WO2010020188A1 - 一种基于tcpa/tcg可信网络连接的可信网络管理方法 - Google Patents

一种基于tcpa/tcg可信网络连接的可信网络管理方法 Download PDF

Info

Publication number
WO2010020188A1
WO2010020188A1 PCT/CN2009/073370 CN2009073370W WO2010020188A1 WO 2010020188 A1 WO2010020188 A1 WO 2010020188A1 CN 2009073370 W CN2009073370 W CN 2009073370W WO 2010020188 A1 WO2010020188 A1 WO 2010020188A1
Authority
WO
WIPO (PCT)
Prior art keywords
trusted
management
host
network
managed
Prior art date
Application number
PCT/CN2009/073370
Other languages
English (en)
French (fr)
Inventor
肖跃雷
曹军
赖晓龙
黄振海
Original Assignee
西安西电捷通无线网络通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 西安西电捷通无线网络通信有限公司 filed Critical 西安西电捷通无线网络通信有限公司
Priority to US13/058,988 priority Critical patent/US20110145425A1/en
Priority to EP09807887A priority patent/EP2317693A4/en
Publication of WO2010020188A1 publication Critical patent/WO2010020188A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Definitions

  • the present invention relates to a trusted network management method based on TCPA/TCG (Teded Computing Platform Alliance/Trusted Computing Group) trusted network connection.
  • TCPA/TCG Teded Computing Platform Alliance/Trusted Computing Group
  • CMIP Common Management Information Protocol
  • SNMP is mainly used for data network management
  • CMIP is mainly used for telecommunication network management.
  • the network management system is gradually developing towards the direction of distribution and intelligence.
  • distributed network management There are two main development trends in distributed network management: One is to design an open, standard, and scalable large-scale distributed network management system using distributed computing tools under the existing network management framework.
  • CORBA Common Object Request Broker Architecture
  • distributed network management systems based on Web; the other is new network management of distributed systems, such as mobile agent-based network management systems, etc. .
  • Distributed network management technology distributes network management tasks and monitoring to the entire network without relying on a separate control center. It has the advantages of reducing network management traffic, providing greater management capabilities, scalability, and so on.
  • both centralized network management systems and distributed network management systems have the following security issues:
  • the agent hosting the host may attack the agent, and the existing detection-based method cannot guarantee the security of the agent;
  • the agent may also attack the host that is hosted, such as the agent's illegal access to some private information of the host. For such attacks, only intrusion detection technology is used for passive defense.
  • the network management user completely trusts the manager system, which is not safe. Because the manager system may be controlled by viruses, Trojans, etc., the manager system does not work according to the wishes of the network management user, thus losing the management and control of the network;
  • the managed host completely trusts the manager system, which is also unsafe.
  • the managed host needs to detect whether the administrator system is eroded by viruses or Trojans. Otherwise, the agent residing on the managed host performs some malicious behavior on the managed host due to receiving malicious management commands.
  • the international trusted computing organization TCPA/TCG defines a trusted computing framework and has developed a series of Trusted Computing Specification.
  • the trusted computing framework mainly ensures the security of the entire system by enhancing the security of the existing terminal architecture.
  • the main idea is to introduce a trusted architecture on various terminal hardware platforms, and improve the security of the terminal system through the security features provided by it.
  • the trusted core of the terminal is a trusted chip called the Trusted Platform Module (TPM).
  • the trusted platform module TPM can be used to implement the trust of the terminal, and the trusted network connection based on the trusted platform module TPM can realize the trust between the terminals in the network environment.
  • the trusted network connection architecture of the international trusted computing organization TCPA/TCG is shown in Figure 1.
  • the policy decision point PDP Policy Decision Point
  • the access requestor AR Access Requestor
  • the policy enforcement point PEP Policy Enforcement Point
  • a trusted third-party policy manager PM can be set up behind the policy decision point PDP to form a trusted network connection architecture with enhanced security.
  • the access requester AR, the policy decision point PDP, and the policy manager perform a ternary peer-to-peer authentication protocol to implement two-way user authentication and two-way platform integrity evaluation between the access requester AR and the policy decision point PDP, wherein the policy manager PM implements access.
  • the certificate validity verification of the requester AR and the policy decision point PDP can also implement the platform integrity check of the access requester AR and the policy decision point PDP.
  • Policy Decision Point The PDP makes decision decisions based on user authentication and platform integrity assessment results, and then notifies the policy enforcement point PEP to execute the decision.
  • the access requester AR can also make decision decisions based on user authentication and platform integrity assessment results and perform decisions locally.
  • the trusted network connection performed on the trusted network connection architecture shown in Figure 1 is called “TCPA/TCG Trusted Network Connection”
  • the trusted network connection performed on the Trusted Network Connection Architecture shown in Figure 2 is called " Enhanced security for TCPA/TCG trusted network connections.”
  • TCPA/TCG Trusted Network Connection The trusted network connection performed on the trusted network connection architecture shown in Figure 1
  • FIG. 2 After the access requester AR in the trusted network connection architecture shown in FIG. 1 and FIG. 2 is connected to the trusted network, a network management system is required to manage it, and the above centralized network management system and distributed need to be avoided. The security flaws of the network management system, thus establishing a truly trusted network. It can be seen from FIG. 1 and FIG.
  • trusted network management method based on these two trusted network connection architectures is the same, collectively referred to as "trusted network management method based on TCPA/TCG trusted network connection”.
  • the present invention provides a trusted network management method based on TCPA/TCG trusted network connection in order to solve the above technical problems existing in the background art.
  • the technical solution of the present invention is:
  • the present invention is a trusted network management method based on TCPA/TCG trusted network connection, including:
  • the installation and configuration of the trusted management agent and the trusted management system include: the trusted management agent resides in the managed host, and the trusted management system resides in the management host; the host acting as the policy decision point PDP role is managed Host
  • the managed host is not connected to the trusted network, the managed host is connected to the trusted network, and the method for the managed host to connect to the trusted network is: when it is a TCPA/TCG trusted network connection architecture, The managed host uses the TCPA/TCG trusted network connection method to connect to the trusted network, where the managed host acts as the access requester AR role; when it is the enhanced security TCPA/TCG trusted network connection architecture, the managed host utilizes The enhanced security TCPA/TCG trusted network connection method is connected to the trusted network, wherein the managed host acts as an access requester AR role;
  • the managed host and the management host first implement the remote trustedness of the trusted management agent and the trusted management system according to the following method, and then perform network management. Executing process; wherein the managed host and the management host implement trusted trusted management agents and remotely trusted managed hosts and management hosts of the trusted management system to implement remote trusted trusted management agents and trusted management systems
  • the method is as follows: When the TCPA/TCG trusted network connection architecture is used, the managed host verifies the integrity of the trusted management system on the management host according to the standard integrity value of the locally pre-stored trusted management system, and manages The host verifies the integrity of the trusted management agent on the managed host according to the standard integrity value of the locally pre-stored trusted management agent; when it is the enhanced security TCPA/TCG trusted network connection architecture, the managed host, The management host and the policy manager PM perform a ternary peer-to-peer authentication protocol to implement remote trustedness of trusted management agents and trusted management systems.
  • the verification policy manager is responsible for managing trusted agent and
  • the installation and configuration of the trusted management agent is completed by a network administrator or a network user.
  • the configuration file is distributed by the network administrator and the network user does not know the content of the configuration file, the network user completes the installation of the trusted management agent and Configuration.
  • the network user of the managed host utilizes the trusted platform module TPM in the managed host to perform integrity measurement, storage, and reporting on the trusted management agent to verify the credibility of the trusted management agent on the managed host;
  • the network administrator of the host can use the trusted platform module TPM in the management host to perform integrity measurement, storage and reporting on the trusted management system to verify the local trusted management system. Credibility.
  • the authentication and key agreement process of the trusted management agent and the trusted management system includes: the trusted management agent on the managed host automatically issues information for searching for the corresponding trusted management system; and the trusted management system receives the trusted management agent. After the information is searched, the authentication process between the trusted management agent is initiated; the trusted management system and the trusted management agent use the configuration information or the configuration file for two-way authentication and key agreement to obtain trusted management agent and trusted management. A session key between systems to secure communication between the trusted management system and the trusted management agent.
  • the network user of the managed host when the network user of the managed host is verified and confirmed: the trusted management system running on the management host and the trusted management agent running on the managed host are all trusted, then The network user of the management host permits the managed host to perform network management communication with the management host or when the network administrator of the management host is verified and confirmed: the trusted management system running on the management host and the trusted management running on the managed host The agents are all trusted, and the network administrator of the management host begins to perform network management.
  • a trusted network management method based on TCPA/TCG trusted network connection comprising the following steps:
  • the installation and configuration of the trusted management agent and the trusted management system include: the trusted management agent resides in the managed host, and the trusted management system resides in the management host; the host acting as the access request AR role is the management host ;
  • the method for connecting the managed host and the management host to the trusted network is as follows: When the TCG trusted network connection architecture, the managed host and the management host connect to the trusted network by using the TCPA/TCG trusted network connection method, wherein the managed host and the management host act as the access requester AR role; In the TCPA/TCG trusted network connection architecture, the managed host and the management host connect to the trusted network by using the enhanced security TCPA/TCG trusted network connection method, wherein the managed host and the management host act as the access requester AR role;
  • management The host and the managed host perform the user authentication and key agreement process, and then perform the network management execution process. If the user authentication and the key agreement process have been completed between the managed host and the management host, the host and the management are managed as follows.
  • the host implements remote trustedness of the trusted management agent and the trusted management system, and then performs network management execution process; wherein the managed host and the management host implement remote trustedness of the trusted management agent and the trusted management system
  • the method is as follows: When the TCPA/TCG trusted network connection architecture is used, the managed host verifies the integrity of the trusted management system on the management host according to the standard integrity value of the locally pre-stored trusted management system, and the management host Verify the integrity of the trusted management agent on the managed host based on the standard integrity value of the locally pre-stored trusted management agent; when it is the enhanced security TCPA/TCG trusted network connection architecture, managed host, management
  • the host and policy manager PM implements a ternary peer-to-peer authentication protocol to implement remote trustedness of trusted management agents and trusted management systems. Sex, where the policy manager is responsible for verifying the integrity of the trusted management agent and the trusted management system and sending the verification results to the managed host and the management host.
  • the installation and configuration of the trusted management agent is completed by a network administrator or a network user.
  • the configuration file is distributed by the network administrator and the network user does not know the content of the configuration file, the network user completes the installation of the trusted management agent and Configuration.
  • the network user of the managed host utilizes the trusted platform module TPM in the managed host to perform integrity measurement, storage, and reporting on the trusted management agent to verify that the trusted management agent is on the managed host.
  • the TPM performs integrity measurement, storage, and reporting on the trusted management system to verify the credibility of the local trusted management system.
  • the authentication and key agreement process of the trusted management agent and the trusted management system includes: the trusted management agent on the managed host automatically issues information for searching for the corresponding trusted management system; and the trusted management system receives the trusted management agent. After the information is searched, the authentication process between the trusted management agent is initiated; the trusted management system and the trusted management agent use the configuration information or the configuration file for two-way authentication and key agreement to obtain trusted management agent and trusted management. The session key between the systems.
  • the network user of the managed host when the network user of the managed host is verified and confirmed: the trusted management system running on the management host and the trusted management agent running on the managed host are all trusted, then The network user of the management host permits the managed host to perform network management communication with the management host or when the network administrator of the management host is verified and confirmed: the trusted management system running on the management host The system and the trusted management agents running on the managed host are all trusted, and the network administrator of the management host begins to perform network management.
  • the invention provides two trusted network management architectures based on TCPA/TCG trusted network connection, the trusted management agent resides in the managed host, and the trusted management system resides in the management host, the managed host and
  • the management host has a trusted platform module TPM, which forms a trusted computing platform based on the trusted platform module TPM, and the trusted management agent and trusted management system are based on the trusted computing platform, the trusted management agent and the
  • the trusted third party of the letter management system authenticates the signed software module, and the standard integrity metrics of the trusted management agent and the trusted management system are stored by the trusted third party.
  • Trusted Platform Modules for Managed Hosts and Management Hosts TPM can measure, store, and report integrity on trusted management agents and trusted management systems.
  • the managed host and the management host can ensure that both the trusted management agent and the trusted management system are trusted, and then perform network management functions between them to implement trusted network management.
  • the managed host is the access requester AR role in the TCPA/TCG trusted network connection architecture or the enhanced security TCPA/TCG trusted network connection architecture
  • the management host is TCPA/ Policy enforcement point PDP role in the TCG Trusted Network Connection Architecture or Enhanced Security TCPA/TCG Trusted Network Connection Architecture.
  • both the managed host and the management host are the access requester AR role in the TCPA/TCG trusted network connection architecture or the enhanced security TCPA/TCG trusted network connection architecture.
  • the managed host and the management host implement the local credibility of the trusted management agent and the trusted management system, thereby actively preventing the attack behavior of the trusted management agent on the managed host. And to ensure that the trusted management system on the management host is running as expected.
  • the managed host and the management host implement remote trustworthiness of the trusted management agent and the trusted management system, thereby preventing malicious managed hosts from camping on the host.
  • the trusted management agent performs malicious attacks and ensures that the trusted management system running on its own host is controllable, thereby ensuring that the trusted management system correctly executes the network administrator's management commands.
  • the management host hosting the trusted management system directly acts as the PDP role of the policy decision point in the process of trusted network connection.
  • the managed host and the management host respectively implement the two-way user authentication and session key negotiation with the policy decision point PDP in the process of trusted network connection And two-way platform integrity assessment, so that two-way user authentication and key agreement between the managed host and the management host can be implemented by a trusted third party-based two-way authentication protocol, and the trusted management agent and the trusted management system Remote trusted authentication can also be implemented by a trusted third-party trusted evaluation protocol, which improves the security of trusted network management.
  • the trusted management agent resides on each managed host to control the managed host, and the trusted management system resides on a management host to manage and control all management hosts, thereby enabling distributed management. Control centralized network management for trusted management.
  • Figure 1 is a TCPA/TCG trusted network connection architecture diagram
  • Figure 2 is a TCPA/TCG trusted network connection architecture diagram for enhanced security
  • FIG. 3 is a diagram of a trusted network management architecture based on a TCPA/TCG trusted network connection according to Embodiment 1 of the present invention
  • FIG. 4 is a diagram of a trusted network management architecture based on a TCPA/TCG trusted network connection according to Embodiment 2 of the present invention.
  • the specific implementation steps of the trusted network management method based on the TCPA/TCG trusted network connection in the first embodiment of the present invention are as follows:
  • the installation and configuration of the trusted management system is done by the network administrator.
  • the installation and configuration of the trusted management agent can be done by the network administrator or by the network user.
  • the configuration file must be distributed by the network administrator and the content of the configuration file is unknown to the network user.
  • the configuration of the trusted management agent and trusted management system can also be completed by the vendor in a pre-installed form. 2. Realize local trust of trusted management agents and trusted management systems
  • the network user of the managed host can use the trusted platform module TPM in the managed host to perform integrity measurement, storage and reporting on the trusted management agent, thereby verifying the credibility of the trusted management agent on the managed host.
  • the network administrator of the management host can use the trusted platform module TPM in the management host to perform integrity measurement, storage and reporting on the trusted management system, thereby verifying the credibility of the local trusted management system.
  • the managed host is connected to the trusted network.
  • This step is an optional step. Specifically, if the managed host is not connected to the trusted network, the managed host is connected to the trusted network, and then step 4); if the managed host is connected to the trusted In the network, directly perform step 4);
  • the method for the managed host to connect to the trusted network is: When the TCPA/TCG trusted network connection architecture is used, the managed host connects to the trusted network by using the TCPA/TCG trusted network connection method, where the managed host acts as an access request. AR role; When the security of the TCPA / TCG trusted network connection architecture, the managed host uses the enhanced security TCPA / TCG trusted network connection method to connect to the trusted network, where the managed host acts as an access request AR role.
  • a trusted management agent is a software module that runs automatically as the system of the managed host is started.
  • the trusted management agent on the managed host automatically issues information for searching the corresponding trusted management system; after receiving the search information of the trusted management agent, the trusted management system starts the authentication process with the trusted management agent;
  • the management system and the trusted management agent use the pre-installed configuration information of the manufacturer or the configuration information set by the network administrator during installation or the configuration file distributed by the network administrator to perform two-way authentication and key agreement to obtain a trusted management agent and a trusted management system.
  • the session key between. A session key between the trusted management agent and the trusted management system to secure communication between the trusted management system and the trusted management agent.
  • This step is an optional step. Specifically, if the remote trusted authentication of the trusted management agent and the trusted management system is completed in step 3), step 6) is performed; otherwise, the managed host and the management host are executed. First, realize the remote credibility of the trusted management agent and the trusted management system, and then perform step 6); the method for implementing the remote trustworthiness of the trusted management agent and the trusted management system by the managed host and the management host is: When the TCPA/TCG trusted network connection architecture, the managed host is pre-stored according to the local The standard integrity value of the trusted management system to verify the integrity of the trusted management system on the management host, and the management host verifies the available on the managed host based on the standard integrity values of the locally pre-stored trusted management agent.
  • the integrity of the management agent when it is the enhanced security TCPA/TCG trusted network connection architecture, the managed host, management host and policy manager PM perform a ternary peer-to-peer authentication protocol to implement trusted management agents and trusted
  • the remote trustworthiness of the management system wherein the policy manager is responsible for verifying the integrity of the trusted management agent and the trusted management system and transmitting the verification result to the managed host and the management host.
  • the integrity management, storage, and reporting of the trusted management agent based on the trusted platform module TPM on the managed host, thereby verifying the credibility of the trusted management agent on the managed host to prevent malicious managed host pairs
  • a trusted management agent residing on the host performs a malicious attack; based on the trusted platform module TPM on the management host, performs integrity measurement, storage, and reporting on the trusted management system, thereby verifying that the trusted management system is on the management host
  • the credibility is to ensure that the trusted management system running on the management host is controllable, and the trusted management system is the administrative command of the network administrator in normal execution.
  • the trusted management system running on the management host and the trusted management agent running on the managed host are all trusted, the network user of the managed host is permitted to be managed.
  • the host communicates with the management host for network management.
  • the network management mode can adopt centralized network management, distributed network management, distributed management, centralized management of network management, and the like.
  • the specific implementation steps of the trusted network management method based on the TCPA-TCG trusted network connection in the second embodiment of the present invention are as follows:
  • the installation and configuration of the trusted management system is done by the network administrator.
  • the installation and configuration of the trusted management agent can be done by the network administrator or by the network user.
  • the configuration file must be distributed by the network administrator and the content of the configuration file is for the network. The user is unknowable.
  • the configuration of the trusted management agent and trusted management system can also be completed by the vendor in a pre-installed form.
  • the network user of the managed host can use the trusted platform module TPM in the managed host to perform integrity measurement, storage and reporting on the trusted management agent, thereby verifying the credibility of the trusted management agent on the managed host.
  • the network administrator of the management host can use the trusted platform module TPM in the management host to perform integrity measurement, storage and reporting on the trusted management system, thereby verifying the credibility of the local trusted management system.
  • the managed host and the management host are connected to the trusted network.
  • This step is an optional step. Specifically, if the managed host and the management host are not connected to the trusted network, connect the management host and the management host to the trusted network, and then perform step 4); And the management host is connected to the trusted network, directly perform step 4);
  • the method for connecting the managed host and the management host to the trusted network is as follows: When the TCPA/TCG trusted network connection architecture is used, the managed host and the management host connect to the trusted network by using the TCPA/TCG trusted network connection method, where The managed host and the management host act as the access requester AR role; when it is the enhanced security TCPA/TCG trusted network connection architecture, the managed host and the management host are connected to the TCPA/TCG trusted network connection method with enhanced security. In a trusted network, the managed host and the management host act as access requester AR roles.
  • a trusted management agent is a software module that runs automatically as the system of the managed host is started.
  • the trusted management agent on the managed host automatically issues information for searching the corresponding trusted management system; after receiving the search information of the trusted management agent, the trusted management system starts the authentication process with the trusted management agent;
  • the management system and the trusted management agent use the pre-installed configuration information of the manufacturer or the configuration information set by the network administrator during installation or the configuration file distributed by the network administrator to perform two-way authentication and key agreement to obtain a trusted management agent and a trusted management system.
  • the session key between. A session key between the trusted management agent and the trusted management system to secure communication between the trusted management system and the trusted management agent.
  • This step is an optional step. Specifically, if the user authentication and the key agreement process have not been completed between the managed host and the management host, the management host and the managed host perform user authentication and key negotiation. Then, step 6), the negotiated session key can be used to protect the data transmission of the remote integrity assessment of the trusted management agent and the trusted management system; if the user authentication and the confidentiality have been completed between the managed host and the management host Key negotiation process, directly execute step 6);
  • the managed host and the management host implement remote trustability of the trusted management agent and the trusted management system by: when the TCPA/TCG trusted network connection architecture is used, the managed host is based on the standard of the locally pre-stored trusted management system.
  • the integrity value is used to verify the integrity of the trusted management system on the managed host, and the management host verifies the integrity of the trusted management agent on the managed host based on the standard integrity value of the locally pre-stored trusted management agent;
  • the managed host, the management host, and the policy manager PM perform a ternary peer-to-peer authentication protocol to implement remote trustworthiness of the trusted management agent and the trusted management system.
  • the policy manager is responsible for verifying the integrity of the trusted management agent and the trusted management system and sending the verification result to the managed host and the management host.
  • the integrity management, storage, and reporting of the trusted management agent based on the trusted platform module TPM on the managed host, thereby verifying the credibility of the trusted management agent on the managed host to prevent malicious managed host pairs
  • a trusted management agent residing on the host performs a malicious attack; based on the trusted platform module TPM on the management host, performs integrity measurement, storage, and reporting on the trusted management system, thereby verifying that the trusted management system is on the management host
  • the credibility is to ensure that the trusted management system running on the management host is controllable, and the trusted management system is the administrative command of the network administrator in normal execution.
  • the trusted management system running on the management host and the trusted management agent running on the managed host are all trusted, the network user of the managed host is permitted to be managed.
  • the host communicates with the management host for network management.
  • the network management mode can adopt centralized network management, distributed network management, distributed management, centralized management of network management, and the like.
  • the network management mode of distributed control centralized management is more suitable for trusted network management, and its specific implementation is as follows:
  • the network administrator utilizes the trusted management system and the trusted management
  • the session key between the agents sends the secure network management policy to the trusted management agent on the managed host, and the trusted management agent performs monitoring and control functions on the managed host according to the secure network management policy, for secure network management.
  • the monitoring data that can be determined by the strategy is directly controlled and managed. For the monitoring data that cannot be determined by the security network management policy, the monitoring data needs to be sent to the trusted management system.
  • the trusted management system analyzes the monitoring data; and then sends the analysis result to the network administrator.
  • the network administrator controls and manages the managed host according to the analysis result, thereby finally implementing trusted network management.
  • Suspicious data refers to data that is not certain for monitoring results.
  • the trusted management system resides on a management host to control and manage all management hosts, thereby enabling distributed network management of distributed control and centralized management.
  • Distributed control is mainly embodied in: Each host has a trusted management agent, which performs monitoring and control according to the secure network management policy sent by the network administrator through the trusted management system, and needs to be trusted for some undecidable data.
  • the management system controls.
  • Centralized management is mainly embodied in: Only one host installs a trusted management system, which formulates a secure network management policy, and then distributes it to each trusted management agent to execute the policy. The data that cannot be controlled and managed by the trusted management agent needs to be trusted.
  • the management system controls to achieve centralized management.
  • the invention provides two trusted network management architectures based on TCPA/TCG trusted network connection, the trusted management agent resides in the managed host, and the trusted management system resides in the management host, the managed host and
  • the management host has a trusted platform module TPM, which forms a trusted computing platform based on the trusted platform module TPM, and the trusted management agent and trusted management system are based on the trusted computing platform, the trusted management agent and the
  • the trusted third party of the letter management system authenticates the signed software module, and the standard integrity metrics of the trusted management agent and the trusted management system are stored by the trusted third party.
  • the trusted platform module TPM of the managed host and the management host can perform integrity measurement, storage and reporting on the trusted management agent and the trusted management system.
  • the managed host and the management host can ensure that both the trusted management agent and the trusted management system are trusted, and then perform network management functions between them to implement trusted network management.
  • the managed host is the access requester AR role in the TCPA/TCG trusted network connection architecture or the enhanced security TCPA/TCG trusted network connection architecture
  • the management host is TCPA/ Policy enforcement point PDP role in the TCG Trusted Network Connection Architecture or Enhanced Security TCPA/TCG Trusted Network Connection Architecture.
  • managed hosts and tubes The host is the access requester AR role in the TCPA/TCG trusted network connection architecture or the enhanced security TCPA/TCG trusted network connection architecture.
  • the managed host and the management host implement the local credibility of the trusted management agent and the trusted management system, thereby actively preventing the attack behavior of the trusted management agent on the managed host. And to ensure that the trusted management system on the management host is running as expected.
  • the managed host and the management host implement remote trustworthiness of the trusted management agent and the trusted management system, thereby preventing malicious managed hosts from camping on the host.
  • the trusted management agent performs malicious attacks and ensures that the trusted management system running on its own host is controllable, thereby ensuring that the trusted management system correctly executes the network administrator's management commands.
  • the management host hosting the trusted management system directly acts as the PDP role of the policy decision point in the process of trusted network connection.
  • the trusted management agent resides on each managed host to control the managed host, and the trusted management system resides on a management host to manage and control all management hosts, thereby enabling distributed management. Control centralized network management for trusted management.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)

