验
trusted computing platform
identity management
integrity verification
platform checking