TPM核心功能.ppt

* * * * * * * * * * * * * * * * * 一致性、合格 * * * * * * * TPM Ownership TPM?owner Taking?ownership Deleting?ownership * TPM Owner Entity?owning?a?TPM‐enabled?platform e.g.,?platform?owning?person?or?IT‐department TPM?Owner?must?initialize?TPM?to?use?its?full functionality?(take?ownership?of?the?TPM) Owner?sets?owner?authorization?secret Owner?creates?the?Storage?Root?Key?(SRK)?(see?TPM?keys) Owner?authorization Proof?of?knowledge?of?the?owner?credentials?to?the?TPM e.g.,?via?a?challenge?and?response?protocol?or?physical presence Permits?the?TPM?to?use?several?protected?capabilities e.g.,?migration?of?cryptographic?keys?or?deletion?of?TPM?Owner * Methods of Proving Ownership to a TPM User?proves?knowledge?of?TPM?owner?authorization?secret?to?the?TPM? e.g.,?OIAP?or?OSAP?(see?TPM?authorization?protocols) Assertion?of?physical?presence Proof?of?physical?access?to?the?TPM/platform e.g.,?by?using?a?hardware?switch?or?changing?a?BIOS?setting Interface?for?asserting?physical?presence?specified?by?the?PC?Client?Specification Only?a?few?commands?can?be?authorized?via?physical presence e.g.,?deletion?of?TPM?Owner,?activation/deactivation?of?the?TPM,?enabling/disabling?the?TPM * Protocol?for?Creating?a?TPM Owner * TPM?Interface?for?Taking Ownership * Protocol?for?Deleting?a?TPM Owner * TPM?Interface?for?Deleting?Owner * Deleting?Owner?via?Physical Presence * Asserting?Physical?Presence?via?BIOS * TNC Overview TNC shall enhance existing network authentication protocols with Trusted Computing concepts [TNC2007] TNC enables verification of endpoint integrity additional to user/machine authentication e.g., a user is only allowed to connect to a network via specific machines that are in a certain, probably secure configuration * * TNC Terminology Access Requestor (AR) Entity that requests access to a protected network e.g., a user or software process Platform Credential Authentication Proof of the identity of a platform e.g., via AIK certificates Integrity Check Handshake Verifica