CN102045355A - Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG) - Google Patents
Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG) Download PDFInfo
- Publication number
- CN102045355A CN102045355A CN 201010597639 CN201010597639A CN102045355A CN 102045355 A CN102045355 A CN 102045355A CN 201010597639 CN201010597639 CN 201010597639 CN 201010597639 A CN201010597639 A CN 201010597639A CN 102045355 A CN102045355 A CN 102045355A
- Authority
- CN
- China
- Prior art keywords
- tnc
- tnccs
- message
- service end
- integrity measurement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0892—Network architectures or network communication protocols for network security for authentication of entities by using authentication-authorization-accounting [AAA] servers or protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/127—Trusted platform modules [TPM]
Abstract
The invention discloses a platform identification realizing method suitable for a trusted network connection framework of a trusted computing group (TCG), comprising the following steps: 1) a trusted network connect (TNC) client generates a TNC client-server interface (IF-TNCCS) batch and sends the IF-TNCCS batch to a TNC server; 2) TNC server generates an IF-TNCCS batch and sends the IF-TNCCS batch to the TNC client; 3) if the information in step 2) comprises a TNC server behavior recommendation, the TNC client finishes the IF-TNCCS batch interaction between the TNC client and the TNC server, and if not, an IF-TNCCS batch is generated after the information in step 2) is processed and is sent to the TNC server; 4) if the TNC server generates a TNC server behavior recommendation after the information in step 3) is processed, an IF-TNCCS batch is generated after the information in step 3) is processed, and is sent to the TNC client; and 5) the IF-TNCCS batch interaction between the TNC client and the TNC server is finished. The invention provides a platform identification realizing method suitable for a trusted network connection framework of a TCG with higher efficiency and safety.
Description
Technical field
The invention belongs to the network security technology field, the platform that relates to a kind of suitable TCG credible network connecting construction is differentiated implementation method.
Background technology
Along with informationalized development, the problem of Malwares such as virus, worm is outstanding unusually.Occurred at present surpassing 35,000 kinds Malware, all have infected every year above 40,000,000 computer.Stop this class and attack, the inspection when not only passing through to solve safe transmission and data input also will promptly begin defence from each terminal that is connected to network from the source.And traditional Prevention-Security technology can't be defendd miscellaneous malicious attack.
TCG (Trusted Computing Group, international credible computation organization) at this problem, formulated a network specially and connected standard---TNC (Trusted Network Connect based on reliable computing technology, trustable network connects), be called the TCG credible network connecting construction, it has comprised that open terminal integrality framework and overlaps the standard of guaranteeing safe interoperability.The TCG credible network connecting construction is referring to Fig. 1.
In TCG credible network connecting construction shown in Figure 1, interface between integrity measurement gatherer and the integrity measurement verifier is IF-M (Vendor-Specific IMC-IMV Messages Interface, the integrity measurement gatherer of particular vendors-integrity measurement verifier message interface), interface between TNC client and the TNC service end is IF-TNCCS (TNC Client-Server Interface, TNC client-service end interface), interface between integrity measurement gatherer and the TNC client is IF-IMC (Integrity Measurement Collector Interface, integrity measurement is collected interface), interface between integrity measurement verifier and the TNC service end is IF-IMV (Integrity Measurement Verifier Interface, integrity measurement verification interface), interface between network access request person and the access to netwoks authorized person is IF-T (Network Transport Interface, the Network Transmission interface), interface between Policy Enforcement Point and the access to netwoks authorized person is IF-PEP (Policy Enforcement Point Interface, a strategy execution point interface).IF-M has defined based on the transmission of IF-M message encapsulation, and wherein each IF-M message is to be made of an IF-M message header and at least one IF-M attribute.IF-TNCCS has defined the encapsulated delivery based on IF-TNCCS batch, and wherein each IF-TNCCS batch is to be made of an IF-TNCCS head and at least one IF-TNCCS message.IF-IMC has defined the IF-IMC power function between TNC client and the integrity measurement gatherer on its.IF-IMV has defined the IF-IMV power function between TNC service end and the integrity measurement verifier on its.
The platform of present TCG credible network connecting construction differentiates that implementation method is as follows:
When step 1) was initiated the platform discriminating when the TNC client, the TNC client generated one IF-TNCCS batch and also sends to the TNC service end with this IF-TNCCS batch.This IF-TNCCS batch comprises the zero of TNC client generation or the IF-TNCCS message of at least one carrying IF-M message, and wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end;
Step 2) when the TNC service end is initiated the platform discriminating, the TNC service end generates one IF-TNCCS batch and also sends to the TNC client with this IF-TNCCS batch.This IF-TNCCS batch comprises the zero of TNC service end generation or the IF-TNCCS message of at least one carrying IF-M message, and wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end.When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises a random number and integrity measurement required parameter to access requestor that this integrity measurement verifier generates.
After the TNC service end was received the information that the TNC client is sent in the step 1), the TNC service end was at treatment step 1) in generate one IF-TNCCS batch and send to the TNC client after the information that sent of TNC client with this IF-TNCCS batch.If the TNC service end is at treatment step 1) in generate TNC service end behavior recommendation after the information that sent of TNC client, then this IF-TNCCS batch of zero that comprises the generation of TNC service end carried the IF-TNCCS message of IF-M message and the IF-TNCCS message that the behavior of a carrying TNC service end is recommended, otherwise this IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC service end generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end.When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises a random number and integrity measurement required parameter to access requestor that this integrity measurement verifier generates.
