Method and system for establishing credible virtual special network connection

A virtual private network and trusted technology, applied in transmission systems, digital transmission systems, secure communication devices, etc., can solve the problems of great difficulty in implementation and deployment, no confirmation of the identity of both parties in communication, bandwidth limitations, etc.

Active Publication Date: 2006-10-18
LENOVO (BEIJING) LTD
View PDF0 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0007] However, ipsec itself still has some defects. The protocol itself does not confirm the identities of the communication parties. In the protocol extension, the X509 certificate can be used to authenticate the communication parties, but it is very difficult from the perspective of implementation and deployment. When users use There are also many obstacles such as bandwidth limitations
[0008] The application entitled "A Security Chip and Information Security Processing Device and Method Based on the Chip" submitted and accepted by Lenovo Group, the applicant of this application, provides a method for the security chip to verify the integrity of the firmware and the operating system, etc. , which does not give a specific method of how to use platform integrity information for trusted connections in the network environment. The TNC (Trusted Network Connection) specification of the International Trusted Computing TCG (Trusted Computing Group) organization describes trusted connections. framework and recommendations, but did not give specific methods and specifications for trusted connections using secure chips

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system for establishing credible virtual special network connection
  • Method and system for establishing credible virtual special network connection
  • Method and system for establishing credible virtual special network connection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] Embodiments of the present invention will be described below with reference to the drawings.

[0031] figure 1 It shows the division of the whole system modules and the calling relationship between them. Such as figure 1 As shown, the system modules include: a platform AIK (attestation identity key) certificate generation device 100 , an integrity information collection device 110 , a trusted access policy management device 120 , and an integrity information and platform identity verification device 130 . In the system module, the platform AIK certificate generation device 100 uses the EK (Endorsement Key) EK certificate of the TPM to request the AIK certificate from the CA (Certification Authority). The integrity information collection device executes the process of using TSS (trusted software stack) in the client application to obtain the integrity information of each level written in the TPM by the system in advance from the TPM, and after the collection is complet...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method for setting up reliable connection of virtual special network includes activating AIK certificate at client end, collecting completeness value of local computer and sending completeness value of AIK certificate by client end when connection is launched, verifying AIK certificate completeness value sent from client end by gateway, sending AIK certificate and completeness value of gateway itself to client end if verification is passed, verifying gateway AIK certificate and completeness value sent from gateway by client end then setting up connection between client end and gateway if verification is passed.

Description

technical field [0001] The present invention generally relates to the field of computer system security and network security, in particular, to a method and system for establishing trusted virtual private network connections, said method and system rely on public computer networks for reliable and secure data transmission, and Realize system integrity measurement and host system identity authentication. Background technique [0002] VPN is the abbreviation of (Virtual Private Network), which has been widely used in the field of enterprise network security interconnection in recent years. VPN technology is based on modern cryptography theory and digital signature, PKI system, tunnel transmission and other mature technologies in the security field. Currently, the most widely used VPN technology is the ipsec protocol organized by the IETF. Its main features are: [0003] 1. The IKE protocol is used to ensure the security of the key exchange, and the DH algorithm is used to ens...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/00H04L9/12
Inventor 石勇曲亚东陈军刘小杰
Owner LENOVO (BEIJING) LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap