CN117220987A - Cross-domain access method based on trusted boundary and trusted security management system - Google Patents

Abstract

The invention discloses a cross-domain access method based on a trusted boundary and a trusted security management system, which are applied to a trusted security management center, wherein the method comprises the following steps: and receiving a node access request, inquiring whether the two nodes are located in the same trusted network, confirming that the request type of the node access request is a cross-domain access request under the condition that the inquiring result indicates that the two nodes are not located in the same trusted network, searching a trusted boundary node between an access terminal node and a target terminal node and a corresponding node management policy, respectively establishing a first trusted connection and a second trusted connection based on the node management policy, carrying out network security check on the first trusted connection and the second trusted connection, and transmitting the node access request to the target terminal node through the trusted boundary node according to the checking result and the node access policy. The invention solves the technical problem that the lack of safety isolation among the terminal nodes in the platform in the related technology easily causes information leakage of the target object.

Description

Cross-domain access method based on trusted boundary and trusted security management system

Technical Field

The invention relates to the technical field of trusted security management, in particular to a cross-domain access method based on a trusted boundary and a trusted security management system.

Background

With the rapid development of information technology, network resources are continuously enriched, the platform manages the terminal, and the authentication of the computing terminal exposes the defect of the terminal. With the continuous enhancement of hardware resources and functions of a computing terminal, the existing protection scheme cannot meet the security requirement of a new network of the next generation. In the prior art, the authentication schemes of the computing terminals have the following problems:

(1) There is a lack of monitoring of the security status of the computing terminal. If the operating system, software, hardware or firmware of the terminal is infected with viruses or has been tampered with maliciously, users often input sensitive information or illegally access controlled resources without knowledge, so that information leakage is caused.

(2) There is a lack of authentication management for computing terminals. Because there is no reliable safety management and authentication between terminals, between terminals and platforms, between platforms and inside the platform, information is transmitted in the above environment, legal information is easily transmitted to illegal terminals, and potential safety hazard is caused.

(3) Lack of security isolation and access control policies between platforms. Sensitive information is easy to be overheard or stolen by other programs in the processing process; and under the condition of one machine for multiple users, different users cannot be granted with different access rights, and confidentiality of user privacy is difficult to ensure.

In view of the above problems, no effective solution has been proposed at present.

Disclosure of Invention

The embodiment of the invention provides a cross-domain access method based on a trusted boundary and a trusted security management system, which at least solve the technical problem that the lack of security isolation among terminal nodes in a platform in the related technology is easy to cause information leakage of a target object.

According to an aspect of the embodiment of the present invention, there is provided a trusted boundary-based cross-domain access method applied to a trusted security management center in a trusted computing architecture, where the trusted computing architecture includes: the trusted security management center and N trusted networks, at least one trusted terminal node is deployed in each trusted network, each trusted network is isolated by a trusted boundary node, the trusted terminal node and the trusted boundary node take an embedded TPCM module as a trusted root, the TPCM module carries out trusted measurement, the trusted security management center manages all the trusted networks and the trusted boundaries, N is a positive integer greater than 1, and the cross-domain access method comprises the following steps: receiving a node access request, wherein the node access request carries: a first node identifier of the access terminal node, a second node identifier of the accessed target terminal node and an access requirement; inquiring whether the access terminal node indicated by the first node identifier and the target terminal node indicated by the second node identifier are located in the same trusted network or not to obtain an inquiry result; under the condition that the query result indicates that the two nodes are not in the same trusted network, confirming that the request type of the node access request is a cross-domain access request, and searching a trusted boundary node between the access terminal node and the target terminal node and a corresponding node management strategy; based on the node management policy, respectively establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node, wherein the first trusted connection and the second trusted connection are peer-to-peer; and carrying out network security verification on the first trusted connection and the second trusted connection, and transmitting the node access request to the target terminal node through the trusted boundary node according to a verification result and a node access strategy.

Optionally, the step of performing network security check on the first trusted connection and the second trusted connection includes: collecting network behavior characteristic values of the first trusted connection and the second trusted connection; evaluating the network behavior security attribute of the first trusted connection and the second trusted connection based on the network behavior characteristic value to obtain a network behavior evaluation level; and determining a verification result of network security verification based on the network behavior evaluation level.

Optionally, the step of establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node, respectively, comprises: receiving verification requests initiated by all the trusted nodes in the trusted node set, wherein the trusted nodes in the trusted node set are one of the following: the access terminal node, the trusted boundary node and the target terminal node; generating a random number in a trusted environment in response to the authentication request, and transmitting the random number to the trusted node; receiving an integrity report transmitted by the trusted node, wherein the integrity report is generated after the trusted node signs the random number, the node security value and the platform configuration register PCR value based on a private key; performing trusted policy verification on the node security value and the platform configuration register PCR value in the integrity report; and if the verification is passed, confirming that the integrity measurement of the trusted node is passed, and establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node.

Optionally, after searching for the trusted boundary node between the access terminal node and the target terminal node and the corresponding node management policy, the method further includes: receiving an identity certificate and an access certificate of the access terminal node, and receiving an identity certificate of the trusted boundary node; performing certificate verification on the identity certificate of the access terminal node and the identity certificate of the access certificate and the identity certificate of the trusted boundary node; and based on a certificate verification result, confirming whether the access terminal node and the trusted boundary node have a trusted condition for establishing trusted connection.

Optionally, the step of transmitting the node access request to the target terminal node through the trusted boundary node includes: transmitting the node access request to the trusted boundary node, analyzing the node access request by the trusted boundary node, and transmitting the analyzed information to a boundary judging service module, wherein the boundary judging service module confirms whether the access terminal node has a trusted report or not and confirms whether the node state of the access terminal node is trusted or not; the trusted boundary node terminates the network connection with the access terminal node under the condition that the access terminal node has no trusted report or the node state of the access terminal node is not trusted; the trusted boundary node verifies whether the access terminal node has an access certificate or not under the condition that the access terminal node has the trusted report and the node state of the access terminal node is trusted; under the condition that the access terminal node does not have the access certificate, the trusted boundary node sends the node access request to the trusted security management center or the certification platform, and the trusted security management center or the certification platform performs auditing; and the trusted boundary node transmits the node access request to the target terminal node under the condition that the access terminal node has the access certificate.

Optionally, before receiving the node access request, the method further includes: receiving a platform authentication request initiated by the access terminal node, wherein the platform authentication request is used for authenticating the secure communication between the trusted boundary node and the docking platform of the trusted terminal node; and responding to the platform authentication request, and executing at least one round of platform authentication protocol on the trusted network and the trusted boundary to which the access terminal node belongs to obtain a platform authentication result.

According to another aspect of the embodiment of the present invention, there is also provided a trusted security management system based on a trusted boundary, including: a network component of a trusted terminal node, comprising: the system comprises N trusted networks, wherein at least one trusted terminal node is deployed in each trusted network, the trusted terminal node takes an embedded TPCM module as a trusted root, and the TPCM module performs trusted measurement on the trusted terminal node; a trusted regional gateway of the trusted boundary node isolates each trusted network; and the trusted security management center boundary policy management component is used for executing the cross-domain access method based on the trusted boundary by the trusted security management center.

