一种新的用户登录可信认证方案的设计与实现

用户登录身份认证是建立操作系统可信性中一个非常重要的环节。操作系统采用口令、智能卡、USBKEY，甚至还采用了指纹、虹膜等认证方式来确认用户的身份，除了存在密码容易被遗忘、猜测、截获等一系列安全隐患外，还存在身份信息的存储安全和单向认证问题。基于可信计算联盟的规范，分析了操作系统用户登录传统认证方式的缺陷，提出了一种新的用户登录认证方式：基于可信平台模块(TPM)的用户登录可信认证。该认证方式是利用PC机USB接口外接TPM，将用户的身份信息、相关的密钥信息等存储在TPM中，并利用USBKEY技术、动态的口令技术来确保用户身份的真实可信。该认证方式克服了操作系统用户登录传统认证方式的缺陷，支持双向认证，为计算机获得更高的安全保障，进一步建立可信计算环境提供了基础。

Design and implementation of a trusted login authentication project based on the trusted platform module

Identity authentication for user login is very important to the Operation System.The authentication modes in the Operation System,such as password,Smart Card,USBKEY,moreover Fingerprint and Iris,have a series of secure problems.For example,the password is easily forgotten,guessed out or intercepted,moreover,the store for identity is insecure and the authentication is one directional.In this paper,according to the standards of the trusted computing group,based on the analysis for the traditional identity authentication,a new identity authentication,called the Trusted Login Authentication Based on TPM(TLABT),has been put forward,which can be realized by the Trusted Platform Module(TPM) which stores the users identities and the key,and guarantee the authenticity of the user identity.The TLABT can overcome the traditional deficiencies and support the bidirectional authentication technology for high assurance of system security,thus the basis for building the trusted computing environment has been provided.