CN1943207A - Fast and secure connectivity for a mobile node - Google Patents

Fast and secure connectivity for a mobile node Download PDF

Info

Publication number
CN1943207A
CN1943207A CNA2005800117673A CN200580011767A CN1943207A CN 1943207 A CN1943207 A CN 1943207A CN A2005800117673 A CNA2005800117673 A CN A2005800117673A CN 200580011767 A CN200580011767 A CN 200580011767A CN 1943207 A CN1943207 A CN 1943207A
Authority
CN
China
Prior art keywords
node
certificate
message
pki
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2005800117673A
Other languages
Chinese (zh)
Inventor
赛义德·塔巴塔巴伊安
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Panasonic Holdings Corp
Original Assignee
Matsushita Electric Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matsushita Electric Industrial Co Ltd filed Critical Matsushita Electric Industrial Co Ltd
Publication of CN1943207A publication Critical patent/CN1943207A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0464Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/102Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Small-Scale Networks (AREA)
  • Communication Control (AREA)

Abstract

A method of setting up a secure communications channel using an asymmetric key system between an initiating node and a receiving node avoids the need for the receiving node to communicate with a third party thereby reducing signalling.

Description

Quick and the safe connection of mobile node
Technical field
The present invention relates to mobile radio terminal by secure communication channel,,, in secure communication channel, have only a node to be responsible for obtaining and exchanging all parameters that are used for secure communication with the process that another mobile radio terminal communicates via radio access network.
Background technology
At present, according to IPsec (network security) agreement the secure communication between the mobile radio terminal is managed.According to this agreement, the purpose of two terminals for authenticating and/or encrypting, shared secret data (key).Can in RFC 2401, RFC 2402 and RFC 2406, find the detailed content of IPsec agreement.In brief, IPsec is the method for protection IP datagram.The form of data source authentication, connectionless data integrity authentication and data content confidentiality is adopted in this protection.IPsec utilizes as encapsulation safe and effective load (ESP) or authorization header agreements such as (AH).AH provides proof, data integrity and the anti-protection of replaying of the data source relevant with the grouping that receives.ESP also provides optional data confidentiality except all that provide AH to provide are served.
The security service that IPsec provides need be shared key, to carry out authentication and/or confidentiality.Must implement to serve the mechanism of manually adding key at these.This guarantees the interoperability of basic I Psec agreement.Also defined and dynamically authenticated the IPsec equity, consulted security service and produced the standard method of sharing key.This IKMP is called IKE, i.e. the Internet Key Exchange.
With the common shared key that uses of IPsec when the needs confidentiality, at symmetric cryptography, or at data integrity, perhaps at both.IPsec must be quick, and existing public-key technology is too slow, can't operate group by group one by one.At present, public-key technology is limited to the initial authentication during the cipher key change.
In the method for current many protection IP grouping of generally using, between two nodes, set up safe lane requirement both sides and utilize agreement to come interchange key, and on encryption algorithm type, reach an agreement.Can realize this point by the IPsec agreement, therefore also can adopt other agreement, for example IKE or Public Key Infrastructure(PKI).
In this, need remind difference between symmetry and the asymmetric key system briefly.Consider the communication channel between two node A and the B.In symmetrical system, each node will use identical key, to encrypt the cryptogram message that plain text and deciphering exchange between two nodes.In other words, A will use key K, encrypt the message that is sent to B by A, and B will use identical key K, decipher this message.In asymmetric system, use different complementary key.Therefore, A will use key K 1, encrypt the message that sends to B by A, and B will use key K 2, decipher this message.Key K 1And K 2On mathematics, be correlated with.Symmetrical system has the advantage on the speed.But, can add aspect the node, symmetrical system is flexible not as asymmetric system.
Developed Public Key Infrastructure(PKI), to protect the safety of communicating by letter on the internet.PKI is provided for providing/produce session key and the means of the key that uses within the used PKI secrecy system of node (participant).Node certificate if desired, PKI also provides this certificate.Can in " Internet is Public Key Infrastructure:Roadmap X.509 " (http://www.ietf.org), find the detailed content of PKI.
The IKE that uses in IPsec is based on the Diffie-Hellman algorithm, and in this algorithm, both sides do not know each other.In other method, PKI is the trusted third party in the network, and both sides get in touch with it, to obtain to be used to set up all required arguments and the information of safe lane.
In the PKI system, each communication node has two keys, that is, and and the private key that has only node itself to know, and the known but PKI that can also obtain from PKI of node.Therefore, if node does not know that also it plans nodes in communication with it, this node can obtain the PKI of that node from PKI.Use PKI, node A can be with its encrypted private key message, so that Node B uses the PKI of node A to decipher, perhaps node A can decipher with the private key with Node B with the public key encryption of the Node B message at Node B.
Fig. 1 shows the safe lane of setting up between node A and Node B both sides, wherein each side must get in touch with third party PKI.Wishing the side set up this channel, is node A at this, to the PKI msg (1) that sends a request message.PKI responds, and beams back session key, comprises the certificate of the additional information and the Node B of encryption algorithm type to node A, be i.e. msg (2).Then, node A sends message m sg (3) to Node B, the foundation of request secure communication channel.When Node B receives this request, send message m sg (4), the certificate of requesting node A to PKI.PKI responds, and beams back certificate, session key and the additional information of node A, i.e. msg (5) to Node B.Node B is used certificate, the request (msg3) of checking node A, and use session key and node A to share safe lane.At last, for notifying and allowing node A to begin secure communication, Node B is beamed back to node A and is confirmed msg (6).
The hypothesis of making among Fig. 1 is as follows:
● PKI has the PKI of each node
● PKI provides key (K to two nodes AB)
● node is known the other side and PKI PKI
● two nodes contact PKI, verifying another node, and/or obtain all essential information
● information comprises algorithm types etc.
● all nodes and the PKI system that can use public-key
Therefore, all initial communication between node and the PKI are used recipient's the PKI and the private key of transmit leg respectively, encrypt and sign.
As seen, use PKI between two nodes, to set up six message of safe lane requirement exchange.The quantity that exchanges messages that the IKE method requires is higher.
In addition, also there is the relevant problem of communication with the dormancy node that leads from portable terminal.The dormancy node can be currently not to be connected to network, but when be connected to network next time, requiring secure communication was available portable terminal.This expression, when the dormancy node becomes when enlivening, it need get in touch PKI, obtains essential information, to disclose the message of encrypting.
Relevant document comprises [US 20030196084], and it proposes to allow the secure communication of wireless device participation by secure network, and the information that need on wireless device, not store compromise (compromisable).The document allows wireless device to add PKIX, wherein, does not have the Store Credentials part on wireless device, about the information and the private key data of certificate.
Use certificate acting server (CPS) to keep all sensitive informations relevant with wireless device.In case authenticated the user, just between equipment and CPS, set up safe lane, handle user's request by CPS then for the access security resource, CPS as required, representative of consumer presents the appropriate users certificate.
[US 2002/0147820A1, DoCoMo Communication Lab.USA] a kind of employing IPsec described, in insecure network, between both sides, set up the method for secure network, wherein, IPsec utilizes the Kerberos agreement, with between both sides, authenticate, interchange key and negotiation security association.This method is based on the Kerberos agreement for initial negotiation, shares the session key that is used for secure communication to allow both sides.Sending node is initiated the foundation of security association, rather than waits for that receiving node is receiving after the grouping that sending node comes the foundation of initiation security association.
The benefit of using Kerberos in IPsec is to allow to set up safe lane quickly between both sides, still, because the Kerberos agreement is based on symmetrical system, is cost so this benefit is flexibility with the loss whole system.In addition, the safety based on the IPsec of Kerberos is easy to suffer login (logon) to attack.
Summary of the invention
Compare with the IPsec based on IKE, for set up secure communication channel between both sides, the present invention allows to use the signaling message of smaller amounts.The present invention also allows to have only a node (participant) to be responsible for holding consultation to setting up all required security parameters of secure communication channel, therefore, when the dormancy node comes to life, it does not need to get in touch any side decipher storage/message that receives.In addition, because trusted third party (PKI) can produce stronger key, the present invention allows when needs have the mobile device of limited handling property, and this equipment can be benefited from higher safe class.
The invention provides a kind of use asymmetric key system, in communication network, between two nodes, set up the method for communication channel, in this asymmetric key system, each node has proprietary (unique) certificate that is used to authenticate from the next communication of another node, and this certificate has been registered to trusted third party (T), the method is characterized in that:
Initiate node (A) and send request to credible the 3rd (T), request communicates with receiving node (B), and the T response request is transmitted the message of the certificate that comprises A to B by A, the certificate of A is encrypted, thereby has only B can that part of message of the certificate that comprises A be decrypted.Can understand from aforementioned content, the present invention has avoided receiving node from the needs that trusted third party directly obtains the certificate of A, therefore, has reduced the quantity of desired signal.B follows authentication is sent by A, the additional subsequent message that its certificate is arranged of A after the certificate of having deciphered the A that is sent by A by T.
Response from T generally includes session key, and before this session key was passed to B, A deciphered it.At this moment, A can begin to send grouping to B, and does not need to wait for the B response, if B is in resting state, this is just particularly useful.
For finishing two-way secure communication, will comprise the certificate of B from the response of T, the certificate of B is encrypted, thereby after B has deciphered the certificate of A, has only A can open the certificate of B.Then, B returns this part message to A after the certificate that extracts A.
Other preferred feature of the present invention will be from appended dependent claims obviously as seen.
Description of drawings
Now, example of the present invention will be described with reference to the drawings, in the accompanying drawing, similar reference number is represented similar part, wherein:
Fig. 1 schematically shows when two nodes and gets in touch PKI when obtaining required all parameters of secure communication channel, secure communication between the two.
Fig. 2 schematically shows when having only node contact PKI when obtaining required all parameters of secure communication channel, the secure communication between two nodes.
Fig. 3 shows the step 1 to 4 that individual node A obtains the signal flow graph of all required required arguments of secure communications link.
Fig. 4 has presented message flow between given node and PKI and the receiving node to set up the flow chart of communication linkage.
Embodiment
Fig. 2 shows the foundation according to escape way of the present invention, wherein, node A, i.e. initiator's node, to the PKI msg (1) that sends a request message, request is communicated by letter with Node B.Answer message m sg (2) from PKI comprises session key, comprises the information of cryptographic algorithm and the certificate of node A and B.Be noted that two certificates are that cipher ground is compound, this expression, though node A receives message earlier,, at first to extract the certificate of A by B, just can open this two certificates.When node A when PKI receives response message, at first extract and store session key, K ABOther any information essential with secure data communication.Then, node A transmit to share key, information and certificate, and these all are to use the encrypted private key of the PKI of Node B and node A respectively and signed.Node B is at first extracted and is shared key, K when receiving the message of encryption ABAnd encryption algorithm type.Then, Node B proposes the certificate of node A, uses private key of oneself and the PKI of PKI respectively, and it is verified.Node B with all required information of secure communication sends the certificate of oneself to node A.This certificate is by the encrypted private key of the PKI of node A and Node B and signature.Should be noted that Node B can't open the certificate of the Node B that is sent to Node B by node A.Node B is used as the proof of authenticity, to node A proof oneself.At last, node A uses PKI, the private key of node A and the PKI of PKI of Node B, and the message of opened nodes B is with authenticity and the certificate of recipient node B.Therefore, because the PKI that uses Node B to decrypt messages, so message must be sent by Node B.Because need the private key of node A, so can only be by node A decrypt.Because use the PKI of PKI to open certificate, so certificate must be issued by PKI.
The process of Fig. 2 is based on following hypothesis:
● PKI has the PKI and the certificate of each node
● PKI provides key (K to two nodes AB)
● node is known the other side and PKI PKI
● have only a node contact PKI
● information comprises algorithm types etc.
● all nodes and the PKI system that can use public-key
Under the situation that A and B had before communicated with one another, can suppose reasonably that each side will know the other side's PKI.If really not so, the information that send from a direction the opposing party in step 3 and 4 can comprise the PKI of A and B respectively.
Use PKI, carry out in a plurality of clear and definite clearly steps in the process of setting up secure communication channel between two nodes, Fig. 3 shows the sequential of these steps.To describe each step in detail now.The step of Fig. 3 is corresponding with the message of Fig. 2, and the legend of Fig. 3 is:
● Pub A: the PKI of A
● Prv A: the private key of A
● Cer A: the certificate of A
● Prv XThe signature of (...): x
● Pub XThe encryption function of (...): x
Wherein x can be A, B or T (PKI of trusted third party).
Should be noted that in figure below, because all known PKI of all sides, so impliedly realized authentication.
Step 1-is initial, and A transmits request message to PKI from node, request and another node, and promptly Node B is carried out secure communication
Step 2-PKI sets up the node A of the required information of safe lane to request, sends the compound certificate of the encryption of session key, the information that comprises encryption algorithm type and A and B node
Step 3-node A transmits the compound certificate of the encryption of all information and A and B node to Node B, because Node B is first node that can decipher the composite portion of this message, so Node B is extracted session key and encryption algorithm type, and the certificate of checking node A
Step 4-provides the affirmation message (answer) of Node B in the certificate message of the node A of signature and encryption.Because A is unique node of certificate that can decryption node B, so this acknowledge message that node A checking sends from Node B
This has just finished the distribution of key, encryption algorithm type and certificate step.The flow process of Fig. 4 there is shown identical step.
The present invention is used in the minimum numberization of the message of finishing the initial agreement of setting up safe lane.Because use the compound certificate of the encryption of two nodes,,, the present invention only use a node to set up secure link so also exploring to obtain the checking of node.
If desired, for example, because Node B is dormancy, node A can be after step 3, and beginning sends grouping to Node B.After step 4, node A and B can use K AB, the beginning symmetric communication, thus benefit from the speed of the raising that the present invention allows.
Should be noted that in said method great majority are encrypted and undertaken by PKI, thereby have alleviated the required effort of node.Because PKI has stronger handling property usually, so this is favourable.
To understand, and except that foregoing, can make communication safer by further adding protection.

Claims (12)

1. method, use asymmetric key system, in communication network, between two nodes, set up communication channel, in asymmetric key system, each node has the proprietary certificate that is used to authenticate from the next communication of another node, and described certificate has been registered to trusted third party (T), and described method is characterised in that:
Initiate node (A) and send request to trusted third party (T), request communicates with receiving node (B), and the T response request is transmitted the message of the certificate that comprises A to B by A, the certificate of A is encrypted, thereby has only B can that part of message of the certificate that comprises A be decrypted.
2. method according to claim 1 wherein, comprises the certificate of B from the response of T, and the certificate of B is encrypted, thereby after B has deciphered the certificate of A, has only A can this part message of the certificate that comprise B be decrypted.
3. method according to claim 2, wherein, B returns the certificate of its encryption to A, then the certificate of A deciphering B.
4. according to claim 1,2 or 3 described methods, wherein, each certificate is encrypted, derives from T thereby it can be identified as.
5. according to claim 1,2,3 or 4 described methods, wherein, comprising from the response of T will be at the duration session key (K that uses of communication session AB).
6. method according to claim 5 wherein, before B decrypted session key, is deciphered described session key by A.
7. method according to claim 6, wherein, described session key is encrypted by A, and be included in from T by A to the message that B transmits.
8. according to claim 5,6 or 7 described methods, wherein, node A used described session key before the response of waiting for from B, and beginning sends grouping to Node B.
9. according to the described method of one of claim 5 to 8, wherein, after the certificate of A deciphering B, two nodes use described session key to come encryption and decryption message, thereby communicate with symmetric mode.
10. according to the described method of one of aforementioned claim, wherein, the message of returning from T comprises the out of Memory of the message that exchanges between A and the B of can decoding.
11. method according to claim 10, wherein, described other message comprises the PKI that is associated with A.
12., wherein, before encrypting and decipher described other message once more, it is deciphered by A by B according to claim 10 or 11 described methods.
CNA2005800117673A 2004-04-19 2005-04-12 Fast and secure connectivity for a mobile node Pending CN1943207A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0408687.2 2004-04-19
GB0408687A GB2414144B (en) 2004-04-19 2004-04-19 Fast and secure connectivity for a mobile node

Publications (1)

Publication Number Publication Date
CN1943207A true CN1943207A (en) 2007-04-04

Family

ID=32321075

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2005800117673A Pending CN1943207A (en) 2004-04-19 2005-04-12 Fast and secure connectivity for a mobile node

Country Status (8)

Country Link
EP (1) EP1738555A1 (en)
JP (1) JP2007533278A (en)
KR (1) KR20070006913A (en)
CN (1) CN1943207A (en)
BR (1) BRPI0509969A (en)
GB (1) GB2414144B (en)
RU (1) RU2006140776A (en)
WO (1) WO2005101787A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101821987B (en) * 2007-10-08 2014-02-19 微软公司 Efficient certified email protocol

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007085175A1 (en) 2006-01-24 2007-08-02 Huawei Technologies Co., Ltd. Authentication method, system and authentication center based on end to end communication in the mobile network
JP4983165B2 (en) 2006-09-05 2012-07-25 ソニー株式会社 COMMUNICATION SYSTEM AND COMMUNICATION METHOD, INFORMATION PROCESSING DEVICE AND METHOD, DEVICE, PROGRAM, AND RECORDING MEDIUM
US8116243B2 (en) 2006-10-05 2012-02-14 Electronics And Telecommunications Research Institute Wireless sensor network and adaptive method for monitoring the security thereof
KR100879982B1 (en) 2006-12-21 2009-01-23 삼성전자주식회사 Security system and method in mobile WiMax network system
JP6058514B2 (en) * 2013-10-04 2017-01-11 株式会社日立製作所 Cryptographic processing method, cryptographic system, and server
JP6977635B2 (en) * 2018-03-15 2021-12-08 大日本印刷株式会社 Vehicle key distribution system and general purpose scanning tool

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5999711A (en) * 1994-07-18 1999-12-07 Microsoft Corporation Method and system for providing certificates holding authentication and authorization information for users/machines
JP3542895B2 (en) * 1997-08-22 2004-07-14 インターナショナル・ビジネス・マシーンズ・コーポレーション Time-constrained cryptosystem
US20020150253A1 (en) * 2001-04-12 2002-10-17 Brezak John E. Methods and arrangements for protecting information in forwarded authentication messages
GB2384403B (en) * 2002-01-17 2004-04-28 Toshiba Res Europ Ltd Data transmission links

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101821987B (en) * 2007-10-08 2014-02-19 微软公司 Efficient certified email protocol

Also Published As

Publication number Publication date
GB0408687D0 (en) 2004-05-19
RU2006140776A (en) 2008-05-27
GB2414144B (en) 2006-07-26
BRPI0509969A (en) 2007-10-02
EP1738555A1 (en) 2007-01-03
JP2007533278A (en) 2007-11-15
WO2005101787A1 (en) 2005-10-27
GB2414144A (en) 2005-11-16
KR20070006913A (en) 2007-01-11

Similar Documents

Publication Publication Date Title
KR100832893B1 (en) A method for the access of the mobile terminal to the WLAN and for the data communication via the wireless link securely
CN108650227B (en) Handshaking method and system based on datagram secure transmission protocol
KR100581590B1 (en) Two-factor authenticated key exchange method and authentication method using the same, and recording medium storing program including the same
RU2554532C2 (en) Method and device for secure data transmission
Asokan et al. Applicability of identity-based cryptography for disruption-tolerant networking
EP1540878B1 (en) Linked authentication protocols
US8769284B2 (en) Securing communication
CN103532713B (en) Sensor authentication and shared key production method and system and sensor
CN109347809A (en) A kind of application virtualization safety communicating method towards under autonomous controllable environment
Medani et al. Review of mobile short message service security issues and techniques towards the solution
RU2008146960A (en) METHOD AND SYSTEM OF PROVIDING PROTECTED COMMUNICATION USING A CELLULAR NETWORK FOR MANY PERSONALIZED COMMUNICATION DEVICES
CN1234662A (en) Enciphered ignition treatment method and apparatus thereof
WO2010078755A1 (en) Method and system for transmitting electronic mail, wlan authentication and privacy infrastructure (wapi) terminal thereof
JP2000083018A (en) Method for transmitting information needing secrecy by first using communication that is not kept secret
CN100350816C (en) Method for implementing wireless authentication and data safety transmission based on GSM network
WO2010124482A1 (en) Method and system for implementing secure forking calling session in ip multi-media subsystem
WO2012024906A1 (en) Mobile communication system and voice call encryption method thereof
CN1943207A (en) Fast and secure connectivity for a mobile node
CN103188080A (en) Method and system for secret key certification consultation of terminal to terminal based on identify label
CN101267301A (en) Identity authentication and secret key negotiation method and device in communication network
CN101483863B (en) Instant message transmitting method, system and WAPI terminal
KR101704540B1 (en) A method of managing group keys for sharing data between multiple devices in M2M environment
KR100456624B1 (en) Authentication and key agreement scheme for mobile network
CN112822018B (en) Mobile equipment security authentication method and system based on bilinear pairings
CN106559402B (en) User terminal and identity authentication method and device for encrypted voice telephone service thereof

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication