计算机应用 ›› 2010, Vol. 30 ›› Issue (12): 3331-3333.

• 信息安全 • 上一篇    下一篇

改进的跨域直接匿名认证方案

李子臣1,杨亚涛2,曹陆林1,郭宝安1,徐树民1   

  1. 1.
    2. 北京电子科技学院
  • 收稿日期:2010-05-04 修回日期:2010-07-14 发布日期:2010-12-22 出版日期:2010-12-01
  • 通讯作者: 杨亚涛
  • 基金资助:
    国家商用密码应用技术体系研究及应用示范项目电子标签应用示范工程课题

Improved direct anonymous cross-domain authentication scheme

  • Received:2010-05-04 Revised:2010-07-14 Online:2010-12-22 Published:2010-12-01

摘要: 针对现有的直接匿名认证方案在不同信任域之间无法有效实现的问题,在原来直接匿名认证方案的基础上,设计了一种跨域的直接匿名认证方案,将外域的证书颁发者作为一个代理,直接由外域的证书颁发者颁发证书,有效解决了可信计算平台在不同信任域内的隐私保护问题;另外,对不同信任域内的可信计算平台进行了权限设计。经分析论证,改进的方案满足匿名性、不可伪造性和能够防范重放攻击,进一步提高了认证方案的执行效率。

关键词: 网络安全, 可信计算, 隐私保护, 直接匿名认证, 信任域

Abstract: Concerning the problem that the existing direct anonymous authentication scheme cannot achieve effectively in different domains, based on the original direct anonymous authentication scheme, in this paper a direct anonymous authentication scheme was designed. It took the certificate issuer outside the domain as a proxy, and the certificate was issued by certificate issuer outside the domain directly, which solved the privacy protection problem of trusted computing platform effectively in different trusted domains, and it had permission settings to trusted computing platform in different trust domains. Demonstrated by analysis, this new scheme meets the requirements on anonymity, unforgeability and prevention of replay attacks. Furthermore, it improves the efficiency of certification scheme.

Key words: network security, trusted computing, privacy protection, direct anonymous attestation, trusted domain