WO2008014655A1 - Procédé, terminal mobile et serveur destinés à mettre en oeuvre une clé de partage actualisée dans le système de communication mobile - Google Patents

Procédé, terminal mobile et serveur destinés à mettre en oeuvre une clé de partage actualisée dans le système de communication mobile Download PDF

Info

Publication number
WO2008014655A1
WO2008014655A1 PCT/CN2007/001313 CN2007001313W WO2008014655A1 WO 2008014655 A1 WO2008014655 A1 WO 2008014655A1 CN 2007001313 W CN2007001313 W CN 2007001313W WO 2008014655 A1 WO2008014655 A1 WO 2008014655A1
Authority
WO
WIPO (PCT)
Prior art keywords
shared key
key
new shared
mobile node
security
Prior art date
Application number
PCT/CN2007/001313
Other languages
English (en)
Chinese (zh)
Inventor
Jing Liu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008014655A1 publication Critical patent/WO2008014655A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless

Definitions

  • the present invention relates to the field of mobile communication technologies, and in particular, to a method for implementing shared key update in a mobile communication system, a mobile terminal, and a security verification server.
  • WiMAX Worldwide Interoperability Microwave Access
  • WMAN wireless metropolitan area network
  • WiMAX is an emerging wireless communication technology for transmitting wireless signals. It provides a high-speed connection to the Internet. With this technology, users can communicate data at a very fast speed within a range of 50 kilometers.
  • the WiMAX system network reference model in the prior art is shown in FIG. 1.
  • the WiMA mobile station (MSS, Mobile Subscribe Station) 11 accesses the access service network through the air interface reference point 1 (Reference Point 1 , Rl) (Access Service Network).
  • Rl Reference Point 1
  • ASN Access Service Network
  • ASN Access Service Network
  • CSN Interceptive Service Network
  • the interface between the 11 and the interconnection service network 13 is a logical interface R2, which is an actual physical 7-load through the R1 interface and the R3 interface.
  • a mobile station When a mobile station (such as a WiMAX mobile station) is in a roaming scenario, it uses a logical interface R2 to respectively contact a visited service provider (Visited Network Service Provider, Visited NSP or V-NSP) and a home grid monthly service operator ( Home Network Service Provider, Home NSP or H-NSP) communication, access between the network service operator and the home network service operator through the R5 interface.
  • a visited service provider Visited NSP or V-NSP
  • Home Network Service Provider Home NSP or H-NSP
  • the network provides roaming services for users, and users can still enjoy WiMAX services after moving to a different location.
  • the access service network includes a base station (Base Stasion, BS) 21 and an access service network gateway (ASN-Gateway, ASN-GW 22, wherein the interface between the base stations 21 is an R8 interface, the interface between the base station 21 and the ASN-GW 22 is an R6 interface, and the ASN-GW 22 can be a target gateway (TGW) and a service gateway (Service).
  • Gateway, SGW) and anchor gateway (AGW) the interface between each ASN-GW22 is an R4 interface
  • the interface between ASN-GW22 and CSN13 is an R3 interface.
  • WiMAX Take the WiMAX system as an example, which includes two core network access services, namely, Simple IP (Internet Protocol) service and Mobile IP service.
  • the security threats of Mobile IP mainly include denial of service attacks, counterfeit attacks, and Authorized access.
  • the mobile IP is mainly used to ensure the secure and reliable transmission of packets.
  • the commonly used encryption algorithms include DES and 3DES.
  • the authentication methods include MD5 and HMAC-MD5.
  • the keys used for authentication and encryption include Pre-shared keys, digital signatures, shared keys, and more.
  • Mobile IP authentication mechanism is to protect MN (Mobile Node, Mobile Node), FA ( Foreign
  • MN-HA key MN-HA key
  • MN-AAAkey MN-AAAkey
  • the inventors have found that in the prior art, within an operator, if the home location AAA is determined, the security association between the HA and the MN is statically configured, that is, MN-HA, The shared key between MN-AAA is statically configured and fixed. If the MSS (which is a specific case of the MN) roams across carriers, according to the technical solution of the static configuration of the existing shared key,
  • the shared key used before and after the MSS roaming is the same.
  • the key information that is pre-statically configured for the pre-traveling carrier network may be untrusted and unsecured for the roaming carrier network.
  • Embodiments of the present invention provide a method for implementing shared key update in a mobile communication system, a mobile terminal, and a security face certificate server, which can dynamically update a shared key.
  • An embodiment of the present invention provides a method for implementing shared key update in a mobile communication system, where the method includes: a mobile node generates a new shared key under a shared key update request indication sent by a security verification server; Transmitting, by the node, the new shared key to the security verification server; after determining that the security verification server successfully verifies the new shared key, the mobile node uses the new shared key pair to transmit data Do security handling.
  • the embodiment of the present invention further provides a method for implementing a shared key update in a mobile communication system, where the method includes: the security verification server sends a shared key update request to the mobile node; and the security verification server receives the bearer Determining, by the mobile node, a first message of a new shared key generated by the shared key update request indication; the security verification server successfully verifying the new shared key; the security verification server is for a subsequent source
  • the transmission data of the mobile node is used for security verification using the new shared key.
  • An embodiment of the present invention further provides a mobile terminal, including: a key generation unit, configured to generate a new shared key under a shared key update request indication of a security verification server; and a key transmission unit, configured to: The new shared key generated by the key generation unit is transmitted to the security verification server, and the data processing unit is configured to generate the key after determining that the security verification server successfully authenticates the new shared key The new shared key generated by the unit performs security processing on the transmitted data.
  • the embodiment of the present invention further provides a security verification server, including: an update request processing unit, configured to send a shared key update request to the mobile node, and a key receiving unit, configured to receive the mobile node in the a first message of the new shared key generated by the shared key update request; the key verification unit is configured to verify the new shared key in the first message, and when the verification is successful Notifying that the notification object includes at least the mobile node; and a data verification unit, configured to: after the key verification unit announces that the verification of the new shared key is successful, adopt the new data for subsequent transmission data from the mobile node Shared key for security verification.
  • a security verification server including: an update request processing unit, configured to send a shared key update request to the mobile node, and a key receiving unit, configured to receive the mobile node in the a first message of the new shared key generated by the shared key update request; the key verification unit is configured to verify the new shared key in the first message, and when the verification is successful Notifying that the notification object includes at least the mobile node
  • the mobile node generates a new shared key under the shared key update request indication sent by the security verification server; and then transmits the new shared key to the a security verification server; after determining that the security verification server successfully authenticates the new shared key, using the new shared key to perform security processing on the transmission data, that is, the mobile node and the security verification server update the shared key
  • the information can be securely processed and verified by the mobile node's transmission data using the updated new shared key.
  • 1 is a network reference model diagram of a WiMAX system in the prior art
  • FIG. 2 is a schematic diagram of networking of an access service network in the prior art
  • FIG. 4 is a schematic structural diagram of an embodiment of a mobile terminal according to the present invention.
  • FIG. 5 is a schematic structural diagram of an embodiment of a security verification server according to the present invention.
  • the embodiment of the present invention provides a method for centrally controlling an AAA server (a type of security verification server) to initiate an update of a mobile IP key.
  • AAA server a type of security verification server
  • the mobile IP key described in the following embodiments is used. This is the shared key between the mobile node and the AAA Server (server), and between the mobile node and the HA.
  • Step S301 The MSS manufacturing manufacturer generates a public key and a private key pair according to RFC (Request For Comments) 2313, and writes the public key to the MSS chip.
  • the MSS manufacturer issues a private key to the service provider.
  • the service provider writes the private key to the subscription information in the user's home AAA server.
  • Step S302 The MSS accesses the network, and completes the authentication and bearer establishment process according to the NWG specification.
  • Step S!30 3 MSS sends MIP (Mobile IP, Mobile Internet Protocol) Registration
  • the MSS may perform a registration request when the network is first accessed, or may perform a registration update periodically.
  • Step S305 The home AAA server parses the AQ message, and performs user authentication and authorization. If the AAA MIP Renew State in the subscription information is Renew KEYS (1), that is, the value of the Renew State is 1, the home AAA Server rejects the packet data access and forces the initiation of the mobile IP key update. Process. It should be noted that the value of the AAA MIP Renew State in the subscription information can be configured by the network administrator.
  • step S305 describes only one example of a case where the home AAA server actively initiates a mobile IP key update, and the home AAA server or other AAA server can also initiate a mobile IP key update according to other information. For example, for a terminal with a security risk or a different security trust area before and after the terminal roaming, the mobile IP key update may be initiated.
  • Step S306 The home AAA Server sends an Access Reject to the ASN GW.
  • the Access Reject message contains the RADIUS extended attribute of MIP_Key_Renew_Request (MIP key update request).
  • Step S307 The ASN GW parses the Access Reject message, constructs a MIP Registration Reply (RRP) message, and the RJ P message includes the MIP extended attribute of the MIP_Key_Renew_Request, and sends the RRP message to the MSS.
  • RRP MIP Registration Reply
  • Step S308 The MSS sets the MIP Renew State value to Renew KEYS according to the P—Key—Renew—Request attribute, and the MSS generates a MIP—Key—Structure according to RFC 1750, where the MIP_Key—Structure includes: Public— Key Identifier, new MN-AAA key (key between mobile node and home AAA server:), new MN_HA key (key between mobile node and home agent:), CHAP key ( Challenge-Handshake Authentication Protocol, MN-Authenticator, AAA-Authenticator, where the information other than the Public-Key Identifier is encrypted using Public-Key. It should be noted that the MN here can be regarded as MSS.
  • Step S309 The MSS sends an RRQ message to the ASN GW, where the RRQ message includes
  • MIP—Key The MIP extension property of Structure. It can be understood by those skilled in the art that since the new MN-AAA ke newly generated by the MSS in step S308 has not been successfully verified by the AAA server, the mobile node still uses the old MN_AAA key before the update when sending this step RRQ message (with new The MN-AAA key is relatively securely processed, and the message includes the MN-AAA authentication extension information processed by the old MN-AAA key.
  • Step S310 The ASN GW converts the RRQ message into a RADIUS AQ message, and the ARQ message includes the RADIUS extended attribute of the MIP_Key_Stmcture and the MN-AAA authentication extension information, and sends the information to the home AAA server.
  • Step S311 In the aspect, the home AAA Server verifies the MN-AAA authentication extension in the ARQ message by using the old MN-AAA key, that is, verifying the validity of the ARQ message. On the other hand, the home AAA Server parses the ARQ message, obtains the corresponding private key information from the subscription information according to the user NAI, MSID, and Public-Key Identifier, and uses the RADIUS extended attribute of the private key pair MIP_Key_Structure. Decrypt, from which uncommented new MN - AAA key and new MN_HA key.
  • the home AAA Server updates the MN_AAAkey and MN-HAkey in the user subscription information, and some affiliated keys, such as a CHAP key. .
  • the home AAA Server sets the MIP Renew State value to EYS Renewed (2).
  • the home AAA Server has agreed to the new MN-AAA key and the new MN-HA key as the shared key between the MN and the AAA and between the MN and the HA, respectively. It can be seen that, in this step, the new shared key (ie, the new MN-AAA ke and the new MN-HA key) generated by the MSS is verified by the above two operations. If the verification is successful, the process proceeds to step S312.
  • Step S312 The home AAA server sends an Access Reject message to the ASN GW, where the Access Rej ect message includes the RADIUS extended attribute of the AAA-Authenticator and information indicating that the AAA Server has successfully verified the new shared key, the AAA-Authenticator That is the solid-AAA authentication extension.
  • Step S313 The ASN GW parses the Access Reject message to construct a MIP RRP message, where the RRP message includes the MIP extended attribute of the AAA-Authenticator and information indicating that the AAA Server has successfully verified the new shared key.
  • Step S314 The MSS verifies the consistency between the AAA_Authenticator in the received MIP RRP message and the locally calculated AAA_Authenticator. After the consistency verification succeeds, the MSS parses the MIP RJRP message content, and parses out the information that the AAA Server has successfully verified the new shared key. Then, the new MN_AAA and MNJHA key in step S308 will become the formal MIP key in the subsequent MSS online process, that is, the MSS will subsequently use the new MN-AAA and MN-HA key to perform security processing on the transmitted data. At this time, the MSS already knows that the home AAA Server agrees that the MN-AAA and MNJHA keys are respectively used as keys between the MN and the AAA and between the MN and the HA.
  • the MN Since the HA does not know that the key with the MN has been updated, the MN also notifies the updated new MN-HAke to the HA through the home AAA Server. Please continue to refer to Figure 3.
  • Step Rubber S315 The MSS initiates a new RQ message. Since the MSS has determined that the AAA Server successfully authenticates the new shared key (ie, the new MN-AAAkey and the new MN-HAkey), the new MN-AAA key is used to perform security processing on the RRQ message, and then, in the transmission. of The MN-AAA authentication extension is included in the RRQ message.
  • Step S316 The ASN GW parses the R Q message, constructs an ARQ message, and then sends it to the home AAA Serveio.
  • Step S317 The home AAA Server verifies the MN-AAA authentication extension in the received message by using the new MN-AAA key, and sets the MIP Renew State value to KEYS VALID (0) after the verification succeeds.
  • Step S318 The home AAA Server sends an Access Accept message to the ASN GW.
  • Step S319 The ASN GW/FA sends an RRQ message to the HA.
  • Step S320 The HA sends an Access Request message to the home AAA server.
  • Step S321 The home AAA server sends an Access Accept message to the HA, where the Access Accept message includes the new MN_HAkey 0.
  • Step S322 HA uses the old picture - HAkey to verify the Mobile-Home Authentication authentication extension. If the verification is passed, the HA parses the new MN-HA key from the Access Accept message, and then agrees to the new MN-HA key as its new shared key with the MN.
  • Step S323 The HA sends an RRP message to the ASN GW/FA.
  • Step S324 The ASN GW/FA forwards the RRP to the MSS, and the MIP key update and MIP registration process ends.
  • the home AAA server starts to force the key update process when the MSS initiates the registration request.
  • the MSS periodically initiates a registration update to the HA, if the home AAA server needs to be immediately or If the key update is performed as soon as possible, the network update device may adjust the registration update period, for example, so that the MSS initiates the registration update as soon as possible, and then performs the key update process as soon as possible.
  • the home AAA server initiates a shared key update request.
  • the AAA server in the visited place may initiate a shared key update request, and the AAA Server of the visited place may obtain the subscription information and the private key of the mobile node from the AAA Server of the home location.
  • the entity that initiates the shared key update request includes but is not limited to For AAA Server, there are other security authentication servers with similar functions.
  • the public key is used for encryption processing, which can enhance the transmission security of the new shared key. However, if the public key encryption is not used, only the new sharing is included.
  • the message data of the key information is processed by the old shared key for security processing and then transmitted to the security server, which is also a certain security guarantee. Therefore, when transmitting a new shared key, it can be transmitted only by public key encryption or by using only the old shared key for security processing. If the above two methods are used in combination, the new shared secret is used. Key transmission security is better.
  • FIG. 4 is a schematic structural diagram of an embodiment of a mobile terminal according to the present invention.
  • the mobile terminal in this embodiment mainly includes a key generation unit 41, a key transmission unit 2, and a data processing unit 43.
  • the internal structure of the mobile terminal is further described below in conjunction with the working principle of the mobile terminal of this embodiment.
  • the new shared key is generated by the key generation unit 41 under the shared key update request indication of the security verification server (AAA Server). Then, the new shared key generated by the key generation unit 41 is transmitted to the security verification server by the key transmission unit 42.
  • the key transmission unit 42 includes a key encryption processing unit 421 and a transmission unit 422.
  • the public key corresponding to the private key saved in the security verification server is stored in the mobile terminal, and the new shared key to be transmitted by the public key may be encrypted and processed, thereby enhancing the new shared key transmission. Security.
  • the key encryption processing unit 421 performs encryption processing on the new shared key generated by the key generation unit 41 by using the above-mentioned public key; and then sends the encrypted shared new shared key and the identifier of the public key to the sending unit by the 422 sending unit. To the security verification server.
  • the new shared key can be used to perform security processing on the subsequent transmission data.
  • the data processing unit 43 includes a determining unit 431 and a security processing unit 432, wherein the determining unit 431 is configured to determine security when parsing the new shared key verification success information from the message from the security verification service.
  • the security certificate successfully reports the new shared key and the security processing unit 432; further, the security processing unit 432 generates the generated by the key generating unit 41.
  • the new shared key performs security processing on the subsequent transmission data, that is, the new shared key generated by the key generation unit 41 officially becomes the new shared key used in the subsequent online process of the mobile terminal.
  • the new shared key generated by the key generation unit 41 may be only a new shared key between the mobile terminal and the security verification server, and may also include the mobile terminal and the home agent.
  • FIG. 5 is a schematic structural diagram of an embodiment of a security verification server according to the present invention.
  • the security verification server in this embodiment may be an AAA Server.
  • the security certificate server mainly includes an update request processing unit 51, a key receiving unit 52, a key verification unit 53, and a data verification unit 56.
  • the internal structure of the security verification server is further described below in conjunction with the working principle thereof.
  • the shared key update request is issued by the update request processing unit 51 to the mobile node.
  • the update request processing unit 51 issues a shared key update request for various reasons, such as for security reasons (e.g., the mobile terminal roams to the visited network) or for management reasons.
  • the mobile node ie, the mobile terminal
  • receives the shared key update request it generates a new shared key under the instruction of the request and feeds back to the security-certification server.
  • the key receiving unit 52 of the security verification server receives the first message carrying the new shared key. Then, the key verification unit 53 verifies the new shared key in the first message, and advertises when the verification is successful, and the advertisement object includes at least the mobile node.
  • the reason for the announcement of the new shared key verification to the mobile node is that the mobile node can perform security processing on the subsequent transmission data by using the new shared key after determining that the security verification server successfully authenticates the new shared key.
  • the mobile node uses the public key stored internally (the corresponding security key is stored in the security verification server) to the new shared key. Encryption processing is performed, so the first message further includes an identifier of the mobile node and an identification of the public key.
  • the key verification unit 53 specifically includes a first message verification unit 531 and a new shared key decryption unit.
  • the first message verification unit 531 is configured to perform security verification on the first message by using the old shared key between the security verification server and the mobile node;
  • the new shared key decryption unit 532 is configured to use the movement in the first message.
  • Node identifier and public key identifier Obtaining a corresponding private key in the data information, and then decrypting the encrypted new shared key in the first message by using the private key;
  • the success information notification unit 533 is configured to succeed in the first message verification unit 53 1
  • the new shared key decryption unit 532 successfully decrypts the new shared key, the information of the new shared key verification success is announced, and the notification object of the new shared key verification success information includes at least the mobile node.
  • the first message verification unit 531 first performs security verification on the first message, and when the verification is passed (indicating that the first message is legal), the new shared key decryption unit 532 will be the first.
  • the message is parsed, from which the new shared key that was not encrypted is parsed.
  • the first message face unit 531 and the new shared key decryption unit 532 operate independently of each other, and there is no possibility of prioritization.
  • the security verification server in this embodiment further includes a shared key update unit 54 for updating the mobile node with the new shared key after the key verification unit 53 announces that the verification of the new shared key is successful. Shared key information in the contract information.
  • the new shared key in the first message received by the key receiving unit 52 may be only a new shared key between the mobile node and the security verification server, and may also include a new sharing between the mobile node and the home agent. Key. This mainly depends on the specific content of the shared key update request delivered by the update request processing unit 51.
  • the security verification server in this embodiment further includes a new shared key advertisement unit 55, and the new shared key advertisement unit 55 is configured to move after the key face certificate unit 53 announces that the new shared key #r certificate is successful.
  • the new shared key between the node and the home agent is advertised to the home agent.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

L'invention concerne un procédé permettant de mettre en oeuvre la clé de partage actualisée dans le système de communications mobiles. Dans ce procédé, le noeud mobile génère la nouvelle clé de partage en fonction de l'indication de la demande de clé de partage actualisée distribuée par le serveur de certification de sécurité, ce noeud mobile transmet cette nouvelle clé de partage au serveur de certification de sécurité, ce noeud mobile traite les données transmises en sécurité par l'adoption de cette nouvelle clé de partage après confirmation de la certification de cette nouvelle clé de partage par le serveur de certification de sécurité. L'invention concerne aussi un terminal mobile et un serveur de certification de sécurité. L'adoption de ce projet technique apporté par la présente invention, permet d'actualiser de manière dynamique la clé de partage.
PCT/CN2007/001313 2006-07-24 2007-04-20 Procédé, terminal mobile et serveur destinés à mettre en oeuvre une clé de partage actualisée dans le système de communication mobile WO2008014655A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610103276.8 2006-07-24
CNA2006101032768A CN101114958A (zh) 2006-07-24 2006-07-24 WiMAX系统中实现移动IP密钥更新的方法

Publications (1)

Publication Number Publication Date
WO2008014655A1 true WO2008014655A1 (fr) 2008-02-07

Family

ID=38996858

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/001313 WO2008014655A1 (fr) 2006-07-24 2007-04-20 Procédé, terminal mobile et serveur destinés à mettre en oeuvre une clé de partage actualisée dans le système de communication mobile

Country Status (2)

Country Link
CN (1) CN101114958A (fr)
WO (1) WO2008014655A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160366247A1 (en) * 2010-06-25 2016-12-15 Toyota Motor Engineering & Manufacturing North America, Inc. Over-the-air vehicle systems updating and associated security protocols
CN111541642A (zh) * 2020-03-17 2020-08-14 广州亚美智造科技有限公司 基于动态秘钥的蓝牙加密通信方法、装置和计算机设备

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101447978B (zh) * 2008-02-20 2012-09-05 中兴通讯股份有限公司 在WiMAX网络中拜访AAA服务器获取正确的HA-RK Context的方法
CN101516092B (zh) * 2009-03-31 2010-09-29 华为技术有限公司 一种WiMAX网络的认证方法和装置
CN102012984A (zh) * 2010-11-19 2011-04-13 中兴通讯股份有限公司 移动终端密钥的更新方法及移动终端
CN110248359A (zh) * 2018-03-07 2019-09-17 中国移动通信有限公司研究院 一种加密方案、终端、网元设备及计算机存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030206637A1 (en) * 2002-05-03 2003-11-06 Germano Caronni Mechanism and method to achieve group-wise perfect backward secrecy
JP2005175879A (ja) * 2003-12-11 2005-06-30 Mitsubishi Electric Corp 認証システム及び認証装置及び管理装置
JP2005217843A (ja) * 2004-01-30 2005-08-11 Nec Corp コンテンツ配信システム、サーバ、クライアント及びプログラム
CN1656771A (zh) * 2002-04-05 2005-08-17 高通股份有限公司 移动无线系统中的密钥更新

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1656771A (zh) * 2002-04-05 2005-08-17 高通股份有限公司 移动无线系统中的密钥更新
US20030206637A1 (en) * 2002-05-03 2003-11-06 Germano Caronni Mechanism and method to achieve group-wise perfect backward secrecy
JP2005175879A (ja) * 2003-12-11 2005-06-30 Mitsubishi Electric Corp 認証システム及び認証装置及び管理装置
JP2005217843A (ja) * 2004-01-30 2005-08-11 Nec Corp コンテンツ配信システム、サーバ、クライアント及びプログラム

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160366247A1 (en) * 2010-06-25 2016-12-15 Toyota Motor Engineering & Manufacturing North America, Inc. Over-the-air vehicle systems updating and associated security protocols
CN111541642A (zh) * 2020-03-17 2020-08-14 广州亚美智造科技有限公司 基于动态秘钥的蓝牙加密通信方法、装置和计算机设备
CN111541642B (zh) * 2020-03-17 2022-06-14 广州亚美智造科技有限公司 基于动态秘钥的蓝牙加密通信方法和装置

Also Published As

Publication number Publication date
CN101114958A (zh) 2008-01-30

Similar Documents

Publication Publication Date Title
JP4723158B2 (ja) パケット・データ・ネットワークにおける認証方法
RU2437238C2 (ru) Способы и устройство для обеспечения иерархии ключей pmip в сети беспроводной связи
EP1897268B1 (fr) Procede de rafraichissement de cle maitresse par paire
JP5054772B2 (ja) アクセス専用キーを提供する方法およびシステム
JP4965671B2 (ja) 無線通信ネットワークにおけるユーザ・プロファイル、ポリシー及びpmipキーの配布
EP1999567A2 (fr) Distribution proactive d'autorisation d'accès
WO2007055828A2 (fr) Procede et appareil de fourniture de document d'autorisation
JP2011512052A (ja) 無線アクセス技術及び移動ip基盤の移動性制御技術が適用された次世代のネットワーク環境のための統合ハンドオーバー認証方法
WO2008014655A1 (fr) Procédé, terminal mobile et serveur destinés à mettre en oeuvre une clé de partage actualisée dans le système de communication mobile
KR20080050971A (ko) 이종 무선망 연동 시스템에서 로밍에 필요한 인증 방법
WO2007134547A1 (fr) Procédé et système pour créer et distribuer une clé de sécurité ip mobile après réauthentification
US20120254615A1 (en) Using a dynamically-generated symmetric key to establish internet protocol security for communications between a mobile subscriber and a supporting wireless communications network
Ameur et al. Secure Reactive Fast Proxy MIPv6-Based NEtwork MObility (SRFP-NEMO) for Vehicular Ad-hoc Networks (VANETs).
WO2008086747A1 (fr) Système ip mobile et procédé pour mettre à jour une clé initiale d'agent domestique
JP2010161448A (ja) 端末間ネゴシエーションにおける認証方法及びシステム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07720886

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07720886

Country of ref document: EP

Kind code of ref document: A1