WO2007112692A1 - A communication method in the user network and a system thereof - Google Patents
A communication method in the user network and a system thereof Download PDFInfo
- Publication number
- WO2007112692A1 WO2007112692A1 PCT/CN2007/001074 CN2007001074W WO2007112692A1 WO 2007112692 A1 WO2007112692 A1 WO 2007112692A1 CN 2007001074 W CN2007001074 W CN 2007001074W WO 2007112692 A1 WO2007112692 A1 WO 2007112692A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user equipment
- management entity
- user
- communication
- network
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/009—Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
Definitions
- the present invention relates to the field of communications, and in particular to a communication technology between user equipments in a user network. Background technique
- peripheral devices In recent years, with the development of technology and the increasing demand for high-tech products, people have more and more peripheral devices. Users may not only have multiple laptops, mobile phones, etc. at the same time, but may also need to own PCs. Connect the peripherals such as printers, scanners, and modems to the machine, and sometimes plug in the USB port to transfer and store the photos in the digital camera to the hard disk. Frequent insertion and removal of a certain interface, the various cables entangled after the PC, allow users to experience the new technology to enjoy, but also have to endure some inconvenience. In addition, the information transfer between the staff in various departments within the enterprise also puts forward higher requirements for the mobilization of information transmission in modern enterprises. In a limited office environment, the local area network can realize information sharing and device sharing (printer, scanning).
- PAN Personal Area Network
- the PAN network is oriented to a specific group in a space with a small radius of activity and a rich business type.
- a mobile communication network that implements a wireless connection. This is a wireless network that is juxtaposed with a wide area network and a local area network but has a small range.
- the core idea of the PAN network is to replace the traditional wired cable with radio or infrared, to realize the intelligent interconnection of personal information terminals, and to build a personalized information network.
- the PAN network is a local area network; from the perspective of the telecommunication network, the PAN network is an access network, so some people refer to the PAN network as the "last metre" solution of the telecommunication network.
- the PAN network is targeted at home and small office applications. Its main application areas include: voice communication gateway, data communication gateway, information electrical interconnection and automatic information exchange.
- PAN network mainly include: Bluetooth (Bluetooth), Infrared Data Association (Infrared Data Association, "IRDA”) infrared communication technology.
- Bluetooth Bluetooth
- Infrared Data Association Infrared Data Association
- IRDA Infrared Data Association
- PAN network all user equipments (User Equipments, referred to as "UEs") of the same user can be managed and exchanged.
- the network range of the PAN is small, such as mobile phones with strong mobility such as mobile phones. It may be limited to one PAN network.
- both UEs performing communication are in the same PAN network of the same user network, that is, the UE communicates with each other in close proximity.
- wireless technology can be used, such as wireless technology such as Bluetooth or infrared communication, or wired technology, such as wired technology including USB cable, to directly perform point-to-point communication between UEs.
- the communication mode between UE1 and UE2 is the same.
- UE1 and UE3 in Figure 1 Second, for UEs that are not in the same access network, that is, in the same PAN network, UE1 and UE3 in Figure 1, because of the need for long-distance communication, communication between them needs to be provided through the switching center provided by the operator.
- the exchange is performed, that is, when UE1 needs to communicate with UE2, UE1 initiates a request through its access network A, and then passes through the switching center and access network B to reach UE3.
- the data transmission of UE1 also needs to pass through access network A, switching center and access network B in order to be transmitted to UE3.
- Embodiments of the present invention provide a communication system for a user equipment in a user network, and a method thereof.
- the communication information between UEs in the user network can be secured.
- An embodiment of the present invention provides a communication method for a user network, including the following steps: When two user equipments belonging to the same user need to communicate, the first user equipment sends a communication request to the user equipment registration information. Management entity requesting to establish a connection with the second user equipment;
- the management entity performs security authentication on the first and second user equipments according to the communication request and the saved registration information
- the first user equipment After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
- An embodiment of the present invention provides a user network communication system, which has at least two user equipments belonging to the same user and an access network thereof, and the system includes:
- a management entity configured to save registration information of the user equipment and perform security authentication on the user equipment
- the communication request is sent to the management entity, and the management entity performs the first and second user equipment according to the communication request and the saved registration information.
- safety certificate
- the first user equipment After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
- two UEs in the user network before establishing a point-to-point connection, two UEs in the user network first request security authentication of the relevant UE from the access entity through the access network, only in the relevant UE.
- a point-to-point connection is established when authentication passes.
- the management entity can also guarantee the security of data transmission by providing a key to the UE that successfully authenticates.
- the two parties in the user network perform security authentication on both sides of the communication to ensure the legality of both parties.
- the management entity After the authentication is passed, the management entity further provides the communication parties with a secret. The key ensures the security of data transmission between the two parties.
- the point-to-point connection is a remote connection established through the respective access network. Because the point-to-point connection between the two UEs does not go through the switching center, It can save resources of the switching center when it is far away from communication.
- FIG. 1 is a schematic diagram of communication of a UE in a same user network in the prior art
- FIG. 2 is a structural diagram of a communication system of a UE in a user network according to a first embodiment of the present invention
- FIG. 3 is a second embodiment of the present invention.
- FIG. 4 is a flowchart of a communication method of a UE in a user network according to a third embodiment of the present invention;
- the communication system of the UE in the user network according to the first embodiment of the present invention will be described below based on the principle of the present invention.
- the communication system of the UE in the user network includes at least two UEs belonging to the same user and their access networks, and a management entity for storing and authenticating the registration information of the UEs.
- Each of the UEs belonging to the same user is located in the same PAN network, and interacts with its management entity through the same access network.
- a plurality of UEs belonging to the same user in the system register in advance in their management entities before communication is required, and the management entity stores registration information of each UE that is registered.
- the UE1 first sends a communication request to the management entity through its common access network A, requesting communication with the UE2, where the communication request includes the UE1 itself. Registration information and the device identification number of UE2.
- the management entity After receiving the request, the management entity performs security authentication on the UE1 and the UE2 according to the previously stored registration information. For example, the management entity compares the registration information of the UE1 in the communication request with the saved registration information, and determines to initiate the communication.
- the management entity sends a request message for communication to the UE2, where the request message includes the device identification number of the UE1.
- the management entity decides whether to agree to communicate with ⁇ 1, and sends corresponding feedback information to the management entity according to the decision.
- the management entity determines the received feedback information. If the UE2 accepts the request for communication with the UE1, the management entity further generates a temporary key for the UE1 and the UE2, and sends the key to the UE1.
- the management entity sends an acknowledgement message that UE2 accepts the current communication to UE1.
- UE1 and UE2 establish a direct connection within the scope of the PAN network, and after the connection is established, communicate through the temporary key provided by the management entity.
- the second embodiment of the present invention is substantially the same as the first embodiment.
- the communication system of the UE in the user network in the second embodiment includes at least two UEs belonging to the same user and their access networks, and is used for
- the management entity that stores the registration information of these UEs and performs security authentication is different only in that the systems belonging to the same user in the system of the second embodiment are not located in the same PAN network, and each UE passes through its own access network.
- the management entity interacts, and both UEs that need to communicate establish a remote connection through their respective access networks after the security authentication succeeds.
- the same user has multiple UEs, where UE1 and UE3 are not in the same PAN network, UE1 is connected to access network A, and UE3 is connected to access network B.
- the UE1 needs to communicate with the UE3, the UE1 sends a communication request to the management entity to communicate with the UE3 through the access network A, where the communication request includes the registration information of the UE1 itself and the device identification number of the UE3.
- the management entity performs security authentication on UE1 and UE3 according to the received request message and the saved registration information. If the security authentication is successful, the communication request message including the device identification number of UE1 is sent to ⁇ 3.
- the UE3 receives the request message from the management entity through the access network B, decides whether to agree to communicate with the UE1, and sends corresponding feedback information to the management entity according to the decision. If the management entity receives the feedback information that the UE3 agrees to perform the current communication, the UE further generates a temporary key for the UE1 and the UE3, and sends the key to the UE1 and the UE3, respectively, and the management entity accepts the confirmation of the current communication by the UE2. The message is sent to UE1. After receiving the key, UE1 and UE3 establish a remote connection through access network A and access network B respectively, and then communicate through the temporary key after the connection is established.
- step 410 when the UE1 needs to communicate with the UE 2 belonging to the same user, the UE1 sends a communication request to the management entity to communicate with the ⁇ 2.
- UE1 and UE2 belonging to the same user may be located in the same PAN network, or may be located in different PAN networks. If UE1 and UE2 are located in the same PAN network, UE1 needs to communicate with UE2 when it needs to communicate with UE2.
- the common access network sends a communication request to the management entity to communicate with the UE2; if the UE1 and the UE2 are located in different PAN networks, the UE1 needs to access the UE2 when it needs to communicate with the UE2.
- the network sends a communication request to the management entity to communicate with the UE2.
- the communication request includes the registration information of the UE1 and the device identification number of the UE2.
- the management entity After receiving the communication request from UE1, the management entity performs security authentication on UE1 and UE2 according to the information therein.
- each UE belonging to the same user needs to register in the management entity in advance, and the management entity also needs to save the registration information of the registered UE. Therefore, when the management entity receives the communication request from the UE1, it can perform security authentication on the UE1 and the UE2 according to the information in the communication request and the registration information held by itself.
- the management entity determines whether UE1 and UE2 have passed the security authentication, and if yes, proceeds to step 450, and if not, proceeds to step 440;
- step 440 the management entity returns a message to the UE1 that the communication request failed.
- the management entity continues the communication request only when both UEs that need to communicate pass the security authentication, thereby effectively preventing the unauthorized UE from accessing the UE in the user network, thereby ensuring the security of both parties.
- step 450 the UE1 and the UE2 pass the security authentication, and the management entity sends a request message for the communication to the UE2, where the message includes the device identification number of the UE1.
- UE2 receives the request message from the management entity, and determines whether to agree to perform the current communication according to the device identification number of UE1. Similarly, if UE1 and UE2 are located in the same PAN network, UE2 receives the request message from the management entity through its common access network, and decides whether to agree to perform the current communication; if UE1 and UE2 are located in different PAN networks, The UE 2 receives the request message from the management entity through the access network to which it belongs, and decides whether or not to agree to perform the current communication. If the UE2 agrees to perform the current communication, the feedback message of the current communication is sent to the management entity, and the process proceeds to step 480. Otherwise, the process proceeds to step 470. In step 470, the UE2 sends a feedback message rejecting the current communication to the management entity. After receiving the rejection message, the management entity further notifies UE1 that the communication request failed.
- step 480 since the UE2 agrees to communicate with the UE1, the management entity generates a temporary key for the current communication, and transmits the temporary key to the UE1 and the UE2, respectively, and the management entity accepts the confirmation of the current communication by the UE2.
- the message is sent to UE1. Since the temporary key is temporarily generated when the UE needs to communicate with each other, it has strong randomness and real-time performance, and is not easily Unscrupulous user cracking, the communication parties communicate through the temporary key, which ensures the security of data transmission during the communication process.
- UE1 and UE2 establish a point-to-point connection to communicate after receiving the temporary key. Specifically, if UE1 and UE2 are in the same PAN network, both UEs establish a direct connection within the scope of their PAN network, and after the connection is established, communicate through the temporary key provided by the management entity; if UE1 and UE2 do not Within the same PAN network, UE1 and UE2 establish remote connections through their respective access networks, and also communicate through the temporary key after the connection is established.
- the resources of the switching center are greatly saved, and the resources can be more rationally utilized.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009503394A JP2009532959A (en) | 2006-04-04 | 2007-04-03 | Communication method and communication system in user network |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200610025438.0 | 2006-04-04 | ||
CNA2006100254380A CN101051967A (en) | 2006-04-04 | 2006-04-04 | Communication system and its method for user's device in user's network |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007112692A1 true WO2007112692A1 (en) | 2007-10-11 |
WO2007112692A8 WO2007112692A8 (en) | 2007-12-06 |
Family
ID=38563114
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2007/001074 WO2007112692A1 (en) | 2006-04-04 | 2007-04-03 | A communication method in the user network and a system thereof |
Country Status (4)
Country | Link |
---|---|
JP (1) | JP2009532959A (en) |
KR (1) | KR101076332B1 (en) |
CN (2) | CN101051967A (en) |
WO (1) | WO2007112692A1 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009142851A2 (en) * | 2008-05-20 | 2009-11-26 | Microsoft Corporation | Security architecture for peer-to-peer storage system |
JP2012502586A (en) * | 2008-09-12 | 2012-01-26 | クゥアルコム・インコーポレイテッド | Validating ticket-based configuration parameters |
US9148335B2 (en) | 2008-09-30 | 2015-09-29 | Qualcomm Incorporated | Third party validation of internet protocol addresses |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101772199A (en) * | 2008-11-24 | 2010-07-07 | 华为终端有限公司 | Method and device for establishing D2D network |
WO2010102668A1 (en) | 2009-03-12 | 2010-09-16 | Nokia Siemens Networks Oy | Device-to-device communication |
WO2013027916A1 (en) * | 2011-08-24 | 2013-02-28 | 에스케이플래닛 주식회사 | System and method for providing a cpns service |
US9848453B2 (en) | 2012-09-28 | 2017-12-19 | Avago Technologies General Ip (Singapore) Pte. Ltd. | Methods, devices and computer program products improving device-to-device communication |
CN108650090B (en) * | 2018-07-17 | 2024-05-03 | 江苏亨通问天量子信息研究院有限公司 | Quantum security fax machine and quantum security fax system |
CN111711522A (en) * | 2020-05-13 | 2020-09-25 | 刘中恕 | Multi-region entity identity authentication system based on cloud sharing mechanism |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004304710A (en) * | 2003-04-01 | 2004-10-28 | Canon Inc | Authentication method for wireless connection apparatus |
CN1691653A (en) * | 2004-04-16 | 2005-11-02 | 美国博通公司 | Method and system for providing registration, authentication and access via broadband access gateway |
CA2530908A1 (en) * | 2005-01-27 | 2006-04-01 | Research In Motion Limited | Wireless personal area network having authentication and associated methods |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002335263A (en) * | 2001-05-08 | 2002-11-22 | Olympus Optical Co Ltd | Information terminal communication system |
JP4117658B2 (en) * | 2001-08-09 | 2008-07-16 | 大宏電機株式会社 | Communication authentication method |
EP1608117A1 (en) * | 2003-02-04 | 2005-12-21 | Matsushita Electric Industrial Co., Ltd. | Communication system, and communication control server and communication terminals constituting that communication system |
US8009608B2 (en) * | 2004-04-16 | 2011-08-30 | Broadcom Corporation | Method and system for extended network access services advertising via a broadband access gateway |
KR100678933B1 (en) * | 2004-05-25 | 2007-02-07 | 삼성전자주식회사 | Method for communication in coordinator-based wireless network, and method for communication between coordinator-based wireless networks connected with back bone network |
-
2006
- 2006-04-04 CN CNA2006100254380A patent/CN101051967A/en active Pending
-
2007
- 2007-04-03 KR KR1020087025794A patent/KR101076332B1/en not_active IP Right Cessation
- 2007-04-03 CN CNA2007800003737A patent/CN101317390A/en active Pending
- 2007-04-03 WO PCT/CN2007/001074 patent/WO2007112692A1/en active Application Filing
- 2007-04-03 JP JP2009503394A patent/JP2009532959A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004304710A (en) * | 2003-04-01 | 2004-10-28 | Canon Inc | Authentication method for wireless connection apparatus |
CN1691653A (en) * | 2004-04-16 | 2005-11-02 | 美国博通公司 | Method and system for providing registration, authentication and access via broadband access gateway |
CA2530908A1 (en) * | 2005-01-27 | 2006-04-01 | Research In Motion Limited | Wireless personal area network having authentication and associated methods |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009142851A2 (en) * | 2008-05-20 | 2009-11-26 | Microsoft Corporation | Security architecture for peer-to-peer storage system |
WO2009142851A3 (en) * | 2008-05-20 | 2010-02-25 | Microsoft Corporation | Security architecture for peer-to-peer storage system |
US8196186B2 (en) | 2008-05-20 | 2012-06-05 | Microsoft Corporation | Security architecture for peer-to-peer storage system |
JP2012502586A (en) * | 2008-09-12 | 2012-01-26 | クゥアルコム・インコーポレイテッド | Validating ticket-based configuration parameters |
US8913995B2 (en) | 2008-09-12 | 2014-12-16 | Qualcomm Incorporated | Ticket-based configuration parameters validation |
US9148335B2 (en) | 2008-09-30 | 2015-09-29 | Qualcomm Incorporated | Third party validation of internet protocol addresses |
Also Published As
Publication number | Publication date |
---|---|
KR20090006110A (en) | 2009-01-14 |
CN101317390A (en) | 2008-12-03 |
CN101051967A (en) | 2007-10-10 |
JP2009532959A (en) | 2009-09-10 |
KR101076332B1 (en) | 2011-10-26 |
WO2007112692A8 (en) | 2007-12-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8464322B2 (en) | Secure device introduction with capabilities assessment | |
WO2007112692A1 (en) | A communication method in the user network and a system thereof | |
JP7035163B2 (en) | Network security management methods and equipment | |
CN102111766B (en) | Network accessing method, device and system | |
EP2941855B1 (en) | Authenticating a wireless dockee to a wireless docking service | |
US7530098B2 (en) | Device ownership transfer from a network | |
WO2004102876A1 (en) | Radio lan access authentication system | |
JP2008500607A (en) | Method for realizing device grouping and conversation between grouped devices | |
WO2007056383A1 (en) | Method and system for managing access to a wireless network | |
WO2013033999A1 (en) | Method and apparatus for mobile device point-to-point data transmission | |
WO2014026438A1 (en) | Mobile terminal for transmitting wifi hotspot key or certificate by using nfc | |
EP2234438B1 (en) | Wireless personal area network accessing method | |
WO2006000151A1 (en) | A method for managing the local terminal equipment to access the network | |
US20060179303A1 (en) | Network security | |
JP2012134703A (en) | Wireless lan connection method, wireless lan client, and wireless lan access point | |
JP6030600B2 (en) | Wireless communication apparatus, wireless LAN system, and communication method | |
JP2009512368A (en) | Communication system and communication method | |
WO2007115505A1 (en) | A personal area network and a communication method and device for the equipment thereof | |
WO2013182126A1 (en) | Unified management and control method and platform for ubiquitous terminal | |
JP2012070225A (en) | Network relay device and transfer control system | |
WO2010124569A1 (en) | Method and system for user access control | |
JP2005217679A (en) | Authentication server performing authentication of communication partner | |
JP2006345302A (en) | Gateway device and program | |
WO2024062373A1 (en) | Registration handling of ledger-based identity | |
KR100703741B1 (en) | Method and system for managing a wireless network using portable key generation delivery device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200780000373.7 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07720648 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009503394 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: KR Ref document number: 1020087025794 Country of ref document: KR |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07720648 Country of ref document: EP Kind code of ref document: A1 |