CN1564509A - Key consaltation method in radio LAN - Google Patents
Key consaltation method in radio LAN Download PDFInfo
- Publication number
- CN1564509A CN1564509A CN 200410008989 CN200410008989A CN1564509A CN 1564509 A CN1564509 A CN 1564509A CN 200410008989 CN200410008989 CN 200410008989 CN 200410008989 A CN200410008989 A CN 200410008989A CN 1564509 A CN1564509 A CN 1564509A
- Authority
- CN
- China
- Prior art keywords
- key
- multicast
- unicast
- sta
- negotiation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
- Small-Scale Networks (AREA)
Abstract
本发明公开了一种无线局域网中密钥协商方法,包括以下处理过程:第一步,接入点向无线终端发送单播密钥协商请求;第二步,无线终端向接入点发送单播密钥协商响应;第三步,接入点向无线终端发送组播密钥协商请求;第四步,无线终端向接入点发送组播密钥协商确认。采用本发明所述方法,可以在WLAN系统中实现安全高效的密钥协商,支持WLAN系统进行组播通信保护,使得按照GB15629.11开发的WLAN系统更加完善。
The invention discloses a method for negotiating a key in a wireless local area network, which includes the following process: in the first step, the access point sends a unicast key negotiation request to the wireless terminal; in the second step, the wireless terminal sends a unicast key negotiation request to the access point Key negotiation response; Step 3, the access point sends a multicast key negotiation request to the wireless terminal; Step 4, the wireless terminal sends a multicast key negotiation confirmation to the access point. By adopting the method of the invention, safe and efficient key negotiation can be realized in the WLAN system, and the multicast communication protection of the WLAN system can be supported, so that the WLAN system developed according to GB15629.11 is more perfect.
Description
技术领域technical field
本发明涉及到无线局域网(WLAN),具体来说,涉及到无线局域网中密钥协商的方法。The present invention relates to a wireless local area network (WLAN), in particular to a key negotiation method in the wireless local area network.
背景技术Background technique
2003年5月,国家宽带无线IP工作组发布了WLAN国标GB15629.11。在GB15629.11第8章中提出了新的WLAN安全机制——无线局域网鉴别和保密基础结构(WAPI)。WAPI主要包括无线局域网鉴别基础结构(WAI)和无线局域网保密基础结构(WPI)两部分内容。In May 2003, the National Broadband Wireless IP Working Group released the WLAN national standard GB15629.11. In the eighth chapter of GB15629.11, a new WLAN security mechanism—Wireless Local Area Network Authentication and Privacy Infrastructure (WAPI) is proposed. WAPI mainly includes two parts: WLAN Authentication Infrastructure (WAI) and WLAN Privacy Infrastructure (WPI).
WAI用于实现无线局域网基础(Infrastructure)模式中无线终端(STA)与接入点(AP)之间的认证和密钥协商。WAI鉴别过程包括证书鉴别与会话密钥协商两个过程,如图1所示。WAI鉴别过程中的三个实体为无线终端STA、无线接入点AP和认证服务器ASU。WAI is used to realize the authentication and key agreement between the wireless terminal (STA) and the access point (AP) in the wireless local area network (Infrastructure) mode. The WAI authentication process includes certificate authentication and session key negotiation, as shown in Figure 1. The three entities in the WAI authentication process are wireless terminal STA, wireless access point AP and authentication server ASU.
证书鉴别的详细过程为:The detailed process of certificate authentication is as follows:
1)鉴别激活。当STA关联或重新关联至AP时,由AP向STA发送鉴别激活以启动整个鉴别过程。1) Discrimination activation. When a STA associates or re-associates with an AP, the AP sends an authentication activation to the STA to start the entire authentication process.
2)接入鉴别请求。STA向AP发出接入鉴别请求,即将STA证书与STA的当前系统时间发往AP,其中系统时间称为接入鉴别请求时间。2) Access authentication request. The STA sends an access authentication request to the AP, that is, sends the STA certificate and the current system time of the STA to the AP, where the system time is called the access authentication request time.
3)证书鉴别请求。AP收到STA接入鉴别请求后,首先记录鉴别请求时间,然后向ASU发出证书鉴别请求,即将STA证书、接入鉴别请求时间、AP证书及AP的私钥对它们的签名构成证书鉴别请求发送给ASU。3) Certificate authentication request. After the AP receives the STA access authentication request, it first records the authentication request time, and then sends a certificate authentication request to the ASU, that is, the STA certificate, the access authentication request time, the AP certificate and the private key of the AP form a certificate authentication request with their signatures. to ASU.
4)证书鉴别响应。ASU收到AP的证书签别请求后,验证AP的签名和AP证书的有效性,若不正确,则鉴别过程失败,否则进一步验证STA证书。验证完毕后,ASU将STA证书鉴别结果信息(包括STA证书和鉴别结果)、AP证书签别结果信息(包括AP证书和鉴别结果及接入鉴别请求时间)和ASU对它们的签名构成证书鉴别响应发回给AP。4) Certificate authentication response. After receiving the certificate signing request from the AP, the ASU verifies the signature of the AP and the validity of the AP certificate. If it is incorrect, the authentication process fails. Otherwise, the STA certificate is further verified. After the verification is completed, the ASU will combine the STA certificate authentication result information (including STA certificate and authentication result), AP certificate signing result information (including AP certificate and authentication result and access authentication request time) and ASU's signature on them to form a certificate authentication response Send it back to the AP.
5)接入鉴别响应。AP对ASU返回的证书签别响应进行签名验证,得到STA证书的鉴别结果,根据此结果对STA进行接入控制。AP将收到的证书签别响应回送至STA。STA验证ASU的签名后,得到AP证书的鉴别结果,根据该鉴别结果决定是否接入该AP。5) Access authentication response. The AP performs signature verification on the certificate signature response returned by the ASU, obtains the authentication result of the STA certificate, and performs access control on the STA according to the result. The AP returns the received certificate signing response to the STA. After verifying the signature of the ASU, the STA obtains the authentication result of the AP certificate, and decides whether to access the AP according to the authentication result.
至此STA与AP之间完成了证书鉴别过程。若鉴别成功,则AP允许STA接入,否则解除其关联。So far, the certificate authentication process between the STA and the AP is completed. If the authentication is successful, the AP allows the STA to access, otherwise it disassociates it.
会话密钥协商过程为:The session key negotiation process is:
STA与AP证书鉴别成功之后进行密钥协商,After the STA and the AP certificate authentication are successful, the key agreement is performed.
1)密钥协商请求。AP产生一串随机数据,利用STA的公钥加密后,向STA发出密钥协商请求。此请求包含请求方所有的备选会话算法信息。1) Key agreement request. The AP generates a string of random data, encrypts it with the STA's public key, and sends a key negotiation request to the STA. This request contains all of the requester's alternative session algorithm information.
2)密钥协商响应。STA收到AP发来的密钥协商请求后,首先进行会话算法协商,若响应方不支持请求方的所有备选会话算法,则向请求方响应会话算法协商失败,否则在请求方提供的备选算法中选择一种自己支持的算法;再利用本地的私钥解密协商数据,得到AP产生的随机数据;然后产生一串随机数据,利用AP的公钥加密后,再发送给AP。2) Key agreement response. After receiving the key negotiation request from the AP, the STA negotiates the session algorithm first. If the responder does not support all the candidate session algorithms of the requester, it responds to the requester that the session algorithm negotiation failed. Choose an algorithm that you support in the selection algorithm; then use the local private key to decrypt the negotiation data to get the random data generated by the AP; then generate a string of random data, encrypt it with the AP's public key, and then send it to the AP.
密钥协商成功后,STA与AP将自己与对方分别产生的随机数据进行模2和运算生成会话密钥,利用协商的会话算法对通信数据进行加、解密。After the key negotiation is successful, the STA and the AP perform modulo 2 sum operation on the random data generated by themselves and the other party respectively to generate a session key, and use the negotiated session algorithm to encrypt and decrypt the communication data.
为了进一步提高通信的保密性,在通信一段时间或交换一定数量的数据之后,STA和AP之间可重新进行会话密钥的协商,过程同上。In order to further improve the confidentiality of communication, after communicating for a period of time or exchanging a certain amount of data, STA and AP can re-negotiate the session key, the process is the same as above.
由GB15629.11中对以上过程的描述,可以看到WAI机制中的密钥协商方法只能用于单播密钥协商,形成STA与AP之间的成对单播通信保护密钥,而不能应用于组播密钥协商。因为在同一基本服务集(BSS)中,所有STA和AP需要共享同一组播密钥,所以组播密钥协商必须以AP统一分发的方式进行。而GB15629.11中并没有设计这样的组播密钥协商机制,因此依照GB15629.11实现的WLAN系统将无法进行动态的组播密钥协商,因而也就无法很好地支持广播/组播保密通信。From the description of the above process in GB15629.11, it can be seen that the key negotiation method in the WAI mechanism can only be used for unicast key negotiation to form a paired unicast communication protection key between STA and AP, and cannot Applied to multicast key negotiation. Because in the same basic service set (BSS), all STAs and APs need to share the same multicast key, so the multicast key negotiation must be performed in the manner of uniform distribution by the AP. However, such a multicast key negotiation mechanism is not designed in GB15629.11, so the WLAN system implemented according to GB15629.11 will not be able to perform dynamic multicast key negotiation, and thus cannot well support broadcast/multicast security communication.
发明内容Contents of the invention
本发明所要解决的技术问题是:弥补GB15629.11中没有组播密钥协商机制的不足,完善WLAN系统的密钥协商过程,为系统提供组播通信密钥,实现无线局域网中密钥协商。The technical problem to be solved by the present invention is to make up for the lack of multicast key negotiation mechanism in GB15629.11, improve the key negotiation process of WLAN system, provide multicast communication key for the system, and realize key negotiation in wireless local area network.
本发明所述的无线局域网中密钥协商方法,包括以下处理步骤:The key negotiation method in the wireless local area network of the present invention includes the following processing steps:
WLAN系统的基础模式中,接入网络的STA和网络之间完成GB15629.118.3所述的证书鉴别过程后,STA和AP需要发起本发明的密钥协商过程,In the basic mode of the WLAN system, after the certificate authentication process described in GB15629.118.3 is completed between the STA accessing the network and the network, the STA and the AP need to initiate the key agreement process of the present invention,
第一步,单播密钥协商请求。AP产生一串随机数,利用STA的公钥加密后发送给STA,作为单播密钥协商请求。此请求还包括请求方所有的备选会话算法信息和密钥重放计数器。该密钥重放计数器用来防止对密钥协商消息的重放攻击。如果单播通信中用到抗重放攻击的单播包序列号,本消息中还应该包含单播包序列号。The first step is a unicast key agreement request. The AP generates a string of random numbers, encrypts them with the STA's public key, and sends them to the STA as a unicast key negotiation request. This request also includes all of the requester's alternate session algorithm information and key replay counters. The key replay counter is used to prevent replay attacks on key agreement messages. If the unicast packet sequence number against replay attack is used in unicast communication, this message shall also contain the unicast packet sequence number.
第二步,单播密钥协商响应。STA收到AP发来的单播密钥协商请求后,首先进行会话算法协商,若响应方不支持请求方的所有备选会话算法,则向请求方响应会话算法协商失败,否则在请求方提供的备选算法中选择一种自己支持的算法;再利用本地的私钥解密协商数据,得到AP产生的随机数据,安装该单播通信密钥和单播包序列号;然后产生一串随机数据,利用AP的公钥加密后,再发送给AP。在本消息中还要包含拷贝的单播密钥协商请求中的密钥重放计数器。The second step is the unicast key negotiation response. After receiving the unicast key negotiation request from the AP, the STA first negotiates the session algorithm. If the responder does not support all the alternative session algorithms of the requester, it responds to the requester that the session algorithm negotiation failed. Otherwise, the requester provides Choose one of the algorithms that you support; then use the local private key to decrypt the negotiation data, get the random data generated by the AP, install the unicast communication key and unicast packet serial number; and then generate a string of random data , encrypted with the public key of the AP, and then sent to the AP. The Key Replay Counter from the copied Unicast Key Agreement Request shall also be included in this message.
第三步,组播密钥协商请求。单播密钥协商完成后,AP把组播密钥加密保护后作为组播密钥协商请求消息发给STA。对该组播密钥的加密可以采用对方的公钥也可以采用前面协商的单播密钥。组播密钥协商请求中还要包括密钥重放计数器。该密钥重放计数器可以采用上面单播密钥协商中的密钥重放计数器来保持密钥协商消息的连贯性,也可以采取单独的密钥重放计数器。如果组播通信中用到抗重放攻击的组播包序列号,则本消息中还要包含组播包序列号。The third step is the multicast key negotiation request. After the unicast key negotiation is completed, the AP encrypts and protects the multicast key and sends it to the STA as a multicast key negotiation request message. The encryption of the multicast key can use the other party's public key or the previously negotiated unicast key. The key replay counter should also be included in the multicast key agreement request. The key replay counter may use the key replay counter in the above unicast key negotiation to maintain the consistency of the key negotiation message, or may use a separate key replay counter. If the sequence number of the multicast packet against replay attack is used in the multicast communication, the message also includes the sequence number of the multicast packet.
第四步,组播密钥协商确认。STA收到AP的组播密钥协商请求后,安装该组播密钥及组播包序列号,并向AP发送组播密钥协商确认消息。该消息中包含从组播密钥协商请求中拷贝的密钥重放计数器。The fourth step is to negotiate and confirm the multicast key. After receiving the multicast key negotiation request from the AP, the STA installs the multicast key and the serial number of the multicast packet, and sends a multicast key negotiation confirmation message to the AP. This message contains the key replay counter copied from the multicast key agreement request.
对于以上的密钥协商消息,除对密钥进行加密保护外,还可以对消息进行完整性保护,增强协商过程的安全性。在STA与AP通信过程中,可以随时采用上述过程进行单播或组播密钥的更新。For the above key negotiation message, in addition to encrypting and protecting the key, the message integrity can also be protected to enhance the security of the negotiation process. During the communication process between the STA and the AP, the above process can be used at any time to update the unicast or multicast key.
采用本发明所述方法,可以在WLAN系统中实现安全高效的密钥协商,支持WLAN系统进行组播通信保护,使得按照GB15629.11开发的WLAN系统更加完善。By adopting the method of the invention, safe and efficient key negotiation can be realized in the WLAN system, and the multicast communication protection of the WLAN system can be supported, so that the WLAN system developed according to GB15629.11 is more perfect.
附图说明Description of drawings
图1是GB15629.11描述的WAI证书鉴别和密钥协商流程图。Figure 1 is a flow chart of WAI certificate authentication and key agreement described in GB15629.11.
图2是采用本发明密钥协商方法后的完整认证和密钥协商流程图。Fig. 2 is a flow chart of complete authentication and key agreement after adopting the key agreement method of the present invention.
图3是基础模式中密钥协商方法的详细流程图。Fig. 3 is a detailed flowchart of the key agreement method in the basic mode.
具体实施方式Detailed ways
在WLAN系统的基础模式中,STA与AP按照GB15629.118.3进行WAI证书鉴别过程后,发起本发明描述的密钥协商过程,如图2所示。与现有GB15629.11的WAI证书鉴别和密钥协商流程在密钥协商的处理上有所不同,具体包括以下过程:In the basic mode of the WLAN system, after the STA and the AP perform the WAI certificate authentication process according to GB15629.118.3, they initiate the key negotiation process described in the present invention, as shown in FIG. 2 . Compared with the existing GB15629.11 WAI certificate authentication and key agreement process, the process of key agreement is different, including the following process:
1)接入点向无线终端发送单播密钥协商请求;1) The access point sends a unicast key negotiation request to the wireless terminal;
2)无线终端向接入点发送单播密钥协商响应;2) The wireless terminal sends a unicast key negotiation response to the access point;
3)接入点向无线终端发送组播密钥协商请求;3) The access point sends a multicast key negotiation request to the wireless terminal;
4)无线终端向接入点发送组播密钥协商确认;4) The wireless terminal sends a multicast key negotiation confirmation to the access point;
如图3所示,密钥协商的详细过程如下,As shown in Figure 3, the detailed process of key agreement is as follows,
1)首先是单播密钥协商。AP产生一串随机数,利用STA的公钥加密后作为单播密钥协商请求发送给STA。此请求还包括请求方所有的备选会话保密算法信息和密钥重放计数器。密钥重放计数器用来防止对密钥协商消息的重放攻击。如果单播通信中用到抗重放攻击的单播包序列号,本消息中还应该包含单播包序列号。1) The first is unicast key negotiation. The AP generates a string of random numbers, encrypts them with the STA's public key, and sends them to the STA as a unicast key negotiation request. This request also includes information about all of the requesting party's alternative session secrecy algorithms and key replay counters. Key replay counters are used to prevent replay attacks on key agreement messages. If the unicast packet sequence number against replay attack is used in unicast communication, this message shall also contain the unicast packet sequence number.
2)STA收到AP发来的密钥协商请求后,首先进行会话算法协商,若响应方不支持请求方的所有备选会话算法,则向请求方响应会话算法协商失败,否则2) After the STA receives the key negotiation request from the AP, it first conducts session algorithm negotiation. If the responder does not support all the alternative session algorithms of the requester, it responds to the requester that the session algorithm negotiation failed, otherwise
3)STA在AP提供的备选算法中选择一种自己支持的算法作为会话保密算法。3) The STA selects an algorithm supported by itself from the alternative algorithms provided by the AP as the session secrecy algorithm.
4)STA利用本地的私钥解密协商数据,得到AP产生的随机数据。4) The STA uses the local private key to decrypt the negotiation data and obtain the random data generated by the AP.
5)STA产生一串随机数据,和AP的随机数据进行模2和运算后作为单播通信密钥。STA安装该单播通信密钥和单播包序列号。5) The STA generates a string of random data, and performs a modulo 2 sum operation with the random data of the AP as a unicast communication key. STA installs the unicast communication key and unicast packet sequence number.
6)STA将自身产生的随机数据利用AP的公钥加密后,构成单播密钥协商响应消息发送给AP。在本消息中还要包含拷贝的单播密钥协商请求中的密钥重放计数器。6) After the STA encrypts the random data generated by itself with the AP's public key, it forms a unicast key negotiation response message and sends it to the AP. The Key Replay Counter from the copied Unicast Key Agreement Request shall also be included in this message.
7)AP收到单播密钥协商响应消息后,检查里边的密钥重放计数器是否正确,即是否和前面单播密钥协商请求中的值相同。如果不同,则断开关联;如果相同,则7) After the AP receives the unicast key negotiation response message, it checks whether the key replay counter inside is correct, that is, whether it is the same as the value in the previous unicast key negotiation request. If different, disassociate; if same, then
8)AP用自己私钥解密出STA的随机数据,和自己产生的随机数据进行模2和运算得到单播通信密钥。AP安装该单播通信密钥,并更新密钥重放计数器,将其值加1。8) The AP decrypts the random data of the STA with its own private key, and performs modulo 2 sum operation with the random data generated by itself to obtain the unicast communication key. The AP installs the unicast communication key, and updates the key replay counter, adding 1 to its value.
9)如果单播密钥协商过程中出现错误的话,双方可以断开连接或重新发起单播密钥协商。9) If an error occurs during the unicast key negotiation, both parties can disconnect or re-initiate the unicast key negotiation.
10)单播密钥协商完成后,开始组播密钥协商。10) After the unicast key negotiation is completed, start the multicast key negotiation.
11)AP取出当前组播密钥,或临时产生出安全随机数作为组播密钥,将该组播密钥用对方公钥或前面单播密钥协商得到的保密算法和单播密钥进行保护。AP把加密的组播密钥和密钥重放计数器、组播包序列号(如果需要的话)一起构成组播密钥协商请求消息发送给STA。11) The AP takes out the current multicast key, or temporarily generates a secure random number as the multicast key, and uses the other party's public key or the encryption algorithm and unicast key obtained through the previous unicast key negotiation Protect. The AP forms a multicast key negotiation request message together with the encrypted multicast key, the key replay counter, and the sequence number of the multicast packet (if necessary) and sends it to the STA.
12)STA收到AP的组播密钥协商请求后,检查消息中的密钥重放计数器是否正确,即看它是否大于STA端保存的密钥重放计数器。如果计数器值错误,则STA需要与AP断开关联。如果该密钥重放计数器正确无误,则12) After the STA receives the multicast key negotiation request from the AP, it checks whether the key replay counter in the message is correct, that is, whether it is greater than the key replay counter saved by the STA. If the counter value is wrong, the STA needs to disconnect from the AP. If the key replay counter is correct, then
13)STA从组播密钥协商请求消息中解密出组播密钥,并安装该组播密钥和更新组播包序列号。如果组播密钥安装成功,则13) The STA decrypts the multicast key from the multicast key negotiation request message, installs the multicast key and updates the serial number of the multicast packet. If the multicast key is successfully installed, then
14)STA向AP发送组播密钥协商确认消息,内容为密钥重放计数器。表明已安装该组播密钥。14) The STA sends a multicast key negotiation confirmation message to the AP, the content of which is the key replay counter. Indicates that the multicast key is installed.
15)AP收到组播密钥协商确认消息后,检查该消息中密钥重放计数器。如果密钥重放计数器与AP发送的组播密钥协商请求中相同,则AP安装配置该组播密钥,并将密钥重放计数器的值加1。15) After receiving the multicast key negotiation confirmation message, the AP checks the key replay counter in the message. If the key replay counter is the same as the multicast key negotiation request sent by the AP, the AP installs and configures the multicast key, and adds 1 to the value of the key replay counter.
16)如果组播密钥协商过程中某个环节出现错误,双方可以重新发起协商过程,或者断开关联。如果全都顺利完成,则组播密钥协商成功。16) If an error occurs in a link during the multicast key negotiation process, both parties can re-initiate the negotiation process or disconnect the association. If everything is completed successfully, the multicast key negotiation is successful.
17)单播和组播密钥协商都完成后,通信双方用协商的算法和密钥进行通信保密。在STA与AP通信过程中,为防止组播密钥泄漏,可以设置经过固定的时间间隔,双方重新发起组播密钥协商过程进行组播密钥的更新。17) After both the unicast and multicast key negotiations are completed, the communication parties use the negotiated algorithm and key to keep the communication secret. During the communication between the STA and the AP, in order to prevent the leakage of the multicast key, you can set a fixed time interval, and the two parties re-initiate the multicast key negotiation process to update the multicast key.
另外,在通信过程中如果怀疑密钥泄漏,或发现数据完整性校验错误和触发了管理事件等情况下,也可以随时进行密钥协商,产生出新的单播和组播密钥。In addition, if key leaks are suspected during communication, or data integrity check errors are found and management events are triggered, key negotiation can also be performed at any time to generate new unicast and multicast keys.
Claims (5)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100089897A CN100373843C (en) | 2004-03-23 | 2004-03-23 | A key agreement method in wireless local area network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100089897A CN100373843C (en) | 2004-03-23 | 2004-03-23 | A key agreement method in wireless local area network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1564509A true CN1564509A (en) | 2005-01-12 |
| CN100373843C CN100373843C (en) | 2008-03-05 |
Family
ID=34477759
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100089897A Expired - Fee Related CN100373843C (en) | 2004-03-23 | 2004-03-23 | A key agreement method in wireless local area network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100373843C (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007048301A1 (en) * | 2005-10-24 | 2007-05-03 | Huawei Technologies Co., Ltd. | A encryption method for ngn service |
| WO2008080351A1 (en) * | 2006-12-29 | 2008-07-10 | China Iwncomm Co., Ltd. | Wireless local network operation method based on wapi |
| WO2009094941A1 (en) * | 2008-01-23 | 2009-08-06 | China Iwncomm Co., Ltd | A method, device and system of id based wireless multi-hop network autentication access |
| WO2010020186A1 (en) * | 2008-08-21 | 2010-02-25 | 西安西电捷通无线网络通信有限公司 | Multicast key distribution method, update method, and base station based on unicast conversation key |
| CN1881869B (en) * | 2005-11-01 | 2010-05-05 | 华为技术有限公司 | A method for realizing encrypted communication |
| CN101273571B (en) * | 2006-02-16 | 2010-05-19 | 中兴通讯股份有限公司 | Implementation method of key negotiation security policy in cross-domain multi-gatekeeper group network |
| CN101170404B (en) * | 2006-10-24 | 2010-05-19 | 华为技术有限公司 | How to configure keys for specified groups |
| WO2010054542A1 (en) * | 2008-11-13 | 2010-05-20 | 华为技术有限公司 | Cga public key identification, cga public key determination method, system and device |
| CN101222322B (en) * | 2008-01-24 | 2010-06-16 | 中兴通讯股份有限公司 | A method for security capability negotiation in a super mobile broadband system |
| WO2010121462A1 (en) * | 2009-04-21 | 2010-10-28 | 中兴通讯股份有限公司 | Method for establishing safe association among wapi stations in ad-hoc network |
| WO2011023082A1 (en) * | 2009-08-21 | 2011-03-03 | 华为终端有限公司 | Method, device and network system for negotiating encryption information |
| CN101635710B (en) * | 2009-08-25 | 2011-08-17 | 西安西电捷通无线网络通信股份有限公司 | Pre-shared-key-based method for controlling secure access to networks and system thereof |
| CN101583154B (en) * | 2009-07-07 | 2011-11-16 | 杭州华三通信技术有限公司 | Communication method and device in wireless local area network |
| CN101232736B (en) * | 2008-02-22 | 2012-02-29 | 中兴通讯股份有限公司 | Method for setting initialization of cryptographic key existence counter among different access systems |
| US8166293B2 (en) | 2006-07-28 | 2012-04-24 | Nec Infrontia Corporation | Client server distributed system, client apparatus, server apparatus, and message encryption method used therefor |
| CN101455024B (en) * | 2006-05-15 | 2012-07-18 | 英特尔公司 | Methods and apparatus for a keying mechanism for end-to-end service control protection |
| CN101754327B (en) * | 2008-12-01 | 2012-08-08 | 华为技术有限公司 | Multimedia broadcast/multicast business providing method, device and base station |
| CN101267670B (en) * | 2008-04-15 | 2012-09-05 | 中兴通讯股份有限公司 | An initialization setup method for secret key survival counter between different access systems |
| US8484469B2 (en) | 2007-11-16 | 2013-07-09 | Huawei Technologies Co., Ltd. | Method, system and equipment for key distribution |
| CN101765057B (en) * | 2008-12-25 | 2014-03-05 | 上海贝尔股份有限公司 | Method, equipment and system for providing multicast service to WiFi access terminal |
| US8688974B2 (en) | 2008-01-23 | 2014-04-01 | China Iwncomm Co., Ltd. | Method for managing wireless multi-hop network key |
| CN106357388A (en) * | 2016-10-10 | 2017-01-25 | 盛科网络(苏州)有限公司 | Method and device for adaptively switching key |
| CN114285555A (en) * | 2021-12-15 | 2022-04-05 | 支付宝(杭州)信息技术有限公司 | Multicast method and device based on block chain |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6229806B1 (en) * | 1997-12-30 | 2001-05-08 | Motorola, Inc. | Authentication in a packet data system |
| US6816719B1 (en) * | 1999-11-03 | 2004-11-09 | Nokia Corporation | Method and system for making wireless terminal profile information accessible to a network |
| CN1150726C (en) * | 2002-10-01 | 2004-05-19 | 华中科技大学 | A secure network transmission method and system thereof |
-
2004
- 2004-03-23 CN CNB2004100089897A patent/CN100373843C/en not_active Expired - Fee Related
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007048301A1 (en) * | 2005-10-24 | 2007-05-03 | Huawei Technologies Co., Ltd. | A encryption method for ngn service |
| CN1881869B (en) * | 2005-11-01 | 2010-05-05 | 华为技术有限公司 | A method for realizing encrypted communication |
| CN101273571B (en) * | 2006-02-16 | 2010-05-19 | 中兴通讯股份有限公司 | Implementation method of key negotiation security policy in cross-domain multi-gatekeeper group network |
| CN101455024B (en) * | 2006-05-15 | 2012-07-18 | 英特尔公司 | Methods and apparatus for a keying mechanism for end-to-end service control protection |
| US8166293B2 (en) | 2006-07-28 | 2012-04-24 | Nec Infrontia Corporation | Client server distributed system, client apparatus, server apparatus, and message encryption method used therefor |
| CN101159737B (en) * | 2006-07-28 | 2013-05-29 | 日本电气英富醍株式会社 | Client/server type distributed system, client device, server device and message encryption method |
| CN101170404B (en) * | 2006-10-24 | 2010-05-19 | 华为技术有限公司 | How to configure keys for specified groups |
| WO2008080351A1 (en) * | 2006-12-29 | 2008-07-10 | China Iwncomm Co., Ltd. | Wireless local network operation method based on wapi |
| US8484469B2 (en) | 2007-11-16 | 2013-07-09 | Huawei Technologies Co., Ltd. | Method, system and equipment for key distribution |
| US8688974B2 (en) | 2008-01-23 | 2014-04-01 | China Iwncomm Co., Ltd. | Method for managing wireless multi-hop network key |
| CN101222772B (en) * | 2008-01-23 | 2010-06-09 | 西安西电捷通无线网络通信有限公司 | Wireless multi-hop network authentication access method based on ID |
| WO2009094941A1 (en) * | 2008-01-23 | 2009-08-06 | China Iwncomm Co., Ltd | A method, device and system of id based wireless multi-hop network autentication access |
| CN101222322B (en) * | 2008-01-24 | 2010-06-16 | 中兴通讯股份有限公司 | A method for security capability negotiation in a super mobile broadband system |
| CN101232736B (en) * | 2008-02-22 | 2012-02-29 | 中兴通讯股份有限公司 | Method for setting initialization of cryptographic key existence counter among different access systems |
| CN101267670B (en) * | 2008-04-15 | 2012-09-05 | 中兴通讯股份有限公司 | An initialization setup method for secret key survival counter between different access systems |
| US8588423B2 (en) | 2008-08-21 | 2013-11-19 | China Iwncomm Co., Ltd | Group/multicast key distribution method and update method based upon unicast session key and base station |
| WO2010020186A1 (en) * | 2008-08-21 | 2010-02-25 | 西安西电捷通无线网络通信有限公司 | Multicast key distribution method, update method, and base station based on unicast conversation key |
| US8737616B2 (en) | 2008-11-13 | 2014-05-27 | Huawei Technologies Co., Ltd. | Method and apparatus for identifying CGA public key, and method, apparatus, and system for determining CGA public key |
| WO2010054542A1 (en) * | 2008-11-13 | 2010-05-20 | 华为技术有限公司 | Cga public key identification, cga public key determination method, system and device |
| CN101754327B (en) * | 2008-12-01 | 2012-08-08 | 华为技术有限公司 | Multimedia broadcast/multicast business providing method, device and base station |
| CN101765057B (en) * | 2008-12-25 | 2014-03-05 | 上海贝尔股份有限公司 | Method, equipment and system for providing multicast service to WiFi access terminal |
| WO2010121462A1 (en) * | 2009-04-21 | 2010-10-28 | 中兴通讯股份有限公司 | Method for establishing safe association among wapi stations in ad-hoc network |
| CN101583154B (en) * | 2009-07-07 | 2011-11-16 | 杭州华三通信技术有限公司 | Communication method and device in wireless local area network |
| WO2011023082A1 (en) * | 2009-08-21 | 2011-03-03 | 华为终端有限公司 | Method, device and network system for negotiating encryption information |
| US9055047B2 (en) | 2009-08-21 | 2015-06-09 | Huawei Device Co., Ltd. | Method and device for negotiating encryption information |
| US8646055B2 (en) | 2009-08-25 | 2014-02-04 | China Iwncomm Co., Ltd. | Method and system for pre-shared-key-based network security access control |
| CN101635710B (en) * | 2009-08-25 | 2011-08-17 | 西安西电捷通无线网络通信股份有限公司 | Pre-shared-key-based method for controlling secure access to networks and system thereof |
| CN106357388A (en) * | 2016-10-10 | 2017-01-25 | 盛科网络(苏州)有限公司 | Method and device for adaptively switching key |
| CN114285555A (en) * | 2021-12-15 | 2022-04-05 | 支付宝(杭州)信息技术有限公司 | Multicast method and device based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100373843C (en) | 2008-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1564509A (en) | Key consaltation method in radio LAN | |
| Xu et al. | Security issues in privacy and key management protocols of IEEE 802.16 | |
| TWI338489B (en) | Asymmetric cryptography for wireless systems | |
| US7269730B2 (en) | Method and apparatus for providing peer authentication for an internet key exchange | |
| US8127136B2 (en) | Method for security association negotiation with extensible authentication protocol in wireless portable internet system | |
| KR100704675B1 (en) | Authentication Method and Related Key Generation Method for Wireless Mobile Internet System | |
| CN1564514A (en) | Self arranged net mode shared key authentication and conversation key consulant method of radio LAN | |
| CN1659922A (en) | Method and system for challenge-response user authentication | |
| CN1857024A (en) | Enhanced security design for cryptography in mobile communication systems | |
| CN1864384A (en) | System and method for protecting network management frames | |
| CN1350382A (en) | PKI-based VPN cipher key exchange implementing method | |
| CN1564626A (en) | Radio LAN security access method based on roaming key exchange authentication protocal | |
| CN1620005A (en) | Method of safety transmitting key | |
| CN100370772C (en) | A method for wireless local area network mobile terminal access | |
| CN101052033A (en) | Certifying and key consulting method and its device based on TTP | |
| CN101208901A (en) | Authentication system in communication system and method thereof | |
| CN101150405B (en) | Method and system for authentication and authentication of multicast broadcast service | |
| CN1725685A (en) | Security identification method for mobiole terminal of radio cocal network | |
| CN1681239B (en) | Method for supporting multiple safe mechanism in wireless local network system | |
| CN1534936A (en) | A key distribution method based on public key certificate mechanism in wireless local area network | |
| CN1534935A (en) | A key distribution method based on pre-shared key | |
| CN1770681A (en) | A method for securely distributing session keys in a wireless environment | |
| CN100344208C (en) | Identification method for preventing replay attack | |
| CN1819698A (en) | Method for acquring authentication cryptographic key context from object base station | |
| CN1697370A (en) | Method for mobile terminal in WLAN to apply for certificate |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080305 Termination date: 20180323 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |