Unlock instant, AI-driven research and patent intelligence for your innovation.

Key management method, system and device for routing protocol group

A routing protocol and protocol suite technology, applied in transmission systems, digital transmission systems, and key distribution, which can solve problems such as slow speed, error-prone, and inapplicability

Inactive Publication Date: 2012-05-09
ZTE CORP
View PDF5 Cites 4 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The problem with manual configuration and updates is that it is unreliable, error-prone, slow and unsuitable for modern large-scale networks
[0006] IKEv2 cannot meet the security requirements of group key material, including GSA negotiation (partial negotiation), sending and updating

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Key management method, system and device for routing protocol group
  • Key management method, system and device for routing protocol group
  • Key management method, system and device for routing protocol group

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0124] like Image 6 As shown, Embodiment 1 describes the method of the present invention from the perspective of the group key sender (also referred to as the first communication device), including but not limited to the following steps:

[0125] Step 601: The group key sender invokes the corresponding detection program to determine the number of adjacent interfaces N, and M records the number of interfaces successfully negotiated by IKE_SA;

[0126] Step 602: The group key sender negotiates the IKE_SA of the interface with the group key receiver at the opposite end of the interface, and at the same time obtains and collects the security parameters of the routing protocol of the group key receiver through the extended notification payload or new payload, and conducts security association negotiation Successful M value plus one, regardless of whether the negotiation is successful or not, when an interface is processed, N value minus one;

[0127] The group key sender performs...

Embodiment 2

[0135] The routing protocol group key management method according to Embodiment 2 of the present invention utilizes the expanded notification payload to carry the security parameters of the routing protocol, and utilizes the extended SA payload (i.e., the SAge payload) to carry the routing protocol GSA. The steps in the process, message type, The specific content of the message payload and result is shown in the following table:

[0136]

[0137] The content in the message load is all from the definition of IKEv2, wherein HDR is the IKE header, SAi is the SA load of the initiator, and SAge represents the expanded SA in the present invention, which is loaded with a specific routing protocol GSA; KEi is the initiator The payload of the key exchange (that is, D-H exchange) of the responder; Ni is the random number payload generated by the initiator; correspondingly, SAr, KEr, and Nr represent the SA payload responded by the responder, and the key exchange (that is, D-H exchange...

Embodiment 3

[0152] like Figure 8 As shown, in Embodiment 3 of the present invention, the security parameters of the routing protocol are carried by the extended notification load, and the routing protocol GSA is carried by the newly added GSARP load. The specific contents of the steps, message types, message loads and results in the process are as follows As shown in the table:

[0153]

[0154] like Figure 8 As shown, this embodiment specifically includes but is not limited to the following steps:

[0155] Step 801: The group key sender sends an IKE_SA_INIT request message to the group key receiver, and the payload carried in the message includes HDR, SAi, KEi, Ni and Ne;

[0156] The notification payload Ne in the IKE_SA_INIT request message lists security parameters such as the authentication algorithm supported by the routing protocol of the group key sender;

[0157] Step 802: The group key receiver sends an IKE_SA_INIT response message to the group key sender, and the payloa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a key management method, system and communication device for routing protocol group, the method comprises: a first communication device establishing security alliance with a second communication device and obtaining the security parameters of routing protocol of the second communication device; the first communication device generating group security association ( GSA ) of routing protocol according to the security parameters of the routing protocol of the second communication device; the first communication device sending the GSA(group security association) to the second communication device according to the security alliance. The method, system and device are capable of realizing group key management of the routing protocol.

Description

technical field [0001] The invention relates to routing security technology in a communication network, more specifically, a routing protocol group key management method, system and equipment. Background technique [0002] Communication equipment (communication equipment mentioned in the present invention all have routing functions) is the most important and core component equipment of modern IP networks, providing routing information for the transmission of data packets. Communication devices rely on routing protocols running on them to collect routing information and calculate and manage optimal routes. Since the routing information is propagated in clear text in the network, it is very easy to forge and tamper with routing message packets. If the communication device accepts this routing message packet, a wrong route will be generated, causing some or all network data packets to fail to reach the designated destination or receiver, and the data service cannot be carried ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L12/56H04L29/06H04L9/08
Inventor 梁小萍王鸿彦韦银星
Owner ZTE CORP