Trusted network access and access control system and method

Abstract

The invention discloses a trusted network access and access control system. The control system comprises a network access requester, a network access decision-maker and a network access controller. When the network access requester accesses to the network, platform identity authentication is carried out, and secure and trusted states of the requester are detected; the secure and trusted states are sent to the network access decision-maker, and the decision-maker judges the secure and trust level of the requester and gives a network access decision; the network access decision is sent to the network access controller, and the controller limits the requested network access. The invention further discloses a trusted network access and access control method. The control system carries out the platform identity authentication on the basis of TCM and ensures the network access control while avoids identity forging. Network areas are divided on the basis of a digital label technology and dynamically updated, network self-adaption is realized, and the access security of different logical areas is ensured. Secure and trusted strategies are configured, and combined with the TCM cryptographic algorithm, so that the security and credibility of the platform state of the requester are ensured.

Description

technical field [0001] The invention relates to the field of communication control, in particular to a trusted network access and access control system and method. Background technique [0002] With the development of information technology, more and more important information is stored in the internal server of the enterprise. Conventional attacks from the Internet can be protected by firewalls, UTM and other products, and the solutions are relatively mature. However, more and more information leaks Occurring within the network, network management chaos, random access, terminal host virus infection, etc. are all important factors affecting network security. Therefore, strengthening network management, refining network access rights, and controlling network access have become indispensable. security measures. [0003] TNCFHH is an open source implementation of trusted network connection architecture, using 802.1x-based network access control technology, using FreeRedius as ...

AI Technical Summary

Problems solved by technology

This solution divides the network area from the physical port, which will occupy a large amount of physical resources, and is difficult and inflexible for multi-layer network deployment.

[0004] Another solution belongs to the category of traditional network access control. This solution integrates multiple identity authentication methods (LDAP, AD, etc.) to strengthen network access control. In addition to identity authentication, it is necessary to check the terminal security status. However, this solution does not subdivide the network. As long as the terminal is connected to the network, it can access the resources in the network at will. Once the attacker obtains the user identity, the data in the network can be obtained.

[0005] Although the above solutions solve the problems of network access control and network access control to a certain extent, there are problems such as difficult deployment, high resource occupation, and inability to adapt to different network environments.

Images