Method, apparatus and system for implementing new member register of group key management

Abstract

The invention discloses a method for realizing the registration of new members in group encryption key management, wherein an agent is deployed on a local network needing automatic group encryption key management service; the method also comprises the following steps: the agent receives an original registration request message sent by a new member of the local network; the original registration request message and the marker information of the new member are encapsulated in the request message and sent to a group controller and an encryption key management server GCKS; and the agent receives a response message returned by the GCKS, extracts the marker information of the new member and the original response message carried with a request processing result from the response message, and sends the original response message to the new member according to the marker information of the new member. The invention also discloses a device and a system for realizing the registration of the new members in the group encryption key management. The method, the device and the system are applied to realize automatic registration of the new members in the group encryption key management.

Description

technical field [0001] The invention relates to group key management technology, in particular to a method, device and system for realizing new group member registration in group key management. Background technique [0002] Internet Protocol Security (IPsec, IP Security) is a general term for a set of security protocols, including key management and data security, working at the IP layer in a point-to-point manner, and can provide authorization, authentication, key agreement, key update, data security and other services. Open Shortest Path First version 3 (OSPFv3, Open Shortest Path First version 3) is an intra-domain routing protocol. RFC4552 proposes how to use IPsec to solve the security problem of OSPFv3. For the situation that OSPFv3 runs on a multicast network, it proposes to use Group Security Association (GSA, Group Security Association) to solve the security problem, so that the routers on the network share the same Group security algorithm and key, that is, the ...

AI Technical Summary

Problems solved by technology

[0006] There are the following problems in using MSEC's GKM protocol to implement group key management: MSEC's GKM protocol is based on the client / server model, which requires that the client and the server must be reachable, that is, there must be a link between the client and the server when the protocol is running. routing

Since a GCKS is deployed on each multicast network, all routers in the multicast network can achieve local reachability to the GCKS in its own network, but the disadvantage of this deployment scenario is that it is difficult to Centralized management of group policy, group member authorization, etc., is expensive; if a physical GCKS is deployed, it will lead to a large deployment cost; decentralized control of GCKS is difficult to protect centrally, and the risk of a single GCKS being compromised increases

Similar to the second scenario, since the KS is responsible for completing the registration process with the router, and a KS is deployed on each multicast network, all routers in the multicast network can achieve local reachability to the KS in its own network. However, the disadvantages of this deployment scenario are: decentralized deployment of KS is difficult to protect centrally, and the risk of a single KS being compromised increases; when registering between team members and KS, only public key authentication technologies such as digital certificates can be used, and passwords, etc. are not supported. authentication method, which reduces the usability of this deployment scenario

[0016] In group key management, in addition to the above-mentioned OSPFv3 IPsec application scenarios where there are problems when new group members join, in other application scenarios, if new group members cannot recognize GCKS or do not know the location of member registration also cannot be done automatically

Images