Description

一种基于 TCPA/TCG可信网络连接的可信网络管理方法 本申请要求于 2008 年 8 月 21 日提交中国专利局、 申请号为 200810150696.0、 发明名称为"一种基于 TCPA/TCG可信网络连接的可信网络 管理方法"的中国专利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域
本发明 涉及一种基于 TCPA/TCG ( Trusted Computing Platform Alliance/Trusted Computing Group )可信网络连接的可信网络管理方法。
背景技术
网络管理的概念是伴随着 Internet的发展而逐渐被人们认识和熟悉的。 早 期, Internet入网节点比较少, 结构也非常筒单, 大多是平坦型结构, 因此, 有 关网络的故障检测和性能监控等管理就显得比较筒单和容易实现。但随着网络 的不断发展, 面对网络新技术的不断涌现和网络产品的不断翻新,规划和扩充 网络越来越困难, 如何使网络各组成部分发挥最大的效用,如何保持网络的良 好可靠性和较高的效率, 这些现实问题促使网络管理的出现。 当今通信网络的 发展特点是网络规模不断扩大、 功能复杂性不断增加、异构类型的网络逐渐融 合, 这种趋势给网络管理带来了前所未有的挑战。 网络管理是对组成网络的资 源和设备的规划、 设计、 控制, 使网络具有最高的效率和生产力, 从而为用户 提供高效的服务。
传统的网络管理系统普遍采用集中式的管理模型, 如 IETF(Internet Engineering Task Force)于 1988 年提出的基于 SNMP(simple Network Management Protocol)的管理者 /代理模型。 随着网络规模的扩大, 这种基于 SNMP的网络管理模型的弱点逐渐暴露出来: 由于用户的不断增加, 管理节点 正日趋成为网络管理的瓶颈所在; 轮询数目太多、分布较广的代理使带宽开销 过大, 效率下降, 管理者从各代理获取的管理信息是原始数据, 传输大量的原 始数据既浪费带宽, 又消耗管理者 CPU的大量宝贵资源, 使网管效率降低。 此夕卜, 基于 CMIP(Common Management Information Protocol)协议的网络管理 系统也是采用这种集中式的管理模型, 它比 SNMP更复杂一些。 SNMP主要 应用于数据网络的管理, 而 CMIP主要应用于电信网络管理。
针对以上问题, 网络管理系统逐渐朝着分布化和智能化的方向快速发展。 分布式网络管理主要有两种发展趋势: 一种是在现有的网络管理框架下,使用 分布计算工具可以较容易地设计出一个开放的、标准的、可扩展的大型分布式 网络管理系统, 主要有基于 CORBA(Common Object Request Broker Architecture)的分布式网络管理系统和基于 Web的分布式网络管理系统; 另一 种是全新的分布式体制的网络管理,如基于移动代理的网络管理系统等等。分 布式网络管理技术将网络管理任务和监控分布到整个网络中,而不依赖于单独 的控制中心,具有减少网络管理的流量,提供更大的管理能力,扩展性等优点。 但是, 集中式的网络管理系统和分布式的网络管理系统都存在以下安全问题:
1、 代理驻留主机可能对代理进行攻击, 而现有的基于检测的方法还无法 保证代理的安全;
2、 代理也可能对驻留主机进行攻击, 如代理非法访问驻留主机的一些私 有信息等等, 对于此类攻击, 目前也只是采用入侵检测技术来进行被动防御;
3、 网络管理用户完全信赖管理者系统, 这是不安全的。 因为管理者系统 可能被病毒、 木马等控制, 管理者系统没有按照网络管理用户的意愿工作, 从 而失去了对网络的管理与控制;
4、 被管理主机完全信赖管理者系统, 这也是不安全的。 被管理主机需要 检测管理者系统是否为被病毒、木马所侵蚀, 否则在被管理主机上驻留的代理 因接收恶意的管理命令而对被管理主机进行一些恶意行为。
为了保证各种终端 (包含 PC、 手机以及其它移动智能终端等) 的可信以 及网络环境中终端之间的可信, 国际可信计算组织 TCPA/TCG定义了可信计 算框架并制定了一系列可信计算规范。该可信计算框架主要是通过增强现有的 终端体系结构的安全性来保证整个系统的安全。其主要思路是在各种终端硬件 平台上引入可信架构,通过其提供的安全特性来提高终端系统的安全性。终端 可信的核心是称为可信平台模块 TPM(Trusted Platform Module)的可信芯片。利 用该可信平台模块 TPM可以实现终端的可信, 而利用基于可信平台模块 TPM 的可信网络连接可以实现网络环境中终端之间的可信。 国际可信计算组织 TCPA/TCG的可信网络连接架构如图 1所示。在该可信网络连接架构中, 策略 决策点 PDP(Policy Decision Point)对访问请求者 AR(Access Requestor)进行用 户鉴别和平台完整性评估,并根据用户鉴别结果和平台完整性评估结果进行决 策判定, 然后通知策略执行点 PEP(Policy Enforcement Point)执行决策。
为了增强该可信网络连接架构的安全性, 可以在策略决策点 PDP的后面 架设一个可信第三方策略管理器 PM(Policy Manager), 构成增强安全性的可信 网络连接架构如图 2所示。访问请求者 AR、 策略决策点 PDP和策略管理器执 行三元对等鉴别协议, 实现访问请求者 AR和策略决策点 PDP之间双向用户 鉴别和双向平台完整性评估,其中策略管理器 PM实现访问请求者 AR和策略 决策点 PDP的证书有效性验证, 同时也可以实现访问请求者 AR和策略决策 点 PDP的平台完整性校验。 策略决策点 PDP依据用户鉴别和平台完整性评估 结果进行决策判定,然后通知策略执行点 PEP执行决策。访问请求者 AR也可 以依据用户鉴别和平台完整性评估结果进行决策判定并在本地执行决策。
图 1所示的可信网络连接架构上执行的可信网络连接称为" TCPA/TCG可 信网络连接",而图 2所示的可信网络连接架构上执行的可信网络连接称为"增 强安全性的 TCPA/TCG可信网络连接"。 图 1和图 2所示的可信网络连接架构 中的访问请求者 AR 连接到可信网络后, 需要一个网络管理系统对其进行管 理,而且需要避免以上集中式的网络管理系统和分布式的网络管理系统的安全 缺陷, 从而建立真正意义的可信网络。 从图 1和图 2中可知: 两个可信网络连 接架构最终都是实现访问请求者 AR和策略决策点 PDP之间用户鉴别和平台 完整性评估, 而策略执行点 PEP执行策略决策点 PDP的决策, 所以基于这两 种可信网络连接架构的可信网络管理方法是一样的, 统称为 "基于 TCPA/TCG 可信网络连接的可信网络管理方法"。
发明内容
本发明为解决背景技术中存在的上述技术问题, 而提供一种基于 TCPA/TCG可信网络连接的可信网络管理方法。
本发明的技术解决方案是: 本发明为一种基于 TCPA/TCG可信网络连接 的可信网络管理方法, 包括:
可信管理代理和可信管理系统的安装与配置, 包括: 可信管理代理驻留于 被管理主机中, 可信管理系统置驻留于管理主机中; 充当策略决策点 PDP角 色的主机为管理主机;
实现可信管理代理和可信管理系统的本地可信; 若被管理主机还未连接到可信网络中, 则将被管理主机连接到可信网络, 所述被管理主机连接到可信网络的方法为: 当为 TCPA/TCG可信网络连接架 构时, 被管理主机利用 TCPA/TCG可信网络连接方法连接到可信网络中, 其 中被管理主机充当访问请求者 AR角色; 当为增强安全性的 TCPA/TCG可信 网络连接架构时, 被管理主机利用增强安全性的 TCPA/TCG可信网络连接方 法连接到可信网络中, 其中被管理主机充当访问请求者 AR角色;
若被管理主机已连接到可信网络中,则执行可信管理代理和可信管理系统 的鉴别及密钥协商过程;
若可信管理代理和可信管理系统的远程可信性验证没有完成,则按照如下 方法被管理主机和管理主机先实现可信管理代理和可信管理系统的远程可信 性, 再进行网络管理的执行过程; 其中, 所述被管理主机和管理主机实现可信 管理代理和可信管理系统的远程可信性的被管理主机和管理主机实现可信管 理代理和可信管理系统的远程可信性的方法为: 当为 TCPA/TCG可信网络连 接架构时,被管理主机根据本地预存的可信管理系统的标准完整性值来校验管 理主机上的可信管理系统的完整性,而管理主机根据本地预存的可信管理代理 的标准完整性值来校验被管理主机上的可信管理代理的完整性;当为增强安全 性的 TCPA/TCG可信网络连接架构时, 被管理主机、 管理主机和策略管理器 PM执行三元对等鉴别协议,实现可信管理代理和可信管理系统的远程可信性, 其中策略管理器负责校验可信管理代理和可信管理系统的完整性并将校验结 果发送给被管理主机和管理主机;
若可信管理代理和可信管理系统的远程可信性验证已经完成,则直接进行 网络管理的执行过程。
所述可信管理代理的安装与配置由网络管理员或网络用户完成,当配置文 件是网络管理员分发的且网络用户不知晓配置文件的内容时,由网络用户完成 可信管理代理的安装与配置。
所述被管理主机的网络用户利用被管理主机中的可信平台模块 TPM对可 信管理代理进行完整性度量、存储和报告, 以验证可信管理代理在被管理主机 上的可信性; 管理主机的网络管理员利用管理主机中的可信平台模块 TPM可 以对可信管理系统进行完整性度量、存储和报告, 以验证本地可信管理系统的 可信性。
所述可信管理代理和可信管理系统的鉴别及密钥协商过程包括:被管理主 机上的可信管理代理自动发出探寻相应可信管理系统的信息;可信管理系统收 到可信管理代理的探寻信息后, 启动与该可信管理代理之间的鉴别过程; 可信 管理系统与可信管理代理利用配置信息或配置文件进行双向鉴别及密钥协商, 得到可信管理代理与可信管理系统之间的会话密钥,用于保护可信管理系统与 可信管理代理之间的安全通信。
所述网络管理的执行过程中, 当被管理主机的网络用户经验证确认: 运行 在管理主机上的可信管理系统以及运行在被管理主机上的可信管理代理均是 可信的,则被管理主机的网络用户许可该被管理主机与管理主机进行网络管理 通信或当管理主机的网络管理员经验证确认:运行在管理主机上的可信管理系 统以及运行在被管理主机上的可信管理代理均是可信的,则管理主机的网络管 理员开始执行网络管理。
一种基于 TCPA/TCG可信网络连接的可信网络管理方法, 该方法包括以 下步骤:
可信管理代理和可信管理系统的安装与配置, 包括: 可信管理代理驻留于 被管理主机中, 可信管理系统置驻留于管理主机中; 充当访问请求 AR角色的 主机为管理主机;
实现可信管理代理和可信管理系统的本地可信;
若被管理主机和管理主机还未连接到可信网络中,则将管理主机和管理主 机连接到可信网络, 所述被管理主机和管理主机连接到可信网络的方法为: 当 为 TCPA/TCG可信网络连接架构时, 被管理主机和管理主机利用 TCPA/TCG 可信网络连接方法连接到可信网络中,其中被管理主机和管理主机充当访问请 求者 AR角色; 当为增强安全性的 TCPA/TCG可信网络连接架构时, 被管理 主机和管理主机利用增强安全性的 TCPA/TCG可信网络连接方法连接到可信 网络中, 其中被管理主机和管理主机充当访问请求者 AR角色;
若被管理主机已连接到可信网络中,则执行可信管理代理和可信管理系统 的鉴别及密钥协商过程;
若被管理主机和管理主机之间还未完成用户鉴别及密钥协商过程,则管理 主机和被管理主机执行用户鉴别及密钥协商过程, 再进行网络管理的执行过 程; 若被管理主机和管理主机之间已完成用户鉴别及密钥协商过程, 则按照如 下方法被管理主机和管理主机实现可信管理代理和可信管理系统的远程可信 性, 再进行网络管理的执行过程; 其中, 所述被管理主机和管理主机实现可信 管理代理和可信管理系统的远程可信性的方法为: 当为 TCPA/TCG可信网络 连接架构时,被管理主机根据本地预存的可信管理系统的标准完整性值来校验 管理主机上的可信管理系统的完整性,而管理主机根据本地预存的可信管理代 理的标准完整性值来校验被管理主机上的可信管理代理的完整性;当为增强安 全性的 TCPA/TCG可信网络连接架构时, 被管理主机、 管理主机和策略管理 器 PM执行三元对等鉴别协议,实现可信管理代理和可信管理系统的远程可信 性,其中策略管理器负责校验可信管理代理和可信管理系统的完整性并将校验 结果发送给被管理主机和管理主机。
所述可信管理代理的安装与配置由网络管理员或网络用户完成,当配置文 件是网络管理员分发的且网络用户不知晓配置文件的内容时,由网络用户完成 可信管理代理的安装与配置。
所述被管理主机的网络用户利用被管理主机中的可信平台模块 TPM对可 信管理代理进行完整性度量、存储和报告, 以验证可信管理代理在被管理主机
TPM对可信管理系统进行完整性度量、 存储和报告, 以验证本地可信管理系 统的可信性。
所述可信管理代理和可信管理系统的鉴别及密钥协商过程包括:被管理主 机上的可信管理代理自动发出探寻相应可信管理系统的信息;可信管理系统收 到可信管理代理的探寻信息后, 启动与该可信管理代理之间的鉴别过程; 可信 管理系统与可信管理代理利用配置信息或配置文件进行双向鉴别及密钥协商, 得到可信管理代理与可信管理系统之间的会话密钥。
所述网络管理的执行过程中, 当被管理主机的网络用户经验证确认: 运行 在管理主机上的可信管理系统以及运行在被管理主机上的可信管理代理均是 可信的 ,则被管理主机的网络用户许可该被管理主机与管理主机进行网络管理 通信或当管理主机的网络管理员经验证确认:运行在管理主机上的可信管理系 统以及运行在被管理主机上的可信管理代理均是可信的 ,则管理主机的网络管 理员开始执行网络管理。
本发明提供了两种基于 TCPA/TCG可信网络连接的可信网络管理架构, 可信管理代理驻留在被管理主机中, 而可信管理系统则驻留在管理主机中,被 管理主机和管理主机都具有可信平台模块 TPM, 从而基于可信平台模块 TPM 构成各自的可信计算平台,而可信管理代理和可信管理系统都是基于可信计算 平台、 经过可信管理代理和可信管理系统的可信第三方鉴定后签名的软件模 块,且可信管理代理和可信管理系统的标准完整性度量值经可信第三方签名后 存储的。 被管理主机和管理主机的可信平台模块 TPM可以对可信管理代理和 可信管理系统进行完整性度量、 存储和报告。 利用可信平台模块 TPM的这些 功能,被管理主机和管理主机可以确保可信管理代理和可信管理系统都是可信 的, 然后它们之间执行网络管理的功能, 从而实现可信网络管理。 在第一种可 信网络管理架构中, 被管理主机为 TCPA/TCG可信网络连接架构或增强安全 性的 TCPA/TCG可信网络连接架构中的访问请求者 AR角色, 而管理主机为 TCPA/TCG可信网络连接架构或增强安全性的 TCPA/TCG可信网络连接架构 中的策略执行点 PDP角色。 在第二种可信网络管理架构中, 被管理主机和管 理主机都为 TCPA/TCG可信网络连接架构或增强安全性的 TCPA/TCG可信网 络连接架构中的访问请求者 AR角色。 这两种基于 TCPA/TCG可信网络连接 的可信网络管理方法具有以下优点:
1、 基于本地的可信平台模块 TPM, 被管理主机和管理主机实现了可信管 理代理和可信管理系统的本地可信性,从而主动防卸可信管理代理对被管理主 机的攻击行为, 以及确保管理主机上的可信管理系统是按预期的功能在运行。
2、 基于远程的可信平台模块 TPM, 被管理主机和管理主机实现了可信管 理代理和可信管理系统的远程可信性,从而可防止恶意的被管理主机对驻留在 该主机上的可信管理代理进行恶意攻击,以及确保运行在自身主机上的可信管 理系统是可控的, 进而可保证可信管理系统正确执行网络管理员的管理命令。
3、 对于第一种基于 TCPA/TCG可信网络连接的可信网络管理, 由于驻留 有可信管理系统的管理主机直接充当可信网络连接过程中策略决策点 PDP角 色, 从而筒化了可信网络管理的实现步骤。 4、 对于第二种基于 TCPA/TCG可信网络连接的可信网络管理, 由于在可 信网络连接过程中被管理主机以及管理主机分别与策略决策点 PDP实现了双 向用户鉴别、会话密钥协商和双向平台完整性评估,从而使得被管理主机和管 理主机之间的双向用户鉴别以及密钥协商可以采用基于可信第三方的双向鉴 别协议来实现,而可信管理代理和可信管理系统的远程可信验证也可以采用基 于可信第三方的双向可信评估协议来实现, 提高了可信网络管理的安全性。
5、 可信管理代理驻留在各个被管理主机上可对被管理主机进行控制, 而 可信管理系统驻留在一个管理主机上可对所有的管理主机进行管理与控制,从 而可实现分布式控制集中式管理的可信网络管理。
附图说明
图 1是 TCPA/TCG可信网络连接架构图;
图 2是增强安全性的 TCPA/TCG可信网络连接架构图;
图 3是本发明实施例一的基于 TCPA/TCG可信网络连接的可信网络管理 架构图;
图 4是本发明实施例二的基于 TCPA/TCG可信网络连接的可信网络管理 架构图。
具体实施方式
为使本发明的目的、 技术方案及优点更加清楚明白, 下面举实施例, 对本 发明进一步详细说明。
参见图 3 ,本发明实施例一中的基于 TCPA/TCG可信网络连接的可信网络 管理方法的具体实现步骤为:
1、 可信管理代理和可信管理系统的安装与配置
安装并配置驻留于被管理主机中的可信管理代理,安装并配置驻留于管理 主机中的可信管理系统, 充当策略决策点 PDP的主机为管理主机。 可信管理 系统的安装与配置由网络管理员来完成。可信管理代理的安装与配置可以由网 络管理员来完成, 也可以由网络用户来完成。 当由网络用户完成可信管理代理 的安装与配置时,配置文件一定是网络管理员分发的且配置文件的内容对于网 络用户而言是不可知的。 此外, 可信管理代理和可信管理系统的配置还可以由 厂商以预安装的形式完成。 2、 实现可信管理代理和可信管理系统的本地可信
被管理主机的网络用户利用被管理主机中的可信平台模块 TPM可以对可 信管理代理进行完整性度量、存储和报告,从而可验证可信管理代理在被管理 主机上的可信性。 同理, 管理主机的网络管理员利用管理主机中的可信平台模 块 TPM可以对可信管理系统进行完整性度量、 存储和报告, 从而可验证本地 可信管理系统的可信性。
3、 被管理主机连接到可信网络中
该步骤为可选步骤, 具体而言, 若被管理主机还未连接到可信网络中, 则 将被管理主机连接到可信网络, 再执行步骤 4 ); 若被管理主机已连接到可信 网络中, 直接执行步骤 4 );
被管理主机连接到可信网络的方法为: 当为 TCPA/TCG可信网络连接架 构时, 被管理主机利用 TCPA/TCG可信网络连接方法连接到可信网络中, 其 中被管理主机充当访问请求者 AR角色; 当为增强安全性的 TCPA/TCG可信 网络连接架构时, 被管理主机利用增强安全性的 TCPA/TCG可信网络连接方 法连接到可信网络中, 其中被管理主机充当访问请求者 AR角色。
4、 可信管理代理和可信管理系统的鉴别及密钥协商过程
可信管理代理是随着被管理主机的系统启动而自动运行的软件模块。被管 理主机上的可信管理代理自动发出探寻相应可信管理系统的信息;可信管理系 统收到可信管理代理的探寻信息后, 启动与该可信管理代理之间的鉴别过程; 可信管理系统与可信管理代理利用厂商预安装的配置信息或网络管理员安装 时设置的配置信息或网络管理员分发的配置文件进行双向鉴别及密钥协商,得 到可信管理代理与可信管理系统之间的会话密钥。可信管理代理与可信管理系 统之间的会话密钥, 用于保护可信管理系统与可信管理代理之间的安全通信。
5、 实现可信管理代理和可信管理系统的远程可信
该步骤为可选步骤, 具体而言, 若可信管理代理和可信管理系统的远程可 信性验证在步骤 3 )中就已经完成, 则执行步骤 6 ); 否则, 被管理主机和管理 主机先实现可信管理代理和可信管理系统的远程可信性, 然后执行步骤 6 ); 被管理主机和管理主机实现可信管理代理和可信管理系统的远程可信性 的方法为: 当为 TCPA/TCG可信网络连接架构时, 被管理主机根据本地预存 的可信管理系统的标准完整性值来校验管理主机上的可信管理系统的完整性, 而管理主机根据本地预存的可信管理代理的标准完整性值来校验被管理主机 上的可信管理代理的完整性; 当为增强安全性的 TCPA/TCG可信网络连接架 构时, 被管理主机、 管理主机和策略管理器 PM执行三元对等鉴别协议, 实现 可信管理代理和可信管理系统的远程可信性,其中策略管理器负责校验可信管 理代理和可信管理系统的完整性并将校验结果发送给被管理主机和管理主机。
基于被管理主机上的可信平台模块 TPM对可信管理代理进行完整性度 量、 存储和报告, 从而可验证可信管理代理在被管理主机上的可信性, 以防止 恶意的被管理主机对驻留在该主机上的可信管理代理进行恶意攻击;基于管理 主机上的可信平台模块 TPM对可信管理系统进行完整性度量、 存储和报告, 从而可以验证可信管理系统在管理主机上的可信性,以确保运行在管理主机上 的可信管理系统是可控的, 可信管理系统是在正常执行网络管理员的管理命 令。
6、 网络管理的执行过程
当被管理主机的网络用户经验证确认:运行在管理主机上的可信管理系统 以及运行在被管理主机上的可信管理代理均是可信的,则被管理主机的网络用 户许可该被管理主机与管理主机进行网络管理通信。
当管理主机的网络管理员经验证确认:运行在管理主机上的可信管理系统 以及运行在被管理主机上的可信管理代理均是可信的 ,则管理主机的网络管理 员开始执行网络管理。 网络管理模式可采用集中式网络管理、分布式网络管理 和分布式控制集中式管理的网络管理等等。
参见图 4,本发明实施例二中的基于 TCPA-TCG可信网络连接的可信网络 管理方法的具体实现步骤为:
1、 可信管理代理和可信管理系统的安装与配置
安装并配置驻留于被管理主机中的可信管理代理,安装并配置驻留于管理 主机中的可信管理系统, 某个充当访问请求 AR的主机为管理主机。 可信管理 系统的安装与配置由网络管理员来完成。可信管理代理的安装与配置可以由网 络管理员来完成, 也可以由网络用户来完成。 当由网络用户完成可信管理代理 的安装与配置时,配置文件一定是网络管理员分发的且配置文件的内容对于网 络用户而言是不可知的。 此外, 可信管理代理和可信管理系统的配置还可以由 厂商以预安装的形式完成。
2、 实现可信管理代理和可信管理系统的本地可信
被管理主机的网络用户利用被管理主机中的可信平台模块 TPM可以对可 信管理代理进行完整性度量、存储和报告,从而可验证可信管理代理在被管理 主机上的可信性。 同理, 管理主机的网络管理员利用管理主机中的可信平台模 块 TPM可以对可信管理系统进行完整性度量、 存储和报告, 从而可验证本地 可信管理系统的可信性。
3、 被管理主机和管理主机连接到可信网络中
该步骤为可选步骤, 具体而言, 若被管理主机和管理主机还未连接到可信 网络中, 则将管理主机和管理主机连接到可信网络, 再执行步骤 4 ); 若被管 理主机和管理主机已连接到可信网络中, 直接执行步骤 4 );
被管理主机和管理主机连接到可信网络的方法为: 当为 TCPA/TCG可信 网络连接架构时, 被管理主机和管理主机利用 TCPA/TCG可信网络连接方法 连接到可信网络中, 其中被管理主机和管理主机充当访问请求者 AR角色; 当 为增强安全性的 TCPA/TCG可信网络连接架构时, 被管理主机和管理主机利 用增强安全性的 TCPA/TCG可信网络连接方法连接到可信网络中, 其中被管 理主机和管理主机充当访问请求者 AR角色。
4、 可信管理代理和可信管理系统的鉴别及密钥协商过程
可信管理代理是随着被管理主机的系统启动而自动运行的软件模块。被管 理主机上的可信管理代理自动发出探寻相应可信管理系统的信息;可信管理系 统收到可信管理代理的探寻信息后, 启动与该可信管理代理之间的鉴别过程; 可信管理系统与可信管理代理利用厂商预安装的配置信息或网络管理员安装 时设置的配置信息或网络管理员分发的配置文件进行双向鉴别及密钥协商,得 到可信管理代理与可信管理系统之间的会话密钥。可信管理代理与可信管理系 统之间的会话密钥, 用于保护可信管理系统与可信管理代理之间的安全通信。
5、 被管理主机和管理主机的用户鉴别及密钥协商过程
该步骤为可选步骤, 具体而言, 若被管理主机和管理主机之间还未完成用 户鉴别及密钥协商过程,则管理主机和被管理主机执行用户鉴别及密钥协商过 程, 再执行步骤 6 ), 协商的会话密钥可用来保护对可信管理代理和可信管理 系统的远程完整性评估的数据传输;若被管理主机和管理主机之间已完成用户 鉴别及密钥协商过程, 直接执行步骤 6 );
6、 实现可信管理代理和可信管理系统的远程可信
被管理主机和管理主机实现可信管理代理和可信管理系统的远程可信性, 方法为: 当为 TCPA/TCG可信网络连接架构时, 被管理主机根据本地预存的 可信管理系统的标准完整性值来校验管理主机上的可信管理系统的完整性,而 管理主机根据本地预存的可信管理代理的标准完整性值来校验被管理主机上 的可信管理代理的完整性; 当为增强安全性的 TCPA/TCG可信网络连接架构 时, 被管理主机、 管理主机和策略管理器 PM执行三元对等鉴别协议, 实现可 信管理代理和可信管理系统的远程可信性,其中策略管理器负责校验可信管理 代理和可信管理系统的完整性并将校验结果发送给被管理主机和管理主机。
基于被管理主机上的可信平台模块 TPM对可信管理代理进行完整性度 量、 存储和报告, 从而可验证可信管理代理在被管理主机上的可信性, 以防止 恶意的被管理主机对驻留在该主机上的可信管理代理进行恶意攻击;基于管理 主机上的可信平台模块 TPM对可信管理系统进行完整性度量、 存储和报告, 从而可以验证可信管理系统在管理主机上的可信性,以确保运行在管理主机上 的可信管理系统是可控的, 可信管理系统是在正常执行网络管理员的管理命 令。
7、 网络管理的执行过程
当被管理主机的网络用户经验证确认:运行在管理主机上的可信管理系统 以及运行在被管理主机上的可信管理代理均是可信的,则被管理主机的网络用 户许可该被管理主机与管理主机进行网络管理通信。
当管理主机的网络管理员经验证确认:运行在管理主机上的可信管理系统 以及运行在被管理主机上的可信管理代理均是可信的 ,则管理主机的网络管理 员开始执行网络管理。 网络管理模式可采用集中式网络管理、分布式网络管理 和分布式控制集中式管理的网络管理等等。
以上所述的网络管理模式中,分布式控制集中式管理的网络管理模式比较 适合于可信网络管理, 其具体实现为: 网络管理员利用可信管理系统与可信管 理代理之间的会话密钥将安全网络管理策略发送给被管理主机上的可信管理 代理,可信管理代理依据该安全网络管理策略在被管理主机上执行监测和控制 功能, 对于安全网络管理策略可判定的监测数据, 则直接进行控制与管理。 而 对于安全网络管理策略不可判定的监测数据,则需将这些监测数据发送至可信 管理系统, 可信管理系统接收到这些监测数据后, 先进行分析; 然后将分析结 果发送给网络管理员, 网络管理员依据分析结果对被管理主机进行控制与管 理,从而最终实现可信网络管理。可疑数据是指一些监测结果不能肯定的数据。 可信管理系统驻留在一个管理主机上对所有的管理主机进行控制与管理,从而 可实现分布式控制、 集中式管理的可信网络管理。 分布式控制主要体现在: 每 台主机都有一个可信管理代理,它根据网络管理员通过可信管理系统发送过来 的安全网络管理策略执行监测与控制,对于一些不可判定的数据才需可信管理 系统进行控制。 集中式管理主要体现在: 只有一台主机安装可信管理系统, 它 制定安全网络管理策略, 然后分发给各个可信管理代理执行策略,对于可信管 理代理不能控制与管理的数据才需可信管理系统进行控制, 从而实现集中管 理。
本发明提供了两种基于 TCPA/TCG可信网络连接的可信网络管理架构, 可信管理代理驻留在被管理主机中, 而可信管理系统则驻留在管理主机中,被 管理主机和管理主机都具有可信平台模块 TPM, 从而基于可信平台模块 TPM 构成各自的可信计算平台,而可信管理代理和可信管理系统都是基于可信计算 平台、 经过可信管理代理和可信管理系统的可信第三方鉴定后签名的软件模 块,且可信管理代理和可信管理系统的标准完整性度量值经可信第三方签名后 存储的。 被管理主机和管理主机的可信平台模块 TPM可以对可信管理代理和 可信管理系统进行完整性度量、 存储和报告。 利用可信平台模块 TPM的这些 功能,被管理主机和管理主机可以确保可信管理代理和可信管理系统都是可信 的, 然后它们之间执行网络管理的功能, 从而实现可信网络管理。 在第一种可 信网络管理架构中, 被管理主机为 TCPA/TCG可信网络连接架构或增强安全 性的 TCPA/TCG可信网络连接架构中的访问请求者 AR角色, 而管理主机为 TCPA/TCG可信网络连接架构或增强安全性的 TCPA/TCG可信网络连接架构 中的策略执行点 PDP角色。 在第二种可信网络管理架构中, 被管理主机和管 理主机都为 TCPA/TCG可信网络连接架构或增强安全性的 TCPA/TCG可信网 络连接架构中的访问请求者 AR角色。 这两种基于 TCPA/TCG可信网络连接 的可信网络管理方法具有以下优点:
1、 基于本地的可信平台模块 TPM, 被管理主机和管理主机实现了可信管 理代理和可信管理系统的本地可信性,从而主动防卸可信管理代理对被管理主 机的攻击行为, 以及确保管理主机上的可信管理系统是按预期的功能在运行。
2、 基于远程的可信平台模块 TPM, 被管理主机和管理主机实现了可信管 理代理和可信管理系统的远程可信性,从而可防止恶意的被管理主机对驻留在 该主机上的可信管理代理进行恶意攻击,以及确保运行在自身主机上的可信管 理系统是可控的, 进而可保证可信管理系统正确执行网络管理员的管理命令。
3、 对于第一种基于 TCPA/TCG可信网络连接的可信网络管理, 由于驻留 有可信管理系统的管理主机直接充当可信网络连接过程中策略决策点 PDP角 色, 从而筒化了可信网络管理的实现步骤。
4、 对于第二种基于 TCPA/TCG可信网络连接的可信网络管理, 由于在可 信网络连接过程中被管理主机以及管理主机分别与策略决策点 PDP实现了双 向用户鉴别、会话密钥协商和双向平台完整性评估,从而使得被管理主机和管 理主机之间的双向用户鉴别以及密钥协商可以采用基于可信第三方的双向鉴 别协议来实现,而可信管理代理和可信管理系统的远程可信验证也可以采用基 于可信第三方的双向可信评估协议来实现, 提高了可信网络管理的安全性。
5、 可信管理代理驻留在各个被管理主机上可对被管理主机进行控制, 而 可信管理系统驻留在一个管理主机上可对所有的管理主机进行管理与控制,从 而可实现分布式控制集中式管理的可信网络管理。
以上对本发明所提供的一种基于 TCPA/TCG可信网络连接的可信网络管 行了阐述, 以上实施例的说明只是用于帮助理解本发明的方法及其核心思想; 同时, 对于本领域的一般技术人员, 依据本发明的思想, 在具体实施方式及应 用范围上均会有改变之处, 综上所述, 本说明书内容不应理解为对本发明的限 制。

Claims

权 利 要 求
1、一种基于 TCPA/TCG可信网络连接的可信网络管理方法,其特征在于, 包括:
可信管理代理和可信管理系统的安装与配置, 包括: 可信管理代理驻留于 被管理主机中, 可信管理系统置驻留于管理主机中; 充当策略决策点 PDP角 色的主机为管理主机;
实现可信管理代理和可信管理系统的本地可信;
若被管理主机还未连接到可信网络中, 则将被管理主机连接到可信网络, 所述被管理主机连接到可信网络的方法为: 当为 TCPA/TCG可信网络连接架 构时, 被管理主机利用 TCPA/TCG可信网络连接方法连接到可信网络中, 其 中被管理主机充当访问请求者 AR角色; 当为增强安全性的 TCPA/TCG可信 网络连接架构时, 被管理主机利用增强安全性的 TCPA/TCG可信网络连接方 法连接到可信网络中, 其中被管理主机充当访问请求者 AR角色;
若被管理主机已连接到可信网络中,则执行可信管理代理和可信管理系统 的鉴别及密钥协商过程;
若可信管理代理和可信管理系统的远程可信性验证没有完成,则按照如下 方法被管理主机和管理主机实现可信管理代理和可信管理系统的远程可信性, 再进行网络管理的执行过程; 其中, 所述被管理主机和管理主机实现可信管理 代理和可信管理系统的远程可信性的方法为: 当为 TCPA/TCG可信网络连接 架构时,被管理主机根据本地预存的可信管理系统的标准完整性值来校验管理 主机上的可信管理系统的完整性,而管理主机根据本地预存的可信管理代理的 标准完整性值来校验被管理主机上的可信管理代理的完整性;当为增强安全性 的 TCPA/TCG可信网络连接架构时, 被管理主机、 管理主机和策略管理器 PM 执行三元对等鉴别协议, 实现可信管理代理和可信管理系统的远程可信性, 其 中策略管理器负责校验可信管理代理和可信管理系统的完整性并将校验结果 发送给被管理主机和管理主机;
若可信管理代理和可信管理系统的远程可信性验证已经完成,则直接进行 网络管理的执行过程。
2、 根据权利要求 1所述的基于 TCPA/TCG可信网络连接的可信网络管理 方法, 其特征在于: 所述可信管理代理的安装与配置由网络管理员或网络用户 完成, 当配置文件是网络管理员分发的且网络用户不知晓配置文件的内容时, 由网络用户完成可信管理代理的安装与配置。
3、 根据权利要求 1所述的基于 TCPA/TCG可信网络连接的可信网络管理 方法, 其特征在于: 所述被管理主机的网络用户利用被管理主机中的可信平台 模块 TPM对可信管理代理进行完整性度量、 存储和报告, 以验证可信管理代 理在被管理主机上的可信性;所述管理主机的网络管理员利用管理主机中的可 信平台模块 TPM可以对可信管理系统进行完整性度量、 存储和报告, 以验证 本地可信管理系统的可信性。
4、 根据权利要求 1所述的基于 TCPA/TCG可信网络连接的可信网络管理 方法, 其特征在于, 所述可信管理代理和可信管理系统的鉴别及密钥协商过程 包括:
被管理主机上的可信管理代理自动发出探寻相应可信管理系统的信息; 可信管理系统收到可信管理代理的探寻信息后,启动与该可信管理代理之 间的鉴别过程;
可信管理系统与可信管理代理利用配置信息或配置文件进行双向鉴别及 密钥协商,得到可信管理代理与可信管理系统之间的会话密钥, 用于保护可信 管理系统与可信管理代理之间的安全通信。
5、 根据权利要求 1所述的基于 TCPA/TCG可信网络连接的可信网络管理 方法, 其特征在于: 所述网络管理的执行过程中, 当被管理主机的网络用户经 验证确认:运行在管理主机上的可信管理系统以及运行在被管理主机上的可信 管理代理均是可信的,则被管理主机的网络用户许可该被管理主机与管理主机 进行网络管理通信或当管理主机的网络管理员经验证确认:运行在管理主机上 的可信管理系统以及运行在被管理主机上的可信管理代理均是可信的,则管理 主机的网络管理员开始执行网络管理。
6、一种基于 TCPA/TCG可信网络连接的可信网络管理方法,其特征在于, 包括:
可信管理代理和可信管理系统的安装与配置, 包括: 可信管理代理驻留于 被管理主机中, 可信管理系统置驻留于管理主机中; 充当访问请求者 AR角色 的主机为管理主机;
实现可信管理代理和可信管理系统的本地可信;
若被管理主机和管理主机还未连接到可信网络中,则将被管理主机和管理 主机连接到可信网络, 所述被管理主机和管理主机连接到可信网络的方法为: 当为 TCPA/TCG可信网络连接架构时,被管理主机和管理主机利用 TCPA/TCG 可信网络连接方法连接到可信网络中,其中被管理主机和管理主机充当访问请 求者 AR角色; 当为增强安全性的 TCPA/TCG可信网络连接架构时, 被管理 主机和管理主机利用增强安全性的 TCPA/TCG可信网络连接方法连接到可信 网络中, 其中被管理主机和管理主机充当访问请求者 AR角色;
若被管理主机已连接到可信网络中,则执行可信管理代理和可信管理系统 的鉴别及密钥协商过程;
若被管理主机和管理主机之间还未完成用户鉴别及密钥协商过程,则管理 主机和被管理主机执行用户鉴别及密钥协商过程, 再进行网络管理的执行过 程; 若被管理主机和管理主机之间已完成用户鉴别及密钥协商过程, 则按照如 下方法被管理主机和管理主机实现可信管理代理和可信管理系统的远程可信 性, 再进行网络管理的执行过程; 其中, 所述被管理主机和管理主机实现可信 管理代理和可信管理系统的远程可信性的方法为: 当为 TCPA/TCG可信网络 连接架构时,被管理主机根据本地预存的可信管理系统的标准完整性值来校验 管理主机上的可信管理系统的完整性,而管理主机根据本地预存的可信管理代 理的标准完整性值来校验被管理主机上的可信管理代理的完整性;当为增强安 全性的 TCPA/TCG可信网络连接架构时, 被管理主机、 管理主机和策略管理 器 PM执行三元对等鉴别协议,实现可信管理代理和可信管理系统的远程可信 性,其中策略管理器负责校验可信管理代理和可信管理系统的完整性并将校验 结果发送给被管理主机和管理主机。
7、 根据权利要求 6所述的基于 TCPA/TCG可信网络连接的可信网络管理 方法, 其特征在于: 所述可信管理代理的安装与配置由网络管理员或网络用户 完成, 当配置文件是网络管理员分发的且网络用户不知晓配置文件的内容时, 由网络用户完成可信管理代理的安装与配置。
8、 根据权利要求 6所述的基于 TCPA/TCG可信网络连接的可信网络管理 方法, 其特征在于: 所述被管理主机的网络用户利用被管理主机中的可信平台 模块 TPM对可信管理代理进行完整性度量、 存储和报告, 以验证可信管理代 理在被管理主机上的可信性;所述管理主机的网络管理员利用管理主机中的可 信平台模块 TPM对可信管理系统进行完整性度量、 存储和报告, 以验证本地 可信管理系统的可信性。
9、 根据权利要求 6所述的基于 TCPA/TCG可信网络连接的可信网络管理 方法, 其特征在于: 所述可信管理代理和可信管理系统的鉴别及密钥协商过程 包括:
被管理主机上的可信管理代理自动发出探寻相应可信管理系统的信息; 可信管理系统收到可信管理代理的探寻信息后,启动与该可信管理代理之 间的鉴别过程;
可信管理系统与可信管理代理利用配置信息或配置文件进行双向鉴别及 密钥协商, 得到可信管理代理与可信管理系统之间的会话密钥。
10、 根据权利要求 6所述的基于 TCPA/TCG可信网络连接的可信网络管 理方法, 其特征在于: 所述网络管理的执行过程中, 当被管理主机的网络用户 经验证确认:运行在管理主机上的可信管理系统以及运行在被管理主机上的可 信管理代理均是可信的,则被管理主机的网络用户许可该被管理主机与管理主 机进行网络管理通信或当管理主机的网络管理员经验证确认:运行在管理主机 上的可信管理系统以及运行在被管理主机上的可信管理代理均是可信的,则管 理主机的网络管理员开始执行网络管理。
PCT/CN2009/073370 2008-08-21 2009-08-20 一种基于tcpa/tcg可信网络连接的可信网络管理方法 WO2010020188A1 (zh)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US13/058,988 US20110145425A1 (en) 2008-08-21 2009-08-20 Trusted network management method based on tcpa/tcg trusted network connection
EP09807887A EP2317693A4 (en) 2008-08-21 2009-08-20 SECURE NETWORK MANAGEMENT PROCEDURE BASED ON A SECURE TCPA / TCG NETWORK CONNECTION

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200810150696.0 2008-08-21
CN2008101506960A CN101345660B (zh) 2008-08-21 2008-08-21 一种基于tcpa/tcg可信网络连接的可信网络管理方法

Publications (1)

Publication Number Publication Date
WO2010020188A1 true WO2010020188A1 (zh) 2010-02-25

Family

ID=40247555

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/073370 WO2010020188A1 (zh) 2008-08-21 2009-08-20 一种基于tcpa/tcg可信网络连接的可信网络管理方法

Country Status (4)

Country Link
US (1) US20110145425A1 (zh)
EP (1) EP2317693A4 (zh)
CN (1) CN101345660B (zh)
WO (1) WO2010020188A1 (zh)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2600586A4 (en) * 2010-07-30 2017-08-30 China Iwncomm Co., Ltd. Platform authentication strategy management method and device for trusted connection architecture

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100581170C (zh) * 2008-08-21 2010-01-13 西安西电捷通无线网络通信有限公司 一种基于三元对等鉴别可信网络连接的可信网络管理方法
CN101345660B (zh) * 2008-08-21 2010-06-09 西安西电捷通无线网络通信有限公司 一种基于tcpa/tcg可信网络连接的可信网络管理方法
CN101527717B (zh) * 2009-04-16 2012-11-28 西安西电捷通无线网络通信股份有限公司 一种三元对等鉴别可信网络连接架构的实现方法
CN101527718B (zh) 2009-04-16 2011-02-16 西安西电捷通无线网络通信股份有限公司 一种建立三元对等鉴别可信网络连接架构的方法
CN101540676B (zh) 2009-04-28 2012-05-23 西安西电捷通无线网络通信股份有限公司 一种适合三元对等鉴别可信网络连接架构的平台鉴别方法
WO2012023050A2 (en) 2010-08-20 2012-02-23 Overtis Group Limited Secure cloud computing system and method
US8868910B2 (en) 2012-02-09 2014-10-21 Hewlett-Packard Development Company, L.P. Elliptic curve cryptographic signature
US9407638B2 (en) * 2013-08-26 2016-08-02 The Boeing Company System and method for trusted mobile communications
WO2015127622A1 (zh) * 2014-02-27 2015-09-03 华为技术有限公司 一种根据策略提供服务的方法和系统
CN104601572B (zh) * 2015-01-15 2018-07-06 北京工业大学 一种基于可信架构的安全消息传递方法
US9509587B1 (en) * 2015-03-19 2016-11-29 Sprint Communications Company L.P. Hardware root of trust (HROT) for internet protocol (IP) communications
US11157641B2 (en) * 2016-07-01 2021-10-26 Microsoft Technology Licensing, Llc Short-circuit data access
CN113132330B (zh) * 2019-12-31 2022-06-28 华为技术有限公司 可信状态证明的方法、设备,证明服务器和可读存储介质
CN111654371A (zh) * 2020-06-16 2020-09-11 可信计算科技(苏州)有限公司 一种基于可信计算的混合加密安全传输数据方法
CN118200045A (zh) * 2024-05-13 2024-06-14 深圳市永达电子信息股份有限公司 网络无干扰与双链无干扰融合模型可信管控计算系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143629A1 (en) * 2004-11-29 2007-06-21 Hardjono Thomas P Method to verify the integrity of components on a trusted platform using integrity database services
CN101136928A (zh) * 2007-10-19 2008-03-05 北京工业大学 一种可信网络接入框架
CN101242297A (zh) * 2007-09-14 2008-08-13 西安西电捷通无线网络通信有限公司 一种实现可信网络管理的方法
CN101242267A (zh) * 2007-08-01 2008-08-13 西安西电捷通无线网络通信有限公司 一种增强安全性的可信网络连接方法
CN101345660A (zh) * 2008-08-21 2009-01-14 西安西电捷通无线网络通信有限公司 一种基于tcpa/tcg可信网络连接的可信网络管理方法

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7526649B2 (en) * 2003-12-30 2009-04-28 Intel Corporation Session key exchange
US7707586B2 (en) * 2004-09-08 2010-04-27 Intel Corporation Operating system independent agent
US8234705B1 (en) * 2004-09-27 2012-07-31 Radix Holdings, Llc Contagion isolation and inoculation
US7376081B2 (en) * 2005-04-04 2008-05-20 Lucent Technologies Inc. Establishment of QoS by applications in cellular networks using service based policy control mechanisms
US7640593B2 (en) * 2005-04-21 2009-12-29 Nokia Corporation User-controlled management of TPM identities
US7805752B2 (en) * 2005-11-09 2010-09-28 Symantec Corporation Dynamic endpoint compliance policy configuration
CN100496025C (zh) * 2007-11-16 2009-06-03 西安西电捷通无线网络通信有限公司 一种基于三元对等鉴别的可信网络接入控制方法
CN100581170C (zh) * 2008-08-21 2010-01-13 西安西电捷通无线网络通信有限公司 一种基于三元对等鉴别可信网络连接的可信网络管理方法
CN100581107C (zh) * 2008-11-04 2010-01-13 西安西电捷通无线网络通信有限公司 一种基于三元对等鉴别(TePA)的可信平台验证方法
CN101431517B (zh) * 2008-12-08 2011-04-27 西安西电捷通无线网络通信股份有限公司 一种基于三元对等鉴别的可信网络连接握手方法
CN101442531B (zh) * 2008-12-18 2011-06-29 西安西电捷通无线网络通信股份有限公司 一种安全协议第一条消息的保护方法

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070143629A1 (en) * 2004-11-29 2007-06-21 Hardjono Thomas P Method to verify the integrity of components on a trusted platform using integrity database services
CN101242267A (zh) * 2007-08-01 2008-08-13 西安西电捷通无线网络通信有限公司 一种增强安全性的可信网络连接方法
CN101242297A (zh) * 2007-09-14 2008-08-13 西安西电捷通无线网络通信有限公司 一种实现可信网络管理的方法
CN101136928A (zh) * 2007-10-19 2008-03-05 北京工业大学 一种可信网络接入框架
CN101345660A (zh) * 2008-08-21 2009-01-14 西安西电捷通无线网络通信有限公司 一种基于tcpa/tcg可信网络连接的可信网络管理方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2600586A4 (en) * 2010-07-30 2017-08-30 China Iwncomm Co., Ltd. Platform authentication strategy management method and device for trusted connection architecture

Also Published As

Publication number Publication date
CN101345660B (zh) 2010-06-09
EP2317693A4 (en) 2012-03-07
CN101345660A (zh) 2009-01-14
EP2317693A1 (en) 2011-05-04
US20110145425A1 (en) 2011-06-16

Similar Documents

Publication Publication Date Title
WO2010020188A1 (zh) 一种基于tcpa/tcg可信网络连接的可信网络管理方法
WO2010020187A1 (zh) 一种基于三元对等鉴别可信网络连接的可信网络管理方法
WO2009033385A1 (fr) Procédé de réalisation de gestion de réseau de confiance
US8255977B2 (en) Trusted network connect method based on tri-element peer authentication
US8191113B2 (en) Trusted network connect system based on tri-element peer authentication
JP5248621B2 (ja) 3値同等識別に基づく、信頼されているネットワークアクセス制御システム
RU2444156C1 (ru) Способ управления доступом к защищенной сети на основе трехэлементной аутентификации одноранговых объектов
US8375430B2 (en) Roaming secure authenticated network access method and apparatus
US8671439B2 (en) Techniques for authenticated posture reporting and associated enforcement of network access
US20080005359A1 (en) Method and apparatus for OS independent platform based network access control
EP2357771A1 (en) Trusted network connect handshake method based on tri-element peer authentication
JP2016519540A (ja) 分散環境の安全通信認証方法及びシステム
WO2010118610A1 (zh) 建立三元对等鉴别可信网络连接架构的方法
CN114915972B (zh) 一种网络切片安全架构及信任度量方法
WO2010118613A1 (zh) 一种三元对等鉴别可信网络连接架构的实现方法
CN117834218A (zh) 一种基于零信任架构的统一身份认证方法及平台
Liu et al. A trusted access method in software-defined network
CN116248405A (zh) 一种基于零信任的网络安全访问控制方法及采用该方法的网关系统、存储介质
CN113965342A (zh) 一种基于国产平台的可信网络连接系统及连接方法
WO2012083667A1 (zh) 一种适合可信连接架构的平台鉴别过程管理方法及装置
CN118054934A (zh) 一种基于可信计算的电力系统安全实现方法和架构
CN117375922A (zh) 一种基于软件定义边界的电力互联网络中对攻击主机的隐蔽监控的系统及方法
CN116707768A (zh) 云网端架构下通用可组合安全的可信网络连接方法
Wang et al. Research on Endpoint Isolation and Remediation Mechanism Based on Trusted Access Technology
Liu Analysis and Comparison on Novel Sensor Network Security Access Technology

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09807887

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2009807887

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 13058988

Country of ref document: US

NENP Non-entry into the national phase

Ref country code: DE