WO2012062136A1 - Method and system for secure remote attestation in a trusted connection architecture - Google Patents

Method and system for secure remote attestation in a trusted connection architecture Download PDF

Info

Publication number
WO2012062136A1
WO2012062136A1 PCT/CN2011/077900 CN2011077900W WO2012062136A1 WO 2012062136 A1 WO2012062136 A1 WO 2012062136A1 CN 2011077900 W CN2011077900 W CN 2011077900W WO 2012062136 A1 WO2012062136 A1 WO 2012062136A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
platform
protocol
controller
authentication
Prior art date
Application number
PCT/CN2011/077900
Other languages
French (fr)
Chinese (zh)
Inventor
肖跃雷
曹军
王珂
张国强
Original Assignee
西安西电捷通无线网络通信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 西安西电捷通无线网络通信股份有限公司 filed Critical 西安西电捷通无线网络通信股份有限公司
Publication of WO2012062136A1 publication Critical patent/WO2012062136A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention relates to communication technologies, and in particular, to a secure remote attestation method, system and access controller suitable for a trusted connection architecture. Background technique
  • malware such as viruses and worms
  • More than 35,000 malware have emerged, and more than 40 million computers are infected every year.
  • Traditional security defense technologies are no longer able to defend against a wide variety of malicious attacks.
  • TCG Trusted Network Connect
  • TCC Trusted Computing Technology
  • TCG-TNC Trusted Computing Technology
  • the TCG-TNC architecture shown in Figure 1 includes three entities: access requester, policy enforcement point, and policy decision point.
  • the TCG-TNC architecture is divided into three levels: the network access layer, the integrity assessment layer, and the integrity measurement layer.
  • the components included in the access requester are: integrity collector, TNC client, and network access requester, where one or more integrity collectors are located at the upper end of the TNC client.
  • the components included in the policy decision point are: integrity checker, TNC server and network access licensor, where one or more integrity checkers are on the upper end of the TNC server.
  • IF-PEP Policy Enforcement Point Interface
  • IF-T Network Authorization Transport Protocol Interface
  • IF-TNCCS TNC Client-Server Interface, TNC Client-TNC Server Interface
  • IF-M TNC Client-TNC Server Interface
  • Vendor-Specific IMC-IMV Messages Interface Vendor-Specific IMC-IMV Messages Interface, vendor-specific integrity collector - integrity checker message interface
  • vendor-specific integrity collector - integrity checker message interface is the interface between the integrity collector and the integrity checker.
  • the IF-IMV Intelligent Measurement Verifier Interface
  • Remote proof means that an entity proves its platform configuration information to another entity remotely.
  • the access requester can prove its platform configuration information to the access controller based on the policy manager, and the access controller can also prove its platform configuration information to the access requester based on the policy manager.
  • TCA's remote attestation function is implemented using the platform authentication process performed by TCA, where each platform authentication process can include one or more rounds of platform authentication protocols.
  • the TCA may also perform one or more authentication protocols, such as: User Authentication Protocol and TLS (Transport Layer Security), when performing the platform authentication process, when performing multiple authentication protocols.
  • TLS Transaction Layer Security
  • the present invention provides a specific method for solving this problem in the TCA--the authentication protocol before the execution of the password-binding platform authentication process in the platform authentication protocol in the platform authentication process. Therefore, the remote proof in the platform authentication process is not safe, and it is easy to cause a man-in-the-middle attack.
  • the user A does not use the platform A owned by the user A for remote authentication, but uses the remote proof data of the platform B owned by the intercepted user B.
  • the user authentication protocol is a certificate-based WAI (Wide Authentication Infrastructure) protocol or a pre-shared key based WAI protocol, wherein the certificate-based WAI protocol includes a certificate authentication process, The broadcast key negotiation process and the multicast key negotiation process, the WAI protocol based on the pre-shared key includes a unicast key negotiation process and a multicast key negotiation process.
  • TLS Transport Layer Security
  • the TLS handshake protocol has a full anonymous mode and a non-full anonymous mode. Summary of the invention
  • the present invention provides a secure remote certification method, system and access controller that enhance the security of remote attestation during platform authentication.
  • a secure remote proof method suitable for a trusted connection architecture including:
  • the platform After accessing the controller to initiate a trusted network connection, accessing the controller and accessing the requestor, or accessing the controller, accessing the requestor, and the policy manager to perform the relevant authentication protocol prior to the platform authentication process; accessing the controller, accessing the requestor, and managing the policy
  • the platform performs a platform authentication process, wherein the platform signature in the platform authentication protocol in the platform authentication process is bound to one related information in each related authentication protocol that has been executed.
  • An access controller suitable for a trusted connection architecture including:
  • a first protocol execution unit configured to initiate a trusted network connection, and to access the requestor, or to access the requester and the policy manager to perform a related authentication protocol prior to the platform authentication process;
  • a second protocol execution unit configured to perform a platform authentication process with the access requester and the policy manager, wherein the platform signature in the platform authentication protocol in the platform authentication process is tied to one related information in each related authentication protocol that has been executed set.
  • a secure remote attestation system suitable for a trusted connection architecture comprising: an access controller, an access requester, and a policy manager;
  • the platform After accessing the controller to initiate a trusted network connection, accessing the controller and accessing the requestor, or accessing the controller, accessing the requestor, and the policy manager to perform the relevant authentication protocol prior to the platform authentication process; accessing the controller, accessing the requestor, and managing the policy
  • the platform performs a platform authentication process, wherein the platform signature in the platform authentication protocol in the platform authentication process is bound to one related information in each related authentication protocol that has been executed.
  • the secure remote attestation method for the trusted connection architecture binds the platform signature in the platform authentication process with a related information in each of the previously executed authentication protocols, that is, each authentication protocol that is executed before A related information in the platform is used as an input parameter for generating the platform signature, so that multiple protocols executed in the remote proof process are bound together during the platform authentication process, which prevents the man-in-the-middle attack and improves the security of the remote certificate.
  • FIG. 1 is a schematic diagram of a TCG-TNC architecture in the prior art
  • FIG. 2 is a schematic diagram of a TCA architecture in the prior art
  • FIG. 3 is a schematic flowchart of a secure remote attestation method suitable for a trusted connection architecture according to an embodiment of the present invention
  • FIG. 4 is a schematic structural diagram of a secure remote attestation system suitable for a trusted connection architecture according to an embodiment of the present invention
  • FIG. 5 is a schematic structural diagram of an access controller according to an embodiment of the present invention. detailed description
  • the secure remote attestation method for the trusted connection architecture binds the platform signature in the platform authentication process with a related information in each of the previously executed authentication protocols, that is, each authentication protocol that is executed before A related information in the platform is used as an input parameter for generating the platform signature, so that multiple protocols executed in the remote proof process are bound together during the platform authentication process, which prevents the man-in-the-middle attack and improves the security of the remote certificate.
  • the secure remote authentication method suitable for the trusted connection architecture provided by the embodiment of the present invention includes the following steps:
  • Step 301 After the access controller initiates the trusted network connection, access the controller and the access requester, or access the controller, the access requester, and the policy manager to perform the relevant authentication protocol before the platform authentication process;
  • Step 302 The access controller, the access requester, and the policy manager perform a platform authentication process, wherein the platform signature in the platform authentication protocol in the platform authentication process is bound to one related information in each related authentication protocol that has been executed.
  • step 301 before performing the platform authentication process, the related authentication protocols that may need to be executed are one or more, and when the relevant authentication protocols are executed, each round of the platform authentication process The platform signature in the authentication protocol needs to be executed before each A related information in a related authentication protocol is bound.
  • the related information may be key information generated in the relevant authentication protocol, or may be a specific data item of a specific data packet, etc., and as long as the binding operation is performed, multiple executions in the remote attestation process may be determined.
  • the protocol is a complete process to prevent man-in-the-middle attacks and improve the security of remote proofs.
  • the relevant authentication protocol to be executed is an authentication protocol that generates a master key between the access controller and the access requester
  • the related information is a unicast key.
  • the related information may also be a specific data item of a specific data packet in the relevant authentication protocol that needs to be executed, wherein the platform signature binding generated by the access requester in each round of the platform authentication protocol can only be used by the access requester in the authentication protocol.
  • the particular data item of the particular data packet sent; the platform signature generated by the access controller binds a particular data item that can only be sent by the access controller in the particular protocol.
  • the related information may also be the tunnel key.
  • Step 12 The access controller and the access requester perform a TLS handshake protocol based on the full anonymous mode and establish a TLS tunnel key and associated cipher suite between the access controller and the access requester.
  • Step 13) The access controller, the access requester, and the policy manager perform the platform authentication process under the protection of the TLS tunnel key established in step 12) and the associated cipher suite, wherein each round of the platform authentication process in the platform authentication process
  • the platform identification binds the master key in step 11), and binds the TLS tunnel key in step 12), such as: access controller or access requester in each round of platform authentication process in the computing platform authentication process
  • the TLS tunnel key in step 12) is used as the input parameter.
  • the data of each round of the platform authentication protocol in the platform authentication process between the access controller and the access requester is transmitted using the TLS record protocol.
  • the platform signature may be an AIK (Attestation Identity Key) signature stored in a TPM (Trusted Platform Module).
  • the relevant authentication protocols that need to be executed include the following two:
  • the related information in the certificate authentication process is: the access controller and the access requester generated during the execution of the certificate authentication process. Master key between
  • the TLS handshake protocol based on the full anonymous mode executed by the access controller and the access requester.
  • the related information of the TLS handshake protocol is: a TLS tunnel key between the access controller and the access requester established in the execution of the TLS handshake protocol.
  • the key information is only a preferred embodiment, and the specific data item of the specific data packet in the related protocol may be bound as the related information and the platform signature.
  • the platform authentication process is performed.
  • the platform signature generated by the access requester in each round of the platform authentication protocol is bound to a data item that can only be sent by the access requester in the authentication protocol, and the platform signature binding generated by the access controller can only be Accessing data items sent by the controller in the authentication protocol.
  • the specific data item of the specific data packet as the related information needs to be recorded by the access controller and the access requester in the process of executing the relevant authentication protocol as the basis for verifying the signature of the counterpart platform in the platform authentication process.
  • a person skilled in the art can select a specific data item of a specific data packet as related information according to a specific application scenario.
  • the certificate authentication process in the certificate-based WAI protocol is taken as an example to describe an authentication protocol that can generate a master key, and other authentication protocols that can generate a master key are no longer enumerated.
  • Step 21) After the access controller initiates the trusted network connection, the access controller and the access requester perform a unicast key negotiation process in the WAI protocol based on the pre-shared key and generate a single between the access controller and the access requester. Broadcast key.
  • Step 22) The access controller and the access requester perform a TLS handshake protocol based on the full anonymous mode and establish a TLS tunnel key and an associated cipher suite between the access controller and the access requester.
  • Step 23) The access controller, the access requester, and the policy manager perform the platform authentication process under the protection of the TLS tunnel key established in step 22) and the associated cipher suite, wherein each round of the platform authentication process in the platform authentication process
  • the platform identification in the protocol takes the unicast key in step 21), the TLS tunnel key in step 22) as an input parameter.
  • the unicast key generated in step 21) is bound to each round of platform authentication protocol in the platform authentication process, but is not used to protect the platform authentication process. Only the tunnel key and related cipher suite in step 22) are also used to protect each round of platform authentication protocol data in the platform authentication process in the platform authentication process.
  • step 23 the data of each round of the platform authentication protocol in the platform authentication process between the access controller and the access requester is transmitted using the TLS recording protocol.
  • the platform signature may be an AIK (Attestation Identity Key) signature stored in a TPM (Trusted Platform Module).
  • the relevant authentication protocols that need to be executed include the following two:
  • the unicast key negotiation process in the pre-shared key-based WAI protocol performed by the access controller and the access requester, and the related information in the unicast key negotiation process is: generated during the unicast key negotiation process Accessing a unicast key between the controller and the access requester;
  • the TLS handshake protocol based on the full anonymous mode executed by the access controller and the access requester.
  • the related information of the TLS handshake protocol is: a TLS tunnel key between the access controller and the access requester established in the execution of the TLS handshake protocol.
  • the key information as the related information is also only a preferred embodiment, and the specific data item of the specific data packet in the related protocol may be bound as the related information and the platform signature.
  • the WAI protocol of the pre-shared key is used as an example to describe that a unicast key can be generated.
  • An embodiment of the authentication protocol other authentication protocols that can generate a unicast key are no longer - enumerated.
  • Step 32) The access controller, the access requester, and the policy manager perform the platform authentication process under the protection of the tunnel key established in step 31) and the associated cipher suite, wherein each round of the platform authentication process in the platform authentication process
  • the tunnel key in the platform signature binding step 31 such as: the access controller or the access requester uses the tunnel key in step 31) in the platform signature in each round of the platform authentication protocol in the computing platform authentication process. Input parameters.
  • the tunnel authentication protocol may be composed of a certificate authentication process in the certificate-based WAI protocol and a unicast key negotiation process, a cipher suite negotiation process in the TLS handshake protocol, and a TLS other than the TLS handshake protocol.
  • step 32 the data of each round of the platform authentication protocol in the platform authentication process between the access controller and the access requester is transmitted using the TLS recording protocol.
  • the platform signature can be an AIK signature stored in the TPM.
  • a related authentication protocol needs to be executed: a tunnel authentication protocol executed by the access controller, the access requester, and the policy manager, and the information about the tunnel authentication protocol is: The tunnel key between the access controller and the access requester established in the authentication protocol.
  • the key information as the related information is also only a preferred embodiment. It is also possible to bind the specific data item of the specific data packet in the relevant authentication protocol as the related information and the platform signature.
  • the specific data item of the specific data packet is used as the related information.
  • the access controller, the access requester, and the policy manager perform the platform authentication process under the protection of the established TLS tunnel key and the associated cipher suite, specifically referring to the use of TLS.
  • the tunnel key and associated cipher suite protects the information transmitted between the access controller and the access requester.
  • an embodiment of the present invention further provides a secure remote attestation system suitable for a trusted connection architecture, the system comprising: an access controller 401, an access requester 402, and a policy manager 403;
  • the access controller 401 After the access controller 401 initiates the trusted network connection, the access controller 401 and the access requester 402, or the access controller 401, the access requester 402, and the policy manager 403 perform the relevant authentication protocol prior to the platform authentication process;
  • the access controller 401, the access requester 402, and the policy manager 403 perform a platform authentication process in which the platform signature in the platform authentication protocol in the platform authentication process is bound to one of each related authentication protocol that has been executed.
  • the access controller, the access requester, and the policy manager perform the platform authentication process.
  • the platform signature in each round of the platform authentication protocol is bound to each authentication protocol executed by the access controller and the access requester before performing the platform authentication process. .
  • an embodiment of the present invention further provides an access controller, including the following structure: a first protocol execution unit 501, configured to initiate a trusted network connection, and access a requestor, or an access requester, and a policy.
  • the relevant authentication protocol before the manager performs the platform authentication process;
  • the second protocol execution unit 502 is configured to perform a platform authentication process with the access requester and the policy manager, where the platform signature in the platform authentication protocol in the platform authentication process is performed with one related information in each related authentication protocol that has been executed. Bind.
  • the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can be embodied in the form of one or more computer program products embodied on a computer-usable storage medium (including but not limited to disk storage, CD-ROM, optical storage, etc.) in which computer usable program code is embodied.
  • a computer-usable storage medium including but not limited to disk storage, CD-ROM, optical storage, etc.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.

Abstract

A method, system and access controller for secure remote attestation suitable for a trusted connection architecture. Binding is performed between the platform signature of a platform authentication process and correlation information from each previously-executed authentication protocol; correlation information from each previously-executed authentication protocol is used as the input parameter to generate a platform signature; then, during a platform authentication process, the multiple protocols executed during a remote attestation process are bound together, thus preventing tampering by intermediary parties and improving remote attestation security.

Description

适合可信连接架构的安全远程证明方法及系统 本申请要求在 2011年 11月 10日提交中国专利局、 申请号为 201010539124.9、 发明名 称为"一种适合可信连接架构的安全远程证明方法及访问控制器"的中国专利申请的优先权,其 全部内容通过 I用结合在本申请中。 技术领域  Secure remote identification method and system suitable for trusted connection architecture This application claims to be submitted to the Chinese Patent Office on November 10, 2011, application number 201010539124.9, and the invention name is "a secure remote certification method and access suitable for trusted connection architecture" The priority of the Chinese patent application of the "controller" is incorporated herein by reference. Technical field
本发明涉及通信技术, 特别涉及一种适合可信连接架构的安全远程证明 方法、 系统及访问控制器。 背景技术  The present invention relates to communication technologies, and in particular, to a secure remote attestation method, system and access controller suitable for a trusted connection architecture. Background technique
随着信息化的发展, 病毒、 蠕虫等恶意软件的问题异常突出。 目前已经 出现了超过三万五千种的恶意软件, 每年都有超过四千万的计算机被感染。 要遏制住这类攻击, 不仅通过安全的传输和数据输入时的检查来解决, 还要 从源头即从每一台连接到网络的终端开始防御。 而传统的安全防御技术已经 无法防御种类繁多的恶意攻击。  With the development of information technology, the problems of malware such as viruses and worms are extremely prominent. More than 35,000 malware have emerged, and more than 40 million computers are infected every year. To contain such attacks, not only through secure transmission and inspection when data is entered, but also from the source, that is, from each terminal connected to the network. Traditional security defense technologies are no longer able to defend against a wide variety of malicious attacks.
TCG ( Trusted Computing Group, 国际可信计算组织 )针对上述问题, 专 门制定了一个基于可信计算技术的网络连接规范——可信网络连接 ( Trusted Network Connect, TNC ) , 简记为 TCG-TNC, 其包括了开放的终端完整性架 构和一套确保安全互操作的标准。 TCG-TNC架构参见图 1。 图 1所示 TCG-TNC 架构中包括三个实体: 访问请求者、 策略执行点和策略决策点。 TCG-TNC架 构分为三个层次: 网络访问层、 完整性评估层和完整性度量层。 访问请求者 包含的组件为: 完整性收集者、 TNC客户端和网络访问请求者, 其中 TNC客 户端上端的完整性收集者为一个或多个。 策略决策点包含的组件为: 完整性 校验者、 TNC服务端和网络访问授权者, 其中 TNC服务端上端的完整性校验 者为一个或多个。 IF-PEP ( Policy Enforcement Point Interface, 策略执行点接 口 )是策略执行点和网络访问授权者之间的接口。 IF-T ( Network Authorization Transport Protocol Interface , 网络授权传输协议接口)是网络访问请求者和网 络访问授权者之间的接口。 IF-TNCCS ( TNC Client-Server Interface, TNC客户 端- TNC服务端接口 )是 TNC客户端和 TNC服务端之间的接口。 IF-M TCG (Trusted Computing Group, International Trusted Computing Group) has developed a Trusted Network Connect (TNC) based on Trusted Computing Technology (TCC), which is a TCG-TNC. It includes an open terminal integrity architecture and a set of standards to ensure secure interoperability. See Figure 1 for the TCG-TNC architecture. The TCG-TNC architecture shown in Figure 1 includes three entities: access requester, policy enforcement point, and policy decision point. The TCG-TNC architecture is divided into three levels: the network access layer, the integrity assessment layer, and the integrity measurement layer. The components included in the access requester are: integrity collector, TNC client, and network access requester, where one or more integrity collectors are located at the upper end of the TNC client. The components included in the policy decision point are: integrity checker, TNC server and network access licensor, where one or more integrity checkers are on the upper end of the TNC server. IF-PEP (Policy Enforcement Point Interface) is the interface between the policy enforcement point and the network access licensor. IF-T (Network Authorization Transport Protocol Interface) is a network access requester and network. Network access to the interface between the licensors. IF-TNCCS (TNC Client-Server Interface, TNC Client-TNC Server Interface) is the interface between the TNC client and the TNC server. IF-M
( Vendor-Specific IMC-IMV Messages Interface , 特定厂商的完整性收集者 - 完整性校验者消息接口)是完整性收集者和完整性校验者之间的接口。 IF-IMC ( Vendor-Specific IMC-IMV Messages Interface, vendor-specific integrity collector - integrity checker message interface) is the interface between the integrity collector and the integrity checker. IF-IMC
( Integrity Measurement Collector Interface, 完整性度量收集接口)是 TNC客 户端和完整性收集者之间的接口。 IF-IMV ( Integrity Measurement Verifier Interface, 完整性度量校验接口 )是 TNC服务端和完整性校验者之间的接口。 (Integrity Measurement Collector Interface) is the interface between the TNC client and the integrity collector. The IF-IMV (Integrity Measurement Verifier Interface) is the interface between the TNC server and the integrity checker.
远程证明是指一个实体向远程的另一个实体证明它的平台配置信息。 在 图 2所示的 TCA架构中, 访问请求者可以基于策略管理器向访问控制器证明 它的平台配置信息, 而访问控制器也可以基于策略管理器向访问请求者证明 它的平台配置信息。 TCA的远程证明功能是利用 TCA所执行的平台鉴别过程 来实现的, 其中每一个平台鉴别过程可以包含一轮或多轮平台鉴别协议。  Remote proof means that an entity proves its platform configuration information to another entity remotely. In the TCA architecture shown in Figure 2, the access requester can prove its platform configuration information to the access controller based on the policy manager, and the access controller can also prove its platform configuration information to the access requester based on the policy manager. TCA's remote attestation function is implemented using the platform authentication process performed by TCA, where each platform authentication process can include one or more rounds of platform authentication protocols.
在一个可信网络连接过程中, TCA在执行平台鉴别过程之前可能还执行 一个或多个鉴别协议, 如: 用户鉴别协议和 TLS ( Transport Layer Security, 安全传输层协议), 当执行多个鉴别协议时, 会出现中间人攻击本发明给出解 决 TCA中这一问题的具体方法——在平台鉴别过程中的平台鉴别协议中密码 绑定平台鉴别过程执行之前的各个鉴别协议。 从而使得平台鉴别过程中的远 程证明不安全, 易造成中间人攻击, 如: 用户 A不使用用户 A所拥有的平台 A进行远程证明, 而是使用截获的用户 B所拥有的平台 B的远程证明数据进 行远程证明, 则造成中间人攻击。 在中国无线局域网标准中, 用户鉴别协议 为基于证书的 WAI ( Wide Authentication Infrastructure, 普适的鉴别基础设施 ) 协议或基于预共享密钥的 WAI协议,其中基于证书的 WAI协议包含证书鉴别 过程、 单播密钥协商过程和组播密钥协商过程, 基于预共享密钥的 WAI协议 包含单播密钥协商过程和组播密钥协商过程。 TLS ( Transport Layer Security , 安全传输层协议 )包含 TLS握手协议和 TLS记录协议,其中 TLS握手协议存 在全匿名模式和非全匿名模式。 发明内容 During a trusted network connection, the TCA may also perform one or more authentication protocols, such as: User Authentication Protocol and TLS (Transport Layer Security), when performing the platform authentication process, when performing multiple authentication protocols. At the time, there will be a man-in-the-middle attack. The present invention provides a specific method for solving this problem in the TCA--the authentication protocol before the execution of the password-binding platform authentication process in the platform authentication protocol in the platform authentication process. Therefore, the remote proof in the platform authentication process is not safe, and it is easy to cause a man-in-the-middle attack. For example, the user A does not use the platform A owned by the user A for remote authentication, but uses the remote proof data of the platform B owned by the intercepted user B. Conducting a remote proof will result in a man-in-the-middle attack. In the Chinese wireless LAN standard, the user authentication protocol is a certificate-based WAI (Wide Authentication Infrastructure) protocol or a pre-shared key based WAI protocol, wherein the certificate-based WAI protocol includes a certificate authentication process, The broadcast key negotiation process and the multicast key negotiation process, the WAI protocol based on the pre-shared key includes a unicast key negotiation process and a multicast key negotiation process. TLS (Transport Layer Security) includes the TLS handshake protocol and the TLS record protocol. The TLS handshake protocol has a full anonymous mode and a non-full anonymous mode. Summary of the invention
本发明提供了一种可增强平台鉴别过程中的远程证明的安全性的安全远 程证明方法、 系统和访问控制器。  The present invention provides a secure remote certification method, system and access controller that enhance the security of remote attestation during platform authentication.
一种适合可信连接架构的安全远程证明方法, 包括:  A secure remote proof method suitable for a trusted connection architecture, including:
访问控制器启动可信网络连接后, 访问控制器和访问请求者, 或者访问 控制器、 访问请求者以及策略管理器执行平台鉴别过程之前的相关鉴别协议; 访问控制器、 访问请求者和策略管理器执行平台鉴别过程, 其中平台鉴 别过程中的平台鉴别协议中的平台签名与已经执行的每一个相关鉴别协议中 的一个相关信息进行绑定。  After accessing the controller to initiate a trusted network connection, accessing the controller and accessing the requestor, or accessing the controller, accessing the requestor, and the policy manager to perform the relevant authentication protocol prior to the platform authentication process; accessing the controller, accessing the requestor, and managing the policy The platform performs a platform authentication process, wherein the platform signature in the platform authentication protocol in the platform authentication process is bound to one related information in each related authentication protocol that has been executed.
一种适合可信连接架构的访问控制器, 包括:  An access controller suitable for a trusted connection architecture, including:
第一协议执行单元, 用于启动可信网络连接后, 和访问请求者, 或者和 访问请求者以及策略管理器执行平台鉴别过程之前的相关鉴别协议;  a first protocol execution unit, configured to initiate a trusted network connection, and to access the requestor, or to access the requester and the policy manager to perform a related authentication protocol prior to the platform authentication process;
第二协议执行单元, 用于和访问请求者以及策略管理器执行平台鉴别过 程, 其中平台鉴别过程中的平台鉴别协议中的平台签名与已经执行的每一个 相关鉴别协议中的一个相关信息进行绑定。  a second protocol execution unit, configured to perform a platform authentication process with the access requester and the policy manager, wherein the platform signature in the platform authentication protocol in the platform authentication process is tied to one related information in each related authentication protocol that has been executed set.
一种适合可信连接架构的安全远程证明系统, 包括: 访问控制器、 访问 请求者以及策略管理器; 其中:  A secure remote attestation system suitable for a trusted connection architecture, comprising: an access controller, an access requester, and a policy manager;
访问控制器启动可信网络连接后, 访问控制器和访问请求者, 或者访问 控制器、 访问请求者以及策略管理器执行平台鉴别过程之前的相关鉴别协议; 访问控制器、 访问请求者和策略管理器执行平台鉴别过程, 其中平台鉴 别过程中的平台鉴别协议中的平台签名与已经执行的每一个相关鉴别协议中 的一个相关信息进行绑定。  After accessing the controller to initiate a trusted network connection, accessing the controller and accessing the requestor, or accessing the controller, accessing the requestor, and the policy manager to perform the relevant authentication protocol prior to the platform authentication process; accessing the controller, accessing the requestor, and managing the policy The platform performs a platform authentication process, wherein the platform signature in the platform authentication protocol in the platform authentication process is bound to one related information in each related authentication protocol that has been executed.
本发明实施例提供的适合可信连接架构的安全远程证明方法, 将平台鉴 别过程中的平台签名与之前执行的每一个鉴别协议中的一个相关信息进行绑 定, 即将之前执行的每一个鉴别协议中的一个相关信息作为生成平台签名的 输入参数, 从而在平台鉴别过程中, 将远程证明过程中执行的多个协议绑定 在一起, 防止了中间人攻击, 提高了远程证明的安全性。 附图说明 The secure remote attestation method for the trusted connection architecture provided by the embodiment of the present invention binds the platform signature in the platform authentication process with a related information in each of the previously executed authentication protocols, that is, each authentication protocol that is executed before A related information in the platform is used as an input parameter for generating the platform signature, so that multiple protocols executed in the remote proof process are bound together during the platform authentication process, which prevents the man-in-the-middle attack and improves the security of the remote certificate. DRAWINGS
图 1为现有技术中 TCG-TNC架构示意图;  1 is a schematic diagram of a TCG-TNC architecture in the prior art;
图 2为现有技术中 TCA架构示意图;  2 is a schematic diagram of a TCA architecture in the prior art;
图 3 为本发明实施例提供的适合可信连接架构的安全远程证明方法流程 示意图;  FIG. 3 is a schematic flowchart of a secure remote attestation method suitable for a trusted connection architecture according to an embodiment of the present invention; FIG.
图 4 为本发明实施例提供的适合可信连接架构的安全远程证明系统结构 示意图;  4 is a schematic structural diagram of a secure remote attestation system suitable for a trusted connection architecture according to an embodiment of the present invention;
图 5为本发明实施例提供的一种访问控制器结构示意图。 具体实施方式  FIG. 5 is a schematic structural diagram of an access controller according to an embodiment of the present invention. detailed description
本发明实施例提供的适合可信连接架构的安全远程证明方法, 将平台鉴 别过程中的平台签名与之前执行的每一个鉴别协议中的一个相关信息进行绑 定, 即将之前执行的每一个鉴别协议中的一个相关信息作为生成平台签名的 输入参数, 从而在平台鉴别过程中, 将远程证明过程中执行的多个协议绑定 在一起, 防止了中间人攻击, 提高了远程证明的安全性。  The secure remote attestation method for the trusted connection architecture provided by the embodiment of the present invention binds the platform signature in the platform authentication process with a related information in each of the previously executed authentication protocols, that is, each authentication protocol that is executed before A related information in the platform is used as an input parameter for generating the platform signature, so that multiple protocols executed in the remote proof process are bound together during the platform authentication process, which prevents the man-in-the-middle attack and improves the security of the remote certificate.
如图 3 所示, 本发明实施例提供的适合可信连接架构的安全远程证明方 法包括如下步骤:  As shown in FIG. 3, the secure remote authentication method suitable for the trusted connection architecture provided by the embodiment of the present invention includes the following steps:
步骤 301、 访问控制器启动可信网络连接后, 访问控制器和访问请求者, 或者访问控制器、 访问请求者以及策略管理器执行平台鉴别过程之前的相关 鉴别协议;  Step 301: After the access controller initiates the trusted network connection, access the controller and the access requester, or access the controller, the access requester, and the policy manager to perform the relevant authentication protocol before the platform authentication process;
步骤 302、 访问控制器、 访问请求者和策略管理器执行平台鉴别过程, 其 中平台鉴别过程中的平台鉴别协议中的平台签名与已经执行的每一个相关鉴 别协议中的一个相关信息进行绑定。  Step 302: The access controller, the access requester, and the policy manager perform a platform authentication process, wherein the platform signature in the platform authentication protocol in the platform authentication process is bound to one related information in each related authentication protocol that has been executed.
步骤 301 中, 根据不同的应用场景, 在执行平台鉴别过程之前, 可能需 要执行的相关鉴别协议是一个或多个, 当执行的相关鉴别协议是多个时, 平 台鉴别过程中的每一轮平台鉴别协议中的平台签名, 需要和之前执行的每一 个相关鉴别协议中的一个相关信息进行绑定。 In step 301, according to different application scenarios, before performing the platform authentication process, the related authentication protocols that may need to be executed are one or more, and when the relevant authentication protocols are executed, each round of the platform authentication process The platform signature in the authentication protocol needs to be executed before each A related information in a related authentication protocol is bound.
本发明实施例中, 相关信息可能是相关鉴别协议中产生的密钥信息, 也 可能是特定数据包的特定数据项等, 只要进行了绑定操作, 就可以确定远程 证明过程中执行的多个协议是一个完整的流程, 从而达到防止中间人攻击, 提高远程证明安全性的目的。  In the embodiment of the present invention, the related information may be key information generated in the relevant authentication protocol, or may be a specific data item of a specific data packet, etc., and as long as the binding operation is performed, multiple executions in the remote attestation process may be determined. The protocol is a complete process to prevent man-in-the-middle attacks and improve the security of remote proofs.
例如: 若所述需要执行的相关鉴别协议为产生访问控制器和访问请求者 之间主密钥的鉴别协议, 则所述相关信息为主密钥。 若所述需要执行的相关 鉴别协议为产生访问控制器和访问请求者之间单播密钥的鉴别协议, 则所述 相关信息为单播密钥。 相关信息还可以为需要执行的相关鉴别协议中特定数 据包的特定数据项, 其中每一轮平台鉴别协议中的访问请求者产生的平台签 名绑定一个仅能由访问请求者在该鉴别协议中发送的特定数据包的特定数据 项; 访问控制器产生的平台签名绑定一个仅能由访问控制器在该鉴别协议中 发送的特定数据包的特定数据项。 当执行隧道鉴别协议并建立访问控制器和 访问请求者之间的隧道密钥时, 相关信息也可以是该隧道密钥。  For example: if the relevant authentication protocol to be executed is an authentication protocol that generates a master key between the access controller and the access requester, the related information is a master key. If the relevant authentication protocol to be executed is an authentication protocol that generates a unicast key between the access controller and the access requester, the related information is a unicast key. The related information may also be a specific data item of a specific data packet in the relevant authentication protocol that needs to be executed, wherein the platform signature binding generated by the access requester in each round of the platform authentication protocol can only be used by the access requester in the authentication protocol. The particular data item of the particular data packet sent; the platform signature generated by the access controller binds a particular data item that can only be sent by the access controller in the particular protocol. When the tunnel authentication protocol is executed and a tunnel key between the access controller and the access requester is established, the related information may also be the tunnel key.
下面以具体实施例分别进行详细说明。  The details will be described in detail below with reference to specific embodiments.
实例一:  Example 1:
步骤 11 )访问控制器启动可信网络连接后, 访问控制器、 访问请求者和 策略管理器执行基于证书的 WAI协议中的证书鉴别过程并产生访问控制器和 访问请求者之间的主密钥。  Step 11) After the access controller initiates the trusted network connection, the access controller, the access requester, and the policy manager execute the certificate authentication process in the certificate-based WAI protocol and generate a master key between the access controller and the access requester. .
步骤 12 )访问控制器和访问请求者执行基于全匿名模式的 TLS握手协议 并建立访问控制器和访问请求者之间的 TLS隧道密钥以及相关密码套件。  Step 12) The access controller and the access requester perform a TLS handshake protocol based on the full anonymous mode and establish a TLS tunnel key and associated cipher suite between the access controller and the access requester.
步骤 13 )访问控制器、访问请求者和策略管理器在步骤 12 )中建立的 TLS 隧道密钥以及相关密码套件的保护下执行平台鉴别过程, 其中平台鉴别过程 中的每一轮平台鉴别协议中的平台鉴名绑定步骤 11 ) 中的主密钥, 以及绑定 步骤 12 ) 中的 TLS隧道密钥, 如: 访问控制器或访问请求者在计算平台鉴别 过程中的每一轮平台鉴别协议中的平台鉴名时以步骤 11 ) 中的主密钥, 步骤 12 ) 中的 TLS隧道密钥作为输入参数。 在步骤 13 ) 中, 访问控制器和访问请求者之间的平台鉴别过程中的每一 轮平台鉴别协议的数据都是利用 TLS记录协议进行传输的。 Step 13) The access controller, the access requester, and the policy manager perform the platform authentication process under the protection of the TLS tunnel key established in step 12) and the associated cipher suite, wherein each round of the platform authentication process in the platform authentication process The platform identification binds the master key in step 11), and binds the TLS tunnel key in step 12), such as: access controller or access requester in each round of platform authentication process in the computing platform authentication process In the platform identification, the TLS tunnel key in step 12) is used as the input parameter. In step 13), the data of each round of the platform authentication protocol in the platform authentication process between the access controller and the access requester is transmitted using the TLS record protocol.
在步骤 13 )中, 平台签名可以是 TPM ( Trusted Platform Module, 可信平 台模块) 中存储的 AIK ( Attestation Identity Key, 证明身份密钥)签名。  In step 13), the platform signature may be an AIK (Attestation Identity Key) signature stored in a TPM (Trusted Platform Module).
在实施例一中, 执行平台鉴别过程之前, 需要执行的相关鉴别协议包括 以下两个:  In the first embodiment, before performing the platform authentication process, the relevant authentication protocols that need to be executed include the following two:
访问控制器、 访问请求者和策略管理器执行的基于证书的 WAI协议中的 证书鉴别过程, 该证书鉴别过程中的相关信息为: 在执行证书鉴别过程中产 生的访问控制器和访问请求者之间的主密钥;  Accessing the certificate authentication process in the certificate-based WAI protocol executed by the controller, the access requester, and the policy manager. The related information in the certificate authentication process is: the access controller and the access requester generated during the execution of the certificate authentication process. Master key between
访问控制器和访问请求者执行的基于全匿名模式的 TLS 握手协议, 该 TLS握手协议的相关信息为: 在执行 TLS握手协议中建立的访问控制器和访 问请求者之间的 TLS隧道密钥。  The TLS handshake protocol based on the full anonymous mode executed by the access controller and the access requester. The related information of the TLS handshake protocol is: a TLS tunnel key between the access controller and the access requester established in the execution of the TLS handshake protocol.
实施例一中, 将密钥信息作为相关信息仅仅是一个较佳实施例, 还可以 将相关协议中特定数据包的特定数据项, 作为相关信息和平台签名绑定, 这 时, 在平台鉴别过程中的每一轮平台鉴别协议中的访问请求者产生的平台签 名绑定一个仅能由访问请求者在该鉴别协议中发送的数据项, 而访问控制器 产生的平台签名绑定一个仅能由访问控制器在该鉴别协议中发送的数据项。 作为相关信息的特定数据包的特定数据项, 需要访问控制器和访问请求者预 先在执行相关鉴别协议的过程中记录下来, 作为在平台鉴别过程中验证对方 平台签名的依据。 本领域技术人员可以根据具体应用场景, 选择特定数据包 的特定数据项作为相关信息。  In the first embodiment, the key information is only a preferred embodiment, and the specific data item of the specific data packet in the related protocol may be bound as the related information and the platform signature. In this case, the platform authentication process is performed. The platform signature generated by the access requester in each round of the platform authentication protocol is bound to a data item that can only be sent by the access requester in the authentication protocol, and the platform signature binding generated by the access controller can only be Accessing data items sent by the controller in the authentication protocol. The specific data item of the specific data packet as the related information needs to be recorded by the access controller and the access requester in the process of executing the relevant authentication protocol as the basis for verifying the signature of the counterpart platform in the platform authentication process. A person skilled in the art can select a specific data item of a specific data packet as related information according to a specific application scenario.
实施例一中以基于证书的 WAI协议中的证书鉴别过程为例, 说明可以产 生主密钥的鉴别协议, 其他可以产生主密钥的鉴别协议不再——列举。  In the first embodiment, the certificate authentication process in the certificate-based WAI protocol is taken as an example to describe an authentication protocol that can generate a master key, and other authentication protocols that can generate a master key are no longer enumerated.
实例二:  Example 2:
步骤 21 )访问控制器启动可信网络连接后, 访问控制器和访问请求者执 行基于预共享密钥的 WAI协议中的单播密钥协商过程并产生访问控制器和访 问请求者之间的单播密钥。 步骤 22 )访问控制器和访问请求者执行基于全匿名模式的 TLS握手协议 并建立访问控制器和访问请求者之间的 TLS隧道密钥以及相关密码套件。 Step 21) After the access controller initiates the trusted network connection, the access controller and the access requester perform a unicast key negotiation process in the WAI protocol based on the pre-shared key and generate a single between the access controller and the access requester. Broadcast key. Step 22) The access controller and the access requester perform a TLS handshake protocol based on the full anonymous mode and establish a TLS tunnel key and an associated cipher suite between the access controller and the access requester.
步骤 23 )访问控制器、访问请求者和策略管理器在步骤 22 )中建立的 TLS 隧道密钥以及相关密码套件的保护下执行平台鉴别过程, 其中平台鉴别过程 中的每一轮平台鉴别协议中的平台鉴名绑定步骤 21 ) 中的单播密钥, 以及绑 定步骤 22 ) 中的 TLS隧道密钥, 如: 访问控制器或访问请求者在计算平台鉴 别过程中的每一轮平台鉴别协议中的平台鉴名时以步骤 21 ) 中的单播密钥, 步骤 22 ) 中的 TLS隧道密钥作为输入参数。  Step 23) The access controller, the access requester, and the policy manager perform the platform authentication process under the protection of the TLS tunnel key established in step 22) and the associated cipher suite, wherein each round of the platform authentication process in the platform authentication process The platform identification binding unicast key in step 21), and the TLS tunnel key in the binding step 22), such as: access controller or access requester in each round of platform authentication in the computing platform authentication process The platform identification in the protocol takes the unicast key in step 21), the TLS tunnel key in step 22) as an input parameter.
步骤 21 ) 中生成的单播密钥被绑定于平台鉴别过程中的各轮平台鉴别协 议, 但不用于保护平台鉴别过程。 只有步骤 22 ) 中的隧道密钥和相关密码套 件还用于保护平台鉴别过程中的各轮平台鉴别协议一一安全传输平台鉴别过 程中的各轮平台鉴别协议数据。  The unicast key generated in step 21) is bound to each round of platform authentication protocol in the platform authentication process, but is not used to protect the platform authentication process. Only the tunnel key and related cipher suite in step 22) are also used to protect each round of platform authentication protocol data in the platform authentication process in the platform authentication process.
在步骤 23 ) 中, 访问控制器和访问请求者之间的平台鉴别过程中的每一 轮平台鉴别协议的数据都是利用 TLS记录协议进行传输的。  In step 23), the data of each round of the platform authentication protocol in the platform authentication process between the access controller and the access requester is transmitted using the TLS recording protocol.
在步骤 23 )中, 平台签名可以是 TPM ( Trusted Platform Module, 可信平 台模块) 中存储的 AIK ( Attestation Identity Key, 证明身份密钥)签名。  In step 23), the platform signature may be an AIK (Attestation Identity Key) signature stored in a TPM (Trusted Platform Module).
在实施例二中, 执行平台鉴别过程之前, 需要执行的相关鉴别协议包括 以下两个:  In the second embodiment, before performing the platform authentication process, the relevant authentication protocols that need to be executed include the following two:
访问控制器和访问请求者执行的基于预共享密钥的 WAI协议中的单播密 钥协商过程, 该单播密钥协商过程中的相关信息为: 在执行单播密钥协商过 程中产生的访问控制器和访问请求者之间的单播密钥;  The unicast key negotiation process in the pre-shared key-based WAI protocol performed by the access controller and the access requester, and the related information in the unicast key negotiation process is: generated during the unicast key negotiation process Accessing a unicast key between the controller and the access requester;
访问控制器和访问请求者执行的基于全匿名模式的 TLS 握手协议, 该 TLS握手协议的相关信息为: 在执行 TLS握手协议中建立的访问控制器和访 问请求者之间的 TLS隧道密钥。  The TLS handshake protocol based on the full anonymous mode executed by the access controller and the access requester. The related information of the TLS handshake protocol is: a TLS tunnel key between the access controller and the access requester established in the execution of the TLS handshake protocol.
实施例二中, 将密钥信息作为相关信息也仅仅是一个较佳实施例, 也是 可以将相关协议中特定数据包的特定数据项, 作为相关信息和平台签名绑定。  In the second embodiment, the key information as the related information is also only a preferred embodiment, and the specific data item of the specific data packet in the related protocol may be bound as the related information and the platform signature.
实施例二中以预共享密钥的 WAI协议中为例, 说明可以产生单播密钥的 鉴别协议的实施例, 其他可以产生单播密钥的鉴别协议不再——列举。 In the second embodiment, the WAI protocol of the pre-shared key is used as an example to describe that a unicast key can be generated. An embodiment of the authentication protocol, other authentication protocols that can generate a unicast key are no longer - enumerated.
实例三:  Example three:
步骤 31 )访问控制器启动可信网络连接后, 访问控制器、 访问请求者和 策略管理器执行一个隧道鉴别协议并建立访问控制器和访问请求者之间的隧 道密钥以及相关密码套件。  Step 31) After the access controller initiates the trusted network connection, the access controller, the access requester, and the policy manager perform a tunnel authentication protocol and establish a tunnel key and associated cipher suite between the access controller and the access requester.
步骤 32 )访问控制器、 访问请求者和策略管理器在步骤 31 ) 中建立的隧 道密钥以及相关密码套件的保护下执行平台鉴别过程, 其中平台鉴别过程中 的每一轮平台鉴别协议中的平台签名绑定步骤 31 ) 中的隧道密钥, 如: 访问 控制器或访问请求者在计算平台鉴别过程中的每一轮平台鉴别协议中的平台 签名时以步骤 31 ) 中的隧道密钥作为输入参数。  Step 32) The access controller, the access requester, and the policy manager perform the platform authentication process under the protection of the tunnel key established in step 31) and the associated cipher suite, wherein each round of the platform authentication process in the platform authentication process The tunnel key in the platform signature binding step 31), such as: the access controller or the access requester uses the tunnel key in step 31) in the platform signature in each round of the platform authentication protocol in the computing platform authentication process. Input parameters.
在步骤 31 )中, 隧道鉴别协议可以由基于证书的 WAI协议中的证书鉴别 过程和单播密钥协商过程、 TLS握手协议中密码套件协商过程和除 TLS握手 协议外的 TLS共同构成。  In step 31), the tunnel authentication protocol may be composed of a certificate authentication process in the certificate-based WAI protocol and a unicast key negotiation process, a cipher suite negotiation process in the TLS handshake protocol, and a TLS other than the TLS handshake protocol.
在步骤 32 ) 中, 访问控制器和访问请求者之间的平台鉴别过程中的每一 轮平台鉴别协议的数据都是利用 TLS记录协议进行传输的。  In step 32), the data of each round of the platform authentication protocol in the platform authentication process between the access controller and the access requester is transmitted using the TLS recording protocol.
在步骤 32 ) 中, 平台签名可以是 TPM中存储的 AIK签名。  In step 32), the platform signature can be an AIK signature stored in the TPM.
在实施例三中, 执行平台鉴别过程之前, 需要执行的一个相关鉴别协议: 访问控制器、 访问请求者和策略管理器执行的一个隧道鉴别协议, 该隧 道鉴别协议的相关信息为: 在执行隧道鉴别协议中建立的访问控制器和访问 请求者之间的隧道密钥。  In the third embodiment, before performing the platform authentication process, a related authentication protocol needs to be executed: a tunnel authentication protocol executed by the access controller, the access requester, and the policy manager, and the information about the tunnel authentication protocol is: The tunnel key between the access controller and the access requester established in the authentication protocol.
实施例三中, 将密钥信息作为相关信息也仅仅是一个较佳实施例, 也是 可以将相关鉴别协议中特定数据包的特定数据项, 作为相关信息和平台签名 绑定。  In the third embodiment, the key information as the related information is also only a preferred embodiment. It is also possible to bind the specific data item of the specific data packet in the relevant authentication protocol as the related information and the platform signature.
需要说明的是, 在平台鉴别过程之前需要执行的相关鉴别协议中, 如果 不能产生密钥信息, 则将特定数据包的特定数据项作为相关信息。  It should be noted that, in the relevant authentication protocol that needs to be executed before the platform authentication process, if the key information cannot be generated, the specific data item of the specific data packet is used as the related information.
上述三个实施例中,访问控制器、访问请求者和策略管理器在建立的 TLS 隧道密钥以及相关密码套件的保护下执行平台鉴别过程, 具体是指利用 TLS 隧道密钥以及相关密码套件对访问控制器和访问请求者之间传输的信息进行 保护。 In the above three embodiments, the access controller, the access requester, and the policy manager perform the platform authentication process under the protection of the established TLS tunnel key and the associated cipher suite, specifically referring to the use of TLS. The tunnel key and associated cipher suite protects the information transmitted between the access controller and the access requester.
如图 4所示, 本发明实施例还提供了一种适合可信连接架构的安全远程 证明系统, 该系统包括: 访问控制器 401、 访问请求者 402 以及策略管理器 403; 其中:  As shown in FIG. 4, an embodiment of the present invention further provides a secure remote attestation system suitable for a trusted connection architecture, the system comprising: an access controller 401, an access requester 402, and a policy manager 403;
访问控制器 401启动可信网络连接后, 访问控制器 401和访问请求者 402 , 或者访问控制器 401、 访问请求者 402以及策略管理器 403执行平台鉴别过程之 前的相关鉴别协议;  After the access controller 401 initiates the trusted network connection, the access controller 401 and the access requester 402, or the access controller 401, the access requester 402, and the policy manager 403 perform the relevant authentication protocol prior to the platform authentication process;
访问控制器 401、 访问请求者 402和策略管理器 403执行平台鉴别过程, 其中平台鉴别过程中的平台鉴别协议中的平台签名与已经执行的每一个相关 鉴别协议中的一个相关信息进行绑定。  The access controller 401, the access requester 402, and the policy manager 403 perform a platform authentication process in which the platform signature in the platform authentication protocol in the platform authentication process is bound to one of each related authentication protocol that has been executed.
访问控制器、 访问请求者和策略管理器执行平台鉴别过程中每一轮平台 鉴别协议中的平台签名与访问控制器和访问请求者在执行平台鉴别过程之前 所执行的每一个鉴别协议相互绑定。  The access controller, the access requester, and the policy manager perform the platform authentication process. The platform signature in each round of the platform authentication protocol is bound to each authentication protocol executed by the access controller and the access requester before performing the platform authentication process. .
在每一个具体应用场景中, 访问控制器、 访问请求者和策略管理器执行 的详细操作参见之前的描述, 这里不再重复描述。  In each specific application scenario, detailed operations performed by the access controller, access requester, and policy manager are described in the previous description, and the description is not repeated here.
如图 5所示, 本发明实施例还提供一种访问控制器, 包括如下结构: 第一协议执行单元 501 , 用于启动可信网络连接后, 和访问请求者, 或者 和访问请求者以及策略管理器执行平台鉴别过程之前的相关鉴别协议;  As shown in FIG. 5, an embodiment of the present invention further provides an access controller, including the following structure: a first protocol execution unit 501, configured to initiate a trusted network connection, and access a requestor, or an access requester, and a policy. The relevant authentication protocol before the manager performs the platform authentication process;
第二协议执行单元 502,用于和访问请求者以及策略管理器执行平台鉴别 过程, 其中平台鉴别过程中的平台鉴别协议中的平台签名与已经执行的每一 个相关鉴别协议中的一个相关信息进行绑定。  The second protocol execution unit 502 is configured to perform a platform authentication process with the access requester and the policy manager, where the platform signature in the platform authentication protocol in the platform authentication process is performed with one related information in each related authentication protocol that has been executed. Bind.
在每一个具体应用场景中, 各个单元执行的详细操作参见之前的描述, 这里不再重复描述。 发明的精神和范围。 这样, 倘若本发明的这些修改和变型属于本发明权利要 求及其等同技术的范围之内, 则本发明也意图包含这些改动和变型在内。 本领域内的技术人员应明白, 本发明的实施例可提供为方法、 系统、 或 计算机程序产品。 因此, 本发明可釆用完全硬件实施例、 完全软件实施例、 或结合软件和硬件方面的实施例的形式。 而且, 本发明可釆用在一个或多个 其中包含有计算机可用程序代码的计算机可用存储介质 (包括但不限于磁盘 存储器、 CD-ROM、 光学存储器等)上实施的计算机程序产品的形式。 For detailed operations performed by each unit in each specific application scenario, refer to the previous description, and the description is not repeated here. The spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and the modifications of the invention Those skilled in the art will appreciate that embodiments of the present invention can be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or a combination of software and hardware. Moreover, the invention can be embodied in the form of one or more computer program products embodied on a computer-usable storage medium (including but not limited to disk storage, CD-ROM, optical storage, etc.) in which computer usable program code is embodied.
本发明是参照根据本发明实施例的方法、 设备(系统)、 和计算机程序产 品的流程图和 /或方框图来描述的。 应理解可由计算机程序指令实现流程图 和 /或方框图中的每一流程和 /或方框、 以及流程图和 /或方框图中的流程 和 /或方框的结合。 可提供这些计算机程序指令到通用计算机、 专用计算机、 嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器, 使得通 过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流 程图一个流程或多个流程和 /或方框图一个方框或多个方框中指定的功能的 装置。  The present invention has been described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowcharts and/or block diagrams, and combinations of flow and/or blocks in the flowcharts and/or block diagrams can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设 备以特定方式工作的计算机可读存储器中, 使得存储在该计算机可读存储器 中的指令产生包括指令装置的制造品, 该指令装置实现在流程图一个流程或 多个流程和 /或方框图一个方框或多个方框中指定的功能。  The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上, 使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的 处理, 从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图 一个流程或多个流程和 /或方框图一个方框或多个方框中指定的功能的步 骤。  These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
尽管已描述了本发明的优选实施例, 但本领域内的技术人员一旦得知了 基本创造性概念, 则可对这些实施例作出另外的变更和修改。 所以, 所附权 利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。 脱离本发明实施例的精神和范围。 这样, 倘若本发明实施例的这些修改和变 型属于本发明权利要求及其等同技术的范围之内, 则本发明也意图包含这些 改动和变型在内。 Although the preferred embodiment of the invention has been described, it will be apparent to those skilled in the art that, Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and the modifications and The spirit and scope of the embodiments of the present invention are departed. Thus, if these modifications and changes are made to the embodiments of the present invention The type of the invention is intended to be included within the scope of the appended claims and the appended claims.

Claims

权 利 要 求 Rights request
1、 一种适合可信连接架构的安全远程证明方法, 其特征在于, 包括: 访问控制器启动可信网络连接后, 访问控制器和访问请求者, 或者访问 控制器、 访问请求者和策略管理器执行平台鉴别过程之前的相关鉴别协议; 访问控制器、 访问请求者和策略管理器执行平台鉴别过程, 其中平台鉴 别过程中的平台鉴别协议中的平台签名与已经执行的每一个相关鉴别协议中 的一个相关信息进行绑定。  A secure remote attestation method suitable for a trusted connection architecture, comprising: accessing a controller to initiate a trusted network connection, accessing a controller and accessing a requestor, or accessing a controller, accessing a requestor, and managing a policy The relevant authentication protocol before the platform authentication process is performed; the access controller, the access requester and the policy manager perform a platform authentication process, wherein the platform signature in the platform authentication process in the platform authentication process and each related authentication protocol that has been executed A related information is bound.
2、 根据权利要求 1所述的方法, 其特征在于, 若所述需要执行的相关鉴 别协议为产生访问控制器和访问请求者之间主密钥的鉴别协议, 则所述相关 信息为主密钥。  2. The method according to claim 1, wherein if the relevant authentication protocol to be executed is an authentication protocol that generates a master key between an access controller and an access requester, the related information is a primary secret. key.
3、 根据权利要求 2所述的方法, 其特征在于, 所述需要执行的相关鉴别 协议包括: 访问控制器、 访问请求者和策略管理器执行的基于证书的 WAI协 议中的证书鉴别过程。  3. The method according to claim 2, wherein the related authentication protocol to be executed comprises: a certificate authentication process in a certificate-based WAI protocol executed by an access controller, an access requester, and a policy manager.
4、 根据权利要求 1所述的方法, 其特征在于, 若所述需要执行的相关鉴 别协议为产生访问控制器和访问请求者之间单播密钥的鉴别协议, 则所述相 关信息为单播密钥。  The method according to claim 1, wherein if the relevant authentication protocol to be executed is an authentication protocol that generates a unicast key between the access controller and the access requester, the related information is a single Broadcast key.
5、 根据权利要求 4所述的方法, 其特征在于, 所述需要执行的相关鉴别 协议以及相关信息包括: 访问控制器和访问请求者执行的基于预共享密钥的 WAI协议中的单播密钥协商过程。  The method according to claim 4, wherein the related authentication protocol and related information that needs to be executed include: a unicast secret in a pre-shared key-based WAI protocol executed by an access controller and an access requester Key negotiation process.
6、 根据权利要求 1所述的方法, 其特征在于, 所述相关信息为需要执行 的相关鉴别协议中特定数据包的特定数据项, 其中每一轮平台鉴别协议中的 访问请求者产生的平台签名绑定一个仅能由访问请求者在该鉴别协议中发送 的特定数据包的特定数据项; 访问控制器产生的平台签名绑定一个仅能由访 问控制器在该鉴别协议中发送的特定数据包的特定数据项。  6. The method according to claim 1, wherein the related information is a specific data item of a specific data packet in a related authentication protocol that needs to be executed, wherein each round of platform authentication protocol generates a platform generated by an access requester. The signature binds a specific data item of a specific data packet that can only be sent by the access requester in the authentication protocol; the platform signature generated by the access controller binds a specific data that can only be sent by the access controller in the authentication protocol. The specific data item of the package.
7、 根据权利要求 3 、 4或 6所述的方法, 其特征在于, 所述需要执行的 相关鉴别协议以及相关信息还包括: 访问控制器和访问请求者执行的基于全匿名模式的 TLS 握手协议, 该 TLS握手协议的相关信息为: 在执行 TLS握手协议中建立的访问控制器和访 问请求者之间的 TLS隧道密钥。 The method according to claim 3, 4 or 6, wherein the related authentication protocol and related information that needs to be performed further include: The access controller and the access requester perform a full-anonymous mode-based TLS handshake protocol, and the related information of the TLS handshake protocol is: a TLS tunnel key between the access controller and the access requester established in the execution of the TLS handshake protocol.
8、 根据权利要求 7所述的方法, 其特征在于, 所述访问控制器和访问请 求者执行基于全匿名模式的 TLS握手协议时, 还建立访问控制器和访问请求 者之间的密码套件。  8. The method according to claim 7, wherein when the access controller and the access requester perform a TLS handshake protocol based on the full anonymous mode, a cipher suite between the access controller and the access requester is also established.
9、 根据权利要求 8所述的方法, 其特征在于, 所述平台鉴别过程在隧道 密钥以及相关密码套件的保护下执行。  9. The method of claim 8, wherein the platform authentication process is performed under the protection of a tunnel key and an associated cipher suite.
10、 根据权利要求 1 所述的方法, 其特征在于, 所述需要执行的相关鉴 别协议以及相关信息包括:  The method according to claim 1, wherein the related authentication protocol and related information that needs to be performed include:
访问控制器、 访问请求者和策略管理器执行的一个隧道鉴别协议, 该隧 道鉴别协议的相关信息为: 在执行隧道鉴别协议中建立的访问控制器和访问 请求者之间的隧道密钥。  A tunnel authentication protocol executed by the access controller, the access requester, and the policy manager. The information about the tunnel authentication protocol is: a tunnel key between the access controller and the access requestor established in the tunnel authentication protocol.
11、 根据权利要求 7 所述的方法, 其特征在于, 所述访问控制器和访问 请求者执行隧道鉴别协议时, 还建立访问控制器和访问请求者之间的密码套 件。  The method according to claim 7, wherein when the access controller and the access requester perform the tunnel authentication protocol, a password suite between the access controller and the access requester is also established.
12、 根据权利要求 11所述的方法, 其特征在于, 所述平台鉴别过程在隧 道密钥以及相关密码套件的保护下执行。  12. The method of claim 11, wherein the platform authentication process is performed under the protection of a tunnel key and an associated cipher suite.
13、 一种访问控制器, 其特征在于, 包括:  13. An access controller, comprising:
第一协议执行单元, 用于启动可信网络连接后, 和访问请求者, 或者和 访问请求者以及策略管理器执行平台鉴别过程之前的相关鉴别协议;  a first protocol execution unit, configured to initiate a trusted network connection, and to access the requestor, or to access the requester and the policy manager to perform a related authentication protocol prior to the platform authentication process;
第二协议执行单元, 用于和访问请求者以及策略管理器执行平台鉴别过 程, 其中平台鉴别过程中的平台鉴别协议中的平台签名与已经执行的每一个 相关鉴别协议中的一个相关信息进行绑定。  a second protocol execution unit, configured to perform a platform authentication process with the access requester and the policy manager, wherein the platform signature in the platform authentication protocol in the platform authentication process is tied to one related information in each related authentication protocol that has been executed set.
14、 一种适合可信连接架构的安全远程证明系统, 其特征在于, 包括: 访问控制器、 访问请求者以及策略管理器; 其中:  14. A secure remote attestation system suitable for a trusted connection architecture, comprising: an access controller, an access requester, and a policy manager; wherein:
访问控制器启动可信网络连接后, 访问控制器和访问请求者, 或者访问 控制器、 访问请求者以及策略管理器执行平台鉴别过程之前的相关鉴别协议; 访问控制器、 访问请求者和策略管理器执行平台鉴别过程, 其中平台鉴 别过程中的平台鉴别协议中的平台签名与已经执行的每一个相关鉴别协议中 的一个相关信息进行绑定。 After the access controller initiates a trusted network connection, access the controller and access the requestor, or access The controller, the access requester, and the policy manager perform a related authentication protocol before the platform authentication process; the access controller, the access requester, and the policy manager perform a platform authentication process, wherein the platform signature in the platform authentication process in the platform authentication process A related information in each of the relevant authentication protocols that have been executed is bound.
PCT/CN2011/077900 2010-11-10 2011-08-02 Method and system for secure remote attestation in a trusted connection architecture WO2012062136A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201010539124 2010-11-10
CN201010539124.9 2010-11-10

Publications (1)

Publication Number Publication Date
WO2012062136A1 true WO2012062136A1 (en) 2012-05-18

Family

ID=43746333

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2011/077900 WO2012062136A1 (en) 2010-11-10 2011-08-02 Method and system for secure remote attestation in a trusted connection architecture

Country Status (2)

Country Link
CN (1) CN101989990A (en)
WO (1) WO2012062136A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101989990A (en) * 2010-11-10 2011-03-23 西安西电捷通无线网络通信股份有限公司 Secure remote certification method and system suitable for trusted connect architecture

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070283154A1 (en) * 2006-05-31 2007-12-06 Microsoft Corporation Establishing secure, mutually authenticated communication credentials
CN101136928A (en) * 2007-10-19 2008-03-05 北京工业大学 Reliable network access framework
CN101344903A (en) * 2008-09-02 2009-01-14 中国科学院软件研究所 Multi-case dynamic remote certification method based on TPM
CN101795281A (en) * 2010-03-11 2010-08-04 西安西电捷通无线网络通信股份有限公司 Platform identification implementation method and system suitable for trusted connection frameworks
CN101989990A (en) * 2010-11-10 2011-03-23 西安西电捷通无线网络通信股份有限公司 Secure remote certification method and system suitable for trusted connect architecture

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101610273B (en) * 2009-08-03 2011-12-28 西安西电捷通无线网络通信股份有限公司 Secure remote certification method
CN101707621B (en) * 2009-12-11 2012-05-09 西安西电捷通无线网络通信股份有限公司 Network transmission method suitable for ternary peer authentication of trusted network connection architecture

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070283154A1 (en) * 2006-05-31 2007-12-06 Microsoft Corporation Establishing secure, mutually authenticated communication credentials
CN101136928A (en) * 2007-10-19 2008-03-05 北京工业大学 Reliable network access framework
CN101344903A (en) * 2008-09-02 2009-01-14 中国科学院软件研究所 Multi-case dynamic remote certification method based on TPM
CN101795281A (en) * 2010-03-11 2010-08-04 西安西电捷通无线网络通信股份有限公司 Platform identification implementation method and system suitable for trusted connection frameworks
CN101989990A (en) * 2010-11-10 2011-03-23 西安西电捷通无线网络通信股份有限公司 Secure remote certification method and system suitable for trusted connect architecture

Also Published As

Publication number Publication date
CN101989990A (en) 2011-03-23

Similar Documents

Publication Publication Date Title
WO2021120862A1 (en) Method and system for protecting private data
JP5248621B2 (en) Trusted network access control system based on ternary equivalence identification
RU2444156C1 (en) Method to control access to secured network based on three-element authentication of peer-to-peer objects
JP5093350B2 (en) Trusted network connect method with enhanced security
Dubey et al. Cloud-user security based on RSA and MD5 algorithm for resource attestation and sharing in java environment
US8255977B2 (en) Trusted network connect method based on tri-element peer authentication
US8452954B2 (en) Methods and systems to bind a device to a computer system
JP6678457B2 (en) Data security services
Razaque et al. Triangular data privacy-preserving model for authenticating all key stakeholders in a cloud environment
CN101741842A (en) Method for realizing dependable SSH based on dependable computing
Chang et al. A practical secure and efficient enterprise digital rights management mechanism suitable for mobile environment
WO2011015007A1 (en) Method of security remote authentication
Nimmy et al. A novel multi-factor authentication protocol for smart home environments
WO2022143935A1 (en) Blockchain-based method and system for sdp access control
Lu et al. Modeling and verification of IEEE 802.11 i security protocol in UPPAAL for Internet of Things
CN110401640A (en) A kind of credible connection method based on trust computing binary system structure
US11240661B2 (en) Secure simultaneous authentication of equals anti-clogging mechanism
WO2022143498A1 (en) Access control method and apparatus, and network-side device, terminal and blockchain node
WO2012062136A1 (en) Method and system for secure remote attestation in a trusted connection architecture
JP2024501729A (en) Blockchain-based SDP access control method and device
Kumar et al. Hash based approach for providing privacy and integrity in cloud data storage using digital signatures
WO2011022902A1 (en) Method for implementing bidirectional platform authentication
WO2012019457A1 (en) Indirect interaction implementation method and system suitable to cooperation trusted network connection model
WO2012083667A1 (en) Management method and apparatus for platform authentication process adapted to trusted connect architecture
Santra et al. Design and analysis of a modified remote attestation protocol

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11839184

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11839184

Country of ref document: EP

Kind code of ref document: A1