WO2011022902A1 - Procédé de mise en Œuvre d’une authentification bidirectionnelle de plateforme - Google Patents

Procédé de mise en Œuvre d’une authentification bidirectionnelle de plateforme Download PDF

Info

Publication number
WO2011022902A1
WO2011022902A1 PCT/CN2009/075540 CN2009075540W WO2011022902A1 WO 2011022902 A1 WO2011022902 A1 WO 2011022902A1 CN 2009075540 W CN2009075540 W CN 2009075540W WO 2011022902 A1 WO2011022902 A1 WO 2011022902A1
Authority
WO
WIPO (PCT)
Prior art keywords
terminal
platform
aik
component
authentication
Prior art date
Application number
PCT/CN2009/075540
Other languages
English (en)
Chinese (zh)
Inventor
肖跃雷
曹军
黄振海
葛莉
Original Assignee
西安西电捷通无线网络通信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 西安西电捷通无线网络通信股份有限公司 filed Critical 西安西电捷通无线网络通信股份有限公司
Publication of WO2011022902A1 publication Critical patent/WO2011022902A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Definitions

  • the invention belongs to the technical field of complete network, and particularly relates to a method for realizing bidirectional platform identification.
  • platform authentication including authentication platform and platform components to assess in order to determine whether the user is in a trusted platform status.
  • Platform authentication can be applied to a variety of different application scenarios. For example, based on the client's trustworthiness to control client access to the network; determine whether Digital Rights Management (DRM) client software is in a trusted state, has implemented certain strategies to prevent illegal use, Copy or redistribute intellectual property.
  • DRM Digital Rights Management
  • two-way platform authentication can be performed in both the forward and reverse directions.
  • some researchers have designed a two-way platform authentication model for peer-to-peer networks.
  • the above two-way platform authentication implementation method has the following problems:
  • An object of the present invention is to overcome the technical problems existing in the prior art two-way platform authentication implementation method described in the prior art.
  • a method for realizing bidirectional platform authentication which is special in that the method comprises the following steps:
  • the server S establishes communication with the platform private CA, the component classification table, and the network management policy, wherein the platform private CA is used to issue the platform identity certificate of the terminal A and the terminal B, and the terminal A is verified when the platform authentication protocol is executed. And the validity of the platform identity certificate of the terminal B; the platform component reference value in the component classification table is obtained by communicating with the reference value database through the server S; the reference value database is used for storing the reference values of various platform components; The strategy is used to generate platform component evaluation results of terminal A and terminal B, and protect platform component information;
  • Terminal B initiates a platform authentication protocol with terminal A: terminal B sends a platform component metric parameter to terminal A to terminal A;
  • the terminal A waits for the platform authentication protocol initiated by the terminal B: If the terminal A has not received the platform authentication protocol initiated by the terminal B within a set time, the terminal A actively initiates a platform authentication protocol with the terminal B, and the terminal A Sending the platform component metric parameter to the terminal B to the terminal B; otherwise, after receiving the message in step 2), the terminal A acquires the platform of the terminal A according to the platform component metric parameter of the terminal A sent by the terminal B in step 2) The component metric value, and then the obtained platform component metric value of the terminal A is sent to the terminal B, and the platform component metric parameter for the terminal B is sent to the terminal B;
  • Terminal B first verifies whether the platform signature in the platform component metric of terminal A is valid. If invalid, discards the message; if valid, according to the platform of terminal B sent by terminal A in step 3)
  • the component metric parameter obtains the platform component metric value of the terminal B, and then sends the platform identity certificate of the terminal A, the platform identity certificate of the terminal B, the platform component metric value of the terminal A, and the platform component metric value of the terminal B to the server S;
  • the server S first uses the platform private CA to verify the validity of the platform identity certificate of the terminal A and the terminal B, and generates a corresponding platform identity certificate verification result; if the platform identity certificate is invalid, the terminal
  • the platform identity certificate verification result of A and terminal B is sent to terminal B, otherwise the platform component metric value of terminal A and terminal B is verified by using the reference value of the corresponding platform component in the component classification table, and the corresponding platform component check is generated.
  • the network management policy, the component classification table, and the platform component verification result are used to generate the platform component evaluation results of the terminal A and the terminal B, and finally the platform identity certificate verification result and the platform component evaluation result of the terminal A and the terminal B are sent to Terminal B;
  • Terminal B first verifies the platform identity certificate verification result of terminal A and terminal B and the user signature of server S of the platform component evaluation result. If invalid, discards the message; otherwise, when terminal B has completed platform authentication to terminal A
  • the terminal B generates the access decision of the terminal B according to the obtained platform identity certificate verification result of the terminal A and the platform component evaluation result of the terminal A in each round of platform authentication protocols, and performs the access decision of the terminal B, and finally
  • the terminal B will send the platform identity certificate verification result and the platform component evaluation result of the terminal A and the terminal B obtained in the step 5), the information about the platform signature in the platform component metric value of the terminal B, and the access decision of the terminal B.
  • the terminal B will verify the platform identity certificate verification result and the platform component evaluation result of the terminal A and the terminal B obtained in the step 5), and the platform component of the terminal B.
  • the information involved in the platform signature in the metric value is sent to the terminal A; the terminal B completes the identification of the current round platform. After meeting go to step 2) perform another round of authentication protocol internet;
  • Terminal A first verifies the platform signature of the information involved in the platform signature in the platform component metric of terminal B, and discards the message if invalid; if valid, then terminal A and terminal B in step 5) The user signature of the server S of the platform identity certificate verification result and the platform component evaluation result, if invalid, discarding the message; if valid, the access decision of the risk terminal B, if the access decision of the terminal B exists and the value is prohibited, Disconnecting from terminal B. Otherwise, when terminal A has completed platform authentication for terminal B, terminal A performs verification based on the obtained platform identity certificate verification result of terminal B.
  • the platform identity certificate of the above terminal refers to the identity certificate key AIK certificate AIK A of the terminal port, and the platform identity certificate of the terminal B refers to the identity certificate key AIK certificate AIK B of the terminal B.
  • step 2 The specific steps of the foregoing step 2) are: the terminal B generates a random number pair platform A metric parameter Parms A , and then sends them to the terminal A; Parms A is any one of the platform configuration registration identifier list in the terminal A. Or a mixed list of any two or three.
  • the terminal A acquires the integrity report Report and the PCR reference data Quotes A of each platform component in the terminal A according to the N B and the Parms A , where the Reports A includes the PCR reference data and the snapshot of the terminal A, and Need to be transmitted securely to the server S;
  • Quotes A contains N B , PCR value of terminal A, AIK signature of PCR value for N B and terminal A, AIK certificate AIK A of terminal A ; then send Re/wr3 ⁇ 44 to Terminal B, Quotes A, a random number N A and a platform integrity metric parameter ParaiSB for terminal B, where Parms B is a sequence number list of PCRs in terminal B, a component type list of platform components in terminal B, or an identifier list of platform components in terminal B Any one or a mixed list of any two or three.
  • step 4) terminal B verifies the AIK signature in Quotes A , and discards the message if it is invalid; if valid, obtains the integrity report Re ri of each platform component in terminal B according to N A and ParaiSB PCR reference data Quotes B , where Re r ⁇ contains PCR reference data and snapshot of terminal B; Quotes B contains N A , PCR value of terminal B, AIK signature of PCR value of N A and terminal B, AIK certificate of terminal B AIK B then sends N B , N A , AIK A , A1K b , Reports a , Reports B to server S, where N BS is the random number generated by terminal B.
  • the server S uses the platform private CA to verify the validity of the AIK certificates AIK A and AIK B of the terminal A and the terminal B, and generates corresponding AIK certificate validity verification results Re A and Re B , when When the AIK certificate is valid, the server S further utilizes the corresponding platform components in the component classification table.
  • the integrity reference value is used to verify the integrity metrics of the platform components in the Report and Re/wri of Terminal A and Terminal B, and generate platform component integrity check results, and then utilize the network management policy, component classification table, and terminal A.
  • Sig is the month S sign the user of N BS , N A , Quotes A ? Quotes B , Res A , Rems A , Res B and Rem , and the AIK certificate verification results of terminal A and terminal B exist only when the first round of platform authentication protocol is executed .
  • step 6 The specific steps of the above step 6) are: terminal B verification [ ⁇ , ⁇ ⁇ , ⁇ ⁇ , AIK b , Re A ,
  • step 7) terminal A verifies the AIK signature in Quotes B , and then verifies [N BS , N A , AIK A , AIKB , Re A , Re B ] Slg and [N BS in step 5).
  • N A , Quotes A , Quotes B , Res A , Rems A , Res B , Rem ] Sig server S user signature, if invalid, discard the message; if valid, verify Action B , if Action B exists and its If the value is forbidden, the connection with the terminal B is disconnected. Otherwise, when the terminal A has completed the platform authentication for the terminal B, the terminal A obtains the AIK certificate verification result of the terminal B and the executed round platform authentication protocol.
  • the platform component evaluation result of the terminal B generates the access decision Action A of the terminal A, and executes the access decision Action A , and finally sends the access decision to the terminal B; when the terminal A has not completed the platform authentication to the terminal B, terminal After completing the current round of platform authentication protocol, A skips to step 3) and performs another round of platform authentication protocol. If terminal A receives the access decision of terminal B, it notifies terminal B of the access decision to execute the platform authentication protocol in terminal A.
  • Related components; Action A values are allowed, disabled, or quarantined. Action A exists only when terminal A has completed platform authentication for terminal B.
  • the platform authentication protocol message between the terminal A and the terminal B is securely protected by a secure channel established between the terminal A and the terminal B. If the security channel is related to user authentication between the terminal A and the terminal B, Binding the secure channel to the AIK signature to enhance the security of the platform authentication protocol. If the secure channel is not related to user authentication between terminal A and terminal B, the secure channel and user authentication can be bound in the AIK signature. Information to enhance the security of the platform authentication protocol.
  • the message sent to the terminal A in this step does not include the platform identity certificate verification result of the terminal A and the terminal B.
  • the server S in the present invention provides all platform authentication capabilities for terminal A and terminal B, including platform identity authentication and evaluation of platform components.
  • Terminal A and terminal B only need to verify the platform signature of the other party, verify the user signature of the server S, and
  • the platform identity certificate verification result and the platform component evaluation result generate access decisions, effectively reducing the load of the terminal A and the terminal B, and enhancing the applicability of the bidirectional platform authentication method; setting the network management policy and combining the component classification table It can effectively protect certain platform components in terminal A and terminal B from being exposed to the other party.
  • Figure 1 is a schematic block diagram of the present invention.
  • Step 1) The server S establishes communication with the platform private CA, establishes communication with the component classification table, and establishes communication with the network management policy, wherein the component
  • the platform component reference values in the classification table can be obtained by communicating with a baseline value database.
  • the platform private CA can be acted upon or established by the server S, or it can be used by a third-party authority to issue platform identity certificates of terminal A and terminal B, such as: AIK certificates of terminal A and terminal B, And verifying the validity of the platform identity certificates of terminal A and terminal B when performing the platform authentication protocol.
  • the benchmark database is built by a third-party authority that stores benchmark values for various platform components, such as: integrity benchmarks for various platform components.
  • the component classification table may be established by the server S, or may be established by a third-party authority, and each of its records may include the component type, serial number, identification, version number, security level, and reference value of the platform component, and the like.
  • the baseline value needs to be obtained by communicating with the benchmark database.
  • the structure of the component classification table is as follows: r version number, security level, reference value, serial number, identification
  • the component type of the platform component indicates which type of platform component the platform component belongs to.
  • the serial number of the platform component indicates the location number of the platform component in the component classification table (used to vaguely distinguish different platform components under the same component type), platform component
  • the identifier of the platform indicates what the platform component is (such as: Skynet firewall or other firewall, used to clearly distinguish different platform components under the same component type), the version number of the platform component indicates which version of the platform component belongs to (such as: v5 .1.1.1002), the security level of the platform component indicates which security level the platform component belongs to, and the benchmark value of the platform component can be used to verify the platform component metrics in the platform authentication protocol (eg, the integrity reference value of the platform component) ).
  • the network manager policy is established by the server S, which is used to generate the platform component evaluation results of the terminal A and the terminal B, and can protect certain platform component information to avoid being detected by the other party between the terminal A and the terminal B.
  • the network management policy sets a platform component between terminal A and terminal B, no type, serial number, identification, version number, security level, health status, and platform component verification result are required.
  • the structure of the platform component evaluation results in unprotected mode is as follows: Serial number: ID: Version number: Security level: Health and platform component verification result
  • Component type Health status refers to whether the platform component is running, which port number is used for communication, etc.
  • the platform component verification result can be a platform component.
  • the integrity check result is used to display the integrity status of the platform components.
  • the platform component evaluation result generated by the server S may include the component type, the serial number, the security level, the health status, and the platform component of the platform component. Check the result. For example: Platform component evaluation in protected mode The structure of the results is as follows:
