CN101815293B - Link security certification method, device and system in wireless relay network - Google Patents
Link security certification method, device and system in wireless relay network Download PDFInfo
- Publication number
- CN101815293B CN101815293B CN2009100047045A CN200910004704A CN101815293B CN 101815293 B CN101815293 B CN 101815293B CN 2009100047045 A CN2009100047045 A CN 2009100047045A CN 200910004704 A CN200910004704 A CN 200910004704A CN 101815293 B CN101815293 B CN 101815293B
- Authority
- CN
- China
- Prior art keywords
- key
- authentication code
- count value
- context
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000004321 preservation Methods 0.000 claims description 12
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000012545 processing Methods 0.000 claims description 8
- 238000012795 verification Methods 0.000 abstract description 27
- 230000002596 correlated effect Effects 0.000 description 9
- 238000000205 computational method Methods 0.000 description 8
- 230000004044 response Effects 0.000 description 8
- JEYCTXHKTXCGPB-UHFFFAOYSA-N Methaqualone Chemical compound CC1=CC=CC=C1N1C(=O)C2=CC=CC=C2N=C1C JEYCTXHKTXCGPB-UHFFFAOYSA-N 0.000 description 6
- VIEYMVWPECAOCY-UHFFFAOYSA-N 7-amino-4-(chloromethyl)chromen-2-one Chemical compound ClCC1=CC(=O)OC2=CC(N)=CC=C21 VIEYMVWPECAOCY-UHFFFAOYSA-N 0.000 description 4
- 238000003672 processing method Methods 0.000 description 4
- 230000000875 corresponding effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012163 sequencing technique Methods 0.000 description 3
- 241000209094 Oryza Species 0.000 description 2
- 235000007164 Oryza sativa Nutrition 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 235000021186 dishes Nutrition 0.000 description 2
- 235000009566 rice Nutrition 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a link security certification method, a device and a system in a wireless relay network. The method comprises the following steps that: a multi-hop relay base station or an access relay station receives a first management message sent by a mobile station; the first management message carries a first message authentication code, and a first message authentication code key counting value and a first message authentication code grouping number counting value which are contained in the context of a first authentication key stored by the mobile station per se; the first message authentication code is verified according to a second authentication key, a second authentication key mark, the first message authentication code key counting value and the first message authentication code grouping number counting value, wherein the second authentication key and the second authentication key mark are contained in the context of a second authentication key; and whether the access link between the mobile station and the access relay station is secure or not is determined according to the verification results. When the technical scheme of the invention is adopted, the relay attack in the wireless relay network can be effectively prevented.
Description
Technical field
The present invention relates to communication technical field, relate in particular to link security certification method, device and system in the wireless relay network.
Background technology
WiMAX (Worldwide Interoperability for Microwave Access, the microwave interoperability is inserted in the whole world) is a kind of wireless metropolitan area network technology based on IEEE 802.16 standards.IEEE 802.16d is the standard of fixed wireless access, can be applied to 2~11GHz non line of sight (NLOS, Non Light ofSight) transmission and 10~66GHz sighting distance (LOS, Light of Sight) transmission.IEEE 802.16e has added the ambulant new features of support on the basis of IEEE 802.16d.
Defined a kind of method that prevents that administrative messag from resetting in the IEEE 802.16e agreement; At any time promptly; CMAC (Cipher-based message authentication code; Based on the message authentication code of password, being called for short message authentication code in this article) the packet number count value is unique with the combination of keys of the corresponding CMAC of generation message authentication code.For preventing to reset effectively, these keys must often upgrade, and CMAC_KEY_COUNT (authentication code key counting) count value then is used for guaranteeing the freshness of key; Simultaneously, message authentication code packet number count value also can be upgraded when the administrative messag of each transmission band message authentication code, further strengthens the ability of the anti-replay-attack of message authentication code.The terminal reenters or carries out the home renewal at network and perhaps switches in the process of target BS; Before RNG-REQ (distance measurement request) message is sent in the base station; The CMAC_KEY_COUNT count value all can be upgraded; And the zero setting of message authentication code packet number count value, the count value after the terminal utilize to be upgraded generates new authentication code key, and to utilize the message authentication code packet number count value after this authentication code key and the zero setting be RNG-REQ message generation CMAC message authentication code at the terminal then; The while network side also uses the count value generation corresponding secret key after the renewal to be used to verify this RNG-REQ message, prevents Replay Attack with this.
The inventor finds to exist at least in the prior art following problem: in the multi-hop relay network scenarios of WiMAX; Existing protocol (NWG (Network Working Group, network work group) and 802.16j) how under the distributed security pattern, to utilize authentication code key count value and message authentication code packet number count value to carry out anti-replay-attack not provide concrete solution for terminal and network.
Summary of the invention
The purpose of the embodiment of the invention is to provide link security certification method, device and the system in a kind of wireless relay network, in order to prevent the Replay Attack in the wireless relay network.
To achieve these goals, the embodiment of the invention provides the link security certification method in a kind of wireless relay network, comprising:
First administrative messag that receiving mobile sends; Carry the first authentication code key count value that comprises in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag; The first message authentication code packet number count value; First message authentication code is based on first authenticate key in first authentication key context; First authenticate key sign and the first authentication code key count value; The first message authentication code packet number count value is calculated and is generated, and first authenticate key in first authentication key context obtains by setting rule calculating based on mobile station identification and access relay station sign;
Verify first message authentication code according to second authenticate key that comprises in second authentication key context, second authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value; Confirm whether safety of travelling carriage and the access link of access between relay station according to the checking result, second authenticate key and first authenticate key are reciprocity key.
The embodiment of the invention also provides the link security certification method in a kind of wireless relay network, comprising:
Receive and insert second administrative messag that relay station sends; Carry the 3rd message authentication code and the 3rd authentication code key count value in second administrative messag; The 3rd message authentication code packet number count value; The 3rd message authentication code is based on the 3rd authentication code key count value; The 3rd authenticate key in the 3rd message authentication code packet number count value and the 3rd authentication key context; The 3rd authenticate key sign is calculated and is generated; The 3rd authenticate key obtains by setting rule calculating based on inserting relay station sign and multi-hop relay base station sign, and said the 3rd authentication key context is the relevant authentication key context of access relay station that said access relay station is preserved;
Verify the 3rd message authentication code according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value; Confirm to insert the repeated link safety whether between relay station and multi-hop relay base station according to the checking result, the 4th authenticate key and the 3rd authenticate key are reciprocity key.
The embodiment of the invention also provides a kind of link security certification device, comprising:
First receiver module; Be used for first administrative messag that receiving mobile sends; Carry the first authentication code key count value, the first message authentication code packet number count value that comprise in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag; First message authentication code calculates and generates according to first authenticate key in first authentication key context, first authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value, first authenticate key according to mobile station identification with insert the relay station sign and calculate and obtain by setting rule;
First processing module; Second authenticate key, second authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value that are used for comprising according to second authentication key context are verified first message authentication code; Confirm whether safety of travelling carriage and the access link of access between relay station according to the checking result, second authenticate key and first authenticate key are reciprocity key.
The embodiment of the invention also provides a kind of multi-hop relay base station, comprising:
Second receiver module; Be used to receive second administrative messag that inserts the relay station transmission; Carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in second administrative messag; The 3rd message authentication code calculates and generates according to the 3rd authenticate key in the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign, and the 3rd authenticate key calculates by the setting rule with the multi-hop relay base station sign according to access relay station sign and obtains;
Second processing module; The 4th authenticate key, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value that are used for comprising according to the 4th authentication key context are verified the 3rd message authentication code; Confirm to insert the repeated link safety whether between relay station and multi-hop relay base station according to the checking result, the 4th authenticate key and the 3rd authenticate key are reciprocity key.
The embodiment of the invention also provides a kind of wireless relay network system, comprising:
Insert relay station; Be used for first administrative messag that receiving mobile sends; Verify first message authentication code according to second authenticate key that comprises in second authentication key context, second authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value; Confirm whether safety of travelling carriage and the access link of access between relay station according to the checking result; And first administrative messag converted into second administrative messag and send; Wherein, Carry the first authentication code key count value, the first message authentication code packet number count value that comprise in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag; First message authentication code calculates and generates according to first authenticate key in first authentication key context, first authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value, and first authenticate key obtains by setting rule calculating according to mobile station identification and access relay station sign, and second authenticate key and first authenticate key are reciprocity key;
Multi-hop relay base station; Be used to receive second administrative messag that inserts the relay station transmission; And verify the 3rd message authentication code according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value; Confirm to insert the repeated link safety whether between relay station and multi-hop relay base station according to the checking result; Wherein, Carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in second administrative messag; The 3rd message authentication code calculates and generates according to the 3rd authenticate key in the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign, and the 3rd authenticate key calculates by the setting rule with the multi-hop relay base station sign according to access relay station sign and obtains, and the 4th authenticate key and the 3rd authenticate key are reciprocity key.
The beneficial effect of the embodiment of the invention is:
The embodiment of the invention is to detect access link in the wireless relay network and the repeated link fail safe provides concrete technical scheme, can effectively prevent the Replay Attack in the wireless relay network.
Description of drawings
In order to be illustrated more clearly in the embodiment of the invention or technical scheme of the prior art; To do to introduce simply to the accompanying drawing of required use in embodiment or the description of the Prior Art below; Obviously, the accompanying drawing in describing below only is some embodiments of the present invention, for those of ordinary skills; Under the prerequisite of not paying creative work property, can also obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the flow chart that detects access link fail safe in the wireless relay network in the embodiment of the invention;
Fig. 2 is the flow chart that detects repeated link fail safe in the wireless relay network in the embodiment of the invention;
Fig. 3 is the network architecture sketch map of IEEE 802.16j definition;
Fig. 4 is the schematic flow sheet of the link security certification method in the wireless relay network in the embodiment of the invention one;
Fig. 5 is the schematic flow sheet of the link security certification method in the wireless relay network in the embodiment of the invention two;
Fig. 6 is the schematic flow sheet of the link security certification method in the wireless relay network in the embodiment of the invention three;
Fig. 7 is the schematic flow sheet of the link security certification method in the wireless relay network in the embodiment of the invention four;
Fig. 8 is the link security certification device block diagram in the embodiment of the invention five;
Fig. 9 is the multi-hop relay base station block diagram in the embodiment of the invention six;
Figure 10 is the wireless relay network system block diagram in the embodiment of the invention seven.
Embodiment
In embodiments of the present invention, the method that detects access link fail safe in the wireless relay network is as shown in Figure 1, may further comprise the steps:
Carry the first authentication code key count value, the first message authentication code packet number count value that comprise in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag.
Authentication key context comprises authenticate key, authenticate key sign, authentication code key, authentication code key count value, message authentication code packet number count value; Authenticate key and authentication code key count value are used to calculate authentication code key jointly, and authentication code key and authenticate key sign, message authentication code packet number count value are used to calculate or the message authentication code of verification management message jointly.
First message authentication code calculates and generates according to first authenticate key in first authentication key context, first authenticate key sign and the said first authentication code key count value, the first message authentication code packet number count value.
First authenticate key in first authentication key context obtains by setting rule calculating based on mobile station identification and access relay station sign.
Second authenticate key and first authenticate key are reciprocity key.The executive agent of such scheme can be A-RS (Access Relay Station inserts relay station) or MS-BS (Multi-hop Relay BaseStation, multi-hop relay base station).This second authentication key context can be kept at A-RS or MS-BS is local, also can obtain from authentication device under the MS.
In embodiments of the present invention, the method that detects repeated link fail safe in the wireless relay network is as shown in Figure 2, may further comprise the steps:
Step 201 receives and inserts second administrative messag that relay station sends;
Carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in second administrative messag; The 3rd message authentication code generates based on the 3rd authenticate key in the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign, and the 3rd authenticate key obtains by setting rule calculating based on inserting relay station sign and multi-hop relay base station sign;
Step 202; Verify the 3rd message authentication code according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value, confirm to insert the repeated link safety whether between relay station and multi-hop relay base station according to the checking result.
The 4th authenticate key and the 3rd authenticate key are reciprocity key, and the executive agent of such scheme can be MS-BS, and the 4th authentication key context can be kept at MS-BS this locality.
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is described in detail.
Embodiment one
IEEE 802.16j is the air protocol that on the 16e basis, realizes relay capabilities that IEEE organizes to set up.The network architecture of its definition is as shown in Figure 3, comprising:
MR-BS: a kind of for relay station provides with user terminal and is connected, management and the equipment of controlling;
RS (Relay Station, relay station): a kind of MR-BS that depends on provides the equipment of connection for other RS or travelling carriage.The RS that has also can provide management and control for subordinate RS or user terminal.Between RS and MS eat dishes without rice or wine with MR-BS and MS between to eat dishes without rice or wine be identical.RS is exactly the website of data between transfer base station and the terminal, makes wireless signal to arrive the destination through repeatedly transmitting (multi-hop).
MS (Mobile Station, travelling carriage): the user uses this devices accessing WiMAX network.
In the link security certification method in the wireless relay network that present embodiment provides; Verify access link safety earlier; Verify repeated link safety again, wherein, the safety verification of access link is based on relevant AK (the Authentication Key of MS; Authenticate key) context, the safety verification of repeated link is based on the relevant AK context of A-RS; In the replacement scheme of present embodiment, the safety verification of access link is based on the relevant AK context of MS, and the safety verification of repeated link is also based on the relevant AK context of MS.In following all embodiment; AK key in the relevant AK context of MS is that the affiliated authentication device of MS or MS calculates generation according to MS sign and A-RS sign by certain rule, and the AK key in the relevant AK context of A-RS is that authentication device generates by certain regular calculating according to A-RS sign and MR-BS sign under A-RS or the A-RS.In the present embodiment, MS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value X in this context
M, A-RS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Y in this context
M, authentication device is safeguarded the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Z in this context
M, A-RS also safeguards the A-RS AK context of being correlated with, and comprises CMAC_KEY_COUNT value X in this context
R, MR-BS safeguards the relevant AK context of an A-RS, comprises CMAC_KEY_COUNT value Y in the context
R
As shown in Figure 4, the link security certification method in the wireless relay network that present embodiment provides may further comprise the steps:
MS before sending first administrative messag to A-RS, the first authentication code key count value that comprises in the authentication key context (present embodiment is called first authentication key context) with self maintained, i.e. CMAC_KEY_COUNT value X
MFrom adding 1, and with the first message authentication code packet number count value zero setting in the relevant AK context (i.e. an AK context) of the local MS that preserves of MS, utilize the local MS that preserves of the MS AK context of being correlated with to generate first message authentication code for RNG-REQ message; Detailed process is that MS utilizes AK key, MS sign (specifically can be MS MAC layer address), RS sign and the X in the AK context
MMode through specific calculates authentication code key; Utilize AK sign, the first message authentication code packet number count value in this authentication code key and the AK context to calculate generation first message authentication code again for RNG-REQ message; Concrete computational methods can be with reference to the 802.16e agreement, and the BS sign that different is in the 802.16e computational methods need change to RS and identify.
Need to prove, all comprise AK key, AK sign, authentication code key, authentication code key count value CMAC_KEY_COUNT in the various AK contexts of mentioning among this paper, and message authentication code packet number count value.Wherein, the AK key (being also referred to as first authenticate key in the present embodiment) in the local said AK context of preserving of MS is that MS calculates according to setting rule according to MS ID (specifically can be the MAC layer address of MS) and RS ID.
MS carries out that network reenters or carries out home and upgrade or switch under the situation that target inserts relay station and initiate this step at A-RS.
Said the 2nd AK context is the AK context that includes second authenticate key, and said second authenticate key and said first authenticate key are reciprocity key.
This MS ID can be carried in the RNG-REQ message by MS and send to A-RS, also can be known through other prior art means by A-RS.
In embodiments of the present invention; Message between A-RS and MR-BS and MR-BS and the authentication device can send to directly or indirectly; It is that A-RS sends a message to MR-BS through other RS that what is called sends to indirectly, and MR-BS can pass through other network elements (like gateway) and send a message to authentication device.
The authentication device of mentioning among this paper is the authentication device under the MS.
Step 310 is judged X
MWhether more than or equal to Y
MIf,, carry out step 311, otherwise, carry out step 325;
This step judges promptly whether the first authentication code key count value is not less than the second authentication code key count value that comprises in second authentication key context.
This step is the whether supplementary means of safety of a checking access link, if judged X
MLess than Y
M, then be interpreted as the access link Replay Attack to have occurred.Need not carry out the message authentication code verifying of RNG-REQ message, visible, adopt this step, possibly utilize simple judging means just to know whether safety of access link.
Verify the access link safety that successfully can confirm between MS and A-RS, otherwise confirm that access link is dangerous.
A-RS generates the method for second administrative messag and is in this step: with the 3rd CMAC_KEY_COUNT value X in the relevant AK context (i.e. the 3rd AK context) of A-RS of self maintained
RWith the CMAC_KEY_COUNT value X in the 3rd message authentication code packet number count value replacement step 302RNG-REQ message
MWith the first message authentication code packet number count value; And utilize A-RS the 3rd authentication code key and the 3rd message authentication code packet number count value in the AK context (i.e. the 3rd AK context) the RNG-REQ message (not comprising original message authentication code part) after for replacement of being correlated with to recomputate message authentication code; I.e. the 3rd message authentication code; With the first original message authentication code of the 3rd message authentication code replacement, obtain new RNG-REQ message, i.e. second administrative messag;
This step judges promptly whether the 3rd authentication code key count value is not less than the 4th authentication code key count value that comprises in local the 4th authentication key context of preserving of MR-BS, if judge X
RLess than Y
M, then be interpreted as the repeated link Replay Attack to have occurred.
Verify the repeated link safety that successfully can confirm between A-RS and MR-BS, otherwise confirm that repeated link is dangerous.
When concrete the realization, step 318 and 319 does not have certain sequencing.
This message can also be CMAC_Key_Count_Update (authentication code key count update) message, and the response message in the step 322 corresponding with it is CMAC_Key_Count_Update_Ack (affirmation of an authentication code key count update) message.
After step 321, authentication device receive Context_Rpt message, upgrading the CMAC_Key_Count value in the relevant AK context of the local MS that preserves of authentication device, specifically is to get Z
MAnd X
MIn big person add 1, and assignment is given Z
M, i.e. Z
M=max (X
M, Z
M) ++;
If in concrete operations, need only detect the fail safe of access link, then should be with X after confirming access link safety
MNotice authentication device, authentication device upgrade the relevant CMAC_Key_Count value of the local MS that preserves of authentication device.
Step 323 after MR-BS receives Context_Ack message, is sent the above-mentioned MS_Context-REQ message of MS_Context-RSP message response to A-RS, finishes;
The concrete processing method of this step can for: the Ranging Status (distance measuring states) in the RNG-RSP message is set to Abort (termination), Location Update Response (position upgrade response) perhaps is set is failure (failure).
The concrete processing method of this step can for: the Ranging Status in the RNG-RSP message is set to Abort, and it is failure (failure) that Location Update Response perhaps is set.
In concrete realization, can carry out some adjustment to above-mentioned flow process, for example: in step 314, can carry the CMAC_Key_Count value X of MS in the RNG-REQ message simultaneously
MCMAC_Key_Count value X with RS
R, then MR-BS can just be known X at this moment
M, and judged result is to carry out step 320 under the situation that is to 322, with X in step 315
MThe notice authentication device.Like this, step 319 can be omitted with 323.
Present embodiment also has a kind of replacement scheme, and promptly on the basis of the said scheme of Fig. 4, MR-BS also need safeguard the MS AK context (the 2nd AK context) of being correlated with, and comprises the relevant CMAC_Key_Count value Y of MS in the 2nd AK context
M, at this moment: step 305~307,313,319,323 can be omitted.The reason that keeps step 320~322 is to have the relevant AK context that other can need obtain this MS with the MR-BS that authentication device is communicated by letter from authentication device.If can all preserve the relevant AK context of MS with all MR-BS that authentication device is communicated by letter, then step 320-322 can omit.
When concrete the realization, can only detect whether safety or only detect whether safety of access link of repeated link.In the present embodiment,, then can omit step 313~317, after step 312 finishes, directly carry out step 318 if only detect whether safety of access link; If only detect whether safety of repeated link, then can omit step 303~312,319~323.Below situation and the present embodiment of several embodiment similar; Those skilled in the art can according to each step be safety detection with access link relevant or with the safety detection of repeated link relevant confirm only to detect access link when whether safe situation or only detect the situation of repeated link when whether safe, in follow-up each embodiment, repeat no more.
Embodiment two
In the link security certification method in the wireless relay network that present embodiment provides; Verify access link safety earlier; Verify repeated link safety again; The safety verification of access link is based on the relevant AK context of MS, and the safety verification of repeated link is based on relevant AK context of A-RS and the employed CMAC_KEY_COUNT value of access link RNG-REQ.In the present embodiment, MS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value X in this context
M, A-RS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Y in this context
M, authentication device is safeguarded the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Z in this context
M, A-RS also safeguards the A-RS AK context of being correlated with, MR-BS safeguards the relevant AK context of an A-RS, safeguards the CMAC_KEY_COUNT value Y that a MS is relevant simultaneously
MRCompare with embodiment one, need not safeguard the A-RS CMAC_KEY_COUNT value of being correlated with in the present embodiment.
Link security certification method in the wireless relay network that present embodiment provides is as shown in Figure 5, may further comprise the steps:
Carry the first authentication code key count value X that comprises in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag
M, the first message authentication code packet number count value.
The authentication device of mentioning among this paper is the authentication device under the MS.
Step 411 is judged X
MWhether more than or equal to Y
MIf,, carry out step 412, otherwise, carry out step 424;
This step judges promptly whether the first authentication code key count value is not less than the second authentication code key count value that comprises in second authentication key context.
Verify the access link safety that successfully can confirm between MS and A-RS, otherwise confirm that access link is dangerous.
In this step, A-RS utilizes the CMAC_KEY_COUNT value X in AK key, AK sign and the RNG-REQ message in the relevant AK context (i.e. the 3rd AK context) of the A-RS of self maintained
MWith message authentication code packet number count value, for RNG-REQ message (not comprising original message authentication code part) recomputates message authentication code, the original message authentication code of message authentication code replacement with recomputating obtains new RNG-REQ message;
This step judges promptly whether the 3rd authentication code key count value is not less than the 4th authentication code key count value that comprises in local the 4th authentication key context of preserving of MR-BS.
Verify the repeated link safety that successfully can confirm between A-RS and MR-BS, otherwise confirm that repeated link is dangerous.
When concrete the realization, step 419 and 420 does not have certain sequencing.
After step 421, authentication device receive Context_Rpt message, upgrading the CMAC_Key_Count value in the local MS related context of preserving of authentication device, specifically is to get Z
MAnd X
MIn big person add 1, and assignment is given Z
M, i.e. Z
M=max (X
M, Z
M) ++;
Present embodiment three
In the link security certification method in the wireless relay network that present embodiment provides, checking repeated link safety is verified access link safety more earlier.The safety verification of access link is based on the relevant AK context of MS, and the safety verification of repeated link is based on the relevant AK context of A-RS.In the present embodiment, MS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value X in this context
M, A-RS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Y in this context
M, authentication device is safeguarded the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Z in this context
M, A-RS safeguards the relevant AK context of an A-RS, comprises CMAC_KEY_COUNT value X in this context
R, MR-BS safeguards the relevant AK context of an A-RS, comprises CMAC_KEY_COUNT value Y in this context
RCompare with embodiment one, present embodiment is checking repeated link safety earlier, verifies access link safety again.
Link security certification method in the wireless relay network that present embodiment provides is as shown in Figure 6, may further comprise the steps:
In this step, A-RS is with the CMAC_KEY_COUNT value X in the relevant AK context (i.e. the 3rd AK context) of A-RS of self maintained
RCMAC_KEY_COUNT value X in the RNG-REQ message that replacement is received with message authentication code packet number count value
MWith message authentication code packet number count value; And utilize authentication code key and message authentication code packet number count value in the relevant AK context of A-RS to recomputate message authentication code for the RNG-REQ message (not comprising original message authentication code part) after replacing; The original message authentication code of message authentication code replacement with recomputating obtains new RNG-REQ message;
Verify the repeated link safety that successfully can confirm between A-RS and MR-BS, otherwise confirm that repeated link is dangerous.
In the present embodiment, the correlation step of MR-BS checking A-RS CMAC does not have definite precedence relationship with obtaining between the contextual correlation step of the relevant AK of MS.
Step 513 is judged X
MWhether more than or equal to Y
MIf,, carry out step 514, otherwise, carry out step 523;
Verify the access link safety that successfully can confirm between MS and A-RS, otherwise confirm that access link is dangerous.
When concrete the realization, step 516 and 517 does not have certain sequencing.
After step 519, authentication device receive Context_Rpt message, upgrading the relevant CMAC_Key_Count value of the local MS that preserves of authentication device, specifically is to get Z
MAnd X
MIn big person add 1, and assignment is given Z
M, i.e. Z
M=max (X
M, Z
M) ++;
Step 521 after MR-BS receives Context_Ack message, is sent the above-mentioned MS_Context-REQ message of MS_Context-RSP message response to A-RS, finishes;
When concrete the realization, MR-BS can judge whether A-RS preserves the relevant AK context of MS, if then step 508-511 can omit.
Embodiment four
In the link security certification method in the wireless relay network that present embodiment provides, the safety verification of access link and the safety verification of repeated link all carry out at MR-BS.The safety verification of access link is based on the relevant AK context of MS, and the safety verification of repeated link is based on the relevant AK context of A-RS.In the present embodiment, MS safeguards the relevant AK context of a MS, comprises CMAC_KEY_COUNT value X in this context
M, authentication device is safeguarded the relevant AK context of a MS, comprises CMAC_KEY_COUNT value Z in this context
M, A-RS safeguards the relevant AK context of an A-RS, comprises CMAC_KEY_COUNT value X in this context
R, MR-BS safeguards the relevant AK context of an A-RS, comprises CMAC_KEY_COUNT value Y in this context
R, MR-BS also possibly safeguard the MS AK context of being correlated with.Compare with embodiment one, access link safety and repeated link safety in the present embodiment are all carried out at MR-BS.
Link security certification method in the wireless relay network that present embodiment provides is as shown in Figure 7, may further comprise the steps:
In this step, A-RS is with the 3rd authentication code key count value X in the relevant AK context (i.e. the 3rd AK context) of A-RS of self maintained
RAdd RNG-REQ message end to the 3rd message authentication code packet number count value; And the RNG-REQ message after using the relevant AK context of A-RS for the interpolation newer field is calculated relevant the 3rd message authentication code of A-RS; New message authentication code is added to the RNG-REQ message of adding after the newer field; Generate new RNG-REQ message, the concrete computational methods of A-RS related news authentication code can be with reference to the 802.16e agreement, and the terminal iidentification that different is in the 802.16e computational methods need change to the RS sign;
At this moment, comprise first message authentication code, the first authentication code key count value, the first message authentication code packet number count value in the new RNG-REQ message, and the 3rd authentication code key count value X
R, the 3rd message authentication code packet number count value, the 3rd message authentication code.
Verify the repeated link safety that successfully can confirm between A-RS and MR-BS, otherwise confirm that repeated link is dangerous.
Step 610 is utilized the X that comprises in the RNG-REQ message
M, the MS related news authentication code among the AK in the relevant AK context of MS related news authentication code packet number count value, AK sign checking RNG-REQ message with MS; Concrete verification mode can be with reference to the 802.16e agreement; The BS sign that different is in the 802.16e computational methods need change to the RS sign, and need ignore the X at RNG-REQ message end during checking
R, A-RS related news authentication code packet number count value and A-RS related news authentication code.If verify and successfully carry out step 611, otherwise carry out step 615;
Verify the access link safety that successfully can confirm between MS and A-RS, otherwise confirm that access link is dangerous.
After step 613, authentication device receive Context_Rpt message, upgrading the relevant CMAC_Key_Count value of the local MS that preserves of authentication device, specifically is to get Z
MAnd X
MIn big person add 1, and assignment is given Z
M, i.e. Z
M=max (X
M, Z
M) ++;
Step 615, MR-BS sends to A-RS and carries the RNG-RSP of refusal information;
Step 616, A-RS sends to MS and carries the RNG-RSP of refusal information.
In the present embodiment; Before carry out step 604, can judge earlier whether A-RS preserves the relevant AK context of MS, if; Then can carry out associative operation checking access link and the fail safe of repeated link among the embodiment one; Otherwise, can carry out step 604, utilize the technical scheme of present embodiment to carry out handled.
When concrete the realization; Can only verify whether safety of access link; In this case; Can generate new RNG-REQ, promptly the 3rd authentication code key count value in second administrative messag is the first authentication code key count value, and the 3rd message authentication code packet number count value is the first message authentication code packet number count value; The first authentication code key count value, the first message authentication code packet number count value are included in first authentication key context of travelling carriage self preservation, and promptly second administrative messag is first administrative messag that A-RS transmits.The follow-up step that relates to checking repeated link safety all can be omitted.
Embodiment five
Link security certification device in the present embodiment, as shown in Figure 8, comprising:
First receiver module; Be used for first administrative messag that receiving mobile sends; First authenticate key, first authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value of carrying in first administrative messag in first authentication key context that first message authentication code and travelling carriage self preserve are calculated and are generated, first authenticate key according to mobile station identification with insert the relay station sign and calculate and obtain by setting rule;
First processing module; Second authenticate key, second authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value that are used for comprising according to second authentication key context are verified first message authentication code; Confirm whether safety of travelling carriage and the access link of access between relay station according to the checking result, second authenticate key and first authenticate key are reciprocity key.
This relay station can also comprise:
First key obtains module; Be used for after first receiver module receives first administrative messag; Judge whether first memory module preserves second authentication key context; Do not preserve if having, then the authentication device under travelling carriage sends and comprises mobile station identification and the context request that inserts the relay station sign, offers first processing module with second authentication key context that obtains from authentication device.
Concrete processing method can be referring to step 301~312 of embodiment one, step 401~413 of embodiment two, the step 501 of embodiment three, the relevant portion of 513~516 descriptions.
Said apparatus can be for inserting relay station or multi-hop relay base station.
Embodiment six
Multi-hop relay base station in the present embodiment, as shown in Figure 9, comprising:
Second receiver module; Be used to receive second administrative messag that inserts the relay station transmission; Carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in second administrative messag; The 3rd message authentication code calculates and generates according to the 3rd authenticate key in the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign, and the 3rd authenticate key calculates by the setting rule with the multi-hop relay base station sign according to access relay station sign and obtains;
Second processing module; The 4th authenticate key, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value that are used for comprising according to the 4th authentication key context are verified the 3rd message authentication code; Confirm to insert the repeated link safety whether between relay station and multi-hop relay base station according to the checking result, the 4th authenticate key and the 3rd authenticate key are reciprocity key.
The relevant portion that concrete processing method can be described referring to step 415~419 of step 314~318 of embodiment one, embodiment two, the step 504 of embodiment three~507.
Embodiment seven
Wireless relay network system in the present embodiment, shown in figure 10, comprising:
Insert relay station; Be used for first administrative messag that receiving mobile sends; Verify first message authentication code according to second authenticate key that comprises in second authentication key context, second authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value; Confirm whether safety of travelling carriage and the access link of access between relay station according to the checking result; And first administrative messag converted into second administrative messag and send; Wherein, Carry the first authentication code key count value, the first message authentication code packet number count value that comprise in first authentication key context of first message authentication code and travelling carriage self preservation in first administrative messag; First message authentication code calculates and generates according to first authenticate key in first authentication key context, first authenticate key sign and the first authentication code key count value, the first message authentication code packet number count value, and first authenticate key obtains by setting rule calculating according to mobile station identification and access relay station sign, and second authenticate key and first authenticate key are reciprocity key;
Multi-hop relay base station; Be used to receive second administrative messag that inserts the relay station transmission; And verify the 3rd message authentication code according to the 4th authenticate key that comprises in the 4th authentication key context, the 4th authenticate key sign and the 3rd authentication code key count value, the 3rd message authentication code packet number count value; Confirm to insert the repeated link safety whether between relay station and multi-hop relay base station according to the checking result; Wherein, Carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in second administrative messag; The 3rd message authentication code calculates and generates according to the 3rd authenticate key in the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign, and the 3rd authenticate key calculates by the setting rule with the multi-hop relay base station sign according to access relay station sign and obtains, and the 4th authenticate key and the 3rd authenticate key are reciprocity key.
In sum, the embodiment of the invention is to detect access link in the wireless relay network and the repeated link fail safe provides concrete technical scheme, can effectively prevent the Replay Attack in the wireless relay network.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, belong within the scope of claim of the present invention and equivalent technologies thereof if of the present invention these are revised with modification, then the present invention also is intended to comprise these changes and modification interior.
Claims (13)
1. the link security certification method in the wireless relay network is characterized in that, comprising:
Multi-hop relay base station perhaps inserts first administrative messag that the relay station receiving mobile sends; Carry the first authentication code key count value that comprises in first authentication key context of first message authentication code and said travelling carriage self preservation in said first administrative messag; The first message authentication code packet number count value; Said first message authentication code is based on first authenticate key in said first authentication key context; First authenticate key sign and the said first authentication code key count value; The first message authentication code packet number count value is calculated and is generated, and first authenticate key in said first authentication key context obtains by setting rule calculating based on mobile station identification and access relay station sign;
Second authenticate key, second authenticate key sign and the said first authentication code key count value, the first message authentication code packet number count value according to second authentication key context that is arranged in said access relay station self comprises are verified said first message authentication code; Confirm the access link safety whether between said travelling carriage and said access relay station according to the checking result, said second authenticate key and said first authenticate key are reciprocity key.
2. method according to claim 1; It is characterized in that; After receiving said first administrative messag, judge whether this locality preserves said second authentication key context earlier, do not preserve if having; Then the authentication device under said travelling carriage sends the context request that comprises said mobile station identification and said access relay station sign, and obtains said second authentication key context from said authentication device.
3. method according to claim 1; It is characterized in that, receive said first administrative messag after, earlier judge whether the said first authentication code key count value is not less than the second authentication code key count value that comprises in said second authentication key context; If; Then verify the step of said first message authentication code, otherwise, confirm that said access link is dangerous.
4. method according to claim 1 is characterized in that, also comprises:
If what receive said first administrative messag is to insert relay station; Then said access relay station also sends second administrative messag to multi-hop relay base station; Carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in said second administrative messag; Said the 3rd message authentication code calculates and generates according to the 3rd authenticate key in said the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign, and said the 3rd authenticate key obtains by setting rule calculating according to said access relay station sign and multi-hop relay base station sign; Said the 3rd authentication key context is positioned at said access relay station;
So that the 4th authenticate key that said multi-hop relay base station comprises according to the 4th authentication key context that is arranged in said multi-hop relay base station self, the 4th authenticate key sign and said the 3rd authentication code key count value, the 3rd message authentication code packet number count value are verified said the 3rd message authentication code; Confirm the repeated link safety whether between said access relay station and said multi-hop relay base station according to the checking result, said the 4th authenticate key and said the 3rd authenticate key are reciprocity key.
5. the link security certification method in the wireless relay network is characterized in that, comprising:
The multi-hop relay station receives inserts second administrative messag that relay station sends; Carry the 3rd message authentication code and the 3rd authentication code key count value in said second administrative messag; The 3rd message authentication code packet number count value; Said the 3rd message authentication code is based on said the 3rd authentication code key count value; The 3rd authenticate key in the 3rd message authentication code packet number count value and the 3rd authentication key context; The 3rd authenticate key sign is calculated and is generated; Said the 3rd authenticate key identifies by setting rule based on said access relay station sign and multi-hop relay base station and calculates acquisition, and said the 3rd authentication key context is the relevant authentication key context of access relay station that said access relay station is preserved;
The 4th authenticate key, the 4th authenticate key sign and said the 3rd authentication code key count value, the 3rd message authentication code packet number count value according to the 4th authentication key context that is arranged in said access relay station self comprises are verified said the 3rd message authentication code; Confirm the repeated link safety whether between said access relay station and said multi-hop relay base station according to the checking result, said the 4th authenticate key and said the 3rd authenticate key are reciprocity key.
6. method according to claim 5; It is characterized in that, receive said second administrative messag after, earlier judge whether said the 3rd authentication code key count value is not less than the 4th authentication code key count value that comprises in said the 4th authentication key context; If; Then verify the step of said the 3rd message authentication code, otherwise, confirm that said repeated link is dangerous.
7. method according to claim 5; It is characterized in that said the 3rd authentication code key count value, the 3rd message authentication code packet number count value are authentication code key count value, the message authentication code packet number count value that comprises in said the 3rd authentication key context.
8. method according to claim 7; It is characterized in that; Said second administrative messag also carries the first authentication code key count value, the first message authentication code packet number count value that comprises in first authentication key context of first message authentication code and said travelling carriage self preservation; Said first message authentication code calculates and generates according to first authenticate key in said first authentication key context, first authenticate key sign and the said first authentication code key count value, the first message authentication code packet number count value, and first authenticate key in said first authentication key context obtains by setting rule calculating according to mobile station identification and access relay station sign;
After receiving said second administrative messag; Also state second authenticate key, second authenticate key sign and the said first authentication code key count value, the first message authentication code packet number count value that second authentication key context that inserts relay station self comprises and verify said first message authentication code according to being arranged in; Confirm the access link safety whether between said travelling carriage and said access relay station according to the checking result, said second authenticate key and said first authenticate key are reciprocity key.
9. the link security certification device in the wireless relay network is characterized in that, comprising:
First receiver module; Be used for first administrative messag that receiving mobile sends; Carry the first authentication code key count value, the first message authentication code packet number count value that comprise in first authentication key context of first message authentication code and said travelling carriage self preservation in said first administrative messag; Said first message authentication code calculates and generates according to first authenticate key in said first authentication key context, first authenticate key sign and the said first authentication code key count value, the first message authentication code packet number count value, and said first authenticate key obtains by setting rule calculating according to mobile station identification and access relay station sign;
First processing module; Second authenticate key, second authenticate key sign and the said first authentication code key count value, the first message authentication code packet number count value that are used for comprising according to second authentication key context that is positioned at said access relay station self are verified said first message authentication code; Confirm the access link safety whether between said travelling carriage and said access relay station according to the checking result, said second authenticate key and said first authenticate key are reciprocity key.
10. device according to claim 9 is characterized in that, also comprises:
First key obtains module; Be used for after said first receiver module receives said first administrative messag; Judge whether said first memory module preserves said second authentication key context; Do not preserve if having, then the authentication device under said travelling carriage sends the context request that comprises said mobile station identification and said access relay station sign, offers said first processing module to obtain said second authentication key context from said authentication device.
11., it is characterized in that said device is for inserting relay station or multi-hop relay base station according to claim 9 or 10 described devices.
12. a multi-hop relay base station is characterized in that, comprising:
Second receiver module; Be used to receive second administrative messag that inserts the relay station transmission; Carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in said second administrative messag; Said the 3rd message authentication code calculates and generates according to the 3rd authenticate key in said the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign; Said the 3rd authenticate key calculates by the setting rule with the multi-hop relay base station sign according to said access relay station sign and obtains, and said the 3rd authentication key context is positioned at the access relay station;
Second processing module; The 4th authenticate key, the 4th authenticate key sign and said the 3rd authentication code key count value, the 3rd message authentication code packet number count value that are used for comprising according to the 4th authentication key context that is positioned at said multi-hop relay base station self are verified said the 3rd message authentication code; Confirm the repeated link safety whether between said access relay station and said multi-hop relay base station according to the checking result, said the 4th authenticate key and said the 3rd authenticate key are reciprocity key.
13. a wireless relay network system is characterized in that, comprising:
Insert relay station; Be used for first administrative messag that receiving mobile sends; Second authenticate key, second authenticate key sign and the said first authentication code key count value, the first message authentication code packet number count value according to second authentication key context that is arranged in said access relay station self comprises are verified said first message authentication code; Confirm the access link safety whether between said travelling carriage and said access relay station according to the checking result; And said first administrative messag converted into said second administrative messag and send; Wherein, Carry the first authentication code key count value, the first message authentication code packet number count value that comprise in first authentication key context of first message authentication code and said travelling carriage self preservation in said first administrative messag; Said first message authentication code calculates and generates according to first authenticate key in said first authentication key context, first authenticate key sign and the said first authentication code key count value, the first message authentication code packet number count value; Said first authenticate key obtains by setting rule calculating according to mobile station identification and access relay station sign, and said second authenticate key and said first authenticate key are reciprocity key;
Multi-hop relay base station; Be used to receive second administrative messag that inserts the relay station transmission; And the 4th authenticate key that comprises according to the 4th authentication key context that is arranged in said multi-hop relay base station self, the 4th authenticate key sign and said the 3rd authentication code key count value, the 3rd message authentication code packet number count value are verified said the 3rd message authentication code; Confirm the repeated link safety whether between said access relay station and said multi-hop relay base station according to the checking result; Wherein, Carry the 3rd message authentication code and the 3rd authentication code key count value, the 3rd message authentication code packet number count value in said second administrative messag; Said the 3rd message authentication code calculates and generates according to the 3rd authenticate key in said the 3rd authentication code key count value, the 3rd message authentication code packet number count value and the 3rd authentication key context, the 3rd authenticate key sign; Said the 3rd authenticate key calculates by the setting rule with the multi-hop relay base station sign according to said access relay station sign and obtains, and said the 3rd authentication key context is positioned at said access relay station, and said the 4th authenticate key and said the 3rd authenticate key are reciprocity key.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009100047045A CN101815293B (en) | 2009-02-20 | 2009-02-20 | Link security certification method, device and system in wireless relay network |
PCT/CN2009/076217 WO2010094206A1 (en) | 2009-02-20 | 2009-12-29 | Method for link security authentication in wireless relay networks, device and system thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009100047045A CN101815293B (en) | 2009-02-20 | 2009-02-20 | Link security certification method, device and system in wireless relay network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101815293A CN101815293A (en) | 2010-08-25 |
CN101815293B true CN101815293B (en) | 2012-08-15 |
Family
ID=42622380
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009100047045A Expired - Fee Related CN101815293B (en) | 2009-02-20 | 2009-02-20 | Link security certification method, device and system in wireless relay network |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN101815293B (en) |
WO (1) | WO2010094206A1 (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102056159B (en) | 2009-11-03 | 2014-04-02 | 华为技术有限公司 | Method and device for acquiring safe key of relay system |
CN102143491B (en) | 2010-01-29 | 2013-10-09 | 华为技术有限公司 | MTC (machine type communication) equipment authentication method, MTC gateway and relevant equipment |
CN102724197B (en) * | 2012-06-25 | 2015-08-12 | 上海交通大学 | Link bidirectional safety certifying method in wireless relay network |
JP6199335B2 (en) | 2014-06-05 | 2017-09-20 | Kddi株式会社 | Communication network system and message inspection method |
JP7372527B2 (en) * | 2019-09-26 | 2023-11-01 | 富士通株式会社 | Communication relay program, relay device, and communication relay method |
CN113179515B (en) * | 2020-01-08 | 2023-07-18 | 华为技术有限公司 | Method and device for checking relay user equipment |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101232378A (en) * | 2007-12-29 | 2008-07-30 | 西安西电捷通无线网络通信有限公司 | Authentication accessing method of wireless multi-hop network |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101060405A (en) * | 2006-04-19 | 2007-10-24 | 华为技术有限公司 | A method and system for preventing the replay attack |
US7499547B2 (en) * | 2006-09-07 | 2009-03-03 | Motorola, Inc. | Security authentication and key management within an infrastructure based wireless multi-hop network |
KR20080090733A (en) * | 2007-04-05 | 2008-10-09 | 삼성전자주식회사 | Method and system for security association in broadband wireless communication system based on multi-hop |
-
2009
- 2009-02-20 CN CN2009100047045A patent/CN101815293B/en not_active Expired - Fee Related
- 2009-12-29 WO PCT/CN2009/076217 patent/WO2010094206A1/en active Application Filing
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101232378A (en) * | 2007-12-29 | 2008-07-30 | 西安西电捷通无线网络通信有限公司 | Authentication accessing method of wireless multi-hop network |
Also Published As
Publication number | Publication date |
---|---|
CN101815293A (en) | 2010-08-25 |
WO2010094206A1 (en) | 2010-08-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101815293B (en) | Link security certification method, device and system in wireless relay network | |
KR101045564B1 (en) | Mobile communication method for handover from handover source cell to handover destination cell | |
CN101292558B (en) | Method of providing security for relay station | |
CN101933271B (en) | Method and system for secure block acknowledgment (block ack) with protected MAC sequence number | |
CN102075930B (en) | Management frames for wireless network sets up device, the system and method for priority | |
KR101447726B1 (en) | The generation method and the update method of authorization key for mobile communication | |
KR101521978B1 (en) | Communication system, wireless communication apparatus and control method thereof | |
KR20110060550A (en) | Apparatus and method for handover of ms in wireless communication terminal | |
EP3324574B1 (en) | Gateway device and control method therefor | |
US20060046710A1 (en) | Test system for checking transmission processes in a mobile radio network, and method for authenticating a mobile telephone using one such test system | |
EP2288195A2 (en) | Method and apparatus for reducing overhead for integrity check of data in wireless communication system | |
CN105144641A (en) | System and method for detecting and resolving conflicts | |
CN102292962B (en) | Methods and apparatus related to address generation, communication and/or validation | |
JPH11127468A (en) | Communication controller and radio communication system | |
WO2006121465A1 (en) | Wireless access point network and management protocol | |
RU2012121186A (en) | RESTORING A COSTS LOSS LOSS IN A WIRELESS COMMUNICATION NETWORK | |
CN109103986A (en) | Substation's remote operation safety protecting method and system | |
KR20110031752A (en) | Method and apparatus for detecting sybil attack node using localization information and hash chain in ubiquitous sensor networks | |
CN107438247A (en) | Wireless relay implementation method and device | |
CN105072615A (en) | Connecting method and system for wireless fidelity network | |
RU2012105929A (en) | METHOD AND DEVICE FOR REDUCING SERVICE DATA FOR CHECKING DATA INTEGRITY IN A WIRELESS COMMUNICATION SYSTEM | |
US20060058053A1 (en) | Method for logging in a mobile terminal at an access point of a local communication network, and access point and terminal for carrying out the method | |
CN101610511A (en) | The guard method of terminal privacy and device | |
JP2020065153A (en) | Unauthorized device detection apparatus and method | |
CN108271156B (en) | Method and device for identifying pseudo base station |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120815 |