Key management method and network equipment

A technology for network equipment and key management, which is applied in the field of key management methods and network equipment, and can solve problems such as increasing the workload of administrators, unfavorable large-scale deployment and management of routing equipment, manual configuration and update, and the inability to replace keys.

Inactive Publication Date: 2012-05-09
ZTE CORP
View PDF4 Cites 29 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] With the growth of network scale, manual configuration and update cannot meet security requirements such as fast key replacement and authentication algorithm replacement.
At the same time, the manual configuration method not only increases the workload of the administrator, but also causes the leakage of the security key of the routing device due to reasons such as the administrator's resignation, which is not conducive to the large-scale deployment and management of routing device security.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Key management method and network equipment
  • Key management method and network equipment
  • Key management method and network equipment

Examples

Experimental program
Comparison scheme
Effect test

application example 1

[0431] figure 1 It is a schematic diagram of the automatic negotiation of the routing protocol group key based on GDOI for application example 1 of the present invention, which includes the following steps:

[0432] Step S110: A security association is established between routing device A and routing device B using protocols such as ISAKMP.

[0433] Step S130: routing device A sends an RPMK I message to routing device B, which contains group security association information parameters, and the group security association information parameters include GDOI message header (HDR), random number (NONCE) N, group security association (GSA) payload, serial number (SEQ), and key material information (KMI), etc. Wherein, the Domain of Interpretation (DOI) field of the security association payload of the GDOI is set to 2, indicating that the DOI is a GDOI, that is, the DOI of the group security association is negotiated. The setting of group security association is as above.

[0434]...

application example 2

[0438] figure 2 The second schematic diagram of the method for automatic negotiation of routing protocol group keys based on ISAKMP for application example 2 of the present invention, which includes the following steps:

[0439] Step S210: A security association is established between routing device A and routing device B using protocols such as ISAKMP.

[0440] Step S230: routing device A and routing device B use ISAKMP to carry out the negotiation of the group security association of the routing protocol, wherein in the ISAKMP, the group security association load (that is, for example, defined as Group SA (GSA)) is added, and the group security association load in the group security association The Domain of Interpretation (DOI) type is 3, and 3 indicates that the type of the negotiated group security association is a group security association of a specific routing protocol (such as the group security association of OSPFv2), and a new group security association is added. ...

application example 3

[0443] image 3 It is a schematic diagram of a GDOI-based OSPFv2 routing protocol group security association negotiation mode 1 for application example 3 of the present invention, which includes the following steps:

[0444] Step S310: A security association is established between routing device A and routing device B using protocols such as ISAKMP.

[0445] Step S330: routing device B sends an RPMK message to routing device A; the RPMK message includes group security association information parameters, and the group security association information parameters include GDOI message header (HDR), random number (NONCE), and group security association ( GSA) load, etc.

[0446] Wherein, setting the Domain of Interpretation (DOI) field of the security association payload of the GDOI to 2 indicates that the DOI is the GDOI, that is, the DOI of the group security association. The SA Next Payload field in the SA payload is set to the TEK payload type, indicating that the payload typ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a key management method. The method comprises the following steps: security alliances (SAs) are set up among network equipment; the network equipment as a group key sender and the network equipment as a group key receiver carry out negotiation on the group SAs; and the group key sender and the group key receiver use the group SAs after negotiation to protect the routing protocol messages. The invention also discloses the network equipment. The network equipment comprises an SA setup module, a group SA negotiation module and a message protection module, wherein the SA setup module is used for setting up SAs among the network equipment; the group SA negotiation module is used for carrying out negotiation on the group SAs; and the message protection module is used for using the group SAs after negotiation to protect the routing protocol messages. The method and the equipment have the effect of meeting the security demands of the routing protocol automatic management key materials.

Description

technical field [0001] The invention relates to communication network security technology, more specifically, a key management method and network equipment. Background technique [0002] Since the fundamental function of the routing device is to realize the interconnection and intercommunication of the network through addressing and forwarding (that is, the routing function), the routing device becomes the infrastructure of the modern communication network. With the development of mobile communication networks, fixed networks and the Internet, the main application of the network is based on the trend of Internet Protocol (Internet Protocol, IP), which makes the status and role of routing devices more and more important. However, the early network designers focused on realizing the basic functions of the network, but ignored the security elements. They lacked security considerations when designing routing devices and routing protocols, resulting in the lack or insufficiency o...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/32
Inventor 王鸿彦梁小萍韦银星
Owner ZTE CORP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap