面向Web服务的可信身份认证和版权保护机制

项目名称： 面向Web服务的可信身份认证和版权保护机制

项目编号： No.61272420

项目类型： 面上项目

立项/批准年度： 2013

项目学科： 自动化技术、计算机技术

项目作者： 张功萱

作者单位： 南京理工大学

项目金额： 81万元

中文摘要： Web 服务是基于消息驱动和XML/SOAP通讯机制的跨平台服务技术，提供便利的同时需要保证访问者身份的可信性。可信计算是由可信计算组织推动和开发并以TPM为核心的技术，把CPU、BIOS、操作系统、应用软件等融为一体的完整体系结构，以提高系统整体的安全性。课题围绕Web服务平台，植入可信计算的一些核心技术，构建可信IP核，研究可信身份认证机制，将用户身份证明与平台信息紧密绑定，为Web服务身份认证提供可信身份凭证。此外，对Web服务应用软件探讨版权保护策略，旨在提高Web应用系统访问的可靠性，并在应用数字版权管理的身份认证、使用控制、授权管理等技术的基础上，结合可信计算平台模块- - TPM/TCM的签注密钥、安全输入输出、储存器屏蔽、密封储存和远程认证等关键技术，对软件版权保护策略和技术进行科学的研究和探讨，力求给出安全程度高、通用性较强、符合技术创新要求的版权保护策略和技术实现。

中文关键词： 可信计算；工作流调度；身份认证；离散系统；无缝切换

英文摘要： The web service is a kind of cross-platform service technology based on message-driven and XML/SOAP communication schema. Although it provides convenient accessing for user, it is requirement to ensure the credibility of user's identity. Trusted computing technology, promoted and developed by Trusted Computing Group, is the technology that many algorithms are encapsulated into a chip (called TPM chip). It is a complete system which integrates CPU, BIOS, operating system and applied software, and its goals are enhancing the whole security of system. Some key techniques of trusted computing based on Web service platform will be implanted in the project, which includes constructing trusted IP cores, studying the mechanism of trusted Identity authentication, tightly bounding Identity authentication to the platform. The proposed mechanism will provide a trusted license for Web service identity authentication. Furthermore, in order to improve the access reliability for the applied software of web services, digital right protection strategy will be also proposed. In detail, the software digital right protection strategy will be discussed as following: based on identity authentication, access control and accreditation management of digital right management, and combined core trusted computing techniques, such as TPM/TCM

英文关键词： trusted computing；workflow scheduling；identity authentication；discrete system；seamless switching