CN101741842A - Method for realizing dependable SSH based on dependable computing - Google Patents

Method for realizing dependable SSH based on dependable computing Download PDF

Info

Publication number
CN101741842A
CN101741842A CN200910241782A CN200910241782A CN101741842A CN 101741842 A CN101741842 A CN 101741842A CN 200910241782 A CN200910241782 A CN 200910241782A CN 200910241782 A CN200910241782 A CN 200910241782A CN 101741842 A CN101741842 A CN 101741842A
Authority
CN
China
Prior art keywords
aik
pcr
hash
client
msg
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN200910241782A
Other languages
Chinese (zh)
Other versions
CN101741842B (en
Inventor
常晓林
左向晖
韩臻
刘吉强
刘新明
邢彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
Original Assignee
Beijing Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University filed Critical Beijing Jiaotong University
Priority to CN2009102417827A priority Critical patent/CN101741842B/en
Publication of CN101741842A publication Critical patent/CN101741842A/en
Application granted granted Critical
Publication of CN101741842B publication Critical patent/CN101741842B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention provides a method for realizing dependable SSH based on dependable computing. The method integrates remote authentication of the dependable computing with key exchange of an SSH protocol so as to closely combine platform status information verification with session key negotiation; and the method enhances the security of data at a communication end point on the premise that safe transmission of the data is ensured. The method requires that both a server and a client are provided with dependable security chips; and the platform status can be measured by a measurement module and a dependable operating system. The method can not only effectively prevent the security threat that the communication with an unknown end point by using a security channel may undergo various attacks in the SSH protocol, but also effectively protect against replay attack, impersonation attack and man-in-the-middle attack.

Description

A kind of method that realizes trusted SSH based on credible calculating
Technical field
The present invention relates to field of computer information security, be meant a kind of method that realizes trusted SSH based on credible calculating especially.
Background technology
SSH (Secure Shell) agreement is that the network work group of IETF has formulated a security protocol, is used to protect the data of transmitting between client and the server end.The SSH agreement has adopted the hierarchy design, comprises four sub-protocols: SSH transport layer sub-protocol, authentification of user sub-protocol, connexon agreement and file transfer sub-protocol.Preceding two sub-protocols are performed at first successively, wherein SSH transport layer sub-protocol is responsible for setting up escape way the server and client side, this sub-protocol comprises protocol version exchange, parameter negotiation (comprising the series of algorithms of using in key exchange method and the key exchange process) and three processes of cipher key change, a session key be will negotiate behind this sub-protocol end of run, the authentication information of encrypting user authentication phase, the communication data of access phase communicating pair and file transfer phase communication both sides' communication data will be used for.Fig. 1 is the flow chart of the transport layer sub-protocol of SSH protocol specification definition, wherein k cAnd k sBe respectively the key that the client and server end produces, sign sThe signing messages of representative server, the public key certificate of Cert (server) representative server.The SSH agreement can be used for remote command execution, the telefile transmission of safety, the TCP/IP port of safe Telnet, safety and transmits or the like.Though the SSH agreement allows server and client to carry out authentication mutually; but the SSH agreement is not considered the communication terminal fail safe of (comprising the server and client side); do not provide protection not do checking to the software that moves on the terminal yet, that is to say that present SSH protocol specification do not realize trusted channel.Trusted channel is the secured communication channel that and the software and hardware configuration state of terminal carry out secure binding.
Security threats such as existing P C system is attacked by malicious code easily in network times, information is illegally stolen, data and system's unauthorised broken.The attack method of many infringement terminals is to implement by the malicious code that injects various ways such as virus, worm, wooden horse, spyware, fishing software rather than by the infringement safe lane, therefore with unknown endpoint communication the time, even passage safe in utilization still suffers a series of attacks.The safety problem of computerized information is difficult to depend merely on software and solves, in order to solve the existing structural unsafe problems of PC, fundamentally improve its credibility, the TCPA of credible calculating platform alliance (renaming TCG afterwards as) proposes to guarantee by the fail safe that strengthens existing terminal architecture the safety of whole system, and core concept is to introduce credible platform module (the being called credible chip again) TPM with safe storage and encryption function on hardware platform.Credible calculating platform is root of trust with TPM, by credible metric function system platform configuration is measured, safely running situation is recorded in the platform configuration register (PCR) among the TPM then, preserves the tolerance storing daily record SML (storage measurement log) of the integrity measurement history of having represented the credible platform that is verified simultaneously in system.The long-distance user according to SML judge with relevant PCR value whether this running environment credible, whether some link safety problem occurs, this process is known as remote proving.In the TCG standard, TPM uses proof of identification key A IK (attestation identity key) to prove the identity of oneself, and every entity through the AIK signature all shows the processing of having passed through TPM.For prevent to reset, distort, attack such as personation, the remote proving process uses AIK to guarantee that the information of receiving handles through a certain appointment TPM.Fig. 2 is the flow chart of remote proving agreement of the researcher design of American I BM company.In this remote proving process, verify that at first the requestor generates a 160bit random number and is designated as nonce, and send to the authenticatee; The authenticatee asks the private key SK of built-in TPM with AIK after receiving nonce AIKValue and nonce to the PCR of appointment sign, and the signature result is designated as Quote, then Quote, SML and AIK public key certificate Cert (AIK) are sent to the checking requestor; Verify that at last the requestor verifies the content that receives, and determines the authenticity of remote computing platform identity and institute's report content thereof.
Credible calculating can improve the security intensity of escape way technology by the fail safe that improves terminal, but also is not applied to the research report or the software of SSH agreement at present about the remote proving with credible calculating.
Summary of the invention
The objective of the invention is to avoid above-mentioned weak point of the prior art and a kind of method that realizes trusted SSH based on credible calculating is provided.This method is by carrying out organic combination with the remote proving of credible calculating and these two processes of cipher key change of SSH agreement, realized combining closely of platform status information checking and session key agreement, under the prerequisite of transmission that guarantees data security, strengthened the fail safe of data at communication end point.
Purpose of the present invention can reach by following measure:
A kind of method that realizes trusted SSH based on credible calculating, the remote proving of credible calculating and these two processes of cipher key change of SSH agreement are carried out organic combination, thereby the checking of implementation platform state information is combined closely with session key agreement, this method relates to the client and server end, and the concrete steps of its method are as follows:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, and negotiate content also comprises the numbering of the PCR that the platform status information checking will be used except the content of SSH agreement regulation; Client and server end are noted the information received in the parameter-negotiation procedure and the information of transmission respectively in addition, and leave Msg in respectively 1 cAnd Msg 1 s
Step 2, client send information to server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k c=g xMod p, and to V_C||V_S||Msg 1 c|| Msg 1 s|| PUK AIK c|| k cCarry out Hash operation, Hash operation result is designated as hash cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then c, use SK AIK cTo PCR c|| hash cSign, signature result note is made sign cAt last will
Figure G2009102417827D0000032
Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || expression link, SK AIK c, PUK AIK cAnd Cert AIK cBe respectively private key, PKI and the public key certificate of customer end A IK, SML cThe tolerance storing daily record of expression client platform;
Step 3, the server end checking client: server end is received Msg 2 cAfter, at first verify Cert AIK cValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert AIK cIn PKI PUK AIK cFrom sign cThe middle SML that obtains in the step 2 c, hash cAnd PCR c, and note is made t_SML respectively S, t_hash SAnd t_PCR SThen to V_C and the V_S and the Msg of self record 1 cAnd Msg 1 s, and received PUK AIK cAnd Msg 2 cIn k cDo Hash operation, the result's note after the Hash operation is made s_hash S, check t_hash SAnd s_hash SWhether mate,, then stop key exchange process if do not match; If end value is calculated and obtained to coupling then according to the whole integrity measurement process of t_SML reconstruct client,, note is made s_PCR S, judge s_PCR SWith t_PCR SWhether mate,, then stop key exchange process if do not match; If coupling then enters step 4;
Step 4, server end send information to client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k s=g yMod p and k Sc=(k c) yMod p, and to V_C||V_S||Msg 1 c|| Msg 1 s|| Msg 2 c|| PUK AIK s|| k c|| k s|| k ScCarry out Hash operation, Hash operation result is designated as hash S, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR S, use SK AIK sTo PCR S|| hash SSign, signature result note is made sign sAt last will
Figure G2009102417827D0000041
Send to client; SK wherein AIK s, PUK AIK sAnd Cert AIK sBe private key, PKI and the public key certificate of server end AIK, SML SThe tolerance storing daily record of expression server end platform;
Step 5, the client validation server end: client is received Msg 2 sAfter, at first verify Cert AIK sValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert AIK sIn PKI PUK AIK sFrom sign sThe middle SML that obtains in the step 4 S, hash SAnd PCR S, and note is made t_SML respectively c, t_hash cAnd t_PCR cCalculate k then Cs=(k s) xMod p, and to V_C and the V_S and the Msg of self record 1 cAnd Msg 1 sAnd Msg 2 cAnd k c, and the PUK that receives AIK sAnd Msg 2 sIn k s, k CsCarry out Hash operation, the result's note after the Hash operation is made c_hash cCheck t_hash cAnd c_hash cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end c, judge c_PCR cWith t_PCR cWhether mate,, then stop key exchange process if do not match; If coupling then enters step 6;
Step 6, client and server end send " new session key affirmation " confirmation mutually, finish key exchange process.
The present invention has following advantage compared to existing technology: this method has been taken precautions against the security threat that utilizes escape way and unknown endpoint communication still may suffer various attack that exists in the SSH agreement effectively, has taken precautions against Replay Attack, impersonation attack and man-in-the-middle attack simultaneously effectively.
Description of drawings
Fig. 1 is the flow chart of the transport layer sub-protocol of SSH protocol specification definition;
Fig. 2 is the flow chart of remote proving agreement of the researcher design of American I BM company;
Fig. 3 is a flow chart of having integrated the key exchange method of Fig. 1 and Fig. 2 provided by the present invention.
Specific embodiment
Method provided by the invention supposes that on hardware the server and client side is furnished with credible and secure chip, and server and client side's BIOS supports TPM; The hypothesis server and client side installs metric module and trusted operating system on software.The entity that metric module decision is measured, measuring period and security maintenance tolerance result's method, its major function comprise the metric that calculates those entities of being measured, will measure logout to measuring storing daily record and metric being charged to the PCR of appointment among the TPM.The method that metric is charged to PCR is: new PCR value=hash (former PCR value || metric).The tolerance storing daily record comprises at least: information, metric and the measuring period of the entity of being measured.
Below in conjunction with Fig. 3 the cipher key change flow process of the SSH agreement of having integrated credible calculating remote proving is elaborated:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, and negotiate content also comprises the numbering of the PCR that the platform status information checking will be used except the content of SSH agreement regulation; Client and server end are noted the information received in the parameter-negotiation procedure and the information of transmission respectively in addition, and leave Msg in respectively 1 cAnd Msg 1 s
Step 2, client send information to server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k c=g xMod p, and to V_C||V_S||Msg 1 c|| Msg 1 s|| PUK AIK c|| k cCarry out Hash operation, Hash operation result is designated as hash cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then c, use SK AIK cTo PCR c|| hash cSign, signature result note is made sign cAt last will
Figure G2009102417827D0000062
Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || expression link, SK AIK c, PUK AIK cAnd Cert AIK cBe respectively private key, PKI and the public key certificate of customer end A IK, SML cThe tolerance storing daily record of expression client platform.
Step 3, the server end checking client: server end is received Msg 2 cAfter, at first verify Cert AIK cValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert AIK cIn PKI PUK AIK cFrom sign cThe middle SML that obtains in the step 2 c, hash cAnd PCR c, and note is made t_SML respectively S, t_hash SAnd t_PCR SThen to V_C and the V_S and the Msg of self record 1 cAnd Msg 1 s, and received PUK AIK cAnd Msg 2 cIn k cDo Hash operation, the result's note after the Hash operation is made s_hash S, check t_hash SAnd s_hash SWhether mate,, then stop key exchange process if do not match; If end value is calculated and obtained to coupling then according to the whole integrity measurement process of t_SML reconstruct client,, note is made s_PCR S, judge s_PCR SWith t_PCR SWhether mate,, then stop key exchange process if do not match; If coupling then enters step 4.
Step 4, server end send information to client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k s=g yMod p and k Sc=(k c) yMod p, and to V_C||V_S||Msg 1 c|| Msg 1 s|| Msg 2 c|| PUK AIK s|| k c| k s|| k ScCarry out Hash operation, Hash operation result is designated as hash S, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR S, use SK AIK sTo PCR S|| hash SSign, signature result note is made sign sAt last will
Figure G2009102417827D0000071
Send to client; SK wherein AIK s, PUK AIK sAnd Cert AIK sBe private key, PKI and the public key certificate of server end AIK, SML SThe tolerance storing daily record of expression server end platform.
Step 5, the client validation server end: client is received Msg 2 sAfter, at first verify Cert AIK sValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert AIK sIn PKI PUK AIK sFrom sign sThe middle SML that obtains in the step 4 S, hash SAnd PCR S, and note is made t_SML respectively c, t_hash cAnd t_PCR cCalculate k then Cs=(k s) xMod p, and to V_C and the V_S and the Msg of self record 1 cAnd Msg 1 sAnd Msg 2 cAnd k c, k Cs, and the PUK that receives AIK sAnd Msg 2 sIn k sCarry out Hash operation, the result's note after the Hash operation is made c_hash cCheck t_hash cAnd c_hash cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end c, judge c_PCR cWith t_PCR cWhether mate,, then stop key exchange process if do not match; If coupling then enters step 6.
Step 6, client and server end send " new session key affirmation " confirmation mutually, finish key exchange process.
Pass through said method, utilize escape way and unknown endpoint communication that the SSH agreement exists still may suffer the safety problem of various attack to obtain effective solution, realized the SSH trusted channel, and Replay Attack, impersonation attack and man-in-the-middle attack have also obtained effective strick precaution.

Claims (1)

1. method that realizes trusted SSH based on credible calculating, it is characterized in that: the remote proving of credible calculating and these two processes of cipher key change of SSH agreement are carried out organic combination, thereby the checking of implementation platform state information is combined closely with session key agreement, this method relates to the client and server end, and the concrete steps of its method are as follows:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, and negotiate content also comprises the numbering of the PCR that the platform status information checking will be used except the content of SSH agreement regulation; Client and server end are noted the information received in the parameter-negotiation procedure and the information of transmission respectively in addition, and leave Msg in respectively l cAnd Msg l s
Step 2, client send information to server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k c=g xModp, and to V_C||V_S||Msg l c|| Msg l s|| PUK AIK c|| k cCarry out Hash operation, Hash operation result is designated as hash cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then c, use SK AIK cTo PCR c|| hash cSign, signature result note is made sign cAt last will
Figure F2009102417827C0000011
Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || expression link, SK AIK c, PUK AIK cAnd Cert AIK cBe respectively private key, PKI and the public key certificate of customer end A IK, SML cThe tolerance storing daily record of expression client platform;
Step 3, the server end checking client: server end is received Msg 2 cAfter, at first verify Cert AIK cValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert AIK cIn PKI PUK AIK cFrom sign cThe middle SML that obtains in the step 2 c, hash cAnd PCR c, and note is made t_SML respectively S, t_hash SAnd t_PCR SThen to V_C and the V_S and the Msg of self record I cAnd Msg I s, and received PUK AIK cAnd Msg 2 cIn k cDo Hash operation, the result's note after the Hash operation is made s_hash S, check t_hash SAnd s_hash SWhether mate,, then stop key exchange process if do not match; If end value is calculated and obtained to coupling then according to the whole integrity measurement process of t_SML reconstruct client,, note is made s_PCR S, judge s_PCR SWith t_PCR SWhether mate,, then stop key exchange process if do not match; If coupling then enters step 4;
Step 4, server end send information to client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k s=g yModp and k Sc=(k c) yModp, and to V_C||V_S||Msg 1 cMsg 1 cMsg 2 c|| PUK AIK s|| k c|| k s|| k ScCarry out Hash operation, Hash operation result is designated as hash S, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR S, use SK AIK sTo PCR S|| hash SSign, signature result note is made sign sAt last will
Figure F2009102417827C0000021
Send to client; SK wherein AIK S, PUK AIK SAnd Cert AIK SBe private key, PKI and the public key certificate of server end AIK, SML SThe tolerance storing daily record of expression server end platform;
Step 5, the client validation server end: client is received Msg 2 sAfter, at first verify Cert AIK SValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert AIK SIn PKI PUK AIK SFrom sign sThe middle SML that obtains in the step 4 S, hash SAnd PCR S, and note is made t_SML respectively c, t_hash cAnd t_PCR cCalculate k then Cs=(k s) xModp, and to V_C and the V_S and the Msg of self record 1 cAnd Msg 1 cAnd Msg 2 cAnd k c, and the PUK that receives AIK SAnd Msg 2 sIn k s, k CsCarry out Hash operation, the result's note after the Hash operation is made c_hash cCheck t_hash cAnd c_hash cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end c, judge c_PCR cWith t_PCR cWhether mate,, then stop key exchange process if do not match; If coupling then enters step 6;
Step 6, client and server end send " new session key affirmation " confirmation mutually, finish key exchange process.
CN2009102417827A 2009-12-07 2009-12-07 Method for realizing dependable SSH based on dependable computing Expired - Fee Related CN101741842B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009102417827A CN101741842B (en) 2009-12-07 2009-12-07 Method for realizing dependable SSH based on dependable computing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009102417827A CN101741842B (en) 2009-12-07 2009-12-07 Method for realizing dependable SSH based on dependable computing

Publications (2)

Publication Number Publication Date
CN101741842A true CN101741842A (en) 2010-06-16
CN101741842B CN101741842B (en) 2012-07-04

Family

ID=42464728

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009102417827A Expired - Fee Related CN101741842B (en) 2009-12-07 2009-12-07 Method for realizing dependable SSH based on dependable computing

Country Status (1)

Country Link
CN (1) CN101741842B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101888383A (en) * 2010-06-30 2010-11-17 北京交通大学 Method for implementing extensible trusted SSH
CN101902472A (en) * 2010-07-09 2010-12-01 北京工业大学 Method for pushing remote declaration based on behaviors in trusted network
CN104137111A (en) * 2012-10-31 2014-11-05 索尼公司 Information processing apparatus, information processing system, information processing method and computer program
CN104333451A (en) * 2014-10-21 2015-02-04 广东金赋信息科技有限公司 Trusted self-help service system
CN104394129A (en) * 2014-11-05 2015-03-04 中国科学院声学研究所 Secure shell 2 (SSH2) protocol data acquisition method and device
CN108111301A (en) * 2017-12-13 2018-06-01 中国联合网络通信集团有限公司 The method and its system for realizing SSH agreements are exchanged based on rear quantum key
US10019604B2 (en) 2014-10-31 2018-07-10 Xiaomi Inc. Method and apparatus of verifying terminal and medium
CN111654371A (en) * 2020-06-16 2020-09-11 可信计算科技(苏州)有限公司 Trusted computing-based hybrid encryption secure data transmission method
CN112491867A (en) * 2020-11-24 2021-03-12 北京航空航天大学 SSH man-in-the-middle attack detection system based on session similarity analysis
CN112685779A (en) * 2020-12-31 2021-04-20 天津南大通用数据技术股份有限公司 Static credibility judgment method for executing main keywords of select statement based on database
CN113487811A (en) * 2016-08-30 2021-10-08 Ncr公司 Secure process emulation detection
CN114500085A (en) * 2022-02-21 2022-05-13 河南科技大学 Remote certification protocol for multimedia edge cloud security
CN115085966A (en) * 2022-04-28 2022-09-20 麒麟软件有限公司 Method for establishing openpts remote trusted connection
CN115348070A (en) * 2022-08-10 2022-11-15 中国电信股份有限公司 Data packet processing method and device, electronic equipment and storage medium
CN115378740A (en) * 2022-10-25 2022-11-22 麒麟软件有限公司 Method for realizing bidirectional authentication login based on trusted opennsh
CN116049826A (en) * 2022-06-09 2023-05-02 荣耀终端有限公司 TPM-based data protection method, electronic equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101217549A (en) * 2008-01-17 2008-07-09 赵运磊 A SSH transport layer certification protocol of high efficiency, non-forging and without digital signature
US8769129B2 (en) * 2007-11-14 2014-07-01 Juniper Networks, Inc. Server initiated secure network connection

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101888383B (en) * 2010-06-30 2013-07-31 北京交通大学 Method for implementing extensible trusted SSH
CN101888383A (en) * 2010-06-30 2010-11-17 北京交通大学 Method for implementing extensible trusted SSH
CN101902472A (en) * 2010-07-09 2010-12-01 北京工业大学 Method for pushing remote declaration based on behaviors in trusted network
CN101902472B (en) * 2010-07-09 2013-04-24 北京工业大学 Method for pushing remote declaration based on behaviors in trusted network
CN104137111A (en) * 2012-10-31 2014-11-05 索尼公司 Information processing apparatus, information processing system, information processing method and computer program
CN104333451A (en) * 2014-10-21 2015-02-04 广东金赋信息科技有限公司 Trusted self-help service system
US10019604B2 (en) 2014-10-31 2018-07-10 Xiaomi Inc. Method and apparatus of verifying terminal and medium
CN104394129A (en) * 2014-11-05 2015-03-04 中国科学院声学研究所 Secure shell 2 (SSH2) protocol data acquisition method and device
CN104394129B (en) * 2014-11-05 2017-10-17 中国科学院声学研究所 The acquisition method and device of Secure Shell SSH2 protocol datas
WO2016070538A1 (en) * 2014-11-05 2016-05-12 中国科学院声学研究所 Secure shell (ssh2) protocol data collection method and device
CN113487811A (en) * 2016-08-30 2021-10-08 Ncr公司 Secure process emulation detection
CN108111301A (en) * 2017-12-13 2018-06-01 中国联合网络通信集团有限公司 The method and its system for realizing SSH agreements are exchanged based on rear quantum key
CN108111301B (en) * 2017-12-13 2021-06-15 中国联合网络通信集团有限公司 Method and system for realizing SSH protocol based on post-quantum key exchange
CN111654371A (en) * 2020-06-16 2020-09-11 可信计算科技(苏州)有限公司 Trusted computing-based hybrid encryption secure data transmission method
CN112491867A (en) * 2020-11-24 2021-03-12 北京航空航天大学 SSH man-in-the-middle attack detection system based on session similarity analysis
CN112491867B (en) * 2020-11-24 2021-11-12 北京航空航天大学 SSH man-in-the-middle attack detection system based on session similarity analysis
CN112685779A (en) * 2020-12-31 2021-04-20 天津南大通用数据技术股份有限公司 Static credibility judgment method for executing main keywords of select statement based on database
CN114500085A (en) * 2022-02-21 2022-05-13 河南科技大学 Remote certification protocol for multimedia edge cloud security
CN115085966A (en) * 2022-04-28 2022-09-20 麒麟软件有限公司 Method for establishing openpts remote trusted connection
CN115085966B (en) * 2022-04-28 2024-04-05 麒麟软件有限公司 Method for establishing remote trusted connection of peers
CN116049826A (en) * 2022-06-09 2023-05-02 荣耀终端有限公司 TPM-based data protection method, electronic equipment and storage medium
CN116049826B (en) * 2022-06-09 2023-10-13 荣耀终端有限公司 TPM-based data protection method, electronic equipment and storage medium
CN115348070A (en) * 2022-08-10 2022-11-15 中国电信股份有限公司 Data packet processing method and device, electronic equipment and storage medium
CN115348070B (en) * 2022-08-10 2024-01-30 中国电信股份有限公司 Data packet processing method and device, electronic equipment and storage medium
CN115378740A (en) * 2022-10-25 2022-11-22 麒麟软件有限公司 Method for realizing bidirectional authentication login based on trusted opennsh

Also Published As

Publication number Publication date
CN101741842B (en) 2012-07-04

Similar Documents

Publication Publication Date Title
CN101741842B (en) Method for realizing dependable SSH based on dependable computing
US8438631B1 (en) Security enclave device to extend a virtual secure processing environment to a client device
ES2509040T3 (en) Method for a reliable network connection based on authentication between three elements of the same level
CN103595530B (en) Software secret key updating method and device
EP2426853B1 (en) Platform authentication method suitable for trusted network connect architecture based on tri-element peer authentication
RU2437228C2 (en) System of trustworthy network connection for safety improvement
CN109359464B (en) Wireless security authentication method based on block chain technology
CN101241528A (en) Terminal access trusted PDA method and access system
Sani et al. Xyreum: A high-performance and scalable blockchain for iiot security and privacy
CN104468606A (en) Trusted connecting system and method based on power generation control system
WO2014105914A1 (en) Security enclave device to extend a virtual secure processing environment to a client device
Obert et al. Recommendations for trust and encryption in DER interoperability standards
CN111371726B (en) Authentication method and device for security code space, storage medium and processor
CN101610273B (en) Secure remote certification method
Mumtaz et al. An RSA based authentication system for smart IoT environment
CN101789939B (en) Effective realization method for credible OpenSSH
CN108390866A (en) Trusted remote method of proof based on the two-way anonymous authentication of dual-proxy
Fongen et al. Integrity attestation in military IoT
CN101888383B (en) Method for implementing extensible trusted SSH
CN113630244A (en) End-to-end safety guarantee method facing communication sensor network and edge server
Zhou et al. Trusted channels with password-based authentication and TPM-based attestation
CN112733129A (en) Trusted access method for out-of-band management of server
CN101834852B (en) Realization method of credible OpenSSH for protecting platform information
CN102098397A (en) Realization method of VoIP (Voice-over-IP) media stream trusted transmission based on Zimmermann Real-Time Transport Protocol key exchange
CN116707983A (en) Authorization authentication method and device, access authentication method and device, equipment and medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20120704

Termination date: 20121207