CN101136928A - A Trusted Network Access Framework - Google Patents
A Trusted Network Access FrameworkDownload PDFInfo
- Publication number
- CN101136928A CN101136928ACNA2007101760914ACN200710176091ACN101136928ACN 101136928 ACN101136928 ACN 101136928ACN A2007101760914 ACNA2007101760914 ACN A2007101760914ACN 200710176091 ACN200710176091 ACN 200710176091ACN 101136928 ACN101136928 ACN 101136928A
- Authority
- CN
- China
- Prior art keywords
- access
- platform
- network
- access controller
- requestor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000011156evaluationMethods0.000claimsabstractdescription19
- 238000012795verificationMethods0.000claimsabstractdescription19
- 238000005259measurementMethods0.000claimsdescription39
- 238000010276constructionMethods0.000claimsdescription23
- 239000012636effectorSubstances0.000claimsdescription22
- 238000000034methodMethods0.000claimsdescription7
- 238000012854evaluation processMethods0.000claimsdescription3
- 230000007246mechanismEffects0.000claimsdescription3
- 230000008569processEffects0.000claimsdescription3
- DYSJMQABFPKAQM-UHFFFAOYSA-N1-benzothiophene-2-carboxylic acidChemical compoundC1=CC=C2SC(C(=O)O)=CC2=C1DYSJMQABFPKAQM-UHFFFAOYSA-N0.000abstract1
- 230000006870functionEffects0.000description14
- 238000005516engineering processMethods0.000description5
- 230000002155anti-virotic effectEffects0.000description2
- 238000013475authorizationMethods0.000description2
- 230000005540biological transmissionEffects0.000description2
- GOLXNESZZPUPJE-UHFFFAOYSA-NspiromesifenChemical compoundCC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1GOLXNESZZPUPJE-UHFFFAOYSA-N0.000description2
- 241000700605VirusesSpecies0.000description1
- 238000000429assemblyMethods0.000description1
- 230000000712assemblyEffects0.000description1
- 230000006399behaviorEffects0.000description1
- 230000009286beneficial effectEffects0.000description1
- 238000004590computer programMethods0.000description1
- 238000000151depositionMethods0.000description1
- 238000011161developmentMethods0.000description1
- 238000009472formulationMethods0.000description1
- 238000003780insertionMethods0.000description1
- 230000037431insertionEffects0.000description1
- 230000003993interactionEffects0.000description1
- 230000009545invasionEffects0.000description1
- 238000002955isolationMethods0.000description1
- 239000000203mixtureSubstances0.000description1
- UZHSEJADLWPNLE-GRGSLBFTSA-NnaloxoneChemical compoundO=C([C@@H]1O2)CC[C@@]3(O)[C@H]4CC5=CC=C(O)C2=C5[C@@]13CCN4CC=CUZHSEJADLWPNLE-GRGSLBFTSA-N0.000description1
- 229940065778narcanDrugs0.000description1
- 230000008520organizationEffects0.000description1
- 230000000246remedial effectEffects0.000description1
- 230000008439repair processEffects0.000description1
- 238000011160researchMethods0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
Translated fromChinese
Description
Technical field
The present invention relates to computer network framework, gateway, network service standard, computer program, relate in particular to a kind of reliable network access framework and nucleus equipment thereof, belong to information security field.
Background technology
Along with informationalized development gradually, computer network is deep day by day to the mankind's influence, and information security issue has become important social concern.One talks information security, people expect often be to resist the virus from the computer outside, hacker's attack and invasion and attack, and then expect antivirus software and " fire compartment wall ", but often ignore to come the attack of network internal.According to the statistics of world security circle, the attack that various computer networks suffer and to destroy 80% be to come from inside.At present, information security measure in the industry mainly is to plug up a leak, do high-wall, anti-outer attack etc. " old three samples ", but final result is hard to guard against.The main cause that produces this situation is that we do not go to control root---the terminal that produces unsafe problems, and always carries out shutoff in the periphery.Therefore, we should set about from the safety that improves use node self based on the pattern of " in anti-, inside and outside hold concurrently anti-", construct positive, comprehensive security protection system.
The authoritative institution of reliable computing technology is credible computation organization (Trusted ComputingGroup) in the world at present, this tissue is devoted to the formulation of trusted technology correlation technique standard always, face the diverse network attack at trusted terminal, TCG formulated based on the network of trusted technology connect standard (TrustedNetwork Connect, TNC).Credible calculating at first guarantees the credibility of all terminals, i.e. expecting of behavior set up believable network system by believable terminal, improves the controllability to network.
The main purpose of TNC framework is by providing a framework of being made up of the various protocols standard to realize the polynary network standard of a cover, and it provides following function:
Platform is differentiated: be used to verify network access request person's identity, and the integrality state of platform.
Terminal strategy mandate: for the state of terminal is set up a confidence levels, for example: confirm existence, state, the upgrade case of application program, the version of the rule base of upgrading anti-virus software and IDS, the Patch-level of terminal operating system and application program etc.Thereby thereby make terminal be given one can logging in network authorization policy obtain access to netwoks power under certain control of authority.
Access strategy: confirm terminal machine and its user's authority, and set up confidence levels in the past, the already present standard of balance, product and technology at its connection network.
Assess, isolate and remedy: confirm that the terminal function that does not meet credible policy requirement is isolated in outside the trustable network, if possible carry out the remedial measure that is fit to.
1, the basic framework of TNC and related entities
The basic framework of TNC mainly comprises three entities, three levels and several interface modules etc.This framework has increased two-layer on traditional network insertion level, but the integrity verification between implementation platform, thus satisfy credibility, integrality and fail safe.
2, three class primary entities:
Request visitor AR (the Access Requestor): function is for sending access request, and collecting platform integrality reliable information sends to PDP, connects thereby set up network.This entity comprises following assembly: network access request person (NAR) is responsible for sending access request, sets up network and connects.On an AR several different NAR can be arranged, the difference of setting up with network connects; TNC client (TNCC) is responsible for gathering the integrity measurement information from IMC, measures and report the integrity information of platform and IMC self simultaneously; Integrity measurement gatherer (IMC) is carried out the integrity properties of measuring AR.On an AR, a plurality of different IMC can be arranged.
Strategy execution person PEP (Policy Enforcement Point): this assembly control is to the visit of protected network.Whether PEP consulting PDP decides visit should be performed.
Strategic decision-making person PDP (Policy Decision Point): function for according to the recommendation of TNCS and local security policy to the judgement of making a strategic decision of the access request of AR, result of determination for allow/forbid/isolate.This entity comprises following three assemblies: access to netwoks mandate (NAA) determines whether the access request of an AR is allowed to.Whether NAA can seek advice from TNCS and decide the integrality state of AR consistent with the security strategy of NAA, thereby whether the access request of decision AR is allowed to; TNC server (TNCS) is responsible for the information flow between control IMV and the IMC, gathers the visit decision from IMV, and forms the visit decision of an overall situation, passes to NAA; Integrity measurement discriminator (IMV) is responsible for the integrity measurement value about AR that receives from IMC is differentiated, and is made the visit decision.
3, three basic layers:
Network access layer (Network Access Layer): this one deck is used to support traditional network interconnection technique, as 802.1X, and VPN, mechanism such as AAA Server.In this one deck the inside three entity: NAR, PEP and PDP are arranged.
Integrity assessment layer (Integrity Evaluation Layer): the integrality of being responsible for the entity of all request accesses network of assessment.There are two important interface: IF-IMC (IntegrityMeasurement Collector Interface) and IF-IMV (Integrity Measurement VerifierInterface) in this one deck and upper strata.Wherein, IF-IMV is that IMC is with the interface between the TNCC.The major function of this interface is to collect the integrity measurement value from IMC, and supports IMC with the information flow between the IMV; : IF-IMV is the interface between IMV and the TNCS.The major function of this interface is that the integrity measurement value that will obtain from IMC passes to IMV, supports IMC with the information flow between the IMV, and the visit decision that IMV made is passed to TNCS.
Integrity measurement layer (Integrity Measurement Layer): the assembly of collection and check request visitor's integrality relevant information.
4, other important interface module:
IF-TNCCS is the interface between TNCC and the TNCS.This interface definition an agreement, this agreement is transmitted following information: the information from IMC to IMV (as the integrity measurement value); Information from IMV to IMC (as requiring extra integrity measurement value); Session management information and some synchronizing informations.
IMC and IMV interface (IF-M): IF-M are the interfaces between IMC and the IMV.If some information relevant of the information spinner that on this interface, transmits with provider.
Network authorization host-host protocol (IF-T): IF-T is maintained in the message transmission between AR entity and the PDP entity.The assembly of safeguarding this interface in these two entities is NAR and NAA.
Policy enforcement point interface (IF-PEP): IF-PEP is the interface between PDP and the PEP.This interface is safeguarded the message transmission between PDP and the PEP.By it, PDP can indicate PEP that AR is carried out to a certain degree isolation, so that AR is repaired.After reparation is finished, can authorize the right of AR accesses network.
Summary of the invention
Purpose of the present invention is based on existing domestic and international trustable network interconnection technique research and analysis, the credible network connecting construction that has proposed to have independent intellectual property right.There are three entities in this credible network connecting construction: access requestor, access controller and policy manager, policy manager manages and realizes that to access requestor and access controller the two-way user identity between them differentiates and the platform integrity assessment, access requestor and access controller are controlled local port according to the decision-making of policy manager, thereby realize credible network connecting construction.
Credible network connecting construction was measured its platform status before accessing terminal to network, have only the security strategy of satisfying just to allow to be linked in the network, making directly access network of some computers that computer network is had a potential threat, is method a kind of active, that take precautions against in advance.Credible network connecting construction is an important component part of credible counting system structure, and purpose is that trust chain is extended to network from terminal, makes the trusted status of terminal expand to the interconnected systems of terminal.
The invention provides the nucleus equipment of trustable network connecting frame and realization trustable network, can not only control the trusted terminal access network, can also finish two-way user identity discriminating, the discriminating of two-way user platform identity and platform thermodynamic state verification to terminal, and can assess, isolate and repair terminal.Simultaneously, lay a good foundation for credible computing terminal, access control equipment, tactical management equipment, authenticating device, the Network Security Device of compatible different vendor.
1, basic framework
Credible network connecting construction is as shown in Figure 1:
Credible network connecting construction is described functional hierarchy, entity, assembly and interface.This framework is divided into three functional hierarchies: access to netwoks key-course, credible platform evaluation layer and integrity measurement layer; Have three entities: access requestor, access controller and policy manager; Each entity has comprised some functional units, is depositing a series of interfaces between the assembly.
2, entity
Credible network connecting construction has three entities:
Access requestor AR (Access Requestor): the entity that request connects.Its function is for sending access request, finishes with the user identity of access controller and differentiates, collects the integrity measurement value and sends to access controller, finish and access controller between the completeness of platform assessment, wait for that setting up network connects.This entity comprises following assembly: network access request person, trustable network connect client and integrality gatherer.
Access controller AC (Access Controller): function is the visit of control access requestor to network, receives the platform credible identification strategy and the assessment strategy of policy manager distribution; Receive the integrity measurement value of access requestor, collect the integrity measurement value of self, these integrity measurement values are sent to policy manager; Decision-making according to policy manager is carried out.This entity comprises following assembly: access to netwoks effector, trustable network Connection Service end and integrality gatherer.
Policy manager PM (Policy Manager): policy manager is responsible to define and distributing network access control policy and credible assessment strategy, assisting access requestor and access controller to carry out user identity differentiates, the validity of the AIK certificate of authentication-access requestor and access controller, the completeness of platform of verification access requestor and access controller, the Policy Result of the access to netwoks control of generation access requestor and access controller.This entity comprises following assembly: identification strategy server, assessment strategy server and completeness check person.
This framework is the logical architecture of credible network connecting construction, and entity or assembly can be a software, also can be an equipment, or even a cover system.A plurality of entities can be implemented on the different equipment with assembly, also can be implemented in as required on the equipment.
3, level
Credible network connecting construction is divided into three levels from bottom to up:
Access to netwoks key-course (Network Access Control Layer): realize the two-way user identity discriminating between network access request person and the access to netwoks effector.It is to utilize trusted third party's entity that network access request person and access to netwoks effector's user identity is differentiated, promptly the identification strategy server realizes, access requestor and access controller are reciprocity in discrimination process.Access requestor and access controller are controlled the port of self according to the user identity identification result of access to netwoks key-course and the access decision-making of credible platform evaluation layer, thereby realize mutual access control.
Credible platform evaluation layer (Trusted Platform Evaluation Layer): realize that trustable network connects the completeness of platform assessment between client and the trustable network Connection Service end.Trustable network connects the completeness of platform assessment of client and trustable network Connection Service end, utilizes trusted third party, and promptly the assessment strategy server realizes.The completeness of platform assessment comprises discriminating of platform identity and platform completeness check.In the credible platform evaluation process, the checking and the completeness of platform verification of the AIK certificate of access requestor and access controller are finished by policy manager.Policy manager makes a policy to the completeness of platform of access requestor and access controller, and the access to netwoks key-course is carried out according to this decision-making and connected control.
Integrity measurement layer (Integrity Measurement Layer): the completeness of platform of being responsible for collection and verification access requestor and access controller.The integrality gatherer of access requestor and access controller collects the integrity information of platform separately respectively, and the completeness check person of policy manager is responsible for the completeness of platform of verification access requestor and access controller.
4, functional unit
Credible network connecting construction comprises following functional unit:
Network access request person (Network Access Requestor, NAR): function is initiated access request for being responsible for to access controller, realizes the two-way user identity discriminating on the access to netwoks key-course of access requestor and access controller; Be responsible for protocol data to access controller or policy manager forwarding credible platform evaluation layer; According to the Policy Result of identification strategy server generation and the Policy Result of assessment strategy server generation, the port of self is controlled to realize the connection control to access controller.
The access to netwoks effector (Network Access Controller, NAC): function is differentiated for the two-way user identity of realizing access requestor and access controller; Be responsible for transmitting the protocol data of credible platform evaluation layer to network access request person and identification strategy server; According to the Policy Result of identification strategy server generation and the Policy Result of assessment strategy server generation, the port of self is controlled to realize the access control to access requestor.
(Authentication Policy Server, APS): function is for serving as trusted third party, and the two-way user identity of being responsible between realization access requestor and the access controller is differentiated for identification strategy server.
Trustable network connects client (TNC Client, TNCC): function is for asking and receive the integrality metric by the IF-IMC interface to upper strata integrality gatherer, realize the bi-directional platform integrity assessment of access requestor and access controller, the assessment result that generates according to the assessment strategy server generates the connection decision-making and sends to network access request person.
Trustable network Connection Service end (TNC Server, TNCS): function is for asking and receive the integrality metric by the IF-IMC interface to upper strata integrality gatherer, realize the bi-directional platform integrity assessment of access requestor and access controller, the assessment result that generates according to the assessment strategy server generates the access decision-making and sends to the access to netwoks effector.
(Evaluation Policy Server, EPS): function realizes the bi-directional platform integrity assessment of access requestor and access controller for serving as trusted third party to the assessment strategy server.The validity of the AIK certificate of assessment strategy server authentication-access requestor and access controller, send the platform integrity metric value of access requestor and access controller by the IF-IMV interface to upper strata completeness check person IMV, and receive the check results of the platform integrity metric value of the access requestor that returns by IMV and access controller.
Integrality gatherer (Integrity Measurement Collector, IMC): the integrity service of function for utilizing credible calculating platform to provide, the completeness of platform information of collecting access requestor and access controller.
(Integrity Measurement Verifier, IMV): function is for utilizing Integrity Management mechanism, the completeness of platform information of verification access requestor and access controller for the completeness check person.
5, interface
Credible network connecting construction has a plurality of interfaces.These interface definitions between the assembly relation and the agreement between the assembly and exchange messages.These interfaces are:
Trustable network coffret (Trusted Network Transport Interface, IF-TNT): the interface between network access request person and the access to netwoks effector, integrality have defined the information exchange between network access request person and the access to netwoks effector.
Identification strategy service interface (Authentication Policy Service Interface, IF-APS): the interface between access to netwoks effector and the identification strategy server has defined the information exchange between access to netwoks effector and the identification strategy server.
Trustable network connects client-trustable network Connection Service end interface (TNC Client-ServerInterface, IF-TNCCS): trustable network connects the interface between client and the trustable network Connection Service end, has defined the information exchange between trustable network connection client and the trustable network Connection Service end.
Assessment strategy service interface (Evaluation Policy Service Interface, IF-EPS): trustable network connects the interface between client trustable network Connection Service end and the assessment strategy server, has defined the information exchange between trustable network Connection Service end and the assessment strategy server.
The integrity measurement interface (Integrity Measurement Interface, IF-IM): the interface between integrality gatherer and the completeness check person, the interoperability agreement between the integrality gatherer of this each manufacturers produce of interface definition and the completeness check person.
Integrity measurement is collected interface (Integrity Measurement Collector Interface, IF-IMC): trustable network connects between client and the integrality gatherer and the protocol interface between trustable network Connection Service end and the integrality gatherer, this interface definition request and receiving platform integrity information.
Integrity measurement verification interface (Integrity Measurement Verifier Interface, IF-IMV): the protocol interface between assessment strategy server and the completeness check person, this interface definition send the agreement of completeness of platform information to the check results of integrality verifier and receiving platform integrity information.
Beneficial effect
The key management of this credible network connecting construction is simplified in the introducing of policy manager, has improved the extensibility of this architecture simultaneously.
Assessment strategy server's introducing in the policy manager, help the centralized management and the distribution of platform credible strategy, serve as trusted third party, make the completeness of platform assessment of credible platform evaluation layer have higher fail safe, realized the concentrated verification of completeness of platform simultaneously.
Description of drawings
Fig. 1 credible network connecting construction
The information flow chart of Fig. 2 credible network connecting construction
Numeral wherein is corresponding to the step of information flow
Embodiment
Information flow
The once complete information flow of credible network connecting construction as shown in Figure 2.
The information flow of credible network connecting construction is:
(1) network access request person initiates access request to the access to netwoks effector;
(2) after the access to netwoks effector receives network access request person's access request, realize that with network access request person and identification strategy server the two-way user identity of access requestor and access controller is differentiated.In the user identity discrimination process, policy manager serves as trusted third party, consults a master key between access requestor and the access controller.Access requestor and access controller utilize this master key to consult session key between them.Simultaneously, access requestor and access controller are controlled local port according to the result of two-way user identity discriminating;
(3) after user identity discriminating and the key agreement success, network access request person is mail to successful information trustable network respectively with the access to netwoks effector and is connected client and trustable network Connection Service end;
(4) after trustable network Connection Service end is received this successful information, the bi-directional platform integrity assessment of requestor and access controller conducts interviews---and the platform identity is differentiated and the platform completeness check, wherein the assessment strategy server is responsible for the AIK certificate of authentication-access requestor and access controller and the completeness of platform of verification access requestor and access controller, finally generates the completeness of platform assessment result of access requestor and access controller.In the completeness of platform evaluation process, integrality gatherer and completeness check person that trustable network connects client, trustable network Connection Service end and assessment strategy server needs and integrity measurement layer carry out information interaction;
(5) after the assessment of the completeness of platform of access requestor and access controller is finished, trustable network connects client and trustable network Connection Service end inserts decision-making accordingly according to the completeness of platform assessment result generation that the assessment strategy server generates, and sends to network access request person and access to netwoks effector respectively;
Network access request person and access to netwoks effector control local port according to the access decision-making (allowing/forbid/isolate) of receiving separately, thereby realization credible network connecting construction, be access controller according to of the visit of Decision Control access requestor to network, and access requestor judges whether to be connected to this network according to decision-making.
Access requestor
Hardware: have the complete host computer system of credible platform control module, comprise processor, memory, network adapter etc.
Software: operating system, platform credible service, network access request module, trustable network connect client, integrality collection module.