Optionally, the network component of the trusted terminal node includes: the trusted root is used for carrying out trusted measurement on the trusted terminal node, establishing a trusted trust chain and generating a trusted report; the first trusted network module comprises a first network controller, a trusted network connection client, a first integrity measurement acquisition module and a network behavior acquisition module, wherein the first network controller is responsible for initiating a boundary-crossing access request to the trusted boundary node, and executing a user identity authentication protocol with a second network controller of the trusted boundary node and an authentication policy service module of the trusted security management center to realize bidirectional identity authentication between the trusted terminal node and the trusted boundary node; the trusted network connection client module requests and receives the component measurement values from each integrity measurement acquisition module through a protocol interface, and executes a platform authentication protocol to realize bidirectional platform authentication between the trusted terminal node and the trusted boundary node; the first integrity measurement acquisition module collects integrity measurement values of components in the trusted terminal node to finish platform integrity authentication; the network behavior acquisition module is used for collecting the network security behaviors of the trusted terminal node and providing sampling data for the network behavior assessment service of the trusted security management center.

Optionally, the trusted regional gateway of the trusted border node includes: the boundary attack detection module, the boundary protocol filtering module and the boundary access auditing module are used for realizing the security check of the trusted boundary node; the second trusted network module corresponds to the first trusted network module of the trusted terminal node and comprises a second network controller, a trusted network connection access point, a second integrity measurement acquisition module and a network behavior management module, wherein the second network controller is responsible for starting a user identity authentication protocol, executing the user identity authentication protocol with the first network controller of the trusted terminal node and an authentication policy service module of the trusted security management center to realize bidirectional identity authentication between the trusted terminal node and the trusted boundary node, and sending a platform authentication request to the access point of the trusted network; the trusted network connection access point requests and receives component measurement values through each integrity measurement acquisition module of a protocol interface gateway, and executes a platform authentication protocol with a trusted network client module of the trusted terminal node and an evaluation strategy service module of the trusted security management center to realize bidirectional platform authentication between the trusted terminal node and a trusted regional gateway of the trusted boundary node; the second integrity measurement acquisition module collects the integrity measurement values of all components in the trusted boundary node to finish platform integrity authentication; the network behavior management module is used for collecting network security behaviors of the trusted boundary node.

Optionally, the trusted security management center boundary policy management component includes: the integrity measurement verification module is used for verifying the received integrity measurement values of various components in the trusted terminal node and the trusted boundary node and generating a component integrity evaluation result according to a preset evaluation strategy; the evaluation policy service module executes a platform authentication protocol to realize bidirectional platform authentication between the trusted terminal node and the trusted boundary node, wherein in the platform authentication protocol, the evaluation policy service verifies the validity of platform identity key PIK certificates of the trusted terminal node and the trusted boundary node; the authentication policy service module executes a user identity authentication protocol to realize bidirectional user identity authentication between the trusted terminal node and the trusted boundary node; and the network behavior evaluation module evaluates the security attribute of the network behavior and classifies the risk of the network behavior of each trusted node.

According to another aspect of the embodiment of the present invention, there is further provided a computer readable storage medium, where the computer readable storage medium includes a stored computer program, where when the computer program runs, the device where the computer readable storage medium is controlled to execute the trusted boundary-based cross-domain access method according to any one of the above.

In the disclosure, the access authentication of the trusted boundary based on multiple factor collection is realized, and the access control mechanism of the trusted boundary in the embodiment firstly receives a node access request, wherein the node access request carries: a first node identifier of the access terminal node, a second node identifier of the accessed target terminal node and an access requirement; inquiring whether the access terminal node indicated by the first node identifier and the target terminal node indicated by the second node identifier are located in the same trusted network or not to obtain an inquiry result; under the condition that the query result indicates that the two nodes are not in the same trusted network, confirming that the request type of the node access request is a cross-domain access request, and searching a trusted boundary node between the access terminal node and the target terminal node and a corresponding node management strategy; based on a node management policy, respectively establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node, wherein the first trusted connection and the second trusted connection are peer-to-peer; and carrying out network security check on the first trusted connection and the second trusted connection, and transmitting a node access request to a target terminal node through the trusted boundary node according to a check result and a node access strategy.

The cross-domain access is performed through the trusted boundary, the mechanism of multiple message transmission and authentication is adopted by an online trusted third party, so that the two-way identity authentication between two communication entity nodes is realized, meanwhile, the cross-domain access of the trusted terminal nodes crossing the trusted boundary is realized, and the safety of information transmission between the terminal nodes is improved, thereby solving the technical problem that the lack of safety isolation between the terminal nodes in a platform in the related technology easily causes information leakage of a target object.

In the present disclosure, based on the two-way authentication of the ternary peer entity authentication trusted network connection architecture, in the trusted boundary architecture, both the trusted terminal node and the trusted boundary node use an embedded TPCM module as a trust root, and an elliptic curve algorithm and a symmetric encryption algorithm module are integrated in the TPCM. The two parties carry out bidirectional identity authentication, platform authentication and authentication of other methods under the policy management of the trusted security management center, and after the two parties pass the authentication, the trusted connection and the cross-domain network access can be established.

Drawings

The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:

FIG. 1 is a schematic diagram of an alternative trusted computing architecture according to an embodiment of the present invention;

FIG. 2 is a flow chart of an alternative trusted boundary based cross-domain access method according to an embodiment of the present invention;

FIG. 3 is a flow chart of verification of integrity metrics by an alternative trusted end node and trusted edge node in establishing a network connection in accordance with an embodiment of the present invention;

FIG. 4 is a flow chart of a trusted end node establishing cross-domain access with a trusted edge node in accordance with an embodiment of the present invention;

FIG. 5 is a schematic diagram of an alternative trusted boundary-based trusted security management architecture in accordance with an embodiment of the present invention;

FIG. 6 is a flow chart of an alternative trusted boundary access control according to an embodiment of the present invention.

Detailed Description

In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.

It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

To facilitate an understanding of the invention by those skilled in the art, some terms or nouns involved in the various embodiments of the invention are explained below:

the digital certificate is used for identity authentication during information interaction or resource access rights, and the mutual trust problem can be solved by the identity authentication. The digital certificate is a file digitally signed by the certificate authority that contains public key owner information and a public key. Digital certificates are classified into encryption certificates and signature certificates.

And carrying out digital signature, namely generating summary information by carrying out hash function operation on a piece of information, applying an asymmetric encryption algorithm, encrypting (or signing) the summary information by using a private key of a signature requester to obtain signature information, and adding the signature information and a digital certificate into the information together for a data receiver to check.

CA, certificate Authority, the certificate issuer, is responsible for issuing digital certificates, typically trusted third parties that are approved by both parties.

TPCM, trusted Platform Configuration Measurement, refers to trusted platform configuration measurements by which it can be detected whether the hardware and software configuration of a computer system matches predefined security policies and configuration requirements.

It should be noted that, the method and the device for cross-domain access based on trusted boundary in the present disclosure may be used in the information security technical field under the condition of implementing cross-domain access between multiple terminal nodes, and may also be used in any field other than the information security technical field under the condition of implementing cross-domain access between multiple terminal nodes, and the application fields of the method and the device for generating digital signature in the present disclosure are not limited.

It should be noted that, related information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present disclosure are information and data authorized by a user or sufficiently authorized by each party, and the collection, use and processing of related data need to comply with laws and regulations and standards of related areas, and are provided with corresponding operation entries for the user to select authorization or rejection. For example, an interface is provided between the system and the relevant user or institution, before acquiring the relevant information, the system needs to send an acquisition request to the user or institution through the interface, and acquire the relevant information after receiving the consent information fed back by the user or institution.

The invention embeds the trusted cryptography module (taking TPCM as the trusted root) on the trusted terminal node according to the requirements of the trusted computing active immune protection system, establishes the protection component of the trusted computing, and improves the security of the user terminal node by utilizing the secure storage technology in the trusted root. The invention carries out cross-domain access through a trusted boundary, adopts a controllable ternary equivalent authentication method, and adopts a mechanism of multiple message transmission and online trusted third party to realize bidirectional identity authentication between two communication entities. In a trusted boundary system architecture, the invention completes the trusted verification of the bidirectional platform between the trusted terminal node and the trusted boundary; the trusted terminal node can cross the trusted boundary to access in a cross-domain manner through various authentication factors.

In accordance with an embodiment of the present invention, there is provided a trusted boundary based cross-domain access method embodiment, it should be noted that the steps illustrated in the flowchart of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.

The embodiment of the invention provides a cross-domain access method based on a trusted boundary, which is applied to a trusted security management center in a trusted computing architecture, and fig. 1 is a schematic diagram of an alternative trusted computing architecture according to the embodiment of the invention, as shown in fig. 1, wherein the trusted computing architecture comprises:

the trusted security management center manages all trusted networks and trusted boundaries through policy management;

and N trusted networks (trusted network a and trusted network b are illustrated in fig. 1), each of which is deployed with at least one trusted terminal node (illustrated in fig. 1 by a trusted node, such as trusted node a1.. Trusted node an; trusted node b1.. Trusted node bn), isolated by a trusted border node, the trusted terminal node and the trusted border node taking an embedded TPCM module as a trusted root, and trusted metrics being performed by the TPCM module;

the trusted boundary isolates the trusted networks and simultaneously isolates each trusted terminal node, and as shown in fig. 1, the trusted boundary d isolates the two trusted networks, and information transmission between the two trusted networks is realized through trusted transmission.

FIG. 2 is a flow chart of an alternative trusted boundary based cross-domain access method according to an embodiment of the present invention, as shown in FIG. 2, comprising the steps of:

Step S201, a node access request is received, where the node access request carries: a first node identifier of the access terminal node, a second node identifier of the accessed target terminal node and an access requirement;

step S202, inquiring whether an access terminal node indicated by a first node identifier and a target terminal node indicated by a second node identifier are located in the same trusted network, and obtaining an inquiring result;

step S203, when the query result indicates that the two nodes are not in the same trusted network, confirming that the request type of the node access request is a cross-domain access request, and searching a trusted boundary node between the access terminal node and the target terminal node and a corresponding node management strategy;

step S204, based on a node management strategy, respectively establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node, wherein the first trusted connection and the second trusted connection are peer-to-peer;

step S205, network security verification is carried out on the first trusted connection and the second trusted connection, and the node access request is transmitted to the target terminal node through the trusted boundary node according to the verification result and the node access strategy.

Through the steps, the node access request can be received first, and the node access request carries: a first node identifier of the access terminal node, a second node identifier of the accessed target terminal node and an access requirement; inquiring whether the access terminal node indicated by the first node identifier and the target terminal node indicated by the second node identifier are located in the same trusted network or not to obtain an inquiry result; under the condition that the query result indicates that the two nodes are not in the same trusted network, confirming that the request type of the node access request is a cross-domain access request, and searching a trusted boundary node between the access terminal node and the target terminal node and a corresponding node management strategy; based on a node management policy, respectively establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node, wherein the first trusted connection and the second trusted connection are peer-to-peer; and carrying out network security check on the first trusted connection and the second trusted connection, and transmitting a node access request to a target terminal node through the trusted boundary node according to a check result and a node access strategy. In the embodiment, the cross-domain access is performed through the trusted boundary, a mechanism of multiple message transmission and online trusted third parties is adopted to realize the two-way identity authentication between two communication entity nodes, and meanwhile, the cross-domain access of the trusted terminal nodes is realized through crossing the trusted boundary, so that the safety of information transmission between the terminal nodes is improved, and the technical problems that the safety isolation between the terminal nodes in a platform is lacked and the information leakage of a target object is easily caused in the related art are solved.

As shown in fig. 1, in the trusted computing architecture, an access terminal node in a trusted network a needs to cross-domain access to a target terminal node in a trusted network b, and first, a trusted network connection is established between a node in the trusted network a and a trusted boundary node d under policy management of a trusted security management center; similarly, under the policy management of the trusted security management center, the trusted boundary d establishes a trusted connection with a node in the trusted network b; at this time, the trusted boundary is simultaneously connected with the network nodes at two sides; and finally, the trusted node a and the trusted node b establish the trusted network connection under the policy management of the trusted security center, thereby realizing cross-domain access between the trusted nodes.

In this embodiment, in the trusted boundary architecture, both the trusted terminal node and the trusted boundary node adopt a security architecture of a trusted computing organization: the embedded TPCM module is used as a trusted root/trusted root, and an elliptic curve algorithm and a symmetrical encryption algorithm module are integrated in the TPCM. The Trusted Connection Architecture (TCA) is a trusted network connection architecture, and is mainly characterized by adopting a three-layer, peer-to-peer and centralized management structure, wherein in the embodiment, the peer-to-peer establishment of trusted connection between a trusted terminal node and a trusted border node is peer-to-peer, that is, two parties can establish trusted connection and cross-domain network access after passing authentication through two parties perform bidirectional identity authentication, platform authentication and authentication by policy management of a trusted security management center.

Optionally, in step S205, when performing network security check on the first trusted connection and the second trusted connection, the method includes: collecting network behavior characteristic values of the first trusted connection and the second trusted connection; evaluating the network behavior security attribute of the first trusted connection and the second trusted connection based on the network behavior characteristic value to obtain a network behavior evaluation level; and determining a verification result of the network security verification based on the network behavior evaluation level.

According to the embodiment, the network behavior dynamic analysis and evaluation method is adopted, the influence of network behavior factors is fully considered, the network behavior characteristic value is extracted and quantified, the network behavior evaluation component evaluates the security attribute of the network behavior to generate a verification result (namely, the network behavior evaluation grade is obtained), the trusted terminal is rapidly accessed and controlled according to the verification result and in combination with other related access strategies, and the cross-domain access efficiency of the trusted terminal is improved. Only network behavior terminals meeting the security policy are possible to be allowed to execute cross-domain access, network behaviors which do not accord with the security policy are blocked, and the security of the trusted terminal node and the trusted boundary network is protected.

Evaluating network behaviors, namely firstly, acquiring data and providing objective materials for evaluation; and then, cleaning and arranging the acquired data to become normalized data, then analyzing the network behavior of the real-time sampling data of the network through a trained model, and finally, evaluating the security level of the network behavior of the user to obtain a verification result of network security verification.

The network behavior evaluation in this embodiment can be classified into five classes: high security, safer, generally safe, unsafe and extremely unsafe.

Optionally, the step of establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node, respectively, comprises: receiving verification requests initiated by all the trusted nodes in the trusted node set, wherein the trusted nodes in the trusted node set are one of the following: an access terminal node, a trusted boundary node and a target terminal node; generating a random number in the trusted environment in response to the authentication request, and transmitting the random number to the trusted node; receiving an integrity report transmitted by a trusted node, wherein the integrity report is generated by the trusted node after signing a random number, a node security value and a platform configuration register PCR value based on a private key; performing trusted policy verification on the node security value and the platform configuration register PCR value in the integrity report; and if the verification is passed, confirming that the integrity measurement of the trusted node is passed, and establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node.

In this embodiment, when the trusted terminal node and the trusted boundary node establish a connection, the integrity of the two nodes is collected and authenticated by the trusted security management center.

Fig. 3 is a flowchart of verification of integrity metrics performed by an optional trusted end node and a trusted edge node in establishing a network connection according to an embodiment of the present invention, and as shown in fig. 3, the platform authentication procedure includes:

(1) The trusted node (terminal and boundary) collects node integrity information through the integrity metric acquisition module, generates an integrity report, and sends a verification request to the trusted security management center.

(2) And after receiving the verification request of the trusted node (terminal and boundary), the integrity measurement verification module of the trusted security management center generates a random number M in the trusted environment and sends the random number M to the trusted terminal.

(3) After receiving the random number M sent back by the trusted security management center, the trusted node (terminal and boundary) triggers the trusted root to perform PCR acquisition and collects the platform security attribute value. And signing the PCR value, the node security value and the random number N through a private key, generating an integrity report, and sending the integrity report to a trusted security management center.

(4) And after receiving the integrity information sent by the trusted node (the terminal and the boundary), the integrity measurement verification module verifies according to the security attribute information of the self node and the PCR value of the node and the trusted policy.

(5) Sending the verification result to a network controller (terminal and boundary) to control network connection according to a strategy; if the integrity metrics of any end trusted node (terminal and boundary) fail, the correspondent node performs trusted network connection activities according to the access policy.

In this embodiment, network cross-domain security access control is performed through a trusted boundary, and a trusted boundary security control flow initiates an access request for a trusted terminal, and after access control and security detection are performed in the trusted boundary, information is forwarded in a cross-domain manner; the trusted terminal and the trusted network module in the trusted boundary simultaneously receive the trusted verification and policy management of the trusted boundary unified management component.

Optionally, after searching for the trusted boundary node between the access terminal node and the target terminal node and the corresponding node management policy, the method further includes: receiving an identity certificate and an access certificate of an access terminal node, and receiving an identity certificate of a trusted boundary node; performing certificate verification on the identity certificate of the access terminal node and the identity certificate of the access certificate and the identity certificate of the trusted boundary node; and based on the certificate verification result, confirming whether the access terminal node and the trusted boundary node have the trusted condition for establishing the trusted connection.

The authentication policy is responsible for verifying the credentials (identity credentials and access credentials) of the trusted terminal node and the trusted boundary node and verifying and evaluating the platform integrity information of the trusted terminal and the trusted boundary by protocol call upper layer integrity metric verification. The policy authentication service generates a platform integrity evaluation result of the trusted terminal and the trusted boundary according to the platform integrity evaluation policy, and finally sends a certificate (identity certificate and access certificate) verification result and the platform integrity evaluation result to the trusted network connection client and the trusted network connection access point; the authentication policy accesses the trusted terminal to attach a verification rule for verification.

When the platform authentication of the trusted terminal and the trusted boundary is completed, the trusted network connection client and the trusted network connection access point generate access decisions (permission/prohibition/isolation) according to the certificate verification result returned by the authentication policy service, the platform integrity evaluation result and the additional verification result respectively, and send the access decisions to the trusted terminal and the trusted boundary. The trusted terminal decides whether to access the network according to the access decision, and the trusted boundary performs network access control according to the access decision to decide whether to allow the trusted terminal to access the network.

After the network connection establishment process is completed, the subsequent network information independently completes forwarding and filtering functions by the data plane of the trusted boundary according to the trusted connection decision and the access control decision information recorded in the network connection control table, so that the trusted terminal can access across the domain through the trusted boundary.

In this embodiment, on the basis of three trusted layers, peer-to-peer and centralized management, a arbitration service mechanism is added on a trusted boundary, and the arbitration service can provide a fast verification mechanism, and performs cross-domain access control according to policies for requests of different network behavior evaluation levels. Optionally, the step of transmitting the node access request to the target terminal node through the trusted boundary node includes: transmitting the node access request to a trusted boundary node, analyzing the node access request by the trusted boundary node, and transmitting the analyzed information to a boundary judging service module, wherein the boundary judging service module confirms whether the access terminal node has a trusted report or not and confirms whether the node state of the access terminal node is trusted or not; under the condition that the access terminal node has no trusted report or the node state of the access terminal node is not trusted, the trusted boundary node terminates the network connection with the access terminal node; under the condition that the access terminal node has a trusted report and the node state of the access terminal node is trusted, the trusted boundary node verifies whether the access terminal node has an access certificate or not; under the condition that the access terminal node does not have an access certificate, the trusted boundary node sends the node access request to a trusted security management center or a certification platform, and the trusted security management center or the certification platform performs verification; in case the access terminal node has an access certificate, the trusted boundary node transmits a node access request to the target terminal node.

Fig. 4 is a flowchart of establishing cross-domain access between a trusted end node and a trusted edge node according to an embodiment of the present invention, as shown in fig. 4, including:

(1) The trusted terminal node initiates a cross-domain access request to the trusted boundary node and submits corresponding request information;

(2) After receiving the network access request of the trusted terminal node, the trusted boundary node analyzes the request information and sends the analyzed information to a boundary judging service module for judging service;

(3) Verifying whether a trusted report exists in the judging module, and judging whether the state of the trusted terminal node is trusted or not; if there is no trusted report or the status is not trusted, immediately terminating the existing network connection;

(4) If the state of the trusted terminal node is trusted, continuing to verify whether an access certificate exists in the arbitration module, and executing an arbitration scheme 1 if the access certificate does not exist;

(5) If the network behavior evaluation grade is accessed, continuing to verify the network behavior evaluation grade in the arbitration module;

corresponding arbitration schemes are executed for different levels of network behavior evaluation, and specific arbitration scheme policies are detailed in table 1.

Table 1 resolution strategy table

/>

Optionally, before receiving the node access request, the method further includes: receiving a platform authentication request initiated by an access terminal node, wherein the platform authentication request is used for authenticating the secure communication between a trusted boundary node and a docking platform of the trusted terminal node; responding to the platform authentication request, executing at least one round of platform authentication protocol on the trusted network and the trusted boundary to which the access terminal node belongs, and obtaining a platform authentication result.

If the trusted terminal node needs to execute the platform authentication process, the trusted terminal node sends a platform authentication request to the local trusted network connection client, and if the trusted boundary needs to execute the platform authentication process, the trusted boundary sends the platform authentication request to the trusted network connection access point.

When the trusted network connection access point receives the platform authentication request, a platform authentication process is started, and one or more rounds of platform authentication protocol are executed with the trusted network connection client and the authentication policy service. When the trusted network connection client receives the platform authentication request information of the trusted terminal node or the platform authentication of the trusted boundary is not completed after the platform authentication protocol is finished, the trusted network connection client waits for the trusted network connection access point to initiate a new platform authentication protocol.

In the platform authentication process, the trusted network connection client interacts with each integrity measurement acquisition of the upper layer through a protocol, and the trusted network connection access point interacts with each integrity measurement acquisition of the upper layer through the protocol.

According to another aspect of the embodiment of the present invention, there is also provided a trusted security management system based on a trusted boundary, including: a network component of a trusted terminal node, comprising: the system comprises N trusted networks, wherein at least one trusted terminal node is deployed in each trusted network, the trusted terminal node takes an embedded TPCM module as a trusted root, and the TPCM module carries out trusted measurement on the trusted terminal node; the trusted regional gateway of the trusted boundary node isolates each trusted network; and the trusted security management center boundary policy management component is used for executing the trusted boundary-based cross-domain access method by the trusted security management center.

In the embodiment of the invention, for a trusted security management system, a ternary three-layer system architecture based on network behavior evaluation is provided, namely a ternary system comprising a trusted network, a trusted boundary node and a trusted security management center.

The ternary three-layer network architecture in the embodiment of the invention consists of three entities, three layers and a plurality of components. The trusted network architecture entities have access requests (trusted terminal network controller), access controls (trusted border access controller) and policy management (trusted security management center). The access request is an entity requesting to connect to the protected network; the access control controls the access of the access requester, and the access control is completed according to the access decision made by the policy management; and the policy management serves as a trusted third party of a trusted terminal and a trusted boundary in the process of identity authentication and platform measurement, and the trusted authentication process is completed.

The network architecture in the embodiment of the invention comprises three layers of a network access layer, a trusted platform evaluation layer and an integrity measurement layer. The network access layer mainly comprises a traditional network connection component and is used for completing the functions of user identity authentication, network data transmission and network access control; the trusted platform assessment layer utilizes a trusted third party assessment policy server to perform trusted assessment on the platform identity and integrity of the access requester and the access controller; the integrity metrics layer essentially completes the collection and metrics of the platform integrity of the access requesters and access controllers.

In the embodiment of the invention, the network behavior evaluation of the access requester is added on the ternary three-layer system, and the access mechanism for quickly judging the trusted system can be established based on the network behavior evaluation as one of the strategy evaluation factors of network access.

FIG. 5 is a schematic diagram of an alternative trusted boundary-based trusted security management architecture, as shown in FIG. 5, according to an embodiment of the present invention, including: the trusted security and trust management center (including security policy management, security audit, system management and trusted boundary policy management), trusted terminal nodes and trusted boundary nodes.

The individual components of the trusted ternary system are described below.

(1) Network component of trusted terminal node

Optionally, the network component of the trusted terminal node comprises: the trusted root is used for carrying out trusted measurement on the trusted terminal node, establishing a trusted trust chain and generating a trusted report; the first trusted network module comprises a first network controller, a trusted network connection client, a first integrity measurement acquisition module and a network behavior acquisition module, wherein the first network controller is responsible for initiating a boundary-crossing access request to a trusted boundary node, and executing a user identity authentication protocol with an authentication policy service module of a second network controller of the trusted boundary node and a trusted security management center to realize bidirectional identity authentication between the trusted terminal node and the trusted boundary node; the trusted network connection client module requests and receives the component measurement values from each integrity measurement acquisition module through a protocol interface, and executes a platform authentication protocol to realize bidirectional platform authentication between the trusted terminal node and the trusted boundary node; the first integrity measurement acquisition module collects integrity measurement values of components in the trusted terminal node to finish platform integrity authentication; the network behavior acquisition module is used for collecting the network security behaviors of the trusted terminal node and providing sampling data for the network behavior assessment service of the trusted security management center.

The trusted terminal node network component completes user integrity authentication and platform integrity authentication when the terminal initiates or receives a network access request crossing the trusted boundary of the area, and establishes trusted network connection with the trusted boundary gateway of the area; meanwhile, main body information of the cross-boundary communication and deployment information of a terminal forced access control mechanism are acquired, and boundary forced access control is completed by matching with a trusted boundary. As shown in fig. 5, the trusted end node network component includes: terminal security protection (terminal access control and network security software), trusted network module, trusted root. The trusted network module comprises a first network controller (request), a trusted network connection client, a first integrity metric acquisition module and a network behavior acquisition module.

The terminal access control module on the trusted terminal node is mainly responsible for collecting the attribute information of the cross-boundary communication main body on the terminal node and transmitting the attribute information to the trusted boundary access control module, and the trusted boundary is assisted to complete main body domain judgment and boundary forced access control.

The first network controller (request) module is mainly responsible for initiating a boundary-crossing access request to a trusted boundary of the boundary gateway, executing a user identity authentication protocol with a network controller (management) module of the trusted boundary and an authentication policy service module of a management center to realize bidirectional user identity authentication between a trusted terminal and the trusted boundary, transmitting and receiving user identity authentication protocol and platform authentication protocol data, sending a platform authentication request to a trusted network connection client module of the trusted boundary, receiving an access decision made by the trusted network connection client and executing trusted connection control of the terminal.

The trusted network connection client module mainly requests and receives component measurement values from each local integrity measurement acquisition module through a protocol interface, and executes one or more rounds of platform authentication protocol with the trusted network connection access point module of the trusted boundary and the evaluation strategy service module of the management center, so that bidirectional platform authentication between the terminal node and the trusted boundary is realized.

The first integrity measurement acquisition module is used for mainly collecting the integrity measurement values of various components in the end node and sending the integrity measurement values to the integrity measurement verification module of the corresponding management center to finish platform integrity authentication.

The network behavior acquisition module is used for collecting the network security behaviors of the trusted terminal node and providing sampling data for the network behavior assessment service of the trusted security management center.

In the embodiment, the trusted root is based on TPCM, can provide password service, performs trusted measurement on the terminal node, establishes a trusted trust chain, generates a trusted report, and stores the trusted report in a trusted storage; in addition, the trusted certificates (identity certificates, access certificates, etc.), the trusted reference library, and the base keys of the terminal nodes are stored in the trusted root.

(2) Trusted regional gateway for trusted border nodes

Optionally, the trusted regional gateway of the trusted border node includes: the boundary attack detection module, the boundary protocol filtering module and the boundary access auditing module are used for realizing the security check of the trusted boundary node; the second trusted network module corresponds to the first trusted network module of the trusted terminal node and comprises a second network controller, a trusted network connection access point, a second integrity measurement acquisition module and a network behavior management module, wherein the second network controller is responsible for starting a user identity authentication protocol, executing the user identity authentication protocol with the first network controller of the trusted terminal node and an authentication policy service module of a trusted security management center to realize bidirectional identity authentication between the trusted terminal node and the trusted boundary node, and sending a platform authentication request to the access point of the trusted network; the trusted network connection access point requests and receives component measurement values through each integrity measurement acquisition module of the protocol interface gateway, and executes a platform authentication protocol with a trusted network client module of the trusted terminal node and an evaluation strategy service module of the trusted security management center to realize bidirectional platform authentication between the trusted terminal node and a trusted regional gateway of the trusted boundary node; the second integrity measurement acquisition module collects the integrity measurement values of all components in the trusted boundary node to finish platform integrity authentication; the network behavior management module is used for collecting network security behaviors of the trusted boundary nodes.

The trusted boundary is an important execution component of the regional boundary protection policy, and is firstly cooperated with a trusted component of the terminal node and a boundary security policy management component of a security management center to complete bidirectional trusted authentication of the terminal node with a cross-regional boundary network access request, and establish trusted network connection: secondly, on the basis of trusted network connection, according to the access policy definition of the boundary security policy management component, performing mandatory access control, protocol filtering and attack detection protection measures on the data flow crossing the boundary: finally, auditing all network accesses crossing boundaries also needs to be completed.

As shown in fig. 5, the trusted border gateway includes attack detection, protocol filtering, border access control, border access audit, arbitration service, trusted network module and trusted root, where the trusted network module corresponds to the trusted network module of the trusted terminal node, and includes a second network controller (management), a trusted network connection access point, a second integrity metric collection and network behavior management component.

The boundary protocol filtering module, the boundary attack detecting module and the boundary access auditing module realize a traditional regional boundary security mechanism.

The boundary access control module is an execution part of a trusted boundary forced access control model and a policy, and realizes boundary forced access control according to the definition of the trusted security management center boundary access control policy and the domain attribute of the communication main body.

The main functions of the second network controller (management) module are: and the authentication policy service module is responsible for starting a user identity authentication protocol, executing the user identity authentication protocol with a network controller (request) module of the terminal and an authentication policy service module of the management center to realize bidirectional user identity authentication between the trusted terminal node and the trusted boundary, transmitting and receiving user identity authentication protocol and platform authentication protocol data, sending a platform authentication request to the trusted network access point, receiving an access decision made by the trusted network access point, and executing trusted connection control according to the access decision.

The main functions of the trusted network access point module are: and requesting and receiving the component measurement values through each integrity measurement acquisition module of the protocol interface gateway, and executing one or more rounds of platform authentication protocols with a trusted network client module and a management center evaluation strategy service module of the trusted terminal to realize bidirectional platform authentication between the terminal and the gateway.

The second integrity measurement acquisition module is a component which runs on the trusted boundary entity at the same time, collects the integrity measurement values of various components in the trusted boundary, and sends the integrity measurement values to the corresponding management center integrity measurement verification module to finish platform integrity authentication.

The network behavior management module collects the network security behaviors of the trusted boundary nodes; when a trusted terminal node initiates a network access request, checking the network behavior grade of the network terminal node (calling the network behavior evaluation result of a trusted security management center), and pushing the network behavior grade to a judging service module to identify network connection; and receiving a network behavior dynamic monitoring result of the security management center, finding out abnormal behavior, and timely performing network security control.

The judging service module is a module for establishing a rapid authentication mechanism in a trusted boundary, and the module is added with a mechanism for rapidly establishing cross-domain access with high security of network behavior on the basis of meeting a ternary three-layer system, thereby providing the efficiency of cross-domain access of a trusted terminal.

In the embodiment, the trusted root in the trusted border node is based on the TPCM, can provide password service, performs trusted measurement on the border node, establishes a trusted trust chain, generates a trusted report, and stores the trusted report in a trusted storage; in addition, the trusted certificates, the trusted base, and the base keys of the border nodes are stored in the trusted root.

(3) Trusted security management center boundary policy management component

Optionally, the trusted security management center boundary policy management component includes: the integrity measurement verification module is used for verifying the integrity measurement values of various components in the received trusted terminal node and the trusted boundary node and generating a component integrity evaluation result according to a preset evaluation strategy; the evaluation policy service module executes a platform authentication protocol to realize bidirectional platform authentication between the trusted terminal node and the trusted boundary node, wherein in the platform authentication protocol, the evaluation policy service verifies the validity of the platform identity key PIK certificates of the trusted terminal node and the trusted boundary node; the authentication policy service module executes a user identity authentication protocol to realize bidirectional user identity authentication between the trusted terminal node and the trusted boundary node; and the network behavior evaluation module evaluates the security attribute of the network behavior and classifies the risk of the network behavior of each trusted node.

Trusted boundary policy management is a functional component of a trusted security management center. The method is used as a trusted third party, and completes user authentication and platform authentication between boundary-crossing network access entities together with a terminal node and a security gateway, and establishes end-to-end trusted network connection; and the main domain attribute and the access control policy of the cross-boundary network access are defined in a centralized way, and the boundary security gateway is managed to complete the boundary forced access control.

Trusted boundary policy management, including an integrity metric verification module, an evaluation policy service module, an authentication policy service module, an access control policy management module, and a network behavior evaluation module.

The integrity measurement verification module is used for mainly completing the verification of the received integrity measurement values of various components in the terminal and the gateway and generating a component integrity evaluation result according to the evaluation strategy.

The evaluation strategy service module is used as a trusted third party and trusted terminal trusted network connection client module and a trusted boundary trusted network connection access point module to execute a platform authentication protocol, so that bidirectional platform authentication between the terminal and the gateway is realized. In the platform authentication protocol, an evaluation policy service verifies the validity of PIK (platform identity key) certificates of a trusted terminal and a trusted boundary, if the PIK certificates are valid, component measurement values of a network control module (the trusted terminal and the trusted boundary) are sent to each integrity measurement verification module at the upper end of the PIK certificates through a verification protocol interface, and an integrity evaluation result of the components of the network control module (the trusted terminal and the trusted boundary) returned by the integrity measurement verification module is received, and then platform integrity evaluation results of the network control module (the trusted terminal and the trusted boundary) are respectively generated according to the component integrity evaluation results of the evaluation policy convergence network control module (the trusted terminal and the trusted boundary) and are sent to a trusted terminal node and a trusted boundary node.

The authentication policy service module performs a user identity authentication protocol as a trusted third party with a trusted terminal network controller (request) and a trusted border network controller (management) to implement bidirectional user identity authentication between the trusted terminal node and the trusted border node, and transmits and receives user identity authentication protocol and platform authentication protocol data.

The access control policy management module mainly completes defining the domain boundary main body domain and domain entry attribute, defines the association relation table (DDT) between the domain boundary main body domains, and distributes various defined information to the trusted boundary for completing the boundary forced access control.

The network behavior evaluation module evaluates the collected network behavior measurement results, classifies the risk grades of the network behaviors of all nodes, and pushes the evaluation results to the corresponding modules for making network access control strategies.

FIG. 6 is a flow chart of an alternative trusted boundary access control, as shown in FIG. 6, according to an embodiment of the present invention, comprising:

(1) The system components are initialized, the trusted network connection client of the trusted terminal and the access point connected with the trusted boundary network load the corresponding integrity measurement acquisition module of the upper layer, and the evaluation strategy service of the trusted security management center loads the integrity measurement verification service of the upper layer.

(2) The network controller (request) of the trusted terminal initiates a network access request to the network controller (management) of the trusted boundary.

(3) When the trusted boundary authenticates the network behavior of the trusted terminal, the trusted network connection client and the trusted network access point send behavior authentication requests to respective network behavior acquisition modules; in the network behavior identification process, a trusted network connection client and a trusted network access point interact with a network behavior acquisition module through a protocol to acquire node (terminal and boundary) network behavior information and extract relevant network characteristic parameters of network behavior data sampling.

(4) The evaluation policy service completes the network behavior verification of the trusted terminal and the trusted boundary through the network behavior evaluation, generates a network behavior evaluation result, and returns the network behavior evaluation result to the trusted network connection client and the trusted network connection access point.

(5) The trusted boundary makes a quick decision on the condition (existence/non-existence), the trusted report condition (trusted/non-trusted) and the network behavior evaluation result of the access certificate of the trusted terminal through the decision service, and makes a corresponding access policy. If the evaluation results meet the conditions of decision 3 and decision 4, the following authentication flow is continued, otherwise, the flow directly jumps to (12).

(6) After receiving the network request of the trusted network module of the trusted terminal, the trusted network module of the trusted boundary completes the bidirectional user identity authentication process between the trusted terminal and the trusted boundary with the trusted network module of the trusted terminal and the authentication policy service. In the user authentication protocol, a key (master key or session) between a trusted terminal and a network module of a trusted boundary is negotiated between the two.

(7) If the trusted terminal needs to execute the platform authentication process, the trusted terminal sends a platform authentication request to the local trusted network connection client, and if the trusted boundary needs to execute the platform authentication process, the trusted boundary sends the platform authentication request to the trusted network connection access point.

(8) When the trusted network connection access point receives the platform authentication request, a platform authentication process is started, and one or more rounds of platform authentication protocol are executed with the trusted network connection client and the authentication policy service. When the trusted network connection client receives the platform authentication request information of the trusted terminal or the platform authentication of the trusted boundary is not completed after the platform authentication protocol is finished, the trusted network connection client waits for the trusted network connection access point to initiate a new platform authentication protocol.

(9) In the platform authentication process, the trusted network connection client interacts with each integrity measurement acquisition of the upper layer through a protocol, and the trusted network connection access point interacts with each integrity measurement acquisition of the upper layer through the protocol.

(10) The authentication policy is responsible for verifying the credentials (identity credentials and access credentials) of the trusted terminal and the trusted boundary and verifying and evaluating the platform integrity information of the trusted terminal and the trusted boundary by means of integrity metric verification of the upper layer of protocol calls. The policy authentication service generates a platform integrity evaluation result of the trusted terminal and the trusted boundary according to the platform integrity evaluation policy, and finally sends a certificate (identity certificate and access certificate) verification result and the platform integrity evaluation result to the trusted network connection client and the trusted network connection access point; the authentication policy accesses the trusted terminal to attach a verification rule for verification (only constraint 4).

(11) When the platform authentication of the trusted terminal and the trusted boundary is completed, the trusted network connection client and the trusted network connection access point generate access decisions (permission/prohibition/isolation) according to the certificate verification result returned by the authentication policy service, the platform integrity evaluation result and the additional verification result (only the constraint solution 4) respectively, and send the access decisions to the trusted terminal and the trusted boundary.

(12) The trusted terminal decides whether to access the network according to the access decision, and the trusted boundary performs network access control according to the access decision to decide whether to allow the trusted terminal to access the network.

After the network connection establishment process is completed, the subsequent network information independently completes forwarding and filtering functions by the data plane of the trusted boundary according to the trusted connection decision and the access control decision information recorded in the network connection control table, so that the trusted terminal can access across the domain through the trusted boundary.

Through the implementation mode, the following technical effects can be achieved:

1. based on the access authentication of the trusted boundary acquired by multiple factors, the access control mechanism of the trusted boundary in the embodiment is carried out by adopting a controllable ternary equivalent authentication method, and the access control mechanism adopts a mechanism of a plurality of message transmission and an online trusted third party to realize the bidirectional identity authentication between two communication entities. In the trusted boundary system architecture, the trusted verification of the bidirectional platform between the trusted terminal node and the trusted boundary node is completed; the cross-domain access of the trusted node across the trusted boundary is realized through a plurality of authentication factors including certificates (identity certificates and access certificates), trusted reports, network behavior evaluation results, platform integrity measurement, additional rules and the like, and the security in the whole network access process is ensured.

2. Based on the two-way authentication of the ternary peer entity authentication trusted network connection architecture, in the trusted boundary architecture, both the trusted terminal node and the trusted boundary node take an embedded TPCM module as a trust root, and an elliptic curve algorithm and a symmetric encryption algorithm module are integrated in the TPCM. The trusted network connection architecture (TCA) is a trusted network connection architecture with innovative characteristics, and is mainly characterized by adopting a three-layer, peer-to-peer and centralized management structure. In this embodiment, peer-to-peer means that the establishment of the trusted connection between the trusted terminal and the trusted boundary is peer-to-peer, that is, the two parties perform bidirectional identity authentication, platform authentication and authentication by other methods under the policy management of the trusted security management center, and after both parties pass authentication, the trusted connection and cross-domain network access can be established.

3. The boundary network access quick arbitration mechanism based on network behavior evaluation adopts a dynamic analysis evaluation method for network behavior, fully considers the influence of network behavior factors, and generates a verification result (network behavior evaluation grade) by extracting and quantifying the characteristic value of the network behavior and evaluating the security attribute of the network behavior by a network behavior evaluation component, thereby realizing quick access control on the trusted terminal according to the verification result and combining other related access strategies and improving the efficiency of cross-domain access of the trusted terminal. Only trusted terminals that meet the network behavior of the security policy are likely to be allowed to perform cross-domain access, blocking trusted terminals that do not meet the network behavior of the security policy, and protecting the secure access between the trusted terminals and the trusted border network.

According to another aspect of the embodiments of the present application, there is also provided a computer readable storage medium, including a stored computer program, where the computer readable storage medium is controlled to execute any one of the above-mentioned trusted boundary-based cross-domain access methods when the computer program is run.

The foregoing embodiment numbers of the present application are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.

In the foregoing embodiments of the present application, the descriptions of the embodiments are emphasized, and for a portion of this disclosure that is not described in detail in this embodiment, reference is made to the related descriptions of other embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed technology may be implemented in other manners. The above-described embodiments of the apparatus are merely exemplary, and the division of the units, for example, may be a logic function division, and may be implemented in another manner, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be through some interfaces, units or modules, or may be in electrical or other forms.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.

The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied essentially or in part or all of the technical solution or in part in the form of a software product stored in a storage medium, including instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a removable hard disk, a magnetic disk, or an optical disk, or other various media capable of storing program codes.

The foregoing is merely a preferred embodiment of the present invention and it should be noted that modifications and adaptations to those skilled in the art may be made without departing from the principles of the present invention, which are intended to be comprehended within the scope of the present invention.

Claims (11)

1. The cross-domain access method based on the trusted boundary is characterized by being applied to a trusted security management center in a trusted computing system architecture, wherein the trusted computing system architecture comprises: the trusted security management center and N trusted networks, at least one trusted terminal node is deployed in each trusted network, each trusted network is isolated by a trusted boundary node, the trusted terminal node and the trusted boundary node take an embedded TPCM module as a trusted root, the TPCM module carries out trusted measurement, the trusted security management center manages all the trusted networks and the trusted boundaries, N is a positive integer greater than 1, and the cross-domain access method comprises the following steps:

receiving a node access request, wherein the node access request carries: a first node identifier of the access terminal node, a second node identifier of the accessed target terminal node and an access requirement;

Inquiring whether the access terminal node indicated by the first node identifier and the target terminal node indicated by the second node identifier are located in the same trusted network or not to obtain an inquiry result;

under the condition that the query result indicates that the two nodes are not in the same trusted network, confirming that the request type of the node access request is a cross-domain access request, and searching a trusted boundary node between the access terminal node and the target terminal node and a corresponding node management strategy;

based on the node management policy, respectively establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node, wherein the first trusted connection and the second trusted connection are peer-to-peer;

and carrying out network security verification on the first trusted connection and the second trusted connection, and transmitting the node access request to the target terminal node through the trusted boundary node according to a verification result and a node access strategy.

2. The method of cross-domain access of claim 1, wherein the step of performing network security checking on the first trusted connection and the second trusted connection comprises:

Collecting network behavior characteristic values of the first trusted connection and the second trusted connection;

evaluating the network behavior security attribute of the first trusted connection and the second trusted connection based on the network behavior characteristic value to obtain a network behavior evaluation level;

and determining a verification result of network security verification based on the network behavior evaluation level.

3. The cross-domain access method according to claim 1, wherein the step of establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node, respectively, comprises:

receiving verification requests initiated by all the trusted nodes in the trusted node set, wherein the trusted nodes in the trusted node set are one of the following: the access terminal node, the trusted boundary node and the target terminal node;

generating a random number in a trusted environment in response to the authentication request, and transmitting the random number to the trusted node;

receiving an integrity report transmitted by the trusted node, wherein the integrity report is generated after the trusted node signs the random number, the node security value and the platform configuration register PCR value based on a private key;

Performing trusted policy verification on the node security value and the platform configuration register PCR value in the integrity report;

and if the verification is passed, confirming that the integrity measurement of the trusted node is passed, and establishing a first trusted connection between the access terminal node and the trusted boundary node and a second trusted connection between the trusted boundary node and the target terminal node.

4. The cross-domain access method of claim 1, further comprising, after searching for a trusted border node and a corresponding node management policy between the access terminal node and the target terminal node:

receiving an identity certificate and an access certificate of the access terminal node, and receiving an identity certificate of the trusted boundary node;

performing certificate verification on the identity certificate of the access terminal node and the identity certificate of the access certificate and the identity certificate of the trusted boundary node;

and based on a certificate verification result, confirming whether the access terminal node and the trusted boundary node have a trusted condition for establishing trusted connection.

5. The cross-domain access method of claim 1, wherein the step of transmitting the node access request to the target terminal node through the trusted boundary node comprises:

Transmitting the node access request to the trusted boundary node, analyzing the node access request by the trusted boundary node, and transmitting the analyzed information to a boundary judging service module, wherein the boundary judging service module confirms whether the access terminal node has a trusted report or not and confirms whether the node state of the access terminal node is trusted or not;

the trusted boundary node terminates the network connection with the access terminal node under the condition that the access terminal node has no trusted report or the node state of the access terminal node is not trusted;

the trusted boundary node verifies whether the access terminal node has an access certificate or not under the condition that the access terminal node has the trusted report and the node state of the access terminal node is trusted;

under the condition that the access terminal node does not have the access certificate, the trusted boundary node sends the node access request to the trusted security management center or the certification platform, and the trusted security management center or the certification platform performs auditing;

and the trusted boundary node transmits the node access request to the target terminal node under the condition that the access terminal node has the access certificate.

6. The cross-domain access method of claim 1, further comprising, prior to receiving the node access request:

receiving a platform authentication request initiated by the access terminal node, wherein the platform authentication request is used for authenticating the secure communication between the trusted boundary node and the docking platform of the trusted terminal node;

and responding to the platform authentication request, and executing at least one round of platform authentication protocol on the trusted network and the trusted boundary to which the access terminal node belongs to obtain a platform authentication result.

7. A trusted security management system based on trusted boundaries, comprising:

a network component of a trusted terminal node, comprising: the system comprises N trusted networks, wherein at least one trusted terminal node is deployed in each trusted network, the trusted terminal node takes an embedded TPCM module as a trusted root, and the TPCM module performs trusted measurement on the trusted terminal node;

a trusted regional gateway of the trusted boundary node isolates each trusted network;

a trusted security management center boundary policy management component, wherein the trusted security management center performs the trusted boundary-based cross-domain access method of any one of claims 1 to 6.

8. The trusted security management system of claim 7, wherein the network component of the trusted end node comprises:

the trusted root is used for carrying out trusted measurement on the trusted terminal node, establishing a trusted trust chain and generating a trusted report;

a first trusted network module comprising a first network controller, a trusted network connection client, a first integrity metric acquisition module and a network behavior acquisition module,

the first network controller is responsible for initiating a boundary crossing access request to the trusted boundary node, and executing a user identity authentication protocol with an authentication policy service module of a second network controller of the trusted boundary node and the trusted security management center to realize bidirectional identity authentication between a trusted terminal node and the trusted boundary node;

the trusted network connection client module requests and receives the component measurement values from each integrity measurement acquisition module through a protocol interface, and executes a platform authentication protocol to realize bidirectional platform authentication between the trusted terminal node and the trusted boundary node;

the first integrity measurement acquisition module collects integrity measurement values of components in the trusted terminal node to finish platform integrity authentication;

The network behavior acquisition module is used for collecting the network security behaviors of the trusted terminal node and providing sampling data for the network behavior assessment service of the trusted security management center.

9. The trusted security management system of claim 7, wherein the trusted regional gateway of the trusted border node comprises:

the boundary attack detection module, the boundary protocol filtering module and the boundary access auditing module are used for realizing the security check of the trusted boundary node;

the second trusted network module, corresponding to the first trusted network module of the trusted terminal node, comprises a second network controller, a trusted network connection access point, a second integrity measurement acquisition module and a network behavior management module,

the second network controller is responsible for starting a user identity authentication protocol, executing the user identity authentication protocol with the first network controller of the trusted terminal node and an authentication policy service module of the trusted security management center to realize bidirectional identity authentication between the trusted terminal node and the trusted boundary node, and sending a platform authentication request to an access point of the trusted network;

the trusted network connection access point requests and receives component measurement values through each integrity measurement acquisition module of a protocol interface gateway, and executes a platform authentication protocol with a trusted network client module of the trusted terminal node and an evaluation strategy service module of the trusted security management center to realize bidirectional platform authentication between the trusted terminal node and a trusted regional gateway of the trusted boundary node;

The second integrity measurement acquisition module collects the integrity measurement values of all components in the trusted boundary node to finish platform integrity authentication;

the network behavior management module is used for collecting network security behaviors of the trusted boundary node.

10. The trusted security management system of claim 7, wherein the trusted security management center boundary policy management component comprises:

the integrity measurement verification module is used for verifying the received integrity measurement values of various components in the trusted terminal node and the trusted boundary node and generating a component integrity evaluation result according to a preset evaluation strategy;

the evaluation policy service module executes a platform authentication protocol to realize bidirectional platform authentication between the trusted terminal node and the trusted boundary node, wherein in the platform authentication protocol, the evaluation policy service verifies the validity of platform identity key PIK certificates of the trusted terminal node and the trusted boundary node;

the authentication policy service module executes a user identity authentication protocol to realize bidirectional user identity authentication between the trusted terminal node and the trusted boundary node;

And the network behavior evaluation module evaluates the security attribute of the network behavior and classifies the risk of the network behavior of each trusted node.

11. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored computer program, wherein the computer program when run controls a device in which the computer readable storage medium is located to perform the trusted boundary based cross-domain access method according to any one of claims 1 to 6.