Research On Encryption And Authentication Technology Of Trusted Digital Identity Chip Based On TPM

With the explosive growth of Io T terminal device numbers and the blurring of security boundaries,Io T terminal security has become an urgent problem to be solved.Addressing Io T terminal security issues is key to further promoting the widespread deployment of Io T services and the rapid development of the industry.At present,TPM(Trusted Platform Module)is widely used in computer systems to achieve trusted computing.Based on the analysis of the two problems of insufficient device data protection capability and difficulty in device authentication for Io T terminal devices,this paper has found the feasibility of applying TPM’s trusted mechanism to Io T terminal devices to solve the above problems.There are already many researches on Io T device trusted computing technology based on Linux and TPM,but there is still a lack of relevant trusted computing research based on real-time operating systems and TPM for resource-constrained Io T terminal devices.Therefore,this paper conducts research on TPM-based trusted digital identity chip encryption authentication technology for Io T terminal devices,especially resource-constrained terminal devices,based on a detailed study and analysis of the TPM trusted platform module structure and its trusted mechanism.The main research results are as follows:(1)In response to the issue of poor data protection capabilities in Io T terminal devices,a data protection method based on TPM(Trusted Platform Module)for terminal devices is proposed.Due to the difficulty in achieving static trustworthiness in resource-constrained terminal devices,a dynamic measurement root is implemented through a measurement proxy module and a remote dynamic measurement module,measuring device integrity and creating a dynamic trusted environment.A lightweight,modular TPM trusted service is designed,achieving trusted functions such as key management,data encryption and decryption,and signature verification for resource-constrained terminal devices under real-time operating systems.(2)In response to the problems of device authentication information leakage and high trusted third-party verification load in the device authentication process for Io T terminal devices,a TPM-based attribute certificate remote attestation method is proposed.This scheme realizes the protection of device authentication information based on the attribute-based remote attestation mechanism,and designs a device authentication method for Io T terminal device authentication scenarios based on the TPM identity signature and attribute certificate mechanism,realizing the authentication of terminal device identity and integrity.(3)Based on the above two parts of research content,a prototype system is designed.The design and implementation of the TPM trusted framework for resource-constrained terminal devices based on real-time operating systems are completed on this system,and the data protection and device authentication functions are verified based on the prototype system.