WO2011022902A1 - Procédé de mise en uvre dune authentification bidirectionnelle de plateforme - Google Patents
Procédé de mise en uvre dune authentification bidirectionnelle de plateforme Download PDFInfo
- Publication number
- WO2011022902A1 WO2011022902A1 PCT/CN2009/075540 CN2009075540W WO2011022902A1 WO 2011022902 A1 WO2011022902 A1 WO 2011022902A1 CN 2009075540 W CN2009075540 W CN 2009075540W WO 2011022902 A1 WO2011022902 A1 WO 2011022902A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- terminal
- platform
- aik
- component
- authentication
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
Definitions
- the invention belongs to the technical field of complete network, and particularly relates to a method for realizing bidirectional platform identification.
- platform authentication including authentication platform and platform components to assess in order to determine whether the user is in a trusted platform status.
- Platform authentication can be applied to a variety of different application scenarios. For example, based on the client's trustworthiness to control client access to the network; determine whether Digital Rights Management (DRM) client software is in a trusted state, has implemented certain strategies to prevent illegal use, Copy or redistribute intellectual property.
- DRM Digital Rights Management
- two-way platform authentication can be performed in both the forward and reverse directions.
- some researchers have designed a two-way platform authentication model for peer-to-peer networks.
- the above two-way platform authentication implementation method has the following problems:
- An object of the present invention is to overcome the technical problems existing in the prior art two-way platform authentication implementation method described in the prior art.
- a method for realizing bidirectional platform authentication which is special in that the method comprises the following steps:
- the server S establishes communication with the platform private CA, the component classification table, and the network management policy, wherein the platform private CA is used to issue the platform identity certificate of the terminal A and the terminal B, and the terminal A is verified when the platform authentication protocol is executed. And the validity of the platform identity certificate of the terminal B; the platform component reference value in the component classification table is obtained by communicating with the reference value database through the server S; the reference value database is used for storing the reference values of various platform components; The strategy is used to generate platform component evaluation results of terminal A and terminal B, and protect platform component information;
- Terminal B initiates a platform authentication protocol with terminal A: terminal B sends a platform component metric parameter to terminal A to terminal A;
- the terminal A waits for the platform authentication protocol initiated by the terminal B: If the terminal A has not received the platform authentication protocol initiated by the terminal B within a set time, the terminal A actively initiates a platform authentication protocol with the terminal B, and the terminal A Sending the platform component metric parameter to the terminal B to the terminal B; otherwise, after receiving the message in step 2), the terminal A acquires the platform of the terminal A according to the platform component metric parameter of the terminal A sent by the terminal B in step 2) The component metric value, and then the obtained platform component metric value of the terminal A is sent to the terminal B, and the platform component metric parameter for the terminal B is sent to the terminal B;
- Terminal B first verifies whether the platform signature in the platform component metric of terminal A is valid. If invalid, discards the message; if valid, according to the platform of terminal B sent by terminal A in step 3)
- the component metric parameter obtains the platform component metric value of the terminal B, and then sends the platform identity certificate of the terminal A, the platform identity certificate of the terminal B, the platform component metric value of the terminal A, and the platform component metric value of the terminal B to the server S;
- the server S first uses the platform private CA to verify the validity of the platform identity certificate of the terminal A and the terminal B, and generates a corresponding platform identity certificate verification result; if the platform identity certificate is invalid, the terminal
- the platform identity certificate verification result of A and terminal B is sent to terminal B, otherwise the platform component metric value of terminal A and terminal B is verified by using the reference value of the corresponding platform component in the component classification table, and the corresponding platform component check is generated.
- the network management policy, the component classification table, and the platform component verification result are used to generate the platform component evaluation results of the terminal A and the terminal B, and finally the platform identity certificate verification result and the platform component evaluation result of the terminal A and the terminal B are sent to Terminal B;
- Terminal B first verifies the platform identity certificate verification result of terminal A and terminal B and the user signature of server S of the platform component evaluation result. If invalid, discards the message; otherwise, when terminal B has completed platform authentication to terminal A
- the terminal B generates the access decision of the terminal B according to the obtained platform identity certificate verification result of the terminal A and the platform component evaluation result of the terminal A in each round of platform authentication protocols, and performs the access decision of the terminal B, and finally
- the terminal B will send the platform identity certificate verification result and the platform component evaluation result of the terminal A and the terminal B obtained in the step 5), the information about the platform signature in the platform component metric value of the terminal B, and the access decision of the terminal B.
- the terminal B will verify the platform identity certificate verification result and the platform component evaluation result of the terminal A and the terminal B obtained in the step 5), and the platform component of the terminal B.
- the information involved in the platform signature in the metric value is sent to the terminal A; the terminal B completes the identification of the current round platform. After meeting go to step 2) perform another round of authentication protocol internet;
- Terminal A first verifies the platform signature of the information involved in the platform signature in the platform component metric of terminal B, and discards the message if invalid; if valid, then terminal A and terminal B in step 5) The user signature of the server S of the platform identity certificate verification result and the platform component evaluation result, if invalid, discarding the message; if valid, the access decision of the risk terminal B, if the access decision of the terminal B exists and the value is prohibited, Disconnecting from terminal B. Otherwise, when terminal A has completed platform authentication for terminal B, terminal A performs verification based on the obtained platform identity certificate verification result of terminal B.
- the platform identity certificate of the above terminal refers to the identity certificate key AIK certificate AIK A of the terminal port, and the platform identity certificate of the terminal B refers to the identity certificate key AIK certificate AIK B of the terminal B.
- step 2 The specific steps of the foregoing step 2) are: the terminal B generates a random number pair platform A metric parameter Parms A , and then sends them to the terminal A; Parms A is any one of the platform configuration registration identifier list in the terminal A. Or a mixed list of any two or three.
- the terminal A acquires the integrity report Report and the PCR reference data Quotes A of each platform component in the terminal A according to the N B and the Parms A , where the Reports A includes the PCR reference data and the snapshot of the terminal A, and Need to be transmitted securely to the server S;
- Quotes A contains N B , PCR value of terminal A, AIK signature of PCR value for N B and terminal A, AIK certificate AIK A of terminal A ; then send Re/wr3 ⁇ 44 to Terminal B, Quotes A, a random number N A and a platform integrity metric parameter ParaiSB for terminal B, where Parms B is a sequence number list of PCRs in terminal B, a component type list of platform components in terminal B, or an identifier list of platform components in terminal B Any one or a mixed list of any two or three.
- step 4) terminal B verifies the AIK signature in Quotes A , and discards the message if it is invalid; if valid, obtains the integrity report Re ri of each platform component in terminal B according to N A and ParaiSB PCR reference data Quotes B , where Re r ⁇ contains PCR reference data and snapshot of terminal B; Quotes B contains N A , PCR value of terminal B, AIK signature of PCR value of N A and terminal B, AIK certificate of terminal B AIK B then sends N B , N A , AIK A , A1K b , Reports a , Reports B to server S, where N BS is the random number generated by terminal B.
- the server S uses the platform private CA to verify the validity of the AIK certificates AIK A and AIK B of the terminal A and the terminal B, and generates corresponding AIK certificate validity verification results Re A and Re B , when When the AIK certificate is valid, the server S further utilizes the corresponding platform components in the component classification table.
- the integrity reference value is used to verify the integrity metrics of the platform components in the Report and Re/wri of Terminal A and Terminal B, and generate platform component integrity check results, and then utilize the network management policy, component classification table, and terminal A.
- Sig is the month S sign the user of N BS , N A , Quotes A ? Quotes B , Res A , Rems A , Res B and Rem , and the AIK certificate verification results of terminal A and terminal B exist only when the first round of platform authentication protocol is executed .
- step 6 The specific steps of the above step 6) are: terminal B verification [ ⁇ , ⁇ ⁇ , ⁇ ⁇ , AIK b , Re A ,
- step 7) terminal A verifies the AIK signature in Quotes B , and then verifies [N BS , N A , AIK A , AIKB , Re A , Re B ] Slg and [N BS in step 5).
- N A , Quotes A , Quotes B , Res A , Rems A , Res B , Rem ] Sig server S user signature, if invalid, discard the message; if valid, verify Action B , if Action B exists and its If the value is forbidden, the connection with the terminal B is disconnected. Otherwise, when the terminal A has completed the platform authentication for the terminal B, the terminal A obtains the AIK certificate verification result of the terminal B and the executed round platform authentication protocol.
- the platform component evaluation result of the terminal B generates the access decision Action A of the terminal A, and executes the access decision Action A , and finally sends the access decision to the terminal B; when the terminal A has not completed the platform authentication to the terminal B, terminal After completing the current round of platform authentication protocol, A skips to step 3) and performs another round of platform authentication protocol. If terminal A receives the access decision of terminal B, it notifies terminal B of the access decision to execute the platform authentication protocol in terminal A.
- Related components; Action A values are allowed, disabled, or quarantined. Action A exists only when terminal A has completed platform authentication for terminal B.
- the platform authentication protocol message between the terminal A and the terminal B is securely protected by a secure channel established between the terminal A and the terminal B. If the security channel is related to user authentication between the terminal A and the terminal B, Binding the secure channel to the AIK signature to enhance the security of the platform authentication protocol. If the secure channel is not related to user authentication between terminal A and terminal B, the secure channel and user authentication can be bound in the AIK signature. Information to enhance the security of the platform authentication protocol.
- the message sent to the terminal A in this step does not include the platform identity certificate verification result of the terminal A and the terminal B.
- the server S in the present invention provides all platform authentication capabilities for terminal A and terminal B, including platform identity authentication and evaluation of platform components.
- Terminal A and terminal B only need to verify the platform signature of the other party, verify the user signature of the server S, and
- the platform identity certificate verification result and the platform component evaluation result generate access decisions, effectively reducing the load of the terminal A and the terminal B, and enhancing the applicability of the bidirectional platform authentication method; setting the network management policy and combining the component classification table It can effectively protect certain platform components in terminal A and terminal B from being exposed to the other party.
- Figure 1 is a schematic block diagram of the present invention.
- Step 1) The server S establishes communication with the platform private CA, establishes communication with the component classification table, and establishes communication with the network management policy, wherein the component
- the platform component reference values in the classification table can be obtained by communicating with a baseline value database.
- the platform private CA can be acted upon or established by the server S, or it can be used by a third-party authority to issue platform identity certificates of terminal A and terminal B, such as: AIK certificates of terminal A and terminal B, And verifying the validity of the platform identity certificates of terminal A and terminal B when performing the platform authentication protocol.
- the benchmark database is built by a third-party authority that stores benchmark values for various platform components, such as: integrity benchmarks for various platform components.
- the component classification table may be established by the server S, or may be established by a third-party authority, and each of its records may include the component type, serial number, identification, version number, security level, and reference value of the platform component, and the like.
- the baseline value needs to be obtained by communicating with the benchmark database.
- the structure of the component classification table is as follows: r version number, security level, reference value, serial number, identification
- the component type of the platform component indicates which type of platform component the platform component belongs to.
- the serial number of the platform component indicates the location number of the platform component in the component classification table (used to vaguely distinguish different platform components under the same component type), platform component
- the identifier of the platform indicates what the platform component is (such as: Skynet firewall or other firewall, used to clearly distinguish different platform components under the same component type), the version number of the platform component indicates which version of the platform component belongs to (such as: v5 .1.1.1002), the security level of the platform component indicates which security level the platform component belongs to, and the benchmark value of the platform component can be used to verify the platform component metrics in the platform authentication protocol (eg, the integrity reference value of the platform component) ).
- the network manager policy is established by the server S, which is used to generate the platform component evaluation results of the terminal A and the terminal B, and can protect certain platform component information to avoid being detected by the other party between the terminal A and the terminal B.
- the network management policy sets a platform component between terminal A and terminal B, no type, serial number, identification, version number, security level, health status, and platform component verification result are required.
- the structure of the platform component evaluation results in unprotected mode is as follows: Serial number: ID: Version number: Security level: Health and platform component verification result
- Component type Health status refers to whether the platform component is running, which port number is used for communication, etc.
- the platform component verification result can be a platform component.
- the integrity check result is used to display the integrity status of the platform components.
- the platform component evaluation result generated by the server S may include the component type, the serial number, the security level, the health status, and the platform component of the platform component. Check the result. For example: Platform component evaluation in protected mode The structure of the results is as follows:
- the health cannot contain information about the platform component, such as the port number that identifies the platform component. Because a port number may be limited to a platform component Used, so the platform component can be identified by this port number, thus exposing the platform components.
- Terminal B initiates a platform authentication protocol with terminal A, which sends a platform component metric parameter to terminal A to terminal A, which identifies which platform components in terminal A need to be metric.
- Terminal B generates a random number N B and a platform integrity metric parameter ParmsA for terminal A, where Parms A identifies which platform integrity needs to be measured in terminal A and then sends them to the terminal.
- ParmsA may be a serial number list of the platform configuration register PCR in the terminal A, may be a list of component types of the platform components in the terminal A, may be an identifier list of the platform components in the terminal A, or may be a mixed list of the above two or three.
- Step 3) The terminal A waits for the platform authentication protocol initiated by the terminal B. If the platform authentication protocol initiated by the terminal B has not been received within a set time, the platform authentication protocol initiated with the terminal B is initiated, and the terminal A sends the protocol to the terminal B.
- the platform component metric parameter of terminal B which identifies which platform components in terminal B need to be measured, otherwise, after receiving the message in step 2), according to the platform component metric parameter obtained by terminal B in step 2) Terminal A's platform component metrics, and then the obtained terminal A
- the platform component metrics are sent to terminal B, while the terminal component metric parameters for terminal B are sent to terminal B, which identifies which platform components in terminal B require metrics.
- the terminal A acquires the terminal A of each platform assembly according Parms A and N B, and integrity reporting Report Quotes A PCR reference data, wherein Re / wr ⁇ A terminal comprising PCR reference data and snapshots, it needs to secure transport Server S, Quotes A contains N B , PCR value of terminal A, AIK signature of PCR value of N B and terminal A, AIK certificate AIK A of terminal A, etc., and then sends Reports, Quotes A , random number to terminal B N A and the platform integrity metric parameter ParaiSB for terminal B, where Parms B identifies which platform integrity needs to be measured in terminal B.
- the ParaiSB may be a sequence number list of PCRs in the terminal B, may be a list of component types of the platform components in the terminal B, may be an identifier list of the platform components in the terminal B, or may be a mixed list of the above two or three.
- Step 4) After receiving the message in step 3), terminal B first verifies the platform signature in the platform component metric of terminal A. If invalid, discards the message, otherwise the terminal is sent according to terminal A in step 3).
- the platform component metric of B obtains the platform component metric of terminal B, and then sends the platform identity certificate of terminal A, the platform identity certificate of terminal B, the platform component metric value of terminal A, and the platform component metric value of terminal B to the server S. For example: terminal B verifies the AIK signature in Quotes A.
- Step 5 After receiving the message in step 4), the server S first uses the platform private CA to verify the validity of the platform identity certificate of the terminal A and the terminal B, and generates a corresponding platform identity certificate verification result. If the platform identity certificate is invalid, Transmitting the platform identity certificate verification result of terminal A and terminal B to terminal B, otherwise verifying the platform component metric values of terminal A and terminal B by using the reference value of the corresponding platform component in the component classification table and generating a corresponding platform component check As a result, the network management policy, the component classification table, and the platform component verification result are used to generate the platform component evaluation results of the terminal A and the terminal B, and finally the platform identity certificate verification result and the platform component evaluation result of the terminal A and the terminal B are sent to Terminal value It should be noted that the platform identity certificate verification results of terminal A and terminal B exist only when the first round of platform authentication protocol is executed.
- the server S uses the platform private CA to verify the validity of the AIK certificates AIK A and AIK B of the terminal A and the terminal B, and generates corresponding AIK certificate validity verification results Re A and Re B .
- the server S Further verifying the integrity metrics of the platform components in the Report and Re/?w of Terminal A and Terminal B by using the integrity reference values of the corresponding platform components in the component classification table, and generating the platform component integrity check results, and then
- the component level evaluation results Res A and Res B of the terminal A and the terminal B are generated by using the network component management strategy, the component classification table, the platform component integrity check result of the terminal A and the terminal B , and the component level repair information Rem Rem, wherein 3 ⁇ 4 «3 ⁇ 4 Requires secure transmission to terminal A, Rem needs to be transmitted securely to terminal B, and finally sends Re A , Re B , [N B _ S , N A , AIK A , AIK B , Re A?
- Sig is the platform component evaluation result of terminal A and terminal B, [N BS , N A , AIK A , AIKB, Re A , Re B ] Slg is the user signature of server S for N BS , N A , AIK A , AIKB , Re A and Re B , [N BS , N A , Quotes A , Quotes B , Res A? Rents A , Res B , Rem ]
- Sig is the user signature of server S for N BS , N A , Quotes A ? Quotes B , Res A , Rems A , Res B and Rem , AIK certificate for terminal A and terminal B
- the verification results only exist when the first round of platform authentication protocol is executed.
- Step 6 After receiving the message in step 5), the terminal B firstly verifies the platform identity certificate verification result of the terminal A and the terminal B and the user signature of the server S of the platform component evaluation result. If invalid, the message is discarded, otherwise
- the terminal B When the terminal B has completed the platform authentication for the terminal A, the terminal B generates the terminal B according to the obtained platform identity certificate verification result of the terminal A and the platform component evaluation result of the terminal A in each round of platform authentication protocols executed. Accessing the decision, and performing the access decision of the terminal B.
- the terminal B sends the message in the step 5), the information about the platform signature in the platform component metric of the terminal B, and the access decision of the terminal B to the terminal A;
- the terminal B sends the message in the step 5) and the information about the platform signature in the platform component metric value of the terminal B to the terminal A, and the terminal B completes the current round platform.
- another round of platform authentication protocol needs to be initiated, that is, after completing the current round of platform authentication protocol, skip to step 2) and perform another round of platform authentication protocol.
- the message sent to the terminal A in this step does not include the platform identity certificate verification result of the terminal A and the terminal B.
- Terminal Insurance [N BS , N A , AIK A , AIK b , Re A , Re B ] Sig and [N BS , N A , Quotes A , Quotes B , Res A , Rems A , Res B , Rem ]
- User signature of server S of Sig if invalid, discard the message; if valid, send the message in Quotes B , N B _ S , Action B and step 5) to terminal A, where Action B is the access decision of terminal B
- the value can be allowed, forbidden, or isolated, etc., which exists only when terminal B has completed platform authentication for terminal A.
- Step 7) After receiving the message in step 6), terminal A first verifies the platform signature of the information involved in the platform signature in the platform component metric of terminal B. If invalid, discards the message, otherwise the verification step 5) In the message, the platform identity certificate risk result of terminal A and terminal B and the user signature of the server S of the platform component evaluation result are discarded, if not, the message is discarded, otherwise the access decision of terminal B is verified, if the access decision of terminal B is If the value is forbidden, the connection with the terminal B is disconnected. Otherwise: when the terminal A has completed the platform authentication for the terminal B, the terminal A verifies the result according to the acquired platform identity certificate of the terminal B and the executed rounds.
- the platform component evaluation result of the terminal B in the platform authentication protocol generates the access decision of the terminal A, and performs the access decision of the terminal A, and finally sends the access decision of the terminal A to the terminal B; when the terminal A has not completed the platform for the terminal B During authentication, terminal A needs to wait for the platform authentication protocol initiated by terminal B after completing the current round of platform authentication protocol, or initiate another round of platform authentication association. , That is, after the completion of the current round of platform authentication protocols skip to step 3) to perform another round of platform authentication protocols. If the terminal A receives the access decision of the terminal B, the terminal B's access decision is notified to the terminal A to execute the relevant components of the platform authentication protocol.
- Terminal A verifies the AIK signature in Quotes B , and then verifies [N BS , N A , AIK A , AIKB , Re A , Re B ] Slg and [N BS , N A , Quotes A in the message in step 5) , Quotes B , Res A , Rems A , Res B , Rem] Sig 's user signature of the server S, discard the message if invalid; if valid, send N B and Action A to terminal B, where Action A It is the access decision of terminal A, and its value can be allowed, prohibited, or isolated. This message exists only when terminal A has completed the platform authentication for terminal B.
- Step 8 After receiving the message in step 7), the terminal B notifies the access decision of the terminal A to the relevant component of the platform authentication protocol in the terminal B.
- the platform authentication association between terminal A and terminal B The negotiation message is secured by a secure channel established between terminal A and terminal B. If the secure channel is related to user authentication between the terminal A and the terminal B, the secure channel may be bound in the AIK signature to enhance the security of the platform authentication protocol. If the secure channel is not related to user authentication between the terminal A and the terminal B, the secure channel and the user authentication information may be bound in the AIK signature to enhance the security of the platform authentication protocol.
- the above-mentioned binding is related to the secure channel of the user authentication between the terminal A and the terminal B, or the user authentication of the secure channel, the terminal A and the terminal B that are not related to the user authentication between the terminal A and the terminal B.
- the method of information is applicable to any two-way platform authentication method.
Abstract
Linvention concerne un procédé de mise en uvre dune authentification bidirectionnelle de plateforme. Selon le procédé, un serveur S réalise toutes les opérations dauthentification de plateforme associées à un terminal A et à un terminal B, notamment létablissement dune authentification de lidentité de la plateforme et dune authentification des membres de la plateforme, le terminal A et le terminal B se contentant de vérifier une signature de plateforme dun tiers, de vérifier une signature dutilisateur du serveur S et détablir une stratégie daccès compte tenu des résultats dauthentification des protocoles didentité de la plateforme et des résultats dauthentification des membres de la plateforme. Le procédé permet de réduire efficacement la charge sur le terminal A et le terminal B et de favoriser lapplicabilité dune authentification bidirectionnelle de plateforme. Le procédé permet en outre de protéger certains membres de la plateforme du terminal A et du terminal B dune intrusion par un tiers grâce à létablissement dune stratégie de gestion de réseau et à lincorporation dune table de classification de membres.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200910023684.6 | 2009-08-25 | ||
CN2009100236846A CN101635709B (zh) | 2009-08-25 | 2009-08-25 | 一种可实现双向平台鉴别的方法 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011022902A1 true WO2011022902A1 (fr) | 2011-03-03 |
Family
ID=41594770
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2009/075540 WO2011022902A1 (fr) | 2009-08-25 | 2009-12-14 | Procédé de mise en uvre dune authentification bidirectionnelle de plateforme |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101635709B (fr) |
WO (1) | WO2011022902A1 (fr) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104994106B (zh) * | 2015-07-13 | 2018-04-10 | 河南中盾云安全研究中心 | 用于智能手机与可穿戴设备的配对/解配对系统及方法 |
CN110334514B (zh) * | 2019-07-05 | 2021-05-14 | 北京可信华泰信息技术有限公司 | 一种基于可信计算平台验证度量报告的方法及装置 |
CN114696999A (zh) * | 2020-12-26 | 2022-07-01 | 西安西电捷通无线网络通信股份有限公司 | 一种身份鉴别方法和装置 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101043338A (zh) * | 2007-04-27 | 2007-09-26 | 中国科学院软件研究所 | 基于安全需求的远程证明方法及其系统 |
CN101136928A (zh) * | 2007-10-19 | 2008-03-05 | 北京工业大学 | 一种可信网络接入框架 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100566251C (zh) * | 2007-08-01 | 2009-12-02 | 西安西电捷通无线网络通信有限公司 | 一种增强安全性的可信网络连接方法 |
CN101431517B (zh) * | 2008-12-08 | 2011-04-27 | 西安西电捷通无线网络通信股份有限公司 | 一种基于三元对等鉴别的可信网络连接握手方法 |
-
2009
- 2009-08-25 CN CN2009100236846A patent/CN101635709B/zh active Active
- 2009-12-14 WO PCT/CN2009/075540 patent/WO2011022902A1/fr active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101043338A (zh) * | 2007-04-27 | 2007-09-26 | 中国科学院软件研究所 | 基于安全需求的远程证明方法及其系统 |
CN101136928A (zh) * | 2007-10-19 | 2008-03-05 | 北京工业大学 | 一种可信网络接入框架 |
Also Published As
Publication number | Publication date |
---|---|
CN101635709A (zh) | 2010-01-27 |
CN101635709B (zh) | 2011-04-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5248621B2 (ja) | 3値同等識別に基づく、信頼されているネットワークアクセス制御システム | |
US8255977B2 (en) | Trusted network connect method based on tri-element peer authentication | |
JP5259724B2 (ja) | 3エレメントピア認証に基づく信頼されているネットワークアクセス制御方法 | |
RU2437230C2 (ru) | Способ доверенного сетевого соединения для совершенствования защиты | |
US8826368B2 (en) | Platform authentication method suitable for trusted network connect architecture based on tri-element peer authentication | |
US8826378B2 (en) | Techniques for authenticated posture reporting and associated enforcement of network access | |
US8191113B2 (en) | Trusted network connect system based on tri-element peer authentication | |
JP5414898B2 (ja) | 有線lanのセキュリティアクセス制御方法及びそのシステム | |
KR101296101B1 (ko) | 트라이 요소 피어 인증에 기초한 트러스트 네트워크 커넥트 실현 방법 | |
US20110238996A1 (en) | Trusted network connect handshake method based on tri-element peer authentication | |
Razaque et al. | Triangular data privacy-preserving model for authenticating all key stakeholders in a cloud environment | |
WO2012013011A1 (fr) | Procédé et dispositif de gestion de stratégie d'authentification de plateforme pour architecture de connexion sécurisée | |
US8789134B2 (en) | Method for establishing trusted network connect framework of tri-element peer authentication | |
WO2009018743A1 (fr) | Système de connexion à un réseau de confiance destiné à améliorer la sécurité | |
US20200322382A1 (en) | Collaborative security for application layer encryption | |
WO2011109959A1 (fr) | Procédé et système de mise en œuvre de l'identification d'une plateforme convenant à une architecture de connexion sécurisée | |
WO2011015007A1 (fr) | Procédé d'authentification de sécurité à distance | |
WO2010118613A1 (fr) | Procédé de mise en oeuvre d'une architecture de connexion au réseau de confiance à authentification de poste par trois éléments | |
CN113901432A (zh) | 区块链身份认证方法、设备、存储介质及计算机程序产品 | |
WO2011022902A1 (fr) | Procédé de mise en uvre dune authentification bidirectionnelle de plateforme | |
US11469905B2 (en) | Device and method for processing public key of user in communication system that includes a plurality of nodes | |
WO2010121474A1 (fr) | Procédé d'authentification et de gestion de plateforme adapté à une architecture de connexion de réseau de confiance d'authentification de pair ternaire | |
WO2011069355A1 (fr) | Procédé de transmission de réseau conçu pour une architecture de connexion réseau de confiance par authentification d'homologue à trois éléments | |
CN114401091A (zh) | 基于区块链的设备跨域认证管理方法及装置 | |
WO2012083667A1 (fr) | Procédé de gestion et appareil pour accomplir une procédure d'authentification de plate-forme adaptée à une architecture de connexion sécurisée |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09848634 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 09848634 Country of ref document: EP Kind code of ref document: A1 |