WO2007112692A1 - Procédé de communication dans le réseau d'utilisateur et système correspondant - Google Patents

Procédé de communication dans le réseau d'utilisateur et système correspondant Download PDF

Info

Publication number
WO2007112692A1
WO2007112692A1 PCT/CN2007/001074 CN2007001074W WO2007112692A1 WO 2007112692 A1 WO2007112692 A1 WO 2007112692A1 CN 2007001074 W CN2007001074 W CN 2007001074W WO 2007112692 A1 WO2007112692 A1 WO 2007112692A1
Authority
WO
WIPO (PCT)
Prior art keywords
user equipment
management entity
user
communication
network
Prior art date
Application number
PCT/CN2007/001074
Other languages
English (en)
Chinese (zh)
Other versions
WO2007112692A8 (fr
Inventor
Yongfeng Zhong
Ling Zhang
Ling Liu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Priority to JP2009503394A priority Critical patent/JP2009532959A/ja
Publication of WO2007112692A1 publication Critical patent/WO2007112692A1/fr
Publication of WO2007112692A8 publication Critical patent/WO2007112692A8/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks

Definitions

  • the present invention relates to the field of communications, and in particular to a communication technology between user equipments in a user network. Background technique
  • peripheral devices In recent years, with the development of technology and the increasing demand for high-tech products, people have more and more peripheral devices. Users may not only have multiple laptops, mobile phones, etc. at the same time, but may also need to own PCs. Connect the peripherals such as printers, scanners, and modems to the machine, and sometimes plug in the USB port to transfer and store the photos in the digital camera to the hard disk. Frequent insertion and removal of a certain interface, the various cables entangled after the PC, allow users to experience the new technology to enjoy, but also have to endure some inconvenience. In addition, the information transfer between the staff in various departments within the enterprise also puts forward higher requirements for the mobilization of information transmission in modern enterprises. In a limited office environment, the local area network can realize information sharing and device sharing (printer, scanning).
  • PAN Personal Area Network
  • the PAN network is oriented to a specific group in a space with a small radius of activity and a rich business type.
  • a mobile communication network that implements a wireless connection. This is a wireless network that is juxtaposed with a wide area network and a local area network but has a small range.
  • the core idea of the PAN network is to replace the traditional wired cable with radio or infrared, to realize the intelligent interconnection of personal information terminals, and to build a personalized information network.
  • the PAN network is a local area network; from the perspective of the telecommunication network, the PAN network is an access network, so some people refer to the PAN network as the "last metre" solution of the telecommunication network.
  • the PAN network is targeted at home and small office applications. Its main application areas include: voice communication gateway, data communication gateway, information electrical interconnection and automatic information exchange.
  • PAN network mainly include: Bluetooth (Bluetooth), Infrared Data Association (Infrared Data Association, "IRDA”) infrared communication technology.
  • Bluetooth Bluetooth
  • Infrared Data Association Infrared Data Association
  • IRDA Infrared Data Association
  • PAN network all user equipments (User Equipments, referred to as "UEs") of the same user can be managed and exchanged.
  • the network range of the PAN is small, such as mobile phones with strong mobility such as mobile phones. It may be limited to one PAN network.
  • both UEs performing communication are in the same PAN network of the same user network, that is, the UE communicates with each other in close proximity.
  • wireless technology can be used, such as wireless technology such as Bluetooth or infrared communication, or wired technology, such as wired technology including USB cable, to directly perform point-to-point communication between UEs.
  • the communication mode between UE1 and UE2 is the same.
  • UE1 and UE3 in Figure 1 Second, for UEs that are not in the same access network, that is, in the same PAN network, UE1 and UE3 in Figure 1, because of the need for long-distance communication, communication between them needs to be provided through the switching center provided by the operator.
  • the exchange is performed, that is, when UE1 needs to communicate with UE2, UE1 initiates a request through its access network A, and then passes through the switching center and access network B to reach UE3.
  • the data transmission of UE1 also needs to pass through access network A, switching center and access network B in order to be transmitted to UE3.
  • Embodiments of the present invention provide a communication system for a user equipment in a user network, and a method thereof.
  • the communication information between UEs in the user network can be secured.
  • An embodiment of the present invention provides a communication method for a user network, including the following steps: When two user equipments belonging to the same user need to communicate, the first user equipment sends a communication request to the user equipment registration information. Management entity requesting to establish a connection with the second user equipment;
  • the management entity performs security authentication on the first and second user equipments according to the communication request and the saved registration information
  • the first user equipment After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
  • An embodiment of the present invention provides a user network communication system, which has at least two user equipments belonging to the same user and an access network thereof, and the system includes:
  • a management entity configured to save registration information of the user equipment and perform security authentication on the user equipment
  • the communication request is sent to the management entity, and the management entity performs the first and second user equipment according to the communication request and the saved registration information.
  • safety certificate
  • the first user equipment After the authentication succeeds, the first user equipment directly establishes a point-to-point connection with the second user equipment.
  • two UEs in the user network before establishing a point-to-point connection, two UEs in the user network first request security authentication of the relevant UE from the access entity through the access network, only in the relevant UE.
  • a point-to-point connection is established when authentication passes.
  • the management entity can also guarantee the security of data transmission by providing a key to the UE that successfully authenticates.
  • the two parties in the user network perform security authentication on both sides of the communication to ensure the legality of both parties.
  • the management entity After the authentication is passed, the management entity further provides the communication parties with a secret. The key ensures the security of data transmission between the two parties.
  • the point-to-point connection is a remote connection established through the respective access network. Because the point-to-point connection between the two UEs does not go through the switching center, It can save resources of the switching center when it is far away from communication.
  • FIG. 1 is a schematic diagram of communication of a UE in a same user network in the prior art
  • FIG. 2 is a structural diagram of a communication system of a UE in a user network according to a first embodiment of the present invention
  • FIG. 3 is a second embodiment of the present invention.
  • FIG. 4 is a flowchart of a communication method of a UE in a user network according to a third embodiment of the present invention;
  • the communication system of the UE in the user network according to the first embodiment of the present invention will be described below based on the principle of the present invention.
  • the communication system of the UE in the user network includes at least two UEs belonging to the same user and their access networks, and a management entity for storing and authenticating the registration information of the UEs.
  • Each of the UEs belonging to the same user is located in the same PAN network, and interacts with its management entity through the same access network.
  • a plurality of UEs belonging to the same user in the system register in advance in their management entities before communication is required, and the management entity stores registration information of each UE that is registered.
  • the UE1 first sends a communication request to the management entity through its common access network A, requesting communication with the UE2, where the communication request includes the UE1 itself. Registration information and the device identification number of UE2.
  • the management entity After receiving the request, the management entity performs security authentication on the UE1 and the UE2 according to the previously stored registration information. For example, the management entity compares the registration information of the UE1 in the communication request with the saved registration information, and determines to initiate the communication.
  • the management entity sends a request message for communication to the UE2, where the request message includes the device identification number of the UE1.
  • the management entity decides whether to agree to communicate with ⁇ 1, and sends corresponding feedback information to the management entity according to the decision.
  • the management entity determines the received feedback information. If the UE2 accepts the request for communication with the UE1, the management entity further generates a temporary key for the UE1 and the UE2, and sends the key to the UE1.
  • the management entity sends an acknowledgement message that UE2 accepts the current communication to UE1.
  • UE1 and UE2 establish a direct connection within the scope of the PAN network, and after the connection is established, communicate through the temporary key provided by the management entity.
  • the second embodiment of the present invention is substantially the same as the first embodiment.
  • the communication system of the UE in the user network in the second embodiment includes at least two UEs belonging to the same user and their access networks, and is used for
  • the management entity that stores the registration information of these UEs and performs security authentication is different only in that the systems belonging to the same user in the system of the second embodiment are not located in the same PAN network, and each UE passes through its own access network.
  • the management entity interacts, and both UEs that need to communicate establish a remote connection through their respective access networks after the security authentication succeeds.
  • the same user has multiple UEs, where UE1 and UE3 are not in the same PAN network, UE1 is connected to access network A, and UE3 is connected to access network B.
  • the UE1 needs to communicate with the UE3, the UE1 sends a communication request to the management entity to communicate with the UE3 through the access network A, where the communication request includes the registration information of the UE1 itself and the device identification number of the UE3.
  • the management entity performs security authentication on UE1 and UE3 according to the received request message and the saved registration information. If the security authentication is successful, the communication request message including the device identification number of UE1 is sent to ⁇ 3.
  • the UE3 receives the request message from the management entity through the access network B, decides whether to agree to communicate with the UE1, and sends corresponding feedback information to the management entity according to the decision. If the management entity receives the feedback information that the UE3 agrees to perform the current communication, the UE further generates a temporary key for the UE1 and the UE3, and sends the key to the UE1 and the UE3, respectively, and the management entity accepts the confirmation of the current communication by the UE2. The message is sent to UE1. After receiving the key, UE1 and UE3 establish a remote connection through access network A and access network B respectively, and then communicate through the temporary key after the connection is established.
  • step 410 when the UE1 needs to communicate with the UE 2 belonging to the same user, the UE1 sends a communication request to the management entity to communicate with the ⁇ 2.
  • UE1 and UE2 belonging to the same user may be located in the same PAN network, or may be located in different PAN networks. If UE1 and UE2 are located in the same PAN network, UE1 needs to communicate with UE2 when it needs to communicate with UE2.
  • the common access network sends a communication request to the management entity to communicate with the UE2; if the UE1 and the UE2 are located in different PAN networks, the UE1 needs to access the UE2 when it needs to communicate with the UE2.
  • the network sends a communication request to the management entity to communicate with the UE2.
  • the communication request includes the registration information of the UE1 and the device identification number of the UE2.
  • the management entity After receiving the communication request from UE1, the management entity performs security authentication on UE1 and UE2 according to the information therein.
  • each UE belonging to the same user needs to register in the management entity in advance, and the management entity also needs to save the registration information of the registered UE. Therefore, when the management entity receives the communication request from the UE1, it can perform security authentication on the UE1 and the UE2 according to the information in the communication request and the registration information held by itself.
  • the management entity determines whether UE1 and UE2 have passed the security authentication, and if yes, proceeds to step 450, and if not, proceeds to step 440;
  • step 440 the management entity returns a message to the UE1 that the communication request failed.
  • the management entity continues the communication request only when both UEs that need to communicate pass the security authentication, thereby effectively preventing the unauthorized UE from accessing the UE in the user network, thereby ensuring the security of both parties.
  • step 450 the UE1 and the UE2 pass the security authentication, and the management entity sends a request message for the communication to the UE2, where the message includes the device identification number of the UE1.
  • UE2 receives the request message from the management entity, and determines whether to agree to perform the current communication according to the device identification number of UE1. Similarly, if UE1 and UE2 are located in the same PAN network, UE2 receives the request message from the management entity through its common access network, and decides whether to agree to perform the current communication; if UE1 and UE2 are located in different PAN networks, The UE 2 receives the request message from the management entity through the access network to which it belongs, and decides whether or not to agree to perform the current communication. If the UE2 agrees to perform the current communication, the feedback message of the current communication is sent to the management entity, and the process proceeds to step 480. Otherwise, the process proceeds to step 470. In step 470, the UE2 sends a feedback message rejecting the current communication to the management entity. After receiving the rejection message, the management entity further notifies UE1 that the communication request failed.
  • step 480 since the UE2 agrees to communicate with the UE1, the management entity generates a temporary key for the current communication, and transmits the temporary key to the UE1 and the UE2, respectively, and the management entity accepts the confirmation of the current communication by the UE2.
  • the message is sent to UE1. Since the temporary key is temporarily generated when the UE needs to communicate with each other, it has strong randomness and real-time performance, and is not easily Unscrupulous user cracking, the communication parties communicate through the temporary key, which ensures the security of data transmission during the communication process.
  • UE1 and UE2 establish a point-to-point connection to communicate after receiving the temporary key. Specifically, if UE1 and UE2 are in the same PAN network, both UEs establish a direct connection within the scope of their PAN network, and after the connection is established, communicate through the temporary key provided by the management entity; if UE1 and UE2 do not Within the same PAN network, UE1 and UE2 establish remote connections through their respective access networks, and also communicate through the temporary key after the connection is established.
  • the resources of the switching center are greatly saved, and the resources can be more rationally utilized.

Abstract

La présente invention concerne un procédé de communication dans le réseau d'utilisateur et un système correspondant: avant la création de la connexion point-à-point, deux équipement d'utilisateurs dans le réseau d'utilisateur demande à l'entité de gestion l'authentification de sécurité de l'équipement d'utilisateur correspondant via le réseau d'accès, et la connexion point-à-point est créée jusqu'au passage de la certification de l'équipement d'utilisateur correspondant. L'entité de gestion peut fournir la clé à l'équipement d'utilisateur certifié pour assurer la sécurité de la transmission de données. Si les deux équipements d'utilisateur se trouvent dans le même réseau de zone personnelle, la connexion point-à-point est la connexion directe dans la plage de réseau de zone personnelle. Si les deux équipements d'utilisateur ne se trouvent pas dans le même réseau de zone personnelle, la connexion point-à-point est la connexion à distance créée par le réseau d'accès respectif. Grâce à l'invention, la sécurité de transmission de données entre équipement d'utilisateurs dans le réseau d'utilisateur est assurée.
PCT/CN2007/001074 2006-04-04 2007-04-03 Procédé de communication dans le réseau d'utilisateur et système correspondant WO2007112692A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2009503394A JP2009532959A (ja) 2006-04-04 2007-04-03 ユーザネットワークにおける通信方法および通信システム

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CNA2006100254380A CN101051967A (zh) 2006-04-04 2006-04-04 用户网络中用户设备的通信系统及其方法
CN200610025438.0 2006-04-04

Publications (2)

Publication Number Publication Date
WO2007112692A1 true WO2007112692A1 (fr) 2007-10-11
WO2007112692A8 WO2007112692A8 (fr) 2007-12-06

Family

ID=38563114

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001074 WO2007112692A1 (fr) 2006-04-04 2007-04-03 Procédé de communication dans le réseau d'utilisateur et système correspondant

Country Status (4)

Country Link
JP (1) JP2009532959A (fr)
KR (1) KR101076332B1 (fr)
CN (2) CN101051967A (fr)
WO (1) WO2007112692A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009142851A2 (fr) * 2008-05-20 2009-11-26 Microsoft Corporation Architecture de sécurité pour un système de mémorisation p2p
JP2012502586A (ja) * 2008-09-12 2012-01-26 クゥアルコム・インコーポレイテッド チケットベースの構成パラメータ有効確認
US9148335B2 (en) 2008-09-30 2015-09-29 Qualcomm Incorporated Third party validation of internet protocol addresses

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101772199A (zh) * 2008-11-24 2010-07-07 华为终端有限公司 一种d2d网络建立的方法和装置
EP2407001B1 (fr) 2009-03-12 2013-12-25 Nokia Solutions and Networks Oy Communication de dispositif à dispositif
WO2013027916A1 (fr) * 2011-08-24 2013-02-28 에스케이플래닛 주식회사 Système et procédé de fourniture d'un service cpns
EP2901798B1 (fr) 2012-09-28 2020-01-22 Avago Technologies International Sales Pte. Limited Procédés, dispositifs et produits programmes d'ordinateur améliorant une communication de dispositif à dispositif
CN108650090A (zh) * 2018-07-17 2018-10-12 江苏亨通问天量子信息研究院有限公司 量子保密传真机及量子保密传真系统
CN111711522A (zh) * 2020-05-13 2020-09-25 刘中恕 一种基于云共享机制的多区域实体身份认证系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004304710A (ja) * 2003-04-01 2004-10-28 Canon Inc 無線接続装置の認証方法
CN1691653A (zh) * 2004-04-16 2005-11-02 美国博通公司 经由宽带接入网关登记接入设备多媒体内容的系统及方法
CA2530908A1 (fr) * 2005-01-27 2006-04-01 Research In Motion Limited Reseau personnel sans fil a authentification et methodes connexes

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002335263A (ja) * 2001-05-08 2002-11-22 Olympus Optical Co Ltd 情報端末通信システム
JP4117658B2 (ja) * 2001-08-09 2008-07-16 大宏電機株式会社 通信認証方法
WO2004071037A1 (fr) * 2003-02-04 2004-08-19 Matsushita Electric Industrial Co., Ltd. Systeme de communication, et serveur de commande de communication et terminaux de communication constituant ledit systeme de communication
US8009608B2 (en) * 2004-04-16 2011-08-30 Broadcom Corporation Method and system for extended network access services advertising via a broadband access gateway
KR100678933B1 (ko) * 2004-05-25 2007-02-07 삼성전자주식회사 조정자 기반의 무선 네트워크 통신 방법과, 백본네트워크와 연결된 조정자 기반의 무선 네트워크들간의통신 방법

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004304710A (ja) * 2003-04-01 2004-10-28 Canon Inc 無線接続装置の認証方法
CN1691653A (zh) * 2004-04-16 2005-11-02 美国博通公司 经由宽带接入网关登记接入设备多媒体内容的系统及方法
CA2530908A1 (fr) * 2005-01-27 2006-04-01 Research In Motion Limited Reseau personnel sans fil a authentification et methodes connexes

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009142851A2 (fr) * 2008-05-20 2009-11-26 Microsoft Corporation Architecture de sécurité pour un système de mémorisation p2p
WO2009142851A3 (fr) * 2008-05-20 2010-02-25 Microsoft Corporation Architecture de sécurité pour un système de mémorisation p2p
US8196186B2 (en) 2008-05-20 2012-06-05 Microsoft Corporation Security architecture for peer-to-peer storage system
JP2012502586A (ja) * 2008-09-12 2012-01-26 クゥアルコム・インコーポレイテッド チケットベースの構成パラメータ有効確認
US8913995B2 (en) 2008-09-12 2014-12-16 Qualcomm Incorporated Ticket-based configuration parameters validation
US9148335B2 (en) 2008-09-30 2015-09-29 Qualcomm Incorporated Third party validation of internet protocol addresses

Also Published As

Publication number Publication date
KR20090006110A (ko) 2009-01-14
JP2009532959A (ja) 2009-09-10
WO2007112692A8 (fr) 2007-12-06
CN101051967A (zh) 2007-10-10
CN101317390A (zh) 2008-12-03
KR101076332B1 (ko) 2011-10-26

Similar Documents

Publication Publication Date Title
US8464322B2 (en) Secure device introduction with capabilities assessment
WO2007112692A1 (fr) Procédé de communication dans le réseau d'utilisateur et système correspondant
JP7035163B2 (ja) ネットワークセキュリティ管理方法および装置
CN102111766B (zh) 网络接入方法、装置及系统
EP2941855B1 (fr) Authentification d'un dispositif sans fil accueilli auprès d'un service d'accueil sans fil
US7530098B2 (en) Device ownership transfer from a network
WO2004102876A1 (fr) Systeme d'authentification d'acces a un reseau local radio
JP2008500607A (ja) デバイス組分け及び組分けデバイス同士の会話を実現する方法
WO2007056383A1 (fr) Procede et systeme permettant de gerer l'acces a un reseau sans fil
WO2013033999A1 (fr) Procédé et appareil de transmission de données point à point de dispositif mobile
WO2014026438A1 (fr) Terminal mobile pour la transmission d'une clé ou d'un certificat de point d'accès wifi à l'aide d'une communication en champ proche
EP2234438B1 (fr) Procédé d'accès à un réseau personnel sans fil
WO2006000151A1 (fr) Procede de gestion d'un materiel terminal local pour l'acces au reseau
US20060179303A1 (en) Network security
JP6030600B2 (ja) 無線通信装置、無線lanシステム、及び通信方法
JP2009512368A (ja) 通信システムおよび通信方法
WO2007115505A1 (fr) Réseau local personnel et procédé de communications et dispositif pour l'équipement correspondant
WO2013182126A1 (fr) Procédé et plate-forme de gestion et de commande unifiée pour terminal omniprésent
JP2012070225A (ja) ネットワーク中継装置及び転送制御システム
WO2010124569A1 (fr) Procédé et système permettant un contrôle d'accès utilisateur
JP2005217679A (ja) 通信相手の認証を行う認証サーバ
KR100686736B1 (ko) 인증을 통한 이동 애드혹 네트워크에의 참여 방법
JP2006345302A (ja) ゲートウェイ装置およびプログラム
WO2024062373A1 (fr) Gestion d'enregistrement d'identité basée sur un registre
KR100703741B1 (ko) 이동성을 가진 키 생성 전달 장치를 이용한 무선 네트워크관리 방법 및 시스템

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200780000373.7

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720648

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2009503394

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: KR

Ref document number: 1020087025794

Country of ref document: KR

122 Ep: pct application non-entry in european phase

Ref document number: 07720648

Country of ref document: EP

Kind code of ref document: A1