证明是可信计算从体系结构上保障网络服务安全的重要功能。文中介绍了TCG可信计算环境下的认证策略和以TPM为基础的直接匿名认证协议(Direct Anonymous Attestation,DAA),分析了其特点,提出为了获得更好的应用性,对DAA协议进行基于ECC算法的扩展方案。经安全性分析证明,该方案在可信计算环境下只需有限的系统资源,可以有效提高可信网络接入的安全性与可管可控性。 It is proved that trusted computing is an important function to ensure the security of network services from architecture. In this paper, we introduce the authentication strategy in TCG trusted computing environment and the Direct Anonymous Attestation (TPA) -based Direct Anonymous Attestation (DAA), analyze its characteristics, and propose that in order to obtain better applicability, Algorithm expansion plan. The security analysis proves that the scheme only needs limited system resources in the trusted computing environment, which can effectively improve the security and manageability of the trusted network access.