CN104868991B - A kind of Security Parameter Index conflict processing method and group key server KS - Google Patents
A kind of Security Parameter Index conflict processing method and group key server KS Download PDFInfo
- Publication number
- CN104868991B CN104868991B CN201510230765.9A CN201510230765A CN104868991B CN 104868991 B CN104868991 B CN 104868991B CN 201510230765 A CN201510230765 A CN 201510230765A CN 104868991 B CN104868991 B CN 104868991B
- Authority
- CN
- China
- Prior art keywords
- spi
- key
- equipment
- strategies
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of Security Parameter Index conflict processing method and group key server KS, KS is after receiving the GM equipment conflict notification packet transmitted when confirming the local SPI for existing and conflicting with the first SPI, first SPI corresponds to the first SA strategies and first key, KS generates twoth SPI corresponding with the first SA strategies and first key, 2nd SPI is different from the first SPI, and issues the first SA strategies, first key and the 2nd SPI to GM equipment.It answers same SPI to solve the problems, such as that KS is issued to the key of GM equipment with the existing key pair of GM equipment and causes to conflict mutually, to improve the correctness that GM equipment is encrypted or decrypts to protocol massages or data message, to improve the stability of network.
Description
Technical field
The present invention relates to field of communication technology, more particularly to a kind of Security Parameter Index conflict processing method.The present invention is same
When be related to a kind of group key server KS.
Background technology
GD VPN (Group Domain Virtual Private Network organize domain virtual private networks) are a kind of realities
The solution of existing key and security strategy centralized management, be mainly used for protecting flux of multicast (such as audio, video are wide
Broadcast the safe transmission with Multicast File).The tunnel of point-to-point relative to traditional IPsec VPN connects, and GD VPN are a kind of
Point-to-multipoint non-tunnel connection, and provide a kind of new IPsec security models based on group.
GD VPN are made of KS (Key Server, key server) and GM (Group Member, group membership) equipment, KS
The management of multiple and different security strategies and key is realized by different groups.As shown in Figure 1, being one kind in the prior art
The structural schematic diagram of GD VPN networkings, the GM equipment in the GD VPN networkings are registered firstly the need of to KS before addition,
KS generates SA (Security Association, Security Association) strategies and key in the process, while also generating and the SA
The corresponding with key SPI (Security Parameter Index, Security Parameter Index) of strategy, and by SA tactful, key and
SPI corresponding with SA strategies and key is issued to GM equipment.Wherein, SA strategies include:Rekey SA strategies or IPsec SA plans
Slightly.GM equipment generates the key that Rekey SA, Rekey SA are used to that GM and KS to be protected to interact according to Rekey SA strategies and key
Newer protocol massages.GM equipment generates IPsec SA, IPsec SA for protecting GM to set according to IPsec SA strategies and key
The data message forwarded between standby.
After GM equipment receives SA strategies, key and the SPI that KS is issued, also preserve between SA strategies, key and SPI three
Correspondence.Correspondence between follow-up GM equipment utilizations Rekey SA strategies, key and SPI three searches key,
And it is encrypted or decrypts with the protocol massages in KS interactive processes using the key pair GM equipment found;It utilizes
Correspondence between IPsec SA strategy, key and SPI three looks for lookup key, and is set using the key pair GM found
The standby data message with other GM equipment interactive processes is encrypted or decrypts
However, inventor has found in the implementation of the present invention, since the same GM equipment can be noted to different KS
Volume, in this way by the different KS corresponding SPI of different keys generated it is possible that identical situation, therefore when same in GM equipment
In the case that one SPI has corresponded to multiple and different keys, which may be got when needing using key based on SPI
The key of mistake, to be unable to properly receive or send the protocol massages interacted with KS or can not be pair between other GM equipment
The data message of forwarding correctly encrypt or decrypt, and is affected to the stability of network.
Invention content
The present invention provides a kind of Security Parameter Index conflict processing method, to solve to be issued to the key of GM equipment with
The problem of existing key pair of GM equipment answers same SPI and causes to conflict mutually, to improve GM equipment to protocol massages or number
The correctness for being encrypted or decrypting according to message, to improve the stability of network, the method is applied to include that KS and GM are set
In standby GD VPN, this method includes:
The KS receives the GM equipment and is sent out when confirming the local SPI for existing and conflicting with the first Security Parameter Index SPI
The conflict notification packet sent, the conflict notification packet carry the of the first SPI, the first SPI and the KS generation
One SA strategies and first key correspond to;
The KS generates twoth SPI, twoth SPI and described first corresponding with the first SA strategies and first key
SPI is different;
The KS issues the first SA strategies, the first key and the 2nd SPI to the GM equipment;
The KS deletes the corresponding pass between the first SPI, the first the SA strategy locally preserved and first key three
System preserves the correspondence between the 2nd SPI, the first SA strategy and first key three.
Correspondingly, the invention also provides a kind of group key server KS, which is characterized in that the KS is applied to include institute
It states in the KS and domain Virtual Private Network GD VPN of group membership's GM equipment, including:
Receiving module is confirming what local presence conflicted with the first Security Parameter Index SPI for receiving the GM equipment
The conflict notification packet sent when SPI, the conflict notification packet carry the first SPI, the first SPI and the KS life
At the first SA strategy and first key correspond to;
Generation module, for generating twoth SPI corresponding with the first SA strategies and first key, the 2nd SPI and institute
State the first SPI differences;
Module is issued, for issuing the first SA strategies, the first key and described second to the GM equipment
SPI;
Processing module, for deleting between the first SPI, the first SA that locally preserve strategy and first key three
Correspondence preserves the correspondence between the 2nd SPI, the first SA strategy and first key three.
It can be seen that by applying the technical scheme of the present invention, KS is confirming local exist and the receiving GM equipment
When the SPI of one SPI conflicts after transmitted conflict notification packet, the first SPI corresponds to the first SA strategies and first key,
KS is generated and the first SA is tactful and corresponding 2nd SPI of first key, and the 2nd SPI is different from the first SPI, and to GM
Equipment issues the first SA strategies, first key and the 2nd SPI.It is issued to the key of GM equipment with GM equipment to solve KS
The problem of some key pairs answer same SPI and cause to conflict mutually, to improve GM equipment to protocol massages or data message into
The correctness of row encryption or decryption, to improve the stability of network.
Description of the drawings
Fig. 1 is existing GD VPN networking structure schematic diagrames;
Fig. 2 is a kind of flow diagram of Security Parameter Index conflict processing method proposed by the present invention;
Fig. 3 is a kind of structural schematic diagram of KS proposed by the present invention.
Specific implementation mode
To solve the technical problem, the present invention proposes a kind of Security Parameter Index conflict processing method, as shown in figure 3,
This approach includes the following steps:
S201, KS receive the conflict that GM equipment is sent when confirming the local SPI for existing and conflicting with the first SPI and notice report
Text, the conflict notification packet carry the first SA strategies and first that the first SPI, the first SPI and the KS are generated
Key pair is answered.
In GM equipment when being registered to a new KS, KS can first be issued to the GM equipment SA strategy and
SPI corresponding with SA strategies, the SPI issued, which will be the KS, to register the key pair that the GM equipment is sent to when completion
The SPI answered, only GM equipment are after confirming that the SA strategies are acceptable and sending the confirmation message of corresponding SA strategies to KS, after KS
It is continuous just to will continue to issue key corresponding with SA strategies and SPI to the GM equipment.And it is registered to current KS in GM equipment
After work(, in order to keep the freshness of key in GM equipment, KS can be also periodically generated to be answered with the SA strategies and key pair issued
New SPI, and SA strategies, key and new SPI are sent to GM equipment.For GM equipment, either in registration rank
Section or follow-up SPI more new stages are required for after receiving SA strategies, key and SPI, preserve SA strategies, key and
Correspondence between SPI three.
It is without any processing the difference is that GM in technical solution of the present invention for SPI with GM equipment in the prior art
Equipment is after receiving KS and being handed down to itself SA strategies and SPI or receives KS and is handed down to SA strategies, key and the SPI of itself
Afterwards, can the SPI in the correspondence between the SPI and each SA locally preserved strategies, key and SPI three comparison be carried out to sentence
It is disconnected, confirm local with the presence or absence of the SPI clashed with the SPI.What the SPI for issuing the KS in the present embodiment, the KS were generated
And the key corresponding with the SPI that the corresponding SA strategies of the SPI and the KS are generated is respectively the first SPI, the first SA strategy
And first key.After confirming the local SPI for existing and conflicting with the first SPI, GM equipment generates conflict notification packet immediately, and
First SPI carryings are sent to KS, SPI of the KS equipment in getting the conflict notification packet in the conflict notification packet
Afterwards, you can know the first SPI and first SA corresponding with the first the SPI strategy and first key for generating conflict.Specific
Embodiment in, which may be used the info messages of CONFLICT-SPI types, and those skilled in the art exist
It can also use other that can realize the message of identical purpose type on the basis of this, these are all within the scope of protection of the present invention.
In addition, the important equipment breaks down and leads to network paralysis in order to prevent, KS can be directed to and use redundancy backup
Scheme, that is, be arranged a main KS and one or more for KS, under normal circumstances by main KS carry out execute KS institute it is functional,
Standby KS only needs to be responsible for E-Packeting.It can be taken over seamlessly when in order to realize failure, the main KS and standby KS for GM equipment
Mark be the same, also result in this way GM equipment send conflict notification packet when and do not differentiate between main KS and standby KS, because
This main KS and standby KS are likely to receive the conflict notification packet for coming from GM equipment.For the situation, the present invention is for every
A KS is provided with when receiving the conflict notification packet sent by GM equipment, and breaking first, whether itself is current in redundancy backup
State, and following processing is executed according to judging result and from the role in redundancy backup state:
(1) KS is not presently within redundancy backup state
In the case where not using redundancy backup mechanism (i.e. when KS is not presently within redundancy backup state), conflict notice
Message is sent by GM equipment, and the conflict notification packet sent by GM equipment is directly received by the KS.
(2) KS is currently at redundancy backup state, and KS is standby KS
For the standby KS in redundancy backup mechanism, it is arranged after receiving conflict notification packet by conflict notice report in the present invention
Text is forwarded to main KS, and subsequent processing is carried out by main KS.
(3) KS is currently at redundancy backup state, and KS is main KS
In this case, KS will likely receive conflict notification packet from GM equipment or standby KS, and conflict notification packet is by GM
Equipment is sent or the standby KS by being currently at redundancy backup state is forwarded after the conflict notification packet for receiving the transmission of GM equipment
To KS.
S202, the KS generate twoth SPI corresponding with the first SA strategies and first key.
In order to avoid similar conflict occurs between the SPI that subsequently generate with other KS again of the 2nd SPI generated as possible asking
Topic, KS will generate the SPI jointly when local terminal generates two SPI at random with specific reference to one or more parameters of this KS, wherein
The parameter of KS may include the information such as mark ID, the run time of this KS, the temperature of this KS or the noise on the peripheries this KS of this KS.This
Field technology personnel can proceed with extension on this basis, and these are all within the scope of protection of the present invention.
It should be noted that due under redundancy backup state the step completed by main KS, in order to ensure other
The content of standby KS is consistent with main KS contents, and main KS, will be the first SA strategies, first key and second after having executed this step
SPI is sent to current all standby KS, in order to which each standby KS deletes the first SA locally preserved strategies, first key and first
Correspondence between SPI three preserves the correspondence between the first SA strategies, first key and the 2nd SPI three.
S203, the KS issue the first SA strategies, the first key and the 2nd SPI to the GM equipment.
As previously described, because being likely to occur SPI conflicts during GM facility registrations or during SPI is newer
The problem of, therefore based on the difference of the GM facility registration states, this step concrete processing procedure is as follows:
(1) if the unregistered success of GM equipment, the first SA strategies and described second are sent to the GM equipment
SPI, after receiving the confirmation message for corresponding to the first SA strategies that the GM equipment returns, to GM equipment transmission
The first key and the 2nd SPI;
(2) if the registered success of GM equipment, the first SA strategies, described first are sent simultaneously to the GM equipment
Key and the 2nd SPI.
By taking concrete scene shown in FIG. 1 as an example, in the specific embodiment, set when KS equipment receives one of GM
Standby conflict notification packet and after having accordingly generated the 2nd SPI corresponding with the first SA strategies and first key, will set GM
Standby login state is judged.If the GM equipment is currently in the state registered, KS is sent to the GM equipment
First registration response message, the first registration response message include at least one and carry the first SA strategy and the 2nd SPI
Load.The subsequent KS sends second after receiving the confirmation message by the transmission of GM equipment for the first SA strategies, then to GM equipment
Response message is registered, the load for carrying first key and the 2nd SPI is included at least in the second registration response message.
KS issues the first SA plans by front and back the first registration response message of transmission respectively and the second registration response message to the GM equipment
Slightly, first key and the 2nd SPI.
If the GM equipment registered completion at present, KS sends Rekey messages, the Rekey messages to the GM equipment
In include at least the load and the load for carrying key and SPI that one carries SA strategies and SPI.KS passes through the Rekey
Message issues the first SA strategies, first key and the 2nd SPI to the GM equipment.
S204, the KS delete pair between the first SPI, the first the SA strategy locally preserved and first key three
It should be related to, preserve the correspondence between the 2nd SPI, the first SA strategy and first key three.
For KS after S202 generates new SPI according to the attribute information of itself, original SPI carrys out KS either GM
Say that KS equipment, which can be discarded, leaves unused or delete not with any effect.In the application preferred embodiment, base
In the current use state of the type of the first SA strategies and the first key, the time deleted is determined, it is specific to delete mode such as
Under:
(1) if the first SA strategies are IPsec SA strategy, the KS delete the first SPI locally preserved,
Correspondence between first SA strategies and first key three;
(2) described if the first SA strategies are Rekey SA strategies and the first key is not currently used for encrypting
KS deletes the correspondence between the first SPI, the first the SA strategy locally preserved and first key three;
(3) described if the first SA strategies are Rekey SA strategies and the first key currently has been used for encrypting
KS deletes local after confirming that the first SA strategies, the first key are sent to the GM equipment with the 2nd SPI
Correspondence between the first SPI, the first the SA strategy preserved and first key three.
In addition, after the conflict notification packet sended over for some GM equipment is disposed, KS will be actively to institute
It states all registered successful GM equipment in GD VPN in addition to the GM equipment and sends the first SA strategies, described first
Key and the 2nd SPI.All registered successful GM equipment in GD VPN in this way in addition to the GM equipment can evidence
This deletes the correspondence between the first SPI, the first the SA strategy locally preserved and first key three, and described in preservation
Correspondence between 2nd SPI, the first SA strategy and first key three.
To reach the above technical purpose, the invention also provides a kind of group key server KS, the KS be applied to include
In the KS and domain Virtual Private Network GD VPN of group membership's GM equipment, as shown in figure 3, including:
Receiving module 310 conflicts in the presence of confirmation local with the first Security Parameter Index SPI for receiving the GM equipment
SPI when the conflict notification packet that sends, the conflict notification packet carries the first SPI, the first SPI and the KS
The first SA strategies and first key generated corresponds to;
Generation module 320, for generate with the first SA strategies and first key corresponding 2nd SPI, the 2nd SPI and
First SPI is different;
Module 330 is issued, for issuing the first SA strategies, the first key and described second to the GM equipment
SPI;
Processing module 340, for delete locally preserve the first SPI, the first SA strategy and first key three it
Between correspondence, preserve the correspondence between the 2nd SPI, the first SA strategy and first key three.
In specific application scenarios, the module that issues is specifically used for:
If the unregistered success of GM equipment, the first SA strategies and the 2nd SPI are sent to the GM equipment, when
After receiving the confirmation message corresponding to the first SA strategies that the GM equipment returns, to GM equipment transmission described the
One key and the 2nd SPI;
If the registered success of GM equipment, the first SA strategy, described first close is sent simultaneously to the GM equipment
Key and the 2nd SPI.
In specific application scenarios, the processing module is specifically used for:
If the first SA strategies are IPsec SA strategy, delete the first SPI, the first the SA strategy locally preserved and
Correspondence between first key three;
If the first SA strategies are Rekey SA strategies and the first key is not currently used for encrypting, local protect is deleted
Correspondence between the first SPI, the first the SA strategy deposited and first key three;
If the first SA strategies are Rekey SA strategies and the first key currently has been used for encrypting, described in confirmation
First SA strategies, the first key delete described the locally preserved after being sent to the GM equipment with the 2nd SPI
Correspondence between one SPI, the first SA strategy and first key three.
In specific application scenarios, further include:
Announcement module, for all registered successful GM equipment hairs into the GD VPN in addition to the GM equipment
The first SA strategies, the first key and the 2nd SPI are sent, so that in the GD VPN in addition to the GM equipment
All registered successful GM equipment are deleted between the first SPI, the first the SA strategy locally preserved and first key three
Correspondence, and preserve the 2nd SPI, the first SA strategy and first key three between correspondence.
In specific application scenarios, when the KS is not in redundancy backup state, the conflict notification packet is by institute
State the transmission of GM equipment;When the KS be in redundancy backup state and for main KS when, the conflict notification packet is by the GM equipment
It sends, or is forwarded after receiving the conflict notification packet that the GM equipment is sent by the standby KS in redundancy backup state
To the KS.In specific application scenarios, the 2nd SPI is generated according to the parameter of the KS, and the parameter of the KS is at least
Including:The run time of the ID of the KS or described KS or the noise on the temperature of the KS or the peripheries KS.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can lead to
Hardware realization is crossed, the mode of necessary general hardware platform can also be added to realize by software.Based on this understanding, this hair
Bright technical solution can be expressed in the form of software products, which can be stored in a non-volatile memories
In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.), including some instructions are used so that a computer equipment (can be
Personal computer, server or network equipment etc.) execute method described in each implement scene of the present invention.
It will be appreciated by those skilled in the art that the accompanying drawings are only schematic diagrams of a preferred implementation scenario, module in attached drawing or
Flow is not necessarily implemented necessary to the present invention.
It will be appreciated by those skilled in the art that the module in device in implement scene can be described according to implement scene into
Row is distributed in the device of implement scene, can also be carried out respective change and is located at the one or more dresses for being different from this implement scene
In setting.The module of above-mentioned implement scene can be merged into a module, can also be further split into multiple submodule.
Aforementioned present invention serial number is for illustration only, does not represent the quality of implement scene.
Disclosed above is only several specific implementation scenes of the present invention, and still, the present invention is not limited to this, Ren Heben
What the technical staff in field can think variation should all fall into protection scope of the present invention.
Claims (12)
1. a kind of processing method of Security Parameter Index conflict, which is characterized in that the method is applied to include group key service
In the device KS and group domain Virtual Private Network GD VPN of group membership's GM equipment, this method includes:
The KS receives what the GM equipment was sent when confirming the local SPI for existing and conflicting with the first Security Parameter Index SPI
Conflict notification packet, and the conflict notification packet carries the first peace that the first SPI, the first SPI and the KS are generated
Full alliance SA strategies and first key correspond to;
The KS generates twoth SPI, twoth SPI and first SPI corresponding with the first SA strategies and first key not
Together;
The KS issues the first SA strategies, the first key and the 2nd SPI to the GM equipment;
The KS deletes the correspondence between the first SPI, the first the SA strategy locally preserved and first key three, protects
Deposit the correspondence between the 2nd SPI, the first SA strategy and first key three.
2. according to the method described in claim 1, it is characterized in that, the KS issues the first SA plans to the GM equipment
Slightly, the first key and the 2nd SPI, specially:
If the unregistered success of GM equipment, the first SA strategies and the 2nd SPI are sent to the GM equipment, works as reception
After the confirmation message corresponding to the first SA strategies returned to the GM equipment, it is close to send described first to the GM equipment
Key and the 2nd SPI;
If the registered success of GM equipment, sent simultaneously to the GM equipment the first SA strategy, the first key and
2nd SPI.
3. according to the method described in claim 1, it is characterized in that, the KS deletes the first SPI that locally preserves and the
One SA strategies and the correspondence of first key are specially:
If the first SA strategies are IPsec SA strategies, the KS deletes the first SPI locally preserved, the first SA plans
Correspondence between summary and first key three;
If the first SA strategies are Rekey SA strategies and the first key is not currently used for encrypting, the KS deletes this
Correspondence between the first SPI, the first the SA strategy of ground preservation and first key three;
If the first SA strategies are Rekey SA strategies and the first key currently has been used for encrypting, the KS is confirming
The first SA strategies, the first key delete the institute locally preserved after being sent to the GM equipment with the 2nd SPI
State the correspondence between the first SPI, the first SA strategy and first key three.
4. according to the method described in claim 1, it is characterized in that, being generated and the first SA strategies and first key pair in the KS
After the 2nd SPI answered, the method further includes:
All registered successful GM equipment into the GD VPN in addition to the GM equipment send the first SA strategies,
The first key and the 2nd SPI, so that all registered successful in addition to the GM equipment in the GD VPN
GM equipment deletes the correspondence between the first SPI, the first the SA strategy locally preserved and first key three, and preserves
Correspondence between 2nd SPI, the first SA strategy and first key three.
5. according to the method described in claim 1, it is characterized in that,
When the KS is not in redundancy backup state, the conflict notification packet is sent by the GM equipment;
When the KS be in redundancy backup state and for main KS when, the conflict notification packet is sent by the GM equipment, or by
Standby KS in redundancy backup state is forwarded to the KS after receiving the conflict notification packet that the GM equipment is sent.
6. according to the method described in claim 1, it is characterized in that, the 2nd SPI according to the parameter of the KS generate, it is described
The parameter of KS includes at least:The run time or the temperature of the KS of the ID of the KS or described KS or making an uproar for the peripheries KS
Sound.
7. a kind of group key server KS, which is characterized in that the KS is applied to include the KS and group membership's GM equipment
In the Virtual Private Network GD VPN of domain, including:
Receiving module, for receiving the GM equipment when confirming the SPI for locally existing and conflicting with the first Security Parameter Index SPI
The conflict notification packet of transmission, the conflict notification packet carry what the first SPI, the first SPI and the KS were generated
First security alliance SA strategy and first key correspond to;
Generation module, for generating and the first SA strategies and first key corresponding 2nd SPI, the 2nd SPI and described the
One SPI is different;
Module is issued, for issuing the first SA strategies, the first key and the 2nd SPI to the GM equipment;
Processing module, for deleting the correspondence between the first SPI, the first SA that locally preserve strategy and first key three
Relationship preserves the correspondence between the 2nd SPI, the first SA strategy and first key three.
8. KS according to claim 7, which is characterized in that the module that issues is specifically used for:
If the unregistered success of GM equipment, the first SA strategies and the 2nd SPI are sent to the GM equipment, works as reception
After the confirmation message corresponding to the first SA strategies returned to the GM equipment, it is close to send described first to the GM equipment
Key and the 2nd SPI;
If the registered success of GM equipment, sent simultaneously to the GM equipment the first SA strategy, the first key and
2nd SPI.
9. KS according to claim 7, which is characterized in that the processing module is specifically used for:
If the first SA strategies are IPsec SA strategies, the first SPI, the first the SA strategy and first locally preserved is deleted
Correspondence between key three;
If the first SA strategies are Rekey SA strategies and the first key is not currently used for encrypting, what deletion locally preserved
Correspondence between first SPI, the first SA strategy and first key three;
If the first SA strategies are Rekey SA strategies and the first key currently has been used for encrypting, described first is being confirmed
SA strategies, the first key delete described first locally preserved after being sent to the GM equipment with the 2nd SPI
Correspondence between SPI, the first SA strategy and first key three.
10. KS according to claim 7, which is characterized in that further include:
Announcement module sends institute for all registered successful GM equipment into the GD VPN in addition to the GM equipment
The first SA strategies, the first key and the 2nd SPI are stated, so that all in addition to the GM equipment in the GD VPN
Registered successful GM equipment deletes pair between the first SPI, the first the SA strategy locally preserved and first key three
It should be related to, and preserve the correspondence between the 2nd SPI, the first SA strategy and first key three.
11. KS according to claim 7, which is characterized in that
When the KS is not in redundancy backup state, the conflict notification packet is sent by the GM equipment;
When the KS be in redundancy backup state and for main KS when, the conflict notification packet is sent by the GM equipment, or by
Standby KS in redundancy backup state is forwarded to the KS after receiving the conflict notification packet that the GM equipment is sent.
12. KS according to claim 7, which is characterized in that the 2nd SPI is generated according to the parameter of the KS, described
The parameter of KS includes at least:The run time or the temperature of the KS of the ID of the KS or described KS or making an uproar for the peripheries KS
Sound.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510230765.9A CN104868991B (en) | 2015-05-07 | 2015-05-07 | A kind of Security Parameter Index conflict processing method and group key server KS |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510230765.9A CN104868991B (en) | 2015-05-07 | 2015-05-07 | A kind of Security Parameter Index conflict processing method and group key server KS |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104868991A CN104868991A (en) | 2015-08-26 |
CN104868991B true CN104868991B (en) | 2018-09-04 |
Family
ID=53914537
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510230765.9A Active CN104868991B (en) | 2015-05-07 | 2015-05-07 | A kind of Security Parameter Index conflict processing method and group key server KS |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104868991B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101694672A (en) * | 2009-10-16 | 2010-04-14 | 华中科技大学 | Distributed safe retrieval system |
CN102904901A (en) * | 2012-10-29 | 2013-01-30 | 杭州华三通信技术有限公司 | Method for synchronizing IPsec SA, group member and group secret server |
CN103414554A (en) * | 2013-08-13 | 2013-11-27 | 成都卫士通信息产业股份有限公司 | Objectification secret key management system and secret key management method based on system |
CN104023022A (en) * | 2014-06-13 | 2014-09-03 | 杭州华三通信技术有限公司 | Method and device of obtaining IPSec SA (Internet Protocol Security Association) |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7496748B2 (en) * | 2001-07-23 | 2009-02-24 | Itt Manufacturing Enterprises | Method for establishing a security association between two or more computers communicating via an interconnected computer network |
US8892515B2 (en) * | 2011-09-30 | 2014-11-18 | International Business Machines Corporation | Enforcing temporal uniqueness of index keys utilizing key-valued locking in the presence of pseudo-deleted keys |
-
2015
- 2015-05-07 CN CN201510230765.9A patent/CN104868991B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101694672A (en) * | 2009-10-16 | 2010-04-14 | 华中科技大学 | Distributed safe retrieval system |
CN102904901A (en) * | 2012-10-29 | 2013-01-30 | 杭州华三通信技术有限公司 | Method for synchronizing IPsec SA, group member and group secret server |
CN103414554A (en) * | 2013-08-13 | 2013-11-27 | 成都卫士通信息产业股份有限公司 | Objectification secret key management system and secret key management method based on system |
CN104023022A (en) * | 2014-06-13 | 2014-09-03 | 杭州华三通信技术有限公司 | Method and device of obtaining IPSec SA (Internet Protocol Security Association) |
Also Published As
Publication number | Publication date |
---|---|
CN104868991A (en) | 2015-08-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017114123A1 (en) | Key configuration method and key management center, and network element | |
CN102036230B (en) | Method for implementing local route service, base station and system | |
US20120265979A1 (en) | Machine-to-machine node erase procedure | |
US6813714B1 (en) | Multicast conference security architecture | |
KR20160138057A (en) | Secure and simplified procedure for joining a social wi-fi mesh network | |
US20220407846A1 (en) | Devices and method for mtc group key management | |
CN109361663B (en) | Method, system and device for accessing encrypted data | |
CN107623912A (en) | The method and device of secure communication between a kind of car networking terminal | |
CN103986723B (en) | A kind of secret communication control, secret communication method and device | |
CN108377495A (en) | A kind of data transmission method, relevant device and system | |
CN103441983A (en) | Information protection method and device based on link layer discovery protocol | |
CN104270516A (en) | Decryption method and mobile terminal | |
US20210385728A1 (en) | Protected pre-association device identification | |
CN102905199B (en) | A kind of multicast service realizing method and equipment thereof | |
JP2007281919A (en) | Communication system on public line for performing access restriction, terminal connection apparatus, and server connection restriction apparatus | |
CN108353279A (en) | A kind of authentication method and Verification System | |
CN115766002A (en) | Method for realizing encryption and decryption of Ethernet data by adopting quantum key distribution and software definition | |
CN103997405B (en) | A kind of key generation method and device | |
CN109981271A (en) | A kind of network multimedia security protection encryption method | |
CN102833747B (en) | Method for distributing secret keys realizing authentication for access in separation mechanism mobility management system | |
CN107294968A (en) | The monitoring method and system of a kind of audio, video data | |
US10826688B2 (en) | Key distribution and receiving method, key management center, first network element, and second network element | |
CN114375036A (en) | Method and device for data synchronization of 5G network, UDM device and storage medium | |
CN104868991B (en) | A kind of Security Parameter Index conflict processing method and group key server KS | |
CN105991606A (en) | OpenFlow message processing method and network element |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information | ||
CB02 | Change of applicant information |
Address after: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant after: Xinhua three Technology Co., Ltd. Address before: 310052 Binjiang District Changhe Road, Zhejiang, China, No. 466, No. Applicant before: Huasan Communication Technology Co., Ltd. |
|
GR01 | Patent grant | ||
GR01 | Patent grant |