CN102340487A - Integrity report transferring method and system among multiple trust domains - Google Patents

Integrity report transferring method and system among multiple trust domains Download PDF

Info

Publication number
CN102340487A
CN102340487A CN2010102348586A CN201010234858A CN102340487A CN 102340487 A CN102340487 A CN 102340487A CN 2010102348586 A CN2010102348586 A CN 2010102348586A CN 201010234858 A CN201010234858 A CN 201010234858A CN 102340487 A CN102340487 A CN 102340487A
Authority
CN
China
Prior art keywords
trust domain
information
gateway control
control desk
credential server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010102348586A
Other languages
Chinese (zh)
Other versions
CN102340487B (en
Inventor
郭宝安
徐树民
李子臣
杨亚涛
罗世新
苏斌
于培
薛霆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aisino Corp
Original Assignee
Aisino Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aisino Corp filed Critical Aisino Corp
Priority to CN201010234858.6A priority Critical patent/CN102340487B/en
Publication of CN102340487A publication Critical patent/CN102340487A/en
Application granted granted Critical
Publication of CN102340487B publication Critical patent/CN102340487B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to an integrity report transferring method and system among multiple trust domains. The method comprises the following steps: receiving information transmitted by an anonymous credential server of a first trust domain, acquiring signature information of identity serial number from the anonymous credential server of the first trust domain, and verifying the signature information; establishing trust with a credible gateway control console of a second trust domain, and negotiating a communication key; receiving a first request message transmitted by a source host in the first trust domain; if the destination host is a host in the first trust domain, transmitting the first request message to the destination host; and if the destination host is not a host in the first trust domain, generating a second request message, encrypting the second request message by using the communication key, transmitting the encrypted second request message to the credible gateway control console of the second trust domain, receiving a response message transmitted by the credible gateway control console of the second trust domain, and transmitting the response message to the source host. The invention can implement transferring of integrity reports among multiple trust domains.

Description

Integrity report transmission method and system between the multiple trusting domains
Technical field
The present invention relates to dynamo-electric field, relate in particular to integrity report transmission method and system between a kind of multiple trusting domains.
Background technology
Along with the fast development of computer science and technology, the level of informatization of society is increasingly high, utilizes computer to carry out information stores with network, communicate by letter and processing has become the important component part of people's live and work.Do you guarantee that so how the network information that we obtain is believable? Trusted Computing tissue (Trusted Computing Group; Be called for short: TCG) the expection property with the entity behavior defines credible: if the behavior of the entity mode to expect always; Towards the set goal, then this entity is believable.Believable basic thought is in computer system, at first to set up a root of trust, sets up a trust chain again, and one-level is measured the authentication one-level; One-level is trusted one-level; Expand trusting relationship to The whole calculations machine system, thereby guarantee the credible of computer system, this process can be passed through credible platform module (Trusted Platform Module; Be called for short: TPM) or credible encrypting module (Trusted Cryptography Module; Be called for short: TCM) accomplish, be equipped with state and expection consistent of TPM and TPM report when a computer, just can confirm that the state of this computer is believable.It is credible etc. that believable general frame comprises application systems such as the terminal is credible, terminal applies is credible, operating system is credible, network interconnection is credible, internet business.And, relatively more pay close attention to " network interconnection credible " for the general user.Facts have proved that Trusted Computing is a kind of effective ground new technology that strengthens computer network information system safety.Popularizing and promoting along with Trusted Computing; Each enterprise and unit all are that the computer in the own local area network (LAN) embeds legal TPM or TCM one after another; Also will inevitably be server of this design of local area network; With every computer in the management local area network (LAN), and the server of LAN is when the computer of its local area network (LAN) inside, place of management, because the selected parameter of anonymous authentication certificate that each server is issued or the difference of initial setting up; Make the computer between the local area network (LAN) when needs are communicated by letter, have " communication disorder " problem trust domain (Tursted Domain, abbreviation: TD) different problems.
TCG has issued direct anonymous proof (Direct Anonymous Attestation in standard TPM v1.2 at present; Be called for short: DAA); But this scheme can only be in the inner establishment of some definite local area network (LAN)s; When TCM or TPM main frame are in LAN, because the difference of trust domain, make TCM or TPM main frame carry out identity when differentiating; Because requestor and verifier only trust the interior DAA anonymous credential of trust domain separately, make the DAA certificate scheme that provides in the TPM1.2 standard normally not carry out.With A of company and B is example; When the credible calculating platform A of the trust domain TD-A that is positioned at the A of company [i] and the verifier B [i] that is positioned at the trust domain TD-B of the B of company carry out transmitting about the platform credible integrity report; Because the DAA anonymous credential server that verifier B [i] only trusts TD-B; Verifier in the trust domain TD-B can't judge that whether credible calculating platform A [i] is a legal and valid credible calculating platform, can not carry out the integrity report transmission with credible calculating platform A [i].
Summary of the invention
The present invention provides integrity report transmission method and the system between a kind of multiple trusting domains, is used to be implemented in transmit integrity report between the multiple trusting domains.
The present invention provides the transmission method of the integrity report between a kind of multiple trusting domains, comprising:
Receive the access authority information of anonymous credential server of PKI parameter and PKI and said second trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of first trust domain sends, second trust domain, obtain the signing messages of said identity sequence number and verify said signing messages from the anonymous credential server of said first trust domain;
Break the wall of mistrust the negotiation communication key with the credible gateway control desk of said second trust domain;
Receive first request message that the source host in said first trust domain sends; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information; The said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host; According to said destination host sign; Judge that whether said destination host is the main frame in said first trust domain, if said destination host is the main frame in said first trust domain, sends to said destination host with said first request message; If said destination host is not the main frame in said first trust domain; Generate second request message and adopt said communication key to encrypt said second request message, second request message after encrypting is sent to the credible gateway control desk of second trust domain, receive the response message that the credible gateway control desk of said second trust domain sends; And said response message sent to said source host, said second request message comprises the PKI parameter of the anonymous credential server of said first request message and said first trust domain.
The present invention also provides the transmission method of the integrity report between a kind of multiple trusting domains, comprising:
The credible gateway control desk that is first trust domain generates the identity sequence number; Anonymous credential server interaction PKI parameter and PKI with second trust domain; Generate the access authority information of the anonymous credential server of said second trust domain, with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of said second trust domain, said second trust domain and the credible gateway control desk that said identity sequence number sends to said first trust domain;
For the credible gateway control desk of said first trust domain generates the signing messages of said identity sequence number and said signing messages is sent to the credible gateway control desk of said first trust domain.
The present invention also provides the transmission method of the integrity report between a kind of multiple trusting domains, comprising:
Receive the access authority information of anonymous credential server of PKI parameter and PKI and said first trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of second trust domain sends, first trust domain, obtain the signing messages of said identity sequence number and verify said signing messages from the anonymous credential server of said second trust domain;
Break the wall of mistrust the negotiation communication key with the credible gateway control desk of said first trust domain;
Receive second request message after the encryption that the credible gateway control desk of first trust domain sends; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host, decipher second request message after the said encryption; PKI parameter according to the anonymous credential server of said first trust domain; Obtain the access authority information of said first trust domain, judge that the described request resource information is whether in said access authority information, if the described request resource information is not in said access authority information; Credible gateway control desk to said first trust domain sends response message; If described request message in said access authority information, according to said destination host sign, sends to said destination host with said second request message; Receive the response message that said destination host sends, said response message is sent to the credible gateway control desk of said first trust domain.
The present invention also provides the transmission method of the integrity report between a kind of multiple trusting domains, comprising:
Receive second request message of the credible gateway control desk transmission of second trust domain; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host;
According to the PKI parameter of the anonymous credential server of the direct anonymous attestation-signatures data message of the said first information and said first trust domain, judge whether said source host has the anonymous credential that the anonymous credential server of said first trust domain is issued;
If said source host does not have the anonymous credential that the anonymous credential server of said first trust domain is issued; Credible gateway control desk to said second trust domain sends response message; If said source host has the anonymous credential that the anonymous credential server of said first trust domain is issued,, judge whether said source host is credible according to said integrity report; If said source host is insincere; Credible gateway control desk to said second trust domain sends response message, if said source host is credible, judges whether to provide the described request resource information and sends response message according to judged result to the credible gateway control desk of said second trust domain.
The present invention also provides a kind of credible gateway control desk, comprising:
First receiver module is used to receive the access authority information of anonymous credential server of PKI parameter and PKI and said second trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of first trust domain sends, second trust domain;
First signing messages obtains and authentication module, is used for obtaining the signing messages of said identity sequence number and verifying said signing messages from the anonymous credential server of said first trust domain;
First trust is set up module, is used for breaking the wall of mistrust the negotiation communication key with the credible gateway control desk of said second trust domain; Said first receiver module also is used to receive first request message that the source host in said first trust domain sends; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host;
First judge module is used for according to said destination host sign, judges whether said destination host is the main frame in said first trust domain;
First sending module; Be used for when said first judge module judges that said destination host is the main frame in said first trust domain; Said first request message is sent to said destination host; When said first judge module judges that said destination host is not the main frame in said first trust domain, generate second request message and adopt said communication key to encrypt said second request message, second request message after encrypting is sent to the credible gateway control desk of second trust domain; Said first receiver module also is used to receive the response message that the credible gateway control desk of said second trust domain sends; Said first sending module also is used for said response message is sent to said source host, and said second request message comprises the PKI parameter of the anonymous credential server of said first request message and said first trust domain.
The present invention also provides a kind of anonymous credential server, comprising:
Initialization module, the credible gateway control desk that is used to first trust domain generates the identity sequence number, generates the access authority information of the anonymous credential server of said second trust domain;
Second sending module is used for the PKI parameter of the anonymous credential server of first trust domain and the anonymous credential server that PKI sends to second trust domain;
Second receiver module; Be used to receive PKI parameter and PKI that the anonymous credential server of second trust domain sends, said second sending module also is used for the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of said second trust domain and PKI, said second trust domain and the credible gateway control desk that said identity sequence number sends to said first trust domain;
The signing messages generation module, the credible gateway control desk that is used to said first trust domain generates the signing messages of said identity sequence number, and said second sending module also is used for said signing messages is sent to the credible gateway control desk of said first trust domain.
The present invention also provides a kind of credible gateway control desk, comprising:
The 3rd receiver module is used to receive the access authority information of anonymous credential server of PKI parameter and PKI and said first trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of second trust domain sends, first trust domain;
Second signing messages obtains and authentication module, is used for obtaining the signing messages of said identity sequence number and verifying said signing messages from the anonymous credential server of said second trust domain;
Second trust is set up module, is used for breaking the wall of mistrust the negotiation communication key with the credible gateway control desk of said first trust domain;
Said the 3rd receiver module also is used to receive second request message after the encryption that the credible gateway control desk of said first trust domain sends; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host;
Second judge module; Be used to decipher second request message after the said encryption; According to the PKI parameter of the anonymous credential server of said first trust domain, obtain the access authority information of said first trust domain, judge that the described request resource information is whether in said access authority information;
The 3rd sending module; Be used for when said second judge module judges that the described request resource information is not in said access authority information; Credible gateway control desk to said first trust domain sends response message; When the said second disconnected module judges that described request message is in said access authority information,, said second request message is sent to said destination host according to said destination host sign; Said the 3rd receiver module also is used to receive the response message that said destination host sends, and said the 3rd sending module also is used for said response message is sent to the credible gateway control desk of said first trust domain.
The present invention also provides a kind of main frame, comprising:
The 4th receiver module; Be used to receive second request message that the credible gateway control desk of second trust domain sends; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host;
The 3rd judge module; Be used for PKI parameter, judge whether said source host has the anonymous credential that the anonymous credential server of said first trust domain is issued according to the anonymous credential server of the direct anonymous attestation-signatures data message of the said first information and said first trust domain;
The response message sending module is used for that the credible gateway control desk to said second trust domain sends response message when said the 3rd judge module judges that said source host does not have the anonymous credential that the anonymous credential server of said first trust domain issues;
The 4th judge module is used for when said the 3rd judge module judges that said source host has the anonymous credential that the anonymous credential server of said first trust domain issues, according to said integrity report, judging whether said source host is credible;
Said response message sending module also is used for when said the 4th judge module judges that said source host is insincere, to the credible gateway control desk transmission response message of said second trust domain;
The 5th judge module is used for when said the 4th judge module judges that said source host is credible, and judging whether to provide the described request resource information;
Said response message sending module also is used for sending response message according to the judged result of said the 3rd judge module to the credible gateway control desk of said second trust domain.
The present invention also provides the transmission system of the integrity report between a kind of multiple trusting domains; Comprise first trust domain and second trust domain; Said first trust domain comprises anonymous credential server, credible gateway control desk and several main frames; Said second trust domain comprises anonymous credential server, credible gateway control desk and several main frames, wherein
The credible gateway control desk that the anonymous credential server of said first trust domain is used to said first trust domain generates the identity sequence number; Anonymous credential server interaction PKI parameter and PKI with said second trust domain; Generate the access authority information of the anonymous credential server of said second trust domain, with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of said second trust domain and PKI, said second trust domain and the credible gateway control desk that said identity sequence number sends to said first trust domain; For the credible gateway control desk of said first trust domain generates the signing messages of said identity sequence number and said signing messages is sent to the credible gateway control desk of said first trust domain;
The credible gateway control desk of said first trust domain is used to receive the access authority information of anonymous credential server of PKI parameter and PKI and said second trust domain of the anonymous credential server of the identity sequence number that the anonymous credential server of said first trust domain sends, said second trust domain, obtains the signing messages of said identity sequence number and verifies said signing messages from the anonymous credential server of said first trust domain; Break the wall of mistrust the negotiation communication key with the credible gateway control desk of said second trust domain; Receive first request message that the source host in said first trust domain sends; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information; The said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host; According to said destination host sign; Judge that whether said destination host is the main frame in said first trust domain, if said destination host is the main frame in said first trust domain, sends to said destination host with said first request message; If said destination host is not the main frame in said first trust domain; Generate second request message and adopt said communication key to encrypt said second request message, second request message after encrypting is sent to the credible gateway control desk of second trust domain, receive the response message that the credible gateway control desk of said second trust domain sends; And said response message sent to said source host, said second request message comprises the PKI parameter of the anonymous credential server of said first request message and said first trust domain;
The credible gateway control desk that the anonymous credential server of said second trust domain is used to second trust domain generates the identity sequence number; Anonymous credential server interaction PKI parameter and PKI with said first trust domain; Generate the access authority information of the anonymous credential server of said first trust domain, with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of said first trust domain and PKI, said first trust domain and the credible gateway control desk that said identity sequence number sends to said second trust domain; For the credible gateway control desk of said second trust domain generates the signing messages of said identity sequence number and said signing messages is sent to the credible gateway control desk of said second trust domain;
The credible gateway control desk of said second trust domain is used to receive the access authority information of anonymous credential server of PKI parameter and PKI and said first trust domain of the anonymous credential server of the identity sequence number that the anonymous credential server of said second trust domain sends, said first trust domain, obtains the signing messages of said identity sequence number and verifies said signing messages from the anonymous credential server of said second trust domain; Break the wall of mistrust the negotiation communication key with the credible gateway control desk of said first trust domain; Receive second request message after the encryption that the credible gateway control desk of said first trust domain sends; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host, decipher second request message after the said encryption; PKI parameter according to the anonymous credential server of said first trust domain; Obtain the access authority information of said first trust domain, judge that the described request resource information is whether in said access authority information, if the described request resource information is not in said access authority information; Credible gateway control desk to said first trust domain sends response message; If described request message in said access authority information, according to said destination host sign, sends to said destination host with said second request message; Receive the response message that said destination host sends, said response message is sent to the credible gateway control desk of said first trust domain;
The main frame of said second trust domain is used to receive second request message that the credible gateway control desk of said second trust domain sends; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and said first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host; According to the PKI parameter of the anonymous credential server of the direct anonymous attestation-signatures data message of the said first information and said first trust domain, judge whether said source host has the anonymous credential that the anonymous credential server of said first trust domain is issued; If said source host does not have the anonymous credential that the anonymous credential server of said first trust domain is issued; Credible gateway control desk to said second trust domain sends response message; If said source host has the anonymous credential that the anonymous credential server of said first trust domain is issued,, judge whether said source host is credible according to said integrity report; If said source host is insincere; Credible gateway control desk to said second trust domain sends response message, if said source host is credible, judges whether to provide the described request resource information and sends response message according to judged result to the credible gateway control desk of said second trust domain.
In the present invention, source host sends a request message to the credible gateway control desk in this territory earlier, judges at first by credible gateway control desk whether destination host is positioned at same trust domain; When destination host is positioned at same trust domain; Directly transmit request message, when destination host was positioned at not same area, credible gateway control desk carried out interactive authentication with the credible gateway control desk in territory, destination host place again; Credible to set up; On believable basis, requestor and verifier are round transmission and the reception that data message is realized at the data relay station with the credible gateway control desk in the territory separately, to the last realize the integrity report transmission.
Description of drawings
Fig. 1 is the network structure of environment of multiple trusting domains among integrity report transmission method first embodiment between the multiple trusting domains of the present invention;
Fig. 2 is the schematic flow sheet of integrity report transmission method first embodiment between the multiple trusting domains of the present invention;
Fig. 3 is the schematic flow sheet of integrity report transmission method second embodiment between the multiple trusting domains of the present invention;
Fig. 4 is for carrying out the schematic flow sheet that initialization is provided with among integrity report transmission method second embodiment between the multiple trusting domains of the present invention;
Fig. 5 is the schematic flow sheet of the anonymous credential server application signing messages of credible gateway control desk in the territory among integrity report transmission method second embodiment between the multiple trusting domains of the present invention;
The schematic flow sheet that breaks the wall of mistrust between the credible gateway control desk of Fig. 6 for two trust domain among integrity report transmission method second embodiment between the multiple trusting domains of the present invention;
The schematic flow sheet that communicates between the main frame of Fig. 7 for different trust domain among integrity report transmission method second embodiment between the multiple trusting domains of the present invention;
Fig. 8 is the structural representation of credible gateway control desk first embodiment of the present invention;
Fig. 9 is the structural representation of credible gateway control desk second embodiment of the present invention;
Figure 10 is the structural representation of credible gateway control desk the 3rd embodiment of the present invention;
Figure 11 is the structural representation of anonymous credential server first embodiment of the present invention;
Figure 12 is the structural representation of credible gateway control desk the 4th embodiment of the present invention;
Figure 13 is the structural representation of credible gateway control desk the 5th embodiment of the present invention;
Figure 14 is the structural representation of credible gateway control desk the 6th embodiment of the present invention;
Figure 15 is the structural representation of host implementation example of the present invention.
Embodiment
Below in conjunction with Figure of description and embodiment the present invention is done further description.
Integrity report transmission method first embodiment between the multiple trusting domains
As shown in Figure 1; Network structure for environment of multiple trusting domains among integrity report transmission method first embodiment between the multiple trusting domains of the present invention; 2 trust domain have been set: first trust domain 11 and second trust domain 12; Comprise in each trust domain that some have the TCM of different vendor or the main frame of TPM, these main frames can have different configurations and operating system, and the communication equipment 13 among the figure can be common router or switch; Anonymous credential server 14 and credible gateway control desk 15 are arranged in the network environment.
As shown in Figure 2, the schematic flow sheet for integrity report transmission method first embodiment between the multiple trusting domains of the present invention can comprise the steps:
The anonymous certificate server of step 21, first trust domain is that the credible gateway control desk of first trust domain generates the identity sequence number and the identity sequence number sent to the credible gateway control desk of first trust domain; The credible gateway control desk of first trust domain receives the identity sequence number of the anonymous credential server transmission of first trust domain; The anonymous credential server of second trust domain is that the credible gateway control desk of second trust domain generates the identity sequence number and the identity sequence number is sent to the credible gateway control desk of second trust domain, and the credible gateway control desk of second trust domain receives the identity sequence number that the anonymous credential server of second trust domain sends;
The anonymous credential server of step 22, first trust domain is that the credible gateway control desk of first trust domain generates the signing messages of identity sequence number and signing messages is sent to the credible gateway control desk of first trust domain, and the credible gateway control desk of first trust domain obtains the signing messages of identity sequence number and verifies this signing messages from the anonymous credential server of first trust domain; The anonymous credential server of second trust domain is that the credible gateway control desk of second trust domain generates the signing messages of identity sequence number and signing messages is sent to the credible gateway control desk of second trust domain, and the credible gateway control desk of second trust domain obtains the signing messages of identity sequence number and verifies this signing messages from the anonymous credential server of second trust domain;
The anonymous certificate server of step 23, first trust domain and the anonymous credential server interaction PKI parameter and the PKI of second trust domain; The anonymous credential server of first trust domain generates the access authority information of the anonymous credential server of said second trust domain; The anonymous credential server of second trust domain generates the access authority information of the anonymous credential server of first trust domain; The anonymous certificate server of first trust domain sends to the credible gateway control desk of first trust domain with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of second trust domain and PKI, second trust domain, and the anonymous certificate server of second trust domain sends to the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of first trust domain and PKI, first trust domain in the credible gateway control desk of second trust domain;
Need to prove there is not strict sequential relationship between step 22 and the step 23;
The credible gateway control desk of step 24, first trust domain and the credible gateway control desk of second trust domain break the wall of mistrust the negotiation communication key;
The credible gateway control desk of step 25, first trust domain receives first request message that the source host in first trust domain sends; Comprise the first information in this first request message and about the direct anonymous attestation-signatures data message of the first information; The first information comprises that the integrality of request resource information, source host comprises and the destination host of destination host sign; According to the destination host sign, judge whether destination host is the main frame in first trust domain, if destination host is the main frame in first trust domain; First request message is sent to destination host; If destination host is not the main frame in first trust domain, generates second request message, and adopt communication key to encrypt second request message; Second request message after encrypting is sent to the credible gateway control desk of second trust domain, and second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain;
The credible gateway control desk of step 26, second trust domain receives second request message after encrypting; Second request message behind the enabling decryption of encrypted according to the PKI parameter of the anonymous credential server of first trust domain, obtains the access authority information of first trust domain; Judge that request resource information is whether in access authority information; If request resource information is not in access authority information, to the credible gateway control desk transmission response message of first trust domain, if request resource message is in access authority information; According to the destination host sign, second request message is sent to destination host;
Step 27, destination host receive this second request message; PKI parameter according to the anonymous credential server of the direct anonymous credential signed data information of the first information and first trust domain; Judge whether source host has the anonymous credential that the anonymous credential server of first trust domain is issued,, send response message to the credible gateway control desk of second trust domain if source host does not have the anonymous credential that the anonymous credential server of first trust domain is issued; If source host has the anonymous credential that the anonymous credential server of first trust domain is issued; According to integrity report, judge whether source host is credible, if source host is insincere; Credible gateway control desk to second trust domain sends response message; If source host is credible, judging whether to provide request resource information, sends response message according to judged result to the credible gateway control desk of second trust domain;
The credible gateway control desk of step 28, second trust domain sends to response message in the credible gateway control desk of first trust domain;
The credible gateway control desk of step 29, first trust domain sends to source host with response message.
In the present embodiment, source host sends a request message to the credible gateway control desk in this territory earlier, judges at first by credible gateway control desk whether destination host is positioned at same trust domain; When destination host is positioned at same trust domain; Directly transmit request message, when destination host was positioned at not same area, credible gateway control desk carried out interactive authentication with the credible gateway control desk in territory, destination host place again; Credible to set up; On believable basis, requestor and verifier are round transmission and the reception that data message is realized at the data relay station with the credible gateway control desk in the territory separately, to the last realize the integrity report transmission.
Integrity report transmission method second embodiment between the multiple trusting domains
The application background of present embodiment is identical with network structure shown in Figure 1.
As shown in Figure 3, the schematic flow sheet for integrity report transmission method second embodiment between the multiple trusting domains of the present invention can comprise the steps:
Step 31, carry out the initialization setting;
Step 32, the credible gateway control desk anonymous credential server application signing messages in the territory;
The anonymous credential server is signed to the identity sequence number ID_TGCP of credible gateway control desk; And formation signing messages Sign; For preventing that the assailant from assuming another's name, the ID-TGCP of credible gateway control desk and signing messages are the privacy information of credible gateway control desk, and it can not expose;
Break the wall of mistrust between the credible gateway control desk of step 33, two trust domain;
The foundation of this trust realizes through zero-knowledge proof.In the process that breaks the wall of mistrust, prove that the side need not the transmission signing messages Sign to the verifier, so also just protected by the privacy of verifier's signing messages, realized secret protection to credible gateway control desk signing messages;
Communicate between the main frame of step 34, different trust domain.
Specify above-mentioned each step below.
As shown in Figure 4, for carrying out the schematic flow sheet that initialization is provided with among integrity report transmission method second embodiment between the multiple trusting domains of the present invention, can comprise the steps:
Step 41, anonymous credential server are selected PKI parameter and PKI;
Particularly, the anonymous credential server selects to meet security parameter (n, g ', g, h, S, Z, the R of DAA scheme by TPM v1.2 0, R 1, γ, Γ, ρ), and (e d), and is kept at it in anonymous credential server to select a RSA public private key pair.The PKI parameter that makes the anonymous credential server is PK_DAA=(n, g ', g, h, S, Z, R 0, R 1, γ, Γ, ρ); The RSA PKI of anonymous credential server is PK_RSA=e, the private key SK_RSA=d of anonymous credential server, and have
Figure BSA00000202807100121
Figure BSA00000202807100122
Be Euler's function.
Wherein, the implication of each variable is following among the anonymous credential server public key parameter PK_DAA:
N is the RSA modulus of 2048 bits, and n=pq selects R 0, R 1, S, Z ∈ QR n, γ is that length is the generator of 80 bits, ρ is the crowd Rank, the length of Γ is 1632 bits, the length of ρ is 208 bits, the length of e is 368 bits.
(1) select RSA modulus n=pq, p=2p '+1, q=2q '+1, p, p ', q, q ' they are prime number, n is the RSA modulus of 2048 bits.
(2) select crowd QR nThe g ' of generator at random.Crowd QR nQuadratic residue crowd for mould n.
(3) select random number x 0, x 1, x z, x s, x h, x g∈ [1, p ' q '], and calculate
g = g ′ x g mod n h = g ′ x h mod n S = h x s mod n
Z = h x z mod n R 0 = S x 0 mod n R 1 = S x 1 mod n
(4) select prime number ρ and Γ at random; And Γ=γ ρ+1, and satisfy
Figure BSA00000202807100137
and select random number
Figure BSA00000202807100138
and
Figure BSA00000202807100139
and
Figure BSA000002028071001310
is set
(5) announce PKI parameter (n, g ', g, h, S, Z, R 0, R 1, γ, Γ, ρ), x 0, x 1, x z, x s, x h, x g, d and p ' q ' deposit for private key is close.
Step 42, anonymous credential server are that credible gateway control desk is issued identity sequence number ID_TGCP;
Particularly; The anonymous credential server is issued anonymous credential for the credible gateway control desk of this trust domain; And be identity sequence number ID_TGCP of credible gateway control desk granting of this trust domain; ID_TGCP is stored in list of identities, and (List Identity, be called for short: LI), list of identities is kept in the anonymous credential server of this trust domain.
The anonymous credential server application in this trust domain of step 43, credible gateway control desk is about the signing messages of ID_TGCP.
The anonymous credential server interaction both sides' of step 44, first trust domain and second trust domain PKI parameter and PKI, and (Security level is called for short: SL) with access rights (Access Permissions, abbreviation: AP) to formulate the other side's safe class;
The anonymous credential server of step 45, first trust domain and second trust domain sends to the credible gateway control desk in the territory with the other side's the PKI parameter PK_DAA and the safe class and the access rights of PKI and correspondence;
The credible gateway control desk of step 46, first trust domain and second trust domain is set up a list of access rights and with PKI parameter PK_DAA and PKI and corresponding safe class and these information stores of access rights of the anonymous credential server of another trust domain.
As shown in Figure 5, the schematic flow sheet for the anonymous credential server application signing messages of credible gateway control desk among integrity report transmission method second embodiment between the multiple trusting domains of the present invention in the territory can comprise the steps:
Step 51, credible gateway control desk send the request message of the signing messages that is used for acquisition request identity sequence number ID_TGCP to the anonymous credential server;
Comprise in this request message with the identity sequence number ID_TGCP after the PKI e encryption of anonymous credential server.
Step 52, anonymous credential server are judged the legitimacy of identity sequence number ID_TGCP;
Particularly, after the anonymous credential server is received request message, decipher with the private key d of anonymous credential server; And whether identity verification sequence number ID_TGCP is in list of identities LI; If identity sequence number ID_TGCP in list of identities LI, execution in step 53, otherwise refusal is issued signing messages;
Step 53, anonymous credential server are issued signing messages Sign and are sent to trusted networks pass control desk for the identity sequence number ID_TGCP of the credible gateway control desk in this territory;
Wherein, Sign=H (PK_DAA||ID_TGCP) d, H () falls into function Hash for unilateral gate.|| be hyphen.
The validity of step 54, credible gateway control desk certifying signature information Sign;
Particularly, after credible gateway control desk was received signing messages Sign, whether whether the e that can use public-key became Rob Roy certifying signature information Sign to be issued by the anonymous credential server through judging following equality:
Sign emodn=H(PK_DAA||ID_TGCP)modn
That is to say, after TGCP receives signing messages Sign, at first,, suppose that the value that deciphering obtains is Sign with the PKI e decrypted signature information Sign of anonymous credential server e(Sign eModn=H (PK_DAA||ID_TGCP) DeModn=H (PK_DAA||ID_TGCP) modn); Self calculate H (PK_DAA||ID_TGCP) modn then again, if Sign eModn=H (PK_DAA||ID_TGCP) modn explains that then signing messages Sign is issued by the anonymous credential server.
Schematic flow sheet as shown in Figure 6, as to break the wall of mistrust between the credible gateway control desk for two trust domain among integrity report transmission method second embodiment between the multiple trusting domains of the present invention can comprise the steps:
For expressing conveniently; The PKI parameter that makes the anonymous server of first trust domain is PK_DAA_A; The PKI parameter of the anonymous credential server of second trust domain is PK_DAA_B, and the credible gateway control desk of first trust domain is credible gateway control desk TGCP_A, and the credible gateway control desk of second trust domain is credible gateway control desk TGCP_B; The e that uses in the statement below, d is e A, d A, i.e. the RSA public private key pair of the anonymous credential server in first trust domain.
Step 61, credible gateway control desk TGCP_A send R e
Particularly, the credible gateway control desk TGCP_A of first trust domain selects first random number R, according to the PKI e of the anonymous credential server of first trust domain, generates random information R eSend to credible gateway controlling platform TGCP_B;
Step 62, credible gateway control desk TGCP_A respond the second random number t;
Particularly, credible gateway control desk TGCP_B selects the second random number t, sends to credible gateway control desk TGCP_A as response.
Step 63, credible gateway control desk TGCP_A send the second information c and the 3rd information M;
Wherein, the second information c is according to PKI parameter PK_DAA_B, the second random number t and the random information R of the anonymous credential server of the PKI parameter PK_DAA_A of the anonymous credential server of first trust domain and PKI e, second trust domain eGenerate, the 3rd information M generates according to the second information c, first random number R and signing messages Sign, and is specific as follows:
c=H(PK_DAA_A||PK_DAA_B||e||t||R e)
M=R×Sign c
Credible gateway control desk TGCP_A sends to credible gateway control desk TGCP_B with the second information c and the 3rd information M;
Step 64, credible gateway control desk TGCP_B are verified the 3rd information c according to PKI parameter PK_DAA_B, random information, the identity sequence number ID_TGCP of the anonymous credential server of the PKI parameter PK_DAA_A of the anonymous credential server of the 3rd information M, first trust domain and PKI e, second trust domain, verify promptly whether following equality is set up:
c=H(PK_DAA_A||PK_DAA_B||e||t||M e/H(PK_DAA_A||ID_TGCP) c)modn
In fact,
M e/H(PK_DAA_A||ID_TGCP) c=R e*Sign ec/H(PK_DAA_A||ID_TGCP) c
Because Sign=H (PK_DAA_A||ID_TGCP) dSo, have
Sign ec=H(PK_DAA_A||ID_TGCP) ecd?modn=H(PK_DAA_A||ID_TGCP) cmodn
So, M e/ H (PK_DAA_A||ID_TGCP) c=R eModn
If checking is passed through, promptly above-mentioned equality is set up, and then trusts and sets up, and credible gateway control desk TGCP_B just trusts credible gateway control desk TGCP_A.
Both sides' negotiation communication key K is passed through in step 65, checking.
The fail safe of this step in order to communicate by letter, AES can use general symmetric encipherment algorithm, and key is arranging key K.
Need to prove that among the step 61-64, the role of credible gateway control desk TGCP_A and credible gateway control desk TGCP_B can exchange.
Schematic flow sheet as shown in Figure 7, as to communicate between the main frame for different trust domain among integrity report transmission method second embodiment between the multiple trusting domains of the present invention can comprise the steps:
Source host A [i] in step 71, first trust domain sends the first request message M=(m|| σ) to credible gateway control desk TGCP_A.
Wherein, m=(Request||IR||IP_Dest), Requset are request resource information, and it comprises the request COS, and perhaps the request resource title is asked the port numbers of service etc.; IP is the integrity report of source host, and IR includes the platform configuration registration, and (Platform Configuration Register is called for short: PCR) value and metrics logs information; IP_Dest is the IP address of the destination host that will communicate by letter; σ is the direct anonymous attestation-signatures data message about information m, and its direct anonymous proof DAA scheme signature agreement of pressing among the TPM v1.2 is complete.
Step 72, credible gateway control desk TGCP_A resolve IP_Dest.
If judge that IP_Dest is a main frame in the territory, then directly transmit this first request message; If judge that IP_Dest is overseas main frame; Then produce the second request message M '=(m||PK_DAA_A|| σ); And after it is encrypted with the communication key K that consults out; Send to the credible gateway control desk TGCP_B of second trust domain, wherein, PK_DAA_A is the PKI parameter of the anonymous credential server in first trust domain.
After step 73, credible gateway control desk TGCP_B receive the second request message M '; Decipher second request message with communication key K; According to the residing list of access rights of PK_DAA_A; Search request person belongs to pairing safe class in territory and access rights, and judges that request resource information is whether in safe class and access authority range allow.If request resource information is not in safe class and access rights, refusal is transmitted second request message; If request resource information in safe class and access rights, is transmitted second request message to destination host B [i].
After the destination host B [i] of step 74, second trust domain receives second request message; According to the direct anonymous PKI parameter PK_DAA_A that proves the anonymous credential server of the data message σ and first trust domain in second request message; Judge whether source host A [i] is the TCM main frame in first trust domain; Judge promptly whether source host has the anonymous credential that the anonymous credential server of first trust domain is issued, proof procedure is directly anonymous proof DAA plan-validation process.When judging that source host A [i] has the anonymous credential that the anonymous credential server of first trust domain issues, execution in step 75, otherwise directly respond refusal information.
Step 75, destination host B [i] judge according to integrity report information IR (IR comprises PCR value and metrics logs information) whether source host A [i] is believable, thereby determine whether to provide certain service or certain special resource of request.When source host A [i] is believable, execution in step 76, otherwise directly respond refusal information.
Step 76, destination host B [i] are according to oneself state, and can judgement provide request resource information, and send response message to TGCP_B.
Particularly, as destination host B [i] when being in the free time, send and agree that request message is to TGCP_B; When destination host B [i] is in when busy, respond the TGCP_B that waits for the arrival of news; When not having request resource information or request resource information is not provided, respond refuse information to TGCP_B.
After step 77, TGCP_B received response message, TGCP_B transmitted response message was given TGCP_A, and TGCP_A is transmitted to A [i] with response message again, thereby set up communication.
In the present embodiment; Source host sends a request message to the credible gateway control desk in this territory earlier, judges at first by credible gateway control desk whether destination host is positioned at same trust domain, when destination host is positioned at same trust domain; Directly transmit request message; When destination host was positioned at not same area, credible gateway control desk carries out interactive authentication with the credible gateway control desk in territory, destination host place again, and was credible to set up; On believable basis, requestor and verifier are that the integrity report transmission is realized at the data relay station with the credible gateway control desk in the territory separately.
In addition; Present embodiment provides between a kind of credible gateway control desk the signing messages authentication protocol based on zero-knowledge proof; Owing to used the thinking of zero-knowledge proof, both realized the mutual trust between the credible gateway control desk, protected the privacy information of credible gateway control desk again; Avoid the leakage of privacy information, prevent to be assumed another's name.In verification process, add the PKI parameter that both sides know altogether, strengthened the credibility of authentication.In verification process, random parameter is selected by the verifier at random, has strengthened the correctness of authentication, has prevented Replay Attack.This signing messages authentication protocol interactive step is simple, is prone to realize.
Credible gateway control desk first embodiment
The credible gateway control desk of present embodiment can be used in structural representation first trust domain shown in Figure 1.
As shown in Figure 8; Be the structural representation of credible gateway control desk first embodiment of the present invention, can comprise first receiver module 81, first signing messages obtains and authentication module 82, first is trusted and set up module 83, first judge module 84 and first sending module 85.First signing messages obtains with authentication module 82 and is connected with first receiver module 81; First trust set up module 83 respectively with first receiver module 81, first signing messages obtains is connected with first sending module 85 with authentication module 82; First judge module 84 and first trust are set up module 83 and are connected, and first sending module 85 obtains with authentication module 82, first trust with first signing messages respectively and sets up module 83 and be connected with first judge module 84.
First receiver module 81 is used to receive the access authority information of anonymous credential server of PKI parameter and the PKI and second trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of first trust domain sends, second trust domain.First signing messages obtains signing messages and the certifying signature information that is used for obtaining from the anonymous credential server of first trust domain identity sequence number with authentication module 82.First trust is set up module 83 and is used for breaking the wall of mistrust the negotiation communication key with the credible gateway control desk of second trust domain; First receiver module 81 also is used to receive first request message that the source host in first trust domain sends; Comprise the first information in first request message and about the direct anonymous attestation-signatures data message of the first information, the first information comprises the integrity report of request resource information, source host and the destination host sign of destination host.First judge module 84 is used for according to the destination host sign, judges whether destination host is the main frame in first trust domain.First sending module 85 is used for when first judge module 84 judges that destination host is the main frame in first trust domain; First request message is sent to destination host; When first judge module 84 judges that destination host is not the main frame in first trust domain; Generate second request message and adopt communication key to encrypt second request message, second request message after encrypting is sent to the credible gateway control desk of second trust domain; First receiver module 81 also is used to receive the response message that the credible gateway control desk of second trust domain sends; First sending module 85 also is used for response message is sent to source host, and second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain.
In the present embodiment; First receiver module 81 receives the identity sequence number that the anonymous credential server of first trust domain sends, and first signing messages obtains with authentication module 82 and obtains the signing messages and the certifying signature information of identity sequence number from the anonymous credential server of first trust domain, simultaneously; First receiver module 81 also receives the access authority information of anonymous credential server of PKI parameter and the PKI and second trust domain of the anonymous credential server of second trust domain that the anonymous credential server of first trust domain sends; Then, first trusts the credible gateway control desk set up the module 83 and second trust domain and breaks the wall of mistrust the negotiation communication key; Then; First receiver module 81 receives first request message that the source host in first trust domain sends, and first judge module 84 judges according to the destination host sign whether destination host is the main frame in first trust domain; When first judge module 84 judges that destination host is the main frame in first trust domain; First sending module 85 sends to destination host with first request message, and when first judge module 84 judged that destination host is not the main frame in first trust domain, first sending module 85 generated second request message and adopts communication key to encrypt second request message; Second request message after encrypting is sent to the credible gateway control desk of second trust domain; At last, first receiver module 81 receives the response message that the credible gateway control desk of second trust domain sends, and first sending module 85 sends to source host with response message.
Credible gateway control desk second embodiment
The credible gateway control desk of present embodiment can be used in structural representation first trust domain shown in Figure 1.
As shown in Figure 9; Structural representation for credible gateway control desk second embodiment of the present invention; On the basis of structural representation shown in Figure 8; First trusts and to set up module 83 and can comprise the first random information generation unit 831, first information generation unit 832 and the first key agreement unit 833; The first random information generation unit 831 obtains with authentication module 82 with first signing messages and is connected with first receiver module 81, and first information generation unit 832 is connected with first receiver module 81 with the first random information generation unit 831, and first sending module 85 is connected with first information generation unit 832; The first key agreement unit 833 is connected with first information generation unit 832, and first judge module 84 is connected with the first key agreement unit 833.
In the present embodiment; First receiver module 81 receives the identity sequence number of the anonymous credential server transmission of first trust domain; First sending module 85 sends the request message of the signing messages that is used to obtain the identity sequence number to the anonymous credential server of first trust domain; The signing messages of the identity sequence number that the anonymous credential server of first receiver module, 81 receptions, first trust domain sends; First signing messages obtains with authentication module 82 and obtains signing messages; According to the PKI parameter of the anonymous credential server of the identity sequence number and first trust domain, certifying signature information, simultaneously; First receiver module 81 also receives the access authority information of anonymous credential server of PKI parameter and the PKI and second trust domain of the anonymous credential server of second trust domain that the anonymous credential server of first trust domain sends, and said process can be referring to Fig. 4 and schematic flow sheet shown in Figure 5; Then; The first random information generation unit 831 is according to the PKI of the anonymous credential server of first random number and first trust domain; Generate random information; First sending module 85 sends to the credible gateway control desk of second trust domain with random information, and first receiver module 81 receives second random number that the credible gateway control desk of second trust domain sends, and first information generation unit 832 is according to PKI parameter, second random number and the random information of the anonymous credential server of the PKI parameter of the anonymous credential server of first trust domain and PKI, second trust domain; Generate second information; According to second information, first random number and signing messages, generate the 3rd information, first sending module 85 sends to second information and the 3rd information in the credible gateway control desk of second trust domain; The credible gateway control desk negotiation communication key of the first key agreement unit 833 and second trust domain, said process can be referring to schematic flow sheet shown in Figure 6; Again then; First receiver module 81 receives first request message that the source host in first trust domain sends; First judge module 84 judges whether destination host is the main frame in first trust domain, when first judge module 84 judges that destination host is the main frame in first trust domain according to the destination host sign; First sending module 85 sends to destination host with first request message; When first judge module 84 judged that destination host is not the main frame in first trust domain, first sending module 85 generated second request message and adopts communication key to encrypt second request message, second request message after encrypting is sent to the credible gateway control desk of second trust domain; At last; First receiver module 81 receives the response message that the credible gateway control desk of second trust domain sends, and first sending module 85 sends to source host with response message, and said process can be referring to schematic flow sheet shown in Figure 7.
Credible gateway control desk the 3rd embodiment
Shown in figure 10; Structural representation for credible gateway control desk the 3rd embodiment of the present invention; Be with the difference of structural representation shown in Figure 8; First trusts and to set up module and comprise that 83 can comprise the first random number generation unit 834, first authentication unit 835 and the first key agreement unit 833; The first random number generation unit 834 obtains with authentication module 82 with first signing messages respectively and is connected with first sending module 85, and first authentication unit 835 is connected with first receiving element 81, and the first key agreement unit 833 is connected with first authentication unit 835.
In the present embodiment; First receiver module 81 receives the identity sequence number of the anonymous credential server transmission of first trust domain; First sending module 85 sends the request message of the signing messages that is used to obtain the identity sequence number to the anonymous credential server of first trust domain; The signing messages of the identity sequence number that the anonymous credential server of first receiver module, 81 receptions, first trust domain sends; First signing messages obtains with authentication module 82 and obtains signing messages; According to the PKI parameter of the anonymous credential server of the identity sequence number and first trust domain, certifying signature information, simultaneously; First receiver module 81 also receives the access authority information of anonymous credential server of PKI parameter and the PKI and second trust domain of the anonymous credential server of second trust domain that the anonymous credential server of first trust domain sends, and said process can be referring to Fig. 4 and schematic flow sheet shown in Figure 5; Then; First receiver module 81 receives the random information of the credible gateway control desk transmission of second trust domain; The first random number generation unit 834 generates second random number; First sending module 85 sends to second random number in the credible gateway control desk of second trust domain; First receiver module 81 receives second information and the 3rd information of the credible gateway control desk transmission of second trust domain; First authentication unit 835 is used for verifying the 3rd information according to the PKI parameter of the anonymous credential server of the PKI parameter of the anonymous credential server of second information, the 3rd information, first trust domain, second trust domain and PKI, second random number, identity sequence number, the credible gateway control desk negotiation communication key of the first key agreement unit 833 and second trust domain.Again then; First receiver module 81 receives first request message that the source host in first trust domain sends; First judge module 84 judges whether destination host is the main frame in first trust domain, when first judge module 84 judges that destination host is the main frame in first trust domain according to the destination host sign; First sending module 85 sends to destination host with first request message; When first judge module 84 judged that destination host is not the main frame in first trust domain, first sending module 85 generated second request message and adopts communication key to encrypt second request message, second request message after encrypting is sent to the credible gateway control desk of second trust domain; At last; First receiver module 81 receives the response message that the credible gateway control desk of second trust domain sends, and first sending module 85 sends to source host with response message, and said process can be referring to schematic flow sheet shown in Figure 7.
Anonymous credential server first embodiment
Shown in figure 11; Structural representation for anonymous credential server first embodiment of the present invention; Can comprise initialization module 111, second sending module 112, second receiver module 113 and signing messages generation module 114; Second sending module 112 is connected with initialization module 111, and second receiver module 113 is connected with second sending module 112, and signing messages generation module 114 is connected with second sending module 112 with second receiver module 113 respectively.
Wherein, the credible gateway control desk that initialization module 111 is used to first trust domain generates the identity sequence number, generates the access authority information of the anonymous credential server of second trust domain.Second sending module 112 is used for the PKI parameter of the anonymous credential server of first trust domain and PKI are sent to the anonymous credential server of second trust domain.Second receiver module 113 is used to receive PKI parameter and the PKI that the anonymous credential server of second trust domain sends, and second sending module 112 also is used for the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of second trust domain and PKI, second trust domain and the credible gateway control desk that the identity sequence number sends to first trust domain.Signing messages generation module 114 is used to the signing messages of the credible gateway control desk generation identity sequence number of first trust domain, and second sending module also is used for signing messages is sent to the credible gateway control desk of first trust domain.
In the present embodiment, initialization module 111 is the credible gateway control desk generation identity sequence number of first trust domain; Simultaneously; The anonymous credential server that second sending module 112 sends to second trust domain with the PKI parameter and the PKI of the anonymous credential server of first trust domain; Second receiver module 113 receives the PKI parameter and the PKI of the anonymous credential server transmission of second trust domain, and initialization module 111 generates the access authority information of the anonymous credential server of second trust domain; Then, second sending module 112 is with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of second trust domain and PKI, second trust domain and the credible gateway control desk that the identity sequence number sends to first trust domain; At last, signing messages generation module 114 is the signing messages that the credible gateway control desk of first trust domain generates the identity sequence number, and second sending module 112 sends to signing messages in the credible gateway control desk of first trust domain.
Anonymous credential server second embodiment
The structural representation of present embodiment is identical with structural representation shown in Figure 11, and in the present embodiment, initialization module 111 is that the credible gateway control desk of first trust domain generates the identity sequence number; Simultaneously; Second sending module 112 sends to the PKI parameter of the anonymous credential server of first trust domain anonymous credential server of second trust domain; Second receiver module 113 receives the PKI parameter and the PKI of the anonymous credential server transmission of second trust domain, and initialization module 111 generates the access authority information of the anonymous credential server of second trust domain; Then, second sending module 112 is with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of second trust domain and PKI, second trust domain and the credible gateway control desk that the identity sequence number sends to first trust domain; At last; The request message of the signing messages that is used for acquisition request identity sequence number that the credible gateway control desk of second receiver module, 113 receptions, first trust domain sends; Signing messages generation module 114 is according to the private key of the anonymous credential server of the PKI parameter of the anonymous credential server of first trust domain, identity sequence number, first trust domain; Generate the signing messages of identity sequence number, second sending module 112 sends to signing messages in the credible gateway control desk of first trust domain.
Credible gateway control desk the 4th embodiment
The credible gateway control desk of present embodiment can be used in structural representation second trust domain shown in Figure 1.
Shown in figure 12; Be the structural representation of credible gateway control desk the 4th embodiment of the present invention, can comprise the 3rd receiver module 121, second signing messages obtains and authentication module 122, second is trusted and set up module 123, second judge module 124 and the 3rd sending module 125.Second signing messages obtains with authentication module 122 and is connected with the 3rd receiver module 121 respectively; Second trusts and to set up module 123 and obtain with authentication module 122 with second signing messages and be connected; Second judge module 124 is set up module 123 with second trust respectively and is connected with the 3rd receiver module 121, and the 3rd sending module 125 is connected with second judge module 124.
Wherein, the 3rd receiver module 121 is used to receive the access authority information of anonymous credential server of PKI parameter and the PKI and first trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of second trust domain sends, first trust domain.Second signing messages obtains signing messages and the certifying signature information that is used for obtaining from the anonymous credential server of second trust domain identity sequence number with authentication module 122.Second trust is set up module 123 and is used for breaking the wall of mistrust the negotiation communication key with the credible gateway control desk of first trust domain.The 3rd receiver module 121 also is used to receive second request message after the encryption that the credible gateway control desk of first trust domain sends; Second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in first request message and about the direct anonymous attestation-signatures data message of the first information, the first information comprises the integrity report of request resource information, source host and the destination host sign of destination host.Second judge module 124 is used for second request message behind the enabling decryption of encrypted, according to the PKI parameter of the anonymous credential server of first trust domain, obtains the access authority information of first trust domain, judges that request resource information is whether in access authority information.The 3rd sending module 125 is used for when second judge module, 124 decision request resource informations are not in access authority information; Credible gateway control desk to first trust domain sends response message; When the second disconnected module 124 decision request message are in access authority information; Identify according to destination host; Second request message is sent to destination host, and the 3rd receiver module 121 also is used for the response message that the receiving target main frame sends, and the 3rd sending module 125 also is used for response message is sent to the credible gateway control desk of first trust domain.
In the present embodiment, the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of the identity sequence number of the anonymous credential server transmission of the 3rd receiver module 121 receptions second trust domain, first trust domain and the PKI and first trust domain; Then, second signing messages obtains signing messages and the certifying signature information of obtaining the identity sequence number with authentication module 122 from the anonymous credential server of second trust domain; Again then, second trusts the credible gateway control desk set up the module 123 and first trust domain and breaks the wall of mistrust the negotiation communication key; At last; Second request message after the encryption that the credible gateway control desk of the 3rd receiver module 121 receptions first trust domain sends; Second request message behind second judge module, 124 enabling decryption of encrypted according to the PKI parameter of the anonymous credential server of first trust domain, obtains the access authority information of first trust domain; Judge that request resource information is whether in access authority information; When second judge module, 124 decision request resource informations were not in access authority information, the 3rd sending module 125 sent response message to the credible gateway control desk of first trust domain, when second judge module, 124 decision request message are in access authority information; The 3rd sending module 125 identifies according to destination host; Second request message is sent to destination host, the response message that the 3rd receiver module 121 receiving target main frames send, the 3rd sending module 125 sends to response message in the credible gateway control desk of first trust domain.
Credible gateway control desk the 5th embodiment
The credible gateway control desk of present embodiment can be used in structural representation second trust domain shown in Figure 1.
Shown in figure 13; Structural representation for credible gateway control desk the 5th embodiment of the present invention; On the basis of structural representation shown in Figure 12; Second trusts and to set up module 123 and can comprise the second random number generation unit 1231, second authentication unit 1232 and the second key agreement unit 1233; The second random number generation unit 1231 obtains with authentication module 122 with the 3rd receiver module 121 and second signing messages respectively and is connected, and second authentication unit 1232 is connected with the 3rd receiver module 121 with the second random number generation unit 1231, and the second key agreement unit 1233 is connected with second authentication unit 1232.
In the present embodiment, the 3rd receiver module 121 also is used to receive the random information that the credible gateway control desk of first trust domain sends.The second random number generation unit 1231 is used to generate second random number; The 3rd sending module 125 also is used for second random number is sent to the credible gateway control desk of first trust domain, and the 3rd receiver module 121 also is used to receive second information and the 3rd information that the credible gateway control desk of first trust domain sends; Second authentication unit 1232 is used for verifying the 3rd information according to the PKI parameter of the anonymous credential server of the PKI parameter of the anonymous credential server of second information, the 3rd information, second trust domain, first trust domain and PKI, second random number, identity sequence number; The second key agreement unit 1233 is used for the credible gateway control desk negotiation communication key with first trust domain.
In the present embodiment, the 3rd sending module 125 also is used for sending to the anonymous credential server of second trust domain request message of the signing messages that is used for acquisition request identity sequence number; The 3rd receiver module 121 also is used to receive the signing messages of the identity sequence number that the anonymous credential server of second trust domain sends; Second signing messages obtains with authentication module 122 and is used to obtain signing messages, according to the PKI parameter of the anonymous credential server of the identity sequence number and second trust domain, certifying signature information.
In the present embodiment; The access authority information of the PKI parameter of the identity sequence number that the anonymous credential server of the 3rd receiver module 121 receptions second trust domain sends, the anonymous credential server of first trust domain and the anonymous credential server of first trust domain, said process can be referring to schematic flow sheet shown in Figure 4; Then; The 3rd sending module 125 sends the request message of the signing messages that is used for acquisition request identity sequence number to the anonymous credential server of second trust domain; The signing messages of the identity sequence number that the anonymous credential server of the 3rd receiver module 121 receptions second trust domain sends; Second signing messages obtains and the PKI parameter of authentication module 122 according to the anonymous credential server of the identity sequence number and second trust domain, certifying signature information, and said process can be referring to schematic flow sheet shown in Figure 5; Again then; The 3rd receiver module 121 receives the random information of the credible gateway control desk transmission of first trust domain; The second random number generation unit 1231 generates second random number; The 3rd sending module 125 sends to second random number in the credible gateway control desk of first trust domain; The 3rd receiver module 121 receives second information and the 3rd information of the credible gateway control desk transmission of first trust domain; Second authentication unit 1232 is verified the 3rd information according to PKI parameter and PKI, second random number, the identity sequence number of the anonymous credential server of the PKI parameter of the anonymous credential server of second information, the 3rd information, second trust domain, first trust domain, the credible gateway control desk negotiation communication key of the second key agreement unit 1233 and first trust domain, and said process can be referring to schematic flow sheet shown in Figure 6; At last; The 3rd receiver module 121 receives second request message after the encryption that the credible gateway control desk of first trust domain sends, and second request message behind second judge module, 124 enabling decryption of encrypted is according to the PKI parameter of the anonymous credential server of first trust domain; Obtain the access authority information of first trust domain; Judge request resource information whether in access authority information, when second judge module, 124 decision request resource informations were not in access authority information, the 3rd sending module 125 sent response message to the credible gateway control desk of first trust domain; When second judge module, 124 decision request message are in access authority information; The 3rd sending module 125 sends to destination host according to the destination host sign with second request message, the response message that the 3rd receiver module 121 receiving target main frames send; The 3rd sending module 125 sends to the credible gateway control desk of first trust domain with response message, and said process can be referring to schematic flow sheet shown in Figure 7.
Credible gateway control desk the 6th embodiment
The credible gateway control desk of present embodiment can be used in structural representation second trust domain shown in Figure 1.
Shown in figure 14; Structural representation for credible gateway control desk the 6th embodiment of the present invention; On the basis of structural representation shown in Figure 12, second trusts and to set up module 123 and can comprise the second random information generation unit 1234, second information generating unit 1235 and the second key agreement unit 1233.The second random information generation unit 1234 obtains with authentication module 122 with second signing messages and is connected with the 3rd sending module 125; Second information generating unit 1235 is connected with the 3rd sending module 125 with the second random information generation unit 1234, the 3rd receiver module 121, and the second key agreement unit 1233 is connected with second information generating unit 1235.
In the present embodiment; The second random information generation unit 1234 is used for the PKI according to the anonymous credential server of first random number and second trust domain; Generate random information; The 3rd sending module 125 also is used for random information is sent to the credible gateway control desk of first trust domain, and the 3rd receiver module 121 also is used to receive second random number that the credible gateway control desk of first trust domain sends.Second information generating unit 1235 is used for PKI parameter, second random number and the random information according to the anonymous credential server of the PKI parameter of the anonymous credential server of second trust domain and PKI, first trust domain; Generate second information; According to second information, first random number and signing messages; Generate the 3rd information, the 3rd sending module 125 also is used for second information and the 3rd information are sent to the credible gateway control desk of first trust domain.The second key agreement unit 1233 is used for the credible gateway control desk negotiation communication key with first trust domain.
In the present embodiment, the 3rd sending module 125 also is used for sending to the anonymous credential server of second trust domain request message of the signing messages that is used for acquisition request identity sequence number; The 3rd receiver module 121 also is used to receive the signing messages of the identity sequence number that the anonymous credential server of second trust domain sends; Second signing messages obtains with authentication module 122 and is used to obtain signing messages, according to the PKI parameter of the anonymous credential server of the identity sequence number and second trust domain, certifying signature information.
In the present embodiment, the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of the identity sequence number of the anonymous credential server transmission of the 3rd receiver module 121 receptions second trust domain, first trust domain and first trust domain; Then; The 3rd sending module 125 sends the request message of the signing messages that is used for acquisition request identity sequence number to the anonymous credential server of second trust domain; The signing messages of the identity sequence number that the anonymous credential server of the 3rd receiver module 121 receptions second trust domain sends; Second signing messages obtains and the PKI parameter of authentication module 122 according to the anonymous credential server of the identity sequence number and second trust domain, certifying signature information; Again then; The second random information generation unit 1234 is according to the PKI of the anonymous credential server of first random number and second trust domain; Generate random information; The 3rd sending module 125 sends to the credible gateway control desk of first trust domain with random information, and the 3rd receiver module 121 receives second random number that the credible gateway control desk of first trust domain sends.Second information generating unit 1235 is according to PKI parameter, second random number and the random information of the anonymous credential server of the PKI parameter of the anonymous credential server of second trust domain and PKI, first trust domain; Generate second information; According to second information, first random number and signing messages; Generate the 3rd information; The 3rd sending module 125 sends to the credible gateway control desk of first trust domain, the credible gateway control desk negotiation communication key of the second key agreement unit 1233 and first trust domain with second information and the 3rd information; At last; The 3rd receiver module 121 receives second request message after the encryption that the credible gateway control desk of first trust domain sends, and second request message behind second judge module, 124 enabling decryption of encrypted is according to the PKI parameter of the anonymous credential server of first trust domain; Obtain the access authority information of first trust domain; Judge request resource information whether in access authority information, when second judge module, 124 decision request resource informations were not in access authority information, the 3rd sending module 125 sent response message to the credible gateway control desk of first trust domain; When second judge module, 124 decision request message are in access authority information; The 3rd sending module 125 sends to destination host according to the destination host sign with second request message, the response message that the 3rd receiver module 121 receiving target main frames send; The 3rd sending module 125 sends to the credible gateway control desk of first trust domain with response message, and said process can be referring to schematic flow sheet shown in Figure 7.
The host implementation example
Shown in figure 15, be the structural representation of host implementation example of the present invention, can comprise the 4th receiver module 151, the 3rd judge module 152, response message sending module 153, the 4th judge module 154 and the 5th judge module 155.The 3rd judge module 152 is connected with the 4th receiver module 151; Response message sending module 153 is connected with the 3rd judge module 152 with the 4th judge module 154; The 5th judge module 155 is connected with the 4th judge module 154 with response message sending module 153, and response message sending module 153 is connected with the 5th judge module 155.
Wherein, The 3rd receiver module 151 is used to receive second request message that the credible gateway control desk of second trust domain sends; Second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in first request message and about the direct anonymous attestation-signatures data message of the first information, the first information comprises the integrity report of request resource information, source host and the destination host sign of destination host.The 3rd judge module 152 is used for the PKI parameter according to the anonymous credential server of the direct anonymous attestation-signatures data message of the first information and first trust domain, judges whether source host has the anonymous credential that the anonymous credential server of first trust domain is issued.Response message sending module 153 is used for that the credible gateway control desk to second trust domain sends response message when the 3rd judge module 152 judges that source hosts do not have the anonymous credential that the anonymous credential server of first trust domain issues.The 4th judge module 154 is used for when the 3rd judge module judges that source host has the anonymous credential that the anonymous credential server of first trust domain issues, according to integrity report, judging whether source host is credible.Response message sending module 153 also is used for when the 4th judge module 154 judges that source host is insincere, to the credible gateway control desk transmission response message of second trust domain.The 5th judge module 155 is used for when the 4th judge module 154 judges that source host is credible, and judging whether to provide request resource information.Response message sending module 153 also is used for sending response message according to the judged result of the 3rd judge module to the credible gateway control desk of second trust domain.
In the present embodiment; The 3rd receiver module 151 receives second request message of the credible gateway control desk transmission of second trust domain; Then; The 3rd judge module 152 is according to the PKI parameter of the anonymous credential server of the direct anonymous attestation-signatures data message of the first information and first trust domain; Judge whether source host has the anonymous credential that the anonymous credential server of first trust domain is issued, when the 3rd judge module 152 judged that source hosts do not have the anonymous credential that the anonymous credential server of first trust domain issues, response message sending module 153 sent response message to the credible gateway control desk of second trust domain.When the 3rd judge module judges that source host has the anonymous credential that the anonymous credential server of first trust domain issues; The 4th judge module 154 is according to integrity report; Judge whether source host is credible; When the 4th judge module 154 judges that source host is insincere; Response message sending module 153 sends response message to the credible gateway control desk of second trust domain, and when the 4th judge module 154 judged that source host is credible, the 5th judge module 155 judged whether request resource information can be provided; Response message sending module 153 sends response message according to the judged result of the 3rd judge module to the credible gateway control desk of second trust domain, and idiographic flow can be referring to schematic flow sheet shown in Figure 7.
Integrity report transmission system between the multiple trusting domains
Present embodiment can comprise first trust domain and second trust domain; First trust domain comprises anonymous credential server, credible gateway control desk and several main frames; Second trust domain comprises anonymous credential server, credible gateway control desk and several main frames, and the structural representation of this system can be referring to Fig. 1.
In the present embodiment; The credible gateway control desk that the anonymous credential server of first trust domain is used to first trust domain generates the identity sequence number; Anonymous credential server interaction PKI parameter and PKI with second trust domain; Generate the access authority information of the anonymous credential server of second trust domain, with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of second trust domain and PKI, second trust domain and the credible gateway control desk that the identity sequence number sends to first trust domain; Be that the credible gateway control desk of first trust domain generates the signing messages of identity sequence number and signing messages sent to the credible gateway control desk of first trust domain;
The credible gateway control desk of first trust domain is used to receive the access authority information of anonymous credential server of PKI parameter and the PKI and second trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of first trust domain sends, second trust domain, obtains the signing messages and the certifying signature information of identity sequence number from the anonymous credential server of first trust domain; Break the wall of mistrust the negotiation communication key with the credible gateway control desk of second trust domain; Receive first request message that the source host in first trust domain sends; Comprise the first information in first request message and about the direct anonymous attestation-signatures data message of the first information; The first information comprises the integrity report of request resource information, source host and the destination host sign of destination host, according to the destination host sign, judges whether destination host is the main frame in first trust domain; If destination host is the main frame in first trust domain; First request message is sent to destination host,, generate second request message and adopt communication key to encrypt second request message if destination host is not the main frame in first trust domain; Second request message after encrypting is sent to the credible gateway control desk of second trust domain; Receive the response message of the credible gateway control desk transmission of second trust domain, and response message is sent to source host, second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain;
The credible gateway control desk that the anonymous credential server of second trust domain is used to second trust domain generates the identity sequence number; Anonymous credential server interaction PKI parameter and PKI with first trust domain; Generate the access authority information of the anonymous credential server of first trust domain, with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of first trust domain, first trust domain and the credible gateway control desk that the identity sequence number sends to second trust domain; Be that the credible gateway control desk of second trust domain generates the signing messages of identity sequence number and signing messages sent to the credible gateway control desk of second trust domain;
The credible gateway control desk of second trust domain is used to receive the access authority information of anonymous credential server of PKI parameter and the PKI and first trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of second trust domain sends, first trust domain, obtains the signing messages and the certifying signature information of identity sequence number from the anonymous credential server of second trust domain; Break the wall of mistrust the negotiation communication key with the credible gateway control desk of first trust domain; Receive second request message after the encryption that the credible gateway control desk of first trust domain sends; Second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in first request message and about the direct anonymous attestation-signatures data message of the first information, the first information comprises the integrity report of request resource information, source host and the destination host sign of destination host, second request message behind the enabling decryption of encrypted; PKI parameter according to the anonymous credential server of first trust domain; Obtain the access authority information of first trust domain, judge that request resource information is whether in access authority information, if request resource information is not in access authority information; Credible gateway control desk to first trust domain sends response message; If request message in access authority information, according to the destination host sign, sends to destination host with second request message; The response message that the receiving target main frame sends sends to response message in the credible gateway control desk of first trust domain;
The main frame of second trust domain is used to receive second request message that the credible gateway control desk of second trust domain sends; Second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in first request message and about the direct anonymous attestation-signatures data message of the first information, the first information comprises the integrity report of request resource information, source host and the destination host sign of destination host; According to the PKI parameter of the anonymous credential server of the direct anonymous attestation-signatures data message of the first information and first trust domain, judge whether source host has the anonymous credential that the anonymous credential server of first trust domain is issued; If source host does not have the anonymous credential that the anonymous credential server of first trust domain is issued; Credible gateway control desk to second trust domain sends response message; If source host has the anonymous credential that the anonymous credential server of first trust domain is issued,, judge whether source host is credible according to integrity report; If source host is insincere; Credible gateway control desk to second trust domain sends response message, if source host is credible, judges whether to provide request resource information and sends response message according to judged result to the credible gateway control desk of second trust domain.
In the present embodiment; At first; The anonymous certificate server of first trust domain is that the credible gateway control desk of first trust domain generates the identity sequence number and the identity sequence number sent to the credible gateway control desk of first trust domain; The credible gateway control desk of first trust domain receives the identity sequence number of the anonymous credential server transmission of first trust domain; The anonymous credential server of second trust domain is that the credible gateway control desk of second trust domain generates the identity sequence number and the identity sequence number is sent to the credible gateway control desk of second trust domain, and the credible gateway control desk of second trust domain receives the identity sequence number that the anonymous credential server of second trust domain sends; Then; The anonymous credential server of first trust domain is that the credible gateway control desk of first trust domain generates the signing messages of identity sequence number and signing messages is sent to the credible gateway control desk of first trust domain, and the credible gateway control desk of first trust domain obtains the signing messages of identity sequence number and verifies this signing messages from the anonymous credential server of first trust domain; The anonymous credential server of second trust domain is that the credible gateway control desk of second trust domain generates the signing messages of identity sequence number and signing messages sent to the credible gateway control desk of second trust domain; The credible gateway control desk of second trust domain obtains the signing messages of identity sequence number and verifies this signing messages from the anonymous credential server of second trust domain; Simultaneously; The anonymous certificate server of first trust domain and the anonymous credential server interaction PKI parameter and the PKI of second trust domain; The anonymous credential server of first trust domain generates the access authority information of the anonymous credential server of said second trust domain; The anonymous credential server of second trust domain generates the access authority information of the anonymous credential server of first trust domain; The anonymous certificate server of first trust domain sends to the credible gateway control desk of first trust domain with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of second trust domain and PKI, second trust domain, and the anonymous certificate server of second trust domain sends to the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of first trust domain and PKI, first trust domain in the credible gateway control desk of second trust domain; Afterwards, the credible gateway control desk of the credible gateway control desk of first trust domain and second trust domain breaks the wall of mistrust the negotiation communication key; The credible gateway control desk of first trust domain receives first request message that the source host in first trust domain sends, and comprises the first information in this first request message and about the direct anonymous attestation-signatures data message of the first information, and the first information comprises that the integrality of request resource information, source host comprises the destination host sign with destination host; According to the destination host sign, judge whether destination host is the main frame in first trust domain, if destination host is the main frame in first trust domain; First request message is sent to destination host; If destination host is not the main frame in first trust domain, generates second request message, and adopt communication key to encrypt second request message; Second request message after encrypting is sent to the credible gateway control desk of second trust domain; Second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain, and the credible gateway control desk of second trust domain receives second request message after encrypting, second request message behind the enabling decryption of encrypted; PKI parameter according to the anonymous credential server of first trust domain; Obtain the access authority information of first trust domain, judge that request resource information is whether in access authority information, if request resource information is not in access authority information; Credible gateway control desk to first trust domain sends response message; If request resource message in access authority information, according to the destination host sign, sends to destination host with second request message; At last; Destination host receives this second request message, according to the PKI parameter of the anonymous credential server of the direct anonymous credential signed data information of the first information and first trust domain, judges whether source host has the anonymous credential that the anonymous credential server of first trust domain is issued; If source host does not have the anonymous credential that the anonymous credential server of first trust domain is issued; Credible gateway control desk to second trust domain sends response message, if source host has the anonymous credential that the anonymous credential server of first trust domain is issued, according to integrity report; Judge whether source host is credible; If source host is insincere, to the credible gateway control desk transmission response message of second trust domain, if source host is credible; Judging whether to provide request resource information; Send response message according to judged result to the credible gateway control desk of second trust domain, the credible gateway control desk of second trust domain sends to the credible gateway control desk of first trust domain with response message, and the credible gateway control desk of first trust domain sends to source host with response message.
Need to prove; The credible gateway control desk of first trust domain can comprise arbitrary module and the unit of aforementioned credible gateway control desk first embodiment, second embodiment and the 3rd embodiment; The credible gateway control desk of second trust domain can comprise arbitrary module and the unit of aforementioned credible gateway control desk the 3rd embodiment, the 4th embodiment and the 5th embodiment, and the anonymous credential server of first trust domain can comprise arbitrary module of anonymous credential server first embodiment and second embodiment.The main frame of second trust domain can comprise arbitrary module of aforementioned host implementation example.
Technical scheme of the present invention is not limited to the embodiment described in the embodiment.Those skilled in the art's technical scheme according to the present invention draws other execution mode, belongs to technological innovation scope of the present invention equally.

Claims (23)

1. the integrity report transmission method between the multiple trusting domains is characterized in that, comprising:
Receive the access authority information of anonymous credential server of PKI parameter and PKI and said second trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of first trust domain sends, second trust domain, obtain the signing messages of said identity sequence number and verify said signing messages from the anonymous credential server of said first trust domain;
Break the wall of mistrust the negotiation communication key with the credible gateway control desk of said second trust domain;
Receive first request message that the source host in said first trust domain sends; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information; The said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host; According to said destination host sign; Judge that whether said destination host is the main frame in said first trust domain, if said destination host is the main frame in said first trust domain, sends to said destination host with said first request message; If said destination host is not the main frame in said first trust domain; Generate second request message and adopt said communication key to encrypt said second request message, second request message after encrypting is sent to the credible gateway control desk of second trust domain, receive the response message that the credible gateway control desk of said second trust domain sends; And said response message sent to said source host, said second request message comprises the PKI parameter of the anonymous credential server of said first request message and said first trust domain.
2. method according to claim 1 is characterized in that, the credible gateway control desk of said and said second trust domain breaks the wall of mistrust and comprises:
According to the PKI of the anonymous credential server of first random number and said first trust domain, generate random information, said random information is sent to the credible gateway control desk of said second trust domain;
Receive second random number of the credible gateway control desk transmission of said second trust domain; PKI parameter, said second random number and said random information according to the anonymous credential server of the PKI parameter of the anonymous credential server of said first trust domain and PKI, said second trust domain; Generate second information; According to said second information, said first random number and said signing messages; Generate the 3rd information, said second information and said the 3rd information are sent to the credible gateway control desk of said second trust domain.
3. method according to claim 1 is characterized in that, the credible gateway control desk of said and said second trust domain breaks the wall of mistrust and comprises:
Receive the random information of the credible gateway control desk transmission of said second trust domain, generate second random number, said second random number is sent to the credible gateway control desk of said second trust domain;
Receive second information and the 3rd information of the credible gateway control desk transmission of said second trust domain;
PKI parameter and PKI, said second random number, said identity sequence number according to the anonymous credential server of the PKI parameter of the anonymous credential server of said second information, said the 3rd information, said first trust domain, said second trust domain are verified said the 3rd information.
4. method according to claim 1 is characterized in that, said anonymous credential server from said first trust domain obtains the signing messages of said identity sequence number and verifies that said signing messages comprises:
Send the request message of the signing messages that is used for the said identity sequence number of acquisition request to the anonymous credential server of said first trust domain, receive the signing messages of the said identity sequence number that the anonymous credential server of said first trust domain sends;
According to the PKI parameter of the anonymous credential server of said identity sequence number and said first trust domain, verify said signing messages.
5. the integrity report transmission method between the multiple trusting domains is characterized in that, comprising:
The credible gateway control desk that is first trust domain generates the identity sequence number; Anonymous credential server interaction PKI parameter and PKI with second trust domain; Generate the access authority information of the anonymous credential server of said second trust domain, with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of said second trust domain, said second trust domain and the credible gateway control desk that said identity sequence number sends to said first trust domain;
For the credible gateway control desk of said first trust domain generates the signing messages of said identity sequence number and said signing messages is sent to the credible gateway control desk of said first trust domain.
6. method according to claim 5 is characterized in that, the said signing messages that generates said identity sequence number for the credible gateway control desk of said first trust domain comprises:
Receive the request message of the signing messages that is used for the said identity sequence number of acquisition request that the credible gateway control desk of said first trust domain sends;
According to the private key of the anonymous credential server of the PKI parameter of the anonymous credential server of said first trust domain, said identity sequence number, said first trust domain, generate the signing messages of said identity sequence number.
7. the integrity report transmission method between the multiple trusting domains is characterized in that, comprising:
Receive the access authority information of anonymous credential server of PKI parameter and PKI and said first trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of second trust domain sends, first trust domain, obtain the signing messages of said identity sequence number and verify said signing messages from the anonymous credential server of said second trust domain;
Break the wall of mistrust the negotiation communication key with the credible gateway control desk of said first trust domain;
Receive second request message after the encryption that the credible gateway control desk of first trust domain sends; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host, decipher second request message after the said encryption; PKI parameter according to the anonymous credential server of said first trust domain; Obtain the access authority information of said first trust domain, judge that the described request resource information is whether in said access authority information, if the described request resource information is not in said access authority information; Credible gateway control desk to said first trust domain sends response message; If described request message in said access authority information, according to said destination host sign, sends to said destination host with said second request message; Receive the response message that said destination host sends, said response message is sent to the credible gateway control desk of said first trust domain.
8. method according to claim 7 is characterized in that, the credible gateway control desk of said and said first trust domain breaks the wall of mistrust and comprises:
Receive the random information of the credible gateway control desk transmission of said first trust domain, generate second random number, said second random number is sent to the credible gateway control desk of said first trust domain;
Receive second information and the 3rd information of the credible gateway control desk transmission of said first trust domain;
PKI parameter and PKI, said second random number, said identity sequence number according to the anonymous credential server of the PKI parameter of the anonymous credential server of said second information, said the 3rd information, said second trust domain, said first trust domain are verified said the 3rd information.
9. method according to claim 7 is characterized in that, the credible gateway control desk of said and said first trust domain breaks the wall of mistrust and comprises:
According to the PKI of the anonymous credential server of first random number and said second trust domain, generate random information, said random information is sent to the credible gateway control desk of said first trust domain;
Receive second random number of the credible gateway control desk transmission of said first trust domain; PKI parameter, said first random number and said random information according to the anonymous credential server of the PKI parameter of the anonymous credential server of said second trust domain and PKI, said first trust domain; Generate second information; According to said second information, said first random number and said signing messages; Generate the 3rd information, said second information and said the 3rd information are sent to the credible gateway control desk of said first trust domain.
10. method according to claim 7 is characterized in that, said anonymous credential server from said second trust domain obtains the signing messages of said identity sequence number and verifies that said signing messages comprises:
Send the request message of the signing messages that is used for the said identity sequence number of acquisition request to the anonymous credential server of said second trust domain;
Receive the signing messages of the said identity sequence number that the anonymous credential server of said second trust domain sends,, verify said signing messages according to the PKI parameter of the anonymous credential server of said identity sequence number and said second trust domain.
11. the integrity report transmission method between the multiple trusting domains is characterized in that, comprising:
Receive second request message of the credible gateway control desk transmission of second trust domain; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host;
According to the PKI parameter of the anonymous credential server of the direct anonymous attestation-signatures data message of the said first information and said first trust domain, judge whether said source host has the anonymous credential that the anonymous credential server of said first trust domain is issued;
If said source host does not have the anonymous credential that the anonymous credential server of said first trust domain is issued; Credible gateway control desk to said second trust domain sends response message; If said source host has the anonymous credential that the anonymous credential server of said first trust domain is issued,, judge whether said source host is credible according to said integrity report; If said source host is insincere; Credible gateway control desk to said second trust domain sends response message, if said source host is credible, judges whether to provide the described request resource information and sends response message according to judged result to the credible gateway control desk of said second trust domain.
12. a credible gateway control desk is characterized in that, comprising:
First receiver module is used to receive the access authority information of anonymous credential server of PKI parameter and PKI and said second trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of first trust domain sends, second trust domain;
First signing messages obtains and authentication module, is used for obtaining the signing messages of said identity sequence number and verifying said signing messages from the anonymous credential server of said first trust domain;
First trust is set up module, is used for breaking the wall of mistrust the negotiation communication key with the credible gateway control desk of said second trust domain; Said first receiver module also is used to receive first request message that the source host in said first trust domain sends; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host;
First judge module is used for according to said destination host sign, judges whether said destination host is the main frame in said first trust domain;
First sending module; Be used for when said first judge module judges that said destination host is the main frame in said first trust domain; Said first request message is sent to said destination host; When said first judge module judges that said destination host is not the main frame in said first trust domain, generate second request message and adopt said communication key to encrypt said second request message, second request message after encrypting is sent to the credible gateway control desk of second trust domain; Said first receiver module also is used to receive the response message that the credible gateway control desk of said second trust domain sends; Said first sending module also is used for said response message is sent to said source host, and said second request message comprises the PKI parameter of the anonymous credential server of said first request message and said first trust domain.
13. credible gateway control desk according to claim 12 is characterized in that, said first trust is set up module and is comprised:
The first random information generation unit; Be used for PKI according to the anonymous credential server of first random number and said first trust domain; Generate random information; Said first sending module also is used for said random information is sent to the credible gateway control desk of said second trust domain, and said first receiver module also is used to receive second random number that the credible gateway control desk of said second trust domain sends;
First information generation unit; Be used for PKI parameter, said second random number and said random information according to the anonymous credential server of the PKI parameter of the anonymous credential server of said first trust domain and PKI, said second trust domain; Generate second information; According to said second information, said first random number and said signing messages; Generate the 3rd information, said first sending module also is used for said second information and said the 3rd information are sent to the credible gateway control desk of said second trust domain.
14. credible gateway control desk according to claim 12 is characterized in that, said first receiver module also is used to receive the random information that the credible gateway control desk of said second trust domain sends;
Said first trust is set up module and is comprised:
The first random number generation unit; Be used to generate second random number; Said first sending module also is used for said second random number is sent to the credible gateway control desk of said second trust domain, and said first receiver module also is used to receive second information and the 3rd information that the credible gateway control desk of said second trust domain sends;
First authentication unit is used for verifying said the 3rd information according to PKI parameter and PKI, said second random number, the said identity sequence number of the anonymous credential server of the PKI parameter of the anonymous credential server of said second information, said the 3rd information, said first trust domain, said second trust domain;
The first key agreement unit is used for the credible gateway control desk negotiation communication key with said second trust domain.
15. credible gateway control desk according to claim 12 is characterized in that, said first sending module also is used for sending to the anonymous credential server of said first trust domain request message of the signing messages that is used for the said identity sequence number of acquisition request;
Said first receiver module also is used to receive the signing messages of the said identity sequence number that the anonymous credential server of said first trust domain sends;
Said first signing messages obtains with authentication module and is used to obtain said signing messages, according to the PKI parameter of the anonymous credential server of said identity sequence number and said first trust domain, verifies said signing messages;
The first key agreement unit is used for the credible gateway control desk negotiation communication key with said second trust domain.
16. an anonymous credential server is characterized in that, comprising:
Initialization module, the credible gateway control desk that is used to first trust domain generates the identity sequence number, generates the access authority information of the anonymous credential server of said second trust domain;
Second sending module is used for the PKI parameter of the anonymous credential server of first trust domain and the anonymous credential server that PKI sends to second trust domain;
Second receiver module; Be used to receive PKI parameter and PKI that the anonymous credential server of second trust domain sends, said second sending module also is used for the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of said second trust domain and PKI, said second trust domain and the credible gateway control desk that said identity sequence number sends to said first trust domain;
The signing messages generation module, the credible gateway control desk that is used to said first trust domain generates the signing messages of said identity sequence number, and said second sending module also is used for said signing messages is sent to the credible gateway control desk of said first trust domain.
17. anonymous credential server according to claim 16 is characterized in that, said second receiver module also is used to receive the request message of the signing messages that is used for the said identity sequence number of acquisition request that the credible gateway control desk of said first trust domain sends;
Said signing messages generation module is used for the private key according to the anonymous credential server of the PKI parameter of the anonymous credential server of said first trust domain, said identity sequence number, said first trust domain, generates the signing messages of said identity sequence number.
18. a credible gateway control desk is characterized in that, comprising:
The 3rd receiver module is used to receive the access authority information of anonymous credential server of PKI parameter and PKI and said first trust domain of the anonymous credential server of identity sequence number that the anonymous credential server of second trust domain sends, first trust domain;
Second signing messages obtains and authentication module, is used for obtaining the signing messages of said identity sequence number and verifying said signing messages from the anonymous credential server of said second trust domain;
Second trust is set up module, is used for breaking the wall of mistrust the negotiation communication key with the credible gateway control desk of said first trust domain;
Said the 3rd receiver module also is used to receive second request message after the encryption that the credible gateway control desk of said first trust domain sends; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host;
Second judge module; Be used to decipher second request message after the said encryption; According to the PKI parameter of the anonymous credential server of said first trust domain, obtain the access authority information of said first trust domain, judge that the described request resource information is whether in said access authority information;
The 3rd sending module; Be used for when said second judge module judges that the described request resource information is not in said access authority information; Credible gateway control desk to said first trust domain sends response message; When the said second disconnected module judges that described request message is in said access authority information,, said second request message is sent to said destination host according to said destination host sign; Said the 3rd receiver module also is used to receive the response message that said destination host sends, and said the 3rd sending module also is used for said response message is sent to the credible gateway control desk of said first trust domain.
19. credible gateway control desk according to claim 18 is characterized in that, said the 3rd receiver module also is used to receive the random information that the credible gateway control desk of said first trust domain sends;
Said second trust is set up module and is comprised:
The second random number generation unit; Be used to generate second random number; Said the 3rd sending module also is used for said second random number is sent to the credible gateway control desk of said first trust domain, and said the 3rd receiver module also is used to receive second information and the 3rd information that the credible gateway control desk of said first trust domain sends;
Second authentication unit is used for verifying said the 3rd information according to PKI parameter and PKI, said second random number, the said identity sequence number of the anonymous credential server of the PKI parameter of the anonymous credential server of said second information, said the 3rd information, said second trust domain, said first trust domain;
The second key agreement unit is used for the credible gateway control desk negotiation communication key with first trust domain.
20. credible gateway control desk according to claim 18 is characterized in that, said second trust is set up module and is comprised:
The second random information generation unit; Be used for PKI according to the anonymous credential server of first random number and said second trust domain; Generate random information; Said the 3rd sending module also is used for said random information is sent to the credible gateway control desk of said first trust domain, and said the 3rd receiver module also is used to receive second random number that the credible gateway control desk of said first trust domain sends;
Second information generating unit; Be used for PKI parameter, said second random number and said random information according to the anonymous credential server of the PKI parameter of the anonymous credential server of said second trust domain and PKI, said first trust domain; Generate second information; According to said second information, said first random number and said signing messages; Generate the 3rd information, said the 3rd sending module also is used for said second information and said the 3rd information are sent to the credible gateway control desk of said first trust domain;
The second key agreement unit is used for the credible gateway control desk negotiation communication key with first trust domain.
21. credible gateway control desk according to claim 18 is characterized in that, said the 3rd sending module also is used for sending to the anonymous credential server of said second trust domain request message of the signing messages that is used for the said identity sequence number of acquisition request;
Said the 3rd receiver module also is used to receive the signing messages of the said identity sequence number that the anonymous credential server of said second trust domain sends;
Said second signing messages obtains with authentication module and is used to obtain said signing messages, according to the PKI parameter of the anonymous credential server of said identity sequence number and said second trust domain, verifies said signing messages.
22. a main frame is characterized in that, comprising:
The 4th receiver module; Be used to receive second request message that the credible gateway control desk of second trust domain sends; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host;
The 3rd judge module; Be used for PKI parameter, judge whether said source host has the anonymous credential that the anonymous credential server of said first trust domain is issued according to the anonymous credential server of the direct anonymous attestation-signatures data message of the said first information and said first trust domain;
The response message sending module is used for that the credible gateway control desk to said second trust domain sends response message when said the 3rd judge module judges that said source host does not have the anonymous credential that the anonymous credential server of said first trust domain issues;
The 4th judge module is used for when said the 3rd judge module judges that said source host has the anonymous credential that the anonymous credential server of said first trust domain issues, according to said integrity report, judging whether said source host is credible;
Said response message sending module also is used for when said the 4th judge module judges that said source host is insincere, to the credible gateway control desk transmission response message of said second trust domain;
The 5th judge module is used for when said the 4th judge module judges that said source host is credible, and judging whether to provide the described request resource information;
Said response message sending module also is used for sending response message according to the judged result of said the 3rd judge module to the credible gateway control desk of said second trust domain.
23. the integrity report transmission system between the multiple trusting domains; It is characterized in that; Comprise first trust domain and second trust domain, said first trust domain comprises anonymous credential server, credible gateway control desk and several main frames, and said second trust domain comprises anonymous credential server, credible gateway control desk and several main frames; Wherein
The credible gateway control desk that the anonymous credential server of said first trust domain is used to said first trust domain generates the identity sequence number; Anonymous credential server interaction PKI parameter and PKI with said second trust domain; Generate the access authority information of the anonymous credential server of said second trust domain, with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of said second trust domain and PKI, said second trust domain and the credible gateway control desk that said identity sequence number sends to said first trust domain; For the credible gateway control desk of said first trust domain generates the signing messages of said identity sequence number and said signing messages is sent to the credible gateway control desk of said first trust domain;
The credible gateway control desk of said first trust domain is used to receive the access authority information of anonymous credential server of PKI parameter and PKI and said second trust domain of the anonymous credential server of the identity sequence number that the anonymous credential server of said first trust domain sends, said second trust domain, obtains the signing messages of said identity sequence number and verifies said signing messages from the anonymous credential server of said first trust domain; Break the wall of mistrust the negotiation communication key with the credible gateway control desk of said second trust domain; Receive first request message that the source host in said first trust domain sends; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information; The said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host; According to said destination host sign; Judge that whether said destination host is the main frame in said first trust domain, if said destination host is the main frame in said first trust domain, sends to said destination host with said first request message; If said destination host is not the main frame in said first trust domain; Generate second request message and adopt said communication key to encrypt said second request message, second request message after encrypting is sent to the credible gateway control desk of second trust domain, receive the response message that the credible gateway control desk of said second trust domain sends; And said response message sent to said source host, said second request message comprises the PKI parameter of the anonymous credential server of said first request message and said first trust domain;
The credible gateway control desk that the anonymous credential server of said second trust domain is used to second trust domain generates the identity sequence number; Anonymous credential server interaction PKI parameter and PKI with said first trust domain; Generate the access authority information of the anonymous credential server of said first trust domain, with the access authority information of the anonymous credential server of the PKI parameter of the anonymous credential server of said first trust domain and PKI, said first trust domain and the credible gateway control desk that said identity sequence number sends to said second trust domain; For the credible gateway control desk of said second trust domain generates the signing messages of said identity sequence number and said signing messages is sent to the credible gateway control desk of said second trust domain;
The credible gateway control desk of said second trust domain is used to receive the access authority information of anonymous credential server of PKI parameter and PKI and said first trust domain of the anonymous credential server of the identity sequence number that the anonymous credential server of said second trust domain sends, said first trust domain, obtains the signing messages of said identity sequence number and verifies said signing messages from the anonymous credential server of said second trust domain; Break the wall of mistrust the negotiation communication key with the credible gateway control desk of said first trust domain; Receive second request message after the encryption that the credible gateway control desk of said first trust domain sends; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host, decipher second request message after the said encryption; PKI parameter according to the anonymous credential server of said first trust domain; Obtain the access authority information of said first trust domain, judge that the described request resource information is whether in said access authority information, if the described request resource information is not in said access authority information; Credible gateway control desk to said first trust domain sends response message; If described request message in said access authority information, according to said destination host sign, sends to said destination host with said second request message; Receive the response message that said destination host sends, said response message is sent to the credible gateway control desk of said first trust domain;
The main frame of said second trust domain is used to receive second request message that the credible gateway control desk of said second trust domain sends; Said second request message comprises the PKI parameter of the anonymous credential server of first request message and said first trust domain; Comprise the first information in said first request message and about the direct anonymous attestation-signatures data message of the said first information, the said first information comprises the integrity report of request resource information, said source host and the destination host sign of destination host; According to the PKI parameter of the anonymous credential server of the direct anonymous attestation-signatures data message of the said first information and said first trust domain, judge whether said source host has the anonymous credential that the anonymous credential server of said first trust domain is issued; If said source host does not have the anonymous credential that the anonymous credential server of said first trust domain is issued; Credible gateway control desk to said second trust domain sends response message; If said source host has the anonymous credential that the anonymous credential server of said first trust domain is issued,, judge whether said source host is credible according to said integrity report; If said source host is insincere; Credible gateway control desk to said second trust domain sends response message, if said source host is credible, judges whether to provide the described request resource information and sends response message according to judged result to the credible gateway control desk of said second trust domain.
CN201010234858.6A 2010-07-21 2010-07-21 Integrity report transferring method and system among multiple trust domains Active CN102340487B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201010234858.6A CN102340487B (en) 2010-07-21 2010-07-21 Integrity report transferring method and system among multiple trust domains

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010234858.6A CN102340487B (en) 2010-07-21 2010-07-21 Integrity report transferring method and system among multiple trust domains

Publications (2)

Publication Number Publication Date
CN102340487A true CN102340487A (en) 2012-02-01
CN102340487B CN102340487B (en) 2014-04-02

Family

ID=45515988

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010234858.6A Active CN102340487B (en) 2010-07-21 2010-07-21 Integrity report transferring method and system among multiple trust domains

Country Status (1)

Country Link
CN (1) CN102340487B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105393567A (en) * 2014-06-26 2016-03-09 华为技术有限公司 Data secure transmission method and device
CN108111488A (en) * 2017-12-06 2018-06-01 上海电机学院 A kind of dynamic threshold consulting tactical method
WO2018219351A1 (en) * 2017-06-02 2018-12-06 华为技术有限公司 Authentication method, device and system
CN109426736A (en) * 2017-08-22 2019-03-05 鸿富锦精密工业(武汉)有限公司 Credible main board system
WO2024007803A1 (en) * 2022-07-04 2024-01-11 中兴通讯股份有限公司 Collaborative verification methods, collaborative authentication method, operator device and enterprise device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1553499A1 (en) * 2002-09-30 2005-07-13 NTT DoCoMo, Inc. Communication system, relay device, and communication control method
US20080118070A1 (en) * 2006-11-20 2008-05-22 6580874 Canada Inc. Open and distributed systems to provide secure email service
CN101491039A (en) * 2006-07-20 2009-07-22 株式会社Ntt都科摩 Communication control method and communication control apparatus

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1553499A1 (en) * 2002-09-30 2005-07-13 NTT DoCoMo, Inc. Communication system, relay device, and communication control method
CN101491039A (en) * 2006-07-20 2009-07-22 株式会社Ntt都科摩 Communication control method and communication control apparatus
US20080118070A1 (en) * 2006-11-20 2008-05-22 6580874 Canada Inc. Open and distributed systems to provide secure email service

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105393567A (en) * 2014-06-26 2016-03-09 华为技术有限公司 Data secure transmission method and device
WO2018219351A1 (en) * 2017-06-02 2018-12-06 华为技术有限公司 Authentication method, device and system
CN108989270A (en) * 2017-06-02 2018-12-11 华为技术有限公司 Authentication method, equipment and system
CN109426736A (en) * 2017-08-22 2019-03-05 鸿富锦精密工业(武汉)有限公司 Credible main board system
CN108111488A (en) * 2017-12-06 2018-06-01 上海电机学院 A kind of dynamic threshold consulting tactical method
CN108111488B (en) * 2017-12-06 2021-08-24 上海电机学院 Dynamic threshold negotiation strategy method
WO2024007803A1 (en) * 2022-07-04 2024-01-11 中兴通讯股份有限公司 Collaborative verification methods, collaborative authentication method, operator device and enterprise device

Also Published As

Publication number Publication date
CN102340487B (en) 2014-04-02

Similar Documents

Publication Publication Date Title
Lim et al. A scalable and secure key distribution scheme for group signature based authentication in VANET
CN102710605A (en) Information security management and control method under cloud manufacturing environment
EP1748615A1 (en) Method and system for providing public key encryption security in insecure networks
CN102065016B (en) Message method of sending and receiving and device, message processing method and system
CN103118363B (en) A kind of method of mutual biography secret information, system, terminal unit and platform device
US20120072717A1 (en) Dynamic identity authentication system
CN101808142B (en) Method and device for realizing trusted network connection through router or switch
CN113746632B (en) Multi-level identity authentication method for Internet of things system
CN112351019B (en) Identity authentication system and method
CN102340487B (en) Integrity report transferring method and system among multiple trust domains
Mun et al. Secure privacy-preserving V2V communication in 5G-V2X supporting network slicing
CN112491550A (en) Mobile terminal equipment credibility authentication method and system based on Internet of vehicles
Xie et al. BEPHAP: A blockchain-based efficient privacy-preserving handover authentication protocol with key agreement for internet of vehicles
KR100984275B1 (en) Method for generating secure key using certificateless public key in insecure communication channel
KR100970552B1 (en) Method for generating secure key using certificateless public key
Liu et al. Efficient and anonymous authentication with succinct multi-subscription credential in SAGVN
Song et al. Improvement of key exchange protocol to prevent man-in-the-middle attack in the satellite environment
Baskaran et al. Blind key distribution mechanism to secure wireless metropolitan area network
Emura et al. Establishing secure and anonymous communication channel: KEM/DEM-based construction and its implementation
CN112019553B (en) Data sharing method based on IBE/IBBE
Wu et al. An Approach of Security Protection for VSAT Network
Zhang et al. Study on Secure Communication of Internet of Vehicles Based on Identity-Based Cryptograph
Ouaissa et al. Secure Hierarchical Infrastructure-Based Privacy Preservation Authentication Scheme in Vehicular Ad Hoc Networks
CN108768958A (en) It is not revealed based on third party and is tested the data integrity of information and the verification method in source
Obeidat et al. An authentication model based on cryptography

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant