JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE) ›› 2020, Vol. 55 ›› Issue (3): 19-27.doi: 10.6040/j.issn.1671-9352.2.2019.205

•   • Previous Articles     Next Articles

Hierarchical trusted cryptography service framework based on distributed message drive

Ying LI(),Jun HU*   

  1. Faculty of Information Technology, Beijing University of Technology, Beijing 100124, China
  • Received:2019-09-02 Online:2020-03-20 Published:2020-03-27
  • Contact: Jun HU


Trusted computing provides a new way to solve system security problems. The trusted cryptography function access methods defined in the current domestic and international standards are generally API interface methods, such as trusted software stack (TSS) in TCG standard and TCM service module (TSM) in Chinese national standards. These interfaces are very complicated. And there are compatibility issues between each other, affecting the development and promotion of trusted computing. In order to solve these problems, a message-driven hierarchical trusted cryptography service framework is proposed, which can shield complex trusted root access details through module encapsulation, simplify interfaces, solve compatibility problems, and implement distributed and collaborative trusted root access in a message-driven ways. Finally, two examples are given to illustrate the feasibility of the framework, the generality of the modules in the framework, and the effect of the framework in simplifying the implementation of the trusted cryptography mechanism.

Key words: trusted cryptography service framework, message drive, modular, trusted application development

CLC Number: 

  • TP309


Hierarchical trusted cryptography service framework"

Table 1

Universal cryptography module and its functions"

通用模块名称 功能
create_key 创建密钥
ekpub_send 发送EK公钥
ekpub_store 存储EK公钥
pik_casign CA验证PIK申请,签发PIK证书并将证书封装到PIK激活包中
pik_client PIK申请方发送PIK申请及激活CA返回的PIK激活包
pikcert_store 存储PIK证书
pikcert_verify 验证PIK证书
sessionkey_switch 会话密钥交换
key_certify 密钥证明
quote_report 生成可信报告
uuid_symm_crypt 对称密钥加密

Table 2

Data structure of PRIVATE_KEY"

名称 数据类型 内容
uuid[32] BYTE 密钥对象的UUID
vtcm_uuid[32] BYTE 密钥所在TCM的UUID
issmkwrapped BYTE 密钥是否为SMK封装
key_usage UINT32 密钥的TCM_KEY_USAGE属性
key_flags UINT32 密钥的TCM_KEY_FLAGS属性
pcrinfo_uuid[32] BYTE 密钥的绑定PCR信息
wrapkey_uuid[32] BYTE 密钥使用的封装密钥的UUID

Table 3

Data structure of PUBLIC_KEY"

名称 数据类型 内容
uuid[32] BYTE 密钥对象的UUID
vtcm_uuid[32] BYTE 密钥所在TCM的UUID
ispubek BYTE 密钥是否为TCM的EK公钥
key_usage UINT32 密钥的TCM_KEY_USAGE属性
key_flags UINT32 密钥的TCM_KEY_FLAGS属性
pcrinfo[32] BYTE 密钥的绑定PCR信息
prikey_uuid[32] BYTE 对应私钥的UUID

Table 4

Custom cryptography module and its functions"

定制模块名称 功能
key_check 密钥检查
localkey_gen 本地密钥生成
localkey_store 本地密钥存储
remotekey_gen 远程密钥生成
remotekey_send 远程密钥发送

Table 5

Data structure of LOCAL_KEYSET"

名称 数据类型 内容
user_name BYTE 用户名
pik_uuid BYTE PIK的UUID
pikcert_uuid BYTE PIK证书的UUID
signkey_uuid BYTE 签名密钥的UUID
unbindkey_uuid BYTE 解除绑定密钥的UUID

Table 6

Data structure of REMOTE_KEYSET"

名称 数据类型 内容
user_name BYTE 用户名
node_uuid BYTE 节点的UUID
pikpub_uuid BYTE PIK公钥的UUID
pikcert_uuid BYTE PIK证书的UUID
verifykey_uuid BYTE 验签密钥的UUID
bindkey_uuid BYTE 绑定密钥的UUID


Schematic diagram of the user file transfer encryption example and message transmission diagram"


Schematic diagram of the platform integrity verification example and message transmission diagram"

