Method for generating and distributing movable IP Key

A key and root key technology, applied in the field of network security, can solve the problems of not being able to obtain MN-FA and FA-HA key information, not being able to update the FA-HA key, and not being able to guarantee prerequisites, etc.

Inactive Publication Date: 2007-11-21
HUAWEI TECH CO LTD
View PDF0 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0042] 1) The current existing technology only describes the generation formula of the MIP key, but the specific key generation process is not described, such as in the AAA process or the MIP process; at the same time, when the key is generated, the key generation is obtained in different processes. The mechanism and flow of input parameters is not defined;
[0043] 2) The process descript

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for generating and distributing movable IP Key
  • Method for generating and distributing movable IP Key
  • Method for generating and distributing movable IP Key

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0152] Example 1: When the HA address is allocated by AAA

[0153] 1. Key generation and distribution based on PMIPv4

[0154] The prerequisites for this process are: 1) The HA address is assigned by AAA; 2) The authenticator knows the FA-IP; 3) The anchor authenticator and the PMIP-client are in the same physical entity; 4) AAA retains the root key (MIP-FA-RK, or MIP-RK, or EMSK); 5) Security assurance between MN-FA.

[0155] FIG. 4 is a schematic diagram of the PMIPv4-based key generation and distribution process of the present invention. As shown in Figure 4, the key generation and distribution of PMIPv4 includes the following steps:

[0156] 0. During the authentication process, the anchor authenticator sends the FA-IP address to HAAA (Home AAA) through a RADIUS (Remote Authentication Service for Dial-Up User) message.

[0157] Since the HA address is allocated by HAAA, after obtaining EMSK in the authentication process with MS, HAAA can calculate MIP-RK and MIP-FA-RK, ...

Embodiment 2

[0202] Embodiment 2: For the condition that the premise of AAA distribution HA is not established

[0203] 1. For PMIPv4 mode

[0204] Figure 7 is a flowchart of key generation and distribution when HA is not assigned by HAAA, which is different from the flow of HA address allocation in AAA in PMIPv4 mode in Figure 4:

[0205] (1) There is a dynamic HA discovery process between steps 2 / 3, and the FA notifies the anchor authenticator of the HA's IP. The MN-HA-K and FA-HA-K can be calculated only when the anchor authenticator knows the HA address.

[0206] (2) HA-IP The selected HA notifies AAA when requesting a key from AAA, and then AAA calculates the relevant key according to the HA address.

[0207] 2. For CMIPv4 mode

[0208] Figure 8 is a flow chart of key generation and distribution when HA is not allocated by HAAA in CMIPv4 mode, which is different from the process of HA address allocation in AAA in CMIPv4 mode in Figure 5:

[0209] (1) There is a dynamic HA discover...

Embodiment 3

[0211] Embodiment 3: Do not generate FA-related security keys

[0212] In the foregoing situations, it is considered that the security between MN-FA and FA-HA is guaranteed by MN-FA-K and FA-HA-K. When the security between MN-FA and FA-HA does not need to be considered, or is guaranteed by other means, the pre-appeal process can be simplified accordingly. The simplified process is as follows. At this time, the migration of FA will not affect the process, because there is no need to regenerate FA-related keys.

[0213] (1) Key generation and distribution of PMIPv4

[0214] Fig. 9 is a flow chart of generating and distributing the FA-related security key of PMIPv4, as shown in Fig. 9, the specific process is:

[0215] 1. MIP-RK (or MN-HA-K, or EMSK) and HA-IP are sent to the anchor authenticator (the former in the figure) during the authentication process, and MN-AAA-K may also be included.

[0216] 2. If the anchor authenticator does not have MN-HA-K, it will be calculated b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The method comprises: during authentication process, the authentication, authorization and accounting (AAA) server sends the key information to the anchor authenticator; according to said key information, the authenticator gets the key between the mobile node and the external agent and the key between the external agent and the home agent; when receiving a broadcast message from the external agent, according to the address of the external agent, the terminal figures out the key between the mobile node and the external agent, and triggers the mobile IP registration request; the home agent processes the registration request, and after success of registration, returns the request confirmation; according to ht e received registration confirmation, said terminal gets the address of the home agent, and figures out the key between the mobile node and the home agent.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method for generating and distributing mobile IP keys. Background technique [0002] With the vigorous development of Internet services and the wide application of wireless networks, the security of mobile users has put forward more and more requirements for wireless systems: in addition to device authentication, user authentication and service authorization, wireless users and access The establishment of a secure channel between the access point (AP) or the base station (BS), the exchange of confidential information, and the confidential channel between the BS and the authenticator (Authenticator), the authenticator and the authentication server, and the exchange of confidential information And so on are all issues that did not need to be considered in the private network in the past but need to be paid a lot of attention at present. [0003] Regardless of other internal devic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L9/32H04L29/06
Inventor 梁文亮吴建军
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap