Unlock instant, AI-driven research and patent intelligence for your innovation.

A pre-control method to strengthen the security of ca certificate issuance in rpki

A CA certificate and security technology, applied in the field of information and network technology, can solve problems such as resource unavailability, achieve the effect of reducing waiting time and preventing operational risks

Active Publication Date: 2019-06-11
CHINA INTERNET NETWORK INFORMATION CENTER
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] The entire Internet is divided into many autonomous systems AS (Autonomous System). At present, the routing protocol between AS adopts BGP (Border Gateway Protocol). The BGP protocol itself has a big problem in terms of security: BGP protocol By default, all routing advertisements initiated by AS are accepted, which means that even if an AS initiates a routing advertisement on the network that does not belong to its own IP address prefix, this routing advertisement will be accepted by other ASs and continue to be used in the network. spread
Therefore, when TWNIC entities are actually using these resources, there will be serious problems such as resource unavailability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A pre-control method to strengthen the security of ca certificate issuance in rpki
  • A pre-control method to strengthen the security of ca certificate issuance in rpki
  • A pre-control method to strengthen the security of ca certificate issuance in rpki

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0028] In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.

[0029] 1. Basic principles

[0030] The invention proposes and implements a prior control mechanism for ensuring the safety and accuracy of CA operation in the authentication authority resource allocation process in RPKI. The basic principle of the "pre-control" mechanism is that a correct resource allocation and certificate issuance process should meet the following two conditions:

[0031] All resources allocated to subordinate CA entities must all belong to the current CA entity itself, so as to prevent the occurrence of unauthorized resource allocation;

[0032] All resources that meet the condition cannot be allocated twice or more to different lower-level CA entities, so as to prevent the occurrence of repeated allocation of resources...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a feedforward control method for strengthening CA certificate issuing security in an RPKI. In the process of allocating resources to subordinate entities by a CA entity in the RPKI, the resources to be allocated are detected by means of two conditions before issuing a CA certificate: (1) all the resources allocated to the subordinate CA entities must be subordinated to the current CA entity body completely; (2) and all the resources satisfying the condition (1) cannot be allocated to different subordinate CA entities twice or for more times. When the two conditions are satisfied, the resource allocation and CA certificate issuing are carried out. The feedforward control method can avoid two operating risks of resource repeated allocation and unauthorized resource allocation, and ensures the security and reliability of an RPKI route origin authorization function.

Description

technical field [0001] The invention belongs to the fields of network technology and information technology, and in particular relates to a prior control method for strengthening the issuing security of CA certificates in RPKI. Background technique [0002] The entire Internet is divided into many autonomous systems AS (Autonomous System). At present, the routing protocol between AS adopts BGP (Border Gateway Protocol). The BGP protocol itself has a big problem in terms of security: BGP protocol By default, all routing advertisements initiated by AS are accepted, which means that even if an AS initiates a routing advertisement on the network that does not belong to its own IP address prefix, this routing advertisement will be accepted by other ASs and continue to be used in the network. spread. This design flaw in the security of BGP protocol is likely to lead to a serious Internet security threat - route hijacking. The typical routing hijacking incidents that have occurre...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L9/3263H04L63/0823
Inventor 李晓东刘晓伟延志伟耿光刚
Owner CHINA INTERNET NETWORK INFORMATION CENTER