CN104868991A - Security parameter index (SPI) conflict processing method and group key server (KS) - Google Patents
Security parameter index (SPI) conflict processing method and group key server (KS) Download PDFInfo
- Publication number
- CN104868991A CN104868991A CN201510230765.9A CN201510230765A CN104868991A CN 104868991 A CN104868991 A CN 104868991A CN 201510230765 A CN201510230765 A CN 201510230765A CN 104868991 A CN104868991 A CN 104868991A
- Authority
- CN
- China
- Prior art keywords
- spi
- strategy
- key
- equipment
- corresponding relation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention discloses a security parameter index (SPI) conflict processing method and a group key server (KS). The method comprises the following steps that: after the KS receives a conflict notification message sent by GM (Group Member) equipment when local existence of an SPI which is in conflict with a first SPI is determined, the first SPI corresponds to a first SA (Security Association) strategy and a first key; the KS generates a second SPI corresponding to the first SA strategy and the first key, wherein the second SPI is different from the first SPI; and the KS issues the first SA strategy, the first key and the second SPI to the GM equipment. Thus, the problem of mutual conflict since a key issued to the GM equipment by the KS and an existing key of the GM equipment correspond to an identical SPI is solved; the encryption or decryption correctness of the GM equipment specific to protocol messages or data messages is increased; and the stability of a network is enhanced.
Description
Technical field
The present invention relates to communication technical field, particularly a kind of Security Parameter Index conflict processing method.The present invention relates to a kind of group key server KS simultaneously.
Background technology
GD VPN (Group Domain Virtual Private Network; group territory virtual private networks) be a kind of solution realizing key and security strategy centralized management, be mainly used in protecting (such as the safe transmission of audio frequency, video broadcasting and Multicast File) flux of multicast.Connect relative to the tunnel of the point-to-point of traditional IPsec VPN, GD VPN is that a kind of point-to-multipoint non-tunnel connects, and provides a kind of IPsec security model based on group newly.
GD VPN is made up of KS (Key Server, key server) and GM (Group Member, group membership) equipment, and KS realizes the management of multiple different security strategy and key by different groups.As shown in Figure 1, for the structural representation of a kind of GD VPN of the prior art networking, first GM equipment in this GD VPN networking need to register to KS before addition, KS generates SA (Security Association in the process, Security Association) tactful and key, also generate SPI (the Security Parameter Index answered with this SA strategy and double secret key simultaneously, Security Parameter Index), and by SA strategy, key and be issued to GM equipment with SA strategy and the SPI that answers of double secret key.Wherein, SA strategy comprises: Rekey SA strategy or IPsec SA strategy.GM equipment is according to Rekey SA strategy and secret generating Rekey SA, the RekeySA protocol massages for the protection of the mutual key updating of GM and KS.GM equipment is according to IPsec SA strategy and secret generating IPsec SA, and IPsec SA is for the protection of the data message forwarded between GM equipment.
GM equipment also preserves the corresponding relation between SA strategy, key and SPI three after receiving SA strategy, key and the SPI that KS issues.Corresponding relation between follow-up GM equipment utilization Rekey SA strategy, key and SPI three searches key, and utilizes the protocol massages in this GM equipment of double secret key and KS reciprocal process found to be encrypted or to decipher; Utilize the corresponding relation between IPsec SA strategy, key and SPI three to look for and search key, and utilize the data message in this GM equipment of double secret key and other GM equipment reciprocal process found to be encrypted or to decipher
But, inventor is realizing finding in process of the present invention, because same GM equipment can be registered to different KS, identical situation may be there is in the SPI that the different double secret key generated by different K S are like this answered, therefore when when the corresponding multiple different key of same SPI in GM equipment, this GM equipment may get the key of mistake based on SPI when needing to use key, thus cannot correctly receive or send and protocol massages that KS is mutual or correct encryption or deciphering cannot be carried out to the data message forwarded between other GM equipment, impact is brought to the stability of network.
Summary of the invention
The invention provides a kind of Security Parameter Index conflict processing method, answer same SPI with the existing double secret key of GM equipment in order to solve the key being issued to GM equipment and cause mutual afoul problem, thus the correctness that raising GM equipment is encrypted protocol massages or data message or deciphers, to improve the stability of network, described method is applied to and comprises in the GD VPN of KS and GM equipment, and the method comprises:
Described KS receives the conflict notification packet that described GM equipment sends when confirming the SPI that local existence conflicts with the first Security Parameter Index SPI, described conflict notification packet carries a described SPI, and the SA strategy that a described SPI and described KS generates and the first double secret key should;
Described KS generates the 2nd SPI answered with a SA strategy and the first double secret key, and described 2nd SPI is different from a described SPI;
Described KS issues a described SA strategy, described first key and described 2nd SPI to described GM equipment;
Described KS deletes local a described SPI, the corresponding relation between a SA strategy and the first key three preserved, preserves the corresponding relation between described 2nd SPI, a SA strategy and the first key three.
Correspondingly, the invention allows for a kind of group key server KS, it is characterized in that, described KS is applied to and comprises in the territory VPN (virtual private network) GD VPN of described KS and group membership GM equipment, comprising:
Receiver module, for receiving the conflict notification packet that described GM equipment sends when confirming the SPI that local existence conflicts with the first Security Parameter Index SPI, described conflict notification packet carries a described SPI, and the SA strategy that a described SPI and described KS generates and the first double secret key should;
Generation module, for generating the 2nd SPI answered with a SA strategy and the first double secret key, described 2nd SPI is different from a described SPI;
Issue module, for issuing a described SA strategy, described first key and described 2nd SPI to described GM equipment;
Processing module, for deleting local a described SPI, the corresponding relation between a SA strategy and the first key three preserved, preserves the corresponding relation between described 2nd SPI, a SA strategy and the first key three.
As can be seen here, by applying technical scheme of the present invention, KS is receiving GM equipment after confirming the conflict notification packet that this locality sends when there is the SPI conflicted with a SPI, a described SPI corresponds to SA strategy and first key, KS generates the 2nd SPI answered with a SA strategy and the first double secret key, described 2nd SPI is different from a described SPI, and issues a SA strategy, the first key and the 2nd SPI to GM equipment.Thus solve KS be issued to the key of GM equipment and the existing double secret key of GM equipment should same SPI and cause mutual afoul problem, thus improve the correctness that GM equipment is encrypted protocol massages or data message or deciphers, to improve the stability of network.
Accompanying drawing explanation
Fig. 1 is existing GD VPN networking structure schematic diagram;
Fig. 2 is the schematic flow sheet of a kind of Security Parameter Index conflict processing method that the present invention proposes;
Fig. 3 is the structural representation of a kind of KS that the present invention proposes.
Embodiment
For solving this technical problem, the present invention proposes a kind of Security Parameter Index conflict processing method, as shown in Figure 3, the method comprises the following steps:
S201, KS receive the conflict notification packet that GM equipment sends when confirming the SPI that local existence conflicts with a SPI, and described conflict notification packet carries a described SPI, and the SA strategy that a described SPI and described KS generates and the first double secret key should.
At GM equipment when registering to a new KS, first KS can issue a SA strategy and the SPI corresponding with this SA strategy to this GM equipment, the SPI issued is this KS will send to the double secret key of this GM equipment to answer SPI when having registered, only have GM equipment can accept at this SA of confirmation strategy and send to KS should after the confirmation message of SA strategy, follow-up just can the continuation of KS issues the key corresponding with this SA strategy and SPI to this GM equipment.And after GM equipment succeeds in registration to current KS, in order to keep the freshness of key in GM equipment, KS also can generate the new SPI answered with the SA strategy issued and double secret key termly, and this SA strategy, key and new SPI are sent to GM equipment.For GM equipment, no matter be in registration phase or follow-up SPI more new stage, all need after receiving SA strategy, key and SPI, preserve the corresponding relation between SA strategy, key and SPI three.
With GM equipment in prior art for the SPI difference that is left intact be, GM equipment in technical solution of the present invention receive KS be handed down to self SA strategy and SPI after or receive that KS is handed down to that self SA is tactful, after key and SPI, SPI in each SA strategy this SPI and this locality can preserved, the corresponding relation between key and SPI three carries out contrast and judges, confirms whether this locality exists the SPI clashed with this SPI.By the SPI that this KS issues in the present embodiment, namely the SA strategy corresponding with this SPI that this KS generates and the key corresponding with this SPI that this KS generates are respectively a SPI, SA strategy and first key.After confirming the SPI that local existence conflicts with a SPI, GM equipment generates conflict notification packet immediately, and a SPI is carried in this conflict notification packet sends to KS, KS equipment, after getting the SPI in this conflict notification packet, can know the SPI and SA strategy and first key corresponding with a SPI that produce conflict.In the particular embodiment, this conflict notification packet can adopt the info message of CONFLICT-SPI type, and those skilled in the art also can adopt other can realize the message of identical object type on this basis, and these all belong to protection scope of the present invention.
In addition, cause network paralysis in order to the equipment preventing this important breaks down, the scheme of redundancy backup can be adopted for KS, namely a main KS is set and one or more is for KS, carry out by main KS all functions performing KS under normal circumstances, standby KS only needs to be responsible for E-Packeting.In order to take over seamlessly when can realize fault, all the same for main KS GM equipment with the mark of standby KS, result also in GM equipment like this and do not distinguish main KS and standby KS when sending conflict notification packet, therefore main KS and standby KS likely receives the conflict notification packet coming from GM equipment.For this situation, the present invention is directed to each KS is provided with when receiving the conflict notification packet sent by GM equipment, first disconnectedly self currently whether be in redundancy backup state, and perform following process according to judged result and from the role in redundancy backup state:
(1) KS is current is not in redundancy backup state
When not adopting redundancy backup mechanism while not being in redundancy backup state (namely when KS is current), conflict notification packet is sent by GM equipment, is directly received the conflict notification packet sent by GM equipment by this KS.
(2) KS is current is in redundancy backup state, and KS is standby KS
For the standby KS in redundancy backup mechanism, the present invention arranges it, after receiving conflict notification packet, conflict notification packet is forwarded to main KS, carries out follow-up process by main KS.
(3) KS is current is in redundancy backup state, and KS is main KS
In this case, KS may receive conflict notification packet from GM equipment or standby KS, and conflict notification packet is sent by GM equipment or after the conflict notification packet receiving the transmission of GM equipment, is forwarded to KS by the current standby KS being in redundancy backup state.
S202, described KS generate the 2nd SPI answered with a SA strategy and the first double secret key.
Similar collision problem is there is between the SPI generated to avoid again follow-up and other KS of the 2nd SPI generated as far as possible, KS is when local terminal stochastic generation the 2nd SPI, one or more parameter specifically according to this KS is generated this SPI jointly, and wherein the parameter of KS can comprise the information such as noise of the mark ID of this KS, the running time of this KS, the temperature of this KS or this KS periphery.Those skilled in the art can proceed expansion on this basis, and these all belong to protection scope of the present invention.
It should be noted that, because under redundancy backup state, this step is completed by main KS, therefore consistent with main KS content in order to ensure other contents for KS, main KS is after executing this step, current all standby KS are sent to by a SA strategy, the first key and the 2nd SPI, so that each deletes local SA strategy, the corresponding relation between the first key and a SPI three preserved for KS, preserve the corresponding relation between a SA strategy, the first key and the 2nd SPI three.
S203, described KS issue a described SA strategy, described first key and described 2nd SPI to described GM equipment.
As previously mentioned, owing to all may there is the problem that SPI conflicts in the process of GM facility registration or in the process of SPI renewal, therefore based on the difference of this GM facility registration state, the concrete processing procedure of this step is as follows:
(1) if the unregistered success of described GM equipment, described SA strategy and described 2nd SPI is sent to described GM equipment, when receive that described GM equipment returns correspond to the confirmation message of a described SA strategy after, send described first key and described 2nd SPI to described GM equipment;
(2) if the registered success of described GM equipment, send a described SA strategy, described first key and described 2nd SPI to described GM equipment simultaneously.
For the concrete scene shown in Fig. 1, in this specific embodiment, receive the conflict notification packet of one of them GM equipment when KS equipment and after generating the 2nd SPI answered with a SA strategy and the first double secret key accordingly, judge to the login state of GM equipment.If this GM equipment is in the state registered at present, so KS sends the first registration response message to this GM equipment, and this first registration response message at least comprises the load that one carries a SA strategy and the 2nd SPI.This KS is after receiving and sending confirmation message for a SA strategy by GM equipment subsequently, then sends the second registration response message to GM equipment, at least comprises the load that one carries the first key and the 2nd SPI in this second registration response message.KS sends the first registration response message respectively by front and back and the second registration response message issues a SA strategy, the first key and the 2nd SPI to this GM equipment.
Complete if this GM equipment is registered at present, so KS sends Rekey message to this GM equipment, at least comprises the load that one is carried SA strategy and SPI in this Rekey message, and a load of carrying key and SPI.KS issues a SA strategy, the first key and the 2nd SPI by this Rekey message to this GM equipment.
S204, described KS delete local a described SPI, the corresponding relation between a SA strategy and the first key three preserved, preserve the corresponding relation between described 2nd SPI, a SA strategy and the first key three.
KS is after S202 generates new SPI according to the attribute information of self, and original SPI does not have any effect for KS or GM, and KS equipment can be discarded idle or delete.In the application's preferred embodiment, based on the type of a SA strategy and the current using state of this first key, determine the time of deleting, concrete deletion mode is as follows:
(1) if a described SA strategy is IPsec SA strategy, then described KS deletes local a described SPI, the corresponding relation between a SA strategy and the first key three preserved;
(2) if a described SA strategy is Rekey SA strategy and described first key is current not for encryption, then described KS deletes local a described SPI, the corresponding relation between a SA strategy and the first key three preserved;
(3) if a described SA strategy is Rekey SA strategy and described first key is current for encryption, then described KS confirming a described SA strategy, described first key and described 2nd SPI delete corresponding relation between tactful and the first key three of the described SPI, the SA that preserve this locality after sending to described GM equipment.
In addition, after the conflict notification packet sended over for certain GM equipment is disposed, all registered successful GM equipment initiatively in described GD VPN except described GM equipment is sent a described SA strategy, described first key and described 2nd SPI by KS.All registered successful GM equipment in such GD VPN except described GM equipment can delete local a described SPI, the corresponding relation between a SA strategy and the first key three preserved accordingly, and preserve the corresponding relation between described 2nd SPI, a SA strategy and the first key three.
For reaching above technical purpose, the invention allows for a kind of group key server KS, described KS and being applied to and comprising in the territory VPN (virtual private network) GD VPN of described KS and group membership GM equipment, as shown in Figure 3, comprising:
Receiver module 310, for receiving the conflict notification packet that described GM equipment sends when confirming the SPI that local existence conflicts with the first Security Parameter Index SPI, described conflict notification packet carries a described SPI, and the SA strategy that a described SPI and described KS generates and the first double secret key should;
Generation module 320, for generating the 2nd SPI answered with a SA strategy and the first double secret key, described 2nd SPI is different from a described SPI;
Issue module 330, for issuing a described SA strategy, described first key and described 2nd SPI to described GM equipment;
Processing module 340, for deleting local a described SPI, the corresponding relation between a SA strategy and the first key three preserved, preserves the corresponding relation between described 2nd SPI, a SA strategy and the first key three.
In concrete application scenarios, described in issue module specifically for:
If the unregistered success of described GM equipment, described SA strategy and described 2nd SPI is sent to described GM equipment, when receive that described GM equipment returns correspond to the confirmation message of a described SA strategy after, send described first key and described 2nd SPI to described GM equipment;
If the registered success of described GM equipment, send a described SA strategy, described first key and described 2nd SPI to described GM equipment simultaneously.
In concrete application scenarios, described processing module specifically for:
If a described SA strategy is IPsec SA strategy, delete the corresponding relation between a described SPI of local preservation, a SA strategy and the first key three;
If a described SA strategy is Rekey SA strategy and described first key is current not for encryption, delete local a described SPI, the corresponding relation between a SA strategy and the first key three preserved;
If a described SA strategy is Rekey SA strategy and described first key is current for encryption, confirming a described SA strategy, described first key and described 2nd SPI delete corresponding relation between tactful and the first key three of the described SPI, the SA that preserve this locality after sending to described GM equipment.
In concrete application scenarios, also comprise:
Announcement module, a described SA strategy, described first key and described 2nd SPI is sent for all registered successful GM equipment in described GD VPN except described GM equipment, with the corresponding relation between the described SPI making all registered successful GM unit deletion this locality in described GD VPN except described GM equipment preserve, a SA strategy and the first key three, and preserve the corresponding relation between described 2nd SPI, a SA strategy and the first key three.
In concrete application scenarios, when described KS is not in redundancy backup state, described conflict notification packet is sent by described GM equipment; When described KS is in redundancy backup state and is main KS, described conflict notification packet is sent by described GM equipment, or after the described conflict notification packet receiving the transmission of described GM equipment, is forwarded to described KS by the standby KS being in redundancy backup state.In concrete application scenarios, described 2nd SPI generates according to the parameter of described KS, and the parameter of described KS at least comprises: the temperature of the ID of described KS or the running time of described KS or described KS or the noise of described KS periphery.
Through the above description of the embodiments, those skilled in the art can be well understood to the present invention can by hardware implementing, and the mode that also can add necessary general hardware platform by software realizes.Based on such understanding, technical scheme of the present invention can embody with the form of software product, it (can be CD-ROM that this software product can be stored in a non-volatile memory medium, USB flash disk, portable hard drive etc.) in, comprise some instructions and perform each method implementing described in scene of the present invention in order to make a computer equipment (can be personal computer, server, or the network equipment etc.).
It will be appreciated by those skilled in the art that accompanying drawing is a schematic diagram preferably implementing scene, the module in accompanying drawing or flow process might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device implemented in scene can carry out being distributed in the device of enforcement scene according to implementing scene description, also can carry out respective change and being arranged in the one or more devices being different from this enforcement scene.The module of above-mentioned enforcement scene can merge into a module, also can split into multiple submodule further.
The invention described above sequence number, just to describing, does not represent the quality implementing scene.
Be only several concrete enforcement scene of the present invention above, but the present invention is not limited thereto, the changes that any person skilled in the art can think of all should fall into protection scope of the present invention.
Claims (12)
1. a processing method for Security Parameter Index conflict, it is characterized in that, described method is applied to and comprises in the group territory VPN (virtual private network) GD VPN of group key server KS and group membership GM equipment, and the method comprises:
Described KS receives the conflict notification packet that described GM equipment sends when confirming the SPI that local existence conflicts with the first Security Parameter Index SPI, described conflict notification packet carries a described SPI, and the SA strategy that a described SPI and described KS generates and the first double secret key should;
Described KS generates the 2nd SPI answered with a SA strategy and the first double secret key, and described 2nd SPI is different from a described SPI;
Described KS issues a described SA strategy, described first key and described 2nd SPI to described GM equipment;
Described KS deletes local a described SPI, the corresponding relation between a SA strategy and the first key three preserved, preserves the corresponding relation between described 2nd SPI, a SA strategy and the first key three.
2. method according to claim 1, is characterized in that, described KS issues a described SA strategy, described first key and described 2nd SPI to described GM equipment, is specially:
If the unregistered success of described GM equipment, described SA strategy and described 2nd SPI is sent to described GM equipment, when receive that described GM equipment returns correspond to the confirmation message of a described SA strategy after, send described first key and described 2nd SPI to described GM equipment;
If the registered success of described GM equipment, send a described SA strategy, described first key and described 2nd SPI to described GM equipment simultaneously.
3. method according to claim 1, is characterized in that, the corresponding relation of a described SPI and SA strategy and the first key that described KS deletes local preservation is specially:
If a described SA strategy is IPsec SA strategy, then described KS deletes local a described SPI, the corresponding relation between a SA strategy and the first key three preserved;
If a described SA strategy is Rekey SA strategy and described first key is current not for encryption, then described KS deletes local a described SPI, the corresponding relation between a SA strategy and the first key three preserved;
If a described SA strategy is Rekey SA strategy and described first key is current for encryption, then described KS confirming a described SA strategy, described first key and described 2nd SPI delete corresponding relation between tactful and the first key three of the described SPI, the SA that preserve this locality after sending to described GM equipment.
4. method according to claim 1, is characterized in that, after described KS generates the 2nd SPI answered with a SA strategy and the first double secret key, described method also comprises:
All registered successful GM equipment in described GD VPN except described GM equipment sends a described SA strategy, described first key and described 2nd SPI, with the corresponding relation between the described SPI making all registered successful GM unit deletion this locality in described GD VPN except described GM equipment preserve, a SA strategy and the first key three, and preserve the corresponding relation between described 2nd SPI, a SA strategy and the first key three.
5. method according to claim 1, is characterized in that,
When described KS is not in redundancy backup state, described conflict notification packet is sent by described GM equipment;
When described KS is in redundancy backup state and is main KS, described conflict notification packet is sent by described GM equipment, or after the described conflict notification packet receiving the transmission of described GM equipment, is forwarded to described KS by the standby KS being in redundancy backup state.
6. method according to claim 1, is characterized in that, described 2nd SPI generates according to the parameter of described KS, and the parameter of described KS at least comprises: the temperature of the ID of described KS or the running time of described KS or described KS or the noise of described KS periphery.
7. a group key server KS, is characterized in that, described KS is applied to and comprises in the territory VPN (virtual private network) GD VPN of described KS and group membership GM equipment, comprising:
Receiver module, for receiving the conflict notification packet that described GM equipment sends when confirming the SPI that local existence conflicts with the first Security Parameter Index SPI, described conflict notification packet carries a described SPI, and the SA strategy that a described SPI and described KS generates and the first double secret key should;
Generation module, for generating the 2nd SPI answered with a SA strategy and the first double secret key, described 2nd SPI is different from a described SPI;
Issue module, for issuing a described SA strategy, described first key and described 2nd SPI to described GM equipment;
Processing module, for deleting local a described SPI, the corresponding relation between a SA strategy and the first key three preserved, preserves the corresponding relation between described 2nd SPI, a SA strategy and the first key three.
8. KS according to claim 7, is characterized in that, described in issue module specifically for:
If the unregistered success of described GM equipment, described SA strategy and described 2nd SPI is sent to described GM equipment, when receive that described GM equipment returns correspond to the confirmation message of a described SA strategy after, send described first key and described 2nd SPI to described GM equipment;
If the registered success of described GM equipment, send a described SA strategy, described first key and described 2nd SPI to described GM equipment simultaneously.
9. KS according to claim 7, is characterized in that, described processing module specifically for:
If a described SA strategy is IPsec SA strategy, delete the corresponding relation between a described SPI of local preservation, a SA strategy and the first key three;
If a described SA strategy is Rekey SA strategy and described first key is current not for encryption, delete local a described SPI, the corresponding relation between a SA strategy and the first key three preserved;
If a described SA strategy is Rekey SA strategy and described first key is current for encryption, confirming a described SA strategy, described first key and described 2nd SPI delete corresponding relation between tactful and the first key three of the described SPI, the SA that preserve this locality after sending to described GM equipment.
10. KS according to claim 7, is characterized in that, also comprises:
Announcement module, a described SA strategy, described first key and described 2nd SPI is sent for all registered successful GM equipment in described GD VPN except described GM equipment, with the corresponding relation between the described SPI making all registered successful GM unit deletion this locality in described GD VPN except described GM equipment preserve, a SA strategy and the first key three, and preserve the corresponding relation between described 2nd SPI, a SA strategy and the first key three.
11. KS according to claim 7, is characterized in that,
When described KS is not in redundancy backup state, described conflict notification packet is sent by described GM equipment;
When described KS is in redundancy backup state and is main KS, described conflict notification packet is sent by described GM equipment, or after the described conflict notification packet receiving the transmission of described GM equipment, is forwarded to described KS by the standby KS being in redundancy backup state.
12. KS according to claim 7, is characterized in that, described 2nd SPI generates according to the parameter of described KS, and the parameter of described KS at least comprises: the temperature of the ID of described KS or the running time of described KS or described KS or the noise of described KS periphery.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510230765.9A CN104868991B (en) | 2015-05-07 | 2015-05-07 | A kind of Security Parameter Index conflict processing method and group key server KS |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510230765.9A CN104868991B (en) | 2015-05-07 | 2015-05-07 | A kind of Security Parameter Index conflict processing method and group key server KS |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104868991A true CN104868991A (en) | 2015-08-26 |
| CN104868991B CN104868991B (en) | 2018-09-04 |
Family
ID=53914537
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510230765.9A Active CN104868991B (en) | 2015-05-07 | 2015-05-07 | A kind of Security Parameter Index conflict processing method and group key server KS |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104868991B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030018908A1 (en) * | 2001-07-23 | 2003-01-23 | Mercer Chad W. | Method for establishing a security association between two or more computers communicating via an interconnected computer network |
| CN101694672A (en) * | 2009-10-16 | 2010-04-14 | 华中科技大学 | Distributed safe retrieval system |
| CN102904901A (en) * | 2012-10-29 | 2013-01-30 | 杭州华三通信技术有限公司 | Method for synchronizing IPsec SA, group member and group secret server |
| US20130086002A1 (en) * | 2011-09-30 | 2013-04-04 | International Business Machines Corporation | Enforcing temporal uniqueness of index keys utilizing key-valued locking in the presence of pseudo-deleted keys |
| CN103414554A (en) * | 2013-08-13 | 2013-11-27 | 成都卫士通信息产业股份有限公司 | Objectification secret key management system and secret key management method based on system |
| CN104023022A (en) * | 2014-06-13 | 2014-09-03 | 杭州华三通信技术有限公司 | Method and device of obtaining IPSec SA (Internet Protocol Security Association) |
-
2015
- 2015-05-07 CN CN201510230765.9A patent/CN104868991B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030018908A1 (en) * | 2001-07-23 | 2003-01-23 | Mercer Chad W. | Method for establishing a security association between two or more computers communicating via an interconnected computer network |
| CN101694672A (en) * | 2009-10-16 | 2010-04-14 | 华中科技大学 | Distributed safe retrieval system |
| US20130086002A1 (en) * | 2011-09-30 | 2013-04-04 | International Business Machines Corporation | Enforcing temporal uniqueness of index keys utilizing key-valued locking in the presence of pseudo-deleted keys |
| CN102904901A (en) * | 2012-10-29 | 2013-01-30 | 杭州华三通信技术有限公司 | Method for synchronizing IPsec SA, group member and group secret server |
| CN103414554A (en) * | 2013-08-13 | 2013-11-27 | 成都卫士通信息产业股份有限公司 | Objectification secret key management system and secret key management method based on system |
| CN104023022A (en) * | 2014-06-13 | 2014-09-03 | 杭州华三通信技术有限公司 | Method and device of obtaining IPSec SA (Internet Protocol Security Association) |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104868991B (en) | 2018-09-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110971415B (en) | Space-ground integrated space information network anonymous access authentication method and system | |
| CN107040922B (en) | Wireless network connecting method, apparatus and system | |
| CN103797830B (en) | For to the system and method for encoding with one group of exchange sharing temporary key data | |
| CN105554747B (en) | Wireless network connecting method, apparatus and system | |
| WO2017114123A1 (en) | Key configuration method and key management center, and network element | |
| US20170302646A1 (en) | Identity authentication method and apparatus | |
| WO2018040758A1 (en) | Authentication method, authentication apparatus and authentication system | |
| EP3537741A1 (en) | Machine-to-machine node erase procedure | |
| CN107948736A (en) | A kind of audio and video preservation of evidence method and system | |
| KR20160138057A (en) | Secure and simplified procedure for joining a social wi-fi mesh network | |
| TW200841679A (en) | Security key generation for wireless communications | |
| CN103796151B (en) | The method and system that ad content is pushed | |
| CN107623912A (en) | The method and device of secure communication between a kind of car networking terminal | |
| CN106603504A (en) | VoIP (Voice over Internet Protocol) encrypting and monitoring methods and VoIP encrypting and monitoring devices | |
| WO2017181518A1 (en) | Method, apparatus and system for encrypting communication | |
| CN112804133B (en) | Encryption group chat method and system based on blockchain technology | |
| CN103188229A (en) | Method and equipment for secure content access | |
| CN105262773A (en) | A verification method and apparatus for an IOT system | |
| CN112804354B (en) | Method and device for data transmission across chains, computer equipment and storage medium | |
| CN108353279A (en) | A kind of authentication method and Verification System | |
| CN111182497A (en) | V2X anonymous authentication method, device and storage medium | |
| CN109309910A (en) | Communication data transmission method, system, equipment and computer readable storage medium | |
| CN105100268A (en) | Security control method and system of Internet-of-things device as well as application server | |
| CN114090983A (en) | Heterogeneous federated learning platform communication method and device | |
| CN107342964A (en) | A kind of message parsing method and equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |