CN101815293A - Link security certification method, device and system in wireless relay network - Google Patents
Link security certification method, device and system in wireless relay network Download PDFInfo
- Publication number
- CN101815293A CN101815293A CN200910004704A CN200910004704A CN101815293A CN 101815293 A CN101815293 A CN 101815293A CN 200910004704 A CN200910004704 A CN 200910004704A CN 200910004704 A CN200910004704 A CN 200910004704A CN 101815293 A CN101815293 A CN 101815293A
- Authority
- CN
- China
- Prior art keywords
- key
- authentication code
- count value
- context
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000004321 preservation Methods 0.000 claims description 13
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 8
- 238000012795 verification Methods 0.000 abstract description 27
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 11
- 230000002596 correlated effect Effects 0.000 description 9
- 238000000205 computational method Methods 0.000 description 8
- 230000004044 response Effects 0.000 description 8
- JEYCTXHKTXCGPB-UHFFFAOYSA-N Methaqualone Chemical compound CC1=CC=CC=C1N1C(=O)C2=CC=CC=C2N=C1C JEYCTXHKTXCGPB-UHFFFAOYSA-N 0.000 description 6
- 238000001514 detection method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 238000003672 processing method Methods 0.000 description 4
- 230000000875 corresponding effect Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012163 sequencing technique Methods 0.000 description 3
- 241000209094 Oryza Species 0.000 description 2
- 235000007164 Oryza sativa Nutrition 0.000 description 2
- 235000021186 dishes Nutrition 0.000 description 2
- 235000009566 rice Nutrition 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a link security certification method, a device and a system in a wireless relay network. The method comprises the following steps that: a multi-hop relay base station or an access relay station receives a first management message sent by a mobile station; the first management message carries a first message authentication code, and a first message authentication code key counting value and a first message authentication code grouping number counting value which are contained in the context of a first authentication key stored by the mobile station per se; the first message authentication code is verified according to a second authentication key, a second authentication key mark, the first message authentication code key counting value and the first message authentication code grouping number counting value, wherein the second authentication key and the second authentication key mark are contained in the context of a second authentication key; and whether the access link between the mobile station and the access relay station is secure or not is determined according to the verification results. When the technical scheme of the invention is adopted, the relay attack in the wireless relay network can be effectively prevented.
Description
Technical field
The present invention relates to communication technical field, relate in particular to link security certification method, device and system in the wireless relay network.
Background technology
WiMAX (Worldwide Interoperability for Microwave Access, the microwave interoperability is inserted in the whole world) is a kind of wireless metropolitan area network technology based on IEEE 802.16 standards.IEEE 802.16d is the standard of fixed wireless access, can be applied to 2~11GHz non line of sight (NLOS, Non Light of Sight) transmission and 10~66GHz sighting distance (LOS, Light of Sight) transmission.IEEE 802.16e has added the ambulant new features of support on the basis of IEEE 802.16d.
Defined a kind of method that prevents that administrative messag from resetting in the IEEE 802.16e agreement, at any time promptly, CMAC (Cipher-based message authentication code, based on the message authentication code of password, being called for short message authentication code in this article) combination of keys of packet number count value and the corresponding CMAC of generation message authentication code is unique.For preventing to reset effectively, these keys must often upgrade, and CMAC KEY COUNT (authentication code key counting) count value then is used for guaranteeing the freshness of key; Simultaneously, message authentication code packet number count value also can be upgraded when the administrative messag of each transmission band message authentication code, further strengthens the ability of the anti-replay-attack of message authentication code.Terminal reenters or carries out home and upgrade or switch in the process of target BS at network, before the base station sends RNG-REQ (distance measurement request) message, the CMAC_KEY_COUNT count value all can be upgraded, and the zero setting of message authentication code packet number count value, count value after the terminal utilization is upgraded generates new authentication code key, to utilize the message authentication code packet number count value after this authentication code key and the zero setting be that RNG-REQ message generates the CMAC message authentication code to terminal then, the while network side also uses the count value generation corresponding secret key after the renewal to be used to verify this RNG-REQ message, prevents Replay Attack with this.
The inventor finds that there are the following problems at least in the prior art: in the multi-hop relay network scenarios of WiMAX, existing protocol (NWG (Network Working Group, network work group) and 802.16j) how under the distributed security pattern, to utilize authentication code key count value and message authentication code packet number count value to carry out anti-replay-attack not provide concrete solution for terminal and network.
Summary of the invention
The purpose of the embodiment of the invention is to provide link security certification method, device and the system in a kind of wireless relay network, in order to prevent the Replay Attack in the wireless relay network.
To achieve these goals, the embodiment of the invention provides the link security certification method in a kind of wireless relay network, comprising:
First administrative messag that receiving mobile sends, carry the first authentication code key count value that comprises in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag, the first message authentication code packet number count value, first message authentication code is according to first authenticate key in first authentication key context, first authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value is calculated and is generated, and first authenticate key in first authentication key context obtains by setting rule calculating according to mobile station identification and access relay station sign;
Verify first message authentication code according to second authenticate key that comprises in second authentication key context, second authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value, determine whether safety of travelling carriage and the access link of access between relay station according to the checking result, second authenticate key and first authenticate key are reciprocity key.
The embodiment of the invention also provides the link security certification method in a kind of wireless relay network, comprising:
Receive and insert second administrative messag that relay station sends, carry the 3rd message authentication code and the 3rd authentication code key count value in second administrative messag, the 3rd message authentication code packet number count value, the 3rd message authentication code is according to the 3rd authentication code key count value, the 3rd authenticate key in the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign is calculated and is generated, the 3rd authenticate key obtains by setting rule calculating according to inserting relay station sign and multi-hop relay base station sign, and described the 3rd authentication key context is the relevant authentication key context of access relay station that described access relay station is preserved;
Verify the 3rd message authentication code according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value, determine to insert repeated link safety whether between relay station and multi-hop relay base station according to the checking result, the 4th authenticate key and the 3rd authenticate key are reciprocity key.