Access controller
Hardware: have the complete host computer system of credible platform control module, comprise processor, memory, network adapter etc.
Software: operating system, platform credible service, access to netwoks control module, trustable network Connection Service module, integrality collection module.
Policy manager
Hardware: have the complete host computer system of credible platform control module, comprise processor, memory, network adapter etc.
Software: operating system, platform credible service, identification strategy service module, assessment strategy service module, completeness check module.
This programme and TNC contrast
There is not policy manager among the TNC. This programme adds policy manager, in the set of strategies to trustable network Centralized Control is convenient in management; Concentrating of strategy and platform check avoided because controller is led by attack The terminal that causes is under attack; The key of credible network connecting construction has been simplified in the wherein introducing of diploma system Manage, improved simultaneously the extensibility of this architecture.
The assessment strategy server is conducive to centralized management and the distribution of platform credible strategy, serves as the credible the 3rd The side so that the assessment of the completeness of platform of credible platform evaluation layer has higher security, has realized simultaneously The concentrated verification of completeness of platform.
Claims (1)
1. a reliable network access framework is characterized in that, this framework is divided into three functional hierarchies: access to netwoks key-course, credible platform evaluation layer and integrity measurement layer; Have three entities: access requestor, access controller and policy manager;
Credible network connecting construction has three entities:
Access requestor: the entity that request connects; Its function is for sending access request, finishes with the two-way user identity of access controller and differentiates, collects the integrity measurement value and sends to access controller, finish and access controller between the completeness of platform assessment, wait for that setting up network connects; This entity comprises following assembly: network access request person, trustable network connect client and integrality gatherer;
Access controller: function is the visit of control access requestor to network, receives the platform credible identification strategy and the assessment strategy of policy manager distribution; Receive the integrity measurement value of access requestor, collect the integrity measurement value of self, these integrity measurement values are sent to policy manager; Decision-making according to policy manager is carried out; This entity comprises following assembly: access to netwoks effector, trustable network Connection Service end and integrality gatherer;
Policy manager: policy manager is responsible to define and distributing network access control policy and credible assessment strategy, assisting access requestor and access controller to carry out user identity differentiates, the validity of the proof identity key certificate of authentication-access requestor and access controller, the completeness of platform of verification access requestor and access controller, the Policy Result of the access to netwoks control of generation access requestor and access controller; This entity comprises following assembly: identification strategy server, assessment strategy server and completeness check person;
Credible network connecting construction is divided into three levels from bottom to up:
The access to netwoks key-course: access requestor, access controller and policy manager realize that two-way user identity discriminating exists, and access requestor and access controller are reciprocity in discrimination process; Access requestor and access controller are controlled the port of self according to the user identity identification result of access to netwoks key-course and the access decision-making of credible platform evaluation layer, thereby realize mutual access control;
The credible platform evaluation layer: trustable network connects the completeness of platform assessment of client and trustable network Connection Service end, utilizes trusted third party, and promptly the assessment strategy server realizes; The completeness of platform assessment comprises platform credential discriminating and platform completeness check; In the credible platform evaluation process, the checking and the completeness of platform verification of the proof identity key certificate of access requestor and access controller are finished by policy manager; Policy manager makes a policy to the completeness of platform of access requestor and access controller, and the access to netwoks key-course is carried out according to this decision-making and connected control;
Integrity measurement layer: the completeness of platform of being responsible for collection and verification access requestor and access controller; The integrality gatherer of access requestor and access controller collects the integrity information of platform separately respectively, and the completeness check person of policy manager is responsible for the completeness of platform of verification access requestor and access controller;
Credible network connecting construction comprises following functional unit:
Network access request person: function is initiated access request for being responsible for to access controller, differentiates with the two-way user identity that access to netwoks effector and identification strategy server are implemented on the access to netwoks key-course; Be responsible for data to access controller or policy manager forwarding credible platform evaluation layer; According to the Policy Result of identification strategy server generation and the Policy Result of assessment strategy server generation, the port of self is controlled to realize the connection control to access controller;
The access to netwoks effector: the two-way user identity of realizing access requestor and access controller with network access request person and identification strategy server is differentiated; Be responsible for transmitting the data of credible platform evaluation layer to network access request person and identification strategy server; According to the Policy Result of identification strategy server generation and the Policy Result of assessment strategy server generation, the port of self is controlled to realize the access control to access requestor;
Identification strategy server: function is for serving as trusted third party, and the two-way user identity of being responsible between realization access requestor and the access controller is differentiated;
Trustable network connects client: function is to collect interface to upper strata integrality gatherer request and reception integrality metric by integrity measurement, realize the bi-directional platform integrity assessment of access requestor and access controller, the assessment result that generates according to the assessment strategy server generates the connection decision-making and sends to network access request person;
Trustable network Connection Service end: function is to collect interface to upper strata integrality gatherer request and reception integrality metric by integrity measurement, realize the bi-directional platform integrity assessment of access requestor and access controller, the assessment result that generates according to the assessment strategy server generates the access decision-making and sends to the access to netwoks effector;
The assessment strategy server: function realizes the bi-directional platform integrity assessment of access requestor and access controller for serving as trusted third party; The validity of the proof identity key certificate of assessment strategy server authentication-access requestor and access controller, send the platform integrity metric value of access requestor and access controller by integrity measurement verification interface to upper strata completeness check person, and receive the check results of the platform integrity metric value of the access requestor that returns by the completeness check person and access controller;
Integrality gatherer: the integrity service of function for utilizing credible calculating platform to provide, the completeness of platform information of collecting access requestor and access controller;
The completeness check person: function is: utilize Integrity Management mechanism, the completeness of platform information of verification access requestor and access controller;
Credible network connecting construction has a plurality of interfaces, and these interfaces are:
The trustable network coffret: the interface between network access request person and the access to netwoks effector has defined the information exchange between network access request person and the access to netwoks effector;
The identification strategy service interface: the interface between access to netwoks effector and the identification strategy server has defined the information exchange between access to netwoks effector and the identification strategy server;
Trustable network connects client-trustable network Connection Service end interface: trustable network connects the interface between client and the trustable network Connection Service end, has defined the information exchange between trustable network connection client and the trustable network Connection Service end;
The assessment strategy service interface: trustable network connects the interface between client trustable network Connection Service end and the assessment strategy server, has defined the information exchange between trustable network Connection Service end and the assessment strategy server;
Integrity measurement interface: the interface between integrality gatherer and the completeness check person, the interoperability agreement between the integrality gatherer of this each manufacturers produce of interface definition and the completeness check person;
Integrity measurement is collected interface: trustable network connects between client and the integrality gatherer and the protocol interface between trustable network Connection Service end and the integrality gatherer, this interface definition request and receiving platform integrity information;
Integrity measurement verification interface: the interface between assessment strategy server and the completeness check person, this interface definition send the protocol information of completeness of platform information to integrality verifier and receiving platform integrity information check results.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101760914ACN101136928B (en) | 2007-10-19 | 2007-10-19 | Reliable network access control system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101760914ACN101136928B (en) | 2007-10-19 | 2007-10-19 | Reliable network access control system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101136928Atrue CN101136928A (en) | 2008-03-05 |
| CN101136928B CN101136928B (en) | 2012-01-11 |
Family
ID=39160754
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101760914AExpired - Fee RelatedCN101136928B (en) | 2007-10-19 | 2007-10-19 | Reliable network access control system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101136928B (en) |
Cited By (53)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009015581A1 (en)* | 2007-08-01 | 2009-02-05 | China Iwncomm Co., Ltd. | A method for trusted network connect based on tri-element peer authentication |
| WO2009015580A1 (en)* | 2007-08-01 | 2009-02-05 | China Iwncomm Co., Ltd. | A trusted network connect method for enhancing security |
| WO2009018742A1 (en)* | 2007-08-03 | 2009-02-12 | China Iwncomm Co., Ltd. | A trusted network connect system based on three-element peer authentication |
| WO2009065350A1 (en)* | 2007-11-16 | 2009-05-28 | China Iwncomm Co., Ltd. | A trusted network acces control system based ternery equal identification |
| WO2010020188A1 (en)* | 2008-08-21 | 2010-02-25 | 西安西电捷通无线网络通信有限公司 | Trusted network management method based on tcpa/tcg trusted network connection |
| WO2010040309A1 (en)* | 2008-10-10 | 2010-04-15 | 华为技术有限公司 | Access method, network system and device |
| CN101286844B (en)* | 2008-05-29 | 2010-05-12 | 西安西电捷通无线网络通信有限公司 | A Two-way Authentication Method for Entities Supporting Fast Switching |
| WO2010051742A1 (en)* | 2008-11-04 | 2010-05-14 | 西安西电捷通无线网络通信有限公司 | A method for authenticating a trusted platform based on the tri-element peer authentication (tepa) |
| WO2010083680A1 (en)* | 2009-01-21 | 2010-07-29 | 华为技术有限公司 | Method for validating platform integrity, access device, network device and network system |
| WO2010118613A1 (en)* | 2009-04-16 | 2010-10-21 | 西安西电捷通无线网络通信有限公司 | Implementation method for a tri-element peer authentication tursted network connection framework |
| JP2010536203A (en)* | 2007-08-08 | 2010-11-25 | 西安西▲電▼捷通▲無▼▲綫▼▲網▼絡通信有限公司 | Trusted network connect system with enhanced safety |
| WO2010142110A1 (en)* | 2009-06-08 | 2010-12-16 | 西安西电捷通无线网络通信有限公司 | Platform authentication message management method suitable for tri-element peer authentication trusted network connect structure |
| WO2010142115A1 (en)* | 2009-06-08 | 2010-12-16 | 西安西电捷通无线网络通信有限公司 | Access control method for tri-element peer authentication credible network connection structure |
| CN101951607A (en)* | 2010-10-14 | 2011-01-19 | 中国电子科技集团公司第三十研究所 | Reliability-based wireless local area network trusted accessing method and system |
| WO2011022902A1 (en)* | 2009-08-25 | 2011-03-03 | 西安西电捷通无线网络通信股份有限公司 | Method for implementing bidirectional platform authentication |
| CN101383823B (en)* | 2008-10-08 | 2011-03-23 | 东南大学 | Network resource access control method in reliable access |
| CN101447992B (en)* | 2008-12-08 | 2011-04-06 | 西安西电捷通无线网络通信股份有限公司 | Trusted network connection implementing method based on three-element peer-to-peer authentication |
