In order to solve the issue that existing direct anonymous attestation (DAA) scheme can not operate effectively in different domains, based on the original DAA scheme, a novel direct anonymous attestation protocol used in multi domains environment is proposed and designed, in which, the certificate issuer located in outside of domain can be considered as a proxy server to issue the DAA certificate for valid member nodes directly. Our designed mechanism accords with present trusted computing group (TCG) international specification, and can solve the problems of practical authentication and privacy information protection between different trusted domains efficiently. Compared with present DAA scheme, in our protocol, the anonymity, unforgeability can be guaranteed, and the replay-attack also can be avoided. It has important referenced and practical application value in trusted computing field.

• 出版日期2010-10