[go: up one dir, main page]

WO2012018573A4 - Method for key identification using an internet security association and key management based protocol - Google Patents

Method for key identification using an internet security association and key management based protocol Download PDF

Info

Publication number
WO2012018573A4
WO2012018573A4 PCT/US2011/045136 US2011045136W WO2012018573A4 WO 2012018573 A4 WO2012018573 A4 WO 2012018573A4 US 2011045136 W US2011045136 W US 2011045136W WO 2012018573 A4 WO2012018573 A4 WO 2012018573A4
Authority
WO
WIPO (PCT)
Prior art keywords
key
protocol
isakmp
message
header
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2011/045136
Other languages
French (fr)
Other versions
WO2012018573A3 (en
WO2012018573A2 (en
Inventor
Timothy M. Langham
Thomas J. Senese
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Motorola Solutions Inc
Original Assignee
Motorola Solutions Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/173,020 external-priority patent/US8448235B2/en
Application filed by Motorola Solutions Inc filed Critical Motorola Solutions Inc
Publication of WO2012018573A2 publication Critical patent/WO2012018573A2/en
Publication of WO2012018573A3 publication Critical patent/WO2012018573A3/en
Publication of WO2012018573A4 publication Critical patent/WO2012018573A4/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/164Implementing security features at a particular protocol layer at the network layer

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An initiating device: generates a message having an ISAKMP-based header that includes a security parameter index (SPI) field; identifies a key in the SPI field of the ISKMP-based header; and sends the message to a responding device. The responding device: receives the message; extracts the key identifier; and when a shared key is selected using the key identifier, uses the selected shared key to establish, with the initiating device, a session having a secure tunnel.

Claims

AMENDED CLAIMS received by the International Bureau on 27 June 2012 (27.06.2012)
1. A method for key identification using an Internet Security Association and Key Management Protocol (ISAKMP)-based protocol, the method comprising:
an initiating device performing:
generating a message using the ISAKMP-based protocol that includes a security parameter index (SPI) field;
identifying a key in the SPI field of the message;
sending the message to a responding device;
wherein the message comprises a Session Initiation Request.
2. The method of claim 1 , wherein the key is a shared key between the initiating and responding devices for establishing a secure tunnel using the ISAKMP-based protocol.
3. The method of claim 1, wherein the ISAKMP-based protocol comprises an Internet Key Exchange (IKE) protocol.
4. The method of claim 3, wherein the IKE protocol comprises IKEvl or IKEv2.
5. The method of claim 1, wherein the ISAKMP-based protocol comprises an Association of Public Safety Communications Officials International Project 25 Packet Data Security Protocol.
6. (Cancelled).
7. The method of claim 1 , wherein the SPI field comprises the first eight bytes of the message.
8. A method for key identification using an Internet Security Association and Key Management Protocol (ISAKMP)-based protocol, the method comprising:
a responding device performing:
receiving a message from an initiating device that includes a key identifier that identifies a key;
extracting the key identifier, and attempting to select a shared key using the key identifier, wherein the shared key is for establishing a security session between the initiating and responding devices using the ISAKMP -based protocol;
when the message includes an ISAKMP -based header having a security parameter index (SPI) field that includes the key identifier, and the shared key is identified and selected using the key identifier, using the selected shared key to establish the security session with the initiating device;
wherein the message comprises a Session Initiation Request.
9. The method of claim 8 further comprising, when the key identifier fails to identify the shared key, using a default key to establish the security session with the initiating device.
10. The method of claim 8, wherein the ISAKMP -based header comprises an Internet Key Exchange (IKE) protocol header.
11. The method of claim 10, wherein the IKE protocol header comprises an IKEvl header or an IKEv2 header.
12. (Cancelled).
13. The method of claim 8, wherein the ISAKMP -based header comprises an Association of Public Safety Communications Officials International Project 25 Packet Data Security Protocol header.
14. The method of claim 8, wherein the SPI field comprises the first eight bytes of the message.
16
PCT/US2011/045136 2010-08-05 2011-07-25 Method for key identification using an internet security association and key management based protocol Ceased WO2012018573A2 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US37094310P 2010-08-05 2010-08-05
US61/370,943 2010-08-05
US13/173,020 2011-06-30
US13/173,020 US8448235B2 (en) 2010-08-05 2011-06-30 Method for key identification using an internet security association and key management based protocol

Publications (3)

Publication Number Publication Date
WO2012018573A2 WO2012018573A2 (en) 2012-02-09
WO2012018573A3 WO2012018573A3 (en) 2012-07-12
WO2012018573A4 true WO2012018573A4 (en) 2012-09-07

Family

ID=44509649

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/045136 Ceased WO2012018573A2 (en) 2010-08-05 2011-07-25 Method for key identification using an internet security association and key management based protocol

Country Status (1)

Country Link
WO (1) WO2012018573A2 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113746861B (en) * 2021-09-13 2023-03-14 南京首传信安科技有限公司 Data transmission encryption and decryption method and encryption and decryption system based on national encryption technology

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004186814A (en) * 2002-11-29 2004-07-02 Fujitsu Ltd Common key encryption communication system
US8059817B2 (en) * 2006-06-20 2011-11-15 Motorola Solutions, Inc. Method and apparatus for encrypted communications using IPsec keys

Also Published As

Publication number Publication date
WO2012018573A3 (en) 2012-07-12
WO2012018573A2 (en) 2012-02-09

Similar Documents

Publication Publication Date Title
JP2012147478A5 (en)
EP2590356A1 (en) Method, device and system for authenticating gateway, node and server
CN102891848B (en) Ipsec security alliance is utilized to be encrypted the method for deciphering
WO2012141555A3 (en) Method and apparatus for providing machine-to-machine service
JP2011521510A5 (en)
CN107343179A (en) A kind of video information encryption and video terminal security certification system, authentication method and its application
RU2014106831A (en) METHODS, DEVICES, AND SYSTEMS FOR CREATING PASS-THROUGH SECURE CONNECTIONS AND FOR SAFE TRANSFER OF DATA PACKAGES
RU2016102035A (en) EFFECTIVE NETWORK LEVEL FOR IPv6 PROTOCOL.
WO2009100259A3 (en) Methods and systems for shortened hash authentication and implicit session key agreement
CN102420770B (en) Method and equipment for negotiating internet key exchange (IKE) message
RU2014123536A (en) METHOD FOR DETERMINING DATA CONNECTIVITY BETWEEN A WIRELESS COMMUNICATION DEVICE AND A BASIC NETWORK BY AN IP ACCESS NETWORK, A WIRELESS COMMUNICATION DEVICE AND A COMMUNICATION SYSTEM
TR201908159T4 (en) Method and system for mobile terminals delivered between free session and encrypted session communications.
NZ592061A (en) Secure negotiation of authentication capabilities
CN101986726A (en) Method for protecting management frame based on wireless local area network authentication and privacy infrastructure (WAPI)
CN101252584B (en) Authentication method, system and equipment for bidirectional forwarding detection protocol conversation
CN101895882A (en) Data transmission method, system and device in a WiMAX system
WO2015131609A1 (en) Method for implementing l2tp over ipsec access
CN106230587A (en) Long connection anti-replay attack method
CN105578463A (en) Method and device for dual connection secure communication
CN107786974A (en) The method and system that cell phone application communicates with equipment safety in a kind of LAN
CN101729871A (en) Method for safe cross-domain access to SIP video monitoring system
GB2494550A (en) Dynamic address allocation to a radio device
CN106465109A (en) Cellular Authentication
CN105391690B (en) A kind of network interception defence method and system based on POF
CN101621455A (en) Method for managing network equipment, network management station, and equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11748517

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11748517

Country of ref document: EP

Kind code of ref document: A2