WO2008134918A1 - Procédé d'authentification et système d'authentification - Google Patents

Procédé d'authentification et système d'authentification Download PDF

Info

Publication number
WO2008134918A1
WO2008134918A1 PCT/CN2007/071224 CN2007071224W WO2008134918A1 WO 2008134918 A1 WO2008134918 A1 WO 2008134918A1 CN 2007071224 W CN2007071224 W CN 2007071224W WO 2008134918 A1 WO2008134918 A1 WO 2008134918A1
Authority
WO
WIPO (PCT)
Prior art keywords
hash value
mobile terminal
terminal node
authentication
base station
Prior art date
Application number
PCT/CN2007/071224
Other languages
English (en)
Chinese (zh)
Inventor
Qin Wu
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008134918A1 publication Critical patent/WO2008134918A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention relates to the field of communications, and in particular, to an authentication method and an authentication system ⁇ , BACKGROUND
  • the present invention relates to a fast handover technology in the mobile IPv6 field, that is, a mobile terminal node (Mobile Station; hereinafter referred to as: MS) forward access router (hereinafter referred to as PAR) registers its new handover in advance.
  • the node moves from one access router to another, and maintains the continuity of the session. This process is called handover in the handover process, due to the link handover delay.
  • the IP protocol works, the mobile terminal node is in a segment. The packet cannot be sent or received within the time, resulting in an increase in the packet loss rate during this time.
  • Mobile IPv6 fast handover is a handover technique proposed to reduce handover delay and reduce packet loss rate.
  • the mobile terminal node includes a mobile phone, or a notebook computer with a wireless network card, etc., and can be used to save a relatively simple data list.
  • the fast binding update management is a process for notifying the relevant node of the new care-of address in the fast handover, wherein A very important security issue is about the issue of fast binding update and fast binding confirmation message authentication.
  • One way to ensure the security of the handover process is to introduce a one-way hash function algorithm, which authenticates the binding message.
  • the principle is to generate a one-way hash value by using a one-way hash function, and the mobile terminal node distributes a hash value to the access router AR (Access Roofer: AR) as an authentication material, and the message from the mobile terminal node
  • AR Access Roofer: AR
  • the certification is implemented, and a new hash value is replaced as a certification material each time it is switched.
  • a one-way hash chain is based on a one-way hash function 3 ⁇ 4 into a set of one-way hash values... ⁇ , and satisfies ( ).
  • the one-way hash function may be a hash function such as Secure Flash Algorit m 1 (hereinafter referred to as SI1.1;) and Message Digest 5 (hereinafter referred to as MD5).
  • SI1.1 Secure Flash Algorit m 1
  • MD5 Message Digest 5
  • the technical solution implements authentication on the binding message by introducing a one-way hash function algorithm.
  • the authentication principle is that the mobile terminal node generates a one-way hash list. In the proxy route prefix request, the hash list extracts a hash value as a key material and distributes it to the AR. Then, the key material is used to authenticate the fast binding message from the mobile terminal node, and the key material for the next handover is transmitted during the process of establishing a channel between the PAR and the new access router (N
  • Figure ⁇ shows a fast handover authentication procedure in a prediction mode according to the related art, the process of which is as follows:
  • the mobile terminal node first generates a set of 128b it hash values such as 3 ⁇ 4, ⁇ ';, ".'; & , and satisfies K-ZXU, one-way hash function according to the one-way hash function.
  • K-ZXU K-ZXU
  • the one-way hash function has an irreversible sexual shield, that is, knowing ⁇ , you can get n> according to (f') and know that it cannot be launched.
  • the mobile terminal node constructs a hash switching option (Hash Mancloff Option; hereinafter referred to as 0) from the one-way hash chain according to the type length value (Type Lengiti Value; the following cylinder: TLV), and is encapsulated in the option.
  • the request is carried by the proxy router request message to the MR.
  • the proxy router may request a message signature using a Cryptogical Data Generated Address (hereinafter referred to as CC.A) technology.
  • CC.A Cryptogical Data Generated Address
  • PAfl is extracted from the RH0 option, and a 64bU switching vector (Handof f Vector; hereinafter referred to as HY) is randomly generated, and the switching vector option (llandof f Vector Option; hereinafter referred to as: and carried in the proxy router advertisement, is sent to the mobile terminal node.
  • the mobile terminal node performs a hash operation on the HV after receiving the proxy route advertisement (hereinafter referred to as PrRtAdv) message, and generates a new HV ( provided that the PAR must know the mobile terminal node to the HV Suitable processing
  • the mobile terminal node extracts 64bit ⁇ from the HV0 option ; and extracts the new link prefix from the proxy router advertisement message to start configuring the new care-of address.
  • the new care-of address interface IS is calculated as follows: Interface ID part of nCoA. First (64, f'-) oK First (64, nil?) , that is, the interface identification part of the new care-of address is equal to the first 64 bits and the first 64t>h. of the nMV The result, where nCoA (new Care of Address:) refers to the new transfer place, address,
  • the mobile terminal node sends a binding update message to the forward access router, and carries a hash extension option (Ha sh Ex t en s I on Op 11 on; hereinafter referred to as ⁇ ), which includes a hash extension (f!as ⁇ Extension; Hereinafter referred to as: HE) ⁇ &,
  • HE hash extension
  • the front access router pair fast binding update (FBU) message real-time authentication, extracting the first 64blt of the ⁇ ; from the nCoA, plus the last 64 bits extracted from the HE, get, and After the first hash operation, compared with ⁇ "; if the . is equal, the former router successfully authenticates the FBU.
  • FBU front access router pair fast binding update
  • the PAR After the PAR receives the binding update message from the mobile terminal node, it immediately initiates a handover initialization message to the new access router, and the message carries a 64-bit handover option (Handoff Option; hereinafter referred to as H0), USblt's The Greek chain item HO) (i1 ⁇ 2sh Ch in Option, ), the book option is the 64bi t HV generated by R, and the HC0 option contains a one-way hash value.
  • H0 handover Option
  • the front router receives the handover acknowledgement (Handover Acknowl edge; hereinafter referred to as HAck), and then responds to the mobile terminal node with the Fast Binding Ackno l edge (FBAck) option, carrying the token. : Token. Acknowl edge Option (hereinafter referred to as: Ding AO), TA0 option package TAck. Value, calculated as follows:
  • the mobile terminal node authenticates the FBAck message, and calculates the TAck value based on the configured new care-of address, and compares it with the TAc'k value carried in the FBAck. If ⁇ is equal, the authentication is performed. Success, see Figure i where the HH0 option contains the 128-bit HV0 option that the mobile terminal node passes to P.
  • the ⁇ H0 option of 1 contains a 64bi 3 ⁇ 4m random number.
  • a one-way hash chain is generated by a mobile terminal node based on a one-way hash chain pair handover authentication policy, and each time the handover is completed, a hash value needs to be discarded. When all the hash values are discarded, The mobile terminal node needs to regenerate a new hash chain. For the mobile terminal node, the consumption overhead is relatively large.
  • the embodiment of the present invention provides an authentication method and an authentication system, which can solve the problem of low mutual authentication efficiency when the mobile terminal node and the AR switch.
  • an authentication method for performing handover on a mobile terminal node from a first base station to a second base station, where the method includes the following steps:
  • the access router of the first base station receives an authentication request of the mobile terminal node
  • the authentication request includes a first hash value and a media access control address of the mobile terminal node, where the first hash value is obtained by the mobile terminal node querying the locally preset mobile cache list according to the base station identifier of the second base station, where the mobile cache list includes a first hash value and a base station identifier;
  • the access router queries the locally preset access cache list according to the media access control address to obtain a second hash value, and the first hash value and the second hash value that are to be retrieved from the authentication request The value is compared.
  • the access cache list includes a second hash value and a media access control address.
  • an authentication system including: a mobile terminal node, where When switching from the first base station to the base station, querying the local according to the base station identity of the second base station The mobile cache list is configured to obtain a first hash value, and the media access control address of the first hash value and the mobile terminal node is encapsulated in an authentication request and sent to the access router of the first base station, where the mobile cache list includes a first hash value and a station identifier; an access router, configured to query a locally preset access cache list according to the media access control address to obtain a second hash value, the first hash value obtained from the authentication request Compared with the second hash value, if the ⁇ is equal, the authentication succeeds, wherein the access cache list includes the second hash value and the media access control address.
  • the cache list is used, thereby avoiding that the mobile terminal node needs to regenerate a new hash chain, which is beneficial to the mobile terminal node to the Achilles and authentication of each AR, and the mutual authentication of the mobile terminal node and the AR, and improve Mutual authentication efficiency when the mobile terminal node and the AR switch.
  • FIG. 1 shows a fast handover authentication process in a prediction mode according to the related art
  • FIG. 2 shows a flow chart of an authentication method in accordance with an embodiment of the present invention
  • FIG. 3 illustrates a prediction mode fast authentication process according to an embodiment of the present invention
  • FIG. 2 shows a flow chart of a lightweight fast handover authentication method according to an embodiment of the present invention, including the following steps:
  • Step S10 The AR of the former base station (ie, PAR) receives the authentication request of the MS (such as the FBU message, which is exemplified by the FBU message), and the FBU message includes the first hash value and the media access control address of the MS (below) Abbreviation: MAC), the MS obtains a first hash value by querying a local preset mobile cache list according to a base station identifier (Base Station: BSID) to be switched to a new base station, where The cache list includes a first hash value and a BSID; the PAR queries the locally preset access cache list according to the MAC of the MS to obtain a second hash value, and obtains the first hash value and the second hash from the FBy message.
  • BSID base station identifier
  • the PAR queries the locally preset access cache list according to the MAC of the MS to obtain a second hash value, and obtains the first hash value and the second hash from the FBy message.
  • the values are compared. If they are equal, the authentication succeeds.
  • the access cache list includes the second hash value and the MAC address.
  • Step S20 the PAR queries the locally preset access cache list according to the MAC of the MS to obtain a second hash value, and compares the first hash value obtained from the FBI) message with the second hash value, and if equal, authenticates Success, indicating that the one-way hash value of the MS is that the first hash value is not equal to the second hash value of the A distribution, or that the PAR does not query the access cache entry according to the MAC of the MS (Viated Cache Entry; The following is abbreviated: When the authentication fails, the access cache list includes the second hash value and the MAC address.
  • the mobile cache list and the access cache list can be established by the following steps: P generates multiple hash values and sends them to the MS; the MS uses the prefix generated by itself (ie, the random number) and the received hash value as the first hash. The value gets the new BSID, and the first hash value and the BSID constitute a mobile cache entry (Mobile Cache Entry; hereinafter referred to as MCE); the PAR uses multiple hash values as the second hash value, and the MAC of the MS constitutes the VCE, Form a list of mobile cache list access caches
  • the PAR generates a set of hash values of a certain length, such as V0, Vl ⁇ *'Vn, according to the one-way hash function F, and satisfies Vi-F (Vi + U.
  • the length of the hash chain is limited,
  • the calculation overhead of generating a one-way hash chain by a mobile terminal node is relatively large, and the energy consumption is large.
  • the calculation of the hash chain by PAR is beneficial to the terminal to save energy and bandwidth. It is very important to generate a one-way hash chain by MR.
  • the advantage is that the mobile terminal node tracks and authenticates the AR, and mutual authentication between the mobile terminal node and the AR is implemented. The specific steps are as follows:
  • the PA generates a PrRtAdv message and sends it to the mobile terminal node, where the ⁇ is carried;
  • the PAR encrypts the PrRtAdv message and sends it to the mobile terminal node. This can further enhance security.
  • the PAR encrypting the PrRtMv message may include the following steps:
  • the MS generates a public-private key pair, and sends the public key to the AR through a proxy routing request (hereinafter referred to as RtSoLPr) message;
  • the AR encrypts the PrR iv message by using the public key.
  • the implementation of the present invention is combined with a symmetric key system to generate a shared key through a 3?3 ⁇ .
  • public-private key mechanism of Secure Neighbor Discovery (SEND) protocol and protect the FBU with a shared key.
  • FBAck Fast Binding Answer
  • an authentication system including:
  • the MS is configured to: when the base station is switched, query the local preset mobile cache list by using the new BSID to be switched to obtain the first hash value, and encapsulate the first hash value and the own MAC in the FBU message.
  • An access router that is sent to the former base station, where the mobile cache list includes a first hash value and a new BSID;
  • An AR configured to query a locally preset access cache list according to the MAC of the MS to obtain a second hash value, and compare the first hash value obtained from the FBU message with the second hash value, if the ⁇ is equal The authentication succeeds, wherein the access cache list includes the second hash value and MA (;.
  • the AR establishes a VCE list locally.
  • the VCE stores entries for Mac, Ks, and Vi.
  • the MS establishes the MC £ ⁇ table locally, and the MCE stores the entries BSID, Ks, and Vi.
  • FIG. 3 illustrates a prediction mode fast authentication process according to an embodiment of the present invention, including the following steps: PAR generates a set of 128-bit hash values such as V(), Vl, ''' ⁇ according to a one-way hash function F. Meet V i F(Vi+:i) s
  • the mobile terminal node generates a 64-bit random number Nonce as a prefix, and generates an RSA public-private key pair according to the internal L system, and sends the random number and the RSA public key to the PAR through the RtSoiPr message, and the message is carried by the C (JA signature, carrying RSA, HV0 option It is worth noting here that only the RtSoiPr sent by the mobile terminal node for the first time is signed ⁇ .
  • PAR extracts the RSA public key, generates a shared key Ks according to the internal mechanism, and sends s to the mobile terminal node through the PrRtAdv message.
  • the message is encrypted by RSA public copper to ensure the security of ⁇ , Ks transmission ⁇ fcL
  • the mobile terminal node extracts the shared key lis from the PrRtAclv message, and generates an interface ID of the new care-of address based on Vi and Nonce (ie, the BSID of the new base station) as follows:
  • HE is generated as follows: HE - Las t (6 5 Vi) ® Nonce
  • the MCE cache list entry of the corresponding PAR is established, and then the FBU message is sent to the PAR, the message carries the 0-escape item, and the message is encrypted by the shared key Ks.
  • the PAR receives the FBI! message from the mobile terminal node, authenticates the message, and calculates from the message that V I is compared with the locally established YCE of the PAR. If there is a (Mac, s, Vi) entry in the YCE, the authentication succeeds.
  • the PAR After the PAR successfully authenticates the FBli, it sends a Handover Initiative (hereinafter referred to as HI) message to the AR, carrying the i!EO option and the RSA public key option, and the NAR is based on the new care-of address and the HE0 option.
  • HI Handover Initiative
  • the VI Calculate the VI, generate a new shared key KKs according to the internal mechanism, and establish a VCE entry corresponding to the mobile terminal node
  • PAR enhances the encrypted s option, sends an FBAck: message to the mobile terminal, carries the TAck option and the encrypted s option, and JL encrypts with the shared key Ks.
  • the mobile terminal node decrypts the FBAck message with Ks and calculates TAcfc with the new care-of address. If ⁇ is equal to TAck in the message, the FBAck authentication succeeds. At the same time with the RSA private key to decrypt KKs options, and add a cache list MCE article about NAR is 3 ⁇ 4 ⁇
  • the tracking of the AR by the mobile terminal node is as follows:
  • the mobile terminal node When the mobile terminal node sends a proxy routing request at the time of handover, or resends the routing request on the local link, first according to the new query MCE. If there is a corresponding entry, extracting ⁇ i, the VI is encapsulated in the message as the MN0 option. The message is encrypted and sent to the AR by using the shared key Ks.
  • the AR queries the local VCE according to the MAC of the mobile terminal node, obtains the shared key Ks, decrypts the received message with the shared key, and obtains the Vi option, and Compared with the corresponding VCE entries, if equal, the one-way hash value of the mobile terminal node is distributed by the AR.
  • the AR responds to the mobile terminal node message, carries the Vi 1 option, and encrypts with the shared key. If the unequal or M does not query the corresponding VCE strip according to the MAC of the mobile terminal node, the AR responds to the mobile terminal node message without carrying any I option.
  • the mobile terminal node decrypts the routing agent advertisement with Ks, extracts V] 1, and verifies whether Vi 1 is equal to F (vn. If equal, mutual authentication is implemented, and if the mobile terminal node does not wait, the mobile terminal node deletes the corresponding
  • the mobile terminal node deletes the corresponding entry and initiates a handover to the AR according to the above authentication process.
  • the M-initiation is initiated according to the above authentication process.
  • FIG. 4 shows the reactive mode fast authentication process in accordance with the implementation of the present invention.
  • the KKS option contains the newly generated shared key material of the NAR, and the process is as follows:
  • Steps 2 and 3 quickly switch the authentication step with the prediction mode
  • the mobile terminal node sends an FNA message to the NAR, nests the F leg message, and encrypts only the 11E0 option in the FBI! message with the shared key, and the FBU message includes the UE0 option and the RSA public key material.
  • the NAR performs DAD detection on the new care-of address. If the new care-of address has no MD conflict, the FFI is extracted from the FNA and sent directly to the PAR. At the same time, the RSA public key material is extracted, and the H-local PAR is decrypted to the HB0 option.
  • the mode authentication method calculates ⁇ ., checks whether the local VCE. exists (Mae, s, Vi). If it exists, the FBU message is successfully authenticated.
  • the TA0 escape item is sent to the NAR through the FBAek message with the shared key Ks encryption.
  • the MAR extracts the TA0 option and option, and generates a new shared key ls according to the internal mechanism, encrypts with the RS public key, sends the TO, Ks and the new KKs to the mobile terminal node through the R tAdv message and then establishes the mobile terminal node.
  • VCE list entry
  • the mobile terminal node decrypts the R tAdv message, calculates TA0 according to the new care-of address, and compares it with the TAO in the R tMv message. If ⁇ is equal, the entire authentication is successful. Simultaneously extract s and establish an MCE cache list entry for R.
  • a one-way hash chain is generated by PAR, which reduces the energy consumption of the terminal, and the length of the one-way hash value is not limited, and the generation is easier;
  • a one-way hash chain is generated by the PAR, and the mobile terminal node and the AR respectively generate a cache list, and the mobile terminal node is prevented from re-generating a new hash chain, which is beneficial to the mobile terminal node to each AR. Tracking and authentication, and mutual authentication of mobile terminal nodes, improve the mutual authentication efficiency of mobile terminal nodes and AR handover.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

La présente invention concerne un procédé d'authentification et système d'authentification, servant à l'authentification d'un transfert vers une station de base pour un nœud terminal, le procédé comprenant les étapes suivantes : un routeur d'accès de la première station de base reçoit une demande d'authentification provenant du nœud terminal mobile, la demande d'authentification contenant la première valeur de hachage et une adresse de commande d'accès au média du nœud terminal mobile, la première valeur de hachage étant obtenue en consultant une liste tampon de mobile préétablie localement par le nœud terminal mobile selon l'identifiant de la station de base de la seconde station de base, la liste tampon de mobile contenant la première valeur de hachage et l'identifiant de la station de base ; le routeur d'accès consulte une liste tampon d'accès préétablie localement selon l'adresse de commande d'accès au support pour obtenir la seconde valeur de hachage, compare la première valeur de hachage obtenue à partir de la demande d'authentification avec la seconde valeur de hachage, et l'authentification est réussie si elles sont égales, la liste tampon d'accès contenant la seconde valeur de hachage et l'adresse de commande d'accès au support. Le problème d'une faible efficacité d'authentification mutuelle lors d'un transfert pour le nœud terminal mobile et du routeur d'accès peut donc être résolu.
PCT/CN2007/071224 2007-05-08 2007-12-12 Procédé d'authentification et système d'authentification WO2008134918A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN200710101747.6 2007-05-08
CN200710101747.6A CN101304365B (zh) 2007-05-08 2007-05-08 认证方法和认证系统

Publications (1)

Publication Number Publication Date
WO2008134918A1 true WO2008134918A1 (fr) 2008-11-13

Family

ID=39943103

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2007/071224 WO2008134918A1 (fr) 2007-05-08 2007-12-12 Procédé d'authentification et système d'authentification

Country Status (2)

Country Link
CN (1) CN101304365B (fr)
WO (1) WO2008134918A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101739540B (zh) * 2008-11-20 2013-01-16 北京大学深圳研究生院 一种标签读写器、射频标签的数据通信方法、系统

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4687808B2 (ja) * 2009-03-31 2011-05-25 ブラザー工業株式会社 画像伝送システム
CN101888630B (zh) * 2009-05-11 2014-06-11 华为终端有限公司 一种切换接入网的认证方法、系统和装置
CN103813324B (zh) * 2012-11-07 2017-02-22 中国移动通信集团公司 节点签名方法和层次化MIPv6的移动节点接入方法
CN106789996A (zh) * 2016-12-12 2017-05-31 墨宝股份有限公司 一种智能电网用户访问授权控制方法
CN108282551B (zh) * 2018-03-07 2021-04-09 成都众网行科技有限公司 报文识别处理方法、装置、监听设备及可读存储介质
US11838428B2 (en) * 2021-12-20 2023-12-05 Nokia Technologies Oy Certificate-based local UE authentication
CN114844687A (zh) * 2022-04-15 2022-08-02 深圳汇辰软件有限公司 一种认证方法、电子设备及存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1514657A (zh) * 2002-12-31 2004-07-21 中国科学技术大学 用于MIPv6的子网间快速切换方法
CN1705285A (zh) * 2004-05-31 2005-12-07 中国科学院声学研究所 一种基于隧道的移动IPv6快速切换方法
CN1799241A (zh) * 2003-06-03 2006-07-05 艾利森电话股份有限公司 Ip移动性
CN1823545A (zh) * 2003-06-27 2006-08-23 诺基亚公司 增强型快速切换过程

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1514657A (zh) * 2002-12-31 2004-07-21 中国科学技术大学 用于MIPv6的子网间快速切换方法
CN1799241A (zh) * 2003-06-03 2006-07-05 艾利森电话股份有限公司 Ip移动性
CN1823545A (zh) * 2003-06-27 2006-08-23 诺基亚公司 增强型快速切换过程
CN1705285A (zh) * 2004-05-31 2005-12-07 中国科学院声学研究所 一种基于隧道的移动IPv6快速切换方法

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101739540B (zh) * 2008-11-20 2013-01-16 北京大学深圳研究生院 一种标签读写器、射频标签的数据通信方法、系统

Also Published As

Publication number Publication date
CN101304365B (zh) 2012-12-12
CN101304365A (zh) 2008-11-12

Similar Documents

Publication Publication Date Title
US8738913B2 (en) Method of deriving and updating traffic encryption key
TWI390893B (zh) 於無線網路中用於交遞後導出新金鑰之方法及裝置
JP5597676B2 (ja) 鍵マテリアルの交換
JP4682250B2 (ja) マルチホップ無線ネットワークにおける無線ルータ支援セキュリティハンドオフ(wrash)
WO2008134918A1 (fr) Procédé d'authentification et système d'authentification
BRPI0716621A2 (pt) Gerenciamento de chave de rede ad-hoc
CN107181597B (zh) 一种基于身份代理群签名的PMIPv6认证系统及方法
CA2760522A1 (fr) Securite de protocole de transfert intracellulaire independant du support
WO2010115326A1 (fr) Méthode de pré-authentification d'un terminal de réseau local sans fil et système de réseau local sans fil
US20130196708A1 (en) Propagation of Leveled Key to Neighborhood Network Devices
WO2009097789A1 (fr) Procédé et système de communication pour établir une association de sécurité
Hur et al. Security considerations for handover schemes in mobile WiMAX networks
WO2011120249A1 (fr) Procédé de négociation de clé de multidiffusion adapté pour un système d'appel de groupe et système associé
WO2007022727A1 (fr) Procede et systeme pour communiquer des informations contextuelles de cle d'autorisation
WO2011015060A1 (fr) Procédé d'authentification de protocole d'authentification extensible, station de base et serveur d'authentification associés
WO2011072513A1 (fr) Procédé et système pour établir une connexion de sécurité entre des équipements de commutation
WO2012040949A1 (fr) Procédé d'authentification par protocole d'authentification extensible (eap) à transfert rapide dans un réseau d'interopérabilité mondiale d'accès hyperfréquence (wimax) mobile
Park Two-way Handshake protocol for improved security in IEEE 802.11 wireless LANs
Sun et al. Efficient authentication schemes for handover in mobile WiMAX
Nguyen et al. An pre-authentication protocol with symmetric keys for secure handover in mobile WiMAX networks
Cao et al. Unified handover authentication between heterogeneous access systems in LTE networks
Taha et al. Formal analysis of the handover schemes in mobile WiMAX networks
Zheng et al. A dual authentication protocol for IEEE 802.11 wireless LANs
JP5015324B2 (ja) モバイルipv6高速ハンドオーバ中の保護方法及び装置
Soliman et al. An efficient application of a dynamic crypto system in mobile wireless security

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07846065

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07846065

Country of ref document: EP

Kind code of ref document: A1