Along with the development of information, the problems of such malicious software as virus and worms are quite prominent. At present, there are more than 35,000 kinds of malicious software, and more than 40 million computers are infected every year. In order to protect computers from such attacks, not only a safety of transmission and a checkup of data input are required to be addressed, but also defense needs to be started from a source, that is, each terminal connected to the network. However, the conventional security defense technology has no defended against a wide variety of malicious attacks.
To address this issue, the international Trusted Computing Group (TCG) specially formulated a network connect standard based on trusted computing technology—Trusted Network Connect (TNC), which is referred to as TCG-TNC. The TCG-TNC includes an open terminal integrity architecture and a set of standards to ensure a secure mutual operation. This set of standards may protect a network in case of a user's need, and the user may define the extent of protection. The TCG-TNC is substantively starting to establish a connection based on the integrity of the terminal. Firstly, a set of policies on operation status in the trusted network interior system need to be created. Only terminals complying with the policies created by the network can access the network. The network isolates and locates those devices that do not comply with the policies. Due to the use of a trusted platform module TPM, an attack of the root kits may be blocked. The root kits are a kind of attack script, amended system program, or a set of attack script and tools, which is used for illegally obtaining the highest control authorization of the system in a target system.
FIG. 1 illustrates the existing TCG-TNC architecture having three logical entities, i.e., an access requestor AR, a policy enforcement point PEP and a policy decision point PDP, which may be distributed at any position in the network. The TCG-TNC architecture may be divided into three layers in a longitudinal direction, i.e., into a network access layer, an integrity evaluation layer and an integrity measurement layer. The network access layer has three components, i.e., a network access requestor NAR, a policy enforcer PE and a network access authorizer NAA, and a network authorization transport protocol interface IF-T and a policy enforcement point interface IF-PEP. The network access layer is adapted to support the conventional network connection technology, and the integrity evaluation layer is adapted to evaluate the integrity of all the entities which request to access the network. The integrity evaluation layer has two important interfaces: an integrity measurement collector interface IF-IMC and an integrity measurement verifier interface IF-IMV. Furthermore, there further has a TNC Client-Server interface IF-TNCCS between the TNC client and the TNC server. The integrity measurement layer has two components, i.e., an integrity measurement collector IMC and an integrity measurement verifier IMV, which are adapted to collect and verify information related to integrity of the access requestor. A complete information transmission process by a trusted network connection in the existing TCG-TNC architecture is as follows: before establishing a network connection, the TNC client TNCC needs to prepare the required platform integrity measurement information to submit the information to the integrity measurement collector IMC. In a terminal having a trusted platform module, the above step is for hashing the platform information required by the network policy to store the hashed information into each platform configuration register, pre-customing, by the TNC server TNCS, a verifying requirement of the platform integrity to provide to the integrity measurement verifier IMV. The specific processes of performing a network access control with the existing TCG-TNC architecture are as follows:                1) initiating an access request by the network access requestor NAR to the policy enforcer PE;        2) transmitting the access request description by the policy enforcer PE to the network access authorizer NAA;        3) after receiving the access request description of the network access requestor NAR, the network access authorizer NAA executes a user authentication protocol with the network access requestor NAR, and transmitting, by the network access authorizer NAA, the access request and information for indicating a successful user authentication to the TNC server TNCS in case of a successful user authentication;        4) after receiving the access request and the information for indicating a successful user authentication transmitted by the network access authorizer NAA, the TNC server TNCS starts to execute a bidirectional platform credential authentication with the TNC client TNCC, for example, an attestation identity key AIK for verifying a platform;        5) when the platform credential authentication is successful, the TNC client TNCC informs the integrity measurement collector IMC that a new network connection has been started and an integrity handshake protocol is required. The integrity measurement collector IMC returns the required platform integrity information through the integrity measurement collector interface IF-IMC. The TNC server TNCS submits the platform integrity information to the integrity verifier IMV through the integrity measurement verifier interface IF-IMV;        6) in the integrity handshake protocol process, the TNC client TNCC and the TNC server TNCS needs to switch data once or for many times, until the TNC server TNCS satisfies;        7) after completing the integrity handshake protocol for the TNC client TNCC, the TNC server TNCS will transmit a recommendation information to the network access authorizer NAA for asking for a permission of access; and the policy enforcement point PEP may still not permit an access of the access requestor AR if there exist other considerations on security; and        8) the network access authorizer NAA transfers an access decision to the policy enforcer PE that finally executes the decision to control the access of the access requestor AR.        
Recently, the TCG-TNC architecture product is not mature enough, and some important technologies of the TCG-TNC architecture are still in the phases of research and standardization. Since there exists a predefined security channel between the policy enforcement point PEP and the policy decision point PDP which may manage a large amount of policy enforcement points PEPs, the policy decision point PDP must configure a large amount of security channels, so that management become complex. Therefore, the expansibility of the exiting TCG-TNC architecture is poor. Furthermore, because the safeguard protection for the data above the network access layer will be performed, a security passage between the access requestor AR and the policy decision point PDP, that is, a session key negotiation between them needs to be established; however, a data protection between the access requestor AR and the policy enforcement point PEP is also necessary, and thus a session key negotiation between the access requestor AR and the policy decision point PEP will be performed again, which make the key negotiation process complex. Meanwhile, the master key negotiated by the access requestor AR and the policy decision point PDP is transferred to the policy enforcement point PEP by the policy decision point PDP, and the transmission of a key on the network introduces new security attack points, thereby reducing the security. Furthermore, the same master key is used for the two session key negotiations, and thus the security of the whole trusted network connection architecture is reduced. Moreover, the access requestor may not verify the validity of the AIK certificate of the policy decision point PDP. In the platform credential authentication process, the access requestor AR and the policy decision point PDP use an AIK private key and certificate to perform a bidirectional platform credential authentication, and both sides need to verify the validity of the AIK certificate. If the policy decision point PDP is an Internet service provider of the access requestor AR, the access requestor AR has not access to the network until connecting to the trusted network, that is, cannot verify the validity of the AIK certificate of the policy decision point PDP, which is insecure. At last, the platform integrity evaluation is not peer-to-peer. In the TCG-TNC architecture, the policy decision point PDP performs the platform integrity evaluation to the access requestor AR, but the access requestor AR does not perform the platform integrity evaluation to the policy decision point PDP, which is unfair and insecure for the access requestor AR. Furthermore, the policy enforcement point PEP may know whether the platform of the access requestor AR is trusted based on the executing policy of the point decision point PDP, but the access requestor AR cannot determine whether the platform of the policy decision point PDP is trusted, such that the access requestor AR may be connected to an untrustworthy device (for example, an device existing malicious software etc), and thus it is insecure. Moreover, the trust chain from the access requestor AR to the trusted network may be interrupted at the policy enforcement point PEP, but peer trust is necessary in the Ad hoc network.