The User Authentication And Management Of Trusted VPN System

Security communication between different parts of enterprises and institutions can be effectively solved by the safe remote access solution provided by VPN system. And as the important parts of system security, user authentication and management attract more and more attention. Although VPN system can ensure the credibility of user identity, it can not guarantee the integrity of the user computing environment. There is extremely important meaning for application that using trusted computing technology to enhance the security of VPN system, to evaluate the safety of VPN client computing environment and to segregate potential attacks from the VPN tunnels.This paper focuses on the design and implementation of user authentication and management in trusted VPN system and other related issues. Main works are as follows:(1)Trusted computing technology has been introduced to the authentication and access control of VPN system, and according to TNC standard, the overall structure of the trusted access of VPN system has been given; the authentication of VPN system has been raised combined with security management center;based on the original access control of VPN system, the access rights are determined by platform's security levels, which come from the platform integrity metric; at the same time, this system provides isolation and remedial services to the endpoint whose integrity is not satisfy the evaluation.(2)A strong two-factor authentication and security control based on USBKey has been designed and implemented in client and security management center; windows-based certification programs, remote authentication and security control schemes using USBKey have been introduced; and user management tools for unified management of the system users have been provided.Through these works, strong security of trusted VPN system has been assured with the reservation of convenient and simple system. Thus the problem that VPN system can not ensure the safety of neither user identity nor user computing environment can be solved, VPN legal users can use trusted environment for business operations.