关键词:可信计算; 可信平台模块; 密钥撤销; 密钥列表
Research on revocation of keys in trusted environment
LI Chao-ling1, GENG Yu-ying2, ZHOU Yan-zhou1, LI Fu-lin1, LI Li-xin1
(1.Institute of Electronic Technology, PLA Information Engineering University, Zhengzhou
450004, China; 2. Office of Huarong Asset Management Corporation, Zhengzhou 450004, China)
Abstract:TPM is not able to destroy collapsed keys, because keys (except for SRK and EK) are stored outside of it. To solve this problem, this paper proposed two mechanisms of revoking TPM keys. Without major changes to the TPM command set, checked the validities of loaded keys by using key lists. While realizing revocation checking effectively, preserved backwards compatibility with the current TCG specifications, and introducted no overhead for normal operation. At last, to improve the efficiency of revoking and loading operations and enhance the practicability of revocation mechanism, proposed the combination of both mechanisms. ......