可信移动平台身份管理框架

针对网络用户身份管理难题及现有的身份管理方案存在的不足，基于可信移动平台完整性校验、保护存储、域隔离和访问控制以及远程平台校验等安全特性，提出了可信移动平台身份管理方案和协议；构建了对应于口令、证书、指纹等认证方式的身份矩阵；实现了多种方式的身份认证、身份认证审计记录，主密钥、审计密钥、平台AIK私钥的加密存储，以及移动平台的可信验证、加密身份的还原和服务提供者身份标志的查找定位，并实现了身份信息和认证数据的加密传输；进行了安全性分析，结果表明该方案在保护用户身份信息安全的前提下，大大减轻了用户身份管理的

Identity management framework based on trusted mobile platform

According to the fact that it's becoming more and more difficult for network users to manage their identity and there are some faults in current identity management scheme.Based on the security characteristics such as integrity verification,protect storage,domain isolation,access control and remote platform checking that trusted mobile platform possess,this paper put forward identity management scheme and protocol that relied on trusted mobile platform,constructed identity matrix which corresponded to passwords,certificates,fingerprints,realized multimode identity authentication and encryption storage for identity,audit record about identity authentication,master keys,audit key,platform AIK private key,trusted verification for mobile platform,restored from encrypted identity,searched position of service providers identity,encrypted transmission of identity information and authentication information,security analysis had been done.The result indicates that the scheme lighten the user's burden for their own identity management greatly under the circumstance that protect information security of user identity.At the same time,the scheme has some potentials of extension.