WO2010051742A1 - 一种基于三元对等鉴别(TePA)的可信平台验证方法 - Google Patents
一种基于三元对等鉴别(TePA)的可信平台验证方法 Download PDFInfo
- Publication number
- WO2010051742A1 WO2010051742A1 PCT/CN2009/074763 CN2009074763W WO2010051742A1 WO 2010051742 A1 WO2010051742 A1 WO 2010051742A1 CN 2009074763 W CN2009074763 W CN 2009074763W WO 2010051742 A1 WO2010051742 A1 WO 2010051742A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- message
- platform
- certification
- pcrs
- certification system
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
- H04L9/0662—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher with particular pseudorandom sequence generator
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3234—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/80—Wireless
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Definitions
- TePA Ternary Peer Identification
- the invention relates to a trusted platform verification method based on ternary peer-to-peer authentication (TePA).
- TePA ternary peer-to-peer authentication
- Trustworthy computing works in the first place, ensuring the security of all terminals, that is, building a larger security system by ensuring secure components. Trusted computing platforms provide higher levels of protection at lower levels, and protection of soft-level attacks with trusted hardware allows users to gain more protection and choice.
- the challenger (CH, Challenger) needs to evaluate the trusted computing platform using a platform attribute.
- Challenger CH uses the platform integrity to evaluate the trusted computing platform.
- the trusted computing platform being evaluated is called the certification system (AS, Attesting System ), the corresponding trusted platform evaluation protocol is as follows, see Figure 1:
- the system AS After the system AS receives the message 1, it first transmits the random number N CH to the Trusted Computing Module (TPM, Trusted Platform Module) of the certification system AS, and then extracts the certification system AS from the trusted computing module TPM of the certification system AS.
- the challenger CH After receiving the message 2, the challenger CH first uses the public key of the identity certification key AIK of the certification system AS, the random number N CH and the message 2 to prove the platform configuration register value of the system AS PCRs AS test Certificate signature if the signature is invalid, discarding the message 2, the system AS 2 prove otherwise use the message values platform configuration register PCRs to prove system AS AS 2 verification message platform configuration register value PCRs correct measurement log corresponding to the Log of AS AS If the procedure is incorrect, the protocol process is aborted. Otherwise, according to the message 2, the platform configuration register value of the system AS is verified.
- the metric log Lo gAS corresponding to the PCRs AS and the reference integrity value of each component in the metric log Lo gAS are used to evaluate the certification system AS. Is it credible?
- the protocol is only suitable for one-way trusted platform evaluation, and the challenger CH must have the ability to verify the identity certificate key AIK and platform integrity of the system AS, where the challenge CH can verify the identity certificate key AIK of the certification system AS based on Trusted Third Party (TTP), or use the Direct anonymous attestation (DAA) to prove the identity of the system AS. Proof key AIK.
- TTP Trusted Third Party
- DAA Direct anonymous attestation
- the system AS needs to verify each other whether the platform is trusted, if the system AS proves that the system AS does not have the ability to verify the identity certificate key AIK and platform integrity of the other party's certification system AS, the prior art cannot verify the certificate.
- the identity of the system AS is the authentication key AIK and platform integrity.
- the present invention solves the above technical problems in the background art, and provides a method for verifying the identity certification key AIK and platform integrity of the certification system AS by using a trusted third party TTP, that is, based on ternary peer authentication. Trusted Platform Verification Method (TePA, Tri-element Peer Authentication).
- TTP Trusted Platform Verification Method
- the present invention is a trusted platform verification method based on ternary peer authentication, which is special in that: the method comprises the following steps:
- the second attestation system sends a first message to the first attestation system, the first message includes a random number N AS2 generated by the second attestation system, and an identity certificate key AIK certificate Cert A iK-AS2 of the second attestation system, And a platform configuration register value PCRs parameter table ParmpcRs-Asi requested by the second certification system to the first certification system;
- the first attestation system transmits the N AS2 to the trusted computing module TPM of the first attestation system, and then extracts corresponding platform configuration register values PCRs from the trusted computing module TPM according to the PCRs parameter table ParmpcRs-Asi AS1 , and the private certificate of the identity certificate AIK using the first attestation system Keying the signatures [N AS2 , PCRs AS1 ] Slg of the PCRs AS1 and the N AS2 , and extracting the metric log Log AS1 corresponding to the PCRs AS1 from the storage metric log SML of the first attestation system, and to the second attestation system
- the AS 2 sends a second message, the second message includes a random number NASI generated by the first attestation system, an identity certification key AIK certificate Cert AI] ⁇ AS1 of the first attestation system, and the first attestation system requests the second attestation system Platform configuration register value PCRs parameter table Parm P c Rs- As 2 ;
- the second certification system utilizes the public key of the identity certification key AIK certificate of the first certification system, and the N AS2 and the PCRs AS1 verify the signature, and if the signature is invalid, discard the second message, if the signature is valid,
- the N AS1 is transmitted to the trusted computing module TPM of the second attestation system, and then the corresponding platform configuration register value PCRs AS2 is extracted from the trusted computing module TPM of the second attestation system according to the Parmp CRs- AS2 , and the second is used.
- the trusted third party verifies the validity CertAK-Asi Cert An ⁇ AS2 and generates a verification result Re AI Cert AIK-AS1 to] ⁇ AS1 and Cert AI] ⁇ AS2 verification result Re An ⁇ AS2, then use
- the correctness of the Log AS1 is determined by the PCRs AS1 , and if not, the message is discarded. If the PCRASAS2 is correct, the correctness of the Log AS 2 is verified. If not, the message is discarded.
- the second certification system performs signature verification according to the fourth message. If the signature is invalid, the message is discarded. If the signature is valid, the access result of the AS ⁇ AS 2 is generated, and the first certification system AS is sent. Five messages;
- AS 2 performs signature verification according to the fifth message. If the signature is invalid, the message is discarded. If the signature is valid, the signature in the fourth message is verified. If the signature is invalid, the protocol is aborted. If the signature is valid, it is based on the verification result of Cert An ⁇ AS2 Re An ⁇ AS2 and the second certification system AS 2 The platform integrity verification result Rep CR AS2 and the first certification system AS ⁇ ⁇ the second certification system AS 2 access result Re access performs access control.
- the platform configuration register PCR list in the above step A) is a list of the platform configuration registers determined in the first certification system or a list of components determined in the first certification system.
- the platform configuration register PCR list in the above step B) is a list of the platform configuration registers determined in the second certification system, or a list of components determined in the second certification system.
- the messages interacting between the first attestation system and the second attestation system are transmitted in a secure channel between them.
- the messages exchanged between the second proof system and the trusted third party are transmitted in a secure channel between them.
- the second attestation system cannot know the platform configuration information of the first attestation system, the LogAS1 and the platform patching information Rem AS1 of the first attestation system are transmitted in a secure channel between the first attestation system and the trusted third party. If the first proof system and the second proof system verify the authentication key of the certification system based on the direct anonymous proof DAA, the Cert A iK-Asi and the insurance certificate are not included in the fourth message and the fifth message. The result is Re A iK -AS1 , the Cert A iK-AS2 and the risk certificate result Re A iK -AS2 .
- the trusted platform verification method based on ternary peer authentication of the present invention implements a two-way trusted platform evaluation between the certification systems, and uses a trusted third party TTP to verify the identity authentication key AIK and platform of the certification system AS. Integrity, extending the scope of application;
- the trusted platform verification method based on ternary peer-to-peer authentication of the present invention uses a security architecture of ternary peer-to-peer authentication, which enhances the security of the trusted platform evaluation protocol.
- Figure 2 is a schematic illustration of the process of the present invention.
- the second attestation system AS 2 sends a first message to the first attestation system 8 1 , the first message comprising a random number generated by the second attestation system, an identity attestation key AIK certificate of the second attestation system, and a second The platform configuration register value PCRs parameter table that proves that the system requests the first certification system.
- the first message (message 1) N AS2
- N AS2 is the random number generated by the second certification system AS 2
- Cert A iK-AS2 is the identity certification key AIK certificate of the second certification system AS 2
- 111 ⁇ 0 ⁇ 1 is a platform configuration register value PCRs parameter table requested by the second certification system AS 2 to the first certification system AS, which may be a PCR configuration list of the platform configuration register determined in the first certification system AS, or may be A list of components identified in the system AS.
- the first certification system AS transmits the random number to its own trusted computing module TPM, and extracts the platform configuration register value of the corresponding first certification system AS to the TPM according to the platform configuration register value PCRs parameter table.
- the PCRs AS1 and the signature [N AS2 , PCRs AS1 ] Slg of the PCRs AS o N AS2 using the private key of the AS ⁇ identity verification key AIK, extract the PCRSASI corresponding from the storage metric log SML of the first certification system ASi metric logs log AS1, and a second proof system AS 2 sends a second message, the second message comprising the identity of eight of the random number generator 81, the claimant key AIK certificate the AS, the AS request to the AS 2 platform configuration register Value PCRs parameter table.
- the second certification system verifies the signature according to the public key of the identity certification key AIK certificate, the random number N AS2 generated by AS 2 and the PCRs AS1 , and discards the second message if the signature is invalid, such as the signature Efficiently, N AS1 is transmitted to the trusted computing module TPM of AS 2 , and according to the platform configuration register value of the AS to the AS 2 configuration register value PCRs parameter table Parm PCRs-AS2 from the trusted computing module of the second certification system AS 2
- the TPM extracts the platform configuration register value PCRs AS2 of the corresponding AS 2 and signs the PCRs AS2 and N AS i using the private key of the identity authentication key AIK of the AS 2 [N AS1 , PCRs AS2 ] Slg , from the AS SML is stored measurement log 2 is extracted 2 AS platform configuration register value PCRs AS2 metric corresponding log log AS2, and the trusted third party TTP sending a third message, the third message comprises: generating a second proof system AS 2 Identify random numbers
- the second certification system AS 2 firstly uses the public key of the first certification system ASi to prove the key AIK certificate, and the second certification system AS 2 generates the random number N AS2 and the message 2
- a platform configuration register value PCRs AS1 of the certification system AS verifies the signature, and if the signature is invalid, the message 2 is discarded, otherwise the random number N AS ⁇ generated by the first certification system AS is sent to the trusted calculation of the second certification system AS 2 module TPM, then proof system according to the first to the second proof system AS AS 2 requests platform configuration register value PCRs parameter table Parmp CRs- AS2 AS proof system from the second system a second proof trusted computing module TPM 2 corresponding to the extracted 2 aS platform configuration register value PCRs AS2, a second proof identification system aS 2 private certification key of the AIK extracted second proof system aS platform configuration register value 2 and the first PCRs AS2 aS generates proof system signature random number N AS1 performed [N AS1, PCRs AS2] Slg ,
- Trusted third party TTP verifies the validity of CertAiK-Asi and Cert A iK -AS2 , generates Cert A iK -AS1 verification results Re An ⁇ AS1 and Cert AI] ⁇ AS2 verification result Re An ⁇ AS2 , and
- the PCRs AS i verifies the correctness of the corresponding metric log Log AS 1. If not, the message is discarded. If it is correct, the correctness of the metric log Log AS2 corresponding to the PCRs AS2 is verified by the PCRs AS2 . If not, the correctness is Discard the message, if it is correct, then according to the metric log!
- the specific process is: after receiving the message 3, the trusted third party TTP first verifies the identity certificate key AIK certificate Cert AI] of the first certification system ASi ⁇ AS1 and the identity certification key AIK certificate Cert AI of the second certification system AS 2 ] ⁇ AS2 validity, generate a first proof of identity certification key systems ASi, CertAiK-Asi AIK certificate verification result Re An ⁇ AS1 and second proof identification system AS 2 certification key AIK certificate Cert AI] ⁇ AS2 of Verify the result Re AI] ⁇ AS2 , and then use the platform configuration register value of the first proof system AS in the message 3 PCRs AS1 3
- the trusted third party TTP uses the private key to calculate the authentication random number N AS generated by the second certification system AS 2 2 j T p, first proof system AS identity certificate key AIK certificate Cert AI] ⁇ AS1 , first certification system AS identity certificate key AIK certificate Cert AI] ⁇ AS1 verification result Re AI] ⁇ AS1 , A platform configuration register value PCRs AS1 of the certification system AS, a first certification system AS ⁇ platform integrity verification result Re PCR AS1 , a platform repair information Rem AS1 of the first certification system AS, a random number N AS1 generated by the first certification system AS , the second certification system AS 2 identity certification key AIK certificate Cert An ⁇ AS2 , the second certification system AS 2 identity certification key AIK certificate Cert AI] ⁇ AS2 verification result Re AI] ⁇ AS2 , the second certification system 2 AS platform configuration register value PCRs AS2, a second proof system AS platform integrity verification result RepcR SA s2 and second proof system AS 2
- the AS 2 performs signature verification according to the fourth message. If the signature is invalid, the message is discarded. If the signature is valid, the access result of AS ⁇ AS 2 is generated, and the fifth certificate system 8 1 is sent to the fifth certificate. Message.
- the second certification system AS 2 After receiving the message 4, the second certification system AS 2 firstly verifies the signature by using the public key of the trusted third party TTP [N A s2-TTp
- TTP N A s2-TTp
- the AS 2 performs signature verification according to the fifth message. If the signature is invalid, the message is discarded. If the signature is valid, the signature in the fourth message is verified. If the signature is invalid, the protocol is aborted. If the signature is valid, it is based on the verification result of Cert An ⁇ AS2 Re An ⁇ AS2 , the platform integrity verification result of the second certification system AS 2 Rep CR AS2 and the first certification system AS ⁇ ⁇ the access result of the second certification system AS 2 Re Access performs access control.
- the first certification system AS After receiving the fifth message (message 5), the first certification system AS first uses the second certification system AS 2 identity verification key AIK certificate Cert AI] ⁇ AS2 public key verification signature [N AS1
- the messages exchanged between the first attestation system AS and the second attestation system AS 2 are transmitted in a secure channel between them; the second attestation system
- the message of interaction between the AS 2 and the trusted third party TTP is transmitted in a secure channel between them; if the first attestation system AS does not want the second attestation system AS 2 to know the platform configuration information of the first attestation system ASi, the first proof system AS1 AS platform configuration register value corresponding to a measure of the Log PCRs Chi said platform and a first proof system AS1 AS Rem AS1 patch information is secure channel between the first proof system AS and the trusted third party TTP If the first certification system AS and the second certification system AS 2 are used to verify the identity certification key AIK of the certification system AS based on the direct anonymous certification DAA, the first certification system ASi is not included in the message 4 and the message 5.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP09824397.5A EP2346207A4 (en) | 2008-11-04 | 2009-11-03 | METHOD OF AUTHENTICATING A TRUST PLATFORM BASED ON THREE-PART ELEMENTS HOMOLOGOUS AUTHENTICATION (TEPA) |
JP2011524174A JP5196021B2 (ja) | 2008-11-04 | 2009-11-03 | 三要素のピア認証(TePA)に基づくトラステッドプラットフォームの検証方法 |
KR1020117007896A KR101421329B1 (ko) | 2008-11-04 | 2009-11-03 | 3 개의 피어 인증(tepa)에 기반한 신뢰할만한 플랫폼을 인증하는 방법 |
US13/119,909 US8533806B2 (en) | 2008-11-04 | 2009-11-03 | Method for authenticating a trusted platform based on the tri-element peer authentication(TEPA) |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200810232093.5A CN100581107C (zh) | 2008-11-04 | 2008-11-04 | 一种基于三元对等鉴别(TePA)的可信平台验证方法 |
CN200810232093.5 | 2008-11-04 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010051742A1 true WO2010051742A1 (zh) | 2010-05-14 |
Family
ID=40494381
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2009/074763 WO2010051742A1 (zh) | 2008-11-04 | 2009-11-03 | 一种基于三元对等鉴别(TePA)的可信平台验证方法 |
Country Status (6)
Country | Link |
---|---|
US (1) | US8533806B2 (zh) |
EP (1) | EP2346207A4 (zh) |
JP (1) | JP5196021B2 (zh) |
KR (1) | KR101421329B1 (zh) |
CN (1) | CN100581107C (zh) |
WO (1) | WO2010051742A1 (zh) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013544052A (ja) * | 2010-11-12 | 2013-12-09 | 西安西▲電▼捷通▲無▼綫▲網▼絡通信股▲分▼有限公司 | 匿名エンティティ認証方法および装置本出願は、2010年11月12日に中国特許局に提出し、出願番号が201010546339.3であり、発明名称が「匿名エンティティ認証方法およびシステム」との中国特許出願を基礎とする優先権を主張し、その開示の総てをここに取り込む。 |
Families Citing this family (54)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101345660B (zh) * | 2008-08-21 | 2010-06-09 | 西安西电捷通无线网络通信有限公司 | 一种基于tcpa/tcg可信网络连接的可信网络管理方法 |
CN100581170C (zh) | 2008-08-21 | 2010-01-13 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别可信网络连接的可信网络管理方法 |
US8161285B2 (en) * | 2008-09-26 | 2012-04-17 | Microsoft Corporation | Protocol-Independent remote attestation and sealing |
CN100581107C (zh) * | 2008-11-04 | 2010-01-13 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别(TePA)的可信平台验证方法 |
CN101527718B (zh) | 2009-04-16 | 2011-02-16 | 西安西电捷通无线网络通信股份有限公司 | 一种建立三元对等鉴别可信网络连接架构的方法 |
CN101540676B (zh) * | 2009-04-28 | 2012-05-23 | 西安西电捷通无线网络通信股份有限公司 | 一种适合三元对等鉴别可信网络连接架构的平台鉴别方法 |
CN101572706B (zh) * | 2009-06-08 | 2011-06-01 | 西安西电捷通无线网络通信股份有限公司 | 一种适合三元对等鉴别可信网络连接架构的平台鉴别消息管理方法 |
CN101656719B (zh) * | 2009-09-22 | 2011-11-02 | 西安西电捷通无线网络通信股份有限公司 | 一种可实现平台配置保护的双向平台鉴别方法 |
CN101674182B (zh) | 2009-09-30 | 2011-07-06 | 西安西电捷通无线网络通信股份有限公司 | 引入在线可信第三方的实体公钥获取、证书验证及鉴别的方法及系统 |
WO2011081589A1 (en) * | 2010-01-04 | 2011-07-07 | Dts Steering Group Ab | Secure digital communications |
US11314854B2 (en) | 2011-12-30 | 2022-04-26 | Bedrock Automation Platforms Inc. | Image capture devices for a secure industrial control system |
US11967839B2 (en) | 2011-12-30 | 2024-04-23 | Analog Devices, Inc. | Electromagnetic connector for an industrial control system |
US10834094B2 (en) | 2013-08-06 | 2020-11-10 | Bedrock Automation Platforms Inc. | Operator action authentication in an industrial control system |
US8868813B2 (en) | 2011-12-30 | 2014-10-21 | Bedrock Automation Platforms Inc. | Communications control system with a serial communications interface and a parallel communications interface |
US9467297B2 (en) * | 2013-08-06 | 2016-10-11 | Bedrock Automation Platforms Inc. | Industrial control system redundant communications/control modules authentication |
US12061685B2 (en) | 2011-12-30 | 2024-08-13 | Analog Devices, Inc. | Image capture devices for a secure industrial control system |
US9727511B2 (en) | 2011-12-30 | 2017-08-08 | Bedrock Automation Platforms Inc. | Input/output module with multi-channel switching capability |
US9600434B1 (en) | 2011-12-30 | 2017-03-21 | Bedrock Automation Platforms, Inc. | Switch fabric having a serial communications interface and a parallel communications interface |
US11144630B2 (en) | 2011-12-30 | 2021-10-12 | Bedrock Automation Platforms Inc. | Image capture devices for a secure industrial control system |
US8862802B2 (en) | 2011-12-30 | 2014-10-14 | Bedrock Automation Platforms Inc. | Switch fabric having a serial communications interface and a parallel communications interface |
US10834820B2 (en) | 2013-08-06 | 2020-11-10 | Bedrock Automation Platforms Inc. | Industrial control system cable |
US9191203B2 (en) | 2013-08-06 | 2015-11-17 | Bedrock Automation Platforms Inc. | Secure industrial control system |
US9437967B2 (en) | 2011-12-30 | 2016-09-06 | Bedrock Automation Platforms, Inc. | Electromagnetic connector for an industrial control system |
US8971072B2 (en) | 2011-12-30 | 2015-03-03 | Bedrock Automation Platforms Inc. | Electromagnetic connector for an industrial control system |
JP5990433B2 (ja) * | 2012-08-31 | 2016-09-14 | 株式会社富士通エフサス | ネットワーク接続方法および電子機器 |
US9202056B2 (en) * | 2013-03-15 | 2015-12-01 | Intel Corporation | Inter-processor attestation hardware |
US10270748B2 (en) | 2013-03-22 | 2019-04-23 | Nok Nok Labs, Inc. | Advanced authentication techniques and applications |
US9887983B2 (en) | 2013-10-29 | 2018-02-06 | Nok Nok Labs, Inc. | Apparatus and method for implementing composite authenticators |
US9396320B2 (en) | 2013-03-22 | 2016-07-19 | Nok Nok Labs, Inc. | System and method for non-intrusive, privacy-preserving authentication |
US9961077B2 (en) | 2013-05-30 | 2018-05-01 | Nok Nok Labs, Inc. | System and method for biometric authentication with device attestation |
US10613567B2 (en) | 2013-08-06 | 2020-04-07 | Bedrock Automation Platforms Inc. | Secure power supply for an industrial control system |
CN104618308B (zh) * | 2013-11-04 | 2019-09-13 | 腾讯科技(武汉)有限公司 | 协议请求处理方法及装置 |
US9654469B1 (en) | 2014-05-02 | 2017-05-16 | Nok Nok Labs, Inc. | Web-based user authentication techniques and applications |
CN104092733B (zh) * | 2014-06-20 | 2018-09-14 | 华南理工大学 | 一种基于hdfs的可信分布式文件系统 |
US10148630B2 (en) | 2014-07-31 | 2018-12-04 | Nok Nok Labs, Inc. | System and method for implementing a hosted authentication service |
US9608825B2 (en) | 2014-11-14 | 2017-03-28 | Intel Corporation | Trusted platform module certification and attestation utilizing an anonymous key system |
US9768966B2 (en) * | 2015-08-07 | 2017-09-19 | Google Inc. | Peer to peer attestation |
CN106572064B (zh) * | 2015-10-10 | 2019-10-29 | 西安西电捷通无线网络通信股份有限公司 | 一种多ttp参与的实体身份有效性验证方法及装置 |
US10769635B2 (en) | 2016-08-05 | 2020-09-08 | Nok Nok Labs, Inc. | Authentication techniques including speech and/or lip movement analysis |
US10637853B2 (en) | 2016-08-05 | 2020-04-28 | Nok Nok Labs, Inc. | Authentication techniques including speech and/or lip movement analysis |
US10482034B2 (en) * | 2016-11-29 | 2019-11-19 | Microsoft Technology Licensing, Llc | Remote attestation model for secure memory applications |
US10091195B2 (en) | 2016-12-31 | 2018-10-02 | Nok Nok Labs, Inc. | System and method for bootstrapping a user binding |
US10237070B2 (en) | 2016-12-31 | 2019-03-19 | Nok Nok Labs, Inc. | System and method for sharing keys across authenticators |
US10666658B2 (en) * | 2017-01-30 | 2020-05-26 | Ncr Corporation | Trusted network entity secure connectivity |
US11604879B2 (en) * | 2017-07-12 | 2023-03-14 | Nec Corporation | Attestation system, attestation method, and attestation program |
US11868995B2 (en) | 2017-11-27 | 2024-01-09 | Nok Nok Labs, Inc. | Extending a secure key storage for transaction confirmation and cryptocurrency |
US11831409B2 (en) | 2018-01-12 | 2023-11-28 | Nok Nok Labs, Inc. | System and method for binding verifiable claims |
US10924282B2 (en) * | 2018-05-24 | 2021-02-16 | Cyber Pack Ventures, Inc. | System and method for measuring and reporting IoT boot integrity |
US12041039B2 (en) | 2019-02-28 | 2024-07-16 | Nok Nok Labs, Inc. | System and method for endorsing a new authenticator |
US11792024B2 (en) | 2019-03-29 | 2023-10-17 | Nok Nok Labs, Inc. | System and method for efficient challenge-response authentication |
CN114884689A (zh) * | 2019-07-12 | 2022-08-09 | 华为技术有限公司 | 一种远程证明方法及装置 |
US11290471B2 (en) * | 2019-08-27 | 2022-03-29 | Hewlett Packard Enterprise Development Lp | Cross-attestation of electronic devices |
CN113794685B (zh) * | 2021-08-16 | 2023-09-29 | 德威可信(北京)科技有限公司 | 一种基于可信评估的数据传输方法及装置 |
CN113783846B (zh) * | 2021-08-16 | 2023-09-19 | 德威可信(北京)科技有限公司 | 一种可信数据传输系统及方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101136928A (zh) * | 2007-10-19 | 2008-03-05 | 北京工业大学 | 一种可信网络接入框架 |
CN101159660A (zh) * | 2007-11-16 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络接入控制方法 |
CN101242266A (zh) * | 2007-08-01 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络连接方法 |
CN101394283A (zh) * | 2008-11-04 | 2009-03-25 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别(TePA)的可信平台验证方法 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7293284B1 (en) | 2002-12-31 | 2007-11-06 | Colligo Networks, Inc. | Codeword-enhanced peer-to-peer authentication |
JP4599852B2 (ja) * | 2004-02-23 | 2010-12-15 | ソニー株式会社 | データ通信装置および方法、並びにプログラム |
JP4144880B2 (ja) | 2004-04-09 | 2008-09-03 | インターナショナル・ビジネス・マシーンズ・コーポレーション | プラットフォーム構成測定装置、プログラム及び方法、プラットフォーム構成認証装置、プログラム及び方法、プラットフォーム構成証明装置、プログラム及び方法、並びに、プラットフォーム構成開示装置、プログラム及び方法 |
WO2006100522A1 (en) | 2005-03-22 | 2006-09-28 | Hewlett-Packard Development Company, L.P. | Methods, devices and data structures for trusted data |
JP2010503252A (ja) | 2006-08-31 | 2010-01-28 | インターナショナル・ビジネス・マシーンズ・コーポレーション | コンピューティング・プラットフォームの証明 |
GB0707150D0 (en) | 2007-04-13 | 2007-05-23 | Hewlett Packard Development Co | Dynamic trust management |
KR100917601B1 (ko) * | 2007-07-03 | 2009-09-17 | 한국전자통신연구원 | 인증 재전송 공격 방지 방법 및 인증 시스템 |
CN101286840B (zh) | 2008-05-29 | 2014-07-30 | 西安西电捷通无线网络通信股份有限公司 | 一种利用公钥密码技术的密钥分配方法及其系统 |
-
2008
- 2008-11-04 CN CN200810232093.5A patent/CN100581107C/zh active Active
-
2009
- 2009-11-03 JP JP2011524174A patent/JP5196021B2/ja active Active
- 2009-11-03 EP EP09824397.5A patent/EP2346207A4/en not_active Withdrawn
- 2009-11-03 KR KR1020117007896A patent/KR101421329B1/ko active IP Right Grant
- 2009-11-03 WO PCT/CN2009/074763 patent/WO2010051742A1/zh active Application Filing
- 2009-11-03 US US13/119,909 patent/US8533806B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242266A (zh) * | 2007-08-01 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络连接方法 |
CN101136928A (zh) * | 2007-10-19 | 2008-03-05 | 北京工业大学 | 一种可信网络接入框架 |
CN101159660A (zh) * | 2007-11-16 | 2008-04-09 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络接入控制方法 |
CN101394283A (zh) * | 2008-11-04 | 2009-03-25 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别(TePA)的可信平台验证方法 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2013544052A (ja) * | 2010-11-12 | 2013-12-09 | 西安西▲電▼捷通▲無▼綫▲網▼絡通信股▲分▼有限公司 | 匿名エンティティ認証方法および装置本出願は、2010年11月12日に中国特許局に提出し、出願番号が201010546339.3であり、発明名称が「匿名エンティティ認証方法およびシステム」との中国特許出願を基礎とする優先権を主張し、その開示の総てをここに取り込む。 |
Also Published As
Publication number | Publication date |
---|---|
EP2346207A1 (en) | 2011-07-20 |
CN100581107C (zh) | 2010-01-13 |
JP5196021B2 (ja) | 2013-05-15 |
EP2346207A4 (en) | 2013-04-24 |
KR101421329B1 (ko) | 2014-07-18 |
US20110202992A1 (en) | 2011-08-18 |
JP2012501120A (ja) | 2012-01-12 |
US8533806B2 (en) | 2013-09-10 |
KR20110051281A (ko) | 2011-05-17 |
CN101394283A (zh) | 2009-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2010051742A1 (zh) | 一种基于三元对等鉴别(TePA)的可信平台验证方法 | |
JP6684930B2 (ja) | ブロックチェーンに基づくアイデンティティ認証方法、装置、ノード及びシステム | |
KR101104486B1 (ko) | 보안 향상을 위한 안전 네트워크 연결 방법 | |
JP5759010B2 (ja) | 匿名エンティティ認証方法および装置 | |
EP2426853B1 (en) | Platform authentication method suitable for trusted network connect architecture based on tri-element peer authentication | |
US20100262832A1 (en) | Entity bidirectional authentication method and system | |
JP5759009B2 (ja) | 匿名エンティティ認証方法および装置 | |
WO2009015581A1 (fr) | Procédé visant à obtenir une connexion de réseau fiable, reposant sur une authentification d'homologues impliquant trois éléments | |
KR20130084315A (ko) | 신뢰성 있는 제 3자를 기반으로 한 양방향 엔티티 인증 방법 | |
WO2011022918A1 (zh) | 一种引入在线第三方的实体双向鉴别方法 | |
WO2011038559A1 (zh) | 引入在线可信第三方的实体公钥获取、证书验证及鉴别的方法及系统 | |
CN103237038A (zh) | 一种基于数字证书的双向入网认证方法 | |
WO2010066187A1 (zh) | 一种基于三元对等鉴别的可信网络连接握手方法 | |
CN110838920B (zh) | web系统中无需存储口令相关信息的口令认证与密钥协商协议 | |
WO2010066169A1 (zh) | 一种基于三元对等鉴别的可信网络连接实现方法 | |
JP2010508567A (ja) | コンピューティングデバイスにおけるマルウェアの無効化 | |
KR101679771B1 (ko) | 아이덴티티 인증을 위한 방법, 디바이스 및 시스템 | |
WO2011022919A1 (zh) | 一种引入在线第三方的实体鉴别方法 | |
WO2011109959A1 (zh) | 一种适合可信连接架构的平台鉴别实现方法及系统 | |
US20120167212A1 (en) | Methods for inspecting security certificates by network security devices to detect and prevent the use of invalid certificates | |
CN116506118A (zh) | 一种pki证书透明化服务中身份隐私性保护方法 | |
Diaz et al. | On securing online registration protocols: Formal verification of a new proposal | |
Addas et al. | Formal security analysis and performance evaluation of the linkable anonymous access protocol | |
Feng et al. | A new method of formalizing anonymity based on protocol composition logic | |
CN118316611A (zh) | 一种分布式信任的公开可链接匿名声望评价方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09824397 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2011524174 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13119909 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009824397 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20117007896 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |