Research On The Security Web Service Technique Based On Trusted Computing Platform

Web service engenders a new mode for fast exploiting and deploying web application by integrating independent service components, its characteristic of relax coupling, across platforms and across languages has won affection of users and supports of many corporations. Along with fast development of web service technique, there are more and more security problems. In order to assure the security of web service, a lot of security criterions based on web service have come out.But the key points mainly focus on the protection of server and network, ignoring the security of terminal itself. Because lots of attacks are caused by the insecurity of terminal itself, so we can only construct a real secure and trusted network environment by building security system from the source of terminal and prevention of inside and outside.Aiming at the above problem, this paper deeply researches the corresponding technique in the area of web service security, trusted computing platform and platform identity authentication, the main work are listed as follows.1 Analyzes the traditional web service security mechanism, and points out the deficiency and security hidden troubles in the aspect of testifying creditability of remote web terminal.2 Proposes a web service security framework based on the trusted computing platform. The framework implements web service access control by evaluating the security status information of accessed terminal and it can abandon the web service for the troubled terminal which can constructs trusted web service network architecture.3 Proposes a mechanism based on the idea of trust chain for testifying of credibility of remote web terminal status, and it can extend the local trust relations to the network, which implements the remote credibility measure of terminal status.4 Proposes a remote authentication solution based on direct anonymous proving protocol, which is aiming at the problem of remote identity authentication for web service platforms.5 Implements the proposed web service security framework based on the trusted computing platform.By the above work, the proposed web service security framework based on the trusted computing platform provides useful complementary and extension for the theory of web service security.