1 张焕国, 韩文报, 来学嘉, 等. 网络空间安全综述[J]. 中国科学:信息科学, 2016, 46 (2): 125- 164.
ZHANG Huanguo , HAN Wenbao , LAI Xuejia , et al. Overview of cyberspace security[J]. Scientia Sinica Informationis, 2016, 46 (2): 125- 164.
2 Trusted Computing Group. TPM 2.0 library specification[EB/OL]. (2013-03-15)[2019-10-21]
3 Trusted Computing Group. TPM 2.0: a brief introduction[EB/OL]. (2019-06-07)[2019-12-05]
4 刘毅, 沈昌祥. 一种可信软件栈的兼容性改进方案[J]. 武汉大学学报(理学版), 2009, 55 (1): 57- 61.
doi: 10.3321/j.issn:1671-8836.2009.01.013
LIU Yi , SHEN Changxiang . Improvement about the compatibility of TCG software stack[J]. Journal of Wuhan University(Natural Science Edition), 2009, 55 (1): 57- 61.
doi: 10.3321/j.issn:1671-8836.2009.01.013
5 ARTHUR W, CHALLENER D, GOLDMAN K. A practical guide to TPM 2.0[M]. Berkeley: Apress, 2015.
6 Trusted Computing Group. TSS system level API and TPM command transmission interface specification[EB/OL]. (2015-01-26)[2019-12-05]
7 Trusted Computing Group. TCG TSS 2.0 marshaling/unmarshaling API specification[EB/OL]. (2018-01-04)[2019-12-06]
8 李晓丹.基于PCIe接口的可信计算应用平台的设计[D].太原:中北大学, 2019.
LI Xiaodan. Design of trusted computing application platform based on PCIe interface[D]. Taiyuan: North University of China, 2019.
9 姚爽.基于SGX保护国密算法运行环境的研究与实现[D].北京:北京交通大学, 2018.
YAO Shuang. Research and implementation of protecting the runtime environment for national cryptographic algorithm based on software guard extensions[D]. Beijing: Beijing Jiaotong University, 2018.
10 刘磊. 基于可信计算技术的密码服务平台[J]. 信息安全研究, 2017, 3 (4): 305- 309.
LIU Lei . Cryptographic service platform based on trusted computing technology[J]. Journal of Information Security Research, 2017, 3 (4): 305- 309.
11 STVBLE C , ZAERIN A . μTSS-a simplified trusted software stack[M]. Berlin: Springer, 2010: 124- 140.
12 SHI Wenchang. On design of a trusted software base with support of TPCM[C]// The First International Conference on Trusted Systems. Beijing: Springer, 2009: 1-15.
13 TAO Zheng, HU Jun, ZHAN Jing, et al. An application-oriented efficient encapsulation system for trusted software development[C]// 7th International Conference on Trusted Systems. Beijing: Springer, 2015: 153-168.
14 胡俊, 沈昌祥, 公备. 可信计算3.0工程初步[M]. 北京: 人民邮电出版社, 2018: 13- 35.
HU Jun , SHEN Changxiang , GONG Bei . Trusted computing 3.0 engineering fundamentals[M]. 2nd Ed Beijing: Posts and Telecommunications Press, 2018: 13- 35.
[1] ZHANG Zhong-jun, ZHANG Wen-juan, YU Lai-hang, LI Run-chuan. A community division method based on network distance and content similarity in micro-blog social network [J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2017, 52(7): 97-103.
[2] XIE Gang1,2, YANG Bo1,3. Research on modular reasoning of aspect-oriented programming [J]. J4, 2011, 46(9): 48-52.
[3] SUN Lin. The application of some special hyper-graphs in the perfect graphs [J]. J4, 2011, 46(8): 92-94.
[4] WANG Li, ZHANG Jing-yang, XU Li-heng. A dynamic network overlapping communities detecting  algorithm based on local betweenness [J]. J4, 2011, 46(5): 86-90.
[5] JIA Ke-Ting1,2. Improved related key attack on 44-round SHACAL-2 [J]. J4, 2010, 45(4): 1-5.
Full text



[1] QI Ying-hua,QI Ai-qin . Periodic boundary value problems for differential equations with arguments[J]. J4, 2007, 42(7): 66 -71 .
[2] WANG Qi,ZHAO Hong-luan . [J]. J4, 2006, 41(6): 84 -86 .
[3] . Determination of nutrimental constituents and analysis of function for Japanese red pine pollen and Japanese black pine pollen[J]. J4, 2006, 41(1): 130 -132 .
[4] FANG Yong,WANG Yue-hai,BAO Yu-hai,LI Shen-an andZHANG Xing-li . Research on transpiration characteristic and stress resistence of different varieties of tea plant[J]. J4, 2006, 41(1): 145 -148 .
[5] HUANG Zong-Yuan, ZHANG Feng. Viscosity solutions of multidimensional quasilinear parabolic PDEs[J]. J4, 2008, 43(12): 5 -9 .
[6] ZHANG Wei and JU Pei-jun . Design of observers for nonlinear Lipschitz descriptor systems with unknown inputs[J]. J4, 2006, 41(2): 85 -88 .
[7] LI Zhao,SUN Zhan-,LI Xiao,LI Cheng,. Study on feature selection method based on information loss[J]. JOURNAL OF SHANDONG UNIVERSITY(NATURAL SCIENCE), 2016, 51(11): 7 -12 .
[8] JIN Tian-fei, . Sub-stroke extraction research on the off-line hand-written recognition of Chinese characters[J]. J4, 2008, 43(5): 39 -44 .
[9] TANG Qiu-yun,WANG Ming-gao,LIU Yan-sheng . The existence of multiple positive solutions for higher order boundary value systems with p-Laplacian operator[J]. J4, 2008, 43(5): 50 -53 .
[10] LI Shou-ju1,SHANGGUAN Zi-chang2,3,SUN Wei4,LUAN Mao-tian1,LIU Bo3. Parameter  inversion  procedure  for  a  nonlinear constitutive  model  of  conditioned  soils[J]. J4, 2010, 45(7): 24 -27 .