Research And Applications Of Trusted Computing System Based On PKI

PKI (Public Key Infrastructure),this word is explained as a kind of frame system, Users on Internet can realize the exchange of the safe information data through it, And it can content with security demand of the privacy, integrality , authenticity and undeniable. An entity can believe that mean its behavior is always towards the anticipated goal in a desirable way. The basic consider of the trusted compute is: at first structuring a trust root, the credibility of which is guaranteed by the physics security and management security. Then setting up a trust chain, from trust root, it can authenticate and trust stair from one to another, and expand this kind of trust to the whole trusted compute field. In this paper, we will combine PKI and trusted compute technology to structure trusted compute system of the exchange system of distributed information and apply to practice demand as the education, electricity, etc..This paper is divided into three parts. First part, starting from specific TPM (Trusted Platform Module) system structure requisition for cryptogram algorithm in TCG (Trusted Computing Group) standardization, then discussing the algorithm principle of typical cryptogram algorithms and optimization method of convenient hardware realize as AES and RSA ,etc, and hardware fast implementation methods of these algorithms in FPGA or DSP. Decode algorithm of AES to transform equivalently, making the circuit structure of hardware achieve of the decoding and encoding is similar, and overcoming the lack which is the realization of original algorithm decoding and encoding can only be used a few of the same circuits; In addition it change mix-column, making inverse mix-column to be more fit for the hardware achieve. For RSA algorithm, it based on FPGA to design improved algorithm Montgomery multiplier architecture, Mux/Add architecture, pipelined Mux/Add architecture.The second part, it is succeeding in structuring a trusted compute system which is combining the application demand of educational informationization and the development process of the real scientific research project. First, setting up the trusted compute model of the host computer, bringing forward the principle and method of the node re-configuration, can conveniently solve the interoperation problem of the cryptogram equipment, especially, it has the real signification in interoperation problem between the untouched card and the CPU card in the educational informationization. After analysing the present demand and current situation , putting forward PKI work application mode which combine digital signature PKI technology and ASI creating system, and CA certificate application mode that is double main body of applicant and responsible institution, having designed and realized that can trusted student's information service system and educational CA certificate applied system ,will been used to student's employment net and construction of basic resources bank of educational information.The third part, as trusted compute system developed and used in other fields, the example is to construct safe certification system of automatic information exchange of the substation. When using TCG and IEC 61850(Communication Networks and...