CN101079702A - A transmission method and device of secure information in wireless network - Google Patents
A transmission method and device of secure information in wireless network Download PDFInfo
- Publication number
- CN101079702A CN101079702A CN 200610060876 CN200610060876A CN101079702A CN 101079702 A CN101079702 A CN 101079702A CN 200610060876 CN200610060876 CN 200610060876 CN 200610060876 A CN200610060876 A CN 200610060876A CN 101079702 A CN101079702 A CN 101079702A
- Authority
- CN
- China
- Prior art keywords
- security information
- access service
- service network
- authentication
- sequence number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a safe information transmitting method and device in the wireless network, which is characterized by the following: transmitting the safe information with mobile terminal key sequence number information at mobile terminal from the first switch-in service net to the second switch-in service net when the mobile terminal moves or reidentifies; reusing the safe information of mobile terminal in the WnMAX; avoiding continuous usage of safe information due to moving the mobile terminal or reidentifying; accelerating the disposing speed of system.
Description
Technical field
The present invention relates to wireless communication technology field, relate in particular to the security information transmission technology in a kind of cordless communication network.
Background technology
In cordless communication network, user terminal need can access network and commence business by corresponding authentication processing process.Corresponding verification process mainly is the legitimacy of identifying user identity, simultaneously, obtain some security information that user terminal needs in the process of commencing business, can guarantee that by corresponding security information user terminal can carry out required business safely and reliably in wireless communication system.Described security information comprises: the sequence number of the authorization key { life time (AK Lifetime) of AK (Authorization Key, authorization key) Sequence Number} and authorization key etc.
To be example in the WiMAX communication system, portable terminal will insert this network, need carry out verification process, after authentication is passed through, generates corresponding key information at portable terminal and aaa server both sides respectively.Because the mobility of portable terminal makes it move to another access service network through regular meeting from an access service network (ASN).For this reason, need in communication system, realize corresponding handoff process.In the hand-off process flow process, still can carry out communication service safely for guaranteeing the portable terminal after the switching, just need in handoff procedure, corresponding security information be passed to objective network from service network.
In addition, because a variety of causes, in communication system, when occurring causing the scene of re-authentication generation, user terminal just can be initiated the re-authentication process.In carrying out the re-authentication process, described security information need be reused or need and be used continuously.In the re-authentication process, if re-authentication occurs on the same authentication device, the security information that then needs to use continuously can directly obtain.But if re-authentication occurs on the different authentication devices, the security information that then needs to use continuously can't obtain.
At present also do not provide a kind of feasible implementation can guarantee when terminal is moved or re-authentication takes place, user's security related information parameter is sent to the technological means of other access service network, thereby make some information do not reused, be unfavorable for accelerating the speed of system handles.
Summary of the invention
The technical problem that will solve of the present invention is to provide the transmission method and the device of security information in a kind of wireless network, so that these security information can be reused, to improve the processing speed of communication system.
The objective of the invention is to be achieved through the following technical solutions:
The invention provides the transmission method of security information in a kind of wireless network, when satisfying predetermined condition, first access service network that has a portable terminal security information sends to second access service network with the security information of portable terminal correspondence, comprises the Ciphering Key Sequence Number information of portable terminal in this security information.
Further, when portable terminal switched, message sent to the target access service network with described Ciphering Key Sequence Number information in the message of the message of service Access Network by handoff preparation phase, switch step or the unusual handoff procedure.
Further, in handoff preparation phase, the service access service network sends handoff request message to the candidate target access service network, comprises described security information in this message, perhaps
Switching the stage of recognition, the service access service network sends switch acknowledgment message to the target access service network, comprises described security information in this switch acknowledgment message, perhaps
In unusual handoff procedure, security information is carried in the session information response message that sends to the target access service network.
Further, described Ciphering Key Sequence Number information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time and/or the antithesis Ciphering Key Sequence Number that authenticates for the second time.
Further, when initiating the authentication device reorientation by the anchoring authentication device access service network, in anchoring authentication device access service network carrying security information corresponding with portable terminal in the authentication device RELOCATION REQUEST message that the service access service network sends, this security information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time, the antithesis Ciphering Key Sequence Number of authentication for the second time and/or IP address or the sign of the external agent among the mobile IP.
Further, when initiating the authentication device reorientation by the service access service network, receive the re-positioning request of service access service network at the anchoring authentication device access service network after, reply the authentication device relocation response message to the service access service network, comprise the antithesis Ciphering Key Sequence Number of authentication for the first time, the antithesis Ciphering Key Sequence Number of authentication for the second time and/or the IP address or the sign of the Foreign Agent among the mobile IP in this response message.
The present invention also provides the transmitting device of security information in a kind of wireless network, comprising:
Handoff procedure is confirmed module, is used to confirm whether portable terminal switches, and triggers the security information sending module in the back that switches,
The security information sending module, the security information that is used for the portable terminal correspondence that will switch sends to the target access service network.
Further, described security information sending module is specially:
Handoff request message processing module: be used in handoff preparation phase, security information is carried in the handoff request message that sends to the candidate target access service network, and send;
Perhaps,
Switch acknowledgment message processing module: be used in switch step, security information is carried in the switch acknowledgment message that sends to the destination service Access Network, and send;
Perhaps,
Session information response message processing module: be used for security information being carried in the session information response message that sends to the target access service network, and sending at unusual handoff procedure.
Further, described security information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time and/or the antithesis Ciphering Key Sequence Number that authenticates for the second time.
The present invention provides the transmitting device of security information in a kind of wireless network again, comprising:
Verification process is confirmed module: is used for confirming whether need portable terminal is carried out re-authentication, if, then trigger the security information sending module,
The security information sending module: the security information that is used for needs are carried out the portable terminal correspondence of re-authentication sends to the access service network that need authenticate.
Further, described security information sending module is specially:
Authentication device re-positioning request module is used for described security information being carried in the authentication device RELOCATION REQUEST message that sends to the service access service network, and sending when the anchoring authentication device access service network is initiated the authentication device reorientation;
Perhaps, authentication device relocation response module, be used for when the service access service network is initiated the authentication device reorientation, according to serving the authentication device RELOCATION REQUEST message that access service network is sent, described security information is become to be stated from the authentication device location response message that sends to the service access service network, and send.
Further, described security information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time, the antithesis Ciphering Key Sequence Number of authentication for the second time and/or the IP address or the sign of the Foreign Agent among the mobile IP.
As seen from the above technical solution provided by the invention, the invention solves portable terminal switch or re-authentication after the continuous use problem of security information, guaranteed after switching generation, the target access service network can get access to the security information of portable terminal reliably, and in the re-authentication process, the problem that can cause corresponding security information to use continuously because of the variation of authentication device not.Thereby make to be moved or during re-authentication, some information of portable terminal can be reused, accelerate the speed of system handles at portable terminal.
Description of drawings
Fig. 1 is the specific implementation schematic diagram of method of the present invention;
Fig. 2 is first preferred embodiment of method of the present invention;
Fig. 3 is second preferred embodiment of method of the present invention;
Fig. 4 is the 3rd preferred embodiment of method of the present invention;
Fig. 5 is the 4th preferred embodiment of method of the present invention;
Fig. 6 is the structural representation one of device of the present invention;
Fig. 7 is the structural representation two of device of the present invention.
Embodiment
See also Fig. 1, the core of the security information transmission method in the wireless network provided by the invention is when portable terminal switches or re-authentication takes place, by first access service network of knowing portable terminal security information carried terminal security related information in the session information that sends to second access service network, so that second access service network can obtain these security information and reuse these information, thus the processing speed of quickening system.
In the WiMAX communication system, when adopting single EAP (Extensible AuthenticationProtocol, Extensible Authentication Protocol) during certification policy, described security information comprises sequence number { PMK (the Pairwise Master Key of antithesis master key, the antithesis master key) Sequence Number} information, the life time of antithesis master key (PMK Lifetime) information.
When adopting twice EAP certification policy, described security information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time, for the first time the life time of the antithesis master key of authentication, the antithesis Ciphering Key Sequence Number of authentication, the life time of the antithesis key of authentication for the second time for the second time.
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with accompanying drawing.
Figure 2 shows that first preferred embodiment of the method for the invention, in this embodiment, transmit described security information, specifically comprise by switching set-up procedure:
Step 21: current when being the switching set-up procedure of certain terminal when judging, the service access service network of terminal sends handoff request message to the candidate target access service network, is comprising the security information of corresponding portable terminal correspondence in this handoff request message.
Described security information comprises: the antithesis Ciphering Key Sequence Number of authentication and/or the antithesis Ciphering Key Sequence Number of authentication for the first time for the second time, simultaneously optionally, can also comprise the life time of the antithesis master key of authentication for the first time, for the second time the life time of the antithesis key of authentication;
Step 22: after the candidate target access service network is received this handoff request message, optionally send switching response message to the service access service network.
Figure 3 shows that second preferred embodiment of the method for the invention, in this embodiment, is the security information by switching affirmation process transmission user terminal.The service Access Network sends switch acknowledgment message to target access network, the corresponding security information that in this switch acknowledgment message, comprises portable terminal, these security information comprise: the antithesis Ciphering Key Sequence Number of the authentication first time, antithesis Ciphering Key Sequence Number of authentication or the like for the second time.
Figure 4 shows that the 3rd preferred embodiment of the method for the invention, present embodiment is when re-authentication occurs on the different authentication devices, the transmission course of the access service network of grappling authenticator security information when service access service network generation re-authentication.Specifically comprise:
Step 41: the anchoring authentication device access service network sends the authentication device RELOCATION REQUEST message to the service access service network, comprises the antithesis Ciphering Key Sequence Number of authentication for the first time, the antithesis Ciphering Key Sequence Number of authentication for the second time and/or the IP address or the sign of the Foreign Agent among the mobile IP in this request message;
Step 42: after the service access service network is received above-mentioned request message, send the authentication device relocation response to the anchoring authentication device access service network.
Figure 5 shows that the 4th preferred embodiment of the method for the invention, present embodiment is when re-authentication occurs on the different authentication devices, the transmission course of service access service network security information when the access service network generation re-authentication of anchoring authentication device specifically comprises:
Step 51: the service access service network sends authentication device re-positioning request, the security information that acquisition request is relevant with portable terminal to the access service network of anchoring authentication device;
Step 52: after the access service network of anchoring authentication device is received described authentication device re-positioning request, find the security information of corresponding mobile terminal, and send to the service access service network by this security information being carried to service access service network answer authentication device relocation response message.
Described security information comprises: primary antithesis Ciphering Key Sequence Number, the antithesis Ciphering Key Sequence Number of authentication for the second time and/or the IP address or the sign of the Foreign Agent among the mobile IP.
A kind of transmitting device of realizing security information in the wireless network that the present invention also provides, be used for when portable terminal switches, obtaining the security information of corresponding mobile terminal, as Ciphering Key Sequence Number information etc., corresponding implementation structure as shown in Figure 6, specifically comprise: handoff procedure is confirmed module, be used to confirm whether portable terminal switches, and after portable terminal switches, trigger the security information sending module; The security information sending module, the security information that is used for the portable terminal correspondence that will switch sends to the target access service network; The security information receiver module is used to receive the security information that the security information module sends, and offers function corresponding entity in the destination service Access Network.
Described security information sending module is specially: the handoff request message processing module: be used in handoff preparation phase, security information is carried in the handoff request message that sends to the target access service network, and send; Perhaps, switch acknowledgment message processing module: be used in switch step, security information is carried in the switch acknowledgment message that sends to the destination service Access Network, and send; Perhaps, session information response message processing module: be used for security information being carried in the session information response message that sends to the target access service network, and sending at unusual handoff procedure.
Described Ciphering Key Sequence Number information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time and/or the antithesis Ciphering Key Sequence Number that authenticates for the second time.
The present invention also provides the transmitting device of security information in a kind of wireless network, is used for obtaining the security information of relevant user terminals when portable terminal generation re-authentication, and as Ciphering Key Sequence Number information etc., corresponding implementation structure specifically comprises as shown in Figure 7:
Verification process is confirmed module, is used to judge whether to take place the re-authentication process, and after confirming that re-authentication takes place, triggers the security information sending module; The security information sending module, the security information that is used for needs are carried out the portable terminal correspondence of re-authentication sends to the service access service network.
Described security information sending module is specially: authentication device re-positioning request module, be used for when the anchoring authentication device access service network is initiated the authentication device reorientation, described security information is carried in the authentication device RELOCATION REQUEST message that sends to the service access service network, and sends; Perhaps, authentication device relocation response module, be used for when the service access service network is initiated the authentication device reorientation, according to serving the authentication device RELOCATION REQUEST message that access service network is sent, described security information is become to be stated from the authentication device location response message that sends to the service access service network, and send.
Described security information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time, the antithesis Ciphering Key Sequence Number of authentication for the second time and/or the IP address or the sign of the Foreign Agent among the mobile IP.
The above; only for the preferable embodiment of the present invention, but protection scope of the present invention is not limited thereto, and anyly is familiar with those skilled in the art in the technical scope that the present invention discloses; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.
Claims (12)
1, the transmission method of security information in a kind of wireless network is characterized in that:
When satisfying predetermined condition, first access service network that has a portable terminal security information sends to second access service network with the security information of portable terminal correspondence, comprises the Ciphering Key Sequence Number information of portable terminal in this security information.
2, method according to claim 1, it is characterized in that: when portable terminal switched, message sent to the target access service network with described Ciphering Key Sequence Number information in the message of the message of service Access Network by handoff preparation phase, switch step or the unusual handoff procedure.
3, method according to claim 2 is characterized in that: in handoff preparation phase, the service access service network sends handoff request message to the candidate target access service network, comprises described security information in this message, perhaps
Switching the stage of recognition, the service access service network sends switch acknowledgment message to the target access service network, comprises described security information in this switch acknowledgment message, perhaps
In unusual handoff procedure, security information is carried in the session information response message that sends to the target access service network.
4, according to each described method of claim 1 to 3, it is characterized in that: described Ciphering Key Sequence Number information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time and/or the antithesis Ciphering Key Sequence Number that authenticates for the second time.
5, method according to claim 1, it is characterized in that: when initiating the authentication device reorientation by the anchoring authentication device access service network, in anchoring authentication device access service network carrying security information corresponding with portable terminal in the authentication device RELOCATION REQUEST message that the service access service network sends, this security information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time, the antithesis Ciphering Key Sequence Number of authentication for the second time and/or IP address or the sign of the external agent among the mobile IP.
6, method according to claim 1, it is characterized in that: when initiating the authentication device reorientation by the service access service network, receive the re-positioning request of service access service network at the anchoring authentication device access service network after, reply the authentication device relocation response message to the service access service network, comprise the antithesis Ciphering Key Sequence Number of authentication for the first time, the antithesis Ciphering Key Sequence Number of authentication for the second time and/or the IP address or the sign of the Foreign Agent among the mobile IP in this response message.
7, the transmitting device of security information in a kind of wireless network is characterized in that, comprising:
Handoff procedure is confirmed module, is used to confirm whether portable terminal switches, and triggers the security information sending module in the back that switches,
The security information sending module, the security information that is used for the portable terminal correspondence that will switch sends to the target access service network.
8, device according to claim 7 is characterized in that, described security information sending module is specially:
Handoff request message processing module: be used in handoff preparation phase, security information is carried in the handoff request message that sends to the candidate target access service network, and send;
Perhaps,
Switch acknowledgment message processing module: be used in switch step, security information is carried in the switch acknowledgment message that sends to the destination service Access Network, and send;
Perhaps,
Session information response message processing module: be used for security information being carried in the session information response message that sends to the target access service network, and sending at unusual handoff procedure.
9, according to claim 7 or 8 described devices, it is characterized in that: described security information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time and/or the antithesis Ciphering Key Sequence Number that authenticates for the second time.
10, the transmitting device of security information in a kind of wireless network is characterized in that, comprising:
Verification process is confirmed module: is used for confirming whether need portable terminal is carried out re-authentication, if, then trigger the security information sending module,
The security information sending module: the security information that is used for needs are carried out the portable terminal correspondence of re-authentication sends to the access service network that need authenticate.
11, device according to claim 10 is characterized in that: described security information sending module is specially:
Authentication device re-positioning request module is used for described security information being carried in the authentication device RELOCATION REQUEST message that sends to the service access service network, and sending when the anchoring authentication device access service network is initiated the authentication device reorientation;
Perhaps, authentication device relocation response module, be used for when the service access service network is initiated the authentication device reorientation, according to serving the authentication device RELOCATION REQUEST message that access service network is sent, described security information is become to be stated from the authentication device location response message that sends to the service access service network, and send.
12, according to claim 10 or 11 described devices, it is characterized in that: described security information comprises the antithesis Ciphering Key Sequence Number of authentication for the first time, the antithesis Ciphering Key Sequence Number of authentication for the second time and/or the IP address or the sign of the Foreign Agent among the mobile IP.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610060876 CN101079702A (en) | 2006-05-23 | 2006-05-23 | A transmission method and device of secure information in wireless network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610060876 CN101079702A (en) | 2006-05-23 | 2006-05-23 | A transmission method and device of secure information in wireless network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101079702A true CN101079702A (en) | 2007-11-28 |
Family
ID=38906955
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610060876 Pending CN101079702A (en) | 2006-05-23 | 2006-05-23 | A transmission method and device of secure information in wireless network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101079702A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101489097A (en) * | 2009-01-19 | 2009-07-22 | 深圳市同洲电子股份有限公司 | Digital television management system and method |
| CN102196407A (en) * | 2010-03-18 | 2011-09-21 | 中兴通讯股份有限公司 | Re-positioning method and system for anchored authentication device |
| CN102833746A (en) * | 2012-09-14 | 2012-12-19 | 福建星网锐捷网络有限公司 | User re-authentication method and AC (Access Controller) |
-
2006
- 2006-05-23 CN CN 200610060876 patent/CN101079702A/en active Pending
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101489097A (en) * | 2009-01-19 | 2009-07-22 | 深圳市同洲电子股份有限公司 | Digital television management system and method |
| CN101489097B (en) * | 2009-01-19 | 2014-04-30 | 深圳市龙视传媒有限公司 | Digital television management system and method |
| CN102196407A (en) * | 2010-03-18 | 2011-09-21 | 中兴通讯股份有限公司 | Re-positioning method and system for anchored authentication device |
| WO2011113292A1 (en) * | 2010-03-18 | 2011-09-22 | 中兴通讯股份有限公司 | Method and system for anchor authenticator relocation |
| US9032485B2 (en) | 2010-03-18 | 2015-05-12 | Zte Corporation | Anchor authenticator relocation method and system |
| CN102196407B (en) * | 2010-03-18 | 2015-09-16 | 中兴通讯股份有限公司 | Anchoring authentication device method for relocating and system |
| CN102833746A (en) * | 2012-09-14 | 2012-12-19 | 福建星网锐捷网络有限公司 | User re-authentication method and AC (Access Controller) |
| CN102833746B (en) * | 2012-09-14 | 2015-11-25 | 福建星网锐捷网络有限公司 | User's re-authentication method and access controller |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100341290C (en) | Authentication method for fast handover in a wireless local area network | |
| CN1214568C (en) | Techniques for performing UMTS (universal mobile telecommunications system) authentication using SIP (session initiation protocol) messages | |
| CN1186906C (en) | Wireless LAN safety connecting-in control method | |
| CN1265676C (en) | Method for realizing roaming user to visit network inner service | |
| CN1835436A (en) | General power authentication frame and method of realizing power auttientication | |
| CN1256594A (en) | Method for establishing agreement of session key | |
| CN1764107A (en) | Method of authenticating a mobile network node in establishing a peer-to-peer secure context | |
| CN1636378A (en) | Addressing mechanisms in mobile ip | |
| CN1697373A (en) | Method for negotiating about cipher key shared by users and application server | |
| CN101079891A (en) | Wireless switching network re-authentication method based on wireless LAN secure standard WAPI | |
| CN1941695B (en) | Method and system for generating and distributing key during initial access network process | |
| CN1889781A (en) | Identification method for multi-mode terminal roaming among heterogenous inserting technology networks | |
| CN1921682A (en) | Method for enhancing key negotiation in universal identifying framework | |
| CN1619604A (en) | Layer 2 switch device with verification management table | |
| CN1225942C (en) | Method of improving mobile terminal handover switching performance in radio IP system | |
| CN103402201B (en) | A kind of WiFi-WiMAX heterogeneous wireless network authentication method based on pre-authentication | |
| CN1921379A (en) | Method for object discriminator/key supplier to get key | |
| CN1905734A (en) | Method and system for object base station to obtain KI | |
| CN101079702A (en) | A transmission method and device of secure information in wireless network | |
| CN1585329A (en) | Phonetic telecommunication method for mobile self-organizing network | |
| CN1694564A (en) | Authentication, authority and accounting method of voice communication in radio block network | |
| CN1773904A (en) | Universal safety grade consulting method | |
| CN1849003A (en) | Method for right discrimination to user | |
| CN1881870A (en) | Method for safety communication between devices | |
| CN101031133A (en) | Method and apparatus for determining mobile-node home agent |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |