WoSign EK certificate real-time issuing system of trusted computing made its public appearance in 2014 crypto chip academic conference2014-09-23
Invited by 2014 crypto chip academic conference committee of Chinese Association for Cryptologic Research, WoSign CTO, Mr. Wang Gaohua, attended the meeting in Tsinghua University during the period of September 20 to 22 and delivered a speech titled EK certificate issuing system with trusted computing chip.
The new product of WoSign developed successfully in July made its first public appearance in this conference, the EK certificate real-time issuing system of trusted computing, which is the first domestic EK certificate real-time issuing system that not only meet the standards of international Trusted Computing Group but also satisfy the requirements of Microsoft. All EK certificates, which are supportive of not only RSA cryptographic algorithm but also SM2 domestic cryptographic algorithm, are issued from WoSign root certificate trusted by Windows. It supports to preset two EK certificates, one RSA certificate of international standards and one SM2 certificate of Chinese standards, in the same TMP.
According to the document published in the official website of Microsoft on April 8, all systems preset with trusted platform module 2.0 have to preset an EK certificate in TPM NV RAM. This regulation is applicable to Windows 8.1 Client x86, x64, ARM (Windows RT 8.1) and Windows Server 2012 R2 x64. This will be enforced to go into effect on January 1 in 2015. It also requires that the EK certificate should be issued by Windows-trusted root certificate authorities (like WoSign) which have passed the authentication of Microsoft rather than a self-issued certificate of chip manufacturer or platform. The EKU of certificate should include recognized key certificate OID: 220.127.116.11.1.
In fact, this system is encryption equipment with a certificate issuing system. It looks like an industrial personal computer and is preset with intermediate certificate named to the manufacturer issued by WoSign CA under the root certificate trusted by Windows. All EK certificates will be issued under this specialized intermediate certificate. The system connects with the manufacturing system TCP/IP of TPM manufacturer through RJ45 reticle and enters CSR to output the public key file of EK certificate. The speed of issuing certificates is 5000 certificates per second.
As the only Chinese commercial CA with license of the Ministry of Industry and Information Technology and various international certifications that is able to issue globally-trusted certificates, which are supportive of all browsers, WoSign takes the responsibility to make contributions in the industry of trusted computing. We welcome all kinds of cooperation and make every effort to help all the enterprises in this field to launch TPM products that comply with domestic and international standards as soon as possible.
2014 crypto chip academic conference of Chinese Association for Cryptologic Research (CryptolC 2014) is hosted by crypto chip committee of Chinese Association for Cryptologic Research, co-sponsored by institute of microelectronics of Tsinghua University. This conference aims at exchanging the newest achievement and technologies and discussing about academic trends by bringing together experts and scholars of domestic crypto chip industry, technical personnel of evaluation institute and industry elites. Besides arranging with thesis authors to give speeches of their newest research results, the conference has invited scholars come from Belgium, America, Taiwan and Hong Kong to introduce the latest international dynamics. The conference also invited technical officers of domestic authoritative certification and authentication institute to introduce relevant conditions.