Traitement en cours

Veuillez attendre...

Paramétrages

Paramétrages

Aller à Demande

1. CN101159538 - Key management method

Office Chine
Numéro de la demande 200710019090.9
Date de la demande 16.11.2007
Numéro de publication 101159538
Date de publication 09.04.2008
Type de publication A
CIB
H04L 9/00
HÉLECTRICITÉ
04TECHNIQUE DE LA COMMUNICATION ÉLECTRIQUE
LTRANSMISSION D'INFORMATION NUMÉRIQUE, p.ex. COMMUNICATION TÉLÉGRAPHIQUE
9Dispositions pour les communications secrètes ou protégées
H04L 29/06
HÉLECTRICITÉ
04TECHNIQUE DE LA COMMUNICATION ÉLECTRIQUE
LTRANSMISSION D'INFORMATION NUMÉRIQUE, p.ex. COMMUNICATION TÉLÉGRAPHIQUE
29Dispositions, appareils, circuits ou systèmes non couverts par un seul des groupes H04L1/-H04L27/135
02Commande de la communication; Traitement de la communication
06caractérisés par un protocole
H04L 12/28
HÉLECTRICITÉ
04TECHNIQUE DE LA COMMUNICATION ÉLECTRIQUE
LTRANSMISSION D'INFORMATION NUMÉRIQUE, p.ex. COMMUNICATION TÉLÉGRAPHIQUE
12Réseaux de données à commutation
28caractérisés par la configuration des liaisons, p.ex. réseaux locaux ou réseaux étendus
CPC
H04L 9/0844
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
08Key distribution ; or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
0841involving Diffie-Hellman or related key agreement protocols
0844with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
H04L 9/3236
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system ; or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
3236using cryptographic hash functions
H04L 9/3273
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system ; or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
3271using challenge-response
3273for mutual authentication
H04L 63/06
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
06for supporting key management in a packet data network
H04L 63/1458
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1441Countermeasures against malicious traffic
1458Denial of Service
H04W 12/0433
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
WWIRELESS COMMUNICATION NETWORKS
12Security arrangements; Authentication; Protecting privacy or anonymity
04Key management, e.g. using generic bootstrapping architecture [GBA]
043using a trusted network node as an anchor
0433Key management protocols
Déposants China Instant Wireless Network Communications Co., Ltd.
西安西电捷通无线网络通信有限公司
Inventeurs Tie Manxia
铁满霞
Cao Jun
曹军
Pang Liaojun
庞辽军
Lai Xiaolong
赖晓龙
Huang Zhenhai
黄振海
Mandataires shangyu ke
西安智邦专利商标代理有限公司
Titre
(EN) Key management method
(ZH) 一种密钥管理方法
Abrégé
(EN)
The invention relates to a key management method which is an enhanced RSNA four-stage handshake protocol, which comprises the following steps: step 1, an authenticator adds a key negotiation ID (KNID) and a message integrity code (MIC) to a message (1) and then sends the message to a requester; step 2, the requester receives the message (1) and then checks whether the MIC character field container therein is correct, if incorrect, the requester directly discard the message, otherwise performs other checks, and sends a message (2) to the authenticator after the check succeeds; step 3, the authenticator checks the message (2) after reception and sends a message (3) to the requester after the check succeeds; step 4, the requester checks the message (3) after reception and sends a message (4) to the authenticator after the check succeeds; step 5, the authenticator checks the message (4) after reception, if the check succeeds, the four-stage handshake protocol is completed, and the authenticator and the requester reach an agreement after negotiation to produce a unicast temporal key (UTK) and obtain the group multicast master key (GMK) of the other party. The invention solves the DoS attack problem of the key management protocol in the existing RSNA security mechanism.

(ZH)

本发明涉及一种密钥管理方法,为一种增强的RSNA的4步握手协议。其包括以下步骤:1认证器在消息(1)上添加密钥协商标识KNID和消息完整性码MIC后,发送给请求者;2请求者收到消息(1)后验证其中的MIC字段是否正确,不正确则直接丢弃;否则进行其他验证,验证成功则向认证器发送消息(2);3认证器收到消息(2)后进行验证,验证成功则向请求者发送消息(3);4请求者收到消息(3)后进行验证,验证成功则向认证器发送消息(4);5认证器收到消息(4)后进行验证,验证成功则4步握手协议成功完成,认证器和请求者协商出一致的单播临时密钥UTK,并各自得到对方的组播主密钥GMK。本发明解决了目前RSNA安全机制中密钥管理协议存在的DoS攻击问题。

Également publié en tant que
RU2010123869