基于可信计算技术的移动钱包设计
|
摘要
通信技术的进步与移动终端的发展促进了电子商务向移动方向发展,移动钱包作为当前移动支付的一个热点备受人们的关注。目前移动钱包主要有两种方式:以智能卡的方式和以软件方式。以智能卡方式存在的移动钱包已经有了较为成功的应用,但其应用的范围有限;以软件方式存在的钱包系统有着更广阔应用范围和发展前景,但人们对其安全问题和信誉问题深怀疑虑,特别是用户的账户信息被泄露、账户资金被冒领等安全问题严重影响了人们对这一种方便、快捷的移动支付的使用。
可信计算技术是当今信息安全研究的新领域,目的是从根源上解决计算机系统的安全问题。可信计算技术采用在计算机系统中集成可信硬件模块来建立信任源点,通过信任链的传递使系统始终保持其原始、可信的状态,从而建立可信的运行环境。它规定系统中使用者都是经过认证的,确保用户身份的可信,其操作都符合系统安全策略,不会产生攻击性的事故从而保证整个信息系统的安全。可信计算技术发展的初衷也是为增进电子商务安全,现在已经在许多计算机中大量部署,给彻底改变现有的IT安全管理现状带来许多新思路和新方法。可信计算技术已经向嵌入式和移动设备方向发展,TCG规范中也明确指出可信计算技术可以应用于移动设备中。TCG定义的可信计算是与完整性度量、认证启动、密封和平台证明这四个概念同义的。本文主要是对软件形式的移动钱包进行了探讨与安全设计。
本文仔细分析了移动商务及钱包技术,特别是探讨了移动钱包系统使用的安全技术和现有的安全问题,并从移动钱包的终端安全和数据传输安全两个安全问题出发,提出并设计了一种移动钱包的可信解决方案。在细致分析钱包的安全需求后,采用在移动终端和服务器中都增加可信平台模块来搭建一个可信的硬件与操作系统环境,并将这种可信概念延伸到移动钱包系统设计中。通过搭建终端和服务器的可信平台,在钱包的客户端和远程服务器建立了用户账户信息安全机制、数据安全机制等安全措施,增进了移动钱包和支付服务器对用户及平台的身份认证,保证了数据存储和传输过程中保密性、完整性和不可否认等特性。
通过利用可信度量技术来保证平台操作系统的安全启动及移动钱包软件的完整性、合法性以及配置的正确性,能防止软件被病毒或攻击者恶意篡改。利用TPM本身的密钥管理机制等技术实现移动钱包系统中对敏感数据和信息的安全存储,利用TPM的平台身份证书以及钱包系统对用户密钥或口令的存储过程来增强平台身份认证。在分析移动钱包的功能需求基础上,设计了移动钱包的注册、注销、支付等流程及数据库,并对移动钱包系统中调用TSS以实现TPM如绑定、密封安全存储方法及签名的流程进行了设计和实现,最后对系统的完整性静态度量进行了测试与分析,较好地验证了设计。
With the advances in communication technology and the development of mobile terminal, mobile e-commerce is gathering more and more attention. The mobile wallet, a tool to make mobile payment, is becoming increasingly popular in the modern life. At present, mobile wallet exists mainly in two modes: smart card mode and software mode. The smart card mode has already been widely used, but the scope of its application is limited. In comparison, the software mode has a bigger range of applications and better development prospects, but its security issues such as the leak of the user's account information, fraudulent activities, etc. have raised public concern.
Aiming to solve computer systems security issues, Trusted Computing technology has become a new research field of information security today. Trusted Computing technology aims to build confidence in the credibility of the source-point by integrating the hardware modules in the computer systems. Through the transmission of trusted chain, Trusted Computing technology can help to maintain the system’s original and credible state, so as to establish a credible running-environment. In addition, the system users must be certified so as to ensure the credibility of user identity. Furthermore, the operations involved are consistent with system security policy, therefore, the Trusted Computing technology would not result in offensive incidents, and the security of the entire information system can be ensured.
The primary objective of trusted computing technology is to enhance e-commerce security. This technology has now been deployed in many large computer systems. It can bring many new ideas and methods to the change of existing status of IT security management. Trusted Computing technology has been developed in the direction of embedded and mobile devices. TCG (Trusted Computing Group) has also specified clearly that the Trusted Computing technology can be applied to mobile devices. Trusted Computing, as defined by TCG is synonymous with four fundamental concepts: integrity measurement, certification boot, sealing and platform attestation. This article discussed about the software mode of the mobile wallets and its security design.
This paper analyzed the current mobile commerce and mobile wallet technology, especially the payment security problems and security issues for mobile wallet; it proposed and designed a valuable solving method. A Trusted Platform Module is added both the mobile terminal and the server to build a credible hardware and operating system environment, and this concept is extended to the mobile wallet system design. By building a Trusted Computing Platform and creating user account information security, data security and other security measures, the mobile wallet and payment server technologies for the user and platform authentication are further enhanced. This ensured the confidentiality, integrity and non-repudiation of the data storage and transmission process.
Trusted Computing Platform can ensure the safety of the operating system while launching, and the integrity, legality and correctness of configuration of the mobile wallet software. It can prevent the software from being attacked or tampered by virus. The key management mechanism in the TPM (Trusted Platform Module) itself was used to ensure the security of sensitive data and information storage of the mobile wallet system. The TPM platform identity certificate and the user keys or passwords stored procedure in the wallet system were used to enhance the platform authentication. Mobil wallet’s registration, cancellation, payment and other processes and databases are designed based on the functional requirements of mobile wallet. And the process of using mobile wallet system called TSS to achieve TPM, such as binding, seal, signature of the security process and storage method was designed and implemented. Finally, the static integrity measurement of the system was tested and analyzed, which proved the design well.
可信计算技术是当今信息安全研究的新领域,目的是从根源上解决计算机系统的安全问题。可信计算技术采用在计算机系统中集成可信硬件模块来建立信任源点,通过信任链的传递使系统始终保持其原始、可信的状态,从而建立可信的运行环境。它规定系统中使用者都是经过认证的,确保用户身份的可信,其操作都符合系统安全策略,不会产生攻击性的事故从而保证整个信息系统的安全。可信计算技术发展的初衷也是为增进电子商务安全,现在已经在许多计算机中大量部署,给彻底改变现有的IT安全管理现状带来许多新思路和新方法。可信计算技术已经向嵌入式和移动设备方向发展,TCG规范中也明确指出可信计算技术可以应用于移动设备中。TCG定义的可信计算是与完整性度量、认证启动、密封和平台证明这四个概念同义的。本文主要是对软件形式的移动钱包进行了探讨与安全设计。
本文仔细分析了移动商务及钱包技术,特别是探讨了移动钱包系统使用的安全技术和现有的安全问题,并从移动钱包的终端安全和数据传输安全两个安全问题出发,提出并设计了一种移动钱包的可信解决方案。在细致分析钱包的安全需求后,采用在移动终端和服务器中都增加可信平台模块来搭建一个可信的硬件与操作系统环境,并将这种可信概念延伸到移动钱包系统设计中。通过搭建终端和服务器的可信平台,在钱包的客户端和远程服务器建立了用户账户信息安全机制、数据安全机制等安全措施,增进了移动钱包和支付服务器对用户及平台的身份认证,保证了数据存储和传输过程中保密性、完整性和不可否认等特性。
通过利用可信度量技术来保证平台操作系统的安全启动及移动钱包软件的完整性、合法性以及配置的正确性,能防止软件被病毒或攻击者恶意篡改。利用TPM本身的密钥管理机制等技术实现移动钱包系统中对敏感数据和信息的安全存储,利用TPM的平台身份证书以及钱包系统对用户密钥或口令的存储过程来增强平台身份认证。在分析移动钱包的功能需求基础上,设计了移动钱包的注册、注销、支付等流程及数据库,并对移动钱包系统中调用TSS以实现TPM如绑定、密封安全存储方法及签名的流程进行了设计和实现,最后对系统的完整性静态度量进行了测试与分析,较好地验证了设计。
With the advances in communication technology and the development of mobile terminal, mobile e-commerce is gathering more and more attention. The mobile wallet, a tool to make mobile payment, is becoming increasingly popular in the modern life. At present, mobile wallet exists mainly in two modes: smart card mode and software mode. The smart card mode has already been widely used, but the scope of its application is limited. In comparison, the software mode has a bigger range of applications and better development prospects, but its security issues such as the leak of the user's account information, fraudulent activities, etc. have raised public concern.
Aiming to solve computer systems security issues, Trusted Computing technology has become a new research field of information security today. Trusted Computing technology aims to build confidence in the credibility of the source-point by integrating the hardware modules in the computer systems. Through the transmission of trusted chain, Trusted Computing technology can help to maintain the system’s original and credible state, so as to establish a credible running-environment. In addition, the system users must be certified so as to ensure the credibility of user identity. Furthermore, the operations involved are consistent with system security policy, therefore, the Trusted Computing technology would not result in offensive incidents, and the security of the entire information system can be ensured.
The primary objective of trusted computing technology is to enhance e-commerce security. This technology has now been deployed in many large computer systems. It can bring many new ideas and methods to the change of existing status of IT security management. Trusted Computing technology has been developed in the direction of embedded and mobile devices. TCG (Trusted Computing Group) has also specified clearly that the Trusted Computing technology can be applied to mobile devices. Trusted Computing, as defined by TCG is synonymous with four fundamental concepts: integrity measurement, certification boot, sealing and platform attestation. This article discussed about the software mode of the mobile wallets and its security design.
This paper analyzed the current mobile commerce and mobile wallet technology, especially the payment security problems and security issues for mobile wallet; it proposed and designed a valuable solving method. A Trusted Platform Module is added both the mobile terminal and the server to build a credible hardware and operating system environment, and this concept is extended to the mobile wallet system design. By building a Trusted Computing Platform and creating user account information security, data security and other security measures, the mobile wallet and payment server technologies for the user and platform authentication are further enhanced. This ensured the confidentiality, integrity and non-repudiation of the data storage and transmission process.
Trusted Computing Platform can ensure the safety of the operating system while launching, and the integrity, legality and correctness of configuration of the mobile wallet software. It can prevent the software from being attacked or tampered by virus. The key management mechanism in the TPM (Trusted Platform Module) itself was used to ensure the security of sensitive data and information storage of the mobile wallet system. The TPM platform identity certificate and the user keys or passwords stored procedure in the wallet system were used to enhance the platform authentication. Mobil wallet’s registration, cancellation, payment and other processes and databases are designed based on the functional requirements of mobile wallet. And the process of using mobile wallet system called TSS to achieve TPM, such as binding, seal, signature of the security process and storage method was designed and implemented. Finally, the static integrity measurement of the system was tested and analyzed, which proved the design well.
引文
[1]姜楠,王健.移动安全支付计算机安全,2004.11:22-24
[2]艾瑞公司《2008-2009年中国移动电子商务行业发展报告》. http://www.ectoday.cn/html/hangyexinwen/B2C/2009/1228/12930.html
[3]沈昌祥,张焕国,冯登国.信息安全综述[J].中国科学E辑信息科学,2007, 37(2):134-140
[4]龙青云,白庆华.基于移动手持设备的移动钱包的模型和工作机制[J].微型机与应用,2005, 2(3):38-40
[5] George Staikos. Kwallet -The KDE Wallet System. http://www.staikos.on.ca/staikos/papers/2003/kwallet-kastle-2003.pdf
[6] M-Shield? Mobile Security Technology: making wireless secure 2008 Texas Instruments Incorporated. https://.www.ti.com/m-shield.
[7] TrustZone Software API Specification[Z]. https://www. arm. com/pdfs.
[8]卿斯汉.国外可信计算的研究进展[J].信息安全与通信保密,2007.9.29(9):22-24
[9] David Challenger, Kent Yoder, Ryan Catherman, David Safford, Leendert Van Doorn. Trusted Computing technology, 2006.1
[10] Bryan Parno, Cynthia Kuo, Adrian Perrig. Phool-proof Phishing Prevention. Financial Cryptography and Data Security. 10th International Conference, 2006,3, 2(3):10-14
[11]陈书义,闻英友,赵宏.基于可信计算的移动平台设计方案[J].东北大学学报, 2008,29(8):1096-1099
[12]国家密码管理局.可信计算密码支撑平台功能与接口规范[EB/OL]. http://www.oscca.gov.cn/. 2007,12
[13]周明天,谭良.可信计算及其进展.西安科技大学学报[J].2006, 25(4):689
[14] A. Alsaid and C. J. Mitchell. Preventing Phishing Attacks Using Trusted Computing Technology. In Proceedings of the 6th International Network Conference, 2006,221-228.
[15] OMTP (Open Mobile Terminal Platform) Advanced Trusted Environment TR1, 2008,3. http://www.omtp.org/Publications.aspx
[16] Eckhard Delfs, David Jennings, Eimear Gallery. Porting Security Services to a Mobile Platform to Support a Trusted Mobile Application. Information Society Techonogies, 2008.12.7
[17]肖政,韩英,叶蓬.基于可信计算平台的体系结构研究与应用[J].计算机应用,2006,26(8):1807-1812
[18] Anti Phishing Working Group. Phishing Activity Trends Report(s), 2005-2007.http://www.antiphishing.org.
[19] SuGil Choi, JinHee Han, JeongWoo Lee. Implementation of a TCG-Based Trusted Computing in Mobile Device. Springer-Verlag, 2006.07
[20]王平水.公钥密码体制及其安全性分析研究[D].合肥工业大学,2006
[21] R. L. Rivest, A. Shamir, L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 1978, 2(21):120-126
[22] R. Housley, W. Ford, RFC2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile JanuaD, 2005
[23] D. Chaum. The Dining Cryptographers Problem, Unconditional Sender and Reeeipient Untraceability [J]. Journal of Cryptography, 1988, 1:65-75
[24]徐锐,王震宇,康新振.可信计算技术在防钓鱼攻击中的应用[J].计算机工程, 2008, 34(8):195-197
[25] Emigh. A Online identity theft: phishing technology, chokepoints and countermeasures, 2005
[26] TCG. TCG Specification Architecture Overview Specification Revision 1.4. [EB/OL]. https://www.trustedcomputinggroup.org. 2007, 8: 5-19
[27] A. Avizienis, J-C. Laprie, B. Randell, C. Landwebr. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transaction on Dependable and Secure Computing, 2004, 1-3(1)
[28] Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux kernel integrity measurement using contextual inspection. In: ACM workshop on Scalable trusted computing, 2007.11.2
[29]谭兴烈.可信计算平台中的关键部件TPM[J].信息安全与通信保密,2005, 2
[30] Trusted Computing Group. Trusted Platform Module Main Specification Part 1: Design Principles; Part 2: TPM Structures; Part 3: Commands[S]. https://www.trustedcomputinggroup.org. 2006.3.29, Specification version 1.2
[31]张淼,徐国爱,胡正名.可信计算环境下基于主机身份的一次性密钥交换协议[J].电子与信息学报,2007, 29(6):1348-1351
[32] TCG. TPM Main Part1 Design Principles Specification Version 1.2 Level 2 Revision 103. [EB/OL]. https://www.trustedcomputinggroup.org/. 2007.7
[33] TCG. TPM Main Part 1 Design Principles Specification Version 1.2 Revision 94. [EB/OL]. https://www.trustedcomputinggroup.org/. 2006. 3
[34]陈军.可信平台模块安全性分析与应用[D].中国科学院计算技术研究所, 2006
[35] Boris Balacheff, Liqun Chen, David Plaquin etc. Trusted Computing Platforms: TCPA Technology in Context [M]. Prentice Hall PTR, 2002
[36] Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: 13th Usenix Security Symposium (August 2004)
[37]肖曦,韩军,汪伦伟.可信计算平台关键机制研究[J].信息工程大学学报,2007,8(2):217-220
[38] Kurt Dietrich. An Intergraded Architecture for Trusted Computing for Java enabled Embedded Devices [J]. STC'07. Alexandria, Virginia, 2007.11
[39]陈麟,林宏刚,黄元飞.基于可信计算的恶意代码防御机制研究[J].计算机应用研究,2008,25(12):3712-3715
[40] TCG MPWG: The TCG mobile trusted module specification. TCG specification version 0.9 revision 1, The Trusted Computing Group (TCG), Portland, Oregon, 2006.12
[41]赵国冬.安全嵌入式系统体系结构研究与设计[D].哈尔滨工程大学, 2006.6
[42]周正,李建,张俊.一种主体行为可信度量模型[J].计算机工程,2008, 34(7):35-37
[43] Chaumette, S. Karray, A. SauVcron. Secure Extended Memory for Java Cards [A]. Proceedings of he 2006 International Conference on Computational Science and its Applications , 2006,8(11):55-57
[44]裘鹏,张向军,陈克非.基于手机的电子货币系统[J].计算机工程, 2004,30(12):51-53
[45]孙勇,汪涛,杨义先.基于信任区和可信计算技术的移动钱包系统[J].计算机工程, 2007,33(7):143-145
[46] MET Initiative, Mobile Electronic Transactions Initiative, referenced 2001.12.15 http://www.mobiletransacfion.org
[47]郑宇,何大可,梅其祥.支持可信计算的软件保护模型[J].西南交通大学学报,2006,41(1):63-67
[48]菅骁翔,高宏,刘文煌.基于便携式TPM的可信计算机研究[J].计算机工程与应用,2006,36:70-72
[49]唐彬,潘正运,黄坚.基于可信计算的MAS移动终端的体系结构设计[J].网络安全技术与应用,2008,8(11):55-57
[50] Jason Reid, Juan M. Gonzalez Nieto, Ed Dawson etc. Privacy and Trusted Computing. 14th International Workshop on Database and Expert Systems Applications, 2003
[51] WAP Forum, Wireless Application Protocol Public Key Information Definition, Version 2001.10.24. http://www.wapforum.org
[52]徐娜,韦卫.基于安全芯片的可信平台设计与实现[J].计算机应用研究,2006,23(8):117-119
[53] Tim Ebringer. Parasitic Authentication To Protect Your E-Wallet[J]. IEEE Computer, 2000,01,33(10):54-60
[54] Alan O. Freier. The SSL Protocol Version 3.0. 1996.11.19.http://netscape.com/eng/ssl3/dratft=302.txt
[55]王婵,姚赤丹.SSL/SET协议比较与改进模型[J].现代计算机,2002(8):46-48
[56]http://www.cdc.informatik.tudarmstadt.de/TI/Lehre/WS02_03/Vorlesung/Kryptographie_I/oae.pdf
[57]刘飞,马萍,杨明.复杂仿真系统可信度量化研究[J].哈尔滨工业大学学报,2007,39(1):1-3
[58] Trusted Computing Group. Trusted Platform Module Main Specification Part 1: Design Principles; Part 2: TPM Structures; Part 3: Commands[S]. https://www.trustedcomputinggroup.org. 2006.3.29, Specification version 1.2
[59] Z. Yan, P. Cofta. Methodology to Bridge Different Domains of Trust in Mobile Communications. The First International Conference on Trust Management, 2003.3
[60] Chen You-lei, Shen Chang-xiang. A Security Kernel Architecture Based Trusted Computing Platform [J]. Wuhan University Journal of National Sciences, 2005,1(1)
[61] Theodorakopoulos, J.S. Baras. On Trust Models and Trust Evaluation Metrics for Ad HocNnetworks. IEEE Journal on Selected Areas in Communications, 2006, 2,2(24):318-328
[62] Department of Defense Computer Security Center. DoD 5200.28-STD. Department of Defense Trusted Computer System Evaluation Criteria[S], 1985, 12
[2]艾瑞公司《2008-2009年中国移动电子商务行业发展报告》. http://www.ectoday.cn/html/hangyexinwen/B2C/2009/1228/12930.html
[3]沈昌祥,张焕国,冯登国.信息安全综述[J].中国科学E辑信息科学,2007, 37(2):134-140
[4]龙青云,白庆华.基于移动手持设备的移动钱包的模型和工作机制[J].微型机与应用,2005, 2(3):38-40
[5] George Staikos. Kwallet -The KDE Wallet System. http://www.staikos.on.ca/staikos/papers/2003/kwallet-kastle-2003.pdf
[6] M-Shield? Mobile Security Technology: making wireless secure 2008 Texas Instruments Incorporated. https://.www.ti.com/m-shield.
