Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Extensible authentication method and system based on ISAKMP (Internet Security Association and Key Management Protocol)

An extended authentication and responder technology, which is applied in the transmission system and key distribution, can solve the problems that are not conducive to long-term key update, adding and removing routing equipment, configuration trust relationship is impossible to realize, and the selection range of authentication mechanism is limited.

Active Publication Date: 2013-01-30
射阳县射阳港对虾养殖二公司
View PDF2 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] First, the choice of authentication mechanisms is limited
Since only a simple hash algorithm or signature algorithm can be used to generate HMAC to complete the authentication process, the latest authentication methods such as Transport Layer Security (TLS, Transport Layer Security) authentication methods cannot be used for authentication, thus limiting the choice of authentication mechanisms for routing devices Freedom, unable to keep up with the development of modern authentication technology
[0006] Second, the configuration is complex
[0007] Third, the three-party authentication technology cannot be used
However, in practical applications, it is often impossible to configure trust relationships between routing devices in advance, especially when the routing devices belong to different network domains.
In this case, because ISAKMP does not define a three-party authentication mechanism, ISAKMP cannot solve the situation that the trust relationship between routing devices is not configured in advance.
[0008] Fourth, it is not conducive to long-term key updates and increased removal of routing equipment
When a routing device needs to update the shared key, all other related routing devices must also update the key. This process is a huge workload and will affect other routing devices.
When it is necessary to add a routing device to the network, all related routing devices must add security materials related to this routing device. This process is also a huge workload and will affect other routing devices.
When a routing device is removed, the security material related to this routing device must be deleted on all other related routing devices. This process is also a heavy workload and will affect other routing devices.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Extensible authentication method and system based on ISAKMP (Internet Security Association and Key Management Protocol)
  • Extensible authentication method and system based on ISAKMP (Internet Security Association and Key Management Protocol)
  • Extensible authentication method and system based on ISAKMP (Internet Security Association and Key Management Protocol)

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0125] The application scenario of this embodiment is: the shared key k has been configured in advance between the initiator and the responder ab , the initiator and the responder can be in any position on the network, and use the IP protocol to communicate. Wherein, the initiator refers to the router sending the routing message, and the responder refers to the router receiving the routing message. In this embodiment, EAP is extended to ISAKMP, and the identity protection exchange based on ISAKMP uses the EAP method for authentication, such as image 3 shown, including the following steps:

[0126] Step 301: When the first routing message needs to be sent, the initiator sends the SA payload to the responder;

[0127] Step 302: the responder sends the SA payload to the initiator;

[0128] So far, the initiator negotiates with the responder to establish an ISAKMP SA.

[0129] Step 303: The initiator sends the KE payload and the NONCE payload to the responder;

[0130] Step ...

Embodiment 2

[0146] The application scenario of this embodiment is: no trust relationship is configured between the initiator and the responder, and the trust relationship k is configured in advance between the initiator and the Diameter server ac , the trust relationship k has been configured in advance between the responder and the Diameter server bc , the initiator and responder use ISAKMP for interaction, and the responder and Diameter server use Diameter-ISAKMP for interaction. Wherein, the initiator refers to the router sending the routing message, and the responder refers to the router receiving the routing message. This embodiment introduces the Diameter server's extended authentication method based on ISAKMP, such as Figure 4 shown, including the following steps:

[0147] Step 401: When the first routing message needs to be sent, the initiator sends the SA payload to the responder;

[0148] Step 402: the responder sends the SA payload to the initiator;

[0149] So far, the in...

Embodiment 3

[0172] The application scenario of this embodiment is: no trust relationship is configured between the initiator and the responder, and the trust relationship k is configured in advance between the initiator and the Diameter server ac , the trust relationship k has been configured in advance between the responder and the Diameter relay server bd , the trust relationship k has been configured in advance between the Diameter relay server and the Diameter server cd . Because the trust relationship between the Diameter relay server and the initiator is not configured in advance. Wherein, the initiator refers to the router sending the routing message, and the responder refers to the router receiving the routing message. This embodiment introduces the ISAKMP-based extended authentication method of the Diameter relay server, such as Figure 5 shown, including the following steps:

[0173] Step 501: When the first routing message needs to be sent, the initiator sends the SA payloa...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an extensible authentication method based on an internet security association and key management protocol (ISAKMP). The extensible authentication method comprises the steps of: negotiating to carry out authentication by adopting an extensible authentication protocol (EAP) through an initiator and a responder once a first route message is required to be sent; calculating message authentication code (HMAC) value with a key in AUTH load through the initiator and the responder according to a master session key (MSK) produced in the EAP process or a shared key after passing the EAP authentication, and sending the AUTH load to the opposite side, so as to finish the authentication in the ISAKMP. The invention also discloses an extensible authentication system based on the ISAKMP. By adopting the method and system disclosed by the invention, the authentication method can be flexibly selected from the ISAKMP, so that the development of the modern authentication technology can be followed.

Description

technical field [0001] The invention relates to key management and authentication technology of routing equipment in a communication network, in particular to an extended authentication method and system based on Internet Security Association and Key Management Protocol (ISAKMP, Internet Security Association and Key Management Protocol). Background technique [0002] The Internet (Internet) has become an indispensable infrastructure in modern society and plays a very important role in politics, economy and people's livelihood. Once the Internet is damaged or attacked, it will bring serious harm and influence, so network security has attracted worldwide attention. The core device in the Internet is the routing device. Ensuring the security of the routing device is an important aspect of network security, and in the security mechanism of the routing device (including the running routing protocol), key management and authentication are very important aspects. Here, the Interne...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L9/08
Inventor 梁小萍韦银星
Owner 射阳县射阳港对虾养殖二公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com