CN101741842B - Method for realizing dependable SSH based on dependable computing - Google Patents
Method for realizing dependable SSH based on dependable computing Download PDFInfo
- Publication number
- CN101741842B CN101741842B CN2009102417827A CN200910241782A CN101741842B CN 101741842 B CN101741842 B CN 101741842B CN 2009102417827 A CN2009102417827 A CN 2009102417827A CN 200910241782 A CN200910241782 A CN 200910241782A CN 101741842 B CN101741842 B CN 101741842B
- Authority
- CN
- China
- Prior art keywords
- pcr
- hash
- client
- server end
- sml
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention provides a method for realizing dependable SSH based on dependable computing. The method integrates remote authentication of the dependable computing with key exchange of an SSH protocol so as to closely combine platform status information verification with session key negotiation; and the method enhances the security of data at a communication end point on the premise that safe transmission of the data is ensured. The method requires that both a server and a client are provided with dependable security chips; and the platform status can be measured by a measurement module and a dependable operating system. The method can not only effectively prevent the security threat that the communication with an unknown end point by using a security channel may undergo various attacks in the SSH protocol, but also effectively protect against replay attack, impersonation attack and man-in-the-middle attack.
Description
Technical field
The present invention relates to field of computer information security, be meant a kind of method that realizes trusted SSH based on Trusted Computing especially.
Background technology
SSH (Secure Shell) agreement is that the network work group of IETF has formulated a security protocol, is used to protect the data of transmitting between client and the server end.The SSH agreement has adopted the hierarchy design, comprises four sub-protocol: SSH transport layer sub-protocol, authentification of user sub-protocol, connexon agreement and file transfer sub-protocol.Preceding two sub-protocol are performed at first successively; Wherein SSH transport layer sub-protocol is responsible for setting up escape way the server and client side; This sub-protocol comprises protocol version exchange, parameter negotiation (comprising the series of algorithms of using in key exchange method and the key exchange process) and three processes of key change; A session key be will negotiate behind this sub-protocol end of run, the authentication information of encrypting user authentication phase, the communication data of access phase communicating pair and file transfer phase communication both sides' communication data will be used for.Fig. 1 is the flow chart of the transport layer sub-protocol of SSH protocol specification definition, wherein k
cAnd k
sBe respectively the key that the client and server end produces, sign
sThe signing messages of representative server, the public key certificate of Cert (server) representative server.The SSH agreement can be used for remote command execution, the telefile transmission of safety, the TCP/IP port of safe Telnet, safety and transmits or the like.Though the SSH agreement allows server and client to carry out authentication each other; But the SSH agreement is not considered the communication terminal fail safe of (comprising the server and client side); Do not provide protection not do checking to the software that moves on the terminal yet, that is to say that present SSH protocol specification do not realize trusted channel.Trusted channel is the secured communication channel that and the software and hardware configuration state at terminal carry out secure binding.
Security threats such as existing P C system is attacked by malicious code easily in network times, information is illegally stolen, data and system's unauthorised broken.The attack method at many infringements terminal is to implement through the malicious code that injects various ways such as virus, worm, wooden horse, spyware, fishing software rather than through the infringement safe lane; Therefore with unknown endpoint communication the time; Even passage safe in utilization still suffers a series of attacks.The safety problem of computerized information is difficult to depend merely on software and solves; In order to solve the existing structural unsafe problems of PC; Fundamentally improve its credibility; The TCPA of credible calculating platform alliance (renaming TCG afterwards as) proposes to guarantee through the fail safe that strengthens existing terminal architecture the safety of whole system, and core concept is on hardware platform, to introduce credible platform module (the being called credible chip again) TPM with safe storage and encryption function.Credible calculating platform is root of trust with TPM; By credible metric function system platform configuration is measured; Safely running situation is recorded in the platform configuration register (PCR) among the TPM then, preserves the historical metric daily record SML (storage measurement log) of integrity measurement that has represented the credible platform of being verified in system simultaneously.The long-distance user according to SML judge with relevant PCR value whether this running environment credible, whether some link safety problem occurs, this process is known as remote proving.In the TCG standard, TPM uses proof of identification key A IK (attestation identity key) to prove the identity of oneself, and every entity through the AIK signature all shows the processing of having passed through TPM.For prevent to reset, distort, attack such as personation, the remote proving process uses AIK to guarantee that the information of receiving handles through a certain appointment TPM.Fig. 2 is the flow chart of remote proving agreement of the researcher design of American I BM company.In this remote proving process, verify that at first the requestor generates a 160bit random number and is designated as nonce, and send to by the verifier; After receiving nonce, asked built-in TPM with the private key SKAIK of AIK value and the nonce of the PCR of appointment to be signed by the verifier, the signature result is designated as Quote, then Quote, SML and AIK public key certificate Cert (AIK) is sent to the checking requestor; Verify that at last the requestor verifies the content that receives, and confirms the authenticity of remote computing platform identity and institute's report content thereof.
Trusted Computing can improve the security intensity of escape way technology through the fail safe that improves the terminal, but also is not applied to the research report or the software of SSH agreement about the remote proving with Trusted Computing at present.
Summary of the invention
The objective of the invention is to avoid above-mentioned weak point of the prior art and a kind of method that realizes trusted SSH based on Trusted Computing is provided.This method is through carrying out organic combination with the remote proving of Trusted Computing and these two processes of key change of SSH agreement; Realized combining closely of platform status information checking and session key agreement; Under the prerequisite of transmission that guarantees data security, strengthened the fail safe of data at communication end point.
The object of the invention can reach through following measure:
A kind of method that realizes trusted SSH based on Trusted Computing; The remote proving of Trusted Computing and these two processes of key change of SSH agreement are carried out organic combination; Thereby the checking of implementation platform state information is combined closely with session key agreement; This method relates to the client and server end, and the concrete steps of its method are following:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, negotiate content except the content of SSH agreement regulation, also comprise the platform status information checking the numbering of the PCR that will use; Client and server end are noted the information of information of receiving in the parameter-negotiation procedure and transmission respectively in addition, and leave Msg in respectively
1 cAnd Msg
1 s
Step 2, client transmission information are given server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k
c=g
xMod p, and to V_C||V_S||Msg
1 c|| Msg
1 s|| PUK
AIK c|| k
cCarry out Hash operation, Hash operation result is designated as hash
cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then
c, use SK
AIK cTo PCR
c|| hash
cSign, signature result note is made sign
cAt last will
Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || expression link, SK
AIK c, PUK
AIK cAnd Cert
AIK cBe respectively private key, PKI and the public key certificate of customer end A IK, SML
cThe metric daily record of expression client platform;
Step 3, the server end checking client: server end is received Msg
2 cAfter, at first verify Cert
AIK cValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the checking pass through, then utilize Cert
AIK cIn PKI PUK
AIK cFrom sign
cThe middle SML that obtains in the step 2
c, hash
cAnd PCR
c, and note is made t_SML respectively
s, t_hash
sAnd t_PCR
sThen to V_C and the V_S and the Msg of self record
1 cAnd Msg
1 s, and received PUK
AIK cAnd Msg
2 cIn k
cDo Hash operation, the result's note after the Hash operation is made s_hash
s, inspection t_hash
sAnd s_hash
sWhether mate,, then stop key exchange process if do not match; If end value is calculated and obtained to coupling then according to the whole integrity measurement process of t_SML reconstruct client,, note is made s_PCR
s, judge s_PCR
sWith t_PCR
sWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 4;
Step 4, server end transmission information are given client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k
s=g
yMod p and k
Sc=(k
c)
yMod p, and to V_C||V_S||Msg
1 c|| Msg
1 s|| Msg
2 c|| PUK
AIK s|| k
c|| k
s|| k
ScCarry out Hash operation, Hash operation result is designated as hash
s, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR
s, use SK
AIK sTo PCR
s|| hash
sSign, signature result note is made sign
sAt last will
Send to client; SK wherein
AIK s, PUK
AIK sAnd Cert
AIK sBe private key, PKI and the public key certificate of server end AIK, SML
sThe metric daily record of expression server end platform;
Step 5, the client validation server end: client is received Msg
2 sAfter, at first verify Cert
AIK sValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the checking pass through, then utilize Cert
AIK sIn PKI PUK
AIK sFrom sign
sThe middle SML that obtains in the step 4
s, hash
sAnd PCR
s, and note is made t_SML respectively
c, t_hash
cAnd t_PCR
cCalculate k then
Cs=(k
s)
xMod p, and to V_C and the V_S and the Msg of self record
1 cAnd Msg
1 sAnd Msg
2 cAnd k
c, and the PUK that receives
AIK sAnd Msg
2 sIn k
s, k
CsCarry out Hash operation, the result's note after the Hash operation is made c_hash
cInspection t_hash
cAnd c_hash
cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML
cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end
c, judge c_PCR
cWith t_PCR
cWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 6;
Step 6, client and server end are sent " new session key affirmation " confirmation mutually, finish key exchange process.
The present invention compares prior art and has following advantage: this method has been taken precautions against the security threat that utilizes escape way and unknown endpoint communication still possibly suffer various attack that exists in the SSH agreement effectively, has taken precautions against Replay Attack, impersonation attack and man-in-the-middle attack simultaneously effectively.
Description of drawings
Fig. 1 is the flow chart of the transport layer sub-protocol of SSH protocol specification definition;
Fig. 2 is the flow chart of remote proving agreement of the researcher design of American I BM company;
Fig. 3 is a flow chart of having integrated the key exchange method of Fig. 1 and Fig. 2 provided by the present invention.
Specific embodiment
Method provided by the invention supposes that on hardware the server and client side is furnished with credible and secure chip, and server and client side's BIOS supports TPM; The hypothesis server and client side installs metric module and trusted operating system on software.The entity that metric module decision is measured, measuring period and security maintenance tolerance result's method, its major function comprise the metric that calculates those entities of being measured, will measure logout is charged to appointment among the TPM to the metric daily record with metric PCR.The method that metric is charged to PCR is: new PCR value=hash (former PCR value || metric).The metric daily record comprises at least: information, metric and the measuring period of the entity of being measured.
Below in conjunction with Fig. 3 the key change flow process of the SSH agreement of having integrated the Trusted Computing remote proving is elaborated:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, negotiate content except the content of SSH agreement regulation, also comprise the platform status information checking the numbering of the PCR that will use; Client and server end are noted the information of information of receiving in the parameter-negotiation procedure and transmission respectively in addition, and leave Msg in respectively
1 cAnd Msg
1 s
Step 2, client transmission information are given server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k
c=g
xMod p, and to V_C||V_S||Msg
1 c|| Msg
1 s|| PUK
AIK c|| k
cCarry out Hash operation, Hash operation result is designated as hash
cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then
c, use SK
AIK cTo PCR
c|| hash
cSign, signature result note is made sign
cAt last will
Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || expression link, SK
AIK c, PUK
AIK cAnd Cert
AIK cBe respectively private key, PKI and the public key certificate of customer end A IK, SML
cThe metric daily record of expression client platform.
Step 3, the server end checking client: server end is received Msg
2 cAfter, at first verify Cert
AIK cValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the checking pass through, then utilize Cert
AIK cIn PKI PUK
AIK cFrom sign
cThe middle SML that obtains in the step 2
c, hash
cAnd PCR
c, and note is made t_SML respectively
s, t_hash
sAnd t_PCR
sThen to V_C and the V_S and the Msg of self record
1 cAnd Msg
1 s, and received PUK
AIK cAnd Msg
2 cIn k
cDo Hash operation, the result's note after the Hash operation is made s_hash
s, inspection t_hash
sAnd s_hash
sWhether mate,, then stop key exchange process if do not match; If end value is calculated and obtained to coupling then according to the whole integrity measurement process of t_SML reconstruct client,, note is made s_PCR
s, judge s_PCR
sWith t_PCR
sWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 4.
Step 4, server end transmission information are given client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k
s=g
yMod p and k
Sc=(k
c)
yMod p, and to V_C||V_S||Msg
1 c|| Msg
1 s|| Msg
2 c|| PUK
AIK s|| k
c|| k
s|| k
ScCarry out Hash operation, Hash operation result is designated as hash
s, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR
s, use SK
AIK sTo PCR
s|| hash
sSign, signature result note is made sign
sAt last will
Send to client; SK wherein
AIK s, PUK
AIK sAnd Cert
AIK sBe private key, PKI and the public key certificate of server end AIK, SML
sThe metric daily record of expression server end platform.
Step 5, the client validation server end: client is received Msg
2 sAfter, at first verify Cert
AIK sValidity and legitimacy, if the checking do not pass through, then stop key exchange process, if the checking pass through, then utilize Cert
AIK sIn PKI PUK
AIK sFrom sign
sThe middle SML that obtains in the step 4
s, hash
sAnd PCR
s, and note is made t_SML respectively
c, t_hash
cAnd t_PCR
cCalculate k then
Cs=(k
s)
xMod p, and to V_C and the V_S and the Msg of self record
1 cAnd Msg
1 sAnd Msg
2 cAnd k
c, k
Cs, and the PUK that receives
AIK sAnd Msg
2 sIn k
sCarry out Hash operation, the result's note after the Hash operation is made c_hash
cInspection t_hash
cAnd c_hash
cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML
cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end
c, judge c_PCR
cWith t_PCR
cWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 6.
Step 6, client and server end are sent " new session key affirmation " confirmation mutually, finish key exchange process.
Pass through said method; Utilize escape way and unknown endpoint communication that the SSH agreement exists still possibly suffer the safety problem of various attack to obtain effective solution; Realized the SSH trusted channel, and Replay Attack, impersonation attack and man-in-the-middle attack have also obtained effective strick precaution.
Claims (1)
1. method that realizes trusted SSH based on Trusted Computing; It is characterized in that: the remote proving of Trusted Computing and these two processes of key change of SSH agreement are carried out organic combination; Thereby the checking of implementation platform state information is combined closely with session key agreement; This method relates to the client and server end, and the concrete steps of its method are following:
Step 1, parameter negotiation: client and server end carry out parameter negotiation, negotiate content except the content of SSH agreement regulation, also comprise the platform status information checking the numbering of the PCR that will use; Client and server end are noted the information of information of receiving in the parameter-negotiation procedure and transmission respectively in addition, and leave
and
respectively in
Step 2, client transmission information are given server end: client is at first selected one less than p and greater than 1 positive integer x, calculates k
c=g
xMod p, and right
Carry out Hash operation, Hash operation result is designated as hash
cThe content of the PCR of appointment and be designated as PCR in the obtaining step 1 the safety chip TPM of client from the mainboard that is installed in client place computer then
c, use
To PCR
c|| hash
cSign, signature result note is made sign
cAt last will
Send to server end; Wherein p is a big prime number, and g is a positive integer, and V_C and V_S represent the identifier of client and the identifier of server end respectively, symbol || the expression link,
With
Be respectively private key, PKI and the public key certificate of customer end A IK, SML
cThe metric daily record of expression client platform;
Step 3, the server end checking client: server end is received
After, at first checking
Validity and legitimacy, if checking is not passed through, then stop key exchange process, if checking is passed through, then utilize
In PKI
From
The middle SML that obtains in the step 2
c, hash
cAnd PCR
c, and note is made t_SML respectively
s, t_hash
sAnd t_PCR
sThen to the V_C of self record and V_S with
With
And it is received
With
In k
cDo Hash operation, the result's note after the Hash operation is made s_hash
s, inspection t_hash
sAnd s_hash
sWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML
sEnd value is calculated and obtained to the whole integrity measurement process of reconstruct client, and note is made s_PCR
s, judge s_PCR
sWith t_PCR
sWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 4;
Step 4, server end transmission information are given client: server end is at first selected one less than p and greater than 1 positive integer y, calculates k
s=g
yMod p and k
Sc=(k
c)
yMod p, and right
Carry out Hash operation, Hash operation result is designated as hash
s, the content of the PCR of appointment in the obtaining step 1 the safety chip TPM of server end from the mainboard that is installed in server place computer then, note is made PCR
s, use
To PCR
s|| hash
sSign, signature result note is made sign
sAt last will
Send to client; Wherein
With
Be private key, PKI and the public key certificate of server end AIK, SML
sThe metric daily record of expression server end platform;
Step 5, the client validation server end: client is received
After, at first checking
Validity and legitimacy, if checking is not passed through, then stop key exchange process, if checking is passed through, then utilize
In PKI
From
The middle SML that obtains in the step 4
s, hash
sAnd PCR
s, and note is made t_SML respectively
c, t_hash
cAnd t_PCR
cCalculate k then
Cs=(k
s)
xMod p, and to the V_C of self record and V_S with
With
With
And k
c, and receive
With
In k
s, k
CsCarry out Hash operation, the result's note after the Hash operation is made c_hash
cInspection t_hash
cAnd c_hash
cWhether mate,, then stop key exchange process if do not match; If coupling is then according to t_SML
cFinal value c_PCR is calculated and obtained to the whole integrity measurement process of reconstruct server end
c, judge c_PCR
cWith t_PCR
cWhether mate,, then stop key exchange process if do not match; If coupling then gets into step 6;
Step 6, client and server end are sent " new session key affirmation " confirmation mutually, finish key exchange process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009102417827A CN101741842B (en) | 2009-12-07 | 2009-12-07 | Method for realizing dependable SSH based on dependable computing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009102417827A CN101741842B (en) | 2009-12-07 | 2009-12-07 | Method for realizing dependable SSH based on dependable computing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101741842A CN101741842A (en) | 2010-06-16 |
CN101741842B true CN101741842B (en) | 2012-07-04 |
Family
ID=42464728
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009102417827A Expired - Fee Related CN101741842B (en) | 2009-12-07 | 2009-12-07 | Method for realizing dependable SSH based on dependable computing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101741842B (en) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101888383B (en) * | 2010-06-30 | 2013-07-31 | 北京交通大学 | Method for implementing extensible trusted SSH |
CN101902472B (en) * | 2010-07-09 | 2013-04-24 | 北京工业大学 | Method for pushing remote declaration based on behaviors in trusted network |
JP2014090372A (en) * | 2012-10-31 | 2014-05-15 | Sony Corp | Information processing device, information processing system, information processing method, and computer program |
CN104333451A (en) * | 2014-10-21 | 2015-02-04 | 广东金赋信息科技有限公司 | Trusted self-help service system |
US10019604B2 (en) | 2014-10-31 | 2018-07-10 | Xiaomi Inc. | Method and apparatus of verifying terminal and medium |
CN104394129B (en) * | 2014-11-05 | 2017-10-17 | 中国科学院声学研究所 | The acquisition method and device of Secure Shell SSH2 protocol datas |
US10503894B2 (en) * | 2016-08-30 | 2019-12-10 | Ncr Corporation | Secure process impersonation |
CN108111301B (en) * | 2017-12-13 | 2021-06-15 | 中国联合网络通信集团有限公司 | Method and system for realizing SSH protocol based on post-quantum key exchange |
CN111654371A (en) * | 2020-06-16 | 2020-09-11 | 可信计算科技(苏州)有限公司 | Trusted computing-based hybrid encryption secure data transmission method |
CN112491867B (en) * | 2020-11-24 | 2021-11-12 | 北京航空航天大学 | SSH man-in-the-middle attack detection system based on session similarity analysis |
CN112685779A (en) * | 2020-12-31 | 2021-04-20 | 天津南大通用数据技术股份有限公司 | Static credibility judgment method for executing main keywords of select statement based on database |
CN114500085B (en) * | 2022-02-21 | 2023-03-07 | 河南科技大学 | Remote certification method for multimedia edge cloud security |
CN115085966B (en) * | 2022-04-28 | 2024-04-05 | 麒麟软件有限公司 | Method for establishing remote trusted connection of peers |
CN116049826B (en) * | 2022-06-09 | 2023-10-13 | 荣耀终端有限公司 | TPM-based data protection method, electronic equipment and storage medium |
CN115348070B (en) * | 2022-08-10 | 2024-01-30 | 中国电信股份有限公司 | Data packet processing method and device, electronic equipment and storage medium |
CN115378740B (en) * | 2022-10-25 | 2023-02-21 | 麒麟软件有限公司 | Method for realizing bidirectional authentication login based on trusted opennsh |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101217549A (en) * | 2008-01-17 | 2008-07-09 | 赵运磊 | A SSH transport layer certification protocol of high efficiency, non-forging and without digital signature |
CN101437022A (en) * | 2007-11-14 | 2009-05-20 | 丛林网络公司 | Server initiated secure network connection |
-
2009
- 2009-12-07 CN CN2009102417827A patent/CN101741842B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101437022A (en) * | 2007-11-14 | 2009-05-20 | 丛林网络公司 | Server initiated secure network connection |
CN101217549A (en) * | 2008-01-17 | 2008-07-09 | 赵运磊 | A SSH transport layer certification protocol of high efficiency, non-forging and without digital signature |
Also Published As
Publication number | Publication date |
---|---|
CN101741842A (en) | 2010-06-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101741842B (en) | Method for realizing dependable SSH based on dependable computing | |
ES2509040T3 (en) | Method for a reliable network connection based on authentication between three elements of the same level | |
CN100553212C (en) | A kind of reliable network access control system of differentiating based on the ternary equity | |
US8438631B1 (en) | Security enclave device to extend a virtual secure processing environment to a client device | |
CN100496025C (en) | Ternary equal identification based reliable network access control method | |
EP2426853B1 (en) | Platform authentication method suitable for trusted network connect architecture based on tri-element peer authentication | |
EP2973168A1 (en) | Systems, methods and apparatuses for remote attestation | |
WO2018089136A1 (en) | System and method for transparent multi-factor authentication and security posture checking | |
Obert et al. | Recommendations for trust and encryption in DER interoperability standards | |
Sani et al. | Xyreum: A high-performance and scalable blockchain for iiot security and privacy | |
WO2014105914A1 (en) | Security enclave device to extend a virtual secure processing environment to a client device | |
CN101610273B (en) | Secure remote certification method | |
CN108390866B (en) | Trusted remote certification method and system based on double-agent bidirectional anonymous authentication | |
Mumtaz et al. | An RSA based authentication system for smart IoT environment | |
Sani et al. | SPrivAD: A secure and privacy-preserving mutually dependent authentication and data access scheme for smart communities | |
Fongen et al. | Integrity attestation in military IoT | |
CN113630244A (en) | End-to-end safety guarantee method facing communication sensor network and edge server | |
CN101888383B (en) | Method for implementing extensible trusted SSH | |
CN102098397A (en) | Realization method of VoIP (Voice-over-IP) media stream trusted transmission based on Zimmermann Real-Time Transport Protocol key exchange | |
CN116707983A (en) | Authorization authentication method and device, access authentication method and device, equipment and medium | |
Yu et al. | A trusted remote attestation model based on trusted computing | |
CN115834149A (en) | Numerical control system safety protection method and device based on state cryptographic algorithm | |
CN101834852A (en) | Realization method of credible OpenSSH for protecting platform information | |
Aziz et al. | Extending TLS with Mutual Attestation for Platform Integrity Assurance. | |
CN102223635B (en) | WLAN (wireless local area network) credible transmission realization method based on 802.1x authentication protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120704 Termination date: 20121207 |