北京航空航天大学学报 ›› 2009, Vol. 35 ›› Issue (1): 32-35.

• 论文 • 上一篇    下一篇

Java卡的可信代码装载机制设计

胥怡心, 张其善, 刘建伟   

  1. 北京航空航天大学 电子信息工程学院, 北京 100191
  • 收稿日期:2008-01-23 出版日期:2009-01-31 发布日期:2010-09-16
  • 作者简介:胥怡心(1978-),男,四川剑阁人,博士生,xyx.buaa@gmail.com.

Design of trusted Java card code loading mechanism

Xu Yixi, Zhang Qishan, Liu Jianwei,   

  1. School of Electronics and Information Engineering, Beijing University of Aeronautics and Astronautics, Beijing 100191, China
  • Received:2008-01-23 Online:2009-01-31 Published:2010-09-16

摘要: 对满足可信计算平台(TCP,Trusted Computing Platform)需求的代码管理问题,提出了以Java卡为核心,以代码签名技术为主要手段,以卡内的安全域(security domain)作为各个软件权威(Java卡设备发行方和应用提供方)安全策略执行者的可信代码管理框架.新机制支持设备发行方软件的装载和更新,完善了应用提供方安全域的装载和更新流程,并对下载命令数据结构进行了扩充.解决了在复杂应用环境中,多个软件权威相互独立的限制条件下,代码的免人工广播式发布问题,扩展了传统Java卡软件装载模式,提高了系统的安全性,为使用Java卡平台进行可信计算提供保障.

Abstract: Based on the requirements of the trusted computing platform (TCP) program code management, a trusted code management framework was proposed. The Java card technique was the core of the framework. The code signature technique was adopted for the program loading authentication while the on-card security domains were created as the off-card software authorities- security policies executors. The novel mechanism supported the installation and hot update of the device issuer software, promoted the installation and update procedure of the application provider software, and expanded the code-loading command data structure. The framework implemented the un-manual code broadcast distribution with the limitation of mutual independency of all software authorities under the hostile environment. This advanced Java card software loading mode improves the system-s security, and enables the trusted computing on the Java card platform.

中图分类号: 


版权所有 © 《北京航空航天大学学报》编辑部
通讯地址:北京市海淀区学院路37号 北京航空航天大学学报编辑部 邮编:100191 E-mail:jbuaa@buaa.edu.cn
本系统由北京玛格泰克科技发展有限公司设计开发