公开(公告)号：US08533806B2

公开(公告)日：2013-09-10

申请号：US13119909

申请日：2009-11-03

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06

CPC分类号： H04L63/083 ,  G06F21/33 ,  H04L9/321 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/20 ,  H04L2209/80

摘要： A method for authenticating a trusted platform based on the Tri-element Peer Authentication (TePA). The method includes the following steps: A) a second attesting system sends the first message to a first attesting system; B) the first attesting system sends a second message to the second attesting system after receiving the first message; C) the second attesting system sends a third message to a Trusted Third Party (TTP) after receiving the second message; D) the TTP sends a fourth message to the second attesting system after receiving the third message; E) the second attesting system sends a fifth message to the first attesting system after receiving the fourth message; and F) the first attesting system performs an access control after receiving the fifth message. The method for authenticating a trusted platform based on TePA of the present invention adopts the security architecture of TePA, and improves the safety of an evaluation agreement of the trusted platform, realizes the mutual evaluation of the trusted platform between the attesting systems, and extends the application ranges.

摘要翻译： 一种基于三元素对等认证（TePA）认证可信平台的方法。 该方法包括以下步骤：A）第二证明系统将第一消息发送到第一认证系统; B）第一证明系统在接收到第一消息之后向第二认证系统发送第二消息; C）第二证明系统在接收到第二消息之后向受信任的第三方（TTP）发送第三消息; D）TTP在接收到第三消息之后向第二认证系统发送第四消息; E）第二证明系统在接收到第四消息之后向第一认证系统发送第五消息; 和F）第一认证系统在接收到第五消息之后执行访问控制。 本发明基于TePA认证信任平台的方法采用了TePA的安全架构，提高了可信平台评估协议的安全性，实现了认证系统之间信任平台的相互评估，并扩展了 应用范围。

公开(公告)号：US20110202992A1

公开(公告)日：2011-08-18

申请号：US13119909

申请日：2009-11-03

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Xiaolong Lai ,  Zhenhai Huang

IPC分类号： H04L9/32 ,  G06F21/00

CPC分类号： H04L63/083 ,  G06F21/33 ,  H04L9/321 ,  H04L9/3234 ,  H04L9/3247 ,  H04L9/3263 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/20 ,  H04L2209/80

摘要： A method for authenticating a trusted platform based on the Tri-element Peer Authentication (TePA). The method includes the following steps: A) a second attesting system sends the first message to a first attesting system; B) the first attesting system sends a second message to the second attesting system after receiving the first message; C) the second attesting system sends a third message to a Trusted Third Party (TTP) after receiving the second message; D) the TTP sends a fourth message to the second attesting system after receiving the third message; E) the second attesting system sends a fifth message to the first attesting system after receiving the fourth message; and F) the first attesting system performs an access control after receiving the fifth message. The method for authenticating a trusted platform based on TePA of the present invention adopts the security architecture of TePA, and improves the safety of an evaluation agreement of the trusted platform, realizes the mutual evaluation of the trusted platform between the attesting systems, and extends the application ranges.

摘要翻译： 一种基于三元素对等认证（TePA）认证可信平台的方法。 该方法包括以下步骤：A）第二证明系统将第一消息发送到第一认证系统; B）第一证明系统在接收到第一消息之后向第二认证系统发送第二消息; C）第二证明系统在接收到第二消息之后向受信任的第三方（TTP）发送第三消息; D）TTP在接收到第三消息之后向第二认证系统发送第四消息; E）第二证明系统在接收到第四消息之后向第一认证系统发送第五消息; 和F）第一认证系统在接收到第五消息之后执行访问控制。 本发明基于TePA认证信任平台的方法采用了TePA的安全架构，提高了可信平台评估协议的安全性，实现了认证系统之间信任平台的相互评估，并扩展了 应用范围。

公开(公告)号：US08931049B2

公开(公告)日：2015-01-06

申请号：US13133333

申请日：2009-12-01

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： G06F7/04 ,  H04L29/06 ,  G06F21/31 ,  G06F21/62

CPC分类号： H04L63/0869 ,  G06F21/31 ,  G06F21/6209 ,  G06F2221/2141 ,  H04L63/0876 ,  H04L63/10

摘要： A trusted network connection implementing method based on Tri-element Peer Authentication is provided in present invention, the method includes: step 1, configuring and initializing; step 2, requesting for network connection, wherein an access requester sends a network connection request to and access controller, and the access controller receives the network connection request; step 3, authenticating user ID; and step 4, authenticating a platform. The invention enhances the safety of the trusted network connection implementing method, widens the application range of the trusted network connection implementing method based on the Tri-element Peer Authentication, satisfies requirements of different network apparatuses and improves the efficiency of the trusted network connection implementing method based on the Tri-element Peer Authentication.

摘要翻译： 本发明提供了一种基于三元素对等认证的可信网络连接实现方法，该方法包括：步骤1，配置和初始化; 步骤2，请求网络连接，其中访问请求者向网络连接请求发送和访问控制器，并且访问控制器接收网络连接请求; 步骤3，验证用户ID; 步骤4，验证平台。 本发明增强了可信网络连接实现方法的安全性，拓宽了基于三元对等认证的可信网络连接实现方法的应用范围，满足不同网络设备的要求，提高了可信网络连接实现方法的效率 基于三元素对等体认证。

公开(公告)号：US20120036553A1

公开(公告)日：2012-02-09

申请号：US13264683

申请日：2009-12-09

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： G06F21/20 ,  H04L29/06 ,  G06F15/16

CPC分类号： H04L67/104 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/20

摘要： The present invention provides a method for establishing the trusted network connect framework of tri-element peer authentication. The method includes: the implement of trusted network transport interface (IF-TNT); the implement of authentication policy service interface (IF-APS); the implement of trusted network connect (TNC) client-TNC access point interface (IF-TNCCAP); the implement of evaluation policy service interface (IF-EPS); the implement of integrity measurement collector interface (IF-IMC); the implement of integrity measurement verifier interface (IF-IMV); and the implement of integrity measurement (IF-IM). The embodiments of the present invention can establish the trust of the terminals, implement the trusted network connect of the terminals, implement the trusted authentication among the terminals, implement the trusted management of the terminals, and establish the TNC framework based on tri-element peer authentication (TePA) by defining the interfaces.

摘要翻译： 本发明提供了一种建立三元对等认证的可信网络连接框架的方法。 该方法包括：实现可信网络传输接口（IF-TNT）; 认证策略服务接口（IF-APS）的实现; 可信网络连接（TNC）客户端 - TNC接入点接口（IF-TNCCAP）的实现; 评估政策服务界面（IF-EPS）的实施; 完整性测量收集器接口（IF-IMC）的实现; 完整性测量验证器接口（IF-IMV）的实现; 和完整性测量（IF-IM）的实施。 本发明的实施例可以建立终端的信任，实现终端的可信网络连接，在终端之间实现可信认证，实现终端的可信管理，并建立基于三元对等体的TNC框架 认证（TePA）通过定义接口。

公开(公告)号：US20110238996A1

公开(公告)日：2011-09-29

申请号：US13132842

申请日：2009-12-08

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/0823 ,  G06F21/445 ,  H04L63/061 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/123

摘要： A trusted network connect handshake method based on tri-element peer authentication is provided, which comprises the following steps. An access controller (AC) sends message 1 for handshake activation to an Access Requestor (AR). The AR sends message 2 for access handshake request to the AC after receiving message 1. The AC sends message 3 for certificate authentication and integrity evaluation request to a Policy Manager (PM) after receiving message 2. The PM sends message 4 for certificate authentication and integrity evaluation response to the AC after receiving message 3. The AC sends message 5 for access handshake response to the AR after receiving message 4. The trusted network connect handshake is completed after the AR receives message 5.

摘要翻译： 提供了一种基于三元对等体认证的可信网络连接握手方法，包括以下步骤。 访问控制器（AC）向接入请求者（AR）发送用于握手激活的消息1。 AR在接收到消息1后向AC发送接入握手请求消息2.AC在接收到消息2后向策略管理器（PM）发送证书认证和完整性评估请求消息3.PM发送消息4进行证书认证， 在接收到消息3之后，AC对AC进行完整性评估响应.AC在接收到消息4后向AC发送接入握手响应消息5.可信网络连接握手在AR收到消息5后完成。

公开(公告)号：US08789134B2

公开(公告)日：2014-07-22

申请号：US13264683

申请日：2009-12-09

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L29/06

CPC分类号： H04L67/104 ,  G06F21/57 ,  H04L63/08 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/20

摘要： The present invention provides a method for establishing the trusted network connect framework of tri-element peer authentication. The method includes: the implement of trusted network transport interface (IF-TNT); the implement of authentication policy service interface (IF-APS); the implement of trusted network connect (TNC) client-TNC access point interface (IF-TNCCAP); the implement of evaluation policy service interface (IF-EPS); the implement of integrity measurement collector interface (IF-IMC); the implement of integrity measurement verifier interface (IF-IMV); and the implement of integrity measurement (IF-IM). The embodiments of the present invention can establish the trust of the terminals, implement the trusted network connect of the terminals, implement the trusted authentication among the terminals, implement the trusted management of the terminals, and establish the TNC framework based on tri-element peer authentication (TePA) by defining the interfaces.

摘要翻译： 本发明提供了一种建立三元对等认证的可信网络连接框架的方法。 该方法包括：实现可信网络传输接口（IF-TNT）; 认证策略服务接口（IF-APS）的实现; 可信网络连接（TNC）客户端 - TNC接入点接口（IF-TNCCAP）的实现; 评估政策服务界面（IF-EPS）的实施; 完整性测量采集器接口（IF-IMC）的实现; 完整性测量验证器接口（IF-IMV）的实现; 和完整性测量（IF-IM）的实施。 本发明的实施例可以建立终端的信任，实现终端的可信网络连接，在终端之间实现可信认证，实现终端的可信管理，并建立基于三元对等体的TNC框架 认证（TePA）通过定义接口。

公开(公告)号：US08719897B2

公开(公告)日：2014-05-06

申请号：US13377098

申请日：2009-12-09

申请人： Yuelei Xiao ,  Jun Cao ,  Zhenhai Huang ,  Li Ge

发明人： Yuelei Xiao ,  Jun Cao ,  Zhenhai Huang ,  Li Ge

IPC分类号： H04L29/06 ,  G06F17/00

CPC分类号： H04L63/0869 ,  H04L63/0876

摘要： An access control method for a TePA-based TNC architecture is provided, including: 1) performing encapsulation of user authentication protocol data and platform authentication protocol data in the TePA-based TNC architecture: 1.1) encapsulating the user authentication protocol data in a Data field of TAEP packets, and interacting with the TAEP packets between an access requestor and an access controller, and between the access controller and a policy manager, to perform mutual user authentication between the access requestor and the access controller, and establish a secure channel between the access requestor and the access controller; and 1.2) encapsulating the platform authentication protocol data in a Data field of TAEP packets, and, for platform authentication protocol data between the access requestor and the access controller, encapsulating a TAEP packet of the platform authentication protocol data in a Data field of another TAEP packet to form a nested encapsulation.

摘要翻译： 提供了一种基于TePA的TNC架构的访问控制方法，包括：1）在基于TePA的TNC架构中执行用户认证协议数据和平台认证协议数据的封装：1.1）将用户认证协议数据封装在数据字段 的TAEP分组，并且与访问请求者和访问控制器之间的TAEP分组以及访问控制器和策略管理器之间的TAEP分组进行交互，以在接入请求者和接入控制器之间执行相互用户认证，并在接入控制器和接入控制器之间建立安全信道 访问请求者和访问控制器; 和1.2）将平台认证协议数据封装在TAEP数据包的数据字段中，并且对于接入请求者和接入控制器之间的平台认证协议数据，将平台认证协议数据的TAEP分组封装在另一个TAEP的数据字段中 数据包形成嵌套封装。

公开(公告)号：US20120079561A1

公开(公告)日：2012-03-29

申请号：US13377098

申请日：2009-12-09

申请人： Yuelei Xiao ,  Jun Cao ,  Zhenhai Huang ,  Li Ge

发明人： Yuelei Xiao ,  Jun Cao ,  Zhenhai Huang ,  Li Ge

IPC分类号： G06F21/20

CPC分类号： H04L63/0869 ,  H04L63/0876

摘要： An access control method for a TePA-based TNC architecture is provided, including: 1) performing encapsulation of user authentication protocol data and platform authentication protocol data in the TePA-based TNC architecture: 1.1) encapsulating the user authentication protocol data in a Data field of TAEP packets, and interacting with the TAEP packets between an access requestor and an access controller, and between the access controller and a policy manager, to perform mutual user authentication between the access requestor and the access controller, and establish a secure channel between the access requestor and the access controller; and 1.2) encapsulating the platform authentication protocol data in a Data field of TAEP packets, and, for platform authentication protocol data between the access requestor and the access controller, encapsulating a TAEP packet of the platform authentication protocol data in a Data field of another TAEP packet to form a nested encapsulation.

摘要翻译： 提供了一种基于TePA的TNC架构的访问控制方法，包括：1）在基于TePA的TNC架构中执行用户认证协议数据和平台认证协议数据的封装：1.1）将用户认证协议数据封装在数据字段 的TAEP分组，并且与访问请求者和访问控制器之间的TAEP分组以及访问控制器和策略管理器之间的TAEP分组进行交互，以在接入请求者和接入控制器之间执行相互用户认证，并在接入控制器和接入控制器之间建立安全信道 访问请求者和访问控制器; 和1.2）将平台认证协议数据封装在TAEP数据包的数据字段中，并且对于接入请求者和接入控制器之间的平台认证协议数据，将平台认证协议数据的TAEP分组封装在另一个TAEP的数据字段中 数据包形成嵌套封装。

公开(公告)号：US20110239271A1

公开(公告)日：2011-09-29

申请号：US13133333

申请日：2009-12-01

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： H04L9/32

CPC分类号： H04L63/0869 ,  G06F21/31 ,  G06F21/6209 ,  G06F2221/2141 ,  H04L63/0876 ,  H04L63/10

摘要： A trusted network connection implementing method based on Tri-element Peer Authentication is provided in present invention, the method includes: step 1, configuring and initializing; step 2, requesting for network connection, wherein an access requester sends a network connection request to and access controller, and the access controller receives the network connection request; step 3, authenticating user ID; and step 4, authenticating a platform. The invention enhances the safety of the trusted network connection implementing method, widens the application range of the trusted network connection implementing method based on the Tri-element Peer Authentication, satisfies requirements of different network apparatuses and improves the efficiency of the trusted network connection implementing method based on the Tri-element Peer Authentication. The invention is not only applied to the trusted network connection of entities, but also applied to the trusted communication among the peer entities, and is further applied to the trusted management of the entities, thus the applicability of the trusted network connection implementing method based on the Tri-element Peer Authentication is improved.

摘要翻译： 本发明提供了一种基于三元素对等认证的可信网络连接实现方法，该方法包括：步骤1，配置和初始化; 步骤2，请求网络连接，其中访问请求者向网络连接请求发送和访问控制器，并且访问控制器接收网络连接请求; 步骤3，验证用户ID; 步骤4，验证平台。 本发明增强了可信网络连接实现方法的安全性，拓宽了基于三元对等认证的可信网络连接实现方法的应用范围，满足不同网络设备的要求，提高了可信网络连接实现方法的效率 基于三元素对等体认证。 本发明不仅应用于实体的可信网络连接，而且还应用于对等实体之间的可信任通信，并进一步应用于实体的可信管理，从而基于可信网络连接实现方法的适用性 三元素对等体验证得到改进。

公开(公告)号：US08826368B2

公开(公告)日：2014-09-02

申请号：US13266856

申请日：2009-12-24

申请人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

发明人： Yuelei Xiao ,  Jun Cao ,  Li Ge ,  Zhenhai Huang

IPC分类号： G06F17/00 ,  H04L17/30 ,  G06F21/44 ,  G06F21/57 ,  H04L9/32 ,  H04L29/06

CPC分类号： H04L63/0823 ,  G06F21/445 ,  G06F21/57 ,  G06F2221/2103 ,  G06F2221/2115 ,  H04L9/321 ,  H04L9/3247 ,  H04L9/3263 ,  H04L9/3271 ,  H04L63/0876 ,  H04L63/105 ,  H04L63/20

摘要： The invention discloses a platform authentication method suitable for trusted network connect (TNC) architecture based on tri-element peer authentication (TePA). The method relates to a platform authentication protocol of tri-element peer authentication, and the protocol improves network security as compared with prior platform authentication protocols; in the platform authentication protocol of the TNC architecture based on TePA, a policy manager plays a role as a trusted third party, which is convenient for concentrated management, thus enhancing manageability; the invention relates to the platform authentication protocol of the TNC architecture based on TePA, has different implementation methods and is beneficial for different dispositions and realizations.

摘要翻译： 本发明公开了一种适用于基于三元对等认证（TePA）的可信网络连接（TNC）架构的平台认证方法。 该方法涉及三元对等认证的平台认证协议，与以前的平台认证协议相比，该协议提高了网络安全性; 在基于TePA的TNC架构的平台认证协议中，一个策略管理员担任可信第三方的角色，方便集中管理，从而提高可管理性; 本发明涉及基于TePA的TNC架构的平台认证协议，具有不同的实现方法，有利于不同的配置和实现。