The embodiment of the invention also provides a kind of link security certification device, comprising:
First receiver module, be used for first administrative messag that receiving mobile sends, carry the first authentication code key count value that comprises in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag, the first message authentication code packet number count value, first message authentication code is according to first authenticate key in first authentication key context, first authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value is calculated and is generated, and first authenticate key obtains by setting rule calculating according to mobile station identification and access relay station sign;
First processing module, second authenticate key, second authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value that are used for comprising according to second authentication key context are verified first message authentication code, determine whether safety of travelling carriage and the access link of access between relay station according to the checking result, second authenticate key and first authenticate key are reciprocity key.
The embodiment of the invention also provides a kind of multi-hop relay base station, comprising:
Second receiver module, be used to receive second administrative messag that inserts the relay station transmission, carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in second administrative messag, the 3rd message authentication code calculates and generates according to the 3rd authenticate key in the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign, and the 3rd authenticate key calculates by the setting rule with the multi-hop relay base station sign according to access relay station sign and obtains;
Second processing module, the 4th authenticate key, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value that are used for comprising according to the 4th authentication key context are verified the 3rd message authentication code, determine to insert repeated link safety whether between relay station and multi-hop relay base station according to the checking result, the 4th authenticate key and the 3rd authenticate key are reciprocity key.
The embodiment of the invention also provides a kind of wireless relay network system, comprising:
Insert relay station, be used for first administrative messag that receiving mobile sends, according to second authenticate key that comprises in second authentication key context, second authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value is verified first message authentication code, determine whether safety of travelling carriage and the access link of access between relay station according to the checking result, and first administrative messag is converted to second administrative messag and sends, wherein, carry the first authentication code key count value that comprises in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag, the first message authentication code packet number count value, first message authentication code is according to first authenticate key in first authentication key context, first authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value is calculated and is generated, first authenticate key obtains by setting rule calculating according to mobile station identification and access relay station sign, and second authenticate key and first authenticate key are reciprocity key;
Multi-hop relay base station, be used to receive second administrative messag that inserts the relay station transmission, and according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value is verified the 3rd message authentication code, determine to insert repeated link safety whether between relay station and multi-hop relay base station according to the checking result, wherein, carry the 3rd message authentication code and the 3rd authentication code key count value in second administrative messag, the 3rd message authentication code packet number count value, the 3rd message authentication code is according to the 3rd authentication code key count value, the 3rd authenticate key in the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign is calculated and is generated, the 3rd authenticate key obtains by setting rule calculating according to inserting relay station sign and multi-hop relay base station sign, and the 4th authenticate key and the 3rd authenticate key are reciprocity key.
The beneficial effect of the embodiment of the invention is:
The embodiment of the invention can effectively prevent the Replay Attack in the wireless relay network for detection access link and repeated link fail safe in the wireless relay network provide concrete technical scheme.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art, to do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below, apparently, accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart that detects access link fail safe in the wireless relay network in the embodiment of the invention;
Fig. 2 is the flow chart that detects repeated link fail safe in the wireless relay network in the embodiment of the invention;
Fig. 3 is the network architecture schematic diagram of IEEE 802.16j definition;
Fig. 4 is the schematic flow sheet of the link security certification method in the wireless relay network in the embodiment of the invention one;
Fig. 5 is the schematic flow sheet of the link security certification method in the wireless relay network in the embodiment of the invention two;
Fig. 6 is the schematic flow sheet of the link security certification method in the wireless relay network in the embodiment of the invention three;
Fig. 7 is the schematic flow sheet of the link security certification method in the wireless relay network in the embodiment of the invention four;
Fig. 8 is the link security certification device block diagram in the embodiment of the invention five;
Fig. 9 is the multi-hop relay base station block diagram in the embodiment of the invention six;
Figure 10 is the wireless relay network system block diagram in the embodiment of the invention seven.
Embodiment
In embodiments of the present invention, the method for access link fail safe may further comprise the steps as shown in Figure 1 in the detection wireless relay network:
Carry the first authentication code key count value, the first message authentication code packet number count value that comprise in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag.
Authentication key context comprises authenticate key, authenticate key sign, authentication code key, authentication code key count value, message authentication code packet number count value, authenticate key and authentication code key count value are used to calculate authentication code key jointly, and authentication code key and authenticate key sign, message authentication code packet number count value are used to calculate or the message authentication code of verification management message jointly.
First message authentication code calculates and generates according to first authenticate key in first authentication key context, first authenticate key sign and the described first authentication code key count value, the first message authentication code packet number count value.
First authenticate key in first authentication key context obtains by setting rule calculating according to mobile station identification and access relay station sign.
Second authenticate key and first authenticate key are reciprocity key.The executive agent of such scheme can be A-RS (Access Relay Station inserts relay station) or MS-BS (Multi-hop Relay Base Station, multi-hop relay base station).This second authentication key context can be kept at A-RS or MS-BS this locality, also can obtain from authentication device under the MS.
In embodiments of the present invention, the method for repeated link fail safe may further comprise the steps as shown in Figure 2 in the detection wireless relay network:
Step 201 receives and inserts second administrative messag that relay station sends;
Carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in second administrative messag, the 3rd message authentication code generates according to the 3rd authenticate key in the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign, and the 3rd authenticate key obtains by setting rule calculating according to inserting relay station sign and multi-hop relay base station sign;
Step 202, verify the 3rd message authentication code according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value, determine to insert repeated link safety whether between relay station and multi-hop relay base station according to the checking result.
The 4th authenticate key and the 3rd authenticate key are reciprocity key, and the executive agent of such scheme can be MS-BS, and the 4th authentication key context can be kept at MS-BS this locality.
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is described in detail.
Embodiment one
IEEE 802.16j is the air protocol that realizes relay capabilities on the 16e basis that IEEE organizes to set up.The network architecture of its definition as shown in Figure 3, comprising:
MR-BS: a kind ofly be connected the equipment of management and control for relay station provides with user terminal;
RS (Relay Station, relay station): a kind of MR-BS that depends on provides the equipment of connection for other RS or travelling carriage.The RS that has also can provide management and control for subordinate RS or user terminal.Between RS and MS eat dishes without rice or wine with MR-BS and MS between to eat dishes without rice or wine be identical.RS is exactly the website of data between transfer base station and the terminal, makes wireless signal to arrive the destination through repeatedly transmitting (multi-hop).
MS (Mobile Station, travelling carriage): the user uses this devices accessing WiMAX network.
In the link security certification method in the wireless relay network that present embodiment provides, verify access link safety earlier, verify repeated link safety again, wherein, the safety verification of access link is based on relevant AK (the Authentication Key of MS, authenticate key) context, the safety verification of repeated link is based on the relevant AK context of A-RS; In the replacement scheme of present embodiment, the safety verification of access link is based on the relevant AK context of MS, and the safety verification of repeated link is also based on the relevant AK context of MS.In following all embodiment, AK key in the relevant AK context of MS is that the affiliated authentication device of MS or MS calculates generation according to MS sign and A-RS sign by certain rule, and the AK key in the relevant AK context of A-RS is that authentication device generates by certain regular calculating according to A-RS sign and MR-BS sign under A-RS or the A-RS.In the present embodiment, MS safeguards the relevant AK context of a MS, comprises CMAC KEY COUNT value X in this context
M, A-RS safeguards the relevant AK context of a MS, comprises CMAC KEY COUNT value Y in this context
M, authentication device is safeguarded the relevant AK context of a MS, comprises CMAC KEY COUNT value Z in this context
M, A-RS also safeguards the A-RS AK context of being correlated with, and comprises CMAC KEY COUNT value X in this context
R, MR-BS safeguards the relevant AK context of an A-RS, comprises CMAC KEY COUNT value Y in the context
R
As shown in Figure 4, the link security certification method in the wireless relay network that provides of present embodiment may further comprise the steps:
MS before sending first administrative messag to A-RS, the first authentication code key count value that comprises in the authentication key context (present embodiment is called first authentication key context) with self maintained, i.e. CMAC KEY COUNT value X
MFrom adding 1, and with the first message authentication code packet number count value zero setting in the relevant AK context (i.e. an AK context) of the local MS that preserves of MS, utilize the local MS that preserves of the MS AK context of being correlated with to generate first message authentication code for RNG-REQ message; Detailed process is that MS utilizes AK key, MS sign (specifically can be MS MAC layer address), RS sign and the X in the AK context
MCalculate authentication code key by specific mode, utilize AK sign, the first message authentication code packet number count value in this authentication code key and the AK context to calculate generation first message authentication code again for RNG-REQ message, concrete computational methods can be with reference to the 802.16e agreement, and the BS sign that different is in the 802.16e computational methods need change to the RS sign.
Need to prove, all comprise AK key, AK sign, authentication code key, authentication code key count value CMAC_KEY_COUNT herein in the various AK contexts of mentioning, and message authentication code packet number count value.Wherein, the AK key (being also referred to as first authenticate key in the present embodiment) in the local described AK context of preserving of MS is that MS calculates according to setting rule according to MS ID (specifically can be the MAC layer address of MS) and RS ID.
MS carries out that network reenters or carries out home and upgrade or switch under the situation that target inserts relay station and initiate this step at A-RS.
Described the 2nd AK context is the AK context that includes second authenticate key, and described second authenticate key and described first authenticate key are reciprocity key.
This MS ID can be carried in the RNG-REQ message by MS and send to A-RS, also can be known by other prior art means by A-RS.
In embodiments of the present invention, message between A-RS and MR-BS and MR-BS and the authentication device can send to directly or indirectly, it is that A-RS sends a message to MR-BS through other RS that what is called sends to indirectly, and MR-BS can send a message to authentication device through other network elements (as gateway).
The authentication device of mentioning herein is the authentication device under the MS.
Step 310 is judged X
MWhether more than or equal to Y
MIf,, carry out step 311, otherwise, carry out step 325;
This step judges promptly whether the first authentication code key count value is not less than the second authentication code key count value that comprises in second authentication key context.
This step is the whether supplementary means of safety of a checking access link, if judged X
MLess than Y
M, then be interpreted as the access link Replay Attack to have occurred.Do not need to have carried out the message authentication code verifying of RNG-REQ message, as seen, adopt this step, may utilize simple judging means just to know whether safety of access link.
Be proved to be successful the access link safety that to determine between MS and A-RS, otherwise determine that access link is dangerous.
A-RS generates the method for second administrative messag and is in this step: with the 3rd CMAC_KEY_COUNT value X in the relevant AK context (i.e. the 3rd AK context) of A-RS of self maintained
RWith the CMAC_KEY_COUNT value X in the 3rd message authentication code packet number count value replacement step 302RNG-REQ message
MWith the first message authentication code packet number count value, and the 3rd authentication code key and the 3rd message authentication code packet number count value of utilizing A-RS to be correlated with in the AK context (i.e. the 3rd AK context) recomputate message authentication code for the RNG-REQ message (not comprising original message authentication code part) after replacing, i.e. the 3rd message authentication code, the 3rd message authentication code is replaced the first original message authentication code, obtain new RNG-REQ message, i.e. second administrative messag;
This step judges promptly whether the 3rd authentication code key count value is not less than the 4th authentication code key count value that comprises in local the 4th authentication key context of preserving of MR-BS, if judge X
RLess than Y
M, then be interpreted as the repeated link Replay Attack to have occurred.
Be proved to be successful the repeated link safety that to determine between A-RS and MR-BS, otherwise determine that repeated link is dangerous.
When specific implementation, step 318 and 319 does not have certain sequencing.
This message can also be CMAC_Key_Count_Update (authentication code key count update) message, and the response message in the step 322 corresponding with it is CMAC_Key_Count_Update_Ack (affirmation of an authentication code key count update) message.
After step 321, authentication device receive Context_Rpt message, upgrading the CMAC_Key_Count value in the relevant AK context of the local MS that preserves of authentication device, specifically is to get Z
MAnd X
MIn big person add 1, and assignment is given Z
M, i.e. Z
M=max (X
M, Z
M) ++;
If in concrete operations, need only detect the fail safe of access link, then should be with X after confirming access link safety
MNotice authentication device, authentication device upgrade the relevant CMAC_Key_Count value of the local MS that preserves of authentication device.
Step 323 after MR-BS receives Context_Ack message, sends the above-mentioned MS_Context-REQ message of MS_Context-RSP message response to A-RS, finishes;
Step 324, MR-BS sends to A-RS and carries the RNG-RSP of refusal information;
The concrete processing method of this step can for: the Ranging Status (distance measuring states) in the RNG-RSP message is set to Abort (termination), Location Update Response (position upgrade response) perhaps is set is failure (failure).
The concrete processing method of this step can for: the Ranging Status in the RNG-RSP message is set to Abort, and it is failure (failure) that Location Update Response perhaps is set.
In concrete realization, can carry out some adjustment to above-mentioned flow process, for example: in step 314, can carry the CMAC_Key_Count value X of MS in the RNG-REQ message simultaneously
MCMAC_Key_Count value X with RS
R, then MR-BS can just be known X at this moment
M, and judged result is to carry out step 320 under the situation that is to 322, with X in step 315
MThe notice authentication device.Like this, step 319 and 323 can omit.
Present embodiment also has a kind of replacement scheme, and promptly on the basis of the described scheme of Fig. 4, MR-BS also needs to safeguard the MS AK context (the 2nd AK context) of being correlated with, and comprises the relevant CMAC_Key_Count value Y of MS in the 2nd AK context
M, at this moment: step 305~307,313,319,323 can be omitted.The reason that keeps step 320~322 is to have the relevant AK context that other can need obtain this MS with the MR-BS that authentication device is communicated by letter from authentication device.If can all preserve the relevant AK context of MS with all MR-BS that authentication device is communicated by letter, then step 320-322 can omit.
When specific implementation, can only detect whether safety or only detect whether safety of access link of repeated link.In the present embodiment,, then can omit step 313~317, after step 312 finishes, directly carry out step 318 if only detect whether safety of access link; If only detect whether safety of repeated link, then can omit step 303~312,319~323.Below situation and the present embodiment of several embodiment similar, those skilled in the art can according to each step be safety detection with access link relevant or with the safety detection of repeated link relevant determine only to detect access link when whether safe situation or only detect the situation of repeated link when whether safe, in follow-up each embodiment, repeat no more.
Embodiment two
In the link security certification method in the wireless relay network that present embodiment provides, verify access link safety earlier, verify repeated link safety again, the safety verification of access link is based on the relevant AK context of MS, and the safety verification of repeated link is based on relevant AK context of A-RS and the employed CMAC_KEY_COUNT value of access link RNG-REQ.In the present embodiment, MS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value X in this context
M, A-RS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Y in this context
M, authentication device is safeguarded the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Z in this context
M, A-RS also safeguards the A-RS AK context of being correlated with, MR-BS safeguards the relevant AK context of an A-RS, safeguards the CMAC_KEY_COUNT value Y that a MS is relevant simultaneously
MRCompare with embodiment one, do not need to safeguard the A-RS CMAC_KEY_COUNT value of being correlated with in the present embodiment.
Link security certification method in the wireless relay network that present embodiment provides may further comprise the steps as shown in Figure 5:
Carry the first authentication code key count value X that comprises in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag
M, the first message authentication code packet number count value.
The authentication device of mentioning herein is the authentication device under the MS.
Step 411 is judged X
MWhether more than or equal to Y
MIf,, carry out step 412, otherwise, carry out step 424;
This step judges promptly whether the first authentication code key count value is not less than the second authentication code key count value that comprises in second authentication key context.
Be proved to be successful the access link safety that to determine between MS and A-RS, otherwise determine that access link is dangerous.
In this step, A-RS utilizes the CMAC_KEY_COUNT value X in AK key, AK sign and the RNG-REQ message in the relevant AK context (i.e. the 3rd AK context) of the A-RS of self maintained
MWith message authentication code packet number count value, for RNG-REQ message (not comprising original message authentication code part) recomputates message authentication code, the message authentication code that recomputates is replaced original message authentication code, obtain new RNG-REQ message;
This step judges promptly whether the 3rd authentication code key count value is not less than the 4th authentication code key count value that comprises in local the 4th authentication key context of preserving of MR-BS.
Be proved to be successful the repeated link safety that to determine between A-RS and MR-BS, otherwise determine that repeated link is dangerous.
When specific implementation, step 419 and 420 does not have certain sequencing.
After step 421, authentication device receive Context_Rpt message, upgrading the CMAC_Key_Count value in the local MS related context of preserving of authentication device, specifically is to get Z
MAnd X
MIn big person add 1, and assignment is given Z
M, i.e. Z
M=max (X
M, Z
M) ++;
Present embodiment three
In the link security certification method in the wireless relay network that present embodiment provides, checking repeated link safety is verified access link safety more earlier.The safety verification of access link is based on the relevant AK context of MS, and the safety verification of repeated link is based on the relevant AK context of A-RS.In the present embodiment, MS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value X in this context
M, A-RS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Y in this context
M, authentication device is safeguarded the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Z in this context
M, A-RS safeguards the relevant AK context of an A-RS, comprises CMAC_KEY_COUNT value X in this context
R, MR-BS safeguards the relevant AK context of an A-RS, comprises CMAC_KEY_COUNT value Y in this context
RCompare with embodiment one, present embodiment is checking repeated link safety earlier, verifies access link safety again.
Link security certification method in the wireless relay network that present embodiment provides may further comprise the steps as shown in Figure 6:
In this step, A-RS is with the CMAC_KEY_COUNT value X in the relevant AK context (i.e. the 3rd AK context) of A-RS of self maintained
RCMAC_KEY_COUNT value X in the RNG-REQ message that replacement is received with message authentication code packet number count value
MWith message authentication code packet number count value, and utilize authentication code key and message authentication code packet number count value in the relevant AK context of A-RS to recomputate message authentication code for the RNG-REQ message (not comprising original message authentication code part) after replacing, the message authentication code that recomputates is replaced original message authentication code, obtain new RNG-REQ message;
Be proved to be successful the repeated link safety that to determine between A-RS and MR-BS, otherwise determine that repeated link is dangerous.
Step 507, MR-BS makes Y
REqual X
R, and send to A-RS and be with the RNG-RSP message of successfully indicating;
In the present embodiment, the correlation step of MR-BS checking A-RS CMAC does not have definite precedence relationship with obtaining between the contextual correlation step of the relevant AK of MS.
Step 513 is judged X
MWhether more than or equal to Y
MIf,, carry out step 514, otherwise, carry out step 523;
Be proved to be successful the access link safety that to determine between MS and A-RS, otherwise determine that access link is dangerous.
When specific implementation, step 516 and 517 does not have certain sequencing.
After step 519, authentication device receive Context_Rpt message, upgrading the relevant CMAC_Key_Count value of the local MS that preserves of authentication device, specifically is to get Z
MAnd X
MIn big person add 1, and assignment is given Z
M, i.e. Z
M=max (X
M, Z
M) ++;
Step 521 after MR-BS receives Context_Ack message, sends the above-mentioned MS_Context-REQ message of MS_Context-RSP message response to A-RS, finishes;
Step 522, MR-BS sends to A-RS and carries the RNG-RSP of refusal information;
When specific implementation, MR-BS can judge whether A-RS preserves the relevant AK context of MS, if then step 508-511 can omit.
Embodiment four
In the link security certification method in the wireless relay network that present embodiment provides, the safety verification of access link and the safety verification of repeated link all carry out at MR-BS.The safety verification of access link is based on the relevant AK context of MS, and the safety verification of repeated link is based on the relevant AK context of A-RS.In the present embodiment, MS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value X in this context
M, authentication device is safeguarded the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Z in this context
M, A-RS safeguards the relevant AK context of an A-RS, comprises CMAC_KEY_COUNT value X in this context
R, MR-BS safeguards the relevant AK context of an A-RS, comprises CMAC_KEY_COUNT value Y in this context
R, MR-BS also may safeguard the MS AK context of being correlated with.Compare with embodiment one, access link safety and repeated link safety in the present embodiment are all carried out at MR-BS.
Link security certification method in the wireless relay network that present embodiment provides may further comprise the steps as shown in Figure 7:
In this step, A-RS is with the 3rd authentication code key count value X in the relevant AK context (i.e. the 3rd AK context) of A-RS of self maintained
RAdd RNG-REQ message end to the 3rd message authentication code packet number count value, and be that the RNG-REQ message of adding after the newer field is calculated relevant the 3rd message authentication code of A-RS with the relevant AK context of A-RS, new message authentication code is added to the RNG-REQ message of adding after the newer field, generate new RNG-REQ message, the concrete computational methods of A-RS related news authentication code can be with reference to the 802.16e agreement, and the terminal iidentification that different is in the 802.16e computational methods need change to the RS sign;
At this moment, comprise first message authentication code, the first authentication code key count value, the first message authentication code packet number count value in the new RNG-REQ message, and the 3rd authentication code key count value X
R, the 3rd message authentication code packet number count value, the 3rd message authentication code.
Be proved to be successful the repeated link safety that to determine between A-RS and MR-BS, otherwise determine that repeated link is dangerous.
Step 610 is utilized the X that comprises in the RNG-REQ message
M, the MS related news authentication code in AK, AK in the relevant AK context of the MS related news authentication code packet number count value sign checking RNG-REQ message with MS, concrete verification mode can be with reference to the 802.16e agreement, the BS sign that different is in the 802.16e computational methods need change to the RS sign, and need ignore the X at RNG-REQ message end during checking
R, A-RS related news authentication code packet number count value and A-RS related news authentication code.If be proved to be successful, carry out step 611, otherwise carry out step 615;
Be proved to be successful the access link safety that to determine between MS and A-RS, otherwise determine that access link is dangerous.
After step 613, authentication device receive Context_Rpt message, upgrading the relevant CMAC_Key_Count value of the local MS that preserves of authentication device, specifically is to get Z
MAnd X
MIn big person add 1, and assignment is given Z
M, i.e. Z
M=max (X
M, Z
M) ++;
Step 615, MR-BS sends to A-RS and carries the RNG-RSP of refusal information;
Step 616, A-RS sends to MS and carries the RNG-RSP of refusal information.
In the present embodiment, before carry out step 604, can judge earlier whether A-RS preserves the relevant AK context of MS, if, then can carry out the associative operation checking access link among the embodiment one and the fail safe of repeated link, otherwise, can carry out step 604, utilize the technical scheme of present embodiment to carry out respective handling.
When specific implementation, can only verify whether safety of access link, in this case, can generate new RNG-REQ, promptly the 3rd authentication code key count value in second administrative messag is the first authentication code key count value, the 3rd message authentication code packet number count value is the first message authentication code packet number count value, the first authentication code key count value, the first message authentication code packet number count value are included in first authentication key context of travelling carriage self preservation, and promptly second administrative messag is first administrative messag that A-RS transmits.The follow-up step that relates to checking repeated link safety all can be omitted.
Embodiment five
Link security certification device in the present embodiment as shown in Figure 8, comprising:
First receiver module, be used for first administrative messag that receiving mobile sends, first authenticate key, first authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value of carrying in first administrative messag in first authentication key context that first message authentication code and travelling carriage self preserve are calculated and are generated, first authenticate key according to mobile station identification with insert the relay station sign and calculate and obtain by setting rule;
First processing module, second authenticate key, second authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value that are used for comprising according to second authentication key context are verified first message authentication code, determine whether safety of travelling carriage and the access link of access between relay station according to the checking result, second authenticate key and first authenticate key are reciprocity key.
This relay station can also comprise:
First key obtains module, be used for after first receiver module receives first administrative messag, judge whether first memory module preserves second authentication key context, do not preserve if having, then the authentication device under travelling carriage sends and comprises mobile station identification and the context request that inserts the relay station sign, offers first processing module with second authentication key context that obtains from authentication device.
Concrete processing method can be referring to step 301~312, step 401~413 of embodiment two, the step 501 of embodiment three, 513~516 relevant portions of describing of embodiment one.
Said apparatus can be for inserting relay station or multi-hop relay base station.
Embodiment six
Multi-hop relay base station in the present embodiment as shown in Figure 9, comprising:
Second receiver module, be used to receive second administrative messag that inserts the relay station transmission, carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in second administrative messag, the 3rd message authentication code calculates and generates according to the 3rd authenticate key in the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign, and the 3rd authenticate key calculates by the setting rule with the multi-hop relay base station sign according to access relay station sign and obtains;
Second processing module, the 4th authenticate key, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value that are used for comprising according to the 4th authentication key context are verified the 3rd message authentication code, determine to insert repeated link safety whether between relay station and multi-hop relay base station according to the checking result, the 4th authenticate key and the 3rd authenticate key are reciprocity key.
The relevant portion that concrete processing method can be described referring to step 415~419 of step 314~318 of embodiment one, embodiment two, the step 504 of embodiment three~507.
Embodiment seven
Wireless relay network system in the present embodiment as shown in figure 10, comprising:
Insert relay station, be used for first administrative messag that receiving mobile sends, according to second authenticate key that comprises in second authentication key context, second authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value is verified first message authentication code, determine whether safety of travelling carriage and the access link of access between relay station according to the checking result, and first administrative messag is converted to second administrative messag and sends, wherein, carry the first authentication code key count value that comprises in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag, the first message authentication code packet number count value, first message authentication code is according to first authenticate key in first authentication key context, first authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value is calculated and is generated, first authenticate key obtains by setting rule calculating according to mobile station identification and access relay station sign, and second authenticate key and first authenticate key are reciprocity key;
Multi-hop relay base station, be used to receive second administrative messag that inserts the relay station transmission, and according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value is verified the 3rd message authentication code, determine to insert repeated link safety whether between relay station and multi-hop relay base station according to the checking result, wherein, carry the 3rd message authentication code and the 3rd authentication code key count value in second administrative messag, the 3rd message authentication code packet number count value, the 3rd message authentication code is according to the 3rd authentication code key count value, the 3rd authenticate key in the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign is calculated and is generated, the 3rd authenticate key obtains by setting rule calculating according to inserting relay station sign and multi-hop relay base station sign, and the 4th authenticate key and the 3rd authenticate key are reciprocity key.
In sum, the embodiment of the invention can effectively prevent the Replay Attack in the wireless relay network for detection access link and repeated link fail safe in the wireless relay network provide concrete technical scheme.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (14)
1. the link security certification method in the wireless relay network is characterized in that, comprising:
First administrative messag that multi-hop relay base station or access relay station receiving mobile send, carry the first authentication code key count value that comprises in first authentication key context of first message authentication code and described travelling carriage self preservation in described first administrative messag, the first message authentication code packet number count value, described first message authentication code is according to first authenticate key in described first authentication key context, first authenticate key sign and the described first authentication code key count value, the first message authentication code packet number count value is calculated and is generated, and first authenticate key in described first authentication key context obtains by setting rule calculating according to mobile station identification and access relay station sign;
Verify described first message authentication code according to second authenticate key that comprises in second authentication key context, second authenticate key sign and the described first authentication code key count value, the first message authentication code packet number count value, determine access link safety whether between described travelling carriage and described access relay station according to the checking result, described second authenticate key and described first authenticate key are reciprocity key.
2. method according to claim 1, it is characterized in that, after receiving described first administrative messag, earlier judge whether this locality preserves described second authentication key context, do not preserve if having, then the authentication device under described travelling carriage sends the context request that comprises described mobile station identification and described access relay station sign, and obtains described second authentication key context from described authentication device.
3. method according to claim 1, it is characterized in that, after receiving described first administrative messag, earlier judge whether the described first authentication code key count value is not less than the second authentication code key count value that comprises in described second authentication key context, if, then verify the step of described first message authentication code, otherwise, determine that described access link is dangerous.
4. method according to claim 1 is characterized in that, also comprises:
If what receive described first administrative messag is to insert relay station, then described access relay station also sends second administrative messag to multi-hop relay base station, carry the 3rd message authentication code and the 3rd authentication code key count value in described second administrative messag, the 3rd message authentication code packet number count value, described the 3rd message authentication code is according to described the 3rd authentication code key count value, the 3rd authenticate key in the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign is calculated and is generated, and described the 3rd authenticate key obtains by setting rule calculating according to described access relay station sign and multi-hop relay base station sign;
So that described multi-hop relay base station is verified described the 3rd message authentication code according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and described the 3rd authentication code key count value, the 3rd message authentication code packet number count value, determine repeated link safety whether between described access relay station and described multi-hop relay base station according to the checking result, described the 4th authenticate key and described the 3rd authenticate key are reciprocity key.
5. the link security certification method in the wireless relay network is characterized in that, comprising:
Receive and insert second administrative messag that relay station sends, carry the 3rd message authentication code and the 3rd authentication code key count value in described second administrative messag, the 3rd message authentication code packet number count value, described the 3rd message authentication code is according to described the 3rd authentication code key count value, the 3rd authenticate key in the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign is calculated and is generated, described the 3rd authenticate key identifies by setting rule according to described access relay station sign and multi-hop relay base station and calculates acquisition, and described the 3rd authentication key context is the relevant authentication key context of access relay station that described access relay station is preserved;
Verify described the 3rd message authentication code according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and described the 3rd authentication code key count value, the 3rd message authentication code packet number count value, determine repeated link safety whether between described access relay station and described multi-hop relay base station according to the checking result, described the 4th authenticate key and described the 3rd authenticate key are reciprocity key.
6. method according to claim 5, it is characterized in that, after receiving described second administrative messag, earlier judge whether described the 3rd authentication code key count value is not less than the 4th authentication code key count value that comprises in described the 4th authentication key context, if, then verify the step of described the 3rd message authentication code, otherwise, determine that described repeated link is dangerous.
7. method according to claim 5, it is characterized in that, described the 3rd authentication code key count value is the first authentication code key count value, described the 3rd message authentication code packet number count value is the first message authentication code packet number count value, and the described first authentication code key count value, the first message authentication code packet number count value are included in first authentication key context of travelling carriage self preservation.
8. method according to claim 5, it is characterized in that described the 3rd authentication code key count value, the 3rd message authentication code packet number count value are authentication code key count value, the message authentication code packet number count value that comprises in described the 3rd authentication key context.
9. method according to claim 8, it is characterized in that, described second administrative messag also carries the first authentication code key count value that comprises in first authentication key context of first message authentication code and described travelling carriage self preservation, the first message authentication code packet number count value, described first message authentication code is according to first authenticate key in described first authentication key context, first authenticate key sign and the described first authentication code key count value, the first message authentication code packet number count value is calculated and is generated, and first authenticate key in described first authentication key context obtains by setting rule calculating according to mobile station identification and access relay station sign;
After receiving described second administrative messag, also verify described first message authentication code according to second authenticate key that comprises in second authentication key context, second authenticate key sign and the described first authentication code key count value, the first message authentication code packet number count value, determine access link safety whether between described travelling carriage and described access relay station according to the checking result, described second authenticate key and described first authenticate key are reciprocity key.
10. the link security certification device in the wireless relay network is characterized in that, comprising:
First receiver module, be used for first administrative messag that receiving mobile sends, carry the first authentication code key count value that comprises in first authentication key context of first message authentication code and described travelling carriage self preservation in described first administrative messag, the first message authentication code packet number count value, described first message authentication code is according to first authenticate key in described first authentication key context, first authenticate key sign and the described first authentication code key count value, the first message authentication code packet number count value is calculated and is generated, and described first authenticate key obtains by setting rule calculating according to mobile station identification and access relay station sign;
First processing module, second authenticate key, second authenticate key sign and the described first authentication code key count value, the first message authentication code packet number count value that are used for comprising according to second authentication key context are verified described first message authentication code, determine access link safety whether between described travelling carriage and described access relay station according to the checking result, described second authenticate key and described first authenticate key are reciprocity key.
11. device according to claim 10 is characterized in that, also comprises:
First key obtains module, be used for after described first receiver module receives described first administrative messag, judge whether described first memory module preserves described second authentication key context, do not preserve if having, then the authentication device under described travelling carriage sends the context request that comprises described mobile station identification and described access relay station sign, offers described first processing module to obtain described second authentication key context from described authentication device.
12., it is characterized in that described device is for inserting relay station or multi-hop relay base station according to claim 10 or 11 described devices.
13. a multi-hop relay base station is characterized in that, comprising:
Second receiver module, be used to receive second administrative messag that inserts the relay station transmission, carry the 3rd message authentication code and the 3rd authentication code key count value in described second administrative messag, the 3rd message authentication code packet number count value, described the 3rd message authentication code is according to described the 3rd authentication code key count value, the 3rd authenticate key in the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign is calculated and is generated, and described the 3rd authenticate key obtains by setting rule calculating according to described access relay station sign and multi-hop relay base station sign;
Second processing module, the 4th authenticate key, the 4th authenticate key sign and described the 3rd authentication code key count value, the 3rd message authentication code packet number count value that are used for comprising according to the 4th authentication key context are verified described the 3rd message authentication code, determine repeated link safety whether between described access relay station and described multi-hop relay base station according to the checking result, described the 4th authenticate key and described the 3rd authenticate key are reciprocity key.
14. a wireless relay network system is characterized in that, comprising:
Insert relay station, be used for first administrative messag that receiving mobile sends, according to second authenticate key that comprises in second authentication key context, second authenticate key sign and the described first authentication code key count value, the first message authentication code packet number count value is verified described first message authentication code, determine access link safety whether between described travelling carriage and described access relay station according to the checking result, and described first administrative messag is converted to described second administrative messag and sends, wherein, carry the first authentication code key count value that comprises in first authentication key context of first message authentication code and described travelling carriage self preservation in described first administrative messag, the first message authentication code packet number count value, described first message authentication code is according to first authenticate key in described first authentication key context, first authenticate key sign and the described first authentication code key count value, the first message authentication code packet number count value is calculated and is generated, described first authenticate key obtains by setting rule calculating according to mobile station identification and access relay station sign, and described second authenticate key and described first authenticate key are reciprocity key;
Multi-hop relay base station, be used to receive second administrative messag that inserts the relay station transmission, and according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and described the 3rd authentication code key count value, the 3rd message authentication code packet number count value is verified described the 3rd message authentication code, determine repeated link safety whether between described access relay station and described multi-hop relay base station according to the checking result, wherein, carry the 3rd message authentication code and the 3rd authentication code key count value in described second administrative messag, the 3rd message authentication code packet number count value, described the 3rd message authentication code is according to described the 3rd authentication code key count value, the 3rd authenticate key in the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign is calculated and is generated, described the 3rd authenticate key calculates by the setting rule with the multi-hop relay base station sign according to described access relay station sign and obtains, and described the 4th authenticate key and described the 3rd authenticate key are reciprocity key.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009100047045A CN101815293B (en) | 2009-02-20 | 2009-02-20 | Link security certification method, device and system in wireless relay network |
PCT/CN2009/076217 WO2010094206A1 (en) | 2009-02-20 | 2009-12-29 | Method for link security authentication in wireless relay networks, device and system thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009100047045A CN101815293B (en) | 2009-02-20 | 2009-02-20 | Link security certification method, device and system in wireless relay network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101815293A true CN101815293A (en) | 2010-08-25 |
CN101815293B CN101815293B (en) | 2012-08-15 |
Family
ID=42622380
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009100047045A Expired - Fee Related CN101815293B (en) | 2009-02-20 | 2009-02-20 | Link security certification method, device and system in wireless relay network |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101815293B (en) |
WO (1) | WO2010094206A1 (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102724197A (en) * | 2012-06-25 | 2012-10-10 | 上海交通大学 | Two-way link security authentication method for wireless relay network |
US8605908B2 (en) | 2009-11-03 | 2013-12-10 | Huawei Technologies Co., Ltd. | Method and device for obtaining security key in relay system |
CN106464499A (en) * | 2014-06-05 | 2017-02-22 | Kddi株式会社 | Communication network system, transmission node, reception node, message checking method, and computer program |
CN112565175A (en) * | 2019-09-26 | 2021-03-26 | 富士通株式会社 | Communication relay program, relay device, communication relay method, and communication system |
WO2021139552A1 (en) * | 2020-01-08 | 2021-07-15 | 华为技术有限公司 | Method and apparatus for checking relay user equipment |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102143491B (en) | 2010-01-29 | 2013-10-09 | 华为技术有限公司 | MTC (machine type communication) equipment authentication method, MTC gateway and relevant equipment |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101060405A (en) * | 2006-04-19 | 2007-10-24 | 华为技术有限公司 | A method and system for preventing the replay attack |
US7499547B2 (en) * | 2006-09-07 | 2009-03-03 | Motorola, Inc. | Security authentication and key management within an infrastructure based wireless multi-hop network |
KR20080090733A (en) * | 2007-04-05 | 2008-10-09 | 삼성전자주식회사 | Method and system for security association in broadband wireless communication system based on multi-hop |
CN101232378B (en) * | 2007-12-29 | 2010-12-08 | 西安西电捷通无线网络通信股份有限公司 | Authentication accessing method of wireless multi-hop network |
-
2009
- 2009-02-20 CN CN2009100047045A patent/CN101815293B/en not_active Expired - Fee Related
- 2009-12-29 WO PCT/CN2009/076217 patent/WO2010094206A1/en active Application Filing
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8605908B2 (en) | 2009-11-03 | 2013-12-10 | Huawei Technologies Co., Ltd. | Method and device for obtaining security key in relay system |
CN102724197A (en) * | 2012-06-25 | 2012-10-10 | 上海交通大学 | Two-way link security authentication method for wireless relay network |
CN102724197B (en) * | 2012-06-25 | 2015-08-12 | 上海交通大学 | Link bidirectional safety certifying method in wireless relay network |
CN106464499A (en) * | 2014-06-05 | 2017-02-22 | Kddi株式会社 | Communication network system, transmission node, reception node, message checking method, and computer program |
CN106464499B (en) * | 2014-06-05 | 2019-12-13 | Kddi株式会社 | Communication network system, transmission node, reception node, message checking method, transmission method, and reception method |
US10681540B2 (en) | 2014-06-05 | 2020-06-09 | Kddi Corporation | Communication network system, transmission node, reception node, and message checking method |
CN112565175A (en) * | 2019-09-26 | 2021-03-26 | 富士通株式会社 | Communication relay program, relay device, communication relay method, and communication system |
CN112565175B (en) * | 2019-09-26 | 2023-05-12 | 富士通株式会社 | Communication relay program, relay device, communication relay method, and communication system |
WO2021139552A1 (en) * | 2020-01-08 | 2021-07-15 | 华为技术有限公司 | Method and apparatus for checking relay user equipment |
CN113179515A (en) * | 2020-01-08 | 2021-07-27 | 华为技术有限公司 | Method and device for verifying relay user equipment |
CN113179515B (en) * | 2020-01-08 | 2023-07-18 | 华为技术有限公司 | Method and device for checking relay user equipment |
Also Published As
Publication number | Publication date |
---|---|
CN101815293B (en) | 2012-08-15 |
WO2010094206A1 (en) | 2010-08-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101815293B (en) | Link security certification method, device and system in wireless relay network | |
KR101447726B1 (en) | The generation method and the update method of authorization key for mobile communication | |
CN101933271B (en) | Method and system for secure block acknowledgment (block ack) with protected MAC sequence number | |
KR101045564B1 (en) | Mobile communication method for handover from handover source cell to handover destination cell | |
JP4965737B2 (en) | Identification of tampered or defective base stations during handover | |
CN102075930B (en) | Management frames for wireless network sets up device, the system and method for priority | |
EP2288195A2 (en) | Method and apparatus for reducing overhead for integrity check of data in wireless communication system | |
EP3324574B1 (en) | Gateway device and control method therefor | |
KR20110060550A (en) | Apparatus and method for handover of ms in wireless communication terminal | |
CN102577462A (en) | Methods and apparatus for deriving, communicating and/or verifying ownership of expressions | |
CN105144641A (en) | System and method for detecting and resolving conflicts | |
CN102292962B (en) | Methods and apparatus related to address generation, communication and/or validation | |
WO2006121465A1 (en) | Wireless access point network and management protocol | |
JPH11127468A (en) | Communication controller and radio communication system | |
KR20080015731A (en) | Communication system, wireless communication apparatus and control method thereof | |
RU2012121186A (en) | RESTORING A COSTS LOSS LOSS IN A WIRELESS COMMUNICATION NETWORK | |
KR20110031752A (en) | Method and apparatus for detecting sybil attack node using localization information and hash chain in ubiquitous sensor networks | |
CN109103986A (en) | Substation's remote operation safety protecting method and system | |
KR20190018706A (en) | Securing Ciphering and Integrity Protection | |
CN103686651A (en) | Emergency call based authentication method, device and system | |
CN101631306A (en) | Updating method of air key, terminal and base station | |
CN105072615A (en) | Connecting method and system for wireless fidelity network | |
AU2010284792B2 (en) | Method and apparatus for reducing overhead for integrity check of data in wireless communication system | |
US20060058053A1 (en) | Method for logging in a mobile terminal at an access point of a local communication network, and access point and terminal for carrying out the method | |
CN101610511A (en) | The guard method of terminal privacy and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120815 |
|
CF01 | Termination of patent right due to non-payment of annual fee |