一种基于PCA的远程匿名证明改进方案

远程证明是可信计算的关键技术之一,可以验证平台身份和配置信息的可信性,而现有远程证明方案存在一定的缺陷。本文在分析现有基于匿名属性证书的远程匿名证明方案的基础上,提出了改进方案。针对原方案中存在的在匿名属性证书申请过程中未验证证书颁发实体的问题,对证书申请方案进行了改进,采用会话密钥对PCA签名,保证了证书颁发实体的真实性;针对远程证明协议存在恶意用户接入的问题,在改进方案中引入假名机制,即保证了用户身份的匿名性,又防止了具有不良历史记录用户的非法接入。

An Improved Remote Anonymous Attestation Scheme Based on Privacy CA

Remote attestation is one of the key technologies of trusted computing,which is used for attesting the identity and configuration of remote platforms, but there are some shortcomings in existing remote attestation schemes. On the basis of analyzing the existing remote anonymous schemes based on Anonymous Attribute Credential(AAC),an improved scheme is proposed. Aiming at the problem that the PCA which delivers the certification(AAC) is not verified in the process of applying, the improved scheme uses the session key to sign PCA to guarantee the authenticity of PCA. Meanwhile, aiming at the problem of the malicious user’s access to the network, a pseudonym mechanism is introduced in the improved scheme. It can ensure the anonymity of the user and can prevent the illegal access of the users with malicious historical marks.