1. Field of Invention
The present invention relates to a field of network access authentication technique and trusted calculation technique, and more particularly, to a method for realizing network access authentication.
2. Description of Prior Art
Currently, authentication processing, which a network access authentication device performs on a device waiting to access, is implemented mainly based on the following technical protocols:
(1) Password Authentication Protocol;
(2) Protocol based on Sharing Key and Challenging Response;
(3) Protocol based on Dynamic One-Time Password;
(4) Authentication Protocol based on Public Key System.
The ideas of all the above authentication processing are: the network access authentication device determines whether the device waiting to access is allowed to access or not by judging whether the device waiting to access owns a password and/or a key required for the authentication protocols or not. The purpose of the above authentication processing is to ensure that the device accessing the network is not an attacker but a secure device. However, if the device waiting to access itself has been attacked (e.g., it has been imported a Trojan Horse virus program), when the device is accessing the network, the Trojan Horse virus program inside may listen to the authentication processing, and may steal key information on the device waiting to access through listening, then may personate the device waiting to access with other device or utilize the device waiting to access to attack the network.
It can be seen from above that only authenticating the password and/or key can not ensure that the device waiting to access is really secure and thus can not ensure the security of network.