| CN102035837A (en)* | 2010-12-07 | 2011-04-27 | 中国科学院软件研究所 | Method and system for hierarchically connecting trusted networks |
| CN101247410B (en)* | 2008-03-28 | 2011-06-08 | 上海中标软件有限公司 | Method for implementing reliable network system based on reliable computation |
| CN101277303B (en)* | 2008-05-16 | 2011-06-29 | 东南大学 | A control method for trusted and controllable network architecture |
| CN102215211A (en)* | 2010-04-02 | 2011-10-12 | 中兴通讯股份有限公司 | Communication method, and security policy negotiation method and system for supporting trusted network connect |
| CN101488851B (en)* | 2009-02-25 | 2011-12-21 | 中国人民解放军信息工程大学 | Method and apparatus for signing identity verification certificate in trusted computing |
| CN102355467A (en)* | 2011-10-18 | 2012-02-15 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| WO2012062136A1 (en)* | 2010-11-10 | 2012-05-18 | 西安西电捷通无线网络通信股份有限公司 | Method and system for secure remote attestation in a trusted connection architecture |
| CN101540676B (en)* | 2009-04-28 | 2012-05-23 | 西安西电捷通无线网络通信股份有限公司 | Platform identifying method suitable to identify credible network connecting construction in ternary equal way |
| WO2012083722A1 (en)* | 2010-12-20 | 2012-06-28 | 西安西电捷通无线网络通信股份有限公司 | Method, client, and server for implementing platform authentication for trusted network connect architecture |
| CN103023911A (en)* | 2012-12-25 | 2013-04-03 | 北京工业大学 | Authentication method for access of trusted network devices to trusted network |
| US8424060B2 (en) | 2007-11-16 | 2013-04-16 | China Iwncomm Co., Ltd. | Trusted network access controlling method based on tri-element peer authentication |
| WO2013056674A1 (en)* | 2011-10-20 | 2013-04-25 | 阿尔卡特朗讯公司 | Centralized security management method and system for third party application and corresponding communication system |
| CN103618613A (en)* | 2013-12-09 | 2014-03-05 | 北京京航计算通讯研究所 | Network access control system |
| CN103780395A (en)* | 2014-01-24 | 2014-05-07 | 广东电网公司电力科学研究院 | Method and system for proving bidirectional measurement through network access |
| US8756654B2 (en) | 2008-08-21 | 2014-06-17 | China Iwncomm Co., Ltd. | Trusted network management method of trusted network connections based on tri-element peer authentication |
| US8789134B2 (en) | 2009-04-16 | 2014-07-22 | China Iwncomm Co., Ltd. | Method for establishing trusted network connect framework of tri-element peer authentication |
| CN104079570A (en)* | 2014-06-27 | 2014-10-01 | 东湖软件产业股份有限公司 | Trusted network connecting method based on IPsec |
| CN104462899A (en)* | 2014-11-29 | 2015-03-25 | 中国航空工业集团公司第六三一研究所 | Trust access control method for comprehensive avionics system |
| CN104468606A (en)* | 2014-12-24 | 2015-03-25 | 国家电网公司 | Trusted connecting system and method based on power generation control system |
| CN104618396A (en)* | 2015-03-04 | 2015-05-13 | 浪潮集团有限公司 | Trusted network access and access control system and method |
| CN104811465A (en)* | 2014-01-27 | 2015-07-29 | 电信科学技术研究院 | Decision method for access control and equipment |
| US9716707B2 (en) | 2012-03-12 | 2017-07-25 | China Iwncomm Co., Ltd. | Mutual authentication with anonymity |
| CN109150866A (en)* | 2018-08-09 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of policy distribution feedback and check system and method |
| CN109413107A (en)* | 2018-12-18 | 2019-03-01 | 北京可信华泰信息技术有限公司 | A kind of credible platform connection method |
| CN109714185A (en)* | 2017-10-26 | 2019-05-03 | 阿里巴巴集团控股有限公司 | Policy deployment method, apparatus, system and the computing system of trusted servers |
| US10291614B2 (en) | 2012-03-12 | 2019-05-14 | China Iwncomm Co., Ltd. | Method, device, and system for identity authentication |
| CN109768967A (en)* | 2018-12-18 | 2019-05-17 | 北京可信华泰信息技术有限公司 | A kind of credible platform connection system |
| CN109861970A (en)* | 2018-12-18 | 2019-06-07 | 北京可信华泰信息技术有限公司 | A kind of system based on credible strategy |
| CN111654490A (en)* | 2020-05-28 | 2020-09-11 | 全球能源互联网研究院有限公司 | Power Security Trusted Monitoring System and Trusted Dynamic Association Perception Method |
| CN112966260A (en)* | 2021-03-03 | 2021-06-15 | 北京中安星云软件技术有限公司 | Data security agent system and method based on domestic trusted computing platform |
| CN113726727A (en)* | 2021-05-30 | 2021-11-30 | 国网河北省电力有限公司信息通信分公司 | Electric power Internet of things trusted connection method based on edge computing |
| CN113794685A (en)* | 2021-08-16 | 2021-12-14 | 可信计算科技(无锡)有限公司 | Data transmission method and device based on credible evaluation |
| CN115001838A (en)* | 2022-06-20 | 2022-09-02 | 上海电器科学研究所(集团)有限公司 | Plug-and-play credible access verification method for edge equipment of network collaborative manufacturing platform |
| CN115459940A (en)* | 2022-07-21 | 2022-12-09 | 新华三信息安全技术有限公司 | A verification method, device, electronic equipment and medium for a security policy |
| CN116015977A (en)* | 2023-01-28 | 2023-04-25 | 武汉大学 | Network access control method and system for Internet of things equipment |
| CN119562258A (en)* | 2025-02-06 | 2025-03-04 | 中国电力科学研究院有限公司 | Power WLAN security reinforcement method, system and equipment based on trusted computing |
- 2007
- 2007-10-19CNCN2007101760914Apatent/CN101136928B/ennot_activeExpired - Fee Related
Cited By (87)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2010534988A (en)* | 2007-08-01 | 2010-11-11 | 西安西▲電▼捷通▲無▼▲綫▼▲網▼絡通信有限公司 | Trusted network connect method with enhanced security |
| WO2009015580A1 (en)* | 2007-08-01 | 2009-02-05 | China Iwncomm Co., Ltd. | A trusted network connect method for enhancing security |
| WO2009015581A1 (en)* | 2007-08-01 | 2009-02-05 | China Iwncomm Co., Ltd. | A method for trusted network connect based on tri-element peer authentication |
| US8255977B2 (en) | 2007-08-01 | 2012-08-28 | China Iwncomm Co., Ltd. | Trusted network connect method based on tri-element peer authentication |
| US8191113B2 (en) | 2007-08-03 | 2012-05-29 | China Iwncomm Co., Ltd. | Trusted network connect system based on tri-element peer authentication |
| WO2009018742A1 (en)* | 2007-08-03 | 2009-02-12 | China Iwncomm Co., Ltd. | A trusted network connect system based on three-element peer authentication |
| JP2010535440A (en)* | 2007-08-03 | 2010-11-18 | 西安西▲電▼捷通▲無▼綫▲網▼絡通信有限公司 | Trusted network connection system based on three-factor peer authentication |
| JP2010536203A (en)* | 2007-08-08 | 2010-11-25 | 西安西▲電▼捷通▲無▼▲綫▼▲網▼絡通信有限公司 | Trusted network connect system with enhanced safety |
| JP2011504026A (en)* | 2007-11-16 | 2011-01-27 | 西安西▲電▼捷通▲無▼綫▲網▼絡通信股▲分▼有限公司 | Trusted network access control system based on ternary equivalence identification |
| US8424060B2 (en) | 2007-11-16 | 2013-04-16 | China Iwncomm Co., Ltd. | Trusted network access controlling method based on tri-element peer authentication |
| US8336083B2 (en) | 2007-11-16 | 2012-12-18 | China Iwncomm Co., Ltd. | Trusted network access control system based ternary equal identification |
| WO2009065350A1 (en)* | 2007-11-16 | 2009-05-28 | China Iwncomm Co., Ltd. | A trusted network acces control system based ternery equal identification |
| CN101247410B (en)* | 2008-03-28 | 2011-06-08 | 上海中标软件有限公司 | Method for implementing reliable network system based on reliable computation |
| CN101277303B (en)* | 2008-05-16 | 2011-06-29 | 东南大学 | A control method for trusted and controllable network architecture |
| US8392710B2 (en) | 2008-05-29 | 2013-03-05 | China Iwncomm Co., Ltd. | Entity bidirectional-identification method for supporting fast handoff |
| CN101286844B (en)* | 2008-05-29 | 2010-05-12 | 西安西电捷通无线网络通信有限公司 | A Two-way Authentication Method for Entities Supporting Fast Switching |
| US8756654B2 (en) | 2008-08-21 | 2014-06-17 | China Iwncomm Co., Ltd. | Trusted network management method of trusted network connections based on tri-element peer authentication |
| WO2010020188A1 (en)* | 2008-08-21 | 2010-02-25 | 西安西电捷通无线网络通信有限公司 | Trusted network management method based on tcpa/tcg trusted network connection |
| CN101383823B (en)* | 2008-10-08 | 2011-03-23 | 东南大学 | Network resource access control method in reliable access |
| CN101582882B (en)* | 2008-10-10 | 2011-04-20 | 华为技术有限公司 | Access method, network system and device |
| WO2010040309A1 (en)* | 2008-10-10 | 2010-04-15 | 华为技术有限公司 | Access method, network system and device |
| US8533806B2 (en) | 2008-11-04 | 2013-09-10 | China Iwncomm Co., Ltd. | Method for authenticating a trusted platform based on the tri-element peer authentication(TEPA) |
| WO2010051742A1 (en)* | 2008-11-04 | 2010-05-14 | 西安西电捷通无线网络通信有限公司 | A method for authenticating a trusted platform based on the tri-element peer authentication (tepa) |
| EP2346207A4 (en)* | 2008-11-04 | 2013-04-24 | China Iwncomm Co Ltd | A method for authenticating a trusted platform based on the tri-element peer authentication (tepa) |
| KR101421329B1 (en) | 2008-11-04 | 2014-07-18 | 차이나 아이더블유엔콤 씨오., 엘티디 | A method for authenticating a trusted platform based on the tri-element peer authentication(tepa) |
| CN101447992B (en)* | 2008-12-08 | 2011-04-06 | 西安西电捷通无线网络通信股份有限公司 | Trusted network connection implementing method based on three-element peer-to-peer authentication |
| US8931049B2 (en) | 2008-12-08 | 2015-01-06 | China Iwncomm Co., Ltd. | Trusted network connection implementing method based on tri-element peer authentication |
| WO2010083680A1 (en)* | 2009-01-21 | 2010-07-29 | 华为技术有限公司 | Method for validating platform integrity, access device, network device and network system |
| CN101784051B (en)* | 2009-01-21 | 2012-11-21 | 华为技术有限公司 | Method for verifying completeness of platform, network device and network system |
| CN101488851B (en)* | 2009-02-25 | 2011-12-21 | 中国人民解放军信息工程大学 | Method and apparatus for signing identity verification certificate in trusted computing |
| WO2010118613A1 (en)* | 2009-04-16 | 2010-10-21 | 西安西电捷通无线网络通信有限公司 | Implementation method for a tri-element peer authentication tursted network connection framework |
| US8789134B2 (en) | 2009-04-16 | 2014-07-22 | China Iwncomm Co., Ltd. | Method for establishing trusted network connect framework of tri-element peer authentication |
| CN101540676B (en)* | 2009-04-28 | 2012-05-23 | 西安西电捷通无线网络通信股份有限公司 | Platform identifying method suitable to identify credible network connecting construction in ternary equal way |
| US8826368B2 (en) | 2009-04-28 | 2014-09-02 | China Iwncomm Co., Ltd. | Platform authentication method suitable for trusted network connect architecture based on tri-element peer authentication |
| CN101572704B (en)* | 2009-06-08 | 2012-05-23 | 西安西电捷通无线网络通信股份有限公司 | Access control method suitable for tri-element peer authentication trusted network connect architecture |
| US8719897B2 (en) | 2009-06-08 | 2014-05-06 | China Iwncomm Co., Ltd. | Access control method for tri-element peer authentication credible network connection structure |
| US20120079561A1 (en)* | 2009-06-08 | 2012-03-29 | China Iwncomm Co., Ltd. | Access control method for tri-element peer authentication credible network connection structure |
| CN101572706B (en)* | 2009-06-08 | 2011-06-01 | 西安西电捷通无线网络通信股份有限公司 | A platform authentication message management method suitable for ternary peer-to-peer authentication trusted network connection architecture |
| WO2010142115A1 (en)* | 2009-06-08 | 2010-12-16 | 西安西电捷通无线网络通信有限公司 | Access control method for tri-element peer authentication credible network connection structure |
| WO2010142110A1 (en)* | 2009-06-08 | 2010-12-16 | 西安西电捷通无线网络通信有限公司 | Platform authentication message management method suitable for tri-element peer authentication trusted network connect structure |
| CN101635709B (en)* | 2009-08-25 | 2011-04-27 | 西安西电捷通无线网络通信股份有限公司 | A method that can realize two-way platform identification |
| WO2011022902A1 (en)* | 2009-08-25 | 2011-03-03 | 西安西电捷通无线网络通信股份有限公司 | Method for implementing bidirectional platform authentication |
| CN102215211B (en)* | 2010-04-02 | 2016-01-20 | 中兴通讯股份有限公司 | The security policy negotiation method and system of communication means, the access of support trustable network |
| CN102215211A (en)* | 2010-04-02 | 2011-10-12 | 中兴通讯股份有限公司 | Communication method, and security policy negotiation method and system for supporting trusted network connect |
| CN101951607A (en)* | 2010-10-14 | 2011-01-19 | 中国电子科技集团公司第三十研究所 | Reliability-based wireless local area network trusted accessing method and system |
| WO2012062136A1 (en)* | 2010-11-10 | 2012-05-18 | 西安西电捷通无线网络通信股份有限公司 | Method and system for secure remote attestation in a trusted connection architecture |
| CN102035837B (en)* | 2010-12-07 | 2013-06-05 | 广东金赋信息科技有限公司 | Method and system for hierarchically connecting trusted networks |
| CN102035837A (en)* | 2010-12-07 | 2011-04-27 | 中国科学院软件研究所 | Method and system for hierarchically connecting trusted networks |
| WO2012083722A1 (en)* | 2010-12-20 | 2012-06-28 | 西安西电捷通无线网络通信股份有限公司 | Method, client, and server for implementing platform authentication for trusted network connect architecture |
| CN102355467B (en)* | 2011-10-18 | 2015-07-08 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| CN102355467A (en)* | 2011-10-18 | 2012-02-15 | 国网电力科学研究院 | Power transmission and transformation equipment state monitoring system security protection method based on trust chain transmission |
| WO2013056674A1 (en)* | 2011-10-20 | 2013-04-25 | 阿尔卡特朗讯公司 | Centralized security management method and system for third party application and corresponding communication system |
| US9716707B2 (en) | 2012-03-12 | 2017-07-25 | China Iwncomm Co., Ltd. | Mutual authentication with anonymity |
| US10291614B2 (en) | 2012-03-12 | 2019-05-14 | China Iwncomm Co., Ltd. | Method, device, and system for identity authentication |
| CN103023911A (en)* | 2012-12-25 | 2013-04-03 | 北京工业大学 | Authentication method for access of trusted network devices to trusted network |
| CN103023911B (en)* | 2012-12-25 | 2015-10-14 | 北京工业大学 | Trustable network equipment access trustable network authentication method |
| CN103618613A (en)* | 2013-12-09 | 2014-03-05 | 北京京航计算通讯研究所 | Network access control system |
| CN103780395B (en)* | 2014-01-24 | 2017-11-10 | 广东电网公司电力科学研究院 | Network insertion proves the method and system of two-way measurement |
| CN103780395A (en)* | 2014-01-24 | 2014-05-07 | 广东电网公司电力科学研究院 | Method and system for proving bidirectional measurement through network access |
| CN104811465B (en)* | 2014-01-27 | 2018-06-01 | 电信科学技术研究院 | The decision-making technique and equipment of a kind of access control |
| CN104811465A (en)* | 2014-01-27 | 2015-07-29 | 电信科学技术研究院 | Decision method for access control and equipment |
| CN104079570A (en)* | 2014-06-27 | 2014-10-01 | 东湖软件产业股份有限公司 | Trusted network connecting method based on IPsec |
| CN104079570B (en)* | 2014-06-27 | 2017-09-22 | 东湖软件产业股份有限公司 | A kind of trusted network connection method based on IPsec |
| CN104462899A (en)* | 2014-11-29 | 2015-03-25 | 中国航空工业集团公司第六三一研究所 | Trust access control method for comprehensive avionics system |
| CN104468606A (en)* | 2014-12-24 | 2015-03-25 | 国家电网公司 | Trusted connecting system and method based on power generation control system |
| CN104468606B (en)* | 2014-12-24 | 2018-10-09 | 国家电网公司 | A kind of credible connection system and method controlling class system based on power generation |
| CN104618396A (en)* | 2015-03-04 | 2015-05-13 | 浪潮集团有限公司 | Trusted network access and access control system and method |
| CN104618396B (en)* | 2015-03-04 | 2018-01-02 | 浪潮集团有限公司 | A kind of trustable network access and access control method |
| CN109714185B (en)* | 2017-10-26 | 2022-03-04 | 阿里巴巴集团控股有限公司 | Strategy deployment method, device and system of trusted server and computing system |
| CN109714185A (en)* | 2017-10-26 | 2019-05-03 | 阿里巴巴集团控股有限公司 | Policy deployment method, apparatus, system and the computing system of trusted servers |
| CN109150866A (en)* | 2018-08-09 | 2019-01-04 | 郑州云海信息技术有限公司 | A kind of policy distribution feedback and check system and method |
| CN109413107A (en)* | 2018-12-18 | 2019-03-01 | 北京可信华泰信息技术有限公司 | A kind of credible platform connection method |
| CN109768967A (en)* | 2018-12-18 | 2019-05-17 | 北京可信华泰信息技术有限公司 | A kind of credible platform connection system |
| CN109861970A (en)* | 2018-12-18 | 2019-06-07 | 北京可信华泰信息技术有限公司 | A kind of system based on credible strategy |
| CN109861970B (en)* | 2018-12-18 | 2022-04-22 | 北京可信华泰信息技术有限公司 | System based on credible strategy |
| CN111654490A (en)* | 2020-05-28 | 2020-09-11 | 全球能源互联网研究院有限公司 | Power Security Trusted Monitoring System and Trusted Dynamic Association Perception Method |
| CN111654490B (en)* | 2020-05-28 | 2022-08-30 | 全球能源互联网研究院有限公司 | Power security credible monitoring system and credible dynamic association perception method |
| CN112966260A (en)* | 2021-03-03 | 2021-06-15 | 北京中安星云软件技术有限公司 | Data security agent system and method based on domestic trusted computing platform |
| CN113726727A (en)* | 2021-05-30 | 2021-11-30 | 国网河北省电力有限公司信息通信分公司 | Electric power Internet of things trusted connection method based on edge computing |
| CN113794685A (en)* | 2021-08-16 | 2021-12-14 | 可信计算科技(无锡)有限公司 | Data transmission method and device based on credible evaluation |
| CN113794685B (en)* | 2021-08-16 | 2023-09-29 | 德威可信(北京)科技有限公司 | Data transmission method and device based on credibility assessment |
| CN115001838A (en)* | 2022-06-20 | 2022-09-02 | 上海电器科学研究所(集团)有限公司 | Plug-and-play credible access verification method for edge equipment of network collaborative manufacturing platform |
| CN115459940A (en)* | 2022-07-21 | 2022-12-09 | 新华三信息安全技术有限公司 | A verification method, device, electronic equipment and medium for a security policy |
| CN116015977A (en)* | 2023-01-28 | 2023-04-25 | 武汉大学 | Network access control method and system for Internet of things equipment |
| CN116015977B (en)* | 2023-01-28 | 2024-06-18 | 武汉大学 | Network access control method and system for Internet of things equipment |
| CN119562258A (en)* | 2025-02-06 | 2025-03-04 | 中国电力科学研究院有限公司 | Power WLAN security reinforcement method, system and equipment based on trusted computing |
| CN119562258B (en)* | 2025-02-06 | 2025-06-24 | 中国电力科学研究院有限公司 | Power WLAN security reinforcement method, system and equipment based on trusted computing |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101136928B (en) | 2012-01-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101136928A (en) | A Trusted Network Access Framework | |
| CN100566252C (en) | A kind of trusted network connection system of differentiating based on the ternary equity | |
| CN100553212C (en) | A trusted network access control system based on ternary peer-to-peer authentication | |
| CN114465807B (en) | A method and system for dynamic trust evaluation and access control of zero trust API gateway based on machine learning | |
| RU2437228C2 (en) | System of trustworthy network connection for safety improvement | |
| CN100581116C (en) | A Method for Realizing Trusted Network Management | |
| WO2009015580A1 (en) | A trusted network connect method for enhancing security | |
| WO2009015581A1 (en) | A method for trusted network connect based on tri-element peer authentication | |
| CN113676447A (en) | Block chain-based scientific and technological service platform cross-domain identity authentication scheme | |
| CN104580061B (en) | The polymerization and system of fault-tolerant and resisting differential attack are supported in a kind of intelligent grid | |
| CN102035837A (en) | Method and system for hierarchically connecting trusted networks | |
| CN107920089A (en) | A kind of intelligent network lotus interactive terminal protecting information safety authentication encryption method | |
| CN117749533A (en) | A zero-trust forestry Internet of Things management platform system and security protection method | |
| CN114900294A (en) | Credibility measurement and remote certification method and system for sensing layer of Internet of things | |
| CN103780395B (en) | Network insertion proves the method and system of two-way measurement | |
| Portal et al. | An edge decentralized security architecture for industrial iot applications | |
| CN204697072U (en) | A kind of secure accessing managing and control system of network end nodes | |
| KR20250120823A (en) | IoT terminal security system and IoT terminal security method using it | |
| CN116055220B (en) | A method and system for security protection management and control of an Internet of Things terminal | |
| CN105790935A (en) | Independent-software-and-hardware-technology-based trusted authentication server | |
| CN102215211B (en) | The security policy negotiation method and system of communication means, the access of support trustable network | |
| CN201557132U (en) | Cross-domain management device based on PKI/PMI technology | |
| Wang et al. | Design of terminal security access scheme based on trusted computing in ubiquitous electric internet of things | |
| CN112749375A (en) | User identity authentication system based on TMIS system | |
| CN114915482B (en) | Working method of safe power resource access system for distribution network interoperation protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | Granted publication date:20120111 Termination date:20211019 | |
| CF01 | Termination of patent right due to non-payment of annual fee |