CN113965342A - Trusted network connection system and method based on domestic platform - Google Patents

Trusted network connection system and method based on domestic platform Download PDF

Info

Publication number
CN113965342A
CN113965342A CN202111009698.XA CN202111009698A CN113965342A CN 113965342 A CN113965342 A CN 113965342A CN 202111009698 A CN202111009698 A CN 202111009698A CN 113965342 A CN113965342 A CN 113965342A
Authority
CN
China
Prior art keywords
trusted
network
trusted network
terminal
credible
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111009698.XA
Other languages
Chinese (zh)
Inventor
房强
盛郁
张文月
赵文宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Qisuo Precision Electromechanical Technology Co ltd
Original Assignee
Tianjin Qisuo Precision Electromechanical Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Qisuo Precision Electromechanical Technology Co ltd filed Critical Tianjin Qisuo Precision Electromechanical Technology Co ltd
Priority to CN202111009698.XA priority Critical patent/CN113965342A/en
Publication of CN113965342A publication Critical patent/CN113965342A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention relates to a trusted network connection system and a connection method based on a domestic platform, wherein the system comprises a naval vessel high-performance computing center, a network switch and trusted network terminals, and each trusted network terminal is connected with the naval vessel high-performance computing center through the network switch; the naval vessel high-performance computing center comprises a trusted network controller and a strategy server; the strategy manager is used for establishing and maintaining a measurement reference base and formulating a network access control strategy and a network connection auditing strategy, the trusted network controller receives the trusted state evidence reported by the trusted network terminal, forwards the trusted state evidence to the strategy manager, and forwards the trusted strategy issued by the strategy manager to the trusted network terminal. The invention monitors the running state and the communication state of the trusted network terminal in the trusted network through the trusted state certification mechanism, obtains the optimal balance among the trusted system state, the system performance occupation and the communication real-time performance, and provides support for realizing the analysis of the whole network security event and the perception of the security situation.

Description

Trusted network connection system and method based on domestic platform
Technical Field
The invention belongs to the technical field of computer security, relates to a network security defense system of a domestic platform, and particularly relates to a trusted network connection system and a trusted network connection method based on the domestic platform.
Background
The credible calculation is a technical method for solving the insecurity of the computer and the network structure and fundamentally improving the security. The credible calculation is a technical innovation from the aspects of logic correct verification, a calculation system structure, a calculation mode and the like, so that the problem that logic defects are not utilized by attackers is solved, an integrated body of contradiction between attack and defense is formed, the logic combination for completing the calculation task is ensured not to be tampered and damaged, and the correct calculation function is realized.
In a computing platform, a safe trust root is firstly created, then a trust chain from a hardware platform, an operating system to an application system is established, one-level measurement and authentication are carried out on the trust chain from the root, one-level trust is carried out, and therefore gradual extension of trust is achieved, and a safe and trusted computing environment is constructed. A trusted computing system is composed of a root of trust, a trusted hardware platform, a trusted operating system, and a trusted application.
(1) The trust root can be divided into three types, including a credible measurement root, a credible report root and a credible storage root. The credibility measurement root is responsible for integrity measurement; the credible report root is responsible for reporting the credible root; the trusted storage root is responsible for storing the trusted root. The trusted measurement root is a software module, the trusted report root is composed of a platform configuration register and a secret key of the trusted platform control module, and the trusted storage root is composed of a platform configuration register and a storage root secret key of the trusted platform control module.
Generally, in the process of building a trust chain, a trusted measurement root transfers information formed by integrity measurement to a trusted storage root, and the trusted storage root uses a platform configuration register of a trusted computing module to store a measurement extension value and uses a cryptographic service protection measurement log provided by a trusted platform control module.
The credible report root is mainly used for a remote certification process and provides platform credible state information for an entity, and the main content comprises platform configuration information, an audit log and an identity key.
(2) The main role of the trust chain is to extend the trust relationship to the whole network platform, which is based on the trust root. The trust chain may obtain various data affecting the trustworthiness of the platform through a trust measurement mechanism and determine the trustworthiness of the platform by comparing the data with expected data.
(3) The trusted platform control module is a trust root of a trusted computing platform, is an SOC chip, consists of a CPU, a memory, an I/O, a password coprocessor, a random number generator, an embedded operating system and other components, and provides functions of integrity measurement, safe storage, trusted report, password service and the like for trusted computing.
(4) The trusted support software is an operating system level security application and can call a trusted service interface provided by the trusted computing platform so as to provide trusted service for users.
In summary, how to add a terminal device without secure and trusted authentication into a local area network and implement an autonomous, controllable, secure and reliable defense system is a problem that needs to be solved urgently at present.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a trusted network connection system and a trusted network connection method based on a domestic platform, which add terminal equipment which is not subjected to safe trusted authentication into a local area network and realize an autonomous, controllable, safe and reliable defense system.
The invention solves the technical problems in the prior art by adopting the following technical scheme:
a trusted network connection system based on a domestic platform comprises a naval vessel high-performance computing center, network switches and trusted network terminals, wherein each trusted network terminal is connected with the naval vessel high-performance computing center through the network switches; the naval vessel high-performance computing center comprises a trusted network controller and a strategy server;
the policy manager: on one hand, a measurement reference library is established and maintained, the credibility of the current running state of the terminal is judged according to the credibility certification reported by a credible network terminal in the system and forwarded by a credible network controller, and an online terminal state list is established and maintained; on the other hand, according to the system security requirement, a network access control strategy and a network connection auditing strategy are formulated, and the credible strategies are both issued to a credible network terminal by a credible network controller for execution;
the trusted network controller: receiving a credible state credential reported by a credible network terminal, forwarding the credible state credential to a policy manager, and forwarding a credible policy issued by the policy manager to the credible network terminal;
the trusted network terminal: the network-connected equipment is internally provided with a trusted computing technology and has the functions of trusted state reporting, access control strategy receiving, data communication packaging and communication mandatory access control.
Moreover, the built-in firmware and the operating system of the trusted network terminal are safe, the measures adopted are measurement and verification of system software, the measurement and verification of the trust of the trusted network terminal are supported by trusted hardware, the trusted hardware is used as a trusted root, and the step-by-step trusted chain transmission is realized by realizing the most basic security function in the hardware.
Moreover, the trusted network terminal internally applies software registered in a policy manager white list, and the protection of the white list application is realized through static measurement and verification and dynamic measurement and verification.
A connecting method of a trusted network connecting system based on a domestic platform comprises the following steps:
step 1, system initialization: the strategy manager deploys the public key certificate to all the terminals and the trusted network controller, collects the running state expectation of the trusted network terminal, and reports the running state expectation together with the ID of the trusted network terminal and the public key certificate of the trusted network terminal to the strategy manager;
step 2, the trusted network terminal verifies the identity of the policy manager by using the public key certificate of the policy manager every time the trusted network terminal logs in the network;
step 3, performing platform identity bidirectional authentication between the trusted network terminal and the trusted network controller by taking the policy manager as a trusted third party;
step 4, the trusted network terminal collects the trusted credential of the current running state, signs and then sends the credential to the trusted network controller;
step 5, the trusted network controller forwards the trusted credentials reported by the trusted network terminal to the policy manager, the policy manager judges the credibility of the corresponding terminal, maintains a legal terminal list and an illegal terminal list according to the judgment result, and issues the updated list information, the network access control policy and the network connection audit policy to the trusted network controller;
step 6, the trusted network controller forwards the updated trusted policy to all on-line trusted network terminals;
and 7, returning to the step 2 and repeatedly executing according to the configured period.
And the running state credible credential comprises PCR values recorded by the credible password module, a current running process list, a current active driving list, a current system hardware list and system dynamic measurement related data.
The invention has the advantages and positive effects that:
1. the invention establishes a set of trusted network connection system by deploying the policy manager, the policy controller and the trusted network terminal in the network and taking the advanced trusted computing technology as the basis, ensures that the network can stably provide services according to expectation, provides an autonomous, controllable, safe and reliable defense system for data communication and safety decision, solves the problems that terminal equipment without safe and trusted authentication is difficult to join in a local area network and cannot carry out data communication, and can be widely applied to the field of network security defense of domestic platforms.
2. The invention monitors the running state and the communication state of all trusted network terminals in the trusted network through a trusted state certification mechanism on the basis of the existing trusted software base and trusted communication module support, obtains the optimal balance among the trusted system state, the system performance occupation and the communication real-time property through releasing and maintaining a network trusted network terminal list based on trusted network connection, and provides support for realizing the security event analysis and the security situation perception of the whole network.
Drawings
FIG. 1 is a topology diagram of a trusted network connection system based on a domestic platform according to the present invention;
fig. 2 is a schematic diagram of a connection relationship between a trusted network controller, a policy controller and a trusted network terminal according to the present invention;
FIG. 3 is a schematic diagram of communication between trusted network terminals according to the present invention;
fig. 4 is a flowchart of the trusted network connection method based on the domestic platform of the present invention.
Detailed Description
The embodiments of the present invention will be described in detail with reference to the accompanying drawings.
In order to construct a trusted network connection system, the present invention divides the existing network into a trusted network domain and an untrusted network domain, as shown in fig. 1. The trusted network performs measurement verification on each link in the trust chain from hardware starting, guiding of an operating system to an upper layer application, grouping to the trust chain of the whole network, so as to realize integrity verification of an executable program in the running process of the system and prevent attacks such as malicious codes. By verifying user access behaviors, network access and the like, only legal behaviors can be operated, various illegal starting and injection are prevented in an active defense mode, and various malicious accesses and attack and damage of malicious software are prevented from the source.
The invention adopts a ternary three-layer peer-to-peer trusted connection architecture to carry out triple control and authentication among an access requester, an access controller and a strategy arbiter; the security and manageability of the architecture are improved through centralized control and management of the server; unified policy management is realized for the access requester and the access controller, and the integral credibility of the system is improved.
Based on the above description, the present invention provides a trusted network connection system based on a domestic platform, as shown in fig. 1 to 4, including a naval vessel high performance computing center, a network switch, and trusted network terminals, where each trusted network terminal is connected with the naval vessel high performance computing center through the network switch. The naval vessel high-performance computing center comprises a trusted network controller, a policy server and other functional servers (such as a management server and an analysis server). The following describes each part of the system:
on one hand, the strategy manager establishes and maintains a measurement reference library, judges the credibility of the current running state of the terminal according to the credibility certification reported by a credible network terminal in the system and forwarded by a credible network controller, and establishes and maintains a network terminal state list; on the other hand, according to different system security requirements, a network access control strategy and a network connection auditing strategy are formulated. The trusted strategies are delivered to the trusted network terminal by the trusted network controller to be executed.
The trusted network controller is realized by software or special industrial control equipment, receives trusted state credentials reported by the trusted network terminal through a trusted network connection process, and forwards the trusted state credentials to the policy manager; and the credible strategy issued by the strategy manager is forwarded to the credible network terminal.
The trusted network terminal: any networking equipment such as a PC, a PAD, a server, a notebook computer, a mobile phone, an all-in-one machine, an industrial control device and the like which is deployed with a trusted computing technology and has the functions of trusted state reporting, access control strategy receiving, data communication packaging and communication mandatory access control.
In the system, the communication principle of the trusted network terminal is shown in fig. 3, a terminal a serves as an initiator of network connection, a terminal B serves as a receiver of connection, the interaction process is A, B, and network communication can be initiated and responded only after trusted state authentication is completed under the trusted state management of a naval vessel high-performance computing center. Both sides of the network communication report the credible state reports of the two sides to the high-performance computing center of the naval vessel regularly, and simultaneously download the credible states of other computing nodes in the system. When the two parties establish connection, the credible state of the other party is inquired, if the credible state accords with the strategy, communication is allowed, otherwise, connection is forbidden. In the process of establishing the trusted connection, the submission of the trusted status report needs to sign the TPCM of the computing node, and the management center checks the sign of the report after receiving the report. The cryptographic module in the hardware TPCM realizes the unique identification of the platform identity, realizes the report and the identity which can not be tampered, and realizes the bidirectional identity authentication.
Each terminal in the trusted network firstly ensures that the running system software, such as firmware and an operating system, are safe, and ensures that the system of the terminal is not tampered, namely, the running environment is kept to be the required running environment. To achieve this goal, the main adopted means is measurement and verification of system software, and the trust of measurement and verification itself is supported by trusted hardware. The trusted hardware is used as a trusted root, and the most basic security functions such as secret key storage and security algorithm are realized inside the hardware to realize the step-by-step trusted chain transmission from bottom to top.
The trusted network terminal can only apply the software registered in the policy manager white list, and the protection of the white list application is realized by static measurement and verification and dynamic measurement and verification. Static metrics and verifications sign applications published by their application developers before they are launched, or check benchmark values provided by trusted services. Dynamic measurement and verification are implemented by applying a behavior white list. The application behavior that is measured and verified is system call behavior, including process launch, process invocation, network access, file access, and the like. The system call is a core execution action of the application, and an application which is attacked and is not trusted any more must be realized through the system call when the application is executed to realize an attacker target, that is, the application abnormity can be effectively discovered through monitoring the system call, namely, the application is not trusted any more. The specific way for realizing credible application is to firstly collect normal behaviors of a user through analysis of white list application, establish a behavior rule base according to the normal behaviors, and then judge the application behavior rule base according to application behavior data collected in real time. If the application behavior can not match any rule, the behavior can be judged to be abnormal, and whether to alarm or terminate the application operation is determined according to the strategy.
In the system, the trusted network connection separates the service communication (hereinafter referred to as data flow) and the management communication (hereinafter referred to as control flow) between the terminals, and the online terminal state list is generated and maintained through the control flow, so that the complete trusted network connection verification is not needed in the communication process of establishing the data flow, and whether the communication can be carried out or not is judged only through the terminal state list, thereby obtaining the optimal balance between the real-time performance and the safety performance of the system. In specific implementation, application data transmission in the system is encapsulated through a tunnel capable of realizing reliable source identification, so that the data source can be identified and verified; a trusted access measurement verification process is periodically executed among the trusted network terminal, the network controller and the policy manager so as to establish and maintain a legal terminal list and an illegal terminal list in the system; the credibility of the other party is judged according to the terminal state list between the terminals which carry out communication, and forced access control or audit is carried out on the communication behavior.
Based on the trusted network connection system, the invention also provides a trusted network connection method based on a domestic platform, which comprises the following steps:
step 1, system initialization: the strategy manager deploys the public key certificate to all the terminals and the trusted network controller, collects the running state expectation of the trusted network terminal, and reports the running state expectation together with the ID of the trusted network terminal and the public key certificate of the trusted network terminal to the strategy manager.
And 2, verifying the identity of the policy manager by using the public key certificate of the policy manager when the trusted network terminal logs in the network every time.
And 3, performing platform identity bidirectional authentication between the trusted network terminal and the trusted network controller by taking the policy manager as a trusted third party.
And 4, the trusted network terminal collects the trusted certificate of the current running state, signs and then sends the trusted certificate to the trusted network controller (the certificate can include, but is not limited to, a PCR value recorded by the trusted cryptography module, a current running process list, a current activity driving list, a current system hardware list, system dynamic measurement related data and the like).
And step 5, the trusted network controller forwards the trusted credentials reported by the trusted network terminal to the policy manager, the policy manager judges the credibility of the corresponding terminal, maintains a legal terminal list and an illegal terminal list according to the judgment result, and issues updated list information, network access control policies, network connection audit policies and other trusted policies to the trusted network controller.
And 6, the trusted network controller forwards the updated trusted strategy to all the on-line trusted network terminals.
And 7, returning to the step 2 and repeatedly executing according to the configured period.
It should be emphasized that the embodiments described herein are illustrative rather than restrictive, and thus the present invention is not limited to the embodiments described in the detailed description, but also includes other embodiments that can be derived from the technical solutions of the present invention by those skilled in the art.

Claims (5)

1. A trusted network connection system based on a domestic platform is characterized in that: the system comprises a naval vessel high-performance computing center, a network switch and trusted network terminals, wherein each trusted network terminal is connected with the naval vessel high-performance computing center through the network switch; the naval vessel high-performance computing center comprises a trusted network controller and a strategy server;
the policy manager: on one hand, a measurement reference library is established and maintained, the credibility of the current running state of the terminal is judged according to the credibility certification reported by a credible network terminal in the system and forwarded by a credible network controller, and an online terminal state list is established and maintained; on the other hand, according to the system security requirement, a network access control strategy and a network connection auditing strategy are formulated, and the credible strategies are both issued to a credible network terminal by a credible network controller for execution;
the trusted network controller: receiving a credible state credential reported by a credible network terminal, forwarding the credible state credential to a policy manager, and forwarding a credible policy issued by the policy manager to the credible network terminal;
the trusted network terminal: the network-connected equipment is internally provided with a trusted computing technology and has the functions of trusted state reporting, access control strategy receiving, data communication packaging and communication mandatory access control.
2. The trusted network connection system based on the domestic platform according to claim 1, wherein: the built-in firmware and the operating system of the trusted network terminal are safe, the measure adopted by the trusted network terminal is measurement and verification of system software, the measurement and the verification of the trust of the trusted network terminal are supported by trusted hardware, the trusted hardware is used as a trusted root, and the step-by-step trusted chain transmission is realized by realizing the most basic security function in the hardware.
3. The trusted network connection system based on the domestic platform according to claim 1, wherein: the trusted network terminal internally applies software registered in a policy manager white list, and the protection of the white list application is realized through static measurement and verification and dynamic measurement and verification.
4. A connection method of the trusted network connection system based on the domestic platform according to any one of claims 1 to 3, characterized in that: the method comprises the following steps:
step 1, system initialization: the strategy manager deploys the public key certificate to all the terminals and the trusted network controller, collects the running state expectation of the trusted network terminal, and reports the running state expectation together with the ID of the trusted network terminal and the public key certificate of the trusted network terminal to the strategy manager;
step 2, the trusted network terminal verifies the identity of the policy manager by using the public key certificate of the policy manager every time the trusted network terminal logs in the network;
step 3, performing platform identity bidirectional authentication between the trusted network terminal and the trusted network controller by taking the policy manager as a trusted third party;
step 4, the trusted network terminal collects the trusted credential of the current running state, signs and then sends the credential to the trusted network controller;
step 5, the trusted network controller forwards the trusted credentials reported by the trusted network terminal to the policy manager, the policy manager judges the credibility of the corresponding terminal, maintains a legal terminal list and an illegal terminal list according to the judgment result, and issues the updated list information, the network access control policy and the network connection audit policy to the trusted network controller;
step 6, the trusted network controller forwards the updated trusted policy to all on-line trusted network terminals;
and 7, returning to the step 2 and repeatedly executing according to the configured period.
5. The connection method of the trusted network connection system based on the domestic platform according to claim 4, wherein: the running state credible credential comprises a PCR value, a current running process list, a current activity driving list, a current system hardware list and system dynamic measurement related data recorded by the credible password module.
CN202111009698.XA 2021-08-31 2021-08-31 Trusted network connection system and method based on domestic platform Pending CN113965342A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111009698.XA CN113965342A (en) 2021-08-31 2021-08-31 Trusted network connection system and method based on domestic platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111009698.XA CN113965342A (en) 2021-08-31 2021-08-31 Trusted network connection system and method based on domestic platform

Publications (1)

Publication Number Publication Date
CN113965342A true CN113965342A (en) 2022-01-21

Family

ID=79460624

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111009698.XA Pending CN113965342A (en) 2021-08-31 2021-08-31 Trusted network connection system and method based on domestic platform

Country Status (1)

Country Link
CN (1) CN113965342A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710319A (en) * 2022-03-04 2022-07-05 可信计算科技(无锡)有限公司 Arbitration judgment method and system based on trusted computing

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106027518A (en) * 2016-05-19 2016-10-12 中国人民解放军装备学院 Trusted network connection method based on quasi real-time state feedback
US20170257365A1 (en) * 2013-12-27 2017-09-07 Trapezoid, Inc. System and method for hardware-based trust control management

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170257365A1 (en) * 2013-12-27 2017-09-07 Trapezoid, Inc. System and method for hardware-based trust control management
CN106027518A (en) * 2016-05-19 2016-10-12 中国人民解放军装备学院 Trusted network connection method based on quasi real-time state feedback

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李晖等: "《无线通信安全理论与技术》", 30 September 2011 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114710319A (en) * 2022-03-04 2022-07-05 可信计算科技(无锡)有限公司 Arbitration judgment method and system based on trusted computing
CN114710319B (en) * 2022-03-04 2024-04-12 可信计算科技(无锡)有限公司 Decision judging method and system based on trusted computing

Similar Documents

Publication Publication Date Title
CN103747036B (en) Trusted security enhancement method in desktop virtualization environment
US8909930B2 (en) External reference monitor
KR101318524B1 (en) System and method for providing secure virtual machines
US8219496B2 (en) Method of and apparatus for ascertaining the status of a data processing environment
WO2015108580A1 (en) Verifying the security of a remote server
WO2010020187A1 (en) A trusted network management method of trusted network connections based on tri-element peer authentication
CN110768791A (en) Zero-knowledge proof data interaction method, node and equipment
Koutroumpouchos et al. Secure edge computing with lightweight control-flow property-based attestation
Xu et al. A policy enforcing mechanism for trusted ad hoc networks
Kreutz et al. ANCHOR: Logically centralized security for software-defined networks
CN113726726B (en) Electric power Internet of things credible immune system based on edge calculation and measurement method
Akram et al. An efficient, secure and trusted channel protocol for avionics wireless networks
CN110401640A (en) A kind of credible connection method based on trust computing binary system structure
CN112733129A (en) Trusted access method for out-of-band management of server
Mohan et al. Special session: The future of IoT security
CN118300814A (en) Cross-platform login method and system
Ge et al. Gazeta: Game-theoretic zero-trust authentication for defense against lateral movement in 5g iot networks
CN112035844B (en) Acquisition system, method and computer equipment for terminal trust state
CN113965342A (en) Trusted network connection system and method based on domestic platform
Salvakkam et al. MESSB–LWE: multi-extractable somewhere statistically binding and learning with error-based integrity and authentication for cloud storage
CN111245600B (en) Authentication method and system based on block chain technology
Wu et al. The mobile agent security enhanced by trusted computing technology
Hein et al. An autonomous attestation token to secure mobile agents in disaster response
Cheng et al. Per-user network access control kernel module with secure multifactor authentication
Mohan et al. The future of iot security: special session

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20220121