| ID | 原文 | 译文 |
| 45336 | 由于低轨卫星具有通信和持续监测的功能,其在航天领域得到广泛的应用, | Due to the function of communication and continuous monitoring, the low-earth orbit satellites are widely used in the aerospace field. |
| 45337 | 然而现有的卫星通信系统中没有专门的认证系统。 | However, there is no special authentication protocol in the existing satellite communication system. |
| 45338 | 为了解决该问题,针对低轨星座组网设计了轻量级的认证协议,考虑了认证过程中链路切换的情况,对协议进行了仿真验证并与 3GPP AKA 协议进行对比。 | In order to solve this problem, a lightweight authentication protocol which considering the switch of communication path in the authentication process was designed for the low-earth orbit satellites, and the proposed protocol was verified by simulation and compared with the 3GPP AKA protocol. |
| 45339 | 模拟实验结果表明,低轨星座组网认证协议比3GPP AKA 协议效率提高了 20%,同时群组密钥协商时间约为 300 ms。 | The simulation results show that the protocol has a 20% higher efficiency than 3GPP AKA protocol, and the spend of group key agreement protocol is about 300 ms. |
| 45340 | 利用可信计算技术构建可信虚拟平台环境时,如何合理地将底层物理的可信平台模块(TPM, trusted platform module)的证书信任扩展延伸到虚拟机环境是值得关注的问题。 | When using trusted computing technology to build a trusted virtual platform environment, it is a hot problem that how to reasonably extend the underlying physical TPM certificate chain to the virtual machine environment. |
| 45341 | 目前,已有的证书信任扩展方案均不完善,有的方案存在违背 TCG 规范的情况,有的方案增加密钥冗余和 Privacy CA 性能负担,有的方案甚至不能进行证书信任扩展。 | At present, the certificate trust expansion schemes are not perfect, either there is a violation of the TCG specifications, or TP and vTPM certificate results inconsistent, either the presence of key redundancy, or privacy CA performance burden,some project cannot even extend the certificate trust. |
| 45342 | 因此,提出了一种新的可信证书链扩展方法。 | Based on this, a new extension method of trusted certificate chain saw proposed. |
| 45343 | 首先,在 TPM 中新增一类证书——VMEK(virtual machine extension key),并构建对 VMEK 的管理机制,该证书的主要特点是其密钥不可迁移,且可对 TPM 内和TPM 外的数据进行签名和加密。 | Firstly, a new class of certificate called VMEK (virtual machine extension key) was added in TPM, and the management mechanism of certificate VMEK was constructed, the main feature of which was that its key was not transferable and could be used to sign and encrypt the data inside and outside of TPM. |
| 45344 | 其次,利用证书 VMEK 对 vTPM 的 vEK 签名构建底层 TPM 和虚拟机 vTPM 的证书信任关系,实现可信证书链在虚拟机中的延伸。 | Secondly, it used certificate VMEK to sign vTPM’s vEK to build the trust relationship between the underlying TPM and virtual machine, and realized extension of trusted certificate chain in virtual machine. |
| 45345 | 最后,在Xen中实现了VMEK证书及其管理机制和基于VMEK的证书信任扩展。 | Finally, in Xen, VMEK certificate and its management mechanism, and certificate trust extension based on VMEK were realized. |