Abstract: There are some inherent problems in the identity-based authenticated key agreement protocol：key escrow，identity management，unique identity values and secure channel to distribution private key.At present，trusted computing technology provide a good method to solve these problems.With the characteristics of EK and tpmproof keys in the TPM platform，combining with McCullagh-Barreto authenticated key agreement protocol，the paper proposes a TPM platform based authenticated key agreement protocol in trusted computing，the protocol provide a better solution to the above mentioned problems of the identity-based authenticated key agreement protocol.Especially，the security properties of the protocol are analyzed in detail in Canetti-Krawczyk model.The results indicate that the protocol has the corresponding security attributes in CK security model such as known key security，perfect forward secrecy，key-compromise impersonation.

Key words: trusted computing, key agreement protocol, authenticated key agreement, Canetti-Krawczyk model

摘要： 基于身份的认证密钥协商协议存在密钥托管、ID管理、ID唯一性和私钥的安全分发等问题，目前的可信计算技术为此提供了很好的解决方案。利用TPM平台中EK和tpmproof唯一性的特点，结合McCullagh-Barreto认证密钥协商协议思想，提出了一个在可信计算环境下基于TPM的认证密钥协商协议，该协议较好地解决了上述基于身份的密钥协商协议所存在的问题。用CK模型对所提协议进行了安全性分析，结果表明该协议具备已知密钥安全性，完善前向保密性及密钥泄露安全性等CK安全模型下相应的安全属性。

关键词: 可信计算, 密钥协商协议, 认证密钥协商, Canetti-Krawczyk模型