网站建设有哪些类型,单位门户网站是什么,wordpress付费查看内容,家庭电脑做网站可信计算组织#xff08;Ttrusted Computing Group,TCG#xff09;是一个非盈利的工业标准组织#xff0c;它的宗旨是加强在相异计算机平台上的计算环境的安全性。TCG于2003年春成立#xff0c;并采纳了由可信计算平台联盟#xff08;the Trusted Computing Platform Alli… 可信计算组织Ttrusted Computing Group,TCG是一个非盈利的工业标准组织它的宗旨是加强在相异计算机平台上的计算环境的安全性。TCG于2003年春成立并采纳了由可信计算平台联盟the Trusted Computing Platform Alliance,TCPA所开发的规范。现在的规范都不是最终稿都还在不断的更新中比如TPM的规范就从原来的v1.0更新到v1.2现在还在不断的修订。 TCG-Glossary-V1.1-Rev-1.0 修订历史 范围
词汇表包含了 TCG 文档中常用到的术语但是可能不会覆盖 TCG 文档立全部的词汇。比如词汇表中可能不会包含具体技术或者只有在某一个文档中用到的术语。
本文中的词汇表也不是为了覆盖全部的术语它只是给读者们一些提示或者说是提醒。
词汇表
缩略语术语描述AIK Credential私有 CA 签发的包含 AIK 公开部分内容由私有 CA 私钥签名。签名及其签名区域的含义以及重要程度由策略决定通常它会陈述该公钥与一个可用的 TPM 关联。Attestation 保证信息准确性的过程外部实体可以证实受保护区域、保护能力、信任根一个平台可以证实其影响自身完整性的平台特性描述每种证明都要求证明实体提供可靠的证据。 Attestation by the TPMTPM 对自己一致数据提供证据的操作这是通过 AIK 对内部数据进行签名实现的验证方接收、验证数据完整性以及 AIK 本身有效性 AIK 凭证可以通过私有 CA 或者 DAA 协议获得。AIKAttestation Identity Key 在 TPMv1.2中AIK 是 TPM 创建的一个特殊目的的签名AIK 是非对称密钥私有部分是不可迁移的并且由 TPM 保护。公开部分是 AIK 凭证的一部分由私有 CA 或者 DAA 协议签发。AIK 只能由 TPM 拥有者或者拥有者的授权代理创建。AIK 能用于平台认证、平台证明、密钥证明。 AIK 在平台识别的过程中保证了隐私性AIK 凭证能够保证 AIK 和一个授权的 TPM 绑定但是除了用户本身和 CA没有人知道和哪个 TPM 绑定的。 Attestation of the Platform对一组平台完整性度量值提供证据的过程通过 TPM 的 AIK 对 PCRs进行签名实现。Attestation to the PlatformAn operation that provides proof that a platform can be trusted to report integrity measurements; performed using the set or subset of the credentials associated with the platform; used to create an AIK credential.Authenticated BootA boot after which the platforms Root-of-Trust-for-Reporting (RTR) can report an accurate record of the way that the platform booted.ACAuthenticated CodeAuthenticated code is comprised of an executable module plus a value that attests to the authenticity of the module. The value is signed with a private key corresponding to a public key known to a computing device that is to execute the module. If the module is able to verify the signature, the computing device may execute the module.AuthenticationThe process of verifying the claimed attributes, such as an identity, of an entity or userAuthentication of the PlatformProvides proof of a claimed platform identity. The claimed identity may or may not be related to the user or any actions performed by the user. Platform Authentication is performed using any non-migratable signing key (e.g., an AIK). Since there are an unlimited number of non-migratable keys associated with the TPM there are an unlimited number of identities that can be authenticated.AuthorizationGranting access to a resource based on an authenticated identityBLOBBinary Large OBjectEncrypted or opaque data of fixed or variable size. The meaning and interpretation of the data is outside the scope and context of any entity other than the Subsystem (the TPM in this case) that created the BLOB.BOREBreak Once Run EverywhereA security design that includes a critical security value that is the same on all instances of the design. If an attacker can access that critical security value on any instance of the design, that information can be used to compromise every instance of the design. For example, a product is designed to use encryption to protect user information and the same encryption key is hardcoded in all instances of the product. If the attacker can acquire the key from one copy of the product, he can use that key to access personal information in all copies of the product.CMKCertified Migration KeyA key whose migration from a TPM requires an authorization token created with private keys. The corresponding public keys are incorporated in the CMK and referenced when a TPM produces a credential describing the CMK. If a CMK credential is signed by an AIK, an external entity has evidence that a particular key (1) is protected by a valid TPM and (2) requires permission from a specific authority before it can be copied.Challenger (Identity Challenger)An entity that requests and has the ability to interpret integrity metrics. See also “Integrity Challenge”CRTMCode Root of Trust for MeasurementThe instructions executed by the platform when it acts as the RTM. [Formerly described as “Core Root of Trust for Measurement”. Code Root of Trust for Measurement is the preferred expansion.] This acronym expansion is preferred.DAA IssuerA known and recognized entity that interacts with the TPM to install a set of DAA-credentials in the TPM. The DAA issuer provides certification that the holder of such DAA-credentials meets some criteria defined by the Issuer. In many cases the Issuer will be the platform manufacturer, but other entities can become issuers.DelegationA process that allows the Owner to delegate a subset of the Owners privileges (to perform specific TPM operations).DAADirect Anonymous AttestationA protocol for vouching for an AIK using zero-knowledge-proof technology.DMA MappingControls how hardware devices access Host Platform memory; DMA requests to access memory may be mapped to an alternate memory address. Similar to user mode processes use of virtual memory where page tables control the mapping to physical memory pages. Examples are IOMMU or VT-d.DMA ProtectionsProvide a mechanism to allow a Host Platform to prevent hardware devices from accessing certain Host Platform memory. Examples are a DMA exclusion scheme or DMA mapping.Duplicable ObjectIn TPM 2.0, a key or data object that is not bound to a specific TPM and with suitable authorization can be used outside a TPM or moved (copied) to another TPM. (See Migratable)D-HRTMDynamic Hardware Root of Trust for MeasurementA D-RTM implemented using an HRTM.DLDynamic LaunchThis describes the process of starting a software environment at an arbitrary time in the runtime of a system.D-RTMDynamic Root of Trust for MeasurementA platform-dependent function that initializes the state of the platform and provides a new instance of a root of trust for measurement without rebooting the platform. The initial state establishes a minimal Trusted Computing Base.This is a function that is built into the Host Platform and is started by the Dynamic Launch Event (DL Event). This function is a Trusted Process. Even though the D-RTM executes after the S-RTM, the D-RTM’s transitive trust chain will not necessarily have a trust dependency on the S-RTM’s transitive trust chain.DCEDynamic Root of Trust for Measurement Configuration EnvironmentThe software/firmware that executes between the instantiation of the D-RTM CPU instruction and the transfer of control to the Dynamically Launched Measured Environment (DLME). The DCE is responsible for ensuring the platform is in a trustworthy state. Normally this is defined by the CPU manufacturer, chipset manufacturer, and the platform manufacturer.DLMEDynamically Launched Measured EnvironmentThe software executed after the DCE- instantiated TCB is established. The DLME would nominally be supplied by an OS vendor.EKEndorsement KeyAn asymmetric Key pair composed of a public key (PubEK) and private (PrivEK). The EK is used to prove the TPM is genuine.Endorsement Key CredentialA credential associated with an PubEK. The credential asserts that the associated PrivEK is unique to a security device conforming to TCG specifications.H-CRTMA synonym for the S-HRTM. The preferred term is S-HRTM.HRTMHardware Root of Trust for MeasurementAn RTM where hardware performs the initial measurement.ImmutableUnchangeableILPInitiating Logical ProcessorThe processor that initiates the D-RTMIntegrity ChallengeA process used to send accurate integrity measurements and PCR values to a challenger.Integrity LoggingThe storage of integrity metrics in a log for later use.Integrity Measurement (Metrics)A value representing a platform characteristic that affects the integrity of a platformIntegrity ReportingThe process of attesting to the contents of integrity storage.LocalityA mechanism for supporting a privilege hierarchy in the platformMigratable (key)A key which is not bound to a specific TPM and with suitable authorization can be used outside a TPM or moved to another TPM.Non-duplicable ObjectIn TPM 2.0, a statistically unique object (usually a key) that may only be used on the TPM that created the object.Non-migratable (key)A key which is bound to a single TPM; a key that is (statistically) unique to a single TPM. In TPM 1.2, the key may be moved between TPMs using the maintenance processNV (storage)Non-volatile (shielded location)A shielded storage location whose contents are guaranteed to persist between uses by Protected Capabilities.OperatorAnyone who has physical access to a platformOwnerThe entity that has administrative rights over the TPMPlatformA platform is a collection of resources that provides a servicePCRPlatform Configuration RegisterA shielded location containing a digest of integrity measurementsPlatform CredentialA credential, typically a digital certificate, attesting that a specific platform contains a unique TPM and TBB.A credential that states that a specific platform contains a genuine TCG Subsystem.PCAPrivacy CAAn entity that issues an Identity Credential for a TPM based on trust in the entities that vouch for the TPM via the Endorsement Credential, the Conformance Credential, and the Platform Credential.PrivEKPrivate Endorsement KeyThe private portion of the EK.Protected CapabilitiesThe set of commands with exclusive permission to access shielded locationsPubEKPublic Endorsement KeyThe public portion of the EK.RoTRoot of TrustA component that performs one or more security-specific functions, such as measurement, storage, reporting, verification, and/or update. It is trusted always to behave in the expected manner, because its misbehavior cannot be detected (such as by measurement) under normal operation.RTCRoot of Trust for ConfidentialityAn RoT providing confidentiality for data stored in TPM Shielded Locations.RTIRoot of Trust for IntegrityAn RoT providing integrity for data stored in TPM Shielded LocationsRTMRoot of Trust for MeasurementAn RoT that makes the initial integrity measurement, and adds it to a tamper- resistant log. Note: A PCR in a TPM is normally used to provide tamper evidence because the log is not in a shielded location.RTRRoot of Trust for ReportingAn RoT that reliably provides authenticity and non-repudiation services for the purposes of attesting to the origin and integrity of platform characteristics.RTSRoot of Trust for StorageThe combination of an RTC and an RTIRTURoot of Trust for UpdateAn RTV that verifies the integrity and authenticity of an update payload before initiating the update process.RTVRoot of Trust for VerificationAn RoT that verifies an integrity measurement against a policy.Shielded LocationA place (memory, register, etc.) where it is safe to operate on sensitive data; data locations that can be accessed only by Protected Capabilities.S-CRTMStatic Code Root of Trust for MeasurementAn S-RTM implemented using a CRTM.S-HRTMStatic Hardware Root of Trust for MeasurementAn S-RTM implemented using an HRTM. [NOTE: The TPM 2 Library Specification uses the term H-CRTM introduced in Revision 116.]S-RTMStatic Root of Trust for MeasurementAn RTM where the initial integrity measurement occurs at platform reset. The S-RTM is static because the PCRs associated with it cannot be re-initialized without a platform reset.SRKStorage Root KeyA key with no parent that is the root key of a hierarchy of keys associated with a TPMs Protected Storage function.TSSTCG Software StackUntrusted software services that facilitate the use of the TPM and do not require the protections afforded to the TPM.TPM Shielded LocationA location within a TPM that contains data that is shielded from access by any entity other than the TPM and which may only be operated on by a Protected CapabilityTSSTPM Software StackAn unofficial alias of the term TCG Software Stack. TCG specifications should not use the term TPM Software Stack when referring to the TSSTPM-Protected CapabilityAn operation performed by a TPM on data in a Shielded Location, usually in response to a command sent to the TPMTransitive TrustAlso known as Inductive Trust, in this process a Root of Trust gives a trustworthy description of a second group of functions. Based on this description, an interested entity can determine the trust it is to place in this second group of functions. If the interested entity determines that the trust level of the second group of functions is acceptable, the trust boundary is extended from the Root of Trust to include the second group of functions. In this case, the process can be iterated. The second group of functions can give a trustworthy description of the third group of functions, etc. Transitive trust is used to provide a trustworthy description of platform characteristics, and also to prove that non-migratable keys are non-migratableTrustTrust is the expectation that a device will behave in a particular manner for a specific purpose.TBBTrusted Building BlockThe parts of the Root of Trust that do not have shielded locations or protected capabilities. Typically platform-specific. An example of a TBB is the combination of the CRTM, connection of the CRTM storage to a motherboard, the connection of the TPM to a motherboard, and a mechanisms for determining Physical Presence.Trusted ComponentA Trusted Device within a Trusted Platform or another Trusted Device.Trusted Computing PlatformA Trusted Computing Platform is a computing platform that can be trusted to report its propertiesTrusted DeviceA Trusted Platform that is not intended to reprogrammed except through a maintenance process.Trusted PlatformA platform that uses Roots of Trust to provide reliable reporting of the characteristics that determine its trustworthiness.TPMTrusted Platform ModuleA composite of the RTR and the RTSTPMTrusted Platform ModuleAn implementation of the functions defined in the TCG Trusted Platform Module Specification; the set of Roots of Trust with Shielded Locations and Protected Capabilities. Normally includes just the RTS and the RTR. The set of functions and data that are common to all types of platform, which must be trustworthy if the Subsystem is to be trustworthy; a logical definition in terms of protected capabilities and shielded locations.TPSTrusted-Platform Support ServicesThe set of functions and data that are common to all types of platform, which are not required to be trustworthy (and therefore do not need to be part of the TPM).UserAn entity that is making use of the TPM capabilities. An entity that uses the platform in which a TPM is installed. The only rights that a User has over a TPM are the rights given to the User by the Owner. These rights are expressed in the form of authentication data, given by the Owner to the User, which permits access to entities protected by the TPM. The User of the platform is not necessarily the “owner” of the platform (e.g., in a corporation, the owner of the platform might be the IT department while the User is an employee). There can be multiple Users.Validation CredentialA credential that states values of measurements that should be obtained when measuring a particular part of the platform when the part is functioning as expected.Validation DataData inside a Validation Credential; the values that the integrity measurements should produce when the part of a platform described by the Validation Credential is working correctly.Validation EntityAn entity that issues a Validation Certificate for a component; the manufacturer of that component; an agent of the manufacturer of that componentVerifierAn entity that evaluates credentials to produce a credential. Example 1: the entity that interacts with the TPM using the DAA protocol to verify that the TPM has a valid set of DAA-credentials. The verifier may then produce an AIK credential, without reference to the platform EK. Example 2: the entity that requests, receives, and evaluates attestation information based on the EK. A trusted third party (such as a Privacy CA) may then produce an AIK credential, after verifying the platform EK.皮格马利翁效应心理学指出赞美、赞同能够产生奇迹越具体效果越好~ “收藏夹吃灰”是学“器”练“术”非常聪明的方法帮助我们避免日常低效的勤奋~
