中文摘要：

TNC架构在终端接入网络前对终端的平台身份和平台环境进行可信认证,保证了接入终端的可信,但这种可信认证存在单向性的局限,无法保证网络服务器的可信。EAP-TLS是802.1x中一种基于证书的扩展认证协议,支持双向认证机制。本文在分析TNC架构和EAP-TLS双向认证机制基础上,设计了一种基于EAP-TLS的可信网络连接双向认证方案,该方案能够对终端和服务器的平台身份、平台完整性和平台可信环境进行双向认证。在FHH@TNC开源架构搭建的可信网络环境上实现了客户端与服务器之间双向可信认证方案,并进行了方案测试,证明了方案的正确性。

英文摘要：

When a terminal access network,a trusted authentication of the terminal platform identity and the platform environment are implemented in the TNC architecture,which ensures the credibility of access terminal.However,the trusted authentication has the one-way limitation that can not guarantee the network server＇s credibility.EAP-TLS is a extended authentication protocol based on 802.1x,which suports mutual authentication.On the basis of analyzing the architecture of TNC and the mutual authentication mechanism of EAP-TLS,a mutual authentication scheme used in TNC based on EAP-TLS is designed in this paper.The mutual authentication scheme is based on the certificates,the integrity and the trusted environment of platform,both for clients and servers.Finally,the paper implements a two-way trusted authentication scheme between the client and the server on the basis of the open source software FHH@TNC,and proves its validity.