  • the health cannot contain information about the platform component, such as the port number that identifies the platform component. Because a port number may be limited to a platform component Used, so the platform component can be identified by this port number, thus exposing the platform components.
  • Terminal B initiates a platform authentication protocol with terminal A, which sends a platform component metric parameter to terminal A to terminal A, which identifies which platform components in terminal A need to be metric.
  • Terminal B generates a random number N B and a platform integrity metric parameter ParmsA for terminal A, where Parms A identifies which platform integrity needs to be measured in terminal A and then sends them to the terminal.
  • ParmsA may be a serial number list of the platform configuration register PCR in the terminal A, may be a list of component types of the platform components in the terminal A, may be an identifier list of the platform components in the terminal A, or may be a mixed list of the above two or three.
  • Step 3) The terminal A waits for the platform authentication protocol initiated by the terminal B. If the platform authentication protocol initiated by the terminal B has not been received within a set time, the platform authentication protocol initiated with the terminal B is initiated, and the terminal A sends the protocol to the terminal B.
  • the platform component metric parameter of terminal B which identifies which platform components in terminal B need to be measured, otherwise, after receiving the message in step 2), according to the platform component metric parameter obtained by terminal B in step 2) Terminal A's platform component metrics, and then the obtained terminal A
  • the platform component metrics are sent to terminal B, while the terminal component metric parameters for terminal B are sent to terminal B, which identifies which platform components in terminal B require metrics.
  • the terminal A acquires the terminal A of each platform assembly according Parms A and N B, and integrity reporting Report Quotes A PCR reference data, wherein Re / wr ⁇ A terminal comprising PCR reference data and snapshots, it needs to secure transport Server S, Quotes A contains N B , PCR value of terminal A, AIK signature of PCR value of N B and terminal A, AIK certificate AIK A of terminal A, etc., and then sends Reports, Quotes A , random number to terminal B N A and the platform integrity metric parameter ParaiSB for terminal B, where Parms B identifies which platform integrity needs to be measured in terminal B.
  • the ParaiSB may be a sequence number list of PCRs in the terminal B, may be a list of component types of the platform components in the terminal B, may be an identifier list of the platform components in the terminal B, or may be a mixed list of the above two or three.
  • Step 4) After receiving the message in step 3), terminal B first verifies the platform signature in the platform component metric of terminal A. If invalid, discards the message, otherwise the terminal is sent according to terminal A in step 3).
  • the platform component metric of B obtains the platform component metric of terminal B, and then sends the platform identity certificate of terminal A, the platform identity certificate of terminal B, the platform component metric value of terminal A, and the platform component metric value of terminal B to the server S. For example: terminal B verifies the AIK signature in Quotes A.
  • Step 5 After receiving the message in step 4), the server S first uses the platform private CA to verify the validity of the platform identity certificate of the terminal A and the terminal B, and generates a corresponding platform identity certificate verification result. If the platform identity certificate is invalid, Transmitting the platform identity certificate verification result of terminal A and terminal B to terminal B, otherwise verifying the platform component metric values of terminal A and terminal B by using the reference value of the corresponding platform component in the component classification table and generating a corresponding platform component check As a result, the network management policy, the component classification table, and the platform component verification result are used to generate the platform component evaluation results of the terminal A and the terminal B, and finally the platform identity certificate verification result and the platform component evaluation result of the terminal A and the terminal B are sent to Terminal value It should be noted that the platform identity certificate verification results of terminal A and terminal B exist only when the first round of platform authentication protocol is executed.
  • the server S uses the platform private CA to verify the validity of the AIK certificates AIK A and AIK B of the terminal A and the terminal B, and generates corresponding AIK certificate validity verification results Re A and Re B .
  • the server S Further verifying the integrity metrics of the platform components in the Report and Re/?w of Terminal A and Terminal B by using the integrity reference values of the corresponding platform components in the component classification table, and generating the platform component integrity check results, and then
  • the component level evaluation results Res A and Res B of the terminal A and the terminal B are generated by using the network component management strategy, the component classification table, the platform component integrity check result of the terminal A and the terminal B , and the component level repair information Rem Rem, wherein 3 ⁇ 4 «3 ⁇ 4 Requires secure transmission to terminal A, Rem needs to be transmitted securely to terminal B, and finally sends Re A , Re B , [N B _ S , N A , AIK A , AIK B , Re A?
  • Sig is the platform component evaluation result of terminal A and terminal B, [N BS , N A , AIK A , AIKB, Re A , Re B ] Slg is the user signature of server S for N BS , N A , AIK A , AIKB , Re A and Re B , [N BS , N A , Quotes A , Quotes B , Res A? Rents A , Res B , Rem ]
  • Sig is the user signature of server S for N BS , N A , Quotes A ? Quotes B , Res A , Rems A , Res B and Rem , AIK certificate for terminal A and terminal B
  • the verification results only exist when the first round of platform authentication protocol is executed.
  • Step 6 After receiving the message in step 5), the terminal B firstly verifies the platform identity certificate verification result of the terminal A and the terminal B and the user signature of the server S of the platform component evaluation result. If invalid, the message is discarded, otherwise
  • the terminal B When the terminal B has completed the platform authentication for the terminal A, the terminal B generates the terminal B according to the obtained platform identity certificate verification result of the terminal A and the platform component evaluation result of the terminal A in each round of platform authentication protocols executed. Accessing the decision, and performing the access decision of the terminal B.
  • the terminal B sends the message in the step 5), the information about the platform signature in the platform component metric of the terminal B, and the access decision of the terminal B to the terminal A;
  • the terminal B sends the message in the step 5) and the information about the platform signature in the platform component metric value of the terminal B to the terminal A, and the terminal B completes the current round platform.
  • another round of platform authentication protocol needs to be initiated, that is, after completing the current round of platform authentication protocol, skip to step 2) and perform another round of platform authentication protocol.
  • the message sent to the terminal A in this step does not include the platform identity certificate verification result of the terminal A and the terminal B.
  • Terminal Insurance [N BS , N A , AIK A , AIK b , Re A , Re B ] Sig and [N BS , N A , Quotes A , Quotes B , Res A , Rems A , Res B , Rem ]
  • User signature of server S of Sig if invalid, discard the message; if valid, send the message in Quotes B , N B _ S , Action B and step 5) to terminal A, where Action B is the access decision of terminal B
  • the value can be allowed, forbidden, or isolated, etc., which exists only when terminal B has completed platform authentication for terminal A.
  • Step 7) After receiving the message in step 6), terminal A first verifies the platform signature of the information involved in the platform signature in the platform component metric of terminal B. If invalid, discards the message, otherwise the verification step 5) In the message, the platform identity certificate risk result of terminal A and terminal B and the user signature of the server S of the platform component evaluation result are discarded, if not, the message is discarded, otherwise the access decision of terminal B is verified, if the access decision of terminal B is If the value is forbidden, the connection with the terminal B is disconnected. Otherwise: when the terminal A has completed the platform authentication for the terminal B, the terminal A verifies the result according to the acquired platform identity certificate of the terminal B and the executed rounds.
  • the platform component evaluation result of the terminal B in the platform authentication protocol generates the access decision of the terminal A, and performs the access decision of the terminal A, and finally sends the access decision of the terminal A to the terminal B; when the terminal A has not completed the platform for the terminal B During authentication, terminal A needs to wait for the platform authentication protocol initiated by terminal B after completing the current round of platform authentication protocol, or initiate another round of platform authentication association. , That is, after the completion of the current round of platform authentication protocols skip to step 3) to perform another round of platform authentication protocols. If the terminal A receives the access decision of the terminal B, the terminal B's access decision is notified to the terminal A to execute the relevant components of the platform authentication protocol.
  • Terminal A verifies the AIK signature in Quotes B , and then verifies [N BS , N A , AIK A , AIKB , Re A , Re B ] Slg and [N BS , N A , Quotes A in the message in step 5) , Quotes B , Res A , Rems A , Res B , Rem] Sig 's user signature of the server S, discard the message if invalid; if valid, send N B and Action A to terminal B, where Action A It is the access decision of terminal A, and its value can be allowed, prohibited, or isolated. This message exists only when terminal A has completed the platform authentication for terminal B.
  • Step 8 After receiving the message in step 7), the terminal B notifies the access decision of the terminal A to the relevant component of the platform authentication protocol in the terminal B.
  • the platform authentication association between terminal A and terminal B The negotiation message is secured by a secure channel established between terminal A and terminal B. If the secure channel is related to user authentication between the terminal A and the terminal B, the secure channel may be bound in the AIK signature to enhance the security of the platform authentication protocol. If the secure channel is not related to user authentication between the terminal A and the terminal B, the secure channel and the user authentication information may be bound in the AIK signature to enhance the security of the platform authentication protocol.
  • the above-mentioned binding is related to the secure channel of the user authentication between the terminal A and the terminal B, or the user authentication of the secure channel, the terminal A and the terminal B that are not related to the user authentication between the terminal A and the terminal B.
  • the method of information is applicable to any two-way platform authentication method.

Abstract

L’invention concerne un procédé de mise en œuvre d’une authentification bidirectionnelle de plateforme. Selon le procédé, un serveur S réalise toutes les opérations d’authentification de plateforme associées à un terminal A et à un terminal B, notamment l’établissement d’une authentification de l’identité de la plateforme et d’une authentification des membres de la plateforme, le terminal A et le terminal B se contentant de vérifier une signature de plateforme d’un tiers, de vérifier une signature d’utilisateur du serveur S et d’établir une stratégie d’accès compte tenu des résultats d’authentification des protocoles d’identité de la plateforme et des résultats d’authentification des membres de la plateforme. Le procédé permet de réduire efficacement la charge sur le terminal A et le terminal B et de favoriser l’applicabilité d’une authentification bidirectionnelle de plateforme. Le procédé permet en outre de protéger certains membres de la plateforme du terminal A et du terminal B d’une intrusion par un tiers grâce à l’établissement d’une stratégie de gestion de réseau et à l’incorporation d’une table de classification de membres.
PCT/CN2009/075540 2009-08-25 2009-12-14 Procédé de mise en Œuvre d’une authentification bidirectionnelle de plateforme WO2011022902A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200910023684.6 2009-08-25
CN2009100236846A CN101635709B (zh) 2009-08-25 2009-08-25 一种可实现双向平台鉴别的方法

Publications (1)

Publication Number Publication Date
WO2011022902A1 true WO2011022902A1 (fr) 2011-03-03

Family

ID=41594770

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2009/075540 WO2011022902A1 (fr) 2009-08-25 2009-12-14 Procédé de mise en Œuvre d’une authentification bidirectionnelle de plateforme

Country Status (2)

Country Link
CN (1) CN101635709B (fr)
WO (1) WO2011022902A1 (fr)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104994106B (zh) * 2015-07-13 2018-04-10 河南中盾云安全研究中心 用于智能手机与可穿戴设备的配对/解配对系统及方法
CN110334514B (zh) * 2019-07-05 2021-05-14 北京可信华泰信息技术有限公司 一种基于可信计算平台验证度量报告的方法及装置
CN114696999A (zh) * 2020-12-26 2022-07-01 西安西电捷通无线网络通信股份有限公司 一种身份鉴别方法和装置

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043338A (zh) * 2007-04-27 2007-09-26 中国科学院软件研究所 基于安全需求的远程证明方法及其系统
CN101136928A (zh) * 2007-10-19 2008-03-05 北京工业大学 一种可信网络接入框架

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100566251C (zh) * 2007-08-01 2009-12-02 西安西电捷通无线网络通信有限公司 一种增强安全性的可信网络连接方法
CN101431517B (zh) * 2008-12-08 2011-04-27 西安西电捷通无线网络通信股份有限公司 一种基于三元对等鉴别的可信网络连接握手方法

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101043338A (zh) * 2007-04-27 2007-09-26 中国科学院软件研究所 基于安全需求的远程证明方法及其系统
CN101136928A (zh) * 2007-10-19 2008-03-05 北京工业大学 一种可信网络接入框架

Also Published As

Publication number Publication date
CN101635709A (zh) 2010-01-27
CN101635709B (zh) 2011-04-27

Similar Documents

Publication Publication Date Title
JP5248621B2 (ja) 3値同等識別に基づく、信頼されているネットワークアクセス制御システム
US8255977B2 (en) Trusted network connect method based on tri-element peer authentication
JP5259724B2 (ja) 3エレメントピア認証に基づく信頼されているネットワークアクセス制御方法
RU2437230C2 (ru) Способ доверенного сетевого соединения для совершенствования защиты
US8826368B2 (en) Platform authentication method suitable for trusted network connect architecture based on tri-element peer authentication
US8826378B2 (en) Techniques for authenticated posture reporting and associated enforcement of network access
US8191113B2 (en) Trusted network connect system based on tri-element peer authentication
JP5414898B2 (ja) 有線lanのセキュリティアクセス制御方法及びそのシステム
KR101296101B1 (ko) 트라이 요소 피어 인증에 기초한 트러스트 네트워크 커넥트 실현 방법
US20110238996A1 (en) Trusted network connect handshake method based on tri-element peer authentication
Razaque et al. Triangular data privacy-preserving model for authenticating all key stakeholders in a cloud environment
WO2012013011A1 (fr) Procédé et dispositif de gestion de stratégie d'authentification de plateforme pour architecture de connexion sécurisée
US8789134B2 (en) Method for establishing trusted network connect framework of tri-element peer authentication
WO2009018743A1 (fr) Système de connexion à un réseau de confiance destiné à améliorer la sécurité
US20200322382A1 (en) Collaborative security for application layer encryption
WO2011109959A1 (fr) Procédé et système de mise en œuvre de l'identification d'une plateforme convenant à une architecture de connexion sécurisée
WO2011015007A1 (fr) Procédé d'authentification de sécurité à distance
WO2010118613A1 (fr) Procédé de mise en oeuvre d'une architecture de connexion au réseau de confiance à authentification de poste par trois éléments
CN113901432A (zh) 区块链身份认证方法、设备、存储介质及计算机程序产品
WO2011022902A1 (fr) Procédé de mise en Œuvre d’une authentification bidirectionnelle de plateforme
US11469905B2 (en) Device and method for processing public key of user in communication system that includes a plurality of nodes
WO2010121474A1 (fr) Procédé d'authentification et de gestion de plateforme adapté à une architecture de connexion de réseau de confiance d'authentification de pair ternaire
WO2011069355A1 (fr) Procédé de transmission de réseau conçu pour une architecture de connexion réseau de confiance par authentification d'homologue à trois éléments
CN114401091A (zh) 基于区块链的设备跨域认证管理方法及装置
WO2012083667A1 (fr) Procédé de gestion et appareil pour accomplir une procédure d'authentification de plate-forme adaptée à une architecture de connexion sécurisée

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09848634

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09848634

Country of ref document: EP

Kind code of ref document: A1