WO2007112692A1 - Procédé de communication dans le réseau d'utilisateur et système correspondant - Google Patents
Procédé de communication dans le réseau d'utilisateur et système correspondant Download PDFInfo
- Publication number
- WO2007112692A1 WO2007112692A1 PCT/CN2007/001074 CN2007001074W WO2007112692A1 WO 2007112692 A1 WO2007112692 A1 WO 2007112692A1 CN 2007001074 W CN2007001074 W CN 2007001074W WO 2007112692 A1 WO2007112692 A1 WO 2007112692A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user equipment
- management entity
- user
- communication
- network
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/009—Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
Definitions
- the present invention relates to the field of communications, and in particular to a communication technology between user equipments in a user network. Background technique
- peripheral devices In recent years, with the development of technology and the increasing demand for high-tech products, people have more and more peripheral devices. Users may not only have multiple laptops, mobile phones, etc. at the same time, but may also need to own PCs. Connect the peripherals such as printers, scanners, and modems to the machine, and sometimes plug in the USB port to transfer and store the photos in the digital camera to the hard disk. Frequent insertion and removal of a certain interface, the various cables entangled after the PC, allow users to experience the new technology to enjoy, but also have to endure some inconvenience. In addition, the information transfer between the staff in various departments within the enterprise also puts forward higher requirements for the mobilization of information transmission in modern enterprises. In a limited office environment, the local area network can realize information sharing and device sharing (printer, scanning).
- PAN Personal Area Network
- the PAN network is oriented to a specific group in a space with a small radius of activity and a rich business type.
- a mobile communication network that implements a wireless connection. This is a wireless network that is juxtaposed with a wide area network and a local area network but has a small range.
- the core idea of the PAN network is to replace the traditional wired cable with radio or infrared, to realize the intelligent interconnection of personal information terminals, and to build a personalized information network.
- the PAN network is a local area network; from the perspective of the telecommunication network, the PAN network is an access network, so some people refer to the PAN network as the "last metre" solution of the telecommunication network.
- the PAN network is targeted at home and small office applications. Its main application areas include: voice communication gateway, data communication gateway, information electrical interconnection and automatic information exchange.
- PAN network mainly include: Bluetooth (Bluetooth), Infrared Data Association (Infrared Data Association, "IRDA”) infrared communication technology.
- Bluetooth Bluetooth
- Infrared Data Association Infrared Data Association
- IRDA Infrared Data Association
- PAN network all user equipments (User Equipments, referred to as "UEs") of the same user can be managed and exchanged.
- the network range of the PAN is small, such as mobile phones with strong mobility such as mobile phones. It may be limited to one PAN network.
- both UEs performing communication are in the same PAN network of the same user network, that is, the UE communicates with each other in close proximity.
- wireless technology can be used, such as wireless technology such as Bluetooth or infrared communication, or wired technology, such as wired technology including USB cable, to directly perform point-to-point communication between UEs.
- the communication mode between UE1 and UE2 is the same.
- UE1 and UE3 in Figure 1 Second, for UEs that are not in the same access network, that is, in the same PAN network, UE1 and UE3 in Figure 1, because of the need for long-distance communication, communication between them needs to be provided through the switching center provided by the operator.
- the exchange is performed, that is, when UE1 needs to communicate with UE2, UE1 initiates a request through its access network A, and then passes through the switching center and access network B to reach UE3.
- the data transmission of UE1 also needs to pass through access network A, switching center and access network B in order to be transmitted to UE3.
- Embodiments of the present invention provide a communication system for a user equipment in a user network, and a method thereof.
- the communication information between UEs in the user network can be secured.
- An embodiment of the present invention provides a communication method for a user network, including the following steps: When two user equipments belonging to the same user need to communicate, the first user equipment sends a communication request to the user equipment registration information. Management entity requesting to establish a connection with the second user equipment;
- the management entity performs security authentication on the first and second user equipments according to the communication request and the saved registration information
- the first user equipment After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
- An embodiment of the present invention provides a user network communication system, which has at least two user equipments belonging to the same user and an access network thereof, and the system includes:
- a management entity configured to save registration information of the user equipment and perform security authentication on the user equipment
- the communication request is sent to the management entity, and the management entity performs the first and second user equipment according to the communication request and the saved registration information.
