CN1697373A - Method for negotiating about cipher key shared by users and application server - Google Patents
Method for negotiating about cipher key shared by users and application server Download PDFInfo
- Publication number
- CN1697373A CN1697373A CN 200510076824 CN200510076824A CN1697373A CN 1697373 A CN1697373 A CN 1697373A CN 200510076824 CN200510076824 CN 200510076824 CN 200510076824 A CN200510076824 A CN 200510076824A CN 1697373 A CN1697373 A CN 1697373A
- Authority
- CN
- China
- Prior art keywords
- user
- key
- bootstrap server
- server
- bootstrap
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
Using cipher key Kc in triple of 2G authentication self-booted server deduces cipher key CK and IK useful for 3G. Using IK to calculate out MAC value, self-booted server sends MAC and RAND together to 2G users. Based on RAND, 2G users calculate out Kc. Using a method same as the way utilized by self-booted server to deduce cipher key CK and IK deduces out cipher key CK and IK from Kc. using IK calculates out value of XMAC. Comparing the received MAC with XMAC realizes authenticating network for user. The invention makes both of 2G users and 3G users possible to negotiate about sharing cipher key in advance with self-booted server as well as realizes bi-directional authentication between user and network.
Description
Technical field
The present invention relates to the method for the negotiating about cipher key shared between the user and application server in a kind of communications field, relate in particular in the 3-G (Generation Three mobile communication system), the method for the negotiating about cipher key shared between a kind of 2G user and the application server is provided for the 2G user who leaves over.
Background technology
At present, people no longer are satisfied with phone and messaging service to the demand of mobile communication, and a large amount of multimedia application emerge along with the fast development of Internet.The authentication method of these application mostly requires to share in advance between user and the application server key.3GPP has proposed the method for general bootstrap framework (GBA), and this method provides a kind of method of consulting wildcard between 3G subscription and application server.The GBA method is briefly described below:
(1) user at first initiates access request to application server (NAF), application server require the user at first with 3G network in a bootstrap server (BSF) arranging key.
(2) user initiates request to the bootstrap server, and the bidirectional authentication mechanism by AKA negotiates key K s.
(3) user goes out key K s_NAF according to some calculation of parameter, initiates access request once more to application server.
(4) application server is initiated request to corresponding bootstrap server, and the bootstrap server is issued application server with corresponding key K s_NAF, like this, has just shared key K s_NAF between user and the application server.
But GBA only can support 3G subscription, promptly can move the user of AKA authentication mechanism.And have at present surpass 1,000,000,000 be 2G user with corpse, the SIM card of its use can't be supported the AKA authentication mechanism, also just can't use method and the application server arranging key of GBA.And, use SIM to be upgraded to these users and support that the UICC card of AKA authentication mechanism will be a long-term process.Therefore, in the quite a long time, the situation of 2G user and 3G subscription coexistence can appear.Therefore, need provide the method for a kind of 2G of support user's arranging key, so that in during 2G user and 3G subscription coexistence, 2G user also can visit the application based on GBA.
2G user uses SIM to authenticate, and SIM only can realize unilateral authentication.Unilateral authentication lacks the authentication of user to network, therefore will cause a large amount of " false network " to attack.This is a major defect of SIM authentication, when considering to support 2G user's cryptographic key negotiation method, must be able to realize the two-way authentication between user and the network.
Summary of the invention
In order to overcome the deficiency of above-mentioned technology, the present invention proposes the method for a kind of user and application server negotiating about cipher key shared, makes also can consult the wildcard method between 2G user and the application server.
Basic thought of the present invention is: the bootstrap server is upgraded, make it can support 2G user's request.In order to realize the authentication of user to the bootstrap server, key K c derives ciphering key K and the IK that can be used for 3G in the bootstrap server by utilizing 2G authentication triplets, utilizes IK to calculate the MAC value.The bootstrap server is issued 2G user together with MAC and RAND.2G user calculates Kc according to RAND, and the use method identical with IK with bootstrap server derivation CK, derives ciphering key K and IK by Kc, utilizes IK to calculate the XMAC value.Realize the authentication of user by MAC and the XMAC that relatively receives to network.
Implementation procedure of the present invention is as follows:
The first step: the user initiates to insert request to application server; Application server is judged the wildcard that whether application server has effectively and the user shares according to the information that the user sends; If have, then do not need to carry out subsequent step and come negotiating about cipher key shared; If no, then application server sends response to the user, requires user and bootstrap server negotiate to share key;
Second step: after the user receives the response that application server sends, send the arranging key request, comprise user identity in the request message to the bootstrap server;
The 3rd step: the bootstrap server sends request to the user attaching environment, requires to obtain user's Ciphering Key, comprises user identity in the request message;
The 4th step: Home Environment generates suitable Ciphering Key according to user identity, i.e. 3G Ciphering Key five-tuple or 2G Ciphering Key tlv triple, and Home Environment is issued the bootstrap server with Ciphering Key;
The 5th step: the bootstrap server judges that as Ciphering Key type, user related information etc. the user is 3G subscription or 2G user according to the information that receives from Home Environment.If the user is a 3G subscription, then carry out follow-up cipher key agreement process according to the method for GBA; If the user is 2G user, carried out for the 6th step;
The 6th step: the bootstrap server is derived according to the encryption key Kc in the Ciphering Key tlv triple and be can be used for ciphering key K and the IK that 3G subscription uses; Bootstrap server by utilizing IK and some input parameters that comprise RAND at least calculate MAC;
The 7th step: the input parameter described in bootstrap server MAC and the 6th step sends to the user, so that after the user receives this message, can obtain all input parameters that the bootstrap server calculates MAC;
The 8th step: the user utilizes RAND to calculate RES and Kc, and the user uses the method identical with IK with bootstrap server derivation CK to derive CK and IK; Utilize IK and calculate the identical calculation of parameter of MAC and go out XMAC with the bootstrap server; The user is MAC and XMAC relatively, if both differences, authentification failure then, the user stops communication; If both are identical, then the user is to the authentication success of bootstrap server; The user utilizes CK and IK to derive and obtains key K s;
The 9th step: the SRES in the bootstrap server by utilizing Ciphering Key tlv triple finishes the authentication to the user; If authentication success, then the bootstrap server uses the identical method of Ks of deriving with the user, obtains Ks by CK and IK; The bootstrap server sends response to the success of instruction manual bootstrap process, wherein should comprise the identifier that is used for tagged keys Ks and the lifetime of key K s;
The tenth step: the user obtains Ks_NAF by Ks and some other calculation of parameter, and sends request once more to application server, wherein comprises the identifier that identifies Ks; Application server sends request according to this identifier to the bootstrap server, the bootstrap server calculates corresponding key K s_NAF and sends to application server, user and application server have just been shared key K s_NAF like this, consult the wildcard process and finish.
Preferably, in the 6th step be according to encryption key Kc derivation CK in the Ciphering Key tlv triple and the method for IK: CK=Kc ‖ Kc, IK=(Kc1 XOR Kc2) ‖ Kc ‖ (Kc1 XOR Kc2), wherein, Kc1 is the first half of Kc, Kc2 is the latter half of Kc.
Preferably, can adopt the mode identical to utilize RAND to calculate RES and Kc in the 8th step with the SIM authentication.
Preferably, bootstrap server authentication user can be in the following ways in the 9th step: the user directly issues RES the bootstrap server, and the bootstrap server relatively difference of RES and SRES is realized authentication to the user.
Preferably, bootstrap server authentication user can be in the following ways in the 9th step: the user utilizes RES to calculate the message check code, the message check code is issued the bootstrap server, and the integrality that SRES in bootstrap server by utilizing Ciphering Key tlv triple checking user sends message is finished the authentication to the user.
Preferably, described CK of utilization and IK derivation key K s can be in the following ways: Ks is by obtaining CK and IK serial connection, i.e. Ks=CK ‖ IK.
Preferably, in order to prevent Replay Attack, the parameter that comprises anti-replay mechanism in the message that the bootstrap server sends in the 7th step realizes the anti-protection of resetting.
Adopt the present invention can make 2G user and 3G subscription can with bootstrap server negotiate wildcard, and can realize two-way authentication between user and the network.
Description of drawings
Fig. 1 is the flow chart that method of the present invention and application server are consulted wildcard.
Embodiment
Be described in further detail below in conjunction with the enforcement of accompanying drawing technical scheme:
1, the user establishes each and initiates to insert request to application server, and at this moment, user and application server are not shared an effective wildcard.
2, application server sends response to the user, requires user and bootstrap server to carry out the bootstrap process.
3, subscriber equipment sends the arranging key request to the bootstrap server, wherein comprises user's identity.
4, the bootstrap server is according to user's identity, to Home Environment request authentication vector.
5, Home Environment is according to user's identity, and this user is a 2G user, generate corresponding Ciphering Key and be the GSM tlv triple (RAND, SRES, Kc).
6, Home Environment is issued the bootstrap server with Ciphering Key.
7, the bootstrap server obtains CK and IK by Kc, CK=Kc ‖ Kc wherein, and IK=(Kc1 XOR Kc2) ‖ Kc ‖ (Kc1 XOR Kc2), Kc1 is the first half of Kc, Kc2 is the latter half of Kc.Bootstrap server by utilizing IK and RAND calculate the MAC value.
8, the bootstrap server sends authentication challenge to subscriber equipment, the MAC that wherein comprises the RAND in the authentication triplets and calculate.
9, subscriber equipment sends to SIM with RAND.The same with the authentication among the GSM, SIM will calculate Kc and RES according to RAND, and Kc and RES are sent to subscriber equipment.
10, subscriber equipment uses the method identical with IK with bootstrap server derivation CK to derive and obtains CK and IKcK=Kc ‖ Kc, IK=(Kc1 XOR Kc2) ‖ Kc ‖ (Kc1 XOR Kc2), and Kc1 is the first half of Kc, Kc2 is the latter half of Kc.The RAND that subscriber equipment utilizes IK and receives adopts with the bootstrap server and calculates the identical method calculating XMAC of MAC.Subscriber equipment is XMAC and MAC relatively, if both are identical, then the user is to the authentication success of network.
11, the user sends authentication response to after the network authentication success to the bootstrap server, utilizes RES conduct and network cipher key shared to calculate the check value of this response, check value is included in sends to the bootstrap server in the authentication response message.
12, the SRES in the bootstrap server by utilizing authentication triplets authenticates authentication response message.Obtain Ks by CK and IK behind the authentication success.Ks=CK‖IK。
13, the bootstrap server sends the authentication success Indication message to subscriber equipment, wherein comprises identifier and the key lifetime information of tagged keys Ks.Subscriber equipment obtains Ks by CK and IK, i.e. Ks=CK ‖ IK.
14, subscriber equipment obtains Ks_NAF by Ks.
15, subscriber equipment sends the request of access once more to application server, wherein comprises the identifier of tagged keys Ks.
16, application server is to the key of bootstrap server requests correspondence.The identifier that wherein comprises tagged keys Ks.
17, the bootstrap server obtains corresponding Ks, generates Ks_NAF.The method that generates Ks_NAF is identical with the method that subscriber equipment generates Ks_NAF.
18, the bootstrap server sends to application server with Ks_NAF.
19,, shared key K s_NAF between subscriber equipment and the application server by above step.
Claims (7)
1. the method for user and application server negotiating about cipher key shared is characterized in that described method comprises following processing procedure:
The first step: the user initiates to insert request to application server; Application server is judged the wildcard that whether application server has effectively and the user shares according to the information that the user sends; If have, then do not need to carry out subsequent step and come negotiating about cipher key shared; If no, then application server sends response to the user, requires user and bootstrap server negotiate to share key;
Second step: after the user receives the response that application server sends, send the arranging key request, comprise user identity in the request message to the bootstrap server;
The 3rd step: the bootstrap server sends request to the user attaching environment, requires to obtain user's Ciphering Key, comprises user identity in the request message;
The 4th step: Home Environment generates suitable Ciphering Key according to user identity, i.e. 3G Ciphering Key five-tuple or 2G Ciphering Key tlv triple, and Home Environment is issued the bootstrap server with Ciphering Key;
The 5th step: the bootstrap server judges that as Ciphering Key type, user related information etc. the user is 3G subscription or 2G user according to the information that receives from Home Environment.If the user is a 3G subscription, then carry out follow-up cipher key agreement process according to the method for GBA; If the user is 2G user, carried out for the 6th step;
The 6th step: the bootstrap server is derived according to the encryption key Kc in the Ciphering Key tlv triple and be can be used for ciphering key K and the IK that 3G subscription uses; Bootstrap server by utilizing IK and some input parameters that comprise RAND at least calculate MAC;
The 7th step: the input parameter described in bootstrap server MAC and the 6th step sends to the user, so that after the user receives this message, can obtain all input parameters that the bootstrap server calculates MAC;
The 8th step: the user utilizes RAND to calculate RES and Kc, and the user uses the method identical with IK with bootstrap server derivation CK to derive CK and IK; Utilize IK and calculate the identical calculation of parameter of MAC and go out XMAC with the bootstrap server; The user is MAC and XMAC relatively, if both differences, authentification failure then, the user stops communication; If both are identical, then the user is to the authentication success of bootstrap server; The user utilizes CK and IK to derive and obtains key K s;
The 9th step: the SRES in the bootstrap server by utilizing Ciphering Key tlv triple finishes the authentication to the user; If authentication success, then the bootstrap server uses the identical method of Ks of deriving with the user, obtains Ks by CK and IK; The bootstrap server sends response to the success of instruction manual bootstrap process, wherein should comprise the identifier that is used for tagged keys Ks and the lifetime of key K s;
The tenth step: the user obtains Ks_NAF by Ks and some other calculation of parameter, and sends request once more to application server, wherein comprises the identifier that identifies Ks; Application server sends request according to this identifier to the bootstrap server, the bootstrap server calculates corresponding key K s_NAF and sends to application server, user and application server have just been shared key K s_NAF like this, consult the wildcard process and finish.
2. method according to claim 1, it is characterized in that, in described the 6th step be: CK=Kc ‖ Kc according to encryption key Kc derivation CK in the Ciphering Key tlv triple and the method for IK, IK=(Kc1 XOR Kc2) ‖ Kc ‖ (Kc1XOR Kc2), wherein, Kc1 is the first half of Kc, and Kc2 is the latter half of Kc.
3. method according to claim 1 is characterized in that, can adopt the mode identical with the SIM authentication to utilize RAND to calculate RES and Kc in described the 8th step.
4. method according to claim 1, it is characterized in that, bootstrap server authentication user can be in the following ways in described the 9th step: the user directly issues RES the bootstrap server, and the bootstrap server relatively difference of RES and SRES is realized authentication to the user.
5. method according to claim 1, it is characterized in that, bootstrap server authentication user can be in the following ways in described the 9th step: the user utilizes RES to calculate the message check code, the message check code is issued the bootstrap server, and the integrality that SRES in bootstrap server by utilizing Ciphering Key tlv triple checking user sends message is finished the authentication to the user.
6. method according to claim 1 and 2 is characterized in that, described CK of utilization and IK derivation key K s can be in the following ways: Ks is by obtaining CK and IK serial connection, i.e. Ks=CK ‖ IK.
7. method according to claim 1 is characterized in that, in order to prevent Replay Attack, the parameter that comprises anti-replay mechanism in the message that the bootstrap server sends in the 7th step realizes the anti-protection of resetting.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100768248A CN100550725C (en) | 2005-06-17 | 2005-06-17 | The method of a kind of user and application server negotiating about cipher key shared |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100768248A CN100550725C (en) | 2005-06-17 | 2005-06-17 | The method of a kind of user and application server negotiating about cipher key shared |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1697373A true CN1697373A (en) | 2005-11-16 |
| CN100550725C CN100550725C (en) | 2009-10-14 |
Family
ID=35349914
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100768248A Expired - Fee Related CN100550725C (en) | 2005-06-17 | 2005-06-17 | The method of a kind of user and application server negotiating about cipher key shared |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100550725C (en) |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009076811A1 (en) * | 2007-12-14 | 2009-06-25 | Huawei Technologies Co., Ltd. | A method, a system, a client and a server for key negotiating |
| CN1845600B (en) * | 2006-05-17 | 2010-05-12 | 中国移动通信集团公司 | Method and system for realizing user key arrangement in mobile broadcast television service |
| CN101854630A (en) * | 2010-05-25 | 2010-10-06 | 中兴通讯股份有限公司 | Method, system and user equipment for realizing card authentication |
| CN101222328B (en) * | 2007-12-14 | 2010-11-03 | 西安西电捷通无线网络通信股份有限公司 | Entity bidirectional identification method |
| CN101895881A (en) * | 2009-05-18 | 2010-11-24 | 中国移动通信集团公司 | Method for realizing GBA secret key and pluggable equipment of terminal |
| CN101990201A (en) * | 2009-07-31 | 2011-03-23 | 中国移动通信集团公司 | Method, system and device for generating general bootstrapping architecture (GBA) secret key |
| CN102056077A (en) * | 2009-10-29 | 2011-05-11 | 中国移动通信集团公司 | Method and device for applying smart card by key |
| CN102264068A (en) * | 2010-05-28 | 2011-11-30 | 中国移动通信集团公司 | Shared key consultation method, system, network platform and terminal |
| CN102264069A (en) * | 2010-05-28 | 2011-11-30 | 中国移动通信集团公司 | Authentication control method, device and system based on universal guide architecture |
| CN101523797B (en) * | 2006-10-18 | 2012-02-15 | 艾利森电话股份有限公司 | Cryptographic key management in communication networks |
| CN101087261B (en) * | 2006-06-05 | 2012-05-23 | 华为技术有限公司 | Method, device and system for realizing push function based on general guiding architecture |
| CN101431406B (en) * | 2007-11-06 | 2012-07-04 | 英特尔公司 | End-to-end network security with traffic visibility |
| CN102668609A (en) * | 2009-08-17 | 2012-09-12 | 瑞典爱立信有限公司 | Method for handling ciphering keys in a mobile station |
| CN102869010A (en) * | 2011-07-04 | 2013-01-09 | 中兴通讯股份有限公司 | Method and system for single sign-on |
| US8356179B2 (en) | 2007-10-23 | 2013-01-15 | China Iwncomm Co., Ltd. | Entity bi-directional identificator method and system based on trustable third party |
| WO2013053305A1 (en) * | 2011-10-13 | 2013-04-18 | 中兴通讯股份有限公司 | Identification network end-to-end security establishing method, network side device and system |
| WO2013113162A1 (en) * | 2012-02-02 | 2013-08-08 | Nokia Siemens Networks Oy | Group based bootstrapping in machine type communication |
| CN101888626B (en) * | 2009-05-15 | 2013-09-04 | 中国移动通信集团公司 | Method and terminal equipment for realizing GBA key |
| US8751792B2 (en) | 2009-09-30 | 2014-06-10 | China Iwncomm Co., Ltd. | Method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party |
| US8903084B2 (en) | 2008-12-03 | 2014-12-02 | Intel Corporation | Efficient key derivation for end-to-end network security with traffic visibility |
| US9176838B2 (en) | 2012-10-19 | 2015-11-03 | Intel Corporation | Encrypted data inspection in a network environment |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109818749B (en) * | 2019-01-11 | 2021-11-16 | 如般量子科技有限公司 | Quantum computation resistant point-to-point message transmission method and system based on symmetric key pool |
-
2005
- 2005-06-17 CN CNB2005100768248A patent/CN100550725C/en not_active Expired - Fee Related
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1845600B (en) * | 2006-05-17 | 2010-05-12 | 中国移动通信集团公司 | Method and system for realizing user key arrangement in mobile broadcast television service |
| CN101087261B (en) * | 2006-06-05 | 2012-05-23 | 华为技术有限公司 | Method, device and system for realizing push function based on general guiding architecture |
| CN101523797B (en) * | 2006-10-18 | 2012-02-15 | 艾利森电话股份有限公司 | Cryptographic key management in communication networks |
| US8356179B2 (en) | 2007-10-23 | 2013-01-15 | China Iwncomm Co., Ltd. | Entity bi-directional identificator method and system based on trustable third party |
| CN102647431B (en) * | 2007-11-06 | 2016-07-06 | 英特尔公司 | There is the network security end to end of traffic visibility |
| CN102647431A (en) * | 2007-11-06 | 2012-08-22 | 英特尔公司 | End-to-end network security with traffic visibility |
| CN101431406B (en) * | 2007-11-06 | 2012-07-04 | 英特尔公司 | End-to-end network security with traffic visibility |
| US8417955B2 (en) | 2007-12-14 | 2013-04-09 | China Iwncomm Co., Ltd. | Entity bidirectional authentication method and system |
| WO2009076811A1 (en) * | 2007-12-14 | 2009-06-25 | Huawei Technologies Co., Ltd. | A method, a system, a client and a server for key negotiating |
| CN101222328B (en) * | 2007-12-14 | 2010-11-03 | 西安西电捷通无线网络通信股份有限公司 | Entity bidirectional identification method |
| US8903084B2 (en) | 2008-12-03 | 2014-12-02 | Intel Corporation | Efficient key derivation for end-to-end network security with traffic visibility |
| CN101888626B (en) * | 2009-05-15 | 2013-09-04 | 中国移动通信集团公司 | Method and terminal equipment for realizing GBA key |
| CN101895881B (en) * | 2009-05-18 | 2014-09-17 | 中国移动通信集团公司 | Method for realizing GBA secret key and pluggable equipment of terminal |
| CN101895881A (en) * | 2009-05-18 | 2010-11-24 | 中国移动通信集团公司 | Method for realizing GBA secret key and pluggable equipment of terminal |
| CN101990201A (en) * | 2009-07-31 | 2011-03-23 | 中国移动通信集团公司 | Method, system and device for generating general bootstrapping architecture (GBA) secret key |
| CN101990201B (en) * | 2009-07-31 | 2013-09-04 | 中国移动通信集团公司 | Method, system and device for generating general bootstrapping architecture (GBA) secret key |
| CN102668609B (en) * | 2009-08-17 | 2015-08-19 | 瑞典爱立信有限公司 | For the treatment of the method for encryption key in travelling carriage |
| CN102668609A (en) * | 2009-08-17 | 2012-09-12 | 瑞典爱立信有限公司 | Method for handling ciphering keys in a mobile station |
| US8751792B2 (en) | 2009-09-30 | 2014-06-10 | China Iwncomm Co., Ltd. | Method and system for entity public key acquiring, certificate validation and authentication by introducing an online credible third party |
| CN102056077A (en) * | 2009-10-29 | 2011-05-11 | 中国移动通信集团公司 | Method and device for applying smart card by key |
| CN102056077B (en) * | 2009-10-29 | 2013-11-06 | 中国移动通信集团公司 | Method and device for applying smart card by key |
| WO2011147258A1 (en) * | 2010-05-25 | 2011-12-01 | 中兴通讯股份有限公司 | Card authenticating method, system and user equipment |
| CN101854630A (en) * | 2010-05-25 | 2010-10-06 | 中兴通讯股份有限公司 | Method, system and user equipment for realizing card authentication |
| CN102264069A (en) * | 2010-05-28 | 2011-11-30 | 中国移动通信集团公司 | Authentication control method, device and system based on universal guide architecture |
| CN102264068B (en) * | 2010-05-28 | 2014-04-02 | 中国移动通信集团公司 | Shared key consultation method, system, network platform and terminal |
| CN102264069B (en) * | 2010-05-28 | 2014-03-26 | 中国移动通信集团公司 | Authentication control method, device and system based on universal guide architecture |
| CN102264068A (en) * | 2010-05-28 | 2011-11-30 | 中国移动通信集团公司 | Shared key consultation method, system, network platform and terminal |
| CN102869010A (en) * | 2011-07-04 | 2013-01-09 | 中兴通讯股份有限公司 | Method and system for single sign-on |
| WO2013053305A1 (en) * | 2011-10-13 | 2013-04-18 | 中兴通讯股份有限公司 | Identification network end-to-end security establishing method, network side device and system |
| WO2013113162A1 (en) * | 2012-02-02 | 2013-08-08 | Nokia Siemens Networks Oy | Group based bootstrapping in machine type communication |
| US9654284B2 (en) | 2012-02-02 | 2017-05-16 | Nokia Solutions And Networks Oy | Group based bootstrapping in machine type communication |
| US9176838B2 (en) | 2012-10-19 | 2015-11-03 | Intel Corporation | Encrypted data inspection in a network environment |
| US9893897B2 (en) | 2012-10-19 | 2018-02-13 | Intel Corporation | Encrypted data inspection in a network environment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100550725C (en) | 2009-10-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1697373A (en) | Method for negotiating about cipher key shared by users and application server | |
| CN101616410B (en) | Access method and access system for cellular mobile communication network | |
| CN1191696C (en) | Sefe access of movable terminal in radio local area network and secrete data communication method in radio link | |
| CN101056177B (en) | Radio mesh re-authentication method based on the WLAN secure standard WAPI | |
| WO2017201809A1 (en) | Communication method and system for terminal | |
| CN1124759C (en) | Safe access method of mobile terminal to radio local area network | |
| Xu et al. | Attacks on PKM protocols of IEEE 802.16 and its later versions | |
| CN1929371B (en) | Method for negotiating key share between user and peripheral apparatus | |
| US8091122B2 (en) | Computer program product, apparatus and method for secure HTTP digest response verification and integrity protection in a mobile terminal | |
| Fu et al. | A fast handover authentication mechanism based on ticket for IEEE 802.16 m | |
| CN102404347A (en) | Mobile internet access authentication method based on public key infrastructure | |
| KR20070096060A (en) | Secure bootstrapping for wireless communications | |
| CN1921682A (en) | Method for enhancing key negotiation in universal identifying framework | |
| US20070124587A1 (en) | Re-Keying in a Generic Bootstrapping Architecture Following Handover of a Mobile Terminal | |
| CN1770681A (en) | Conversation key safety distributing method under wireless environment | |
| CN1694570A (en) | Method for setting safety channel between mobile user and application server | |
| WO2020220903A1 (en) | Communication method and apparatus | |
| CN1564509A (en) | Key consaltation method in radio LAN | |
| CN101043328A (en) | Cipher key updating method of universal leading frame | |
| CN1819698A (en) | Method for acquring authentication cryptographic key context from object base station | |
| Harn et al. | On the security of wireless network access with enhancements | |
| CN1859097A (en) | Verifying method and system based on general weight discrimination framework | |
| CN101420695B (en) | 3G customer fast roaming authentication method based on wireless LAN | |
| CN102378174A (en) | Access method, device and system of user terminal of SIM (Subscriber Identity Module) card | |
| CN1725685A (en) | Security identification method for mobiole terminal of radio cocal network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091014 Termination date: 20190617 |