(EN)
The invention relates to a key management method which is an enhanced RSNA four-stage handshake protocol, which comprises the following steps: step 1, an authenticator adds a key negotiation ID (KNID) and a message integrity code (MIC) to a message (1) and then sends the message to a requester; step 2, the requester receives the message (1) and then checks whether the MIC character field container therein is correct, if incorrect, the requester directly discard the message, otherwise performs other checks, and sends a message (2) to the authenticator after the check succeeds; step 3, the authenticator checks the message (2) after reception and sends a message (3) to the requester after the check succeeds; step 4, the requester checks the message (3) after reception and sends a message (4) to the authenticator after the check succeeds; step 5, the authenticator checks the message (4) after reception, if the check succeeds, the four-stage handshake protocol is completed, and the authenticator and the requester reach an agreement after negotiation to produce a unicast temporal key (UTK) and obtain the group multicast master key (GMK) of the other party. The invention solves the DoS attack problem of the key management protocol in the existing RSNA security mechanism.
(ZH) 本发明涉及一种密钥管理方法,为一种增强的RSNA的4步握手协议。其包括以下步骤:1认证器在消息(1)上添加密钥协商标识KNID和消息完整性码MIC后,发送给请求者;2请求者收到消息(1)后验证其中的MIC字段是否正确,不正确则直接丢弃;否则进行其他验证,验证成功则向认证器发送消息(2);3认证器收到消息(2)后进行验证,验证成功则向请求者发送消息(3);4请求者收到消息(3)后进行验证,验证成功则向认证器发送消息(4);5认证器收到消息(4)后进行验证,验证成功则4步握手协议成功完成,认证器和请求者协商出一致的单播临时密钥UTK,并各自得到对方的组播主密钥GMK。本发明解决了目前RSNA安全机制中密钥管理协议存在的DoS攻击问题。