CN101741842A - Method for realizing dependable SSH based on dependable computing - Google Patents
Method for realizing dependable SSH based on dependable computing Download PDFInfo
- Publication number
- CN101741842A CN101741842A CN200910241782A CN200910241782A CN101741842A CN 101741842 A CN101741842 A CN 101741842A CN 200910241782 A CN200910241782 A CN 200910241782A CN 200910241782 A CN200910241782 A CN 200910241782A CN 101741842 A CN101741842 A CN 101741842A
- Authority
- CN
- China
- Prior art keywords
- aik
- pcr
- hash
- client
- msg
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention provides a method for realizing dependable SSH based on dependable computing. The method integrates remote authentication of the dependable computing with key exchange of an SSH protocol so as to closely combine platform status information verification with session key negotiation; and the method enhances the security of data at a communication end point on the premise that safe transmission of the data is ensured. The method requires that both a server and a client are provided with dependable security chips; and the platform status can be measured by a measurement module and a dependable operating system. The method can not only effectively prevent the security threat that the communication with an unknown end point by using a security channel may undergo various attacks in the SSH protocol, but also effectively protect against replay attack, impersonation attack and man-in-the-middle attack.
Description
Technical field
The present invention relates to field of computer information security, be meant a kind of method that realizes trusted SSH based on credible calculating especially.
Background technology
SSH (Secure Shell) agreement is that the network work group of IETF has formulated a security protocol, is used to protect the data of transmitting between client and the server end.The SSH agreement has adopted the hierarchy design, comprises four sub-protocols: SSH transport layer sub-protocol, authentification of user sub-protocol, connexon agreement and file transfer sub-protocol.Preceding two sub-protocols are performed at first successively, wherein SSH transport layer sub-protocol is responsible for setting up escape way the server and client side, this sub-protocol comprises protocol version exchange, parameter negotiation (comprising the series of algorithms of using in key exchange method and the key exchange process) and three processes of cipher key change, a session key be will negotiate behind this sub-protocol end of run, the authentication information of encrypting user authentication phase, the communication data of access phase communicating pair and file transfer phase communication both sides' communication data will be used for.Fig. 1 is the flow chart of the transport layer sub-protocol of SSH protocol specification definition, wherein k
cAnd k
sBe respectively the key that the client and server end produces, sign
sThe signing messages of representative server, the public key certificate of Cert (server) representative server.The SSH agreement can be used for remote command execution, the telefile transmission of safety, the TCP/IP port of safe Telnet, safety and transmits or the like.Though the SSH agreement allows server and client to carry out authentication mutually; but the SSH agreement is not considered the communication terminal fail safe of (comprising the server and client side); do not provide protection not do checking to the software that moves on the terminal yet, that is to say that present SSH protocol specification do not realize trusted channel.Trusted channel is the secured communication channel that and the software and hardware configuration state of terminal carry out secure binding.
Security threats such as existing P C system is attacked by malicious code easily in network times, information is illegally stolen, data and system's unauthorised broken.The attack method of many infringement terminals is to implement by the malicious code that injects various ways such as virus, worm, wooden horse, spyware, fishing software rather than by the infringement safe lane, therefore with unknown endpoint communication the time, even passage safe in utilization still suffers a series of attacks.The safety problem of computerized information is difficult to depend merely on software and solves, in order to solve the existing structural unsafe problems of PC, fundamentally improve its credibility, the TCPA of credible calculating platform alliance (renaming TCG afterwards as) proposes to guarantee by the fail safe that strengthens existing terminal architecture the safety of whole system, and core concept is to introduce credible platform module (the being called credible chip again) TPM with safe storage and encryption function on hardware platform.Credible calculating platform is root of trust with TPM, by credible metric function system platform configuration is measured, safely running situation is recorded in the platform configuration register (PCR) among the TPM then, preserves the tolerance storing daily record SML (storage measurement log) of the integrity measurement history of having represented the credible platform that is verified simultaneously in system.The long-distance user according to SML judge with relevant PCR value whether this running environment credible, whether some link safety problem occurs, this process is known as remote proving.In the TCG standard, TPM uses proof of identification key A IK (attestation identity key) to prove the identity of oneself, and every entity through the AIK signature all shows the processing of having passed through TPM.For prevent to reset, distort, attack such as personation, the remote proving process uses AIK to guarantee that the information of receiving handles through a certain appointment TPM.Fig. 2 is the flow chart of remote proving agreement of the researcher design of American I BM company.In this remote proving process, verify that at first the requestor generates a 160bit random number and is designated as nonce, and send to the authenticatee; The authenticatee asks the private key SK of built-in TPM with AIK after receiving nonce
AIKValue and nonce to the PCR of appointment sign, and the signature result is designated as Quote, then Quote, SML and AIK public key certificate Cert (AIK) are sent to the checking requestor; Verify that at last the requestor verifies the content that receives, and determines the authenticity of remote computing platform identity and institute's report content thereof.
Credible calculating can improve the security intensity of escape way technology by the fail safe that improves terminal, but also is not applied to the research report or the software of SSH agreement at present about the remote proving with credible calculating.
Summary of the invention
The objective of the invention is to avoid above-mentioned weak point of the prior art and a kind of method that realizes trusted SSH based on credible calculating is provided.This method is by carrying out organic combination with the remote proving of credible calculating and these two processes of cipher key change of SSH agreement, realized combining closely of platform status information checking and session key agreement, under the prerequisite of transmission that guarantees data security, strengthened the fail safe of data at communication end point.
Purpose of the present invention can reach by following measure:
A kind of method that realizes trusted SSH based on credible calculating, the remote proving of credible calculating and these two processes of cipher key change of SSH agreement are carried out organic combination, thereby the checking of implementation platform state information is combined closely with session key agreement, this method relates to the client and server end, and the concrete steps of its method are as follows:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, and negotiate content also comprises the numbering of the PCR that the platform status information checking will be used except the content of SSH agreement regulation; Client and server end are noted the information received in the parameter-negotiation procedure and the information of transmission respectively in addition, and leave Msg in respectively
1 cAnd Msg
1 s
Step 2, client send information to server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k
c=g
xMod p, and to V_C||V_S||Msg
1 c|| Msg
1 s|| PUK
AIK c|| k
cCarry out Hash operation, Hash operation result is designated as hash
cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then
c, use SK
AIK cTo PCR
c|| hash
cSign, signature result note is made sign
cAt last will
Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || expression link, SK
AIK c, PUK
AIK cAnd Cert
AIK cBe respectively private key, PKI and the public key certificate of customer end A IK, SML
cThe tolerance storing daily record of expression client platform;
Step 3, the server end checking client: server end is received Msg
2 cAfter, at first verify Cert
AIK cValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert
AIK cIn PKI PUK
AIK cFrom sign
cThe middle SML that obtains in the step 2
c, hash
cAnd PCR
c, and note is made t_SML respectively
S, t_hash
SAnd t_PCR
SThen to V_C and the V_S and the Msg of self record
1 cAnd Msg
1 s, and received PUK
AIK cAnd Msg
2 cIn k
cDo Hash operation, the result's note after the Hash operation is made s_hash
S, check t_hash
SAnd s_hash
SWhether mate,, then stop key exchange process if do not match; If end value is calculated and obtained to coupling then according to the whole integrity measurement process of t_SML reconstruct client,, note is made s_PCR
S, judge s_PCR
SWith t_PCR
SWhether mate,, then stop key exchange process if do not match; If coupling then enters step 4;
Step 4, server end send information to client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k
s=g
yMod p and k
Sc=(k
c)
yMod p, and to V_C||V_S||Msg
1 c|| Msg
1 s|| Msg
2 c|| PUK
AIK s|| k
c|| k
s|| k
ScCarry out Hash operation, Hash operation result is designated as hash
S, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR
S, use SK
AIK sTo PCR
S|| hash
SSign, signature result note is made sign
sAt last will
Send to client; SK wherein
AIK s, PUK
AIK sAnd Cert
AIK sBe private key, PKI and the public key certificate of server end AIK, SML
SThe tolerance storing daily record of expression server end platform;
Step 5, the client validation server end: client is received Msg
2 sAfter, at first verify Cert
AIK sValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert
AIK sIn PKI PUK
AIK sFrom sign
sThe middle SML that obtains in the step 4
S, hash
SAnd PCR
S, and note is made t_SML respectively
c, t_hash
cAnd t_PCR
cCalculate k then
Cs=(k
s)
xMod p, and to V_C and the V_S and the Msg of self record
1 cAnd Msg
1 sAnd Msg
2 cAnd k
c, and the PUK that receives
AIK sAnd Msg
2 sIn k
s, k
CsCarry out Hash operation, the result's note after the Hash operation is made c_hash
cCheck t_hash
cAnd c_hash
cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML
cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end
c, judge c_PCR
cWith t_PCR
cWhether mate,, then stop key exchange process if do not match; If coupling then enters step 6;
Step 6, client and server end send " new session key affirmation " confirmation mutually, finish key exchange process.
The present invention has following advantage compared to existing technology: this method has been taken precautions against the security threat that utilizes escape way and unknown endpoint communication still may suffer various attack that exists in the SSH agreement effectively, has taken precautions against Replay Attack, impersonation attack and man-in-the-middle attack simultaneously effectively.
Description of drawings
Fig. 1 is the flow chart of the transport layer sub-protocol of SSH protocol specification definition;
Fig. 2 is the flow chart of remote proving agreement of the researcher design of American I BM company;
Fig. 3 is a flow chart of having integrated the key exchange method of Fig. 1 and Fig. 2 provided by the present invention.
Specific embodiment
Method provided by the invention supposes that on hardware the server and client side is furnished with credible and secure chip, and server and client side's BIOS supports TPM; The hypothesis server and client side installs metric module and trusted operating system on software.The entity that metric module decision is measured, measuring period and security maintenance tolerance result's method, its major function comprise the metric that calculates those entities of being measured, will measure logout to measuring storing daily record and metric being charged to the PCR of appointment among the TPM.The method that metric is charged to PCR is: new PCR value=hash (former PCR value || metric).The tolerance storing daily record comprises at least: information, metric and the measuring period of the entity of being measured.
Below in conjunction with Fig. 3 the cipher key change flow process of the SSH agreement of having integrated credible calculating remote proving is elaborated:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, and negotiate content also comprises the numbering of the PCR that the platform status information checking will be used except the content of SSH agreement regulation; Client and server end are noted the information received in the parameter-negotiation procedure and the information of transmission respectively in addition, and leave Msg in respectively
1 cAnd Msg
1 s
Step 2, client send information to server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k
c=g
xMod p, and to V_C||V_S||Msg
1 c|| Msg
1 s|| PUK
AIK c|| k
cCarry out Hash operation, Hash operation result is designated as hash
cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then
c, use SK
AIK cTo PCR
c|| hash
cSign, signature result note is made sign
cAt last will
Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || expression link, SK
AIK c, PUK
AIK cAnd Cert
AIK cBe respectively private key, PKI and the public key certificate of customer end A IK, SML
cThe tolerance storing daily record of expression client platform.
Step 3, the server end checking client: server end is received Msg
2 cAfter, at first verify Cert
AIK cValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert
AIK cIn PKI PUK
AIK cFrom sign
cThe middle SML that obtains in the step 2
c, hash
cAnd PCR
c, and note is made t_SML respectively
S, t_hash
SAnd t_PCR
SThen to V_C and the V_S and the Msg of self record
1 cAnd Msg
1 s, and received PUK
AIK cAnd Msg
2 cIn k
cDo Hash operation, the result's note after the Hash operation is made s_hash
S, check t_hash
SAnd s_hash
SWhether mate,, then stop key exchange process if do not match; If end value is calculated and obtained to coupling then according to the whole integrity measurement process of t_SML reconstruct client,, note is made s_PCR
S, judge s_PCR
SWith t_PCR
SWhether mate,, then stop key exchange process if do not match; If coupling then enters step 4.
Step 4, server end send information to client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k
s=g
yMod p and k
Sc=(k
c)
yMod p, and to V_C||V_S||Msg
1 c|| Msg
1 s|| Msg
2 c|| PUK
AIK s|| k
c| k
s|| k
ScCarry out Hash operation, Hash operation result is designated as hash
S, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR
S, use SK
AIK sTo PCR
S|| hash
SSign, signature result note is made sign
sAt last will
Send to client; SK wherein
AIK s, PUK
AIK sAnd Cert
AIK sBe private key, PKI and the public key certificate of server end AIK, SML
SThe tolerance storing daily record of expression server end platform.
Step 5, the client validation server end: client is received Msg
2 sAfter, at first verify Cert
AIK sValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert
AIK sIn PKI PUK
AIK sFrom sign
sThe middle SML that obtains in the step 4
S, hash
SAnd PCR
S, and note is made t_SML respectively
c, t_hash
cAnd t_PCR
cCalculate k then
Cs=(k
s)
xMod p, and to V_C and the V_S and the Msg of self record
1 cAnd Msg
1 sAnd Msg
2 cAnd k
c, k
Cs, and the PUK that receives
AIK sAnd Msg
2 sIn k
sCarry out Hash operation, the result's note after the Hash operation is made c_hash
cCheck t_hash
cAnd c_hash
cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML
cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end
c, judge c_PCR
cWith t_PCR
cWhether mate,, then stop key exchange process if do not match; If coupling then enters step 6.
Step 6, client and server end send " new session key affirmation " confirmation mutually, finish key exchange process.
Pass through said method, utilize escape way and unknown endpoint communication that the SSH agreement exists still may suffer the safety problem of various attack to obtain effective solution, realized the SSH trusted channel, and Replay Attack, impersonation attack and man-in-the-middle attack have also obtained effective strick precaution.
Claims (1)
1. method that realizes trusted SSH based on credible calculating, it is characterized in that: the remote proving of credible calculating and these two processes of cipher key change of SSH agreement are carried out organic combination, thereby the checking of implementation platform state information is combined closely with session key agreement, this method relates to the client and server end, and the concrete steps of its method are as follows:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, and negotiate content also comprises the numbering of the PCR that the platform status information checking will be used except the content of SSH agreement regulation; Client and server end are noted the information received in the parameter-negotiation procedure and the information of transmission respectively in addition, and leave Msg in respectively
l cAnd Msg
l s
Step 2, client send information to server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k
c=g
xModp, and to V_C||V_S||Msg
l c|| Msg
l s|| PUK
AIK c|| k
cCarry out Hash operation, Hash operation result is designated as hash
cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then
c, use SK
AIK cTo PCR
c|| hash
cSign, signature result note is made sign
cAt last will
Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || expression link, SK
AIK c, PUK
AIK cAnd Cert
AIK cBe respectively private key, PKI and the public key certificate of customer end A IK, SML
cThe tolerance storing daily record of expression client platform;
Step 3, the server end checking client: server end is received Msg
2 cAfter, at first verify Cert
AIK cValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert
AIK cIn PKI PUK
AIK cFrom sign
cThe middle SML that obtains in the step 2
c, hash
cAnd PCR
c, and note is made t_SML respectively
S, t_hash
SAnd t_PCR
SThen to V_C and the V_S and the Msg of self record
I cAnd Msg
I s, and received PUK
AIK cAnd Msg
2 cIn k
cDo Hash operation, the result's note after the Hash operation is made s_hash
S, check t_hash
SAnd s_hash
SWhether mate,, then stop key exchange process if do not match; If end value is calculated and obtained to coupling then according to the whole integrity measurement process of t_SML reconstruct client,, note is made s_PCR
S, judge s_PCR
SWith t_PCR
SWhether mate,, then stop key exchange process if do not match; If coupling then enters step 4;
Step 4, server end send information to client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k
s=g
yModp and k
Sc=(k
c)
yModp, and to V_C||V_S||Msg
1 cMsg
1 cMsg
2 c|| PUK
AIK s|| k
c|| k
s|| k
ScCarry out Hash operation, Hash operation result is designated as hash
S, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR
S, use SK
AIK sTo PCR
S|| hash
SSign, signature result note is made sign
sAt last will
Send to client; SK wherein
AIK S, PUK
AIK SAnd Cert
AIK SBe private key, PKI and the public key certificate of server end AIK, SML
SThe tolerance storing daily record of expression server end platform;
Step 5, the client validation server end: client is received Msg
2 sAfter, at first verify Cert
AIK SValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the verification passes, then utilize Cert
AIK SIn PKI PUK
AIK SFrom sign
sThe middle SML that obtains in the step 4
S, hash
SAnd PCR
S, and note is made t_SML respectively
c, t_hash
cAnd t_PCR
cCalculate k then
Cs=(k
s)
xModp, and to V_C and the V_S and the Msg of self record
1 cAnd Msg
1 cAnd Msg
2 cAnd k
c, and the PUK that receives
AIK SAnd Msg
2 sIn k
s, k
CsCarry out Hash operation, the result's note after the Hash operation is made c_hash
cCheck t_hash
cAnd c_hash
cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML
cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end
c, judge c_PCR
cWith t_PCR
cWhether mate,, then stop key exchange process if do not match; If coupling then enters step 6;
Step 6, client and server end send " new session key affirmation " confirmation mutually, finish key exchange process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009102417827A CN101741842B (en) | 2009-12-07 | 2009-12-07 | Method for realizing dependable SSH based on dependable computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009102417827A CN101741842B (en) | 2009-12-07 | 2009-12-07 | Method for realizing dependable SSH based on dependable computing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101741842A true CN101741842A (en) | 2010-06-16 |
CN101741842B CN101741842B (en) | 2012-07-04 |
Family
ID=42464728
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009102417827A Expired - Fee Related CN101741842B (en) | 2009-12-07 | 2009-12-07 | Method for realizing dependable SSH based on dependable computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101741842B (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101888383A (en) * | 2010-06-30 | 2010-11-17 | 北京交通大学 | Method for implementing extensible trusted SSH |
CN101902472A (en) * | 2010-07-09 | 2010-12-01 | 北京工业大学 | Method for pushing remote declaration based on behaviors in trusted network |
CN104137111A (en) * | 2012-10-31 | 2014-11-05 | 索尼公司 | Information processing apparatus, information processing system, information processing method and computer program |
CN104333451A (en) * | 2014-10-21 | 2015-02-04 | 广东金赋信息科技有限公司 | Trusted self-help service system |
CN104394129A (en) * | 2014-11-05 | 2015-03-04 | 中国科学院声学研究所 | Secure shell 2 (SSH2) protocol data acquisition method and device |
CN108111301A (en) * | 2017-12-13 | 2018-06-01 | 中国联合网络通信集团有限公司 | The method and its system for realizing SSH agreements are exchanged based on rear quantum key |
US10019604B2 (en) | 2014-10-31 | 2018-07-10 | Xiaomi Inc. | Method and apparatus of verifying terminal and medium |
CN111654371A (en) * | 2020-06-16 | 2020-09-11 | 可信计算科技(苏州)有限公司 | Trusted computing-based hybrid encryption secure data transmission method |
CN112491867A (en) * | 2020-11-24 | 2021-03-12 | 北京航空航天大学 | SSH man-in-the-middle attack detection system based on session similarity analysis |
CN112685779A (en) * | 2020-12-31 | 2021-04-20 | 天津南大通用数据技术股份有限公司 | Static credibility judgment method for executing main keywords of select statement based on database |
CN113487811A (en) * | 2016-08-30 | 2021-10-08 | Ncr公司 | Secure process emulation detection |
CN114500085A (en) * | 2022-02-21 | 2022-05-13 | 河南科技大学 | Remote certification protocol for multimedia edge cloud security |
CN115085966A (en) * | 2022-04-28 | 2022-09-20 | 麒麟软件有限公司 | Method for establishing openpts remote trusted connection |
CN115348070A (en) * | 2022-08-10 | 2022-11-15 | 中国电信股份有限公司 | Data packet processing method and device, electronic equipment and storage medium |
CN115378740A (en) * | 2022-10-25 | 2022-11-22 | 麒麟软件有限公司 | Method for realizing bidirectional authentication login based on trusted opennsh |
CN116049826A (en) * | 2022-06-09 | 2023-05-02 | 荣耀终端有限公司 | TPM-based data protection method, electronic equipment and storage medium |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217549A (en) * | 2008-01-17 | 2008-07-09 | 赵运磊 | A SSH transport layer certification protocol of high efficiency, non-forging and without digital signature |
US8769129B2 (en) * | 2007-11-14 | 2014-07-01 | Juniper Networks, Inc. | Server initiated secure network connection |
-
2009
- 2009-12-07 CN CN2009102417827A patent/CN101741842B/en not_active Expired - Fee Related
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101888383B (en) * | 2010-06-30 | 2013-07-31 | 北京交通大学 | Method for implementing extensible trusted SSH |
CN101888383A (en) * | 2010-06-30 | 2010-11-17 | 北京交通大学 | Method for implementing extensible trusted SSH |
CN101902472A (en) * | 2010-07-09 | 2010-12-01 | 北京工业大学 | Method for pushing remote declaration based on behaviors in trusted network |
CN101902472B (en) * | 2010-07-09 | 2013-04-24 | 北京工业大学 | Method for pushing remote declaration based on behaviors in trusted network |
CN104137111A (en) * | 2012-10-31 | 2014-11-05 | 索尼公司 | Information processing apparatus, information processing system, information processing method and computer program |
CN104333451A (en) * | 2014-10-21 | 2015-02-04 | 广东金赋信息科技有限公司 | Trusted self-help service system |
US10019604B2 (en) | 2014-10-31 | 2018-07-10 | Xiaomi Inc. | Method and apparatus of verifying terminal and medium |
CN104394129A (en) * | 2014-11-05 | 2015-03-04 | 中国科学院声学研究所 | Secure shell 2 (SSH2) protocol data acquisition method and device |
CN104394129B (en) * | 2014-11-05 | 2017-10-17 | 中国科学院声学研究所 | The acquisition method and device of Secure Shell SSH2 protocol datas |
WO2016070538A1 (en) * | 2014-11-05 | 2016-05-12 | 中国科学院声学研究所 | Secure shell (ssh2) protocol data collection method and device |
CN113487811A (en) * | 2016-08-30 | 2021-10-08 | Ncr公司 | Secure process emulation detection |
CN108111301A (en) * | 2017-12-13 | 2018-06-01 | 中国联合网络通信集团有限公司 | The method and its system for realizing SSH agreements are exchanged based on rear quantum key |
CN108111301B (en) * | 2017-12-13 | 2021-06-15 | 中国联合网络通信集团有限公司 | Method and system for realizing SSH protocol based on post-quantum key exchange |
CN111654371A (en) * | 2020-06-16 | 2020-09-11 | 可信计算科技(苏州)有限公司 | Trusted computing-based hybrid encryption secure data transmission method |
CN112491867A (en) * | 2020-11-24 | 2021-03-12 | 北京航空航天大学 | SSH man-in-the-middle attack detection system based on session similarity analysis |
CN112491867B (en) * | 2020-11-24 | 2021-11-12 | 北京航空航天大学 | SSH man-in-the-middle attack detection system based on session similarity analysis |
CN112685779A (en) * | 2020-12-31 | 2021-04-20 | 天津南大通用数据技术股份有限公司 | Static credibility judgment method for executing main keywords of select statement based on database |
CN114500085A (en) * | 2022-02-21 | 2022-05-13 | 河南科技大学 | Remote certification protocol for multimedia edge cloud security |
CN115085966A (en) * | 2022-04-28 | 2022-09-20 | 麒麟软件有限公司 | Method for establishing openpts remote trusted connection |
CN115085966B (en) * | 2022-04-28 | 2024-04-05 | 麒麟软件有限公司 | Method for establishing remote trusted connection of peers |
CN116049826A (en) * | 2022-06-09 | 2023-05-02 | 荣耀终端有限公司 | TPM-based data protection method, electronic equipment and storage medium |
CN116049826B (en) * | 2022-06-09 | 2023-10-13 | 荣耀终端有限公司 | TPM-based data protection method, electronic equipment and storage medium |
CN115348070A (en) * | 2022-08-10 | 2022-11-15 | 中国电信股份有限公司 | Data packet processing method and device, electronic equipment and storage medium |
CN115348070B (en) * | 2022-08-10 | 2024-01-30 | 中国电信股份有限公司 | Data packet processing method and device, electronic equipment and storage medium |
CN115378740A (en) * | 2022-10-25 | 2022-11-22 | 麒麟软件有限公司 | Method for realizing bidirectional authentication login based on trusted opennsh |
Also Published As
Publication number | Publication date |
---|---|
CN101741842B (en) | 2012-07-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101741842B (en) | Method for realizing dependable SSH based on dependable computing | |
US8438631B1 (en) | Security enclave device to extend a virtual secure processing environment to a client device | |
Bhatia et al. | Data security in mobile cloud computing paradigm: a survey, taxonomy and open research issues | |
ES2509040T3 (en) | Method for a reliable network connection based on authentication between three elements of the same level | |
CN103595530B (en) | Software secret key updating method and device | |
EP2426853B1 (en) | Platform authentication method suitable for trusted network connect architecture based on tri-element peer authentication | |
CN109359464B (en) | Wireless security authentication method based on block chain technology | |
CN101241528A (en) | Terminal access trusted PDA method and access system | |
Obert et al. | Recommendations for trust and encryption in DER interoperability standards | |
Sani et al. | Xyreum: A high-performance and scalable blockchain for iiot security and privacy | |
WO2014105914A1 (en) | Security enclave device to extend a virtual secure processing environment to a client device | |
CN112733129B (en) | Trusted access method for server out-of-band management | |
CN101610273B (en) | Secure remote certification method | |
Mumtaz et al. | An RSA based authentication system for smart IoT environment | |
CN108390866B (en) | Trusted remote certification method and system based on double-agent bidirectional anonymous authentication | |
CN111371726A (en) | Authentication method and device for security code space, storage medium and processor | |
CN101789939B (en) | Effective realization method for credible OpenSSH | |
Fongen et al. | Integrity attestation in military IoT | |
CN101834852B (en) | Realization method of credible OpenSSH for protecting platform information | |
Zhou et al. | Trusted channels with password-based authentication and TPM-based attestation | |
CN101888383B (en) | Method for implementing extensible trusted SSH | |
CN113630244A (en) | End-to-end safety guarantee method facing communication sensor network and edge server | |
CN102098397A (en) | Realization method of VoIP (Voice-over-IP) media stream trusted transmission based on Zimmermann Real-Time Transport Protocol key exchange | |
Yu et al. | A trusted remote attestation model based on trusted computing | |
CN116707983A (en) | Authorization authentication method and device, access authentication method and device, equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120704 Termination date: 20121207 |