WO2009094941A1 - Procédé, dispositif et système pour un accès d'authentification de réseau à sauts multiples sans fil basé sur id - Google Patents
Procédé, dispositif et système pour un accès d'authentification de réseau à sauts multiples sans fil basé sur id Download PDFInfo
- Publication number
- WO2009094941A1 WO2009094941A1 PCT/CN2009/070270 CN2009070270W WO2009094941A1 WO 2009094941 A1 WO2009094941 A1 WO 2009094941A1 CN 2009070270 W CN2009070270 W CN 2009070270W WO 2009094941 A1 WO2009094941 A1 WO 2009094941A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- coordinator
- terminal device
- public key
- query
- authentication
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Definitions
- ID-based wireless multi-hop network authentication access method device and system
- the invention relates to a network authentication access method, in particular to an ID-based wireless multi-hop network authentication access method, a terminal device and a system.
- the terminal device can communicate with other devices in the network, but the data cannot be forwarded for other devices in the network, that is, the routing function cannot be completed.
- the route coordinator is also responsible for forwarding data for other devices in the network, that is, the routing function can be completed.
- the network coordinator is responsible for transmitting network beacons, establishing a network, managing network nodes, storing network node information, finding routing messages between a pair of nodes, and continuously receiving information, and also forwarding data for other devices in the network. Complete the routing function.
- the network coordinator and the route coordinator can be collectively referred to as a coordinator.
- the Trust Center is the key management center for the network and is responsible for configuring key information for all devices in the network.
- the trusted center can be acted upon by the network coordinator or by other devices specified by the network coordinator in the network.
- the wireless multi-hop network supports two network topologies: a star network and a point-to-point network.
- the network topology of the point-to-point network can be divided into a network structure and a cluster structure, as shown in FIG.
- the first security solution the form of self-organizing networks.
- the device first connects to the wireless multi-hop network, and then dynamically obtains key information from the wireless multi-hop network, such as: obtaining an ID-based (identity-based cryptosystem)-based private key from a distributed CA in the wireless multi-hop network, and finally utilizing the basis Public-private pairs of IDs for secure communication;
- key information such as: obtaining an ID-based (identity-based cryptosystem)-based private key from a distributed CA in the wireless multi-hop network, and finally utilizing the basis Public-private pairs of IDs for secure communication;
- the second security scheme the form of post-connection authentication.
- the device is first connected to the wireless multi-hop network, and then the network coordinator completes the authentication of the device, and finally uses the negotiated session key for secure communication, for example: IEEE802.15.4/ZigBee standard.
- any device can become a member of a wireless multi-hop network.
- the difference between a legitimate device and an illegal device is obviously unsafe.
- the network coordinator authenticates the device after it is connected to the wireless multi-hop network, any device can connect to a wireless multi-hop network and move it away from the network coordinator.
- the network can communicate with other devices on the network before, which is also unsafe and also causes a certain amount of communication waste.
- the invention provides an ID-based wireless multi-hop network authentication access method, a terminal device and a system, and solves the technical problem that the existing wireless multi-hop network authentication access method has a security risk.
- the technical solution of the present invention is:
- An ID-based wireless multi-hop network authentication access method includes the following steps:
- the coordinator broadcasts a beacon frame;
- the beacon frame includes an ID-based authentication and key management suite;
- the coordinator authenticates the terminal device when receiving a connection request command sent by the terminal device supporting the ID-based authentication and the key management suite;
- the coordinator opens the controlled port to connect the terminal device to the wireless multi-hop network
- the coordinator sends a connection response command to the terminal device, where the connection response command is used to indicate that the terminal device accesses the wireless multi-hop network.
- the method further includes:
- the terminal device After receiving the beacon frame sent by the coordinator, the terminal device sends a connection request command to the coordinator; after receiving the connection response command sent by the coordinator, the terminal device opens the controlled port, and accesses the Wireless multi-hop network.
- the method further includes:
- the uncontrolled port and the controlled port of the coordinator and the terminal device are defined such that the uncontrolled port of the terminal device and the coordinator pass the authentication protocol data packet and the management information, and the controlled port of the terminal device and the coordinator pass the application packet.
- the specific process of authenticating the terminal device includes:
- the coordinator generates a coordinator authentication query according to the connection request command sent by the terminal device, and after receiving the authentication activation, the terminal device verifies the validity of the coordinator public key, and if the verification passes, generates a terminal device authentication query,
- the public key revocation query identifier and the terminal device temporary public key, and the terminal device authentication query, the public key revocation query identifier, the terminal device temporary public key, the coordinator authentication query, the terminal device public key, and the terminal device sign the first five pieces of information
- the constituent authentication request is sent to the coordinator;
- the coordinator After receiving the authentication request, the coordinator verifies the validity of the signature in the authentication request, the consistency of the coordinator authentication query, and the validity of the temporary public key of the terminal device; if the verification is passed, the query identifier is revoked according to the public key. Determining whether to perform a public key revocation query; if yes, the coordinator sets the public key revocation query identifier and generates a coordinator public key revocation query query, and combines the coordinator public key revocation query query, the public key revocation query identifier, and the terminal device public key The public key revocation query request is sent to the trusted center;
- the coordinator receives the public key revocation query response consisting of the coordinator public key revocation query query, the public key revocation query identifier, and the terminal device public key revocation result sent by the trusted center;
- the coordinator verifies the public key revocation query identifier in the public key revocation query response, verifies the consistency of the coordinator public key revocation query query and the public key revocation query identifier; verifies the terminal device public key revocation result; if the verification passes, generates coordination Temporary public key and access result, and the public key revocation query identifier, terminal device authentication query, coordinator temporary public key, terminal device identity and access result, and coordinator signature of the first five pieces of information
- the authentication response is sent to the terminal device; at the same time, the coordinator generates a base key between the terminal device and the coordinator according to the temporary public key of the terminal device and the temporary private key of the coordinator; after receiving the authentication response, the terminal device verifies the Declaring the validity of the signature of the public key in the authentication response, verifying the signature of the authentication response, verifying the consistency of the terminal device authentication query, the public key, the identity of the terminal device, and verifying the access result; Passing, generating a terminal device and a coordinator according to the terminal device
- the specific process of authenticating the terminal device further includes:
- the coordinator If the public key revocation query is not determined according to the public key revocation query, the coordinator generates a coordinator temporary public key and an access result, and the public key revocation query identifier, the terminal device authentication query, and the coordinator temporary The public key, the access result, and the authentication response of the coordinator to the signature of the previous four pieces of information are sent to the terminal device;
- the terminal device After receiving the authentication response sent by the coordinator, the terminal device verifies the validity of the signature of the authentication response, the consistency of the terminal device authentication query, and the access result; if the verification fails, the authentication fails; if the verification succeeds, Then, the terminal device generates a base key between the terminal device and the coordinator according to the temporary public key of the terminal device and the temporary private key of the coordinator, and the authentication succeeds.
- the specific process of authenticating the terminal device further includes:
- the trusted center After receiving the public key revocation query request sent by the coordinator, the trusted center verifies the public key revocation public key revocation query query, the public key revocation query identifier, and the terminal device public key revocation result to form a public key revocation query response transmission. Give the coordinator.
- the specific process of authenticating the terminal device includes:
- the coordinator generates a coordinator authentication query according to the connection request command sent by the terminal device, and after the terminal device receives the authentication activation, verifies the validity of the coordinator public key; if the verification succeeds, the device generates the terminal device authentication query and the public key.
- the authentication request is sent to the coordinator; after receiving the authentication request, the coordinator verifies the validity of the authentication request signature, the consistency of the coordinator authentication query, and the validity of the temporary public key of the terminal device; if the verification is passed, the public key is revoked according to the public key
- the query identifier determines whether the public key revocation query is performed; if the public key revocation query is performed, the coordinator sets the public key revocation query identifier, and generates a coordinator public key revocation query query, and rectifies the coordinator public key revocation query and terminal device authentication. Inquiry, public key, ⁇ ⁇ query identifier and coordinator The key constitutes the public key.
- the payment request is sent to the trusted center.
- the coordinator receives the trusted center to send the coordinator public key revocation query query, the public key revocation query flag Public key revocation query response composed of knowledge, coordinator public key revocation query result and public key revocation query signature; after receiving the public key revocation query response, the coordinator verifies the public key revocation query identifier in the public key revocation query response Verifying the consistency of the coordinator public key revocation query query and the public key revocation query identifier, verifying the validity of the coordinator public key revocation query result and the public key revocation query signature, and if the verification passes, the coordinator generates the coordinator temporary public key And the access result, and the public key revocation query identifier, the terminal device authentication query, the coordinator temporary public key, the identity of the terminal device, the access result, the coordinator public key revocation query result, and the public key revocation query signature, and the front An authentication response consisting of signatures of the seven pieces of information is sent to the terminal device; at the same time, the coordinator generates a base key between the
- the terminal device After receiving the authentication response, the terminal device verifies the public key revocation query identifier in the authentication response, verifies the validity of the signature of the authentication response, and verifies the terminal device authentication query, the public key, the query identifier, and the identity of the terminal device. Consistency of the identity and the verification of the access result; if the verification succeeds, the terminal device verifies that the coordinator public key revocation query result and the public key revocation query signature are valid, and generates the terminal device according to the terminal device temporary public key and the coordinator temporary private key. The base key between the coordinator and the coordinator succeeded.
- the specific process of authenticating the terminal device further includes:
- the coordinator judges that the public key revocation query identifier does not perform the public key revocation query, the coordinator temporary public key and the access result are generated, and the coordinator cancels the public key revocation query identifier, the terminal device authentication query, and the coordinator temporary The public key, the access result, and the authentication response of the coordinator to the signature of the previous four pieces of information are sent to the terminal device;
- the terminal device After receiving the authentication response, the terminal device verifies the validity of the signature of the authentication response, the consistency of the terminal device authentication query, and the access result; if the verification is passed, the terminal device according to the terminal device temporary public key and the coordinator temporary private key The base key between the terminal device and the coordinator is generated, and the authentication is successful.
- the specific process of authenticating the terminal device further includes:
- the trusted center After receiving the public key revocation query request sent by the coordinator, the trusted center verifies the public key revocation query identifier in the public key revocation query request, verifies the validity of the coordinator public key, and generates a coordinator public key revocation query.
- the trusted center public key is used to calculate the signature of the coordinator public key revocation query result, generate a public key revocation query signature, and the coordinator public key revocation query query, the public key revocation query identifier, the coordinator public key revocation query result, and
- the public key revocation query signature is composed of a public key revocation query response sent to the coordinator.
- the specific process of authenticating the terminal device includes:
- the coordinator generates a coordinator authentication query according to the connection request command sent by the terminal device, and after the terminal device receives the authentication activation, verifies the validity of the coordinator public key in the authentication activation; if the verification succeeds, the terminal device authentication is generated.
- the authentication request consisting of the signature of the information is sent to the coordinator; after receiving the authentication request, the coordinator verifies the validity of the authentication request signature, the consistency of the coordinator authentication query, and the validity of the temporary public key of the terminal device;
- the public key revocation query identifier to determine whether to perform the public key revocation query; if the public key revocation query is performed, the coordinator sets the public key revocation query identifier, and generates the coordinator public key revocation query query, and the coordinator public key revocation query query , terminal device authentication query,
- the coordinator receives the public key 4, which is composed of the coordinator public key revocation query query, the public key revocation query identifier, the terminal device public key revocation result, the coordinator public key revocation query result, and the public key revocation query signature sent by the trusted center.
- Query response is composed of the coordinator public key revocation query query, the public key revocation query identifier, the terminal device public key revocation result, the coordinator public key revocation query result, and the public key revocation query signature sent by the trusted center.
- the coordinator verifies the public key revocation query identifier in the public key revocation query response, verifies the consistency of the coordinator public key revocation query query and the public key revocation query identifier, and verifies the coordinator public key revocation query result and the public key revocation query signature. Validity and verification of the terminal device public key revocation result. If the verification passes, the coordinator generates the coordinator temporary public key and the access result, and the public key revocation query identifier, the terminal device authentication query, the coordinator temporary public key, and the terminal device.
- the identity identifier, the access result, the coordinator public key revocation query result, and the public key revocation query signature, and the authentication response composed of the signatures of the previous seven pieces of information are sent to the terminal device; meanwhile, the coordinator according to the terminal device temporary public key and coordination The temporary private key generates a base key between the terminal device and the coordinator;
- the terminal device After receiving the authentication response, the terminal device verifies the public key revocation query identifier in the authentication response, verifies the validity of the signature of the authentication response, and verifies the terminal device authentication query, the public key, the query identifier, and the identity of the terminal device. Consistency of the identity and the verification of the access result; if the verification succeeds, the terminal device verifies that the coordinator public key revocation query result and the public key revocation query signature are valid, and generates the terminal device according to the terminal device temporary public key and the coordinator temporary private key. The base key between the coordinator and the coordinator succeeded.
- the specific process of authenticating the terminal device further includes:
- the coordinator does not perform the public key revocation query; generate the coordinator temporary public key and the access result, and the coordinator will revoke the public key revocation query identifier, the terminal device authentication query, the coordinator temporary public key, the access result, and the coordinator
- the signature of the first four pieces of information constitutes an authentication response and is sent to the terminal device;
- the terminal device After receiving the authentication response, the terminal device verifies the validity of the signature of the authentication response, the consistency of the terminal device authentication query, and the access result; if the verification is passed, according to the terminal device temporary public key and the coordinator temporary private key The base key between the terminal device and the coordinator is generated, and the authentication is successful.
- the specific process of authenticating the terminal device further includes:
- the trusted center After receiving the public key revocation query request sent by the coordinator, the trusted center verifies the validity of the public key revocation public key and generates a coordinator public key revocation query result, and uses the trusted center private key to coordinate the coordinator
- the composition public key revocation query response is sent to the coordinator.
- the method further includes:
- the coordinator and the terminal device After the authentication is successful, the coordinator and the terminal device perform unicast key negotiation.
- the process of the unicast key negotiation between the coordinator and the terminal device includes: after the successful authentication, the coordinator needs to establish or update a unicast key, generate a coordinator unicast key negotiation query, and the coordinator Coordinator unicast key negotiation query constitutes a unicast key negotiation request and is sent to the terminal device;
- the terminal device After receiving the unicast key negotiation request, the terminal device generates a terminal device unicast key negotiation query, and generates a terminal device and a coordinator according to the base key, the coordinator unicast key negotiation query, and the terminal device unicast key negotiation query. a unicast key between the unicast key; and a unicast key negotiation response consisting of the coordinator unicast key negotiation query, the terminal device unicast key negotiation query, and the message authentication code; wherein the message is The authentication code is a message authentication code calculated by the terminal device according to the coordinator unicast key negotiation query and the terminal device unicast key negotiation query;
- the coordinator After receiving the unicast key negotiation response, the coordinator calculates the unicast key according to the base key, the coordinator unicast key negotiation query, and the terminal device unicast key negotiation query, and verifies the coordinator unicast key negotiation query. Consistency and validity of the message authentication code of the terminal device, if the verification is passed, the coordinator will coordinate the coordinator
- the unicast key negotiation inquiry and the unicast key negotiation confirmation composed of the message authentication code calculated by the terminal device unicast key negotiation query are sent to the terminal device;
- the terminal device After receiving the unicast key negotiation confirmation, the terminal device verifies the consistency of the unicast key negotiation query of the terminal device and the validity of the message authentication code of the coordinator; if the verification succeeds, the unicast key negotiation succeeds.
- the method further includes: after the unicast key negotiation is completed, the coordinator and the terminal device perform multicast key advertisement.
- the specific process of the multicast key advertisement includes:
- the coordinator After the unicast key negotiation succeeds, when the coordinator establishes or updates the multicast key, the multicast key is calculated by using the advertised master key, and the advertised master key is encrypted by using the cipher key in the unicast key. And generating a multicast key advertisement identifier, and transmitting, by the multicast key advertisement identifier, the encrypted multicast advertisement master key, and the message authentication code, to the terminal device, where the message is authenticated
- the code is a message authentication code calculated by the coordinator using the authentication key in the multicast key to the multicast key advertisement identifier and the encrypted multicast advertisement master key;
- the terminal device After receiving the multicast key advertisement, the terminal device verifies whether the multicast key advertisement identifier is the same as the locally calculated multicast key advertisement identifier, and if the same, uses the advertisement master key to calculate the multicast key, and Continuing to verify the validity of the message authentication code of the coordinator, if the verification is passed, the terminal device sends a multicast key notification identifier and a message authentication code to form a multicast key response to the coordinator; wherein the message authentication code is The terminal device uses the authentication key in the locally generated multicast key to calculate the message authentication code of the multicast key advertisement identifier message;
- the coordinator After receiving the multicast key response, the coordinator verifies the consistency of the multicast key advertisement identifier and the validity of the message authentication code of the terminal device. If the verification succeeds, the multicast key negotiation succeeds.
- the invention also provides a coordinator, comprising:
- a broadcast unit configured to broadcast a beacon frame;
- the beacon frame includes an ID-based authentication and a key management suite;
- An authentication unit configured to authenticate the terminal device when receiving a connection request command sent by the terminal device supporting the ID-based authentication and the key management suite
- a sending unit configured to send a connection response command to the terminal device, where the connection response command is used to instruct the terminal device to access the wireless multi-hop network.
- the method further comprises: a defining unit, configured to pre-define an uncontrolled port and a controlled port of the coordinator and the terminal device, so that the coordinator and the uncontrolled port of the terminal device pass the authentication protocol data packet and management information, and the coordinator and the terminal device The controlled port passes the application packet.
- a defining unit configured to pre-define an uncontrolled port and a controlled port of the coordinator and the terminal device, so that the coordinator and the uncontrolled port of the terminal device pass the authentication protocol data packet and management information, and the coordinator and the terminal device The controlled port passes the application packet.
- the present invention also provides a terminal device, including:
- connection request sending unit configured to send a connection request command to the coordinator after receiving the beacon frame sent by the coordinator, where the beacon frame includes an ID-based authentication and key management suite; And after receiving the connection response command sent by the coordinator, opening the controlled port to access the wireless multi-hop network.
- the present invention also provides an ID-based wireless multi-hop network authentication access system, including a coordinator and a terminal device, where
- the coordinator includes:
- a broadcast unit configured to broadcast a beacon frame;
- the beacon frame includes an ID-based authentication and a key management suite;
- An authentication unit configured to authenticate the terminal device when receiving a connection request command sent by the terminal device supporting the ID-based authentication and the key management suite
- a sending unit configured to send a connection response command to the terminal device, where the connection response command is used to indicate that the terminal device accesses a wireless multi-hop network
- the terminal device includes:
- connection request sending unit configured to send a connection request command to the coordinator after receiving the beacon frame sent by the coordinator, where the beacon frame includes an ID-based authentication and key management suite; And after receiving the connection response command sent by the coordinator, opening the controlled port to access the wireless multi-hop network.
- the advantages of the present invention include:
- the terminal device can be connected to the coordinator after being authenticated, thereby realizing the authentication access of the terminal device to the wireless multi-hop network.
- the terminal device can also authenticate the coordinator to determine whether to connect to the coordinator based on the result of the authentication. Therefore, the security and performance of the terminal device accessing the wireless multi-hop network are improved.
- Both the terminal device and the coordinator define the uncontrolled port and the controlled port, and use the authentication result to control them, thereby forming a port access control system and improving the terminal device accessing the wireless multi-hop. Network security.
- the terminal device and the coordinator define a unicast key negotiation process and a multicast key notification process for different security services, thereby ensuring communication security between the terminal device and the coordinator.
- a ternary peer-to-peer authentication protocol is adopted.
- the trusted center provides a public key revocation list for the terminal device and the coordinator to implement two-way authentication of the terminal device and the coordinator, thereby improving the security of the terminal device accessing the wireless multi-hop network.
- the ID-based public key itself has a revocation characteristic and the ID-based public key has a short length, the number of public key revocation queries is reduced and the transmission traffic is reduced, thereby improving the terminal device accessing the wireless multi-hop network. Performance.
- the information sent by the trusted center to the coordinator is transmitted in the secure channel, and the secure channel can be established in a non-interactive manner by using the public and private key pairs of the coordinator and the trusted center, eliminating the key negotiation process between them and The information complexity sent by the trusted center to the coordinator is reduced, thereby improving the performance of the terminal device accessing the wireless multi-hop network.
- FIG. 1 is a network topology diagram of a wireless multi-hop network, wherein FIG. 1A is a star network topology structure diagram, FIG. 1B is a mesh network topology structure diagram, and FIG. 1C is a cluster network topology structure diagram, FIG. 1C is a cluster network topology structure diagram, FIG. “for the coordinator, "o" is the terminal device, which is the communication channel;
- FIG. 2 is a schematic structural diagram of an authentication access system of a wireless multi-hop network; in FIG. 2, A is a terminal device requesting authentication access, B is a coordinator associated with A, and S is a trusted center of the wireless multi-hop network;
- Figure 3 is a schematic diagram of an authentication process in the method of the present invention
- FIG. 4 is a schematic diagram of a unicast key negotiation process in the method of the present invention.
- FIG. 5 is a schematic diagram of a multicast key negotiation process in the method of the present invention.
- FIG. 6 is a schematic flow chart of an authentication process in the method of the present invention.
- N 2 a terminal device authentication challenge
- N 3 Coordinator public key revocation query inquiry
- N 4 Coordinator unicast key negotiation query
- N 5 terminal device unicast key negotiation inquiry
- N M multicast key announcement identifier
- HMAC CU the message authentication code of the coordinator at the time of unicast key negotiation
- HMACTU the message authentication code of the terminal device during the broadcast key negotiation
- HMAC CM the message authentication code of the coordinator during multicast key negotiation
- HMACTM the message authentication code of the terminal device during multicast key negotiation
- ADDID Cascading value of the MAC address of the terminal device and the coordinator
- PECC ECC domain parameters
- SK ro-s Trusted Center Private Key
- PK ro-s Trusted Center Public Key
- PK ro-T terminal device public key
- PK ro-c coordinator public key
- ID C the identity of the coordinator
- ID T the identity of the terminal device
- ID S-CA The subject identity of the CA certificate of the trusted center in the wireless multi-hop network
- TL T-PK the validity period of the terminal device public key
- TLC-PK the validity period of the coordinator public key
- QF PK public key sales query identifier
- Re c coordinator public key revocation result
- Results The coordinator public key revokes the query result
- Sig T terminal device authentication request signature
- Sig c coordinator authentication response signature
- Sig s public key revocation query signature
- UEK unicast encryption key
- UCK unicast integrity check key
- NMK multicast advertisement master key
- NMK E Encrypted multicast advertisement master key
- MEK multicast encryption key
- MCK Multicast integrity check key
- the present invention is applicable to a security application protocol when a WAPI framework method (TePA, an access control method based on ternary peer authentication) is applied on a specific network including a wireless local area network and a wireless metropolitan area network.
- a WAPI framework method TePA, an access control method based on ternary peer authentication
- the purpose of authentication is to establish trust between the terminal device and its associated coordinator and to protect the data passed over the link between them.
- the terminal device and its associated coordinator belong to the same management domain, that is, a wireless multi-hop network, and the trusted center of the wireless multi-hop network needs to be configured for all devices in the wireless multi-hop network, such as: Configure key information under different authentication and key management suites.
- the coordinator broadcasts a beacon frame, and in the beacon frame broadcast by the coordinator, the coordinator supports the authentication and key management suite as an ID-based authentication and key management suite. .
- the terminal device identifies the authentication and key management suite supported by the coordinator through the beacon frame of the coordinator, and then verifies whether the terminal device supports the ID-based authentication and key management suite, if supported and has key information in the manner , the terminal device sends a connection request command to the coordinator.
- the coordinator After the coordinator receives the connection request command from the terminal device, if it is learned from the connection request command that the terminal device also supports the ID-based authentication and key management suite, the coordinator is under the ID-based authentication and key management suite. An authentication process is performed with the terminal device, and then a connection response command is sent to the terminal device. If the authentication is successful, the coordinator connects the terminal device to the wireless multi-hop network, and the connection response command sent by the coordinator includes some access information, such as: the assigned network address. If the authentication is successful and the coordinator wants to perform unicast key negotiation with the terminal device, the coordinator performs a unicast key negotiation process with the terminal device. If the unicast key negotiation is passed and the coordinator wants to perform multicast key negotiation with the terminal device, the coordinator performs a multicast key advertisement process with the terminal device.
- the connection response command sent by the coordinator is received.
- the terminal device receives the connection response command of the coordinator, if the terminal device and the coordinator are authenticated, And the connection response command sent by the coordinator includes some access information, and the terminal device is connected to the coordinator to access the wireless multi-hop network. If the terminal device accesses the network and receives the unicast key negotiation request command sent by the coordinator, the terminal device performs a unicast key negotiation process with the coordinator. If the terminal device receives the multicast key advertisement request command sent by the coordinator after successfully completing the unicast key negotiation process, the terminal device and the coordinator perform a multicast key advertisement process.
- Both the end device and the coordinator define uncontrolled and controlled ports with port control capabilities.
- the uncontrolled port can only pass the authentication protocol data packet and the management information before the authentication succeeds, and the controlled port can pass the application data packet.
- the terminal device and the coordinator are authenticated successfully, they can only communicate using the uncontrolled port, and only after they have successfully authenticated, they will open the controlled port for communication.
- A is a terminal device requesting authentication access
- B is a coordinator associated with A
- S is a trusted center of the wireless multi-hop network, and requires both A and B. It has the key information configured by S.
- the solid line indicates the authenticated access status
- the dotted line indicates the status of the authentication access.
- LR-WPAN, HR-WPAN and WSN support this wireless multi-hop network topology, so this authentication access method can be applied to them.
- N 1 query is also called a challenge word, a random number, etc.
- the terminal device After receiving the information sent by the coordinator in step 1], the terminal device performs the following processing: a) verifying the validity period TL CTK of the coordinator public key, discarding the information if it has expired; otherwise, generating the information by using a random number generator the terminal device authentication inquiry N 2;
- the terminal device needs to request a revocation query for the coordinator public key PK ro . c , the value of the public key revocation query identifier QF PK bit 0 is set to 1; otherwise, it is set to 0;
- the terminal device uses the terminal device private key SK ro .
- the coordinator After receiving the information sent by the terminal device in step 2], the coordinator performs the following processing:
- the sales inquiry inquiry N 3 sends the public key revocation query identifier QF PK , the coordinator public key revocation inquiry query N 3 , the identity identifier ID T of the terminal device, and the validity period TLCT K of the public key of the device to the trusted center; otherwise, the public
- the value of bit 1 of the key ⁇ ⁇ query identifier QF PK is set to 0, and the temporary private key y for the ECDH exchange, the temporary public key yP is generated by using the pre-installed ECC domain parameter P ECC , and the temporary private key y is used.
- ECDH calculation is performed with the temporary public key x P sent by the terminal device in step 2, and the master key seed (xy P) is obtained.
- the abscissa e is extended by KD-HMAC-SHA256 (( xy P ) absdssa , ⁇ ⁇ ⁇ , ⁇ " Base key expansion for key and additional nonce” ), generating a base key BK between the terminal device and the controller, generating an access result Re I using the coordinator private key SK ro .
- the terminal device authentication query N 2 , the temporary public key P, the identity identifier ID T of the terminal device, and the access result 1 ⁇ perform signature calculation, generate a coordinator authentication response signature Sig c , and send the public key revocation query identifier QF PK to the terminal device.
- terminal equipment certification inquiry N 2 The temporary public key P, the identity of the terminal device ID T, the access result R ei and the coordinator generated by the coordinator an authentication response signature Sig c, and the step 6].
- the trusted center After receiving the information sent by the coordinator in step 3], the trusted center performs the following processing:
- the body identity of the wireless multi-hop cascaded network the CA certificate of the trusted center ID ⁇ CA, a wireless multihop network identification IDN et, valid identity ID T of the terminal device and the public key of the terminal device TL CTK, constituting the terminal device public ⁇ ⁇ , cascade wireless multi-hop network identity body trusted CA certificate center of IDs-CA ⁇ wireless multi-hop network identification IDN et, TL PK valid identity coordinator ID C and the coordinator of the public, Forming the coordinator public key PKn c , and then querying the ID-based public key revocation list of the wireless multi-hop network in the trusted center, generating the terminal device public key revocation result Re T and the coordinator public key revocation query result Resulted, using trusted
- the central private key SKn s performs signature calculation on the coordinator public key revocation query Resulted, generates a public key revocation query signature Sig s , sends a public key revocation query identifier QF PK to the coordinator,
- the key revocation query result is Resulted for signature calculation, generating a public key revocation query signature Sig s , sending a public key revocation query identifier QF PK to the coordinator, a coordinator public key revocation query N 3 , and a coordinator public key
- a cascade wireless multi-hop network in the trusted center CA certificate subject identity ID S-CA, the wireless multi-hop network identifier IDNet, and valid identity ID T of the terminal device the public key of the terminal device TL T-PK, constituting The terminal device public key ⁇ ⁇ , and then query the identity-based public key revocation list of the wireless multi-hop network in the trusted center, generate the terminal device public key revocation result Re T , and send the public key revocation query identifier QF PK to the coordinator, coordinate Public key revocation query query N 3 and terminal device public key revocation result Re T ;
- This information sent by the Trusted Center to the Coordinator is transmitted between the Coordinator and the Trusted Center and in the secure channel.
- the secure channel can be established by the coordinator and the trusted center in a non-interactive manner, such as: The coordinator uses its own private key and the trusted center public key to generate the session key, and the trusted center utilizes its own private key and the coordinator public key. Generate a session key.
- the coordinator After receiving the information sent by the trusted center in step 4], the coordinator performs the following processing:
- PK and the public key revocation query signature Sig s perform signature calculation, and generate a coordinator authentication response signature Sig c , sends the public key revocation query identifier QF PK to the terminal device, the terminal device authentication inquiry N 2, the temporary public key P, the identity of the terminal device ID T, the access result R ei, the coordinator the public key revocation query result result e.
- PK public key ⁇ ⁇ ⁇ Query Signature Sig s and coordinator authentication response signature Sig c ;
- the coordinator uses the coordinator private key SK ro .c: the public key revocation query identifier QF PK , the terminal device authentication query N 2 , the temporary public key P, the terminal device identity ID T , access
- the result R ei , the coordinator public key revocation query result Resulted and the public key revocation query signature Sig s perform signature calculation, generate a coordinator authentication response signature Sig e , send the public key to the terminal device, and the query identifier QF PK , the terminal device Authentication query N 2 , temporary public key P, identity identifier ID T of the terminal device, access result Re ⁇ coordinator public key revocation query result Resultc: PK , public key revocation query signature Sig s and coordinator authentication response signature Sig c ;
- the terminal device After receiving the information sent by the coordinator in step 3] or step 5], the terminal device performs the following processing: a) verifying that the terminal device queries N 2 , the identity identifier ID T of the terminal device, and the public key revocation query identifier QF PK Whether the value of bit 0 is consistent with the corresponding value sent by the terminal device in step 2, and if not, discarding the information;
- the terminal device uses its own temporary private key X and the coordinator's temporary public key P for ECDH calculation to obtain the master key seed ( xy P ) absC i Ssa , which is extended KD-HMAC-SHA256 (( xy P ) Abscissa, "base key expansion for key and additional nonce”), generates a base key BK between the terminal device and the coordinator.
- the coordinator After the authentication succeeds, when the coordinator wants to establish or update the unicast key, the coordinator performs the following processing: The coordinator uses the random number generator to generate the coordinator unicast key negotiation query N 4 , and sends the coordinator list to the terminal device. Broadcast key negotiation query N 4 ;
- the terminal device After receiving the information sent by the coordinator in step 1], the terminal device performs the following processing:
- the terminal device generates a terminal device unicast key negotiation query N 5 by using a random number generator, and then calculates KD-HMAC-SHA256 (BK, ADDID
- BK is the base key BK between the terminal device and the coordinator generated by the terminal device during the authentication process.
- the coordinator After receiving the information sent by the terminal device in step 2], the coordinator performs the following processing: a) verify the coordinator unicast key negotiation query N 4 consistency, if not, discard the information; b) cascade the terminal device and the 64-bit extended address of the coordinator to obtain the MAC address of the terminal device and the coordinator Cascading value ADDID.
- the terminal device After receiving the information sent by the coordinator in step 3], the terminal device performs the following processing:
- the HMAC-SHA256 algorithm performs message authentication code calculation on the multicast key advertisement identifier N M and the encrypted multicast advertisement master key NMK E to obtain a message authentication code HMAC CM of the coordinator at the time of multicast key negotiation.
- the multicast key advertisement identifier N M is an integer, and an initial value exists, and the value is incremented by one each time the key update notification is performed. If the advertised key does not change, the value remains unchanged.
- the terminal device After receiving the information sent by the coordinator in step 1, the terminal device performs the following processing:
- the coordinator After receiving the information sent by the terminal device in step 2], the coordinator performs the following processing:
- the terminal device After the terminal device authenticates the access, the terminal device and the trusted center use the public-private key to establish a secure channel by using the ID-based non-interactive password sharing form.
- the terminal device acts as a coordinator, it runs an authentication access letter. , ' , ' , ''. ⁇
- the present invention further provides a coordinator, including: a broadcast unit, an authentication unit, and a sending unit, where the broadcast unit is configured to broadcast a beacon frame; and the beacon frame includes an ID-based authentication.
- a key management suite configured to authenticate the terminal device when receiving a connection request command sent by the terminal device supporting the ID mode and the key management suite; the sending unit, And sending a connection response command to the terminal device, where the connection response command is used to indicate that the terminal device accesses the wireless multi-hop network.
- the authentication process is the same, as detailed above, and will not be described here.
- the coordinator further includes: a defining unit, configured to pre-define an uncontrolled port and a controlled port of the coordinator and the terminal device, so that the coordinator and the uncontrolled port of the terminal device pass the authentication protocol data packet and management information The coordinator and the controlled port of the terminal device pass the application packet.
- a defining unit configured to pre-define an uncontrolled port and a controlled port of the coordinator and the terminal device, so that the coordinator and the uncontrolled port of the terminal device pass the authentication protocol data packet and management information The coordinator and the controlled port of the terminal device pass the application packet.
- the present invention further provides a terminal device, comprising: a connection request sending unit and an access unit, wherein the connection request sending unit is configured to send a connection request command to the coordinator after receiving the beacon frame sent by the coordinator
- the beacon frame includes an ID-based authentication and a key management suite.
- the access unit is configured to open a controlled port after receiving the connection response command sent by the coordinator. To the wireless multi-hop network.
- the present invention also provides an ID-based wireless multi-hop network authentication access system, including a coordinator and a terminal device, where the coordinator includes: a broadcast unit, an authentication unit, and a sending unit; the terminal device includes: a connection request The sending unit and the access unit, wherein the functions and functions of the units in the coordinator and the terminal device are implemented as described above, are not mentioned here.
- the coordinator first authenticates the terminal device, and the terminal device that passes the authentication can be connected to the coordinator, thereby implementing the terminal device to the wireless multi-hop network. Authentication access.
- the terminal device can also authenticate the coordinator to determine whether to connect to the coordinator based on the authentication result. Therefore, the security and performance of the terminal device accessing the wireless multi-hop network are improved.
- both the terminal device and the coordinator define the uncontrolled port and the controlled port, and use the authentication result to control, thereby forming a port access control system, thereby improving the security of the terminal device accessing the wireless multi-hop network.
- the terminal device and the coordinator define a unicast key negotiation process and a multicast key notification process for different security services, thereby ensuring communication security between the terminal device and the coordinator.
- the invention adopts a ternary peer-to-peer authentication protocol, and the trusted center provides a public key revocation list for the terminal device and the coordinator to realize two-way authentication of the terminal device and the coordinator, thereby improving the security of the terminal device accessing the wireless multi-hop network. Since the ID-based public key itself has a revocation characteristic and the ID-based public key has a short length, the number of public key revocation queries is reduced and the transmission traffic is reduced, thereby improving the performance of the terminal device accessing the wireless multi-hop network. .
- the information sent by the trusted center to the coordinator is transmitted in the secure channel, and the secure channel can be established in a non-interactive manner by using the public and private key pairs of the coordinator and the trusted center, eliminating the key negotiation process between them and reducing the number of keys.
- the information complexity sent by the trusted center to the coordinator improves the performance of the terminal device accessing the wireless multi-hop network.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Computer And Data Communications (AREA)
Description
Claims
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2010543365A JP2011514032A (ja) | 2008-01-23 | 2009-01-22 | Idに基づく無線マルチホップネットワーク認証アクセス方法、装置及びシステム |
US12/864,401 US20100293378A1 (en) | 2008-01-23 | 2009-01-22 | Method, device and system of id based wireless multi-hop network authentication access |
EP09706805A EP2247131A4 (en) | 2008-01-23 | 2009-01-22 | METHOD, DEVICE AND SYSTEM FOR ID-BASED WIRELESS MULTI-HOP NETWORK AUTHENTICATION ACCESS |
KR1020107018360A KR101198570B1 (ko) | 2008-01-23 | 2009-01-22 | Id 기반 무선 멀티-홉 네트워크 인증 액세스의 방법,장치 및 시스템 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2008100173857A CN101222772B (zh) | 2008-01-23 | 2008-01-23 | 一种基于id的无线多跳网络认证接入方法 |
CN200810017385.7 | 2008-01-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009094941A1 true WO2009094941A1 (fr) | 2009-08-06 |
Family
ID=39632290
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2009/070270 WO2009094941A1 (fr) | 2008-01-23 | 2009-01-22 | Procédé, dispositif et système pour un accès d'authentification de réseau à sauts multiples sans fil basé sur id |
Country Status (6)
Country | Link |
---|---|
US (1) | US20100293378A1 (zh) |
EP (1) | EP2247131A4 (zh) |
JP (1) | JP2011514032A (zh) |
KR (1) | KR101198570B1 (zh) |
CN (1) | CN101222772B (zh) |
WO (1) | WO2009094941A1 (zh) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102065430A (zh) * | 2010-12-28 | 2011-05-18 | 上海华御信息技术有限公司 | 实现物联网终端安全接入的方法 |
JP2013502762A (ja) * | 2009-08-19 | 2013-01-24 | 西安西▲電▼捷通▲無▼▲線▼▲網▼▲絡▼通信股▲ふん▼有限公司 | 有線lanのセキュリティアクセス制御方法及びそのシステム |
US9300468B2 (en) | 2009-01-14 | 2016-03-29 | Entropic Communications, Llc | Secure node admission in a communication network |
CN111083169A (zh) * | 2019-12-31 | 2020-04-28 | 国网新疆电力有限公司电力科学研究院 | 一种用于工控网络的通信方法和系统 |
Families Citing this family (44)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101232378B (zh) | 2007-12-29 | 2010-12-08 | 西安西电捷通无线网络通信股份有限公司 | 一种无线多跳网络的认证接入方法 |
CN101222325B (zh) | 2008-01-23 | 2010-05-12 | 西安西电捷通无线网络通信有限公司 | 一种基于id的无线多跳网络密钥管理方法 |
CN101222772B (zh) * | 2008-01-23 | 2010-06-09 | 西安西电捷通无线网络通信有限公司 | 一种基于id的无线多跳网络认证接入方法 |
US11985155B2 (en) * | 2009-01-28 | 2024-05-14 | Headwater Research Llc | Communications device with secure data path processing agents |
CN101521881A (zh) * | 2009-03-24 | 2009-09-02 | 刘建 | 一种无线局域网接入方法及系统 |
CA2694500C (en) * | 2010-02-24 | 2015-07-07 | Diversinet Corp. | Method and system for secure communication |
CN102202302B (zh) * | 2010-03-23 | 2016-01-20 | 中兴通讯股份有限公司 | 结合网络及无线传感器网络终端加入网络的方法 |
CN102202298B (zh) * | 2010-03-23 | 2016-02-10 | 中兴通讯股份有限公司 | 结合网络及无线传感器网络终端加入网络的方法 |
US11026169B2 (en) * | 2010-11-09 | 2021-06-01 | Qualcomm Incorporated | Physical layer power save facility |
US9992738B2 (en) | 2010-11-17 | 2018-06-05 | Qualcomm Incorporated | Physical layer power save facility with random offset |
KR101299698B1 (ko) * | 2010-12-06 | 2013-08-26 | 광주과학기술원 | 계층 구조를 갖는 무선 센서 네트워크에서 통신량에 따른 키 갱신 방법 |
FR2969439B1 (fr) * | 2010-12-17 | 2018-06-22 | Cryptoexperts Sas | Procede et systeme d'acces conditionnel a un contenu numerique, terminal et dispositif d'abonne associes |
US8630411B2 (en) | 2011-02-17 | 2014-01-14 | Infineon Technologies Ag | Systems and methods for device and data authentication |
CN102892115B (zh) * | 2011-07-20 | 2017-10-24 | 中兴通讯股份有限公司 | Wsn中网关之间通信的方法和发起方网关、目标方网关 |
US20130235757A1 (en) * | 2012-03-07 | 2013-09-12 | Samsung Electronics Co. Ltd. | Apparatus and method for a biology inspired topological phase transition for wireless sensor network |
US9054863B2 (en) * | 2012-09-04 | 2015-06-09 | Rockwell Automation Asia Pacific Business Center Pte. Ltd. | Industrial protocol system authentication and firewall |
US9100395B2 (en) | 2013-09-24 | 2015-08-04 | International Business Machines Corporation | Method and system for using a vibration signature as an authentication key |
US9450682B2 (en) | 2013-10-07 | 2016-09-20 | International Business Machines Corporation | Method and system using vibration signatures for pairing master and slave computing devices |
KR102139997B1 (ko) * | 2014-03-21 | 2020-08-12 | 에스케이플래닛 주식회사 | 비콘장치의 보안 강화 방법, 이를 위한 시스템 및 장치 |
JP2016081169A (ja) * | 2014-10-14 | 2016-05-16 | 富士通株式会社 | 情報処理装置、データ処理システム、データ処理管理プログラム、及び、データ処理管理方法 |
KR101691113B1 (ko) * | 2014-12-30 | 2016-12-30 | 주식회사 시큐아이 | 비콘 장치 및 그것과 통신하는 휴대용 단말 장치의 인증 방법 |
US10999267B2 (en) * | 2015-07-07 | 2021-05-04 | Sony Corporation | Information processing apparatus, information processing method, program, information processing system, and communication apparatus |
CN105577699B (zh) * | 2016-03-03 | 2018-08-24 | 山东航天电子技术研究所 | 一种双向动态无中心鉴权的安全接入认证方法 |
US10856374B2 (en) * | 2017-08-21 | 2020-12-01 | Tit Tsang CHONG | Method and system for controlling an electronic device having smart identification function |
CN108173641B (zh) * | 2018-02-11 | 2021-12-21 | 福州大学 | 一种基于RSA的Zigbee安全通信方法 |
US10812337B2 (en) | 2018-06-15 | 2020-10-20 | Vmware, Inc. | Hierarchical API for a SDDC |
US10942788B2 (en) | 2018-06-15 | 2021-03-09 | Vmware, Inc. | Policy constraint framework for an sddc |
EP3841703A4 (en) * | 2018-08-21 | 2022-05-18 | LG Electronics Inc. | SYSTEMS AND METHODS FOR A BUTTERFLY KEY EXCHANGE PROGRAM |
US11086700B2 (en) | 2018-08-24 | 2021-08-10 | Vmware, Inc. | Template driven approach to deploy a multi-segmented application in an SDDC |
BR112021012274A2 (pt) * | 2019-01-21 | 2021-08-31 | Telefonaktiebolaget Lm Ericsson (Publ) | Método e servidor de rede para autenticação e gerenciamento de chave, e, produto de programa de computador |
CN110891273B (zh) * | 2019-11-19 | 2022-09-02 | 成都亿佰特电子科技有限公司 | 一种基于ZigBee3.0的无线透传模组互联互通方法 |
US20210297853A1 (en) * | 2020-03-17 | 2021-09-23 | Qualcomm Incorporated | Secure communication of broadcast information related to cell access |
WO2021196080A1 (en) | 2020-04-01 | 2021-10-07 | Vmware Information Technology (China) Co., Ltd. | Auto deploying network elements for heterogeneous compute elements |
EP3902300B1 (en) * | 2020-04-24 | 2023-08-30 | Nokia Technologies Oy | Prohibiting inefficient distribution of public keys from the public land mobile network |
US11803408B2 (en) | 2020-07-29 | 2023-10-31 | Vmware, Inc. | Distributed network plugin agents for container networking |
US11863352B2 (en) | 2020-07-30 | 2024-01-02 | Vmware, Inc. | Hierarchical networking for nested container clusters |
JP7197630B2 (ja) * | 2021-05-19 | 2022-12-27 | ヤフー株式会社 | 端末装置、認証サーバ、認証方法及び認証プログラム |
US11621963B2 (en) * | 2021-05-27 | 2023-04-04 | Western Digital Technologies, Inc. | Fleet health management corrective action communication exchange |
US11606254B2 (en) | 2021-06-11 | 2023-03-14 | Vmware, Inc. | Automatic configuring of VLAN and overlay logical switches for container secondary interfaces |
US11968215B2 (en) | 2021-12-16 | 2024-04-23 | Bank Of America Corporation | Distributed sensor grid for intelligent proximity-based clustering and authentication |
US20230231741A1 (en) | 2022-01-14 | 2023-07-20 | Vmware, Inc. | Per-namespace ip address management method for container networks |
CN115529127B (zh) * | 2022-09-23 | 2023-10-03 | 中科海川(北京)科技有限公司 | 基于sd-wan场景的设备认证方法、装置、介质、设备 |
US11848910B1 (en) | 2022-11-11 | 2023-12-19 | Vmware, Inc. | Assigning stateful pods fixed IP addresses depending on unique pod identity |
US11831511B1 (en) | 2023-01-17 | 2023-11-28 | Vmware, Inc. | Enforcing network policies in heterogeneous systems |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1564509A (zh) * | 2004-03-23 | 2005-01-12 | 中兴通讯股份有限公司 | 一种无线局域网中密钥协商方法 |
US7194622B1 (en) * | 2001-12-13 | 2007-03-20 | Cisco Technology, Inc. | Network partitioning using encryption |
CN101068143A (zh) * | 2007-02-12 | 2007-11-07 | 中兴通讯股份有限公司 | 一种网络设备认证方法 |
CN101222772A (zh) * | 2008-01-23 | 2008-07-16 | 西安西电捷通无线网络通信有限公司 | 一种基于id的无线多跳网络认证接入方法 |
Family Cites Families (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5303393A (en) * | 1990-11-06 | 1994-04-12 | Radio Satellite Corporation | Integrated radio satellite response system and method |
US5153919A (en) * | 1991-09-13 | 1992-10-06 | At&T Bell Laboratories | Service provision authentication protocol |
WO2000038392A2 (en) * | 1998-12-23 | 2000-06-29 | Nortel Networks Limited | Apparatus and method for distributing authentication keys to network devices in a multicast |
US6577609B2 (en) * | 2000-09-29 | 2003-06-10 | Symbol Technologies, Inc. | Local addressing of mobile units in a WLAN with multicast packet addressing |
JP4340626B2 (ja) * | 2002-05-13 | 2009-10-07 | トムソン ライセンシング | シームレスな公衆無線ローカル・エリア・ネットワーク・ユーザ認証 |
US7634230B2 (en) * | 2002-11-25 | 2009-12-15 | Fujitsu Limited | Methods and apparatus for secure, portable, wireless and multi-hop data networking |
JP4578917B2 (ja) * | 2003-10-03 | 2010-11-10 | 富士通株式会社 | 自己組織化マルチホップ無線アクセスネットワーク用の装置、方法及び媒体 |
US7805603B2 (en) * | 2004-03-17 | 2010-09-28 | Intel Corporation | Apparatus and method of protecting management frames in wireless LAN communications |
US8050409B2 (en) * | 2004-04-02 | 2011-11-01 | University Of Cincinnati | Threshold and identity-based key management and authentication for wireless ad hoc networks |
ITTV20040073A1 (it) * | 2004-06-24 | 2004-09-24 | Alpinestars Res Srl | Indumento con nuovo sistema di ventilazione. |
EP1615381A1 (en) * | 2004-07-07 | 2006-01-11 | Thomson Multimedia Broadband Belgium | Device and process for wireless local area network association |
CN1225942C (zh) * | 2004-11-04 | 2005-11-02 | 西安西电捷通无线网络通信有限公司 | 一种改善无线ip系统移动终端越区切换性能的方法 |
JP4715239B2 (ja) * | 2005-03-04 | 2011-07-06 | 沖電気工業株式会社 | 無線アクセス装置、無線アクセス方法及び無線ネットワーク |
JP2006332788A (ja) * | 2005-05-23 | 2006-12-07 | Toshiba Corp | 基地局装置、無線通信システム、基地局制御プログラムおよび基地局制御方法 |
JP4533258B2 (ja) * | 2005-06-29 | 2010-09-01 | 株式会社日立製作所 | アドホックネットワーク用の通信端末および通信制御方法 |
US7676676B2 (en) * | 2005-11-14 | 2010-03-09 | Motorola, Inc. | Method and apparatus for performing mutual authentication within a network |
US8023478B2 (en) * | 2006-03-06 | 2011-09-20 | Cisco Technology, Inc. | System and method for securing mesh access points in a wireless mesh network, including rapid roaming |
JP4806721B2 (ja) * | 2006-03-15 | 2011-11-02 | パナソニック株式会社 | アドホックネットワークのための分散型無線メディアアクセス制御プロトコル |
EP1860819B1 (de) * | 2006-05-23 | 2013-09-11 | Nokia Siemens Networks GmbH & Co. KG | Verfahren und Vorrichtung zum dynamischen Aufbau und zur Steuerung von kurzzeitig gebildeten Kommunikationsgruppen mit gesicherter Übertragung |
WO2008088052A1 (ja) * | 2007-01-19 | 2008-07-24 | Panasonic Corporation | 無線通信方法および無線通信装置 |
CN100534036C (zh) * | 2007-08-01 | 2009-08-26 | 西安西电捷通无线网络通信有限公司 | 一种基于三元对等鉴别的可信网络连接方法 |
CN101232378B (zh) * | 2007-12-29 | 2010-12-08 | 西安西电捷通无线网络通信股份有限公司 | 一种无线多跳网络的认证接入方法 |
CN101232419B (zh) * | 2008-01-18 | 2010-12-08 | 西安西电捷通无线网络通信股份有限公司 | 一种基于原语的无线个域网接入方法 |
-
2008
- 2008-01-23 CN CN2008100173857A patent/CN101222772B/zh not_active Expired - Fee Related
-
2009
- 2009-01-22 JP JP2010543365A patent/JP2011514032A/ja active Pending
- 2009-01-22 KR KR1020107018360A patent/KR101198570B1/ko active IP Right Grant
- 2009-01-22 WO PCT/CN2009/070270 patent/WO2009094941A1/zh active Application Filing
- 2009-01-22 EP EP09706805A patent/EP2247131A4/en not_active Withdrawn
- 2009-01-22 US US12/864,401 patent/US20100293378A1/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7194622B1 (en) * | 2001-12-13 | 2007-03-20 | Cisco Technology, Inc. | Network partitioning using encryption |
CN1564509A (zh) * | 2004-03-23 | 2005-01-12 | 中兴通讯股份有限公司 | 一种无线局域网中密钥协商方法 |
CN101068143A (zh) * | 2007-02-12 | 2007-11-07 | 中兴通讯股份有限公司 | 一种网络设备认证方法 |
CN101222772A (zh) * | 2008-01-23 | 2008-07-16 | 西安西电捷通无线网络通信有限公司 | 一种基于id的无线多跳网络认证接入方法 |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9300468B2 (en) | 2009-01-14 | 2016-03-29 | Entropic Communications, Llc | Secure node admission in a communication network |
US9906508B2 (en) | 2009-01-14 | 2018-02-27 | Entropic Communications, Llc | Secure node admission in a communication network |
JP2013502762A (ja) * | 2009-08-19 | 2013-01-24 | 西安西▲電▼捷通▲無▼▲線▼▲網▼▲絡▼通信股▲ふん▼有限公司 | 有線lanのセキュリティアクセス制御方法及びそのシステム |
US8689283B2 (en) | 2009-08-19 | 2014-04-01 | China Iwncomm Co., Ltd. | Security access control method and system for wired local area network |
CN102065430A (zh) * | 2010-12-28 | 2011-05-18 | 上海华御信息技术有限公司 | 实现物联网终端安全接入的方法 |
CN102065430B (zh) * | 2010-12-28 | 2013-07-24 | 上海华御信息技术有限公司 | 实现物联网终端安全接入的方法 |
CN111083169A (zh) * | 2019-12-31 | 2020-04-28 | 国网新疆电力有限公司电力科学研究院 | 一种用于工控网络的通信方法和系统 |
Also Published As
Publication number | Publication date |
---|---|
CN101222772A (zh) | 2008-07-16 |
EP2247131A4 (en) | 2012-12-19 |
US20100293378A1 (en) | 2010-11-18 |
CN101222772B (zh) | 2010-06-09 |
EP2247131A1 (en) | 2010-11-03 |
KR20100112176A (ko) | 2010-10-18 |
JP2011514032A (ja) | 2011-04-28 |
KR101198570B1 (ko) | 2012-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2009094941A1 (fr) | Procédé, dispositif et système pour un accès d'authentification de réseau à sauts multiples sans fil basé sur id | |
WO2009089738A1 (fr) | Système et procédé d'accès pour authentification destinés à un réseau sans fil à sauts multiples | |
JP5414898B2 (ja) | 有線lanのセキュリティアクセス制御方法及びそのシステム | |
US20200195445A1 (en) | Registration method and apparatus based on service-based architecture | |
JP6406681B2 (ja) | プレアソシエーションサービスディスカバリのためのシステムおよび方法 | |
US8156337B2 (en) | Systems and methods for authenticating communications in a network medium | |
CN101222331B (zh) | 一种认证服务器及网状网中双向认证的方法及系统 | |
KR101135254B1 (ko) | Ibss 네트워크에 적용하는 액세스 인증 방법 | |
WO2011006341A1 (zh) | 一种传感器网络鉴别与密钥管理机制的融合方法 | |
WO2006086932A1 (fr) | Methode d'authentification d'acces adaptee aux reseaux avec et sans fils | |
US20110035592A1 (en) | Authentication method selection using a home enhanced node b profile | |
WO2009094938A1 (fr) | Procédé de gestion d'une clé de un réseau à sauts multiples sans fil | |
WO2007028328A1 (fr) | Procede, systeme et dispositif de negociation a propos d'une cle de chiffrement partagee par equipement utilisateur et equipement externe | |
WO2011022915A1 (zh) | 一种基于预共享密钥的网络安全访问控制方法及其系统 | |
WO2007147354A1 (fr) | Procédé et système pour extraire une clé de messagerie instantanée | |
CN112333705B (zh) | 一种用于5g通信网络的身份认证方法及系统 | |
JPWO2019183032A5 (zh) | ||
JP5472977B2 (ja) | 無線通信装置 | |
Zemmoudj et al. | Securing D2D Therapeutic Hiking Group in 5G Networks for Partial Coverage Scenario | |
Jegatheesan et al. | Secure and efficient key sharing scheme for manet using a symmetric approach | |
Li et al. | Fast authentication for mobile hosts in wireless mesh networks | |
Sivakumar | Analysis of Ad-Hoc Network Security using Zero knowledge Proof and Wi-Fi Protected Access 2 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09706805 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12864401 Country of ref document: US Ref document number: 2010543365 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2009706805 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20107018360 Country of ref document: KR Kind code of ref document: A |