[7] TrustZone Software API Specification[Z]. https://www. arm. com/pdfs.
[8]卿斯汉.国外可信计算的研究进展[J].信息安全与通信保密,2007.9.29(9):22-24
[9] David Challenger, Kent Yoder, Ryan Catherman, David Safford, Leendert Van Doorn. Trusted Computing technology, 2006.1
[10] Bryan Parno, Cynthia Kuo, Adrian Perrig. Phool-proof Phishing Prevention. Financial Cryptography and Data Security. 10th International Conference, 2006,3, 2(3):10-14
[11]陈书义,闻英友,赵宏.基于可信计算的移动平台设计方案[J].东北大学学报, 2008,29(8):1096-1099
[12]国家密码管理局.可信计算密码支撑平台功能与接口规范[EB/OL]. http://www.oscca.gov.cn/. 2007,12
[13]周明天,谭良.可信计算及其进展.西安科技大学学报[J].2006, 25(4):689
[14] A. Alsaid and C. J. Mitchell. Preventing Phishing Attacks Using Trusted Computing Technology. In Proceedings of the 6th International Network Conference, 2006,221-228.
[15] OMTP (Open Mobile Terminal Platform) Advanced Trusted Environment TR1, 2008,3. http://www.omtp.org/Publications.aspx
[16] Eckhard Delfs, David Jennings, Eimear Gallery. Porting Security Services to a Mobile Platform to Support a Trusted Mobile Application. Information Society Techonogies, 2008.12.7
[17]肖政,韩英,叶蓬.基于可信计算平台的体系结构研究与应用[J].计算机应用,2006,26(8):1807-1812
[18] Anti Phishing Working Group. Phishing Activity Trends Report(s), 2005-2007.http://www.antiphishing.org.
[19] SuGil Choi, JinHee Han, JeongWoo Lee. Implementation of a TCG-Based Trusted Computing in Mobile Device. Springer-Verlag, 2006.07
[20]王平水.公钥密码体制及其安全性分析研究[D].合肥工业大学,2006
[21] R. L. Rivest, A. Shamir, L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM, 1978, 2(21):120-126
[22] R. Housley, W. Ford, RFC2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile JanuaD, 2005
[23] D. Chaum. The Dining Cryptographers Problem, Unconditional Sender and Reeeipient Untraceability [J]. Journal of Cryptography, 1988, 1:65-75
[24]徐锐,王震宇,康新振.可信计算技术在防钓鱼攻击中的应用[J].计算机工程, 2008, 34(8):195-197
[25] Emigh. A Online identity theft: phishing technology, chokepoints and countermeasures, 2005
[26] TCG. TCG Specification Architecture Overview Specification Revision 1.4. [EB/OL]. https://www.trustedcomputinggroup.org. 2007, 8: 5-19
[27] A. Avizienis, J-C. Laprie, B. Randell, C. Landwebr. Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transaction on Dependable and Secure Computing, 2004, 1-3(1)
[28] Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux kernel integrity measurement using contextual inspection. In: ACM workshop on Scalable trusted computing, 2007.11.2
[29]谭兴烈.可信计算平台中的关键部件TPM[J].信息安全与通信保密,2005, 2
[30] Trusted Computing Group. Trusted Platform Module Main Specification Part 1: Design Principles; Part 2: TPM Structures; Part 3: Commands[S]. https://www.trustedcomputinggroup.org. 2006.3.29, Specification version 1.2
[31]张淼,徐国爱,胡正名.可信计算环境下基于主机身份的一次性密钥交换协议[J].电子与信息学报,2007, 29(6):1348-1351
[32] TCG. TPM Main Part1 Design Principles Specification Version 1.2 Level 2 Revision 103. [EB/OL]. https://www.trustedcomputinggroup.org/. 2007.7
[33] TCG. TPM Main Part 1 Design Principles Specification Version 1.2 Revision 94. [EB/OL]. https://www.trustedcomputinggroup.org/. 2006. 3
[34]陈军.可信平台模块安全性分析与应用[D].中国科学院计算技术研究所, 2006
[35] Boris Balacheff, Liqun Chen, David Plaquin etc. Trusted Computing Platforms: TCPA Technology in Context [M]. Prentice Hall PTR, 2002
[36] Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and Implementation of a TCG-based Integrity Measurement Architecture. In: 13th Usenix Security Symposium (August 2004)
[37]肖曦,韩军,汪伦伟.可信计算平台关键机制研究[J].信息工程大学学报,2007,8(2):217-220
[38] Kurt Dietrich. An Intergraded Architecture for Trusted Computing for Java enabled Embedded Devices [J]. STC'07. Alexandria, Virginia, 2007.11
[39]陈麟,林宏刚,黄元飞.基于可信计算的恶意代码防御机制研究[J].计算机应用研究,2008,25(12):3712-3715
[40] TCG MPWG: The TCG mobile trusted module specification. TCG specification version 0.9 revision 1, The Trusted Computing Group (TCG), Portland, Oregon, 2006.12
[41]赵国冬.安全嵌入式系统体系结构研究与设计[D].哈尔滨工程大学, 2006.6
[42]周正,李建,张俊.一种主体行为可信度量模型[J].计算机工程,2008, 34(7):35-37
[43] Chaumette, S. Karray, A. SauVcron. Secure Extended Memory for Java Cards [A]. Proceedings of he 2006 International Conference on Computational Science and its Applications , 2006,8(11):55-57
[44]裘鹏,张向军,陈克非.基于手机的电子货币系统[J].计算机工程, 2004,30(12):51-53
[45]孙勇,汪涛,杨义先.基于信任区和可信计算技术的移动钱包系统[J].计算机工程, 2007,33(7):143-145
[46] MET Initiative, Mobile Electronic Transactions Initiative, referenced 2001.12.15 http://www.mobiletransacfion.org
[47]郑宇,何大可,梅其祥.支持可信计算的软件保护模型[J].西南交通大学学报,2006,41(1):63-67
[48]菅骁翔,高宏,刘文煌.基于便携式TPM的可信计算机研究[J].计算机工程与应用,2006,36:70-72
[49]唐彬,潘正运,黄坚.基于可信计算的MAS移动终端的体系结构设计[J].网络安全技术与应用,2008,8(11):55-57
[50] Jason Reid, Juan M. Gonzalez Nieto, Ed Dawson etc. Privacy and Trusted Computing. 14th International Workshop on Database and Expert Systems Applications, 2003
[51] WAP Forum, Wireless Application Protocol Public Key Information Definition, Version 2001.10.24. http://www.wapforum.org
[52]徐娜,韦卫.基于安全芯片的可信平台设计与实现[J].计算机应用研究,2006,23(8):117-119
[53] Tim Ebringer. Parasitic Authentication To Protect Your E-Wallet[J]. IEEE Computer, 2000,01,33(10):54-60
[54] Alan O. Freier. The SSL Protocol Version 3.0. 1996.11.19.http://netscape.com/eng/ssl3/dratft=302.txt
[55]王婵,姚赤丹.SSL/SET协议比较与改进模型[J].现代计算机,2002(8):46-48
[56]http://www.cdc.informatik.tudarmstadt.de/TI/Lehre/WS02_03/Vorlesung/Kryptographie_I/oae.pdf
[57]刘飞,马萍,杨明.复杂仿真系统可信度量化研究[J].哈尔滨工业大学学报,2007,39(1):1-3
[58] Trusted Computing Group. Trusted Platform Module Main Specification Part 1: Design Principles; Part 2: TPM Structures; Part 3: Commands[S]. https://www.trustedcomputinggroup.org. 2006.3.29, Specification version 1.2
[59] Z. Yan, P. Cofta. Methodology to Bridge Different Domains of Trust in Mobile Communications. The First International Conference on Trust Management, 2003.3
[60] Chen You-lei, Shen Chang-xiang. A Security Kernel Architecture Based Trusted Computing Platform [J]. Wuhan University Journal of National Sciences, 2005,1(1)
[61] Theodorakopoulos, J.S. Baras. On Trust Models and Trust Evaluation Metrics for Ad HocNnetworks. IEEE Journal on Selected Areas in Communications, 2006, 2,2(24):318-328
[62] Department of Defense Computer Security Center. DoD 5200.28-STD. Department of Defense Trusted Computer System Evaluation Criteria[S], 1985, 12