CN101958898A - Quick EAP authentication switching method in mobile WiMax network - Google Patents

Quick EAP authentication switching method in mobile WiMax network Download PDF

Info

Publication number
CN101958898A
CN101958898A CN2010102946927A CN201010294692A CN101958898A CN 101958898 A CN101958898 A CN 101958898A CN 2010102946927 A CN2010102946927 A CN 2010102946927A CN 201010294692 A CN201010294692 A CN 201010294692A CN 101958898 A CN101958898 A CN 101958898A
Authority
CN
China
Prior art keywords
authentication
target
msid
gid
thr
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2010102946927A
Other languages
Chinese (zh)
Other versions
CN101958898B (en
Inventor
张玉清
付安民
刘奇旭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Graduate School of CAS
University of Chinese Academy of Sciences
Original Assignee
University of Chinese Academy of Sciences
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Chinese Academy of Sciences filed Critical University of Chinese Academy of Sciences
Priority to CN2010102946927A priority Critical patent/CN101958898B/en
Priority to PCT/CN2010/078490 priority patent/WO2012040949A1/en
Publication of CN101958898A publication Critical patent/CN101958898A/en
Application granted granted Critical
Publication of CN101958898B publication Critical patent/CN101958898B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/0005Control or signalling for completing the hand-off
    • H04W36/0011Control or signalling for completing the hand-off for data sessions of end-to-end connection
    • H04W36/0033Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
    • H04W36/0038Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses a quick extensible authentication protocol (EAP) authentication switching method in a mobile worldwide interoperability for microwave access (WiMax) network, and belongs to the technical field of mobile WiMax network switching authentication. The method comprises the following steps that: when a mobile station (MS) accesses the mobile WiMax network for the first time and successfully finishes EAP authentication with an authentication, authorization and accounting (AAA) server, the MS accesses a base station (BS) and a credit instrument is generated for the MS by a multicast BS group key; and when the MS is switched to a new BS for the mobile requirement, the MS can pass the identity authentication of a target BS only by providing the credit instrument so as to avoid performing EAP authentication again and realize safe and quick switching.

Description

EAP authentication fast switch over method in a kind of mobile WiMAX network
Technical field
The present invention relates generally to mobile WiMAX network and switches the authentication techniques field, specially refers to a kind of method of supporting quick EAP (Extensible Authentication Protocol, extendible authentication protocol) switching authentication under high-speed mobile environment.
Background technology
WiMAX (World Interoperability for Microwave Access, worldwide interoperability for microwave inserts) be an emerging wireless access wide band technology based on IEEE 802.16 standards, can provide towards the high speed of the Internet to connect, data transmission distance can reach 50km farthest.WiMAX also has QoS guarantee, transmission rate height, professional advantage such as rich and varied.The technology starting point of WiMAX is higher, has adopted advanced technologies such as the OFDM/OFDMA, the AAS that represent the future communications technological development direction, MIMO, and along with the development of technical standard, WiMAX will progressively realize the mobile of broadband services.
The development of IEEE 802.16 series standards starts from calendar year 2001, but the formal issue of its first version is in 2002.Be a revision version of 802.16 standard series by the IEEE 802.16d standard of IEEE official approval in June, 2004, is a Standard Edition relatively ripe and that have practicality most.In order to provide high-speed data service to make the user have ambulant broadband wireless access solution again, IEEE working group has issued the 802.16e standard.This standard code can support system fixing and that mobile broadband wireless inserts simultaneously, it is operated in<6GHz is suitable for ambulant licensed band, can supports that user terminal moves with car speed.In order to satisfy the demand of global 4G wireless communication standard IMT-advanced, since 2007, IEEE802.16 working group begins to formulate 802.16 new standards (802.16m just), and has issued first IEEE 802.16m draft standard in July, 2009.Particularly in October, 2009, IEEE 802.16m has been submitted to the ITU of International Telecommunications Union and formally has been accepted as one of 4G candidate standard.
Authentication and key agreement are a kind of important safety mechanism among the WiMAX, and it is the important assurance that realizes secure communication, protection user and operator's interests.Before IEEE 802.16m, in the release criteria, support two kinds of identification authentication mode of EAP and RSA simultaneously, but in IEEE 802.16m standard, only support authentication, no longer support authentication mode based on RSA based on the EAP mode.
EAP is a kind of authentication protocol of definition in RFC 3748, and it specifically comprises multiple EAP authentication methods such as EAP-SIM, EAP-TLS, EAP-AKA.This agreement comprises three kinds of roles: client, authenticator and certificate server.In mobile WiMAX, MS (mobile station, portable terminal) is the EAP client, BS (base station, the base station) is the authenticator, aaa server in the territory, local (Authentication, Authorization, Accounting, checking, authorization and accounting server) is the EAP certificate server.EAP client and certificate server come exchange message by carrying out the EAP method, are in authenticator between them and are used for transmission information.If the EAP server allows EAP client access network, the client and server end can generate the cipher key shared material: master session key MSK (master session key) and extended master session key EMSK (extended MSK).The MSK shared session key that generates between MS and the BS.
Mobile WiMAX need be supported the mobile communication business of vehicular speeds, in the MS moving process, unavoidably need switch between BS, and the length of switching time is having a strong impact on the communication quality of MS.Network authentication when Fig. 1 switches for the mobile WiMAX user and mandate schematic diagram.Whole handoff procedure relates to five entities: mobile terminal MS, current service BS, target BS, ASN-GW (Access Service Networks-Gateway, access service network gateway) and aaa server.The method of the authentication of IEEE 802.16m switching at present is: before MS switches, re-execute once complete EAP authentication by serving BS broadcasts and target BS, and the session key material that negotiation makes new advances between MS and target BS, as PMK (PairwiseMaster Key, pairwise master key), AK (Authorization Key, authorization key), CMAC key (Cipher-basedMessage Authentication Code, authentication code key based on ciphertext) and TEK (Transmission EncryptionKey, traffic encryption key) etc., carry out switching then.But EAP verification process itself is very consuming time, this has increased time delay, reduced efficient, cause communication service quality to be subjected in various degree influence, particularly require more intense business for real-time, as VoIP, multimedia service etc., influence even more seriously, the user can feel pause, quality of service such as the interrupted problem that obviously descends.
Therefore,, reduce handover delay, be necessary for mobile WiMAX network a kind of quick switching authentication mechanism is provided in order to guarantee the mobile WiMAX network quality of service.
Summary of the invention
The objective of the invention is for mobile WiMAX network provides a kind of EAP switching authentication method based on bill, can under the high-speed motion scene, support to switch fast.
For achieving the above object, technical solution of the present invention is: insert mobile WiMAX network first at MS, and after completing successfully EAP authentication with aaa server, inserting BS, to utilize multicast BS group key be that MS generates credit instruments that are similar to resident identification card; Owing to move when need switch to a new BS, it only need provide its credit instruments just can be by the authentication of target BS, thereby can avoid carrying out again the EAP authentication, and then realizes switching safely and fast as MS.
The present invention specifically comprises use two parts of the establishment of MS credit instruments and distribution, MS credit instruments.
The establishment of MS credit instruments and the purpose of distribution are to insert mobile WiMAX network first at MS, and after completing successfully EAP authentication with aaa server, utilizing its multicast BS group key by access BS is that MS creates credit instruments that are similar to resident identification card, and be distributed to MS, make MS when switching, only need provide its credit instruments to target BS, just can be fast by authentication.The establishment of MS credit instruments is as follows with the distribution concrete grammar:
1) after receiving 256 next bit MSK of aaa server transmission, insert BS and extract back 128 bits of MSK as TCK (Temporary Cipher-based message authentication code Key, interim authentication code key) based on ciphertext; Insert BS and also can extract 128 bits of preceding 128 bits of MSK or other positions as TCK;
2) insert BS and use MAC (Media AccessControl, medium access control) address MSID, MSK and the bill term of validity T of MGK (multi-BS group key, multicast BS group key) MS ExpGenerate credit instruments T Deng information encryption MS, i.e. formula (1)
T MS=ENC MGK(MSID,MSK,T exp) (1)
3) inserting BS utilizes TCK to message (GID, MSID, T Exp, T MS, N BS) encrypt the message authentication code CMAC of generation based on ciphertext, then the CMAC sign indicating number that generates is added on (GID, MSID, T Exp, T MS, N BS) after together as bill notification message Ticket_iss, as formula (2)
Ticket_iss={(GID,MSID,T exp,T MS,N BS)(CMAC TCK)} (2)
Wherein GID is a multicast BS group indications, N BSIt is the random number that BS produces;
4) insert BS bill notification message Ticket_iss is directly sent to MS;
5) after MS receives Ticket_iss, generate TCK (being that MS also is that back 128 bits that extract among the MSK generate TCK) as inserting BS, verify the CMAC value among the Ticket_iss then, if checking is correct, MS gives and inserts acknowledge message ACK of BS transmission, if verify incorrectly, then give to insert BS and send a repeat requests.The application target of MS credit instruments is when new target BS inserts mobile WiMAX network in MS need switch to a multicast BS group, only need send a handoff request that has its credit instruments to target BS, authentication that just can very fast acquisition target BS, thereby can avoid re-executing time-consuming EAP authentication, and then realize switching fast.If when the target BS that MS need switch to was not BS in the multicast BS group, then MS need carry out the EAP authentication again.
The use concrete grammar of MS credit instruments is as follows:
1) MS utilizes TCK to message (GID, MSID, BSID, T MS, N MS) encrypt the message authentication code CMAC of generation based on ciphertext, then the CMAC sign indicating number that generates is added on (GID, MSID, BSID, T MS, N MS) after together as switching authentication request information THR_req, as formula (3)
THR_req={(GID,MSID,BSID,T MS,N MS)(CMAC TCK)} (3)
Wherein BSID is the MAC Address of BS, N MSIt is the random number that MS produces;
2) MS will switch authentication request information THR_req and send to target BS;
3) after target BS receives THR_req, utilize MGK to verify the validity of this switching authentication request.If effectively, target BS thinks that this MS is legal, allow that it inserts mobile WiMAX network, otherwise, refuse its access.Further, target BS specifically uses the following steps checking to switch the validity of authentication request information THR_req:
1) target BS is checked GID, BSID and the N among the THR_req MS, see this GID and BSID whether with self consistent and N MSWhether with the N of its record MSIdentical;
2) if consistent with self of this GID and BSID, and N MSN with its record MSDifference, target BS are used MGK deciphering T MSThereby, can obtain MSID, MSK and T ExpEtc. information;
3) target BS is successfully deciphered T MSAfter, at first whether the MSID that carries among the MSID that obtains of check deciphering and the THR_req is consistent, if consistent, just T is checked in continuation ExpThereby, judge the credit instruments T of this MS MSWhether expired;
4) if the credit instruments T of MS MSDo not have expiredly, target BS is extracted back 128 bits as TCK from the MSK that deciphering obtains, and uses TCK to (GID, MSID, BSID, T in the THR_req message MS, N MS) encrypt the message authentication code CMAC of generation based on ciphertext, then with THR_req message after subsidiary CMAC value compare, see its whether unanimity;
5) if the CMAC value is consistent, target BS thinks that MS is a legal users, and accepts the switching authentication request of MS, allows that it inserts mobile WiMAX network.
Compared with prior art, good effect of the present invention is:
1) the switching authentication framework is simple
Quick EAP switching authentication method based on bill of the present invention only needs target BS to use the credit instruments of its multicast BS group key MGK checking MS, just can realize the two-way authentication between MS and the BS, whole switching verification process does not need other any third-party participation (such as before serving BS broadcasts, aaa server etc.).
2) switching authentication speed is fast
When switching to a new BS, original method requires to re-execute the EAP authentication, and EAP verification process itself is very consuming time, and this has increased handover delay.Adopt quick switching authentication method of the present invention can avoid EAP authentication consuming time, and the checking to the MS credit instruments does not need to relate to any third party, can accelerate to switch authentication processes greatly, satisfy the quick switching requirement under the speed of a motor vehicle situation of movement, the quality of real-time service is unaffected.
Description of drawings
Fig. 1 be the mobile WiMAX user when switching network authentication and authorize schematic diagram;
Fig. 2 is the enforcement basic flow sheet of the quick EAP switching authentication method based on bill of the present invention;
Fig. 3 is the exemplifying embodiment of the quick EAP switching authentication method based on bill of the present invention.
Embodiment
Below in conjunction with accompanying drawing and exemplifying embodiment the present invention is described in further detail.
As shown in Figure 2, the basic flow sheet of implementing based on the quick EAP switching authentication method of bill of the present invention comprises following steps:
When step 201:MS inserts mobile WiMAX network first, authenticate by the EAP that inserts BS and aaa server complete, and set up shared master session key MSK with aaa server;
Step 202: insert BS after receiving the MSK that aaa server transmits, utilizing MGK is that MS creates credit instruments T MS, create bill notification message Ticket_iss then, and Ticket_iss sent to MS; After MS receives bill notification message Ticket_iss, the CMAC value of checking among the Ticket_iss, if checking is correct, MS gives and inserts BS and send an acknowledge message ACK, if verify incorrectly, then gives and inserts repeat requests of BS transmission;
Step 203: insert BS with credit instruments T MSAfter successfully being transferred to MS, use the session key agreement agreement and the MS that define in IEEE 802.16 standards to consult session keys such as PMK, AK, CMAC key and TEK;
Step 204: owing to move, in the time of need switching to new BS access mobile WiMAX network, MS judges by GID number of the broadcasting of inspection target BS whether target BS is the interior BS of multicast BS group as MS.If target BS is the BS in the multicast group, then can use credit instruments T MSCarry out fast and switch, otherwise need carry out the EAP authentication again;
Step 205: if target BS is the BS in the multicast group, MS sends one to target BS and comprises credit instruments T MSQuick switching authentication request, after target BS receives the quick switching authentication request of MS, use the credit instruments of its corresponding MGK deciphering and checking MS, if the verification passes, target BS thinks that MS is a legal users;
Step 206: after the switching authentication request of target BS good authentication MS, use the session key agreement agreement and the MS that define in IEEE 802.16 standards to consult session keys such as PMK, AK, CMAC key and TEK.
The present invention can be applied to mobile WiMAX network, concrete mobile WiMAX of future generation (the being IEEE802.16m) network formulated of not being only applicable to also is applicable to all mobile WiMAX networks such as IEEE 802.16e-2005, IEEE 802.16j-2009 of having issued.
Fig. 3 is the concrete exemplifying embodiment of quick EAP switching authentication method under IEEE 802.16m network environment based on bill of the present invention.The course of work of this exemplifying embodiment is described below:
When step 301:MS inserts IEEE 802.16m network first, pass through BS 1Authenticate with the EAP of aaa server complete, and set up shared master session key MSK with aaa server;
Step 302:AAA server is given BS by access service network gateway ASN-GW with the MSK safe transmission 1
Step 303:BS 1Utilize MGK to create credit instruments T for MS MS
Step 304:BS 1To comprise credit instruments T MSNotification message Ticket_iss send to MS;
After step 305:MS receives Ticket_iss, use the correctness of TCK checking message, if the verification passes, then give BS 1Send an acknowledge message ACK (this message can be omitted);
Step 306:BS 1Send challenge message (NONCE_BS) to MS, wherein NONCE_BS is BS 1The random number of creating;
Step 307:MS utilizes the method for IEEE 802.16m definition to produce PMK, AK and CMAC key;
Step 308:MS gives BS 1(MSID sends a request message *, NONCE_BS, NONCE_MS) (CMAC), wherein MSID *Be a conversion of the MAC Address of MS, NONCE_MS is the random number that MS creates;
Step 309:BS 1Utilize the method for IEEE 802.16m definition to produce PMK, AK and CMAC key, use the validity of CMAC key checking request message then;
Step 310:BS 1Send response message (NONCE_BS, NONCE_MS) (CMAC) to MS;
Step 311:MS utilizes the method for IEEE 802.16m definition to produce TEK;
Step 312:BS 1Utilize the method for IEEE 802.16m definition to produce TEK;
Step 313: owing to move, in the time of need switching to new BS access mobile WiMAX network, MS judges by GID number of the broadcasting of inspection target BS whether target BS is the interior BS of multicast BS group as MS.If target BS is not the BS in the multicast group, need carry out the EAP authentication again, switch otherwise just continue to use following step to carry out fast;
Step 314:MS is to BS 2Send one and switch authentication request message THR_req fast, this message comprises the credit instruments T of MS MS
Step 315:BS 2Use its multicast BS group key MGK deciphering T MSAnd the validity of checking THR_req, if the verification passes, think that then MS is legal users and accepts it and insert request;
Step 316:BS 2Send challenge message (NONCE_BS) to MS, wherein NONCE_BS is BS 2The random number of creating;
Step 317:MS utilizes the method for IEEE 802.16m definition to produce PMK, AK and CMAC key;
Step 318:MS gives BS 2(MSID sends a request message *, NONCE_BS, NONCE_MS) (CMAC), wherein MSID *Be a conversion of the MAC Address of MS, NONCE_MS is the random number that MS creates;
Step 319:BS 2Utilize the method for IEEE 802.16m definition to produce PMK, AK and CMAC key, use the validity of CMAC key checking request message then;
Step 320:BS 2Send response message (NONCE_BS, NONCE_MS) (CMAC) to MS;
Step 321:MS utilizes the method for IEEE 802.16m definition to produce TEK;
Step 322:BS 2Utilize the method for IEEE 802.16m definition to produce TEK.

Claims (9)

1. EAP authentication fast switch over method in the mobile WiMAX network the steps include:
When 1) client MS inserts mobile WiMAX network first, carry out the EAP authentication and set up master session key MSK with the EAP certificate server;
2) access authentication person BS utilizes its multicast BS group key MGK to create a credit instruments T for this MS MS, and be distributed to this MS; Described credit instruments comprise: the MAC Address MSID of MS, MSK, bill term of validity T Exp
3) in this MS switches to multicast BS group during a target BS, to handoff request THR_req who has its credit instruments of this target BS transmission; Described handoff request THR_req comprises: the random number N that the MAC Address BSID of target BS, the MAC Address MSID of MS, MS produce MS, multicast BS group indications GID, credit instruments T MS
4) after target BS receives THR_req, utilize MGK to verify the validity of this switching authentication request; If effectively, target BS thinks that this MS is legal, allow that it inserts mobile WiMAX network, otherwise, refuse its access.
2. the method for claim 1, person BS encrypts described credit instruments to it is characterized in that the access authentication, generates a bill notification message Ticket_iss and sends to this MS; Wherein, described bill notification message is: Ticket_iss={ (GID, MSID, T Exp, T MS, N BS) (CMAC TCK), CMAC TCKFor utilizing cipher key T CK to message (GID, MSID, T Exp, T MS, N BS) encrypt the message authentication code based on ciphertext of generation.
3. method as claimed in claim 2 is characterized in that the generation method of described cipher key T CK is: back 128 bits that extract master session key MSK are as the interim authentication code key TCK based on ciphertext.
4. method as claimed in claim 2 is characterized in that the generation method of described cipher key T CK is: preceding 128 bits that extract master session key MSK are as the interim authentication code key TCK based on ciphertext.
5. as claim 2 or 3 or 4 described methods, after it is characterized in that MS receives Ticket_iss, the described cipher key T CK that utilization generates verifies the CMAC value among the described Ticket_iss, if checking is correct, MS gives and inserts acknowledge message ACK of BS transmission, if verify incorrectly, then give to insert BS and send a repeat requests.
6. as claim 2 or 3 or 4 described methods, it is characterized in that the generation method of described handoff request THR_req is: MS utilizes cipher key T CK to message (GID, MSID, BSID, T MS, N MS) encrypt the message authentication code CMAC of generation based on ciphertext, then the CMAC sign indicating number that generates is added on (GID, MSID, BSID, T MS, N MS) after together as switching authentication request information THR_req.
7. method as claimed in claim 6, it is characterized in that target BS receives THR_req after, utilize MGK to verify that the method for the validity of this switching authentication request is:
1) target BS is checked GID, BSID and the N among the THR_req MSWhether with self GID, BSID and N MSCorresponding consistent;
2) if this GID, BSID are consistent with self GID, BSID, and N MSN with its record MSDifference, target BS are used MGK deciphering T MS, obtain MSID, MSK, T ExpInformation;
3) target BS decrypts T MSAfter, at first whether the MSID that carries among the MSID that obtains of check deciphering and the THR_req is consistent, if consistent, just T is checked in continuation Exp, judge the credit instruments T of this MS MSWhether expired;
4) if the credit instruments T of MS MSDo not have expiredly, target BS generates cipher key T CK, and uses TCK to (GID, MSID, BSID, T in the THR_req message MS, N MS) encrypt the message authentication code CMAC of generation based on ciphertext, then with THR_req message after subsidiary CMAC value compare, see its whether unanimity;
5) if the CMAC value is consistent, target BS is accepted the switching authentication request of MS, otherwise it is invalid to switch authentication request.
8. as claim 1 or 2 or 3 or 4 described methods, it is characterized in that described EAP certificate server gives described access authentication person BS by access service network gateway with the MSK safe transmission.
9. as claim 1 or 2 or 3 or 4 described methods, it is characterized in that described mobile WiMAX network comprises: IEEE802.16m mobile WiMAX network, IEEE 802.16e-2005 mobile WiMAX network, IEEE 802.16j-2009 mobile WiMAX network.
CN2010102946927A 2010-09-28 2010-09-28 Quick EAP authentication switching method in mobile WiMax network Expired - Fee Related CN101958898B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN2010102946927A CN101958898B (en) 2010-09-28 2010-09-28 Quick EAP authentication switching method in mobile WiMax network
PCT/CN2010/078490 WO2012040949A1 (en) 2010-09-28 2010-11-08 Method for fast handing over extensible authentication protocol (eap) authentication in mobile worldwide interoperability for microwave access (wimax) network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010102946927A CN101958898B (en) 2010-09-28 2010-09-28 Quick EAP authentication switching method in mobile WiMax network

Publications (2)

Publication Number Publication Date
CN101958898A true CN101958898A (en) 2011-01-26
CN101958898B CN101958898B (en) 2013-10-30

Family

ID=43486004

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010102946927A Expired - Fee Related CN101958898B (en) 2010-09-28 2010-09-28 Quick EAP authentication switching method in mobile WiMax network

Country Status (2)

Country Link
CN (1) CN101958898B (en)
WO (1) WO2012040949A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103200162A (en) * 2012-01-04 2013-07-10 株式会社野村综合研究所 Server system, service delivery server and control method
CN103918014A (en) * 2011-11-11 2014-07-09 奥迪股份公司 Method and system for enabling technical apparatus
CN103781067B (en) * 2014-03-03 2017-03-29 南京理工大学 Switching authentication method with secret protection in LTE/LTE A networks
CN108513296A (en) * 2018-02-23 2018-09-07 北京信息科技大学 A kind of switching authentication method and system of MTC frameworks
CN110798454A (en) * 2019-10-18 2020-02-14 中国科学院信息工程研究所 Method for defending attack based on attack organization capability evaluation

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103595527B (en) * 2012-08-13 2016-12-21 西安西电捷通无线网络通信股份有限公司 The changing method of a kind of two-way key and realize device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101233734A (en) * 2005-06-30 2008-07-30 朗迅科技公司 Method for distributing security keys during hand-off in a wireless communication system
CN101635923A (en) * 2009-08-05 2010-01-27 中兴通讯股份有限公司 EAP authentication method and system supporting fast switching
US20100208690A1 (en) * 2009-02-13 2010-08-19 Jianlin Guo Fast Handover Protocols for Wimax Networks

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101510825B (en) * 2009-02-25 2014-04-30 中兴通讯股份有限公司 Protection method and system for management message
CN101742492B (en) * 2009-12-11 2015-07-22 中兴通讯股份有限公司 Key processing method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101233734A (en) * 2005-06-30 2008-07-30 朗迅科技公司 Method for distributing security keys during hand-off in a wireless communication system
US20100208690A1 (en) * 2009-02-13 2010-08-19 Jianlin Guo Fast Handover Protocols for Wimax Networks
CN101635923A (en) * 2009-08-05 2010-01-27 中兴通讯股份有限公司 EAP authentication method and system supporting fast switching

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103918014A (en) * 2011-11-11 2014-07-09 奥迪股份公司 Method and system for enabling technical apparatus
CN103200162A (en) * 2012-01-04 2013-07-10 株式会社野村综合研究所 Server system, service delivery server and control method
CN103200162B (en) * 2012-01-04 2016-04-27 株式会社野村综合研究所 server system, service providing server and control method
CN103781067B (en) * 2014-03-03 2017-03-29 南京理工大学 Switching authentication method with secret protection in LTE/LTE A networks
CN108513296A (en) * 2018-02-23 2018-09-07 北京信息科技大学 A kind of switching authentication method and system of MTC frameworks
CN110798454A (en) * 2019-10-18 2020-02-14 中国科学院信息工程研究所 Method for defending attack based on attack organization capability evaluation

Also Published As

Publication number Publication date
CN101958898B (en) 2013-10-30
WO2012040949A1 (en) 2012-04-05

Similar Documents

Publication Publication Date Title
CN101056177B (en) Radio mesh re-authentication method based on the WLAN secure standard WAPI
EP1739903B1 (en) Authentication system and method thereof in a communication system
CN101106452B (en) Generation and distribution method and system for mobile IP secret key
US20110320802A1 (en) Authentication method, key distribution method and authentication and key distribution method
US9264900B2 (en) Fast authentication for inter-domain handovers
CN101958898B (en) Quick EAP authentication switching method in mobile WiMax network
CN1298194C (en) Radio LAN security access method based on roaming key exchange authentication protocal
US20110107087A1 (en) Apparatus and method for refreshing master session key in wireless communication system
Fu et al. A fast handover authentication mechanism based on ticket for IEEE 802.16 m
KR20060067263A (en) Fast re-authentication method when handoff in wlan-umts interworking network
CN103688563A (en) Performing a group authentication and key agreement procedure
CN101951590B (en) Authentication method, device and system
CN106961682B (en) It is a kind of based on the group of mobile relay to path mobile handoff authentication method
CN109768861B (en) Massive D2D anonymous discovery authentication and key agreement method
KR20070051233A (en) System and method for re-authenticating using twice extensible authentication protocol scheme in a broadband wireless access communication system
CN101854629A (en) Method of access authentication and recertification in home NodeB system of user terminal
WO2011015060A1 (en) Extensible authentication protocol authentication method, base station and authentication server thereof
US8407474B2 (en) Pre-authentication method, authentication system and authentication apparatus
CN101420695B (en) 3G customer fast roaming authentication method based on wireless LAN
CN101610507A (en) A kind of method that inserts the 3G-WLAN internet
Sun et al. Secure and fast handover scheme based on pre-authentication method for 802.16/WiMAX infrastructure networks
El Bouabidi et al. Secure handoff protocol in 3GPP LTE networks
KR101445459B1 (en) Authenticator relocation method for wimax system
CN101707769A (en) Method and system for WAPI reauthentication in wireless local area network
CN101742492B (en) Key processing method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20131030

Termination date: 20200928