Abstract: A method including restarting configured measurement objects in an order of chains of trust; measuring characteristic values of the restarted measurement objects one by one and matching the characteristic values with pre-stored trusted reference characteristic values; and performing corresponding operations according to a matching result. The present disclosure resolves the technical problem that a system startup failure may easily occur due to the lack of a complete trusted policy management solution in the conventional techniques.

Abstract: The disclosure provides a key generation method and apparatus. The key generation method comprises: encrypting a first key factor generated by a first device with an initial key, and sending the encrypted first key factor to a second device through a first secure channel, wherein the initial key is a key preset for the first device and the second device; receiving, through the first secure channel, a second key factor encrypted with the initial key, wherein the second key factor is generated by the second device; decrypting the second key factor encrypted with the initial key and received through the first secure channel, so as to obtain the second key factor; and generating a shared key between the first device and the second device according to the first key factor and the second key factor.

Abstract: A trusted measuring method including: measuring, by a trusted platform control module, itself after being powered on; measuring, by the trusted platform control module, a high-speed encryption/decryption module when the measurement of the trusted platform control module by itself is valid; and measuring, by the trusted platform control module in combination with the high-speed encryption/decryption module, the integrity of a platform and a system when the measurement of the high-speed encryption/decryption module by the trusted platform control module is valid. The measuring process includes: calculating a measurement object by using a predetermined algorithm, comparing the calculation result with a pre-stored verification reference value, and determining that the integrity of the measurement object is not destroyed if the comparison result is consistent.

Abstract: Methods, apparatuses, systems, storage media, and computing devices for updating a measurement are disclosed. One of the methods includes: detecting that an application device initiates a measurement update, wherein the measurement update includes at least one of: an object update that updates a measurement object, and a policy update that updates a policy; and performing measurement update processing upon verifying that the measurement update satisfies a predetermined condition, wherein the measurement update processing includes performing an update process on at least one of content included in an execution of a measurement process, and wherein the measurement process includes calculating a measurement object using a predetermined algorithm, comparing a calculation result with a pre-stored verification reference value, and determining that an integrity of the measurement object is not corrupted if a comparison result is consistent.

Abstract: A method for quantum key output is disclosed. The method can be implemented by a first quantum key management device. The method can comprise acquiring a first quantum key from a first quantum key distribution device, according to the obtained first key acquisition request, and storing the acquired first quantum key in a first management device address range in a first storage media, the first management device address range having the same address range indicator as a second management device address range in a second storage media for storing a corresponding second quantum key acquired by a second quantum key management device, wherein the address range indicator is one of a pair of head address and a tail address, a head address and a range length, or a head address and a length of one of the first quantum key or the second quantum key.

Abstract: A method including receiving, by a security chip, a user key in plaintext request sent by a cryptographic operation chip, wherein the user key in plaintext is used for processing to-be-processed data; acquiring, by the security chip, a storage key in plaintext for decrypting a user key in ciphertext; decrypting, by the security chip, the user key in ciphertext by using the storage key in plaintext to obtain the user key in plaintext; and sending, by the security chip, the user key in plaintext back to the cryptographic operation chip. The present disclosure solves the technical problems in the conventional techniques of how to guarantee the security of a user key and how to prevent its exposure during transmission, such that the user key may be securely used to process user data.

Abstract: A method including receiving, by a cryptographic operation chip, a cryptographic operation request; measuring, by the cryptographic operation chip, cryptographic operation algorithm firmware by using a cryptographic operation measurement root to obtain a first measurement result, and sending, by the cryptographic operation chip, the obtained first measurement result to a security chip; receiving, by the cryptographic operation chip, a comparison result fed back by the security chip, wherein the comparison result is a result determined by the security chip and indicating whether the first measurement result is the same as a second measurement result stored in advance; and performing, by the cryptographic operation chip, a cryptographic operation when the comparison result indicates that the first measurement result is the same as the second measurement result.

Abstract: Key processing methods and apparatuses, storage media, and processors are disclosed. A method includes: a security chip receiving a dynamic measurement request for a cryptographic operation; and the security chip generating a child key of a platform measurement root key based on the platform measurement root key and a random number, wherein the child key of the platform measurement root key is used for encrypting a loading process and an execution process measured by a dynamic measurement module, and the dynamic measurement module is a module used for measuring a firmware that performs cryptographic operations. The present disclosures solves the technical problems that existing key processing methods cannot guarantee the integrity of cryptographic operation algorithm firmware and the credibility of cryptographic operation execution environments during a cryptographic operation process.

Abstract: Cryptographic operation processing methods, apparatuses and systems are disclosed. A method includes: a trusted forwarding module receiving a cryptographic operation request; and the trusted forwarding module transmitting the cryptographic operation request to a security chip if the cryptographic operation request has a dynamic measurement requirement, wherein a cryptographic operation chip performs cryptographic operation processing after the security chip completes the dynamic measurement requirement, the dynamic measurement requirement being used for indicating that a dynamic measurement module is needed to be measured, and the dynamic measurement module being a measurement entity used for measuring a firmware that performs cryptographic operations. The present disclosure solves the technical problems of failing to satisfy the independent needs of users with respect to measurements, lacking trusted computing resources, and having computational insecurity.

Abstract: A method for quantum key output is disclosed. The method may be implemented by a first quantum key management device. The method may comprise obtaining a first key acquisition request from a first data device, acquiring a first quantum key from a first quantum key distribution device, according to the obtained first key acquisition request, storing the acquired first quantum key in a same management device address range as a corresponding second quantum key acquired by a second quantum key management device, performing a first consistency verification including determining whether the first quantum key is the same as the second quantum key, and sending the first quantum key to the first data device, if the first quantum key is determined to be the same as the second quantum key.

Abstract: One embodiment described herein provides a system and method for secure data storage. During operation, a client device selects a quantum data key from a plurality of quantum data keys shared between the client device and a storage server, encrypts to-be-stored data using the selected quantum data key, and transmits a data-storage request to the storage server. The data-storage request comprises a key-identifier of the selected quantum data key and the encrypted data.

Abstract: Measurement methods, devices and systems based on a trusted high-speed encryption card are disclosed. One of the methods includes: a BIOS actively measuring at least one firmware in a device if an integrity measurement result made by a trusted security chip for the BIOS indicates that the integrity thereof is not corrupted; loading one or more firmware if the integrity of the one or more firmware in the device actively measured by the BIOS is not corrupted; and forbidding a system of the device from being started or controlling the system to enter into a non-secure mode if the integrity of one or more firmware in the device actively measured by the BIOS is corrupted.

Abstract: A method including a security chip receiving a cryptographic operation request; the security chip acquiring a measurement result, wherein the measurement result is a result of measuring a dynamic measurement module in a cryptographic operation module by using a platform measurement root; and the security chip starting a cryptographic operation when determining that the measurement result is identical to a pre-stored standard value. The present disclosure solves a technical problem of failure to guarantee a dynamic trust for measurement code when starting dynamic measurement of a cryptographic operation.

Abstract: Methods and systems for activating measurement based on a trusted card are provided. The method includes loading, by a security chip, a trusted metric root for a metric object to a host processor, wherein the trusted metric root is an encrypted metric root; receiving, by the security chip, a processing result after the host processor performs asymmetric encryption and decryption processing on the trusted metric root, wherein the processing result includes metric object data encrypted by a public key; decrypting, by the security chip, the metric object data encrypted by the public key; and determining, by the security chip, integrity of the metric object by performing a comparison on decrypted metric object data.

Abstract: Identity information processing method and apparatus are disclosed. The method includes: obtaining customized information of a user process on an integrated chip; determining a target operational firmware preloaded on a reconfigurable chip according to the customized information; generating first process identity information used for verifying the user process based on the target operational firmware and a fixed operational firmware of a non-reconfigurable chip; and providing the first process identity information to a privacy certificate issuing authority for performing firmware legitimacy verification of an operational firmware to determine that an identity of the user process is legitimate according to a result of the firmware legitimacy verification.

Abstract: A data processing method based on an integrated chip is provided. The method includes providing computing information of a trusted computing chip to a high-speed encryption chip, and invoking the high-speed encryption chip to perform data encryption or trusted computing based on the computing information. As such, after these two types of chips are integrated, these two types of secure computing (the trusted computing and the data encryption) can share common computing information. Compared with using individual sets of computing information before integration, corresponding hardware and management costs are reduced. Moreover, the trusted computing chip is superior to the high-speed encryption chip in terms of functional integrity and reliability for data encryption functions. Storing the computing information by the trusted computing chip can improve the security of the data encryption.

Abstract: The present application discloses an authentication method used in a QKD process, and further discloses additional authentication methods and corresponding apparatuses, as well as an authentication system. The method comprises: selecting, by a transmitter according to a basis selection rule, a basis of preparation for transmitter authentication information that is generated with a first pre-provisioned algorithm and varies dynamically, and transmitting quantum states containing key information and the transmitter authentication information; and measuring, by a receiver, quantum states of the transmitter authentication information according to the basis selection rule, and ending the QKD process if a measurement result is inconsistent with corresponding information calculated with the first pre-provisioned algorithm.

Abstract: One embodiment provide a system and method for detecting eavesdropping while establishing secure communication between a local node and a remote node. During operation, the local node generates a random key and a regular optical signal based on the random key. The local node also generates a quantum optical signal based on a control sequence and a set of quantum state bases, and multiplexes the regular optical signal and the quantum optical signal to produce a hybrid optical signal. The local node transmits the hybrid optical signal to the remote node, sends information associated with the control sequence and information associated with the set of quantum state bases to the remote node, and receives an eavesdropping-detection result from the remote node based on measurement of the quantum optical signal, the information associated with the control sequence, and the information associated with the set of quantum state bases.

Abstract: One embodiment described herein provides a system and method for secure attestation. During operation, a Trusted Platform Module (TPM) of a trusted platform receives a request for an attestation key from an application module configured to run an application on the trusted platform. The request comprises a first nonce generated by the application module. The TPM computes an attestation public/private key pair based on the first nonce and a second nonce, which is generated by the TPM, computes TPM identity information based on a unique identifier of the TPM and attestation key, and transmits a public key of the attestation public/private key pair and the TPM identity information to the application module, thereby enabling the application module to verify the public key of the attestation public/private key pair based on the TPM identity information.

Abstract: A file processing method including monitoring an operation request for operating a file; acquiring an operation feature of the operation if the operation request is monitored; and analyzing the operation feature, and determining to trigger a trusted chip to encrypt the file. The present disclosure solves the technical problems of low processing accuracy and high cost of the file processing method in the conventional techniques.