A Study Of Authentication Technology Of Trusted Terminal

Network resources are being used, which requires authentication, authorization managed.For any business application system,the role of certification is particularly important, and only identified the user's identity, business system will apply to the user account type of services grant the appropriate permissions, to achieve access control, and supervision of user terminals on the use of resources. Traditional authentication technologies to some extent effective in protecting the rights of legitimate users, can effectively prevent the illegal users of the system to destroy the network, but can not protect the safe operation of the network, due to neglecting the credibility of customer terminal entity.Safety precaution of Information Network terminal is the weakness of the entire network, because the architecture of the general terminal is simple, accessing net for terminal without Safety examines and verifies, unsafe control of user behavior and other issues, viruses, worms, Trojan horses and other malicious code attack on the entire network by terminal leak,the network is unsafe. Essentially speaking, hidden troubles of terminal can access the safe net and cause serious security problems, result from the traditional authentication technology judges whether the terminal has accessed the net only by whether it has mastered the password or the key of authentication agreement , while neglect whether terminal system itself is safe. If the terminal waiting for accessing net has been under attack, viral,the wooden horse,the malicious code is implanted in, the aggressor may monitor authentication process by the hidden danger terminal which has accessed the network, steal the key information of network, even attack entire network by the hidden trouble terminal. To solve these problems, constructing the trusted terminal is needed, control terminal access in must be controlled from source, server authentication mechanism need to be perfected, finally large number of safe hidden danger question caused by the terminal will certainly be prevented.The purpose of this paper is to use existing computer network technology and trusted computing technology to build a new terminal trusted certification system and the system model design implementation and performance testing.Result according to the function testing and the pressure test indicates that the entire trusted authentication system is strong and stable, the anticipated target of design is achieved. This trusted authentication system's server can work with the trusted accessed terminal and the service application system, the authentication and the handling of traffic function can be completed, the terminal access authority can be controlled. The accessed terminal can satisfy the system strategy request, and the system is safe and trusted. Simultaneously the system also has definite flexibility, many kinds of services can be supported by it, it has quite flexible database support plan.In order to realize the authentication plan of terminal access, this paper studies the credibility of existing technologies and Diameter protocols. For using trusted computing as technical support, Diameter protocol as transport mechanism, which realizes mutual authentication between terminal and server ,TPM and Diameter protocol double encrypted secure transmission. Credibility technology is introduced in certification process, because the credibility technology can guarantee the integrality of terminal, any illegal changing of entity (including hardware and software) in terminal would give rise to the detection system, the system will refuse to execute the next step, the terminals of which integrality is damaged can hardly pass authentication of the credible server, thus hidden trouble terminals are out of the security network to ensure terminals which access to network are safe and reliable, the attackers are prevent from attacking network by hidden trouble terminals to solve the intractable problems for traditional authentication techniques. the Diameter protocol is introduced to the authentication process due to the Diameter protocol is the most widely used network AAA protocol currently, other agreements do not have that technical advantage, it meets the new access methods such as wireless access, DSL access, etc. request, has a wider application and development space, the credibility of the Diameter protocol and seamless integration of technology to achieve trusted certification system is the key of this article.This paper studies the completion of the following:(1) Analysis of the current status of information network security, points out the shortcomings of traditional authentication techniques, analysis of credibility in the certification process of the introduction of computing technology advantage.(2) Around the realization of Trusted Terminal authentication system, reached the credibility of the concept, the principle mechanism ,critical technology research meticulously.(3) Based on the original of the trusted theory and technology, combined with the Diameter protocol network currently , used to construct a Trusted Terminal authentication system, introduced the certification system architecture, the certification process and certification programs detailedly, and the system The safety was evaluated.(4) based on domestic and international research and the latest theoretical results, analysis of the current status of the development of trusted computing, described the improvement of the trusted certification system.(5) rusted Terminal authentication system was used in the simulation environment, and made time the system functional testing and stress testing, analysis of the system's security and stability.