首页>
外国专利>
A SYSTEM AND METHOD FOR ESTABLISHING MUTUAL REMOTE ATTESTATION IN INTERNET PROTOCOL SECURITY (IPSEC) BASED VIRTUAL PRIVATE NETWORK (VPN)
A SYSTEM AND METHOD FOR ESTABLISHING MUTUAL REMOTE ATTESTATION IN INTERNET PROTOCOL SECURITY (IPSEC) BASED VIRTUAL PRIVATE NETWORK (VPN)
展开▼
机译:建立基于互联网协议安全性(ipsec)的虚拟专用网(VPN)中的相互远程联系的系统和方法
展开▼
页面导航
摘要
著录项
相似文献
摘要
The system and method of the present invention proposes an extension to the IPSec key exchange protocol by establishing properties-based attestation using key management service. The present invention protects integrity between network encryptor of sender-receiver/gateway to gateway platform machine by measuring properties which bundles with IPSec based VPN network. The system of the present invention comprising at least one sender and receiver platform; IPsec components extension; a plurality of properties of remote attestation modules (600); at least one signer mechanism (602); and at least one TPM (604). The methodology of the present invention establishes mutual remote attestation in IPSec based VPN by obtaining at least one key management service (KeyMS) measurement value to configure each KeyMS in VPN (102); establishing attestation in KeyMS session (104); signing Encapsulation Security Protocol (ESP) Authentication header (AH) packet with TPM certificate (106); appending signature to ESP and/or AH payload (108) and validating attestation data between gateways through trusted third party (110).
展开▼