Research on revocation of keys in trusted environment
可信环境下的密钥撤销机制研究*

TPM is not able to destroy collapsed keys, because keys (except for SRK and EK) are stored outside of it. To solve this problem, this paper proposed two mechanisms of revoking TPM keys. Without major changes to the TPM command set, checked the validities of loaded keys by using key lists. While realizing revocation checking effectively, preserved backwards compatibility with the current TCG specifications, and introducted no overhead for normal operation. At last, to improve the efficiency of revoking and loading operations and enhance the practicability of revocation mechanism, proposed the combination of both mechanisms.