Legal neighbor authentication method and device in group key management

A group key and key technology, applied in the field of group key management, can solve problems such as difficulty in deployment and dependence on PKI, and achieve good flexibility

Inactive Publication Date: 2009-04-01
HUAWEI TECH CO LTD
View PDF0 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] There are the following problems in using MSEC's GKM protocol to implement group key management: MSEC's GKM protocol is based on the client / server model, which requires that there must be a route from the client to the server when the protocol is running.
Because this solution must use digital certificates for entity authentication, it has the disadvantages of relying on PKI and being difficult to deploy.
[0012] The above is just an example of the legal neighbor authentication requirements when the delegate is dynamically elected in the OSPFv3 IPsec application scenario, and illustrates the current defects in the legal neighbor authentication scheme in group key management. There may also be similar defects

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Legal neighbor authentication method and device in group key management
  • Legal neighbor authentication method and device in group key management
  • Legal neighbor authentication method and device in group key management

Examples

Experimental program
Comparison scheme
Effect test

Embodiment approach 1

[0048] In this preferred embodiment, taking the OSPFv3IPsec application scenario and using legal neighbor authentication in Delegate dynamic election as an example, the group shared key reuses the authentication / integrity key (authentication / integrity key) in the GSA, and the group The sharing algorithm adopts the same algorithm as GSA, and the self-authentication information of the authenticated group members is election information (Delegate message), and the group members on the local network that need automatic group key service are routers. For the convenience of description, it is assumed that the local network in this preferred embodiment includes two routers, which need to mutually authenticate each other as legal neighbors. These two routers are called the first router and the second router respectively. When the network is initially started, manually Configure the initial GSA for the first router and the second router. The network structure of this preferred embodime...

Embodiment approach 2

[0059]In this preferred implementation mode, the application scenario of OSPFv3IPsec is still taken, and legal neighbor authentication is used in Delegate dynamic election as an example, but GSA is not used, but a new SA is defined in the GKM protocol, which is called group authentication SA (Group Authentication SA, GASA). The above-mentioned newly defined GASA includes a group authentication policy and an authentication key, wherein the group authentication policy includes at least a group sharing algorithm, a key length, and a key lifetime. For the convenience of description, it is assumed that the local network in this preferred embodiment includes two routers, which need to mutually authenticate each other as legal neighbors. These two routers are called the third router and the fourth router respectively. When the network is initially started, manually The third router and the fourth router configure initial GASA. The network structure of this preferred embodiment can b...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for authenticating legal neighbor in group key management, which is characterized in that a member on local network requiring automatic group-key management service stores group-sharing keys and group-sharing algorithm. The method comprises the following steps: an authenticating member receives a first authentication value transmitted by an authenticated member and self authentication information of the authenticated member; the first authentication value can be acquired according to the group-sharing algorithm in a way that the authenticated member uses the group-sharing keys and the self authentication information of the authenticated member; the authenticating member uses the self authentication information of the authenticated member and combines the group-sharing keys to calculate a second authentication value according to the group-sharing algorithm; the authenticating member authenticates the authenticated member as a legal neighbor, while the first authentication value and the second authentication value is the same after comparison. The invention also discloses a device for authenticating the legal neighbor in the group key management. By applying the method and the device, entity authentication is not restricted on execution modes, and has better flexibility by adopting various execution modes.

Description

technical field [0001] The invention relates to group key management technology, in particular to a legal neighbor authentication method and device in group key management. Background technique [0002] Internet Protocol Security (IPsec, IP Security) is a general term for a set of security protocols, including key management and data security, working at the IP layer in a point-to-point manner, and can provide authorization, authentication, key agreement, key update, data security and other services. [0003] Open Shortest Path First Routing Protocol Version 3 (OSPFv3, Open Shortest Path Firstversion3) is an intra-domain routing protocol. RFC4552 proposes how to use IPsec to solve the security problem of OSPFv3. In view of the situation that OSPFv3 runs on a multicast network, it proposes to use Group Security Association (GSA, Group Security Association) to solve the security problem. GSA includes router sharing on the network. Under the protection of the obtained GSA, th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/08H04L29/06H04L12/56
CPCH04L63/08H04L9/3226H04L63/065H04L9/0833H04L9/321H04L9/0894
Inventor 刘亚
Owner HUAWEI TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap