Unlock instant, AI-driven research and patent intelligence for your innovation.

Generation and distribution method and system for mobile IP secret key

A key and sub-key technology, applied in the field of network security, can solve problems such as complexity, non-use, and inconsistent key update methods, and achieve the effect of avoiding complexity

Active Publication Date: 2010-12-08
HUAWEI TECH CO LTD
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0042] 2) In the prior art, in the case of re-authentication and FA migration, the way for the HA to know the key update is not uniform (for example, the key update can be learned in the following ways: when the HA cannot perform the verification of the authentication extension , when MN-AAA-AE is carried in the registration request, when the security parameter index SPI changes, or according to the MIP registration request message body content HA-IP), and does not use the existing RFC (Request ForComments)
[0044] 4) Based on the IP address key calculation, it is necessary to distinguish the different IP addresses of different ports, which brings unnecessary complexity

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Generation and distribution method and system for mobile IP secret key
  • Generation and distribution method and system for mobile IP secret key
  • Generation and distribution method and system for mobile IP secret key

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0111] Embodiment 1: Generation and distribution of PMIPv4 keys

[0112] (1) Generation and distribution of PMIP keys based on random numbers

[0113] Figure 4a For the generation and distribution process of the mobile IP key based on random numbers under the PMIP mode of the present embodiment, as Figure 4a As shown, it specifically includes the following steps:

[0114] Step 1. In the process of access verification or re-authentication authentication, the AAA server calculates MN-AAA-SUB-K based on MN-AAA-K (or pre-configured key), and includes MN-AAA-SUB-K and the key information of the root key are sent to the anchor authenticator (Anchor Authenticator).

[0115] The root key may be the MN-AAA-SUB-K itself, or other root keys, such as MSK, EMSK, or MIP-RK. When the root key is MN-AAA-SUB-K itself, MN-AAA-SUB-K is used both to generate MN-AAA-AE and to calculate the MIP key; the root key of the MIP key In the case of other root keys, MN-AAA-SUB-K can be specially use...

Embodiment 2

[0141] Embodiment 2: Generation and distribution of CMIPv4 keys

[0142] (1) Generation and distribution of CMIPv4 keys based on random numbers

[0143] Figure 5a For the generation and distribution process of the mobile IP key based on random numbers under the CMIP mode of this embodiment, as Figure 5a As shown, it specifically includes the following steps:

[0144] Step 1. MS and AAA server calculate MN-AAA-SUB-K according to MN-AAA-K (or preconfigured key). The AAA server sends the root key including the mobile IP key to the anchor authenticator.

[0145] Wherein, the root key may be MN-AAA-SUB-K itself, or another root key, such as MSK, EMSK, or MIP-RK, etc., to calculate the MIP key.

[0146] Step 2. The foreign agent FA sends an agent advertisement to the mobile node MS.

[0147] Step 3. After the mobile node MS receives the agent broadcast sent by the foreign agent FA, it can use MN-AAA-SUB-K to calculate MN-AAA-AE and trigger the mobile IP registration process a...

Embodiment 3

[0171]Embodiment 3: Key distribution directly carrying MN-FA-AE

[0172] In the case that the outermost layer of the network guarantees security, this embodiment can also provide a solution that satisfies the conditions.

[0173] (1) Generation and distribution of PMIPv4 keys

[0174] Such as Figure 7a shown, including the following steps:

[0175] Step 1. In the process of access verification or re-authentication authentication, the AAA server calculates MN-AAA-SUB-K based on MN-AAA-K (or pre-configured key), and includes MN-AAA-SUB-K and the key information of the root key are sent to the anchor authenticator (Anchor Authenticator).

[0176] The root key may be the MN-AAA-SUB-K itself, or other root keys, such as MSK, EMSK, or MIP-RK. When the root key is MN-AAA-SUB-K itself, MN-AAA-SUB-K is used both to generate MN-AAA-AE and to calculate the MIP key; the root key of the MIP key In the case of other root keys, MN-AAA-SUB-K can be specially used to generate MN-AAA-AE, ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method and a system for generating and distributing mobile IP key, comprising calculation steps: in the process of access certification and re-authentication certification, subkeys between the mobile node (MN) and the authentication authority accounting (AAA) server are calculated, and according to the subkeys, the authentication extension between the mobile node and the AAA server is calculated; key distribution steps: the authentication extension between the mobile node and the AAA server, generated by the subkeys, is carried in the mobile IP registration request orthe binding update request launched by the mobile node, the home agent (HA) requests the AAA server for keys according to the authentication extension carried in the registration request or the binding update request, and the AAA server distributes the keys requested down to the home agents.

Description

technical field [0001] The invention relates to the field of network security, in particular to a method and system for generating and distributing mobile IP keys. Background technique [0002] With the vigorous development of Internet services and the wide application of wireless networks, the security of mobile users has put forward more and more requirements for wireless systems: in addition to device authentication, user authentication and service authorization, wireless users and access The establishment of a secure channel between the access point (AP) or the base station (BS), the exchange of confidential information, as well as the confidential channel between the BS and the authenticator (Authenticator), the authenticator and the authentication server, and the exchange of confidential information And so on are all issues that did not need to be considered in the private network in the past but need to be paid a lot of attention at present. [0003] Regardless of ot...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L9/08H04L29/06H04L12/28
CPCH04L63/0892H04L9/0836H04L63/061H04L9/0869H04W12/04H04L2209/80H04L63/08H04W80/04H04L9/321H04W12/0431H04W12/041
Inventor 梁文亮吴建军
Owner HUAWEI TECH CO LTD