Method for establishing trusted network connect framework of tri-element peer authentication
First Claim
1. A method for a tri-element peer authentication (TePA)-based trusted network connect (TNC) architecture, comprising:
- configuring an access control mechanism, a network transmission mechanism, and a user authentication protocol using a Trusted Network Transport Interface (IF-TNT) and an Authentication Policy Service Interface (IF-APS);
wherein the access control mechanism utilizes a tri-element peer authentication (TePA) protocol between an access requestor (AR), an access controller (AC), and a policy manager (PM);
wherein the network transmission mechanism utilizes a Trusted Network Connect (TNC) process that comprises encapsulation of TePA protocols between the AR and the AC and between the AC and the PM; and
wherein the user authentication protocol is a TePA protocol executed by the AR, the AC, and the PM so as to achieve user authentication between the AR and the AC, where the PM functions as a trusted third party in the TePA-based authentication protocol;
configuring a network connection management mechanism, a platform authentication protocol management mechanism, and a platform authentication protocol using a TNC Client-TNC Access Point Interface (IF-TNCCAP) and an Evaluation Policy Service Interface (IF-EPS);
wherein the network connection management mechanism includes participation of a TNC client and a TNC access point in network connection management and does not include participation of an evaluation policy server (EPS) in network connection management;
wherein the platform authentication protocol management mechanism includes participation of a TNC client and a TNC access point in platform authentication management;
wherein platform authentication between the access requestor and the access controller is achieved by a platform authentication protocol; and
wherein the platform authentication protocol is a TePA protocol executed by a TNC client, a TNC access point, and the evaluation policy server so as to achieve platform authentication between the AR and the AC, where the PM functions as a trusted third party;
performing an integrity check handshake at an Integrity Measurement Collector Interface (IF-IMC) in the access requestor and an integrity check handshake at the IF-IMC in the access controller according to a first function using the IF-IMC;
performing an integrity handshake at an Integrity Measurement Verifier Interface (IF-IMV) in the policy manager according to a second function using the IF-IMV; and
using an Integrity Measurement Interface (IF-IMC) for intercommunication between an Integrity Measurement Collector (IMC) and an Integrity Measurement Verifier (IMV) to transport a message, wherein an encapsulation method is used for the message transported between the AR, the AC and the PM.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a method for establishing the trusted network connect framework of tri-element peer authentication. The method includes: the implement of trusted network transport interface (IF-TNT); the implement of authentication policy service interface (IF-APS); the implement of trusted network connect (TNC) client-TNC access point interface (IF-TNCCAP); the implement of evaluation policy service interface (IF-EPS); the implement of integrity measurement collector interface (IF-IMC); the implement of integrity measurement verifier interface (IF-IMV); and the implement of integrity measurement (IF-IM). The embodiments of the present invention can establish the trust of the terminals, implement the trusted network connect of the terminals, implement the trusted authentication among the terminals, implement the trusted management of the terminals, and establish the TNC framework based on tri-element peer authentication (TePA) by defining the interfaces.
34 Citations
15 Claims
-
1. A method for a tri-element peer authentication (TePA)-based trusted network connect (TNC) architecture, comprising:
-
configuring an access control mechanism, a network transmission mechanism, and a user authentication protocol using a Trusted Network Transport Interface (IF-TNT) and an Authentication Policy Service Interface (IF-APS);
wherein the access control mechanism utilizes a tri-element peer authentication (TePA) protocol between an access requestor (AR), an access controller (AC), and a policy manager (PM);
wherein the network transmission mechanism utilizes a Trusted Network Connect (TNC) process that comprises encapsulation of TePA protocols between the AR and the AC and between the AC and the PM; and
wherein the user authentication protocol is a TePA protocol executed by the AR, the AC, and the PM so as to achieve user authentication between the AR and the AC, where the PM functions as a trusted third party in the TePA-based authentication protocol;configuring a network connection management mechanism, a platform authentication protocol management mechanism, and a platform authentication protocol using a TNC Client-TNC Access Point Interface (IF-TNCCAP) and an Evaluation Policy Service Interface (IF-EPS);
wherein the network connection management mechanism includes participation of a TNC client and a TNC access point in network connection management and does not include participation of an evaluation policy server (EPS) in network connection management;
wherein the platform authentication protocol management mechanism includes participation of a TNC client and a TNC access point in platform authentication management;
wherein platform authentication between the access requestor and the access controller is achieved by a platform authentication protocol; and
wherein the platform authentication protocol is a TePA protocol executed by a TNC client, a TNC access point, and the evaluation policy server so as to achieve platform authentication between the AR and the AC, where the PM functions as a trusted third party;performing an integrity check handshake at an Integrity Measurement Collector Interface (IF-IMC) in the access requestor and an integrity check handshake at the IF-IMC in the access controller according to a first function using the IF-IMC; performing an integrity handshake at an Integrity Measurement Verifier Interface (IF-IMV) in the policy manager according to a second function using the IF-IMV; and using an Integrity Measurement Interface (IF-IMC) for intercommunication between an Integrity Measurement Collector (IMC) and an Integrity Measurement Verifier (IMV) to transport a message, wherein an encapsulation method is used for the message transported between the AR, the AC and the PM. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification