WO2007093079A1 - Implementation method of crossdomain multi-gatekeeper packet network key negotiation security policy - Google Patents

Implementation method of crossdomain multi-gatekeeper packet network key negotiation security policy Download PDF

Info

Publication number
WO2007093079A1
WO2007093079A1 PCT/CN2006/000225 CN2006000225W WO2007093079A1 WO 2007093079 A1 WO2007093079 A1 WO 2007093079A1 CN 2006000225 W CN2006000225 W CN 2006000225W WO 2007093079 A1 WO2007093079 A1 WO 2007093079A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
gatekeeper
endpoint
calling
negotiation
Prior art date
Application number
PCT/CN2006/000225
Other languages
French (fr)
Chinese (zh)
Inventor
Chen Lu
Liang Zhang
Guangfeng Li
Yan Li
Changyin Sun
Weigang Liu
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Priority to CN200680035570.8A priority Critical patent/CN101273571B/en
Priority to PCT/CN2006/000225 priority patent/WO2007093079A1/en
Publication of WO2007093079A1 publication Critical patent/WO2007093079A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Definitions

  • the present invention relates to the technical field of security policy implementation based on packet network communication, and particularly relates to a different processing capability and security policy in a cross-domain multi-gatekeeper packet network environment.
  • DRC Direct Router Call
  • Keys are extremely important for implementing secure communication between ITU-T H.323 multimedia endpoints based on the H.235 standard.
  • the shared key obtained by key exchange between H.323 endpoints on the packet network can perform identity verification, signaling message integrity check and media on RAS signaling, call signaling, H.245 control signaling, etc.
  • Security measures such as encryption/decryption of data streams.
  • One method uses an email, phone, or other non-H.323 protocol to transmit a session key.
  • This type of key exchange method is more efficient and straightforward, but when using unencrypted communication methods to pass keys, it may lead to key leakage, and in a large-scale deployment environment, this method is due to the large number of endpoints. Feasible and unrealistic.
  • the commonly used method is to use symmetric key cryptography and public key cryptography, such as Diffie-Hellman or similar key negotiation method, for the generation and sharing of keys by two hosts.
  • H.225.0 is one of the core protocols of the H.323 system. It consists of three parts: call control, RAS and how to encapsulate audio and video signals with RTP.
  • the call control signaling of H.225.0 is derived from Q.931.
  • the function is to establish a call connection between the EP (EndPoint endpoint, including the terminal and the gateway) of H.323, including the process of call setup and teardown; RAS is the agreement between the endpoint and the gatekeeper, mainly completing registration, positioning, call admission, etc. Management function. It mainly contains the following protocol process:
  • Gatekeeper search Used by endpoints to automatically search for their home gatekeeper.
  • the message used is GRQ
  • Gatekeeper Request Gatekeeper Discovery Request GRJ (Gatekeeper Reject Gatekeeper Rejection), GCF (Gatekeeper Confirm Gatekeeper Confirmation).
  • the endpoint uses the multicast address to send GRQ to find its own home gatekeeper, and the available home gatekeeper responds with GCF. After receiving the confirmation, the endpoint selects its own gatekeeper to obtain and record the gatekeeper's RAS address for subsequent RAS messages.
  • Endpoint registration Information used by the endpoint to register/deregister itself with the home gatekeeper, including the alias address (E.164 address or H.323 identity) and the call signaling transport layer address.
  • the endpoint must be registered to initiate and accept calls, and registration indicates that the endpoint has joined a management zone.
  • the messages used for registration are R Q (egistration Request registration request), RCF (Registration Confirm registration confirmation), and RRJ (Registration Reject registration rejection).
  • the endpoint uses the RRQ to register with the searched home gatekeeper. If the registration is successful, the gatekeeper responds with the RCF.
  • Call admission Call access for the gatekeeper control endpoint, including user access authentication and address resolution.
  • the messages used are ARQ (Admission Request Access Request), ACF (Admission). Confirm access confirmation), ARJ (Admission Reject access rejection).
  • ARQ Admission Request Access Request
  • ACF Admission
  • Confirm access confirmation Admission Reject access rejection
  • ARJ Admission Reject access rejection
  • the endpoint initiates a call, it first sends an ARQ message to the home gatekeeper, including the authentication information, the destination address, and the required bandwidth.
  • the gatekeeper authenticates the user and parses the destination address. If the gatekeeper agrees to initiate the call, it sends back the ACF to the endpoint, including the allowed bandwidth and the translated call signaling transport layer address or the gatekeeper's call signaling transport layer address (depending on whether direct routing is used or not) Gatekeeper routing method).
  • the H.225.0 Call Control Protocol uses this call signaling transport layer address to initiate a call.
  • the endpoint receives an incoming call request, it also sends an ARQ message to its gatekeeper for authentication. If the gatekeeper agrees that the endpoint receives the call, it will return the ACF to the endpoint to continue processing the incoming call procedure.
  • Positioning function Refers to requesting the gatekeeper to provide address translation.
  • the message used is LRQ
  • LCF Location Confirm address resolution confirmation
  • LRJ Location Reject address resolution rejection
  • an endpoint or gatekeeper knows the alias address of an endpoint and needs to know its call signaling transport layer address, it can send an LRQ message to the corresponding gatekeeper.
  • the LRQ message can be sent in unicast or multicast mode.
  • the gatekeeper of the target endpoint receives the LRQ message, it returns the call signaling transport layer address of the endpoint or the call signaling transport layer address of the gatekeeper to the requester through the LCF. Which address is sent back depends on whether the call signalling is directly routed or gatekeeper.
  • H.235 does not propose a key exchange technique that defines only one H.323-based protocol set for key exchange. It allows developers to choose a key exchange method in the product, but there is no security policy that explains how different security policies are negotiated.
  • the technical problem to be solved by the present invention is to propose a method for implementing a key agreement negotiation security policy for a cross-domain multi-gatekeeper packet network.
  • the method of the invention extends the single-gatekeeper direct routing restriction in Appendix I of the H.235 protocol, and proposes a key agreement scheme in which the endpoints are placed in different management domains, different gatekeeper environments, and different routing modes, providing call establishment and The subsequent signaling messages are secure, including authentication, integrity checking, and the confidentiality of possible media streaming protocols.
  • the present invention provides a cross-domain multi-gatekeeper packet network key negotiation security policy implementation method, which includes the following steps:
  • Each endpoint performs security policy negotiation through signaling interaction with its home gatekeeper, and determines the local security policy of each endpoint according to the key support capabilities of each endpoint and its home gatekeeper;
  • the calling endpoint sends a key negotiation request to the calling gatekeeper according to the determined local security policy, and the calling gatekeeper determines the highest and lowest priority keys according to the security policy of the calling endpoint and its own key support capability.
  • the called gatekeeper determines, according to its own key support capability, whether the key negotiation request of the forwarded calling endpoint can be performed according to the highest priority procedure, and if so, according to the highest priority procedure Key negotiation is performed. If not, key negotiation is performed according to the determined lowest priority procedure, and the negotiation result is forwarded to the calling endpoint by the calling gatekeeper.
  • the method of the invention may further comprise the steps of:
  • the calling endpoint After receiving the negotiation result, the calling endpoint determines whether to continue to use the negotiation result for subsequent signaling interaction based on the local security policy.
  • the signaling interaction process in the step (1) may be a gatekeeper discovery process or/and a registration process.
  • the key support capability may be whether to support public key key negotiation.
  • the step (1) may include - (1-1) By the gatekeeper discovery request or/and the registration request message, the endpoint reports to its home gatekeeper whether it supports public key key negotiation;
  • the gatekeeper returns a determined endpoint local security policy to the endpoint based on whether the endpoint supports the public key key negotiation, through the gatekeeper discovery acknowledgement and/or the registration acknowledgement message, where: the endpoint and the gatekeeper either When public key key negotiation is not supported, determine the local security policy of the endpoint as: It is hoped that the gatekeeper will generate the shared key on its behalf;
  • the endpoint local security policy is determined as: the shared key is generated by signaling negotiation with the called gatekeeper.
  • the key negotiation request sent by the calling endpoint to the calling gatekeeper in step (2) may be an access request message, where the message includes local security policy information of the calling endpoint.
  • the access request message may further include public key information.
  • Step (2) The step of determining the priority of the key agreement procedure by the calling gatekeeper according to the security policy of the calling endpoint and the key support capability of the calling endpoint, which may include:
  • the highest and lowest priority procedures for determining the key agreement procedure are: The gatekeeper generates a session key;
  • the calling endpoint local security policy is to generate a shared key by the gatekeeper, and the calling gatekeeper supports the public key key negotiation
  • the highest priority procedure for determining the key agreement procedure is: the calling gatekeeper and the The gatekeeper uses the public key key negotiation process to generate a session key; the lowest priority procedure is: generating a session key by the called gatekeeper;
  • the final priority procedure for determining the key agreement procedure is: the calling endpoint and the called gatekeeper use the public key.
  • the key negotiation process generates a session key; the lowest priority procedure is: The session key is generated by the called gatekeeper.
  • the access request message may further include called endpoint information, and the calling gatekeeper determines, according to the called endpoint information, whether the called endpoint belongs to a different administrative domain than the calling endpoint.
  • the step that the calling gatekeeper can forward the key negotiation request of the calling endpoint to the called gatekeeper according to the highest priority procedure is sent by using an address resolution request, and the address resolution request includes The determined highest priority procedure information.
  • the step of the called gatekeeper determining whether the key negotiation request of the forwarded calling endpoint is performed according to the highest priority procedure may include:
  • the highest priority procedure is to generate a session key by the called gatekeeper, it is determined that key negotiation can be performed according to the highest priority procedure;
  • the highest priority procedure When the highest priority procedure generates a session key for the calling gatekeeper and the called gatekeeper using the public key key negotiation process, if the called gatekeeper supports the public key key negotiation, it is determined that the highest priority can be performed. Procedure to perform key agreement; if the called gatekeeper does not support public key key negotiation, it is determined that key negotiation cannot be performed according to the highest priority procedure;
  • the highest priority procedure When the highest priority procedure generates a session key for the calling party and the called gatekeeper using the public key key negotiation process, if the called gatekeeper supports the public key key negotiation, it is determined that the highest priority can be followed. Procedure to perform key agreement; if the called gatekeeper does not support public key key negotiation, it is determined that key negotiation cannot be performed according to the highest priority procedure.
  • a trusted session key can be dynamically negotiated, and cryptography is used to bundle it with call authentication to implement a security policy of the packet network.
  • the security technology adopted by the method of the present invention is compatible with existing standards.
  • the layout of the security system is also relatively simple and does not require any additional security infrastructure methods to be assumed.
  • FIG. 1 is a scenario diagram of a multi-gateway routing mode for implementing a key agreement security policy for a cross-domain multi-gatekeeper packet network according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a security policy implementation process in a multi-gateway routing call mode according to an implementation method of a cross-domain multi-gatekeeper packet network key agreement security policy according to an embodiment of the present invention.
  • BEST MODE FOR CARRYING OUT THE INVENTION The core idea of the present invention is that a gatekeeper (GK, GateKeeper) in different management domains flexibly configures a corresponding security policy management policy to dynamically select a key distribution mode according to the endpoint capability of the jurisdiction, thereby completing the endpoint between different domains. Key management tasks.
  • GK GateKeeper
  • the present invention mainly describes the GK between different domains in different routing modes of endpoints placed in different gatekeeper environments in different management domains, and performs signaling processes such as GRQ/RQ, ARQ/ACF/ARJ, LRQ/LCF/LRJ, etc.
  • the target domain GK will authenticate the source endpoint and use the security policy pair source or source that is shared or negotiated with the source GK.
  • GK is certified. After the authentication is passed, the target GK will return the Diffie-Hellman public key with the authentication value and the source gatekeeper identifier G ID.
  • GK is a security module that implements key storage, cryptographic algorithms and mechanisms for negotiation, security management and maintenance access, and reliability. These security policies can be implemented in software, in hardware, or both.
  • GK acts as a trusted intermediate entity, terminating the security association between hops.
  • the GK will generate or forward a shared key containing an endpoint-end based on the security policy, and at the same time complete the relevant authentication and integrity check, which can be performed by using the CryptoToken included in each signaling.
  • the security-related data structure recalculates the authentication code implementation.
  • the shared key here is a security key and is part of the cryptographic algorithm security parameters. It can be exported by password, or configured to be assigned or other methods.
  • a scenario diagram of a multi-gateway routing mode for implementing a cross-domain multi-gatekeeper packet network key agreement security policy includes: a calling endpoint 101 (EpA), a calling network ⁇ 102 (GkG), intermediate gatekeeper 103, called gatekeeper 104 (GkH), called endpoint 105 (EpB).
  • EpA calling endpoint 101
  • GkG calling network ⁇ 102
  • GkH intermediate gatekeeper 103
  • GkH gatekeeper 104
  • EpB endpoint 105
  • Supporting key agreement methods for the calling endpoint 101, the calling gatekeeper 102, and the called gatekeeper 104 such as transmitting a session key based on symmetric cryptographic encryption, Diffie-Hellman (referred to as DH) public key cryptography, implementing session key negotiation, etc.
  • DH Diffie-Hellman
  • the embodiment of the invention describes a flexible selection of a session key distribution mode based on a priority security policy.
  • the specific security policy is as follows:
  • the calling endpoint 101 can support the symmetric negotiation of the symmetric password according to the security strength requirement and the registered gatekeeper, and can also support the public key cryptography to implement the key negotiation method.
  • the calling gatekeeper 102 uses the public key crypto method of the calling endpoint 101 as a high priority policy according to the local security policy for the security request of the calling endpoint 101, and satisfies the security request of the calling endpoint 101 as much as possible. If not, re-negotiate the new symmetric cryptographic method with the calling endpoint 101.
  • the called gatekeeper 104 satisfies the security request based on the public key cryptography method of the calling endpoint 101 or the calling gatekeeper 102 according to the endpoint security request forwarded by the calling gatekeeper 102. If not, the calling gatekeeper 102 A new symmetric cryptographic method is negotiated and forwarded to the calling endpoint 101 by the calling gatekeeper 102.
  • the calling endpoint 101 determines, according to the received security policy negotiation result, whether to continue the subsequent signaling interaction with the newly negotiated security policy based on the local security policy.
  • the embodiment of the present invention proposes a shared key negotiation between two endpoints by means of their respective gatekeepers, and provides security for call signaling and subsequent H.245 control signaling.
  • a security policy implementation process diagram of a multi-gateway routing call mode according to the method for implementing a cross-domain multi-gatekeeper packet network key agreement security policy is as follows:
  • Step 201 The calling endpoint and the called endpoint that are in different domain gatekeeper management send GRQ/RRQ (gatekeeper discovery and gatekeeper registration request) signaling to their respective gatekeepers.
  • GRQ/RRQ gatekeeper discovery and gatekeeper registration request
  • Step 202 The calling party and the called gatekeeper send GCF/RCF (gatekeeper discovery request response and gatekeeper registration request response) or GRJ/RRJ (gatekeeper response rejection/registration response rejection) to the calling and called endpoints. Signaling, complete the call mode supported by the gatekeeper and whether the endpoint has the public key crypto method to implement the key negotiation capability.
  • Step 203 Before calling the called endpoint, the calling endpoint sends an ARQ message to its home gatekeeper GkG, which may include an independent ClearToken, where the tokenOID field is set to support the key negotiation capability object identifier (in Text is given numerically), other fields are not used.
  • GCF/RCF gatekeeper discovery request response and gatekeeper registration request response
  • GRJ/RRJ gatekeeper response rejection/registration response rejection
  • Step 204 After receiving the ARQ, the gatekeeper GkG of the calling endpoint determines whether the called endpoint (represented by destinationInfo or destCallSignalAddress in the ARQ message) is its own management domain, and if it does not belong to the endpoint of its own jurisdiction, then to the called endpoint The gatekeeper initiates an LRQ message to query the called endpoint address.
  • the calling gatekeeper GkG security policy rule is that if the calling endpoint supports a public key method such as Diffie-Hellman key agreement, the LRQ message actually forwards the key agreement request of the calling endpoint.
  • tokenOID is set to indicate the required key negotiation capability object identifier to the called gatekeeper, while other fields are not used.
  • the key negotiation method is the same as given in H.235 Appendix I.
  • the security policy here is based on the GRQ/RRQ, GCF/RCF (or GRJ/RRJ) signaling interaction, and the gatekeeper imposes restrictions on whether or not to support the endpoint's public key method for key negotiation. If the endpoint is allowed to support the public key method, the endpoint can perform key negotiation by the public key method in the subsequent signaling. Otherwise, the session key negotiation can only be performed by the symmetric cipher method.
  • Step 205 Two different policy rules are adopted depending on whether the called gatekeeper GkH supports the public key method for the calling endpoint.
  • Step 206 The GkH generation shares the semi-public key with the EpA, and together with the semi-public key generated by the EpA, generates a session key (or shared key) shared by the calling and called endpoints.
  • Step 207 The shared key is respectively placed in two separate ClearTokens in the LCF message returned to the calling gatekeeper GkG, respectively for the communication security behind the calling and called endpoints.
  • the shared keys in the two ClearTokens are protected by a security encryption mechanism between the gatekeeper-gatekeeper and the gatekeeper-end, respectively, to prevent leakage of the delivery process.
  • Step 208 The calling gatekeeper GkG forwards the secure session key negotiated by the GkH and the calling endpoint through the public key method, and returns to the calling endpoint EpA through the ACF message. Thereby completing the basis
  • the endpoint public key method implements the process of session key negotiation.
  • Step 209 When GkH does not support the public key method of the endpoint to generate the shared session key of the calling and called endpoints, a session key is separately generated by GkH, and the session key may be generated by using a random number generation method.
  • Step 210) Since the called gatekeeper GkH does not satisfy the key agreement request method forwarded by the calling gatekeeper, in order to complete the key negotiation as much as possible, the GkH and the calling gatekeeper protect the master and the called party by using a symmetric password.
  • the calling endpoint gatekeeper After receiving the LRJ message, the calling endpoint gatekeeper checks the tokenOID flag of the ClearToken in the message, and the GkG between the two gatekeepers decrypts the shared key used in the calling endpoint ClearToken according to the previously negotiated security policy, and then uses and The security policy pre-configured by the calling endpoint regenerates a token for the calling user with the encrypted shared key, and copies the ClearToken for the called endpoint in the LRJ message, and puts it into the ARJ returned to the calling endpoint. Send in the message.
  • Step 211 The calling gatekeeper recovers the shared key according to the LRJ message, and encrypts the shared key or session key in the ARJ message through a security policy shared with the calling endpoint EpA. After receiving the ACF (or ARJ) message, the calling endpoint extracts the secret shared with the called endpoint for subsequent call signaling security protection, such as the authentication of ITU-T H.235V3 Appendix D.
  • Step 212 The calling endpoint EpA is based on the symmetric cipher method.
  • the gatekeeper is requested to share the key with the called endpoint EpB.
  • Step 213 GkG negotiates with the called gatekeeper GkH based on whether the public key method itself supports, and negotiates the session key for the called terminal.
  • Step 214 GkG sends a symmetric key method to GkH to generate a session key (shared key) shared between the calling and called endpoints by using the LRQ message.
  • Step 215 Generate a GkG-GkH session key semi-public key.
  • Step 216 The GkG issues a public key method to the GkH in the LRQ message to generate a session key (shared key) shared between the calling and called endpoints.
  • Step 217 GkH decides which key to generate based on whether or not it supports the public key method.
  • Step 218) The public key method is used between the called gatekeeper support and the calling gatekeeper to generate a GkH-GkG session key semi-public key.
  • GkH sends the GkH-GkG session key semi-public key generated by the public key method to GkG in the LCF message.
  • GkG will negotiate the session key with the called gatekeeper by public key method, send the session key to EpA with ACF message, and adopt the letter in GRQ/GCF/GRJ (or RRQ/RCF/RRJ).
  • the security policy negotiated during the interaction phase is enforced.
  • Step 221 The called gatekeeper does not support the public key method with the calling gatekeeper, and GkH generates the session key.
  • Step 222 GkH sends a session key generated by the symmetric cryptographic method to GkG in the LRJ message.
  • Step 223 GkG sends the session key generated by the symmetric cryptographic method to EpA in the ACF message.
  • Step 224 When GkH does not support sharing the session key with the endpoint's public key method to generate the primary and called endpoints, a session key is generated separately by GkH.
  • Step 225 the GkH and the calling gatekeeper protect the shared key generated by the master and the called endpoint in a symmetric cipher manner. It is returned to the calling gatekeeper GkG as an LRJ message.
  • Step 226 The calling gatekeeper recovers the shared key according to the LRJ message, and encrypts the shared key or session key in the ACF/ARJ message through a security policy shared with the calling endpoint EpA.
  • Step 227) After receiving the ACF/ARJ message, the calling endpoint extracts the secret shared with the called endpoint and sends a call setup request message Setup to the EpB.
  • Step 2228 The EpB sends a Call Proceeding message to the EpA, and performs a step 229 in response to the call setup request message.
  • EpB sends an ARQ message to GkH.
  • Step 230 GkH responds to the ACF message to EpB.
  • Step 231 EpB sends an Alerting message to EpA.
  • EpB sends a connect message to EpA to establish a call connection.
  • Steps 203 to 211 illustrate a security policy for the calling party and the called party to complete the session key negotiation for the calling party and the called party when the calling party supports the public key method.
  • step 206 to step 208 the public key method is used between the called gatekeeper GkH and the calling endpoint EpA for session key negotiation.
  • Step 209 to step 211 indicating that the called gatekeeper GkH does not support the security policy and steps taken to dynamically complete the key negotiation when using the public key method for session key negotiation with the calling endpoint EpA.
  • step 212 to step 226, it is explained that when the master, the gatekeeper supports or does not support the public key method, how to perform the session key negotiation based on the symmetric cryptographic method and the called endpoint.
  • GkG and GkH negotiate the session key in a public key method.
  • Steps 218-220 illustrate the signaling flow when the called gatekeeper supports the public key method between the calling gatekeeper and the calling gatekeeper.
  • Step 221-223 illustrates the signaling flow that the called gatekeeper does not support the use of the symmetric cryptographic method to generate and transmit the session key when the calling gatekeeper adopts the public key method.
  • steps 224-226 the process of generating a session key by GkH is illustrated.
  • the embodiments of the present invention are applicable to direct routing and optional routing modes of the H.323 system across the network management scope. Assume that the master/called endpoints are registered on different master/called gatekeepers, and the communication process is performed on an IP network without security guarantee.
  • the premise of implementing the embodiment of the present invention is: the gatekeeper performs authentication and integrity check on all RAS messages of the management endpoint, and the endpoint pair also performs authentication and integrity check on the RAS message of the gatekeeper, so that the endpoint and the associated gatekeeper To achieve mutual trust, so that fraudulent entities can be identified and the likelihood of fraud is minimized.
  • the intermediate entity gatekeeper and the gatekeeper also authenticate each other to avoid malicious attacks between the gatekeeper domains. Under the above conditions, the security of the RAS channel between H.323 endpoints can be guaranteed, and the security of call signaling can be realized based on this.
  • the embodiment of the present invention uses the following symbols to indicate the capability of the endpoint and the gatekeeper or a combination of the two, and distinguishes the shared key held by the calling/called endpoint, and the meaning of the symbol representation:
  • Embodiments of the present invention support and not support Diffie-Hdlman in endpoints and gatekeepers respectively.
  • the present invention uses the direct routing mode of the H.323 system across the network management scope as an embodiment, the method of the present invention is applicable to various routing methods.
  • DRC I The calling endpoint and the calling party GK do not support the D-H process, only the called GK is required to generate the session key.
  • DRC II The calling endpoint does not support the D-H process, and the master/called GK uses the D-H process to negotiate the session key.
  • DRC III The calling endpoint supports the D-H process, where the calling endpoint and the called GK negotiate the session key using the D-H procedure.
  • GRQ/GCF or RRQ/RCF signaling phase In the GK discovery process (GRQ/GCF) or / and registration process (RRQ/RCF), the endpoint indicates to the home GK whether it supports the public key (D-H) process.
  • the method is to include a separate ClearToken in GRQ (or RRQ), where tokenOID is set to "10", indicating that the DH process is not supported, and setting to "14" indicates support.
  • the GK recognizes the tokenOID in the ClearToken, determines whether to support the endpoint according to the management policy, and replies to the corresponding GCF (or RCF).
  • the tokenOID is set as follows: If the GK is not Support the endpoint DH key negotiation process, set to "10" regardless of how the endpoint is set, which indicates that the security policy is generated by the gatekeeper to generate the shared key; if the GK supports the DH process of the endpoint, and the gatekeeper The management policy also supports this endpoint, which is set to "14".
  • the master/called GK assigns a session key to the endpoints of the two sides in the future, it is determined by the signaling between the gatekeepers to select which key negotiation process: DRC I, DRC II or DRCIII process.
  • the calling endpoint EpA sends an ARQ to the home GkG, which includes an independent ClearToken, which is assumed to be a CTA, wherein the tokenOID is set as follows: If it is desired to generate a secure share by GK The key is "10", other fields are not used; if EpA wants to use DH to negotiate the shared key with the called gatekeeper, put its DH public key in the dhkey domain, tokenOID is "14", other fields Do not use.
  • GkG After receiving the ARQ sent by EpA, GkG determines that the called EpB belongs to the same administrative domain (destinationInfo or destCallSignalAddress in the message indicates EpB), and the shared key negotiation process is the same as Appendix I/H.235; The domain then initiates an LRQ message to query GkH for the address of EpB.
  • the LRQ message contains a ClearToken.
  • the setting rules of each internal sub-domain are determined by the EpA capability and the specific key negotiation procedure adopted by GkG.
  • DRC I When the tokenOID of the ClearToken in the ARQ is ', 10', GkG generates LRQ, which contains a ClearToken, where the tokenOID is set to "10", and other fields of the ClearToken are not used, indicating that the called GK needs to be assigned the session key Kab.
  • DRC II When the tokenOID of the ClearToken in ARQ is ,, 10", GkG generates LRQ, which contains a ClearToken, where tokenOID is set to "13", indicating that it is expected to negotiate with the called GK to use the DH process to negotiate a shared session secret for the two endpoints. GkG generates and sets the dhkey in the ClearToken as the DH public key.
  • DRC III When the tokenOID of the ClearToken in the ARQ is "14", the DRC III process should be selected according to the security policy. GkG generates LRQ, which contains the ClearToken copied from ARQ.
  • GkH After receiving the LRQ, GkH recognizes that EpA and EpB support this call mode, and performs different key negotiation processes according to the tokenOID of the ClearToken to generate a call-based shared key Kab and two independent ClearTokens.
  • One is used for the calling gatekeeper GkG, called CTg; the other is used for the called endpoint EpB, called CTb.
  • This Kab is then pushed to GkG and EpB by using CTg and CTb, respectively.
  • DRC I If the tokenOID is ' ⁇ 0', it indicates that neither the calling endpoint nor the gatekeeper supports the DH process, and the called gatekeeper is required to generate a shared key for it. In this case, GkH randomly generates Kab. In order to encrypt Kab, first GkH generates a random challenge and derives the key EK g h using the shared key Kgh and challenge between GkG and the pre-configured key derivation algorithm. Then, GkH encrypts Kab with EKgh to get EKabl, and EKabl and encryption parameters (Encryption algorithm and encryption initialization vector) together, set to CTg.h235Key.
  • secureSharedSecret field please refer to H.235 Appendix I for details, and set CTg's tokenOID to "10" to indicate that the called GK does not support DH key negotiation.
  • GkH uses a similar process to generate another ClearToken, setting the tokenOID to "12", called CTb.
  • GkH generates LCF, which contains CTg and CTb.
  • DRC II The tokenOID at this time is "13", indicating that the DH algorithm is supported between the gatekeepers. Security policies allow the use of DH processes. If GkH also supports the DH process and the security capabilities match, GkH generates its own DH public key and, together with the DH public key of GkG in LRQ, uses the DH algorithm to calculate the session shared key Kab. Then, CTb is generated using a procedure similar to DRC I above, with tokenOID "12". Finally, GkH generates an LCF containing CTb and a separate ClearToken (tokenOID is "13") CTg, which has the desired DH public key set.
  • GkH should use the DRC I procedure to generate the LRJ.
  • DRCIII When tokenOID is "14", if GkH supports DH algorithm and the security policy allows DH process, GkH starts negotiating session key with EpA. First, GkH generates the desired DH public key, and together with the public key obtained from the LRQ, uses the DH algorithm to calculate the session key Kab. Then, a CTb is generated using a method similar to the DRC I procedure, with a tokenOID of "12". Finally, GkH generates LCF, which contains CTb and a separate ClearToken (tokenOID is "15”) CTg, which has the desired DH public key set.
  • GkH should use the DRC I procedure to generate the LRJ.
  • GkG After GkG receives the LCF/LRJ and checks that the tokenOID of the CTg in the message is "13", the Kab is calculated by the D-H key negotiation algorithm, and CTa is generated, and the tokenOID is set to "II".
  • the specific method is as follows: Get the DH common key of GkH from the independent ClearToken, and use the DH algorithm to calculate the session key Kab together with the DH shared key saved by itself; then use the same method as below to generate CTa. Finally, GkG generates ACF or ARJ, which contains CTa (tokenOID is ⁇ ) and CTb (tokenOID is "12") copied from LCF/LRJ.
  • CTa is generated, and the tokenOID is set therein.
  • CTa is generated as follows: First, GkG uses the shared key Kag and challenge between GkG and EpA. And the specified key export algorithm derives the key EKag.
  • GkG encrypts Kab with EKag to get EKabl, and sets EKAM and encryption parameters (encryption algorithm and initialization vector IV used for encryption) to a separate CTa.h235Key.secureSliaredSecret field. Finally, GkG generates ACF/ARJ, which contains CTa and CTb copied from LCF/LRJ.
  • GkG generates ACF, which contains all ClearTokens copied from the LCF.
  • EpA After EpA receives the ACF, it checks the tokenOid of the independent ClearToken in the message as "14" and calculates the session key. The method is to obtain the DH common key of the called party from the ClearToken, and use the DH algorithm to calculate the session key Kab together with the DH shared key saved by itself. In other cases, the CTa is directly extracted, and the key EKag is derived based on the information in CTa and its shared key Kag with GkG, and then the key Kab is obtained by decrypting CTa.h235Key.secureSharedSecret. encryptedSessionKey using EKag. EpA creates a Setup message, copies the CTb in the ACF message into the Setup message, and then sets the H235V3 appendix D authentication information using the shared key Kab. EpA sends a call setup request message Setup directly to EpB.
  • EpB After receiving the Setup message, EpB extracts the CTb, and derives the key EKbh according to the information in CTb and its shared key Kbh with GkH, and then uses EKbh to decrypt CTb.h235Key.secureSharedSecret.encr ptedSessionKey to obtain the key Kab; at this time, EpB Kab can be used to authenticate Setup and subsequent call signaling messages.
  • a trusted session key can be dynamically negotiated, and cryptographically bundled with call authentication, including session key refresh requirement.
  • the adopted security technology is compatible with existing standards, and the security system is also relatively simple in arrangement and does not assume any additional security infrastructure methods, such as smart cards and complex management protocols.

Abstract

A kind of implementation method of crossdomain multi-gatekeeper packet network key negotiation security policy, includes following steps: each terminal respectively determines its local security policy via signaling exchange with the gatekeeper it belongs to; according to the security policy of calling terminal and the key support ability of itself, calling gatekeeper determines the key negotiation protocol, and sends out key a negotiation request; called gatekeeper judges that whether it can execute the key negotiation request of the forwarded calling terminal according to the super priority protocol; the calling terminal determines whether continue to carrying out next signaling exchange according to the negotiatory security policy. The security policy implementation method of present invention can negotiate dynamically creditable session key, bind with the call authentication by use of cryptology, and realize the security policy of packet network. The security technology is compatible with exist standards. The dispose of security system is simple, and has no need of assuming of any additional security infrastructure method.

Description

跨域多网守分组网络密钥协商安全策略的实现方法  Implementation method of cross-domain multi-gatekeeper packet network key agreement security policy
技术领域 Technical field
本发明涉及基于分组网络通信的安全策略实现方法技术领域,特别涉 及一种在跨域多网守分组网络环境下具有不同处理能力与安全策略的 The present invention relates to the technical field of security policy implementation based on packet network communication, and particularly relates to a different processing capability and security policy in a cross-domain multi-gatekeeper packet network environment.
ITU-T H.323多媒体端点 (代表终端或网关)之间安全通信过程中会话密 钥协商安全策略的实现方法。 背景技术 A method for implementing a session key negotiation security policy in a secure communication process between ITU-T H.323 multimedia endpoints (representing terminals or gateways). Background technique
跨域多网守分组网络环境下, ITU-T H.323多媒体端点 (EndPoint) 之间安全通信不能假定二个端点之间的拥有一个预共享密钥 (Share Secret Key) , 因为这种情形下, 通信之前要求所有端点之间事先预共享 密钥 (Share Secret Key) 是不现实的。  In a cross-domain multi-gatekeeper packet network environment, secure communication between ITU-T H.323 multimedia endpoints (EndPoints) cannot assume that there is a Share Secret Key between the two endpoints, because in this case It is unrealistic to require a pre-shared key (Share Secret Key) between all endpoints before communication.
在单网守直接路由呼叫 (DRC, Direct Router Call)模式下的相关安 全问题, 如加密会话密钥的协商、 生成与发布, 在 ITU-T H.235附录 I中 作了详细描述, 但在不同管理域中的多网守环境下, 具有不同安全策略 能力的多媒体端点(EndPoint)如何实现安全通信特别是会话密钥的协商 仍然是一个待解决问题。  Related security issues in the Direct Router Call (DRC) mode, such as the negotiation, generation, and release of encrypted session keys, are described in detail in ITU-T Rec. H.235, Appendix I. How to implement secure communication, especially session key negotiation, is still a problem to be solved in a multi-gateway environment in different management domains.
随着大规模 H.323多媒体通信系统的布署与应用,如全球范围的 VoIP 网或国家范围面向公众的视频会议 /可视电话系统等, 在这种多运营商、 跨多个管理域分层多网守环境下, 为满足用户各种安全需求, 提供一种 有效及可实施的智能化的安全策略动态实现会话密钥协商的安全方案变 得日益重要。  With the deployment and application of large-scale H.323 multimedia communication systems, such as global VoIP networks or national-wide video conferencing/visual telephone systems, in this multi-operator, across multiple management domains In a multi-gateway environment, it is increasingly important to provide an effective and enforceable intelligent security policy to dynamically implement session key negotiation in order to meet various security requirements of users.
对于基于 H.235标准实现 ITU-T H.323多媒体端点之间安全通信而 言,密钥是极为重要的。在分组网络上 H.323端点之间通过密钥交换所得 到的共享密钥可以对 RAS信令、 呼叫信令、 H.245控制信令等实施身份 证实, 信令消息完整性检查以及对媒体数据流进行加 /解密等安全措施。 目前,针对众多的安全策略,有多种方法用于密钥交换。一种方法采 用电子邮件、电话或者其它非 H.323协议形传送会话密钥。这类密钥交换 方法比较有效、 直接, 但是当使用不加密通信方式来传递密钥时, 有可 能会导致密钥泄漏, 以及在大规模布署环境下, 这种方法因端点数众多 即是可行也不现实。 Keys are extremely important for implementing secure communication between ITU-T H.323 multimedia endpoints based on the H.235 standard. The shared key obtained by key exchange between H.323 endpoints on the packet network can perform identity verification, signaling message integrity check and media on RAS signaling, call signaling, H.245 control signaling, etc. Security measures such as encryption/decryption of data streams. Currently, there are multiple methods for key exchange for numerous security policies. One method uses an email, phone, or other non-H.323 protocol to transmit a session key. This type of key exchange method is more efficient and straightforward, but when using unencrypted communication methods to pass keys, it may lead to key leakage, and in a large-scale deployment environment, this method is due to the large number of endpoints. Feasible and unrealistic.
现在常用的方法是采用对称密码 (symmetric key cryptography) 与公 钥密码方法(Public Key cryptography) , 如 Diffie-Hellman或类似密钥协 商方法, 用于两台主机进行密钥的生成和共享。  The commonly used method is to use symmetric key cryptography and public key cryptography, such as Diffie-Hellman or similar key negotiation method, for the generation and sharing of keys by two hosts.
H.225.0是 H.323系统的核心协议之一,它由三部分组成:呼叫控制、 RAS和如何用 RTP对音视频信号进行封装; H.225.0的呼叫控制信令源自 Q.931 , 其功能是在 H.323的 EP (EndPoint端点, 包括终端和网关)之间 建立呼叫联系, 包括呼叫建立和拆除等流程; RAS是端点和网守之间的 协议, 主要完成登记、 定位、 呼叫接纳等管理功能。 它主要包含以下协 议过程:  H.225.0 is one of the core protocols of the H.323 system. It consists of three parts: call control, RAS and how to encapsulate audio and video signals with RTP. The call control signaling of H.225.0 is derived from Q.931. The function is to establish a call connection between the EP (EndPoint endpoint, including the terminal and the gateway) of H.323, including the process of call setup and teardown; RAS is the agreement between the endpoint and the gatekeeper, mainly completing registration, positioning, call admission, etc. Management function. It mainly contains the following protocol process:
网守搜索: 用于端点自动搜索其归属网守。 使用的消息有 GRQ Gatekeeper search: Used by endpoints to automatically search for their home gatekeeper. The message used is GRQ
(Gatekeeper Request网守发现请求)、 GRJ( Gatekeeper Reject网守拒绝)、 GCF (Gatekeeper Confirm网守确认)。端点采用多播地址发送 GRQ寻找 自己的归属网守, 可用的归属网守以 GCF回应。 端点收到确认后, 选择 自己的网守, 获得并记录网守的 RAS地址供后续 RAS消息使用。 (Gatekeeper Request Gatekeeper Discovery Request), GRJ (Gatekeeper Reject Gatekeeper Rejection), GCF (Gatekeeper Confirm Gatekeeper Confirmation). The endpoint uses the multicast address to send GRQ to find its own home gatekeeper, and the available home gatekeeper responds with GCF. After receiving the confirmation, the endpoint selects its own gatekeeper to obtain and record the gatekeeper's RAS address for subsequent RAS messages.
端点注册: 用于端点向归属网守注册 /去注册其自身的信息, 包括别 名地址(E.164地址或 H.323标识)和呼叫信令传输层地址。 端点必须在 注册后才能发起和接受呼叫, 注册表明端点加入了某管理区。 用于注册 的消息有 R Q( egistration Request注册请求)、 RCF( Registration Confirm 注册确认) 、 RRJ (Registration Reject注册拒绝) 。 端点使用 RRQ向搜 索到的归属网守登记, 登记成功则网守以 RCF回应。  Endpoint registration: Information used by the endpoint to register/deregister itself with the home gatekeeper, including the alias address (E.164 address or H.323 identity) and the call signaling transport layer address. The endpoint must be registered to initiate and accept calls, and registration indicates that the endpoint has joined a management zone. The messages used for registration are R Q (egistration Request registration request), RCF (Registration Confirm registration confirmation), and RRJ (Registration Reject registration rejection). The endpoint uses the RRQ to register with the searched home gatekeeper. If the registration is successful, the gatekeeper responds with the RCF.
呼叫接纳:用于网守控制端点的呼叫接入,包括用户接入认证、地址 解析。使用的消息有 ARQ ( Admission Request接入请求)、 ACF ( Admission Confirm接入确认)、 ARJ (Admission Reject接入拒绝) 。 当端点发起呼 叫时, 它首先向归属网守发送 ARQ消息, 包含认证信息、 目的地地址和 所要求的带宽等。 网守对用户进行认证, 对目的地址进行解析。 如果网 守同意发起此呼叫, 就向端点回送 ACF, 包含允许分配的带宽和翻译后 所得的被叫呼叫信令传输层地址或网守的呼叫信令传输层地址 (取决于 采用直选路由方式还是网守选路方式) 。 H.225.0呼叫控制协议就使用此 呼叫信令传输层地址来发起呼叫。 当端点收到入呼请求时, 也要向其网 守发送 ARQ消息进行认证。如果网守同意端点接收该呼叫,就回送 ACF, 端点才可继续处理入呼流程。 Call admission: Call access for the gatekeeper control endpoint, including user access authentication and address resolution. The messages used are ARQ (Admission Request Access Request), ACF (Admission). Confirm access confirmation), ARJ (Admission Reject access rejection). When the endpoint initiates a call, it first sends an ARQ message to the home gatekeeper, including the authentication information, the destination address, and the required bandwidth. The gatekeeper authenticates the user and parses the destination address. If the gatekeeper agrees to initiate the call, it sends back the ACF to the endpoint, including the allowed bandwidth and the translated call signaling transport layer address or the gatekeeper's call signaling transport layer address (depending on whether direct routing is used or not) Gatekeeper routing method). The H.225.0 Call Control Protocol uses this call signaling transport layer address to initiate a call. When the endpoint receives an incoming call request, it also sends an ARQ message to its gatekeeper for authentication. If the gatekeeper agrees that the endpoint receives the call, it will return the ACF to the endpoint to continue processing the incoming call procedure.
定位功能: 指请求网守提供地址翻译功能。 使用的消息有 LRQ Positioning function: Refers to requesting the gatekeeper to provide address translation. The message used is LRQ
(Location Request地址解析请求) 、 LCF (Location Confirm地址解析确 认) 、 LRJ (Location Reject地址解析拒绝) 。 当端点或网守知道某一端 点的别名地址, 需要知道其呼叫信令传输层地址时, 可向相应的网守发 送 LRQ消息。 LRQ消息可以以单播或多播方式发送。 当目标端点的网守 收到 LRQ消息后,通过 LCF将该端点的呼叫信令运输层地址或该网守的 呼叫信令传输层地址回送给请求者。 回送哪个地址取决于呼叫信令是采 用直接选路方式还是网守选路方式。 (Location Request address resolution request), LCF (Location Confirm address resolution confirmation), LRJ (Location Reject address resolution rejection). When an endpoint or gatekeeper knows the alias address of an endpoint and needs to know its call signaling transport layer address, it can send an LRQ message to the corresponding gatekeeper. The LRQ message can be sent in unicast or multicast mode. When the gatekeeper of the target endpoint receives the LRQ message, it returns the call signaling transport layer address of the endpoint or the call signaling transport layer address of the gatekeeper to the requester through the LCF. Which address is sent back depends on whether the call signalling is directly routed or gatekeeper.
事实上, H.235并没有提出一种密钥交换技术, 它只定义了一种基于 H.323的协议集, 以用于密钥交换。 它允许开发者在产品中选择一种密钥 交换方法, 但是没有说明不同安全策略如何协商的安全策略。  In fact, H.235 does not propose a key exchange technique that defines only one H.323-based protocol set for key exchange. It allows developers to choose a key exchange method in the product, but there is no security policy that explains how different security policies are negotiated.
对于小规模系统,可以通过预先配置安全策略与方法来保护各种信令 安全协议,但对于规模较大的 H.323系统,用户需要和不同的用户进行通 信, 预先配置的策略是不现实的。  For small-scale systems, various signaling security protocols can be protected by pre-configuring security policies and methods. However, for larger H.323 systems, users need to communicate with different users. Pre-configured policies are unrealistic. .
大规模系统中, 由于不同运营商、不同厂家 H.323端点产品因能力不 同采用不同密钥交换方法,特别是在 H.323多网守环境不同路由呼叫模式 下, 现存端点设备的多种建立会话密钥方法, 通信的二端点之间也不可 能事先能预配置, 这给具体实施带来困难。 发明内容 In large-scale systems, different operators and different manufacturers' H.323 endpoint products use different key exchange methods due to different capabilities, especially in different routing call modes of H.323 multi-gatekeeper environment. The session key method, it is also impossible to pre-configure between the two endpoints of the communication, which brings difficulties to the specific implementation. Summary of the invention
本发明所要解决的技术问题在于,提出了一种跨域多网守分组网络密 钥协商安全策略实现方法。本发明方法扩展了 H.235协议附录 I中单网守 直接路由限制, 提出一种端点放在不同管理域、 不同网守环境下、 不同 路由模式下的密钥协商方案, 提供呼叫建立以及其以后信令消息安全, 包括认证、 完整性检査及可能的媒体流协议的机密性。  The technical problem to be solved by the present invention is to propose a method for implementing a key agreement negotiation security policy for a cross-domain multi-gatekeeper packet network. The method of the invention extends the single-gatekeeper direct routing restriction in Appendix I of the H.235 protocol, and proposes a key agreement scheme in which the endpoints are placed in different management domains, different gatekeeper environments, and different routing modes, providing call establishment and The subsequent signaling messages are secure, including authentication, integrity checking, and the confidentiality of possible media streaming protocols.
为解决上述技术问题,本发明提出了一种跨域多网守分组网络密钥协 商安全策略实现方法, 包括以下步骤:  To solve the above technical problem, the present invention provides a cross-domain multi-gatekeeper packet network key negotiation security policy implementation method, which includes the following steps:
( 1 )各端点分别与其归属的网守之间通过信令交互执行安全策略协 商, 根据各端点及其归属网守的密钥支持能力确定各端点的本地安全策 略;  (1) Each endpoint performs security policy negotiation through signaling interaction with its home gatekeeper, and determines the local security policy of each endpoint according to the key support capabilities of each endpoint and its home gatekeeper;
(2)主叫端点根据确定的本地安全策略向主叫网守发送密钥协商请 求, 主叫网守根据主叫端点的安全策略与自身的密钥支持能力, 确定最 高与最低优先级密钥协商规程, 并按照最高优先级规程向被叫网守转发 主叫端点的密钥协商请求;  (2) The calling endpoint sends a key negotiation request to the calling gatekeeper according to the determined local security policy, and the calling gatekeeper determines the highest and lowest priority keys according to the security policy of the calling endpoint and its own key support capability. Negotiating procedures, and forwarding the key agreement request of the calling endpoint to the called gatekeeper according to the highest priority procedure;
(3)被叫网守根据自身的密钥支持能力, 判断是否能够按照最高优 先级规程来执行所述被转发的主叫端点的密钥协商请求, 如果可以, 则 按照所述最高优先级规程执行密钥协商, 如果不能, 则按照所述确定的 最低优先级规程执行密钥协商, 并将协商结果通过主叫网守转发给主叫 端点。  (3) The called gatekeeper determines, according to its own key support capability, whether the key negotiation request of the forwarded calling endpoint can be performed according to the highest priority procedure, and if so, according to the highest priority procedure Key negotiation is performed. If not, key negotiation is performed according to the determined lowest priority procedure, and the negotiation result is forwarded to the calling endpoint by the calling gatekeeper.
本发明方法可以进一步包括步骤:  The method of the invention may further comprise the steps of:
(4)主叫端点接收到所述协商结果后, 基于本地安全策略, 决定是 否继续利用协商结果进行后续的信令交互。  (4) After receiving the negotiation result, the calling endpoint determines whether to continue to use the negotiation result for subsequent signaling interaction based on the local security policy.
所述步骤( 1 )中的信令交互过程可以为网守发现过程或 /和注册过程。 所述密钥支持能力可以为是否支持公钥密钥协商。  The signaling interaction process in the step (1) may be a gatekeeper discovery process or/and a registration process. The key support capability may be whether to support public key key negotiation.
所述步骤 (1 )可以包括- ( 1-1 )通过网守发现请求或 /和注册请求消息, 端点向其归属网守 报告其是否支持公钥密钥协商; The step (1) may include - (1-1) By the gatekeeper discovery request or/and the registration request message, the endpoint reports to its home gatekeeper whether it supports public key key negotiation;
( 1 -2) 网守根据端点与自身是否支持公钥密钥协商, 通过网守发 现确认或 /和注册确认消息, 向端点返回确定的端点本地安全策略, 其中: 当端点与网守任何一方不支持公钥密钥协商时,确定端点本地安全策 略为: 希望由网守代为生成共享密钥;  (1 -2) The gatekeeper returns a determined endpoint local security policy to the endpoint based on whether the endpoint supports the public key key negotiation, through the gatekeeper discovery acknowledgement and/or the registration acknowledgement message, where: the endpoint and the gatekeeper either When public key key negotiation is not supported, determine the local security policy of the endpoint as: It is hoped that the gatekeeper will generate the shared key on its behalf;
当端点与网守都支持公钥密钥协商时,确定端点本地安全策略为:希 望与被叫网守通过信令协商来生成共享密钥。  When both the endpoint and the gatekeeper support public key key negotiation, the endpoint local security policy is determined as: the shared key is generated by signaling negotiation with the called gatekeeper.
步骤(2)所述主叫端点向主叫网守发送的密钥协商请求可以为接入 请求消息, 该消息中包含有所述主叫端点的本地安全策略信息。  The key negotiation request sent by the calling endpoint to the calling gatekeeper in step (2) may be an access request message, where the message includes local security policy information of the calling endpoint.
当主叫端点本地安全策略为希望与被叫网守通过信令协商来生成共 享密钥时, 所述接入请求消息中可以进一步包含有公钥信息。  When the calling endpoint local security policy is configured to generate a sharing key by signaling negotiation with the called gatekeeper, the access request message may further include public key information.
步骤 (2)所述主叫网守根据主叫端点的安全策略与自身的密钥支持 能力, 确定密钥协商规程的优先级的步骤, 可以包括:  Step (2) The step of determining the priority of the key agreement procedure by the calling gatekeeper according to the security policy of the calling endpoint and the key support capability of the calling endpoint, which may include:
当该主叫端点本地安全策略为希望由网守代为生成共享密钥,且主叫 网守不支持公钥密钥协商时, 确定密钥协商规程的最高与最低优先级规 程为: 由被叫网守产生会话密钥;  When the calling endpoint local security policy is to generate a shared key by the gatekeeper, and the calling gatekeeper does not support public key key negotiation, the highest and lowest priority procedures for determining the key agreement procedure are: The gatekeeper generates a session key;
当该主叫端点本地安全策略为希望由网守代为生成共享密钥,且主叫 网守支持公钥密钥协商时, 确定密钥协商规程的最高优先级规程为: 主 叫网守与被叫网守使用公钥密钥协商过程产生会话密钥; 最低优先级规 程为: 由被叫网守产生会话密钥;  When the calling endpoint local security policy is to generate a shared key by the gatekeeper, and the calling gatekeeper supports the public key key negotiation, the highest priority procedure for determining the key agreement procedure is: the calling gatekeeper and the The gatekeeper uses the public key key negotiation process to generate a session key; the lowest priority procedure is: generating a session key by the called gatekeeper;
当该主叫端点本地安全策略为希望与被叫网守通过信令协商来生成 共享密钥时, 确定密钥协商规程的最髙优先级规程为: 主叫端点与被叫 网守使用公钥密钥协商过程产生会话密钥; 最低优先级规程为: 由被叫 网守产生会话密钥。  When the calling endpoint local security policy generates a shared key by signaling negotiation with the called gatekeeper, the final priority procedure for determining the key agreement procedure is: the calling endpoint and the called gatekeeper use the public key. The key negotiation process generates a session key; the lowest priority procedure is: The session key is generated by the called gatekeeper.
所述接入请求消息中,可以进一步包括有被叫端点信息,主叫网守根 据该被叫端点信息, 确定被叫端点是否与主叫端点分属不同的管理域。 所述步骤(2) 中, 主叫网守可以按照最高优先级规程向被叫网守转 发主叫端点的密钥协商请求的步骤, 是通过地址解析请求发送的, 该地 址解析请求中包含有所述确定的最高优先级规程信息。 The access request message may further include called endpoint information, and the calling gatekeeper determines, according to the called endpoint information, whether the called endpoint belongs to a different administrative domain than the calling endpoint. In the step (2), the step that the calling gatekeeper can forward the key negotiation request of the calling endpoint to the called gatekeeper according to the highest priority procedure is sent by using an address resolution request, and the address resolution request includes The determined highest priority procedure information.
所述步骤(3) 中, 被叫网守判断是否能够按照最高优先级规程来执 行所述被转发的主叫端点的密钥协商请求的步骤, 可以包括:  In the step (3), the step of the called gatekeeper determining whether the key negotiation request of the forwarded calling endpoint is performed according to the highest priority procedure may include:
当所述最高优先级规程为由被叫网守产生会话密钥时,则判断为可以 按照最高优先级规程来执行密钥协商;  When the highest priority procedure is to generate a session key by the called gatekeeper, it is determined that key negotiation can be performed according to the highest priority procedure;
当所述最高优先级规程为主叫网守与被叫网守使用公钥密钥协商过 程产生会话密钥时, 如果被叫网守支持公钥密钥协商, 则判断为可以按 照最高优先级规程来执行密钥协商; 如果被叫网守不支持公钥密钥协商, 判断为不能按照最高优先级规程来执行密钥协商;  When the highest priority procedure generates a session key for the calling gatekeeper and the called gatekeeper using the public key key negotiation process, if the called gatekeeper supports the public key key negotiation, it is determined that the highest priority can be performed. Procedure to perform key agreement; if the called gatekeeper does not support public key key negotiation, it is determined that key negotiation cannot be performed according to the highest priority procedure;
当所述最高优先级规程为主叫端点与被叫网守使用公钥密钥协商过 程产生会话密钥时, 如果被叫网守支持公钥密钥协商时, 则判断为可以 按照最高优先级规程来执行密钥协商; 如果被叫网守不支持公钥密钥协 商, 则判断为不能按照最高优先级规程来执行密钥协商。  When the highest priority procedure generates a session key for the calling party and the called gatekeeper using the public key key negotiation process, if the called gatekeeper supports the public key key negotiation, it is determined that the highest priority can be followed. Procedure to perform key agreement; if the called gatekeeper does not support public key key negotiation, it is determined that key negotiation cannot be performed according to the highest priority procedure.
使用本发明安全策略实现方法,可以动态协商可信会话密钥,利用密 码学将其与呼叫认证捆绑在一起, 实现分组网络的安全策略, 本发明方 法采用的安全技术与现有标准相容, 安全体系的布置也比较简单, 并且 不需要假定任何附加的安全基础设施方法。 附图概述  By using the security policy implementation method of the present invention, a trusted session key can be dynamically negotiated, and cryptography is used to bundle it with call authentication to implement a security policy of the packet network. The security technology adopted by the method of the present invention is compatible with existing standards. The layout of the security system is also relatively simple and does not require any additional security infrastructure methods to be assumed. BRIEF abstract
图 1 为根据本发明实施例所述的跨域多网守分组网络密钥协商安全 策略实现方法的多网守路由模式场景图;  1 is a scenario diagram of a multi-gateway routing mode for implementing a key agreement security policy for a cross-domain multi-gatekeeper packet network according to an embodiment of the present invention;
图 2为根据本发明实施例所述的跨域多网守分组网络密钥协商安全 策略实现方法的多网守路由呼叫模式下安全策略实施过程图。 本发明的最佳实施方式 本发明的核心思想是不同管理域中的网守 (GK, GateKeeper)根据 所管辖的端点能力, 灵活配制相应的安全策略管理策略来动态选择密钥 分配方式, 进而为不同域之间的端点完成密钥管理任务。 在原理上, 由 于多管理域多网守环境下的 H.323分组网络比封闭的 H.323环境更加开 放, 密钥的管理需要保证一定的安全性。 FIG. 2 is a schematic diagram of a security policy implementation process in a multi-gateway routing call mode according to an implementation method of a cross-domain multi-gatekeeper packet network key agreement security policy according to an embodiment of the present invention. BEST MODE FOR CARRYING OUT THE INVENTION The core idea of the present invention is that a gatekeeper (GK, GateKeeper) in different management domains flexibly configures a corresponding security policy management policy to dynamically select a key distribution mode according to the endpoint capability of the jurisdiction, thereby completing the endpoint between different domains. Key management tasks. In principle, since the H.323 packet network in the multi-administration domain multi-gateway environment is more open than the closed H.323 environment, the key management needs to ensure a certain security.
本发明主要描述了端点放在不同管理域不同网守环境下的不同路由 模式下不同域之间的 GK, 通过对 GRQ/R Q , ARQ/ACF/ARJ , LRQ/LCF/LRJ等信令执行过程, 在二个不同的网守域环境下完成端点之 间的安全密钥协商, 为后续的呼叫信令建立起安全通道, 以防止被伪造、 完整性丢失及可能的机密性丢失。 特别是如果端点支持基于公钥, 如 Diffie-Hellman或(类似于 Diffie-Hellman椭圆曲线方法)等密钥交换时, 目标域 GK将认证源端点及使用与源 GK共享或协商的安全策略对源 GK 进行认证。 认证通过后, 目标 GK将返回含有认证值的 Diffie-Hellman公 钥与源网守标识符 G ID。  The present invention mainly describes the GK between different domains in different routing modes of endpoints placed in different gatekeeper environments in different management domains, and performs signaling processes such as GRQ/RQ, ARQ/ACF/ARJ, LRQ/LCF/LRJ, etc. Secure key agreement between endpoints in two different gatekeeper environments to establish a secure channel for subsequent call signaling to prevent forgery, loss of integrity, and possible loss of confidentiality. In particular, if the endpoint supports key exchange based on a public key, such as Diffie-Hellman or (similar to the Diffie-Hellman elliptic curve method), the target domain GK will authenticate the source endpoint and use the security policy pair source or source that is shared or negotiated with the source GK. GK is certified. After the authentication is passed, the target GK will return the Diffie-Hellman public key with the authentication value and the source gatekeeper identifier G ID.
本发明假定 GK是一个安全模块,可实现密钥存贮,密码算法与机制 协商, 安全管理与维护接入, 可靠性等。 这些安全策略可以软件实现, 也可硬件实现, 或二者兼而有之。 GK在这种安全模式下, 可作为一个可 信的中间实体, 终止逐跳之间的安全关联。 在密钥协商过程中, GK基于 安全策略将生成或转发含有端点一端点之间的共享密钥, 同时可以完成 相关的认证与完整性检査, 这可以通过对各信令内所包含的 CryptoToken 安全相关数据结构重新计算认证码实现。 这里的共享密钥是安全密钥, 是密码学算法安全参数的一部分。 它可以通过口令导出, 或者通过配置 来分配或其它方法。  The present invention assumes that GK is a security module that implements key storage, cryptographic algorithms and mechanisms for negotiation, security management and maintenance access, and reliability. These security policies can be implemented in software, in hardware, or both. In this secure mode, GK acts as a trusted intermediate entity, terminating the security association between hops. During the key negotiation process, the GK will generate or forward a shared key containing an endpoint-end based on the security policy, and at the same time complete the relevant authentication and integrity check, which can be performed by using the CryptoToken included in each signaling. The security-related data structure recalculates the authentication code implementation. The shared key here is a security key and is part of the cryptographic algorithm security parameters. It can be exported by password, or configured to be assigned or other methods.
如图 1所示,为根据本发明实施例所述跨域多网守分组网络密钥协商 安全策略实现方法的多网守路由模式场景图,包括:主叫端点 101 (EpA)、 主叫网守 102 (GkG) 、 中间网守 103、 被叫网守 104 (GkH) 、 被叫端 点 105 (EpB) 。 针对主叫端点 101与主叫网守 102、被叫网守 104对密钥协商方法支 持, 如基于对称密码加密传输会话密钥, Diffie-Hellman (简称 D-H) 公 钥密码实现会话密钥协商等, 本发明实施例描述一种基于优先级安全策 略, 来灵活选择会话密钥分配方式。 具体安全策略如下: As shown in FIG. 1 , a scenario diagram of a multi-gateway routing mode for implementing a cross-domain multi-gatekeeper packet network key agreement security policy according to an embodiment of the present invention includes: a calling endpoint 101 (EpA), a calling network守 102 (GkG), intermediate gatekeeper 103, called gatekeeper 104 (GkH), called endpoint 105 (EpB). Supporting key agreement methods for the calling endpoint 101, the calling gatekeeper 102, and the called gatekeeper 104, such as transmitting a session key based on symmetric cryptographic encryption, Diffie-Hellman (referred to as DH) public key cryptography, implementing session key negotiation, etc. The embodiment of the invention describes a flexible selection of a session key distribution mode based on a priority security policy. The specific security policy is as follows:
主叫端点 101 根据安全强度要求及所注册网守的情况, 可以支持对 称密码实现密钥协商, 也可以支持公钥密码实现密钥协商方法。  The calling endpoint 101 can support the symmetric negotiation of the symmetric password according to the security strength requirement and the registered gatekeeper, and can also support the public key cryptography to implement the key negotiation method.
主叫网守 102根据本地安全策略, 针对主叫端点 101的安全请求, 以主叫端点 101的公钥密码方法为高优先级策略,尽量满足主叫端点 101 的安全请求。 如果不满足, 则重新与主叫端点 101 协商新的对称密码方 法。  The calling gatekeeper 102 uses the public key crypto method of the calling endpoint 101 as a high priority policy according to the local security policy for the security request of the calling endpoint 101, and satisfies the security request of the calling endpoint 101 as much as possible. If not, re-negotiate the new symmetric cryptographic method with the calling endpoint 101.
被叫网守 104根据主叫网守 102转发的端点安全请求, 尽量满足主 叫端点 101或主叫网守 102的基于公钥密码方法的安全请求, 如果不满 足, 则与主叫网守 102协商新的对称密码方法, 并通过主叫网守 102转 发给主叫端点 101。  The called gatekeeper 104 satisfies the security request based on the public key cryptography method of the calling endpoint 101 or the calling gatekeeper 102 according to the endpoint security request forwarded by the calling gatekeeper 102. If not, the calling gatekeeper 102 A new symmetric cryptographic method is negotiated and forwarded to the calling endpoint 101 by the calling gatekeeper 102.
主叫端点 101针对所接收的安全策略协商结果, 基于本地安全策略, 决定是否继续以新协商的安全策略, 进行后续信令交互。  The calling endpoint 101 determines, according to the received security policy negotiation result, whether to continue the subsequent signaling interaction with the newly negotiated security policy based on the local security policy.
本发明实施例提出了一种二端点间借助于各自所属网守来实现共享 密钥协商, 为呼叫信令及以后的 H.245控制信令提供安全保障。  The embodiment of the present invention proposes a shared key negotiation between two endpoints by means of their respective gatekeepers, and provides security for call signaling and subsequent H.245 control signaling.
如图 2所示,为根据本发明实施例所述跨域多网守分组网络密钥协商 安全策略实现方法的多网守路由呼叫模式下安全策略实施过程图, 其具 体步骤为: .  As shown in FIG. 2, a security policy implementation process diagram of a multi-gateway routing call mode according to the method for implementing a cross-domain multi-gatekeeper packet network key agreement security policy according to an embodiment of the present invention is as follows:
(步骤 201 )处于不同域网守管理的主叫端点与被叫端点向各自所属 网守发送 GRQ/ RRQ (网守发现与网守注册请求)信令。  (Step 201) The calling endpoint and the called endpoint that are in different domain gatekeeper management send GRQ/RRQ (gatekeeper discovery and gatekeeper registration request) signaling to their respective gatekeepers.
(步骤 202)主叫、 被叫所属网守向主叫、 被叫端点发送 GCF/RCF (网守发现请求响应与网守注册请求响应) 或 GRJ/RRJ (网守响应拒绝 / 注册响应拒绝) 信令, 完成网守所支持的呼叫模式与端点是否具备公钥 密码方法实现密钥协商能力。 (步骤 203)在呼叫被叫端点之前, 主叫端点向其归属网守 GkG发 送 ARQ消息, 其中可以包含一个独立的 ClearToken, 其内 tokenOID字 段设置为支持所具有的密钥协商能力对象标识(以文本数字方式给出) , 其他字段不使用。 (Step 202) The calling party and the called gatekeeper send GCF/RCF (gatekeeper discovery request response and gatekeeper registration request response) or GRJ/RRJ (gatekeeper response rejection/registration response rejection) to the calling and called endpoints. Signaling, complete the call mode supported by the gatekeeper and whether the endpoint has the public key crypto method to implement the key negotiation capability. (Step 203) Before calling the called endpoint, the calling endpoint sends an ARQ message to its home gatekeeper GkG, which may include an independent ClearToken, where the tokenOID field is set to support the key negotiation capability object identifier (in Text is given numerically), other fields are not used.
(步骤 204)主叫端点的网守 GkG收到 ARQ后,判断被叫端点(ARQ 消息中的 destinationlnfo或者 destCallSignalAddress表示) 是否是自己管 理域,如果不属于自己管辖的端点,则向被叫端点的网守发起 LRQ消息, 以查询被叫端点地址。 主叫网守 GkG安全策略规则是, 如果主叫端点支 持如 Diffie-Hellman密钥协商等公钥方法, 则在 LRQ消息中, 真接转发 主叫端点的密钥协商请求。 这可通过在生成的 LRQ消息中, 包含一个 ClearToken来完成, 其中的 tokenOID设置为向被叫网守指示所需要的密 钥协商能力对象标识符, 而其他字段不使用。 如果主被叫端点处于同一 网守, 则密钥协商方式同 H.235附录 I中所给出的。这里所基于的安全策 略是, 在 GRQ/RRQ, GCF/RCF (或 GRJ/RRJ)的信令交互中, 网守对是 否支持端点的公钥方法进行密钥协商进行了限制规定。 如果允许端点支 持公钥方法, 则可以在后续的信令中, 端点按公钥方法进行密钥协商, 否则只能以对称密码方法进行会话密钥协商。  (Step 204) After receiving the ARQ, the gatekeeper GkG of the calling endpoint determines whether the called endpoint (represented by destinationInfo or destCallSignalAddress in the ARQ message) is its own management domain, and if it does not belong to the endpoint of its own jurisdiction, then to the called endpoint The gatekeeper initiates an LRQ message to query the called endpoint address. The calling gatekeeper GkG security policy rule is that if the calling endpoint supports a public key method such as Diffie-Hellman key agreement, the LRQ message actually forwards the key agreement request of the calling endpoint. This can be done by including a ClearToken in the generated LRQ message, where tokenOID is set to indicate the required key negotiation capability object identifier to the called gatekeeper, while other fields are not used. If the calling and called endpoints are at the same gatekeeper, the key negotiation method is the same as given in H.235 Appendix I. The security policy here is based on the GRQ/RRQ, GCF/RCF (or GRJ/RRJ) signaling interaction, and the gatekeeper imposes restrictions on whether or not to support the endpoint's public key method for key negotiation. If the endpoint is allowed to support the public key method, the endpoint can perform key negotiation by the public key method in the subsequent signaling. Otherwise, the session key negotiation can only be performed by the symmetric cipher method.
(步骤 205) 依据被叫网守 GkH是否支持对主叫端点的公钥方法, 而采取二种不同的策略规则。  (Step 205) Two different policy rules are adopted depending on whether the called gatekeeper GkH supports the public key method for the calling endpoint.
(步骤 206) GkH生成与 EpA之间共享半公钥, 并与 EpA所生成的 半公钥一起生成一个主、 被叫端点所共享的会话密钥 (或共享密钥) 。  (Step 206) The GkH generation shares the semi-public key with the EpA, and together with the semi-public key generated by the EpA, generates a session key (or shared key) shared by the calling and called endpoints.
(步骤 207)共享密钥分别被放入到返回给主叫网守 GkG的 LCF消 息中的二个单独 ClearToken中, 分别用于主叫与被叫端点后面的通信安 全所用。 在这二个 ClearToken中的共享密钥, 分别通过网守-网守、 网守 -端点之间已有的安全加密机制进行保护, 以防止传递过程的泄露。  (Step 207) The shared key is respectively placed in two separate ClearTokens in the LCF message returned to the calling gatekeeper GkG, respectively for the communication security behind the calling and called endpoints. The shared keys in the two ClearTokens are protected by a security encryption mechanism between the gatekeeper-gatekeeper and the gatekeeper-end, respectively, to prevent leakage of the delivery process.
(步骤 208)主叫网守 GkG转发 GkH与主叫端点通过公钥方法协商 的安全会话密钥, 通过 ACF消息返回给主叫端点 EpA。 从而完成了基于 端点公钥方法实现会话密钥协商的过程。 (Step 208) The calling gatekeeper GkG forwards the secure session key negotiated by the GkH and the calling endpoint through the public key method, and returns to the calling endpoint EpA through the ACF message. Thereby completing the basis The endpoint public key method implements the process of session key negotiation.
(步骤 209) 当 GkH不支持与端点的公钥方法生成主、 被叫端点共 享会话密钥时, 则由 GkH单独生成一个会话密钥, 可以采用随机数产生 的方式生成该会话密钥。  (Step 209) When GkH does not support the public key method of the endpoint to generate the shared session key of the calling and called endpoints, a session key is separately generated by GkH, and the session key may be generated by using a random number generation method.
(步骤 210) 由于被叫网守 GkH没有满足主叫网守转发的密钥协商 请求方法, 为了尽可能地完成密钥协商, GkH与主叫网守以对称密码方 式保护其为主、 被叫端点生成的共享密钥。 并以 LRJ消息返回给主叫网 守 GkG。 主叫端点网守收到 LRJ消息后, 检验该消息中 ClearToken的 tokenOID标志,二个网守之间 GkG根据前面所协商的安全策略解密出用 于主叫端点 ClearToken中的共享密钥, 然后利用与主叫端点所预配置的 安全策略重新产生一个含有加密共享密钥的用于主叫用户的令牌, 同时 复制 LRJ消息中用于被叫端点的 ClearToken, 放入到返回给主叫端点的 ARJ消息中并发送。  (Step 210) Since the called gatekeeper GkH does not satisfy the key agreement request method forwarded by the calling gatekeeper, in order to complete the key negotiation as much as possible, the GkH and the calling gatekeeper protect the master and the called party by using a symmetric password. The shared key generated by the endpoint. It is returned to the calling gateway GkG as an LRJ message. After receiving the LRJ message, the calling endpoint gatekeeper checks the tokenOID flag of the ClearToken in the message, and the GkG between the two gatekeepers decrypts the shared key used in the calling endpoint ClearToken according to the previously negotiated security policy, and then uses and The security policy pre-configured by the calling endpoint regenerates a token for the calling user with the encrypted shared key, and copies the ClearToken for the called endpoint in the LRJ message, and puts it into the ARJ returned to the calling endpoint. Send in the message.
(步骤 _ 211 )主叫网守根据 LRJ消息, 恢复出共享密钥, 并在 ARJ 消息中, 通过与主叫端点 EpA所共享的安全策略加密保护该共享密钥或 会话密钥。 主叫端点收到 ACF (或 ARJ) 消息后, 提取与被叫端点所共 享的秘密, 用于后面的呼叫信令安全保护, 如 ITU-T H.235V3附录 D的 鉴权。  (Step 211) The calling gatekeeper recovers the shared key according to the LRJ message, and encrypts the shared key or session key in the ARJ message through a security policy shared with the calling endpoint EpA. After receiving the ACF (or ARJ) message, the calling endpoint extracts the secret shared with the called endpoint for subsequent call signaling security protection, such as the authentication of ITU-T H.235V3 Appendix D.
(步骤 212)主叫端点 EpA基于对称密码方法, 在 ARQ消息中, 请 求网守为其分配与被叫端点 EpB共享密钥。  (Step 212) The calling endpoint EpA is based on the symmetric cipher method. In the ARQ message, the gatekeeper is requested to share the key with the called endpoint EpB.
(步骤 213) GkG基于本身是否支持公钥方法与被叫网守 GkH共同 协商, 为主被叫端点协商出会话密钥。  (Step 213) GkG negotiates with the called gatekeeper GkH based on whether the public key method itself supports, and negotiates the session key for the called terminal.
(步骤 214) GkG以 LRQ消息, 向 GkH发出对称密码方法生成主、 被叫端点之间共享的会话密钥 (共享密钥) 。  (Step 214) GkG sends a symmetric key method to GkH to generate a session key (shared key) shared between the calling and called endpoints by using the LRQ message.
(步骤 215) 生成 GkG-GkH会话密钥半公钥。  (Step 215) Generate a GkG-GkH session key semi-public key.
(步骤 216) GkG以 LRQ消息, 向 GkH发出公钥方法生成主、被叫 端点之间共享的会话密钥 (共享密钥) 。 (步骤 217) GkH基于本身是否支持公钥方法决定生成何种密钥。 (步骤 218)被叫网守支持与主叫网守之间采用公钥方法,生成 GkH- GkG会话密钥半公钥。 (Step 216) The GkG issues a public key method to the GkH in the LRQ message to generate a session key (shared key) shared between the calling and called endpoints. (Step 217) GkH decides which key to generate based on whether or not it supports the public key method. (Step 218) The public key method is used between the called gatekeeper support and the calling gatekeeper to generate a GkH-GkG session key semi-public key.
(步骤 219 )GkH以 LCF消息,向 GkG发出公钥方法生成的 GkH-GkG 会话密钥半公钥。  (Step 219) GkH sends the GkH-GkG session key semi-public key generated by the public key method to GkG in the LCF message.
(步骤 220) GkG将与被叫网守之间以公钥方法协商出会话密钥,以 ACF 消息, 向 EpA 发出会话密钥,并采用在 GRQ/GCF/GRJ (或 RRQ/RCF/RRJ)信令交互阶段所协商的安全策略实施保护。  (Step 220) GkG will negotiate the session key with the called gatekeeper by public key method, send the session key to EpA with ACF message, and adopt the letter in GRQ/GCF/GRJ (or RRQ/RCF/RRJ). The security policy negotiated during the interaction phase is enforced.
(步骤 221 )被叫网守不支持与主叫网守采用公钥方法, GkH生成会 话密钥。  (Step 221) The called gatekeeper does not support the public key method with the calling gatekeeper, and GkH generates the session key.
(步骤 222) GkH以 LRJ消息, 向 GkG发出对称密码方法生成的会 话密钥。  (Step 222) GkH sends a session key generated by the symmetric cryptographic method to GkG in the LRJ message.
(步骤 223) GkG以 ACF消息, 向 EpA发出对称密码方法方法生成 的会话密钥。  (Step 223) GkG sends the session key generated by the symmetric cryptographic method to EpA in the ACF message.
(步骤 224) 当 GkH不支持与端点的公钥方法生成主、 被叫端点共 享会话密钥时, 则由 GkH单独生成一个会话密钥。  (Step 224) When GkH does not support sharing the session key with the endpoint's public key method to generate the primary and called endpoints, a session key is generated separately by GkH.
(步骤 225), GkH与主叫网守以对称密码方式保护其为主、被叫端 点生成的共享密钥。 并以 LRJ消息返回给主叫网守 GkG。  (Step 225), the GkH and the calling gatekeeper protect the shared key generated by the master and the called endpoint in a symmetric cipher manner. It is returned to the calling gatekeeper GkG as an LRJ message.
(步骤 226 )主叫网守根据 LRJ消息,恢复出共享密钥,并在 ACF/ARJ 消息中, 通过与主叫端点 EpA所共享的安全策略加密保护该共享密钥或 会话密钥。  (Step 226) The calling gatekeeper recovers the shared key according to the LRJ message, and encrypts the shared key or session key in the ACF/ARJ message through a security policy shared with the calling endpoint EpA.
(步骤 227) 主叫端点收到 ACF/ARJ消息后, 提取与被叫端点所共 享的秘密, 向 EpB发出呼叫建立请求消息 Setup。  (Step 227) After receiving the ACF/ARJ message, the calling endpoint extracts the secret shared with the called endpoint and sends a call setup request message Setup to the EpB.
(步骤 228) EpB向 EpA发送 Call Proceeding消息,响应呼叫建立请 求消息同时执行步骤 229。  (Step 228) The EpB sends a Call Proceeding message to the EpA, and performs a step 229 in response to the call setup request message.
(步骤 229) EpB向 GkH发送 ARQ消息。  (Step 229) EpB sends an ARQ message to GkH.
(步骤 230) GkH向 EpB响应 ACF消息。 (步骤 231 ) EpB向 EpA发送 Alerting消息。 (Step 230) GkH responds to the ACF message to EpB. (Step 231) EpB sends an Alerting message to EpA.
(步骤 232) EpB向 EpA发送 connect消息, 建立呼叫连接。  (Step 232) EpB sends a connect message to EpA to establish a call connection.
步骤 203至步骤 211说明了主被叫网守对于主叫端点支持公钥方法 时, 如何为主、 被叫端点完成会话密钥协商的安全策略。  Steps 203 to 211 illustrate a security policy for the calling party and the called party to complete the session key negotiation for the calling party and the called party when the calling party supports the public key method.
步骤 206到步骤 208, 说明被叫网守 GkH支持与主叫端点 EpA之间 采用公钥方法进行会话密钥协商。  In step 206 to step 208, the public key method is used between the called gatekeeper GkH and the calling endpoint EpA for session key negotiation.
步骤 209到步骤 211, 说明被叫网守 GkH不支持与主叫端点 EpA之 间采用公钥方法进行会话密钥协商时, 为动态完成密钥协商所采取的安 全策略与步骤。  Step 209 to step 211, indicating that the called gatekeeper GkH does not support the security policy and steps taken to dynamically complete the key negotiation when using the public key method for session key negotiation with the calling endpoint EpA.
步骤 212到步骤 226中, 说明了主、 被网守支持或不支持公钥方法 时, 如何基于对称密码方法为主、 被叫端点完成会话密钥协商。  In step 212 to step 226, it is explained that when the master, the gatekeeper supports or does not support the public key method, how to perform the session key negotiation based on the symmetric cryptographic method and the called endpoint.
步骤 215-217中, GkG与 GkH以公钥方法协商会话密钥。  In steps 215-217, GkG and GkH negotiate the session key in a public key method.
步骤 218-220说明了被叫网守支持与主叫网守之间采用公钥方法时 的信令流程。  Steps 218-220 illustrate the signaling flow when the called gatekeeper supports the public key method between the calling gatekeeper and the calling gatekeeper.
步骤 221-223 说明了被叫网守不支持与主叫网守采用公钥方法时采 用对称密码方法生成并传输会话密钥的信令流程。  Step 221-223 illustrates the signaling flow that the called gatekeeper does not support the use of the symmetric cryptographic method to generate and transmit the session key when the calling gatekeeper adopts the public key method.
步骤 224-226中, 说明了 GkH生成会话密钥的过程。  In steps 224-226, the process of generating a session key by GkH is illustrated.
本发明实施例适用于 H.323 系统跨网守管理范围的直接路由及可选 路由模式。 假设主 /被叫端点分别注册在不同的主 /被叫网守上, 通讯过程 是在没有安全性保证的 IP网络上进行。  The embodiments of the present invention are applicable to direct routing and optional routing modes of the H.323 system across the network management scope. Assume that the master/called endpoints are registered on different master/called gatekeepers, and the communication process is performed on an IP network without security guarantee.
实施本发明实施例的前提是: 网守对其管理端点的所有 RAS消息进 行认证与完整性检査, 端点对也对网守的 RAS消息进行认证与完整性检 查, 从而使端点和所属网守之间达到相互信任目的, 以便能捡査出欺诈 的实体, 并将被欺诈可能性降到最小。  The premise of implementing the embodiment of the present invention is: the gatekeeper performs authentication and integrity check on all RAS messages of the management endpoint, and the endpoint pair also performs authentication and integrity check on the RAS message of the gatekeeper, so that the endpoint and the associated gatekeeper To achieve mutual trust, so that fraudulent entities can be identified and the likelihood of fraud is minimized.
中间实体网守与网守之间也进行相互鉴别, 避免网守域间的恶意攻 击。 在上述条件下, 能够保证 H.323端点之间 RAS信道的安全性, 以此 为基础可实现呼叫信令的安全性。 本发明实施例用下列符号表示端点与网守的能力或二者组合,以及区 分主叫 /被叫端点所保存的共享密钥, 符号表示的意义: The intermediate entity gatekeeper and the gatekeeper also authenticate each other to avoid malicious attacks between the gatekeeper domains. Under the above conditions, the security of the RAS channel between H.323 endpoints can be guaranteed, and the security of call signaling can be realized based on this. The embodiment of the present invention uses the following symbols to indicate the capability of the endpoint and the gatekeeper or a combination of the two, and distinguishes the shared key held by the calling/called endpoint, and the meaning of the symbol representation:
"10" 表示主叫端点不支持 D-H,主叫网守或被叫网守不支持 D-H密 钥协商过程。  "10" indicates that the calling endpoint does not support D-H, and the calling gatekeeper or called gatekeeper does not support the D-H key negotiation process.
'Ί 在返回主叫端点的独立 ClearToken中使用,表示此 ClearToken 中包含会话密钥。  'Ί Used in a separate ClearToken returning to the calling endpoint, indicating that this ClearToken contains a session key.
"12" 在被叫网守交给被叫端点独立 ClearToken 中使用, 表示此 ClearToken中包含会话密钥。  "12" is used in the called Clear Gate to the called endpoint independent ClearToken, indicating that this ClearToken contains the session key.
"13" 表示主叫端点不支持 G-H过程, 但主叫与被叫网守支持 D-H 过程。  "13" indicates that the calling endpoint does not support the G-H process, but the calling and called gatekeepers support the D-H process.
"14" 表示主叫端点支持 D-H过程, 被叫网守支持 D-H过程。  "14" indicates that the calling endpoint supports the D-H process, and the called gatekeeper supports the D-H process.
本发明实施例分别在端点与网守支持与不支持 Diffie-Hdlman (简称 Embodiments of the present invention support and not support Diffie-Hdlman in endpoints and gatekeepers respectively.
D-H)公钥方法的情况下, 说明本发明在直接路由模式下, 如何灵活选择 会话密钥分配方式。 In the case of the D-H) public key method, it is explained how the present invention flexibly selects the session key allocation mode in the direct routing mode.
本发明虽然以 H.323系统跨网守管理范围的直接路由模式为实施例, 但是对于各种路由方式, 本发明方法都是适用的。  Although the present invention uses the direct routing mode of the H.323 system across the network management scope as an embodiment, the method of the present invention is applicable to various routing methods.
假设主 /被叫端点分别注册在不同的主 /被叫网守上, 通讯过程是在没 有安全性保证的 IP网络上进行。 本实施例基于前面描述的安全策略给出 直接路由呼叫模式下 (DRC)几种有实用价值场景的会话密钥生成过程 描述。  Assume that the master/called endpoints are registered on different master/called gatekeepers respectively, and the communication process is performed on an IP network without security guarantee. This embodiment gives a description of the session key generation process in the direct routed call mode (DRC) with several practical scenarios based on the security policy described above.
DRC I : 主叫端点与主叫 GK不支持 D-H过程, 只要求被叫 GK产 生会话密钥情况。  DRC I: The calling endpoint and the calling party GK do not support the D-H process, only the called GK is required to generate the session key.
DRC II : 主叫端点不支持 D-H过程, 主 /被叫 GK使用 D-H过程协 商会话密钥的情况。  DRC II: The calling endpoint does not support the D-H process, and the master/called GK uses the D-H process to negotiate the session key.
DRC III : 主叫端点支持 D-H过程, 主叫端点与被叫 GK使用 D-H 过程协商会话密钥的情况。  DRC III: The calling endpoint supports the D-H process, where the calling endpoint and the called GK negotiate the session key using the D-H procedure.
下面根据 RAS信令与呼叫信令的逻辑顺序来说明以上三种过程中具 体协议实现过程。 The following three processes are described based on the logical sequence of RAS signaling and call signaling. The implementation of the body protocol.
1. GRQ/GCF或 RRQ/RCF信令阶段: GK发现过程(GRQ/GCF) 或 /和注册过程 (RRQ/RCF)中,端点向归属 GK表明其是否支持公钥 (D-H) 过程。方法是在 GRQ(或 RRQ )中包含一个独立 ClearToken,其中 tokenOID 设置为 "10", 表明不支持 DH过程, 设置为 "14", 则表明支持。 GK 在收到 GRQ (或 RRQ) 后识别出 ClearToken中的 tokenOID, 根据管理 策略决定是否支持此端点, 回复相应 GCF (或 RCF ) , 在所包含的 ClearToken中, 对 tokenOID设置判断如下: 如果 GK不支持端点 D-H密 钥协商过程, 则设置为 "10"而不管该端点是如何设置的, 这表明安全策 略是由网守代为生成共享密钥; 如果 GK支持该端点的 D-H过程, 且网 守的管理策略也支持该端点, 则设置为 "14" 。 而主 /被叫 GK在以后为 二边的端点分配会话密钥时, 是由网守之间通过信令的协商, 来选择具 体哪一种密钥协商过程: DRC I、 DRC II或 DRCIII过程。  1. GRQ/GCF or RRQ/RCF signaling phase: In the GK discovery process (GRQ/GCF) or / and registration process (RRQ/RCF), the endpoint indicates to the home GK whether it supports the public key (D-H) process. The method is to include a separate ClearToken in GRQ (or RRQ), where tokenOID is set to "10", indicating that the DH process is not supported, and setting to "14" indicates support. After receiving the GRQ (or RRQ), the GK recognizes the tokenOID in the ClearToken, determines whether to support the endpoint according to the management policy, and replies to the corresponding GCF (or RCF). In the included ClearToken, the tokenOID is set as follows: If the GK is not Support the endpoint DH key negotiation process, set to "10" regardless of how the endpoint is set, which indicates that the security policy is generated by the gatekeeper to generate the shared key; if the GK supports the DH process of the endpoint, and the gatekeeper The management policy also supports this endpoint, which is set to "14". When the master/called GK assigns a session key to the endpoints of the two sides in the future, it is determined by the signaling between the gatekeepers to select which key negotiation process: DRC I, DRC II or DRCIII process.
2. ARQ请求阶段:  2. ARQ request phase:
在主叫 EpA在使用直接路由模式呼叫被叫 EpB之前,主叫端点 EpA 向归属 GkG发送 ARQ, 其中包含一个独立的 ClearToken, 假设为 CTA, 其中的 tokenOID设置如下: 如果希望由 GK代为生成安全共享密钥, 则 为 "10", 其他字段不使用; 如果 EpA希望采用 D-H与被叫网守协商共 享密钥, 则将其 D-H公钥放在的 dhkey域中, tokenOID为 "14", 其他 字段不使用。  Before the calling EpA calls the called EpB in the direct routing mode, the calling endpoint EpA sends an ARQ to the home GkG, which includes an independent ClearToken, which is assumed to be a CTA, wherein the tokenOID is set as follows: If it is desired to generate a secure share by GK The key is "10", other fields are not used; if EpA wants to use DH to negotiate the shared key with the called gatekeeper, put its DH public key in the dhkey domain, tokenOID is "14", other fields Do not use.
3. LRQ请求阶段:  3. LRQ request phase:
GkG在收到 EpA发来的 ARQ后, 如果判断被叫 EpB属于同一管理 域(消息中的 destinationlnfo或 destCallSignalAddress表示 EpB) , 共享 密钥协商过程同附录 I/H.235; 如果判断不属于同一管理域, 则发起 LRQ 消息向 GkH查询 EpB的地址。 LRQ消息包含一个 ClearToken,其内部各 子域的设置规则由 EpA能力与 GkG所采用具体密钥协商规程而定,具体 设置如下: DRC I:当 ARQ中的 ClearToken的 tokenOID为',10", GkG生成 LRQ, 包含一个 ClearToken, 其中 tokenOID设置为 "10", ClearToken的其他字 段不使用, 表明需要被叫 GK分配会话密钥 Kab。 After receiving the ARQ sent by EpA, GkG determines that the called EpB belongs to the same administrative domain (destinationInfo or destCallSignalAddress in the message indicates EpB), and the shared key negotiation process is the same as Appendix I/H.235; The domain then initiates an LRQ message to query GkH for the address of EpB. The LRQ message contains a ClearToken. The setting rules of each internal sub-domain are determined by the EpA capability and the specific key negotiation procedure adopted by GkG. The specific settings are as follows: DRC I: When the tokenOID of the ClearToken in the ARQ is ', 10', GkG generates LRQ, which contains a ClearToken, where the tokenOID is set to "10", and other fields of the ClearToken are not used, indicating that the called GK needs to be assigned the session key Kab.
DRC II:当 ARQ中的 ClearToken的 tokenOID为,,10", GkG生成 LRQ, 包含一个 ClearToken, 其中 tokenOID设置为 "13", 表明期望与被叫 GK 使用 D-H 过程为二边端点协商出共享会话秘密。 GkG 产生并设置 ClearToken中的 dhkey作为 DH公钥。  DRC II: When the tokenOID of the ClearToken in ARQ is ,, 10", GkG generates LRQ, which contains a ClearToken, where tokenOID is set to "13", indicating that it is expected to negotiate with the called GK to use the DH process to negotiate a shared session secret for the two endpoints. GkG generates and sets the dhkey in the ClearToken as the DH public key.
DRC III: 当 ARQ中的 ClearToken的 tokenOID为 " 14", 应根据安 全策略选择使用 DRC III过程。 GkG生成 LRQ,其中包含从 ARQ复制过 来的 ClearToken。  DRC III: When the tokenOID of the ClearToken in the ARQ is "14", the DRC III process should be selected according to the security policy. GkG generates LRQ, which contains the ClearToken copied from ARQ.
LCF确认  LCF confirmation
GkH收到 LRQ后并识别出 EpA与 EpB支持这种呼叫模式, 根据所 含 ClearToken的 tokenOID执行不同密钥协商过程来生成基于呼叫的共享 密钥 Kab与二个独立的 ClearToken。一个用于主叫网守 GkG,称为 CTg; 另一个用于被叫端点 EpB,称为 CTb。这个 Kab然后通过使用 CTg与 CTb 将分别推送到 GkG与 EpB。 具体做法如下:  After receiving the LRQ, GkH recognizes that EpA and EpB support this call mode, and performs different key negotiation processes according to the tokenOID of the ClearToken to generate a call-based shared key Kab and two independent ClearTokens. One is used for the calling gatekeeper GkG, called CTg; the other is used for the called endpoint EpB, called CTb. This Kab is then pushed to GkG and EpB by using CTg and CTb, respectively. The specific practices are as follows:
DRC I: 如果 tokenOID为' Ί0", 表明主叫端点与网守都不支持 D-H 过程,要求被叫网守为其生成共享密钥。这种情形下, GkH随机产生 Kab。 为了加密 Kab, 首先, GkH产生随机的 challenge, 并用和 GkG之间的共 享密钥 Kgh和 challenge以及事先配置的密钥推导算法导出密钥 EKgh。 然后, GkH用 EKgh加密 Kab得到 EKabl, 并把 EKabl和加密参数(加 密算法和加密用初始化向量) 一起, 设置到 CTg.h235Key. secureSharedSecret字段中, 具体细节可参考 H.235附录 I, 并设置 CTg 的 tokenOID为 " 10"表明被叫 GK不支持 D-H密钥协商。 同时, GkH使 用类似的过程产生另一个 ClearToken,设置 tokenOID为 "12",称为 CTb。 最后, GkH生成 LCF, 其中包含 CTg和 CTb。 DRC I: If the tokenOID is 'Ί0', it indicates that neither the calling endpoint nor the gatekeeper supports the DH process, and the called gatekeeper is required to generate a shared key for it. In this case, GkH randomly generates Kab. In order to encrypt Kab, first GkH generates a random challenge and derives the key EK g h using the shared key Kgh and challenge between GkG and the pre-configured key derivation algorithm. Then, GkH encrypts Kab with EKgh to get EKabl, and EKabl and encryption parameters (Encryption algorithm and encryption initialization vector) together, set to CTg.h235Key. secureSharedSecret field, please refer to H.235 Appendix I for details, and set CTg's tokenOID to "10" to indicate that the called GK does not support DH key negotiation. At the same time, GkH uses a similar process to generate another ClearToken, setting the tokenOID to "12", called CTb. Finally, GkH generates LCF, which contains CTg and CTb.
DRC II: 这时的 tokenOID为 "13", 表明网守之间支持 D-H算法且 安全策略允许使用 D-H过程。如果 GkH也支持 D-H过程且安全能力相匹 配, 则 GkH生成自己 D-H公钥, 并和 LRQ内 GkG的 D-H公钥一起, 使 用 D-H算法计算出会话共享密钥 Kab。 然后, 使用与上面 DRC I类似过 程生成 CTb, tokenOID为 "12"。 最后, GkH生成 LCF, 其中包含 CTb 和一个独立 ClearToken (tokenOID为 "13" ) CTg, 其中有设置好期望的 DH公钥。 DRC II: The tokenOID at this time is "13", indicating that the DH algorithm is supported between the gatekeepers. Security policies allow the use of DH processes. If GkH also supports the DH process and the security capabilities match, GkH generates its own DH public key and, together with the DH public key of GkG in LRQ, uses the DH algorithm to calculate the session shared key Kab. Then, CTb is generated using a procedure similar to DRC I above, with tokenOID "12". Finally, GkH generates an LCF containing CTb and a separate ClearToken (tokenOID is "13") CTg, which has the desired DH public key set.
如果 GkH不支持 DH算法或安全策略不允许使用 DH过程, 则 GkH 应该使用 DRC I过程生成 LRJ。  If GkH does not support the DH algorithm or the security policy does not allow the use of DH procedures, then GkH should use the DRC I procedure to generate the LRJ.
DRCIII: 当 tokenOID为 "14" , 若 GkH支持 DH算法且安全策略 允许使用 DH过程, 则 GkH开始与 EpA协商会话密钥。首先, GkH生成 期望的 DH公钥, 与从 LRQ中获取的公钥一起, 使用 DH算法计算出会 话密钥 Kab。 然后, 使用与 DRC I过程类似方法生成 CTb, tokenOID为 "12"。 最后, GkH生成 LCF, 其中包含 CTb和一个独立 ClearToken (tokenOID为" 15") CTg, 其中有设置好期望的 DH公钥。  DRCIII: When tokenOID is "14", if GkH supports DH algorithm and the security policy allows DH process, GkH starts negotiating session key with EpA. First, GkH generates the desired DH public key, and together with the public key obtained from the LRQ, uses the DH algorithm to calculate the session key Kab. Then, a CTb is generated using a method similar to the DRC I procedure, with a tokenOID of "12". Finally, GkH generates LCF, which contains CTb and a separate ClearToken (tokenOID is "15") CTg, which has the desired DH public key set.
如果 GkH不支持 DH算法或安全策略不允许使用 DH过程,则 GkH 应该使用 DRC I过程生成 LRJ。  If GkH does not support the DH algorithm or the security policy does not allow the use of DH procedures, then GkH should use the DRC I procedure to generate the LRJ.
5. ACF/ARJ确认  5. ACF/ARJ confirmation
GkG收到 LCF/LRJ后, 检验消息中的 CTg的 tokenOID为 "13" 时, 采用 D-H密钥协商算法计算出 Kab, 产生 CTa, 其内 tokenOID设为 "II "。 具体做法是: 从独立 ClearToken中获得 GkH的 DH共钥, 与自 己保存的 DH共钥一同使用 DH算法计算出会话密钥 Kab;然后使用与下 面相同方法生成 CTa。 最后, GkG生成 ACF或 ARJ, 其中包含 CTa (tokenOID为, Ί )和从 LCF/LRJ复制过来的 CTb (tokenOID为 "12") 。  After GkG receives the LCF/LRJ and checks that the tokenOID of the CTg in the message is "13", the Kab is calculated by the D-H key negotiation algorithm, and CTa is generated, and the tokenOID is set to "II". The specific method is as follows: Get the DH common key of GkH from the independent ClearToken, and use the DH algorithm to calculate the session key Kab together with the DH shared key saved by itself; then use the same method as below to generate CTa. Finally, GkG generates ACF or ARJ, which contains CTa (tokenOID is Ί) and CTb (tokenOID is "12") copied from LCF/LRJ.
如果 CTg的 tokenOID为" 10"时,首先, GkG通过 CTg中的 challenge、 IV以及指定的密钥导出算法导出密钥 EKgh; 然后, GkG用 EKgh解密 EKabl得到 Kab; 最后产生 CTa, 其内 tokenOID设为 "II " 。 CTa的生 成做法如下:首先, GkG用 GkG和 EpA之间的共享密钥 Kag和 challenge 以及指定的密钥导出算法导出密钥 EKag。 然后, GkG用 EKag加密 Kab 得到 EKabl, 并把 EKaM和加密参数(加密算法和加密用到的初始化向 量 IV)—起,设置到一个独立的 CTa.h235Key.secureSliaredSecret字段中。 最后, GkG生成 ACF/ARJ,其中包含 CTa和从 LCF/LRJ复制过来的 CTb。 If the tokenOID of the CTg is "10", first, GkG derives the key EKgh through the challenge, IV in the CTg and the specified key derivation algorithm; then, GkG decrypts EKabl with EKgh to obtain the Kab; finally, CTa is generated, and the tokenOID is set therein. For "II". CTa is generated as follows: First, GkG uses the shared key Kag and challenge between GkG and EpA. And the specified key export algorithm derives the key EKag. Then, GkG encrypts Kab with EKag to get EKabl, and sets EKAM and encryption parameters (encryption algorithm and initialization vector IV used for encryption) to a separate CTa.h235Key.secureSliaredSecret field. Finally, GkG generates ACF/ARJ, which contains CTa and CTb copied from LCF/LRJ.
如果 GkG收到的 LCF消息中 ClearToken的 tokenOID为 "14", 则 If the tokenOID of the ClearToken in the LCF message received by GkG is "14", then
GkG生成 ACF, 其中包含从 LCF中复制过来的所有 ClearToken。 GkG generates ACF, which contains all ClearTokens copied from the LCF.
6. Setup  6. Setup
EpA收到 ACF后,检验消息中独立 ClearToken的 tokenOID为" 14", 计算会话密钥。 做法是, 从 ClearToken中获得被叫方的 DH共钥, 与自 己保存的 DH共钥一同使用 DH算法计算出会话密钥 Kab。其它情况则直 接提取 CTa, 并根据 CTa中信息和其与 GkG的共享密钥 Kag导出密钥 EKag , 然后 使用 EKag 解密 CTa.h235Key.secureSharedSecret. encryptedSessionKey得到密钥 Kab。 EpA创建 Setup消息, 把 ACF消息 中的 CTb复制到 Setup消息中, 然后利用共享密钥 Kab设置 H235V3附 录 D鉴权信息。 EpA直接向 EpB发出呼叫建立请求消息 Setup。  After EpA receives the ACF, it checks the tokenOid of the independent ClearToken in the message as "14" and calculates the session key. The method is to obtain the DH common key of the called party from the ClearToken, and use the DH algorithm to calculate the session key Kab together with the DH shared key saved by itself. In other cases, the CTa is directly extracted, and the key EKag is derived based on the information in CTa and its shared key Kag with GkG, and then the key Kab is obtained by decrypting CTa.h235Key.secureSharedSecret. encryptedSessionKey using EKag. EpA creates a Setup message, copies the CTb in the ACF message into the Setup message, and then sets the H235V3 appendix D authentication information using the shared key Kab. EpA sends a call setup request message Setup directly to EpB.
7. 后面的呼叫信令设置:  7. The following call signaling settings:
EpB收到 Setup消息后, 提取 CTb, 并根据 CTb中信息和其与 GkH 的共享密钥 Kbh导出密钥 EKbh, 然后使用 EKbh解密 CTb .h235Key. secureSharedSecret.encr ptedSessionKey得到密钥 Kab;此时, EpB就可以 使用 Kab对 Setup及后续的呼叫信令消息进行鉴权。 工业实用性  After receiving the Setup message, EpB extracts the CTb, and derives the key EKbh according to the information in CTb and its shared key Kbh with GkH, and then uses EKbh to decrypt CTb.h235Key.secureSharedSecret.encr ptedSessionKey to obtain the key Kab; at this time, EpB Kab can be used to authenticate Setup and subsequent call signaling messages. Industrial applicability
通过上述本发明实施例方法,基于本发明的安全策略,可动态协商出 一个可信会话密钥, 利用密码学将其与呼叫认证捆绑在一起, 包括会话 密钥刷新需求。 本发明在实施过程中, 采用的安全技术与现有标准相容, 安全体系的布置也比较简单并且不假定任何附加的安全基础设施方法, 诸如智能卡及复杂的管理协议。  Through the foregoing method of the embodiment of the present invention, based on the security policy of the present invention, a trusted session key can be dynamically negotiated, and cryptographically bundled with call authentication, including session key refresh requirement. In the implementation of the present invention, the adopted security technology is compatible with existing standards, and the security system is also relatively simple in arrangement and does not assume any additional security infrastructure methods, such as smart cards and complex management protocols.

Claims

权 剎 要 求 书 Power brake request
1、 一种跨域多网守分组网络密钥协商安全策略实现方法, 其特征在 于, 包括以下步骤: A method for implementing a key agreement security policy for a cross-domain multi-gatekeeper packet network, characterized in that the method comprises the following steps:
( 1 )各端点分别与其归属的网守之间通过信令交互执行安全策略协 商, 根据各端点及其归属网守的密钥支持能力确定各端点的本地安全策 略;  (1) Each endpoint performs security policy negotiation through signaling interaction with its home gatekeeper, and determines the local security policy of each endpoint according to the key support capabilities of each endpoint and its home gatekeeper;
(2)主叫端点根据确定的本地安全策略向主叫网守发送密钥协商请 求, 主叫网守根据主叫端点的安全策略与自身的密钥支持能力, 确定最高 与最低优先级密钥协商规程,并按照最高优先级规程向被叫网守转发主叫 端点的密钥协商请求;  (2) The calling endpoint sends a key negotiation request to the calling gatekeeper according to the determined local security policy, and the calling gatekeeper determines the highest and lowest priority keys according to the security policy of the calling endpoint and its own key support capability. Negotiating the procedure and forwarding the key agreement request of the calling endpoint to the called gatekeeper according to the highest priority procedure;
(3)被叫网守根据自身的密钥支持能力, 判断是否能够按照最高优 先级规程来执行所述被转发的主叫端点的密钥协商请求,如果可以,则按 照所述最高优先级规程执行密钥协商,如果不能,则按照所述确定的最低 优先级规程执行密钥协商, 并将协商结果通过主叫网守转发给主叫端点。  (3) The called gatekeeper determines, according to its own key support capability, whether the key negotiation request of the forwarded calling endpoint can be performed according to the highest priority procedure, and if so, according to the highest priority procedure Key negotiation is performed. If not, key negotiation is performed according to the determined lowest priority procedure, and the negotiation result is forwarded to the calling endpoint by the calling gatekeeper.
2、 如权利要求 1所述的方法, 其特征在于, 进一步包括步骤- 2. The method of claim 1 further comprising the step of -
(4)主叫端点接收到所述协商结果后, 基于本地安全策略, 决定是 否继续利用协商结果进行后续的信令交互。 (4) After receiving the negotiation result, the calling endpoint determines whether to continue to use the negotiation result for subsequent signaling interaction based on the local security policy.
3、 如权利要求 1所述的方法, 其特征在于, 所述步骤(1 ) 中的信令 交互过程为网守发现过程或 /和注册过程。  3. The method according to claim 1, wherein the signaling interaction process in the step (1) is a gatekeeper discovery process or/and a registration process.
4、 如权利要求 1所述的方法, 其特征在于, 所述密钥支持能力为是 否支持公钥密钥协商。  4. The method according to claim 1, wherein the key support capability is to support public key key negotiation.
5、 如权利要求 1所述的方法, 其特征在于, 所述步骤(1 )包括: ( 1 - 1 )通过网守发现请求或 /和注册请求消息, 端点向其归属网守 报告其是否支持公钥密钥协商;  5. The method according to claim 1, wherein the step (1) comprises: (1 - 1) by the gatekeeper discovery request or/and the registration request message, the endpoint reports to the home gatekeeper whether it supports Public key key negotiation;
( 1 -2)网守根据端点与自身是否支持公钥密钥协商, 通过网守发现 确认或 /和注册确认消息, 向端点返回确定的端点本地安全策略, 其中- 当端点与网守任何一方不支持公钥密钥协商时,确定端点本地安全策 略为: 希望由网守代为生成共享密钥; (1 - 2) The gatekeeper returns a determined endpoint local security policy to the endpoint based on whether the endpoint supports the public key key negotiation, or through the gatekeeper discovery confirmation or/and the registration confirmation message, where - When the endpoint and the gatekeeper do not support the public key key negotiation, the endpoint local security policy is determined as: It is desirable that the gatekeeper generate the shared key on its behalf;
当端点与网守都支持公钥密钥协商时,确定端点本地安全策略为: 希 望与被叫网守通过信令协商来生成共享密钥。  When both the endpoint and the gatekeeper support public key key negotiation, the endpoint local security policy is determined as: It is desirable to generate a shared key through signaling negotiation with the called gatekeeper.
6、 如权利要求 1所述的方法, 其特征在于, 步骤(2)所述主叫端点 向主叫网守发送的密钥协商请求为接入请求消息,该消息中包含有所述主 叫端点的本地安全策略信息。  The method according to claim 1, wherein the key negotiation request sent by the calling endpoint to the calling gatekeeper is an access request message, where the message includes the calling party. Local security policy information for the endpoint.
7、 如权利要求 6所述的方法, 其特征在于, 当主叫端点本地安全策 略为希望与被叫网守通过信令协商来生成共享密钥时,所述接入请求消息 中进一步包含有公钥信息。  The method according to claim 6, wherein when the calling endpoint local security policy is configured to generate a shared key by signaling negotiation with the called gatekeeper, the access request message further includes Public key information.
8、如权利要求 6所述的方法, 其特征在于, 步骤(2)所述主叫网守 根据主叫端点的安全策略与自身的密钥支持能力,确定密钥协商规程的优 先级的步骤, 包括:  The method according to claim 6, wherein in step (2), the calling gatekeeper determines the priority of the key agreement procedure according to the security policy of the calling endpoint and the key support capability of the calling endpoint. , including:
当该主叫端点本地安全策略为希望由网守代为生成共享密钥,且主叫 网守不支持公钥密钥协商时,确定密钥协商规程的最高与最低优先级规程 为: 由被叫网守产生会话密钥;  When the calling endpoint local security policy is to generate a shared key by the gatekeeper, and the calling gatekeeper does not support public key key negotiation, the highest and lowest priority procedures for determining the key agreement procedure are: The gatekeeper generates a session key;
当该主叫端点本地安全策略为希望由网守代为生成共享密钥,且主叫 网守支持公钥密钥协商时,确定密钥协商规程的最高优先级规程为: 主叫 网守与被叫网守使用公钥密钥协商过程产生会话密钥; 最低优先级规程 为: 由被叫网守产生会话密钥;  When the calling endpoint local security policy is to generate a shared key by the gatekeeper, and the calling gatekeeper supports the public key key negotiation, the highest priority procedure for determining the key agreement procedure is: the calling gatekeeper and the The gatekeeper uses the public key key negotiation process to generate a session key; the lowest priority procedure is: generating a session key by the called gatekeeper;
当该主叫端点本地安全策略为希望与被叫网守通过信令协商来生成 共享密钥时,确定密钥协商规程的最高优先级规程为: 主叫端点与被叫网 守使用公钥密钥协商过程产生会话密钥; 最低优先级规程为: 由被叫网守 产生会话密钥。  When the calling endpoint local security policy is to generate a shared key by signaling negotiation with the called gatekeeper, the highest priority procedure for determining the key agreement procedure is: the calling endpoint and the called gatekeeper use the public key The key negotiation process generates a session key; the lowest priority procedure is: The session key is generated by the called gatekeeper.
9、 如权利要求 6所述的方法, 其特征在于, 所述接入请求消息中, 进一步包括有被叫端点信息,主叫网守根据该被叫端点信息,确定被叫端 点是否与主叫端点分属不同的管理域。 The method of claim 6, wherein the access request message further includes called endpoint information, and the calling gatekeeper determines whether the called endpoint and the calling party are based on the called endpoint information. Endpoints belong to different administrative domains.
10、 如权利要求 1所述的方法, 其特征在于, 所述步骤(2) 中, 主 叫网守按照最高优先级规程向被叫网守转发主叫端点的密钥协商请求的 步骤,是通过地址解析请求发送的,该地址解析请求中包含有所述确定的 最高优先级规程信息。 10. The method according to claim 1, wherein in the step (2), the step of the calling gatekeeper forwarding the key agreement request of the calling endpoint to the called gatekeeper according to the highest priority procedure is The address resolution request is sent by the address resolution request, and the determined highest priority procedure information is included in the address resolution request.
11、 如权利要求 8所述的方法, 其特征在于, 所述步骤(3) 中, 被 叫网守判断是否能够按照最高优先级规程来执行所述被转发的主叫端点 的密钥协商请求的步骤, 包括- 当所述最高优先级规程为由被叫网守产生会话密钥时,则判断为可以 按照最高优先级规程来执行密钥协商;  The method according to claim 8, wherein in the step (3), the called gatekeeper determines whether the key negotiation request of the forwarded calling endpoint can be performed according to the highest priority procedure. The step of including, when the highest priority procedure is to generate a session key by the called gatekeeper, determining that the key negotiation can be performed according to the highest priority procedure;
当所述最高优先级规程为主叫网守与被叫网守使用公钥密钥协商过 程产生会话密钥时,如果被叫网守支持公钥密钥协商, 则判断为可以按照 最高优先级规程来执行密钥协商; 如果被叫网守不支持公钥密钥协商,判 断为不能按照最高优先级规程来执行密钥协商;  When the highest priority procedure generates a session key for the calling gatekeeper and the called gatekeeper using the public key key negotiation process, if the called gatekeeper supports the public key key negotiation, it is determined that the highest priority can be followed. Procedure to perform key agreement; if the called gatekeeper does not support public key key negotiation, it is determined that key negotiation cannot be performed according to the highest priority procedure;
当所述最高优先级规程为主叫端点与被叫网守使用公钥密钥协商过 程产生会话密钥时,如果被叫网守支持公钥密钥协商时, 则判断为可以按 照最高优先级规程来执行密钥协商; 如果被叫网守不支持公钥密钥协商, 则判断为不能按照最高优先级规程来执行密钥协商。  When the highest priority procedure generates a session key for the calling party and the called gatekeeper using the public key key negotiation process, if the called gatekeeper supports the public key key negotiation, it is determined that the highest priority can be followed. Procedure to perform key agreement; if the called gatekeeper does not support public key key negotiation, it is determined that key negotiation cannot be performed according to the highest priority procedure.
PCT/CN2006/000225 2006-02-16 2006-02-16 Implementation method of crossdomain multi-gatekeeper packet network key negotiation security policy WO2007093079A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN200680035570.8A CN101273571B (en) 2006-02-16 2006-02-16 Implementing method for field-crossing multi-network packet network cryptographic key negotiation safety strategy
PCT/CN2006/000225 WO2007093079A1 (en) 2006-02-16 2006-02-16 Implementation method of crossdomain multi-gatekeeper packet network key negotiation security policy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2006/000225 WO2007093079A1 (en) 2006-02-16 2006-02-16 Implementation method of crossdomain multi-gatekeeper packet network key negotiation security policy

Publications (1)

Publication Number Publication Date
WO2007093079A1 true WO2007093079A1 (en) 2007-08-23

Family

ID=38371164

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2006/000225 WO2007093079A1 (en) 2006-02-16 2006-02-16 Implementation method of crossdomain multi-gatekeeper packet network key negotiation security policy

Country Status (2)

Country Link
CN (1) CN101273571B (en)
WO (1) WO2007093079A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729531A (en) * 2009-03-16 2010-06-09 中兴通讯股份有限公司 Method, device and system of distributing network safety strategies
CN105302564A (en) * 2015-11-09 2016-02-03 中国人民解放军91655部队 Online office software service control and implementation method

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102223355B (en) * 2010-04-19 2015-09-16 中兴通讯股份有限公司 A kind of secure communication machinery of consultation and device
CN104363208B (en) * 2014-10-29 2018-08-07 中国建设银行股份有限公司 Key management method and system between a kind of computer cluster
CN107566115B (en) * 2016-07-01 2022-01-14 华为技术有限公司 Secret key configuration and security policy determination method and device
EP3756326B1 (en) * 2018-02-19 2021-08-04 Telefonaktiebolaget Lm Ericsson (Publ) Security negotiation in service based architectures (sba)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1202060A (en) * 1997-05-21 1998-12-16 阿尔卡塔尔-阿尔斯托姆通用电气公司 Method for enabling direct encrypted communication between two terminals of mobile radio network, and corresponding station and terminal facilities
WO2005034472A1 (en) * 2003-09-30 2005-04-14 Nokia Corporation Method and system for providing a secure communication between communication networks
CN1652499A (en) * 2004-02-07 2005-08-10 华为技术有限公司 Method for implementing information transmission
CN1705261A (en) * 2004-05-28 2005-12-07 华为技术有限公司 End-to-end encrypting communication system and method

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1529531A (en) * 2003-10-17 2004-09-15 ����ͨѶ�ɷ����޹�˾ Method for accessing safety gate-link for mobile user
CN100373843C (en) * 2004-03-23 2008-03-05 中兴通讯股份有限公司 Key consaltation method in radio LAN

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1202060A (en) * 1997-05-21 1998-12-16 阿尔卡塔尔-阿尔斯托姆通用电气公司 Method for enabling direct encrypted communication between two terminals of mobile radio network, and corresponding station and terminal facilities
WO2005034472A1 (en) * 2003-09-30 2005-04-14 Nokia Corporation Method and system for providing a secure communication between communication networks
CN1652499A (en) * 2004-02-07 2005-08-10 华为技术有限公司 Method for implementing information transmission
CN1705261A (en) * 2004-05-28 2005-12-07 华为技术有限公司 End-to-end encrypting communication system and method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729531A (en) * 2009-03-16 2010-06-09 中兴通讯股份有限公司 Method, device and system of distributing network safety strategies
CN105302564A (en) * 2015-11-09 2016-02-03 中国人民解放军91655部队 Online office software service control and implementation method

Also Published As

Publication number Publication date
CN101273571B (en) 2010-05-19
CN101273571A (en) 2008-09-24

Similar Documents

Publication Publication Date Title
US9537837B2 (en) Method for ensuring media stream security in IP multimedia sub-system
JP5106682B2 (en) Method and apparatus for machine-to-machine communication
WO2005112338A1 (en) Key distribution method
JP2014519256A (en) Lawful intercept based on policy routing in a communication system with end-to-end encryption
WO2010124482A1 (en) Method and system for implementing secure forking calling session in ip multi-media subsystem
WO2007073659A1 (en) Terminal access method based on h.323 protocol applied to packet network
WO2008040213A1 (en) Message encryption and signature method, system and device in communication system
WO2007093079A1 (en) Implementation method of crossdomain multi-gatekeeper packet network key negotiation security policy
WO2005104423A1 (en) The method of secret communication between the endpoints
CN100571133C (en) The implementation method of media flow security transmission
WO2005079013A1 (en) A method for the achievement of the message transmission in the h323 system
CN100544247C (en) The negotiating safety capability method
CN101207477A (en) Method for multi-network guard end-to-end conversation cryptographic key negotiation of striding field
WO2009132551A1 (en) Obtaining method of the meida stream key, session equipment and key management function entity
WO2008074226A1 (en) A method for negotiating the session secret key between the endpoints across multiple gatekeeper zones
US7983280B2 (en) Method and system for distributing session key across gatekeeper zones in a direct-routing mode
WO2009094813A1 (en) Security parameters negotiation method and apparatus for realizing the security of the media flow
CN1323509C (en) Conversation key distribution method of crossing gate-guard management range under direct route mode
Floroiu et al. A comparative analysis of the security aspects of the multimedia key exchange protocols
CN117155717B (en) Authentication method based on identification password, and cross-network and cross-domain data exchange method and system
CN113114644B (en) SIP architecture-based multi-stage cross-domain symmetric key management system
CN101207478B (en) Method for key agreement of guard end-to-end conversation in cross-domain multi-network
Meddahi et al. Enabling secure third party control on wireless home networks
Medvinsky Scalable architecture for VoIP privacy
Verma et al. A Network Based Authentication Scheme for VoIP

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 200680035570.8

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06705646

Country of ref document: EP

Kind code of ref document: A1