Step 3) TNC client is received step 2) in after the information that sent of TNC service end, if step 2) information that the TNC service end is sent in comprises the behavior of TNC service end and recommends, then IF-TNCCS batch of finishing between TNC client and the TNC service end of TNC client is mutual, otherwise at treatment step 2) in generate one IF-TNCCS batch after the information that sent of TNC service end and also send to the TNC service end this IF-TNCCS batch.This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC client generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end.When an integrity measurement gatherer of TNC client upper end sends an IF-M message, if this integrity measurement gatherer is according to step 2) in this integrity measurement verifier in the IF-M message being sent of an integrity measurement verifier of TNC service end upper end a random number and an integrity measurement required parameter of generating to access requestor access requestor is carried out platform integrity metric, then this IF-M message comprises the integrity report of the access requestor that this integrity measurement gatherer generates.
After step 4) TNC service end is received the information that the TNC client is sent in the step 3), if the TNC service end is at treatment step 3) in generate TNC service end behavior recommendation after the information that sent of TNC client, then the TNC service end is at treatment step 3) in generate one IF-TNCCS batch and send to the TNC client with this IF-TNCCS batch after the information that sent of TNC client, wherein this IF-TNCCS batch comprises the IF-TNCCS message of the zero carrying IF-M message that the TNC service end generates and the IF-TNCCS message that the behavior of a carrying TNC service end is recommended; Otherwise, the TNC service end is at treatment step 3) in continue one after the information that sent of TNC client and take turns or take turns more between TNC service end and the TNC client IF-TNCCS batch and generate the behavior of TNC service end until the TNC service end alternately and recommend, send one IF-TNCCS batch to the TNC client then, wherein this IF-TNCCS batch of IF-TNCCS message and IF-TNCCS message of carrying TNC service end behavior recommendation that comprises the zero carrying IF-M message of TNC service end generation.
Step 5) TNC client receives that back IF-TNCCS batch of finishing between TNC client and the TNC service end of TNC service end behavior recommendation that the TNC service end is sent in the step 4) is mutual.
IF-TNCCS batch of taking turns between TNC service end and the TNC client of in the described step 4) comprises following two steps alternately:
Step 41) the TNC service end generates one IF-TNCCS batch and also sends to the TNC client with this IF-TNCCS batch.This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC service end generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end.When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises a random number and integrity measurement required parameter to access requestor that this integrity measurement verifier generates;
Step 42) the TNC client is received step 41) in after the information that sent of TNC service end, at treatment step 41) in generate one IF-TNCCS batch after the information that sent of TNC service end and also send to the TNC service end this IF-TNCCS batch.This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC client generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end.When an integrity measurement gatherer of TNC client upper end sends an IF-M message, if this integrity measurement gatherer is according to step 41) in this integrity measurement verifier in the IF-M message being sent of an integrity measurement verifier of TNC service end upper end a random number and an integrity measurement required parameter of generating to access requestor access requestor is carried out platform integrity metric, then this IF-M message comprises the integrity report of the access requestor that this integrity measurement gatherer generates.
The value that described TNC service end behavior is recommended is for allowing, forbid or isolating.
Platform according to TCG credible network connecting construction recited above is differentiated implementation method as can be known, each sends to that IF-TNCCS batch of TNC client may comprise corresponding random number that at least one integrity measurement verifier of TNC service end upper end generates and to the integrity measurement required parameter of access requestor from the TNC service end, and each sends to the integrity report that IF-TNCCS batch of TNC service end may comprise the corresponding access requestor that at least one integrity measurement gatherer of TNC client upper end generates from the TNC client, thereby makes the platform of TCG credible network connecting construction differentiate that the efficient of implementation method is lower.
Summary of the invention
In order to solve the above-mentioned technical problem that exists in the background technology, the invention provides the platform that a kind of efficient is higher, fail safe better is fit to the TCG credible network connecting construction and differentiate implementation method.
Technical solution of the present invention is: the platform that the invention provides a kind of suitable TCG credible network connecting construction is differentiated implementation method, and its special character is: the platform of described suitable TCG credible network connecting construction differentiates that implementation method may further comprise the steps:
1) when the TNC client is initiated the platform discriminating, the TNC client generates one IF-TNCCS batch and also sends to the TNC service end with this IF-TNCCS batch; This IF-TNCCS batch comprises the zero of TNC client generation or the IF-TNCCS message of at least one carrying IF-M message, and wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end;
2) when the TNC service end is initiated the platform discriminating, the TNC service end generates one IF-TNCCS batch and also sends to the TNC client with this IF-TNCCS batch; This IF-TNCCS batch comprises the zero of TNC service end generation or the IF-TNCCS message of at least one carrying IF-M message, and wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end; When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises the integrity measurement required parameter to access requestor that this integrity measurement verifier generates;
When the TNC service end sends IF-TNCCS batch, if this IF-TNCCS batch of integrity measurement required parameter that comprises at least one IF-M message encapsulation to access requestor, then the TNC service end generates a random number and utilizes an IF-TNCCS message bearing, and the IF-TNCCS message that will carry this random number then is included in this IF-TNCCS batch;
After the TNC service end was received the information that the TNC client is sent in the step 1), the TNC service end was at treatment step 1) in generate one IF-TNCCS batch and send to the TNC client after the information that sent of TNC client with IF-TNCCS batch;
If the TNC service end is at treatment step 1) in generate TNC service end behavior recommendation after the information that sent of TNC client, then IF-TNCCS batch of the generation of TNC service end zero that comprises the generation of TNC service end carried the IF-TNCCS message of IF-M message and the IF-TNCCS message that the behavior of a carrying TNC service end is recommended, otherwise this IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC service end generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end;
When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises the integrity measurement required parameter to access requestor that this integrity measurement verifier generates;
When the TNC service end sends IF-TNCCS batch, if this IF-TNCCS batch of integrity measurement required parameter that comprises at least one IF-M message encapsulation to access requestor, then the TNC service end generates a random number and utilizes an IF-TNCCS message bearing, and the IF-TNCCS message that will carry this random number then is included in this IF-TNCCS batch;
3) the TNC client is received step 2) in after the information that sent of TNC service end, if step 2) information that the TNC service end is sent in comprises the behavior of TNC service end and recommends, then IF-TNCCS batch of finishing between TNC client and the TNC service end of TNC client is mutual, otherwise at treatment step 2) in generate one IF-TNCCS batch after the information that sent of TNC service end and also send to the TNC service end this IF-TNCCS batch; This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC client generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end;
When an integrity measurement gatherer of TNC client upper end sends an IF-M message, if this integrity measurement gatherer is according to step 2) in an integrity measurement required parameter generating of this integrity measurement verifier in the IF-M message being sent of an integrity measurement verifier of TNC service end upper end to access requestor access requestor is carried out platform integrity metric, then this IF-M message comprises the index information of the integrity measurement value of the access requestor that this integrity measurement gatherer generates, and this integrity measurement gatherer sends to the TNC client with the index information of the integrity measurement value of this access requestor by IF-IMC simultaneously;
When the TNC client sends IF-TNCCS batch, if the index information of the integrity measurement value of this IF-TNCCS batch of access requestor that comprises the encapsulation of at least one IF-M message, then the TNC service end is according to step 2) in the random number that generated of TNC client and utilize the index information of the integrity measurement value of the access requestor that IF-IMC receives from each integrity measurement gatherer of TNC client upper end to generate the integrity report of an access requestor, utilize the integrity report of this access requestor of IF-TNCCS message bearing, the IF-TNCCS message of carrying the integrity report of this access requestor is included in this IF-TNCCS batch;
4) after the TNC service end is received the information that the TNC client is sent in the step 3), if the TNC service end is at treatment step 3) in generate TNC service end behavior recommendation after the information that sent of TNC client, then the TNC service end is at treatment step 3) in generate one IF-TNCCS batch and send to the TNC client with this IF-TNCCS batch after the information that sent of TNC client, wherein this IF-TNCCS batch comprises the IF-TNCCS message of the zero carrying IF-M message that the TNC service end generates and the IF-TNCCS message that the behavior of a carrying TNC service end is recommended; Otherwise, the TNC service end is at treatment step 3) in continue one after the information that sent of TNC client and take turns or take turns more between TNC service end and the TNC client IF-TNCCS batch and generate the behavior of TNC service end until the TNC service end alternately and recommend, send this IF-TNCCS batch to the TNC client then, wherein this IF-TNCCS batch of IF-TNCCS message and IF-TNCCS message of carrying TNC service end behavior recommendation that comprises the zero carrying IF-M message of TNC service end generation;
Step 5) TNC client receives that back IF-TNCCS batch of finishing between TNC client and the TNC service end of TNC service end behavior recommendation that the TNC service end is sent in the step 4) is mutual.
Above-mentioned steps 4) IF-TNCCS batch of taking turns between TNC service end and the TNC client of one in comprises following two steps alternately:
4.1) the TNC service end generates one IF-TNCCS batch and send to the TNC client with this IF-TNCCS batch; This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC service end generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end;
When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises the integrity measurement required parameter to access requestor that this integrity measurement verifier generates; When the TNC service end sends this IF-TNCCS batch, if this IF-TNCCS batch of integrity measurement required parameter that comprises at least one IF-M message encapsulation to access requestor, then the TNC service end generates a random number and utilizes an IF-TNCCS message bearing, and the IF-TNCCS message that will carry this random number then is included in this IF-TNCCS batch;
4.2) the TNC client receives step 4.1) and in after the information that sent of TNC service end, at treatment step 4.1) in generate one IF-TNCCS batch after the information that sent of TNC service end and also send to the TNC service end this IF-TNCCS batch; This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC client generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end;
When an integrity measurement gatherer of TNC client upper end sends an IF-M message, if this integrity measurement gatherer is according to step 4.1) in an integrity measurement required parameter generating of this integrity measurement verifier in the IF-M message being sent of an integrity measurement verifier of TNC service end upper end to access requestor access requestor is carried out platform integrity metric, then this IF-M message comprises the index information of the integrity measurement value of the access requestor that this integrity measurement gatherer generates, and this integrity measurement gatherer sends to the TNC client with the index information of the integrity measurement value of this access requestor by IF-IMC simultaneously;
When the TNC client sends IF-TNCCS batch, if the index information of the integrity measurement value of this IF-TNCCS batch of access requestor that comprises the encapsulation of at least one IF-M message, then the TNC service end is according to step 4.1) in the random number that generated of TNC client and utilize the index information of the integrity measurement value of the access requestor that IF-IMC receives from each integrity measurement gatherer of TNC client upper end to generate the integrity report of an access requestor, utilize the integrity report of this access requestor of IF-TNCCS message bearing, the IF-TNCCS message of carrying the integrity report of this access requestor is included in this IF-TNCCS batch.
The value that above-mentioned TNC service end behavior is recommended is for allowing, forbid or isolating.
When the information that is sent when TNC client in the step 3) comprised the integrity report of access requestor, the TNC service end in the described step 4) was as follows to the information processing that TNC client in the step 3) is sent:
401) after the TNC service end was received the information that the TNC client is sent in the step 3), at first the signature of the platform in authentication-access requestor's integrity report validity if this platform signature is invalid, then abandoned the information that the TNC client is sent in the step 3); If this platform signature effectively, then the correctness of authentication-access requestor's integrity report if the integrity report of access requestor is incorrect, then abandons the information that the TNC client is sent in the step 3); If the integrity report of access requestor is correct, then utilize IF-IMV the index information of the integrity measurement value of the access requestor of the integrity report of access requestor and the encapsulation of IF-M message to be sent to the corresponding integrity measurement verifier of TNC service end upper end;
402) receive that the integrity measurement verifier of index information of integrity measurement value of the access requestor of the integrity report of access requestor and IF-M message encapsulation at first parses the index information of the integrity measurement value of access requestor, from the integrity report of access requestor, obtain the integrity measurement value of corresponding access requestor and assess according to the index information of the integrity measurement value of access requestor; If this integrity measurement verifier has been finished the completeness of platform assessment to access requestor, then this integrity measurement verifier generates integrity measurement verifier level assessment result and sends to the TNC service end;
403) if each integrity measurement verifier of TNC service end upper end has all been finished the completeness of platform assessment to access requestor, then the TNC service end is recommended according to the integrity measurement verifier level assessment result generation TNC service end behavior that each integrity measurement verifier on the TNC service end is generated.
When step 4.1) in the information that sent of TNC client when comprising the integrity report of access requestor, described step 4.2) in the TNC service end to step 4.1) in the information processing that sent of TNC client as follows:
4.2.1) the TNC service end receives step 4.1) and in after the information that sent of TNC client, at first the signature of the platform in authentication-access requestor's integrity report validity if this platform signature is invalid, then abandons step 4.1) in the information that sent of TNC client; Otherwise, the correctness of authentication-access requestor's integrity report, if the integrity report of access requestor is incorrect, then abandon step 4.1) in the information that sent of TNC client, otherwise utilize IF-IMV the index information of the integrity measurement value of the access requestor of the integrity report of access requestor and the encapsulation of IF-M message to be sent to the corresponding integrity measurement verifier of TNC service end upper end;
4.2.2) receive that the integrity measurement verifier of index information of integrity measurement value of the access requestor of the integrity report of access requestor and the encapsulation of IF-M message at first parses the index information of the integrity measurement value of access requestor, from the integrity report of access requestor, obtain the integrity measurement value of corresponding access requestor according to the index information of the integrity measurement value of access requestor then and assess.If this integrity measurement verifier has been finished the completeness of platform assessment to access requestor, then this integrity measurement verifier generates integrity measurement verifier level assessment result and sends to the TNC service end.
Advantage of the present invention is:
Send to any one IF-TNCCS batch of integrity report that comprises by the access requestor of TNC service end generation at most of TNC service end from the TNC client, thereby improved the efficient of the platform discriminating implementation method of TCG credible network connecting construction; The present invention comes Optimization Platform to differentiate realization by IF-M, IF-IMC, IF-IMV and the IF-TNCCS in the expansion TCG credible network connecting construction, has good compatibility.
Description of drawings
Fig. 1 is existing TCG credible network connecting construction schematic diagram.
Embodiment
A kind of platform of suitable TCG credible network connecting construction differentiates that implementation method describes in detail:
When step 1) was initiated the platform discriminating when the TNC client, the TNC client generated one IF-TNCCS batch and also sends to the TNC service end with this IF-TNCCS batch.This IF-TNCCS batch comprises the zero of TNC client generation or the IF-TNCCS message of at least one carrying IF-M message, and wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end;
Step 2) when the TNC service end is initiated the platform discriminating, the TNC service end generates one IF-TNCCS batch and also sends to the TNC client with this IF-TNCCS batch.This IF-TNCCS batch comprises the zero of TNC service end generation or the IF-TNCCS message of at least one carrying IF-M message, and wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end.When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises the integrity measurement required parameter to access requestor that this integrity measurement verifier generates, as: the attribute type that increases integrality in the tolerance request IF-M attribute in this IF-M message.When the TNC service end sends this IF-TNCCS batch, if this IF-TNCCS batch of integrity measurement required parameter that comprises at least one IF-M message encapsulation to access requestor, then the TNC service end generates a random number and utilizes an IF-TNCCS message bearing, and the IF-TNCCS message that will carry this random number then is included in this IF-TNCCS batch.
After the TNC service end was received the information that the TNC client is sent in the step 1), the TNC service end was at treatment step 1) in generate one IF-TNCCS batch and send to the TNC client after the information that sent of TNC client with this IF-TNCCS batch.If the TNC service end is at treatment step 1) in generate TNC service end behavior recommendation after the information that sent of TNC client, then this IF-TNCCS batch of zero that comprises the generation of TNC service end carried the IF-TNCCS message of IF-M message and the IF-TNCCS message that the behavior of a carrying TNC service end is recommended, otherwise this IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC service end generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end.When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises the integrity measurement required parameter to access requestor that this integrity measurement verifier generates.When the TNC service end sends this IF-TNCCS batch, if this IF-TNCCS batch of integrity measurement required parameter that comprises at least one IF-M message encapsulation to access requestor, then the TNC service end generates a random number and utilizes an IF-TNCCS message bearing, and the IF-TNCCS message that will carry this random number then is included in this IF-TNCCS batch.
Step 3) TNC client is received step 2) in after the information that sent of TNC service end, if step 2) information that the TNC service end is sent in comprises the behavior of TNC service end and recommends, then IF-TNCCS batch of finishing between TNC client and the TNC service end of TNC client is mutual, otherwise at treatment step 2) in generate one IF-TNCCS batch after the information that sent of TNC service end and also send to the TNC service end this IF-TNCCS batch.This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC client generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end.When an integrity measurement gatherer of TNC client upper end sends an IF-M message, if this integrity measurement gatherer is according to step 2) in an integrity measurement required parameter generating of this integrity measurement verifier in the IF-M message being sent of an integrity measurement verifier of TNC service end upper end to access requestor access requestor is carried out platform integrity metric, then this IF-M message comprises the index information of the integrity measurement value of the access requestor that this integrity measurement gatherer generates, as: increase an IF-M attribute to the index information of integrity measurement value that should access requestor in this IF-M message, this integrity measurement gatherer sends to the TNC client with the index information of the integrity measurement value of this access requestor by IF-IMC simultaneously.When the TNC client sends this IF-TNCCS batch, if the index information of the integrity measurement value of this IF-TNCCS batch of access requestor that comprises the encapsulation of at least one IF-M message, then the TNC service end is according to step 2) in the random number that generated of TNC client and utilize the index information of the integrity measurement value of the access requestor that IF-IMC receives from each integrity measurement gatherer of TNC client upper end to generate the integrity report of an access requestor, utilize the integrity report of this access requestor of IF-TNCCS message bearing then, the IF-TNCCS message that will carry the integrity report of this access requestor at last is included in this IF-TNCCS batch.
After step 4) TNC service end is received the information that the TNC client is sent in the step 3), if the TNC service end is at treatment step 3) in generate TNC service end behavior recommendation after the information that sent of TNC client, then the TNC service end is at treatment step 3) in generate one IF-TNCCS batch and send to the TNC client with this IF-TNCCS batch after the information that sent of TNC client, wherein this IF-TNCCS batch comprises the IF-TNCCS message of the zero carrying IF-M message that the TNC service end generates and the IF-TNCCS message that the behavior of a carrying TNC service end is recommended; Otherwise, the TNC service end is at treatment step 3) in continue one after the information that sent of TNC client and take turns or take turns more between TNC service end and the TNC client IF-TNCCS batch and generate the behavior of TNC service end until the TNC service end alternately and recommend, send one IF-TNCCS batch to the TNC client then, wherein this IF-TNCCS batch of IF-TNCCS message and IF-TNCCS message of carrying TNC service end behavior recommendation that comprises the zero carrying IF-M message of TNC service end generation.
Step 5) TNC client receives that back IF-TNCCS batch of finishing between TNC client and the TNC service end of TNC service end behavior recommendation that the TNC service end is sent in the step 4) is mutual.
IF-TNCCS batch of taking turns between TNC service end and the TNC client of in the described step 4) comprises following two steps alternately:
Step 41) the TNC service end generates one IF-TNCCS batch and also sends to the TNC client with this IF-TNCCS batch.This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC service end generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end.When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises the integrity measurement required parameter to access requestor that this integrity measurement verifier generates; When the TNC service end sends this IF-TNCCS batch, if this IF-TNCCS batch of integrity measurement required parameter that comprises at least one IF-M message encapsulation to access requestor, then the TNC service end generates a random number and utilizes an IF-TNCCS message bearing, and the IF-TNCCS message that will carry this random number then is included in this IF-TNCCS batch.
Step 42) the TNC client is received step 41) in after the information that sent of TNC service end, at treatment step 41) in generate one IF-TNCCS batch after the information that sent of TNC service end and also send to the TNC service end this IF-TNCCS batch.This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC client generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end.When an integrity measurement gatherer of TNC client upper end sends an IF-M message, if this integrity measurement gatherer is according to step 41) in an integrity measurement required parameter generating of this integrity measurement verifier in the IF-M message being sent of an integrity measurement verifier of TNC service end upper end to access requestor access requestor is carried out platform integrity metric, then this IF-M message comprises the index information of the integrity measurement value of the access requestor that this integrity measurement gatherer generates, and this integrity measurement gatherer sends to the TNC client with the index information of the integrity measurement value of this access requestor by IF-IMC simultaneously.When the TNC client sends this IF-TNCCS batch, if the index information of the integrity measurement value of this IF-TNCCS batch of access requestor that comprises the encapsulation of at least one IF-M message, then the TNC service end is according to step 41) in the random number that generated of TNC client and utilize the index information of the integrity measurement value of the access requestor that IF-IMC receives from each integrity measurement gatherer of TNC client upper end to generate the integrity report of an access requestor, utilize the integrity report of this access requestor of IF-TNCCS message bearing then, the IF-TNCCS message that will carry the integrity report of this access requestor at last is included in this IF-TNCCS batch.
The value that described TNC service end behavior is recommended is for allowing, forbid or isolating.
When the information that is sent when TNC client in the step 3) comprised the integrity report of access requestor, the TNC service end in the described step 4) was as follows to the information processing that TNC client in the step 3) is sent:
Step 401) after the TNC service end is received the information that the TNC client is sent in the step 3), the platform in authentication-access requestor's integrity report signature validity at first, as: checking AIK (Attestation Identiy Key, platform proof of identification key) signature validity, if this platform signature is invalid, then abandon the information that the TNC client is sent in the step 3); Otherwise, the correctness of authentication-access requestor's integrity report, as: utilize PCR (the Platform Configuration Register in the integrity report of access requestor, platform configuration register) value is come the correctness of the integrity measurement value (as: snapshot) of the access requestor in authentication-access requestor's the integrity report, if the integrity report of access requestor is incorrect, then abandon the information that the TNC client is sent in the step 3), otherwise utilize IF-IMV the index information of the integrity measurement value of the access requestor of the integrity report of access requestor and the encapsulation of IF-M message to be sent to the corresponding integrity measurement verifier of TNC service end upper end;
Step 402) receives that the integrity measurement verifier of index information of integrity measurement value of the access requestor of the integrity report of access requestor and IF-M message encapsulation at first parses the index information of the integrity measurement value of access requestor, from the integrity report of access requestor, obtain the integrity measurement value of corresponding access requestor according to the index information of the integrity measurement value of access requestor then and assess.If this integrity measurement verifier has been finished the completeness of platform assessment to access requestor, then this integrity measurement verifier generates integrity measurement verifier level assessment result and sends to the TNC service end;
Step 403) if each integrity measurement verifier of TNC service end upper end has all been finished the completeness of platform assessment to access requestor, then the TNC service end is recommended according to the integrity measurement verifier level assessment result generation TNC service end behavior that each integrity measurement verifier on the TNC service end is generated.
When step 41) in the information that sent of TNC client when comprising the integrity report of access requestor, described step 42) in the TNC service end to step 41) in the information processing that sent of TNC client as follows:
Step 421) the TNC service end is received step 41) in after the information that sent of TNC client, at first the signature of the platform in authentication-access requestor's integrity report validity if this platform signature is invalid, then abandons step 41) in the information that sent of TNC client; Otherwise, the correctness of authentication-access requestor's integrity report, if the integrity report of access requestor is incorrect, then abandon step 41) in the information that sent of TNC client, otherwise utilize IF-IMV the index information of the integrity measurement value of the access requestor of the integrity report of access requestor and the encapsulation of IF-M message to be sent to the corresponding integrity measurement verifier of TNC service end upper end;
Step 422) receives that the integrity measurement verifier of index information of integrity measurement value of the access requestor of the integrity report of access requestor and IF-M message encapsulation at first parses the index information of the integrity measurement value of access requestor, from the integrity report of access requestor, obtain the integrity measurement value of corresponding access requestor according to the index information of the integrity measurement value of access requestor then and assess.If this integrity measurement verifier has been finished the completeness of platform assessment to access requestor, then this integrity measurement verifier generates integrity measurement verifier level assessment result and sends to the TNC service end.
Claims (5)
1. the platform of a suitable TCG credible network connecting construction is differentiated implementation method, it is characterized in that: the platform of described suitable TCG credible network connecting construction differentiates that implementation method may further comprise the steps:
1) when the TNC client is initiated the platform discriminating, the TNC client generates one IF-TNCCS batch and also sends to the TNC service end with this IF-TNCCS batch; This IF-TNCCS batch comprises the zero of TNC client generation or the IF-TNCCS message of at least one carrying IF-M message, and wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end;
2) when the TNC service end is initiated the platform discriminating, the TNC service end generates one IF-TNCCS batch and also sends to the TNC client with this IF-TNCCS batch; This IF-TNCCS batch comprises the zero of TNC service end generation or the IF-TNCCS message of at least one carrying IF-M message, and wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end; When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises the integrity measurement required parameter to access requestor that this integrity measurement verifier generates;
When the TNC service end sends IF-TNCCS batch, if this IF-TNCCS batch of integrity measurement required parameter that comprises at least one IF-M message encapsulation to access requestor, then the TNC service end generates a random number and utilizes an IF-TNCCS message bearing, and the IF-TNCCS message that will carry this random number then is included in this IF-TNCCS batch;
After the TNC service end was received the information that the TNC client is sent in the step 1), the TNC service end was at treatment step 1) in generate one IF-TNCCS batch and send to the TNC client after the information that sent of TNC client with IF-TNCCS batch;
If the TNC service end is at treatment step 1) in generate TNC service end behavior recommendation after the information that sent of TNC client, then IF-TNCCS batch of the generation of TNC service end zero that comprises the generation of TNC service end carried the IF-TNCCS message of IF-M message and the IF-TNCCS message that the behavior of a carrying TNC service end is recommended, otherwise this IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC service end generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end;
When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises the integrity measurement required parameter to access requestor that this integrity measurement verifier generates;
When the TNC service end sends IF-TNCCS batch, if this IF-TNCCS batch of integrity measurement required parameter that comprises at least one IF-M message encapsulation to access requestor, then the TNC service end generates a random number and utilizes an IF-TNCCS message bearing, and the IF-TNCCS message that will carry this random number then is included in this IF-TNCCS batch;
3) the TNC client is received step 2) in after the information that sent of TNC service end, if step 2) information that the TNC service end is sent in comprises the behavior of TNC service end and recommends, then IF-TNCCS batch of finishing between TNC client and the TNC service end of TNC client is mutual, otherwise at treatment step 2) in generate one IF-TNCCS batch after the information that sent of TNC service end and also send to the TNC service end this IF-TNCCS batch; This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC client generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end;
When an integrity measurement gatherer of TNC client upper end sends an IF-M message, if this integrity measurement gatherer is according to step 2) in an integrity measurement required parameter generating of this integrity measurement verifier in the IF-M message being sent of an integrity measurement verifier of TNC service end upper end to access requestor access requestor is carried out platform integrity metric, then this IF-M message comprises the index information of the integrity measurement value of the access requestor that this integrity measurement gatherer generates, and this integrity measurement gatherer sends to the TNC client with the index information of the integrity measurement value of this access requestor by IF-IMC simultaneously;
When the TNC client sends IF-TNCCS batch, if the index information of the integrity measurement value of this IF-TNCCS batch of access requestor that comprises the encapsulation of at least one IF-M message, then the TNC service end is according to step 2) in the random number that generated of TNC client and utilize the index information of the integrity measurement value of the access requestor that IF-IMC receives from each integrity measurement gatherer of TNC client upper end to generate the integrity report of an access requestor, utilize the integrity report of this access requestor of IF-TNCCS message bearing, the IF-TNCCS message of carrying the integrity report of this access requestor is included in this IF-TNCCS batch;
4) after the TNC service end is received the information that the TNC client is sent in the step 3), if the TNC service end is at treatment step 3) in generate TNC service end behavior recommendation after the information that sent of TNC client, then the TNC service end is at treatment step 3) in generate one IF-TNCCS batch and send to the TNC client with this IF-TNCCS batch after the information that sent of TNC client, wherein this IF-TNCCS batch comprises the IF-TNCCS message of the zero carrying IF-M message that the TNC service end generates and the IF-TNCCS message that the behavior of a carrying TNC service end is recommended; Otherwise, the TNC service end is at treatment step 3) in continue one after the information that sent of TNC client and take turns or take turns more between TNC service end and the TNC client IF-TNCCS batch and generate the behavior of TNC service end until the TNC service end alternately and recommend, send this IF-TNCCS batch to the TNC client then, wherein this IF-TNCCS batch of IF-TNCCS message and IF-TNCCS message of carrying TNC service end behavior recommendation that comprises the zero carrying IF-M message of TNC service end generation;
5) the TNC client receives that back IF-TNCCS batch of finishing between TNC client and the TNC service end of TNC service end behavior recommendation that the TNC service end is sent in the step 4) is mutual.
2. the platform of suitable TCG credible network connecting construction according to claim 1 is differentiated implementation method, it is characterized in that: IF-TNCCS batch of taking turns between TNC service end and the TNC client of one in the described step 4) comprises following two steps alternately:
4.1) the TNC service end generates one IF-TNCCS batch and send to the TNC client with this IF-TNCCS batch; This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC service end generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement verifier of TNC service end upper end;
When an integrity measurement verifier of TNC service end upper end sends an IF-M message, if this integrity measurement verifier needs authentication-access requestor's completeness of platform, then this IF-M message comprises the integrity measurement required parameter to access requestor that this integrity measurement verifier generates; When the TNC service end sends this IF-TNCCS batch, if this IF-TNCCS batch of integrity measurement required parameter that comprises at least one IF-M message encapsulation to access requestor, then the TNC service end generates a random number and utilizes an IF-TNCCS message bearing, and the IF-TNCCS message that will carry this random number then is included in this IF-TNCCS batch;
4.2) the TNC client receives step 4.1) and in after the information that sent of TNC service end, at treatment step 4.1) in generate one IF-TNCCS batch after the information that sent of TNC service end and also send to the TNC service end this IF-TNCCS batch; This IF-TNCCS batch of IF-TNCCS message that comprises at least one carrying IF-M message of TNC client generation, wherein the IF-TNCCS message of each carrying IF-M message is only carried an IF-M message that is sent by an integrity measurement gatherer of TNC client upper end;
When an integrity measurement gatherer of TNC client upper end sends an IF-M message, if this integrity measurement gatherer is according to step 4.1) in an integrity measurement required parameter generating of this integrity measurement verifier in the IF-M message being sent of an integrity measurement verifier of TNC service end upper end to access requestor access requestor is carried out platform integrity metric, then this IF-M message comprises the index information of the integrity measurement value of the access requestor that this integrity measurement gatherer generates, and this integrity measurement gatherer sends to the TNC client with the index information of the integrity measurement value of this access requestor by IF-IMC simultaneously;
When the TNC client sends IF-TNCCS batch, if the index information of the integrity measurement value of this IF-TNCCS batch of access requestor that comprises the encapsulation of at least one IF-M message, then the TNC service end is according to step 4.1) in the random number that generated of TNC client and utilize the index information of the integrity measurement value of the access requestor that IF-IMC receives from each integrity measurement gatherer of TNC client upper end to generate the integrity report of an access requestor, utilize the integrity report of this access requestor of IF-TNCCS message bearing, the IF-TNCCS message of carrying the integrity report of this access requestor is included in this IF-TNCCS batch.
3. the platform of suitable TCG credible network connecting construction according to claim 1 and 2 is differentiated implementation method, it is characterized in that: the value that described TNC service end behavior is recommended is for allowing, forbid or isolating.
4. the platform of suitable TCG credible network connecting construction according to claim 3 is differentiated implementation method, it is characterized in that: when the information that is sent when TNC client in the step 3) comprised the integrity report of access requestor, the TNC service end in the described step 4) was as follows to the information processing that TNC client in the step 3) is sent:
401) after the TNC service end was received the information that the TNC client is sent in the step 3), at first the signature of the platform in authentication-access requestor's integrity report validity if this platform signature is invalid, then abandoned the information that the TNC client is sent in the step 3); If this platform signature effectively, then the correctness of authentication-access requestor's integrity report if the integrity report of access requestor is incorrect, then abandons the information that the TNC client is sent in the step 3); If the integrity report of access requestor is correct, then utilize IF-IMV the index information of the integrity measurement value of the access requestor of the integrity report of access requestor and the encapsulation of IF-M message to be sent to the corresponding integrity measurement verifier of TNC service end upper end;
402) receive that the integrity measurement verifier of index information of integrity measurement value of the access requestor of the integrity report of access requestor and IF-M message encapsulation at first parses the index information of the integrity measurement value of access requestor, from the integrity report of access requestor, obtain the integrity measurement value of corresponding access requestor and assess according to the index information of the integrity measurement value of access requestor; If this integrity measurement verifier has been finished the completeness of platform assessment to access requestor, then this integrity measurement verifier generates integrity measurement verifier level assessment result and sends to the TNC service end;
403) if each integrity measurement verifier of TNC service end upper end has all been finished the completeness of platform assessment to access requestor, then the TNC service end is recommended according to the integrity measurement verifier level assessment result generation TNC service end behavior that each integrity measurement verifier on the TNC service end is generated.
5. the platform of suitable TCG credible network connecting construction according to claim 4 is differentiated implementation method, it is characterized in that: when step 4.1) in the information that sent of TNC client when comprising the integrity report of access requestor, described step 4.2) in the TNC service end to step 4.1) in the information processing that sent of TNC client as follows:
4.2.1) the TNC service end receives step 4.1) and in after the information that sent of TNC client, at first the signature of the platform in authentication-access requestor's integrity report validity if this platform signature is invalid, then abandons step 4.1) in the information that sent of TNC client; Otherwise, the correctness of authentication-access requestor's integrity report, if the integrity report of access requestor is incorrect, then abandon step 4.1) in the information that sent of TNC client, otherwise utilize IF-IMV the index information of the integrity measurement value of the access requestor of the integrity report of access requestor and the encapsulation of IF-M message to be sent to the corresponding integrity measurement verifier of TNC service end upper end;
4.2.2) receive that the integrity measurement verifier of index information of integrity measurement value of the access requestor of the integrity report of access requestor and the encapsulation of IF-M message at first parses the index information of the integrity measurement value of access requestor, from the integrity report of access requestor, obtain the integrity measurement value of corresponding access requestor according to the index information of the integrity measurement value of access requestor then and assess.If this integrity measurement verifier has been finished the completeness of platform assessment to access requestor, then this integrity measurement verifier generates integrity measurement verifier level assessment result and sends to the TNC service end.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010597639 CN102045355B (en) | 2010-12-20 | 2010-12-20 | Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG) |
| PCT/CN2011/079193 WO2012083722A1 (en) | 2010-12-20 | 2011-08-31 | Method, client, and server for implementing platform authentication for trusted network connect architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201010597639 CN102045355B (en) | 2010-12-20 | 2010-12-20 | Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG) |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102045355A true CN102045355A (en) | 2011-05-04 |
| CN102045355B CN102045355B (en) | 2013-01-16 |
Family
ID=43911125
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201010597639 Active CN102045355B (en) | 2010-12-20 | 2010-12-20 | Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG) |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN102045355B (en) |
| WO (1) | WO2012083722A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012083722A1 (en) * | 2010-12-20 | 2012-06-28 | 西安西电捷通无线网络通信股份有限公司 | Method, client, and server for implementing platform authentication for trusted network connect architecture |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414279A (en) * | 2008-11-18 | 2009-04-22 | 武汉大学 | Test device for credible software stack |
| CN101593324A (en) * | 2009-06-17 | 2009-12-02 | 浙江师范大学 | The network multi-level measures and procedures for the examination and approval and system based on dependable computing application technique |
| CN101778099A (en) * | 2009-12-31 | 2010-07-14 | 郑州信大捷安信息技术有限公司 | Architecture accessing trusted network for tolerating untrusted components and access method thereof |
| CN101834860A (en) * | 2010-04-22 | 2010-09-15 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090077631A1 (en) * | 2007-09-13 | 2009-03-19 | Susann Marie Keohane | Allowing a device access to a network in a trusted network connect environment |
| CN101136928B (en) * | 2007-10-19 | 2012-01-11 | 北京工业大学 | Reliable network access control system |
| US8307205B2 (en) * | 2008-09-24 | 2012-11-06 | Interdigital Patent Holdings, Inc. | Home node-B apparatus and security protocols |
| CN101527636B (en) * | 2009-04-21 | 2011-02-16 | 西安西电捷通无线网络通信股份有限公司 | Platform recognition and management method suitable to ternary-equally recognizing credible network connecting architecture |
| CN102045355B (en) * | 2010-12-20 | 2013-01-16 | 西安西电捷通无线网络通信股份有限公司 | Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG) |
-
2010
- 2010-12-20 CN CN 201010597639 patent/CN102045355B/en active Active
-
2011
- 2011-08-31 WO PCT/CN2011/079193 patent/WO2012083722A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101414279A (en) * | 2008-11-18 | 2009-04-22 | 武汉大学 | Test device for credible software stack |
| CN101593324A (en) * | 2009-06-17 | 2009-12-02 | 浙江师范大学 | The network multi-level measures and procedures for the examination and approval and system based on dependable computing application technique |
| CN101778099A (en) * | 2009-12-31 | 2010-07-14 | 郑州信大捷安信息技术有限公司 | Architecture accessing trusted network for tolerating untrusted components and access method thereof |
| CN101834860A (en) * | 2010-04-22 | 2010-09-15 | 北京交通大学 | Method for remote dynamic verification on integrality of client software |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012083722A1 (en) * | 2010-12-20 | 2012-06-28 | 西安西电捷通无线网络通信股份有限公司 | Method, client, and server for implementing platform authentication for trusted network connect architecture |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102045355B (en) | 2013-01-16 |
| WO2012083722A1 (en) | 2012-06-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101962686B1 (en) | System and method for electronic voting | |
| CN101431517B (en) | Trusted network connection handshaking method based on ternary equity identification | |
| US10911437B2 (en) | Detection of anomalous authentication attempts in a client-server architecture | |
| Yang et al. | Security model and key technologies for the Internet of things | |
| CN101909058B (en) | Platform authentication strategy management method and system suitable for credible connecting architecture | |
| US20220327503A1 (en) | Distributed consensus algorithm and apparatus for rapidly generating block | |
| CN111507597A (en) | Network information security risk assessment model and method | |
| CN104202339A (en) | User behavior based cross-cloud authentication service method | |
| CN105049283B (en) | Secure exchange protocol model detection method | |
| ITTO20130513A1 (en) | SYSTEM AND METHOD FOR FILTERING ELECTRONIC MESSAGES | |
| CN101795281B (en) | Platform identification implementation method and system suitable for trusted connection frameworks | |
| RU2666644C1 (en) | System and method of identifying potentially hazardous devices at user interaction with bank services | |
| Thakare et al. | Secure and efficient authentication scheme in IoT environments | |
| CN1992592A (en) | System and method of dynamic password identification | |
| Ben Jaballah et al. | A grey-box approach for detecting malicious user interactions in web applications | |
| WO2021233109A1 (en) | Blockchain-based message processing method and apparatus, and device and storage medium | |
| CN102045355B (en) | Platform identification realizing method suitable for trusted network connection framework of trusted computing group (TCG) | |
| CN101572706B (en) | Platform authentication message management method suitable for tri-element peer authentication trusted network connect architecture | |
| CN111917760A (en) | Network collaborative manufacturing cross-domain fusion trust management and control method based on identification analysis | |
| RU2659736C1 (en) | System and method of detecting new devices under user interaction with banking services | |
| CN109951527A (en) | The hypervisor integrality detection method of Virtual system | |
| US10652276B1 (en) | System and method for distinguishing authentic and malicious electronic messages | |
| CN101572705B (en) | System and method for realizing bi-directional platform authentication | |
| CN115640581A (en) | Data security risk assessment method, device, medium and electronic equipment | |
| CN111127183A (en) | Data processing method, device, server and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |