CN105981028B - 通信网络上的网络元件认证 - Google Patents

通信网络上的网络元件认证 Download PDF

Info

Publication number
CN105981028B
CN105981028B CN201580007652.0A CN201580007652A CN105981028B CN 105981028 B CN105981028 B CN 105981028B CN 201580007652 A CN201580007652 A CN 201580007652A CN 105981028 B CN105981028 B CN 105981028B
Authority
CN
China
Prior art keywords
network
new switch
new
private key
switch
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201580007652.0A
Other languages
English (en)
Chinese (zh)
Other versions
CN105981028A (zh
Inventor
威廉姆·托马斯·塞拉
詹姆斯·麦克尔·塞拉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Level 3 Communications LLC
Original Assignee
Level 3 Communications LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Level 3 Communications LLC filed Critical Level 3 Communications LLC
Publication of CN105981028A publication Critical patent/CN105981028A/zh
Application granted granted Critical
Publication of CN105981028B publication Critical patent/CN105981028B/zh
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/047Key management, e.g. using generic bootstrapping architecture [GBA] without using a trusted network node as an anchor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Small-Scale Networks (AREA)
CN201580007652.0A 2014-02-11 2015-02-09 通信网络上的网络元件认证 Expired - Fee Related CN105981028B (zh)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US14/178,036 US8949949B1 (en) 2014-02-11 2014-02-11 Network element authentication in communication networks
US14/178,036 2014-02-11
PCT/US2015/015002 WO2015123135A1 (en) 2014-02-11 2015-02-09 Network element authentication in communication networks

Publications (2)

Publication Number Publication Date
CN105981028A CN105981028A (zh) 2016-09-28
CN105981028B true CN105981028B (zh) 2019-04-09

Family

ID=52395900

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580007652.0A Expired - Fee Related CN105981028B (zh) 2014-02-11 2015-02-09 通信网络上的网络元件认证

Country Status (6)

Country Link
US (1) US8949949B1 (enExample)
EP (1) EP2905940B1 (enExample)
JP (1) JP6453351B2 (enExample)
CN (1) CN105981028B (enExample)
CA (1) CA2881575C (enExample)
WO (1) WO2015123135A1 (enExample)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9900217B2 (en) * 2014-03-26 2018-02-20 Arista Networks, Inc. Method and system for network topology enforcement
JP6226080B2 (ja) * 2014-09-25 2017-11-08 日本電気株式会社 通信制御装置、通信制御方法、通信制御プログラム、及び、情報システム
KR102088523B1 (ko) * 2017-12-28 2020-03-12 주식회사 엘핀 하이브리드 패스워드 인증 방법 및 시스템
US11025592B2 (en) 2019-10-04 2021-06-01 Capital One Services, Llc System, method and computer-accessible medium for two-factor authentication during virtual private network sessions
US12088469B2 (en) * 2022-05-26 2024-09-10 Red Hat, Inc. Domain specific language for protected mesh communication
US12438728B2 (en) * 2023-05-24 2025-10-07 GM Global Technology Operations LLC Message authentication system including a network device having security proxy support

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1926810A (zh) * 2004-03-03 2007-03-07 三菱电机株式会社 第二层交换网络系统
CN101690287A (zh) * 2007-04-20 2010-03-31 Lm爱立信电话有限公司 用于移动设备授证的方法和系统
US20110299684A1 (en) * 2010-06-03 2011-12-08 Digi International Inc. Smart energy network configuration using an auxiliary gateway
US20120124367A1 (en) * 2010-11-15 2012-05-17 Trilliant Holdings Inc. System and Method for Securely Communicating Across Multiple Networks Using a Single Radio
US20120324218A1 (en) * 2011-06-17 2012-12-20 Duren Michael J Peer-to-Peer Trusted Network Using Shared Symmetric Keys

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7117526B1 (en) * 1999-10-22 2006-10-03 Nomadix, Inc. Method and apparatus for establishing dynamic tunnel access sessions in a communication network
EP1102430A1 (en) * 1999-10-27 2001-05-23 Telefonaktiebolaget Lm Ericsson Method and arrangement in an ad hoc communication network
CA2789166A1 (en) * 2002-03-01 2003-09-12 Enterasys Networks, Inc. Location aware data network
US7508801B1 (en) * 2003-03-21 2009-03-24 Cisco Systems, Inc. Light-weight access point protocol
US7512969B2 (en) * 2003-11-21 2009-03-31 Time Warner Cable, A Division Of Time Warner Entertainment Company, L.P. System and method for detecting and reporting cable network devices with duplicate media access control addresses
WO2006069428A1 (en) * 2004-12-30 2006-07-06 Bce Inc. System and method for secure access
JP4620527B2 (ja) * 2005-06-03 2011-01-26 株式会社日立製作所 パケット通信装置
US20080263647A1 (en) * 2006-07-21 2008-10-23 General Electric Company System and Method For Providing Network Device Authentication
JP4714111B2 (ja) * 2006-08-29 2011-06-29 株式会社日立製作所 管理計算機、計算機システム及びスイッチ
TWI340578B (en) * 2006-12-10 2011-04-11 Cameo Communications Inc A method for anti-rogue connection in a network system
US8504718B2 (en) * 2010-04-28 2013-08-06 Futurewei Technologies, Inc. System and method for a context layer switch
JP5397547B2 (ja) * 2010-07-28 2014-01-22 富士通株式会社 鍵設定方法、ノード、およびネットワークシステム
US8848700B2 (en) * 2011-09-30 2014-09-30 Electronics And Telecommunications Research Institute Method for device-to-device communication based on cellular telecommunication system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1926810A (zh) * 2004-03-03 2007-03-07 三菱电机株式会社 第二层交换网络系统
CN101690287A (zh) * 2007-04-20 2010-03-31 Lm爱立信电话有限公司 用于移动设备授证的方法和系统
US20110299684A1 (en) * 2010-06-03 2011-12-08 Digi International Inc. Smart energy network configuration using an auxiliary gateway
US20120124367A1 (en) * 2010-11-15 2012-05-17 Trilliant Holdings Inc. System and Method for Securely Communicating Across Multiple Networks Using a Single Radio
US20120324218A1 (en) * 2011-06-17 2012-12-20 Duren Michael J Peer-to-Peer Trusted Network Using Shared Symmetric Keys

Also Published As

Publication number Publication date
JP6453351B2 (ja) 2019-01-16
HK1213106A1 (en) 2016-06-24
CA2881575C (en) 2015-09-15
CN105981028A (zh) 2016-09-28
US8949949B1 (en) 2015-02-03
WO2015123135A1 (en) 2015-08-20
JP2017506454A (ja) 2017-03-02
EP2905940B1 (en) 2016-09-14
CA2881575A1 (en) 2015-04-20
EP2905940A1 (en) 2015-08-12

Similar Documents

Publication Publication Date Title
Mick et al. LASeR: Lightweight authentication and secured routing for NDN IoT in smart cities
CN106664311B (zh) 支持异构电子设备之间差异化的安全通信
US9735957B2 (en) Group key management and authentication schemes for mesh networks
CN102883316B (zh) 建立连接的方法、终端和接入点
CN105981028B (zh) 通信网络上的网络元件认证
US9356776B2 (en) Key managing system and method for sensor network security
CN101356759A (zh) 安全密钥材料的基于令牌的分布式生成
WO2004010636A1 (en) Mobile ad-hoc network including node authentication features and related methods
CN113411190B (zh) 密钥部署、数据通信、密钥交换、安全加固方法及系统
CN101420686A (zh) 基于密钥的工业无线网络安全通信实现方法
CN103309307A (zh) 一种基于对象访问控制的智能家电控制方法
CN102546184A (zh) 传感网内消息安全传输或密钥分发的方法和系统
CN101282208A (zh) 安全连接关联主密钥的更新方法和服务器及网络系统
KR100892616B1 (ko) 무선 센서 네트워크에서의 새로운 장치 참여 방법
CN103731819B (zh) 一种无线传感器网络节点的认证方法
CN103888940B (zh) 多级加密与认证的wia‑pa网络手持设备的通讯方法
Martignon et al. Design and implementation of MobiSEC: A complete security architecture for wireless mesh networks
KR101267415B1 (ko) 산업무선네트워크에서 키에 의한 상호 인증 시스템 및 그 방법
JP2016213544A (ja) ネットワーク管理システム及びネットワーク管理方法
KR20190040443A (ko) 스마트미터의 보안 세션 생성 장치 및 방법
CN104703174A (zh) 一种无线Mesh网络路由安全保护方法
KR100972743B1 (ko) 마니모의 이동 애드 혹 네트워크에 속한 이동 라우터 간에인증 토큰을 이용한 상호 인증 방법
CN104486082A (zh) 认证方法和路由器
JP2004266516A (ja) ネットワーク管理サーバ、通信端末、エッジスイッチ装置、通信用プログラム並びにネットワークシステム
CN107295015B (zh) 一种交通信号机通信方法

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190409

Termination date: 20200209

CF01 Termination of patent right due to non-payment of annual fee