WO2010142115A1 - 一种适合三元对等鉴别可信网络连接架构的访问控制方法 - Google Patents
一种适合三元对等鉴别可信网络连接架构的访问控制方法 Download PDFInfo
- Publication number
- WO2010142115A1 WO2010142115A1 PCT/CN2009/075444 CN2009075444W WO2010142115A1 WO 2010142115 A1 WO2010142115 A1 WO 2010142115A1 CN 2009075444 W CN2009075444 W CN 2009075444W WO 2010142115 A1 WO2010142115 A1 WO 2010142115A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- ternary
- control
- controller
- trusted
- platform
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Definitions
- x originates from .11 who are the yuan.
- the main purpose of x is to solve the user's connection.
- PE o hen ca on En y
- the rest 1 is shown: PE ( o hen ca on En y ) refers to the end of the rest, the PE, the controller PE and each three yuan can
- T EP T e e en he ca o Ex en b e o oco , the following T EP) is the control performed by P E and controller P E , where the format of P is different, but the model E P of T E is different.
- the length of the ode is 1 bit, which indicates the T of the T P group.
- the Le g h bit indicates the bit of the T EP packet, which includes all the length sums of ode den e Leng h and a a).
- Aa length can be grouped into 0 or more bits in its format by ode Decide.
- the e po se packet controller is not valid eq e e pon e packet contains a ⁇ message in the eq e packet containing the identity of the dormant
- the controller eq e groups each , the eque has the instruction that the god is the third h d a y the following T ) hen ca on) , in the way to each method
- each e pon e group controller e pon e group contains a ⁇ in eq es
- the sequences of controllers eq e and espo se need to interact.
- the controller groups each eq e and groups the controller e pon e.
- the length of this eq e and e pon e sequence is required.
- the controller either stops the eq e packet message interaction, or the cce grouper, until the controller fails the controller to successfully complete the Fa ue grouper or controller.
- T Trusted (T ed op ng op below T), developed a trusted connection between the trusted computing technology (ed e wo k onnec T), TN includes terminal integrity and hedging security operations of. It is indicated by the existing T TN in the wood. Since the strategy in T TN is in the A-edge and the platform is not strategic, there is a strategy that is untrustworthy.
- TeP contains integrity metrics and trusted platforms. They perform platform-free platform component information, and their platform forests also need to be in the same control, and the platform results are generated. It is forbidden or connected to the wood or the prohibition), so the above control methods such as ternary can not be completely based on the T of TeP. Therefore, we need to establish this control method for T that is compatible with TeP.
- the purpose of this is to provide a ternary and other trusted and connected The method, while solving the wood described in the background wood.
- the wood solution of this is the control method of the trusted connection such as ternary, etc.
- the method includes the following steps
- the platform is packaged in the aa of E and the platform of the controller is the same.
- the TE of the platform is further encapsulated by the TP of the TP.
- the T EP of the platform is also used in step 1.1)
- the secure channel established in the security zone is located between the controller policy manager and the platform of the platform directly to the TEP of the platform.
- the above method includes steps including the same control in the trusted connection of control, ramp control wood or integrated control and ramp control wood ternary.
- the control of the ternary and other trusted connections requires the addition of the ternary and other control methods, and the new ternary and other control methods are formed. The rest, using the new ternary and other control methods in the knot, the non-and separate ternary and other trusted connections, prohibitions and functions.
- the encapsulation so that the ternary and other trusted and connected inter-bay control methods can be compatible with other control methods such as ternary and ternary, and improve compatibility, and completely control the ternary and other trusted connections.
- the addition of the controller system makes the control of the ternary and other trusted connections can be compatible with the control in the ternary and other control methods, and the compatibility is improved.
- the control method of this ternary and other trusted connections includes the encapsulation, and the control of the ternary and other trusted connections.
- Controller controller Controller controller, controller policy manager interaction T EP not
- the platform is packaged in the a a of the T E.
- the same platform of the controller is used to apply the T E of the platform to the a P of the T P package, and the platform is also used.
- the T EP is secured by the secure channel established in step 1.1).
- the controller platform is the same platform.
- the other platform is not encapsulated, but the T EP of the direct platform.
- Ode ( ) den e ( ) Leng h ( bit ) a a T E ) control of ternary and other trusted connections refers to users , platforms in ternary and other trusted connections
- control can be controlled, and other control woods such as ramps can be used to integrate the above methods.
- control woods such as ramps
- the integrated control and other control woods can use the permission and prohibition of the ternary and other trusted connections in the background wood in the ternary and other control methods, among which the ternary and other trusted connections, controllers and Policy Manager 1 in each, controller and corners PE and controller PE use non
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020117031058A KR101434614B1 (ko) | 2009-06-08 | 2009-12-09 | 3-요소 피어 인증 기반의 신뢰성 있는 네트워크 연결 구조를 위한 액세스 제어 방법 |
EP09845724.5A EP2442516B1 (en) | 2009-06-08 | 2009-12-09 | Access control method for tri-element peer authentication credible network connection structure |
JP2012514320A JP5581382B2 (ja) | 2009-06-08 | 2009-12-09 | 3要素ピア認証信頼可能ネットワークアクセスアーキテクチャーに適するアクセス制御方法 |
US13/377,098 US8719897B2 (en) | 2009-06-08 | 2009-12-09 | Access control method for tri-element peer authentication credible network connection structure |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910022911.3 | 2009-06-08 | ||
CN2009100229113A CN101572704B (zh) | 2009-06-08 | 2009-06-08 | 一种适合三元对等鉴别可信网络连接架构的访问控制方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010142115A1 true WO2010142115A1 (zh) | 2010-12-16 |
Family
ID=41231941
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2009/075444 WO2010142115A1 (zh) | 2009-06-08 | 2009-12-09 | 一种适合三元对等鉴别可信网络连接架构的访问控制方法 |
Country Status (6)
Country | Link |
---|---|
US (1) | US8719897B2 (zh) |
EP (1) | EP2442516B1 (zh) |
JP (1) | JP5581382B2 (zh) |
KR (1) | KR101434614B1 (zh) |
CN (1) | CN101572704B (zh) |
WO (1) | WO2010142115A1 (zh) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101572704B (zh) * | 2009-06-08 | 2012-05-23 | 西安西电捷通无线网络通信股份有限公司 | 一种适合三元对等鉴别可信网络连接架构的访问控制方法 |
CN101662410B (zh) * | 2009-09-22 | 2012-07-04 | 西安西电捷通无线网络通信股份有限公司 | 一种基于隧道技术的三元鉴别可扩展方法及其系统 |
CN101707621B (zh) * | 2009-12-11 | 2012-05-09 | 西安西电捷通无线网络通信股份有限公司 | 一种适合三元对等鉴别可信网络连接架构的网络传输方法 |
CN101741726B (zh) * | 2009-12-18 | 2012-11-14 | 西安西电捷通无线网络通信股份有限公司 | 一种支持多受控端口的访问控制方法及其系统 |
CN101958908B (zh) * | 2010-10-13 | 2012-08-08 | 西安西电捷通无线网络通信股份有限公司 | 网络访问控制方法及系统 |
JP5624219B2 (ja) | 2010-10-13 | 2014-11-12 | 西安西▲電▼捷通▲無▼綫▲網▼絡通信股▲分▼有限公司Chinaiwncomm Co., Ltd. | ネットワークアクセス制御方法およびシステム |
CN102006291A (zh) * | 2010-11-10 | 2011-04-06 | 西安西电捷通无线网络通信股份有限公司 | 一种适合可信连接架构的网络传输方法及系统 |
US20140136208A1 (en) * | 2012-11-14 | 2014-05-15 | Intermec Ip Corp. | Secure multi-mode communication between agents |
US20220059216A1 (en) * | 2020-08-20 | 2022-02-24 | Centurylink Intellectual Property Llc | Home Health Monitoring of Patients via Extension of Healthcare System Network Into Customer Premises |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101136928A (zh) * | 2007-10-19 | 2008-03-05 | 北京工业大学 | 一种可信网络接入框架 |
CN101242266A (zh) * | 2007-08-01 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络连接方法 |
CN101360020A (zh) * | 2008-09-28 | 2009-02-04 | 西安电子科技大学 | 基于eap的ieee802.1x安全协议的仿真平台及方法 |
CN101447992A (zh) * | 2008-12-08 | 2009-06-03 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络连接实现方法 |
CN101572704A (zh) * | 2009-06-08 | 2009-11-04 | 西安西电捷通无线网络通信有限公司 | 一种适合三元对等鉴别可信网络连接架构的访问控制方法 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7389529B1 (en) * | 2003-05-30 | 2008-06-17 | Cisco Technology, Inc. | Method and apparatus for generating and using nested encapsulation data |
CA2632590A1 (en) | 2005-12-09 | 2008-02-28 | Signacert, Inc. | Method to verify the integrity of components on a trusted platform using integrity database services |
JP4728871B2 (ja) | 2006-05-08 | 2011-07-20 | 株式会社日立製作所 | 機器検疫方法、検疫機器、集約クライアント管理機器、集約クライアント管理プログラム、ネットワーク接続機器およびユーザ端末 |
JP2008141352A (ja) | 2006-11-30 | 2008-06-19 | Toshiba Corp | ネットワークセキュリティシステム |
CN100566252C (zh) | 2007-08-03 | 2009-12-02 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络连接系统 |
JP2009118267A (ja) | 2007-11-07 | 2009-05-28 | Nippon Telegr & Teleph Corp <Ntt> | 通信ネットワークシステム、通信ネットワーク制御方法、通信制御装置、通信制御プログラム、サービス制御装置およびサービス制御プログラム |
CN100553212C (zh) * | 2007-11-16 | 2009-10-21 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络接入控制系统 |
-
2009
- 2009-06-08 CN CN2009100229113A patent/CN101572704B/zh active Active
- 2009-12-09 EP EP09845724.5A patent/EP2442516B1/en not_active Not-in-force
- 2009-12-09 WO PCT/CN2009/075444 patent/WO2010142115A1/zh active Application Filing
- 2009-12-09 US US13/377,098 patent/US8719897B2/en active Active
- 2009-12-09 KR KR1020117031058A patent/KR101434614B1/ko active IP Right Grant
- 2009-12-09 JP JP2012514320A patent/JP5581382B2/ja active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101242266A (zh) * | 2007-08-01 | 2008-08-13 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络连接方法 |
CN101136928A (zh) * | 2007-10-19 | 2008-03-05 | 北京工业大学 | 一种可信网络接入框架 |
CN101360020A (zh) * | 2008-09-28 | 2009-02-04 | 西安电子科技大学 | 基于eap的ieee802.1x安全协议的仿真平台及方法 |
CN101447992A (zh) * | 2008-12-08 | 2009-06-03 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络连接实现方法 |
CN101572704A (zh) * | 2009-06-08 | 2009-11-04 | 西安西电捷通无线网络通信有限公司 | 一种适合三元对等鉴别可信网络连接架构的访问控制方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2442516A4 * |
Also Published As
Publication number | Publication date |
---|---|
US8719897B2 (en) | 2014-05-06 |
JP2012529795A (ja) | 2012-11-22 |
EP2442516A1 (en) | 2012-04-18 |
US20120079561A1 (en) | 2012-03-29 |
KR101434614B1 (ko) | 2014-08-26 |
EP2442516B1 (en) | 2019-09-18 |
JP5581382B2 (ja) | 2014-08-27 |
KR20120017079A (ko) | 2012-02-27 |
EP2442516A4 (en) | 2017-03-15 |
CN101572704B (zh) | 2012-05-23 |
CN101572704A (zh) | 2009-11-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2010142115A1 (zh) | 一种适合三元对等鉴别可信网络连接架构的访问控制方法 | |
DE60024319T2 (de) | Vereinter einloggungsprozess | |
CN1929398B (zh) | 无线通信网安全设置方法、无线通信网络系统和客户设备 | |
TWI336581B (en) | Method and apparatus for control of enhanced dedicated channel transmissions | |
TWI385980B (zh) | 通訊網路內計算距離之方法及其所用裝置 | |
CN101483588B (zh) | 利用已验证的业务质量传输信息的关守和边缘设备 | |
RU2005134506A (ru) | Способ проверки полномочий доступа пользователя в беспроводной локальной сети | |
CN106027456A (zh) | 用于对网络设备进行认证的装置和方法 | |
WO2010145138A1 (zh) | 一种安全服务的控制方法及无线局域网终端 | |
US8495712B2 (en) | Peer-to-peer access control method of triple unit structure | |
CN106789845A (zh) | 一种网络数据安全传输的方法 | |
CN101951386B (zh) | 一种物联网数据汇聚及信息反馈的安全方法 | |
ES2342784T3 (es) | Metodo y sistema para la preparacion de servicio de un dispositivo de acceso a red residencial. | |
WO2011069355A1 (zh) | 一种适合三元对等鉴别可信网络连接架构的网络传输方法 | |
JPH11203248A (ja) | 認証装置、および、そのプログラムを記録した記録媒体 | |
Cisco | TACACS+ Attribute-Value Pairs | |
Cisco | TACACS+ Attribute-Value Pairs | |
AU2006243304B2 (en) | Methods and apparatuses for introducing devices with simple user interfaces into a secure network community | |
CN101662410B (zh) | 一种基于隧道技术的三元鉴别可扩展方法及其系统 | |
CN102412962B (zh) | 组安全连接联合密钥cak的分发方法及装置 | |
EP2249593B1 (en) | Method and apparatus for authenticating a mobile device | |
CN102957674A (zh) | 一种用于宽带网络的资源控制方法和系统 | |
CN103813037B (zh) | 呼叫信息推送方法及系统 | |
US20170230383A1 (en) | Inter-communication unit message routing and verification of connections | |
CN1697364A (zh) | 具有安全性和质量保障的互联设备网 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09845724 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2012514320 Country of ref document: JP Ref document number: 13377098 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009845724 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20117031058 Country of ref document: KR Kind code of ref document: A |