Zhang Xin-fang

An indoor location-based access control system by RFID

With the rapid development of wireless and mobile network, traditional access control mechanisms face the new security risk that access data at any place may lead the leakage of the confidential data or bring new attack to the server. Location based access control is proposed to authorize user by consideration the location information of the user. In this paper, a novel indoor access control system is presented to protect the data security in mobile storage device. An Active tag is embedded into the storage device to implement location based access control. We make use of the limited penetration of RF signal to build the security zone, and get users location information from the tag and the reader. In order to protect the system and carry out authorization, an authenticate protocol is proposed. The protocol can ensure the anonymity of the tag, and protect the confidential of the data to prevent spoofing attack and replay attack. More important, our system can authorize the user according to users location information.

A Secure Software Download Framework Based on Mobile Trusted Computing

The number of software deployed on mobile terminals is dramatically increasing. However, this leads the mobile terminal facing a serious of security threats. In order to resolve these threat issues, several security requirements are proposed. Also, this paper introduces a secure software download framework and corresponding download protocol based on mobile trusted computing, designed to handle a collection of activities in software download. Such activities include authentication, download and installation of the software. The core part of the framework is a discretionary engine--Device Management Engine (DME), which provides entity authentication, integrity protection and remote attestation for the mobile device. By the introduction of software description file, we provide a mechanism to transfer Reference Integrity Metric (RIM), which makes up for the shortage of the specification.