WO2008074226A1 - A method for negotiating the session secret key between the endpoints across multiple gatekeeper zones - Google Patents

A method for negotiating the session secret key between the endpoints across multiple gatekeeper zones Download PDF

Info

Publication number
WO2008074226A1
WO2008074226A1 PCT/CN2007/003690 CN2007003690W WO2008074226A1 WO 2008074226 A1 WO2008074226 A1 WO 2008074226A1 CN 2007003690 W CN2007003690 W CN 2007003690W WO 2008074226 A1 WO2008074226 A1 WO 2008074226A1
Authority
WO
WIPO (PCT)
Prior art keywords
gatekeeper
calling
endpoint
called
key
Prior art date
Application number
PCT/CN2007/003690
Other languages
French (fr)
Chinese (zh)
Inventor
Chen Lu
Yunfeng Wang
Jianyong Chen
Yanlong Hu
Zebao Zhang
Original Assignee
Zte Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zte Corporation filed Critical Zte Corporation
Publication of WO2008074226A1 publication Critical patent/WO2008074226A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/061Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks

Definitions

  • the invention relates to the field of packet network communication security, in particular to a cross-domain multi-gatekeeper (GK) direct routing call mode, based on different security processing capabilities of the terminal and the gatekeeper, a dynamic negotiation public key system key exchange algorithm and a symmetric encryption key.
  • the key exchange algorithm implements an end-to-end communication session key negotiation method.
  • the shared or session key obtained by key exchange between H.323 endpoints on the network can signal RAS (Registration, Access and Status).
  • Call signaling, H.245 control signaling, etc. implement identity verification, signaling message integrity check, and security measures such as encryption/decryption of media data streams.
  • the shared or session key exchange method in the multi-gateway routing mode basically adopts pre-configuration and out-of-band methods such as telephone and E-Mail.
  • Direct Routing Call (DRC) mode is an important method for call setup in H.323 packet-based multimedia communication systems. Due to the DRC mode, it cannot be assumed that there is a pre-shared secret or session key between the two endpoints (the shared secret can be generated by a hash algorithm together with information such as the user ID, password, and random number), therefore, The methods used above are either difficult to deploy or unsafe to apply in practice.
  • DRC Direct Routing Call
  • the H.235 standard defines a communication security method based on the H.323 protocol set, including Diffie-Hellman (DH) public key cryptographic key exchange protocol. Random numbers generate shared secrets and are symmetric.
  • DH Diffie-Hellman
  • the key generation and exchange method for password protection does not propose a negotiation and key exchange technology for the end-to-end key method of cross-domain multi-gatekeeper. It also does not consider how to fully utilize the processing capabilities of endpoints and gatekeepers, and how to have different key negotiation capabilities. Dynamically negotiate a cryptographic method that both parties support.
  • the technical problem to be solved by the present invention is to provide an inter-domain multi-network omitting end-to-end session key negotiation method, which overcomes the current cross-domain multi-network omni-directional end-to-end call mode, and the key negotiation method is based on pre-configuration.
  • the efficiency is not high, and the interconnection is poor.
  • the present invention provides a cross-domain multi-gateway end-to-end session key negotiation method, in which the primary and the called endpoints are in different gatekeeper management domains, including the following steps:
  • the calling endpoint Before using the direct route to call the called endpoint, the calling endpoint generates an access request message and sends it to the gatekeeper to which it belongs to perform security policy negotiation, and the gatekeeper is the calling gatekeeper;
  • the calling gatekeeper After receiving the access request message, the calling gatekeeper initiates a location request message to the called gatekeeper to query the called endpoint address and forward the key negotiation method of the calling endpoint;
  • the called gatekeeper After receiving the location request message, the called gatekeeper determines a method for generating a session key according to whether the calling endpoint and the called gatekeeper support the DH key exchange algorithm and the security policy, and generates a method according to the method.
  • the shared secret is placed in the location confirmation message for communication between the calling endpoint and the called endpoint, and the location confirmation message is sent to the calling gatekeeper for further key agreement;
  • the calling gatekeeper receives After the location confirmation message is obtained, the shared secret used for the calling endpoint is decrypted according to the determined method for generating the session key, and then the shared secret is directly encrypted or forwarded to the calling endpoint, and the connection is generated accordingly.
  • the incoming confirmation message is sent to the calling endpoint, where the shared secret for the called endpoint is copied in the location confirmation message;
  • the calling endpoint After receiving the access confirmation message, the calling endpoint extracts the secret shared with the called endpoint according to the determined key negotiation method, completes the key negotiation, and obtains the session key.
  • the method for generating a session key may include:
  • the session key is generated by the calling gatekeeper and the called gatekeeper using a DH key exchange algorithm; or (c) the session key is generated by the calling endpoint and the called gatekeeper using a DH key exchange algorithm.
  • the access request message, the location request message, the location confirmation message, and the access acknowledgement message may all include a plaintext token, and the caller endpoint, the master is represented by different values of the algorithm object identifier in the plaintext token. Whether the gatekeeper or the called gatekeeper supports the DH key exchange algorithm, or It is used to indicate that the plaintext token contains a shared secret and is used by the calling endpoint or the called endpoint.
  • the calling endpoint may place its D-H public key in the D-H public key field in the plaintext token, and may set a value indicating that the algorithm object identifier supports the D-H key exchange algorithm. Based on:
  • the plaintext token of the access request message sent by the calling endpoint may be copied to the location request message. in. Based on:
  • the calling endpoint selects to use the DH key exchange algorithm, and the security policy of the called gatekeeper allows the DH key exchange algorithm to be used, and the DH public key generated by the called gatekeeper can be used and located.
  • the DH key exchange algorithm is used to calculate the shared secret and the two plaintext tokens respectively used for the calling gatekeeper and the called endpoint, and placed in the location confirmation message.
  • the calling gatekeeper checks to receive the location confirmation message. If the calling endpoint and the called gatekeeper use the DH key exchange algorithm to generate the session key, all the plaintexts in the location confirmation message may be obtained. The token is copied into the access confirmation message. Based on:
  • the access confirmation message received by the calling endpoint can obtain the DH public key of the called party from the plaintext token of the access confirmation message, and is used together with the DH public key saved by the calling endpoint.
  • the DH key exchange algorithm calculates the shared secret and obtains the session key.
  • the called gatekeeper can generate a shared secret with the calling gatekeeper and the called endpoint respectively, and then encrypt the shared secret correspondingly.
  • the post-encryption parameters are respectively placed in the plaintext tokens of the calling gatekeeper and the called endpoint for the location confirmation message.
  • the calling gatekeeper may decrypt the shared secret from the location confirmation message, and then encrypt the shared secret, and set the encryption result and the encryption parameter to the access confirmation message.
  • the plaintext token of the calling endpoint the plaintext token used for the called endpoint in the location confirmation message is simultaneously copied into the access confirmation message.
  • the access confirmation message received by the calling endpoint may be based on the encryption parameter of the plaintext token used by the calling endpoint in the access confirmation message, and the calling endpoint and the calling gatekeeper.
  • the shared key decrypts the plaintext token in the access confirmation message to obtain a shared secret, thereby obtaining a session key.
  • the method of the invention improves the efficiency of the key exchange, reduces the processing load of the delay and the gatekeeper, and increases the flexibility of the terminal interconnection and intercommunication of different security capabilities in the process of implementing the secure communication.
  • the safety technology adopted by the method of the present invention is compatible with existing standards, and the arrangement of the safety system is relatively simple.
  • Figure 1 shows a multi-gatekeeper direct route call mode scenario
  • FIG. 2 is a flow chart of steps of an embodiment of a method according to the present invention.
  • FIG. 3 is a negotiation flowchart of an application example of the method of the present invention. Preferred embodiment of the invention
  • the direct routing mode of the H.323 system cross-domain multi-gatekeeper management scope is adopted, and the host/called endpoints are respectively registered on different master/called gatekeepers, and the communication process is without security.
  • the guaranteed IP network is used, and the used scenario is shown in Figure 1.
  • Figure 1 is a communication scenario diagram in a multi-gateway direct routing mode.
  • the gatekeeper cloud in the figure includes one or more gatekeepers, and the endpoints can be connected to the same or different gatekeepers.
  • the gatekeeper does not participate in H.225.0 call control signaling, and therefore does not perform signaling tunneling in H.225.0. Thus, the gatekeeper does not affect the tunnel between the two endpoints supporting the signaling tunnel.
  • the H.245 Control Channel can only be connected directly between endpoints.
  • Real-time Data Streaming Protocol is implemented based on the H.245 Control Channel.
  • the endpoint exchanges access messages with the gatekeeper, then exchanges call signaling on the call signaling channel, followed by the establishment of the H.245 control channel.
  • the gatekeeper's response to the access message determines whether the direct routed call mode is used.
  • the endpoint can To specify preferences, but mode selection is not controlled by the endpoint.
  • the gatekeeper performs authentication and integrity check on all RAS messages of the management endpoint, and the endpoint also performs authentication and integrity check on the RAS message of the gatekeeper, so that the endpoint and the affiliated gatekeeper achieve mutual trust.
  • the gatekeeper and the gatekeeper in the intermediate network cloud also authenticate each other to avoid malicious attacks between the gatekeeper domains. Under the above conditions, the security of the RAS channel between H.323 endpoints can be guaranteed, and the security of call signaling can be realized based on this.
  • the present invention assumes that the calling endpoint EpA and the called endpoint EpB are in different GK administrative domains.
  • GK will securely generate or forward shared secrets between endpoints and endpoints, and complete security and integrity checks between hops and hops.
  • the present invention is divided into the following three types of key negotiation and exchange methods in the DRC security application scenario according to whether the D-H support capability and the priority security policy are supported:
  • the calling endpoint does not support the DH key negotiation process.
  • the application scenario generated by the called gatekeeper to generate the session key corresponds to For method 1, the priority is low.
  • Security application scenario 2 The calling endpoint does not support the Diffie-Hellman process.
  • the active/called GK supports and uses the D-H process to negotiate the session key.
  • the corresponding scenario is Method 2, Priority.
  • the calling endpoint supports the D-H process.
  • the calling endpoint and the called GK use the D-H process to negotiate the session key.
  • the corresponding method is Method 3, and the priority is high.
  • Step 210 Before using the DRC to call the called endpoint, the calling endpoint sends an ARQ message to the home gatekeeper, that is, the calling gatekeeper, which includes the method that is expected to be used for key negotiation, which may be performed by the calling endpoint.
  • the home gatekeeper that is, the calling gatekeeper
  • Step 220 After receiving the ARQ message, the calling gatekeeper determines, according to the target information of the called endpoint, that the called endpoint is an endpoint in the administrative domain that is not under its jurisdiction, and the gatekeeper of the called endpoint is called the gatekeeper.
  • An LRQ message is initiated to query the called endpoint address.
  • the calling network The keeper chooses an optimal key negotiation method (method 1, method 2 or method 3) for the calling endpoint according to its own security capabilities or security policies, and the method that the calling endpoint desires.
  • Step 230 After receiving the LRQ message, the called gatekeeper determines, according to the method desired by the calling endpoint indicated in the LRQ message, the method that the calling gatekeeper can satisfy, according to its own security capability or security policy. Which key negotiation method to use.
  • the shared secrets generated by the selected method are placed in two separate ClearTokens (clear text tokens) in the LCF message returned to the calling gatekeeper, respectively, for the communication security behind the calling and called endpoints.
  • the shared secrets in these two ClearTokens are protected by the existing security encryption mechanism (symmetric or asymmetric) between the gatekeeper-gatekeeper and the gatekeeper-endpoint to prevent leakage of the delivery process.
  • Step 240 After receiving the LCF message, the calling gatekeeper determines the negotiated key negotiation method (method 1, method 2 or method 3), and then generates an ACF message to be sent to the calling endpoint. In the ACF message, it is determined according to the method used whether to decrypt the shared secret and then encrypt the forwarding or directly forward the shared secret. At the same time, the ClearToken for the called endpoint in the LCF message is copied and placed in the ACF message.
  • the negotiated key negotiation method method 1, method 2 or method 3
  • Step 250 After receiving the ACF message, the calling endpoint extracts the secret shared by the called endpoint according to the method given by the dynamic negotiation.
  • the calling gatekeeper and the called gatekeeper have 8 states of DH capability, according to different security capabilities, priority Level and other security policies dynamically negotiate key generation and exchange methods that are consistently supported between the gatekeeper and the gatekeeper or terminal and gatekeeper.
  • the communication parties can negotiate a trusted dynamic session key, which is cryptographically bundled with call authentication, including the session key refresh requirement in the call control channel.
  • this application example mainly includes the following stages:
  • the calling endpoint EpA sends an ARQ message to the home gatekeeper GkG before calling the called endpoint EpB using the direct routed call mode.
  • the ARQ message includes an independent plaintext token ClearToken, which is assumed to be CTa, where tokenOID (algorithm object identifier)
  • tokenOID algorithm object identifier
  • different values are taken, which can be set by the user according to the capabilities and security policies of EpA.
  • EpA hopes to use DH key exchange algorithm to negotiate secret and secret with the called gatekeeper. Then put its DH public key in the dhkey (DH public key) field of ClearToken, and set a correlation to tokenOID. Identifies "14" and other fields are not used.
  • GkG After receiving the ARQ message sent by EpA, GkG determines that the called endpoint does not belong to the same administrative domain as the calling endpoint, and initiates an LRQ message to query GkH for the address of EpB. GkG generates the LRQ message using Method 3 according to its own security capability or security policy, and the tokenOID of the ClearToken in the ARQ message is "14". The LRQ message contains the ClearToken copied from the ARQ message.
  • the called gatekeeper GkH After receiving the LRQ message, the called gatekeeper GkH identifies the common key negotiation mode (method 1, 2 or 3) supported by EpA and EpB, and can determine the commonly supported key negotiation algorithm according to the tokenOID of the included ClearToken. Based on the defined priority order, different key agreement processes are performed to generate a call-based shared secret (based on the shared secret, which generates a session key when communicating later) Kab and two separate ClearTokens. These two separate ClearTokens, one for the calling gatekeeper GkG, assumed to be called CTg, and the other for the called endpoint EpB, assumed to be called CTb, this Kab will then be pushed to each by using CTg and CTb GkG and EpB.
  • the specific practices for returning LCF messages for different methods are as follows:
  • GkH generates the desired D-H public key, which is used together with the public key obtained from the LRQ message.
  • the D-H algorithm calculates the shared secret Kab, and then generates CTb, which can be set to "12". Finally, GkH generates an LCF message containing CTb and another independent ClearToken (the tokenOID can be set to "14") CTg, which has the desired D-H public key set.
  • the tokenOID of the ClearToken in the LCF message received by GkG is "14", then GkG generates an ACF message containing all ClearTokens copied from the LCF message (corresponding to Figure 3, labeled 2-3).
  • EpA After receiving the ACF message, EpA checks that the tokenOID of the independent ClearToken in the message is "14", and determines that the calling endpoint and the called gatekeeper use the D-H dense copper.
  • the exchange algorithm generates the session key, and uses the D-H algorithm to calculate the session key. The practice is:
  • the D-H public key of the called party is obtained from the ClearToken, and the shared secret Kab is calculated by using the D-H algorithm together with the D-H public key saved by itself, and the session key can be calculated.
  • CTa is directly extracted, and the key EKag is derived according to the encryption parameter in CTa and its shared key Kag with GkG, and then EKag is used to decrypt the key.
  • CTa.h235Key.secureSharedSecret gets the shared secret and the secret Kab, which can be used to calculate the session key.
  • EpA creates a Setup message, copies the CTb in the ACF message to the Setup message, and then uses the session key to set the authentication information of Appendix B/Appendix F of H235V3 to complete the authentication during the call process of the user.
  • EpA sends a call setup request message Setup directly to EpB.
  • EpB After receiving the Setup message, EpB extracts CTb and based on the information in CTb and EpB and GkH.
  • the shared key Kbh exports the key EKbh, and then uses EKbh to decrypt CTb.h235Key.secureSharedSecret. encr ptedSession ey to get the shared secret and secret Kab; at this time, EpB can use Kab to authenticate the Setup and subsequent call signaling messages. .
  • GkH does not support the DH algorithm or the security policy does not allow the use of the DH key exchange algorithm, and the GkH may use the called gatekeeper to generate the session key and generate the LCF message, still referring to the figure. 3, the process is as follows:
  • GkH randomly generates Kab.
  • GkH generates a random challenge and derives a key, such as EKgh, with a pre-configured shared key Kgh and challenge with GkG and a previously configured key derivation algorithm.
  • GkH encrypts Kab with EKgh to get a shared secret, such as EKAbl, and sets EKAbl and encryption parameters (encryption algorithm and encryption initialization vector) to the CTg.li235Key.secureSharedSecret field of the LCF message.
  • EKAbl shared secret
  • EKAbl encryption parameters
  • GkH uses a similar process to generate another ClearToken, setting the tokenOID to "12", called CTb.
  • GkH generates an LCF message (marked 4 in Figure 3) containing CTg and CTb.
  • the GkG after receiving the LCF message, the GkG checks that the tokenOID of the CTg in the message is "10" (corresponding to the case of the flag 4 in FIG. 3, the called gatekeeper does not support the return of the DH.
  • GkG can derive the key Ekgh through the challenge, IV (initial vector) and the specified key derivation algorithm in CTg. Ekgh can also be derived by other security mechanisms.
  • GkG decrypts EKabl with EKgh. Kab; Finally, CTa is generated, and the tokenOID is set to " ⁇ .
  • the CTa is generated as follows: First, GkG derives the key EKag using the challenge between the shared secrets Kag and CTg between GkG and EpA and the specified key derivation algorithm. Then, GkG encrypts Kab with EKag to get EKabl, and sets EKabl and encryption parameters (encryption algorithm and initialization vector used for encryption) together into a separate CTa.h235Key.secureSharedSecret field. Finally, GkG generates an ACF message (corresponding to the case of Figure 5, Figure 5), which contains CTa and the CTb copied from the LCF message.
  • the method of the invention can improve the efficiency of key exchange, reduce the processing load of the delay and the gatekeeper, and increase the difference in the process of implementing the secure communication.
  • Security capability Terminal connectivity flexibility By dynamically adapting the security capabilities of the terminal and the gatekeeper, the method of the invention can improve the efficiency of key exchange, reduce the processing load of the delay and the gatekeeper, and increase the difference in the process of implementing the secure communication.
  • the terminal and the gatekeeper have the security capabilities and the supported application scenarios, and dynamically negotiate a mutual support.
  • the optimal key negotiation method (method 1, method 2 or method 3)
  • the shared secret generation and exchange between the endpoints is completed, a security relationship is established for subsequent call signaling, and signaling and data messages are prevented from being forged. Loss of integrity and possible loss of confidentiality.
  • the safety techniques employed in the method of the present invention are compatible with existing standards, and the arrangement of the safety system is relatively straightforward, and there is no need to assume any additional safety infrastructure methods.
  • large-scale H.323 multimedia communication systems such as global VoIP networks or national-wide video conferencing/visual telephone systems, in this multi-operator, across multiple management domains In the multi-gate DRC environment, the method provided by the present invention is more convenient and practical.
  • the method provided by the present invention is more convenient and practical.
  • the method of the present invention can also be applied to other multi-gateway call modes, such as partial/routing mode, direct/routing, routing/direct mode, and gatekeeper routing.

Abstract

A method for negotiating the session secret key between the endpoint across multiple gatekeeper zones aims to overcome the shortcoming of the low efficiency of negotiating the secret key across multiple gatekeeper zones in endpoint to endpoint calling mode, in which the calling endpoint and called endpoint are located in different gatekeeper management zones. According to the ability of the calling terminal, calling gatekeeper and the called gatekeeper for supporting D-H, the generation and the secret key exchange method which is supported between the gatekeeper and gatekeeper or between the terminal and the gatekeeper consistently, is negotiated dynamically, which increases the efficiency of the secret key exchange, reduces the delay and process load of the gatekeeper, and meanwhile, improves the flexibility of the interconnection and the interworking between the terminals with different secure abilities during the secure communication procedure.

Description

一种跨域多网守端到端会话密钥协商方法  Cross-domain multi-network keeper end-to-end session key negotiation method
技术领域 Technical field
本发明涉及分组网络通信安全领域, 尤其涉及一种跨域多网守 (GK ) 直接路由呼叫模式下,基于终端与网守不同安全处理能力, 动态协商公钥体 制密钥交换算法及对称加密密钥交换算法,实现端到端通信会话密钥协商方 法。 背景技术  The invention relates to the field of packet network communication security, in particular to a cross-domain multi-gatekeeper (GK) direct routing call mode, based on different security processing capabilities of the terminal and the gatekeeper, a dynamic negotiation public key system key exchange algorithm and a symmetric encryption key. The key exchange algorithm implements an end-to-end communication session key negotiation method. Background technique
在基于分组网络通信安全领域, 密钥是最为重要的, 在网络上 H.323 端点之间通过密钥交换所得到的共享或会话密钥可以对 RAS (注册、 接入 与状态)信令、 呼叫信令、 H.245控制信令等实施身份证实, 信令消息完整 性检查以及对媒体数据流进行加 /解密等安全措施。 目前, 多网守路由模式下共享或会话密钥交换方法,基本采用的是预配 置以及电话、 E-Mail等带外方法。  In the field of packet-based network communication security, the key is the most important. The shared or session key obtained by key exchange between H.323 endpoints on the network can signal RAS (Registration, Access and Status). Call signaling, H.245 control signaling, etc. implement identity verification, signaling message integrity check, and security measures such as encryption/decryption of media data streams. At present, the shared or session key exchange method in the multi-gateway routing mode basically adopts pre-configuration and out-of-band methods such as telephone and E-Mail.
直接路由呼叫 (以下简称 DRC )模式是 H.323基于分组的多媒体通信 系统中呼叫建立的一个重要方法。 由于 DRC模式下, 不能假定二个端点之 间的拥有一个预共享秘密或会话密钥(共享秘密与用户标识、 口令及随机数 等信息一起, 通过散列算法可生成会话密钥), 因此, 以上所使用方法要么 难于布署, 要么不安全而无法在实际中应用。  Direct Routing Call (DRC) mode is an important method for call setup in H.323 packet-based multimedia communication systems. Due to the DRC mode, it cannot be assumed that there is a pre-shared secret or session key between the two endpoints (the shared secret can be generated by a hash algorithm together with information such as the user ID, password, and random number), therefore, The methods used above are either difficult to deploy or unsafe to apply in practice.
H.235 标准定义了一种基于 H.323 协议集, 实现通信安全方法, 包括 Diffie-Hellman (迪福-海尔曼, 简称 D-H )公钥密码密钥交换协议, 随机数 生成共享秘密并由对称密码进行加密保护的密钥生成与交换方法。但并没有 提出一种跨域多网守的端到端密钥方法的协商及密钥交换技术,也没有考虑 到充分利用端点与网守的处理能力,及具有不同密钥协商能力的终端如何动 态协商出一种双方都支持的密码方法。特别是在 H.323多网守环境直接路由 呼叫模式下, 现存终端设备具备多种建立会话密钥方法, 而通信的二端点之 间又不可能事先预配置, 给互联互通通信安全带来困难。 发明内容 The H.235 standard defines a communication security method based on the H.323 protocol set, including Diffie-Hellman (DH) public key cryptographic key exchange protocol. Random numbers generate shared secrets and are symmetric. The key generation and exchange method for password protection. However, it does not propose a negotiation and key exchange technology for the end-to-end key method of cross-domain multi-gatekeeper. It also does not consider how to fully utilize the processing capabilities of endpoints and gatekeepers, and how to have different key negotiation capabilities. Dynamically negotiate a cryptographic method that both parties support. Especially in the direct routing mode of H.323 multi-gatekeeper environment, existing terminal devices have multiple methods for establishing session keys, and it is impossible to pre-configure the two endpoints of communication, which brings difficulties to the security of interconnection communication. . Summary of the invention
本发明要解决的技术问题就是提供一种跨域多网守端到端会话密钥协 商方法,克服目前跨域多网守端到端呼叫模式下, 密钥协商方法是基于预先 配置而带来的效率不高, 互联互通性差的限制。  The technical problem to be solved by the present invention is to provide an inter-domain multi-network omitting end-to-end session key negotiation method, which overcomes the current cross-domain multi-network omni-directional end-to-end call mode, and the key negotiation method is based on pre-configuration. The efficiency is not high, and the interconnection is poor.
为了解决上述技术问题,本发明提供一种跨域多网守端到端会话密钥协 商方法, 主、 被叫端点处于不同的网守管理域, 包括如下步驟:  In order to solve the above technical problem, the present invention provides a cross-domain multi-gateway end-to-end session key negotiation method, in which the primary and the called endpoints are in different gatekeeper management domains, including the following steps:
( 1 )在使用直接路由呼叫被叫端点之前, 主叫端点生成接入请求消息 发送给其所归属的网守进行安全策略协商, 该网守为主叫网守;  (1) Before using the direct route to call the called endpoint, the calling endpoint generates an access request message and sends it to the gatekeeper to which it belongs to perform security policy negotiation, and the gatekeeper is the calling gatekeeper;
( 2 )主叫网守收到接入请求消息后, 向被叫网守发起定位请求消息, 以查询被叫端点地址, 同时转发主叫端点的密钥协商方法;  (2) After receiving the access request message, the calling gatekeeper initiates a location request message to the called gatekeeper to query the called endpoint address and forward the key negotiation method of the calling endpoint;
( 3 ) 被叫网守收到定位请求消息后,根据主叫端点以及被叫网守是否 支持 D-H密钥交换算法和安全策略的信息, 确定生成会话密钥的方法, 并 将根据该方法生成的共享秘密放入定位确认消息中,用于主叫端点与被叫端 点之间的通信, 将定位确认消息发送给主叫网守, 进行进一步密钥协商; ( 4 )主叫网守收到定位确认消息后, 才艮据已确定的生成会话密钥的方 法,对用于主叫端点的共享秘密进行解密, 然后再加密转发或是直接转发该 共享秘密给主叫端点,据此生成接入确认消息发送给主叫端点, 该接入确认 消息中复制了定位确认消息中用于被叫端点的共享秘密;  (3) After receiving the location request message, the called gatekeeper determines a method for generating a session key according to whether the calling endpoint and the called gatekeeper support the DH key exchange algorithm and the security policy, and generates a method according to the method. The shared secret is placed in the location confirmation message for communication between the calling endpoint and the called endpoint, and the location confirmation message is sent to the calling gatekeeper for further key agreement; (4) the calling gatekeeper receives After the location confirmation message is obtained, the shared secret used for the calling endpoint is decrypted according to the determined method for generating the session key, and then the shared secret is directly encrypted or forwarded to the calling endpoint, and the connection is generated accordingly. The incoming confirmation message is sent to the calling endpoint, where the shared secret for the called endpoint is copied in the location confirmation message;
( 5 )主叫端点收到接入确认消息后, 根据已确定的密钥协商方法, 提 取与被叫端点所共享的秘密, 完成密钥协商, 得到会话密钥。  (5) After receiving the access confirmation message, the calling endpoint extracts the secret shared with the called endpoint according to the determined key negotiation method, completes the key negotiation, and obtains the session key.
上述方法中, 生成会话密钥的方法可以包括:  In the foregoing method, the method for generating a session key may include:
( a ) 由被叫网守产生共享秘密, 主叫网守及主叫端点根据该共享秘密 生成会话密钥;  (a) generating a shared secret by the called gatekeeper, the calling gatekeeper and the calling endpoint generating a session key according to the shared secret;
( b ) 由主叫网守与被叫网守使用 D-H密钥交换算法生成会话密钥; 或 ( c ) 由主叫端点与被叫网守使用 D-H密钥交换算法生成会话密钥。 进一步地, 所述接入请求消息、 定位请求消息、 定位确认消息及接入确 认消息均可以包含明文令牌 ,利用明文令牌中的算法对象标识符的不同取值 来表示主叫端点、 主叫网守、 被叫网守是否支持 D-H密钥交换算法, 或者 用于表示该明文令牌包含共享秘密, 交给主叫端点或被叫端点使用。 (b) The session key is generated by the calling gatekeeper and the called gatekeeper using a DH key exchange algorithm; or (c) the session key is generated by the calling endpoint and the called gatekeeper using a DH key exchange algorithm. Further, the access request message, the location request message, the location confirmation message, and the access acknowledgement message may all include a plaintext token, and the caller endpoint, the master is represented by different values of the algorithm object identifier in the plaintext token. Whether the gatekeeper or the called gatekeeper supports the DH key exchange algorithm, or It is used to indicate that the plaintext token contains a shared secret and is used by the calling endpoint or the called endpoint.
更进一步地:  go a step further:
所述步骤(1 ) 中, 主叫端点可以将其 D-H公钥放在明文令牌中的 D-H 公钥域中, 并可以对算法对象标识符设定一个表示支持 D-H密钥交换算法 的值。 基于此:  In the step (1), the calling endpoint may place its D-H public key in the D-H public key field in the plaintext token, and may set a value indicating that the algorithm object identifier supports the D-H key exchange algorithm. Based on:
所述步骤(2 ) 中, 若由主叫端点与被叫网守使用 D-H密钥交换算法生 成会话密钥,则可以将主叫端点发送的接入请求消息的明文令牌复制到定位 请求消息中。 基于此:  In the step (2), if the calling endpoint and the called gatekeeper use the DH key exchange algorithm to generate the session key, the plaintext token of the access request message sent by the calling endpoint may be copied to the location request message. in. Based on:
所述步骤(3 ) 中, 主叫端点选择使用 D-H密钥交换算法, 且被叫网守 的安全策略允许使用 D-H密钥交换算法, 则被叫网守生成的 D-H公钥, 可 以与从定位请求消息中获取的公钥一起, 使用 D-H密钥交换算法计算出共 享秘密及分别用于主叫网守和被叫端点的两个明文令牌,放入定位确认消息 中。 基于此:  In the step (3), the calling endpoint selects to use the DH key exchange algorithm, and the security policy of the called gatekeeper allows the DH key exchange algorithm to be used, and the DH public key generated by the called gatekeeper can be used and located. Together with the public key obtained in the request message, the DH key exchange algorithm is used to calculate the shared secret and the two plaintext tokens respectively used for the calling gatekeeper and the called endpoint, and placed in the location confirmation message. Based on:
所述步骤(4 ) 中, 主叫网守检查收到定位确认消息, 若是由主叫端点 与被叫网守使用 D-H密钥交换算法生成会话密钥, 则可以将定位确认消息 中所有的明文令牌复制到接入确认消息中。 基于此:  In the step (4), the calling gatekeeper checks to receive the location confirmation message. If the calling endpoint and the called gatekeeper use the DH key exchange algorithm to generate the session key, all the plaintexts in the location confirmation message may be obtained. The token is copied into the access confirmation message. Based on:
所述步驟(5 ) 中, 主叫端点收到的接入确认消息, 可以从接入确认消 息的明文令牌中获得被叫方的 D-H公钥, 与主叫端点保存的 D-H公钥一同 使用 D-H密钥交换算法计算出共享秘密, 进而得到会话密钥。  In the step (5), the access confirmation message received by the calling endpoint can obtain the DH public key of the called party from the plaintext token of the access confirmation message, and is used together with the DH public key saved by the calling endpoint. The DH key exchange algorithm calculates the shared secret and obtains the session key.
或者更进一步地:  Or even further:
所述步骤(3 ) 中, 若被叫网守无法使用 D-H密钥交换算法, 则可以由 被叫网守分别与主叫网守和被叫端点产生共享秘密,然后对应地将该共享秘 密加密后与加密参数分别放入定位确认消息的用于主叫网守和被叫端点的 明文令牌中。 基于此:  In the step (3), if the called gatekeeper cannot use the DH key exchange algorithm, the called gatekeeper can generate a shared secret with the calling gatekeeper and the called endpoint respectively, and then encrypt the shared secret correspondingly. The post-encryption parameters are respectively placed in the plaintext tokens of the calling gatekeeper and the called endpoint for the location confirmation message. Based on:
所述步骤(4 ) 中, 主叫网守收到定位确认消息后, 可以从定位确认消 息中解密得到共享秘密, 然后对共享秘密加密, 将加密结果和加密参数设置 到接入确认消息的用于主叫端点的明文令牌中,同时将定位确认消息中用于 被叫端点的明文令牌复制到接入确认消息中。 基于此: 所述步骤(5 ) 中, 主叫端点收到的接入确认消息, 可以根据接入确认 消息中用于于主叫端点的明文令牌的加密参数,及主叫端点与主叫网守的共 享密钥, 解密接入确认消息中的明文令牌, 得到共享秘密, 进而得到会话密 钥。 In the step (4), after receiving the location confirmation message, the calling gatekeeper may decrypt the shared secret from the location confirmation message, and then encrypt the shared secret, and set the encryption result and the encryption parameter to the access confirmation message. In the plaintext token of the calling endpoint, the plaintext token used for the called endpoint in the location confirmation message is simultaneously copied into the access confirmation message. Based on: In the step (5), the access confirmation message received by the calling endpoint may be based on the encryption parameter of the plaintext token used by the calling endpoint in the access confirmation message, and the calling endpoint and the calling gatekeeper. The shared key decrypts the plaintext token in the access confirmation message to obtain a shared secret, thereby obtaining a session key.
本发明方法提高了密钥交换的效率, 减少了延时及网守的处理负荷, 同 时在实施安全通信过程中,增加了不同安全能力终端互联互通的灵活性。 另 夕卜, 本发明方法采用的安全技术与现有标准相容, 安全体系的布置也比较简 单。 附图概述  The method of the invention improves the efficiency of the key exchange, reduces the processing load of the delay and the gatekeeper, and increases the flexibility of the terminal interconnection and intercommunication of different security capabilities in the process of implementing the secure communication. In addition, the safety technology adopted by the method of the present invention is compatible with existing standards, and the arrangement of the safety system is relatively simple. BRIEF abstract
图 1为多网守直接路由呼叫模式场景;  Figure 1 shows a multi-gatekeeper direct route call mode scenario;
图 2为本发明方法实施例的步骤流程图;  2 is a flow chart of steps of an embodiment of a method according to the present invention;
图 3为本发明方法应用实例的协商流程图。 本发明的较佳实施方式  FIG. 3 is a negotiation flowchart of an application example of the method of the present invention. Preferred embodiment of the invention
下面结合附图及具体实施例对本发明进行详细说明。  The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments.
本发明实施例, 釆用 H.323系统跨域多网守管理范围的直接路由模式, 并假定主 /被叫端点分别注册在不同的主 /被叫网守上, 通讯过程是在没有安 全性保证的 IP网络上进行, 使用的场景如图 1所示。  In the embodiment of the present invention, the direct routing mode of the H.323 system cross-domain multi-gatekeeper management scope is adopted, and the host/called endpoints are respectively registered on different master/called gatekeepers, and the communication process is without security. The guaranteed IP network is used, and the used scenario is shown in Figure 1.
图 1为多网守直接路由模式下的通信场景图。图中的网守云包括一个或 多个网守, 端点可以连接到相同或不同的网守。 直接路由呼叫模型中, 网守 不参于 H.225.0呼叫控制信令, 因此不在 H.225.0中执行信令隧道。 这样, 网守不影响两个支持信令隧道的端点之间的隧道。 直接路由呼叫模型中, H.245控制信道只能直接在端点之间连接。 基于 H.245控制信道, 完成实时 数据流传输协议 ( RTP ) 。  Figure 1 is a communication scenario diagram in a multi-gateway direct routing mode. The gatekeeper cloud in the figure includes one or more gatekeepers, and the endpoints can be connected to the same or different gatekeepers. In the direct route call model, the gatekeeper does not participate in H.225.0 call control signaling, and therefore does not perform signaling tunneling in H.225.0. Thus, the gatekeeper does not affect the tunnel between the two endpoints supporting the signaling tunnel. In the direct routed call model, the H.245 Control Channel can only be connected directly between endpoints. Real-time Data Streaming Protocol (RTP) is implemented based on the H.245 Control Channel.
在图 1所示的通信场景中, 首先, 在 RAS信道上, 端点与网守交换接 入消息, 然后在呼叫信令信道上交换呼叫信令, 然后是 H.245控制信道的建 立。 网守对接入消息的响应决定了是否使用直接路由呼叫模式。 虽然端点可 以指定优选项, 但模式选择不受端点控制。 In the communication scenario shown in Figure 1, first, on the RAS channel, the endpoint exchanges access messages with the gatekeeper, then exchanges call signaling on the call signaling channel, followed by the establishment of the H.245 control channel. The gatekeeper's response to the access message determines whether the direct routed call mode is used. Although the endpoint can To specify preferences, but mode selection is not controlled by the endpoint.
本发明实施例中, 网守对其管理端点的所有 RAS消息进行认证与完整 性检查, 端点也对网守的 RAS消息进行认证与完整性检查, 从而使端点和 所属网守之间达到相互信任目的, 以便能检查出欺诈的实体, 并将被欺诈可 能性降到最小。 中间网云中网守与网守之间也进行相互鉴别,避免网守域间 的恶意攻击。 在上述条件下, 能够保证 H.323端点之间 RAS信道的安全性, 以此为基础可实现呼叫信令的安全性。  In the embodiment of the present invention, the gatekeeper performs authentication and integrity check on all RAS messages of the management endpoint, and the endpoint also performs authentication and integrity check on the RAS message of the gatekeeper, so that the endpoint and the affiliated gatekeeper achieve mutual trust. In order to be able to detect fraudulent entities and minimize the possibility of fraud. The gatekeeper and the gatekeeper in the intermediate network cloud also authenticate each other to avoid malicious attacks between the gatekeeper domains. Under the above conditions, the security of the RAS channel between H.323 endpoints can be guaranteed, and the security of call signaling can be realized based on this.
本发明假定主叫端点 EpA和被叫端点 EpB处于不同的 GK管理域。 密 钥协商过程中, GK将安全生成或转发含有端点-端点之间的共享秘密, 同时 可以完成跳-跳之间的安全认证与完整性检查。  The present invention assumes that the calling endpoint EpA and the called endpoint EpB are in different GK administrative domains. During the key negotiation process, GK will securely generate or forward shared secrets between endpoints and endpoints, and complete security and integrity checks between hops and hops.
才艮据端点与网守所具有的不同安全能力, 本发明按是否支持 D-H的支 持能力, 以及优先级安全策略划分为如下三种 DRC安全应用场景下密钥协 商与交换方法:  According to the different security capabilities of the endpoint and the gatekeeper, the present invention is divided into the following three types of key negotiation and exchange methods in the DRC security application scenario according to whether the D-H support capability and the priority security policy are supported:
安全应用场景 1: 主叫端点不支持 D-H密钥协商过程, 主叫网守 GkG、 被叫网守 GkH, 也不支持 D-H过程时, 则由被叫网守产生会话密钥的应用 场景, 对应为方法 1, 优先级低。  Security Application Scenario 1: The calling endpoint does not support the DH key negotiation process. When the calling gatekeeper GkG and the called gatekeeper GkH do not support the DH process, the application scenario generated by the called gatekeeper to generate the session key corresponds to For method 1, the priority is low.
安全应用场景 2: 主叫端点不支持 Diffie-Hellman过程, 主 /被叫 GK支 持并使用 D-H过程协商会话密钥的应用场景, 对应为方法 2, 优先级中。  Security application scenario 2: The calling endpoint does not support the Diffie-Hellman process. The active/called GK supports and uses the D-H process to negotiate the session key. The corresponding scenario is Method 2, Priority.
安全应用场景 3: 主叫端点支持 D-H过程, 主叫端点与被叫 GK使用 D-H过程协商会话密钥的方法, 对应为方法 3, 优先级高。  Security Application Scenario 3: The calling endpoint supports the D-H process. The calling endpoint and the called GK use the D-H process to negotiate the session key. The corresponding method is Method 3, and the priority is high.
如图 2所示, 下面基于 H.323网络的信令流程,说明本发明给出的动态 密钥协商步骤:  As shown in FIG. 2, the following describes the dynamic key negotiation procedure of the present invention based on the signaling flow of the H.323 network:
步骤 210, 在使用 DRC呼叫被叫端点之前, 主叫端点向其归属网守也 即主叫网守, 发送 ARQ消息, 其中包含期待采用哪一种方法来进行密钥协 商, 这可由主叫端点所具备的能力, 基于终端安全策略生成。  Step 210: Before using the DRC to call the called endpoint, the calling endpoint sends an ARQ message to the home gatekeeper, that is, the calling gatekeeper, which includes the method that is expected to be used for key negotiation, which may be performed by the calling endpoint. The ability to generate, based on the terminal security policy.
步骤 220, 主叫网守收到 ARQ消息后, 根据被叫端点的目标信息判断 出被叫端点是不属于自己所管辖的管理域内的端点,向被叫端点的网守也即 被叫网守, 发起 LRQ消息, 以查询被叫端点地址。 在 LRQ消息中, 主叫网 守根据自身安全能力或安全策略, 以及主叫端点希望的方法, 为主叫端点选 出一种最优的密钥协商方法(方法 1 , 方法 2或方法 3 ) 。 Step 220: After receiving the ARQ message, the calling gatekeeper determines, according to the target information of the called endpoint, that the called endpoint is an endpoint in the administrative domain that is not under its jurisdiction, and the gatekeeper of the called endpoint is called the gatekeeper. An LRQ message is initiated to query the called endpoint address. In the LRQ message, the calling network The keeper chooses an optimal key negotiation method (method 1, method 2 or method 3) for the calling endpoint according to its own security capabilities or security policies, and the method that the calling endpoint desires.
步驟 230, 收到 LRQ消息后, 被叫网守通过对 LRQ消息中所指示的主 叫端点所希望的方法, 主叫网守所能满足的方法,根据自己的安全能力或安 全策略来确定出使用哪种密钥协商方法。通过所选择方法产生的共享秘密分 别放入到返回给主叫网守的 LCF消息中的二个单独 ClearToken (明文令牌 ) 中, 分别用于主叫与被叫端点后面的通信安全所用。 在这二个 ClearToken 中的共享秘密, 要分别通过网守-网守、 网守-端点之间已有的安全加密机制 (对称或非对称)进行保护, 以防止传递过程的泄露。  Step 230: After receiving the LRQ message, the called gatekeeper determines, according to the method desired by the calling endpoint indicated in the LRQ message, the method that the calling gatekeeper can satisfy, according to its own security capability or security policy. Which key negotiation method to use. The shared secrets generated by the selected method are placed in two separate ClearTokens (clear text tokens) in the LCF message returned to the calling gatekeeper, respectively, for the communication security behind the calling and called endpoints. The shared secrets in these two ClearTokens are protected by the existing security encryption mechanism (symmetric or asymmetric) between the gatekeeper-gatekeeper and the gatekeeper-endpoint to prevent leakage of the delivery process.
步骤 240, 主叫网守收到 LCF消息后, 确定出已协商好的密钥协商方 法(方法 1 , 方法 2或方法 3 ) , 然后生成 ACF消息发送给主叫端点。 在该 ACF 消息中, 根据所采用的方法来确定出是否要对共享秘密进行解密然后 再加密转发还是直接转发该共享秘密。 同时复制 LCF消息中用于被叫端点 的 ClearToken, 放入该 ACF消息中。  Step 240: After receiving the LCF message, the calling gatekeeper determines the negotiated key negotiation method (method 1, method 2 or method 3), and then generates an ACF message to be sent to the calling endpoint. In the ACF message, it is determined according to the method used whether to decrypt the shared secret and then encrypt the forwarding or directly forward the shared secret. At the same time, the ClearToken for the called endpoint in the LCF message is copied and placed in the ACF message.
步骤 250, 主叫端点收到 ACF消息后, 根据动态协商所给出的方法, 提取与被叫端点所共享的秘密。  Step 250: After receiving the ACF message, the calling endpoint extracts the secret shared by the called endpoint according to the method given by the dynamic negotiation.
通过以上 ARQ消息, LRQ消息, LCF消息及 ACF消息信令流的顺序 执行流程, 依据主叫终端、 主叫网守与被叫网守是否具备 D-H能力的 8种 状态, 按照不同安全能力、 优先级及其它安全策略, 动态协商出了在网守与 网守或终端与网守之间一致支持的密钥生成与交换方法。  Through the above ARQ message, LRQ message, LCF message and ACF message signaling flow sequence execution process, according to the calling terminal, the calling gatekeeper and the called gatekeeper have 8 states of DH capability, according to different security capabilities, priority Level and other security policies dynamically negotiate key generation and exchange methods that are consistently supported between the gatekeeper and the gatekeeper or terminal and gatekeeper.
通过上述步骤, 通信双方 (端点)可协商出一个可信的动态会话密钥, 利用密码学将其与呼叫认证捆绑在一起,包括呼叫控制信道中会话密钥刷新 需求。  Through the above steps, the communication parties (endpoints) can negotiate a trusted dynamic session key, which is cryptographically bundled with call authentication, including the session key refresh requirement in the call control channel.
下面通过引用表 1中的符号来表示端点与网守的能力或二者组合,或者 用来区分主叫 /被叫端点所保存的共享秘密, 进一步采用应用实例, 来说明 本发明方法。  The following describes the method of the present invention by referring to the symbols in Table 1 to indicate the capability of the endpoint and the gatekeeper or a combination thereof, or to distinguish the shared secret held by the calling/called endpoint.
表 1、 端点与网守的能力表示符号 符号 表示的意义 Table 1, Endpoint and Gatekeeper Capability Representation Symbols Symbolic meaning
"10" 表明主叫网守或被叫网守不支持 D-H密钥交换算法  "10" indicates that the calling gatekeeper or called gatekeeper does not support the D-H key exchange algorithm.
"11" 交给主叫端点的独立 ClearToken中使用, 表明此 ClearToken中包含共享秘密 "11" is used in the independent ClearToken of the calling endpoint, indicating that this ClearToken contains a shared secret.
"12" 交给被叫端点的独立 ClearToken中使用, 表明此 ClearToken中包含共享秘密"12" is used in the independent ClearToken of the called endpoint, indicating that this ClearToken contains a shared secret.
"14" 表示主叫端点支持 D-H密钥交换算法, 被叫网守支持 D-H密钥交换算法 参见图 3, 本应用实例主要包括以下几个阶段: "14" indicates that the calling endpoint supports the D-H key exchange algorithm, and the called gatekeeper supports the D-H key exchange algorithm. Referring to Figure 3, this application example mainly includes the following stages:
( 1 ) ARQ ( Admission Request, 接入请求) 阶段:  (1) ARQ (Admission Request) stage:
主叫端点 EpA在使用直接路由呼叫模式呼叫被叫端点 EpB之前, EpA 向归属网守 GkG发送 ARQ消息, 该 ARQ消息中包含一个独立的明文令牌 ClearToken, 假设为 CTa, 其中 tokenOID (算法对象标识符)根据是否支持 D-H密钥交换算法而取不同的值, 这可由用户根据 EpA的能力与安全策略 来设定。 在本应用实例当中, EpA希望采用 D-H密钥交换算法与被叫网守 协商共享秘、密,则将其 D-H公钥放在 ClearToken的 dhkey ( D-H公钥)域中, 对 tokenOID设定一个相关标识 "14" , 其他字段不使用。  The calling endpoint EpA sends an ARQ message to the home gatekeeper GkG before calling the called endpoint EpB using the direct routed call mode. The ARQ message includes an independent plaintext token ClearToken, which is assumed to be CTa, where tokenOID (algorithm object identifier) Depending on whether the DH key exchange algorithm is supported, different values are taken, which can be set by the user according to the capabilities and security policies of EpA. In this application example, EpA hopes to use DH key exchange algorithm to negotiate secret and secret with the called gatekeeper. Then put its DH public key in the dhkey (DH public key) field of ClearToken, and set a correlation to tokenOID. Identifies "14" and other fields are not used.
( 2 ) LRQ ( Location Request, 定位请求 ) 阶段:  (2) LRQ (Location Request) stage:
GkG在收到 EpA发来的 ARQ消息后, 判断出被叫端点与主叫端点不 属于同一管理域, 发起 LRQ消息向 GkH查询 EpB的地址。 GkG根据自身 安全能力或安全策略,以及 ARQ消息中的 ClearToken的 tokenOID为 "14" , 生成采用方法 3 的 LRQ 消息。 LRQ 消息包含从 ARQ 消息复制过来的 ClearToken。  After receiving the ARQ message sent by EpA, GkG determines that the called endpoint does not belong to the same administrative domain as the calling endpoint, and initiates an LRQ message to query GkH for the address of EpB. GkG generates the LRQ message using Method 3 according to its own security capability or security policy, and the tokenOID of the ClearToken in the ARQ message is "14". The LRQ message contains the ClearToken copied from the ARQ message.
( 3 ) LCF ( Location Confirm, 定位确认) 阶段 ··  (3) LCF (Location Confirm) stage ··
被叫网守 GkH收到 LRQ消息后, 识别出 EpA与 EpB所支持的共同密 钥协商方式(方法 1、 2或 3 ) , 可以根据所含 ClearToken的 tokenOID, 确 定共同支持的密钥协商算法,基于所定义的优先级序,执行不同密钥协商过 程, 来生成基于呼叫的共享秘密(基于该共享秘密, 以后通信时生成会话密 钥) Kab与两个独立的 ClearToken。 这两个独立的 ClearToken, —个用于主 叫网守 GkG, 假定称为 CTg, 另一个用于被叫端点 EpB, 假定称为 CTb, 这个 Kab然后通过使用 CTg与 CTb, 将分别被推送到 GkG与 EpB。 返回不同方法的 LCF消息具体做法如下: After receiving the LRQ message, the called gatekeeper GkH identifies the common key negotiation mode (method 1, 2 or 3) supported by EpA and EpB, and can determine the commonly supported key negotiation algorithm according to the tokenOID of the included ClearToken. Based on the defined priority order, different key agreement processes are performed to generate a call-based shared secret (based on the shared secret, which generates a session key when communicating later) Kab and two separate ClearTokens. These two separate ClearTokens, one for the calling gatekeeper GkG, assumed to be called CTg, and the other for the called endpoint EpB, assumed to be called CTb, this Kab will then be pushed to each by using CTg and CTb GkG and EpB. The specific practices for returning LCF messages for different methods are as follows:
LRQ消息中 "14"表示期待 GkH也支持 D-H算法。在本应用实例当中, GkH的安全策略允许使用 D-H密钥交换算法,则 GkH开始与 EpA协商会话 密钥 (对应图 3标记②-③情形) , 具体过程是:  The "14" in the LRQ message indicates that GkH also supports the D-H algorithm. In this application example, GkH's security policy allows the use of the D-H key exchange algorithm, and GkH begins to negotiate the session key with EpA (corresponding to Figure 3, labeled 2-3). The specific process is:
GkH生成期望的 D-H公钥, 与从 LRQ消息中获取的公钥一起, 使用 GkH generates the desired D-H public key, which is used together with the public key obtained from the LRQ message.
D-H算法计算出共享秘密 Kab, 然后生成 CTb, tokenOID可设为 "12"表示。 最后, GkH生成 LCF消息,其中包含 CTb和另一个独立 ClearToken( tokenOID 可设为 "14" ) CTg, 其中有设置好期望的 D-H公钥。 The D-H algorithm calculates the shared secret Kab, and then generates CTb, which can be set to "12". Finally, GkH generates an LCF message containing CTb and another independent ClearToken (the tokenOID can be set to "14") CTg, which has the desired D-H public key set.
( 4 ) ACF ( Admissions ConFirmation, 接入确认) 阶段:  (4) ACF (Admissions ConFirmation) phase:
GkG收到的 LCF消息中 ClearToken的 tokenOID为 "14" , 则 GkG生 成 ACF消息, 其中包含从 LCF消息中复制过来的所有 ClearToken (对应图 3标记②-③情形) 。  The tokenOID of the ClearToken in the LCF message received by GkG is "14", then GkG generates an ACF message containing all ClearTokens copied from the LCF message (corresponding to Figure 3, labeled 2-3).
( 5 ) Setu 阶段:  (5) Setu stage:
EpA收到 ACF消息后,检验消息中独立 ClearToken的 tokenOID为 "14" , 则判定为主叫端点与被叫网守使用 D-H密铜.交换算法生成会话密钥, 利用 D-H算法计算会话密钥。 做法是:  After receiving the ACF message, EpA checks that the tokenOID of the independent ClearToken in the message is "14", and determines that the calling endpoint and the called gatekeeper use the D-H dense copper. The exchange algorithm generates the session key, and uses the D-H algorithm to calculate the session key. The practice is:
从 ClearToken中获得被叫方的 D-H公钥, 与自己保存的 D-H公钥一同 使用 D-H算法计算出共享秘密 Kab, 进而可以计算出会话密钥。  The D-H public key of the called party is obtained from the ClearToken, and the shared secret Kab is calculated by using the D-H algorithm together with the D-H public key saved by itself, and the session key can be calculated.
其它情况则直接提取 CTa, 并根据 CTa中的加密参数和其与 GkG的共 享 密 钥 Kag 导 出 密 钥 EKag , 然 后 使 用 EKag 解 密 In other cases, CTa is directly extracted, and the key EKag is derived according to the encryption parameter in CTa and its shared key Kag with GkG, and then EKag is used to decrypt the key.
CTa.h235Key.secureSharedSecret. encryptedSessionKey得到共享秘、密 Kab,进 而可以计算出会话密钥。 计算出会话密钥后, EpA创建 Setup消息,把 ACF消息中的 CTb复制 到 Setup消息中,然后利用会话密钥设置 H235V3附录 D/附录 F的鉴权信息, 完成用户的呼叫过程中的认证。 EpA 直接向 EpB发出呼叫建立请求消息 Setup。 CTa.h235Key.secureSharedSecret. The encryptedSessionKey gets the shared secret and the secret Kab, which can be used to calculate the session key. After calculating the session key, EpA creates a Setup message, copies the CTb in the ACF message to the Setup message, and then uses the session key to set the authentication information of Appendix B/Appendix F of H235V3 to complete the authentication during the call process of the user. EpA sends a call setup request message Setup directly to EpB.
( 6 )后面的呼叫信令设置阶段:  (6) The following call signaling setup phase:
EpB收到 Setup消息后, 提取 CTb, 并根据 CTb中信息和 EpB与 GkH 的 共 享 密钥 Kbh 导 出 密钥 EKbh , 然后使用 EKbh 解 密 CTb.h235Key.secureSharedSecret. encr ptedSession ey得到共享秘、密 Kab;此 时, EpB就可以使用 Kab对 Setup及后续的呼叫信令消息进行鉴权。 After receiving the Setup message, EpB extracts CTb and based on the information in CTb and EpB and GkH. The shared key Kbh exports the key EKbh, and then uses EKbh to decrypt CTb.h235Key.secureSharedSecret. encr ptedSession ey to get the shared secret and secret Kab; at this time, EpB can use Kab to authenticate the Setup and subsequent call signaling messages. .
上述 LCF阶段, 在本发明的另一个应用实例当中, GkH不支持 D-H算 法或安全策略不允许使用 D-H密钥交换算法, GkH可采用被叫网守产生会 话密钥并生成 LCF消息, 仍然参考图 3, 过程如下:  In the above LCF stage, in another application example of the present invention, GkH does not support the DH algorithm or the security policy does not allow the use of the DH key exchange algorithm, and the GkH may use the called gatekeeper to generate the session key and generate the LCF message, still referring to the figure. 3, the process is as follows:
GkH随机产生 Kab。 为了加密 Kab, 首先, GkH产生随机的 challenge (挑战), 并用和 GkG之间预先配置的的共享密钥 Kgh和 challenge以及事 先配置的密钥推导算法导出一个密钥, 如设为 EKgh。 然后, GkH用 EKgh 加密 Kab得到一共享秘密, 如设定为 EKabl , 并把 EKabl和加密参数(加 密算法和加密用初始化向量) 一起, 设置到 LCF 消息的 CTg.li235Key. secureSharedSecret字段中, 具体细节可参考 H.235附录 I, 并设置 CTg的 tokenOID为 "10" 。 同时, GkH使用类似的过程产生另一个 ClearToken, 设置 tokenOID为 "12" , 称为 CTb。 最后, GkH生成 LCF消息(图 3标记 ④) , 其中包含 CTg和 CTb。  GkH randomly generates Kab. To encrypt Kab, first, GkH generates a random challenge and derives a key, such as EKgh, with a pre-configured shared key Kgh and challenge with GkG and a previously configured key derivation algorithm. Then, GkH encrypts Kab with EKgh to get a shared secret, such as EKAbl, and sets EKAbl and encryption parameters (encryption algorithm and encryption initialization vector) to the CTg.li235Key.secureSharedSecret field of the LCF message. Refer to H.235 Appendix I and set the tokenOID of CTg to "10". At the same time, GkH uses a similar process to generate another ClearToken, setting the tokenOID to "12", called CTb. Finally, GkH generates an LCF message (marked 4 in Figure 3) containing CTg and CTb.
对应地, 在本另一个应用实例中的 ACF阶段, GkG收到 LCF消息后 , 检验消息中的 CTg的 tokenOID为 "10" (对应图 3标记④的情形, 被叫网 守不支持 D-H所返回的标志) 时, 首先, GkG可通过 CTg中的 challenge、 IV (初始向量)以及指定的密钥导出算法导出密钥 Ekgh, Ekgh也可通过其 它安全机制来导出; 然后, GkG用 EKgh解密 EKabl得到 Kab; 最后产生 CTa, 其内 tokenOID设为 "Ι 。  Correspondingly, in the ACF stage in the other application example, after receiving the LCF message, the GkG checks that the tokenOID of the CTg in the message is "10" (corresponding to the case of the flag 4 in FIG. 3, the called gatekeeper does not support the return of the DH. First, GkG can derive the key Ekgh through the challenge, IV (initial vector) and the specified key derivation algorithm in CTg. Ekgh can also be derived by other security mechanisms. Then, GkG decrypts EKabl with EKgh. Kab; Finally, CTa is generated, and the tokenOID is set to "Ι.
CTa的生成做法如下: 首先, GkG用 GkG和 EpA之间的共享秘密 Kag 和 CTg内的 challenge以及指定的密钥导出算法导出密钥 EKag。然后, GkG 用 EKag加密 Kab得到 EKabl , 并把 EKabl和加密参数 (加密算法和加密 用到的初始化向量 ) 一起, 设置到一个独立的 CTa.h235Key. secureSharedSecret字段中。 最后, GkG生成 ACF消息(对应图 3标记⑤的 情形) , 其中包含 CTa和从 LCF消息复制过来的 CTb。  The CTa is generated as follows: First, GkG derives the key EKag using the challenge between the shared secrets Kag and CTg between GkG and EpA and the specified key derivation algorithm. Then, GkG encrypts Kab with EKag to get EKabl, and sets EKabl and encryption parameters (encryption algorithm and initialization vector used for encryption) together into a separate CTa.h235Key.secureSharedSecret field. Finally, GkG generates an ACF message (corresponding to the case of Figure 5, Figure 5), which contains CTa and the CTb copied from the LCF message.
本发明方法通过动态适配终端与网守的安全能力,可提高密钥交换的效 率, 减少延时及网守的处理负荷, 同时在实施安全通信过程中, 增加了不同 安全能力终端互联互通的灵活性。 By dynamically adapting the security capabilities of the terminal and the gatekeeper, the method of the invention can improve the efficiency of key exchange, reduce the processing load of the delay and the gatekeeper, and increase the difference in the process of implementing the secure communication. Security capability Terminal connectivity flexibility.
在本发明方法,基于 H.323标准协议中的 ARQ/ACF, LRQ/LCF信令执 行流程,利用终端与网守所具备的安全能力及所支持的应用场景,动态协商 出一种双方都支持并且为最优的密钥协商方法(方法 1 , 方法 2或方法 3 ) , 完成端点之间的共享秘密生成与交换, 为后续的呼叫信令建立起安全关系, 防止信令及数据消息被伪造、 完整性丟失及可能的机密性丢失。  In the method of the present invention, based on the ARQ/ACF and LRQ/LCF signaling execution flow in the H.323 standard protocol, the terminal and the gatekeeper have the security capabilities and the supported application scenarios, and dynamically negotiate a mutual support. And for the optimal key negotiation method (method 1, method 2 or method 3), the shared secret generation and exchange between the endpoints is completed, a security relationship is established for subsequent call signaling, and signaling and data messages are prevented from being forged. Loss of integrity and possible loss of confidentiality.
本发明方法采用的安全技术与现有标准相容,安全体系的布置也比较筒 单, 并且不需要假定任何附加的安全基础设施方法。 随着大规模 H.323多媒 体通信系统的布署与应用, 如全球范围的 VoIP网或国家范围面向公众的视 频会议 /可视电话系统等, 在这种多运营商、 跨多个管理域分层多网守 DRC 环境下, 使用本发明提供的方法更为方便实用。  The safety techniques employed in the method of the present invention are compatible with existing standards, and the arrangement of the safety system is relatively straightforward, and there is no need to assume any additional safety infrastructure methods. With the deployment and application of large-scale H.323 multimedia communication systems, such as global VoIP networks or national-wide video conferencing/visual telephone systems, in this multi-operator, across multiple management domains In the multi-gate DRC environment, the method provided by the present invention is more convenient and practical.
工业实用性 Industrial applicability
随着大规模 H.323多媒体通信系统的布署与应用, 如全球范围的 VoIP 网或国家范围面向公众的视频会议 /可视电话系统等, 在这种多运营商、 跨 多个管理域分层多网守 DRC环境下,使用本发明提供的方法更为方便实用。 本发明方法也可以应用到其它多网守呼叫模式, 如部分 /路由方式, 直接 /路 由, 路由 /直接方式及网守路由方式等。  With the deployment and application of large-scale H.323 multimedia communication systems, such as global VoIP networks or national-wide video conferencing/visual telephone systems, in this multi-operator, across multiple management domains In the multi-gatekeeper DRC environment, the method provided by the present invention is more convenient and practical. The method of the present invention can also be applied to other multi-gateway call modes, such as partial/routing mode, direct/routing, routing/direct mode, and gatekeeper routing.

Claims

权 利 要 求 书 Claim
1、 一种跨 多网守端到端会话密钥协商方法, 主、 被叫端点处于不同 的网守管理域, 其特征在于, 包括如下步骤: A method for negotiating end-to-end session keys across multiple networks, where the primary and the called endpoints are in different gatekeeper management domains, and the method includes the following steps:
( 1 )在使用直接路由呼叫被叫端点之前, 主叫端点生成接入请求消息 发送给其所归属的网守进行安全策略协商, 该网守为主叫网守;  (1) Before using the direct route to call the called endpoint, the calling endpoint generates an access request message and sends it to the gatekeeper to which it belongs to perform security policy negotiation, and the gatekeeper is the calling gatekeeper;
( 2 )主叫网守收到接入请求消息后, 向被叫网守发起定位请求消息, 以查询被叫端点地址, 同时转发主叫端点的密钥协商方法;  (2) After receiving the access request message, the calling gatekeeper initiates a location request message to the called gatekeeper to query the called endpoint address and forward the key negotiation method of the calling endpoint;
( 3 ) 被叫网守收到定位请求消息后,根据主叫端点以及被叫网守是否 支持 D-H密钥交换算法和安全策略的信息, 确定生成会话密钥的方法, 并 将根据该方法生成的共享秘密放入定位确认消息中,用于主叫端点与被叫端 点之间的通信, 将定位确认消息发送给主叫网守, 进行进一步密钥协商; (3) After receiving the location request message, the called gatekeeper determines a method for generating a session key according to whether the calling endpoint and the called gatekeeper support the DH key exchange algorithm and the security policy, and generates a method according to the method. The shared secret is placed in the location confirmation message for communication between the calling endpoint and the called endpoint, and the location confirmation message is sent to the calling gatekeeper for further key agreement;
( 4 )主叫网守收到定位确认消息后, 才艮据已确定的生成会话密钥的方 法,对用于主叫端点的共享秘密进行解密, 然后再加密转发或是直接转发该 共享秘密给主叫端点,据此生成接入确认消息发送给主叫端点, 该接入确认 消息中复制了定位确认消息中用于被叫端点的共享秘密; (4) After receiving the location confirmation message, the calling gatekeeper decrypts the shared secret for the calling endpoint according to the determined method of generating the session key, and then encrypts or forwards or directly forwards the shared secret. Sending an access confirmation message to the calling endpoint, and copying the shared secret for the called endpoint in the location confirmation message;
( 5 )主叫端点收到接入确认消息后, 根据已确定的密钥协商方法, 提 取与被叫端点所共享的秘密, 完成密钥协商, 得到会话密钥。  (5) After receiving the access confirmation message, the calling endpoint extracts the secret shared with the called endpoint according to the determined key negotiation method, completes the key negotiation, and obtains the session key.
2、 根据权利要求 1所述的方法, 其特征在于: 2. The method of claim 1 wherein:
生成会话密钥的方法包括:  The methods for generating a session key include:
( a ) 由被叫网守产生共享秘密, 主叫网守及主叫端点根据该共享秘密 生成会话密钥;  (a) generating a shared secret by the called gatekeeper, the calling gatekeeper and the calling endpoint generating a session key according to the shared secret;
( b )由主叫网守与被叫网守使用 D-H密钥交换算法生成会话密钥; 或 (b) the session key is generated by the calling gatekeeper and the called gatekeeper using the D-H key exchange algorithm; or
( c ) 由主叫端点与被叫网守使用 D-H密钥交换算法生成会话密钥。 (c) The session key is generated by the calling endpoint and the called gatekeeper using the D-H key exchange algorithm.
3、 根据权利要求 2所述的方法, 其特征在于: 3. The method of claim 2, wherein:
所述接入请求消息、定位请求消息、定位确认消息及接入确认消息均包 含明文令牌, 利用明文令牌中的算法对象标识符的不同取值来表示主叫端 点、 主叫网守、 被叫网守是否支持 D-H密钥交换算法, 或者用于表示该明 文令牌包含共享秘密, 交给主叫端点或被叫端点使用。 The access request message, the location request message, the location confirmation message, and the access acknowledgement message all include a plaintext token, and the caller endpoint, the calling gatekeeper, and the different values of the algorithm object identifier in the plaintext token are used. Whether the called gatekeeper supports the DH key exchange algorithm, or is used to indicate the The text token contains the shared secret and is handed over to the calling endpoint or the called endpoint.
4、 根据权利要求 3所述的方法, 其特征在于: 4. The method of claim 3, wherein:
所述步骤( 1 )中, 主叫端点将其 D-H公钥放在明文令牌中的 D-H公钥 域中, 并对算法对象标识符设定一个表示支持 D-H密钥交换算法的值。 5、 根据权利要求 4所述的方法, 其特征在于:  In the step (1), the calling endpoint places its D-H public key in the D-H public key field in the plaintext token, and sets a value indicating that the algorithm object identifier supports the D-H key exchange algorithm. 5. The method of claim 4, wherein:
所述步骤(2 )中, 若由主叫端点与被叫网守使用 D-H密钥交换算法生 成会话密钥,则将主叫端点发送的接入请求消息的明文令牌复制到定位请求 消息中。  In the step (2), if the calling endpoint and the called gatekeeper use the DH key exchange algorithm to generate the session key, the plaintext token of the access request message sent by the calling endpoint is copied into the location request message. .
6、 根据权利要求 5所述的方法, 其特征在于: 6. The method of claim 5, wherein:
所述步骤( 3 ) 中, 主叫端点选择使用 D-H密钥交换算法, 且被叫网守 的安全策略允许使用 D-H密钥交换算法, 则被叫网守生成的 D-H公钥, 与 从定位请求消息中获取的公铜一起, 使用 D-H密钥交换算法计算出共享秘 密及分别用于主叫网守和被叫端点的两个明文令牌, 放入定位确认消息中。  In the step (3), the calling endpoint selects to use the DH key exchange algorithm, and the security policy of the called gatekeeper allows the DH key exchange algorithm to be used, and the DH public key generated by the called gatekeeper and the secondary positioning request Together with the public copper obtained in the message, the DH key exchange algorithm is used to calculate the shared secret and two plaintext tokens respectively used for the calling gatekeeper and the called endpoint, and placed in the location confirmation message.
7、 根据权利要求 3所述的方法, 其特征在于: 7. The method of claim 3, wherein:
所述步驟( 3 ) 中, 若被叫网守无法使用 D-H密钥交换算法, 则由被叫 网守分别与主叫网守和被叫端点产生共享秘密,然后对应地将该共享秘密加 密后与加密参数分别放入定位确认消息的用于主叫网守和被叫端点的明文 令牌中。  In the step (3), if the called gatekeeper cannot use the DH key exchange algorithm, the called gatekeeper generates a shared secret with the calling gatekeeper and the called endpoint respectively, and then encrypts the shared secret correspondingly. The encryption parameters are respectively placed in the plaintext tokens of the calling gatekeeper and the called endpoint for the location confirmation message.
8、 根据权利要求 6所述的方法, 其特征在于: 8. The method of claim 6 wherein:
所述步骤(4 ) 中, 主叫网守检查收到定位确认消息, 若是由主叫端点 与被叫网守使用 D-H密钥交换算法生成会话密钥, 则将定位确认消息中所 有的明文令牌复制到接入确认消息中。  In the step (4), the calling gatekeeper checks to receive the location confirmation message. If the calling endpoint and the called gatekeeper use the DH key exchange algorithm to generate the session key, all the plaintext orders in the location confirmation message will be located. The card is copied to the access confirmation message.
9、 根据权利要求 7所述的方法, 其特征在于: 9. The method of claim 7 wherein:
所述步骤(4 ) 中, 主叫网守收到定位确认消息后, 从定位确认消息中 解密得到共享秘密, 然后对共享秘密加密,将加密结果和加密参数设置到接 入确认消息的用于主叫端点的明文令牌中,同时将定位确认消息中用于被叫 端点的明文令牌复制到接入确认消息中。 In the step (4), after receiving the location confirmation message, the calling gatekeeper decrypts the shared secret from the location confirmation message, and then encrypts the shared secret, and sets the encryption result and the encryption parameter to the access confirmation message. In the plaintext token of the calling endpoint, the location confirmation message is also used for the called party. The plaintext token of the endpoint is copied into the access confirmation message.
10、 根据权利要求 8所述的方法, 其特征在于: 10. The method of claim 8 wherein:
所述步骤(5 ) 中, 主叫端点收到的接入确认消息, 从接入确认消息的 明文令牌中获得被叫方的 D-H公钥, 与主叫端点保存的 D-H公钥一同使用 D-H密钥交换算法计算出共享秘密, 进而得到会话密钥。  In the step (5), the access confirmation message received by the calling endpoint obtains the DH public key of the called party from the plaintext token of the access confirmation message, and uses the DH together with the DH public key saved by the calling endpoint. The key exchange algorithm calculates the shared secret and obtains the session key.
11、 根据权利要求 9所述的方法, 其特征在于: 11. The method of claim 9 wherein:
所述步骤(5 ) 中, 主叫端点收到的接入确认消息, 根据接入确认消息 中用于于主叫端点的明文令牌的加密参数,及主叫端点与主叫网守的共享密 钥, 解密接入确认消息中的明文令牌, 得到共享秘密, 进而得到会话密钥。  In the step (5), the access confirmation message received by the calling endpoint, according to the encryption parameter of the plaintext token used by the calling endpoint in the access confirmation message, and the sharing between the calling endpoint and the calling gatekeeper The key decrypts the plaintext token in the access confirmation message to obtain a shared secret, thereby obtaining a session key.
PCT/CN2007/003690 2006-12-19 2007-12-19 A method for negotiating the session secret key between the endpoints across multiple gatekeeper zones WO2008074226A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200610162277.X 2006-12-19
CNA200610162277XA CN101207480A (en) 2006-12-19 2006-12-19 Method for multi-network guard end-to-end conversation cryptographic key negotiation of striding field

Publications (1)

Publication Number Publication Date
WO2008074226A1 true WO2008074226A1 (en) 2008-06-26

Family

ID=39535993

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/003690 WO2008074226A1 (en) 2006-12-19 2007-12-19 A method for negotiating the session secret key between the endpoints across multiple gatekeeper zones

Country Status (2)

Country Link
CN (1) CN101207480A (en)
WO (1) WO2008074226A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113630244A (en) * 2021-07-14 2021-11-09 国网河北省电力有限公司信息通信分公司 End-to-end safety guarantee method facing communication sensor network and edge server
CN115001764A (en) * 2022-05-23 2022-09-02 中国科学技术大学 Cross-domain key agreement method and system based on consensus database under layered system

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105848140B (en) * 2016-03-17 2019-03-15 西安电子科技大学 It can be realized the End-to-End Security method for building up of communication supervision in a kind of 5G network
CN107566115B (en) 2016-07-01 2022-01-14 华为技术有限公司 Secret key configuration and security policy determination method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1691583A (en) * 2004-04-26 2005-11-02 华为技术有限公司 Method of secure communication based on endpoints
CN1815953A (en) * 2005-02-04 2006-08-09 华为技术有限公司 Conversation key distribution method of crossing gate-guard management range under direct route mode

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1691583A (en) * 2004-04-26 2005-11-02 华为技术有限公司 Method of secure communication based on endpoints
CN1815953A (en) * 2005-02-04 2006-08-09 华为技术有限公司 Conversation key distribution method of crossing gate-guard management range under direct route mode

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113630244A (en) * 2021-07-14 2021-11-09 国网河北省电力有限公司信息通信分公司 End-to-end safety guarantee method facing communication sensor network and edge server
CN115001764A (en) * 2022-05-23 2022-09-02 中国科学技术大学 Cross-domain key agreement method and system based on consensus database under layered system

Also Published As

Publication number Publication date
CN101207480A (en) 2008-06-25

Similar Documents

Publication Publication Date Title
US9537837B2 (en) Method for ensuring media stream security in IP multimedia sub-system
US7813509B2 (en) Key distribution method
US6996716B1 (en) Dual-tier security architecture for inter-domain environments
EP2426852B1 (en) Method and system for implementing secure forking calling session in ip multi-media subsystem
EP1374533B1 (en) Facilitating legal interception of ip connections
WO2011041962A1 (en) Method and system for end-to-end session key negotiation which support lawful interception
WO2007073659A1 (en) Terminal access method based on h.323 protocol applied to packet network
WO2008040213A1 (en) Message encryption and signature method, system and device in communication system
US20070074022A1 (en) Method for providing message transmission in H.323 communication system
WO2005104423A1 (en) The method of secret communication between the endpoints
CN101273571B (en) Implementing method for field-crossing multi-network packet network cryptographic key negotiation safety strategy
KR20070006913A (en) Fast and secure connectivity for a mobile node
CN100544247C (en) The negotiating safety capability method
WO2008074226A1 (en) A method for negotiating the session secret key between the endpoints across multiple gatekeeper zones
CN101207477A (en) Method for multi-network guard end-to-end conversation cryptographic key negotiation of striding field
US20080298593A1 (en) Gateway Shared Key
KR101210938B1 (en) Encrypted Communication Method and Encrypted Communication System Using the Same
WO2009094813A1 (en) Security parameters negotiation method and apparatus for realizing the security of the media flow
CN1323509C (en) Conversation key distribution method of crossing gate-guard management range under direct route mode
CN113114644B (en) SIP architecture-based multi-stage cross-domain symmetric key management system
CN110933673B (en) Access authentication method of IMS network
WO2012174843A1 (en) Key negotiation method and system for achieving end-to-end security
CN101207478B (en) Method for key agreement of guard end-to-end conversation in cross-domain multi-network
Blom et al. Key management and protection for IP multimedia
WO2006081712A1 (en) A method for switching the level of the plaintext and cyphertext during the conversation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07845988

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07845988

Country of ref document: EP

Kind code of ref document: A1