An isakmp-based extended authentication method and system

Abstract

The invention discloses an extended authentication method based on the Internet Security Alliance and Key Management Protocol (ISAKMP), which includes: when the first routing message needs to be sent, the initiator and the responder negotiate and use the Extended Authentication Protocol (EAP) for authentication; After the EAP authentication process is successful, the initiator and the responder calculate the keyed message authentication code (HMAC) value in the AUTH load according to the master session key (MSK) or shared key generated by the EAP process, and Send the AUTH payload to the other party and complete the authentication in ISAKMP. The invention also discloses an extended authentication system based on ISAKMP. By adopting the method and the system of the invention, the authentication method can be flexibly selected in the ISAKMP, and the development of modern authentication technology can be followed up.

Description

technical field

[0001] The invention relates to key management and authentication technology of routing equipment in a communication network, in particular to an extended authentication method and system based on Internet Security Association and Key Management Protocol (ISAKMP, Internet Security Association and Key Management Protocol). Background technique

[0002] The Internet (Internet) has become an indispensable infrastructure in modern society and plays a very important role in politics, economy and people's livelihood. Once the Internet is damaged or attacked, it will bring serious harm and influence, so network security has attracted worldwide attention. The core device in the Internet is the routing device. Ensuring the security of the routing device is an important aspect of network security, and in the security mechanism of the routing device (including the running routing protocol), key management and authentication are very important aspects. Here, the Interne...

Images