- safety certificate
- the first user equipment After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
- two UEs in the user network before establishing a point-to-point connection, two UEs in the user network first request security authentication of the relevant UE from the access entity through the access network, only in the relevant UE.
- a point-to-point connection is established when authentication passes.
- the management entity can also guarantee the security of data transmission by providing a key to the UE that successfully authenticates.
- the two parties in the user network perform security authentication on both sides of the communication to ensure the legality of both parties.
- the management entity After the authentication is passed, the management entity further provides the communication parties with a secret. The key ensures the security of data transmission between the two parties.
- the point-to-point connection is a remote connection established through the respective access network. Because the point-to-point connection between the two UEs does not go through the switching center, It can save resources of the switching center when it is far away from communication.
- FIG. 1 is a schematic diagram of communication of a UE in a same user network in the prior art
- FIG. 2 is a structural diagram of a communication system of a UE in a user network according to a first embodiment of the present invention
- FIG. 3 is a second embodiment of the present invention.
- FIG. 4 is a flowchart of a communication method of a UE in a user network according to a third embodiment of the present invention;
- the communication system of the UE in the user network according to the first embodiment of the present invention will be described below based on the principle of the present invention.
- the communication system of the UE in the user network includes at least two UEs belonging to the same user and their access networks, and a management entity for storing and authenticating the registration information of the UEs.
- Each of the UEs belonging to the same user is located in the same PAN network, and interacts with its management entity through the same access network.
- a plurality of UEs belonging to the same user in the system register in advance in their management entities before communication is required, and the management entity stores registration information of each UE that is registered.
- the UE1 first sends a communication request to the management entity through its common access network A, requesting communication with the UE2, where the communication request includes the UE1 itself. Registration information and the device identification number of UE2.
- the management entity After receiving the request, the management entity performs security authentication on the UE1 and the UE2 according to the previously stored registration information. For example, the management entity compares the registration information of the UE1 in the communication request with the saved registration information, and determines to initiate the communication.
- the management entity sends a request message for communication to the UE2, where the request message includes the device identification number of the UE1.
- the management entity decides whether to agree to communicate with ⁇ 1, and sends corresponding feedback information to the management entity according to the decision.
- the management entity determines the received feedback information. If the UE2 accepts the request for communication with the UE1, the management entity further generates a temporary key for the UE1 and the UE2, and sends the key to the UE1.
- the management entity sends an acknowledgement message that UE2 accepts the current communication to UE1.
- UE1 and UE2 establish a direct connection within the scope of the PAN network, and after the connection is established, communicate through the temporary key provided by the management entity.
- the second embodiment of the present invention is substantially the same as the first embodiment.
- the communication system of the UE in the user network in the second embodiment includes at least two UEs belonging to the same user and their access networks, and is used for
- the management entity that stores the registration information of these UEs and performs security authentication is different only in that the systems belonging to the same user in the system of the second embodiment are not located in the same PAN network, and each UE passes through its own access network.
- the management entity interacts, and both UEs that need to communicate establish a remote connection through their respective access networks after the security authentication succeeds.
- the same user has multiple UEs, where UE1 and UE3 are not in the same PAN network, UE1 is connected to access network A, and UE3 is connected to access network B.
- the UE1 needs to communicate with the UE3, the UE1 sends a communication request to the management entity to communicate with the UE3 through the access network A, where the communication request includes the registration information of the UE1 itself and the device identification number of the UE3.
- the management entity performs security authentication on UE1 and UE3 according to the received request message and the saved registration information. If the security authentication is successful, the communication request message including the device identification number of UE1 is sent to ⁇ 3.
- the UE3 receives the request message from the management entity through the access network B, decides whether to agree to communicate with the UE1, and sends corresponding feedback information to the management entity according to the decision. If the management entity receives the feedback information that the UE3 agrees to perform the current communication, the UE further generates a temporary key for the UE1 and the UE3, and sends the key to the UE1 and the UE3, respectively, and the management entity accepts the confirmation of the current communication by the UE2. The message is sent to UE1. After receiving the key, UE1 and UE3 establish a remote connection through access network A and access network B respectively, and then communicate through the temporary key after the connection is established.
- step 410 when the UE1 needs to communicate with the UE 2 belonging to the same user, the UE1 sends a communication request to the management entity to communicate with the ⁇ 2.
- UE1 and UE2 belonging to the same user may be located in the same PAN network, or may be located in different PAN networks. If UE1 and UE2 are located in the same PAN network, UE1 needs to communicate with UE2 when it needs to communicate with UE2.
- the common access network sends a communication request to the management entity to communicate with the UE2; if the UE1 and the UE2 are located in different PAN networks, the UE1 needs to access the UE2 when it needs to communicate with the UE2.
- the network sends a communication request to the management entity to communicate with the UE2.
- the communication request includes the registration information of the UE1 and the device identification number of the UE2.
- the management entity After receiving the communication request from UE1, the management entity performs security authentication on UE1 and UE2 according to the information therein.
- each UE belonging to the same user needs to register in the management entity in advance, and the management entity also needs to save the registration information of the registered UE. Therefore, when the management entity receives the communication request from the UE1, it can perform security authentication on the UE1 and the UE2 according to the information in the communication request and the registration information held by itself.
- the management entity determines whether UE1 and UE2 have passed the security authentication, and if yes, proceeds to step 450, and if not, proceeds to step 440;
- step 440 the management entity returns a message to the UE1 that the communication request failed.
- the management entity continues the communication request only when both UEs that need to communicate pass the security authentication, thereby effectively preventing the unauthorized UE from accessing the UE in the user network, thereby ensuring the security of both parties.
- step 450 the UE1 and the UE2 pass the security authentication, and the management entity sends a request message for the communication to the UE2, where the message includes the device identification number of the UE1.
- UE2 receives the request message from the management entity, and determines whether to agree to perform the current communication according to the device identification number of UE1. Similarly, if UE1 and UE2 are located in the same PAN network, UE2 receives the request message from the management entity through its common access network, and decides whether to agree to perform the current communication; if UE1 and UE2 are located in different PAN networks, The UE 2 receives the request message from the management entity through the access network to which it belongs, and decides whether or not to agree to perform the current communication. If the UE2 agrees to perform the current communication, the feedback message of the current communication is sent to the management entity, and the process proceeds to step 480. Otherwise, the process proceeds to step 470. In step 470, the UE2 sends a feedback message rejecting the current communication to the management entity. After receiving the rejection message, the management entity further notifies UE1 that the communication request failed.
- step 480 since the UE2 agrees to communicate with the UE1, the management entity generates a temporary key for the current communication, and transmits the temporary key to the UE1 and the UE2, respectively, and the management entity accepts the confirmation of the current communication by the UE2.
- the message is sent to UE1. Since the temporary key is temporarily generated when the UE needs to communicate with each other, it has strong randomness and real-time performance, and is not easily Unscrupulous user cracking, the communication parties communicate through the temporary key, which ensures the security of data transmission during the communication process.
- UE1 and UE2 establish a point-to-point connection to communicate after receiving the temporary key. Specifically, if UE1 and UE2 are in the same PAN network, both UEs establish a direct connection within the scope of their PAN network, and after the connection is established, communicate through the temporary key provided by the management entity; if UE1 and UE2 do not Within the same PAN network, UE1 and UE2 establish remote connections through their respective access networks, and also communicate through the temporary key after the connection is established.
- the resources of the switching center are greatly saved, and the resources can be more rationally utilized.
Abstract
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009503394A JP2009532959A (ja) | 2006-04-04 | 2007-04-03 | ユーザネットワークにおける通信方法および通信システム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNA2006100254380A CN101051967A (zh) | 2006-04-04 | 2006-04-04 | 用户网络中用户设备的通信系统及其方法 |
CN200610025438.0 | 2006-04-04 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007112692A1 true WO2007112692A1 (fr) | 2007-10-11 |
WO2007112692A8 WO2007112692A8 (fr) | 2007-12-06 |
Family
ID=38563114
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2007/001074 WO2007112692A1 (fr) | 2006-04-04 | 2007-04-03 | Procédé de communication dans le réseau d'utilisateur et système correspondant |
Country Status (4)
Country | Link |
---|---|
JP (1) | JP2009532959A (fr) |
KR (1) | KR101076332B1 (fr) |
CN (2) | CN101051967A (fr) |
WO (1) | WO2007112692A1 (fr) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009142851A2 (fr) * | 2008-05-20 | 2009-11-26 | Microsoft Corporation | Architecture de sécurité pour un système de mémorisation p2p |
JP2012502586A (ja) * | 2008-09-12 | 2012-01-26 | クゥアルコム・インコーポレイテッド | チケットベースの構成パラメータ有効確認 |
US9148335B2 (en) | 2008-09-30 | 2015-09-29 | Qualcomm Incorporated | Third party validation of internet protocol addresses |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101772199A (zh) * | 2008-11-24 | 2010-07-07 | 华为终端有限公司 | 一种d2d网络建立的方法和装置 |
EP2407001B1 (fr) | 2009-03-12 | 2013-12-25 | Nokia Solutions and Networks Oy | Communication de dispositif à dispositif |
WO2013027916A1 (fr) * | 2011-08-24 | 2013-02-28 | 에스케이플래닛 주식회사 | Système et procédé de fourniture d'un service cpns |
EP2901798B1 (fr) | 2012-09-28 | 2020-01-22 | Avago Technologies International Sales Pte. Limited | Procédés, dispositifs et produits programmes d'ordinateur améliorant une communication de dispositif à dispositif |
CN108650090A (zh) * | 2018-07-17 | 2018-10-12 | 江苏亨通问天量子信息研究院有限公司 | 量子保密传真机及量子保密传真系统 |
CN111711522A (zh) * | 2020-05-13 | 2020-09-25 | 刘中恕 | 一种基于云共享机制的多区域实体身份认证系统 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004304710A (ja) * | 2003-04-01 | 2004-10-28 | Canon Inc | 無線接続装置の認証方法 |
CN1691653A (zh) * | 2004-04-16 | 2005-11-02 | 美国博通公司 | 经由宽带接入网关登记接入设备多媒体内容的系统及方法 |
CA2530908A1 (fr) * | 2005-01-27 | 2006-04-01 | Research In Motion Limited | Reseau personnel sans fil a authentification et methodes connexes |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002335263A (ja) * | 2001-05-08 | 2002-11-22 | Olympus Optical Co Ltd | 情報端末通信システム |
JP4117658B2 (ja) * | 2001-08-09 | 2008-07-16 | 大宏電機株式会社 | 通信認証方法 |
WO2004071037A1 (fr) * | 2003-02-04 | 2004-08-19 | Matsushita Electric Industrial Co., Ltd. | Systeme de communication, et serveur de commande de communication et terminaux de communication constituant ledit systeme de communication |
US8009608B2 (en) * | 2004-04-16 | 2011-08-30 | Broadcom Corporation | Method and system for extended network access services advertising via a broadband access gateway |
KR100678933B1 (ko) * | 2004-05-25 | 2007-02-07 | 삼성전자주식회사 | 조정자 기반의 무선 네트워크 통신 방법과, 백본네트워크와 연결된 조정자 기반의 무선 네트워크들간의통신 방법 |
-
2006
- 2006-04-04 CN CNA2006100254380A patent/CN101051967A/zh active Pending
-
2007
- 2007-04-03 KR KR1020087025794A patent/KR101076332B1/ko not_active IP Right Cessation
- 2007-04-03 WO PCT/CN2007/001074 patent/WO2007112692A1/fr active Application Filing
- 2007-04-03 JP JP2009503394A patent/JP2009532959A/ja active Pending
- 2007-04-03 CN CNA2007800003737A patent/CN101317390A/zh active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004304710A (ja) * | 2003-04-01 | 2004-10-28 | Canon Inc | 無線接続装置の認証方法 |
CN1691653A (zh) * | 2004-04-16 | 2005-11-02 | 美国博通公司 | 经由宽带接入网关登记接入设备多媒体内容的系统及方法 |
CA2530908A1 (fr) * | 2005-01-27 | 2006-04-01 | Research In Motion Limited | Reseau personnel sans fil a authentification et methodes connexes |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2009142851A2 (fr) * | 2008-05-20 | 2009-11-26 | Microsoft Corporation | Architecture de sécurité pour un système de mémorisation p2p |
WO2009142851A3 (fr) * | 2008-05-20 | 2010-02-25 | Microsoft Corporation | Architecture de sécurité pour un système de mémorisation p2p |
US8196186B2 (en) | 2008-05-20 | 2012-06-05 | Microsoft Corporation | Security architecture for peer-to-peer storage system |
JP2012502586A (ja) * | 2008-09-12 | 2012-01-26 | クゥアルコム・インコーポレイテッド | チケットベースの構成パラメータ有効確認 |
US8913995B2 (en) | 2008-09-12 | 2014-12-16 | Qualcomm Incorporated | Ticket-based configuration parameters validation |
US9148335B2 (en) | 2008-09-30 | 2015-09-29 | Qualcomm Incorporated | Third party validation of internet protocol addresses |
Also Published As
Publication number | Publication date |
---|---|
KR20090006110A (ko) | 2009-01-14 |
JP2009532959A (ja) | 2009-09-10 |
WO2007112692A8 (fr) | 2007-12-06 |
CN101051967A (zh) | 2007-10-10 |
CN101317390A (zh) | 2008-12-03 |
KR101076332B1 (ko) | 2011-10-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8464322B2 (en) | Secure device introduction with capabilities assessment | |
WO2007112692A1 (fr) | Procédé de communication dans le réseau d'utilisateur et système correspondant | |
JP7035163B2 (ja) | ネットワークセキュリティ管理方法および装置 | |
CN102111766B (zh) | 网络接入方法、装置及系统 | |
EP2941855B1 (fr) | Authentification d'un dispositif sans fil accueilli auprès d'un service d'accueil sans fil | |
US7530098B2 (en) | Device ownership transfer from a network | |
WO2004102876A1 (fr) | Systeme d'authentification d'acces a un reseau local radio | |
JP2008500607A (ja) | デバイス組分け及び組分けデバイス同士の会話を実現する方法 | |
WO2007056383A1 (fr) | Procede et systeme permettant de gerer l'acces a un reseau sans fil | |
WO2013033999A1 (fr) | Procédé et appareil de transmission de données point à point de dispositif mobile | |
WO2014026438A1 (fr) | Terminal mobile pour la transmission d'une clé ou d'un certificat de point d'accès wifi à l'aide d'une communication en champ proche | |
EP2234438B1 (fr) | Procédé d'accès à un réseau personnel sans fil | |
WO2006000151A1 (fr) | Procede de gestion d'un materiel terminal local pour l'acces au reseau | |
US20060179303A1 (en) | Network security | |
JP6030600B2 (ja) | 無線通信装置、無線lanシステム、及び通信方法 | |
JP2009512368A (ja) | 通信システムおよび通信方法 | |
WO2007115505A1 (fr) | Réseau local personnel et procédé de communications et dispositif pour l'équipement correspondant | |
WO2013182126A1 (fr) | Procédé et plate-forme de gestion et de commande unifiée pour terminal omniprésent | |
JP2012070225A (ja) | ネットワーク中継装置及び転送制御システム | |
WO2010124569A1 (fr) | Procédé et système permettant un contrôle d'accès utilisateur | |
JP2005217679A (ja) | 通信相手の認証を行う認証サーバ | |
KR100686736B1 (ko) | 인증을 통한 이동 애드혹 네트워크에의 참여 방법 | |
JP2006345302A (ja) | ゲートウェイ装置およびプログラム | |
WO2024062373A1 (fr) | Gestion d'enregistrement d'identité basée sur un registre | |
KR100703741B1 (ko) | 이동성을 가진 키 생성 전달 장치를 이용한 무선 네트워크관리 방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200780000373.7 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07720648 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009503394 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: KR Ref document number: 1020087025794 Country of ref document: KR |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07720648 Country of ref document: EP Kind code of ref document: A1 |