Abstract: Trusted computing technology is an important technical to ensure information security which implementation depends on trusted chip. The trusted cryptography module (TCM) is a kind of trusted chip that conforms to Chinese standards. Currently, the TCM application interface defined in functionality and interface specification of cryptographic support platform for trusted computing has some problems, such as the use process is complex and low ease of use, which hinders the application of trusted computing technology. To solve these problems, a set of optimized TCM application layer interface is proposed, which is divided into four modules according to functions, namely cryptography algorithm service module, TCM resource service module, identity authentication service module and platform protection service module. In addition, an optimized method about context resources management and TCM resources recovery is proposed, which can effectively improve the usability of the interface and enhance the recovery capability of TCM resources. Experimental results show that the optimized interface increases the time cost by less than 10% compared with the interface in the specification, but it can significantly reduce the number of lines of core code.

Key words: trusted computing, TCM, information security, performance optimization

摘要： 可信计算技术是保障信息安全的一种重要技术手段，其实现依赖于可信芯片，可信密码模块（Trusted Cryptography Module,TCM）是符合中国标准的一种可信芯片。目前，《可信密码支撑平台功能与接口规范》中定义的TCM的应用接口存在使用过程复杂，易用度不高的问题，阻碍可信计算技术的应用。为解决这些问题，对规范中的接口设计进行优化，提出了一套面向应用层的可信密码模块接口。该接口按照功能划分为四个模块，分别是密码算法服务模块、TCM资源服务模块、身份认证服务模块、平台保护服务模块。此外，提出了采用上下文资源管理与TCM资源回收的优化方法，该方法有效地提高了接口的易用度和增强了对TCM资源回收能力。实验结果表明该套优化设计的接口相对于规范中的接口增加的时间开销不到10%，但是，可以显著降低核心代码的行数。

关键词: 可信计算, 可信密码模块, 信息安全, 性能优化