论文部分内容阅读
对满足可信计算平台(TCP,Trusted Computing Platform)需求的代码管理问题,提出了以Java卡为核心,以代码签名技术为主要手段,以卡内的安全域(security domain)作为各个软件权威(Java卡设备发行方和应用提供方)安全策略执行者的可信代码管理框架.新机制支持设备发行方软件的装载和更新,完善了应用提供方安全域的装载和更新流程,并对下载命令数据结构进行了扩充.解决了在复杂应用环境中,多个软件权威相互独立的限制条件下,代码的免人工广播式发布问题,扩展了传统Java卡软件装载模式,提高了系统的安全性,为使用Java卡平台进行可信计算提供保障.
In order to solve the problem of code management to meet the requirements of Trusted Computing Platform (TCP), this paper puts forward that taking Java Card as the core and code signing as the main means and using the security domain as the software authority Java Card Device Issuer and Application Provider) Security Policy Enforcer’s Trusted Code Management Framework The new mechanism supports the loading and updating of device issuer software, completes the application provider secure domain loading and updating process, and provides the download command Data structure has been expanded to solve the problem of code-based manual broadcast release in complex application environment under the limited conditions that multiple software authorizations are independent of each other, which extends the traditional Java card software loading mode and improves system security, To use the Java card platform for trusted computing to provide protection.