Generation and distribution method and system of mobile IP secret key after second authentication

A key and authentication technology, applied in the field of network security, can solve problems such as rejection of mobile IP registration requests

Active Publication Date: 2007-11-28
HUAWEI TECH CO LTD
View PDF0 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0044] However, the current existing technology only describes the generation formula of the MIP key, and does not stipulate that in the case of re-authentication, the FA and HA will verify the original key and the security association (the security association includes: the MIP key, the life cycle of the key) , security parameter index (Safety Parameter Index, SPI) and the algorithm adopted by the relevant parameters of the authentication extension, etc.), so that when the mobile terminal uses a new key to perform mobile IP registration, if the network side FA and HA also use The verification of the old key will cause the mobile IP registration request initiated by the mobile node to re-authenticate and authenticate, which may always be rejected

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Generation and distribution method and system of mobile IP secret key after second authentication
  • Generation and distribution method and system of mobile IP secret key after second authentication
  • Generation and distribution method and system of mobile IP secret key after second authentication

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0088] This embodiment corresponds to the re-authentication process of the mobile node, where the AAA server (the AAA server may be the home AAA server or the visited AAA server) actively issues a new key to the home agent.

[0089] In Embodiment 1, after the re-authentication of the mobile node occurs, both the mobile node and the AAA server regenerate a new EMSK. During the re-authentication process, the authentication, authorization and accounting AAA server sends the newly generated relevant key to the anchor authenticator, and at the same time notifies the home agent of the new mobile IP key.

[0090] The new Mobile IP-related keys sent by the AAA server to the Anchor Authenticator and Home Agent include one of the following:

[0091] 1) EMSK;

[0092] 2) MIP-RK;

[0093] 3) MIP-FA-RK and MN-HA-K;

[0094] 4) One of the first three keys and MN-HA-K and FA-HA-K.

[0095] Among them, there are two ways of generating FA-HA-K as follows:

[0096] Method 1: directly deriv...

Embodiment 2

[0118] This embodiment corresponds to a method for generating and distributing a mobile IP key when the AAA does not actively deliver the key to the home agent during the re-authentication process.

[0119] After re-authentication of the mobile node, the EMSK is regenerated. During the re-authentication process, the AAA server sends the newly generated related key to the anchor authenticator, and the mobile node also obtains the related key independently at the same time.

[0120] The related keys include: EMSK or MIP-RK or MIP-FA-RK, and other MIP keys.

[0121] Fig. 5 is a flow chart of key generation and distribution when AAA does not actively deliver mobile IP keys in CMIPv4 mode. As shown in Figure 5, the generation and distribution of the mobile IP key after re-authentication includes the following steps:

[0122] 1. During the re-authentication process, AAA sends a new related key to the anchor authenticator.

[0123] All mobile IP keys are distributed before re-auth...

Embodiment 3

[0141] Embodiment 3: Do not generate FA-related security keys

[0142] In the foregoing embodiments, it is considered that the security between the MN-FA and the FA-HA is guaranteed by the MN-FA-K and the FA-HA-K. In the case that the security between the MN-FA and the FA-HA does not need to be considered, or is guaranteed by other means, the aforementioned process can be simplified accordingly.

[0143] 1. In PMIP mode, the generation and delivery of mobile IP keys after re-authentication includes the following steps:

[0144] 1. The AAA server and the MS independently calculate and generate a new EMSK at the same time during the EAP (Extensible Authentication Protocol) process of re-authentication authentication;

[0145] 2. The AAA server sends the EMSK or MIP-RK or MN-HA-K and context information to the anchor authenticator during the EAP process of re-authentication authentication;

[0146] 3. The AAA server actively sends the EMSK or MIP-RK or MN-HA-K to the home agent...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a generating and distributing method of mobile IP key after reidentifying and recognizing, which comprises the following steps: the terminal and identification authorizing charging AAA server generates the main conversation expanding key EMSK in the reidentifying authorizing course; the terminal generates new relative key of mobile joint according to the EMSK, which replaces old mobile joint key; the home agency obtains new mobile IP key from AAA server, which replaces the old mobile IP key; the AAA server hands out key information to anchor identifier which obtains new mobile IP key from external agency according to the key information to transmit to the external agency; the outer agency replaces the old mobile IP key. The invention ensures the execution of MIP register after the reidentifying and authorizing course.

Description

technical field [0001] The invention relates to the field of network security, in particular to a generation and distribution method and a corresponding system of a mobile IP key after re-authentication and authentication of a mobile terminal. Background technique [0002] With the vigorous development of Internet services and the wide application of wireless networks, the security of mobile users has put forward more and more requirements for wireless systems: in addition to device authentication, user authentication and service authorization, wireless users and access The establishment of a secure channel between the access point (AP) or the base station (BS), the exchange of confidential information, and the confidential channel between the BS and the authenticator (Authenticator), the authenticator and the authentication server, and the exchange of confidential information And so on are all issues that did not need to be considered in the private network in the past but ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04Q7/38H04L29/06
Inventor 梁文亮吴建军
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap